/* ~jhs/public_html/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail/common.cpp * Sendmail config for jhs hosts. Copyright Julian H. Stacey 2009 Munich * CAUTION MAKING: * cd /etc/mail ; make * might have 2 unfortunate results, either: * Installing generic instead of custom: * cp freebsd.mc `hostname`.mc * /usr/bin/m4 -D_CF_DIR_=/usr/share/sendmail/cf/ \ * /usr/share/sendmail/cf/m4/cf.m4 `hostname`.mc > `hostname`.cf * Or if you have previously done * ln -s ../../usr/src/etc/sendmail/`hostname`.mc * then your .mc sym linked in /usr/src will get forced back to generic by * cp freebsd.mc `hostname`.mc * The safe way is: * cd /usr/src/etc/sendmail * make clean ; make cleandir ; make clean ; make obj ; make * cd /usr/obj/`cd /usr/src/etc/sendmail;/bin/pwd` * cp `hostname`.mc `hostname`.cf /etc/mail/ * cd /etc/mail * ln -s `hostname`.mc sendmail.mc * ln -s `hostname`.cf sendmail.cf * make ; make stop ; make start * OTHER SASL AUTH CONFIG FILES RELATED: * /etc/make.conf includes /site/domain/this/etc/make.conf * /etc/make.conf includes /site/etc/make.conf.sasl * /site/domain/this/etc/make.conf includes make.conf.common * /site/domain/this/etc/make.conf.common includes /site/etc/make.conf.sasl * /site/domain/berklix/etc/mail/access.domain * /site/domain/js.berklix.net/etc/mail/access.domain * source of passwords * /site/domain/js.berklix.net/etc/mail/access * text copy of passwords * /etc/mail/access -> ../../site/etc/mail/access * /etc/mail/access.db * binary of passwords. * /site/usr/lib/sasl/Sendmail.conf * specifies: pwcheck_method: sasldb * /site/domain/berklix/usr/lib/sasl/saslpasswd.conf * /site/usr/lib/sasl/saslpasswd.conf * specifies: pwcheck_method: pwcheck * /usr/local/etc/sasldb.db /usr/local/etc/sasldb2.db * ~/public_html/src/bsd/fixes/FreeBSD/src/jhs/contrib/sendmail/\ * cf/cf/submit.mc.cyrus-sasl.REL=ALL.diff * disables SMTP AUTH on the loopback interface * ~/mail/auth/\* * MAN: saslpasswd saslpasswd2 sasldblistusers sasldblistusers2 * DOC FILES: * /usr/local/share/doc/cyrus-sasl2/html/ * /usr/local/share/doc/cyrus-sasl2/testing.txt * /usr/ports/security/cyrus-sasl2/files/Sendmail.README * /usr/share/sendmail/cf/README < * /usr/src/contrib/sendmail/cf/README * /usr/src/contrib/sendmail/RELEASE_NOTES * PORTS: * /usr/ports/security/cyrus-sasl (Manually select: "Use pwcheck") * /usr/ports/security/cyrus-sasl2 Installed then I used SASL1 * /usr/ports/mail/sendmail-sasl Not used * /usr/ports/security/cyrus-sasl2-saslauthd Not used * /usr/ports/security/gsasl Not used * DOC WEB: (C = Client Side SASL, S = Server Side) * - http://cork.linux.ie/projects/install-sendmail/ * CS http://docs.snake.de/smtp-auth.html * http://imgate.meiway.com for WinNT * http://matt.simerson.net/computing/qmail.toaster.shtml - Alt to SM * http://njabl.org - Black Hole List * http://spamassassin.org/tag/ * S http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html * http://www.sendmail.org/antispam.html * http://www.sendmail.org/~ca/email/auth.html < timp@ * http://www.sendmail.org/~ca/email/cyrus/sysadmin.html * http://www.sendmail.org/~ca/email/sm-812.html#812AUTH < timp@ * EMAIL ADDRESSES * timp@ Tim Pushor * offered me a SASL relay or debug I recall. * postmaster@ freebsd 2004.08 is * David Wolfskill * ACRONYMS: * MTA = Mail Transfer Agent. flat considers mart sendmail an MTA * MSA = Mail [Submission Agent maybe?] Agent EG maybe ref submit.cf ? * MSP = Mail [Submission Program maybe?] Agent EG maybe ref submit.cf ? * MUA = Mail User Agent, EG Exmh, Pine, Elm * SASL: * authid= Authentication Identifier: Real person's login name. * userid= user id= Authorization ID: * Your account, or maybe that of an absent colleague's. * TO DO: * There is a misleading but not actually problematic naming conflict * between MAIL_HUB which is an internal recipient * & host=hub which is my name for gateway outgoing. * Ensure names such as phillip@fire do not leak. * Strip file of comment regularly updated in docs. * cd /usr/src/contrib/sendmail/doc/op ; \ * pic -C op.me|eqn -C -Tascii|groff -Tascii -mps -me>~/tmp/sm.asc * Debugging: Relaying denied string changed on mini in: * contrib/sendmail/cf/cf/submit.cf * contrib/sendmail/cf/m4/proto.m4 * See if I need to tweak submit.mc * Anti Spam Programs: SpamAssassin ( used by freebsd.org), Razor, * MailScanner, Bogofilter. * ports/mail/p5-Mail-SpamAssassin * ordb osirusoft spamcop wirehub * Do a DOMAIN(js.berklix.net), probably also using nullclient. * ports/mail/tlb to process deliveries to hide outgoing aliases, * to prevent people from evading restrictions for posting to lists. * UNUSED: * STARTTLS, IMAP command starts encryption * VIRTUSER_DOMAIN * VIRTUSER_DOMAIN_FILE * confERROR_MESSAGE * confSAVE_FROM_LINES * confSERVICE_SWITCH_FILE * confUSERDB_SPEC * BITNET_RELAY * DECNET_RELAY * FAX_RELAY * FEATURE(`compat_check') * FEATURE(`delay_checks') would allow spammers using Sender: my_domain * FEATURE(`enhdnsbl') * FEATURE(`generics_entire_domain') * FEATURE(`genericstable') * FEATURE(`lookupdotdomain') * FEATURE(`msp', `[127.0.0.1]') in submit.mc * FEATURE(`no_default_msa') * FEATURE(`preserve_local_plus_detail') * FEATURE(`preserve_luser_host') * FEATURE(`queuegroup') * FEATURE(`relay_hosts_only') * FEATURE(`relay_mail_from',`domain') Too dangerous * FEATURE(accept_unqualified_senders) fred without @domain * FEATURE(local_procmail) * FEATURE(loose_relay_check) user%site.com@othersite.com * FEATURE(relay_local_from) not unless absolutely necessary * FEATURE(virtuser_entire_domain) * define(`confDELIVERY_MODE',`deferred') not send out til requested. * RELAY_DOMAIN_FILE(`/etc/mail/relay') * UUCP_RELAY * brackets.c: ' * confINPUT_MAIL_FILTERS for spam later maybe ? * confRELAY_MSG * files: etc/auth.conf * files: login.conf & auth_hostok * LDAP * TEST ADDRESSES to input to "sendmail -bt" * with command EG "/parse a@b" * (as this .cpp file is on the web, & harvested by * spammers, no complete addresses) * no_domain (no@) * land.berklix.org * dsl * freebsd.org * lapt * localhost * mail * mail.js.berklix.net * muc. .de * not_in_etc_hosts.bsn.com * null.bsn.com * park * wind * world * DELIMITERS: * - Be Very Careful, changing anything: * you can very easily damage the output file from m4 without getting an * error message ! * - The text first goes through ccp, then m4, then is read by sendmail. * - m4: dnl is the m4 command for delete-to-newline. * - .cf: Hash # at beginning of line is a delimeter for sendmail.cf * read by /usr/sbin/sendmail, but is not a delimeter for m4. * - m4: treat as special, all of these: * lots of character such as {} * and `quotes-round-this-string' brackets.c:`' * and defined strings such as FEATURE * To avoid m4 macro expansion of strings such as OSTYPE being expanded * before pass through to a .cf file as comment, * use the string 0`'STYPE brackets.c:`' * - cpp: To avoid "unterminated character constant" in single * uses of the ' char, I use double occurences, & let cpp * brackets.c:' * reduce them to single quotes in the .mc file. * So I use 0`'STYPE. * brackets.c:` * To avoid "unknown configuration line" I avoid lines with * just a tab, * (which occur if you have a slash star comment not starting in * column 1, (though comments not starting in column 1 are OK in * ifdef lines, as the cpp does not pass those lines through.)) * - cpp: The Makefile deletes the space in "^ #" to "^#" * - cpp: The Makefile deletes blank lines * - cpp: To avoid cpp acting on # comment lines destined for .cf file, * they are preceeded by this string (without spaces) "/ * * /" * - Makefile last strips all strings __SPACE__ * which are used to fool cpp. * - cpp: When making EG file wind.mc Makefile defines * string wind_js_berklix_net (using _ as dots are not allowed * by cpp). * 5.1 cpp reduces tabs to spaces. * Info from guug conf. spring 98: * ETRN = force queue run * Exim takes over from Smail. * SMTP/ESMTP: * If old machines far end, use smtp, if new use esmtp. * HELO is the normal start, ESMTP servers often start EHLO, * but some lock up if EHLO is received & they dont support extended, * so some extended servers initiate instead with ESMTP. */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ __HASH__ Source: ~jhs/public_html/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail/common.cpp #else /*}{ For comparison with freebsd.mc. */ divert(-1) __HASH__ __HASH__ Copyright (c) 1983 Eric P. Allman __HASH__ Copyright (c) 1988, 1993 __HASH____TAB__The Regents of the University of California. __SPACE__All rights reserved. __HASH__ __HASH__ Redistribution and use in source and binary forms, with or without __HASH__ modification, are permitted provided that the following conditions __HASH__ are met: __HASH__ 1. Redistributions of source code must retain the above copyright __HASH__ __SPACE____SPACE__ notice, this list of conditions and the following disclaimer. __HASH__ 2. Redistributions in binary form must reproduce the above copyright __HASH__ __SPACE____SPACE__ notice, this list of conditions and the following disclaimer in the __HASH__ __SPACE____SPACE__ documentation and/or other materials provided with the distribution. __HASH__ 3. All advertising materials mentioning features or use of this software __HASH__ __SPACE____SPACE__ must display the following acknowledgement: __HASH____TAB__This product includes software developed by the University of __HASH____TAB__California, Berkeley and its contributors. __HASH__ 4. Neither the name of the University nor the names of its contributors __HASH__ __SPACE____SPACE__ may be used to endorse or promote products derived from this software __HASH__ __SPACE____SPACE__ without specific prior written permission. __HASH__ __HASH__ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS__CLOSE____CLOSE__ AND __HASH__ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE __HASH__ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE __HASH__ ARE DISCLAIMED. __SPACE__IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE __HASH__ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL __HASH__ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS __HASH__ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) __HASH__ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT __HASH__ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY __HASH__ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF __HASH__ SUCH DAMAGE. __HASH__ __BREAK__ __HASH__ // ---------------------------------------------------------------------------- // cd /pri/freebsd/releases ; // grep "This is a generic configuration file for FreeBSD" */src/etc/sendmail/freebsd.mc // 4.11-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 4.X and later systems. // 6.4-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 5.X and later systems. // 7.4-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems. // 8.4-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems. // 9.2-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems. // 9.3-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems. // 10.4-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems. // 11.4-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems. // 12.2-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems. // 12.3-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems. // 13.0-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems. // 14.0-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems. // // cpp -dM /dev/null | grep __FreeBSD_cc_version // { __FreeBSD_cc_version #if /*{*/ ( __FreeBSD_cc_version >= 900001 ) /* 9.0 */ __HASH__ __SPACE__This is a generic configuration file for FreeBSD 6.X and later systems. #elif /*}{*/ ( __FreeBSD_cc_version >= 800001 ) /* 8.1, 8.2, 8.3 */ __HASH__ __SPACE__This is a generic configuration file for FreeBSD 6.X and later systems. #elif /*}{*/ ( __FreeBSD_cc_version >= 700003 /* 7.3 or 7.4 */ ) __HASH__ __SPACE__This is a generic configuration file for FreeBSD 6.X and later systems. #elif /*}{*/ ( __FreeBSD_cc_version > 602001 /* 6.4 */ ) __HASH__ __SPACE__This is a generic configuration file for FreeBSD 6.X and later systems. #elif /*}{*/ ( __FreeBSD_cc_version > 500000 /* not quite the right number */ ) __HASH__ __SPACE__This is a generic configuration file for FreeBSD 5.X and later systems. #elif /*}{*/ ( __FreeBSD_cc_version >= 460001 /* 4.11 */ ) __HASH__ __SPACE__This is a generic configuration file for FreeBSD 4.X and later systems. #else /*}{*/ __HASH__ __SPACE__This is a generic configuration file for FreeBSD Unknown Release. #endif /*}*/ // } __HASH__ __SPACE__If you want to customize it, copy it to a name appropriate for your __HASH__ __SPACE__environment and do the modifications there. __HASH__ __HASH__ __SPACE__The best documentation for this .mc file is: __HASH__ __SPACE__/usr/share/sendmail/cf/README or __HASH__ __SPACE__/usr/src/contrib/sendmail/cf/README #endif /* freebsd_cmp }*/ #if /*{*/ ( __FreeBSD_cc_version == 700003 /* 7.4-RELEASE */ ) // 7.4 has no trailing space in next line, just the hash. __HASH__ #elif ( __FreeBSD_cc_version >= 800001 ) /* 9.[012] */ /* 9.1 has no trailing space in next line, * 8.4 & 9.2 & 10.0 do have a trailing space in next line. */ __HASH__ __SPACE__ #endif /* __FreeBSD_cc_version == 700003 }*/ #if /*{*/ ( __FreeBSD_cc_version >= 1000001 ) /* 10.0 */ __HASH__ __SPACE__NOTE: If you enable RunAsUser, make sure that you adjust the permissions __HASH__ __SPACE__and owner of the SSL certificates and keys in /etc/mail/certs to be usable __HASH__ __SPACE__by that user. __HASH__ #endif /* __FreeBSD_cc_version >= 1000001 }*/ #if /*{*/ ( __FreeBSD_cc_version >= 1400006 ) // 14.3-RELEASE-p2 __HASH__ Last updated: 2024-02-01 #endif /* __FreeBSD_cc_version >= 1000001 }*/ __BREAK__ // ---------------------------------------------------------------------------- // 12.2-PRERELEASE __FreeBSD_cc_version 1200023 // 12.2-RELEASE __FreeBSD_cc_version 1200023 // 12.2-STABLE __FreeBSD_cc_version 1200023 // 12.3-STABLE __FreeBSD_cc_version 1200025 // 12.4-RELEASE __FreeBSD_cc_version 1200025 // 14.0-RELEASE-p3 __FreeBSD_cc_version 1400006 // 14.3-RELEASE-p2 __FreeBSD_cc_version 1400006 // ---------------------------------------------------------------------------- #ifdef freebsd_cmp /*{*/ divert(0) // { __FreeBSD_cc_version switch #if /*{*/ ( __FreeBSD_cc_version == 460001 ) /* 4.7 & 4.8 & 4.9 & 4.10 */ /* VERSIONID for 4.10 */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.19 2003/12/31 17:42:16 gshapiro Exp $__CLOSE__) #elif /*}{*/ ( __FreeBSD_cc_version == 500005 ) /* 5.1 */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.28 2003/04/18 01:25:41 gshapiro Exp $__CLOSE__) #elif /*}{*/ ( __FreeBSD_cc_version == 510002 ) /* 5.2 */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.28 2003/04/18 01:25:41 gshapiro Exp $__CLOSE__) #elif /*}{*/ ( __FreeBSD_cc_version == 520001 ) /* 5.2-current */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $__CLOSE__) #elif /*}{*/ ( __FreeBSD_cc_version == 530001 ) /* 5.[3-5] */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $__CLOSE__) #elif /*}{*/ ( __FreeBSD_cc_version == 600001 ) /* 6.[01] */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.6.1 2006/04/13 04:00:23 gshapiro Exp $__CLOSE__) #elif /*}{*/ ( __FreeBSD_cc_version == 602001 ) /* 6.2 */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.2.6.2.1 2008/10/02 02:57:24 kensmith Exp $__CLOSE__) #elif /*}{*/ ( __FreeBSD_cc_version == 700003 ) /* 7.0 & 7.1 & 7.2 & 7.3 & 7.4 */ // 7.0 or 7.1 or 7.2 or 7.3 VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.4.2.1 2010/02/10 00:26:20 kensmith Exp $') // 7.4 VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.4.4.1 2010/12/21 17:10:29 kensmith Exp $') VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.4.4.1 2010/12/21 17:10:29 kensmith Exp $__CLOSE__) #elif /*}{*/ ( __FreeBSD_cc_version == 800001 ) /* 8.0 - 8.4 */ #if defined RELEASE_8_0 /* {{ */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.37.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $__CLOSE__) #elif defined RELEASE_8_1 /* }{ */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.37.2.2.2.1 2010/06/14 02:09:06 kensmith Exp $__CLOSE__) #elif defined RELEASE_8_2 /* }{ */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.37.2.2.4.1 2010/12/21 17:09:25 kensmith Exp $__CLOSE__) #elif defined RELEASE_8_3 /* }{ */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.37.2.3.2.1 2012/03/03 06:15:13 kensmith Exp $__CLOSE__) #elif defined RELEASE_8_4 /* }{ */ VERSIONID(`$FreeBSD: release/8.4.0/etc/sendmail/freebsd.mc 250169 2013-05-02 01:39:32Z gshapiro $__CLOSE__) #else /* }{ */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v - Unknown 8.x - kensmith Exp $__CLOSE__) #endif /* } __FreeBSD_cc_version == 800001 } */ #elif /*}{*/ ( __FreeBSD_cc_version == 900001 ) /* 9.0 - 9.1 */ #if defined RELEASE_9_0 /* {{ */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.39.2.1.2.1 2011/11/11 04:20:22 kensmith Exp $__CLOSE__) /* brackets.c:` */ #elif (defined RELEASE_9_1) /* }{ */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.39.2.1.4.2 2012/11/17 08:47:01 svnexp Exp $__CLOSE__) /* brackets.c:` */ #elif (defined RELEASE_9_2) /* }{ */ VERSIONID(`$FreeBSD: release/9.2.0/etc/sendmail/freebsd.mc 249867 2013-04-25 01:46:20Z gshapiro $__CLOSE__) /* brackets.c:` */ #elif (defined 10.0-BETA1 ) /* }{ */ VERSIONID(`$FreeBSD: stable/10/etc/sendmail/freebsd.mc 249732 2013-04-21 17:11:45Z gshapiro $__CLOSE__) /* brackets.c:` */ #elif (defined RELEASE_10_0) /* }{ */ VERSIONID(`$FreeBSD: 10 UNKNOWN__CLOSE__) /* brackets.c:` */ #elif (defined RELEASE_10_1) /* }{ */ VERSIONID(`$FreeBSD: release/10.1.0/etc/sendmail/freebsd.mc 266698 2014-05-26 15:42:39Z gshapiro $__CLOSE__) #else /* }{ */ VERSIONID(`$FreeBSD: UNKNOWN__CLOSE__) #endif /* }} */ #elif /*}{*/ ( __FreeBSD_cc_version == 1000001 ) /* 10.0 & 10.1 & 10.3 */ #if defined 10.3-RELEASE-p4 /* { */ #elif (defined RELEASE_10_1) /* }{ */ #elif (defined RELEASE_10_2) /* }{ */ VERSIONID(`$FreeBSD: release/10.2.0/etc/sendmail/freebsd.mc 285304 2015-07-09 05:25:47Z gshapiro $__CLOSE__) #elif (defined RELEASE_10_3) /* }{ */ VERSIONID(`$FreeBSD: release/10.3.0/etc/sendmail/freebsd.mc 285304 2015-07-09 05:25:47Z gshapiro $__CLOSE__) #endif /* } */ #elif /*}{*/ ( __FreeBSD_cc_version == 1100001 ) /* 11_0-CURRENT */ VERSIONID(`$FreeBSD: head/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__) // #elif /*}{*/ ( __FreeBSD_cc_version == 1100508 ) /* 11.2-RELEASE */ VERSIONID(`$FreeBSD: release/11.2.0/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__) /* brackets.c:` */ // #elif /*}{*/ ( __FreeBSD_cc_version == 1200015 ) /* 12 Current */ VERSIONID(`$FreeBSD: head/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__) /* http://www.freebsd.org/doc/en/books/porters-handbook/versions-12.html */ // #elif /*}{*/ ( __FreeBSD_cc_version == 1200016 ) /* 12.0-p3 12.1-p2 */ // VERSIONID(`$FreeBSD: head/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $') 12.0-p3 // VERSIONID(`$FreeBSD: releng/12.1/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $') 12.1-p2 VERSIONID(`$FreeBSD: releng/12.1/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__) // #elif /*}{*/ ( __FreeBSD_cc_version == 1200018 ) /* 12.0-STABLE cat .ctm_status src-12 320 .svn_revision 349176 */ VERSIONID(`$FreeBSD: stable/12/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__) // #elif /*}{*/ ( __FreeBSD_cc_version == 1200021 ) /* 12.1-STABLE 2020-02-05 */ VERSIONID(`$FreeBSD: stable/12/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__) // #elif /*}{*/ ( __FreeBSD_cc_version == 1200023 ) /* 12.2-RELEASE & 12.2-STABLE & 12.3-RELEASE */ // VERSIONID(`$FreeBSD: releng/12.2/etc/sendmail/freebsd.mc 363465 2020-07-24 00:22:33Z gshapiro $') // VERSIONID(`$FreeBSD: releng/12.3/etc/sendmail/freebsd.mc 363465 2020-07-24 00:22:33Z gshapiro $') VERSIONID(`$FreeBSD: releng/12.3/etc/sendmail/freebsd.mc 363465 2020-07-24 00:22:33Z gshapiro $__CLOSE__) // #elif /*}{*/ ( __FreeBSD_cc_version == 1200025 ) /* 12.3-STABLE 2022-04-28 */ // By 2021-08-16 I found 12.2 stable freebsd.mc just has VERSIONID(`$FreeBSD$') // VERSIONID(`$FreeBSD$__CLOSE__) VERSIONID(`$FreeBSD$__CLOSE__) // #elif /*}{*/ ( __FreeBSD_cc_version == 1300007 ) // 13.0-CURRENT 2020-04-16 // VERSIONID(`$FreeBSD: head/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__) // 13.0-RELEASE-p8 2020-04-14 VERSIONID(`$FreeBSD$__CLOSE__) // #elif /*}{*/ ( __FreeBSD_cc_version == 1400006 ) // 14.0-RELEASE-p3 2024-01-08 14.3-RELEASE-p2 2025-09-08 host=land // not in 14.3-RELEASE-p2: VERSIONID(`$FreeBSD$__CLOSE__) // #else /*}{ __FreeBSD_cc_version number unknown */ VERSIONID(`$FreeBSD: common.cpp Unknown version, run cpp -dM /dev/null | grep __FreeBSD_cc_version__CLOSE__) /* brackets.c:` */ #endif /* __FreeBSD_cc_version number unknown } */ // __FreeBSD_cc_version switch } #else /* defined freebsd_cmp }{ not defined freebsd_cmp */ /* The HOSTNAME that Make passes in has no spaces, but cpp screws up * and adds a space before & after. */ VERSIONID(`$FreeBSD: src/etc/sendmail/common.cpp Copyright jhs@ for HOSTNAME\__CLOSE__) #endif /* not defined freebsd_cmp } defined freebsd_cmp }*/ // ---------------------------------------------------------------------------- #if defined park_js_berklix_net /*{*/ __HASH__ Debug for vi *.mc: park_ js_ berklix_ net is defined as park_js_berklix_net #elif defined mart_js_berklix_net /*}{*/ __HASH__ Debug for vi *.mc: mart_ js_ berklix_ net is defined as mart_js_berklix_net #elif defined dell_js_berklix_net /*}{*/ /* /etc/make.conf has SENDMAIL_MC=dell.js.berklix.net.mc */ __HASH__ Debug for vi *.mc: dell_ js_ net is defined as dell_js_berklix_net #elif defined dell_no_berklix_net /*}{*/ /* /etc/make.conf has SENDMAIL_MC=dell.no.berklix.net.mc */ __HASH__ Debug for vi *.mc: dell_ no_ net is defined as dell_no_berklix_net #elif defined lapr_js_berklix_net /*}{*/ /* /etc/make.conf has SENDMAIL_MC=lapr.js.berklix.net.mc */ __HASH__ Debug for vi *.mc: lapr_ no_ net is defined as lapr_js_berklix_net #elif defined lapr_no_berklix_net /*}{*/ /* /etc/make.conf has SENDMAIL_MC=lapr.no.berklix.net.mc */ __HASH__ Debug for vi *.mc: lapr_ no_ berklix_ net is defined as lapr_no_berklix_net #endif /*}*/ // ---------------------------------------------------------------------------- /* /usr/src/contrib/sendmail/cf/ostype/freebsd4.m4 */ #if /*{*/ (__FreeBSD_cc_version < 500000) /* not quite right number */ OSTYPE(freebsd4) #elif /*}{*/ (__FreeBSD_cc_version >= 600001) /* uname -r 6.0 & 7.2 */ OSTYPE(freebsd6) #else /*}{*/ OSTYPE(freebsd5) #endif /*}*/ // ---------------------------------------------------------------------------- #if /*{*/ ( ( defined park_js_berklix_net ) || ( defined mart_js_berklix_net ) ) #define GATE_HOST 1 #elif /*}{*/ ( defined fire_js_berklix_net ) #define END_HOST 1 #elif /*}{*/ ( ( defined lapr_no_berklix_net ) || ( defined laps_no_berklix_net ) \ || ( defined dell_no_berklix_net ) ) #define MOBILE_HOST 1 #elif /*}{*/ ( ( defined land_berklix_org ) || ( defined slim_berklix_org )) #define BERKLIX_SERVER_REMOTE 1 #else /*}{*/ /* Internal subsidiary host at Holz. */ #endif /*}*/ // ---------------------------------------------------------------------------- /* Log level. 15 is a good start value for debugging, but log may flood */ #if /* { */ ( defined XXland_berklix_org ) /* /var: Big */ define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__) /* brackets.c:` */ #elif /* }{ */ ( defined slim_berklix_org ) /* /var: 1Gig */ /* define(`confLOG_LEVEL', `15') */ /* brackets.c:` */ #elif /* }{ */ ( defined fire_js_berklix_net ) /* /var: 250M */ define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__) /* brackets.c:` */ #elif /* }{ */ ( defined lapr_js_berklix_net ) /* /var: ? */ define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__) /* brackets.c:` */ #elif /* }{ */ ( defined dell_js_berklix_net ) /* /var: ? */ define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__) /* brackets.c:` */ #elif /* }{ */ ( defined lapr_no_berklix_net ) /* /var: ? */ define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__) /* brackets.c:` */ #elif /* }{ */ ( defined dell_no_berklix_net ) /* /var: ? */ define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__) /* brackets.c:` */ #elif /* }{ */ ( defined mart_js_berklix_net ) /* /var: ?? */ define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__) /* brackets.c:` */ #elif /* }{ */ ( defined park_js_berklix_net ) /* /var: 1.1G */ define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__) /* brackets.c:` */ #endif /*}*/ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ /* Give rejected domains a clue who to phone, in case its not a spammer. * contrib/sendmail/cf/README: * confREJECT_MSG - [550 Access denied] The message * given if the access database contains * REJECT in the value portion. * With * define(`confREJECT_MSG', * `550 Access denied http:/__BREAK__/www.berklix.com/~jhs/phone/') * A diff of the .cf file before & after shows eg: * R <$*> $#error $@ 5.7.1 $: "550 Access denied" * R <$*> $#error $: 550 Access denied http://www.berklix.com/~jhs/phone/ * I suppose "$@ 5.7.1" might be name of sendmail, * Below loses the "$@ 5.7.1" * * 10.1-RELEASE with * define(`confREJECT_MSG',`"550 Access denied http:/__BREAK__/www.berklix.com/~jhs/phone/access/"') * complains: * slim.berklix.org.cpp:446:97: warning: empty character constant [-Winvalid-pp-token] * define(`confREJECT_MSG',`"550 Access denied http:/__BREAK__/www.berklix.com/~jhs/phone/access/"') */ define(`confREJECT_MSG__CLOSE__,`"550 Access denied http:/__BREAK__/www.berklix.com/~jhs/phone/access/"__CLOSE__) /* contrib/sendmail/cf/README: * confRELAY_MSG - [550 Relaying denied] The message * given if an unauthorized relaying * attempt is rejected. * I dont need to warn anyone here, but the text makes it * clearer to me in my daily run output, if the message is * coming from my host, & why, hence variant endings /access/ or /relay/ * which are just symbolic links in the web to the same file currently. * * 10.1-RELEASE with * define(`confRELAY_MSG',`"550 Relaying denied http:/__BREAK__/www.berklix.com/~jhs/phone/relay/"') * complains: * slim.berklix.org.cpp:462:22: warning: empty character constant [-Winvalid-pp-token] * define(`confRELAY_MSG',`"550 Relaying denied http:/__BREAK__/www.berklix.com/~jhs/phone/relay/"') */ define(`confRELAY_MSG__CLOSE__,`"550 Relaying denied http:/__BREAK__/www.berklix.com/~jhs/phone/relay/"__CLOSE__) #endif /* !freebsd_cmp } */ // ---------------------------------------------------------------------------- DOMAIN(generic) /* * 4.9 pulls in src/contrib/sendmail/cf/domain/generic.m4 * define(`confFORWARD_PATH', * `$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward')dnl * define(`confMAX_HEADERS_LENGTH', `32768')dnl * FEATURE(`redirect')dnl * FEATURE(`use_cw_file')dnl * EXPOSED_USER(`root') * bracktes.c:`' * */ __BREAK__ // ---------------------------------------------------------------------------- #ifdef /*{*/ GATE_HOST define(`confDONT_BLAME_SENDMAIL__CLOSE__, `GroupReadableKeyFile__CLOSE__) /* timp@ uses this */ #endif /* GATE_HOST }*/ // ---------------------------------------------------------------------------- #if /*{*/ ( defined BERKLIX_SERVER_REMOTE ) /* SASL stuff */ define(`confDONT_BLAME_SENDMAIL__CLOSE__,`GroupReadableSASLDBFile__CLOSE__) /* for Sendmail 8.12 (FreeBSD 4.10 has 8.12.11) */ #endif /* !BERKLIX_SERVER_REMOTE }*/ // ---------------------------------------------------------------------------- /* /usr/local/share/doc/cyrus-sasl2/Sendmail.README * The group needs to be mail in order to read the sasldb2 file * /usr/ports/security/cyrus-sasl/files/Sendmail.README: * The group needs to be mail in order to read the sasldb file * Not documented by Snake. * Added per timp@ 2004.01.05: * define(CYRUS_MAILER_PATH, `/usr/local/cyrus/bin/deliver') * brackets.c:` * All 3 remote hosts & Host=Mart 2006.08.13 have no /usr/local/cyrus * so I commented out CYRUS_MAILER_PATH */ #if /*{*/ ( defined BERKLIX_SERVER_REMOTE ) /* SASL stuff */ define(CYRUS_MAILER_USER, `cyrus:cyrus__CLOSE__) // brackets.c ` #endif /* !BERKLIX_SERVER_REMOTE }*/ // ---------------------------------------------------------------------------- #if /*{*/ ( defined BERKLIX_SERVER_REMOTE ) /* SASL stuff */ /* timp@ has define(`confCLIENT_OPTIONS', `Address=64.56.138.134') Why ? */ #endif /* !BERKLIX_SERVER_REMOTE }*/ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ /* MASQUERADING: * - BERKLIX_SERVER_REMOTE @user.berklix: * I should Not masquerade as berklix.org, as normal users on that * host would lose reply mail that might go to other * berklix hosts where they had no login or forwarding. * - BERKLIX_SERVER_REMOTE @smtprelay.berklix: * I should Not masquerade as berklix.org, as if I do, my mail from holz * declaring itself berklix.com or js.berklix.com, appears as berklix.org, * @ gets rejected to -approval@berklix, as * jhs@ is not subscribed as @berklix.org, (As on lists with lots of * MS addicts, PC viruses of spammers harvest * good matches of eg jhs@ & {ms-addicts}@; * so to break that use * different domains for list & owner/ frequent senders). * - BERKLIX_SERVER_REMOTE all: * majordomo has aliases that guide all traffic to @lists.berklix so * removing masquerading should hopefully make no difference either * way for majordomo. Yet to be checked. * - BERKLIX_SERVER_REMOTE all: * Most subscribers on some lists here are clueless MS users, * Ideally, would be nice to subsume 3xHost.berklix to avoid * their getting further confused - but how ? * - GATE_HOST: * Masquerading as berklix.com now, maybe later js.berklix.com * If this were not to masquerade, All internal hosts would need to, * else eg replies would never get back to @lapl.js.berklix.net. * - GATE_HOST (or END_HOST) * - Need to change subscriptions on non berklix lists to match, * so outgoing posts to lists do not bounce. * - If I do the masquerade on a per sender host basis, * then some can masquerade as @berklix.com for majordomo@berklix * .org run lists & vector, & some as another domain for {other * lists & visitors & contract business } * - http://www.sendmail.org/m4/masquerading.html * The masquerade name is not normally canonified, so it is * important that it be your One True Name, that is, fully * qualified and not a CNAME. However, if you use a CNAME, the * receiving side may canonify it for you, so don't think you * can cheat CNAME mapping this way. * - An example of usage of word canonicalise * sftp flat * Connecting to flat... * sftp> cd pu*l/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail * Couldn't canonicalise: No such file or directory * sftp> cd public_html/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail * sftp> * - An example of usage of word canonical: * nslookup webmail.berklix.org * webmail.berklix.org canonical name = land.berklix.org. * I guess thats where the C in Cname in DNS derives from. */ #if 0 /* pre 2009 06 10 was ifdef GATE_HOST {*/ /* Mine (js.berklix is a cname, & when I used to have DNS records of eg * cluster 1H IN A 1.2.3.4 ; server1 * cluster 1H IN A 1.2.3.4 ; server2 * cluster 1H IN A 1.2.3.4 ; server3 * cluster 1H IN A 1.2.3.4 ; server4 * js 0 IN CNAME cluster * AOL was answering to @cluster.berklix.net ) */ define(`MASQ_JHS_HOST__CLOSE__,`js__CLOSE__) // .cf equivalent Dwjs define(`MASQ_JHS_DOMAIN__CLOSE__,`berklix.net__CLOSE__) // .cf equivalent Dmberklix.net // MASQUERADE_AS(`MASQ_JHS_HOST.MASQ_JHS_DOMAIN') // brackets.c:` #endif /*}*/ #if ( defined GATE_HOST ) /*{{*/ MASQUERADE_AS(`berklix.com__CLOSE__) // brackets.c:` /* sendmail.cf * Now * DMberklix.com * Maybe later * DMjs.berklix.com */ #elif ( defined BERKLIX_SERVER_REMOTE ) /*}{*/ MASQUERADE_AS(`berklix.org__CLOSE__) // brackets.c:` #elif ( defined END_HOST ) /*}{ Internal end hosts that sends & receives */ MASQUERADE_AS(`berklix.com__CLOSE__) // brackets.c:` #elif ( defined MOBILE_HOST ) /*}{ lapr dell laps */ MASQUERADE_AS(`berklix.com__CLOSE__) // brackets.c:` // Maybe later use berklix.net #else /*}{ Other internal hosts that send but not receive */ MASQUERADE_AS(`berklix.com__CLOSE__) // brackets.c:` #endif /*}}*/ #endif /* } */ // ---------------------------------------------------------------------------- /* I could add a trailing dot on MASQUERADE_AS but I neve have. * .cf: DMjs.berklix.net * people then reply to @ slim.berklix.net * as my DNS has "js 0 IN CNAME slim" * majordomo@greatcircle.com sees me as jhs@slim.berklix * & refers me to list owner. */ // ---------------------------------------------------------------------------- /* http://www.sendmail.org/m4/masquerading.html * Normally the only addresses that are masqueraded are those * that come from this host (that is, are either unqualified * or in class {w}, the list of local domain names). You can * augment this list, which is realized by class {M} using * MASQUERADE_DOMAIN(`otherhost.domain') * MASQUERADE_DOMAIN(`otherhost.domain') sender hosts to map * cf: class M: domains that should be converted to $M * http://www.sendmail.org/m4/masquerading.html * Normally the only addresses that are masqueraded are those * that come from this host (that is, are either unqualified * or in class {w}, the list of local domain names). You can * augment this list, which is realized by class {M} using * MASQUERADE_DOMAIN * The effect of this is that although mail to user@otherhost.domain * will not be delivered locally, any mail including any * user@otherhost.domain will, when relayed, be rewritten to * have the MASQUERADE_AS address. This can be a space-separated * list of names. */ #ifdef BERKLIX_SERVER_REMOTE /*{*/ // MASQUERADE_DOMAIN(`berklix.com berklix.de berklix.eu berklix.net berklix.org berklix.uk bsdpie.eu geoffharries.com surfacevision.com the-phoney-photon.com') // brackets.c:` // I probably dont want this at all later, for now reducing to test. MASQUERADE_DOMAIN(`surfacevision.com geoffharries.com the-phoney-photon.com__CLOSE__) // brackets.c:` #elif ( ( defined GATE_HOST ) || (defined END_HOST ) ) /*}{*/ MASQUERADE_DOMAIN(`js.berklix.net berklix.com mmc.private gj.org__CLOSE__) #elif /*}{*/ ( defined MOBILE_HOST ) /* Pre 2019-04-15 MASQUERADE_DOMAIN(`no.berklix.net js.berklix.net berklix.com mmc.private gj.org') */ MASQUERADE_DOMAIN(`no.berklix.net__CLOSE__) #endif /* } */ /* http://www.sendmail.org/m4/masquerading.html * If these names are in a file, you can use * MASQUERADE_DOMAIN_FILE(`filename') * to read the list of names from the indicated file (i.e., * to add elements to class {M}). * ---------------------------------------------------------------------------- * http://www.sendmail.org/m4/masquerading.html * To exempt hosts or subdomains from being masqueraded, you can use * MASQUERADE_EXCEPTION(`host.domain') * This can come handy if you want to masquerade a whole domain * except for one (or a few) host(s). If these names are in a * file, you can use * MASQUERADE_EXCEPTION_FILE(`filename') * brackets.c:`' */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ /* http://www.sendmail.org/m4/features.html#masquerade_envelope * masquerade_envelope * If masquerading is enabled (using MASQUERADE_AS) or the * genericstable is in use, this feature will cause envelope * addresses to also masquerade as being from the masquerade * host. Normally only the header addresses are masqueraded. * genericstable This feature will cause unqualified addresses * (i.e., without a domain) and addresses with a domain listed * in class {G} to be looked up in a map and turned into another * ("generic") form, which can change both the domain name and * the user name. * * Notice: if you use an MSP (as it is default starting with * 8.12), the MTA will only receive qualified addresses from * the MSP (as required by the RFCs). Hence you need to add * your domain to class {G}. * * This feature is similar to the userdb functionality. The * same types of addresses as for masquerading are looked up, * i.e., only header sender addresses unless the allmasquerade * and/or masquerade_envelope features are given. Qualified * addresses must have the domain part in class {G}; entries * can be added to this class by the macros GENERICS_DOMAIN * or GENERICS_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN * and MASQUERADE_DOMAIN_FILE). * * http://en.wikipedia.org/wiki/MSP * MSP = Message Submission Program or smmsp in Sendmail e-mail systems * * http://www.sendmail.org/m4/anti_spam.html * FEATURE(`access_db') * brackets.c:`' * Notice: the access database is applied to the envelope * addresses and the connection information, not to the header. * My notes: * masquerade_envelope is the unique per recipient header data, * not the header info that is common to all recipients of a mail. * .cf effect: * Enabling this feature changes the .cf file Ruleset 94 from * R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 * To * R$+ $@ $>MasqHdr $1 * Analysis to see if necessary: * BERKLIX_SERVER_REMOTE=Off, GATE_HOST=Off, END_HOST=Off: Fails to @freebsd * BERKLIX_SERVER_REMOTE=Off, GATE_HOST=Off, END_HOST=On : OK * BERKLIX_SERVER_REMOTE=Off, GATE_HOST=On , END_HOST=Off: OK * BERKLIX_SERVER_REMOTE=Off, GATE_HOST=On , END_HOST=On : OK * BERKLIX_SERVER_REMOTE=On , GATE_HOST=Off, END_HOST=Off: Fails to @freebsd * BERKLIX_SERVER_REMOTE=On , GATE_HOST=Off, END_HOST=On : OK * BERKLIX_SERVER_REMOTE=On , GATE_HOST=On , END_HOST=Off: OK * BERKLIX_SERVER_REMOTE=On , GATE_HOST=On , END_HOST=On : OK */ #if ( GATE_HOST || END_HOST || MOBILE_HOST ) /*{*/ FEATURE(`masquerade_envelope__CLOSE__) // brackets.c:` #endif /* } */ #endif /* } */ // ---------------------------------------------------------------------------- /* * Not all local aliases are on all BERKLIX_SERVER_REMOTE * * http://www.sendmail.org/m4/features.html#allmasquerade * If masquerading is enabled (using MASQUERADE_AS), this * feature will cause recipient addresses to also masquerade * as being from the masquerade host. Normally they get the * local hostname. Although this may be right for ordinary * users, it can break local aliases. * * For example, if you send to "localalias", the originating * sendmail will find that alias and send to all members, * but send the message with "To: localalias@masqueradehost". * Since that alias likely does not exist, replies will * fail. * * Use this feature only if you can guarantee that the * entire namespace on your masquerade host supersets all * the local entries. * Improves CC addresses that have same name on remote & local. * Some local-only aliases (that I used to BCC rather than CC to avoid * wrongly advertising as eg foobar@js.berklix) will now * instead equally wrongly advertise as foobar@berklix */ #if ( END_HOST || MOBILE_HOST ) /*{*/ FEATURE(`allmasquerade__CLOSE__) // brackets.c:` #endif /*}*/ // ---------------------------------------------------------------------------- /* FEATURE(`masquerade_entire_domain') * To get mail from individual hosts to be masqueraded, else only mail from * non existant host with domain name js.berklix.net gets masqueraded. * http://www.sendmail.org/m4/features.html#allmasquerade * If masquerading is enabled (using MASQUERADE_AS) * and MASQUERADE_DOMAIN is set, this feature will * cause addresses to be rewritten such that the * masquerading domains are actually entire domains * to be hidden. All hosts within the masquerading * domains will be rewritten to the masquerade name * (used in MASQUERADE_AS). For example,if you have: * MASQUERADE_AS(`masq.com') * MASQUERADE_DOMAIN(`foo.org') * MASQUERADE_DOMAIN(`bar.com') * then *foo.org and *bar.com are converted to masq.com. * Without this feature, only foo.org and bar.com are masqueraded. * NOTE: only domains within your jurisdiction and current * hierarchy should be masqueraded using this. */ #if ( (defined GATE_HOST ) || (defined END_HOST ) || ( defined MOBILE_HOST ) \ /* || (defined BERKLIX_SERVER_REMOTE) */ ) /*{*/ FEATURE(`masquerade_entire_domain__CLOSE__) // brackets.c:` /* At 2009.06.02 a remote server was running with this by accident */ #endif /* } */ // ---------------------------------------------------------------------------- /* genericstable = generics table, not generic stable. * FEATURE(`genericstable') * GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains') * http://sendmail.org/virtual-hosting.html says: * If you would like to reverse-map local users for out-bound * mail, you will need to add support for the generics table. */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ #if ( ( !defined BERKLIX_SERVER_REMOTE ) && ( !defined END_HOST ) ) /*{ @Holz */ define(`RECEIVER_JHS_FULL__CLOSE__,`mail.js.berklix.net__CLOSE__) #endif /* @Holz }*/ #endif /* } */ // ---------------------------------------------------------------------------- /* * Define a smart host */ #if ( ( defined BERKLIX_SERVER_REMOTE ) || ( defined freebsd_cmp ) ) /*{{*/ /* No Smart Host */ #elif /*}{*/ (defined GATE_HOST ) /* smtprelay.berklix.org has DNS A records for IPs of multiple hosts in the * receiving server cluster, though whether it is allowable to target * a cluster rather than a single IP, I dont know & havent tried yet */ define(`SMART_JHS_HOST__CLOSE__,`slim__CLOSE__) define(`SMART_JHS_DOMAIN__CLOSE__,`berklix.org__CLOSE__) define(`SMART_JHS_FULL__CLOSE__,`SMART_JHS_HOST.SMART_JHS_DOMAIN__CLOSE__) #elif /*}{*/ (defined MOBILE_HOST ) define(`SMART_JHS_HOST__CLOSE__,`land__CLOSE__) define(`SMART_JHS_DOMAIN__CLOSE__,`berklix.org__CLOSE__) define(`SMART_JHS_FULL__CLOSE__,`SMART_JHS_HOST.SMART_JHS_DOMAIN__CLOSE__) #else /* }{ */ // JJLATER why dont these below have doubles like ' is it cos older FreeBSD ? define(`SMART_JHS_HOST__CLOSE__,`hub__CLOSE__) define(`SMART_JHS_DOMAIN__CLOSE__,`js.berklix.net__CLOSE__) define(`SMART_JHS_FULL__CLOSE__,`SMART_JHS_HOST.SMART_JHS_DOMAIN__CLOSE__) define(`BRACKETS_C__CLOSE__,`BRACKETS_C__CLOSE__) #endif /* }} */ /* An AuthInfo record is also needed in * /site/domain/js.berklix.net/etc/mail/access.domain */ // ---------------------------------------------------------------------------- #if /*{*/ ( defined lapl_js_berklix_net) /* ForkEachJob [False] Run all deliveries in a separate process. * May be convenient on memory-poor machines. */ define(`confSEPARATE_PROC__CLOSE__,1) // brackets.c:` #endif /* !lapl_js_berklix_net }*/ // ---------------------------------------------------------------------------- #if /*{*/ ((defined GATE_HOST ) || (defined MOBILE_HOST )) /* || defined BERKLIX_SERVER_REMOTE */ FEATURE(`relay_entire_domain__CLOSE__) // brackets.c:` /* http://www.sendmail.org/m4/features.html#relay_entire_domain * This option also allows any host in your domain as defined * by class {m} to use your server for relaying. * Notice: make sure that your domain is not just a top * level domain, e.g., com. * This can happen if you give your host a name like * example.com instead of host.example.com. */ #endif /* } */ // ---------------------------------------------------------------------------- // FEATURE(local_no_masquerade) /* http://www.sendmail.org/m4/features.html#local_no_masquerade * This feature prevents the local mailer from * masquerading even if MASQUERADE_AS is used. * MASQUERADE_AS will only have effect on addresses * of mail going outside the local domain. */ // ---------------------------------------------------------------------------- FEATURE(access_db, `hash -o -T /etc/mail/access__CLOSE__) // brackets.c:` /* http://www.sendmail.org/m4/features.html#access_db * Turns on the access database feature. The access * db gives you the ability to allow or refuse to * accept mail from specified domains for administrative * reasons. Moreover, it can control the behavior of * sendmail in various situations. By default, the * access database specification is: * hash -T /etc/mail/access * See the Anti-Spam Configuration Control section for * further important information about this feature. * Notice: "-T" is meant literal, do not replace * it by anything. */ // ---------------------------------------------------------------------------- /* http://www.sendmail.org/m4/features.html#blacklist_recipients * Turns on the ability to block incoming mail for * certain recipient usernames, hostnames, or addresses. * For example, you can block incoming mail to user * nobody, host foo.mydomain.com, or guest@bar.mydomain.com. * These specifications are put in the access db as * described in the Anti-Spam Configuration Control * section later in this document. */ #ifdef freebsd_cmp /*{*/ // It's in all freebsd.mc #else /*}{*/ // & I think currently I want it in all my hosts #endif /*}*/ #if /*{{*/ ( __FreeBSD_cc_version < 1200023 ) /* 12.2-STABLE */ // 4.11-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients) // 6.4-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients) // 7.4-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients) // 8.4-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients) // 9.2-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients) __FreeBSD_cc_version 900001 // 9.3-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients) // 10.4-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients) // 11.4-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients) FEATURE(blacklist_recipients) #else /*}{*/ // 12.2-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blocklist_recipients) // 12.2-STABLE/src/etc/sendmail/freebsd.mc:FEATURE(blocklist_recipients) __FreeBSD_cc_version 1200023 // 12.3-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blocklist_recipients) // 13.0-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blocklist_recipients) FEATURE(blocklist_recipients) #endif /*}}*/ // ---------------------------------------------------------------------------- FEATURE(local_lmtp) /* http://www.sendmail.org/m4/features.html#local_lmtp * Use an LMTP capable local mailer. The argument to * this feature is the pathname of an LMTP capable * mailer. By default, mail.local is used. This is * expected to be the mail.local which came with the * 8.9 distribution which is LMTP capable. The path * to mail.local is set by the confEBINDIR m4 variable * -- making the default LOCAL_MAILER_PATH * /usr/libexec/mail.local. * WARNING: This feature sets LOCAL_MAILER_FLAGS * unconditionally, i.e., without respecting any * definitions in an OSTYPE setting. */ // ---------------------------------------------------------------------------- #ifdef freebsd_cmp /*{*/ FEATURE(mailertable, `hash -o /etc/mail/mailertable__CLOSE__) // brackets.c:` /* @2009.06 no file on flat or fire or lapa, & park was a dummy */ #endif /* } */ /* http://www.sendmail.org/m4/features.html#mailertable * Include a "mailer table" which can be used to * override routing for particular domains (which are * not in class {w}, i.e. local host names). The * argument of the FEATURE may be the key definition. * If none is specified, the definition used is: * hash /etc/mail/mailertable * Keys in this database are fully qualified domain * names or partial domains preceded by a dot -- for * example, "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". * As a special case of the latter, "." matches any * domain not covered by other keys. Values must be * of the form: * mailer:domain * where "mailer" is the internal mailer name, and * "domain" is where to send the message. These maps * are not reflected into the message header. As a * special case, the forms: * local:user * will forward to the indicated user using the local mailer, * local: * will forward to the original user in the e-mail * address using the local mailer, and * error:code message * error:D.S.N:code message * will give an error message with the indicated SMTP * reply code and message, where D.S.N is an RFC 1893 * compliant error code. * http://tools.ietf.org/html/rfc1893 */ // ---------------------------------------------------------------------------- /* @ 2009.06 all hosts have this, but only really need * #ifdef BERKLIX_SERVER_REMOTE */ /* for surfacevision.com bsdpie.eu geoffharries.com the-phoney-photon.com */ FEATURE(virtusertable, `hash -o /etc/mail/virtusertable__CLOSE__) // brackets.c:` __BREAK__ // ---------------------------------------------------------------------------- #if /*{*/ ( __FreeBSD_cc_version >= 1000001 ) /* 10.0 */ dnl Enable STARTTLS for receiving email. /* * STARTTLS capability is enabled by default in freebsd.mc in 11.0 * To create: host.key, host.cert, cacert.pem, dh.param: * http://www.sendmail.org/~ca/email/other/cagreg.html * Very brief introduction to create a CA and a CERT * Author: Gregory Neil Shapiro * To make certificate authority: * mkdir CA * cd CA * mkdir certs crl newcerts private * echo "01" > serial * cp /dev/null index.txt * cp /usr/local/openssl/openssl.cnf.sample openssl.cnf * vi openssl.cnf (set values) * openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365 -config openssl.cnf * To make a new certificate: * cd CA (same directory created above) * openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 365 -config openssl.cnf * (certificate and private key in file newreq.pem) To sign new certificate with certificate authority: * cd CA (same directory created above) * openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem * openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem * rm -f tmp.pem * (newcert.pem contains signed certificate, newreq.pem still contains unsigned certificate and private key) * ---------------- * ls -l \ * /etc/mail/certs/cacert.pem * /etc/mail/certs/dh.param * /etc/mail/certs/host.cert * /etc/mail/certs/host.key * /etc/ssl/openssl.cnf */ define(`CERT_DIR__CLOSE__, `/etc/mail/certs__CLOSE__)dnl define(`confSERVER_CERT__CLOSE__, `CERT_DIR/host.cert__CLOSE__)dnl define(`confSERVER_KEY__CLOSE__, `CERT_DIR/host.key__CLOSE__)dnl // Not yet arrived in __FreeBSD_cc_version >= 1200023 12.2-RELEASE & STABLE // define(`confCRL', `/usr/share/ssl/certs/revoke.crl') // Line above reccomended by http://www.linuxweblog.com/blogs/sandip/20071019/starttls-crlfile-missing-resolved // copied here: /site/usr/share/ssl/certs/ // wget http://www.cacert.org/revoke.crl define(`confCLIENT_CERT__CLOSE__, `CERT_DIR/host.cert__CLOSE__)dnl define(`confCLIENT_KEY__CLOSE__, `CERT_DIR/host.key__CLOSE__)dnl define(`confCACERT__CLOSE__, `CERT_DIR/cacert.pem__CLOSE__)dnl define(`confCACERT_PATH__CLOSE__, `CERT_DIR__CLOSE__)dnl #if /*{*/ (( __FreeBSD_cc_version >= 1200023 ) /* 12.2-RELEASE & STABLE */ && \ ( __FreeBSD_cc_version < /* 14.0-RELEASE-p3 */ 1400006 ) ) define(`confDH_PARAMETERS__CLOSE__, `CERT_DIR/dh.param__CLOSE__)dnl #endif /*}*/ // define(`confDH_PARAMETERS', `CERT_DIR/dh.param')dnl // Commented out 2021-03-07 as .cf get this: // O DHParameters=/etc/mail/certs/dh.param // & I dont have one, whatever they are. __BREAK__ #endif /*}*/ // ---------------------------------------------------------------------------- #if ! ( defined freebsd_cmp ) /*{*/ #endif /* !freebsd_cmp }*/ #if ( defined freebsd_cmp ) /*{*/ dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl __SPACE__ __SPACE__ __SPACE__ your permission. dnl FEATURE(relay_based_on_MX) __BREAK__ #if *{*/ ( __FreeBSD_cc_version < /* 14.0-RELEASE-p3 */ 1400006 ) dnl DNS based black hole lists dnl -------------------------------- dnl DNS based black hole lists come and go on a regular basis dnl so this file will not serve as a database of the available servers. #else /*}{ 14.0-RELEASE-p3 */ dnl DNS based block lists dnl --------------------- dnl DNS based block lists come and go on a regular basis so this dnl file will not serve as a database of the available servers. #endif /*}*/ /* Problem: * 9.1 & 9.2 both have __FreeBSD_cc_version == 900001 */ #if /*{*/ ( __FreeBSD_cc_version < 800001 ) dnl For that, visit /* 9.1: */ dnl http:/__BREAK__/www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/ /* 6.2 & 6.3: directory.google.com */ /* 7.1 & 6.4: www.google.com */ #else /*}{*/ /* 10.0 & 8.4 & 9.2 */ dnl For more information, visit dnl http:/__BREAK__/en.wikipedia.org/wiki/DNSBL #endif /*}*/ // ---------------------------------------------------------------------------- __BREAK__ #if /*{{*/ ( __FreeBSD_cc_version < 800001 ) /* 9.0 */ dnl Uncomment to activate Realtime Blackhole List dnl information available at http:/__BREAK__/www.mail-abuse.com/ dnl NOTE: This is a subscription service as of July 31, 2001 dnl FEATURE(dnsbl) #else /*}{ 8.3 & 8.4 & 10.1 */ #if *{*/ ( __FreeBSD_cc_version < /* 14.0-RELEASE-p3 */ 1400006 ) dnl Uncomment to activate your chosen DNS based blacklist #else /*}{ 14.0-RELEASE-p3 */ dnl Uncomment to activate your chosen DNS based block list #endif /*}*/ dnl FEATURE(dnsbl, `dnsbl.example.com__CLOSE__) // brackets.c:` #endif /*}}*/ dnl Alternatively, you can provide your own server and rejection message: // ---------------------------------------------------------------------------- /* cpp -dM /dev/null | grep __FreeBSD_cc_version * 6.2 with 602001 * 6.3 with 602001 * 6.4 with 602001 * 7.2 with 700003 * 8.2 with 800001 * 9.0 with 900001 * 9.1 with 900001 * * Older versions have one `` quote marks before the string * beginning "550, newer versions have two `` quote marks. * * 4.11:dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from " * $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr}') * * 7.4 :dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', ``"550 Mail from " * $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr}') * * 8.3 :dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from " * $&{client_addr} " rejected__CLOSE__) * * 9.0 :dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from " * $&{client_addr} " rejected') * brackets.c:"`' */ #if /*{{*/ ( __FreeBSD_cc_version < 602001 ) /* Assume 4.11, though might be newer, if so add code */ dnl FEATURE(dnsbl, `blackholes.mail-abuse.org__CLOSE__, `"550 Mail from " $&{client_addr} " rejected, see http:/__BREAK__/mail-abuse.org/cgi-bin/lookup?" $&{client_addr}__CLOSE__) // brackets.c:'`'` #elif /*}{*/ ( __FreeBSD_cc_version < 800001 ) /* 8.2 */ dnl FEATURE(dnsbl, `blackholes.mail-abuse.org__CLOSE__, ``"550 Mail from " $&{client_addr} " rejected, see http:/__BREAK__/mail-abuse.org/cgi-bin/lookup?" $&{client_addr}__CLOSE____BREAK____CLOSE__) // brackets.c:` #else /*}{ 8.3 & 8.4 & 9.0 & 10.1 */ dnl FEATURE(dnsbl, `dnsbl.example.com__CLOSE__, ``"550 Mail from " $&{client_addr} " rejected"__CLOSE____CLOSE__) // brackets.c:` #endif /*}}*/ __BREAK__ #endif /* !freebsd_cmp }*/ #if ! ( defined freebsd_cmp ) /*{*/ #endif /* !freebsd_cmp }*/ // ---------------------------------------------------------------------------- #if ( defined BERKLIX_SERVER_REMOTE ) /*{*/ /* LATER try: * FEATURE(`dnsbl', `bl.spamcop.net', * `"Spam blocked see: http:/__BREAK__/spamcop.net/bl.shtml?"$&{client_addr}') * brackets.c:` */ #endif /* }*/ // ---------------------------------------------------------------------------- #ifdef freebsd_cmp /*{*/ dnl Dialup users should uncomment and define this appropriately dnl define(`SMART_HOST__CLOSE__, `your.isp.mail.server__CLOSE__) __BREAK__ #endif /* } */ // ---------------------------------------------------------------------------- #if ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE ) /*{*/ define(`SMART_HOST__CLOSE__,`esmtp:SMART_JHS_FULL__CLOSE__) #endif /* !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE } */ // ---------------------------------------------------------------------------- #ifdef freebsd_cmp /*{*/ dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE__CLOSE__, `-o /etc/mail/sendmail.cw__CLOSE__) #endif /* } */ // ---------------------------------------------------------------------------- /* FEATURE(use_cw_file) already comes from DOMAIN(generic) */ /* http://www.sendmail.org/m4/features.html#use_cw_file * Read the file /etc/mail/local-host-names file to get * alternate names for this host. This might be used if you * were on a host that MXed for a dynamic set of other hosts. * If the set is static, just including the line "Cw * ..." (where the names are fully qualified domain * names) is probably superior. The actual filename can be * overridden by redefining confCW_FILE. */ define(`confCW_FILE__CLOSE__, `-o /etc/mail/local-host-names__CLOSE__) // ---------------------------------------------------------------------------- /* FEATURE(use_ct_file) */ /* http://www.sendmail.org/m4/features.html#use_ct_file * Read the file /etc/mail/trusted-users file to get the * names of users that will be ``trusted', that is, able * to set their envelope from address using -f without * generating a warning message. The actual filename can be * overridden by redefining confCT_FILE. * timp@ uses this * @ 2009.06 I am not using this file anywhere, * but I see ^Tjhs in the .cf file. */ // ---------------------------------------------------------------------------- #ifdef freebsd_cmp /*{*/ __BREAK__ #endif /* } */ // ---------------------------------------------------------------------------- #if 0 /*{*/ /* ( defined GATE_HOST ) */ /* Seperate Authinfo: * If I want to seperate out "AuthInfo:" lines (with passwords) from * /etc/mail/access into /etc/mail/authinfo. */ FEATURE(`authinfo__CLOSE__) // brackets.c:` #endif /* } */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{{*/ /* IPV6 I dont want it yet. * It solves the long term shortage of IP numbers on the Internet, * It also gives spammers * an infinite number of IP numbers to hide behind. * vi -c/Family=inet6 \ * contrib/sendmail/RELEASE_NOTES \ * contrib/sendmail/cf/README \ * contrib/sendmail/cf/m4/proto.m4 \ * contrib/sendmail/doc/op/op.me \ * etc/sendmail/common.cpp \ * etc/sendmail/freebsd.mc */ DAEMON_OPTIONS(`Name=IPv4, Family=inet__CLOSE__) // brackets.c:` /* If one does Not specify the line above, the .cf file inherits * O DaemonPortOptions=Name=MTA * instead of * O DaemonPortOptions=Name=IPv4, Family=inet */ #else /*}{ freebsd_cmp */ #if /*{{*/ ( ( __FreeBSD_cc_version == 500005 ) /* 5.1 */ || \ ( __FreeBSD_cc_version == 510002 ) /* 5.2 */ ) dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4 dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet__CLOSE__) dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6__CLOSE__) #elif /*}{*/ ( \ ( __FreeBSD_cc_version == 460001 ) /* 4.[7-11] */ || \ ( __FreeBSD_cc_version == 530001 ) /* 5.[3-5] */ || \ ( __FreeBSD_cc_version == 600001 ) /* 6.[01] */ || \ ( __FreeBSD_cc_version == 602001 ) /* 6.2 */ || \ ( __FreeBSD_cc_version == 700003 ) /* uname -r 7.0-BETA2 */ || \ ( __FreeBSD_cc_version == 800001 ) /* 8.0 - 8.3 */ || \ ( __FreeBSD_cc_version == 900001 ) /* 9.0 */ || \ ( __FreeBSD_cc_version == 1000001 ) /* 10.0-BETA2 - 10.0 */ || \ ( __FreeBSD_cc_version >= 1100001 ) /* 11_0-CURRENT */ ) dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet__CLOSE__) DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O__CLOSE__) #else /*}{*/ dnl Unrecognised FreeBSD Version DAEMON_OPTIONS(`Name=IPv4, Family=inet__CLOSE__) DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O__CLOSE__) #endif /*}}*/ #endif /*}}*/ // ---------------------------------------------------------------------------- __BREAK__ // ---------------------------------------------------------------------------- /* http://www.sendmail.org/m4/features.html#smrsh * Use the SendMail Restricted SHell (smrsh) provided with * the distribution instead of /bin/sh for mailing to programs. * This improves the ability of the local system administrator * to control what gets run via e-mail. If an argument is * provided it is used as the pathname to smrsh; otherwise, * the path defined by confEBINDIR is used for the smrsh binary * -- by default, /usr/libexec/smrsh is assumed. */ #if /*{*/ ( defined GATE_HOST ) /* * Left off for other hosts as some need pipes: * BERKLIX_SERVER_REMOTE needs pipes for majordomo. * END_HOST needs pipes for receiving ctm_rmail */ FEATURE(smrsh) #endif /* !GATE_HOST } */ // ---------------------------------------------------------------------------- /* http://www.sendmail.org/m4/features.html#accept_unresolvable_domains * Normally, MAIL FROM: commands in the SMTP session will be * refused if the host part of the argument to MAIL FROM: * cannot be located in the host name service (e.g., an A or * MX record in DNS). If you are inside a firewall that has * only a limited view of the Internet host name space, this * could cause problems. In this case you probably want to use * this feature to accept all domains on input, even if they * are unresolvable. */ #if ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE ) /*{*/ /* Internal hosts with no DNS to world, * or GATE_HOST with perhaps only intermittent DNS access to world. * I could try including && ( ! defined GATE_HOST ) but * I want my SMTP to accept anything for outgoing, even if it is offline * & can not resolve anything. But this means I * might accept anything incoming from random people scanning * me, so my firewall allows SMTP only with my remote servers. * Grep keywords: R-DNS RDNS reverse lookup */ FEATURE(`accept_unresolvable_domains__CLOSE__) // brackets.c:` #endif /* !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE } */ // ---------------------------------------------------------------------------- #ifdef /*{*/ BERKLIX_SERVER_REMOTE #if /*{*/ ((__FreeBSD_cc_version > 602001) || \ ((__FreeBSD_cc_version == 602001) && defined require_dns )) /* cpp -dM < /dev/null | grep __FreeBSD_cc_version * cc FreeBSD Sendmail * 460001 4.11 8.13.1 * 4-stable 8.14.1 on 20070411 * 602001 6.2 8.13.8 flat * 602001 6.3 8.14.2/8.14.2 * 700003 7.0-PRE * 700003 7.1 8.14.3/8.14.3 fire * 700003 7.2 8.14.3/8.14.2 slim * 1000001 10.0 * The #if above is to prevent Makefile * failing on some hosts, as it generates for all hosts on all * release, inc. 4.11 & 6.2, & require_rdns only came in * with FreeBSD 6.3 & 7.0 * /usr/src/contrib/sendmail/cf/feature/require_rdns.m4 */ FEATURE(`require_rdns__CLOSE__) // brackets.c:` /* http://www.sendmail.org/documentation * CONFIG: New FEATURE(`require_rdns') `' to reject messages from SMTP * clients whose IP address does not have proper reverse DNS. * Not in 6.2, contrib/sendmail/cf/feature/require_rdns.m4 * is in 6.3. * Sendmail Versions: */ #endif /*}*/ #endif /* BERKLIX_SERVER_REMOTE } */ // ---------------------------------------------------------------------------- #ifdef /*{*/ BERKLIX_SERVER_REMOTE /* http://www.sendmail.org/m4/features.html#limited_masquerade * Normally, any hosts listed in class {w} are * masqueraded. If this feature is given, only the * hosts listed in class {M} (see MASQUERADE_DOMAIN) * are masqueraded. This is useful if you have several * domains with disjoint namespaces hosted on the same * machine. * Class {w} is /etc/mail/local-host-names * With this On on BERKLIX_SERVER_REMOTE, A post to test@ shows: * From: "Julian H. Stacey" * Message-Id: <200906101908.n5AJ83tb067963@fire.js.berklix.ne * To: test@mailman.berklix. org * Sender: owner-test@slim.berklix. org * With this Off on BERKLIX_SERVER_REMOTE, A post to test@ shows: * From: owner-test@berklix. org * To: test-approval@berklix. org * Subject: BOUNCE test@lists: Non-member submission from * ["Julian H. Stacey" ] */ FEATURE(`limited_masquerade__CLOSE__) // brackets.c:` #endif /* BERKLIX_SERVER_REMOTE } */ // ---------------------------------------------------------------------------- #ifdef /*{*/ BERKLIX_SERVER_REMOTE /* Dup. of functionality in /etc/mail/access */ /* Listing berklix.net as RELAY in /etc/mail/access is insufficient */ RELAY_DOMAIN(`berklix.com__CLOSE__) // brackets.c:` RELAY_DOMAIN(`berklix.de__CLOSE__) // brackets.c:` RELAY_DOMAIN(`berklix.eu__CLOSE__) // brackets.c:` RELAY_DOMAIN(`berklix.net__CLOSE__) // brackets.c:` RELAY_DOMAIN(`berklix.org__CLOSE__) // brackets.c:` RELAY_DOMAIN(`berklix.uk__CLOSE__) // brackets.c:` RELAY_DOMAIN(`bsdpie.eu__CLOSE__) // brackets.c:` RELAY_DOMAIN(`geoffharries.com__CLOSE__) // brackets.c:` RELAY_DOMAIN(`js.berklix.com__CLOSE__) // brackets.c:` RELAY_DOMAIN(`js.berklix.de__CLOSE__) // brackets.c:` RELAY_DOMAIN(`js.berklix.eu__CLOSE__) // brackets.c:` RELAY_DOMAIN(`js.berklix.net__CLOSE__) // brackets.c:` RELAY_DOMAIN(`js.berklix.org__CLOSE__) // brackets.c:` RELAY_DOMAIN(`js.berklix.uk__CLOSE__) // brackets.c:` RELAY_DOMAIN(`js.bsdpie.eu__CLOSE__) // brackets.c:` RELAY_DOMAIN(`js.geoffharries.com__CLOSE__) // brackets.c:` RELAY_DOMAIN(`js.surfacevision.com__CLOSE__) // brackets.c:` RELAY_DOMAIN(`js.the-phoney-photon.com__CLOSE__) // brackets.c:` RELAY_DOMAIN(`no.berklix.com__CLOSE__) // brackets.c:` RELAY_DOMAIN(`no.berklix.de__CLOSE__) // brackets.c:` RELAY_DOMAIN(`no.berklix.eu__CLOSE__) // brackets.c:` RELAY_DOMAIN(`no.berklix.net__CLOSE__) // brackets.c:` RELAY_DOMAIN(`no.berklix.org__CLOSE__) // brackets.c:` RELAY_DOMAIN(`no.berklix.uk__CLOSE__) // brackets.c:` RELAY_DOMAIN(`no.bsdpie.eu__CLOSE__) // brackets.c:` RELAY_DOMAIN(`no.geoffharries.com__CLOSE__) // brackets.c:` RELAY_DOMAIN(`no.surfacevision.com__CLOSE__) // brackets.c:` RELAY_DOMAIN(`no.the-phoney-photon.com__CLOSE__) // brackets.c:` RELAY_DOMAIN(`surfacevision.com__CLOSE__) // brackets.c:` RELAY_DOMAIN(`the-phoney-photon.com__CLOSE__) // brackets.c:` #endif /* BERKLIX_SERVER_REMOTE } */ // ---------------------------------------------------------------------------- // Perhaps I might not need this till I use IPV6 ? define(`confBIND_OPTS__CLOSE__, `WorkAroundBrokenAAAA__CLOSE__) // define(`confBIND_OPTS', `WorkAroundBrokenAAAA') // ---------------------------------------------------------------------------- #if (defined freebsd_cmp ) /*{*/ /* I dont want this for my private or public machines */ define(`confNO_RCPT_ACTION__CLOSE__, `add-to-undisclosed__CLOSE__) #endif /* freebsd_cmp } */ // ---------------------------------------------------------------------------- define(`confPRIVACY_FLAGS__CLOSE__, `authwarnings,noexpn,novrfy__CLOSE__) // ---------------------------------------------------------------------------- #if /*{*/ ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE \ && !defined END_HOST && !defined MOBILE_HOST ) // define(`MAIL_HUB',`RECEIVER_JHS_FULL') define(`MAIL_HUB__CLOSE__,`mail.js.berklix.net.__CLOSE__) /* For duplicate suppression to work properly, the host name is best * specified with a terminal dot: * --- * Defining MAIL_HUB Causes .cf file to acquire this text: * # who gets all local email traffic * # ($R has precedence for unqualified names if FEATURE(stickyhost) is used) * DHmail.js.berklix.net * .... * R< > $+ $: < $H > $1 try hub */ #endif /* !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE && !defined END_HOST }*/ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ define(`confTRUSTED_USERS__CLOSE__, `jhs majordom majordomo__CLOSE__) // JJLATER is this needed by mailman ? or can I dump it ? #endif /* !freebsd_cmp } */ // ---------------------------------------------------------------------------- #ifdef NO_FLAT_RATE /*{*/ define(`confCON_EXPENSIVE__CLOSE__,True) // brackets.c:` #endif /* NO_FLAT_RATE } */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ define(`confTIME_ZONE__CLOSE__,`USE_SYSTEM__CLOSE__) #endif /* !freebsd_cmp } */ // ---------------------------------------------------------------------------- #if /*{*/ ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE \ && !defined GATE_HOST ) /* Internal local errors forwarded for fixing. * Skip errors usually from spam hitting public hosts & gateway. */ define(`confCOPY_ERRORS_TO__CLOSE__,`postmaster__CLOSE__) #endif /*!defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE && !defined GATE_HOST }*/ // ---------------------------------------------------------------------------- #if /*{*/ ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE \ && !defined GATE_HOST ) define(`confTO_QUEUERETURN__CLOSE__,`1d__CLOSE__) #endif /*!defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE && !defined GATE_HOST }*/ // ---------------------------------------------------------------------------- // .cf: O Timeout.queuewarn=1d // .cf: O Timeout.queuewarn=36h /* confTO_QUEUEWARN */ #if ( defined GATE_HOST ) /*{{*/ #ifndef MOBILE_HOST /*{{*/ define(`confTO_QUEUEWARN__CLOSE__,`36h__CLOSE__) // define(`confTO_QUEUEWARN',`36h') /* 36h Allows me to unplug gate from internal net, if I'm away overnight. * If gate is disconnected from internal net for longer than interval * confTO_QUEUEWARN, then people on external internet who have mailed * me, (& whose mail has been fetched to gate via fetchmail & then re-injected * back into gate's smtp for onward delivery to internal client), * receive a mail back like this: * { * From: Mail Delivery Subsystem * Date: 2016-01-27 10:09 GMT+01:00 * Subject: Warning: could not send message for past 12 hours * To: person@internet.com * ********************************************** * ** THIS IS A WARNING MESSAGE ONLY ** * ** YOU DO NOT NEED TO RESEND YOUR MESSAGE ** * ********************************************** * The original message was received at Tue, 26 Jan 2016 22:05:01 +0100 (CET) * from localhost.js.berklix.net [127.0.0.1] * ----- Transcript of session follows ----- * ... Deferred: Operation timed out with fire.js.berklix.net. * Warning: message still undelivered after 36 hours * Will keep trying until message is 5 days old * Final-Recipient: RFC822; jhs@localhost * X-Actual-Recipient: RFC822; jhs@mail.js.berklix.net * Action: delayed * Status: 4.4.1 * Remote-MTA: DNS; fire.js.berklix.net * Last-Attempt-Date: ....... * Will-Retry-Until: ...... * Whole of their original mail including enclosures * } */ #else /*}{*/ define(`confTO_QUEUEWARN__CLOSE__,`2h__CLOSE__) /* I may want different values while travelling & debugging. */ #endif /*}}*/ #elif /* }{ */ ( defined BERKLIX_SERVER_REMOTE ) // list host: Too many warnings from mail list members. // define(`confTO_QUEUEWARN',`12h') // If I turn off list server it all queues up on other hosts, // So I might want to reduce warnings there too ? // but normally I want less frequent warnings on list server /* Leave at default [4h] */ #endif /*}}*/ // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuewarn.normal=4h // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuewarn.urgent=1h // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuewarn.non-urgent=12h // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuewarn.dsn=4h // ---------------------------------------------------------------------------- // .cf: # checkpoint queue runs after every N successful deliveries // .cf: #O CheckpointInterval=10 // sendmail.8: This avoids excessive duplicate deliveries when // sending to long mailing lists interrupted by system crashes. // I suppose affects CPU, not traffic. // ---------------------------------------------------------------------------- // .cf: # open connection cache size // .cf: O ConnectionCacheSize=2 // I suppose affects CPU, not traffic. // ---------------------------------------------------------------------------- // .cf: # open connection cache timeout // .cf: O ConnectionCacheTimeout=5m // ---------------------------------------------------------------------------- // .cf: # log level // .cf: O LogLevel=15 // ---------------------------------------------------------------------------- // .cf: # slope of queue-only function // .cf: #O QueueFactor=600000 // ---------------------------------------------------------------------------- // .cf: # limit on number of concurrent queue runners // .cf: #O MaxQueueChildren // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). // define(`confMAX_QUEUE_CHILDREN',`7') // ---------------------------------------------------------------------------- // .cf: # maximum number of queue-runners per queue-grouping with multiple queues // .cf: #O MaxRunnersPerQueue=1 // ---------------------------------------------------------------------------- // .cf: # priority of queue runners (nice(3)) // .cf: #O NiceQueueRun // ---------------------------------------------------------------------------- // .cf: # minimum time in queue before retry // .cf: #O MinQueueAge=30m // contrib/sendmail/cf/README: // confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job // must sit in the queue between queue // runs. This allows you to set the // queue run interval low for better // responsiveness without trying all // jobs in each run. // Added 2009.08.02 after bsn subnet overload (though dont know if overload me). #if /*{*/ ( defined BERKLIX_SERVER_REMOTE ) define(`confMIN_QUEUE_AGE__CLOSE__,`40m__CLOSE__) #endif /* !BERKLIX_SERVER_REMOTE }*/ // ---------------------------------------------------------------------------- // .cf: # how many jobs can you process in the queue? // .cf: #O MaxQueueRunSize=0 // contrib/sendmail/cf/README: // confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of // any given queue run to this number of // entries. Essentially, this will stop // reading each queue directory after this // number of entries are reached; it does // _not_ pick the highest priority jobs, // so this should be as large as your // system can tolerate. If not set, there // is no limit. // ---------------------------------------------------------------------------- // .cf: # perform initial split of envelope without checking MX records // .cf: #O FastSplit=1 // ---------------------------------------------------------------------------- // .cf: #O Timeout.initial=5m // contrib/sendmail/cf/README: // confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response // on the initial connect. // I dont expect reducing this would would reduce load on bsn subnet. // ---------------------------------------------------------------------------- // .cf: #O Timeout.connect=5m // I dont expect reducing this would would reduce load on bsn subnet. // ---------------------------------------------------------------------------- // .cf: #O Timeout.aconnect=0s // contrib/sendmail/cf/README: // confTO_ACONNECT Timeout.aconnect // [0] The overall timeout waiting for // all connection for a single delivery // attempt to succeed. If 0, no overall // limit is applied. // I dont expect this would would reduce load on bsn subnet. // ---------------------------------------------------------------------------- // .cf: #O Timeout.iconnect=5m // contrib/sendmail/cf/README: // [undefined] Like Timeout.connect, but // applies only to the very first attempt // to connect to a host in a message. // This allows a single very fast pass // followed by more careful delivery // attempts in the future. // I guess if one inherits a new mail list, & many are of dubious valididty, // this mught allow a quick move on to skip initial non reponders. // Sound more like a spammer or a company inheriting another moribund // company might want - not me. // ---------------------------------------------------------------------------- // .cf: #O Timeout.helo=5m // ---------------------------------------------------------------------------- // .cf: #O Timeout.mail=10m // [10m] The timeout waiting for a response to the MAIL command. // ---------------------------------------------------------------------------- // .cf: #O Timeout.rcpt=1h // ---------------------------------------------------------------------------- // .cf: #O Timeout.datainit=5m // ---------------------------------------------------------------------------- // .cf: #O Timeout.datablock=1h // ---------------------------------------------------------------------------- // .cf: #O Timeout.datafinal=1h // ---------------------------------------------------------------------------- // .cf: #O Timeout.rset=5m // ---------------------------------------------------------------------------- // .cf: #O Timeout.quit=2m // ---------------------------------------------------------------------------- // .cf: #O Timeout.misc=2m // ---------------------------------------------------------------------------- // .cf: #O Timeout.command=1h // contrib/sendmail/cf/README: // Timeout.command [1h] In server SMTP, the timeout waiting for a // command to be issued. // JJLATER considering setting this to avoid a DOS attack // ---------------------------------------------------------------------------- // .cf: #O Timeout.ident=5s // ---------------------------------------------------------------------------- // .cf: #O Timeout.fileopen=60s // ---------------------------------------------------------------------------- // .cf: #O Timeout.control=2m // ---------------------------------------------------------------------------- // .cf: O Timeout.queuereturn=5d // contrib/sendmail/cf/README: // [5d] The timeout before a message is // returned as undeliverable. // I dont expect reducing this would would reduce load on server subnet. // but it should reduce the amount of spam to majordomo@ // pending return to faked senders // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). // define(`confTO_QUEUERETURN',`3d') // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuereturn.normal=5d // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuereturn.urgent=2d // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuereturn.non-urgent=7d // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuereturn.dsn=5d // ---------------------------------------------------------------------------- // .cf: #O Timeout.hoststatus=30m // Added 2009.08.02 after bsn subnet overload // (though dont know if overload was my server). // define(`confTO_HOSTSTATUS',`60m') // contrib/sendmail/cf/README: // confTO_HOSTSTATUS Timeout.hoststatus // [30m] How long information about host // statuses will be maintained before it // is considered stale and the host should // be retried. This applies both within // a single queue run and to persistent // information (see below). // ---------------------------------------------------------------------------- // .cf: #O Timeout.resolver.retrans=5s // contrib/sendmail/cf/README: // confTO_RESOLVER_RETRANS Timeout.resolver.retrans // [varies] Sets the resolver's // retransmission time interval (in // seconds). Sets both // Timeout.resolver.retrans.first and // Timeout.resolver.retrans.normal. // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). // define(`confTO_RESOLVER_RETRANS',`20s') // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.resolver.retrans.first=5s // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.resolver.retrans.normal=5s // ---------------------------------------------------------------------------- // .cf: #O Timeout.resolver.retry=4 // contrib/sendmail/cf/README: // confTO_RESOLVER_RETRY Timeout.resolver.retry // [varies] Sets the number of times // to retransmit a resolver query. // Sets both // Timeout.resolver.retry.first and // Timeout.resolver.retry.normal. // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). // define(`confTO_RESOLVER_RETRY',`3') // ---------------------------------------------------------------------------- // .cf: #O Timeout.resolver.retry.first=4 // ---------------------------------------------------------------------------- // .cf: #O Timeout.resolver.retry.normal=4 // ---------------------------------------------------------------------------- // .cf: #O Timeout.lhlo=2m // ---------------------------------------------------------------------------- // .cf: #O Timeout.auth=10m // ---------------------------------------------------------------------------- // .cf: #O Timeout.starttls=1h // ---------------------------------------------------------------------------- // .cf: # time for DeliverBy; extension disabled if less than 0 // ---------------------------------------------------------------------------- // .cf: #O DeliverByMin=0 // ---------------------------------------------------------------------------- // .cf: # should we not prune routes in route-addr syntax addresses? // .cf: #O DontPruneRoutes=False // ---------------------------------------------------------------------------- // .cf: # load average at which we just queue messages // .cf: #O QueueLA=8 // contrib/sendmail/cf/README: // confQUEUE_LA QueueLA [varies] Load average at which // queue-only function kicks in. // Default values is (8 * numproc) // where numproc is the number of // processors online (if that can be // determined). // uptime shows load averages // ---------------------------------------------------------------------------- // .cf: # load average at which we refuse connections // .cf: #O RefuseLA=12 // contrib/sendmail/cf/README: // confREFUSE_LA RefuseLA [varies] Load average at which // incoming SMTP connections are // refused. Default values is (12 * // numproc) where numproc is the // number of processors online (if // that can be determined). #if /* { */ ( defined BERKLIX_SERVER_REMOTE ) // Added 2009.08.02 for safety, as some years back mailman killed host=thin, // looping so many extra processes I couldnt ssh in to kill it, & had to // remote Reset. // No idea what LA I should really assert,o vear on the low side. define(`confREFUSE_LA__CLOSE__,`6__CLOSE__) // define(`confREFUSE_LA',`6') #endif /*}*/ // ---------------------------------------------------------------------------- // .cf: # log interval when refusing connections for this long // .cf: #O RejectLogInterval=3h // ---------------------------------------------------------------------------- // .cf: # load average at which we delay connections; 0 means no limit // .cf: #O DelayLA=0 // contrib/sendmail/cf/README: // confDELAY_LA DelayLA [0] Load average at which sendmail // will sleep for one second on most // SMTP commands and before accepting // connections. 0 means no limit. #if /* { */ ( defined BERKLIX_SERVER_REMOTE ) // Added 2009.08.02 for safety, as some years back mailman killed host=thin, // looping so many extra processes I couldnt ssh in to kill it, & had to // remote Reset. // No idea what LA I should really assert,o vear on the low side. define(`confDELAY_LA__CLOSE__,`4__CLOSE__) // define(`confDELAY_LA',`4') #endif /*}*/ // ---------------------------------------------------------------------------- // .cf: # maximum number of children we allow at one time // .cf: #O MaxDaemonChildren=0 // contrib/sendmail/cf/README: // confMAX_DAEMON_CHILDREN MaxDaemonChildren // [undefined] The maximum number of // children the daemon will permit. After // this number, connections will be // rejected. If not set or <= 0, there is // no limit. // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). // define(`confMAX_DAEMON_CHILDREN',`8') // ---------------------------------------------------------------------------- // .cf: # maximum number of new connections per second // .cf: #O ConnectionRateThrottle=0 // contrib/sendmail/cf/README: // confCONNECTION_RATE_THROTTLE ConnectionRateThrottle // [undefined] The maximum number of // connections permitted per second per // daemon. After this many connections // are accepted, further connections // will be delayed. If not set or <= 0, // there is no limit. // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). // No idea really, but anything better than no limit. // define(`confCONNECTION_RATE_THROTTLE',`10') // ---------------------------------------------------------------------------- // .cf: # Width of the window // .cf: #O ConnectionRateWindowSize=60s // contrib/sendmail/cf/README: // confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize // [60s] Define the length of the // interval for which the number of // incoming connections is maintained. // ---------------------------------------------------------------------------- // .cf: # work recipient factor #O RecipientFactor=30000 // ---------------------------------------------------------------------------- // .cf: # maximum number of recipients per SMTP envelope // .cf: O MaxRecipientsPerMessage=400 // gea-announce 314 // ---------------------------------------------------------------------------- // .cf: # limit the rate recipients per SMTP envelope are accepted // .cf: # once the threshold number of recipients have been rejected // .cf: #O BadRcptThrottle=0 // contrib/sendmail/cf/README: // confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified // number of recipients in a single SMTP // transaction have been rejected, sleep // for one second after each subsequent // RCPT command in that transaction. // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). // Anything better than no limit. // define(`confBAD_RCPT_THROTTLE',`4') // ---------------------------------------------------------------------------- #ifdef GATE_HOST /*{*/ define(`confDIAL_DELAY__CLOSE__,`8s__CLOSE__) // define(`confDIAL_DELAY',`8s') // JJLATER document what this is & why I set it. #endif /* GATE_HOST }*/ // ---------------------------------------------------------------------------- #ifdef /*{*/ NO_FLAT_RATE define(`confMCI_CACHE_SIZE__CLOSE__,`6__CLOSE__) // define(`confMCI_CACHE_SIZE',`6') /* Flush queue in minimum time, even if it degrades interactive performance */ #endif /* NO_FLAT_RATE } */ // ---------------------------------------------------------------------------- #if 0 /* pre 2009 06 10 was ifdef GATE_HOST {*/ /* /usr/src/contrib/sendmail/cf/README: * Normally, the $j macro is automatically defined to be your fully * qualified domain name (FQDN). Sendmail does this by getting your * host name using gethostname and then calling gethostbyname on the * result. For example, in some environments gethostname returns * only the root of the host name (such as "foo"); gethostbyname is * supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) * cases, gethostbyname may fail to return the FQDN. In this case * you MUST define confDOMAIN_NAME to be your fully qualified domain * name. This is usually done using: * Dmbar.com * define(`confDOMAIN_NAME', `$w.$m')dnl * cd /usr/src-7.1/contrib/sendmail ; find . | xargs grep Dw * Nothing relevant. * cd /usr/src/contrib/sendmail ; find . | xargs grep confDOMAIN_NAME * RELEASE_NOTES cf/README cf/m4/proto.m4 */ Dw`__CLOSE__MASQ_JHS_HOST // Dw`'MASQ_JHS_HOST Dm`__CLOSE__MASQ_JHS_DOMAIN // Dm`'MASQ_JHS_DOMAIN define(`confDOMAIN_NAME__CLOSE__, $w.$m) // brackets.c:` /* How do these relate to ^DM from MASQUERADE_AS ? * hostname returns park.js.berklix.net Or mart.js.berklix.net */ #endif /* 0 previously GATE_HOST } */ // ---------------------------------------------------------------------------- #if /*{*/ (!defined freebsd_cmp \ && !defined BERKLIX_SERVER_REMOTE \ /* Remote hosts accept no names that aren't known locally. If I were to do otherwise, I'd be open to spam swamping */ \ && !defined END_HOST \ /* Avoid RECEIVER_JHS_FULL sending to itself */ \ && !defined MOBILE_HOST \ ) /* Apparently local names that aren't local accounts or aliases. */ define(`LUSER_RELAY__CLOSE__,`RECEIVER_JHS_FULL.__CLOSE__) // define(`LUSER_RELAY',`RECEIVER_JHS_FULL.') /* Defining LUSER_RELAY Causes .cf file to acquire this text: * # place to which unknown users should be forwarded * DLmail.js.berklix.net. */ #endif /* !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE && !defined END_HOST }*/ // ---------------------------------------------------------------------------- /* define(`LOCAL_RELAY', `mailer:hostname') * Defining LOCAL_RELAY Causes .cf file to acquire this text: * who I send unqualified names to if FEATURE(stickyhost) is used * DRLoCaL_ReLaY.mail.js.berklix.net * unqualified names (no @domain) */ #if /*{*/ ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE && !defined END_HOST && !defined MOBILE_HOST ) // define(`LOCAL_RELAY',`RECEIVER_JHS_FULL') /* avoids needing .forward */ define(`LOCAL_RELAY__CLOSE__,`RECEIVER_JHS_FULL__CLOSE__) /* avoids needing .forward */ #endif /* !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE && !defined END_HOST }*/ // ---------------------------------------------------------------------------- /* http://www.sendmail.org/m4/masquerading.html * If you define both LOCAL_RELAY and MAIL_HUB and you have * FEATURE(`stickyhost'), unqualified names will be sent to * brackets.c:`' * the LOCAL_RELAY and other local names will be sent to MAIL_HUB. */ // ---------------------------------------------------------------------------- #ifdef /*{*/ NO_FLAT_RATE define(`confTO_HOSTSTATUS__CLOSE__,`6h__CLOSE__) // define(`confTO_HOSTSTATUS',`6h') /* * else [30m] */ #endif /* NO_FLAT_RATE } */ // ---------------------------------------------------------------------------- #if (( defined END_HOST) || (defined MOBILE_HOST)) /*{*/ // 2009.07.05 /* When gate connects in morning, over 10 procmails used to run on * end host, probably a mix of grep spam & ctm applications * That damaged X-11 preformance, so throttle it. */ #ifndef MOBILE_HOST /*{{ Normal holz gate */ define(`confMAXDAEMONCHILDREN__CLOSE__,`6__CLOSE__) #else /*}{ More protection of interactive X-Windows performance for laptop. */ define(`confMAXDAEMONCHILDREN__CLOSE__,`3__CLOSE__) #endif /*}}*/ /* /usr/src/contrib/sendmail/cf/README * [undefined] The maximum number of * children the daemon will permit. After * this number, connections will be rejected. * If not set or <= 0, there is no limit. * man sendmail : * Options may be set either on the command line using the * -o flag (for short names), the -O flag (for long names), * or in the configuration file. This is a partial list * limited to those options that are likely to be useful on * the command line and only shows the long names * ... * MaxDaemonChildren=N * Sets the maximum number of children that an incoming * SMTP daemon will allow to spawn at any time to N. */ // This makes a difference in the .mc file, but no difference // gets through to the .cf files #endif /* NO_FLAT_RATE } */ // ---------------------------------------------------------------------------- #ifdef /*{*/ BERKLIX_SERVER_REMOTE define(`confMAX_RCPTS_PER_MESSAGE__CLOSE__,`400__CLOSE__) // define(`confMAX_RCPTS_PER_MESSAGE',`400') /* Questions: * - Is this maximum: total sendmail sees others sending ? * - Is this maximum: total sendmail would accept from majordomo ? * - What if I send some alert to several big 200+ lists ? * - If I cross post an announcement ? * - Does sendmail expect majordomo to split beyond that ? * - Is majordomo capable of automatically splitting & resending ? * - Recipient size is I believe seen by remote end, * & used as a criteria for some MTAs to drop spam. * CF default: * # maximum number of recipients per SMTP envelope * #O MaxRecipientsPerMessage=100 * -------------------------------------------------------------------- * MAX_RCPTS_PER_MESSAGE: * 7.1-src/ * contrib/sendmail/RELEASE_NOTES * contrib/sendmail/cf/README * contrib/sendmail/cf/m4/proto.m4 * # maximum number of recipients per SMTP envelope * _OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `0') * contrib/sendmail/cf/cf/submit.cf * * contrib/sendmail/doc/op/op.me * .ip MaxRecipientsPerMessage=\fIN\fP * [no short name] * The maximum number of recipients that will be accepted per message * in an SMTP transaction. * Note: setting this too low can interfere with sending mail from * MUAs that use SMTP for initial submission. * http://en.wikipedia.org/wiki/Comparison_of_email_clients * If not set, there is no limit on the number of recipients per envelope. * -------------------------------------------------------------------- * * contrib/sendmail/src/readcf.c * #define O_MAXRCPT 0xa2 * { "MaxRecipientsPerMessage", O_MAXRCPT, OI_SAFE }, * -------------------------------------------------------------------- */ #endif /*}*/ // ---------------------------------------------------------------------------- #ifdef /*{*/ BERKLIX_SERVER_REMOTE #if ( ! 0 && \ ! defined land_berklix_org && \ ! defined slim_berklix_org ) /* { Assume a weak host. Avoid thrashing & dieing after coming * back on line into the backlog of a spam flood. */ define(`confQUEUE_LA__CLOSE__,`4__CLOSE__) /* * CF default is a hashed out 8 */ define(`confREFUSE_LA__CLOSE__,`6__CLOSE__) /* * CF default is a hashed out 12 */ define(`confDELAY_LA__CLOSE__,`2__CLOSE__) /* * CF default is a hashed out 0 */ define(`confMAX_DAEMON_CHILDREN__CLOSE__,`3__CLOSE__) /* * CF default is a hashed out 0 */ define(`confCONNECTION_RATE_THROTTLE__CLOSE__,`2__CLOSE__) /* * CF default is a hashed out 0 */ define(`confMAX_QUEUE_RUN_SIZE__CLOSE__,`600__CLOSE__) /* * CF default is hashed out #O MaxQueueRunSize=10000 */ define(`confMAX_QUEUE_CHILDREN__CLOSE__,`3__CLOSE__) /* * CF default is a hashed out 0 */ define(`confMAX_RUNNERS_PER_QUEUE__CLOSE__,`1__CLOSE__) /* * CF default is a hashed out 1 */ define(`confBAD_RCPT_THROTTLE__CLOSE__,`10__CLOSE__) /* * CF default is a hashed out 20 */ #endif /* Weak host } */ #endif /*}*/ // ---------------------------------------------------------------------------- #if (defined BERKLIX_SERVER_REMOTE || defined GATE_HOST ) /* { */ // Added 2017-07-22 after an apple user on pc532@ list unexpectedly // sent me a private mail with single zip enclosure with 150 Meg. // # maximum message size (in bytes) // O MaxMessageSize=50000000 // cd /usr/src/contrib/sendmail; find . -type f | sort | xargs grep -i -l MaxMessageSize // ./RELEASE_NOTES // ./cf/README // ./cf/cf/submit.cf #O MaxMessageSize=0 // ./cf/m4/proto.m4 _OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `0') // brackets.c: `'`' // ./doc/op/op.me advertised in the ESMTP dialogue // and checked during message collection // ./src/collect.c // ./src/readcf.c // ./src/sendmail.h // ./src/srvrsmtp.c define(`confMAX_MESSAGE_SIZE__CLOSE__, `50000000__CLOSE__) #endif /*}*/ // ---------------------------------------------------------------------------- #ifdef /*{*/ BERKLIX_SERVER_REMOTE /* Not Yet Used. * From 6.1/usr/local/share/doc/cyrus-sasl/Sendmail.README: * dnl The group needs to be mail in order to read the sasldb file * define(`confRUN_AS_USER',`root:mail')dnl */ #endif /*}*/ // ---------------------------------------------------------------------------- /* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html : * dnl set SASL options * TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl * define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl */ // ---------------------------------------------------------------------------- #if /*{*/ ( defined BERKLIX_SERVER_REMOTE ) // Not for GATE_HOST // GATE_HOST counterpart is AuthInfo in /etc/mail/access, // built from /site/domain/js.berklix.net/etc/mail/access.domain /* src/contrib/sendmail/cf/README: * relaying is allowed for any user who authenticated * via a "trusted" mechanism, i.e., one that is defined via * TRUST_AUTH_MECH(`list of mechanisms') * For example: * TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5') * brackets.c:`' */ // TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN') // brackets.c:` // Land 10.3-STABLE fails with default: EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 // So slim which is still working is probably using PLAIN or LOGIN TRUST_AUTH_MECH(`GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 PLAIN LOGIN__CLOSE__) // brackets.c:` /* Causes in .cf file a single line: * C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN * GATE_HOST Proven to not need this. * BERKLIX_SERVER_REMOTE proven to need this, * else it tosses mail back * Protocols accepted on remote smart host at run time, * (although from maillog, one can see sendmail has been * compiled with support for a longer list, eg on 9.1: * AUTH: available mech=SCRAM-SHA-1 GSSAPI DIGEST-MD5 OTP \ * CRAM-MD5 NTLM PLAIN LOGIN ANONYMOUS, \ * allowed mech=GSSAPI DIGEST-MD5 PLAIN LOGIN * Timp@ GSSAPI DIGEST-MD5 PLAIN LOGIN ) */ /* GENERIC 4.11-RELEASE 6.4-RELEASE 9.2-RELEASE 9.3-RELEASE 10.3-RELEASE current-2016-08-18 * src/contrib/sendmail/cf/m4/proto.m4: * _OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5') * src/contrib/sendmail/cf/cf/submit.cf: * #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 */ /* 10.1-RELEASE with * define(`confAUTH_MECHANISMS',`GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN') * complains: * park.js.berklix.net.cpp:1754:28: warning: empty character constant [-Winvalid-pp-token] * define(`confAUTH_MECHANISMS',`GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN') */ define(`confAUTH_MECHANISMS__CLOSE__,`GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN__CLOSE__) define(`BRACKETS_C__CLOSE__,`BRACKETS_C__CLOSE__) /* Defining causes a change in .cf file from commented out: * #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 * to active single configuration line: * O AuthMechanisms=GSSAPI DIGEST-MD5 PLAIN LOGIN * Now its removed on gate, on gate I see: * AUTH: available mech=LOGIN PLAIN ANONYMOUS, * allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 * http://www.sendmail.org/~ca/email/auth.html#AuthMechanisms: * list of mechanisms which are offered at most for * authentication. This list is intersected with the * list of available (i.e., installed) mechanisms, and * the result of the intersection is listed in the * AUTH keyword value for the EHLO response. * default: GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 * 6.1 Default: GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 * 6.1 cf/README: The advertised list of authentication * mechanisms will be the intersection of this * list and the list of available mechanisms as * determined by the Cyrus SASL library. * Pre 2004.01.05: DIGEST-MD5 CRAM-MD5 LOGIN PLAIN * timp@ GSSAPI DIGEST-MD5 PLAIN LOGIN */ #endif /* defined BERKLIX_SERVER_REMOTE } */ // ---------------------------------------------------------------------------- #if /*{*/ ( defined BERKLIX_SERVER_REMOTE || defined GATE_HOST || defined MOBILE_HOST ) /* /usr/ports/security/cyrus-sasl/pkg-descr: * Mechanisms included: ANONYMOUS, CRAM-MD5, DIGEST-MD5, GSSAPI * (MIT Kerberos 5 or Heimdal Kerberos 5), KERBEROS_V4 and PLAIN. * /usr/ports/security/cyrus-sasl/files/Sendmail.README: * Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4. * These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space * seperated list. You may want to restrict LOGIN, and PLAIN authentication * methods for use with STARTTLS, as the password is not encrypted when * passed to sendmail. * LOGIN is required for Outlook Express users. "My server requires * authentication" needs to be checked in the accounts properties to * use SASL Authentication. * PLAIN is required for Netscape Communicator users. By default Netscape * Communicator will use SASL Authentication when sendmail is compiled with * SASL and will cause your users to enter their passwords each time they * retreive their mail (NS 4.7). * The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you * are using cyrus-imapd and sendmail on the same server that requires access * to the sasldb database. * http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html * reccomends * define(`confDEF_AUTH_INFO', `/etc/mail/auth-info') * which in .cf file would be: * O DefaultAuthInfo=/etc/mail/default-auth-info * but 4.9/usr/share/sendmail/cf/README: * password (plain text), ... this option is deprecated * DIGEST-MD5 Succesor to CRAM-MD5 * GSSAPI Works with Kerberos 5 * LOGIN For Outlook Express users. It provides no security * PLAIN and CRAM-MD5 Do not support the concept of realms * PLAIN For Netscape Communicator * PLAIN Can either check /etc/passwd, Kerberos V4, use PAM, * or the sasl secrets database. By default PAM is * used if PAM is found, then Kerberos, finally * /etc/passwd (non-shadow). * No Security: Beware Packet Sniffers ! * See also http://www.berklix.com/~jhs/txt/sasl.html#verify * See also http://www.berklix.com/~jhs/txt/sasl.html#debug */ #endif /* defined BERKLIX_SERVER_REMOTE || defined GATE_HOST } */ // ---------------------------------------------------------------------------- MAILER(local) // ---------------------------------------------------------------------------- MAILER(smtp) // ---------------------------------------------------------------------------- #if ( 0 /* off 2003.12.01 */ \ && ! (defined freebsd_cmp ) && ! ( defined BERKLIX_SERVER_REMOTE ) ) /*{*/ /* http://www.sendmail.org/m4/masquerading.html * There are some user names that you don't want relayed, * perhaps because of local aliases. A common example is root, * which may be locally aliased. You can add entries to this * list using LOCAL_USER(`usernames') * bracktes.c:`' */ LOCAL_USER(root) #endif /* 0 } */ // ---------------------------------------------------------------------------- #if ( defined BERKLIX_SERVER_REMOTE ) /*{*/ /* timp@ uses MAILER(cyrus) for providing IMAP services */ /* timp@ uses DAEMON_OPTIONS(`Name=MTA') */ /* timp@ uses DAEMON_OPTIONS(`Port=2525, Name=MSA, M=E') */ /* timp@ uses define(`confLOCAL_MAILER',`cyrus') * - but isnt this define too late in file ? */ #endif /* defined BERKLIX_SERVER_REMOTE } */ // ---------------------------------------------------------------------------- /* SPF * http://homepages.tesco.net/~J.deBoynePollard/FGA/smtp-spf-is-harmful.html * You've come to this page because you've said something similar to the * following: * SPF ("sender pemitted from" a.k.a. "sender policy framework") is a * scheme designed to prevent forgery of SMTP-based Internet mail and * thus prevent unsolicited bulk mail. AOL has already adopted it. * This is the Frequently Given Answer to such statements. * Later look at Domain Keys Identified Mail (DKIM) rec. by * http://www.sendmail.org/dkim * http://www.postfix.org/MILTER_README.html */ // ---------------------------------------------------------------------------- /* Notes from Majordomo that I never tried up to when I swapped out Majordomo, * in favour of Mailman, but they will still be valid for Mailman: * - add 'aliases.majordomo' to your sendmail configuration. This can * be done by adding a line similar to the following to * /etc/sendmail.cf * OA/usr/local/majordomo/aliases.majordomo * (for 8.6.x Sendmail) * O AliasFile=/etc/aliases,/usr/local/majordomo/aliases.majordomo * (for 8.7.x and up) * or a line similar to the following to your m4 macros file * define(`ALIAS_FILE',`/etc/aliases,/usr/local/majordomo/aliases.majordomo') * - consider using ports/mail/tlb to process your deliveries if you * want to hide your outgoing aliases. This way you can prevent people * from evading restrictions for posting to your lists. */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ __HASH__ End of common.cpp #endif /* !freebsd_cmp } */ // ----------------------------------------------------------------------------