/* {[( */
/* ~jhs/public_html/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail/common.cpp
* Sendmail config for jhs hosts. Copyright Julian H. Stacey
*
*
* CAUTION MAKING:
* cd /etc/mail ; make
* might have 2 unfortunate results, either:
* Installing generic instead of custom:
* cp freebsd.mc `hostname`.mc
* /usr/bin/m4 -D_CF_DIR_=/usr/share/sendmail/cf/ \
* /usr/share/sendmail/cf/m4/cf.m4 `hostname`.mc > `hostname`.cf
* Or if you have previously done
* ln -s ../../usr/src/etc/sendmail/`hostname`.mc
* then your .mc sym linked in /usr/src will get forced back to generic by
* cp freebsd.mc `hostname`.mc
* The safe way is:
* cd /usr/src/etc/sendmail
* make clean ; make cleandir ; make clean ; make obj ; make
* cd /usr/obj/`cd /usr/src/etc/sendmail;/bin/pwd`
* cp `hostname`.mc `hostname`.cf /etc/mail/
* cd /etc/mail
* ln -s `hostname`.mc sendmail.mc
* ln -s `hostname`.cf sendmail.cf
* make ; make stop ; make start
*
* OTHER SASL AUTH CONFIG FILES RELATED:
* /etc/make.conf includes /site/domain/this/etc/make.conf
* /etc/make.conf includes /site/etc/make.conf.sasl
* /site/domain/this/etc/make.conf includes make.conf.common
* /site/domain/this/etc/make.conf.common includes /site/etc/make.conf.sasl
*
* /site/domain/berklix/etc/mail/access.domain
* /site/domain/js.berklix.net/etc/mail/access.domain
* source of passwords
* /site/domain/js.berklix.net/etc/mail/access
* text copy of passwords
* /etc/mail/access -> ../../site/etc/mail/access
* /etc/mail/access.db
* binary of passwords.
*
* /site/usr/lib/sasl/Sendmail.conf
* specifies: pwcheck_method: sasldb
* /site/domain/berklix/usr/lib/sasl/saslpasswd.conf
* /site/usr/lib/sasl/saslpasswd.conf
* specifies: pwcheck_method: pwcheck
* /usr/local/etc/sasldb.db /usr/local/etc/sasldb2.db
*
* ~/public_html/src/bsd/fixes/FreeBSD/src/jhs/contrib/sendmail/\
* cf/cf/submit.mc.cyrus-sasl.REL=ALL.diff
# disables SMTP AUTH on the loopback interface
* ~/mail/auth/\*
*
* MAN: saslpasswd saslpasswd2 sasldblistusers sasldblistusers2
*
* DOC FILES:
* /usr/local/share/doc/cyrus-sasl2/html/
* /usr/local/share/doc/cyrus-sasl2/testing.txt
* /usr/ports/security/cyrus-sasl2/files/Sendmail.README
* /usr/share/sendmail/cf/README <
* /usr/src/contrib/sendmail/cf/README
* /usr/src/contrib/sendmail/RELEASE_NOTES
*
* PORTS:
* /usr/ports/security/cyrus-sasl (Manually select: "Use pwcheck")
* /usr/ports/security/cyrus-sasl2 Installed then I used SASL1
* /usr/ports/mail/sendmail-sasl Not used
* /usr/ports/security/cyrus-sasl2-saslauthd Not used
* /usr/ports/security/gsasl Not used
*
* DOC WEB: (C = Client Side SASL, S = Server Side
* - http://cork.linux.ie/projects/install-sendmail/
* CS http://docs.snake.de/smtp-auth.html
* C http://home.leo.org/~barner/freebsd/articles/mailsetup/article.html
* http://imgate.meiway.com for WinNT
* http://matt.simerson.net/computing/qmail.toaster.shtml - Alt to SM
* http://njabl.org - Black Hole List
* http://spamassassin.org/tag/
* S http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html
* http://www.sendmail.org/antispam.html
* http://www.sendmail.org/~ca/email/auth.html < timp@
* http://www.sendmail.org/~ca/email/cyrus/sysadmin.html
* http://www.sendmail.org/~ca/email/sm-812.html#812AUTH < timp@
*
* EMAIL ADDRESSES
* timp@ Tim Pushor
* offered me a SASL relay or debug I recall.
* postmaster@ freebsd 2004.08 is
* David Wolfskill
*
* ACRONYMS:
* MTA = Mail Transfer Agent. flat considers mart sendmail an MTA
* MSA = Mail [Submission Agent maybe?] Agent EG maybe ref submit.cf ?
* MSP = Mail [Submission Program maybe?] Agent EG maybe ref submit.cf ?
* MUA = Mail User Agent, EG Exmh, Pine, Elm
* SASL:
* authid= Authentication Identifier: Real person's login name.
* userid= user id= Authorization ID:
* Your account, or maybe that of an absent colleague's.
*
* TO DO:
* There is a misleading but not actually problematic naming conflict
* between MAIL_HUB which is an internal recipient
* & host=hub which is my name for gateway outgoing.
* Ensure names such as phillip@fire do not leak.
* Strip file of comment regularly updated in docs.
* cd /usr/src/contrib/sendmail/doc/op ; \
* pic -C op.me|eqn -C -Tascii|groff -Tascii -mps -me>~/tmp/sm.asc
* Debugging: Relaying denied string changed on mini in:
* contrib/sendmail/cf/cf/submit.cf
* contrib/sendmail/cf/m4/proto.m4
* See if I need to tweak submit.mc
* Anti Spam Programs: SpamAssassin ( used by freebsd.org), Razor,
* MailScanner, Bogofilter.
* ports/mail/p5-Mail-SpamAssassin
* ordb osirusoft spamcop wirehub
* Do a DOMAIN(js.berklix.net), probably also using nullclient.
* ports/mail/tlb to process deliveries to hide outgoing aliases,
* to prevent people from evading restrictions for posting to lists.
*
* UNUSED:
* STARTTLS, IMAP command starts encryption
* MASQUERADE_DOMAIN_FILE
* MASQUERADE_EXCEPTION_FILE
* MASQUERADE_EXCEPTION
* VIRTUSER_DOMAIN
* VIRTUSER_DOMAIN_FILE
* confERROR_MESSAGE
* confSAVE_FROM_LINES
* confSERVICE_SWITCH_FILE
* confUSERDB_SPEC
* BITNET_RELAY
* DECNET_RELAY
* FAX_RELAY
* FEATURE(`compat_check')
* FEATURE(`delay_checks') would allow spammers using Sender: my_domain
* FEATURE(`enhdnsbl')
* FEATURE(`generics_entire_domain'')
* FEATURE(`genericstable'')
* FEATURE(`lookupdotdomain')
* FEATURE(`msp', `[127.0.0.1]') in submit.mc
* FEATURE(`no_default_msa'') stop sendmail port 587 initial submission.
* FEATURE(`no_default_msa')
* FEATURE(`preserve_local_plus_detail')
* FEATURE(`preserve_luser_host')
* FEATURE(`queuegroup')
* FEATURE(`relay_hosts_only')
* FEATURE(`relay_mail_from'',`domain'') Too dangerous
* FEATURE(accept_unqualified_senders) fred without @domain
* FEATURE(limited_masquerade )
* FEATURE(local_procmail)
* FEATURE(loose_relay_check) user%site.com@othersite.com
* FEATURE(relay_local_from) not unless absolutely necessary
* FEATURE(virtuser_entire_domain)
* FEATURE(masquerade_entire_domain)
* define(`confDELIVERY_MODE',`deferred') not send out til requested.
* RELAY_DOMAIN_FILE(`/etc/mail/relay'')
* UUCP_RELAY
* confINPUT_MAIL_FILTERS for spam later maybe ?
* confRELAY_MSG
* files: etc/auth.conf
* files: login.conf & auth_hostok
* LDAP
*
* TEST ADDRESSES to input to "sendmail -bt"
* with command EG "/parse a@b"
* (as this .cpp file is on the web, & harvested by
* spammers, no complete addresses)
* no_domain (no@)
* tower.berklix.org
* mini.berklix.org
* flat.berklix.org
* dsl
* freebsd.org
* ftp.leo.org
* lapt
* localhost
* mail
* mail.js.berklix.net
* muc. .de
* not_in_etc_hosts.bsn.com
* null.bsn.com
* park
* wind
* world
*
* DELIMITERS:
* - Be Very Careful, changing anything:
* you can very easily damage the output file from m4 without getting an
* error message !
* - The text first goes through ccp, then m4, then is read by sendmail.
* - m4: dnl is the m4 command for delete-to-newline.
* - .cf: Hash # at beginning of line is a delimeter for sendmail.cf
* read by /usr/sbin/sendmail, but is not a delimeter for m4.
* - m4: treat as special, all of these:
* lots of character such as {}
* and `quotes-round-this-string'
* and defined strings such as FEATURE
* To avoid m4 macro expansion of strings such as OSTYPE being expanded
* before pass through to a .cf file as comment, use the string 0`'STYPE
* - cpp: To avoid "unterminated character constant" in single
* uses of the ' char, I use double occurences, & let cpp
* reduce them to single quotes in the .mc file.
* So I use 0`''STYPE.
* To avoid "unknown configuration line" I avoid lines with
* just a tab,
* (which occur if you have a slash star comment not starting in
* column 1, (though comments not starting in column 1 are OK in
# ifdef lines, as the cpp does not pass those lines through. ))
* - cpp: The Makefile deletes the space in "^ #" to "^#"
* - cpp: The Makefile deletes blank lines
* - cpp: To avoid cpp acting on # comment lines destined for .cf file,
* they are preceeded by this string (without spaces) "/ * * /"
* - Makefile last strips all strings __SPACE__
* which are used to fool cpp.
* - cpp: When making EG file wind.mc Makefile defines
* string wind_js_berklix_net (using _ as dots are not allowed
* by cpp).
* 5.1 cpp reduces tabs to spaces.
* Info from guug conf. spring 98:
* ETRN = force queue run
* Exim takes over from Smail.
* SMTP/ESMTP:
* If old machines far end, use smtp, if new use esmtp.
* HELO is the normal start, ESMTP servers often start EHLO,
* but some lock up if EHLO is received & they dont support extended,
* so some extended servers initiate instead with ESMTP.
*/
#ifndef freebsd_cmp /*{*/
__HASH__ Source: ~jhs/public_html/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail/common.cpp
#else /*}{ For comparison with freebsd.mc. */
divert(-1)
__HASH__
__HASH__ Copyright (c) 1983 Eric P. Allman
__HASH__ Copyright (c) 1988, 1993
__HASH____TAB__The Regents of the University of California. __SPACE__All rights reserved.
__HASH__
__HASH__ Redistribution and use in source and binary forms, with or without
__HASH__ modification, are permitted provided that the following conditions
__HASH__ are met:
__HASH__ 1. Redistributions of source code must retain the above copyright
__HASH__ __SPACE____SPACE__ notice, this list of conditions and the following disclaimer.
__HASH__ 2. Redistributions in binary form must reproduce the above copyright
__HASH__ __SPACE____SPACE__ notice, this list of conditions and the following disclaimer in the
__HASH__ __SPACE____SPACE__ documentation and/or other materials provided with the distribution.
__HASH__ 3. All advertising materials mentioning features or use of this software
__HASH__ __SPACE____SPACE__ must display the following acknowledgement:
__HASH____TAB__This product includes software developed by the University of
__HASH____TAB__California, Berkeley and its contributors.
__HASH__ 4. Neither the name of the University nor the names of its contributors
__HASH__ __SPACE____SPACE__ may be used to endorse or promote products derived from this software
__HASH__ __SPACE____SPACE__ without specific prior written permission.
__HASH__
__HASH__ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'''' AND
__HASH__ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
__HASH__ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
__HASH__ ARE DISCLAIMED. __SPACE__IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
__HASH__ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
__HASH__ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
__HASH__ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
__HASH__ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
__HASH__ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
__HASH__ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
__HASH__ SUCH DAMAGE.
__HASH__
__BREAK__
__HASH__
#if /*{*/ ( __FreeBSD_cc_version > 500000 /* not quite the right number */ )
__HASH__ __SPACE__This is a generic configuration file for FreeBSD 5.X and later systems.
#else /*}{*/
__HASH__ __SPACE__This is a generic configuration file for FreeBSD 4.X and later systems.
#endif /*}*/
__HASH__ __SPACE__If you want to customize it, copy it to a name appropriate for your
__HASH__ __SPACE__environment and do the modifications there.
__HASH__
__HASH__ __SPACE__The best documentation for this .mc file is:
__HASH__ __SPACE__/usr/share/sendmail/cf/README or
__HASH__ __SPACE__/usr/src/contrib/sendmail/cf/README
__HASH__
__BREAK__
#endif /*}*/
#ifdef freebsd_cmp /*{*/
divert(0)
/* cpp -dM < /dev/null | grep __FreeBSD_cc_version */
#if /*{*/ ( __FreeBSD_cc_version == 460001 ) /* FreeBSD-4.7 & 4.8 & 4.9 & 4.10 */
/* VERSIONID for FreeBSD-4.10 */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.19 2003/12/31 17:42:16 gshapiro Exp $'')
/* VERSIONID for FreeBSD-4.9
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.18 2003/04/24 16:57:30 gshapiro Exp $')
*/
#elif /*}{*/ ( __FreeBSD_cc_version == 500005 ) /* FreeBSD-5.1 */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.28 2003/04/18 01:25:41 gshapiro Exp $'')
#elif /*}{*/ ( __FreeBSD_cc_version == 510002 ) /* FreeBSD-5.2 */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.28 2003/04/18 01:25:41 gshapiro Exp $'')
#elif /*}{*/ ( __FreeBSD_cc_version == 520001 ) /* FreeBSD-5.2-current */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $'')
#elif /*}{*/ ( __FreeBSD_cc_version == 530001 ) /* FreeBSD-5.[3-5] */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $'')
#elif /*}{*/ ( __FreeBSD_cc_version == 600001 ) /* uname -r 6.[01]-RELEASE */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.6.1 2006/04/13 04:00:23 gshapiro Exp $'')
#elif /*}{*/ ( __FreeBSD_cc_version == 602001 ) /* uname -r 6.2-RELEASE */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.2.2 2006/08/23 03:31:00 gshapiro Exp $'')
#elif /*}{*/ ( __FreeBSD_cc_version == 700003 ) /* uname -r 7.0-PRERELEASE & 7.1-BETA2 */
/* VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.2 2008/02/24 01:02:18 gshapiro Exp $'') 7.0-PRERELEASE */
/* VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.3 2008/08/31 18:26:27 gshapiro Exp $'') 7.1-BETA2 */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.3.2.1 2008/11/25 02:59:29 kensmith Exp $'') /* 7.1-RELEASE */
#else /*}{*/
VERSIONID(`$FreeBSD: Unknown __FreeBSD_cc_version version'')
#endif /*}*/
#else /*}{*/
/* * the HOSTNAME that Make passes in has no spaces, but cpp screws up
* and adds a space before & after.
*/
VERSIONID(`$FreeBSD: src/etc/sendmail/common.cpp Copyright jhs@ for HOSTNAME'')
#endif /*}*/
#if defined park_js_berklix_net /*{*/
__HASH__ Debug: park_ js_ berklix_ net is defined as park_js_berklix_net
#elif defined mart_js_berklix_net /*}{*/
__HASH__ Debug: mart_ js_ berklix_ net is defined as mart_js_berklix_net
#endif /*}*/
/* /usr/src/contrib/sendmail/cf/ostype/freebsd4.m4 */
#if /*{*/ (__FreeBSD_cc_version < 500000) /* not quite right number */
OSTYPE(freebsd4)
#elif /*}{*/ (__FreeBSD_cc_version >= 600001) /* uname -r 6.0-RELEASE */
OSTYPE(freebsd6)
#else /*}{*/
OSTYPE(freebsd5)
#endif /*}*/
#if /*{*/ ( defined park_js_berklix_net || defined mart_js_berklix_net )
#define GATE_HOST 1
#elif /*}{*/ ( \
defined fire_js_berklix_net \
|| defined flip_js_berklix_net \
|| defined lapa_js_berklix_net \
|| defined lapc_js_berklix_net \
/* || defined lapd_js_berklix_net */ \
|| defined lapl_js_berklix_net \
|| defined lapn_js_berklix_net \
/* || defined laps_js_berklix_net */ \
)
#define END_HOST 1
#elif /*}{*/ ( defined flat_berklix_org || defined tower_berklix_org || \
defined thin_berklix_org || defined slim_berklix_org )
#define REMOTE_HOST 1
#else /*}{*/
/* Internal subsidiary host at Holz. */
#endif /*}*/
/* Log level. 15 is a good start value for debugging, but log may flood */
#if /*{*/ ( defined flat_berklix_org ) /* /var: 2G */
define(`confLOG_LEVEL'', `15'')
#elif /* {} */ ( defined tower_berklix_org ) /* /var: 1.2G */
define(`confLOG_LEVEL'', `15'')
#elif /* {} */ ( defined slim_berklix_org ) /* /var: 1Gig */
/* define(`confLOG_LEVEL'', `15'') */
#elif /* {} */ ( defined thin_berklix_org ) /* /var: 1Gig */
/* define(`confLOG_LEVEL'', `15'') */
#elif /* {} */ ( defined fire_js_berklix_net ) /* /var: 250M */
define(`confLOG_LEVEL'', `15'')
#elif /* {} */ ( defined mart_js_berklix_net ) /* /var: ?? */
define(`confLOG_LEVEL'', `15'')
#elif /* {} */ ( defined park_js_berklix_net ) /* /var: 1.1G */
define(`confLOG_LEVEL'', `15'')
#endif /*}*/
#ifndef freebsd_cmp /*{*/
/* Give rejected domains a clue who to phone, in case its not a spammer.
* contrib/sendmail/cf/README:
* confREJECT_MSG - [550 Access denied] The message
* given if the access database contains
* REJECT in the value portion.
* With
* define(`confREJECT_MSG'',
* `550 Access denied http:/__BREAK__/berklix.com/~jhs/phone/'')
* A diff of the .cf file before & after shows eg:
* R <$*> $#error $@ 5.7.1 $: "550 Access denied"
* R <$*> $#error $: 550 Access denied http://berklix.com/~jhs/phone/
* I suppose "$@ 5.7.1" might be name of sendmail, & Rev. 5.7.1 ?)
* probably best not lose it.
*/
define(`confREJECT_MSG'',`"550 Access denied http:/__BREAK__/berklix.com/jhs/phone/access/"'')
/* The above loses the "$@ 5.7.1" */
/* contrib/sendmail/cf/README:
* confRELAY_MSG - [550 Relaying denied] The message
* given if an unauthorized relaying
* attempt is rejected.
*/
/* I dont need to warn anyone here, but the text makes it
* clearer to me in my daily run output, if the message is
* coming from my host, & why, hence variant endings /access/ or /relay/
* which are just symbolic links in the web to the same file currently.
*/
define(`confRELAY_MSG'',`"550 Relaying denied http:/__BREAK__/berklix.com/jhs/phone/relay/"'')
#endif /* !freebsd_cmp } */
DOMAIN(generic)
/* * 4.9 pulls in src/contrib/sendmail/cf/domain/generic.m4
define(`confFORWARD_PATH', `$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.
forward')dnl
define(`confMAX_HEADERS_LENGTH', `32768')dnl
FEATURE(`redirect')dnl
FEATURE(`use_cw_file')dnl
EXPOSED_USER(`root')
*/
__BREAK__
#ifdef /*{*/ GATE_HOST
define(`confDONT_BLAME_SENDMAIL'', `GroupReadableKeyFile'')
/* timp@ uses this */
#endif /* GATE_HOST }*/
#if /*{*/ ( defined REMOTE_HOST ) /* SASL stuff */
define(`confDONT_BLAME_SENDMAIL'',`GroupReadableSASLDBFile'')
/* for Sendmail 8.12 (FreeBSD 4.10 has 8.12.11) */
/* /usr/local/share/doc/cyrus-sasl2/Sendmail.README
* The group needs to be mail in order to read the sasldb2 file
* /usr/ports/security/cyrus-sasl/files/Sendmail.README:
* The group needs to be mail in order to read the sasldb file
* Not documented by Snake.
*
* Added per timp@ 2004.01.05:
* define(CYRUS_MAILER_PATH, `/usr/local/cyrus/bin/deliver'')
* All 3 remote hosts & Host=Mart 2006.08.13 have no /usr/local/cyrus
* so I commented out CYRUS_MAILER_PATH
*/
define(CYRUS_MAILER_USER, `cyrus:cyrus'')
/* timp@ has define(`confCLIENT_OPTIONS', `Address=64.56.138.134') Why ? */
#endif /* !REMOTE_HOST }*/
#ifndef freebsd_cmp /*{*/
#if 0 /* off 2007.06.16 ( defined REMOTE_HOST ) */ /*{*/
/* I should NOT masquerad as berklix.org as normal users on @user
* would then lose reply mail to other berklix hosts where they had no name.
*
* Remote hosts masquerade as "berklix.org", not "this.berklix.org".
* I'm not sure I need this, as I never send mail to lists from
* those, so dont need to keep remote gobal majordomo@ satisfied,
* as its responsibility of sending holz hosts to masquerade as
* something sensible. However as many subscribers to eg gea@berklix
* & some other lists are clueless, it is advantageous not to further
* confuse them by seeing eg 3xHost@berklix, as opposed to just @berklix.
*/
define(`MASQ_JHS_FULL'',`berklix.org'')
MASQUERADE_AS(`MASQ_JHS_FULL'')
/* cf: class M: domains that should be converted to $M */
MASQUERADE_DOMAIN(`berklix.com berklix.net berklix.org berklix.eu bsdpie.com bsdpie.org monometro.co.uk surfacevision.com'')
/*
* Domain To Allow For
* Inc berklix.com sub domains jhs&mk@js.berklix.*.
* Inc berklix.net remote sub domains jhs&mk@js.berklix.* gj.berklix.* etc
* Inc berklix.org all hosts: tower, flat, thin/slim.
* Inc berklix.eu all hosts: tower, flat, thin/slim.
* Inc bsdpie.com all hosts: tower, flat, thin/slim
* Inc bsdpie.org all hosts: tower, flat, thin/slim
* Inc monometro.co.uk
* Inc surfacevision.com
*/
FEATURE(`masquerade_envelope'')
/* No FEATURE(`allmasquerade'') as not all local aliases on all REMOTE_HOST */
#else /*}{ @ Holz */
#if /*{*/ 1 /* Ex: (defined GATE_HOST) */
/* http://sendmail.org/m4/masquerading.html
The masquerade name is not normally canonified, so it is
important that it be your One True Name, that is, fully
qualified and not a CNAME. However, if you use a CNAME, the
receiving side may canonify it for you, so don't think you
can cheat CNAME mapping this way.
Mine (js.berklix is a cname, & when I used to have DNS records of
cluster 1H IN A 83.236.223.114 ; tower
cluster 1H IN A 83.236.223.115 ; flat
cluster 1H IN A 194.246.123.68 ; thin/slim
js 0 IN CNAME cluster
AOL was answering to @cluster.berklix.net )
*/
define(`MASQ_JHS_HOST'',`js'')
define(`MASQ_JHS_DOMAIN'',`berklix.net'')
define(`MASQ_JHS_FULL'',`MASQ_JHS_HOST.MASQ_JHS_DOMAIN'')
/* MASQUERADE_AS(`MASQ_JHS_FULL'') */
/* .cf: DMjs.berklix.net
people then reply to @ tower.berklix.net
as my DNS has "js 0 IN CNAME tower"
majordomo@greatcircle.com sees me as jhs@tower.berklix
& refers me to list owner.
*/
MASQUERADE_AS(`berklix.org'')
MASQUERADE_DOMAIN(`js.berklix.net mmc.private gj.org ew.private'')
/* eg MASQUERADE_DOMAIN(`otherhost.domain') sender hosts to map */
FEATURE(`masquerade_envelope'')
/* masquerade_envelope is also rec. by
* http://home.leo.org/~barner/freebsd/articles/mailsetup/article.html
* Normally only header addresses are masqueraded. If you want to
* masquerade the envelope as well, use this.
*/
/* FEATURE(`allmasquerade'') */
/* allmasquerade not rec. by
* http://home.leo.org/~barner/freebsd/articles/mailsetup/article.html
*/
/* FEATURE(`masquerade_entire_domain'')
* To get mail from individual hosts to be masqueraded, else only mail from
* non existant host with domain name js.berklix.net gets masqueraded.
*/
FEATURE(`masquerade_entire_domain'')
/* genericstable rec. by
* http://home.leo.org/~barner/freebsd/articles/mailsetup/article.html
* FEATURE(`genericstable'')
* GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains'')
* but I dont think I need this, as I dont have to map my local users
* to names of users on the remote servers, as I control the remote servers
* genericstable expands conceptually to generics table Not generic stable
* http://sendmail.org/virtual-hosting.html says:
* If you would like to reverse-map local users for out-bound
* mail, you will need to add support for the generics table.
*/
#endif /* } */
define(`RECEIVER_JHS_FULL'',`mail.js.berklix.net'')
#endif /* @Holz }*/
/* * Do I want a trailing dot on MASQUERADE_AS ?
* masquerade_envelope is the unique per recipient header data,
* not the header info that is common to all recipients of a mail.
* The access database is applied to the envelope addresses
* and the connection information, not to the header.
*/
#endif /* !freebsd_cmp }*/
/* * Define a smart host */
#if ( defined freebsd_cmp || defined REMOTE_HOST ) /*{*/
/* None */
#elif /*}{*/ (defined GATE_HOST )
define(`SMART_JHS_HOST'',`smtprelay'')
define(`SMART_JHS_DOMAIN'',`berklix.org'')
define(`SMART_JHS_FULL'',`SMART_JHS_HOST.SMART_JHS_DOMAIN'')
#else /* }{ !( defined freebsd_cmp || defined REMOTE_HOST ) && !GATE_HOST */
define(`SMART_JHS_HOST'',`hub'')
define(`SMART_JHS_DOMAIN'',`js.berklix.net'')
define(`SMART_JHS_FULL'',`SMART_JHS_HOST.SMART_JHS_DOMAIN'')
#endif /* !( defined freebsd_cmp || defined REMOTE_HOST ) && !GATE_HOST } */
#if /*{*/ ( defined lapl_js_berklix_net)
/* * ForkEachJob [False] Run all deliveries in a separate process.
* May be convenient on memory-poor machines.
*/
define(`confSEPARATE_PROC'',1)
#endif /* !lapl_js_berklix_net }*/
#if /*{*/ (defined GATE_HOST || defined REMOTE_HOST )
FEATURE(`relay_entire_domain'')
#endif /* ! (defined GATE_HOST || defined REMOTE_HOST ) }*/
#if ( !defined GATE_HOST && !defined REMOTE_HOST \
&& !defined freebsd_cmp ) /*{*/
FEATURE(local_no_masquerade)
#endif /* !defined GATE_HOST && !defined REMOTE_HOST && !defined freebsd_cmp }*/
FEATURE(access_db, `hash -o -T /etc/mail/access'')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable'')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable'')
/* timp@ uses FEATURE(`virtusertable', `hash -o /etc/mail/vuser') */
/* for surfacevision.com monometro.co.uk bsdpie.com bsdpie.org */
__BREAK__
#if ( defined freebsd_cmp ) /*{*/
dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl __SPACE__ __SPACE__ __SPACE__ your permission.
dnl FEATURE(relay_based_on_MX)
__BREAK__
dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl http:/__BREAK__/www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/
__BREAK__
dnl Uncomment to activate Realtime Blackhole List
dnl information available at http:/__BREAK__/www.mail-abuse.com/
dnl NOTE: This is a subscription service as of July 31, 2001
dnl FEATURE(dnsbl)
dnl Alternatively, you can provide your own server and rejection message:
#if /*{*/ ( __FreeBSD_cc_version < 700003 )
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org'', `"550 Mail from " $&{client_addr} " rejected, see http:/__BREAK__/mail-abuse.org/cgi-bin/lookup?" $&{client_addr}'')
#else /*}{*/ /* uname -r 7.0-PRERELEASE */
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org'', ``"550 Mail from " $&{client_addr} " rejected, see http:/__BREAK__/mail-abuse.org/cgi-bin/lookup?" $&{client_addr}'''')
#endif /*}*/
__BREAK__
#endif /* !freebsd_cmp }*/
#if ( defined /* REMOTE_HOST */ tower_berklix_org ) /*{*/
/* JJLATER try:
* FEATURE(`dnsbl'', `bl.spamcop.net'',
* `"Spam blocked see: http:/__BREAK__/spamcop.net/bl.shtml?"$&{client_addr}'')
*/
#endif /* !tower_berklix_org }*/
#ifdef freebsd_cmp /*{*/
dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST'', `your.isp.mail.server'')
__BREAK__
#endif /* } */
#if ( !defined freebsd_cmp && !defined REMOTE_HOST ) /*{*/
define(`SMART_HOST'',`esmtp:SMART_JHS_FULL'')
#endif /* !defined freebsd_cmp && !defined REMOTE_HOST } */
#ifdef freebsd_cmp /*{*/
dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE'', `-o /etc/mail/sendmail.cw'')
#endif /* } */
/* FEATURE(use_cw_file) already comes from DOMAIN(generic) */
define(`confCW_FILE'', `-o /etc/mail/local-host-names'')
/* timp@ uses FEATURE(use_ct_file) */
#ifdef freebsd_cmp /*{*/
__BREAK__
#endif /* } */
#if 0 /*{*/ /* ( defined GATE_HOST ) */
/* Seperate Authinfo:
* If I want to move "AuthInfo:" lines from /etc/mail/access
* into /etc/mail/authinfo
* */
FEATURE(`authinfo'')
#endif /* !0 } */
#ifndef freebsd_cmp /*{{*/
/* IPV6 I dont want it turned on yet.
* Though it solves the long term shortage of IP numbers on the Internet,
* Until I've got better anti spam control, it just gives spammers
* an infinite number of IP numbers to hide behind.
* vi -c/Family=inet6 \
* contrib/sendmail/RELEASE_NOTES \
* contrib/sendmail/cf/README \
* contrib/sendmail/cf/m4/proto.m4 \
* contrib/sendmail/doc/op/op.me \
* etc/sendmail/common.cpp \
* etc/sendmail/freebsd.mc
*/
DAEMON_OPTIONS(`Name=IPv4, Family=inet'')
/* If one does Not specify the line above, the .cf file inherits
* O DaemonPortOptions=Name=MTA
* instead of
* O DaemonPortOptions=Name=IPv4, Family=inet
*/
#else /*}{ freebsd_cmp */
#if /*{{*/ ( ( __FreeBSD_cc_version == 500005 ) /* FreeBSD-5.1 */ || \
( __FreeBSD_cc_version == 510002 ) /* FreeBSD-5.2 */ )
dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4
dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet'')
dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6'')
#elif /*}{*/ ( \
( __FreeBSD_cc_version == 460001 ) /* FreeBSD-4.[7-11] */ || \
( __FreeBSD_cc_version == 530001 ) /* FreeBSD-5.[3-5] */ || \
( __FreeBSD_cc_version == 600001 ) /* FreeBSD-6.[01] */ || \
( __FreeBSD_cc_version == 602001 ) /* FreeBSD-6.2 */ || \
( __FreeBSD_cc_version == 700003 ) /* uname -r 7.0-BETA2 */ )
dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4, Family=inet'')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O'')
#else /*}{*/
dnl Unrecognised FreeBSD Version
DAEMON_OPTIONS(`Name=IPv4, Family=inet'')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O'')
#endif /*}}*/
#endif /*}}*/
__BREAK__
#if /*{*/ ( defined GATE_HOST )
/* * Left off for other hosts as some need pipes:
* REMOTE_HOST needs pipes for majordomo.
* END_HOST needs pipes for receiving ctm_rmail
*/
FEATURE(smrsh)
#endif /* !GATE_HOST } */
#if ( !defined freebsd_cmp && !defined REMOTE_HOST ) /*{*/
/* * Internal hosts with no DNS to world,
* or GATE_HOST with perhaps only intermittent DNS access to world
* JJLATER try including && ( ! defined GATE_HOST )
* I want my SMTP to accept anything for outgoing, even if its offline
* & cant resolve anything. But this means I suppose that I'm
* also accepting anything incoming from random people scanning
* me, so JJLATER add a firewall rule that I only do SMTP with
* approved hosts.
* Grep keywords: R-DNS RDNS reverse lookup
*/
FEATURE(`accept_unresolvable_domains'')
#endif /* !defined freebsd_cmp && !defined REMOTE_HOST } */
#ifdef /*{*/ REMOTE_HOST
#if /*{*/ (( defined slim_berklix_org ) || \
( defined thin_berklix_org ) || \
/* ( defined flat_berklix_org ) || Add later when upgraded*/ \
( defined tower_berklix_org ) )
#if /*{*/ (__FreeBSD_cc_version >= 602001)
/* 602001 6.2-RELEASE
* 602001 6.3-RELEASE
* 700003 7.0-PRERELEASE
* The #if above is to prevent Makefile
* failing on some hosts, as it generates for all hosts on all
* release, inc. 4.11 & 6.2, & require_rdns only came in
* with FreeBSD 6.3 & 7.0
*/
FEATURE(`require_rdns'')
/* http://www.sendmail.org/releases/8.14.0.Beta4.php
* CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
* clients whose IP address does not have proper reverse DNS.
* Sendmail Versions:
* FreeBSD-6.2-RELEASE answers 8.13.8
* FreeBSD-4-stable became 8.14.1 on 20070411
* http://www.freebsd.org/releases/6.3R/relnotes-i386.html#BOOT
* sendmail has been updated from 8.13.8 to 8.14.2.
* slim FreeBSD-7.0-BETA2 answers 8.14.1
* flat 20.11.2007 8.13.8
* telnet tower smtp 8.14.2
*/
#endif /*}*/
#endif /* slim_berklix_org || thin_berklix_org } */
#endif /* REMOTE_HOST } */
#ifdef /*{*/ REMOTE_HOST
/* Dup. of functionality in /etc/mail/access */
/* Listing berklix.net as RELAY in /etc/mail/access is insufficient */
RELAY_DOMAIN(`js.berklix.net'')
RELAY_DOMAIN(`js.berklix.com'')
RELAY_DOMAIN(`js.berklix.org'')
RELAY_DOMAIN(`js.berklix.eu'')
RELAY_DOMAIN(`berklix.net'')
RELAY_DOMAIN(`berklix.com'')
RELAY_DOMAIN(`berklix.org'')
RELAY_DOMAIN(`berklix.eu'')
/* JJLATER TRY REMOVING js.berklix.net */
RELAY_DOMAIN(`js.berklix.net'')
#endif /* REMOTE_HOST } */
define(`confBIND_OPTS'', `WorkAroundBrokenAAAA'')
#if (defined freebsd_cmp ) /*{*/
/* I dont want this for my private or public machines */
define(`confNO_RCPT_ACTION'', `add-to-undisclosed'')
#endif /* freebsd_cmp } */
define(`confPRIVACY_FLAGS'', `authwarnings,noexpn,novrfy'')
#if /*{*/ ( !defined freebsd_cmp && !defined REMOTE_HOST \
&& !defined END_HOST )
define(`MAIL_HUB'',`RECEIVER_JHS_FULL'')
/* For duplicate suppression to work properly, the host name is best
* specified with a terminal dot:
* ---
* Defining MAIL_HUB Causes .cf file to acquire:
* # who gets all local email traffic
* # ($R has precedence for unqualified names if FEATURE(stickyhost) is used)
* DHmail.js.berklix.net
* ....
* R< > $+ $: < $H > $1 try hub
*/
#endif /* !defined freebsd_cmp && !defined REMOTE_HOST && !defined END_HOST }*/
#ifndef freebsd_cmp /*{*/
define(`confTRUSTED_USERS'', `jhs majordom majordomo'')
#endif /* !freebsd_cmp } */
#ifdef NO_FLAT_RATE /*{*/
define(`confCON_EXPENSIVE'',True)
#endif /* NO_FLAT_RATE } */
#ifndef freebsd_cmp /*{*/
define(`confTIME_ZONE'',`USE_SYSTEM'')
#endif /* !freebsd_cmp } */
#if /*{*/ ( !defined freebsd_cmp && !defined REMOTE_HOST \
&& !defined GATE_HOST )
/* Internal local errors forwarded for fixing.
* Skip errors usually from spam hitting public hosts & gateway.
*/
define(`confCOPY_ERRORS_TO'',`postmaster'')
#endif /*!defined freebsd_cmp && !defined REMOTE_HOST && !defined GATE_HOST }*/
#if /*{*/ ( !defined freebsd_cmp && !defined REMOTE_HOST \
&& !defined GATE_HOST )
define(`confTO_QUEUERETURN'',`1d'')
#endif /*!defined freebsd_cmp && !defined REMOTE_HOST && !defined GATE_HOST }*/
#if ( defined GATE_HOST ) /*{*/
define(`confTO_QUEUEWARN'',`12h'')
#elif /*}{ */ ( defined REMOTE_HOST )
#if /*{*/ (( defined slim_berklix_org ) || ( defined thin_berklix_org ))
/* Not currently list host, leave at default */
#elif /* {} */ ( defined tower_berklix_org )
/* Not currently list host, leave at default */
#elif /* {} */ ( defined flat_berklix_org )
/* Too many warnings from mail list members */
define(`confTO_QUEUEWARN'',`1d'')
#endif /*}*/
#else /*}{*/
/* Leave at default [4h] */
#endif /*}*/
#ifdef GATE_HOST /*{*/
define(`confDIAL_DELAY'',`8s'')
#endif /* GATE_HOST }*/
#ifdef /*{*/ NO_FLAT_RATE
define(`confMCI_CACHE_SIZE'',`6'')
/* Flush queue in minimum time, even if it degrades interactive performance */
#endif /* NO_FLAT_RATE } */
#ifdef GATE_HOST /*{*/
Dw`''MASQ_JHS_HOST
Dm`''MASQ_JHS_DOMAIN
define(`confDOMAIN_NAME'', $w.$m)
#endif /* GATE_HOST } */
#if /*{*/ (!defined freebsd_cmp \
&& !defined REMOTE_HOST \
/* Remote hosts accept no names that aren't known locally.
If I were to do otherwise, I'd be open to spam swamping */ \
&& !defined END_HOST \
/* Avoid RECEIVER_JHS_FULL sending to itself */ \
)
/* Apparently local names that aren't local accounts or aliases. */
define(`LUSER_RELAY'',`RECEIVER_JHS_FULL.'')
/*
* Defining LUSER_RELAY Causes .cf file to acquire:
* # place to which unknown users should be forwarded
* DLmail.js.berklix.net.
*/
#endif /* !defined freebsd_cmp && !defined REMOTE_HOST && !defined END_HOST }*/
#if /*{*/ ( !defined freebsd_cmp && !defined REMOTE_HOST && !defined END_HOST )
/* unqualified names (no @domain) */
define(`LOCAL_RELAY'',`RECEIVER_JHS_FULL'') /* avoids needing .forward */
/*
* Defining LOCAL_RELAY Causes .cf file to acquire:
* who I send unqualified names to if FEATURE(stickyhost) is used
* DRLoCaL_ReLaY.mail.js.berklix.net
*/
#endif /* !defined freebsd_cmp && !defined REMOTE_HOST && !defined END_HOST }*/
#ifdef /*{*/ NO_FLAT_RATE
define(`confTO_HOSTSTATUS'',`6h'')
/* * else [30m] */
#endif /* NO_FLAT_RATE } */
#ifdef /*{*/ REMOTE_HOST
define(`confMAX_RCPTS_PER_MESSAGE'',`600'')
/* Questions:
* - Is this maximum total sendmail would accept from majordomo ?
* - Does sendmail expect majordomo to split beyond that ?
* - Is majordomo capable of splitting & resending ? (I doubt it).
* - Can sendmail itself split envelopes ?
* - Is recipient size seen by remote end ? I believe so,
* & is used as criteria for some MTAs to detect & drop spam.
* bim@ has 80+,
* gea@ list has 200+,
* If I interleave numeric tests between each address ?
* If I cross post an announcement ?
* CF default:
* # maximum number of recipients per SMTP envelope
* #O MaxRecipientsPerMessage=100
** =======================================================================
** JJLATER need to examine all these MAX_RCPTS_PER_MESSAGE
** * 4.11-src/
** * MAX_RCPTS_PER_MESSAGE
** * contrib/sendmail/RELEASE_NOTES
** CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES,
** and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage,
** DontProbeInterfaces, and DontBlameSendmail options.
** -----------------------------------------------------------------------
** * contrib/sendmail/cf/README
** confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
** [infinite] If set, allow no more than
** the specified number of recipients in
** an SMTP envelope. Further recipients
** receive a 452 error code (i.e., they
** are deferred for the next delivery
** attempt).
** * contrib/sendmail/cf/m4/proto.m4
** # maximum number of recipients per SMTP envelope
** _OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `0')
** -----------------------------------------------------------------------
** * MaxRecipientsPerMessage
** * contrib/sendmail/RELEASE_NOTES
** Allow MaxRecipientsPerMessage option to be set on the command line
** by normal users (e.g., sendmail won't drop its root
** privileges) to allow overrides for message submission via
** 'sendmail -bs'.
** Add the MaxRecipientsPerMessage option: this limits the number of
** recipients that will be accepted in a single SMTP
** transaction. After this number is reached, sendmail
** starts returning "452 Too many recipients" to all RCPT
** commands. This can be used to limit the number of recipients
** per envelope (in particular, to discourage use of the server
** for spamming). Note: a better approach is to restrict
** relaying entirely.
** CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES,
** and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage,
** DontProbeInterfaces, and DontBlameSendmail options.
** -----------------------------------------------------------------------
** * contrib/sendmail/cf/README
** confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
** [infinite] If set, allow no more than
** the specified number of recipients in
** an SMTP envelope. Further recipients
** receive a 452 error code (i.e., they
** are deferred for the next delivery
** attempt).
** -----------------------------------------------------------------------
** * contrib/sendmail/cf/cf/submit.cf
** # maximum number of recipients per SMTP envelope
** #O MaxRecipientsPerMessage=0
** -----------------------------------------------------------------------
** * contrib/sendmail/cf/m4/proto.m4
** # maximum number of recipients per SMTP envelope
** _OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `0')
** -----------------------------------------------------------------------
** * contrib/sendmail/doc/op/op.me
** .ip MaxRecipientsPerMessage=\fIN\fP
** [no short name]
** The maximum number of recipients that will be accepted per message
** in an SMTP transaction.
** Note: setting this too low can interfere with sending mail from
** MUAs that use SMTP for initial submission.
** If not set, there is no limit on the number of recipients per envelope.
** ---------------------------------------------------------------
** * contrib/sendmail/src/readcf.c
** #define O_MAXRCPT 0xa2
** { "MaxRecipientsPerMessage", O_MAXRCPT, OI_SAFE },
** #define O_DEADLETTER 0xa3
** =======================================================================
*/
#if /*{*/ ( defined flat_berklix_org )
#elif /*}{*/ ( defined tower_berklix_org )
#elif /*}{*/ (( defined slim_berklix_org ) || ( defined thin_berklix_org ))
#elif /*}{*/ ( defined mini_berklix_org )
/* Avoid thrashing & dieing after coming back on line into the backlog
* of a spam storm. This host is weak.
*/
define(`confQUEUE_LA'',`4'')
/* * CF default is a hashed out 8 */
define(`confREFUSE_LA'',`6'')
/* * CF default is a hashed out 12 */
define(`confDELAY_LA'',`2'')
/* * CF default is a hashed out 0 */
define(`confMAX_DAEMON_CHILDREN'',`3'')
/* * CF default is a hashed out 0 */
define(`confCONNECTION_RATE_THROTTLE'',`2'')
/* * CF default is a hashed out 0 */
define(`confMAX_QUEUE_RUN_SIZE'',`600'')
/* * CF default is hashed out #O MaxQueueRunSize=10000 */
define(`confMAX_QUEUE_CHILDREN'',`3'')
/* * CF default is a hashed out 0 */
define(`confMAX_RUNNERS_PER_QUEUE'',`1'')
/* * CF default is a hashed out 1 */
define(`confBAD_RCPT_THROTTLE'',`10'')
/* * CF default is a hashed out 20 */
#endif /* mini_berklix_org } */
/* Not Yet Used.
* From FreeBSD-6.1/usr/local/share/doc/cyrus-sasl/Sendmail.README:
* dnl The group needs to be mail in order to read the sasldb file
* define(`confRUN_AS_USER',`root:mail')dnl
*/
#endif /*}*/
#if /*{*/ ( defined REMOTE_HOST || \
/* JJLATER does gate need this ? */ defined GATE_HOST )
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 PLAIN LOGIN'')
/* Causes in .cf file:
* C{TrustAuthMech}GSSAPI DIGEST-MD5 PLAIN LOGIN
* Protocols accepted on remote smart host at run time,
* (although from maillog, one can see sendmail has been
* compiled with support for a longer list, eg:
* AUTH: available mech=LOGIN PLAIN ANONYMOUS DIGEST-MD5 CRAM-MD5,
* allowed mech=GSSAPI DIGEST-MD5 PLAIN LOGIN
* Pre 2004.01.05: DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
* Timp@ GSSAPI DIGEST-MD5 PLAIN LOGIN )
*/
#endif /* defined REMOTE_HOST || defined GATE_HOST } */
#if /*{*/ ( defined REMOTE_HOST || \
/* JJLATER does gate need this ? */ defined GATE_HOST )
define(`confAUTH_MECHANISMS'',`GSSAPI DIGEST-MD5 PLAIN LOGIN'')
/* Causes in .cf file:
* O AuthMechanisms=GSSAPI DIGEST-MD5 PLAIN LOGIN
* http://www.sendmail.org/~ca/email/auth.html#AuthMechanisms:
* list of mechanisms which are offered at most for
* authentication. This list is intersected with the
* list of available (i.e., installed) mechanisms, and
* the result of the intersection is listed in the
* AUTH keyword value for the EHLO response.
* default: GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
* 6.1 Default: GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
* 6.1 cf/README: The advertised list of authentication
* mechanisms will be the intersection of this
* list and the list of available mechanisms as
* determined by the Cyrus SASL library.
* Pre 2004.01.05: DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
* timp@ GSSAPI DIGEST-MD5 PLAIN LOGIN
*/
#endif /* defined REMOTE_HOST || defined GATE_HOST } */
/*
* /usr/ports/security/cyrus-sasl/pkg-descr:
* Mechanisms included: ANONYMOUS, CRAM-MD5, DIGEST-MD5, GSSAPI
* (MIT Kerberos 5 or Heimdal Kerberos 5), KERBEROS_V4 and PLAIN.
* /usr/ports/security/cyrus-sasl/files/Sendmail.README:
* Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4.
* These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space
* seperated list. You may want to restrict LOGIN, and PLAIN authentication
* methods for use with STARTTLS, as the password is not encrypted when
* passed to sendmail.
* LOGIN is required for Outlook Express users. "My server requires
* authentication" needs to be checked in the accounts properties to
* use SASL Authentication.
* PLAIN is required for Netscape Communicator users. By default Netscape
* Communicator will use SASL Authentication when sendmail is compiled with
* SASL and will cause your users to enter their passwords each time they
* retreive their mail (NS 4.7).
* The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you
* are using cyrus-imapd and sendmail on the same server that requires access
* to the sasldb database.
*
* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html
* reccomends
* define(`confDEF_AUTH_INFO'', `/etc/mail/auth-info'')
* which in .cf file would be:
* O DefaultAuthInfo=/etc/mail/default-auth-info
* but 4.9/usr/share/sendmail/cf/README:
* password (plain text), ... this option is deprecated
*
* DIGEST-MD5 Succesor to CRAM-MD5
* GSSAPI Works with Kerberos 5
* LOGIN For Outlook Express users. It provides no security
* PLAIN and CRAM-MD5 Do not support the concept of realms
* PLAIN For Netscape Communicator
* PLAIN Can either check /etc/passwd, Kerberos V4, use PAM,
* or the sasl secrets database. By default PAM is
* used if PAM is found, then Kerberos, finally
* /etc/passwd (non-shadow).
* No Security: Beware Packet Sniffers !
* See also http://berklix.com/~jhs/txt/sasl.html#verify
* See also http://berklix.com/~jhs/txt/sasl.html#debug
*/
MAILER(local)
MAILER(smtp)
#if ( 0 /* off 2003.12.01 */ \
&& ! (defined freebsd_cmp ) && ! ( defined REMOTE_HOST ) ) /*{*/
LOCAL_USER(root)
#endif /* 0 } */
#if ( defined REMOTE_HOST ) /*{*/
/* timp@ uses MAILER(cyrus) for providing IMAP services */
/* timp@ uses DAEMON_OPTIONS(`Name=MTA') */
/* timp@ uses DAEMON_OPTIONS(`Port=2525, Name=MSA, M=E') */
/* timp@ uses define(`confLOCAL_MAILER',`cyrus')
* - but isnt this define too late in file ?
*/
#endif /* defined REMOTE_HOST } */
#ifndef freebsd_cmp /*{*/
__HASH__ End of common.cpp
#endif /* !freebsd_cmp } */
/* SPF
* http://homepages.tesco.net/~J.deBoynePollard/FGA/smtp-spf-is-harmful.html
* You've come to this page because you've said something similar to the
* following:
* SPF ("sender pemitted from" a.k.a. "sender policy framework") is a
* scheme designed to prevent forgery of SMTP-based Internet mail and
* thus prevent unsolicited bulk mail. AOL has already adopted it.
* This is the Frequently Given Answer to such statements.
*/
/* )]} */