/* ~jhs/public_html/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail/common.cpp
* Sendmail config for jhs hosts. Copyright Julian H. Stacey 2009 Munich
* CAUTION MAKING:
* cd /etc/mail ; make
* might have 2 unfortunate results, either:
* Installing generic instead of custom:
* cp freebsd.mc `hostname`.mc
* /usr/bin/m4 -D_CF_DIR_=/usr/share/sendmail/cf/ \
* /usr/share/sendmail/cf/m4/cf.m4 `hostname`.mc > `hostname`.cf
* Or if you have previously done
* ln -s ../../usr/src/etc/sendmail/`hostname`.mc
* then your .mc sym linked in /usr/src will get forced back to generic by
* cp freebsd.mc `hostname`.mc
* The safe way is:
* cd /usr/src/etc/sendmail
* make clean ; make cleandir ; make clean ; make obj ; make
* cd /usr/obj/`cd /usr/src/etc/sendmail;/bin/pwd`
* cp `hostname`.mc `hostname`.cf /etc/mail/
* cd /etc/mail
* ln -s `hostname`.mc sendmail.mc
* ln -s `hostname`.cf sendmail.cf
* make ; make stop ; make start
* OTHER SASL AUTH CONFIG FILES RELATED:
* /etc/make.conf includes /site/domain/this/etc/make.conf
* /etc/make.conf includes /site/etc/make.conf.sasl
* /site/domain/this/etc/make.conf includes make.conf.common
* /site/domain/this/etc/make.conf.common includes /site/etc/make.conf.sasl
* /site/domain/berklix/etc/mail/access.domain
* /site/domain/js.berklix.net/etc/mail/access.domain
* source of passwords
* /site/domain/js.berklix.net/etc/mail/access
* text copy of passwords
* /etc/mail/access -> ../../site/etc/mail/access
* /etc/mail/access.db
* binary of passwords.
* /site/usr/lib/sasl/Sendmail.conf
* specifies: pwcheck_method: sasldb
* /site/domain/berklix/usr/lib/sasl/saslpasswd.conf
* /site/usr/lib/sasl/saslpasswd.conf
* specifies: pwcheck_method: pwcheck
* /usr/local/etc/sasldb.db /usr/local/etc/sasldb2.db
* ~/public_html/src/bsd/fixes/FreeBSD/src/jhs/contrib/sendmail/\
* cf/cf/submit.mc.cyrus-sasl.REL=ALL.diff
* disables SMTP AUTH on the loopback interface
* ~/mail/auth/\*
* MAN: saslpasswd saslpasswd2 sasldblistusers sasldblistusers2
* DOC FILES:
* /usr/local/share/doc/cyrus-sasl2/html/
* /usr/local/share/doc/cyrus-sasl2/testing.txt
* /usr/ports/security/cyrus-sasl2/files/Sendmail.README
* /usr/share/sendmail/cf/README <
* /usr/src/contrib/sendmail/cf/README
* /usr/src/contrib/sendmail/RELEASE_NOTES
* PORTS:
* /usr/ports/security/cyrus-sasl (Manually select: "Use pwcheck")
* /usr/ports/security/cyrus-sasl2 Installed then I used SASL1
* /usr/ports/mail/sendmail-sasl Not used
* /usr/ports/security/cyrus-sasl2-saslauthd Not used
* /usr/ports/security/gsasl Not used
* DOC WEB: (C = Client Side SASL, S = Server Side)
* - http://cork.linux.ie/projects/install-sendmail/
* CS http://docs.snake.de/smtp-auth.html
* http://imgate.meiway.com for WinNT
* http://matt.simerson.net/computing/qmail.toaster.shtml - Alt to SM
* http://njabl.org - Black Hole List
* http://spamassassin.org/tag/
* S http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html
* http://www.sendmail.org/antispam.html
* http://www.sendmail.org/~ca/email/auth.html < timp@
* http://www.sendmail.org/~ca/email/cyrus/sysadmin.html
* http://www.sendmail.org/~ca/email/sm-812.html#812AUTH < timp@
* EMAIL ADDRESSES
* timp@ Tim Pushor
* offered me a SASL relay or debug I recall.
* postmaster@ freebsd 2004.08 is
* David Wolfskill
* ACRONYMS:
* MTA = Mail Transfer Agent. flat considers mart sendmail an MTA
* MSA = Mail [Submission Agent maybe?] Agent EG maybe ref submit.cf ?
* MSP = Mail [Submission Program maybe?] Agent EG maybe ref submit.cf ?
* MUA = Mail User Agent, EG Exmh, Pine, Elm
* SASL:
* authid= Authentication Identifier: Real person's login name.
* userid= user id= Authorization ID:
* Your account, or maybe that of an absent colleague's.
* TO DO:
* There is a misleading but not actually problematic naming conflict
* between MAIL_HUB which is an internal recipient
* & host=hub which is my name for gateway outgoing.
* Ensure names such as phillip@fire do not leak.
* Strip file of comment regularly updated in docs.
* cd /usr/src/contrib/sendmail/doc/op ; \
* pic -C op.me|eqn -C -Tascii|groff -Tascii -mps -me>~/tmp/sm.asc
* Debugging: Relaying denied string changed on mini in:
* contrib/sendmail/cf/cf/submit.cf
* contrib/sendmail/cf/m4/proto.m4
* See if I need to tweak submit.mc
* Anti Spam Programs: SpamAssassin ( used by freebsd.org), Razor,
* MailScanner, Bogofilter.
* ports/mail/p5-Mail-SpamAssassin
* ordb osirusoft spamcop wirehub
* Do a DOMAIN(js.berklix.net), probably also using nullclient.
* ports/mail/tlb to process deliveries to hide outgoing aliases,
* to prevent people from evading restrictions for posting to lists.
* UNUSED:
* STARTTLS, IMAP command starts encryption
* VIRTUSER_DOMAIN
* VIRTUSER_DOMAIN_FILE
* confERROR_MESSAGE
* confSAVE_FROM_LINES
* confSERVICE_SWITCH_FILE
* confUSERDB_SPEC
* BITNET_RELAY
* DECNET_RELAY
* FAX_RELAY
* FEATURE(`compat_check')
* FEATURE(`delay_checks') would allow spammers using Sender: my_domain
* FEATURE(`enhdnsbl')
* FEATURE(`generics_entire_domain')
* FEATURE(`genericstable')
* FEATURE(`lookupdotdomain')
* FEATURE(`msp', `[127.0.0.1]') in submit.mc
* FEATURE(`no_default_msa')
* FEATURE(`preserve_local_plus_detail')
* FEATURE(`preserve_luser_host')
* FEATURE(`queuegroup')
* FEATURE(`relay_hosts_only')
* FEATURE(`relay_mail_from',`domain') Too dangerous
* FEATURE(accept_unqualified_senders) fred without @domain
* FEATURE(local_procmail)
* FEATURE(loose_relay_check) user%site.com@othersite.com
* FEATURE(relay_local_from) not unless absolutely necessary
* FEATURE(virtuser_entire_domain)
* define(`confDELIVERY_MODE',`deferred') not send out til requested.
* RELAY_DOMAIN_FILE(`/etc/mail/relay')
* UUCP_RELAY
* brackets.c: '
* confINPUT_MAIL_FILTERS for spam later maybe ?
* confRELAY_MSG
* files: etc/auth.conf
* files: login.conf & auth_hostok
* LDAP
* TEST ADDRESSES to input to "sendmail -bt"
* with command EG "/parse a@b"
* (as this .cpp file is on the web, & harvested by
* spammers, no complete addresses)
* no_domain (no@)
* land.berklix.org
* dsl
* freebsd.org
* lapt
* localhost
* mail
* mail.js.berklix.net
* muc. .de
* not_in_etc_hosts.bsn.com
* null.bsn.com
* park
* wind
* world
* DELIMITERS:
* - Be Very Careful, changing anything:
* you can very easily damage the output file from m4 without getting an
* error message !
* - The text first goes through ccp, then m4, then is read by sendmail.
* - m4: dnl is the m4 command for delete-to-newline.
* - .cf: Hash # at beginning of line is a delimeter for sendmail.cf
* read by /usr/sbin/sendmail, but is not a delimeter for m4.
* - m4: treat as special, all of these:
* lots of character such as {}
* and `quotes-round-this-string' brackets.c:`'
* and defined strings such as FEATURE
* To avoid m4 macro expansion of strings such as OSTYPE being expanded
* before pass through to a .cf file as comment,
* use the string 0`'STYPE brackets.c:`'
* - cpp: To avoid "unterminated character constant" in single
* uses of the ' char, I use double occurences, & let cpp
* brackets.c:'
* reduce them to single quotes in the .mc file.
* So I use 0`'STYPE.
* brackets.c:`
* To avoid "unknown configuration line" I avoid lines with
* just a tab,
* (which occur if you have a slash star comment not starting in
* column 1, (though comments not starting in column 1 are OK in
* ifdef lines, as the cpp does not pass those lines through.))
* - cpp: The Makefile deletes the space in "^ #" to "^#"
* - cpp: The Makefile deletes blank lines
* - cpp: To avoid cpp acting on # comment lines destined for .cf file,
* they are preceeded by this string (without spaces) "/ * * /"
* - Makefile last strips all strings __SPACE__
* which are used to fool cpp.
* - cpp: When making EG file wind.mc Makefile defines
* string wind_js_berklix_net (using _ as dots are not allowed
* by cpp).
* 5.1 cpp reduces tabs to spaces.
* Info from guug conf. spring 98:
* ETRN = force queue run
* Exim takes over from Smail.
* SMTP/ESMTP:
* If old machines far end, use smtp, if new use esmtp.
* HELO is the normal start, ESMTP servers often start EHLO,
* but some lock up if EHLO is received & they dont support extended,
* so some extended servers initiate instead with ESMTP.
*/
// ----------------------------------------------------------------------------
#ifndef freebsd_cmp /*{*/
__HASH__ Source: ~jhs/public_html/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail/common.cpp
#else /*}{ For comparison with freebsd.mc. */
divert(-1)
__HASH__
__HASH__ Copyright (c) 1983 Eric P. Allman
__HASH__ Copyright (c) 1988, 1993
__HASH____TAB__The Regents of the University of California. __SPACE__All rights reserved.
__HASH__
__HASH__ Redistribution and use in source and binary forms, with or without
__HASH__ modification, are permitted provided that the following conditions
__HASH__ are met:
__HASH__ 1. Redistributions of source code must retain the above copyright
__HASH__ __SPACE____SPACE__ notice, this list of conditions and the following disclaimer.
__HASH__ 2. Redistributions in binary form must reproduce the above copyright
__HASH__ __SPACE____SPACE__ notice, this list of conditions and the following disclaimer in the
__HASH__ __SPACE____SPACE__ documentation and/or other materials provided with the distribution.
__HASH__ 3. All advertising materials mentioning features or use of this software
__HASH__ __SPACE____SPACE__ must display the following acknowledgement:
__HASH____TAB__This product includes software developed by the University of
__HASH____TAB__California, Berkeley and its contributors.
__HASH__ 4. Neither the name of the University nor the names of its contributors
__HASH__ __SPACE____SPACE__ may be used to endorse or promote products derived from this software
__HASH__ __SPACE____SPACE__ without specific prior written permission.
__HASH__
__HASH__ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS__CLOSE____CLOSE__ AND
__HASH__ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
__HASH__ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
__HASH__ ARE DISCLAIMED. __SPACE__IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
__HASH__ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
__HASH__ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
__HASH__ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
__HASH__ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
__HASH__ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
__HASH__ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
__HASH__ SUCH DAMAGE.
__HASH__
__BREAK__
__HASH__
// ----------------------------------------------------------------------------
// cd /pri/freebsd/releases ;
// grep "This is a generic configuration file for FreeBSD" */src/etc/sendmail/freebsd.mc
// 4.11-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 4.X and later systems.
// 6.4-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 5.X and later systems.
// 7.4-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems.
// 8.4-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems.
// 9.2-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems.
// 9.3-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems.
// 10.4-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems.
// 11.4-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems.
// 12.2-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems.
// 12.3-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems.
// 13.0-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems.
// 14.0-RELEASE/src/etc/sendmail/freebsd.mc:# This is a generic configuration file for FreeBSD 6.X and later systems.
//
// cpp -dM /dev/null | grep __FreeBSD_cc_version
// { __FreeBSD_cc_version
#if /*{*/ ( __FreeBSD_cc_version >= 900001 ) /* 9.0 */
__HASH__ __SPACE__This is a generic configuration file for FreeBSD 6.X and later systems.
#elif /*}{*/ ( __FreeBSD_cc_version >= 800001 ) /* 8.1, 8.2, 8.3 */
__HASH__ __SPACE__This is a generic configuration file for FreeBSD 6.X and later systems.
#elif /*}{*/ ( __FreeBSD_cc_version >= 700003 /* 7.3 or 7.4 */ )
__HASH__ __SPACE__This is a generic configuration file for FreeBSD 6.X and later systems.
#elif /*}{*/ ( __FreeBSD_cc_version > 602001 /* 6.4 */ )
__HASH__ __SPACE__This is a generic configuration file for FreeBSD 6.X and later systems.
#elif /*}{*/ ( __FreeBSD_cc_version > 500000 /* not quite the right number */ )
__HASH__ __SPACE__This is a generic configuration file for FreeBSD 5.X and later systems.
#elif /*}{*/ ( __FreeBSD_cc_version >= 460001 /* 4.11 */ )
__HASH__ __SPACE__This is a generic configuration file for FreeBSD 4.X and later systems.
#else /*}{*/
__HASH__ __SPACE__This is a generic configuration file for FreeBSD Unknown Release.
#endif /*}*/
// }
__HASH__ __SPACE__If you want to customize it, copy it to a name appropriate for your
__HASH__ __SPACE__environment and do the modifications there.
__HASH__
__HASH__ __SPACE__The best documentation for this .mc file is:
__HASH__ __SPACE__/usr/share/sendmail/cf/README or
__HASH__ __SPACE__/usr/src/contrib/sendmail/cf/README
#endif /* freebsd_cmp }*/
#if /*{*/ ( __FreeBSD_cc_version == 700003 /* 7.4-RELEASE */ )
// 7.4 has no trailing space in next line, just the hash.
__HASH__
#elif ( __FreeBSD_cc_version >= 800001 ) /* 9.[012] */
/* 9.1 has no trailing space in next line,
* 8.4 & 9.2 & 10.0 do have a trailing space in next line.
*/
__HASH__ __SPACE__
#endif /* __FreeBSD_cc_version == 700003 }*/
#if /*{*/ ( __FreeBSD_cc_version >= 1000001 ) /* 10.0 */
__HASH__ __SPACE__NOTE: If you enable RunAsUser, make sure that you adjust the permissions
__HASH__ __SPACE__and owner of the SSL certificates and keys in /etc/mail/certs to be usable
__HASH__ __SPACE__by that user.
__HASH__
#endif /* __FreeBSD_cc_version >= 1000001 }*/
__BREAK__
// ----------------------------------------------------------------------------
// 12.2-PRERELEASE __FreeBSD_cc_version 1200023
// 12.2-RELEASE __FreeBSD_cc_version 1200023
// 12.2-STABLE __FreeBSD_cc_version 1200023
// 12.3-STABLE __FreeBSD_cc_version 1200025
// 12.4-RELEASE __FreeBSD_cc_version 1200025
// 14.0-RELEASE-p3 __FreeBSD_cc_version 1400006
// ----------------------------------------------------------------------------
#ifdef freebsd_cmp /*{*/
divert(0)
// { __FreeBSD_cc_version switch
#if /*{*/ ( __FreeBSD_cc_version == 460001 ) /* 4.7 & 4.8 & 4.9 & 4.10 */
/* VERSIONID for 4.10 */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.19 2003/12/31 17:42:16 gshapiro Exp $__CLOSE__)
#elif /*}{*/ ( __FreeBSD_cc_version == 500005 ) /* 5.1 */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.28 2003/04/18 01:25:41 gshapiro Exp $__CLOSE__)
#elif /*}{*/ ( __FreeBSD_cc_version == 510002 ) /* 5.2 */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.28 2003/04/18 01:25:41 gshapiro Exp $__CLOSE__)
#elif /*}{*/ ( __FreeBSD_cc_version == 520001 ) /* 5.2-current */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $__CLOSE__)
#elif /*}{*/ ( __FreeBSD_cc_version == 530001 ) /* 5.[3-5] */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $__CLOSE__)
#elif /*}{*/ ( __FreeBSD_cc_version == 600001 ) /* 6.[01] */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.6.1 2006/04/13 04:00:23 gshapiro Exp $__CLOSE__)
#elif /*}{*/ ( __FreeBSD_cc_version == 602001 ) /* 6.2 */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.2.6.2.1 2008/10/02 02:57:24 kensmith Exp $__CLOSE__)
#elif /*}{*/ ( __FreeBSD_cc_version == 700003 ) /* 7.0 & 7.1 & 7.2 & 7.3 & 7.4 */
// 7.0 or 7.1 or 7.2 or 7.3 VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.4.2.1 2010/02/10 00:26:20 kensmith Exp $')
// 7.4 VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.4.4.1 2010/12/21 17:10:29 kensmith Exp $')
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.4.4.1 2010/12/21 17:10:29 kensmith Exp $__CLOSE__)
#elif /*}{*/ ( __FreeBSD_cc_version == 800001 ) /* 8.0 - 8.4 */
#if defined RELEASE_8_0 /* {{ */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.37.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $__CLOSE__)
#elif defined RELEASE_8_1 /* }{ */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.37.2.2.2.1 2010/06/14 02:09:06 kensmith Exp $__CLOSE__)
#elif defined RELEASE_8_2 /* }{ */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.37.2.2.4.1 2010/12/21 17:09:25 kensmith Exp $__CLOSE__)
#elif defined RELEASE_8_3 /* }{ */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.37.2.3.2.1 2012/03/03 06:15:13 kensmith Exp $__CLOSE__)
#elif defined RELEASE_8_4 /* }{ */
VERSIONID(`$FreeBSD: release/8.4.0/etc/sendmail/freebsd.mc 250169 2013-05-02 01:39:32Z gshapiro $__CLOSE__)
#else /* }{ */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v - Unknown 8.x - kensmith Exp $__CLOSE__)
#endif /* } __FreeBSD_cc_version == 800001 } */
#elif /*}{*/ ( __FreeBSD_cc_version == 900001 ) /* 9.0 - 9.1 */
#if defined RELEASE_9_0 /* {{ */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.39.2.1.2.1 2011/11/11 04:20:22 kensmith Exp $__CLOSE__)
/* brackets.c:` */
#elif (defined RELEASE_9_1) /* }{ */
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.39.2.1.4.2 2012/11/17 08:47:01 svnexp Exp $__CLOSE__)
/* brackets.c:` */
#elif (defined RELEASE_9_2) /* }{ */
VERSIONID(`$FreeBSD: release/9.2.0/etc/sendmail/freebsd.mc 249867 2013-04-25 01:46:20Z gshapiro $__CLOSE__)
/* brackets.c:` */
#elif (defined 10.0-BETA1 ) /* }{ */
VERSIONID(`$FreeBSD: stable/10/etc/sendmail/freebsd.mc 249732 2013-04-21 17:11:45Z gshapiro $__CLOSE__)
/* brackets.c:` */
#elif (defined RELEASE_10_0) /* }{ */
VERSIONID(`$FreeBSD: 10 UNKNOWN__CLOSE__)
/* brackets.c:` */
#elif (defined RELEASE_10_1) /* }{ */
VERSIONID(`$FreeBSD: release/10.1.0/etc/sendmail/freebsd.mc 266698 2014-05-26 15:42:39Z gshapiro $__CLOSE__)
#else /* }{ */
VERSIONID(`$FreeBSD: UNKNOWN__CLOSE__)
#endif /* }} */
#elif /*}{*/ ( __FreeBSD_cc_version == 1000001 ) /* 10.0 & 10.1 & 10.3 */
#if defined 10.3-RELEASE-p4 /* { */
#elif (defined RELEASE_10_1) /* }{ */
#elif (defined RELEASE_10_2) /* }{ */
VERSIONID(`$FreeBSD: release/10.2.0/etc/sendmail/freebsd.mc 285304 2015-07-09 05:25:47Z gshapiro $__CLOSE__)
#elif (defined RELEASE_10_3) /* }{ */
VERSIONID(`$FreeBSD: release/10.3.0/etc/sendmail/freebsd.mc 285304 2015-07-09 05:25:47Z gshapiro $__CLOSE__)
#endif /* } */
#elif /*}{*/ ( __FreeBSD_cc_version == 1100001 ) /* 11_0-CURRENT */
VERSIONID(`$FreeBSD: head/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__)
//
#elif /*}{*/ ( __FreeBSD_cc_version == 1100508 ) /* 11.2-RELEASE */
VERSIONID(`$FreeBSD: release/11.2.0/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__)
/* brackets.c:` */
//
#elif /*}{*/ ( __FreeBSD_cc_version == 1200015 ) /* 12 Current */
VERSIONID(`$FreeBSD: head/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__)
/* https://www.freebsd.org/doc/en/books/porters-handbook/versions-12.html */
//
#elif /*}{*/ ( __FreeBSD_cc_version == 1200016 ) /* 12.0-p3 12.1-p2 */
// VERSIONID(`$FreeBSD: head/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $') 12.0-p3
// VERSIONID(`$FreeBSD: releng/12.1/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $') 12.1-p2
VERSIONID(`$FreeBSD: releng/12.1/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__)
//
#elif /*}{*/ ( __FreeBSD_cc_version == 1200018 ) /* 12.0-STABLE cat .ctm_status src-12 320 .svn_revision 349176 */
VERSIONID(`$FreeBSD: stable/12/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__)
//
#elif /*}{*/ ( __FreeBSD_cc_version == 1200021 ) /* 12.1-STABLE 2020-02-05 */
VERSIONID(`$FreeBSD: stable/12/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__)
//
#elif /*}{*/ ( __FreeBSD_cc_version == 1200023 ) /* 12.2-RELEASE & 12.2-STABLE & 12.3-RELEASE */
// VERSIONID(`$FreeBSD: releng/12.2/etc/sendmail/freebsd.mc 363465 2020-07-24 00:22:33Z gshapiro $')
// VERSIONID(`$FreeBSD: releng/12.3/etc/sendmail/freebsd.mc 363465 2020-07-24 00:22:33Z gshapiro $')
VERSIONID(`$FreeBSD: releng/12.3/etc/sendmail/freebsd.mc 363465 2020-07-24 00:22:33Z gshapiro $__CLOSE__)
//
#elif /*}{*/ ( __FreeBSD_cc_version == 1200025 ) /* 12.3-STABLE 2022-04-28 */
// By 2021-08-16 I found 12.2 stable freebsd.mc just has VERSIONID(`$FreeBSD$')
// VERSIONID(`$FreeBSD$__CLOSE__)
VERSIONID(`$FreeBSD$__CLOSE__)
//
#elif /*}{*/ ( __FreeBSD_cc_version == 1300007 )
// 13.0-CURRENT 2020-04-16
// VERSIONID(`$FreeBSD: head/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $__CLOSE__)
// 13.0-RELEASE-p8 2020-04-14
VERSIONID(`$FreeBSD$__CLOSE__)
//
#elif /*}{*/ ( __FreeBSD_cc_version == 1400006 )
// 14.0-RELEASE-p3 2024-01-08 host=land
VERSIONID(`$FreeBSD$__CLOSE__)
//
#else /*}{ __FreeBSD_cc_version number unknown */
VERSIONID(`$FreeBSD: common.cpp Unknown version, run cpp -dM /dev/null | grep __FreeBSD_cc_version__CLOSE__)
/* brackets.c:` */
#endif /* __FreeBSD_cc_version number unknown } */
// __FreeBSD_cc_version switch }
#else /* defined freebsd_cmp }{ not defined freebsd_cmp */
/* The HOSTNAME that Make passes in has no spaces, but cpp screws up
* and adds a space before & after.
*/
VERSIONID(`$FreeBSD: src/etc/sendmail/common.cpp Copyright jhs@ for HOSTNAME\__CLOSE__)
#endif /* not defined freebsd_cmp } defined freebsd_cmp }*/
// ----------------------------------------------------------------------------
#if defined park_js_berklix_net /*{*/
__HASH__ Debug for vi *.mc: park_ js_ berklix_ net is defined as park_js_berklix_net
#elif defined mart_js_berklix_net /*}{*/
__HASH__ Debug for vi *.mc: mart_ js_ berklix_ net is defined as mart_js_berklix_net
#elif defined dell_js_berklix_net /*}{*/
/* /etc/make.conf has SENDMAIL_MC=dell.js.berklix.net.mc */
__HASH__ Debug for vi *.mc: dell_ js_ net is defined as dell_js_berklix_net
#elif defined dell_no_berklix_net /*}{*/
/* /etc/make.conf has SENDMAIL_MC=dell.no.berklix.net.mc */
__HASH__ Debug for vi *.mc: dell_ no_ net is defined as dell_no_berklix_net
#elif defined lapr_js_berklix_net /*}{*/
/* /etc/make.conf has SENDMAIL_MC=lapr.js.berklix.net.mc */
__HASH__ Debug for vi *.mc: lapr_ no_ net is defined as lapr_js_berklix_net
#elif defined lapr_no_berklix_net /*}{*/
/* /etc/make.conf has SENDMAIL_MC=lapr.no.berklix.net.mc */
__HASH__ Debug for vi *.mc: lapr_ no_ berklix_ net is defined as lapr_no_berklix_net
#endif /*}*/
// ----------------------------------------------------------------------------
/* /usr/src/contrib/sendmail/cf/ostype/freebsd4.m4 */
#if /*{*/ (__FreeBSD_cc_version < 500000) /* not quite right number */
OSTYPE(freebsd4)
#elif /*}{*/ (__FreeBSD_cc_version >= 600001)
/* uname -r 6.0 & 7.2 */
OSTYPE(freebsd6)
#else /*}{*/
OSTYPE(freebsd5)
#endif /*}*/
// ----------------------------------------------------------------------------
#if /*{*/ ( ( defined park_js_berklix_net ) || ( defined mart_js_berklix_net ) )
#define GATE_HOST 1
#elif /*}{*/ ( defined fire_js_berklix_net )
#define END_HOST 1
#elif /*}{*/ ( ( defined lapr_no_berklix_net ) || ( defined laps_no_berklix_net ) \
|| ( defined dell_no_berklix_net ) )
#define MOBILE_HOST 1
#elif /*}{*/ ( ( defined land_berklix_org ) || ( defined slim_berklix_org ))
#define BERKLIX_SERVER_REMOTE 1
#else /*}{*/
/* Internal subsidiary host at Holz. */
#endif /*}*/
// ----------------------------------------------------------------------------
/* Log level. 15 is a good start value for debugging, but log may flood */
#if /* { */ ( defined XXland_berklix_org ) /* /var: Big */
define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__)
/* brackets.c:` */
#elif /* }{ */ ( defined slim_berklix_org ) /* /var: 1Gig */
/* define(`confLOG_LEVEL', `15') */
/* brackets.c:` */
#elif /* }{ */ ( defined fire_js_berklix_net ) /* /var: 250M */
define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__)
/* brackets.c:` */
#elif /* }{ */ ( defined lapr_js_berklix_net ) /* /var: ? */
define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__)
/* brackets.c:` */
#elif /* }{ */ ( defined dell_js_berklix_net ) /* /var: ? */
define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__)
/* brackets.c:` */
#elif /* }{ */ ( defined lapr_no_berklix_net ) /* /var: ? */
define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__)
/* brackets.c:` */
#elif /* }{ */ ( defined dell_no_berklix_net ) /* /var: ? */
define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__)
/* brackets.c:` */
#elif /* }{ */ ( defined mart_js_berklix_net ) /* /var: ?? */
define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__)
/* brackets.c:` */
#elif /* }{ */ ( defined park_js_berklix_net ) /* /var: 1.1G */
define(`confLOG_LEVEL__CLOSE__, `15__CLOSE__)
/* brackets.c:` */
#endif /*}*/
// ----------------------------------------------------------------------------
#ifndef freebsd_cmp /*{*/
/* Give rejected domains a clue who to phone, in case its not a spammer.
* contrib/sendmail/cf/README:
* confREJECT_MSG - [550 Access denied] The message
* given if the access database contains
* REJECT in the value portion.
* With
* define(`confREJECT_MSG',
* `550 Access denied http:/__BREAK__/www.berklix.com/~jhs/phone/')
* A diff of the .cf file before & after shows eg:
* R <$*> $#error $@ 5.7.1 $: "550 Access denied"
* R <$*> $#error $: 550 Access denied http://www.berklix.com/~jhs/phone/
* I suppose "$@ 5.7.1" might be name of sendmail,
* Below loses the "$@ 5.7.1"
*
* 10.1-RELEASE with
* define(`confREJECT_MSG',`"550 Access denied http:/__BREAK__/www.berklix.com/~jhs/phone/access/"')
* complains:
* slim.berklix.org.cpp:446:97: warning: empty character constant [-Winvalid-pp-token]
* define(`confREJECT_MSG',`"550 Access denied http:/__BREAK__/www.berklix.com/~jhs/phone/access/"')
*/
define(`confREJECT_MSG__CLOSE__,`"550 Access denied http:/__BREAK__/www.berklix.com/~jhs/phone/access/"__CLOSE__)
/* contrib/sendmail/cf/README:
* confRELAY_MSG - [550 Relaying denied] The message
* given if an unauthorized relaying
* attempt is rejected.
* I dont need to warn anyone here, but the text makes it
* clearer to me in my daily run output, if the message is
* coming from my host, & why, hence variant endings /access/ or /relay/
* which are just symbolic links in the web to the same file currently.
*
* 10.1-RELEASE with
* define(`confRELAY_MSG',`"550 Relaying denied http:/__BREAK__/www.berklix.com/~jhs/phone/relay/"')
* complains:
* slim.berklix.org.cpp:462:22: warning: empty character constant [-Winvalid-pp-token]
* define(`confRELAY_MSG',`"550 Relaying denied http:/__BREAK__/www.berklix.com/~jhs/phone/relay/"')
*/
define(`confRELAY_MSG__CLOSE__,`"550 Relaying denied http:/__BREAK__/www.berklix.com/~jhs/phone/relay/"__CLOSE__)
#endif /* !freebsd_cmp } */
// ----------------------------------------------------------------------------
DOMAIN(generic)
/* * 4.9 pulls in src/contrib/sendmail/cf/domain/generic.m4
* define(`confFORWARD_PATH',
* `$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward')dnl
* define(`confMAX_HEADERS_LENGTH', `32768')dnl
* FEATURE(`redirect')dnl
* FEATURE(`use_cw_file')dnl
* EXPOSED_USER(`root')
* bracktes.c:`'
* */
__BREAK__
// ----------------------------------------------------------------------------
#ifdef /*{*/ GATE_HOST
define(`confDONT_BLAME_SENDMAIL__CLOSE__, `GroupReadableKeyFile__CLOSE__)
/* timp@ uses this */
#endif /* GATE_HOST }*/
// ----------------------------------------------------------------------------
#if /*{*/ ( defined BERKLIX_SERVER_REMOTE ) /* SASL stuff */
define(`confDONT_BLAME_SENDMAIL__CLOSE__,`GroupReadableSASLDBFile__CLOSE__)
/* for Sendmail 8.12 (FreeBSD 4.10 has 8.12.11) */
#endif /* !BERKLIX_SERVER_REMOTE }*/
// ----------------------------------------------------------------------------
/* /usr/local/share/doc/cyrus-sasl2/Sendmail.README
* The group needs to be mail in order to read the sasldb2 file
* /usr/ports/security/cyrus-sasl/files/Sendmail.README:
* The group needs to be mail in order to read the sasldb file
* Not documented by Snake.
* Added per timp@ 2004.01.05:
* define(CYRUS_MAILER_PATH, `/usr/local/cyrus/bin/deliver')
* brackets.c:`
* All 3 remote hosts & Host=Mart 2006.08.13 have no /usr/local/cyrus
* so I commented out CYRUS_MAILER_PATH
*/
#if /*{*/ ( defined BERKLIX_SERVER_REMOTE ) /* SASL stuff */
define(CYRUS_MAILER_USER, `cyrus:cyrus__CLOSE__)
// brackets.c `
#endif /* !BERKLIX_SERVER_REMOTE }*/
// ----------------------------------------------------------------------------
#if /*{*/ ( defined BERKLIX_SERVER_REMOTE ) /* SASL stuff */
/* timp@ has define(`confCLIENT_OPTIONS', `Address=64.56.138.134') Why ? */
#endif /* !BERKLIX_SERVER_REMOTE }*/
// ----------------------------------------------------------------------------
#ifndef freebsd_cmp /*{*/
/* MASQUERADING:
* - BERKLIX_SERVER_REMOTE @user.berklix:
* I should Not masquerade as berklix.org, as normal users on that
* host would lose reply mail that might go to other
* berklix hosts where they had no login or forwarding.
* - BERKLIX_SERVER_REMOTE @smtprelay.berklix:
* I should Not masquerade as berklix.org, as if I do, my mail from holz
* declaring itself berklix.com or js.berklix.com, appears as berklix.org,
* @ gets rejected to -approval@berklix, as
* jhs@ is not subscribed as @berklix.org, (As on lists with lots of
* MS addicts, PC viruses of spammers harvest
* good matches of eg jhs@ & {ms-addicts}@;
* so to break that use * different domains for list & owner/ frequent senders).
* - BERKLIX_SERVER_REMOTE all:
* majordomo has aliases that guide all traffic to @lists.berklix so
* removing masquerading should hopefully make no difference either
* way for majordomo. Yet to be checked.
* - BERKLIX_SERVER_REMOTE all:
* Most subscribers on some lists here are clueless MS users,
* Ideally, would be nice to subsume 3xHost.berklix to avoid
* their getting further confused - but how ?
* - GATE_HOST:
* Masquerading as berklix.com now, maybe later js.berklix.com
* If this were not to masquerade, All internal hosts would need to,
* else eg replies would never get back to @lapl.js.berklix.net.
* - GATE_HOST (or END_HOST)
* - Need to change subscriptions on non berklix lists to match,
* so outgoing posts to lists do not bounce.
* - If I do the masquerade on a per sender host basis,
* then some can masquerade as @berklix.com for majordomo@berklix
* .org run lists & vector, & some as another domain for {other
* lists & visitors & contract business }
* - http://www.sendmail.org/m4/masquerading.html
* The masquerade name is not normally canonified, so it is
* important that it be your One True Name, that is, fully
* qualified and not a CNAME. However, if you use a CNAME, the
* receiving side may canonify it for you, so don't think you
* can cheat CNAME mapping this way.
* - An example of usage of word canonicalise
* sftp flat
* Connecting to flat...
* sftp> cd pu*l/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail
* Couldn't canonicalise: No such file or directory
* sftp> cd public_html/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail
* sftp>
* - An example of usage of word canonical:
* nslookup webmail.berklix.org
* webmail.berklix.org canonical name = land.berklix.org.
* I guess thats where the C in Cname in DNS derives from.
*/
#if 0 /* pre 2009 06 10 was ifdef GATE_HOST {*/
/* Mine (js.berklix is a cname, & when I used to have DNS records of eg
* cluster 1H IN A 1.2.3.4 ; server1
* cluster 1H IN A 1.2.3.4 ; server2
* cluster 1H IN A 1.2.3.4 ; server3
* cluster 1H IN A 1.2.3.4 ; server4
* js 0 IN CNAME cluster
* AOL was answering to @cluster.berklix.net )
*/
define(`MASQ_JHS_HOST__CLOSE__,`js__CLOSE__) // .cf equivalent Dwjs
define(`MASQ_JHS_DOMAIN__CLOSE__,`berklix.net__CLOSE__) // .cf equivalent Dmberklix.net
// MASQUERADE_AS(`MASQ_JHS_HOST.MASQ_JHS_DOMAIN') // brackets.c:`
#endif /*}*/
#if ( defined GATE_HOST ) /*{{*/
MASQUERADE_AS(`berklix.com__CLOSE__) // brackets.c:`
/* sendmail.cf
* Now
* DMberklix.com
* Maybe later
* DMjs.berklix.com
*/
#elif ( defined BERKLIX_SERVER_REMOTE ) /*}{*/
MASQUERADE_AS(`berklix.org__CLOSE__) // brackets.c:`
#elif ( defined END_HOST ) /*}{ Internal end hosts that sends & receives */
MASQUERADE_AS(`berklix.com__CLOSE__) // brackets.c:`
#elif ( defined MOBILE_HOST ) /*}{ lapr dell laps */
MASQUERADE_AS(`berklix.com__CLOSE__) // brackets.c:`
// Maybe later use berklix.net
#else /*}{ Other internal hosts that send but not receive */
MASQUERADE_AS(`berklix.com__CLOSE__) // brackets.c:`
#endif /*}}*/
#endif /* } */
// ----------------------------------------------------------------------------
/* I could add a trailing dot on MASQUERADE_AS but I neve have.
* .cf: DMjs.berklix.net
* people then reply to @ slim.berklix.net
* as my DNS has "js 0 IN CNAME slim"
* majordomo@greatcircle.com sees me as jhs@slim.berklix
* & refers me to list owner.
*/
// ----------------------------------------------------------------------------
/* http://www.sendmail.org/m4/masquerading.html
* Normally the only addresses that are masqueraded are those
* that come from this host (that is, are either unqualified
* or in class {w}, the list of local domain names). You can
* augment this list, which is realized by class {M} using
* MASQUERADE_DOMAIN(`otherhost.domain')
* MASQUERADE_DOMAIN(`otherhost.domain') sender hosts to map
* cf: class M: domains that should be converted to $M
* http://www.sendmail.org/m4/masquerading.html
* Normally the only addresses that are masqueraded are those
* that come from this host (that is, are either unqualified
* or in class {w}, the list of local domain names). You can
* augment this list, which is realized by class {M} using
* MASQUERADE_DOMAIN
* The effect of this is that although mail to user@otherhost.domain
* will not be delivered locally, any mail including any
* user@otherhost.domain will, when relayed, be rewritten to
* have the MASQUERADE_AS address. This can be a space-separated
* list of names.
*/
#ifdef BERKLIX_SERVER_REMOTE /*{*/
// MASQUERADE_DOMAIN(`berklix.com berklix.de berklix.eu berklix.net berklix.org berklix.uk bsdpie.eu exitbrexit.uk geoffharries.com reinheitsgebot.eu stolenvotes.uk surfacevision.com the-phoney-photon.com')
// brackets.c:`
// I probably dont want this at all later, for now reducing to test.
MASQUERADE_DOMAIN(`surfacevision.com geoffharries.com the-phoney-photon.com__CLOSE__) // brackets.c:`
#elif ( ( defined GATE_HOST ) || (defined END_HOST ) ) /*}{*/
MASQUERADE_DOMAIN(`js.berklix.net berklix.com mmc.private gj.org__CLOSE__)
#elif /*}{*/ ( defined MOBILE_HOST )
/* Pre 2019-04-15 MASQUERADE_DOMAIN(`no.berklix.net js.berklix.net berklix.com mmc.private gj.org') */
MASQUERADE_DOMAIN(`no.berklix.net__CLOSE__)
#endif /* } */
/* http://www.sendmail.org/m4/masquerading.html
* If these names are in a file, you can use
* MASQUERADE_DOMAIN_FILE(`filename')
* to read the list of names from the indicated file (i.e.,
* to add elements to class {M}).
* ----------------------------------------------------------------------------
* http://www.sendmail.org/m4/masquerading.html
* To exempt hosts or subdomains from being masqueraded, you can use
* MASQUERADE_EXCEPTION(`host.domain')
* This can come handy if you want to masquerade a whole domain
* except for one (or a few) host(s). If these names are in a
* file, you can use
* MASQUERADE_EXCEPTION_FILE(`filename')
* brackets.c:`'
*/
// ----------------------------------------------------------------------------
#ifndef freebsd_cmp /*{*/
/* http://www.sendmail.org/m4/features.html#masquerade_envelope
* masquerade_envelope
* If masquerading is enabled (using MASQUERADE_AS) or the
* genericstable is in use, this feature will cause envelope
* addresses to also masquerade as being from the masquerade
* host. Normally only the header addresses are masqueraded.
* genericstable This feature will cause unqualified addresses
* (i.e., without a domain) and addresses with a domain listed
* in class {G} to be looked up in a map and turned into another
* ("generic") form, which can change both the domain name and
* the user name.
*
* Notice: if you use an MSP (as it is default starting with
* 8.12), the MTA will only receive qualified addresses from
* the MSP (as required by the RFCs). Hence you need to add
* your domain to class {G}.
*
* This feature is similar to the userdb functionality. The
* same types of addresses as for masquerading are looked up,
* i.e., only header sender addresses unless the allmasquerade
* and/or masquerade_envelope features are given. Qualified
* addresses must have the domain part in class {G}; entries
* can be added to this class by the macros GENERICS_DOMAIN
* or GENERICS_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN
* and MASQUERADE_DOMAIN_FILE).
*
* https://en.wikipedia.org/wiki/MSP
* MSP = Message Submission Program or smmsp in Sendmail e-mail systems
*
* http://www.sendmail.org/m4/anti_spam.html
* FEATURE(`access_db')
* brackets.c:`'
* Notice: the access database is applied to the envelope
* addresses and the connection information, not to the header.
* My notes:
* masquerade_envelope is the unique per recipient header data,
* not the header info that is common to all recipients of a mail.
* .cf effect:
* Enabling this feature changes the .cf file Ruleset 94 from
* R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
* To
* R$+ $@ $>MasqHdr $1
* Analysis to see if necessary:
* BERKLIX_SERVER_REMOTE=Off, GATE_HOST=Off, END_HOST=Off: Fails to @freebsd
* BERKLIX_SERVER_REMOTE=Off, GATE_HOST=Off, END_HOST=On : OK
* BERKLIX_SERVER_REMOTE=Off, GATE_HOST=On , END_HOST=Off: OK
* BERKLIX_SERVER_REMOTE=Off, GATE_HOST=On , END_HOST=On : OK
* BERKLIX_SERVER_REMOTE=On , GATE_HOST=Off, END_HOST=Off: Fails to @freebsd
* BERKLIX_SERVER_REMOTE=On , GATE_HOST=Off, END_HOST=On : OK
* BERKLIX_SERVER_REMOTE=On , GATE_HOST=On , END_HOST=Off: OK
* BERKLIX_SERVER_REMOTE=On , GATE_HOST=On , END_HOST=On : OK
*/
#if ( GATE_HOST || END_HOST || MOBILE_HOST ) /*{*/
FEATURE(`masquerade_envelope__CLOSE__) // brackets.c:`
#endif /* } */
#endif /* } */
// ----------------------------------------------------------------------------
/*
* Not all local aliases are on all BERKLIX_SERVER_REMOTE
*
* http://www.sendmail.org/m4/features.html#allmasquerade
* If masquerading is enabled (using MASQUERADE_AS), this
* feature will cause recipient addresses to also masquerade
* as being from the masquerade host. Normally they get the
* local hostname. Although this may be right for ordinary
* users, it can break local aliases.
*
* For example, if you send to "localalias", the originating
* sendmail will find that alias and send to all members,
* but send the message with "To: localalias@masqueradehost".
* Since that alias likely does not exist, replies will
* fail.
*
* Use this feature only if you can guarantee that the
* entire namespace on your masquerade host supersets all
* the local entries.
* Improves CC addresses that have same name on remote & local.
* Some local-only aliases (that I used to BCC rather than CC to avoid
* wrongly advertising as eg foobar@js.berklix) will now
* instead equally wrongly advertise as foobar@berklix
*/
#if ( END_HOST || MOBILE_HOST ) /*{*/
FEATURE(`allmasquerade__CLOSE__) // brackets.c:`
#endif /*}*/
// ----------------------------------------------------------------------------
/* FEATURE(`masquerade_entire_domain')
* To get mail from individual hosts to be masqueraded, else only mail from
* non existant host with domain name js.berklix.net gets masqueraded.
* http://www.sendmail.org/m4/features.html#allmasquerade
* If masquerading is enabled (using MASQUERADE_AS)
* and MASQUERADE_DOMAIN is set, this feature will
* cause addresses to be rewritten such that the
* masquerading domains are actually entire domains
* to be hidden. All hosts within the masquerading
* domains will be rewritten to the masquerade name
* (used in MASQUERADE_AS). For example,if you have:
* MASQUERADE_AS(`masq.com')
* MASQUERADE_DOMAIN(`foo.org')
* MASQUERADE_DOMAIN(`bar.com')
* then *foo.org and *bar.com are converted to masq.com.
* Without this feature, only foo.org and bar.com are masqueraded.
* NOTE: only domains within your jurisdiction and current
* hierarchy should be masqueraded using this.
*/
#if ( (defined GATE_HOST ) || (defined END_HOST ) || ( defined MOBILE_HOST ) \
/* || (defined BERKLIX_SERVER_REMOTE) */ ) /*{*/
FEATURE(`masquerade_entire_domain__CLOSE__) // brackets.c:`
/* At 2009.06.02 a remote server was running with this by accident */
#endif /* } */
// ----------------------------------------------------------------------------
/* genericstable = generics table, not generic stable.
* FEATURE(`genericstable')
* GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')
* http://sendmail.org/virtual-hosting.html says:
* If you would like to reverse-map local users for out-bound
* mail, you will need to add support for the generics table.
*/
// ----------------------------------------------------------------------------
#ifndef freebsd_cmp /*{*/
#if ( ( !defined BERKLIX_SERVER_REMOTE ) && ( !defined END_HOST ) ) /*{ @Holz */
define(`RECEIVER_JHS_FULL__CLOSE__,`mail.js.berklix.net__CLOSE__)
#endif /* @Holz }*/
#endif /* } */
// ----------------------------------------------------------------------------
/* * Define a smart host */
#if ( ( defined BERKLIX_SERVER_REMOTE ) || ( defined freebsd_cmp ) ) /*{{*/
/* No Smart Host */
#elif /*}{*/ (defined GATE_HOST )
/* smtprelay.berklix.org has DNS A records for IPs of multiple hosts in the
* receiving server cluster, though whether it is allowable to target
* a cluster rather than a single IP, I dont know & havent tried yet
*/
define(`SMART_JHS_HOST__CLOSE__,`slim__CLOSE__)
define(`SMART_JHS_DOMAIN__CLOSE__,`berklix.org__CLOSE__)
define(`SMART_JHS_FULL__CLOSE__,`SMART_JHS_HOST.SMART_JHS_DOMAIN__CLOSE__)
#elif /*}{*/ (defined MOBILE_HOST )
define(`SMART_JHS_HOST__CLOSE__,`land__CLOSE__)
define(`SMART_JHS_DOMAIN__CLOSE__,`berklix.org__CLOSE__)
define(`SMART_JHS_FULL__CLOSE__,`SMART_JHS_HOST.SMART_JHS_DOMAIN__CLOSE__)
#else /* }{ */
// JJLATER why dont these below have doubles like ' is it cos older FreeBSD ?
define(`SMART_JHS_HOST__CLOSE__,`hub__CLOSE__)
define(`SMART_JHS_DOMAIN__CLOSE__,`js.berklix.net__CLOSE__)
define(`SMART_JHS_FULL__CLOSE__,`SMART_JHS_HOST.SMART_JHS_DOMAIN__CLOSE__)
define(`BRACKETS_C__CLOSE__,`BRACKETS_C__CLOSE__)
#endif /* }} */
/* An AuthInfo record is also needed in
* /site/domain/js.berklix.net/etc/mail/access.domain
*/
// ----------------------------------------------------------------------------
#if /*{*/ ( defined lapl_js_berklix_net)
/* ForkEachJob [False] Run all deliveries in a separate process.
* May be convenient on memory-poor machines.
*/
define(`confSEPARATE_PROC__CLOSE__,1) // brackets.c:`
#endif /* !lapl_js_berklix_net }*/
// ----------------------------------------------------------------------------
#if /*{*/ ((defined GATE_HOST ) || (defined MOBILE_HOST ))
/* || defined BERKLIX_SERVER_REMOTE */
FEATURE(`relay_entire_domain__CLOSE__) // brackets.c:`
/* http://www.sendmail.org/m4/features.html#relay_entire_domain
* This option also allows any host in your domain as defined
* by class {m} to use your server for relaying.
* Notice: make sure that your domain is not just a top
* level domain, e.g., com.
* This can happen if you give your host a name like
* example.com instead of host.example.com.
*/
#endif /* } */
// ----------------------------------------------------------------------------
// FEATURE(local_no_masquerade)
/* http://www.sendmail.org/m4/features.html#local_no_masquerade
* This feature prevents the local mailer from
* masquerading even if MASQUERADE_AS is used.
* MASQUERADE_AS will only have effect on addresses
* of mail going outside the local domain.
*/
// ----------------------------------------------------------------------------
FEATURE(access_db, `hash -o -T /etc/mail/access__CLOSE__) // brackets.c:`
/* http://www.sendmail.org/m4/features.html#access_db
* Turns on the access database feature. The access
* db gives you the ability to allow or refuse to
* accept mail from specified domains for administrative
* reasons. Moreover, it can control the behavior of
* sendmail in various situations. By default, the
* access database specification is:
* hash -T /etc/mail/access
* See the Anti-Spam Configuration Control section for
* further important information about this feature.
* Notice: "-T" is meant literal, do not replace
* it by anything.
*/
// ----------------------------------------------------------------------------
/* http://www.sendmail.org/m4/features.html#blacklist_recipients
* Turns on the ability to block incoming mail for
* certain recipient usernames, hostnames, or addresses.
* For example, you can block incoming mail to user
* nobody, host foo.mydomain.com, or guest@bar.mydomain.com.
* These specifications are put in the access db as
* described in the Anti-Spam Configuration Control
* section later in this document.
*/
#ifdef freebsd_cmp /*{*/
// It's in all freebsd.mc
#else /*}{*/
// & I think currently I want it in all my hosts
#endif /*}*/
#if /*{{*/ ( __FreeBSD_cc_version < 1200023 ) /* 12.2-STABLE */
// 4.11-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients)
// 6.4-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients)
// 7.4-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients)
// 8.4-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients)
// 9.2-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients) __FreeBSD_cc_version 900001
// 9.3-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients)
// 10.4-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients)
// 11.4-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blacklist_recipients)
FEATURE(blacklist_recipients)
#else /*}{*/
// 12.2-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blocklist_recipients)
// 12.2-STABLE/src/etc/sendmail/freebsd.mc:FEATURE(blocklist_recipients) __FreeBSD_cc_version 1200023
// 12.3-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blocklist_recipients)
// 13.0-RELEASE/src/etc/sendmail/freebsd.mc:FEATURE(blocklist_recipients)
FEATURE(blocklist_recipients)
#endif /*}}*/
// ----------------------------------------------------------------------------
FEATURE(local_lmtp)
/* http://www.sendmail.org/m4/features.html#local_lmtp
* Use an LMTP capable local mailer. The argument to
* this feature is the pathname of an LMTP capable
* mailer. By default, mail.local is used. This is
* expected to be the mail.local which came with the
* 8.9 distribution which is LMTP capable. The path
* to mail.local is set by the confEBINDIR m4 variable
* -- making the default LOCAL_MAILER_PATH
* /usr/libexec/mail.local.
* WARNING: This feature sets LOCAL_MAILER_FLAGS
* unconditionally, i.e., without respecting any
* definitions in an OSTYPE setting.
*/
// ----------------------------------------------------------------------------
#ifdef freebsd_cmp /*{*/
FEATURE(mailertable, `hash -o /etc/mail/mailertable__CLOSE__) // brackets.c:`
/* @2009.06 no file on flat or fire or lapa, & park was a dummy */
#endif /* } */
/* http://www.sendmail.org/m4/features.html#mailertable
* Include a "mailer table" which can be used to
* override routing for particular domains (which are
* not in class {w}, i.e. local host names). The
* argument of the FEATURE may be the key definition.
* If none is specified, the definition used is:
* hash /etc/mail/mailertable
* Keys in this database are fully qualified domain
* names or partial domains preceded by a dot -- for
* example, "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".
* As a special case of the latter, "." matches any
* domain not covered by other keys. Values must be
* of the form:
* mailer:domain
* where "mailer" is the internal mailer name, and
* "domain" is where to send the message. These maps
* are not reflected into the message header. As a
* special case, the forms:
* local:user
* will forward to the indicated user using the local mailer,
* local:
* will forward to the original user in the e-mail
* address using the local mailer, and
* error:code message
* error:D.S.N:code message
* will give an error message with the indicated SMTP
* reply code and message, where D.S.N is an RFC 1893
* compliant error code.
* http://tools.ietf.org/html/rfc1893
*/
// ----------------------------------------------------------------------------
/* @ 2009.06 all hosts have this, but only really need
* #ifdef BERKLIX_SERVER_REMOTE
*/
/* for surfacevision.com bsdpie.eu geoffharries.com the-phoney-photon.com */
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable__CLOSE__) // brackets.c:`
__BREAK__
// ----------------------------------------------------------------------------
#if /*{*/ ( __FreeBSD_cc_version >= 1000001 ) /* 10.0 */
dnl Enable STARTTLS for receiving email.
/*
* STARTTLS capability is enabled by default in freebsd.mc in 11.0
* To create: host.key, host.cert, cacert.pem, dh.param:
* http://www.sendmail.org/~ca/email/other/cagreg.html
* Very brief introduction to create a CA and a CERT
* Author: Gregory Neil Shapiro
* To make certificate authority:
* mkdir CA
* cd CA
* mkdir certs crl newcerts private
* echo "01" > serial
* cp /dev/null index.txt
* cp /usr/local/openssl/openssl.cnf.sample openssl.cnf
* vi openssl.cnf (set values)
* openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365 -config openssl.cnf
* To make a new certificate:
* cd CA (same directory created above)
* openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 365 -config openssl.cnf
* (certificate and private key in file newreq.pem) To sign new certificate with certificate authority:
* cd CA (same directory created above)
* openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
* openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem
* rm -f tmp.pem
* (newcert.pem contains signed certificate, newreq.pem still contains unsigned certificate and private key)
* ----------------
* ls -l \
* /etc/mail/certs/cacert.pem
* /etc/mail/certs/dh.param
* /etc/mail/certs/host.cert
* /etc/mail/certs/host.key
* /etc/ssl/openssl.cnf
*/
define(`CERT_DIR__CLOSE__, `/etc/mail/certs__CLOSE__)dnl
define(`confSERVER_CERT__CLOSE__, `CERT_DIR/host.cert__CLOSE__)dnl
define(`confSERVER_KEY__CLOSE__, `CERT_DIR/host.key__CLOSE__)dnl
// Not yet arrived in __FreeBSD_cc_version >= 1200023 12.2-RELEASE & STABLE
// define(`confCRL', `/usr/share/ssl/certs/revoke.crl')
// Line above reccomended by https://www.linuxweblog.com/blogs/sandip/20071019/starttls-crlfile-missing-resolved
// copied here: /site/usr/share/ssl/certs/
// wget http://www.cacert.org/revoke.crl
define(`confCLIENT_CERT__CLOSE__, `CERT_DIR/host.cert__CLOSE__)dnl
define(`confCLIENT_KEY__CLOSE__, `CERT_DIR/host.key__CLOSE__)dnl
define(`confCACERT__CLOSE__, `CERT_DIR/cacert.pem__CLOSE__)dnl
define(`confCACERT_PATH__CLOSE__, `CERT_DIR__CLOSE__)dnl
#if /*{*/ (( __FreeBSD_cc_version >= 1200023 ) /* 12.2-RELEASE & STABLE */ && \
( __FreeBSD_cc_version < /* 14.0-RELEASE-p3 */ 1400006 ) )
define(`confDH_PARAMETERS__CLOSE__, `CERT_DIR/dh.param__CLOSE__)dnl
#endif /*}*/
// define(`confDH_PARAMETERS', `CERT_DIR/dh.param')dnl
// Commented out 2021-03-07 as .cf get this:
// O DHParameters=/etc/mail/certs/dh.param
// & I dont have one, whatever they are.
__BREAK__
#endif /*}*/
// ----------------------------------------------------------------------------
#if ! ( defined freebsd_cmp ) /*{*/
#endif /* !freebsd_cmp }*/
#if ( defined freebsd_cmp ) /*{*/
dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl __SPACE__ __SPACE__ __SPACE__ your permission.
dnl FEATURE(relay_based_on_MX)
__BREAK__
#if *{*/ ( __FreeBSD_cc_version < /* 14.0-RELEASE-p3 */ 1400006 )
dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
#else /*}{ 14.0-RELEASE-p3 */
dnl DNS based block lists
dnl ---------------------
dnl DNS based block lists come and go on a regular basis so this
dnl file will not serve as a database of the available servers.
#endif /*}*/
/* Problem:
* 9.1 & 9.2 both have __FreeBSD_cc_version == 900001
*/
#if /*{*/ ( __FreeBSD_cc_version < 800001 )
dnl For that, visit
/* 9.1: */
dnl http:/__BREAK__/www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/
/* 6.2 & 6.3: directory.google.com */
/* 7.1 & 6.4: www.google.com */
#else /*}{*/
/* 10.0 & 8.4 & 9.2 */
dnl For more information, visit
dnl http:/__BREAK__/en.wikipedia.org/wiki/DNSBL
#endif /*}*/
// ----------------------------------------------------------------------------
__BREAK__
#if /*{{*/ ( __FreeBSD_cc_version < 800001 ) /* 9.0 */
dnl Uncomment to activate Realtime Blackhole List
dnl information available at http:/__BREAK__/www.mail-abuse.com/
dnl NOTE: This is a subscription service as of July 31, 2001
dnl FEATURE(dnsbl)
#else /*}{ 8.3 & 8.4 & 10.1 */
#if *{*/ ( __FreeBSD_cc_version < /* 14.0-RELEASE-p3 */ 1400006 )
dnl Uncomment to activate your chosen DNS based blacklist
#else /*}{ 14.0-RELEASE-p3 */
dnl Uncomment to activate your chosen DNS based block list
#endif /*}*/
dnl FEATURE(dnsbl, `dnsbl.example.com__CLOSE__)
// brackets.c:`
#endif /*}}*/
dnl Alternatively, you can provide your own server and rejection message:
// ----------------------------------------------------------------------------
/* cpp -dM /dev/null | grep __FreeBSD_cc_version
* 6.2 with 602001
* 6.3 with 602001
* 6.4 with 602001
* 7.2 with 700003
* 8.2 with 800001
* 9.0 with 900001
* 9.1 with 900001
*
* Older versions have one `` quote marks before the string
* beginning "550, newer versions have two `` quote marks.
*
* 4.11:dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from "
* $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr}')
*
* 7.4 :dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', ``"550 Mail from "
* $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr}')
*
* 8.3 :dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from "
* $&{client_addr} " rejected__CLOSE__)
*
* 9.0 :dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from "
* $&{client_addr} " rejected')
* brackets.c:"`'
*/
#if /*{{*/ ( __FreeBSD_cc_version < 602001 ) /* Assume 4.11, though might be newer, if so add code */
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org__CLOSE__, `"550 Mail from " $&{client_addr} " rejected, see http:/__BREAK__/mail-abuse.org/cgi-bin/lookup?" $&{client_addr}__CLOSE__)
// brackets.c:'`'`
#elif /*}{*/ ( __FreeBSD_cc_version < 800001 ) /* 8.2 */
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org__CLOSE__, ``"550 Mail from " $&{client_addr} " rejected, see http:/__BREAK__/mail-abuse.org/cgi-bin/lookup?" $&{client_addr}__CLOSE____BREAK____CLOSE__)
// brackets.c:`
#else /*}{ 8.3 & 8.4 & 9.0 & 10.1 */
dnl FEATURE(dnsbl, `dnsbl.example.com__CLOSE__, ``"550 Mail from " $&{client_addr} " rejected"__CLOSE____CLOSE__)
// brackets.c:`
#endif /*}}*/
__BREAK__
#endif /* !freebsd_cmp }*/
#if ! ( defined freebsd_cmp ) /*{*/
#endif /* !freebsd_cmp }*/
// ----------------------------------------------------------------------------
#if ( defined BERKLIX_SERVER_REMOTE ) /*{*/
/* LATER try:
* FEATURE(`dnsbl', `bl.spamcop.net',
* `"Spam blocked see: http:/__BREAK__/spamcop.net/bl.shtml?"$&{client_addr}')
* brackets.c:`
*/
#endif /* }*/
// ----------------------------------------------------------------------------
#ifdef freebsd_cmp /*{*/
dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST__CLOSE__, `your.isp.mail.server__CLOSE__)
__BREAK__
#endif /* } */
// ----------------------------------------------------------------------------
#if ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE ) /*{*/
define(`SMART_HOST__CLOSE__,`esmtp:SMART_JHS_FULL__CLOSE__)
#endif /* !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE } */
// ----------------------------------------------------------------------------
#ifdef freebsd_cmp /*{*/
dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE__CLOSE__, `-o /etc/mail/sendmail.cw__CLOSE__)
#endif /* } */
// ----------------------------------------------------------------------------
/* FEATURE(use_cw_file) already comes from DOMAIN(generic) */
/* http://www.sendmail.org/m4/features.html#use_cw_file
* Read the file /etc/mail/local-host-names file to get
* alternate names for this host. This might be used if you
* were on a host that MXed for a dynamic set of other hosts.
* If the set is static, just including the line "Cw
* ..." (where the names are fully qualified domain
* names) is probably superior. The actual filename can be
* overridden by redefining confCW_FILE.
*/
define(`confCW_FILE__CLOSE__, `-o /etc/mail/local-host-names__CLOSE__)
// ----------------------------------------------------------------------------
/* FEATURE(use_ct_file) */
/* http://www.sendmail.org/m4/features.html#use_ct_file
* Read the file /etc/mail/trusted-users file to get the
* names of users that will be ``trusted', that is, able
* to set their envelope from address using -f without
* generating a warning message. The actual filename can be
* overridden by redefining confCT_FILE.
* timp@ uses this
* @ 2009.06 I am not using this file anywhere,
* but I see ^Tjhs in the .cf file.
*/
// ----------------------------------------------------------------------------
#ifdef freebsd_cmp /*{*/
__BREAK__
#endif /* } */
// ----------------------------------------------------------------------------
#if 0 /*{*/ /* ( defined GATE_HOST ) */
/* Seperate Authinfo:
* If I want to seperate out "AuthInfo:" lines (with passwords) from
* /etc/mail/access into /etc/mail/authinfo.
*/
FEATURE(`authinfo__CLOSE__) // brackets.c:`
#endif /* } */
// ----------------------------------------------------------------------------
#ifndef freebsd_cmp /*{{*/
/* IPV6 I dont want it yet.
* It solves the long term shortage of IP numbers on the Internet,
* It also gives spammers
* an infinite number of IP numbers to hide behind.
* vi -c/Family=inet6 \
* contrib/sendmail/RELEASE_NOTES \
* contrib/sendmail/cf/README \
* contrib/sendmail/cf/m4/proto.m4 \
* contrib/sendmail/doc/op/op.me \
* etc/sendmail/common.cpp \
* etc/sendmail/freebsd.mc
*/
DAEMON_OPTIONS(`Name=IPv4, Family=inet__CLOSE__) // brackets.c:`
/* If one does Not specify the line above, the .cf file inherits
* O DaemonPortOptions=Name=MTA
* instead of
* O DaemonPortOptions=Name=IPv4, Family=inet
*/
#else /*}{ freebsd_cmp */
#if /*{{*/ ( ( __FreeBSD_cc_version == 500005 ) /* 5.1 */ || \
( __FreeBSD_cc_version == 510002 ) /* 5.2 */ )
dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4
dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet__CLOSE__)
dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6__CLOSE__)
#elif /*}{*/ ( \
( __FreeBSD_cc_version == 460001 ) /* 4.[7-11] */ || \
( __FreeBSD_cc_version == 530001 ) /* 5.[3-5] */ || \
( __FreeBSD_cc_version == 600001 ) /* 6.[01] */ || \
( __FreeBSD_cc_version == 602001 ) /* 6.2 */ || \
( __FreeBSD_cc_version == 700003 ) /* uname -r 7.0-BETA2 */ || \
( __FreeBSD_cc_version == 800001 ) /* 8.0 - 8.3 */ || \
( __FreeBSD_cc_version == 900001 ) /* 9.0 */ || \
( __FreeBSD_cc_version == 1000001 ) /* 10.0-BETA2 - 10.0 */ || \
( __FreeBSD_cc_version >= 1100001 ) /* 11_0-CURRENT */ )
dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4, Family=inet__CLOSE__)
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O__CLOSE__)
#else /*}{*/
dnl Unrecognised FreeBSD Version
DAEMON_OPTIONS(`Name=IPv4, Family=inet__CLOSE__)
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O__CLOSE__)
#endif /*}}*/
#endif /*}}*/
// ----------------------------------------------------------------------------
__BREAK__
// ----------------------------------------------------------------------------
/* http://www.sendmail.org/m4/features.html#smrsh
* Use the SendMail Restricted SHell (smrsh) provided with
* the distribution instead of /bin/sh for mailing to programs.
* This improves the ability of the local system administrator
* to control what gets run via e-mail. If an argument is
* provided it is used as the pathname to smrsh; otherwise,
* the path defined by confEBINDIR is used for the smrsh binary
* -- by default, /usr/libexec/smrsh is assumed.
*/
#if /*{*/ ( defined GATE_HOST )
/* * Left off for other hosts as some need pipes:
* BERKLIX_SERVER_REMOTE needs pipes for majordomo.
* END_HOST needs pipes for receiving ctm_rmail
*/
FEATURE(smrsh)
#endif /* !GATE_HOST } */
// ----------------------------------------------------------------------------
/* http://www.sendmail.org/m4/features.html#accept_unresolvable_domains
* Normally, MAIL FROM: commands in the SMTP session will be
* refused if the host part of the argument to MAIL FROM:
* cannot be located in the host name service (e.g., an A or
* MX record in DNS). If you are inside a firewall that has
* only a limited view of the Internet host name space, this
* could cause problems. In this case you probably want to use
* this feature to accept all domains on input, even if they
* are unresolvable.
*/
#if ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE ) /*{*/
/* Internal hosts with no DNS to world,
* or GATE_HOST with perhaps only intermittent DNS access to world.
* I could try including && ( ! defined GATE_HOST ) but
* I want my SMTP to accept anything for outgoing, even if it is offline
* & can not resolve anything. But this means I
* might accept anything incoming from random people scanning
* me, so my firewall allows SMTP only with my remote servers.
* Grep keywords: R-DNS RDNS reverse lookup
*/
FEATURE(`accept_unresolvable_domains__CLOSE__) // brackets.c:`
#endif /* !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE } */
// ----------------------------------------------------------------------------
#ifdef /*{*/ BERKLIX_SERVER_REMOTE
#if /*{*/ ((__FreeBSD_cc_version > 602001) || \
((__FreeBSD_cc_version == 602001) && defined require_dns ))
/* cpp -dM < /dev/null | grep __FreeBSD_cc_version
* cc FreeBSD Sendmail
* 460001 4.11 8.13.1
* 4-stable 8.14.1 on 20070411
* 602001 6.2 8.13.8 flat
* 602001 6.3 8.14.2/8.14.2
* 700003 7.0-PRE
* 700003 7.1 8.14.3/8.14.3 fire
* 700003 7.2 8.14.3/8.14.2 slim
* 1000001 10.0
* The #if above is to prevent Makefile
* failing on some hosts, as it generates for all hosts on all
* release, inc. 4.11 & 6.2, & require_rdns only came in
* with FreeBSD 6.3 & 7.0
* /usr/src/contrib/sendmail/cf/feature/require_rdns.m4
*/
FEATURE(`require_rdns__CLOSE__) // brackets.c:`
/* http://www.sendmail.org/documentation
* CONFIG: New FEATURE(`require_rdns') `' to reject messages from SMTP
* clients whose IP address does not have proper reverse DNS.
* Not in 6.2, contrib/sendmail/cf/feature/require_rdns.m4
* is in 6.3.
* Sendmail Versions:
*/
#endif /*}*/
#endif /* BERKLIX_SERVER_REMOTE } */
// ----------------------------------------------------------------------------
#ifdef /*{*/ BERKLIX_SERVER_REMOTE
/* http://www.sendmail.org/m4/features.html#limited_masquerade
* Normally, any hosts listed in class {w} are
* masqueraded. If this feature is given, only the
* hosts listed in class {M} (see MASQUERADE_DOMAIN)
* are masqueraded. This is useful if you have several
* domains with disjoint namespaces hosted on the same
* machine.
* Class {w} is /etc/mail/local-host-names
* With this On on BERKLIX_SERVER_REMOTE, A post to test@ shows:
* From: "Julian H. Stacey"
* Message-Id: <200906101908.n5AJ83tb067963@fire.js.berklix.ne
* To: test@mailman.berklix. org
* Sender: owner-test@slim.berklix. org
* With this Off on BERKLIX_SERVER_REMOTE, A post to test@ shows:
* From: owner-test@berklix. org
* To: test-approval@berklix. org
* Subject: BOUNCE test@lists: Non-member submission from
* ["Julian H. Stacey" ]
*/
FEATURE(`limited_masquerade__CLOSE__) // brackets.c:`
#endif /* BERKLIX_SERVER_REMOTE } */
// ----------------------------------------------------------------------------
#ifdef /*{*/ BERKLIX_SERVER_REMOTE
/* Dup. of functionality in /etc/mail/access */
/* Listing berklix.net as RELAY in /etc/mail/access is insufficient */
RELAY_DOMAIN(`berklix.com__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`berklix.de__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`berklix.eu__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`berklix.net__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`berklix.org__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`berklix.uk__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`bsdpie.eu__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`exitbrexit.uk__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`geoffharries.com__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.berklix.com__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.berklix.de__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.berklix.eu__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.berklix.net__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.berklix.org__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.berklix.uk__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.bsdpie.eu__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.exitbrexit.uk__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.geoffharries.com__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.reinheitsgebot.eu__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.stolenvotes.uk__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.surfacevision.com__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`js.the-phoney-photon.com__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.berklix.com__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.berklix.de__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.berklix.eu__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.berklix.net__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.berklix.org__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.berklix.uk__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.bsdpie.eu__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.exitbrexit.uk__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.geoffharries.com__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.reinheitsgebot.eu__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.stolenvotes.uk__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.surfacevision.com__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`no.the-phoney-photon.com__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`reinheitsgebot.eu__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`stolenvotes.uk__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`surfacevision.com__CLOSE__) // brackets.c:`
RELAY_DOMAIN(`the-phoney-photon.com__CLOSE__) // brackets.c:`
#endif /* BERKLIX_SERVER_REMOTE } */
// ----------------------------------------------------------------------------
// Perhaps I might not need this till I use IPV6 ?
define(`confBIND_OPTS__CLOSE__, `WorkAroundBrokenAAAA__CLOSE__)
// define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
// ----------------------------------------------------------------------------
#if (defined freebsd_cmp ) /*{*/
/* I dont want this for my private or public machines */
define(`confNO_RCPT_ACTION__CLOSE__, `add-to-undisclosed__CLOSE__)
#endif /* freebsd_cmp } */
// ----------------------------------------------------------------------------
define(`confPRIVACY_FLAGS__CLOSE__, `authwarnings,noexpn,novrfy__CLOSE__)
// ----------------------------------------------------------------------------
#if /*{*/ ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE \
&& !defined END_HOST && !defined MOBILE_HOST )
// define(`MAIL_HUB',`RECEIVER_JHS_FULL')
define(`MAIL_HUB__CLOSE__,`mail.js.berklix.net.__CLOSE__)
/* For duplicate suppression to work properly, the host name is best
* specified with a terminal dot:
* ---
* Defining MAIL_HUB Causes .cf file to acquire this text:
* # who gets all local email traffic
* # ($R has precedence for unqualified names if FEATURE(stickyhost) is used)
* DHmail.js.berklix.net
* ....
* R< > $+ $: < $H > $1 try hub
*/
#endif /* !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE && !defined END_HOST }*/
// ----------------------------------------------------------------------------
#ifndef freebsd_cmp /*{*/
define(`confTRUSTED_USERS__CLOSE__, `jhs majordom majordomo__CLOSE__)
// JJLATER is this needed by mailman ? or can I dump it ?
#endif /* !freebsd_cmp } */
// ----------------------------------------------------------------------------
#ifdef NO_FLAT_RATE /*{*/
define(`confCON_EXPENSIVE__CLOSE__,True) // brackets.c:`
#endif /* NO_FLAT_RATE } */
// ----------------------------------------------------------------------------
#ifndef freebsd_cmp /*{*/
define(`confTIME_ZONE__CLOSE__,`USE_SYSTEM__CLOSE__)
#endif /* !freebsd_cmp } */
// ----------------------------------------------------------------------------
#if /*{*/ ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE \
&& !defined GATE_HOST )
/* Internal local errors forwarded for fixing.
* Skip errors usually from spam hitting public hosts & gateway.
*/
define(`confCOPY_ERRORS_TO__CLOSE__,`postmaster__CLOSE__)
#endif /*!defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE &&
!defined GATE_HOST }*/
// ----------------------------------------------------------------------------
#if /*{*/ ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE \
&& !defined GATE_HOST )
define(`confTO_QUEUERETURN__CLOSE__,`1d__CLOSE__)
#endif /*!defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE &&
!defined GATE_HOST }*/
// ----------------------------------------------------------------------------
// .cf: O Timeout.queuewarn=1d
// .cf: O Timeout.queuewarn=36h
/* confTO_QUEUEWARN */
#if ( defined GATE_HOST ) /*{{*/
#ifndef MOBILE_HOST /*{{*/
define(`confTO_QUEUEWARN__CLOSE__,`36h__CLOSE__)
// define(`confTO_QUEUEWARN',`36h')
/* 36h Allows me to unplug gate from internal net, if I'm away overnight.
* If gate is disconnected from internal net for longer than interval
* confTO_QUEUEWARN, then people on external internet who have mailed
* me, (& whose mail has been fetched to gate via fetchmail & then re-injected
* back into gate's smtp for onward delivery to internal client),
* receive a mail back like this:
* {
* From: Mail Delivery Subsystem
* Date: 2016-01-27 10:09 GMT+01:00
* Subject: Warning: could not send message for past 12 hours
* To: person@internet.com
* **********************************************
* ** THIS IS A WARNING MESSAGE ONLY **
* ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
* **********************************************
* The original message was received at Tue, 26 Jan 2016 22:05:01 +0100 (CET)
* from localhost.js.berklix.net [127.0.0.1]
* ----- Transcript of session follows -----
* ... Deferred: Operation timed out with fire.js.berklix.net.
* Warning: message still undelivered after 36 hours
* Will keep trying until message is 5 days old
* Final-Recipient: RFC822; jhs@localhost
* X-Actual-Recipient: RFC822; jhs@mail.js.berklix.net
* Action: delayed
* Status: 4.4.1
* Remote-MTA: DNS; fire.js.berklix.net
* Last-Attempt-Date: .......
* Will-Retry-Until: ......
* Whole of their original mail including enclosures
* }
*/
#else /*}{*/
define(`confTO_QUEUEWARN__CLOSE__,`2h__CLOSE__)
/* I may want different values while travelling & debugging. */
#endif /*}}*/
#elif /* }{ */ ( defined BERKLIX_SERVER_REMOTE )
// list host: Too many warnings from mail list members.
// define(`confTO_QUEUEWARN',`12h')
// If I turn off list server it all queues up on other hosts,
// So I might want to reduce warnings there too ?
// but normally I want less frequent warnings on list server
/* Leave at default [4h] */
#endif /*}}*/
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// .cf: #O Timeout.queuewarn.normal=4h
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// .cf: #O Timeout.queuewarn.urgent=1h
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// .cf: #O Timeout.queuewarn.non-urgent=12h
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// .cf: #O Timeout.queuewarn.dsn=4h
// ----------------------------------------------------------------------------
// .cf: # checkpoint queue runs after every N successful deliveries
// .cf: #O CheckpointInterval=10
// sendmail.8: This avoids excessive duplicate deliveries when
// sending to long mailing lists interrupted by system crashes.
// I suppose affects CPU, not traffic.
// ----------------------------------------------------------------------------
// .cf: # open connection cache size
// .cf: O ConnectionCacheSize=2
// I suppose affects CPU, not traffic.
// ----------------------------------------------------------------------------
// .cf: # open connection cache timeout
// .cf: O ConnectionCacheTimeout=5m
// ----------------------------------------------------------------------------
// .cf: # log level
// .cf: O LogLevel=15
// ----------------------------------------------------------------------------
// .cf: # slope of queue-only function
// .cf: #O QueueFactor=600000
// ----------------------------------------------------------------------------
// .cf: # limit on number of concurrent queue runners
// .cf: #O MaxQueueChildren
// Added 2009.08.02 after bsn subnet overload (though dont know if oveload me).
// define(`confMAX_QUEUE_CHILDREN',`7')
// ----------------------------------------------------------------------------
// .cf: # maximum number of queue-runners per queue-grouping with multiple queues
// .cf: #O MaxRunnersPerQueue=1
// ----------------------------------------------------------------------------
// .cf: # priority of queue runners (nice(3))
// .cf: #O NiceQueueRun
// ----------------------------------------------------------------------------
// .cf: # minimum time in queue before retry
// .cf: #O MinQueueAge=30m
// contrib/sendmail/cf/README:
// confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
// must sit in the queue between queue
// runs. This allows you to set the
// queue run interval low for better
// responsiveness without trying all
// jobs in each run.
// Added 2009.08.02 after bsn subnet overload (though dont know if overload me).
#if /*{*/ ( defined BERKLIX_SERVER_REMOTE )
define(`confMIN_QUEUE_AGE__CLOSE__,`40m__CLOSE__)
#endif /* !BERKLIX_SERVER_REMOTE }*/
// ----------------------------------------------------------------------------
// .cf: # how many jobs can you process in the queue?
// .cf: #O MaxQueueRunSize=0
// contrib/sendmail/cf/README:
// confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
// any given queue run to this number of
// entries. Essentially, this will stop
// reading each queue directory after this
// number of entries are reached; it does
// _not_ pick the highest priority jobs,
// so this should be as large as your
// system can tolerate. If not set, there
// is no limit.
// ----------------------------------------------------------------------------
// .cf: # perform initial split of envelope without checking MX records
// .cf: #O FastSplit=1
// ----------------------------------------------------------------------------
// .cf: #O Timeout.initial=5m
// contrib/sendmail/cf/README:
// confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
// on the initial connect.
// I dont expect reducing this would would reduce load on bsn subnet.
// ----------------------------------------------------------------------------
// .cf: #O Timeout.connect=5m
// I dont expect reducing this would would reduce load on bsn subnet.
// ----------------------------------------------------------------------------
// .cf: #O Timeout.aconnect=0s
// contrib/sendmail/cf/README:
// confTO_ACONNECT Timeout.aconnect
// [0] The overall timeout waiting for
// all connection for a single delivery
// attempt to succeed. If 0, no overall
// limit is applied.
// I dont expect this would would reduce load on bsn subnet.
// ----------------------------------------------------------------------------
// .cf: #O Timeout.iconnect=5m
// contrib/sendmail/cf/README:
// [undefined] Like Timeout.connect, but
// applies only to the very first attempt
// to connect to a host in a message.
// This allows a single very fast pass
// followed by more careful delivery
// attempts in the future.
// I guess if one inherits a new mail list, & many are of dubious valididty,
// this mught allow a quick move on to skip initial non reponders.
// Sound more like a spammer or a company inheriting another moribund
// company might want - not me.
// ----------------------------------------------------------------------------
// .cf: #O Timeout.helo=5m
// ----------------------------------------------------------------------------
// .cf: #O Timeout.mail=10m
// [10m] The timeout waiting for a response to the MAIL command.
// ----------------------------------------------------------------------------
// .cf: #O Timeout.rcpt=1h
// ----------------------------------------------------------------------------
// .cf: #O Timeout.datainit=5m
// ----------------------------------------------------------------------------
// .cf: #O Timeout.datablock=1h
// ----------------------------------------------------------------------------
// .cf: #O Timeout.datafinal=1h
// ----------------------------------------------------------------------------
// .cf: #O Timeout.rset=5m
// ----------------------------------------------------------------------------
// .cf: #O Timeout.quit=2m
// ----------------------------------------------------------------------------
// .cf: #O Timeout.misc=2m
// ----------------------------------------------------------------------------
// .cf: #O Timeout.command=1h
// contrib/sendmail/cf/README:
// Timeout.command [1h] In server SMTP, the timeout waiting for a
// command to be issued.
// JJLATER considering setting this to avoid a DOS attack
// ----------------------------------------------------------------------------
// .cf: #O Timeout.ident=5s
// ----------------------------------------------------------------------------
// .cf: #O Timeout.fileopen=60s
// ----------------------------------------------------------------------------
// .cf: #O Timeout.control=2m
// ----------------------------------------------------------------------------
// .cf: O Timeout.queuereturn=5d
// contrib/sendmail/cf/README:
// [5d] The timeout before a message is
// returned as undeliverable.
// I dont expect reducing this would would reduce load on server subnet.
// but it should reduce the amount of spam to majordomo@
// pending return to faked senders
// Added 2009.08.02 after bsn subnet overload (though dont know if oveload me).
// define(`confTO_QUEUERETURN',`3d')
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// .cf: #O Timeout.queuereturn.normal=5d
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// .cf: #O Timeout.queuereturn.urgent=2d
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// .cf: #O Timeout.queuereturn.non-urgent=7d
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// .cf: #O Timeout.queuereturn.dsn=5d
// ----------------------------------------------------------------------------
// .cf: #O Timeout.hoststatus=30m
// Added 2009.08.02 after bsn subnet overload
// (though dont know if overload was my server).
// define(`confTO_HOSTSTATUS',`60m')
// contrib/sendmail/cf/README:
// confTO_HOSTSTATUS Timeout.hoststatus
// [30m] How long information about host
// statuses will be maintained before it
// is considered stale and the host should
// be retried. This applies both within
// a single queue run and to persistent
// information (see below).
// ----------------------------------------------------------------------------
// .cf: #O Timeout.resolver.retrans=5s
// contrib/sendmail/cf/README:
// confTO_RESOLVER_RETRANS Timeout.resolver.retrans
// [varies] Sets the resolver's
// retransmission time interval (in
// seconds). Sets both
// Timeout.resolver.retrans.first and
// Timeout.resolver.retrans.normal.
// Added 2009.08.02 after bsn subnet overload (though dont know if oveload me).
// define(`confTO_RESOLVER_RETRANS',`20s')
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// .cf: #O Timeout.resolver.retrans.first=5s
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// .cf: #O Timeout.resolver.retrans.normal=5s
// ----------------------------------------------------------------------------
// .cf: #O Timeout.resolver.retry=4
// contrib/sendmail/cf/README:
// confTO_RESOLVER_RETRY Timeout.resolver.retry
// [varies] Sets the number of times
// to retransmit a resolver query.
// Sets both
// Timeout.resolver.retry.first and
// Timeout.resolver.retry.normal.
// Added 2009.08.02 after bsn subnet overload (though dont know if oveload me).
// define(`confTO_RESOLVER_RETRY',`3')
// ----------------------------------------------------------------------------
// .cf: #O Timeout.resolver.retry.first=4
// ----------------------------------------------------------------------------
// .cf: #O Timeout.resolver.retry.normal=4
// ----------------------------------------------------------------------------
// .cf: #O Timeout.lhlo=2m
// ----------------------------------------------------------------------------
// .cf: #O Timeout.auth=10m
// ----------------------------------------------------------------------------
// .cf: #O Timeout.starttls=1h
// ----------------------------------------------------------------------------
// .cf: # time for DeliverBy; extension disabled if less than 0
// ----------------------------------------------------------------------------
// .cf: #O DeliverByMin=0
// ----------------------------------------------------------------------------
// .cf: # should we not prune routes in route-addr syntax addresses?
// .cf: #O DontPruneRoutes=False
// ----------------------------------------------------------------------------
// .cf: # load average at which we just queue messages
// .cf: #O QueueLA=8
// contrib/sendmail/cf/README:
// confQUEUE_LA QueueLA [varies] Load average at which
// queue-only function kicks in.
// Default values is (8 * numproc)
// where numproc is the number of
// processors online (if that can be
// determined).
// uptime shows load averages
// ----------------------------------------------------------------------------
// .cf: # load average at which we refuse connections
// .cf: #O RefuseLA=12
// contrib/sendmail/cf/README:
// confREFUSE_LA RefuseLA [varies] Load average at which
// incoming SMTP connections are
// refused. Default values is (12 *
// numproc) where numproc is the
// number of processors online (if
// that can be determined).
#if /* { */ ( defined BERKLIX_SERVER_REMOTE )
// Added 2009.08.02 for safety, as some years back mailman killed host=thin,
// looping so many extra processes I couldnt ssh in to kill it, & had to
// remote Reset.
// No idea what LA I should really assert,o vear on the low side.
define(`confREFUSE_LA__CLOSE__,`6__CLOSE__)
// define(`confREFUSE_LA',`6')
#endif /*}*/
// ----------------------------------------------------------------------------
// .cf: # log interval when refusing connections for this long
// .cf: #O RejectLogInterval=3h
// ----------------------------------------------------------------------------
// .cf: # load average at which we delay connections; 0 means no limit
// .cf: #O DelayLA=0
// contrib/sendmail/cf/README:
// confDELAY_LA DelayLA [0] Load average at which sendmail
// will sleep for one second on most
// SMTP commands and before accepting
// connections. 0 means no limit.
#if /* { */ ( defined BERKLIX_SERVER_REMOTE )
// Added 2009.08.02 for safety, as some years back mailman killed host=thin,
// looping so many extra processes I couldnt ssh in to kill it, & had to
// remote Reset.
// No idea what LA I should really assert,o vear on the low side.
define(`confDELAY_LA__CLOSE__,`4__CLOSE__)
// define(`confDELAY_LA',`4')
#endif /*}*/
// ----------------------------------------------------------------------------
// .cf: # maximum number of children we allow at one time
// .cf: #O MaxDaemonChildren=0
// contrib/sendmail/cf/README:
// confMAX_DAEMON_CHILDREN MaxDaemonChildren
// [undefined] The maximum number of
// children the daemon will permit. After
// this number, connections will be
// rejected. If not set or <= 0, there is
// no limit.
// Added 2009.08.02 after bsn subnet overload (though dont know if oveload me).
// define(`confMAX_DAEMON_CHILDREN',`8')
// ----------------------------------------------------------------------------
// .cf: # maximum number of new connections per second
// .cf: #O ConnectionRateThrottle=0
// contrib/sendmail/cf/README:
// confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
// [undefined] The maximum number of
// connections permitted per second per
// daemon. After this many connections
// are accepted, further connections
// will be delayed. If not set or <= 0,
// there is no limit.
// Added 2009.08.02 after bsn subnet overload (though dont know if oveload me).
// No idea really, but anything better than no limit.
// define(`confCONNECTION_RATE_THROTTLE',`10')
// ----------------------------------------------------------------------------
// .cf: # Width of the window
// .cf: #O ConnectionRateWindowSize=60s
// contrib/sendmail/cf/README:
// confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
// [60s] Define the length of the
// interval for which the number of
// incoming connections is maintained.
// ----------------------------------------------------------------------------
// .cf: # work recipient factor #O RecipientFactor=30000
// ----------------------------------------------------------------------------
// .cf: # maximum number of recipients per SMTP envelope
// .cf: O MaxRecipientsPerMessage=400
// gea-announce 314
// ----------------------------------------------------------------------------
// .cf: # limit the rate recipients per SMTP envelope are accepted
// .cf: # once the threshold number of recipients have been rejected
// .cf: #O BadRcptThrottle=0
// contrib/sendmail/cf/README:
// confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified
// number of recipients in a single SMTP
// transaction have been rejected, sleep
// for one second after each subsequent
// RCPT command in that transaction.
// Added 2009.08.02 after bsn subnet overload (though dont know if oveload me).
// Anything better than no limit.
// define(`confBAD_RCPT_THROTTLE',`4')
// ----------------------------------------------------------------------------
#ifdef GATE_HOST /*{*/
define(`confDIAL_DELAY__CLOSE__,`8s__CLOSE__)
// define(`confDIAL_DELAY',`8s')
// JJLATER document what this is & why I set it.
#endif /* GATE_HOST }*/
// ----------------------------------------------------------------------------
#ifdef /*{*/ NO_FLAT_RATE
define(`confMCI_CACHE_SIZE__CLOSE__,`6__CLOSE__)
// define(`confMCI_CACHE_SIZE',`6')
/* Flush queue in minimum time, even if it degrades interactive performance */
#endif /* NO_FLAT_RATE } */
// ----------------------------------------------------------------------------
#if 0 /* pre 2009 06 10 was ifdef GATE_HOST {*/
/* /usr/src/contrib/sendmail/cf/README:
* Normally, the $j macro is automatically defined to be your fully
* qualified domain name (FQDN). Sendmail does this by getting your
* host name using gethostname and then calling gethostbyname on the
* result. For example, in some environments gethostname returns
* only the root of the host name (such as "foo"); gethostbyname is
* supposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
* cases, gethostbyname may fail to return the FQDN. In this case
* you MUST define confDOMAIN_NAME to be your fully qualified domain
* name. This is usually done using:
* Dmbar.com
* define(`confDOMAIN_NAME', `$w.$m')dnl
* cd /usr/src-7.1/contrib/sendmail ; find . | xargs grep Dw
* Nothing relevant.
* cd /usr/src/contrib/sendmail ; find . | xargs grep confDOMAIN_NAME
* RELEASE_NOTES cf/README cf/m4/proto.m4
*/
Dw`__CLOSE__MASQ_JHS_HOST
// Dw`'MASQ_JHS_HOST
Dm`__CLOSE__MASQ_JHS_DOMAIN
// Dm`'MASQ_JHS_DOMAIN
define(`confDOMAIN_NAME__CLOSE__, $w.$m) // brackets.c:`
/* How do these relate to ^DM from MASQUERADE_AS ?
* hostname returns park.js.berklix.net Or mart.js.berklix.net
*/
#endif /* 0 previously GATE_HOST } */
// ----------------------------------------------------------------------------
#if /*{*/ (!defined freebsd_cmp \
&& !defined BERKLIX_SERVER_REMOTE \
/* Remote hosts accept no names that aren't known locally.
If I were to do otherwise, I'd be open to spam swamping */ \
&& !defined END_HOST \
/* Avoid RECEIVER_JHS_FULL sending to itself */ \
&& !defined MOBILE_HOST \
)
/* Apparently local names that aren't local accounts or aliases. */
define(`LUSER_RELAY__CLOSE__,`RECEIVER_JHS_FULL.__CLOSE__)
// define(`LUSER_RELAY',`RECEIVER_JHS_FULL.')
/* Defining LUSER_RELAY Causes .cf file to acquire this text:
* # place to which unknown users should be forwarded
* DLmail.js.berklix.net.
*/
#endif /* !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE && !defined END_HOST }*/
// ----------------------------------------------------------------------------
/* define(`LOCAL_RELAY', `mailer:hostname')
* Defining LOCAL_RELAY Causes .cf file to acquire this text:
* who I send unqualified names to if FEATURE(stickyhost) is used
* DRLoCaL_ReLaY.mail.js.berklix.net
* unqualified names (no @domain)
*/
#if /*{*/ ( !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE && !defined END_HOST && !defined MOBILE_HOST )
// define(`LOCAL_RELAY',`RECEIVER_JHS_FULL') /* avoids needing .forward */
define(`LOCAL_RELAY__CLOSE__,`RECEIVER_JHS_FULL__CLOSE__) /* avoids needing .forward */
#endif /* !defined freebsd_cmp && !defined BERKLIX_SERVER_REMOTE && !defined END_HOST }*/
// ----------------------------------------------------------------------------
/* http://www.sendmail.org/m4/masquerading.html
* If you define both LOCAL_RELAY and MAIL_HUB and you have
* FEATURE(`stickyhost'), unqualified names will be sent to
* brackets.c:`'
* the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
*/
// ----------------------------------------------------------------------------
#ifdef /*{*/ NO_FLAT_RATE
define(`confTO_HOSTSTATUS__CLOSE__,`6h__CLOSE__)
// define(`confTO_HOSTSTATUS',`6h')
/* * else [30m] */
#endif /* NO_FLAT_RATE } */
// ----------------------------------------------------------------------------
#if (( defined END_HOST) || (defined MOBILE_HOST)) /*{*/
// 2009.07.05
/* When gate connects in morning, over 10 procmails used to run on
* end host, probably a mix of grep spam & ctm applications
* That damaged X-11 preformance, so throttle it.
*/
#ifndef MOBILE_HOST /*{{ Normal holz gate */
define(`confMAXDAEMONCHILDREN__CLOSE__,`6__CLOSE__)
#else /*}{ More protection of interactive X-Windows performance for laptop. */
define(`confMAXDAEMONCHILDREN__CLOSE__,`3__CLOSE__)
#endif /*}}*/
/* /usr/src/contrib/sendmail/cf/README
* [undefined] The maximum number of
* children the daemon will permit. After
* this number, connections will be rejected.
* If not set or <= 0, there is no limit.
* man sendmail :
* Options may be set either on the command line using the
* -o flag (for short names), the -O flag (for long names),
* or in the configuration file. This is a partial list
* limited to those options that are likely to be useful on
* the command line and only shows the long names
* ...
* MaxDaemonChildren=N
* Sets the maximum number of children that an incoming
* SMTP daemon will allow to spawn at any time to N.
*/
// This makes a difference in the .mc file, but no difference
// gets through to the .cf files
#endif /* NO_FLAT_RATE } */
// ----------------------------------------------------------------------------
#ifdef /*{*/ BERKLIX_SERVER_REMOTE
define(`confMAX_RCPTS_PER_MESSAGE__CLOSE__,`400__CLOSE__)
// define(`confMAX_RCPTS_PER_MESSAGE',`400')
/* Questions:
* - Is this maximum: total sendmail sees others sending ?
* - Is this maximum: total sendmail would accept from majordomo ?
* - What if I send some alert to several big 200+ lists ?
* - If I cross post an announcement ?
* - Does sendmail expect majordomo to split beyond that ?
* - Is majordomo capable of automatically splitting & resending ?
* - Recipient size is I believe seen by remote end,
* & used as a criteria for some MTAs to drop spam.
* CF default:
* # maximum number of recipients per SMTP envelope
* #O MaxRecipientsPerMessage=100
* --------------------------------------------------------------------
* MAX_RCPTS_PER_MESSAGE:
* 7.1-src/
* contrib/sendmail/RELEASE_NOTES
* contrib/sendmail/cf/README
* contrib/sendmail/cf/m4/proto.m4
* # maximum number of recipients per SMTP envelope
* _OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `0')
* contrib/sendmail/cf/cf/submit.cf
* * contrib/sendmail/doc/op/op.me
* .ip MaxRecipientsPerMessage=\fIN\fP
* [no short name]
* The maximum number of recipients that will be accepted per message
* in an SMTP transaction.
* Note: setting this too low can interfere with sending mail from
* MUAs that use SMTP for initial submission.
* https://en.wikipedia.org/wiki/Comparison_of_email_clients
* If not set, there is no limit on the number of recipients per envelope.
* --------------------------------------------------------------------
* * contrib/sendmail/src/readcf.c
* #define O_MAXRCPT 0xa2
* { "MaxRecipientsPerMessage", O_MAXRCPT, OI_SAFE },
* --------------------------------------------------------------------
*/
#endif /*}*/
// ----------------------------------------------------------------------------
#ifdef /*{*/ BERKLIX_SERVER_REMOTE
#if ( ! 0 && \
! defined land_berklix_org && \
! defined slim_berklix_org )
/* { Assume a weak host. Avoid thrashing & dieing after coming
* back on line into the backlog of a spam flood.
*/
define(`confQUEUE_LA__CLOSE__,`4__CLOSE__)
/* * CF default is a hashed out 8 */
define(`confREFUSE_LA__CLOSE__,`6__CLOSE__)
/* * CF default is a hashed out 12 */
define(`confDELAY_LA__CLOSE__,`2__CLOSE__)
/* * CF default is a hashed out 0 */
define(`confMAX_DAEMON_CHILDREN__CLOSE__,`3__CLOSE__)
/* * CF default is a hashed out 0 */
define(`confCONNECTION_RATE_THROTTLE__CLOSE__,`2__CLOSE__)
/* * CF default is a hashed out 0 */
define(`confMAX_QUEUE_RUN_SIZE__CLOSE__,`600__CLOSE__)
/* * CF default is hashed out #O MaxQueueRunSize=10000 */
define(`confMAX_QUEUE_CHILDREN__CLOSE__,`3__CLOSE__)
/* * CF default is a hashed out 0 */
define(`confMAX_RUNNERS_PER_QUEUE__CLOSE__,`1__CLOSE__)
/* * CF default is a hashed out 1 */
define(`confBAD_RCPT_THROTTLE__CLOSE__,`10__CLOSE__)
/* * CF default is a hashed out 20 */
#endif /* Weak host } */
#endif /*}*/
// ----------------------------------------------------------------------------
#if (defined BERKLIX_SERVER_REMOTE || defined GATE_HOST ) /* { */
// Added 2017-07-22 after an apple user on pc532@ list unexpectedly
// sent me a private mail with single zip enclosure with 150 Meg.
// # maximum message size (in bytes)
// O MaxMessageSize=50000000
// cd /usr/src/contrib/sendmail; find . -type f | sort | xargs grep -i -l MaxMessageSize
// ./RELEASE_NOTES
// ./cf/README
// ./cf/cf/submit.cf #O MaxMessageSize=0
// ./cf/m4/proto.m4 _OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `0')
// brackets.c: `'`'
// ./doc/op/op.me advertised in the ESMTP dialogue
// and checked during message collection
// ./src/collect.c
// ./src/readcf.c
// ./src/sendmail.h
// ./src/srvrsmtp.c
define(`confMAX_MESSAGE_SIZE__CLOSE__, `50000000__CLOSE__)
#endif /*}*/
// ----------------------------------------------------------------------------
#ifdef /*{*/ BERKLIX_SERVER_REMOTE
/* Not Yet Used.
* From 6.1/usr/local/share/doc/cyrus-sasl/Sendmail.README:
* dnl The group needs to be mail in order to read the sasldb file
* define(`confRUN_AS_USER',`root:mail')dnl
*/
#endif /*}*/
// ----------------------------------------------------------------------------
/* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html :
* dnl set SASL options
* TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
* define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
*/
// ----------------------------------------------------------------------------
#if /*{*/ ( defined BERKLIX_SERVER_REMOTE ) // Not for GATE_HOST
// GATE_HOST counterpart is AuthInfo in /etc/mail/access,
// built from /site/domain/js.berklix.net/etc/mail/access.domain
/* src/contrib/sendmail/cf/README:
* relaying is allowed for any user who authenticated
* via a "trusted" mechanism, i.e., one that is defined via
* TRUST_AUTH_MECH(`list of mechanisms')
* For example:
* TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
* brackets.c:`'
*/
// TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN') // brackets.c:`
// Land 10.3-STABLE fails with default: EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
// So slim which is still working is probably using PLAIN or LOGIN
TRUST_AUTH_MECH(`GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 PLAIN LOGIN__CLOSE__)
// brackets.c:`
/* Causes in .cf file a single line:
* C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
* GATE_HOST Proven to not need this.
* BERKLIX_SERVER_REMOTE proven to need this,
* else it tosses mail back
* Protocols accepted on remote smart host at run time,
* (although from maillog, one can see sendmail has been
* compiled with support for a longer list, eg on 9.1:
* AUTH: available mech=SCRAM-SHA-1 GSSAPI DIGEST-MD5 OTP \
* CRAM-MD5 NTLM PLAIN LOGIN ANONYMOUS, \
* allowed mech=GSSAPI DIGEST-MD5 PLAIN LOGIN
* Timp@ GSSAPI DIGEST-MD5 PLAIN LOGIN )
*/
/* GENERIC 4.11-RELEASE 6.4-RELEASE 9.2-RELEASE 9.3-RELEASE 10.3-RELEASE current-2016-08-18
* src/contrib/sendmail/cf/m4/proto.m4:
* _OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5')
* src/contrib/sendmail/cf/cf/submit.cf:
* #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
*/
/* 10.1-RELEASE with
* define(`confAUTH_MECHANISMS',`GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')
* complains:
* park.js.berklix.net.cpp:1754:28: warning: empty character constant [-Winvalid-pp-token]
* define(`confAUTH_MECHANISMS',`GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')
*/
define(`confAUTH_MECHANISMS__CLOSE__,`GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN__CLOSE__)
define(`BRACKETS_C__CLOSE__,`BRACKETS_C__CLOSE__)
/* Defining causes a change in .cf file from commented out:
* #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
* to active single configuration line:
* O AuthMechanisms=GSSAPI DIGEST-MD5 PLAIN LOGIN
* Now its removed on gate, on gate I see:
* AUTH: available mech=LOGIN PLAIN ANONYMOUS,
* allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
* http://www.sendmail.org/~ca/email/auth.html#AuthMechanisms:
* list of mechanisms which are offered at most for
* authentication. This list is intersected with the
* list of available (i.e., installed) mechanisms, and
* the result of the intersection is listed in the
* AUTH keyword value for the EHLO response.
* default: GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
* 6.1 Default: GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
* 6.1 cf/README: The advertised list of authentication
* mechanisms will be the intersection of this
* list and the list of available mechanisms as
* determined by the Cyrus SASL library.
* Pre 2004.01.05: DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
* timp@ GSSAPI DIGEST-MD5 PLAIN LOGIN
*/
#endif /* defined BERKLIX_SERVER_REMOTE } */
// ----------------------------------------------------------------------------
#if /*{*/ ( defined BERKLIX_SERVER_REMOTE || defined GATE_HOST || defined MOBILE_HOST )
/* /usr/ports/security/cyrus-sasl/pkg-descr:
* Mechanisms included: ANONYMOUS, CRAM-MD5, DIGEST-MD5, GSSAPI
* (MIT Kerberos 5 or Heimdal Kerberos 5), KERBEROS_V4 and PLAIN.
* /usr/ports/security/cyrus-sasl/files/Sendmail.README:
* Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4.
* These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space
* seperated list. You may want to restrict LOGIN, and PLAIN authentication
* methods for use with STARTTLS, as the password is not encrypted when
* passed to sendmail.
* LOGIN is required for Outlook Express users. "My server requires
* authentication" needs to be checked in the accounts properties to
* use SASL Authentication.
* PLAIN is required for Netscape Communicator users. By default Netscape
* Communicator will use SASL Authentication when sendmail is compiled with
* SASL and will cause your users to enter their passwords each time they
* retreive their mail (NS 4.7).
* The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you
* are using cyrus-imapd and sendmail on the same server that requires access
* to the sasldb database.
* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html
* reccomends
* define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')
* which in .cf file would be:
* O DefaultAuthInfo=/etc/mail/default-auth-info
* but 4.9/usr/share/sendmail/cf/README:
* password (plain text), ... this option is deprecated
* DIGEST-MD5 Succesor to CRAM-MD5
* GSSAPI Works with Kerberos 5
* LOGIN For Outlook Express users. It provides no security
* PLAIN and CRAM-MD5 Do not support the concept of realms
* PLAIN For Netscape Communicator
* PLAIN Can either check /etc/passwd, Kerberos V4, use PAM,
* or the sasl secrets database. By default PAM is
* used if PAM is found, then Kerberos, finally
* /etc/passwd (non-shadow).
* No Security: Beware Packet Sniffers !
* See also http://www.berklix.com/~jhs/txt/sasl.html#verify
* See also http://www.berklix.com/~jhs/txt/sasl.html#debug
*/
#endif /* defined BERKLIX_SERVER_REMOTE || defined GATE_HOST } */
// ----------------------------------------------------------------------------
MAILER(local)
// ----------------------------------------------------------------------------
MAILER(smtp)
// ----------------------------------------------------------------------------
#if ( 0 /* off 2003.12.01 */ \
&& ! (defined freebsd_cmp ) && ! ( defined BERKLIX_SERVER_REMOTE ) ) /*{*/
/* http://www.sendmail.org/m4/masquerading.html
* There are some user names that you don't want relayed,
* perhaps because of local aliases. A common example is root,
* which may be locally aliased. You can add entries to this
* list using LOCAL_USER(`usernames')
* bracktes.c:`'
*/
LOCAL_USER(root)
#endif /* 0 } */
// ----------------------------------------------------------------------------
#if ( defined BERKLIX_SERVER_REMOTE ) /*{*/
/* timp@ uses MAILER(cyrus) for providing IMAP services */
/* timp@ uses DAEMON_OPTIONS(`Name=MTA') */
/* timp@ uses DAEMON_OPTIONS(`Port=2525, Name=MSA, M=E') */
/* timp@ uses define(`confLOCAL_MAILER',`cyrus')
* - but isnt this define too late in file ?
*/
#endif /* defined BERKLIX_SERVER_REMOTE } */
// ----------------------------------------------------------------------------
/* SPF
* http://homepages.tesco.net/~J.deBoynePollard/FGA/smtp-spf-is-harmful.html
* You've come to this page because you've said something similar to the
* following:
* SPF ("sender pemitted from" a.k.a. "sender policy framework") is a
* scheme designed to prevent forgery of SMTP-based Internet mail and
* thus prevent unsolicited bulk mail. AOL has already adopted it.
* This is the Frequently Given Answer to such statements.
* Later look at Domain Keys Identified Mail (DKIM) rec. by
* http://www.sendmail.org/dkim
* http://www.postfix.org/MILTER_README.html
*/
// ----------------------------------------------------------------------------
/* Notes from Majordomo that I never tried up to when I swapped out Majordomo,
* in favour of Mailman, but they will still be valid for Mailman:
* - add 'aliases.majordomo' to your sendmail configuration. This can
* be done by adding a line similar to the following to
* /etc/sendmail.cf
* OA/usr/local/majordomo/aliases.majordomo
* (for 8.6.x Sendmail)
* O AliasFile=/etc/aliases,/usr/local/majordomo/aliases.majordomo
* (for 8.7.x and up)
* or a line similar to the following to your m4 macros file
* define(`ALIAS_FILE',`/etc/aliases,/usr/local/majordomo/aliases.majordomo')
* - consider using ports/mail/tlb to process your deliveries if you
* want to hide your outgoing aliases. This way you can prevent people
* from evading restrictions for posting to your lists.
*/
// ----------------------------------------------------------------------------
#ifndef freebsd_cmp /*{*/
__HASH__ End of common.cpp
#endif /* !freebsd_cmp } */
// ----------------------------------------------------------------------------