[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SLUG] Sendmail problem: a better .mc file




Here is one I use as a basic file to be modified for various
sites.  It includes various additional security features, fixes
some problems with the Red Hat and Debian basic versions, etc.

It involves moving most of your db and config files (like
userdb, aliases, relay-domains) from /etc to /etc/mail, where
IMHO they belong.

I hate to include attachments like this, but there are tabs that
are significant (can't be replaced with spaces) in what I have
attached, notably in the LOCAL_CONFIG part.

-- 
Del
divert(-1)
dnl This is the sendmail macro config file. If you make changes to this file,
dnl you need the sendmail-cf rpm installed and then have to generate a
dnl new /etc/sendmail.cf by running the following command:
dnl
dnl        m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
dnl
include(`../m4/cf.m4')
VERSIONID(`linux setup for Red Hat Linux')dnl
OSTYPE(`linux')
define(`confDEF_USER_ID',``8:12'')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
undefine(`DECNET_RELAY')dnl
undefine(`FAX_RELAY')dnl
dnl
define(`confAUTO_REBUILD')dnl
define(`confME_TOO')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`STATUS_FILE', `/var/log/sendmail.st')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confCW_FILE', `/etc/mail/local-host-names')dnl
dnl
dnl Local changes -- linuxsecuritycentral.com preferences.
dnl
define(`ALIAS_FILE',`/etc/mail/aliases,/etc/mail/majordomo')dnl
define(`confTO_QUEUEWARN', `24h')dnl
define(`confTO_QUEUERETURN', `7d')dnl
define(`confQUEUE_LA', `12')dnl
define(`confREFUSE_LA', `18')dnl
define(`confSMTP_LOGIN_MSG', `$j, Sendmail $v/$Z; $b.  Security monitoring by http://www.linuxsecuritycentral.com/  Public port 25! WARNING... abuse, unauthorized access, or spam sent to this host constitutes acceptance of civil and or criminal liability by the sender!  You have been warned!')dnl
dnl
define(`confCR_FILE', /etc/mail/relay-domains)dnl
dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
FEATURE(`domaintable',`hash -o /etc/mail/domaintable')dnl
FEATURE(`access_db', `hash -o /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`delay_checks')dnl
dnl
dnl DNS black hole lists.  I have decided just to use the lists from
dnl mail-abuse.org.  ORBS is a bit too fascist for my taste, and some
dnl of the others don't appear to be updated that regularly.  I'm still
dnl unsure about relays.mail-abuse.org but I'll leave it in for the present.
dnl
FEATURE(dnsbl, `blackholes.mail-abuse.org', `Rejected - see  http://www.mail-abuse.org/rbl/')dnl
FEATURE(dnsbl, `dialups.mail-abuse.org', `Dialup - see http://www.mail-abuse.org/dul/')dnl
FEATURE(dnsbl, `relays.mail-abuse.org', `Open spam relay - see http://work-rss.mail-abuse.org/')dnl
dnl
dnl Misc features.
dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail)dnl
dnl
dnl Masquerading.  You need to change the domain names listed below.
dnl You may prefer not to use this, but to use a domaintable instead.
dnl
FEATURE(allmasquerade)dnl
FEATURE(masquerade_entire_domain)dnl
FEATURE(masquerade_envelope)dnl
MASQUERADE_AS(babel.com.au)dnl
MASQUERADE_DOMAIN(babel.com.au)dnl
MASQUERADE_DOMAIN(babel.co.nz)dnl
MASQUERADE_DOMAIN(babel.home)dnl
dnl EXPOSED_USER(`root')dnl
dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl
LOCAL_CONFIG
#
#  Names that won't be allowed in a To: line (local-part and domains)
#
C{RejectToLocalparts}	friend you
C{RejectToDomains}	public.com

LOCAL_RULESETS
HTo: $>CheckTo

SCheckTo
R$={RejectToLocalparts}@nospam.$*	$#error $: "553 No spam here please."
R$*@nospam.$={RejectToDomains}		$#error $: "553 No spam here please."

HMessage-Id: $>CheckMessageId

SCheckMessageId
R< $+ @nospam. $+ >			$@nospam. OK
R$*				$#error $: "553 No spam here please."

HSubject: $>local_check_header
D{MelissaMessage}"553 Your message may contain the Melissa/ILOVEYOU virus.  Please email postmaster@nospam.$j if you have questions."

Slocal_check_header
RILOVEYOU $*	$#error $: ${MelissaMessage}
RImportant Message From $*	$#error $: ${MelissaMessage}
RRe: Important Message From $*	$#error $: ${MelissaMessage}
Rfwd: Joke $*	$#error $: ${MelissaMessage}