diff options
Diffstat (limited to 'debian/cf/hack')
| -rw-r--r-- | debian/cf/hack/debian_auth.m4.in | 47 | ||||
| -rw-r--r-- | debian/cf/hack/msp_nullclient.m4 | 95 | ||||
| -rw-r--r-- | debian/cf/hack/nodns.m4 | 47 | ||||
| -rw-r--r-- | debian/cf/hack/spamtrap.m4 | 62 | ||||
| -rw-r--r-- | debian/cf/hack/virthost_by_ip.m4.in | 77 |
5 files changed, 291 insertions, 37 deletions
diff --git a/debian/cf/hack/debian_auth.m4.in b/debian/cf/hack/debian_auth.m4.in new file mode 100644 index 0000000..66510b1 --- /dev/null +++ b/debian/cf/hack/debian_auth.m4.in @@ -0,0 +1,47 @@ +divert(-1)dnl +#----------------------------------------------------------------------------- +# $Sendmail: debian_auth.m4,v @sm_version@ @sm_date@ @sm_time@ cowboy Exp $ +# +# Copyright (c) 2001-@SM_CPYRT@ Richard Nelson. All Rights Reserved. +# +# @configure_input@ +# +# debian_trustauth.m4 m4 file for +# * supporting MSP->MTA and MTA->MTA authentication +# * supporting the auth= parameter on the mail from: command. +# +# This file is an extremely simple example that lets *ALL* trusted users +# sendmail, daemon, root, uucp, etc. proxy for any user. +# +# If you've a better idea, please let me know +# +#----------------------------------------------------------------------------- +divert(0)dnl +VERSIONID(`$Id: debian_auth.m4,v @sm_version@@sm_revision@ @sm_date@ @sm_time@ cowboy Exp $') +dnl # +dnl # MTA as Client authentication - only if authinfo/access_db *NOT* used... +define(`confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info')dnl +dnl # +dnl # add (fake) uid 'sendmail' to trusted users - it is used as the id +dnl # for MSP->MTA, and MTA->MTA proxying. +ifdef(`confTRUSTED_USERS', + `define(`confTRUSTED_USERS', + defn(`confTRUSTED_USERS')`,sendmail')', + `define(`confTRUSTED_USERS', `sendmail')')dnl +dnl # +dnl # Define local rulesets for trust_auth +LOCAL_RULESETS +# +#----------------------------------------------------------------------------- +# Local_trust_auth: Define who is able to authenticate for whom... +# The sendmail default is to allow *IFF* authen == author +# This ruleset also allows trusted users to authenicate as anyone - needed +# for MSP->MTA and MTA->MTA forwarding of mail from: <...> auth=... +SLocal_trust_auth +R$* $: $&{auth_authen} Put authentication id in the workspace +ifdef(`DEBIAN_DEBUG',dnl +`R$* $: $(log authtype:$&{auth_type} $) $1 +R$* $: $(log authauthen:$&{auth_authen} $) $1 +R$* $: $(log authauthor:$&{auth_author} $) $1')dnl +R$=t $@ $#ok Trusted users... Allow trusted users to auth= as anyone +#----------------------------------------------------------------------------- diff --git a/debian/cf/hack/msp_nullclient.m4 b/debian/cf/hack/msp_nullclient.m4 new file mode 100644 index 0000000..db9f8cc --- /dev/null +++ b/debian/cf/hack/msp_nullclient.m4 @@ -0,0 +1,95 @@ +divert(-1)dnl +#----------------------------------------------------------------------------- +# $Sendmail: ./msp_nullclient.m4,v 8.12.0 2001/05/23 14:30:00 cowboy Exp $ +# +# Copyright (c) 2001-2001 Richard Nelson. All Rights Reserved. +# +# msp_nullclient.m4 m4 file for supporting a nullclient in the MSP +# environment. That is, change the feature(msp) to feature(msp_nullclient) +# in /etc/mail/submit.mc. An MTA listener is now optional, and you can +# run with only MSP mode (setgid mail). +# +# This file is blatantly cut&pasted from nullclient.m4 and msp.m4 !!! +# +# If you've a better idea, please let me know +# +#----------------------------------------------------------------------------- +# +# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. +# All rights reserved. +# Copyright (c) 1983 Eric P. Allman. All rights reserved. +# Copyright (c) 1988, 1993 +# The Regents of the University of California. All rights reserved. +# +# By using this file, you agree to the terms and conditions set +# forth in the LICENSE file which can be found at the top level of +# the sendmail distribution. +# +# +ifelse(defn(`_ARG_'), `', `errprint(`Hack "msp_nullclient" requires argument')', + `define(`_NULL_CLIENT_', _ARG_)') + +# +# This is used only for relaying mail from a client to a hub when +# that client does absolutely nothing else -- i.e., it is a "null +# mailer". In this sense, it acts like the "R" option in Sun +# sendmail. +# + +divert(0)dnl +VERSIONID(`$Id: msp_nullclient.m4,v 8.12.0 2001/05/23 14:30:00 cowboy Exp $') +divert(-1)dnl + +dnl # +dnl # This *MUST* be used within the context of MSP +ifdef(`DEBIAN_MSP', `dnl', `DOMAIN(`debian-msp')') +dnl # +dnl # Restrict listening to localhost (to increase security) +ifelse(defn(`_DPO_'), `', +`DAEMON_OPTIONS(`Name=NoMTA, Addr=127.0.0.1, M=E')dnl') + +dnl #-------------------- Now the Nullclient carp --------------------------- +undefine(`ALIAS_FILE') +define(`MAIL_HUB', _NULL_CLIENT_) +define(`SMART_HOST', _NULL_CLIENT_) +define(`confFORWARD_PATH', `') +ifdef(`confFROM_HEADER',, `define(`confFROM_HEADER', `<$g>')') +dnl #-------------------- Now the MSP carp ---------------------------------- +ifdef(`STATUS_FILE', +`define(`_F_', +`define(`_b_', index(STATUS_FILE, `sendmail.st'))ifelse(_b_, `-1', `STATUS_FILE', `substr(STATUS_FILE, 0, _b_)sm-client.st')') +define(`STATUS_FILE', _F_) +undefine(`_b_') undefine(`_F_')', +`define(`STATUS_FILE', `/var/run/sm-client.st')') +define(`confUSE_MSP', `True')dnl +define(`confFORWARD_PATH', `')dnl +define(`confPRIVACY_FLAGS', `goaway,noetrn')dnl +dnl --------------------------------------------- +dnl run as this user (even if called by root) +define(`confRUN_AS_USER', `smmsp')dnl +define(`confTRUSTED_USER', `confRUN_AS_USER')dnl +dnl --------------------------------------------- +dnl This queue directory must have the same group +dnl as sendmail and it must be group-writable. +dnl notice: do not test for QUEUE_DIR, it is set in some ostype/*.m4 files +ifdef(`MSP_QUEUE_DIR', +`define(`QUEUE_DIR', `MSP_QUEUE_DIR')', +`define(`QUEUE_DIR', `/var/spool/clientmqueue')')dnl +dnl --------------------------------------------- +ifdef(`confPID_FILE', `dnl', +`define(`confPID_FILE', QUEUE_DIR`/sm-client.pid')') +define(`confQUEUE_FILE_MODE', `0660')dnl +FEATURE(`no_default_msa')dnl +ifelse(defn(`_DPO_'), `', +`DAEMON_OPTIONS(`Name=NoMTA, Addr=127.0.0.1, M=E')dnl') +dnl #---------------------- Debian MSP fixup ------------------------------- +dnl define(`confHOST_STATUS_DIRECTORY', `/var/lib/sendmail/host_status')dnl +define(`confRUN_AS_USER', `mail')dnl +define(`confTRUSTED_USER', `confRUN_AS_USER')dnl +dnl #---------------------- back to nullclient carp ------------------------ +define(`_DEF_LOCAL_MAILER_FLAGS', `lsDFM5q') +MASQUERADE_AS(_NULL_CLIENT_) +FEATURE(`allmasquerade') +FEATURE(`masquerade_envelope') +MAILER(`local') +MAILER(`smtp') diff --git a/debian/cf/hack/nodns.m4 b/debian/cf/hack/nodns.m4 index 41216f1..1f3f71e 100644 --- a/debian/cf/hack/nodns.m4 +++ b/debian/cf/hack/nodns.m4 @@ -1,44 +1,17 @@ -divert(-1) +divert(-1)dnl +#----------------------------------------------------------------------------- +# $Sendmail: ./nodns.m4,v 8.12.0 2001/08/24 12:00:00 cowboy Exp $ # -# Copyright (c) 1983 Eric P. Allman -# Copyright (c) 1988, 1993 -# The Regents of the University of California. All rights reserved. +# Copyright (c) 1999-2001 Richard Nelson. All Rights Reserved. # -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. All advertising materials mentioning features or use of this software -# must display the following acknowledgement: -# This product includes software developed by the University of -# California, Berkeley and its contributors. -# 4. Neither the name of the University nor the names of its contributors -# may be used to endorse or promote products derived from this software -# without specific prior written permission. +# hack/nodns.m4 m4 file for omitting DNS queries # -# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. +# If you've a better idea, please let me know # -divert(0) -VERSIONID(`@(#)nodns.m4 8.1 (Debian) 19991013') -divert(-1) -LOCAL_CONFIG +#----------------------------------------------------------------------------- +divert(0)dnl +VERSIONID(`$Id: nodns.m4,v @sm_version@@sm_revision@ @sm_date@ @sm_time@ cowboy Exp $') undefine(`confBIND_OPTS')dnl define(`confSERVICE_SWITCH_FILE', `/etc/mail/service.switch-nodns')dnl -FEATURE(nocanonify)dnl define(`confDONT_PROBE_INTERFACES', `True')dnl - - +FEATURE(nocanonify)dnl diff --git a/debian/cf/hack/spamtrap.m4 b/debian/cf/hack/spamtrap.m4 new file mode 100644 index 0000000..9acd2c3 --- /dev/null +++ b/debian/cf/hack/spamtrap.m4 @@ -0,0 +1,62 @@ +divert(-1)dnl +#----------------------------------------------------------------------------- +# $Sendmail: ./spamtrap.m4,v 8.12.0 2001/09/24 12:00:00 cowboy Exp $ +# +# hack(spamtrap) config file for building Sendmail +# +# Courtesy of jeff@sdsc.edu (Jeff Makey) +# via c.m.s posting Sat, 8 Sep 2001 07:44:26 +0000 (UTC) +# +# Spamtrap addresses go into the access file like this: +# +# To:spamtrap@pandora.orbl.org POISON +# To:Friend@public.com POISON +# +#----------------------------------------------------------------------------- +# +divert(0)dnl +LOCAL_CONFIG +# provide access to macros as a map +Kmacro macro + +LOCAL_RULESETS +###################################################################### +### spamtrap: handle spamtrap(POISON) users +### +###################################################################### +# +# This is not only redundant, but fails with feature(`delay_checks') +# +#SLocal_check_mail +# Clear the "poison recipient" indicator macro for this message. +#R$* $: $(macro {PoisonRecipient} $) $1 + +SLocal_check_rcpt +# +# Spamtrap addresses go into the access file like this: +# To:spamtrap@pandora.orbl.org POISON +# +# Certain recipients are "poison" and cause the +# message to be rejected for all recipients. +R$* $: $1 $| $1 create workspace to right of $| +R$* $| $* <$+> $* $1 $| $3 focus on part in angle brackets +R$* $| $+ $: $1 $| $>SearchList <!To> $| <E:$2> <> +R$* $| <POISON> $: $1 $| $(macro {PoisonRecipient} $@ POISON $) +R$* $| $* $: $1 delete workspace + +Scheck_eoh +R$* $: $&{PoisonRecipient} +RPOISON $#error $@ 5.7.1 $: 550 Mail sent to spam lists is not accepted here + +# +# With a "To:Friend@public.com POISON" entry in the access file the +# following ruleset will block certain types of spam too: +# +# Certain To headers are sure-fire spam signatures. +HTo: $>CheckTo +SCheckTo +R$+ , $+ $@ $1 , $2 do not try to verify complex addresses +R$* $: $1 $| $>SearchList <!To> $| <E:$1> <> +R$* $| <POISON> $#error $@ 5.7.1 $: 550 Mail sent by spamware is not accepted here +R$* $| $* $: $1 delete lookup result + diff --git a/debian/cf/hack/virthost_by_ip.m4.in b/debian/cf/hack/virthost_by_ip.m4.in new file mode 100644 index 0000000..d304213 --- /dev/null +++ b/debian/cf/hack/virthost_by_ip.m4.in @@ -0,0 +1,77 @@ +divert(-1)dnl +#----------------------------------------------------------------------------- +# $Sendmail: virthost_by_ip.m4,v @sm_version@ @sm_date@ @sm_time@ cowboy Exp $ +# +# Copyright (c) 2001-@SM_CPYRT@ Richard Nelson. All Rights Reserved. +# +# @configure_input@ +# +# hack(virthost_by_ip) config file for building Sendmail @sm_version@@sm_revision@ +# Note: Also check op.{ps,txt} for the 'b' modifier to daemon_options - it +# extends ip based virtual hosting. +# +# Note: the .in file supports @SM_MINVERS@ - @SM_MAXVERS@, but the generated +# file is customized to the version noted above. +# +#----------------------------------------------------------------------------- +# +divert(0)dnl +dnl # +dnl #--------------------------------------------------------------------- +dnl # Bring in Autoconf results +dnl #--------------------------------------------------------------------- +ifdef(`sm_version', `dnl', +`include(`@datadir@/sendmail/cf/debian/autoconf.m4')dnl') +dnl # +VERSIONID(`$Id: virthost_by_ip.m4, v @sm_version@@sm_revision@ @sm_date@ @sm_time@ cowboy Exp $') +dnl # +dnl #--------------------------------------------------------------------- +dnl # Virtual hosting extensions - Login (greeting message) +dnl #--------------------------------------------------------------------- +define(`confSMTP_LOGIN_MSG', `$?{if_name}${if_name}$|$j$. Sendmail $v/$Z; $b; (No UCE/UBE) $?{client_addr}logging access from: ${client_name}(${client_resolve})-$_$.')dnl +dnl # +dnl #--------------------------------------------------------------------- +dnl # Virtual hosting extensions - Received-by headers (8.12.0 style) +dnl #--------------------------------------------------------------------- +dnl # 8.7.0+ +ifdef(`_REC_HDR_', `dnl', +`define(`_REC_HDR_', `$?sfrom $s $.$?_($?s$|from $.$_)')dnl' +`define(`_REC_END_', `for $u; $|; + $.$b')dnl' +) +dnl # AUTH(SASL) 8.10.0+ +ifdef(`_REC_AUTH_', `dnl', +`define(`_REC_AUTH_', `$.$?{auth_type}(authenticated')dnl' +`define(`_REC_FULL_AUTH_', `$.$?{auth_type}(user=${auth_authen} $?{auth_author}author=${auth_author} $.mech=${auth_type}')dnl' +) +dnl # TLS(SSL) 8.11.0+ +ifdef(`_REC_BY_', `dnl', +`define(`_REC_BY_', `$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}')dnl' +`define(`_REC_TLS_', `(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u')dnl' +) +dnl # Now, override default settings for virtual hosting +define(`_REC_BY_', `$.by $?{if_name}${if_name}$|$j$. ($v/$Z)$?r with $r$. id $i$?{tls_version}')dnl +define(`confRECEIVED_HEADER', `_REC_HDR_ + _REC_AUTH_$?{auth_ssf} (${auth_ssf} bits)$.) + _REC_BY_ + _REC_TLS_ + _REC_END_')dnl +dnl # +dnl #--------------------------------------------------------------------- +dnl # Virtual hosting extensions - ClientPortOptions (modifier=h) +dnl # -- Use name of interface for HELO command +dnl #--------------------------------------------------------------------- +ifelse(eval(sm_version_math >= 526848), `1',dnl +`ifelse(defn(`_CPO_'), `dnl', +`CLIENT_OPTIONS(`Modifier=h')dnl')dnl') +dnl # +dnl #--------------------------------------------------------------------- +dnl # Virtual hosting extensions - DaemonPortOptions (modifier=b) +dnl # -- Bind to interface mail was received on +dnl # I can't do this for you, because each use of DAEMON_OPTIONS will +dnl # create a new listener ! +dnl #--------------------------------------------------------------------- +dnl ifelse(eval(sm_version_math >= 526848), `1',dnl +dnl `ifelse(defn(`_DPO_'), `dnl', +dnl `DAEMON_OPTIONS(`Modifier=b')dnl')dnl') + |