summaryrefslogtreecommitdiff
path: root/debian/sendmail-8.8.8-ismx-4
diff options
context:
space:
mode:
Diffstat (limited to 'debian/sendmail-8.8.8-ismx-4')
-rw-r--r--debian/sendmail-8.8.8-ismx-4161
1 files changed, 161 insertions, 0 deletions
diff --git a/debian/sendmail-8.8.8-ismx-4 b/debian/sendmail-8.8.8-ismx-4
new file mode 100644
index 0000000..7185096
--- /dev/null
+++ b/debian/sendmail-8.8.8-ismx-4
@@ -0,0 +1,161 @@
+
+ PREVENT UNAUTHORIZED USE OF YOUR HOSTS AS SMTP RELAY
+
+ Miquel van Smoorenburg <miquels@cistron.nl> 03-Mar-1998
+
+This patch adds a new map type to sendmail-8.8.8, called "ismx". That
+maps checks if we (all names in class 'w') are an MX for a certain domain.
+If so, the input hostname is replaced by our hostname, or TEMPFAIL if the DNS
+lookup failed.
+
+This can be used together with the "check_rcpt" rule to deny relaying for
+domains for which we are officially not an MX, without listing all domains
+in a configuration file. This prevents that your host is being used as
+a spam relay. However your host will still relay for hosts that it is
+officially an MX for, without any extra administration.
+
+Ofcourse you can put a list of IP numbers/networks in the file "LocalIP"
+to list hosts that may use your host as relay or smarthost. This is
+useful for a machine that is used internally as SMTP relay, for e.g.
+Eudora or Pegasus mail clients. The fields in this file are used with
+a substring match; for example 192.168 will match 192.168.0.0/16,
+192.168.1 will match 192.168.1.0/24 and 192.168.1.2 will only match
+that specific IP address. One entry per line.
+
+If you want to add some more hosts/domains you relay for but which
+do not have an MX entry pointing at your server, or which are not
+in class `w', you can put them in the file "RelayTo".
+
+Both files (LocalIP and RelayTo) must exist, even if they are otherwise
+empty. Comments (using `#') are allowed.
+
+
+These are the sendmail rules, with thanks to Niels Bakker <niels@euro.net>
+
+8.8.8-2 Documentation update, rules rewrite
+8.8.8-3 Allow <@a,b:user@c> in MAIL FROM:
+8.8.8-4 Use ismx map to differentiate between soft and hard lookup
+ errors in Scheck_mail
+
+LOCAL_CONFIG
+Kismx ismx
+F{LocalIP} /etc/mail/LocalIP
+FR /etc/mail/RelayTo
+
+LOCAL_RULESETS
+Scheck_mail
+#
+# Check that the domain name is valid.
+#
+R< @ $+ : $+ @ $+ > $: < $2 @ $3 > Strip SMTP route-addr
+R<$*@$=w> $@ <OK> shortcut (class w)
+R$- $@ <OK> local host
+R<> $@ <OK> bounce
+R$* $: <?> $>3 $1 canonify
+R<?> $* < @ $+ . > $: $1 < @ $2 > qualified
+R<?> $* < @ $+ > $: <?> $(ismx $2 $: NOMX $)
+R<?> TEMPFAIL $# error $@ 4.5.1 $: 451 Cannot resolve that - try again later.
+R<?> $* $# error $@ 5.7.1 $: 571 Invalid host name
+
+Scheck_rcpt
+#
+# Local users (LocalIP) can relay anywhere.
+#
+R$+ $: $(dequote "" $&{client_addr} $) $| $1
+R0 $| $* $@ <OK> no client addr: directly invoked
+R$={LocalIP}$* $| $* $@ <OK> from here
+R$* $| $* $: $2 undo damage
+#
+# Anything terminating locally is also OK.
+#
+R$* $: $>Parse0 $>3 $1
+R$+ < @ $* . > $* $: $1 < @ $2 >
+R$+ < @ $=w > $@ <OK> we deliver
+R$+ < @ $=R > $@ <OK> we relay
+#
+# See if we are MX for this host
+#
+R$+ < $* @ $+ > $* $: $1 < $2 @ $(ismx $3 $: NOMX $) > $4
+R$+ < $* @ NOMX > $* $# error $@ 5.7.1 $: 571 I do not relay for that address.
+R$+ < $* @ TEMPFAIL > $* $# error $@ 4.5.1 $: 451 Cannot resolve target domain.
+R$* $@ <OK>
+
+
+Note that if the MX lookup fails, a temporary rather than a fatal error
+code is returned so that the message will not get lost.
+
+Here's the diff to the sendmail-8.8.8 source. Note that if you are
+running Debian/Linux, the sendmail-8.8.8 package already has this patch
+incorporated.
+
+
+diff -u --recursive --new-file sendmail-8.8.8.orig/src/conf.c sendmail-8.8.8/src/conf.c
+--- sendmail-8.8.8.orig/src/conf.c Mon Oct 20 17:41:38 1997
++++ sendmail-8.8.8/src/conf.c Mon Jan 12 11:24:15 1998
+@@ -368,6 +368,10 @@
+ MAPDEF("bestmx", NULL, MCF_OPTFILE,
+ map_parseargs, null_map_open, null_map_close,
+ bestmx_map_lookup, null_map_store);
++
++ MAPDEF("ismx", NULL, MCF_OPTFILE,
++ map_parseargs, null_map_open, null_map_close,
++ ismx_map_lookup, null_map_store);
+ #endif
+
+ MAPDEF("host", NULL, 0,
+diff -u --recursive --new-file sendmail-8.8.8.orig/src/domain.c sendmail-8.8.8/src/domain.c
+--- sendmail-8.8.8.orig/src/domain.c Sat Aug 2 20:06:53 1997
++++ sendmail-8.8.8/src/domain.c Mon Jan 12 11:24:15 1998
+@@ -481,6 +481,52 @@
+ return map_rewrite(map, mxhosts[0], strlen(mxhosts[0]), av);
+ }
+ /*
++** ISMX -- find if we are the MX for a certain host.
++**
++** This is really a hack, but I don't see any obvious way
++** to generalize it at the moment.
++*/
++
++char *
++ismx_map_lookup(map, name, av, statp)
++ MAP *map;
++ char *name;
++ char **av;
++ int *statp;
++{
++ int nmx, i, len;
++ auto int rcode;
++ int saveopts = _res.options;
++ char *mxhosts[MAXMXHOSTS + 1];
++ char *mymx = NULL;
++
++ _res.options &= ~(RES_DNSRCH|RES_DEFNAMES);
++ nmx = getmxrr(name, mxhosts, FALSE, &rcode);
++ _res.options = saveopts;
++ if (rcode != EX_TEMPFAIL) {
++ if (nmx <= 0)
++ return NULL;
++ for(i = 0; i < nmx; i++) {
++ len = strlen(mxhosts[i]);
++ if (len && mxhosts[i][len - 1] == '.')
++ mxhosts[i][len - 1] = 0;
++ if (wordinclass(mxhosts[i], 'w')) {
++ mymx = mxhosts[i];
++ break;
++ }
++ }
++ if (mymx == NULL)
++ return NULL;
++ } else
++ mymx = "TEMPFAIL";
++
++ if (bitset(MF_MATCHONLY, map->map_mflags))
++ return map_rewrite(map, name, strlen(name), NULL);
++ else
++ return map_rewrite(map, mymx, strlen(mymx), av);
++}
++
++ /*
+ ** DNS_GETCANONNAME -- get the canonical name for named host using DNS
+ **
+ ** This algorithm tries to be smart about wildcard MX records.
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-22 23:32:37 +0000