divert(-1) # # $Id: sendmail.mc,v 1.1 2004/01/22 19:27:34 jmates Exp $ # # m4(1) macro defintions to control what the sendmail.cf will look # like. See the INSTALL, README, and sendmail's cf/README file for # documentation on how to adjust this file to suit your needs. # # Sample Mac OS X-localized sendmail.mc for server use. # divert(0) dnl who we are OSTYPE(`darwin') dnl increasing the log level allows one to debug various things dnl define(`confLOG_LEVEL', 14) dnl Mac OS X uses NetInfo, so need to disable file-based aliases undefine(`ALIAS_FILE') dnl All mail done as user@sld.tld; sub-hostnames not allowed. dnl This means your central server had better be able to handle *all* dnl your mail accounts MASQUERADE_AS(`example.org') MASQUERADE_DOMAIN(`example.org') FEATURE(`limited_masquerade') FEATURE(`allmasquerade') FEATURE(`masquerade_envelope') FEATURE(`masquerade_entire_domain') dnl some security options, aimed at machines that see light traffic. dnl Tweak to suit your site. define(`confCONNECTION_RATE_THROTTLE', `2') dnl limit on recipients/message (some spam software doesn't deal dnl well with this limitation) dnl dnl grrr, neither does some common software used by clients dnl define(`confMAX_RCPTS_PER_MESSAGE', `25') dnl prevent huge files being used as DoS attack define(`confMAX_MESSAGE_SIZE', `1618034') dnl avoid header overflow attacks from spammers/buffer exploiters dnl this protects Outlook/Netscape users define(`confMAX_HEADERS_LENGTH', `16384') define(`confMAX_MIME_HEADER_LENGTH', `256/128') dnl max number of children permitted to spawn, connections refused dnl past here. prevents runaway server under DoS, might need to be dnl increased for a busy mail server define(`confMAX_DAEMON_CHILDREN', `16') dnl tightest security measures as easier to lax them later... define(`confPRIVACY_FLAGS', ``goaway,restrictmailq,restrictqrun'') dnl exclude internal hostname from greeting message dnl still need to figure out how to hack hostname from goodbye line... define(`confSMTP_LOGIN_MSG', `$m Sendmail $v/$Z; $b') DAEMON_OPTIONS(`Family=inet, address=0.0.0.0, Name=MTA') dnl set this to stop sendmail from invesitgating your network interfaces dnl define(`confDONT_PROBE_INTERFACES', `True') dnl system load averages to queue/refuse at dnl to see whether supported, run: sendmail -bt -d3.1 < /dev/null define(`confQUEUE_LA', 4) define(`confREFUSE_LA', 8) dnl turn off various protocols; SMTP only by default undefine(`UUCP_RELAY') undefine(`BITNET_RELAY') undefine(`DECNET_RELAY') undefine(`FAX_RELAY') FEATURE(`nouucp', `reject') dnl for "local" domain names (/etc/mail/local-host-names) FEATURE(`use_cw_file') dnl some misc features that provide advanced functionality FEATURE(`always_add_domain') FEATURE(`redirect') FEATURE(`smrsh') dnl domain routing dnl FEATURE(`mailertable') dnl virtual domain support dnl VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains') dnl FEATURE(`virtuser_entire_domain') dnl FEATURE(`virtusertable') dnl spiffy spam/access/blacklisting support FEATURE(`access_db') FEATURE(`blacklist_recipients') dnl no RBL checks enabled by default... FEATURE(`delay_checks') MAILER(`smtp') MAILER(`procmail') dnl custom local rules to do various things LOCAL_CONFIG dnl Disabled regex rule for matching Subject: lines. Your sendmail dnl needs to be compiled with MAP_REGEX for this to work. dnl See regex(?) for details on the syntax; also note that sendmail dnl appears to be quite picky on regex formats. dnl Also note that blocking on subject should only be used as a hotfix dnl solution to an active virus; subject lines change. A more dnl practical solution is to use a mail sanitizer program. dnl Ksubjmap regex -m -f (Here.*you.*have,.*;o|ILOVEYOU) LOCAL_RULESETS dnl apply above subject regex to check the Subject: line for bad dnl stuff, bouncing the mail with the specified error. dnl If you have more than one HSubject: lines, the last one listed dnl appears to "win" over previous ones, which means I need to read dnl the bat book some more: dnl HSubject: $>Check_Subject dnl SCheck_Subject dnl R$* $: $(subjmap $1 $: $) # Using a REGEX dnl R $@ OK dnl R$+ $#error $: 550 Subject indicates virus content dnl a little is-message-id header valid check... dnl HMessage-Id: $>CheckMessageId dnl SCheckMessageId dnl R< $+ @ $+ > $@ OK dnl R$* $#error $: 553 Header Error: Invalid Message-Id