Options for the HACKs for sendmail 8.9

Last Update 2001-05-16

Introduction

The HACKs for the header checks rulesets in sendmail 8.9 have several options, which are listed and explained here.
Warning: some of these options are highly dangerous, activate them only if you're really sure about the consequences and after you've tested them.
Note: The options _CHECK_TO_ and _CHECK_REPLYTO_ can cause errors if the header lines are too long. You may either increase the values for the constants in conf.h: 

# define MAXNAME	1024	/* max length of a name */
# define MAXATOM	512		/* max atoms per address */
or don't use the new option _LOOKUP_ in the alpha version of chk-headers.m4.

All rulesets which run checks against header lines are protected by an AcceptMail ruleset. This ruleset checks the envelope sender and the IP address of the relay (${client_addr}) against the access map If it returns an element of the Accept class (which currently consists of OK and RELAY), then the ruleset immediately returns without an error.

List of Options for chk-headers.m4

Next, a list of options is given with a short explanation.
_CHECK_LOCAL_MAIL_
Activate the Local_check_mail ruleset. It performs the following tests as exemplified in knecht.mc:
  1. No numeric local parts for domains in /etc/mail/nonumeric
  2. reject addresses with
    • numeric-only localparts from aol.com and msn.com
    • localparts starting with a digit from juno.com
used by: chk-headers.m4 (introduced in version 0.1.5, 1998-08-23).
_CHECK_RECEIVED_
Activate the ruleset for the Received header line. The optional argument is used for a pattern match.
_CHECK_ORG_
Activate the ruleset for the Organization header line. The optional argument is used for a pattern match.
_CHECK_SUBJECT_
Activate the ruleset for the Subject header line. This is a pattern match, pattern is either the optional argument or the default value: ((make|earn).*(money|cash))
_CHECK_SUBJECTF_
This is a case-sensitive pattern match on the Subject: ( _CHECK_SUBJECT_ must be activated), pattern is either the optional argument or the default value: XXX
_CHECK_FROM_
Activate the ruleset for the From header line.
_CHECK_SENDER_
Activate the ruleset for the Sender header line.
_CHECK_REPLYTO_
Activate the ruleset for the Reply-To header line. The optional argument is used for a pattern match.
_CHECK_TO_
Activate the ruleset for the To header line. The optional argument is used for a pattern match.
_CHECK_CC_
Activate the ruleset for the Cc header line.
_CHECK_MESSAGEID_
Activate the ruleset for the Message-Id header line. The optional argument is used for a pattern match.
_CHECK_X_MAILER_
Activate the ruleset for the X-Mailer header line. This is a pattern match, pattern is either the optional argument or the default value: (MassE-Mail|Floodgate|Extractor|FastMail|WorldMerge|PLAUZIUM|Aristotle|e-Merge|Emailer`'_FILL_PATT_`'Platinum|Internet`'_FILL_PATT_`'Marketing|Allaire`'_FILL_PATT_`'Cold`'_FILL_PATT_`'Fusion|Scientology|Mail-Bomb|sul\.com\.br|Diffondi`'_FILL_PATT_`'COOL|MailKing|Inet_Mail_Out)
_CHECK_X_ADV_
Activate the ruleset for the X-Advertisement header line. In the alpha version, an optional argument specifies a pattern.
_CHECK_X_INFO_
Activate the ruleset for the X-Info header line. This is a pattern match, pattern is either the optional argument or the default value: (Bulk`'_FILL_PATT_`'Emailer|Filtered`'_FILL_PATT_`'Via`'_FILL_PATT_`'The`'_FILL_PATT_`'Remove`'_FILL_PATT_`'List)
_CHECK_X_PMFLAGS_
Activate the ruleset for the X-PMFLAGS header line. If this header exists, an error is returned. In the alpha version it is possible to use a ruleset given to me by Richard Stevenson, which can be selected by defining _CHECK_X_PMFLAGS_ to a non-empty string, e.g.
define(`_CHECK_X_PMFLAGS_', `1')dnl
_CHECK_X_SPANSKA
Activate the ruleset for the X-Spanska header line. If this header exists, an error is returned.
used by: chk-headers.m4 (introduced in version 0.2.4, 1999-02-25).
_MID_IN_MAP_
Activate the check of the Message-Id against the access map. Requires _CHECK_MESSAGEID_
used by: chk-headers.m4 (introduced in version 0.2.2, 1999-02-10)

List of Options for chk-rcpt.m4

WARNING The options _RELAY_ACCESS_FROM_ and _RELAY_ACCESS_FROM_DOMAIN_ open up a hole in the anti-relay rules. Use them only if absolutely necessary, i.e., none of the other methods works for your situation.
_RELAY_ACCESS_FROM_
Allow relaying based on the envelope FROM address. This address must be in the access map with a RHS of RELAY.
used by: chk-rcpt.m4 (introduced in version 0.2.0, 1998-10-27).
_RELAY_ACCESS_FROM_DOMAIN_
Allow relaying based on the domain part of the envelope FROM address. This domain must be in the access map with a RHS of RELAY. This option requires _RELAY_ACCESS_FROM_
used by: chk-rcpt.m4 (introduced in version 0.2.0, 1998-10-27).
[(links)] [Hints] [Avoiding UBE] [cf/README] [New]
Copyright © Claus Aßmann Please send comments to: <ca at sendmail.org>
Disclaimer: the information provided may be inaccurate or outdated or incomplete. Please contact me if you find an error.