Options for the HACKs for sendmail 8.9
Last Update 2001-05-16
Introduction
The
HACKs
for the
header checks
rulesets in
sendmail 8.9
have several options,
which are listed and explained here.
Warning:
some of these options are highly dangerous,
activate them only if you're really sure about the consequences
and after
you've tested them.
Note:
The options
_CHECK_TO_
and
_CHECK_REPLYTO_
can cause errors if the header lines are too long.
You may either increase the values for the constants
in conf.h
:
# define MAXNAME 1024 /* max length of a name */
# define MAXATOM 512 /* max atoms per address */
or don't use the new option
_LOOKUP_
in the
alpha version of
chk-headers.m4.
All rulesets which run checks against header lines
are protected by an AcceptMail ruleset.
This ruleset checks the envelope sender
and the IP address of the relay
(${client_addr})
against the
access map
If it returns an element of the
Accept
class (which currently consists of
OK and
RELAY),
then the ruleset immediately returns without an error.
Next, a list of options is given with a short explanation.
-
_CHECK_LOCAL_MAIL_
-
Activate the
Local_check_mail
ruleset.
It performs the following tests as exemplified in
knecht.mc:
-
No numeric local parts for domains in
/etc/mail/nonumeric
- reject addresses with
- numeric-only localparts from aol.com and msn.com
- localparts starting with a digit from juno.com
-
used by:
chk-headers.m4
(introduced in version 0.1.5, 1998-08-23).
-
_CHECK_RECEIVED_
-
Activate the ruleset for the
Received
header line.
The optional argument is used for a pattern match.
-
_CHECK_ORG_
-
Activate the ruleset for the
Organization
header line.
The optional argument is used for a pattern match.
-
_CHECK_SUBJECT_
-
Activate the ruleset for the
Subject
header line.
This is a pattern match,
pattern is either the optional argument or the default value:
((make|earn).*(money|cash))
-
_CHECK_SUBJECTF_
-
This is a case-sensitive pattern match on the
Subject:
(
_CHECK_SUBJECT_
must be activated),
pattern is either the optional argument or the default value:
XXX
-
_CHECK_FROM_
-
Activate the ruleset for the
From
header line.
-
_CHECK_SENDER_
-
Activate the ruleset for the
Sender
header line.
-
_CHECK_REPLYTO_
-
Activate the ruleset for the
Reply-To
header line.
The optional argument is used for a pattern match.
-
_CHECK_TO_
-
Activate the ruleset for the
To
header line.
The optional argument is used for a pattern match.
-
_CHECK_CC_
-
Activate the ruleset for the
Cc
header line.
-
_CHECK_MESSAGEID_
-
Activate the ruleset for the
Message-Id
header line.
The optional argument is used for a pattern match.
-
_CHECK_X_MAILER_
-
Activate the ruleset for the
X-Mailer
header line.
This is a pattern match,
pattern is either the optional argument or the default value:
(MassE-Mail|Floodgate|Extractor|FastMail|WorldMerge|PLAUZIUM|Aristotle|e-Merge|Emailer`'_FILL_PATT_`'Platinum|Internet`'_FILL_PATT_`'Marketing|Allaire`'_FILL_PATT_`'Cold`'_FILL_PATT_`'Fusion|Scientology|Mail-Bomb|sul\.com\.br|Diffondi`'_FILL_PATT_`'COOL|MailKing|Inet_Mail_Out)
-
_CHECK_X_ADV_
-
Activate the ruleset for the
X-Advertisement
header line.
In the
alpha version,
an optional argument specifies a pattern.
-
_CHECK_X_INFO_
-
Activate the ruleset for the
X-Info
header line.
This is a pattern match,
pattern is either the optional argument or the default value:
(Bulk`'_FILL_PATT_`'Emailer|Filtered`'_FILL_PATT_`'Via`'_FILL_PATT_`'The`'_FILL_PATT_`'Remove`'_FILL_PATT_`'List)
-
_CHECK_X_PMFLAGS_
-
Activate the ruleset for the
X-PMFLAGS
header line.
If this header exists, an error is returned.
In the alpha version
it is possible to use a ruleset given to me by
Richard Stevenson,
which can be selected by defining
_CHECK_X_PMFLAGS_
to a non-empty string, e.g.
define(`_CHECK_X_PMFLAGS_', `1')dnl
-
_CHECK_X_SPANSKA
-
Activate the ruleset for the
X-Spanska
header line.
If this header exists, an error is returned.
-
used by:
chk-headers.m4
(introduced in version 0.2.4, 1999-02-25).
-
_MID_IN_MAP_
-
Activate the check of the
Message-Id
against the
access map.
Requires
_CHECK_MESSAGEID_
-
used by:
chk-headers.m4
(introduced in version 0.2.2, 1999-02-10)
WARNING
The options
_RELAY_ACCESS_FROM_
and
_RELAY_ACCESS_FROM_DOMAIN_
open up a hole in the anti-relay rules.
Use them only if absolutely necessary, i.e., none of the
other methods
works for your situation.
-
_RELAY_ACCESS_FROM_
-
Allow relaying based on the envelope FROM address.
This address must be in the
access map
with a RHS of RELAY.
-
used by:
chk-rcpt.m4
(introduced in version 0.2.0, 1998-10-27).
-
_RELAY_ACCESS_FROM_DOMAIN_
-
Allow relaying based on the domain part of the envelope FROM address.
This domain must be in the
access map
with a RHS of RELAY.
This option requires
_RELAY_ACCESS_FROM_
-
used by:
chk-rcpt.m4
(introduced in version 0.2.0, 1998-10-27).
[(links)]
[Hints]
[Avoiding UBE]
[cf/README]
[New]
Copyright ©
Claus Aßmann
Please send comments to:
<ca at sendmail.org>
Disclaimer: the information provided may be inaccurate or outdated
or incomplete.
Please
contact me
if you find an error.