Solved

Need help configuring mail server

Posted on 2006-11-22
14
506 Views
Last Modified: 2013-12-17
I would like to set up a linux server to handle incoming mail.

Right now, I have a linux host as my database server. It also handles all mail procesing. It receives between 300,000 and 400,000 email a day, less than 100 of which are legitimate; the rest is spam. The machine handles, but it really isn't that powerful a box and there are always between 60 and 100 sendmail processes running to handle this. I'd really rather my cpu cycles for this machine be devoted to database (Oracle) tasks than being sucked up by filtering through spam.

So, I'd like to set up a new machine to handle mail and forward good mail to my database server. I've tried and failed at this before. My recollection from my last attempt is that the 'mail' host forwarded all mail to the 'dbserver' without first filtering it against the access database.

Please advice. My current mc file is:

include(`../m4/cf.m4')
VERSIONID(`$Id: server.mc,v 1.5 2006/11/16 08:18:48 root Exp $')dnl
OSTYPE(`linux')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confTO_IDENT', `0')dnl
define(`confBAD_RCPT_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_THROTTLE',`3')dnl
define(`confDEAD_LETTER_DROP',`/dev/null')dnl
define(`confDOUBLE_BOUNCE_ADDRESS',`nobody')dnl
define(`confDF_BUFFER_SIZE',`16384')dnl
define(`confXF_BUFFER_SIZE',`16384')dnl
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl')dnl
FEATURE(`dnsbl', `relays.ordb.org')dnl
FEATURE(`dnsbl', `dul.dnsbl.sorbs.net')dnl
FEATURE(`delay_checks',`friend',`n')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
MASQUERADE_AS(`novatec-inc.com')
FEATURE(`masquerade_envelope')
FEATURE(`masquerade_entire_domain')
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
0
Comment
Question by:jmarkfoley
  • 9
  • 4
14 Comments
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
Sorry for the delay in response, but I've been going through your link example and setting things up as I get the opportunity. I'm about ready to 'fire it up', but I have a few questions:

1. The example .mc configures the genericstable as optional, but I've copied in the sample genericstable and attempted to 'make' it. I get a message saying no rule to make genericstable[.db]. Wassup? Should I just fuggedaboutit?

2. mailertable
I am setting up a mail host named 'mail' and I want all the mail for my domain forwarded to the host 'server'. Pretty simple (I hope). I'm not a DNS guru. All my hosts are running named, but the named.conf is as shipped w/the system. I have configured no zones. I do have external name servers configured in resolv.conf. Your mailertable comment says, "Direct incoming mail to appropriate internal hosts (and don't use MX lookups)". I think that is what I want, but your examples use domain names. Should I go ahead and do:

server.mydomain.com          smtp:[server.mydomain.com]
mydomain.com                 smtp:[server.mydomain.com]

what about not specifying the domain:

server.mydomain.com    smtp:[server]
mydomain.com               smtp:[server]

or should I just use the IP:

server.mydomain.com   smtp:[192.168.1.10]
mydomain.com              smtp:[192.168.1.10]

3. I am used to doing: m4 myconfig.mc >myconfig.cf
This is probably wrong. When I do this on my edited version of you example I do get a .cf file, but all the .mc directives are interlined in the file, uncommented. That's not going to work. There must be something about my old .mc files that let it work. I do notice the example has divert statements (my old one does not) and my old one has: include(`../m4/cf.m4')  and your example does not. What is the proper way to 'compile' the example? (I'm not an m4 guru either).

3. If you talked about the configuration on the target machine (my 'server' host), I must have missed it. Do I need to do anything to that machine to accept mail routed from 'mail'? I have: '192.168.1.13          RELAY' in server's access file (.13 is 'mail's IP). Is that all I need to do? In my server's .mc file I also have:

MASQUERADE_AS(`mydomain.com')
FEATURE(`masquerade_envelope')
FEATURE(`masquerade_entire_domain')

which has heretofore sent mail from user@server.mydomain.com out as user@mydomain.com. I still need that, right? Or will this mess something up? I don't need to route outgoing mail from 'server' through 'mail', so I don't think I need smarthost, but your opinion on that would also be valued.

Thanks, almost there. This has really helped. This one is worth way more than 500 points!
0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
Any more thoughts on this one?
0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
Anything at all? ...
0
 
LVL 14

Expert Comment

by:ygoutham
Comment Utility
are you trying to create your own myconfig.mc and myconfig.cf

>>>>3. I am used to doing: m4 myconfig.mc >myconfig.cf

then try doing a

m4 myconfig.mc > sendmail.cf

m4 creates a configuration file from the .mc (make configuration when expanded) into a more sendmail-friendly .cf (configuration file when expanded).  when you do not specifiy anything when doing the subsequent commands sendmail would use the default sendmail.cf and NOT your myconfig.cf.  if you have put it only for question purpose here, then it is alright.

what do you want?? stop spam or forward any mails coming to a different server???


>>>server.mydomain.com          smtp:[server.mydomain.com]
>>>>mydomain.com                 smtp:[server.mydomain.com]

if it is the same machine, what you are trying to do here is irrelevant.  let us say you have somedomain.com also with you.  when you want to relay messages for somedomain.com (which is other than your own server.mydomain.com) then you add these lines in your mailertable file.  otherwise do not get confused with it right now..

make all changes to your sendmail.mc (i hope you have backed up your original version, in case some screw up happens, we need that for reinstating old status). and then

m4 sendmail.mc > sendmail.cf
make
newaliases
service sendmail restart  (or) service sendmail start


for your innumerous SPAM, it is an ongoing war every mail server administrator is a part of.  join the club.  try doing something like installing (any one of the following will do the job.  you do not need all of them)

openprotect
amavisd-new
spamassassin
MailScanner
Mimedefang
milter

0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
Thanks for your response. Sorry, I've been away on other issues. Let me deal with the items one-by-one:

First off, the "template" file given by PsiCop did not have the include(`../m4/cf.m4') line, so it was generating a very whacky looking .cf file. I just went ahead and copied that into my new "template" and it seems to have now created a good file. So, at least that part of my question #3 is (probably) solved.

With respect to my question on mailertable: No, it is not the same machine. I have one machine [mail] that will be the mail server connected to the Internet (and hopefully doing spam filtering) and another machine [server] to which I want [mail] to direct ALL my donain's email. My understanding is that this is accomplished through the mailtertable file. Can you verify that? I have 3 the possible syntaxes for entries in this table where 'server' is the name of the host to which I want to send my domain's mail:

a)
server.mydomain.com          smtp:[server.mydomain.com]
mydomain.com                 smtp:[server.mydomain.com]

b)
server.mydomain.com    smtp:[server]
mydomain.com               smtp:[server]

c)
server.mydomain.com   smtp:[192.168.1.10]
mydomain.com              smtp:[192.168.1.10]

I'm not sure which on to use. I think using IP's (c) is probably a sure bet, but I'd rather use names. In fact, I'd rather use syntax (b). I suppose I could just try both.

Thanks for the tip on 'service sendmail restart'. I've never done that. I've always just done: kill -HUP <processId>

Finally, if you would talk a look at my second question #3 (I messed up the numbering) and see if you can answer my question about getting my server.mydomain.com to accept mail routed from my mail.mydomain.com, I'd appreciate it.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
The square brackets around a hostname tell sendmail to not resolve the MX, but instead to query DNS for the A record. This can prevent mail loops, where the MX for the Zone points to the same host specified within the brackets.
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
Sorry about the square brackets. I didn't know it meant something special. I was just using to to designate the actual name of the host rather than just the generic word "server". I don't have brackets anywhere really.

Thanks for replying. I think I am almost there. I made some changes to your template file. I included that: include(`../m4/cf.m4') line in my .mc file and it compiled OK. I also had to change mdb to hash for the access, virtualusertable, etc. Once I did that, sendmail ran fine. It started processing mail from the web once I routed the mail to that server.

PROBLEM: From this server: mail, I want to send all mail to a host on my lan: server. I have configured the mailtertable as shown above using the IP of server: 192.168.1.10. When I try to send mail from the web (hotmail), it gets rejected with relaying denied: How do I fix this? I do have mail's IP configured in server's /etc/mail/access file:
192.168.1.13            RELAY

Here is the /var/log/maillog message on the mail host:

Feb 10 17:45:44 mail sm-mta[16574]: l1AMjihE016574: ruleset=check_rcpt, arg1=<mfoley@novatec-inc.com>, relay=bay0-omc3-s25.bay0.hotmail.com [65.54.246.225], reject=550 5.7.1 <mfoley@novatec-inc.com>... Relaying denied

Feb 10 17:45:45 mail sm-mta[16574]: l1AMjihE016574: from=<jmarkfoley@hotmail.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=bay0-omc3-s25.bay0.hotmail.com [65.54.246.225]
0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
I think I've got it working. On the mail server I added the files /etc/mail/relay-domains and /etc/mail/sendmail.cw. Both contain my domain name only (no servers).

I also added:

FEATURE(`use_cw_file')
FEATURE(relay_entire_domain)

to my .mc file. After that, when I sent mail from a remote host, I got "MX Loops back to me ..." (or whatever that message is). Since my lan does not have MX usage, I changed the mailertable entries to be IP addresses as I described in item (c) in my posting of 02/10/2007 02:22PM PST.

One remaining question I have is, are both the relay-domains and sendmail.cw files required? I put them both in at once, not serially, so I didn't test that. I hate to monkey with it now, so if someone knows the answer, I'd appreciate a response.

Same question on FEATURE(relay_entire_domain). Do I really need this?

I'll leave this question up a few more days for some feedback on the above before closing.

Thanks!
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
"relay-domains" specifies the Domains for which sendmail will relay, without question. RBL checks will be bypassed for all destination Domains in "relay-domains"

The "cw" file refers, usually, to "local-host-names", and specifies the FQDNs that sendmail will consider "local", and will not attempt to relay if the user name cannot be resolved for a local mailbox.

No, most well-written configurations don't need FEATURE(relay_entire_domain).
0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
OK - I'm thinking I need to remove FEATURE(relay_entire_domain). Watching my maillog I see that it is relaying for other domains, which I don't want to do.

Is my own domain necessary for "relay-domains"?

I don't quite understand your comment on "cw" file. What is an FQDN? None of the "users" I want to relay for are defined on my mail server. They are an the target host within the lan. So there is no "local" mailbox. Is this a problem? Should I remove the cw_file reference? Perhaps my whole problem was needing the IP address for mailertable and these other changes (relay_entire_domain, cw_file) were superfluous and, in fact, possibly detrimental?
0
 
LVL 34

Accepted Solution

by:
PsiCop earned 500 total points
Comment Utility
FQDN = Fully-Qualified Domain Name.

As I suggested in the PAQ to which I referred you to earlier, you can use the access table to control relaying for your own Domain.

If there are no local files, then you do not need the CW file.
0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
OK - I'm going to try backing out the cw_file (I assume you meant "no local users") and the relay_entire_domain one by one and see what breaks (or not). I tried to follow your PAQ as closely as possible, so perhaps the access table will be sufficient. My access table has
192.168.1               RELAY

I'll post what happens.

Thanks again.
0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
Well, I've decided not to play around with the configuration I've got. I'll post it below in case anyone else needs this specific setup:

divert(-1)dnl

dnl # * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
dnl # Author: Mark Foley - Novatec Software Engineering, LLC - mfoley@novatec-inc.com
dnl #   Date: 04-DEC-2006
dnl #    $Id: mailRelay.mc,v 1.0 2006/12/04 19:12:53 mfoley Exp root $
dnl #
dnl # This mc file is based on the suggestions supplied by PsiCorp in:
dnl #  http://www.experts-exchange.com/Networking/Email_Groupware/Sendmail/Q_21322113.html
dnl #
dnl # $Log: mailRelay.mc,v $
dnl # Revision 1.0  2006/12/04 19:12:53  mfoley
dnl # Initial revision
dnl #
dnl #
dnl #
dnl # NOTES: Sendmail book (Chap 4.2.3, page 155) states recommended
dnl #        order of entries in .mc file; see Chap 4.1.2 (Page 147)
dnl #        concerning "dnl"
dnl #
dnl # * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

divert(0)dnl

include(`../m4/cf.m4')
dnl # Sendmail, Chap 4.2.3.1, Page 155
VERSIONID(`$Id: mailRelay.mc,v 1.0 2006/12/04 19:12:53 mfoley Exp root $')dnl

dnl # Sendmail, Chap 4.2.2.1, Page 152
OSTYPE(`linux')dnl

dnl # Sendmail, Chap 4.2.2.3, Page 152
DOMAIN(generic)dnl

######################
## Optional Definitions Section ##
######################

dnl # Sendmail, Chap 24.9.8, Page 951
dnl # As an anti-SPAM measure, instruct daemon that after a sending host
dnl #  gives more than one RCPT TO: for a non-existent/invalid destination,
dnl #  throttle the connection by delaying the "550 user unknown" reply
define(`confBAD_RCPT_THROTTLE',`1')dnl

dnl # Sendmail, Chap 24.9.91, Page 1043
dnl # Tune DNS/BIND options to work around broken AAAA records (IPv6)
dnl # Not needed if you build sendmail without IPv6 support
dnl # jmf define(`confBIND_OPTS',`WorkAroundBrokenAAAA')dnl

dnl # Sendmail, Chap 24.9.13, Page 955
dnl # Force daemon to re-write queue control file after successful delivery
dnl #   to 5 recipients; this will minimize duplicates if the daemon is
dnl #   interrupted during a delivery
define(`confCHECKPOINTINTERVAL',`5')dnl

dnl # Sendmail, Chap 24.9.21, Page 960
dnl # Instruct daemon to throttle acceptance of new connections if more
dnl #   than 5 new connections arrive in 1 second
define(`confCONNECTION_RATE_THROTTLE',`5')dnl

dnl # Sendmail, Chap 24.9.26, Page 967
dnl # Send E-Mail that double-bounces and is directed to no local
dnl #  recipient to /dev/null
define(`confDEAD_LETTER_DROP',`/dev/null')dnl

dnl # Sendmail, Chap 24.9.32, Page 973
dnl # Set Delivery Mode to "background" ("interactive" used for debugging)
define(`confDELIVERY_MODE',`background')dnl

dnl # Sendmail, Chap 24.9.25, Page 967
dnl # Specify the maximum size, in bytes, of buffered df* files (default is
dnl #   4096 bytes; 0 turns this off and is not recommended)
define(`confDF_BUFFER_SIZE',`16384')dnl

dnl # Sendmail, Chap 24.9.41, Page 993
dnl # Return error messages that bounce (a double-bounce) to User ID
dnl #  "nobody" (will eventually be routed to /dev/null)
define(`confDOUBLE_BOUNCE_ADDRESS',`nobody')dnl

dnl # Sendmail, Chap 24.9.60, Page 1011
dnl # Instruct daemon to stop spawning new children when 25 children already
dnl #   exist (note that this can enable a DoS attack)
dnl #jmf define(`confMAX_DAEMON_CHILDREN',`25')dnl

dnl # Sendmail, Chap 24.9.63, Page 1013
dnl # Limit maximum size, in bytes, of any given E-Mail to 10 MB
dnl #  (10485760 bytes) - checked if sender reports and again at end of DATA
dnl #jmf define(`confMAX_MESSAGE_SIZE',`10485760')dnl

dnl # Sendmail, Chap 24.9.66, Page 1016
dnl # Set the upper limit on the number of messages that may be processed
dnl #  during any one queue run to 100
dnl #jmf define(`confMAX_QUEUE_RUN_SIZE',`100')dnl

Sendmail, Chap 24.9.67, Page 1016
dnl # As an anti-SPAM measure, limit the number of recipients per mail
dnl #  envelope to 100 (over the limit tells sending host to defer to later
dnl #  for just those addresses over the limit)
define(`confMAX_RCPTS_PER_MESSAGE',`20')dnl

dnl # Sendmail, Chap 24.9.19, Page 959
dnl # Turn on connection caching and limit maximum number of simultaneous
dnl #  outbound connections kept open to 1; default is 2; this option also
dnl #  depends on MCI_CACHE_TIMEOUT (below)
dnl #jmf define(`confMCI_CACHE_SIZE',`1')dnl

dnl # Sendmail, Chap 24.9.19, Page 959
dnl # Set time limit on how long a cached outbound connection may be
dnl #  kept open to 120 seconds (2 minutes) - see MCI_CACHE_SIZE above
dnl #jmf define(`confMCI_CACHE_TIMEOUT',`120s')dnl

dnl # Sendmail, Chap 24.9.72, Page 1022
dnl # Force messages that are not delivered on the first try to wait a
dnl #  minimum of 15 minutes before being processed for another delivery
dnl #  attempt (keeps the same failed messages from clogging system)
define(`confMIN_QUEUE_AGE',`15m')dnl

dnl # Sendmail, Chap 24.9.75, Page 1024
dnl # Instruct daemon that if an envelope does not have at least one
dnl #   "Recipient:" header, then add a "To: undisclosed-recipients;" header
dnl #    to the E-Mail (this can legitmately happen if all recipients are BCCd)
define(`confNO_RCPT_ACTION',`add-to-undisclosed')dnl

dnl # Sendmail, Chap 24.9.78, Page 1027
dnl # Define the name and path of the daemon's PID file
dnl #jmf define(`confPID_FILE',`/some/path/sendmail-mta.pid')dnl

dnl # Sendmail, Chap 24.9.80, Page 1029
dnl # Privacy/Security settings
dnl #   needmailhelo - require sending host to issue HELO/EHLO before conversing
dnl #   noexpn - disable name expansion command
dnl #   novrfy - disable SMTP verify command
dnl #   noverb - disable SMTP Verbose mode
dnl #   authwarnings - enable "X-Authentication-Warning:" headers
dnl #   noetrn - disable client ability to force queue run
dnl #   restrictmailq - restrict who can view mail queue
dnl #   restrictqrun - restrict who can force a queue run
define(`confPRIVACY_FLAGS', `needmailhelo,noexpn,novrfy,noverb,authwarnings,noetrn,restrictmailq,restrictqrun')dnl

dnl # Sendmail, Chap 24.9.93, Page 1045
dnl # Instruct daemon to convert "Return-Receipt-To:" header to a DSN
dnl #   NOTIFY=SUCCESS request (omitted boolean parameter defaults to "true")
define(`confRRT_IMPLIES_DSN')dnl

dnl # Sendmail, Chapter 24.9.107, Page 1057
dnl # Force MTA to queue each message, even for local delivery, and to sync
dnl #   to disk before forking (do not use "interactive" with
dnl #   "background" delivery mode)
define(`confSAFE_QUEUE',`true')dnl

dnl # Sendmail, Chap 24.9.109.13, Page 1065
dnl # Disable IDENT (RFC 1413) calls/turn off sending user-host verification
define(`confTO_IDENT',`0')dnl

dnl # Sendmail, Chap 24.9.109.18, Page 1066
dnl # Set a timeout of 3 days before a message that has not been
dnl #   successfully delivered is returned to the sender as undeliverable
dnl #   (default is 5 days)
define(`confTO_QUEUERETURN',`3d')dnl

dnl # Sendmail, Chap 24.9.109.19, Page 1067
dnl # Set a timeout of 6 hours (24 attempts) before a message that has not
dnl #   been delivered generates a warning to the sender that it hasn't been
dnl #   delivered yet (default is 4 hours)
define(`confTO_QUEUEWARN',`6h')dnl

dnl # Sendmail, Chap 24.9.120, Page 1077
dnl # Specify the maximum size, in bytes, of buffered xf* files (default is
dnl #   4096 bytes; 0 turns this off and is not recommended)
define(`confXF_BUFFER_SIZE',`16384')dnl


################
## Features Section ##
################

dnl # Disable the following features
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
undefine(`DECNET_RELAY')dnl
undefine(`FAX_RELAY')dnl

dnl # Sendmail, Chap 7.5, Page 311
dnl # Turn on Access DB to accept/reject mail from selected sites, and
dnl #   specify database type, path and name; "-o" makes it optional and
dnl #   "-T<TMPF>" parameter instructs daemon to return SMTP 4xy codes
dnl #   for temporary errors
dnl # jmf add lookup dot domain for e.g. .hu
FEATURE(`access_db',`hash -o -T<TMPF> /etc/mail/access.db')dnl
FEATURE(`lookupdotdomain')dnl

dnl # Sendmail, Chap 7.5.5, Page 317
dnl # Allow blacklisting to be done on a per-recipient basis
FEATURE(blacklist_recipients)dnl

dnl # Sendmail, Chap 7.5.6, Page 318
dnl # Change order of relay checks (requires "access_db" feature above)
dnl #   to check SMTP RCPT TO: first, then SMTP MAIL FROM:, and finally
dnl #   the host (via access_db and RBLs) - "friend" keyword allows
dnl #   entries in access_db to override RBLs and "n" turns off
dnl #   backwards-compatibility with earlier versions of sendmail
dnl #   This allows creation of specific entries in the access database
dnl #   that bypass the RBLs (for example, an "abuse" alias, or the
dnl #     address in the custom reject messages below)
FEATURE(`delay_checks',`friend',`n')dnl
FEATURE(relay_entire_domain)dnl

dnl # Sendmail, Chap 7.2.1, Page 296
dnl # RBL lookup failures will be treated as not blacklisted (i.e. setting
dnl #    is to "fail friendly")
dnl # Activate default DNS blacklist (mail-abuse.org)
FEATURE(dnsbl)dnl

dnl # Sendmail, Chap 7.2.2, Page 297
dnl # Add SpamHaus BL with custom reject message
FEATURE(`enhdnsbl',`sbl.spamhaus.org',`"ACCESS DENIED. Mail from " $&{client_addr} " refused based on information from http://www.spamhaus.org/SBL"')dnl

dnl # Sendmail, Chap 7.2.2, Page 297
dnl # Add ORDB BL with custom reject message
FEATURE(`enhdnsbl',`relays.ordb.org',`"ACCESS DENIED. Mail from " $&{client_addr} " refused based on information from http://www.ordb.org"')dnl

dnl # Sendmail, Chap 7.2.2, Page 297
dnl # Added NJABL BL with custom reject message
FEATURE(`enhdnsbl',`dnsbl.njabl.org',`"ACCESS DENIED. Mail from " $&{client_addr} " refused based on information from http://njabl.org"')dnl

dnl # Sendmail, Chap 7.2.2, Page 297
dnl # Add AbuseAt BL with custom reject message
FEATURE(`enhdnsbl',`cbl.abuseat.org',`"ACCESS DENIED. Mail from " $&{client_addr} " refused based on information from http://cbl.abuseat.org"')dnl

dnl # Sendmail, Chap 7.2.2, Page 297
dnl # Add SpamCop BL with custom reject message
FEATURE(`enhdnsbl',`bl.spamcop.net',`"ACCESS DENIED. Mail from " $&{client_addr} " refused based on information from http://spamcop.net/bl.shtml?"$&{client_addr}')dnl

dnl # Sendmail, Chap 4.8.16, Page 181
dnl # Turn on Generics mapping and specify database type, path and
dnl #   name; "-o" makes it optional (used for re-writing FROM of outgoing
dnl #   mail)
FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnl

dnl # Sendmail, Chap 4.8.24, Page 188
dnl # Turn on per-Domain message delivery agent selection and specify
dnl #   database type, path and name; "-o" makes it optional
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl

dnl # Sendmail, Chap 4.8.28, Page 192
dnl # Turn off E-Mail canonization (should be done by MSA, and this
dnl #     is a mail relay with no local users)
FEATURE(`nocanonify')dnl

dnl # Sendmail, Chap 4.8.30, Page 194
dnl # Instruct daemon not to listen on port 587 for local MSA (this
dnl #     is a mail relay with no local users submitting mail)
FEATURE(`no_default_msa')dnl

dnl # Sendmail, Chap 4.8.32, Page 194
dnl # Turn off all UUCP support and give reject message
FEATURE(`nouucp', reject)dnl

dnl # Sendmail, Chap 4.8.47, Page 199
dnl # Enable use of Trusted User's file
dnl # Default location is /etc/mail/trusted-users
dnl # File is required by default; see Page 199
FEATURE(`use_ct_file')dnl
FEATURE(`use_cw_file')dnl
dnl # Sendmail, Chap 4.8.51, Page 201
dnl # Turn on Virtual User mapping and specify database type, path and
dnl #   name; "-o" makes it optional
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl

################
## Macro Definitions ##
################

dnl # Sendmail, Chap 21.9.100, Page 834
dnl # Set the config file version in format <server>-<serial #>
define(`confCF_VERSION',`host-123')dnl

dnl # Sendmail, Chap 7.5.4, Page 317
dnl # Set a custom message for connection rejections based on access DB
dnl # jmf define(`confREJECT_MSG',`550 Your mail has been rejected. Report problems to bugger.off@somedomain.com')dnl

dnl # Sendmail, Chap 7.4.2, Page 304
dnl # Set a custom message for relay attempts by unauthorized hosts
dnl # jmf define(`confRELAY_MSG',`550 Relay DENIED: report problems to bugger.off@somedomain.com')dnl

dnl # Sendmail, Chap 4.8.16.2, Page 183
dnl # Define the name and path of the Generic Domains file; "-o" makes
dnl #   its existence optional; used in conjunction with genericstable feature
GENERICS_DOMAIN_FILE(`-o /etc/mail/generic-domains')dnl

###########
## Mailers
###########
dnl # Per Sendmail book (Chapter 4.2.2.2, page 152) do not change order
dnl # "local" removed since this is a relay host with no local accounts
MAILER(smtp)dnl

##################
## Local Config Section ##
##################
dnl # Any local configuration statements, such as local
dnl # macro definitions, should go here.

dnl # Define a file for the Domains that are Virtually Hosted - but
dnl #     do NOT use the built-in VIRTUSER_DOMAIN_FILE macro, as that also
dnl #     adds the Domains to RELAY_DOMAINS ("Class {R}"), resulting in bypass
dnl #     of the RBLs and the virtusertable lookups
dnl #    Credit to Jan Pieter Cornet for this idea
LOCAL_CONFIG
dnl # F{VirtHost}/etc/mail/virtuser.domains

##################
## Local Rules Section ##
##################

dnl # Per Sendmail book (Chapter 4.2.2.2, page 153) the LOCAL_RULES
dnl #    need to go AFTER the Mailers

dnl # See Sendmail book pages 158, 159 and Chapters 19 and 25
dnl # Define special rules for this host to use when processing mail
dnl # IMPORTANT NOTES: Ruleset names should begin with capital
dnl #           letter to avoid collision with sendmail internal
dnl #           rulesets; TAB is the delimiter between key entries,
dnl #           spaces will NOT work

##################
## End of sendmail.mc ##
##################
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

MS outlook is a premier email client that enable you to send and receive the e-mails with various file formats of attachments such as document files, media file, and many others formats. There is some scenario occurs when a receiver of an e-mail mes…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now