[Esd-l] Installing sanitiser on mail relay

Ian Castle ian.castle at coldcomfortfarm.net
Wed Mar 13 09:46:02 PST 2002 

On Wed, 2002-03-13 at 06:59, Dave Horsfall wrote:
> I have a box which amongst other things is a pure mail relay i.e. all mail
> is dumped to an internal server (using Sendmail's .mc "LUSER_RELAY"
> stuff).
> 
> Trouble is, that seems to override the Procmail stuff...
> 
> Has anyone configured the Sanitiser on a user-less relay box?  I guess I
> can always put it on the internal box instead, but it's Linux and I'd
> prefer to keep it as close to the original config as possible, so I won't
> break anything.
> 

Yep.

Three machines

"gatekeeper" which is just a switch, say "mail.example.com". The LUSER
relay which is well inside the network "imap4.example.com" and an
external relay at the ISP "relay.example.com".

Been running the mail filter for quite a few months now.

I think the config is pretty much as in the example.

If you want I can give you an RPM with it all in.

---------------------------------------
divert(-1)dnl
dnl This is the macro config file used to generate the /etc/sendmail.cf
dnl file. If you modify thei file you will have to regenerate the
dnl /etc/sendmail.cf by running this macro config through the m4
dnl preprocessor:
dnl
dnl        m4 sendmail.mc > sendmail.cf
dnl
dnl You will need to have the sendmail-cf package installed for this to
dnl work.
include(`../m4/cf.m4')dnl
VERSIONID(`$Id')
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')dnl
define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`LUSER_RELAY',`imap4.example.com.')dnl
dnl define(`SMART_HOST',`relay.example.com.')dnl
define(`confCT_FILE', ` -o /etc/mail/sendmail.ct')dnl
define(`confEBINDIR',`/usr/sbin/smrsh')dnl
define(`confPRIVACY_FLAGS',
`authwarnings,noexpn,novrfy,needmailhelo,restrictmailq,restrictqrun')dnl
define(`confSTATUS_FILE',`/var/run/sendmail.st')dnl
define(`confTO_QUEUERETURN', `4d')dnl
define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confCON_EXPENSIVE',true)dnl
dnl define(`SMTP_MAILER_FLAGS',`e')dnl
define(`ALIAS_FILE',`/etc/mail/aliases,/etc/mail/majordomo')dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`STATUS_FILE',`/var/run/sendmail.st')dnl
FEATURE(always_add_domain)dnl
FEATURE(access_db)dnl
FEATURE(blacklist_recipients)dnl
FEATURE(local_procmail)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
FEATURE(redirect)dnl
FEATURE(use_ct_file)dnl
FEATURE(use_cw_file)dnl
FEATURE(`domaintable',`hash -o /etc/mail/domaintable')dnl
FEATURE(`genericstable',`hash -o /etc/mail/genericstable')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
FEATURE(`no_default_msa')dnl
MAILER(smtp)dnl
MAILER(local)dnl

LOCAL_CONFIG
CPprocmail

LOCAL_RULE_0
R$*<@$=w>$*     $#procmail $@/etc/procmail.d/gateway-filter.procmail
$:$1<@$2.procmail.>$3
R$*<@$=w.>$*    $#procmail $@/etc/procmail.d/gateway-filter.procmail
$:$1<@$2.procmail.>$3
R$*<@$*.procmail.>$*    $1<@$2.>$3

MAILER_DEFINITIONS
Mprocmail,      P=/usr/bin/procmail, F=DFMmShun, S=11/31, R=21/31,
                T=DNS/RFC822/X-Unix,
                A=procmail -m $h $g $u

-----------------------------------
Watch out --- you need TABS not SPACES in the
LOCAL_RULE_0/MAIL_DEFINITIONS bit!

-------------------------------
# cat /etc/procmail.d/gateway-filter.procmail
################################################################
#
# procmail rules to filter mail on a gateway
#

LOGFILE=/var/log/spamfilter.log
NL="
"
LOGABSTRACT=no

#################################################
#   Options for html-trap

POISONED_EXECUTABLES=/var/lib/spamfilter/poisoned-files
SECURITY_NOTIFY="postmaster"
SECURITY_NOTIFY_VERBOSE=""
SECURITY_NOTIFY_SENDER=""
SECURITY_NOTIFY_RECPIENT=""
SECRET="er908tgjkl3490gjklsd"
SECURITY_QUARANTINE=/var/spool/mail/quarantine
POISONED_SCORE=25
SCORE_HISTORY=/var/log/macro-scanner-scores
DEFANG_WEBBUGS=YES
DEBUG=YES
DROPPRIVS=YES

#################################################
#   Options for spam-dns

OSDIALCHECK=yes
OSSPAMCHECK=yes
DORKSLCHECK=yes
DULCHECK=no
RBLCHECK=no
RSSCHECK=no
ORBLCHECK=no
ORBZINCHECK=yes
ORBZOUTCHECK=no
ORDBCHECK=yes

NSLOOKUP=/usr/bin/host
TRUSTEDNETS=example.net|example.org

#################################################
#
# Include checks to run

INCLUDERC=/var/lib/spamfilter/spam-filter.procmail
INCLUDERC=/var/lib/spamfilter/spam-dns.procmail
INCLUDERC=/var/lib/spamfilter/local-rules.procmail
INCLUDERC=/var/lib/spamfilter/html-trap.procmail

:0                              # re-send the message
! -oi -f "$@"

#
################################################################
--------------------------

More information about the esd-l mailing list