HACK
s
and the provided
options.
For each
option,
a notice is given whether the feature is available
(maybe in slightly modified form) in 8.9.
For those options that are not (yet) in 8.9,
new versions of my
my HACK
s are available.
8.9 has hooks for all check_*
rulesets called Local_check_*
.
My
HACK
s
have already an
option
for this.
Theoretically, you could continue to use these hacks,
however this is not the best way.
Most of these
HACK
s
can be translated
into
standard FEATURE
s
for sendmail 8.9.
If you rely on one of the
options
which are not available in 8.9,
you can of course continue to use my
rulesets.
However, 8.9 introduces several new features which provide
significant enhancements to fight
UBE,
even though they
do not allow as much control
of acceptance/rejections/relaying as
available by the options for my HACK
s.
Content of this article:
-T
flag for maps makes it possible to distinguish between permanent
and temporary lookup failures.
This allows the rejection of mails with faked domain parts,
for which in 8.8 only
a temporary failure
can be returned.
cf/README
):
LOCAL_CONFIG Kdigits regex -a@MATCH ^[0-9]+$ # systems which don't have usernames with only digits F{NoNumeric}/etc/mail/nonumeric LOCAL_RULESETS SLocal_check_mail # check address against various regex checks R$* $: $>3 $1 canonify and check from R$+<@$*$={NoNumeric}.> $: $(digits $1 $: $1<@$2$3.> $) R$*@MATCH $#error $@ 4.1.8 $: "451 Spam address. Go away."
HHeader: $>Rulesetinstructs sendmail to call
Ruleset
for each
Header
line.
For example:
HMessage-Id: $>CheckMessageIdtells sendmail to call the ruleset
CheckMessageId
for each
MessageId:
header.
The ruleset may look like this:
SCheckMessageId R< $+ @ $+ > $@ OK R$* $#error $: 552 Header ErrorIt performs a simple syntax check for the
Message-Id:
header.
This provides some nice opportunities
together with
regular expressions.
Another example
(simplified version of the ruleset in
chk-headers.m4)
is:
HTo: $>CheckTo SCheckTo R$* $: $>LookUp $1 R<OK>$* $@ OK R<REJECT>$* $#error $: 552 Header Error To R<DISCARD>$* $#discard $: discard R<$+>$* $#error $@ 5.7.1 $: $1which compares the elements of the
To:
header against the
access map.
If this map has an entry like
friend@public.com "501 You must be kidding."e-mail which contains
To: friend@public.com
will be rejected.
Yet another example is:
HX-Spanska: $>Spanska SSpanska R$* $#error $: "552 Your system is probably infected by the Happy99 worm; see http://www.symantec.com/avcenter/venc/data/happy99.worm.html"or just discard it:
R$* $#discard $: discardwhich should take care of the HAPPY99.EXE worm.
And one more example is:
HSubject: $>Subject D{Subject}C:\\CoolProgs\\Pretty\ Park.exe SSubject R${Subject} $#error $: "552 Virus..."
FEATURE
s
do not allow a very fine-grained control of acceptance/rejections/relaying,
and some features require a little knowledge about the
check_*
rulesets.
Therefore I wrote down
some ideas about possible enhancements.
8.9.{0,1} has a bug with respect to overriding the
RBL
which can be fixed by
a patch for cf/m4/proto.m4
.
It is fixed in sendmail 8.9.2.
sendmail 8.9.1 has a bug with respect to the prevention
of unauthorized relay attempts which can be fixed by
a patch for cf/m4/proto.m4
.
This hole is fixed in 8.9.2.