訳者一覧:
 設定ファイル (cf)
 はじめに
 典型的な .mc
 M4 入門
 /etc/mail/
OSTYPE 定義
 LOCAL_MAILER
 USENET
 SMTP
 UUCP
 FAX
 POP
 Procmail
 mail11
 phquery
 cyrus
 qpage
DOMAIN 定義
MAILER 定義
FEATURE 定義
 HACK 機能
 サイトの設定(旧式)
 UUCP メイラ
 書換規則の微調整
LOCAL_RULES
  LOCAL_CONFIG
 マスカレードと中継
 LDAP
 LDAP 再配送
 ANTI-SPAM (未完)
  中継
  送信元の確認
  データべース(アクセス表)
  MAPS プロジェクト
  アクセス表の左項で微調整
  Delay all checks
 STARTTLS
  中継
  Received: ヘッダ
 SMTP 認証
 メイラ・ルールセット追加
 メールフィルタの追加
 待行列の追加
 SMTP 以外の設定
 私は誰ですか?
 複数のホスト名
 MAILERTABLE
 USERDB で氏名との対応付
 その他雑多な特殊機能 (+)
 セキュリティ
 詳細な設定 (confXXXX)
 メッセージ送信
 Map Formats
 src ディレクトリ構成
 Administrative Details
  RULESETS
  MAILERS
  MACROS
  CLASSES
  M4 DIVERSIONS
 日本語訳変更点

Other language: ja | en |
この画面は http://home.jp.FreeBSD.org/~koga/cf/ から勝手に持って来て自分用に見易くしたものです。 原本の更新よりも古い可能性があります。

ANTI-SPAM

ANTI-SPAM CONFIGURATION CONTROL

The primary anti-spam features available in sendmail are:

  • Relaying is denied by default.
  • Better checking on sender information.
  • Access database.
  • Header checks.
Relaying (transmission of messages from a site outside your host (class {w}) to another site except yours) is denied by default. Note that this changed in sendmail 8.9; previous versions allowed relaying by default.

If you really want to revert to the old behaviour, you will need to use

FEATURE(`promiscuous_relay').
You can allow certain domains to relay through your server by adding their domain name or IP address to class {R} using
RELAY_DOMAIN()
and
RELAY_DOMAIN_FILE()
or via the access database (described below). The file consists (like any other file based class) of entries listed on separate lines, e.g.,
	sendmail.org
	128.32
	1:2:3:4:5:6:7
	host.mydomain.com
If you use
FEATURE(`relay_entire_domain')
then any host in any of your local domains (that is, class {m}) will be relayed (that is, you will accept mail either to or from any host in your domain).

You can also allow relaying based on the MX records of the host portion of an incoming recipient address by using

FEATURE(`relay_based_on_MX')
For example, if your server receives a recipient of user@domain.com and domain.com lists your server in its MX records, the mail will be accepted for relay to domain.com. Note that this will stop spammers from using your host to relay spam but it will not stop outsiders from using your server as a relay for their site (that is, they set up an MX record pointing to your mail server, and you will relay mail addressed to them without any prior arrangement).

Along the same lines,

FEATURE(`relay_local_from')
will allow relaying if the sender specifies a return path (i.e. MAIL FROM: <user@domain>) domain which is a local domain. This a dangerous feature as it will allow spammers to spam using your mail server by simply specifying a return address of user@your.domain.com. It should not be used unless absolutely necessary.

A slightly better solution is

FEATURE(`relay_mail_from')
which allows relaying if the mail sender is listed as RELAY in the access map. If an optional argument `domain' is given, the domain portion of the mail sender is also checked to allowing relaying.

This option only works together with the tag From: for the LHS of the access map entries (see below: Finer control...). If source routing is used in the recipient address (i.e. RCPT TO: <user%site.com@othersite.com>), sendmail will check user@site.com for relaying if othersite.com is an allowed relay host in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, or the access database if FEATURE(`access_db') is used. To prevent the address from being stripped down, use:

FEATURE(`loose_relay_check')
If you think you need to use this feature, you probably do not. This should only be used for sites which have no control over the addresses that they provide a gateway for. Use this FEATURE with caution as it can allow spammers to relay through your server if not setup properly.

NOTICE: It is possible to relay mail through a system which the anti-relay rules do not prevent: the case of a system that does use

FEATURE(`nouucp',`nospecial') (system A)
and relays local messages to a mail hub (e.g., via
LOCAL_RELAY or LUSER_RELAY) (system B).
If system B doesn't use
FEATURE(`nouucp')
at all, addresses of the form <example.net!user@local.host> would be relayed to <user@example.net>. System A doesn't recognize `!' as an address separator and therefore forwards it to the mail hub which in turns relays it because it came from a trusted local host. So if a mailserver allows UUCP (bang-format) addresses, all systems from which it allows relaying should do the same or reject those addresses.

As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has an unresolvable domain (i.e., one that DNS, your local name service, or special case rules in ruleset 3 cannot locate). If you want to continue to accept such domains, e.g., because you are inside a firewall that has only a limited view of the Internet host name space (note that you will not be able to return mail to them unless you have some "smart host" forwarder), use

FEATURE(`accept_unresolvable_domains')
sendmail will also refuse mail if the MAIL FROM: parameter is not fully qualified (i.e., contains a domain as well as a user). If you want to continue to accept such senders, use
FEATURE(`accept_unqualified_senders')
Setting the DaemonPortOptions modifier 'u' overrides the default behavior, i.e., unqualified addresses are accepted even without this FEATURE. If this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used to enforce fully qualified addresses.

An ``access'' database can be created to accept or reject mail from selected domains. For example, you may choose to reject all mail originating from known spammers. To enable such a database, use

FEATURE(`access_db')
The FEATURE macro can accept a second parameter giving the key file definition for the database; for example
FEATURE(`access_db', `hash /etc/mail/access')
Remember, since /etc/mail/access is a database, after creating the text file as described below, you must use makemap to create the database map. For example:
makemap hash /etc/mail/access < /etc/mail/access
The table itself uses e-mail addresses, domain names, and network numbers as keys. For example,
	spammer@aol.com		REJECT
	cyberspammer.com	REJECT
	192.168.212		REJECT
would refuse mail from spammer@aol.com, any user from cyberspammer.com (or any host within the cyberspammer.com domain), and any host on the 192.168.212.* network. The value part of the map can contain:
	OK		Accept mail even if other rules in the
			running ruleset would reject it, for example,
			if the domain name is unresolvable.
	RELAY		Accept mail addressed to the indicated domain or
			received from the indicated domain for relaying
			through your SMTP server.  RELAY also serves as
			an implicit OK for the other checks.
	REJECT		Reject the sender or recipient with a general
			purpose message.
	DISCARD		Discard the message completely using the
			$#discard mailer.  If it is used in check_compat,
			it affects only the designated recipient, not
			the whole message as it does in all other cases.
			This should only be used if really necessary.
	### any text	where ### is an RFC 821 compliant error code and
			"any text" is a message to return for the command.
			The string should be quoted to avoid surprises,
			e.g., sendmail may remove spaces otherwise.
	ERROR:### any text
			as above, but useful to mark error messages as such.
	ERROR:D.S.N:### any text
			where D.S.N is an RFC 1893 compliant error code
			and the rest as above.
For example:
	cyberspammer.com	ERROR:"550 We don't accept mail from spammers"
	okay.cyberspammer.com	OK
	sendmail.org		RELAY
	128.32			RELAY
	1:2:3:4:5:6:7		RELAY
	[127.0.0.3]		OK
	[1:2:3:4:5:6:7:8]	OK
would accept mail from okay.cyberspammer.com, but would reject mail from all other hosts at cyberspammer.com with the indicated message. It would allow relaying mail from and to any hosts in the sendmail.org domain, and allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:* network. The latter two entries are for checks against ${client_name} if the IP address doesn't resolve to a hostname (or is considered as "may be forged").

Warning: if you change the RFC 821 compliant error code from the default value of 550, then you should probably also change the RFC 1893 compliant error code to match it. For example, if you use

	user@example.com	450 mailbox full
the error returned would be "450 4.0.0 mailbox full" which is wrong. Use "450 4.2.2 mailbox full" or "ERROR:4.2.2:450 mailbox full" instead.

Note, UUCP users may need to add hostname.UUCP to the access database or class {R}. If you also use:

FEATURE(`relay_hosts_only')
then the above example will allow relaying for sendmail.org, but not hosts within the sendmail.org domain. Note that this will also require hosts listed in class {R} to be fully qualified host names.

You can also use the access database to block sender addresses based on the username portion of the address. For example:

FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted
Note that you must include the @ after the username to signify that this database entry is for checking only the username portion of the sender address. If you use:
FEATURE(`blacklist_recipients')
then you can add entries to the map for local users, hosts in your domains, or addresses in your domain which should not receive mail:
	badlocaluser@		ERROR:550 Mailbox disabled for this username
	host.mydomain.com	ERROR:550 That host does not accept mail
	user@otherhost.mydomain.com	ERROR:550 Mailbox disabled for this recipient
This would prevent a recipient of badlocaluser@mydomain.com, any user at host.mydomain.com, and the single address user@otherhost.mydomain.com from receiving mail. Please note: a local username must be now tagged with an @ (this is consistent with the check of the sender address, and hence it is possible to distinguish between hostnames and usernames). Enabling this feature will keep you from sending mails to all addresses that have an error message or REJECT as value part in the access map. Taking the example from above:
	spammer@aol.com		REJECT
	cyberspammer.com	REJECT
Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.

There is also a ``Realtime Blackhole List'' run by the MAPS project at http://maps.vix.com/. This is a database maintained in DNS of spammers. To use this database, use

FEATURE(`dnsbl')
This will cause sendmail to reject mail from any site in the Realtime Blackhole List database. This default DNS blacklist, blackholes.mail-abuse.org, is a service offered by the Mail Abuse Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription service, so using that network address won't work if you haven't subscribed.

Contact MAPS to subscribe ( http://mail-abuse.org/ ).

You can specify an alternative RBL server to check by specifying an argument to the FEATURE. The default error message is

        Mail from IP-ADDRESS refused by blackhole site SERVER
where IP-ADDRESS and SERVER are replaced by the appropriate information. A second argument can be used to specify a different text. By default, temporary lookup failures are ignored and hence cause the connection not to be rejected by the DNS based rejection list. This behavior can be changed by specifying a third argument, which must be either `t' or a full error message. For example:
FEATURE(`dnsbl', `dnsbl.example.com', `', `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
If `t' is used, the error message is:
        451 Temporary lookup failure of IP-ADDRESS at SERVER
where IP-ADDRESS and SERVER are replaced by the appropriate information.

This FEATURE can be included several times to query different DNS based rejection lists, e.g., the dial-up user list (see http://mail-abuse.org/dul/ ).

Notice: to avoid checking your own local domains against those blacklists, use the access_db feature and add:

        Connect:10.1            OK
        Connect:127.0.0.1       RELAY
to the access map, where 10.1 is your local network. You may want to use "RELAY" instead of "OK" to allow also relaying instead of just disabling the DNS lookups in the backlists.

The features described above make use of the check_relay, check_mail, and check_rcpt rulesets. If you wish to include your own checks, you can put your checks in the rulesets Local_check_relay, Local_check_mail, and Local_check_rcpt. For example if you wanted to block senders with all numeric usernames (i.e. 2312343@bigisp.com), you would use Local_check_mail and the regex map:

	LOCAL_CONFIG
	Kallnumbers regex -a@MATCH ^[0-9]+$

	LOCAL_RULESETS
	SLocal_check_mail
	# check address against various regex checks
	R$*				$: $>Parse0 $>3 $1
	R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $)
	R@MATCH				$#error $: 553 Header Error
These rules are called with the original arguments of the corresponding check_* ruleset. If the local ruleset returns $#OK, no further checking is done by the features described above and the mail is accepted. If the local ruleset resolves to a mailer (such as $#error or $#discard), the appropriate action is taken. Otherwise, the results of the local rewriting are ignored.

Finer control by using tags for the LHS of the access map Read this section only if the options listed so far are not sufficient for your purposes. There is now the option to tag entries in the access map according to their type. Three tags are available:

	Connect:	connection information (${client_addr}, ${client_name})
	From:		envelope sender
	To:		envelope recipient
If the required item is looked up in a map, it will be tried first with the corresponding tag in front, then (as fallback to enable backward compatibility) without any tag. For example,
	From:spammer@some.dom	REJECT
	To:friend.domain	RELAY
	Connect:friend.domain	OK
	Connect:from.domain	RELAY
	From:good@another.dom	OK
	From:another.dom	REJECT
This would deny mails from spammer@some.dom but you could still send mail to that address even if FEATURE(`blacklist_recipients') is enabled. Your system will allow relaying to friend.domain, but not from it (unless enabled by other means). Connections from that domain will be allowed even if it ends up in one of the DNS based rejection lists. Relaying is enabled from from.domain but not to it (since relaying is based on the connection information for outgoing relaying, the tag Connect: must be used; for incoming relaying, which is based on the recipient address, To: must be used). The last two entries allow mails from good@another.dom but reject mail from all other addresses with another.dom as domain part.

Delay all checks

By using
FEATURE(`delay_checks')
the rulesets check_mail and check_relay will not be called when a client connects or issues a MAIL command, respectively. Instead, those rulesets will be called by the check_rcpt ruleset; they will be skipped if a sender has been authenticated using a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().

If check_mail returns an error then the RCPT TO command will be rejected with that error. If it returns some other result starting with $# then check_relay will be skipped. If the sender address (or a part of it) is listed in the access map and it has a RHS of OK or RELAY, then check_relay will be skipped. This has an interesting side effect: if your domain is my.domain and you have

	my.domain	RELAY
in the access map, then all e-mail with a sender address of <user@my.domain> gets through, even if check_relay would reject it (e.g., based on the hostname or IP address). This allows spammers to get around DNS based blacklist by faking the sender address. To avoid this problem you have to use tagged entries:
	To:my.domain		RELAY
	Connect:my.domain	RELAY
if you need those entries at all (class {R} may take care of them). FEATURE(`delay_checks') can take an optional argument:
FEATURE(`delay_checks', `friend')
enables spamfriend test
FEATURE(`delay_checks', `hater')
enables spamhater test If such an argument is given, the recipient will be looked up in the access map (using the tag To:). If the argument is `friend', then the other rulesets will be skipped if the recipient address is found and has RHS spamfriend. If the argument is `hater', then the other rulesets will be applied if the recipient address is found and has RHS spamhater. This allows for simple exceptions from the tests, e.g., by activating the spamfriend option and having
	To:abuse@	SPAMFRIEND
in the access map, mail to abuse@localdomain will get through. It is also possible to specify a full address or an address with +detail:
	To:abuse@abuse.my.domain	SPAMFRIEND
	To:me+abuse@		SPAMFRIEND
Header Checks You can also reject mail on the basis of the contents of headers. This is done by adding a ruleset call to the 'H' header definition command in sendmail.cf. For example, this can be used to check the validity of a Message-ID: header:
	LOCAL_RULESETS
	HMessage-Id: $>CheckMessageId
	SCheckMessageId
	R< $+ @ $+ >		$@ OK
	R$*			$#error $: 553 Header Error
The alternative format:
	HSubject: $>+CheckSubject
that is, $>+ instead of $>, gives the full Subject: header including comments to the ruleset (comments in parentheses () are stripped by default). A default ruleset for headers which don't have a specific ruleset defined for them can be given by:
H*: $>CheckHdr
Notice: All rules act on tokens as explained in doc/op/op.{me,ps,txt}. That may cause problems with simple header checks due to the tokenization. It might be simpler to use a regex map and apply it to $&{currHeader}.

After all of the headers are read, the check_eoh ruleset will be called for any final header-related checks. The ruleset is called with the number of headers and the size of all of the headers in bytes separated by $|. One example usage is to reject messages which do not have a Message-Id: header. However, the Message-Id: header is *NOT* a required header and is not a guaranteed spam indicator. This ruleset is an example and should probably not be used in production.

LOCAL_CONFIG Kstorage macro LOCAL_RULESETS HMessage-Id: $>CheckMessageId SCheckMessageId # Record the presence of the header R$* $: $(storage {MessageIdCheck} $@ OK $) $1 R< $+ @ $+ > $@ OK R$* $#error $: 553 Header Error Scheck_eoh # Check the macro R$* $: < $&{MessageIdCheck} > # Clear the macro for the next message R$* $: $(storage {MessageIdCheck} $) $1 # Has a Message-Id: header R< $+ > $@ OK # Allow missing Message-Id: from local mail R$* $: < $&{client_name} > R< > $@ OK R< $=w > $@ OK # Otherwise, reject the mail R$* $#error $: 553 Header Error

この画面は jeedosaquin を使って表示しています。

Copyright cf Project

これらの画面は http://home.jp.FreeBSD.org/~koga/cf/ から勝手に持って来て自分用に見易くした(つもりの)ものです。 原訳の更新よりも古い可能性があります。
英語版: http://home.jp.freebsd.org/~koga/cf/README.orig
Last Update: Sat, 07 Jun 2014 13:16:17 GMT 1.66 2008/03/08