Sendmail-fu

block_bad_helo.m4

divert(-1)

# helo/ehlo checks of $s
dnl`'Rationale:
dnl`'Client software is often broken.  We don't want to reject
dnl`'our own users client connections.  Therefore we attempt
dnl`'to allow our users to pass the checks.  Otherwise, block
dnl`'sites with a HELO/EHLO hostname that is unqualified, or
dnl`'is one of our own names
dnl`'
dnl`'Note that I had to at "127.0.0.1" to class $=R, so that
dnl`'local client software would bypass these tests.  I also
dnl`'added "[127.0.0.1]" to class $=w, so that the localhost
dnl`'IP would count as one of our IPs.
dnl`'
RELAY_DOMAIN(`127.0.0.1')dnl
LOCAL_DOMAIN(`[127.0.0.1]')dnl
dnl`'Now the ruleset.
LOCAL_RULESETS
SLocal_check_rcpt
R$*                     $:$1 $| <$&{auth_authen}>       Get auth info
dnl`'Bypass the test for users who have authenticated.
R$* $| <$+>             $:$1                            skip if auth
R$* $| <$*>             $:$1$|<$&{client_addr}>[$&s]    Get connection info
dnl`'Bypass for clients in helo access db -- by name
R$*                     $: $>D <$&{client_name}> <?> <! helo> <>
R<$={Accept}> <$*>      $@ $1                           return value of lookup
dnl`'Bypass for clients in helo access db -- by IP address
R$*                     $: $>A <$&{client_addr}> <?> <! helo> <>
R<$={Accept}> <$*>      $@ $1                           return value of lookup
dnl`'Bypass for local clients -- IP address starts with $=R
R$* $| <$=R $*>[$*]     $:$1                            skip if local client
dnl`'Bypass a "sendmail -bs" session, which use 0 for client ip address
R$* $| <0>[$*]          $:$1                            skip if sendmail -bs
dnl`'Reject our IP - assumes "[ip]" is in class $=w
R$* $| <$*> $=w         $#error $@ quarantine $:"553 You're not " $&s ", I am.  Go away."
dnl`'Reject our hostname
R$* $| <$*> [$=w]       $#error $@ quarantine $:"553 You're not " $&s ", I am.  Go away."
dnl`'Pass anything else with a "." in the domain parameter
R$* $| <$*> [$+.$+]     $:$1                            qualified domain ok
dnl`'Reject if there was no "." or only an initial or final "."
R$* $| <$*> [$*]        $#error $@ quarantine $:"553 HELO ERROR: Hostname " $&s " not fully qualified."
dnl`'fall through to any other local rules.

check_msgid.m4

divert(-1)

LOCAL_CONFIG
Kstorage macro
# call ruleset CheckMessageId with the value of the message-id header
HMessage-Id: $>CheckMessageId
H?${MessageIdCheck}?X-Xabean-Spam: ${MessageIdCheck}
C{persistentMacros} {MessageIdCheck}~

LOCAL_RULESETS
SCheckMessageId

R$*                     $: $(storage {MessageIdCheck} $@ OK $) $1
R< $+ @ $+ >            $@ OK
#R< >                   $@ NOK
R$*                     $#error $@ quarantine $: "553 Invalid Message-Id Header Error"

Scheck_eoh
# Check the macro
R$*                     $: < $&{MessageIdCheck} >
# Clear the macro for the next message
R$*                     $: $(storage {MessageIdCheck} $) $1
# Has a Message-Id: header
R< $+ >                 $@ OK
# Allow missing Message-Id: from local mail
R$*                     $: < $&{client_name} >
R< >                    $@ OK
R< $=w >                $@ OK
# Allow missing Message-Id: from access list
# msgid:remote.domain.name      OK
# msgid:10.1.0.1        OK
R$*                     $: $>D <$&{client_name}> <?> <! msgid> <>
R<$={Accept}> <$*>      $@ $1                           return value of lookup
R$*                     $: $>A <$&{client_addr}> <?> <! msgid> <>
R<$={Accept}> <$*>      $@ $1                           return value of lookup
# Otherwise, reject the mail
R$*                     $#error $@ quarantine $: "553 Invalid Message-Id Header Error"

mtfnpy.patch

diff -urN sendmail-8.14.1/sendmail/srvrsmtp.c sendmail-8.14.1-mtfnpy/sendmail/srvrsmtp.c
--- sendmail-8.14.1/sendmail/srvrsmtp.c 2007-02-07 15:18:47.000000000 -0500
+++ sendmail-8.14.1-mtfnpy/sendmail/srvrsmtp.c  2007-09-07 02:13:28.000000000 -0400
@@ -261,6 +261,7 @@
 /* debugging-only commands, only enabled if SMTPDEBUG is defined */
 #define CMDDBGQSHOW    24      /* showq -- show send queue */
 #define CMDDBGDEBUG    25      /* debug -- set debug mode */
+#define CMDMTFNPY      26      /* mtfnpy easter egg */
 
 /*
 **  Note: If you change this list, remember to update 'helpfile'
@@ -295,6 +296,7 @@
        { "showq",      CMDDBGQSHOW     },
        { "debug",      CMDDBGDEBUG     },
        { "wiz",        CMDLOGBOGUS     },
+       { "mtfnpy",     CMDMTFNPY       },
 
        { NULL,         CMDERROR        }
 };
@@ -3161,6 +3163,14 @@
                                          anynet_ntoa(&RealHostAddr));
                        /* FALLTHROUGH */
 
+                 case CMDMTFNPY:
+                       message("200 2.0.0 You are one with the mtfnpy.");
+                                sm_syslog(LOG_CRIT, e->e_id,
+                                          "\"%s\" command from %s (%.100s)",
+                                          c->cmd_name, CurSmtpClient,
+                                          anynet_ntoa(&RealHostAddr));
+                       break;
+
                  case CMDERROR:        /* unknown command */
 #if MAXBADCOMMANDS > 0
                        if (++n_badcmds > MAXBADCOMMANDS)

sendmail.mc

define(`confSMTP_LOGIN_MSG',`is what you speak?  Feed me a mtfnpy!')dnl
define(`confBAD_RCPT_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`15m')dnl

HACK(`block_bad_helo')dnl
HACK(`check_msgid')dnl


LOCAL_CONFIG
HX-Envelope-From: $g
HX-Envelope-To: $u
HX-Quarantine: ${quarantine}
HX-Client-Addr: ${client_addr}
HX-mtfnpy: !!MTFNPY!!