Last active
August 16, 2018 16:01
-
-
Save warewolf/d86187276ff2c090118413077c8c088f to your computer and use it in GitHub Desktop.
Sendmail-fu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
divert(-1) | |
# helo/ehlo checks of $s | |
dnl`'Rationale: | |
dnl`'Client software is often broken. We don't want to reject | |
dnl`'our own users client connections. Therefore we attempt | |
dnl`'to allow our users to pass the checks. Otherwise, block | |
dnl`'sites with a HELO/EHLO hostname that is unqualified, or | |
dnl`'is one of our own names | |
dnl`' | |
dnl`'Note that I had to at "127.0.0.1" to class $=R, so that | |
dnl`'local client software would bypass these tests. I also | |
dnl`'added "[127.0.0.1]" to class $=w, so that the localhost | |
dnl`'IP would count as one of our IPs. | |
dnl`' | |
RELAY_DOMAIN(`127.0.0.1')dnl | |
LOCAL_DOMAIN(`[127.0.0.1]')dnl | |
dnl`'Now the ruleset. | |
LOCAL_RULESETS | |
SLocal_check_rcpt | |
R$* $:$1 $| <$&{auth_authen}> Get auth info | |
dnl`'Bypass the test for users who have authenticated. | |
R$* $| <$+> $:$1 skip if auth | |
R$* $| <$*> $:$1$|<$&{client_addr}>[$&s] Get connection info | |
dnl`'Bypass for clients in helo access db -- by name | |
R$* $: $>D <$&{client_name}> <?> <! helo> <> | |
R<$={Accept}> <$*> $@ $1 return value of lookup | |
dnl`'Bypass for clients in helo access db -- by IP address | |
R$* $: $>A <$&{client_addr}> <?> <! helo> <> | |
R<$={Accept}> <$*> $@ $1 return value of lookup | |
dnl`'Bypass for local clients -- IP address starts with $=R | |
R$* $| <$=R $*>[$*] $:$1 skip if local client | |
dnl`'Bypass a "sendmail -bs" session, which use 0 for client ip address | |
R$* $| <0>[$*] $:$1 skip if sendmail -bs | |
dnl`'Reject our IP - assumes "[ip]" is in class $=w | |
R$* $| <$*> $=w $#error $@ quarantine $:"553 You're not " $&s ", I am. Go away." | |
dnl`'Reject our hostname | |
R$* $| <$*> [$=w] $#error $@ quarantine $:"553 You're not " $&s ", I am. Go away." | |
dnl`'Pass anything else with a "." in the domain parameter | |
R$* $| <$*> [$+.$+] $:$1 qualified domain ok | |
dnl`'Reject if there was no "." or only an initial or final "." | |
R$* $| <$*> [$*] $#error $@ quarantine $:"553 HELO ERROR: Hostname " $&s " not fully qualified." | |
dnl`'fall through to any other local rules. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
divert(-1) | |
LOCAL_CONFIG | |
Kstorage macro | |
# call ruleset CheckMessageId with the value of the message-id header | |
HMessage-Id: $>CheckMessageId | |
H?${MessageIdCheck}?X-Xabean-Spam: ${MessageIdCheck} | |
C{persistentMacros} {MessageIdCheck}~ | |
LOCAL_RULESETS | |
SCheckMessageId | |
R$* $: $(storage {MessageIdCheck} $@ OK $) $1 | |
R< $+ @ $+ > $@ OK | |
#R< > $@ NOK | |
R$* $#error $@ quarantine $: "553 Invalid Message-Id Header Error" | |
Scheck_eoh | |
# Check the macro | |
R$* $: < $&{MessageIdCheck} > | |
# Clear the macro for the next message | |
R$* $: $(storage {MessageIdCheck} $) $1 | |
# Has a Message-Id: header | |
R< $+ > $@ OK | |
# Allow missing Message-Id: from local mail | |
R$* $: < $&{client_name} > | |
R< > $@ OK | |
R< $=w > $@ OK | |
# Allow missing Message-Id: from access list | |
# msgid:remote.domain.name OK | |
# msgid:10.1.0.1 OK | |
R$* $: $>D <$&{client_name}> <?> <! msgid> <> | |
R<$={Accept}> <$*> $@ $1 return value of lookup | |
R$* $: $>A <$&{client_addr}> <?> <! msgid> <> | |
R<$={Accept}> <$*> $@ $1 return value of lookup | |
# Otherwise, reject the mail | |
R$* $#error $@ quarantine $: "553 Invalid Message-Id Header Error" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -urN sendmail-8.14.1/sendmail/srvrsmtp.c sendmail-8.14.1-mtfnpy/sendmail/srvrsmtp.c | |
--- sendmail-8.14.1/sendmail/srvrsmtp.c 2007-02-07 15:18:47.000000000 -0500 | |
+++ sendmail-8.14.1-mtfnpy/sendmail/srvrsmtp.c 2007-09-07 02:13:28.000000000 -0400 | |
@@ -261,6 +261,7 @@ | |
/* debugging-only commands, only enabled if SMTPDEBUG is defined */ | |
#define CMDDBGQSHOW 24 /* showq -- show send queue */ | |
#define CMDDBGDEBUG 25 /* debug -- set debug mode */ | |
+#define CMDMTFNPY 26 /* mtfnpy easter egg */ | |
/* | |
** Note: If you change this list, remember to update 'helpfile' | |
@@ -295,6 +296,7 @@ | |
{ "showq", CMDDBGQSHOW }, | |
{ "debug", CMDDBGDEBUG }, | |
{ "wiz", CMDLOGBOGUS }, | |
+ { "mtfnpy", CMDMTFNPY }, | |
{ NULL, CMDERROR } | |
}; | |
@@ -3161,6 +3163,14 @@ | |
anynet_ntoa(&RealHostAddr)); | |
/* FALLTHROUGH */ | |
+ case CMDMTFNPY: | |
+ message("200 2.0.0 You are one with the mtfnpy."); | |
+ sm_syslog(LOG_CRIT, e->e_id, | |
+ "\"%s\" command from %s (%.100s)", | |
+ c->cmd_name, CurSmtpClient, | |
+ anynet_ntoa(&RealHostAddr)); | |
+ break; | |
+ | |
case CMDERROR: /* unknown command */ | |
#if MAXBADCOMMANDS > 0 | |
if (++n_badcmds > MAXBADCOMMANDS) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
define(`confSMTP_LOGIN_MSG',`is what you speak? Feed me a mtfnpy!')dnl | |
define(`confBAD_RCPT_THROTTLE',`1')dnl | |
define(`confCONNECTION_RATE_THROTTLE',`1')dnl | |
define(`confCONNECTION_RATE_WINDOW_SIZE',`15m')dnl | |
HACK(`block_bad_helo')dnl | |
HACK(`check_msgid')dnl | |
LOCAL_CONFIG | |
HX-Envelope-From: $g | |
HX-Envelope-To: $u | |
HX-Quarantine: ${quarantine} | |
HX-Client-Addr: ${client_addr} | |
HX-mtfnpy: !!MTFNPY!! | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment