Here is one I use as a basic file to be modified for various sites. It includes various additional security features, fixes some problems with the Red Hat and Debian basic versions, etc. It involves moving most of your db and config files (like userdb, aliases, relay-domains) from /etc to /etc/mail, where IMHO they belong. I hate to include attachments like this, but there are tabs that are significant (can't be replaced with spaces) in what I have attached, notably in the LOCAL_CONFIG part. -- Del
divert(-1) dnl This is the sendmail macro config file. If you make changes to this file, dnl you need the sendmail-cf rpm installed and then have to generate a dnl new /etc/sendmail.cf by running the following command: dnl dnl m4 /etc/mail/sendmail.mc > /etc/sendmail.cf dnl include(`../m4/cf.m4') VERSIONID(`linux setup for Red Hat Linux')dnl OSTYPE(`linux') define(`confDEF_USER_ID',``8:12'')dnl undefine(`UUCP_RELAY')dnl undefine(`BITNET_RELAY')dnl undefine(`DECNET_RELAY')dnl undefine(`FAX_RELAY')dnl dnl define(`confAUTO_REBUILD')dnl define(`confME_TOO')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`STATUS_FILE', `/var/log/sendmail.st')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl define(`confCW_FILE', `/etc/mail/local-host-names')dnl dnl dnl Local changes -- linuxsecuritycentral.com preferences. dnl define(`ALIAS_FILE',`/etc/mail/aliases,/etc/mail/majordomo')dnl define(`confTO_QUEUEWARN', `24h')dnl define(`confTO_QUEUERETURN', `7d')dnl define(`confQUEUE_LA', `12')dnl define(`confREFUSE_LA', `18')dnl define(`confSMTP_LOGIN_MSG', `$j, Sendmail $v/$Z; $b. Security monitoring by http://www.linuxsecuritycentral.com/ Public port 25! WARNING... abuse, unauthorized access, or spam sent to this host constitutes acceptance of civil and or criminal liability by the sender! You have been warned!')dnl dnl define(`confCR_FILE', /etc/mail/relay-domains)dnl dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl FEATURE(`domaintable',`hash -o /etc/mail/domaintable')dnl FEATURE(`access_db', `hash -o /etc/mail/access')dnl FEATURE(`blacklist_recipients')dnl FEATURE(`delay_checks')dnl dnl dnl DNS black hole lists. I have decided just to use the lists from dnl mail-abuse.org. ORBS is a bit too fascist for my taste, and some dnl of the others don't appear to be updated that regularly. I'm still dnl unsure about relays.mail-abuse.org but I'll leave it in for the present. dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `Rejected - see http://www.mail-abuse.org/rbl/')dnl FEATURE(dnsbl, `dialups.mail-abuse.org', `Dialup - see http://www.mail-abuse.org/dul/')dnl FEATURE(dnsbl, `relays.mail-abuse.org', `Open spam relay - see http://work-rss.mail-abuse.org/')dnl dnl dnl Misc features. dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(local_procmail)dnl dnl dnl Masquerading. You need to change the domain names listed below. dnl You may prefer not to use this, but to use a domaintable instead. dnl FEATURE(allmasquerade)dnl FEATURE(masquerade_entire_domain)dnl FEATURE(masquerade_envelope)dnl MASQUERADE_AS(babel.com.au)dnl MASQUERADE_DOMAIN(babel.com.au)dnl MASQUERADE_DOMAIN(babel.co.nz)dnl MASQUERADE_DOMAIN(babel.home)dnl dnl EXPOSED_USER(`root')dnl dnl MAILER(smtp)dnl MAILER(procmail)dnl dnl LOCAL_CONFIG # # Names that won't be allowed in a To: line (local-part and domains) # C{RejectToLocalparts} friend you C{RejectToDomains} public.com LOCAL_RULESETS HTo: $>CheckTo SCheckTo R$={RejectToLocalparts}@$* $#error $: "553 No spam here please." R$*@$={RejectToDomains} $#error $: "553 No spam here please." HMessage-Id: $>CheckMessageId SCheckMessageId R< $+ @ $+ > $@ OK R$* $#error $: "553 No spam here please." HSubject: $>local_check_header D{MelissaMessage}"553 Your message may contain the Melissa/ILOVEYOU virus. Please email postmaster@$j if you have questions." Slocal_check_header RILOVEYOU $* $#error $: ${MelissaMessage} RImportant Message From $* $#error $: ${MelissaMessage} RRe: Important Message From $* $#error $: ${MelissaMessage} Rfwd: Joke $* $#error $: ${MelissaMessage}
