diff options
Diffstat (limited to 'server/setup/05-service-settings/etc/mail/submit.cf')
| -rw-r--r-- | server/setup/05-service-settings/etc/mail/submit.cf | 63 |
1 files changed, 46 insertions, 17 deletions
diff --git a/server/setup/05-service-settings/etc/mail/submit.cf b/server/setup/05-service-settings/etc/mail/submit.cf index 7951f5e..a797ee7 100644 --- a/server/setup/05-service-settings/etc/mail/submit.cf +++ b/server/setup/05-service-settings/etc/mail/submit.cf @@ -21,7 +21,7 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by [email protected] on Sun 16 Oct 2022 06:37:18 AM CEST +##### built by [email protected] on Thu Jul 25 12:51:26 CEST 2024 ##### in / ##### using /usr/share/sendmail/cf/ as configuration include directory ##### @@ -35,24 +35,24 @@ ##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ ##### ##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ ##### ##### $Id: submit.mc, v 8.14.4-4 2013-02-11 11:12:33 cowboy Exp $ ##### -##### $Id: autoconf.m4, v 8.15.2-22 2021-03-16 16:04:16 cowboy Exp $ ##### -##### $Id: debian.m4, v 8.15.2-22 2021-03-16 16:04:16 cowboy Exp $ ##### +##### $Id: autoconf.m4, v 8.17.1.9-2+deb12u2 2024-06-16 21:07:57 cowboy Exp $ ##### +##### $Id: debian.m4, v 8.17.1.9-2+deb12u2 2024-06-16 21:07:57 cowboy Exp $ ##### # #------------------------------------------------------------------------- # -# Undocumented features are available in Debian Sendmail 8.15.2-22. +# Undocumented features are available in Debian Sendmail 8.17.1.9-2+deb12u2. # * none # -# _FFR_ features are available in Debian Sendmail 8.15.2-22. +# _FFR_ features are available in Debian Sendmail 8.17.1.9-2+deb12u2. # * milter -# * -D_FFR_QUEUE_SCHED_DBG -D_FFR_SKIP_DOMAINS -D_FFR_NO_PIPE -D_FFR_SHM_STATUS -D_FFR_RHS -D_FFR_MAIL_MACRO -D_FFR_QUEUEDELAY=1 -D_FFR_BADRCPT_SHUTDOWN -D_FFR_RESET_MACRO_GLOBALS -D_FFR_TLS_EC +# * -D_FFR_QUEUE_SCHED_DBG -D_FFR_REJECT_NUL_BYTE -D_FFR_SKIP_DOMAINS -D_FFR_NO_PIPE -D_FFR_SHM_STATUS -D_FFR_RHS -D_FFR_MAIL_MACRO -D_FFR_BADRCPT_SHUTDOWN -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -D_FFR_RESET_MACRO_GLOBALS -D_FFR_TLS_EC #------------------------------------------------------------------------- # # These _FFR_ features are for sendmail.mc processing # #------------------------------------------------------------------------- -##### $Id: debian-msp.m4, v 8.15.2-22 2021-03-16 16:04:16 cowboy Exp $ ##### +##### $Id: debian-msp.m4, v 8.17.1.9-2+deb12u2 2024-06-16 21:07:57 cowboy Exp $ ##### ##### $Id: no_default_msa.m4,v 8.3 2013-11-22 20:51:11 ca Exp $ ##### @@ -62,7 +62,7 @@ ##### $Id: msp.m4,v 1.34 2013-11-22 20:51:11 ca Exp $ ##### ##### $Id: no_default_msa.m4,v 8.3 2013-11-22 20:51:11 ca Exp $ ##### -##### $Id: starttls.m4,v 8.15.2-22 2021-03-16 16:04:16 cowboy Exp $ ##### +##### $Id: starttls.m4,v 8.17.1.9-2+deb12u2 2024-06-16 21:07:57 cowboy Exp $ ##### ##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ ##### @@ -118,6 +118,7 @@ C{ResOk}OKR # Hosts for which relaying is permitted ($=R) FR-o /etc/mail/relay-domains %[^\#] + # arithmetic map Karith arith @@ -144,7 +145,7 @@ D{MTAHost}[127.0.0.1] # Configuration version number -DZ8.15.2/Submit +DZ8.17.1.9/Submit ############### @@ -392,7 +393,7 @@ O DefaultUser=mail:mail # maximum number of new connections per second #O ConnectionRateThrottle=0 -# Width of the window +# Width of the window #O ConnectionRateWindowSize=60s # work recipient factor @@ -543,6 +544,12 @@ O TLSSrvOptions=V #O ServerSSLOptions # client side SSL options #O ClientSSLOptions +# SSL Engine +#O SSLEngine +# Path to dynamic library for SSLEngine +#O SSLEnginePath +# TLS: fall back to clear text after handshake failure? +#O TLSFallbacktoClear # Input mail filters #O InputMailFilters @@ -551,7 +558,7 @@ O TLSSrvOptions=V # CA directory O CACertPath=/etc/ssl/certs # CA file -# O CACertFile=/etc/ssl/local/thawte-ca-cert5-20181102.pem +O CACertFile=/etc/ssl/local/jogamp2025a.org.ca.pem # Server Cert O ServerCertFile=/etc/ssl/local/jogamp2025a.org.crt.pem # Server private key @@ -560,14 +567,18 @@ O ServerKeyFile=/etc/ssl/local/jogamp2025a.org.key.mail.pem O ClientCertFile=/etc/ssl/local/jogamp2025a.org.crt.pem # Client private key O ClientKeyFile=/etc/ssl/local/jogamp2025a.org.key.mail.pem -# File containing certificate revocation lists +# File containing certificate revocation lists #O CRLFile +# Directory containing hashes pointing to certificate revocation status files +#O CRLPath # DHParameters (only required if DSA/DH is used) O DHParameters=/etc/mail/tls/sendmail-common.prm # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile # fingerprint algorithm (digest) to use for the presented cert #O CertFingerprintAlgorithm +# enable DANE? +#O DANE=false # Maximum number of "useless" commands before slowing down #O MaxNOOPCommands=20 @@ -575,6 +586,9 @@ O DHParameters=/etc/mail/tls/sendmail-common.prm # Name to use for EHLO (defaults to $j) #O HeloName +# Reject NUL bytes in message body, requires _FFR_REJECT_NUL_BYTE +O RejectNUL=true + ############################ @@ -816,7 +830,7 @@ R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here R< @ $+ > $#error $@ 5.1.3 $: "553 User address required" R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... -R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" +R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required" R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... @@ -910,7 +924,7 @@ R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > SMailerToTriple=95 R< > $* $@ $1 strip off null relay -R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 +R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2 R< error : $+ > $* $#error $: $1 R< local : $* > $* $>CanonLocal < $1 > $2 @@ -940,7 +954,7 @@ R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > # handle local:user syntax R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1 -R< $+ > $* $#local $@ $2 $: $1 +R< $+ > $* $#local $@ $2 $: $1 ################################################################### ### Ruleset 93 -- convert header names to masqueraded form ### @@ -1203,7 +1217,7 @@ R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $ R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} R$* $: <@> $&{client_name} # pass to name server to make hostname canonical -R<@> $* $=P $:<?> $1 $2 +R<@> $* $=P $:<?> $1 $2 R<@> $+ $:<?> $[ $1 $] R$* . $1 strip trailing dots R<?> $=w $@ RELAY @@ -1247,12 +1261,20 @@ Ssrv_features ###################################################################### +### clt_features: which features to use with a server? +### (done in client) +###################################################################### +Sclt_features + + +###################################################################### ### try_tls: try to use STARTTLS? ### (done in client) ###################################################################### Stry_tls + ###################################################################### ### tls_rcpt: is connection with server "good" enough? ### (done in client, per recipient) @@ -1281,6 +1303,7 @@ R$* $| $* $@ $>"TLS_connection" $1 ### ${verify} ###################################################################### Stls_server + R$* $@ $>"TLS_connection" $1 ###################################################################### @@ -1291,7 +1314,12 @@ R$* $@ $>"TLS_connection" $1 ### Requirement: RHS from access map, may be ? for none. ###################################################################### STLS_connection -RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake." +RSOFTWARE $#error $@ 4.7.0 $: "454 TLS handshake failed." +RDANE_FAIL $#error $@ 4.7.0 $: "454 DANE check failed." +RPROTOCOL $#error $@ 4.7.0 $: "454 STARTTLS failed." +RCONFIG $#error $@ 4.7.0 $: "454 STARTTLS temporarily not possible." + + @@ -1488,6 +1516,7 @@ Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L= T=DNS/RFC822/SMTP, A=TCP $h + ### /etc/mail/submit.mc ### # divert(-1)dnl # #----------------------------------------------------------------------------- |