divert(-1)dnl
#-----------------------------------------------------------------------------
# $Sendmail: debproto.mc,v 8.14.4 2013-02-11 11:12:33 cowboy Exp $
#
# Copyright (c) 1998-2010 Richard Nelson.  All Rights Reserved.
#
# cf/debian/sendmail.mc.  Generated from sendmail.mc.in by configure.
#
# sendmail.mc prototype config file for building Sendmail 8.14.4
#
# Note: the .in file supports 8.7.6 - 9.0.0, but the generated
#       file is customized to the version noted above.
#
# This file is used to configure Sendmail for use with Debian systems.
#
# If you modify this file, you will have to regenerate /etc/mail/sendmail.cf
# by running this file through the m4 preprocessor via one of the following:
#       * make   (or make -C /etc/mail)
#       * sendmailconfig
#       * m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# The first two options are preferred as they will also update other files
# that depend upon the contents of this file.
#
# The best documentation for this .mc file is:
# /usr/share/doc/sendmail-doc/cf.README.gz
#
#-----------------------------------------------------------------------------
divert(0)dnl
#
#   Copyright (c) 1998-2005 Richard Nelson.  All Rights Reserved.
#
#  This file is used to configure Sendmail for use with Debian systems.
#

define(`confCACERT_PATH',`/etc/ssl/certs/')
define(`confCACERT', `/etc/ssl/certs/ca-certificates.crt')
define(`confSERVER_CERT',`/etc/ssl/certs/identidadvisual.com.pe.crt')dnl
define(`confSERVER_KEY',`/etc/ssl/private/identidadvisual.com.pe.key')dnl
dnl # define(`confCLIENT_CERT', `/etc/ssl/certs/identidadvisual.com.pe.crt')dnl
dnl # define(`confCLIENT_KEY', `/etc/ssl/private/identidadvisual.com.pe.key')dnl

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS',`A')dnl

define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.14.4-4 2013-02-11 11:12:33 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
undefine(`confHOST_STATUS_DIRECTORY')dnl        #DAEMON_HOSTSTATS=
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
dnl #
dnl # General defines
dnl #
dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot()
dnl #   into this directory before writing files.
dnl #   If *all* your user accounts are under /home then use that
dnl #   instead - it will prevent any writes outside of /home !
dnl #   define(`confSAFE_FILE_ENV',             `')dnl
dnl #
dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!!
dnl # Remove `, Addr=' clauses to receive from any interface
dnl # If you want to support IPv6, switch the commented/uncommentd lines
dnl #
FEATURE(`no_default_msa')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission, M=Ea')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # Be somewhat anal in what we allow
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
dnl #
dnl # Define connection throttling and window length
define(`confCONNECTION_RATE_THROTTLE', `150')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`100m')dnl
dnl #
dnl # Features
dnl #
dnl # use /etc/mail/local-host-names
FEATURE(`use_cw_file')dnl
dnl #
dnl # The access db is the basis for most of sendmail's checking
FEATURE(`access_db', , `skip')dnl
dnl #
dnl # The greet_pause feature stops some automail bots - but check the
dnl # provided access db for details on excluding localhosts...
FEATURE(`greet_pause', `1000')dnl 1 seconds
dnl #
dnl # Delay_checks allows sender<->recipient checking
FEATURE(`delay_checks', `friend', `n')dnl
dnl #
dnl # If we get too many bad recipients, slow things down...
define(`confBAD_RCPT_THROTTLE',`3')dnl
dnl #
dnl # Stop connections that overflow our concurrent and time connection rates
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
dnl #
dnl # If you're on a dialup link, you should enable this - so sendmail
dnl # will not bring up the link (it will queue mail for later)
dnl define(`confCON_EXPENSIVE',`True')dnl
dnl #
dnl # Dialup/LAN connection overrides
dnl #
include(`/etc/mail/m4/dialup.m4')dnl
include(`/etc/mail/m4/provider.m4')dnl
dnl # include(`/etc/mail/tls/starttls.m4')dnl

dnl # Masquerading options
dnl # FEATURE(`always_add_domain')dnl
dnl # MASQUERADE_AS(`identidadvisual.com.pe')dnl
dnl # FEATURE(`allmasquerade')dnl
dnl # FEATURE(`masquerade_envelope')dnl
MASQUERADE_AS(`identidadvisual.com.pe')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`masquerade_entire_domain')dnl

dnl # Default Mailer setup
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl

# /etc/mail/access
# Copyright (c) 1998,2004 Richard Nelson <cowboy@debian.org>.
# Time-stamp: <1998/10/27 10:00:00 cowboy>
# GPL'd config file, please feed any gripes, suggestions, etc. to me
#
# Function:
#        Access Control for this smtp server - determines:
#                * Who we accept mail from
#                * Who we accept relaying from
#                * Who we will not send to
#
# Usage:
#        FEATURE(access_db[, type [-o] /etc/mail/access])dnl
#        makemap hash access < access
#
# Format:
#        lhs:
#                email addr              <user@[host.domain]>
#                domain name     unless  FEATURE(relay_hosts_only) is used,
#                        then this is a fqdn - and relay-domains ($=R)
#                        must also be fqdns.
#                network number  must end on an octet boundary, or
#                        you're stuck going the longwinded way ;-{
#        rhs:
#                OK                              accept mail even if other rules in the
#                                                running ruleset would reject it.
#                RELAY                   Allow domain to relay through your SMTP
#                                                server.  RELAY also serves an implicit
#                                                OK for the other checks.
#                REJECT                  reject the sender/recipient with a general
#                                                purpose message that can be customized.
#                                                confREJECT_MSG [550 Access denied] will be issued
#                DISCARD                 discard the message completely using
#                                                the $#discard mailer.
#                ### any text    where ### is an RFC 821 compliant error code
#                                and "any text" is a message to return for
#                        the command
# Examples:
#       spammer@aol.com                 REJECT
#       FREE.STEALTH.MAILER@    550 Spam not accepted
#
# Notes:
#       With FEATURE(blacklist_recipients) this is also possible:
#       badlocaluser                             550 Mailbox disabled for this username
#       host.mydomain.com                        550 That host does not accept mail
#       user@otherhost.mydomain.com  550 Mailbox disabled for this recipient
#
# Related:
#        define(`confREJECT_MSG', `550 Access denied')dnl
#        define(`confCR_FILE', `-o /etc/mail/relay-domains')dnl <<- $=R
#        FEATURE(relay_hosts_only)dnl
#        FEATURE(relay_entire_domain)dnl <<- relays any host in the $=m class
#        FEATURE(relay_based_on_MX)dnl <<- relaying for boxes MX'd to you
#        FEATURE(blacklist_recipients)dnl
#        FEATURE(rbl[,alternate server])dnl
#        FEATURE(orbs[,alternate server])dnl   <<- Debian addition
#        FEATURE(orca[,alternate server])dnl   <<- Debian addition
#        FEATURE(accept_unqualified_senders)dnl
#        FEATURE(accept_unresolvable_domains)dnl
#
# Local addresses 10.x.x.x, 127.x.x.x, 172.16-31.x.x 192.168.x.x can relay
# Note Well! You *must* make sure these address can't be spoofed externally
# Note, outbound relaying is controlled by connection and/or auth
#       If you're not firewalled, and you don't have a lan, comment these out
#       If you're not firewalled, and you have a lan, get firewalled *NOW*
# GreetPause - delay to check for spammers
# Client Connection rate (and #) control
Connect:localhost               RELAY
Connect:localhost.localdomain   RELAY
Connect:127.0.0.1               RELAY
GreetPause:localhost    0
ClientRate:localhost    0
ClientConn:localhost    0
#Connect:10                             RELAY
#GreetPause:10                  0
#ClientRate:10                  0
#ClientConn:10                  0
Connect:127                             RELAY
GreetPause:127                  0
ClientRate:127                  0
ClientConn:127                  0
Connect:IPv6:::1                RELAY
GreetPause:IPv6:::1             0
ClientRate:IPv6:::1             0
ClientConn:IPv6:::1             0
Connect:192.168                 RELAY
Connect:192.168.3.1             RELAY
localhost                       RELAY
mail.identidadvisual.com.pe     RELAY
identidadvisual.com.pe          RELAY
localhost.localdomain           RELAY
CertIssuer:/C=PE/ST=Lima/L=Lima/O=Identidad+20Visual/OU=Sistemas/CN=*.identidadvisual.com.pe/emailAddress=mcaro@identidadvisual.com.pe  RELAY
CertSubject:/C=PE/ST=Lima/L=Lima/O=Identidad+20Visual/OU=Sistemas/CN=*.identidadvisual.com.pe/emailAddress=mcaro@identidadvisual.com.pe RELAY
#Connect:172.16                 RELAY
#Connect:172.17                 RELAY
#Connect:172.18                 RELAY
#Connect:172.19                 RELAY
#Connect:172.20                 RELAY
#Connect:172.21                 RELAY
#Connect:172.22                 RELAY
#Connect:172.23                 RELAY
#Connect:172.24                 RELAY
#Connect:172.25                 RELAY
#Connect:172.26                 RELAY
#Connect:172.27                 RELAY
#Connect:172.28                 RELAY
#Connect:172.29                 RELAY
#Connect:172.30                 RELAY
#Connect:172.31                 RELAY
#Connect:192.168                        RELAY
#GreetPause:192.168             0
#ClientRate:192.168             0
#ClientConn:192.168             0
# Defaults
GreetPause:                             5000
ClientRate:                             10
ClientConn:                             10
#
# Don't offer AUTH on local network
#SRV_Features:192.168.1 A
#
# Hosts with to allow relaying
#
#
# Hosts that validly forward to me
#GreetPause:<ip>                0
#ClientRate:<ip>                30
#ClientConn:<ip>                0
#
# Whitelisted users
#
Spam:postmaster@        FRIEND
Spam:abuse@             FRIEND
Spam:spam@              FRIEND
#
# Blacklisted users
#
#Connect:rampellsoft.com 554 Email directly, not through didtheyreadit.com
reject@                 REJECT
#cyberpromo.com REJECT
#From:MAILER-DAEMON@store2.netvisao.pt REJECT
#
# Block invalid IPs
#
#Connect:0      REJECT whilst invalid, this also blocks sendmail -bs -Am
Connect:169.254 REJECT
Connect:192.0.2 REJECT
Connect:224             REJECT
Connect:255             REJECT