[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] sendmail/amavis.



> > Any ideas what i am doing wrong?
>
> What about AMAVIS_SENDMAIL_MILTER in /etc/sysconfig/amavis?

Its set to "yes" as per the instructions at /usr/share/doc/packages/amavis/
README.Suse

Here are my amavis, mail and sendmail files from the /etc/sysconfig directory:
(not have deleted any references to my domain for security reasons)


--- Begin Message ---
#
# From:-Line in email and News postings
# (otherwise the FQDN is used)
#
FROM_HEADER="--changed is my main domain--"
## Path:        Network/Mail/General
## Description: General configuration of mail interface
## Type:        yesno
## Default:     yes
## Config:      sendmail,postfix
#
# If you don't want to let SuSEconfig generate your
# configuration file, set this to no
#
MAIL_CREATE_CONFIG="yes"

## Type:        yesno
## Default:     no
## Config:      postfix
#
# Set this to "yes" if mail from remote should be accepted
# this is necessary for any mail server.
# If set to "no" or empty then only mail from localhost
# will be accepted.
#
SMTPD_LISTEN_REMOTE="yes"

--- End Message ---
## Path:        Network/Mail/Sendmail
## Description: Configuration of sendmail
## Type:        string
## Default:     ""
## Config:      sendmail
## ServiceReload: sendmail
#
# smarthost - this host gets all outgoing email from us
# normally used for uucp-connected sites or for dialup connections
# use "uucp-dom:server.uucp.com" to deliver all email to "server.uucp.com"
#
SENDMAIL_SMARTHOST=""

## Type:        string(localhost)
## Default:     localhost
#
# sendmail assumes the following space-separated host-names to be
# the local host (this must just be used for names differrent to the
# hostname, for e.g. aliases like www.nowhere.com)
# Note: Any hosts listed in here will cause reply-to: with the same
# hostname be rewritten to FROM_HEADER in outgoing emails. Starting
# with SuSE Linux 8.0, headers will only be rewritten if listed in
# MASQUERADE_DOMAINS.
# Any host _not_ listed in here will get "relaying denied", listing
#    xxx.dnsalias.net		xxx.local
# or
#    @xxx.dnsalias.net		@xxx.local
# or
#    user@xxxxxxxxxxxxxxxx	user@xxxxxxxxx
# in /etc/mail/virtusertable does not make a difference.
#
SENDMAIL_LOCALHOST="localhost --changed from my domain, looks like mydomain.com--"

## Type:        yesno
## Default:     no
# enable this to change also the recipient address.
# Don't use this feature, if you don't have the full /etc/aliases
# and the full /etc/passwd on your host.
#
SENDMAIL_ALLMASQUERADE="no"

## Type:        string
## Default:     ""
#
# do not deliver any email locally, but send all email to another host
# this can just be used with another system that has the same users on it
# and you probably also want to set the FROM_HEADER to the other host
#
SENDMAIL_RELAY="---my internal relay, which is: relay.mydomain.com---"

## Type:        string
## Default:     ""
#
# Used if no SENDMAIL_RELAY is given and local mails are send with local names
# that aren't local accounts or aliases.  All these mails are redirected
# to the user given defined with SENDMAIL_LUSER, e.g.
# SENDMAIL_LUSER="postmaster" or SENDMAIL_LUSER="root". Note that this may
# violate the privacy of those mails.
#
SENDMAIL_LUSER=""

## Type:        string
## Default:     "-L sendmail -Am -bd -q30m -om"
#
# with what parameters should sendmail be started?
# normal sites use "-bd -q30m -om". if you set SENDMAIL_EXPENSIVE and you
# have a dialup ISDN connection, you probably want to set this to
# "-bd -om" and run "sendmail -q" from your crontab.
#
SENDMAIL_ARGS="-L sendmail -Am -bd -q30m -om"

## Type:        string
## Default:     "-L sendmail-client -Ac -q30m"
#
# with what parameters should sendmail _client_ be started?
#
SENDMAIL_CLIENT_ARGS="-L sendmail-client -Ac -qp30m"

## Type:        yesno
## Default:     no
#
# sendmail will only queue email in /var/spool/mqueue and will only start
# to deliver it if "sendmail -q" is run
#
SENDMAIL_EXPENSIVE="no"

## Type:        yesno
## Default:     no
#
# sendmail will not try to canonify hostnames in your email
# so much less DNS-queries are send
# you probably want to enable this on a SENDMAIL_EXPENSIVE system.
# Don't forget to add the local, the mail hub, smart, and mail relay host
# with their IP addresses and the corresponding Full Qualified Domain Names
# to /etc/hosts.  For most # people using dial on demand SENDMAIL_NOCANONIFY
# should work and no NODNS (see /etc/sysconfig/mail) is required.
#
SENDMAIL_NOCANONIFY="no"

## Type:        string
## Default:     ""
#
# A null client is a machine that can only send mail. It receives no
# mail from the network, and it does not deliver any mail locally.
# A null client typically uses POP or NFS for mailbox access.
# Possible values for NULLCLIENT are "" or the full qualified domain
# name of the mail server used for redirecting all mails.
#
NULLCLIENT=""

## Type:        yesno
## Default:     no
#
# This option forbids DNS-queries.  It requires a well configured
# /etc/hosts. Sendmail users should also read /etc/sysconfig/sendmail
# the description of the variable SENDMAIL_NOCANONIFY.
NODNS="no"

## Type:        yesno
## Default:     no
#
# If set to yes, mail that will be delivered via smtp will stay
# in the queue unless someone issues "sendmail -q" or equivalent.
# A correct FQHOSTNAME for the local host is required.
DIALUP="no"

## Type:        string
## Default:     ""
#
# these domains can additional to the local domains be changed
# in /etc/mail/genericstable
#
SENDMAIL_GENERICS_DOMAIN=""

## Type:        string
## Default:     ""
#
# this is useful if you have several domains with disjoint namespaces
# hosted on the same machine.  Include them as space-separated list
# of doamins.
# Note: Domains listed here will have their headers rewritten, like
# "Reply-To: user@xxxxxxxxxxxxxxxxx" is rewritten by sendmail to  
# "Reply-To: user@$FROM_HEADER" on outgoing mail.  
# To be able to receive mail under the dynamic DNS name, the name must
# also be listed in SENDMAIL_LOCALHOST (or a "relaying denied" results).
# If this list is non-empty, envelope from will be the FQHOSTNAME and
# not $FROM_HEADER (resulting in rejects if FQHOSTNAME is something.local),
# unless the FQHOSTNAME is listed here is well.
#
MASQUERADE_DOMAINS="---changed from www.-mydomain.com- ---"

## Type:        list(plain,gssapi,digest-md5,cram-md5)
## Default:     ""
#
# enable SMTP AUTHENTICATION to other servers if required, possible
# values are  plain, gssapi, digest-md5, and cram-md5.
# Please not that most providers only know about `plain' which means
# that the user data will not be encrypted.
# You will have to identify yourself using the information in
# /etc/mail/auth/auth-info.
#
SMTP_AUTH_MECHANISMS=""

## Type:        list(plain,gssapi,digest-md5,cram-md5)
## Default:     ""
#
# enable SMTP AUTHENTICATION as a server, for an explanation read
# /usr/share/sendmail/README, /usr/share/doc/packages/sendmail/op.txt.bz2,
# and http://www.sendmail.org/~ca/email/auth.html.
# Possible values are gssapi, digest-md5, and cram-md5. Note that
# `plain' should be used because data will not be encrypted and
# that more than one value separated by spaces is allowed.
#
SMTP_AUTH_SERVER=""

## Type:        list(server,client,both)
## Default:     ""
#
# STARTTLS certification, for an explanation read
# /usr/share/doc/packages/sendmail/op.txt.bz2 and
### http://www.sendmail.org/~ca/email/starttls.html
# The certification and key files are placed at
# /etc/mail/certs/ as CA.cert.pem, MYServer.cert.pem,
# MYServer.key.pem (for STARTTLS server) and
# MYClient.cert.pem, MYClient.key.pem (for STARTTLS client)
# possible values are `server', `client', or `both'.
#
STARTTLS=""

## Type:        yesno
## Default:     yes
#
# Normally all upper case letters of the keys in the db files of sendmail
# will be folded to lower case. You may change this to "no" and break the
# normal behaviour at your own risk.
#
SENDMAIL_DB_FOLD="yes"

## Type:        string
## Default:     ""
#
# Use real-time black-hole lists. Sendmail will refuse to receive mail from
# any IP number which is listed in any of the RBL lookups given here.
# Space seperated list of host names to query via DNS, e.g.:
#     inputs.orbz.org
#     relays.orbl.org
#     relays.ordb.org
#     relays.osirusoft.com
#     orbs.dorkslayers.com
#
SENDMAIL_DNSRBL=""
## Path:        Network/Mail/Amavis
## Description: AMaViS configuration
## Type:        yesno
## Default:     yes
## Config:      sendmail,postfix
## ServiceReload: amavis
#
# Set USE_AMAVIS to yes, if you want to use the email virus scanning
# facility AMaViS within sendmail or postfix. If set to yes, SuSEconfig
# will create the correct sendmail or postfix configuration for using
# AMaViS.
#
USE_AMAVIS="yes"

## Type:        yesno
## Default:     "no"
#
# Use sendmail and it's milter interface (that will start an additional
# process called amavis-milter
#
AMAVIS_SENDMAIL_MILTER="yes"


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here