>Отказываюсь что-либо понимать.
>Вы пишите:
>" ... Нужно как-то отключить действие опции "FEATURE(dnsbl....", но избирательно - только
>на тех, кто прошёл ***аутентификацию***, ведь IP их машин нет смысла
>проверять ..."
>
>Почему же тогда проверка наличия аутентификации вдруг стала лишней ??? А проверка у меня почему-то выполняется, т.е. если не аутентифицироваться, то relay не будет разрешён, а будет разрешён только приём почты для локальных пользователей, но с проверкой ip по чёрным спискам.
Вот - sendmail.mc, который я использую (изначально он был из дистрибутива Slackware, номер уже не помню, ну и естественно, я его несколько поизменял):
dnl# This is the a sendmail .mc file for Slackware with TLS support.
dnl# To generate the sendmail.cf file from this (perhaps after making
dnl# some changes), use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware-tls.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`TLS supporting setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
dnl#
dnl#
dnl# You will need to create the certificates below with OpenSSL first:
define(`confCACERT_PATH', `/etc/mail/certs/')
dnl#define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
dnl#define(`confSERVER_CERT', `/etc/mail/certs/smtp.cert.pem')
dnl#define(`confSERVER_KEY', `/etc/mail/certs/smtp.key.pem')
dnl#
define(`confCACERT', `/etc/mail/certs/ca.crt')
define(`confSERVER_CERT', `/etc/mail/certs/server.crt')
define(`confSERVER_KEY', `/etc/mail/certs/server.key')
define(`confCLIENT_CERT', `/etc/mail/certs/client.crt')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/client.key')dnl
dnl#
dnl#
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
dnl#define(`SMART_HOST',`[umail.ru]')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
dnl# FEATURE(`relay_entire_domain')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
dnl#
define(`confMAX_MESSAGE_SIZE', `8388608')
dnl#
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
dnl#
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
FEATURE(`accept_unresolvable_domains')dnl
dnl#
dnl#
dnl# Antispam block (http://www.dnsbl.info/)
dnl#
dnl# First of all we need to turn checks off for authenticated users
dnl# See, for instance, http://www.nabble.com/Sendmail-Blacklists-rejecting-authenticated-users-t898199.html
dnl# and http://www.sendmail.org/m4/anti_spam.html#delay_check
FEATURE(`delay_checks')dnl
dnl#
FEATURE(dnsbl,`bl.spamcop.net',`550 Mail from $&{client_addr} rejected\; This IP address is in a spam list\. Try to check it at http://dnsbl.info')
dnl#
FEATURE(dnsbl,`dnsbl.sorbs.net',`550 Mail from $&{client_addr} rejected\; This IP address is in a spam list\. Try to check it at http://dnsbl.info')
dnl# SORBS is an acronym for Spam and Open Relay Blocking System.
dnl# This is not strictly accurate as a description though,
dnl# as it stops Open Proxy servers and Open SOCKS servers as well as Open Relays.
dnl#
FEATURE(dnsbl,`relays.ordb.org',`550 Mail from $&{client_addr} rejected\; This IP address is in a spam list\. Try to check it at http://dnsbl.info')
FEATURE(dnsbl,`cbl.abuseat.org',`550 Mail from $&{client_addr} rejected\; This IP address is in a spam list\. Try to check it at http://dnsbl.info')
dnl#
FEATURE(dnsbl,`list.dsbl.org',`550 Mail from $&{client_addr} rejected\; This IP address is in a spam list\. Try to check it at http://dnsbl.info')
dnl# DSBL lists contain the IP addresses of servers which have relayed special test messages
dnl# to listme@listme.dsbl.org; this can happen if the server is an open relay, an open proxy or has another
dnl# vulnerability that allows anybody to deliver email to anywhere, through that server. Note that DSBL itself
dnl# doesn't do any tests; it simply listens for incoming test messages and lists the server that delivers the
dnl# message to DSBL's mail server.
dnl#
FEATURE(dnsbl,`sbl.spamhaus.org',`550 Mail from $&{client_addr} rejected\; This IP address is in a spam list\. Try to check it at http://dnsbl.info')
FEATURE(dnsbl,`dnsbl.njabl.org',`550 Mail from $&{client_addr} rejected\; This IP address is in a spam list\. Try to check it at http://dnsbl.info')
dnl#
FEATURE(dnsbl,`opm.blitzed.org',`550 Mail from $&{client_addr} rejected\; This IP address is in a spam list\. Try to check it at http://dnsbl.info')
dnl# opm.blitzed.org is excluded because of too long response time (it was tested by Maslenok at 07/04/07 8:30pm)
dnl#
FEATURE(dnsbl,`whois.rfc-ignorant.org',`550 Mail from $&{client_addr} rejected\; This IP address is in a spam list\. Try to check it at http://dnsbl.info')
dnl#
dnl#
dnl# Allow SASL authentication/relaying:
define(`confAUTH_OPTIONS', `A y')dnl# "p" - prevents from LOGIN and PLAIN methods
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
dnl# DAEMON_OPTIONS(`Port=smtps, Name=MSA-SSL, M=E')dnl
dnl#
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(??) on 06-Авг-07, 19:45 
