437 Normally MAIL_HUB is preferred for this function.
438 LOCAL_RELAY is mostly useful in conjunction with
439 FEATURE(stickyhost) -- see the discussion of
440 stickyhost below. If not set, they are assumed to
441 belong on this machine. This allows you to have a
442 central site to store a company- or department-wide
443 alias database. This only works at small sites,
444 and only with some user agents.
445LUSER_RELAY The site that will handle lusers -- that is, apparently
446 local names that aren't local accounts or aliases. To
447 specify a local user instead of a site, set this to
448 ``local:username''.
449
450Any of these can be either ``mailer:hostname'' (in which case the
451mailer is the internal mailer name, such as ``uucp-new'' and the hostname
452is the name of the host as appropriate for that mailer) or just a
453``hostname'', in which case a default mailer type (usually ``relay'',
454a variant on SMTP) is used. WARNING: if you have a wildcard MX
455record matching your domain, you probably want to define these to
456have a trailing dot so that you won't get the mail diverted back
457to yourself.
458
459The domain file can also be used to define a domain name, if needed
460(using "DD<domain>") and set certain site-wide features. If all hosts
461at your site masquerade behind one email name, you could also use
462MASQUERADE_AS here.
463
464You do not have to define a domain -- in particular, if you are a
465single machine sitting off somewhere, it is probably more work than
466it's worth. This is just a mechanism for combining "domain dependent
467knowledge" into one place.
468
469+---------+
470| MAILERS |
471+---------+
472
473There are fewer mailers supported in this version than the previous
474version, owing mostly to a simpler world. As a general rule, put the
475MAILER definitions last in your .mc file, and always put MAILER(`smtp')
476before MAILER(`uucp') and MAILER(`procmail') -- several features and
477definitions will modify the definition of mailers, and the smtp mailer
478modifies the UUCP mailer. Moreover, MAILER(`cyrus'), MAILER(`pop'),
479MAILER(`phquery'), and MAILER(`usenet') must be defined after
480MAILER(`local').
481
482local The local and prog mailers. You will almost always
483 need these; the only exception is if you relay ALL
484 your mail to another site. This mailer is included
485 automatically.
486
487smtp The Simple Mail Transport Protocol mailer. This does
488 not hide hosts behind a gateway or another other
489 such hack; it assumes a world where everyone is
490 running the name server. This file actually defines
491 five mailers: "smtp" for regular (old-style) SMTP to
492 other servers, "esmtp" for extended SMTP to other
493 servers, "smtp8" to do SMTP to other servers without
494 converting 8-bit data to MIME (essentially, this is
495 your statement that you know the other end is 8-bit
496 clean even if it doesn't say so), "dsmtp" to do on
497 demand delivery, and "relay" for transmission to the
498 RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
499
500uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
501 defines two mailers, "uucp-old" (a.k.a. "uucp") and
502 "uucp-new" (a.k.a. "suucp"). The latter is for when you
503 know that the UUCP mailer at the other end can handle
504 multiple recipients in one transfer. If the smtp mailer
505 is also included in your configuration, two other mailers
506 ("uucp-dom" and "uucp-uudom") are also defined [warning:
507 you MUST specify MAILER(smtp) before MAILER(uucp)]. When you
508 include the uucp mailer, sendmail looks for all names in
509 class {U} and sends them to the uucp-old mailer; all
510 names in class {Y} are sent to uucp-new; and all
511 names in class {Z} are sent to uucp-uudom. Note that
512 this is a function of what version of rmail runs on
513 the receiving end, and hence may be out of your control.
514 See the section below describing UUCP mailers in more
515 detail.
516
517usenet Usenet (network news) delivery. If this is specified,
518 an extra rule is added to ruleset 0 that forwards all
519 local email for users named ``group.usenet'' to the
520 ``inews'' program. Note that this works for all groups,
521 and may be considered a security problem.
522
523fax Facsimile transmission. This is experimental and based
524 on Sam Leffler's HylaFAX software. For more information,
525 see http://www.hylafax.org/.
526
527pop Post Office Protocol.
528
529procmail An interface to procmail (does not come with sendmail).
530 This is designed to be used in mailertables. For example,
531 a common question is "how do I forward all mail for a given
532 domain to a single person?". If you have this mailer
533 defined, you could set up a mailertable reading:
534
535 host.com procmail:/etc/procmailrcs/host.com
536
537 with the file /etc/procmailrcs/host.com reading:
538
539 :0 # forward mail for host.com
540 ! -oi -f $1 person@other.host
541
542 This would arrange for (anything)@host.com to be sent
543 to person@other.host. Within the procmail script, $1 is
544 the name of the sender and $2 is the name of the recipient.
545 If you use this with FEATURE(`local_procmail'), the FEATURE
546 should be listed first.
547
548mail11 The DECnet mail11 mailer, useful only if you have the mail11
549 program from gatekeeper.dec.com:/pub/DEC/gwtools (and
550 DECnet, of course). This is for Phase IV DECnet support;
551 if you have Phase V at your site you may have additional
552 problems.
553
554phquery The phquery program. This is somewhat counterintuitively
555 referenced as the "ph" mailer internally. It can be used
556 to do CCSO name server lookups. The phquery program, which
557 this mailer uses, is distributed with the ph client.
558
559cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to
560 a local cyrus user. this mailer can make use of the
561 "user+detail@local.host" syntax; it will deliver the mail to
562 the user's "detail" mailbox if the mailbox's ACL permits.
563 The cyrusbb mailer delivers to a system-wide cyrus mailbox
564 if the mailbox's ACL permits. The cyrus mailer must be
565 defined after the local mailer.
566
567qpage A mailer for QuickPage, a pager interface. See
568 http://www.qpage.org/ for further information.
569
570The local mailer accepts addresses of the form "user+detail", where
571the "+detail" is not used for mailbox matching but is available
572to certain local mail programs (in particular, see
573FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and
574"eric+sww" all indicate the same user, but additional arguments <null>,
575"sendmail", and "sww" may be provided for use in sorting mail.
576
577
578+----------+
579| FEATURES |
580+----------+
581
582Special features can be requested using the "FEATURE" macro. For
583example, the .mc line:
584
585 FEATURE(`use_cw_file')
586
587tells sendmail that you want to have it read an /etc/mail/local-host-names
588file to get values for class {w}. The FEATURE may contain up to 9
589optional parameters -- for example:
590
591 FEATURE(`mailertable', `dbm /usr/lib/mailertable')
592
593The default database map type for the table features can be set with
594
595 define(`DATABASE_MAP_TYPE', `dbm')
596
597which would set it to use ndbm databases. The default is the Berkeley DB
598hash database format. Note that you must still declare a database map type
599if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
600if no argument is given for the FEATURE. It must be specified before any
601feature that uses a map.
602
603Available features are:
604
605use_cw_file Read the file /etc/mail/local-host-names file to get
606 alternate names for this host. This might be used if you
607 were on a host that MXed for a dynamic set of other hosts.
608 If the set is static, just including the line "Cw<name1>
609 <name2> ..." (where the names are fully qualified domain
610 names) is probably superior. The actual filename can be
611 overridden by redefining confCW_FILE.
612
613use_ct_file Read the file /etc/mail/trusted-users file to get the
614 names of users that will be ``trusted'', that is, able to
615 set their envelope from address using -f without generating
616 a warning message. The actual filename can be overridden
617 by redefining confCT_FILE.
618
619redirect Reject all mail addressed to "address.REDIRECT" with
620 a ``551 User has moved; please try <address>'' message.
621 If this is set, you can alias people who have left
622 to their new address with ".REDIRECT" appended.
623
624nouucp Don't route UUCP addresses. This feature takes one
625 parameter:
626 `reject': reject addresses which have "!" in the local
627 part unless it originates from a system
628 that is allowed to relay.
629 `nospecial': don't do anything special with "!".
630 Warnings: 1. See the NOTICE in the ANTI-SPAM section.
631 2. don't remove "!" from OperatorChars if `reject' is
632 given as parameter.
633
634nocanonify Don't pass addresses to $[ ... $] for canonification
635 by default, i.e., host/domain names are considered canonical,
636 except for unqualified names, which must not be used in this
637 mode (violation of the standard). It can be changed by
638 setting the DaemonPortOptions modifiers (M=). That is,
639 FEATURE(`nocanonify') will be overridden by setting the
640 'c' flag. Conversely, if FEATURE(`nocanonify') is not used,
641 it can be emulated by setting the 'C' flag
642 (DaemonPortOptions=Modifiers=C). This would generally only
643 be used by sites that only act as mail gateways or which have
644 user agents that do full canonification themselves. You may
645 also want to use
646 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
647 the usual resolver options that do a similar thing.
648
649 An exception list for FEATURE(`nocanonify') can be
650 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
651 i.e., a list of domains which are nevertheless passed to
652 $[ ... $] for canonification. This is useful to turn on
653 canonification for local domains, e.g., use
654 CANONIFY_DOMAIN(`my.domain my') to canonify addresses
655 which end in "my.domain" or "my".
656 Another way to require canonification in the local
657 domain is CANONIFY_DOMAIN(`$=m').
658
659 A trailing dot is added to addresses with more than
660 one component in it such that other features which
661 expect a trailing dot (e.g., virtusertable) will
662 still work.
663
664 If `canonify_hosts' is specified as parameter, i.e.,
665 FEATURE(`nocanonify', `canonify_hosts'), then
666 addresses which have only a hostname, e.g.,
667 <user@host>, will be canonified (and hopefully fully
668 qualified), too.
669
670stickyhost This feature is sometimes used with LOCAL_RELAY,
671 although it can be used for a different effect with
672 MAIL_HUB.
673
674 When used without MAIL_HUB, email sent to
675 "user@local.host" are marked as "sticky" -- that
676 is, the local addresses aren't matched against UDB,
677 don't go through ruleset 5, and are not forwarded to
678 the LOCAL_RELAY (if defined).
679
680 With MAIL_HUB, mail addressed to "user@local.host"
681 is forwarded to the mail hub, with the envelope
682 address still remaining "user@local.host".
683 Without stickyhost, the envelope would be changed
684 to "user@mail_hub", in order to protect against
685 mailing loops.
686
687mailertable Include a "mailer table" which can be used to override
688 routing for particular domains (which are not in class {w},
689 i.e. local host names). The argument of the FEATURE may be
690 the key definition. If none is specified, the definition
691 used is:
692
693 hash /etc/mail/mailertable
694
695 Keys in this database are fully qualified domain names
696 or partial domains preceded by a dot -- for example,
697 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a
698 special case of the latter, "." matches any domain not
699 covered by other keys. Values must be of the form:
700 mailer:domain
701 where "mailer" is the internal mailer name, and "domain"
702 is where to send the message. These maps are not
703 reflected into the message header. As a special case,
704 the forms:
705 local:user
706 will forward to the indicated user using the local mailer,
707 local:
708 will forward to the original user in the e-mail address
709 using the local mailer, and
710 error:code message
711 error:D.S.N:code message
712 will give an error message with the indicated SMTP reply
713 code and message, where D.S.N is an RFC 1893 compliant
714 error code.
715
716domaintable Include a "domain table" which can be used to provide
717 domain name mapping. Use of this should really be
718 limited to your own domains. It may be useful if you
719 change names (e.g., your company changes names from
720 oldname.com to newname.com). The argument of the
721 FEATURE may be the key definition. If none is specified,
722 the definition used is:
723
724 hash /etc/mail/domaintable
725
726 The key in this table is the domain name; the value is
727 the new (fully qualified) domain. Anything in the
728 domaintable is reflected into headers; that is, this
729 is done in ruleset 3.
730
731bitdomain Look up bitnet hosts in a table to try to turn them into
732 internet addresses. The table can be built using the
733 bitdomain program contributed by John Gardiner Myers.
734 The argument of the FEATURE may be the key definition; if
735 none is specified, the definition used is:
736
737 hash /etc/mail/bitdomain
738
739 Keys are the bitnet hostname; values are the corresponding
740 internet hostname.
741
742uucpdomain Similar feature for UUCP hosts. The default map definition
743 is:
744
745 hash /etc/mail/uudomain
746
747 At the moment there is no automagic tool to build this
748 database.
749
750always_add_domain
751 Include the local host domain even on locally delivered
752 mail. Normally it is not added on unqualified names.
753 However, if you use a shared message store but do not use
754 the same user name space everywhere, you may need the host
755 name on local names.
756
757allmasquerade If masquerading is enabled (using MASQUERADE_AS), this
758 feature will cause recipient addresses to also masquerade
759 as being from the masquerade host. Normally they get
760 the local hostname. Although this may be right for
761 ordinary users, it can break local aliases. For example,
762 if you send to "localalias", the originating sendmail will
763 find that alias and send to all members, but send the
764 message with "To: localalias@masqueradehost". Since that
765 alias likely does not exist, replies will fail. Use this
766 feature ONLY if you can guarantee that the ENTIRE
767 namespace on your masquerade host supersets all the
768 local entries.
769
770limited_masquerade
771 Normally, any hosts listed in class {w} are masqueraded. If
772 this feature is given, only the hosts listed in class {M} (see
773 below: MASQUERADE_DOMAIN) are masqueraded. This is useful
774 if you have several domains with disjoint namespaces hosted
775 on the same machine.
776
777masquerade_entire_domain
778 If masquerading is enabled (using MASQUERADE_AS) and
779 MASQUERADE_DOMAIN (see below) is set, this feature will
780 cause addresses to be rewritten such that the masquerading
781 domains are actually entire domains to be hidden. All
782 hosts within the masquerading domains will be rewritten
783 to the masquerade name (used in MASQUERADE_AS). For example,
784 if you have:
785
786 MASQUERADE_AS(`masq.com')
787 MASQUERADE_DOMAIN(`foo.org')
788 MASQUERADE_DOMAIN(`bar.com')
789
790 then *foo.org and *bar.com are converted to masq.com. Without
791 this feature, only foo.org and bar.com are masqueraded.
792
793 NOTE: only domains within your jurisdiction and
794 current hierarchy should be masqueraded using this.
795
796genericstable This feature will cause unqualified addresses (i.e., without
797 a domain) and addresses with a domain listed in class {G}
798 to be looked up in a map and turned into another ("generic")
799 form, which can change both the domain name and the user name.
800 This is similar to the userdb functionality. The same types of
801 addresses as for masquerading are looked up, i.e., only header
802 sender addresses unless the allmasquerade and/or
803 masquerade_envelope features are given. Qualified addresses
804 must have the domain part in class {G}; entries can
805 be added to this class by the macros GENERICS_DOMAIN or
806 GENERICS_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
807 MASQUERADE_DOMAIN_FILE, see below).
808
809 The argument of FEATURE(`genericstable') may be the map
810 definition; the default map definition is:
811
812 hash /etc/mail/genericstable
813
814 The key for this table is either the full address, the domain
815 (with a leading @; the localpart is passed as first argument)
816 or the unqualified username (tried in the order mentioned);
817 the value is the new user address. If the new user address
818 does not include a domain, it will be qualified in the standard
819 manner, i.e., using $j or the masquerade name. Note that the
820 address being looked up must be fully qualified. For local
821 mail, it is necessary to use FEATURE(`always_add_domain')
822 for the addresses to be qualified.
823 The "+detail" of an address is passed as %1, so entries like
824
825 old+*@foo.org new+%1@example.com
826 gen+*@foo.org %1@example.com
827
828 and other forms are possible.
829
830generics_entire_domain
831 If the genericstable is enabled and GENERICS_DOMAIN or
832 GENERICS_DOMAIN_FILE is used, this feature will cause
833 addresses to be searched in the map if their domain
834 parts are subdomains of elements in class {G}.
835
836virtusertable A domain-specific form of aliasing, allowing multiple
837 virtual domains to be hosted on one machine. For example,
838 if the virtuser table contained:
839
840 info@foo.com foo-info
841 info@bar.com bar-info
842 joe@bar.com error:nouser No such user here
843 jax@bar.com error:D.S.N:unavailable Address invalid
844 @baz.org jane@example.net
845
846 then mail addressed to info@foo.com will be sent to the
847 address foo-info, mail addressed to info@bar.com will be
848 delivered to bar-info, and mail addressed to anyone at baz.org
849 will be sent to jane@example.net, mail to joe@bar.com will
850 be rejected with the specified error message, and mail to
851 jax@bar.com will also have a RFC 1893 compliant error code
852 D.S.N.
853
854 The username from the original address is passed
855 as %1 allowing:
856
857 @foo.org %1@example.com
858
859 meaning someone@foo.org will be sent to someone@example.com.
860 Additionally, if the local part consists of "user+detail"
861 then "detail" is passed as %2 when a match against user+*
862 is attempted, so entries like
863
864 old+*@foo.org new+%2@example.com
865 gen+*@foo.org %2@example.com
866 +*@foo.org %1+%2@example.com
867
868 and other forms are possible. Note: to preserve "+detail"
869 for a default case (@domain) +*@domain must be used as
870 exemplified above.
871
872 All the host names on the left hand side (foo.com, bar.com,
873 and baz.org) must be in class {w} or class {VirtHost}, the
874 latter can be defined by the macros VIRTUSER_DOMAIN or
875 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
876 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
877 VIRTUSER_DOMAIN_FILE is used, then the entries of class
878 {VirtHost} are added to class {R}, i.e., relaying is allowed
879 to (and from) those domains. The default map definition is:
880
881 hash /etc/mail/virtusertable
882
883 A new definition can be specified as the second argument of
884 the FEATURE macro, such as
885
886 FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
887
888virtuser_entire_domain
889 If the virtusertable is enabled and VIRTUSER_DOMAIN or
890 VIRTUSER_DOMAIN_FILE is used, this feature will cause
891 addresses to be searched in the map if their domain
892 parts are subdomains of elements in class {VirtHost}.
893
894ldap_routing Implement LDAP-based e-mail recipient routing according to
895 the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
896 This provides a method to re-route addresses with a
897 domain portion in class {LDAPRoute} to either a
898 different mail host or a different address. Hosts can
899 be added to this class using LDAPROUTE_DOMAIN and
900 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
901 MASQUERADE_DOMAIN_FILE, see below).
902
903 See the LDAP ROUTING section below for more information.
904
905nodns If you aren't running DNS at your site (for example,
906 you are UUCP-only connected). It's hard to consider
907 this a "feature", but hey, it had to go somewhere.
908 Actually, as of 8.7 this is a no-op -- remove "dns" from
909 the hosts service switch entry instead.
910
911nullclient This is a special case -- it creates a configuration file
912 containing nothing but support for forwarding all mail to a
913 central hub via a local SMTP-based network. The argument
914 is the name of that hub.
915
916 The only other feature that should be used in conjunction
917 with this one is FEATURE(`nocanonify'). No mailers
918 should be defined. No aliasing or forwarding is done.
919
920local_lmtp Use an LMTP capable local mailer. The argument to this
921 feature is the pathname of an LMTP capable mailer. By
922 default, mail.local is used. This is expected to be the
923 mail.local which came with the 8.9 distribution which is
924 LMTP capable. The path to mail.local is set by the
925 confEBINDIR m4 variable -- making the default
926 LOCAL_MAILER_PATH /usr/libexec/mail.local.
927 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
928 i.e., without respecting any definitions in an OSTYPE setting.
929
930local_procmail Use procmail or another delivery agent as the local mailer.
931 The argument to this feature is the pathname of the
932 delivery agent, which defaults to PROCMAIL_MAILER_PATH.
933 Note that this does NOT use PROCMAIL_MAILER_FLAGS or
934 PROCMAIL_MAILER_ARGS for the local mailer; tweak
935 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
936 specify the appropriate parameters. When procmail is used,
937 the local mailer can make use of the
938 "user+indicator@local.host" syntax; normally the +indicator
939 is just tossed, but by default it is passed as the -a
940 argument to procmail.
941
942 This feature can take up to three arguments:
943
944 1. Path to the mailer program
945 [default: /usr/local/bin/procmail]
946 2. Argument vector including name of the program
947 [default: procmail -Y -a $h -d $u]
948 3. Flags for the mailer [default: SPfhn9]
949
950 Empty arguments cause the defaults to be taken.
951
952 For example, this allows it to use the maildrop
953 (http://www.flounder.net/~mrsam/maildrop/) mailer instead
954 by specifying:
955
956 FEATURE(`local_procmail', `/usr/local/bin/maildrop',
957 `maildrop -d $u')
958
959 or scanmails using:
960
961 FEATURE(`local_procmail', `/usr/local/bin/scanmails')
962
963 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
964 i.e., without respecting any definitions in an OSTYPE setting.
965
966bestmx_is_local Accept mail as though locally addressed for any host that
967 lists us as the best possible MX record. This generates
968 additional DNS traffic, but should be OK for low to
969 medium traffic hosts. The argument may be a set of
970 domains, which will limit the feature to only apply to
971 these domains -- this will reduce unnecessary DNS
972 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
973 WILDCARD MX RECORDS!!! If you have a wildcard MX record
974 that matches your domain, you cannot use this feature.
975
976smrsh Use the SendMail Restricted SHell (smrsh) provided
977 with the distribution instead of /bin/sh for mailing
978 to programs. This improves the ability of the local
979 system administrator to control what gets run via
980 e-mail. If an argument is provided it is used as the
981 pathname to smrsh; otherwise, the path defined by
982 confEBINDIR is used for the smrsh binary -- by default,
983 /usr/libexec/smrsh is assumed.
984
985promiscuous_relay
986 By default, the sendmail configuration files do not permit
987 mail relaying (that is, accepting mail from outside your
988 local host (class {w}) and sending it to another host than
989 your local host). This option sets your site to allow
990 mail relaying from any site to any site. In almost all
991 cases, it is better to control relaying more carefully
992 with the access map, class {R}, or authentication. Domains
993 can be added to class {R} by the macros RELAY_DOMAIN or
994 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
995 MASQUERADE_DOMAIN_FILE, see below).
996
997relay_entire_domain
998 By default, only hosts listed as RELAY in the access db
999 will be allowed to relay. This option also allows any
1000 host in your domain as defined by class {m}.
1001
1002relay_hosts_only
1003 By default, names that are listed as RELAY in the access
1004 db and class {R} are domain names, not host names.
1005 For example, if you specify ``foo.com'', then mail to or
1006 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1007 will all be accepted for relaying. This feature changes
1008 the behaviour to lookup individual host names only.
1009
1010relay_based_on_MX
1011 Turns on the ability to allow relaying based on the MX
1012 records of the host portion of an incoming recipient; that
1013 is, if an MX record for host foo.com points to your site,
1014 you will accept and relay mail addressed to foo.com. See
1015 description below for more information before using this
1016 feature. Also, see the KNOWNBUGS entry regarding bestmx
1017 map lookups.
1018
1019 FEATURE(`relay_based_on_MX') does not necessarily allow
1020 routing of these messages which you expect to be allowed,
1021 if route address syntax (or %-hack syntax) is used. If
1022 this is a problem, add entries to the access-table or use
1023 FEATURE(`loose_relay_check').
1024
1025relay_mail_from
1026 Allows relaying if the mail sender is listed as RELAY in
1027 the access map. If an optional argument `domain' is given,
1028 the domain portion of the mail sender is checked too.
1029 This should only be used if absolutely necessary as the
1030 sender address can be easily forged. Use of this feature
1031 requires the "From:" tag be prepended to the key in the
1032 access map; see the discussion of tags and
1033 FEATURE(`relay_mail_from') in the section on ANTI-SPAM
1034 CONFIGURATION CONTROL.
1035
1036relay_local_from
1037 Allows relaying if the domain portion of the mail sender
1038 is a local host. This should only be used if absolutely
1039 necessary as it opens a window for spammers. Specifically,
1040 they can send mail to your mail server that claims to be
1041 from your domain (either directly or via a routed address),
1042 and you will go ahead and relay it out to arbitrary hosts
1043 on the Internet.
1044
1045accept_unqualified_senders
1046 Normally, MAIL FROM: commands in the SMTP session will be
1047 refused if the connection is a network connection and the
1048 sender address does not include a domain name. If your
1049 setup sends local mail unqualified (i.e., MAIL FROM: <joe>),
1050 you will need to use this feature to accept unqualified
1051 sender addresses. Setting the DaemonPortOptions modifier
1052 'u' overrides the default behavior, i.e., unqualified
1053 addresses are accepted even without this FEATURE.
1054 If this FEATURE is not used, the DaemonPortOptions modifier
1055 'f' can be used to enforce fully qualified addresses.
1056
1057accept_unresolvable_domains
1058 Normally, MAIL FROM: commands in the SMTP session will be
1059 refused if the host part of the argument to MAIL FROM:
1060 cannot be located in the host name service (e.g., an A or
1061 MX record in DNS). If you are inside a firewall that has
1062 only a limited view of the Internet host name space, this
1063 could cause problems. In this case you probably want to
1064 use this feature to accept all domains on input, even if
1065 they are unresolvable.
1066
1067access_db Turns on the access database feature. The access db gives
1068 you the ability to allow or refuse to accept mail from
1069 specified domains for administrative reasons. By default,
1070 the access database specification is:
1071
1072 hash /etc/mail/access
1073
1074 The format of the database is described in the anti-spam
1075 configuration control section later in this document.
1076
1077blacklist_recipients
1078 Turns on the ability to block incoming mail for certain
1079 recipient usernames, hostnames, or addresses. For
1080 example, you can block incoming mail to user nobody,
1081 host foo.mydomain.com, or guest@bar.mydomain.com.
1082 These specifications are put in the access db as
1083 described in the anti-spam configuration control section
1084 later in this document.
1085
1086delay_checks The rulesets check_mail and check_relay will not be called
1087 when a client connects or issues a MAIL command, respectively.
1088 Instead, those rulesets will be called by the check_rcpt
1089 ruleset; they will be skipped under certain circumstances.
1090 See "Delay all checks" in "ANTI-SPAM CONFIGURATION CONTROL".
1091
1092rbl This feature is deprecated! Please use dnsbl instead.
1093 Turns on rejection of hosts found in the Realtime Blackhole
1094 List. If an argument is provided it is used as the domain
1095 in which blocked hosts are listed; otherwise, the main RBL
1096 domain rbl.maps.vix.com is used (see NOTE below). For
1097 details, see http://maps.vix.com/rbl/.
1098
1099dnsbl Turns on rejection of hosts found in an DNS based rejection
1100 list. If an argument is provided it is used as the domain
1101 in which blocked hosts are listed; otherwise it defaults to
1102 blackholes.mail-abuse.org. An explanation for an DNS based
1103 rejection list can be found http://mail-abuse.org/rbl/. A
1104 second argument can be used to change the default error
1105 message of Mail from $&{client_addr} refused by blackhole site
1106 SERVER where SERVER is replaced by the first argument. This
1107 feature can be included several times to query different DNS
1108 based rejection lists.
1109
1110 NOTE: The default DNS blacklist, blackholes.mail-abuse.org,
1111 is a service offered by the Mail Abuse Prevention System
1112 (MAPS). As of July 31, 2001, MAPS is a subscription
1113 service, so using that network address won't work if you
1114 haven't subscribed. Contact MAPS to subscribe
1115 (http://mail-abuse.org/).
1116
1117loose_relay_check
1118 Normally, if % addressing is used for a recipient, e.g.
1119 user%site@othersite, and othersite is in class {R}, the
1120 check_rcpt ruleset will strip @othersite and recheck
1121 user@site for relaying. This feature changes that
1122 behavior. It should not be needed for most installations.
1123
1124no_default_msa Don't generate the default MSA daemon, i.e.,
1125 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1126 To define a MSA daemon with other parameters, use this
1127 FEATURE and introduce new settings via DAEMON_OPTIONS().
1128
1129+-------+
1130| HACKS |
1131+-------+
1132
1133Some things just can't be called features. To make this clear,
1134they go in the hack subdirectory and are referenced using the HACK
1135macro. These will tend to be site-dependent. The release
1136includes the Berkeley-dependent "cssubdomain" hack (that makes
1137sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
1138this is intended as a short-term aid while moving hosts into
1139subdomains.
1140
1141
1142+--------------------+
1143| SITE CONFIGURATION |
1144+--------------------+
1145
1146 *****************************************************
1147 * This section is really obsolete, and is preserved *
1148 * only for back compatibility. You should plan on *
1149 * using mailertables for new installations. In *
1150 * particular, it doesn't work for the newer forms *
1151 * of UUCP mailers, such as uucp-uudom. *
1152 *****************************************************
1153
1154Complex sites will need more local configuration information, such as
1155lists of UUCP hosts they speak with directly. This can get a bit more
1156tricky. For an example of a "complex" site, see cf/ucbvax.mc.
1157
1158The SITECONFIG macro allows you to indirectly reference site-dependent
1159configuration information stored in the siteconfig subdirectory. For
1160example, the line
1161
1162 SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
1163
1164reads the file uucp.ucbvax for local connection information. The
1165second parameter is the local name (in this case just "ucbvax" since
1166it is locally connected, and hence a UUCP hostname). The third
1167parameter is the name of both a macro to store the local name (in
1168this case, {U}) and the name of the class (e.g., {U}) in which to store
1169the host information read from the file. Another SITECONFIG line reads
1170
1171 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
1172
1173This says that the file uucp.ucbarpa contains the list of UUCP sites
1174connected to ucbarpa.Berkeley.EDU. Class {W} will be used to
1175store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
1176is, the name of the relay to which the hosts listed in uucp.ucbarpa
1177are connected. [The machine ucbarpa is gone now, but this
1178out-of-date configuration file has been left around to demonstrate
1179how you might do this.]
1180
1181Note that the case of SITECONFIG with a third parameter of ``U'' is
1182special; the second parameter is assumed to be the UUCP name of the
1183local site, rather than the name of a remote site, and the UUCP name
1184is entered into class {w} (the list of local hostnames) as $U.UUCP.
1185
1186The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
1187more than a sequence of SITE macros describing connectivity. For
1188example:
1189
1190 SITE(`cnmat')
1191 SITE(`sgi olympus')
1192
1193The second example demonstrates that you can use two names on the
1194same line; these are usually aliases for the same host (or are at
1195least in the same company).
1196
1197
1198+--------------------+
1199| USING UUCP MAILERS |
1200+--------------------+
1201
1202It's hard to get UUCP mailers right because of the extremely ad hoc
1203nature of UUCP addressing. These config files are really designed
1204for domain-based addressing, even for UUCP sites.
1205
1206There are four UUCP mailers available. The choice of which one to
1207use is partly a matter of local preferences and what is running at
1208the other end of your UUCP connection. Unlike good protocols that
1209define what will go over the wire, UUCP uses the policy that you
1210should do what is right for the other end; if they change, you have
1211to change. This makes it hard to do the right thing, and discourages
1212people from updating their software. In general, if you can avoid
1213UUCP, please do.
1214
1215The major choice is whether to go for a domainized scheme or a
1216non-domainized scheme. This depends entirely on what the other
1217end will recognize. If at all possible, you should encourage the
1218other end to go to a domain-based system -- non-domainized addresses
1219don't work entirely properly.
1220
1221The four mailers are:
1222
1223 uucp-old (obsolete name: "uucp")
1224 This is the oldest, the worst (but the closest to UUCP) way of
1225 sending messages accros UUCP connections. It does bangify
1226 everything and prepends $U (your UUCP name) to the sender's
1227 address (which can already be a bang path itself). It can
1228 only send to one address at a time, so it spends a lot of
1229 time copying duplicates of messages. Avoid this if at all
1230 possible.
1231
1232 uucp-new (obsolete name: "suucp")
1233 The same as above, except that it assumes that in one rmail
1234 command you can specify several recipients. It still has a
1235 lot of other problems.
1236
1237 uucp-dom
1238 This UUCP mailer keeps everything as domain addresses.
1239 Basically, it uses the SMTP mailer rewriting rules. This mailer
1240 is only included if MAILER(`smtp') is also specified.
1241
1242 Unfortunately, a lot of UUCP mailer transport agents require
1243 bangified addresses in the envelope, although you can use
1244 domain-based addresses in the message header. (The envelope
1245 shows up as the From_ line on UNIX mail.) So....
1246
1247 uucp-uudom
1248 This is a cross between uucp-new (for the envelope addresses)
1249 and uucp-dom (for the header addresses). It bangifies the
1250 envelope sender (From_ line in messages) without adding the
1251 local hostname, unless there is no host name on the address
1252 at all (e.g., "wolf") or the host component is a UUCP host name
1253 instead of a domain name ("somehost!wolf" instead of
1254 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
1255 is also specified.
1256
1257Examples:
1258
1259On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1260summarizes the sender rewriting for various mailers.
1261
1262Mailer sender rewriting in the envelope
1263------ ------ -------------------------
1264uucp-{old,new} wolf grasp!wolf
1265uucp-dom wolf wolf@grasp.insa-lyon.fr
1266uucp-uudom wolf grasp.insa-lyon.fr!wolf
1267
1268uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
1269uucp-dom wolf@fr.net wolf@fr.net
1270uucp-uudom wolf@fr.net fr.net!wolf
1271
1272uucp-{old,new} somehost!wolf grasp!somehost!wolf
1273uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
1274uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
1275
1276If you are using one of the domainized UUCP mailers, you really want
1277to convert all UUCP addresses to domain format -- otherwise, it will
1278do it for you (and probably not the way you expected). For example,
1279if you have the address foo!bar!baz (and you are not sending to foo),
1280the heuristics will add the @uucp.relay.name or @local.host.name to
1281this address. However, if you map foo to foo.host.name first, it
1282will not add the local hostname. You can do this using the uucpdomain
1283feature.
1284
1285
1286+-------------------+
1287| TWEAKING RULESETS |
1288+-------------------+
1289
1290For more complex configurations, you can define special rules.
1291The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1292the names. Any modifications made here are reflected in the header.
1293
1294A common use is to convert old UUCP addresses to SMTP addresses using
1295the UUCPSMTP macro. For example:
1296
1297 LOCAL_RULE_3
1298 UUCPSMTP(`decvax', `decvax.dec.com')
1299 UUCPSMTP(`research', `research.att.com')
1300
1301will cause addresses of the form "decvax!user" and "research!user"
1302to be converted to "user@decvax.dec.com" and "user@research.att.com"
1303respectively.
1304
1305This could also be used to look up hosts in a database map:
1306
1307 LOCAL_RULE_3
1308 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3
1309
1310This map would be defined in the LOCAL_CONFIG portion, as shown below.
1311
1312Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1313For example, new rules are needed to parse hostnames that you accept
1314via MX records. For example, you might have:
1315
1316 LOCAL_RULE_0
1317 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1318
1319You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1320pointing at this host; this rule catches the message and forwards it on
1321using UUCP.
1322
1323You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1324These rulesets are normally empty.
1325
1326A similar macro is LOCAL_CONFIG. This introduces lines added after the
1327boilerplate option setting but before rulesets. Do not declare rulesets in
1328the LOCAL_CONFIG section. It can be used to declare local database maps or
1329whatever. For example:
1330
1331 LOCAL_CONFIG
1332 Khostmap hash /etc/mail/hostmap
1333 Kyplocal nis -m hosts.byname
1334
1335
1336+---------------------------+
1337| MASQUERADING AND RELAYING |
1338+---------------------------+
1339
1340You can have your host masquerade as another using
1341
1342 MASQUERADE_AS(`host.domain')
1343
1344This causes mail being sent to be labeled as coming from the
1345indicated host.domain, rather than $j. One normally masquerades as
1346one of one's own subdomains (for example, it's unlikely that
1347Berkeley would choose to masquerade as an MIT site). This
1348behaviour is modified by a plethora of FEATUREs; in particular, see
1349masquerade_envelope, allmasquerade, limited_masquerade, and
1350masquerade_entire_domain.
1351
1352The masquerade name is not normally canonified, so it is important
1353that it be your One True Name, that is, fully qualified and not a
1354CNAME. However, if you use a CNAME, the receiving side may canonify
1355it for you, so don't think you can cheat CNAME mapping this way.
1356
1357Normally the only addresses that are masqueraded are those that come
1358from this host (that is, are either unqualified or in class {w}, the list
1359of local domain names). You can augment this list, which is realized
1360by class {M} using
1361
1362 MASQUERADE_DOMAIN(`otherhost.domain')
1363
1364The effect of this is that although mail to user@otherhost.domain
1365will not be delivered locally, any mail including any user@otherhost.domain
1366will, when relayed, be rewritten to have the MASQUERADE_AS address.
1367This can be a space-separated list of names.
1368
1369If these names are in a file, you can use
1370
1371 MASQUERADE_DOMAIN_FILE(`filename')
1372
1373to read the list of names from the indicated file (i.e., to add
1374elements to class {M}).
1375
1376To exempt hosts or subdomains from being masqueraded, you can use
1377
1378 MASQUERADE_EXCEPTION(`host.domain')
1379
1380This can come handy if you want to masquerade a whole domain
1381except for one (or a few) host(s).
1382
1383Normally only header addresses are masqueraded. If you want to
1384masquerade the envelope as well, use
1385
1386 FEATURE(`masquerade_envelope')
1387
1388There are always users that need to be "exposed" -- that is, their
1389internal site name should be displayed instead of the masquerade name.
1390Root is an example (which has been "exposed" by default prior to 8.10).
1391You can add users to this list using
1392
1393 EXPOSED_USER(`usernames')
1394
1395This adds users to class {E}; you could also use something like
1396
1397 FE/etc/mail/exposed-users
1398
1399You can also arrange to relay all unqualified names (that is, names
1400without @host) to a relay host. For example, if you have a central
1401email server, you might relay to that host so that users don't have
1402to have .forward files or aliases. You can do this using
1403
1404 define(`LOCAL_RELAY', `mailer:hostname')
1405
1406The ``mailer:'' can be omitted, in which case the mailer defaults to
1407"relay". There are some user names that you don't want relayed, perhaps
1408because of local aliases. A common example is root, which may be
1409locally aliased. You can add entries to this list using
1410
1411 LOCAL_USER(`usernames')
1412
1413This adds users to class {L}; you could also use something like
1414
1415 FL/etc/mail/local-users
1416
1417If you want all incoming mail sent to a centralized hub, as for a
1418shared /var/spool/mail scheme, use
1419
1420 define(`MAIL_HUB', `mailer:hostname')
1421
1422Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY
1423and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1424be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1425Note: there is a (long standing) bug which keeps this combination from
1426working for addresses of the form user+detail.
1427Names in class {L} will be delivered locally, so you MUST have aliases or
1428.forward files for them.
1429
1430For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1431FEATURE(`stickyhost'), the following combinations of settings will have the
1432indicated effects:
1433
1434email sent to.... eric eric@mastodon.CS.Berkeley.EDU
1435
1436LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally)
1437mail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
1438
1439MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1440mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done)
1441
1442Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1443MAIL_HUB set as above (no local aliasing) (aliasing done)
1444
1445If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1446MAIL_HUB act identically, with MAIL_HUB taking precedence.
1447
1448If you want all outgoing mail to go to a central relay site, define
1449SMART_HOST as well. Briefly:
1450
1451 LOCAL_RELAY applies to unqualified names (e.g., "eric").
1452 MAIL_HUB applies to names qualified with the name of the
1453 local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1454 SMART_HOST applies to names qualified with other hosts or
1455 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1456 or "eric@[127.0.0.1]").
1457
1458However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1459DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1460really want absolutely everything to go to a single central site you will
1461need to unset all the other relays -- or better yet, find or build a
1462minimal config file that does this.
1463
1464For duplicate suppression to work properly, the host name is best
1465specified with a terminal dot:
1466
1467 define(`MAIL_HUB', `host.domain.')
1468 note the trailing dot ---^
1469
1470
1471+--------------+
1472| LDAP ROUTING |
1473+--------------+
1474
1475FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
1476LDAP Schema for Intranet Mail Routing
1477(draft-lachman-laser-ldap-mail-routing-01). This feature enables
1478LDAP-based rerouting of a particular address to either a different host
1479or a different address. The LDAP lookup is first attempted on the full
1480address (e.g., user@example.com) and then on the domain portion
1481(e.g., @example.com). Be sure to setup your domain for LDAP routing using
1482LDAPROUTE_DOMAIN(), e.g.:
1483
1484 LDAPROUTE_DOMAIN(`example.com')
1485
1486By default, the feature will use the schemas as specified in the draft
1487and will not reject addresses not found by the LDAP lookup. However,
1488this behavior can be changed by giving additional arguments to the FEATURE()
1489command:
1490
1491 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>)
1492
1493where <mailHost> is a map definition describing how to lookup an alternative
1494mail host for a particular address; <mailRoutingAddress> is a map definition
1495describing how to lookup an alternative address for a particular address; and
1496the <bounce> argument, if present and not the word "passthru", dictates
1497that mail should be bounced if neither a mailHost nor mailRoutingAddress
1498is found.
1499
1500The default <mailHost> map definition is:
1501
1502 ldap -1 -v mailHost -k (&(objectClass=inetLocalMailRecipient)
1503 (mailLocalAddress=%0))
1504
1505The default <mailRoutingAddress> map definition is:
1506
1507 ldap -1 -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient)
1508 (mailLocalAddress=%0))
1509
1510Note that neither includes the LDAP server hostname (-h server) or base DN
1511(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
1512your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
1513these settings. If this is not the case, the map definitions should be
1514changed as described above.
1515
1516The following possibilities exist as a result of an LDAP lookup on an
1517address:
1518
1519 mailHost is mailRoutingAddress is Results in
1520 ----------- --------------------- ----------
1521 set to a set mail delivered to
1522 "local" host mailRoutingAddress
1523
1524 set to a not set delivered to
1525 "local" host original address
1526
1527 set to a set mailRoutingAddress
1528 remote host relayed to mailHost
1529
1530 set to a not set original address
1531 remote host relayed to mailHost
1532
1533 not set set mail delivered to
1534 mailRoutingAddress
1535
1536 not set not set delivered to
1537 original address *OR*
1538 bounced as unknown user
1539
1540The term "local" host above means the host specified is in class {w}.
1541Note that the last case depends on whether the third argument is given
1542to the FEATURE() command. The default is to deliver the message to the
1543original address.
1544
1545The LDAP entries should be set up with an objectClass of
1546inetLocalMailRecipient and the address be listed in a mailLocalAddress
1547attribute. If present, there must be only one mailHost attribute and it
1548must contain a fully qualified host name as its value. Similarly, if
1549present, there must be only one mailRoutingAddress attribute and it must
1550contain an RFC 822 compliant address. Some example LDAP records (in ldif
1551format):
1552
1553 dn: uid=tom, o=example.com, c=US
1554 objectClass: inetLocalMailRecipient
1555 mailLocalAddress: tom@example.com
1556 mailRoutingAddress: thomas@mailhost.example.com
1557
1558This would deliver mail for tom@example.com to thomas@mailhost.example.com.
1559
1560 dn: uid=dick, o=example.com, c=US
1561 objectClass: inetLocalMailRecipient
1562 mailLocalAddress: dick@example.com
1563 mailHost: eng.example.com
1564
1565This would relay mail for dick@example.com to the same address but redirect
1566the mail to MX records listed for the host eng.example.com.
1567
1568 dn: uid=harry, o=example.com, c=US
1569 objectClass: inetLocalMailRecipient
1570 mailLocalAddress: harry@example.com
1571 mailHost: mktmail.example.com
1572 mailRoutingAddress: harry@mkt.example.com
1573
1574This would relay mail for harry@example.com to the MX records listed for
1575the host mktmail.example.com using the new address harry@mkt.example.com
1576when talking to that host.
1577
1578 dn: uid=virtual.example.com, o=example.com, c=US
1579 objectClass: inetLocalMailRecipient
1580 mailLocalAddress: @virtual.example.com
1581 mailHost: server.example.com
1582 mailRoutingAddress: virtual@example.com
1583
1584This would send all mail destined for any username @virtual.example.com to
1585the machine server.example.com's MX servers and deliver to the address
1586virtual@example.com on that relay machine.
1587
1588
1589+---------------------------------+
1590| ANTI-SPAM CONFIGURATION CONTROL |
1591+---------------------------------+
1592
1593The primary anti-spam features available in sendmail are:
1594
1595* Relaying is denied by default.
1596* Better checking on sender information.
1597* Access database.
1598* Header checks.
1599
1600Relaying (transmission of messages from a site outside your host (class
1601{w}) to another site except yours) is denied by default. Note that this
1602changed in sendmail 8.9; previous versions allowed relaying by default.
1603If you really want to revert to the old behaviour, you will need to use
1604FEATURE(`promiscuous_relay'). You can allow certain domains to relay
1605through your server by adding their domain name or IP address to class
1606{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
1607(described below). The file consists (like any other file based class)
1608of entries listed on separate lines, e.g.,
1609
1610 sendmail.org
1611 128.32
1612 1:2:3:4:5:6:7
1613 host.mydomain.com
1614
1615If you use
1616
1617 FEATURE(`relay_entire_domain')
1618
1619then any host in any of your local domains (that is, class {m})
1620will be relayed (that is, you will accept mail either to or from any
1621host in your domain).
1622
1623You can also allow relaying based on the MX records of the host
1624portion of an incoming recipient address by using
1625
1626 FEATURE(`relay_based_on_MX')
1627
1628For example, if your server receives a recipient of user@domain.com
1629and domain.com lists your server in its MX records, the mail will be
1630accepted for relay to domain.com. Note that this will stop spammers
1631from using your host to relay spam but it will not stop outsiders from
1632using your server as a relay for their site (that is, they set up an
1633MX record pointing to your mail server, and you will relay mail addressed
1634to them without any prior arrangement). Along the same lines,
1635
1636 FEATURE(`relay_local_from')
1637
1638will allow relaying if the sender specifies a return path (i.e.
1639MAIL FROM: <user@domain>) domain which is a local domain. This a
1640dangerous feature as it will allow spammers to spam using your mail
1641server by simply specifying a return address of user@your.domain.com.
1642It should not be used unless absolutely necessary.
1643A slightly better solution is
1644
1645 FEATURE(`relay_mail_from')
1646
1647which allows relaying if the mail sender is listed as RELAY in the
1648access map. If an optional argument `domain' is given, the domain
1649portion of the mail sender is also checked to allowing relaying.
1650This option only works together with the tag From: for the LHS of
1651the access map entries (see below: Finer control...).
1652
1653
1654If source routing is used in the recipient address (i.e.
1655RCPT TO: <user%site.com@othersite.com>), sendmail will check
1656user@site.com for relaying if othersite.com is an allowed relay host
1657in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
1658or the access database if FEATURE(`access_db') is used. To prevent
1659the address from being stripped down, use:
1660
1661 FEATURE(`loose_relay_check')
1662
1663If you think you need to use this feature, you probably do not. This
1664should only be used for sites which have no control over the addresses
1665that they provide a gateway for. Use this FEATURE with caution as it
1666can allow spammers to relay through your server if not setup properly.
1667
1668NOTICE: It is possible to relay mail through a system which the anti-relay
1669rules do not prevent: the case of a system that does use FEATURE(`nouucp',
1670`nospecial') (system A) and relays local messages to a mail hub (e.g., via
1671LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use
1672FEATURE(`nouucp') at all, addresses of the form
1673<example.net!user@local.host> would be relayed to <user@example.net>.
1674System A doesn't recognize `!' as an address separator and therefore
1675forwards it to the mail hub which in turns relays it because it came from
1676a trusted local host. So if a mailserver allows UUCP (bang-format)
1677addresses, all systems from which it allows relaying should do the same
1678or reject those addresses.
1679
1680As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
1681an unresolvable domain (i.e., one that DNS, your local name service,
1682or special case rules in ruleset 3 cannot locate). If you want to
1683continue to accept such domains, e.g., because you are inside a
1684firewall that has only a limited view of the Internet host name space
1685(note that you will not be able to return mail to them unless you have
1686some "smart host" forwarder), use
1687
1688 FEATURE(`accept_unresolvable_domains')
1689
1690sendmail will also refuse mail if the MAIL FROM: parameter is not
1691fully qualified (i.e., contains a domain as well as a user). If you
1692want to continue to accept such senders, use
1693
1694 FEATURE(`accept_unqualified_senders')
1695
1696Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
1697i.e., unqualified addresses are accepted even without this FEATURE. If
1698this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
1699to enforce fully qualified addresses.
1700
1701An ``access'' database can be created to accept or reject mail from
1702selected domains. For example, you may choose to reject all mail
1703originating from known spammers. To enable such a database, use
1704
1705 FEATURE(`access_db')
1706
1707The FEATURE macro can accept a second parameter giving the key file
1708definition for the database; for example
1709
1710 FEATURE(`access_db', `hash /etc/mail/access')
1711
1712Remember, since /etc/mail/access is a database, after creating the text
1713file as described below, you must use makemap to create the database
1714map. For example:
1715
1716 makemap hash /etc/mail/access < /etc/mail/access
1717
1718The table itself uses e-mail addresses, domain names, and network
1719numbers as keys. For example,
1720
1721 spammer@aol.com REJECT
1722 cyberspammer.com REJECT
1723 192.168.212 REJECT
1724
1725would refuse mail from spammer@aol.com, any user from cyberspammer.com
1726(or any host within the cyberspammer.com domain), and any host on the
1727192.168.212.* network.
1728
1729The value part of the map can contain:
1730
1731 OK Accept mail even if other rules in the
1732 running ruleset would reject it, for example,
1733 if the domain name is unresolvable.
1734 RELAY Accept mail addressed to the indicated domain or
1735 received from the indicated domain for relaying
1736 through your SMTP server. RELAY also serves as
1737 an implicit OK for the other checks.
1738 REJECT Reject the sender or recipient with a general
1739 purpose message.
1740 DISCARD Discard the message completely using the
1741 $#discard mailer. If it is used in check_compat,
1742 it affects only the designated recipient, not
1743 the whole message as it does in all other cases.
1744 This should only be used if really necessary.
1745 ### any text where ### is an RFC 821 compliant error code and
1746 "any text" is a message to return for the command.
1747 The string should be quoted to avoid surprises,
1748 e.g., sendmail may remove spaces otherwise.
1749 ERROR:### any text
1750 as above, but useful to mark error messages as such.
1751 ERROR:D.S.N:### any text
1752 where D.S.N is an RFC 1893 compliant error code
1753 and the rest as above.
1754
1755For example:
1756
1757 cyberspammer.com ERROR:"550 We don't accept mail from spammers"
1758 okay.cyberspammer.com OK
1759 sendmail.org RELAY
1760 128.32 RELAY
1761 1:2:3:4:5:6:7 RELAY
1762 [127.0.0.3] OK
1763 [1:2:3:4:5:6:7:8] OK
1764
1765would accept mail from okay.cyberspammer.com, but would reject mail from
1766all other hosts at cyberspammer.com with the indicated message. It would
1767allow relaying mail from and to any hosts in the sendmail.org domain, and
1768allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:*
1769network. The latter two entries are for checks against ${client_name} if
1770the IP address doesn't resolve to a hostname (or is considered as "may be
1771forged").
1772
1773Warning: if you change the RFC 821 compliant error code from the default
1774value of 550, then you should probably also change the RFC 1893 compliant
1775error code to match it. For example, if you use
1776
1777 user@example.com 450 mailbox full
1778
1779the error returned would be "450 4.0.0 mailbox full" which is wrong.
1780Use "450 4.2.2 mailbox full" or "ERROR:4.2.2:450 mailbox full"
1781instead.
1782
1783Note, UUCP users may need to add hostname.UUCP to the access database
1784or class {R}. If you also use:
1785
1786 FEATURE(`relay_hosts_only')
1787
1788then the above example will allow relaying for sendmail.org, but not
1789hosts within the sendmail.org domain. Note that this will also require
1790hosts listed in class {R} to be fully qualified host names.
1791
1792You can also use the access database to block sender addresses based on
1793the username portion of the address. For example:
1794
1795 FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted
1796
1797Note that you must include the @ after the username to signify that
1798this database entry is for checking only the username portion of the
1799sender address.
1800
1801If you use:
1802
1803 FEATURE(`blacklist_recipients')
1804
1805then you can add entries to the map for local users, hosts in your
1806domains, or addresses in your domain which should not receive mail:
1807
1808 badlocaluser@ ERROR:550 Mailbox disabled for this username
1809 host.mydomain.com ERROR:550 That host does not accept mail
1810 user@otherhost.mydomain.com ERROR:550 Mailbox disabled for this recipient
1811
1812This would prevent a recipient of badlocaluser@mydomain.com, any
1813user at host.mydomain.com, and the single address
1814user@otherhost.mydomain.com from receiving mail. Please note: a
1815local username must be now tagged with an @ (this is consistent
1816with the check of the sender address, and hence it is possible to
1817distinguish between hostnames and usernames). Enabling this feature
1818will keep you from sending mails to all addresses that have an
1819error message or REJECT as value part in the access map. Taking
1820the example from above:
1821
1822 spammer@aol.com REJECT
1823 cyberspammer.com REJECT
1824
1825Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
1826
1827There is also a ``Realtime Blackhole List'' run by the MAPS project
1828at http://maps.vix.com/. This is a database maintained in DNS of
1829spammers. To use this database, use
1830
1831 FEATURE(`dnsbl')
1832
1833This will cause sendmail to reject mail from any site in the
1834Realtime Blackhole List database. This default DNS blacklist,
1835blackholes.mail-abuse.org, is a service offered by the Mail Abuse
1836Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription
1837service, so using that network address won't work if you haven't
1838subscribed. Contact MAPS to subscribe (http://mail-abuse.org/).
1839
1840You can specify an alternative RBL server to check by specifying an
1841argument to the FEATURE. The default error message is
1842
1843You can specify an alternative RBL domain to check by specifying an
1844argument to the FEATURE. The default error message is
1845
1846 Mail from $&{client_addr} refused by blackhole site DOMAIN
1847
1848where DOMAIN is the first argument of the feature. A second argument
1849can be used to specify a different text. This FEATURE can be
1850included several times to query different DNS based rejection lists,
1851e.g., the dial-up user list (see http://maps.vix.com/dul/).
1852
1853The features described above make use of the check_relay, check_mail,
1854and check_rcpt rulesets. If you wish to include your own checks,
1855you can put your checks in the rulesets Local_check_relay,
1856Local_check_mail, and Local_check_rcpt. For example if you wanted to
1857block senders with all numeric usernames (i.e. 2312343@bigisp.com),
1858you would use Local_check_mail and the new regex map:
1859
1860 LOCAL_CONFIG
1861 Kallnumbers regex -a@MATCH ^[0-9]+$
1862
1863 LOCAL_RULESETS
1864 SLocal_check_mail
1865 # check address against various regex checks
1866 R$* $: $>Parse0 $>3 $1
1867 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $)
1868 R@MATCH $#error $: 553 Header Error
1869
1870These rules are called with the original arguments of the corresponding
1871check_* ruleset. If the local ruleset returns $#OK, no further checking
1872is done by the features described above and the mail is accepted. If the
1873local ruleset resolves to a mailer (such as $#error or $#discard), the
1874appropriate action is taken. Otherwise, the results of the local
1875rewriting are ignored.
1876
1877Finer control by using tags for the LHS of the access map
1878
1879Read this section only if the options listed so far are not sufficient
1880for your purposes. There is now the option to tag entries in the
1881access map according to their type. Three tags are available:
1882
1883 Connect: connection information (${client_addr}, ${client_name})
1884 From: envelope sender
1885 To: envelope recipient
1886
1887If the required item is looked up in a map, it will be tried first
1888with the corresponding tag in front, then (as fallback to enable
1889backward compatibility) without any tag. For example,
1890
1891 From:spammer@some.dom REJECT
1892 To:friend.domain RELAY
1893 Connect:friend.domain OK
1894 Connect:from.domain RELAY
1895 From:good@another.dom OK
1896 From:another.dom REJECT
1897
1898This would deny mails from spammer@some.dom but you could still
1899send mail to that address even if FEATURE(`blacklist_recipients')
1900is enabled. Your system will allow relaying to friend.domain, but
1901not from it (unless enabled by other means). Connections from that
1902domain will be allowed even if it ends up in one of the DNS based
1903rejection lists. Relaying is enabled from from.domain but not to
1904it (since relaying is based on the connection information for
1905outgoing relaying, the tag Connect: must be used; for incoming
1906relaying, which is based on the recipient address, To: must be
1907used). The last two entries allow mails from good@another.dom but
1908reject mail from all other addresses with another.dom as domain
1909part.
1910
1911Delay all checks
1912
1913By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
1914will not be called when a client connects or issues a MAIL command,
1915respectively. Instead, those rulesets will be called by the check_rcpt
1916ruleset; they will be skipped if a sender has been authenticated using
1917a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
1918If check_mail returns an error then the RCPT TO command will be rejected
1919with that error. If it returns some other result starting with $# then
1920check_relay will be skipped. If the sender address (or a part of it) is
1921listed in the access map and it has a RHS of OK or RELAY, then check_relay
1922will be skipped. This has an interesting side effect: if your domain is
1923my.domain and you have
1924
1925 my.domain RELAY
1926
1927in the access map, then all e-mail with a sender address of
1928<user@my.domain> gets through, even if check_relay would reject it
1929(e.g., based on the hostname or IP address). This allows spammers
1930to get around DNS based blacklist by faking the sender address. To
1931avoid this problem you have to use tagged entries:
1932
1933 To:my.domain RELAY
1934 Connect:my.domain RELAY
1935
1936if you need those entries at all (class {R} may take care of them).
1937
1938FEATURE(`delay_checks') can take an optional argument:
1939
1940 FEATURE(`delay_checks', `friend')
1941 enables spamfriend test
1942 FEATURE(`delay_checks', `hater')
1943 enables spamhater test
1944
1945If such an argument is given, the recipient will be looked up in the access
1946map (using the tag To:). If the argument is `friend', then the other
1947rulesets will be skipped if the recipient address is found and has RHS
1948spamfriend. If the argument is `hater', then the other rulesets will be
1949applied if the recipient address is found and has RHS spamhater.
1950
1951This allows for simple exceptions from the tests, e.g., by activating
1952the spamfriend option and having
1953
1954 To:abuse@ SPAMFRIEND
1955
1956in the access map, mail to abuse@localdomain will get through. It is
1957also possible to specify a full address or an address with +detail:
1958
1959 To:abuse@abuse.my.domain SPAMFRIEND
1960 To:me+abuse@ SPAMFRIEND
1961
1962
1963Header Checks
1964
1965You can also reject mail on the basis of the contents of headers.
1966This is done by adding a ruleset call to the 'H' header definition command
1967in sendmail.cf. For example, this can be used to check the validity of
1968a Message-ID: header:
1969
1970 LOCAL_RULESETS
1971 HMessage-Id: $>CheckMessageId
1972
1973 SCheckMessageId
1974 R< $+ @ $+ > $@ OK
1975 R$* $#error $: 553 Header Error
1976
1977The alternative format:
1978
1979 HSubject: $>+CheckSubject
1980
1981that is, $>+ instead of $>, gives the full Subject: header including
1982comments to the ruleset (comments in parentheses () are stripped
1983by default).
1984
1985A default ruleset for headers which don't have a specific ruleset
1986defined for them can be given by:
1987
1988 H*: $>CheckHdr
1989
1990Notice: All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
1991That may cause problems with simple header checks due to the
1992tokenization. It might be simpler to use a regex map and apply it
1993to $&{currHeader}.
1994
1995After all of the headers are read, the check_eoh ruleset will be called for
1996any final header-related checks. The ruleset is called with the number of
1997headers and the size of all of the headers in bytes separated by $|. One
1998example usage is to reject messages which do not have a Message-Id:
1999header. However, the Message-Id: header is *NOT* a required header and is
2000not a guaranteed spam indicator. This ruleset is an example and should
2001probably not be used in production.
2002
2003 LOCAL_CONFIG
2004 Kstorage macro
2005
2006 LOCAL_RULESETS
2007 HMessage-Id: $>CheckMessageId
2008
2009 SCheckMessageId
2010 # Record the presence of the header
2011 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
2012 R< $+ @ $+ > $@ OK
2013 R$* $#error $: 553 Header Error
2014
2015 Scheck_eoh
2016 # Check the macro
2017 R$* $: < $&{MessageIdCheck} >
2018 # Clear the macro for the next message
2019 R$* $: $(storage {MessageIdCheck} $) $1
2020 # Has a Message-Id: header
2021 R< $+ > $@ OK
2022 # Allow missing Message-Id: from local mail
2023 R$* $: < $&{client_name} >
2024 R< > $@ OK
2025 R< $=w > $@ OK
2026 # Otherwise, reject the mail
2027 R$* $#error $: 553 Header Error
2028
2029+----------+
2030| STARTTLS |
2031+----------+
2032
2033In this text, cert will be used as an abreviation for X.509 certificate,
2034DN is the distinguished name of a cert, and CA is a certification authority.
2035
2036For STARTTLS to be offered by sendmail you need to set at least
2037this variables (the file names and paths are just examples):
2038
2039 define(`confCACERT_PATH', `/etc/mail/certs/')
2040 define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
2041 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
2042 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
2043
2044On systems which do not have the compile flag HASURANDOM set (see
2045sendmail/README) you also must set confRAND_FILE.
2046
2047See doc/op/op.{me,ps} for more information about these options,
2048esp. the sections ``Certificates for STARTTLS'' and ``PRNG for
2049STARTTLS''.
2050
2051Macros related to STARTTLS are:
2052
2053${cert_issuer} holds the DN of the CA (the cert issuer).
2054${cert_subject} holds the DN of the cert (called the cert subject).
2055${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
2056 SSLv3, SSLv2.
2057${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
2058 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
2059${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
2060 used for the connection.
2061${verify} holds the result of the verification of the presented cert. Possible
2062 values are:
2063 OK verification succeeded.
2064 NO no cert presented.
2065 FAIL cert presented but could not be verified, e.g., the signing
2066 CA is missing.
2067 NONE STARTTLS has not been performed.
2068 TEMP temporary error occurred.
2069 PROTOCOL some protocol error occurred.
2070 SOFTWARE STARTTLS handshake failed.
2071${server_name} the name of the server of the current outgoing SMTP
2072 connection.
2073${server_addr} the address of the server of the current outgoing SMTP
2074 connection.
2075
2076Relaying
2077
2078SMTP STARTTLS can allow relaying for senders who have successfully
2079authenticated themselves. This is done in the ruleset RelayAuth. If the
2080verification of the cert failed (${verify} != OK), relaying is subject to
2081the usual rules. Otherwise the DN of the issuer is looked up in the access
2082map using the tag CERTISSUER. If the resulting value is RELAY, relaying is
2083allowed. If it is SUBJECT, the DN of the cert subject is looked up next in
2084the access map. using the tag CERTSUBJECT. If the value is RELAY, relaying
2085is allowed.
2086
2087To make things a bit more flexible (or complicated), the values for
2088${cert_issuer} and ${cert_subject} can be optionally modified by regular
2089expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
2090_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
2091rulesets and map lookups, they are modified as follows: each non-printable
2092character and the characters '<', '>', '(', ')', '"', '+' are replaced by
2093their HEX value with a leading '+'. For example:
2094
2095/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
2096darth+cert@endmail.org
2097
2098is encoded as:
2099
2100/C=US/ST=California/O=endmail.org/OU=private/CN=
2101Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2102
2103(line breaks have been inserted for readability).
2104
2105Of course it is also possible to write a simple rulesets that allows
2106relaying for everyone who can present a cert that can be verified, e.g.,
2107
2108LOCAL_RULESETS
2109SLocal_check_rcpt
2110R$* $: $&{verify}
2111ROK $# OK
2112
2113Allowing Connections
2114
2115The rulesets tls_server and tls_client are used to decide whether an SMTP
2116connection is accepted (or should continue).
2117
2118tls_server is called when sendmail acts as client after a STARTTLS command
2119(should) have been issued. The parameter is the value of ${verify}.
2120
2121tls_client is called when sendmail acts as server, after a STARTTLS command
2122has been issued, and from check_mail. The parameter is the value of
2123${verify} and STARTTLS or MAIL, respectively.
2124
2125Both rulesets behave the same. If no access map is in use, the connection
2126will be accepted unless ${verify} is SOFTWARE, in which case the connection
2127is always aborted. Otherwise, ${client_name} (${server_name}) is looked
2128up in the access map using the tag TLS_Srv (or TLS_Clt), which is done
2129with the ruleset LookUpDomain. If no entry is found, ${client_addr}
2130(${server_addr}) is looked up in the access map (same tag, ruleset
2131LookUpAddr). If this doesn't result in an entry either, just the tag is
2132looked up in the access map (included the trailing :). The result of the
2133lookups is then used to call the ruleset tls_connection, which checks the
2134requirement specified by the RHS in the access map against the actual
2135parameters of the current TLS connection, esp. ${verify} and
2136${cipher_bits}. Legal RHSs in the access map are:
2137
2138VERIFY verification must have succeeded
2139VERIFY:bits verification must have succeeded and ${cipher_bits} must
2140 be greater than or equal bits.
2141ENCR:bits ${cipher_bits} must be greater than or equal bits.
2142
2143The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
2144or permanent error. The default is a temporary error code (403 4.7.0)
2145unless the macro TLS_PERM_ERR is set during generation of the .cf file.
2146
2147If a certain level of encryption is required, then it might also be
2148possible that this level is provided by the security layer from a SASL
2149algorithm, e.g., DIGEST-MD5.
2150
| 437 Normally MAIL_HUB is preferred for this function.
438 LOCAL_RELAY is mostly useful in conjunction with
439 FEATURE(stickyhost) -- see the discussion of
440 stickyhost below. If not set, they are assumed to
441 belong on this machine. This allows you to have a
442 central site to store a company- or department-wide
443 alias database. This only works at small sites,
444 and only with some user agents.
445LUSER_RELAY The site that will handle lusers -- that is, apparently
446 local names that aren't local accounts or aliases. To
447 specify a local user instead of a site, set this to
448 ``local:username''.
449
450Any of these can be either ``mailer:hostname'' (in which case the
451mailer is the internal mailer name, such as ``uucp-new'' and the hostname
452is the name of the host as appropriate for that mailer) or just a
453``hostname'', in which case a default mailer type (usually ``relay'',
454a variant on SMTP) is used. WARNING: if you have a wildcard MX
455record matching your domain, you probably want to define these to
456have a trailing dot so that you won't get the mail diverted back
457to yourself.
458
459The domain file can also be used to define a domain name, if needed
460(using "DD<domain>") and set certain site-wide features. If all hosts
461at your site masquerade behind one email name, you could also use
462MASQUERADE_AS here.
463
464You do not have to define a domain -- in particular, if you are a
465single machine sitting off somewhere, it is probably more work than
466it's worth. This is just a mechanism for combining "domain dependent
467knowledge" into one place.
468
469+---------+
470| MAILERS |
471+---------+
472
473There are fewer mailers supported in this version than the previous
474version, owing mostly to a simpler world. As a general rule, put the
475MAILER definitions last in your .mc file, and always put MAILER(`smtp')
476before MAILER(`uucp') and MAILER(`procmail') -- several features and
477definitions will modify the definition of mailers, and the smtp mailer
478modifies the UUCP mailer. Moreover, MAILER(`cyrus'), MAILER(`pop'),
479MAILER(`phquery'), and MAILER(`usenet') must be defined after
480MAILER(`local').
481
482local The local and prog mailers. You will almost always
483 need these; the only exception is if you relay ALL
484 your mail to another site. This mailer is included
485 automatically.
486
487smtp The Simple Mail Transport Protocol mailer. This does
488 not hide hosts behind a gateway or another other
489 such hack; it assumes a world where everyone is
490 running the name server. This file actually defines
491 five mailers: "smtp" for regular (old-style) SMTP to
492 other servers, "esmtp" for extended SMTP to other
493 servers, "smtp8" to do SMTP to other servers without
494 converting 8-bit data to MIME (essentially, this is
495 your statement that you know the other end is 8-bit
496 clean even if it doesn't say so), "dsmtp" to do on
497 demand delivery, and "relay" for transmission to the
498 RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
499
500uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
501 defines two mailers, "uucp-old" (a.k.a. "uucp") and
502 "uucp-new" (a.k.a. "suucp"). The latter is for when you
503 know that the UUCP mailer at the other end can handle
504 multiple recipients in one transfer. If the smtp mailer
505 is also included in your configuration, two other mailers
506 ("uucp-dom" and "uucp-uudom") are also defined [warning:
507 you MUST specify MAILER(smtp) before MAILER(uucp)]. When you
508 include the uucp mailer, sendmail looks for all names in
509 class {U} and sends them to the uucp-old mailer; all
510 names in class {Y} are sent to uucp-new; and all
511 names in class {Z} are sent to uucp-uudom. Note that
512 this is a function of what version of rmail runs on
513 the receiving end, and hence may be out of your control.
514 See the section below describing UUCP mailers in more
515 detail.
516
517usenet Usenet (network news) delivery. If this is specified,
518 an extra rule is added to ruleset 0 that forwards all
519 local email for users named ``group.usenet'' to the
520 ``inews'' program. Note that this works for all groups,
521 and may be considered a security problem.
522
523fax Facsimile transmission. This is experimental and based
524 on Sam Leffler's HylaFAX software. For more information,
525 see http://www.hylafax.org/.
526
527pop Post Office Protocol.
528
529procmail An interface to procmail (does not come with sendmail).
530 This is designed to be used in mailertables. For example,
531 a common question is "how do I forward all mail for a given
532 domain to a single person?". If you have this mailer
533 defined, you could set up a mailertable reading:
534
535 host.com procmail:/etc/procmailrcs/host.com
536
537 with the file /etc/procmailrcs/host.com reading:
538
539 :0 # forward mail for host.com
540 ! -oi -f $1 person@other.host
541
542 This would arrange for (anything)@host.com to be sent
543 to person@other.host. Within the procmail script, $1 is
544 the name of the sender and $2 is the name of the recipient.
545 If you use this with FEATURE(`local_procmail'), the FEATURE
546 should be listed first.
547
548mail11 The DECnet mail11 mailer, useful only if you have the mail11
549 program from gatekeeper.dec.com:/pub/DEC/gwtools (and
550 DECnet, of course). This is for Phase IV DECnet support;
551 if you have Phase V at your site you may have additional
552 problems.
553
554phquery The phquery program. This is somewhat counterintuitively
555 referenced as the "ph" mailer internally. It can be used
556 to do CCSO name server lookups. The phquery program, which
557 this mailer uses, is distributed with the ph client.
558
559cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to
560 a local cyrus user. this mailer can make use of the
561 "user+detail@local.host" syntax; it will deliver the mail to
562 the user's "detail" mailbox if the mailbox's ACL permits.
563 The cyrusbb mailer delivers to a system-wide cyrus mailbox
564 if the mailbox's ACL permits. The cyrus mailer must be
565 defined after the local mailer.
566
567qpage A mailer for QuickPage, a pager interface. See
568 http://www.qpage.org/ for further information.
569
570The local mailer accepts addresses of the form "user+detail", where
571the "+detail" is not used for mailbox matching but is available
572to certain local mail programs (in particular, see
573FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and
574"eric+sww" all indicate the same user, but additional arguments <null>,
575"sendmail", and "sww" may be provided for use in sorting mail.
576
577
578+----------+
579| FEATURES |
580+----------+
581
582Special features can be requested using the "FEATURE" macro. For
583example, the .mc line:
584
585 FEATURE(`use_cw_file')
586
587tells sendmail that you want to have it read an /etc/mail/local-host-names
588file to get values for class {w}. The FEATURE may contain up to 9
589optional parameters -- for example:
590
591 FEATURE(`mailertable', `dbm /usr/lib/mailertable')
592
593The default database map type for the table features can be set with
594
595 define(`DATABASE_MAP_TYPE', `dbm')
596
597which would set it to use ndbm databases. The default is the Berkeley DB
598hash database format. Note that you must still declare a database map type
599if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
600if no argument is given for the FEATURE. It must be specified before any
601feature that uses a map.
602
603Available features are:
604
605use_cw_file Read the file /etc/mail/local-host-names file to get
606 alternate names for this host. This might be used if you
607 were on a host that MXed for a dynamic set of other hosts.
608 If the set is static, just including the line "Cw<name1>
609 <name2> ..." (where the names are fully qualified domain
610 names) is probably superior. The actual filename can be
611 overridden by redefining confCW_FILE.
612
613use_ct_file Read the file /etc/mail/trusted-users file to get the
614 names of users that will be ``trusted'', that is, able to
615 set their envelope from address using -f without generating
616 a warning message. The actual filename can be overridden
617 by redefining confCT_FILE.
618
619redirect Reject all mail addressed to "address.REDIRECT" with
620 a ``551 User has moved; please try <address>'' message.
621 If this is set, you can alias people who have left
622 to their new address with ".REDIRECT" appended.
623
624nouucp Don't route UUCP addresses. This feature takes one
625 parameter:
626 `reject': reject addresses which have "!" in the local
627 part unless it originates from a system
628 that is allowed to relay.
629 `nospecial': don't do anything special with "!".
630 Warnings: 1. See the NOTICE in the ANTI-SPAM section.
631 2. don't remove "!" from OperatorChars if `reject' is
632 given as parameter.
633
634nocanonify Don't pass addresses to $[ ... $] for canonification
635 by default, i.e., host/domain names are considered canonical,
636 except for unqualified names, which must not be used in this
637 mode (violation of the standard). It can be changed by
638 setting the DaemonPortOptions modifiers (M=). That is,
639 FEATURE(`nocanonify') will be overridden by setting the
640 'c' flag. Conversely, if FEATURE(`nocanonify') is not used,
641 it can be emulated by setting the 'C' flag
642 (DaemonPortOptions=Modifiers=C). This would generally only
643 be used by sites that only act as mail gateways or which have
644 user agents that do full canonification themselves. You may
645 also want to use
646 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
647 the usual resolver options that do a similar thing.
648
649 An exception list for FEATURE(`nocanonify') can be
650 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
651 i.e., a list of domains which are nevertheless passed to
652 $[ ... $] for canonification. This is useful to turn on
653 canonification for local domains, e.g., use
654 CANONIFY_DOMAIN(`my.domain my') to canonify addresses
655 which end in "my.domain" or "my".
656 Another way to require canonification in the local
657 domain is CANONIFY_DOMAIN(`$=m').
658
659 A trailing dot is added to addresses with more than
660 one component in it such that other features which
661 expect a trailing dot (e.g., virtusertable) will
662 still work.
663
664 If `canonify_hosts' is specified as parameter, i.e.,
665 FEATURE(`nocanonify', `canonify_hosts'), then
666 addresses which have only a hostname, e.g.,
667 <user@host>, will be canonified (and hopefully fully
668 qualified), too.
669
670stickyhost This feature is sometimes used with LOCAL_RELAY,
671 although it can be used for a different effect with
672 MAIL_HUB.
673
674 When used without MAIL_HUB, email sent to
675 "user@local.host" are marked as "sticky" -- that
676 is, the local addresses aren't matched against UDB,
677 don't go through ruleset 5, and are not forwarded to
678 the LOCAL_RELAY (if defined).
679
680 With MAIL_HUB, mail addressed to "user@local.host"
681 is forwarded to the mail hub, with the envelope
682 address still remaining "user@local.host".
683 Without stickyhost, the envelope would be changed
684 to "user@mail_hub", in order to protect against
685 mailing loops.
686
687mailertable Include a "mailer table" which can be used to override
688 routing for particular domains (which are not in class {w},
689 i.e. local host names). The argument of the FEATURE may be
690 the key definition. If none is specified, the definition
691 used is:
692
693 hash /etc/mail/mailertable
694
695 Keys in this database are fully qualified domain names
696 or partial domains preceded by a dot -- for example,
697 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a
698 special case of the latter, "." matches any domain not
699 covered by other keys. Values must be of the form:
700 mailer:domain
701 where "mailer" is the internal mailer name, and "domain"
702 is where to send the message. These maps are not
703 reflected into the message header. As a special case,
704 the forms:
705 local:user
706 will forward to the indicated user using the local mailer,
707 local:
708 will forward to the original user in the e-mail address
709 using the local mailer, and
710 error:code message
711 error:D.S.N:code message
712 will give an error message with the indicated SMTP reply
713 code and message, where D.S.N is an RFC 1893 compliant
714 error code.
715
716domaintable Include a "domain table" which can be used to provide
717 domain name mapping. Use of this should really be
718 limited to your own domains. It may be useful if you
719 change names (e.g., your company changes names from
720 oldname.com to newname.com). The argument of the
721 FEATURE may be the key definition. If none is specified,
722 the definition used is:
723
724 hash /etc/mail/domaintable
725
726 The key in this table is the domain name; the value is
727 the new (fully qualified) domain. Anything in the
728 domaintable is reflected into headers; that is, this
729 is done in ruleset 3.
730
731bitdomain Look up bitnet hosts in a table to try to turn them into
732 internet addresses. The table can be built using the
733 bitdomain program contributed by John Gardiner Myers.
734 The argument of the FEATURE may be the key definition; if
735 none is specified, the definition used is:
736
737 hash /etc/mail/bitdomain
738
739 Keys are the bitnet hostname; values are the corresponding
740 internet hostname.
741
742uucpdomain Similar feature for UUCP hosts. The default map definition
743 is:
744
745 hash /etc/mail/uudomain
746
747 At the moment there is no automagic tool to build this
748 database.
749
750always_add_domain
751 Include the local host domain even on locally delivered
752 mail. Normally it is not added on unqualified names.
753 However, if you use a shared message store but do not use
754 the same user name space everywhere, you may need the host
755 name on local names.
756
757allmasquerade If masquerading is enabled (using MASQUERADE_AS), this
758 feature will cause recipient addresses to also masquerade
759 as being from the masquerade host. Normally they get
760 the local hostname. Although this may be right for
761 ordinary users, it can break local aliases. For example,
762 if you send to "localalias", the originating sendmail will
763 find that alias and send to all members, but send the
764 message with "To: localalias@masqueradehost". Since that
765 alias likely does not exist, replies will fail. Use this
766 feature ONLY if you can guarantee that the ENTIRE
767 namespace on your masquerade host supersets all the
768 local entries.
769
770limited_masquerade
771 Normally, any hosts listed in class {w} are masqueraded. If
772 this feature is given, only the hosts listed in class {M} (see
773 below: MASQUERADE_DOMAIN) are masqueraded. This is useful
774 if you have several domains with disjoint namespaces hosted
775 on the same machine.
776
777masquerade_entire_domain
778 If masquerading is enabled (using MASQUERADE_AS) and
779 MASQUERADE_DOMAIN (see below) is set, this feature will
780 cause addresses to be rewritten such that the masquerading
781 domains are actually entire domains to be hidden. All
782 hosts within the masquerading domains will be rewritten
783 to the masquerade name (used in MASQUERADE_AS). For example,
784 if you have:
785
786 MASQUERADE_AS(`masq.com')
787 MASQUERADE_DOMAIN(`foo.org')
788 MASQUERADE_DOMAIN(`bar.com')
789
790 then *foo.org and *bar.com are converted to masq.com. Without
791 this feature, only foo.org and bar.com are masqueraded.
792
793 NOTE: only domains within your jurisdiction and
794 current hierarchy should be masqueraded using this.
795
796genericstable This feature will cause unqualified addresses (i.e., without
797 a domain) and addresses with a domain listed in class {G}
798 to be looked up in a map and turned into another ("generic")
799 form, which can change both the domain name and the user name.
800 This is similar to the userdb functionality. The same types of
801 addresses as for masquerading are looked up, i.e., only header
802 sender addresses unless the allmasquerade and/or
803 masquerade_envelope features are given. Qualified addresses
804 must have the domain part in class {G}; entries can
805 be added to this class by the macros GENERICS_DOMAIN or
806 GENERICS_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
807 MASQUERADE_DOMAIN_FILE, see below).
808
809 The argument of FEATURE(`genericstable') may be the map
810 definition; the default map definition is:
811
812 hash /etc/mail/genericstable
813
814 The key for this table is either the full address, the domain
815 (with a leading @; the localpart is passed as first argument)
816 or the unqualified username (tried in the order mentioned);
817 the value is the new user address. If the new user address
818 does not include a domain, it will be qualified in the standard
819 manner, i.e., using $j or the masquerade name. Note that the
820 address being looked up must be fully qualified. For local
821 mail, it is necessary to use FEATURE(`always_add_domain')
822 for the addresses to be qualified.
823 The "+detail" of an address is passed as %1, so entries like
824
825 old+*@foo.org new+%1@example.com
826 gen+*@foo.org %1@example.com
827
828 and other forms are possible.
829
830generics_entire_domain
831 If the genericstable is enabled and GENERICS_DOMAIN or
832 GENERICS_DOMAIN_FILE is used, this feature will cause
833 addresses to be searched in the map if their domain
834 parts are subdomains of elements in class {G}.
835
836virtusertable A domain-specific form of aliasing, allowing multiple
837 virtual domains to be hosted on one machine. For example,
838 if the virtuser table contained:
839
840 info@foo.com foo-info
841 info@bar.com bar-info
842 joe@bar.com error:nouser No such user here
843 jax@bar.com error:D.S.N:unavailable Address invalid
844 @baz.org jane@example.net
845
846 then mail addressed to info@foo.com will be sent to the
847 address foo-info, mail addressed to info@bar.com will be
848 delivered to bar-info, and mail addressed to anyone at baz.org
849 will be sent to jane@example.net, mail to joe@bar.com will
850 be rejected with the specified error message, and mail to
851 jax@bar.com will also have a RFC 1893 compliant error code
852 D.S.N.
853
854 The username from the original address is passed
855 as %1 allowing:
856
857 @foo.org %1@example.com
858
859 meaning someone@foo.org will be sent to someone@example.com.
860 Additionally, if the local part consists of "user+detail"
861 then "detail" is passed as %2 when a match against user+*
862 is attempted, so entries like
863
864 old+*@foo.org new+%2@example.com
865 gen+*@foo.org %2@example.com
866 +*@foo.org %1+%2@example.com
867
868 and other forms are possible. Note: to preserve "+detail"
869 for a default case (@domain) +*@domain must be used as
870 exemplified above.
871
872 All the host names on the left hand side (foo.com, bar.com,
873 and baz.org) must be in class {w} or class {VirtHost}, the
874 latter can be defined by the macros VIRTUSER_DOMAIN or
875 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
876 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
877 VIRTUSER_DOMAIN_FILE is used, then the entries of class
878 {VirtHost} are added to class {R}, i.e., relaying is allowed
879 to (and from) those domains. The default map definition is:
880
881 hash /etc/mail/virtusertable
882
883 A new definition can be specified as the second argument of
884 the FEATURE macro, such as
885
886 FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
887
888virtuser_entire_domain
889 If the virtusertable is enabled and VIRTUSER_DOMAIN or
890 VIRTUSER_DOMAIN_FILE is used, this feature will cause
891 addresses to be searched in the map if their domain
892 parts are subdomains of elements in class {VirtHost}.
893
894ldap_routing Implement LDAP-based e-mail recipient routing according to
895 the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
896 This provides a method to re-route addresses with a
897 domain portion in class {LDAPRoute} to either a
898 different mail host or a different address. Hosts can
899 be added to this class using LDAPROUTE_DOMAIN and
900 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
901 MASQUERADE_DOMAIN_FILE, see below).
902
903 See the LDAP ROUTING section below for more information.
904
905nodns If you aren't running DNS at your site (for example,
906 you are UUCP-only connected). It's hard to consider
907 this a "feature", but hey, it had to go somewhere.
908 Actually, as of 8.7 this is a no-op -- remove "dns" from
909 the hosts service switch entry instead.
910
911nullclient This is a special case -- it creates a configuration file
912 containing nothing but support for forwarding all mail to a
913 central hub via a local SMTP-based network. The argument
914 is the name of that hub.
915
916 The only other feature that should be used in conjunction
917 with this one is FEATURE(`nocanonify'). No mailers
918 should be defined. No aliasing or forwarding is done.
919
920local_lmtp Use an LMTP capable local mailer. The argument to this
921 feature is the pathname of an LMTP capable mailer. By
922 default, mail.local is used. This is expected to be the
923 mail.local which came with the 8.9 distribution which is
924 LMTP capable. The path to mail.local is set by the
925 confEBINDIR m4 variable -- making the default
926 LOCAL_MAILER_PATH /usr/libexec/mail.local.
927 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
928 i.e., without respecting any definitions in an OSTYPE setting.
929
930local_procmail Use procmail or another delivery agent as the local mailer.
931 The argument to this feature is the pathname of the
932 delivery agent, which defaults to PROCMAIL_MAILER_PATH.
933 Note that this does NOT use PROCMAIL_MAILER_FLAGS or
934 PROCMAIL_MAILER_ARGS for the local mailer; tweak
935 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
936 specify the appropriate parameters. When procmail is used,
937 the local mailer can make use of the
938 "user+indicator@local.host" syntax; normally the +indicator
939 is just tossed, but by default it is passed as the -a
940 argument to procmail.
941
942 This feature can take up to three arguments:
943
944 1. Path to the mailer program
945 [default: /usr/local/bin/procmail]
946 2. Argument vector including name of the program
947 [default: procmail -Y -a $h -d $u]
948 3. Flags for the mailer [default: SPfhn9]
949
950 Empty arguments cause the defaults to be taken.
951
952 For example, this allows it to use the maildrop
953 (http://www.flounder.net/~mrsam/maildrop/) mailer instead
954 by specifying:
955
956 FEATURE(`local_procmail', `/usr/local/bin/maildrop',
957 `maildrop -d $u')
958
959 or scanmails using:
960
961 FEATURE(`local_procmail', `/usr/local/bin/scanmails')
962
963 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
964 i.e., without respecting any definitions in an OSTYPE setting.
965
966bestmx_is_local Accept mail as though locally addressed for any host that
967 lists us as the best possible MX record. This generates
968 additional DNS traffic, but should be OK for low to
969 medium traffic hosts. The argument may be a set of
970 domains, which will limit the feature to only apply to
971 these domains -- this will reduce unnecessary DNS
972 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
973 WILDCARD MX RECORDS!!! If you have a wildcard MX record
974 that matches your domain, you cannot use this feature.
975
976smrsh Use the SendMail Restricted SHell (smrsh) provided
977 with the distribution instead of /bin/sh for mailing
978 to programs. This improves the ability of the local
979 system administrator to control what gets run via
980 e-mail. If an argument is provided it is used as the
981 pathname to smrsh; otherwise, the path defined by
982 confEBINDIR is used for the smrsh binary -- by default,
983 /usr/libexec/smrsh is assumed.
984
985promiscuous_relay
986 By default, the sendmail configuration files do not permit
987 mail relaying (that is, accepting mail from outside your
988 local host (class {w}) and sending it to another host than
989 your local host). This option sets your site to allow
990 mail relaying from any site to any site. In almost all
991 cases, it is better to control relaying more carefully
992 with the access map, class {R}, or authentication. Domains
993 can be added to class {R} by the macros RELAY_DOMAIN or
994 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
995 MASQUERADE_DOMAIN_FILE, see below).
996
997relay_entire_domain
998 By default, only hosts listed as RELAY in the access db
999 will be allowed to relay. This option also allows any
1000 host in your domain as defined by class {m}.
1001
1002relay_hosts_only
1003 By default, names that are listed as RELAY in the access
1004 db and class {R} are domain names, not host names.
1005 For example, if you specify ``foo.com'', then mail to or
1006 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1007 will all be accepted for relaying. This feature changes
1008 the behaviour to lookup individual host names only.
1009
1010relay_based_on_MX
1011 Turns on the ability to allow relaying based on the MX
1012 records of the host portion of an incoming recipient; that
1013 is, if an MX record for host foo.com points to your site,
1014 you will accept and relay mail addressed to foo.com. See
1015 description below for more information before using this
1016 feature. Also, see the KNOWNBUGS entry regarding bestmx
1017 map lookups.
1018
1019 FEATURE(`relay_based_on_MX') does not necessarily allow
1020 routing of these messages which you expect to be allowed,
1021 if route address syntax (or %-hack syntax) is used. If
1022 this is a problem, add entries to the access-table or use
1023 FEATURE(`loose_relay_check').
1024
1025relay_mail_from
1026 Allows relaying if the mail sender is listed as RELAY in
1027 the access map. If an optional argument `domain' is given,
1028 the domain portion of the mail sender is checked too.
1029 This should only be used if absolutely necessary as the
1030 sender address can be easily forged. Use of this feature
1031 requires the "From:" tag be prepended to the key in the
1032 access map; see the discussion of tags and
1033 FEATURE(`relay_mail_from') in the section on ANTI-SPAM
1034 CONFIGURATION CONTROL.
1035
1036relay_local_from
1037 Allows relaying if the domain portion of the mail sender
1038 is a local host. This should only be used if absolutely
1039 necessary as it opens a window for spammers. Specifically,
1040 they can send mail to your mail server that claims to be
1041 from your domain (either directly or via a routed address),
1042 and you will go ahead and relay it out to arbitrary hosts
1043 on the Internet.
1044
1045accept_unqualified_senders
1046 Normally, MAIL FROM: commands in the SMTP session will be
1047 refused if the connection is a network connection and the
1048 sender address does not include a domain name. If your
1049 setup sends local mail unqualified (i.e., MAIL FROM: <joe>),
1050 you will need to use this feature to accept unqualified
1051 sender addresses. Setting the DaemonPortOptions modifier
1052 'u' overrides the default behavior, i.e., unqualified
1053 addresses are accepted even without this FEATURE.
1054 If this FEATURE is not used, the DaemonPortOptions modifier
1055 'f' can be used to enforce fully qualified addresses.
1056
1057accept_unresolvable_domains
1058 Normally, MAIL FROM: commands in the SMTP session will be
1059 refused if the host part of the argument to MAIL FROM:
1060 cannot be located in the host name service (e.g., an A or
1061 MX record in DNS). If you are inside a firewall that has
1062 only a limited view of the Internet host name space, this
1063 could cause problems. In this case you probably want to
1064 use this feature to accept all domains on input, even if
1065 they are unresolvable.
1066
1067access_db Turns on the access database feature. The access db gives
1068 you the ability to allow or refuse to accept mail from
1069 specified domains for administrative reasons. By default,
1070 the access database specification is:
1071
1072 hash /etc/mail/access
1073
1074 The format of the database is described in the anti-spam
1075 configuration control section later in this document.
1076
1077blacklist_recipients
1078 Turns on the ability to block incoming mail for certain
1079 recipient usernames, hostnames, or addresses. For
1080 example, you can block incoming mail to user nobody,
1081 host foo.mydomain.com, or guest@bar.mydomain.com.
1082 These specifications are put in the access db as
1083 described in the anti-spam configuration control section
1084 later in this document.
1085
1086delay_checks The rulesets check_mail and check_relay will not be called
1087 when a client connects or issues a MAIL command, respectively.
1088 Instead, those rulesets will be called by the check_rcpt
1089 ruleset; they will be skipped under certain circumstances.
1090 See "Delay all checks" in "ANTI-SPAM CONFIGURATION CONTROL".
1091
1092rbl This feature is deprecated! Please use dnsbl instead.
1093 Turns on rejection of hosts found in the Realtime Blackhole
1094 List. If an argument is provided it is used as the domain
1095 in which blocked hosts are listed; otherwise, the main RBL
1096 domain rbl.maps.vix.com is used (see NOTE below). For
1097 details, see http://maps.vix.com/rbl/.
1098
1099dnsbl Turns on rejection of hosts found in an DNS based rejection
1100 list. If an argument is provided it is used as the domain
1101 in which blocked hosts are listed; otherwise it defaults to
1102 blackholes.mail-abuse.org. An explanation for an DNS based
1103 rejection list can be found http://mail-abuse.org/rbl/. A
1104 second argument can be used to change the default error
1105 message of Mail from $&{client_addr} refused by blackhole site
1106 SERVER where SERVER is replaced by the first argument. This
1107 feature can be included several times to query different DNS
1108 based rejection lists.
1109
1110 NOTE: The default DNS blacklist, blackholes.mail-abuse.org,
1111 is a service offered by the Mail Abuse Prevention System
1112 (MAPS). As of July 31, 2001, MAPS is a subscription
1113 service, so using that network address won't work if you
1114 haven't subscribed. Contact MAPS to subscribe
1115 (http://mail-abuse.org/).
1116
1117loose_relay_check
1118 Normally, if % addressing is used for a recipient, e.g.
1119 user%site@othersite, and othersite is in class {R}, the
1120 check_rcpt ruleset will strip @othersite and recheck
1121 user@site for relaying. This feature changes that
1122 behavior. It should not be needed for most installations.
1123
1124no_default_msa Don't generate the default MSA daemon, i.e.,
1125 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1126 To define a MSA daemon with other parameters, use this
1127 FEATURE and introduce new settings via DAEMON_OPTIONS().
1128
1129+-------+
1130| HACKS |
1131+-------+
1132
1133Some things just can't be called features. To make this clear,
1134they go in the hack subdirectory and are referenced using the HACK
1135macro. These will tend to be site-dependent. The release
1136includes the Berkeley-dependent "cssubdomain" hack (that makes
1137sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
1138this is intended as a short-term aid while moving hosts into
1139subdomains.
1140
1141
1142+--------------------+
1143| SITE CONFIGURATION |
1144+--------------------+
1145
1146 *****************************************************
1147 * This section is really obsolete, and is preserved *
1148 * only for back compatibility. You should plan on *
1149 * using mailertables for new installations. In *
1150 * particular, it doesn't work for the newer forms *
1151 * of UUCP mailers, such as uucp-uudom. *
1152 *****************************************************
1153
1154Complex sites will need more local configuration information, such as
1155lists of UUCP hosts they speak with directly. This can get a bit more
1156tricky. For an example of a "complex" site, see cf/ucbvax.mc.
1157
1158The SITECONFIG macro allows you to indirectly reference site-dependent
1159configuration information stored in the siteconfig subdirectory. For
1160example, the line
1161
1162 SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
1163
1164reads the file uucp.ucbvax for local connection information. The
1165second parameter is the local name (in this case just "ucbvax" since
1166it is locally connected, and hence a UUCP hostname). The third
1167parameter is the name of both a macro to store the local name (in
1168this case, {U}) and the name of the class (e.g., {U}) in which to store
1169the host information read from the file. Another SITECONFIG line reads
1170
1171 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
1172
1173This says that the file uucp.ucbarpa contains the list of UUCP sites
1174connected to ucbarpa.Berkeley.EDU. Class {W} will be used to
1175store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
1176is, the name of the relay to which the hosts listed in uucp.ucbarpa
1177are connected. [The machine ucbarpa is gone now, but this
1178out-of-date configuration file has been left around to demonstrate
1179how you might do this.]
1180
1181Note that the case of SITECONFIG with a third parameter of ``U'' is
1182special; the second parameter is assumed to be the UUCP name of the
1183local site, rather than the name of a remote site, and the UUCP name
1184is entered into class {w} (the list of local hostnames) as $U.UUCP.
1185
1186The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
1187more than a sequence of SITE macros describing connectivity. For
1188example:
1189
1190 SITE(`cnmat')
1191 SITE(`sgi olympus')
1192
1193The second example demonstrates that you can use two names on the
1194same line; these are usually aliases for the same host (or are at
1195least in the same company).
1196
1197
1198+--------------------+
1199| USING UUCP MAILERS |
1200+--------------------+
1201
1202It's hard to get UUCP mailers right because of the extremely ad hoc
1203nature of UUCP addressing. These config files are really designed
1204for domain-based addressing, even for UUCP sites.
1205
1206There are four UUCP mailers available. The choice of which one to
1207use is partly a matter of local preferences and what is running at
1208the other end of your UUCP connection. Unlike good protocols that
1209define what will go over the wire, UUCP uses the policy that you
1210should do what is right for the other end; if they change, you have
1211to change. This makes it hard to do the right thing, and discourages
1212people from updating their software. In general, if you can avoid
1213UUCP, please do.
1214
1215The major choice is whether to go for a domainized scheme or a
1216non-domainized scheme. This depends entirely on what the other
1217end will recognize. If at all possible, you should encourage the
1218other end to go to a domain-based system -- non-domainized addresses
1219don't work entirely properly.
1220
1221The four mailers are:
1222
1223 uucp-old (obsolete name: "uucp")
1224 This is the oldest, the worst (but the closest to UUCP) way of
1225 sending messages accros UUCP connections. It does bangify
1226 everything and prepends $U (your UUCP name) to the sender's
1227 address (which can already be a bang path itself). It can
1228 only send to one address at a time, so it spends a lot of
1229 time copying duplicates of messages. Avoid this if at all
1230 possible.
1231
1232 uucp-new (obsolete name: "suucp")
1233 The same as above, except that it assumes that in one rmail
1234 command you can specify several recipients. It still has a
1235 lot of other problems.
1236
1237 uucp-dom
1238 This UUCP mailer keeps everything as domain addresses.
1239 Basically, it uses the SMTP mailer rewriting rules. This mailer
1240 is only included if MAILER(`smtp') is also specified.
1241
1242 Unfortunately, a lot of UUCP mailer transport agents require
1243 bangified addresses in the envelope, although you can use
1244 domain-based addresses in the message header. (The envelope
1245 shows up as the From_ line on UNIX mail.) So....
1246
1247 uucp-uudom
1248 This is a cross between uucp-new (for the envelope addresses)
1249 and uucp-dom (for the header addresses). It bangifies the
1250 envelope sender (From_ line in messages) without adding the
1251 local hostname, unless there is no host name on the address
1252 at all (e.g., "wolf") or the host component is a UUCP host name
1253 instead of a domain name ("somehost!wolf" instead of
1254 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
1255 is also specified.
1256
1257Examples:
1258
1259On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1260summarizes the sender rewriting for various mailers.
1261
1262Mailer sender rewriting in the envelope
1263------ ------ -------------------------
1264uucp-{old,new} wolf grasp!wolf
1265uucp-dom wolf wolf@grasp.insa-lyon.fr
1266uucp-uudom wolf grasp.insa-lyon.fr!wolf
1267
1268uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
1269uucp-dom wolf@fr.net wolf@fr.net
1270uucp-uudom wolf@fr.net fr.net!wolf
1271
1272uucp-{old,new} somehost!wolf grasp!somehost!wolf
1273uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
1274uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
1275
1276If you are using one of the domainized UUCP mailers, you really want
1277to convert all UUCP addresses to domain format -- otherwise, it will
1278do it for you (and probably not the way you expected). For example,
1279if you have the address foo!bar!baz (and you are not sending to foo),
1280the heuristics will add the @uucp.relay.name or @local.host.name to
1281this address. However, if you map foo to foo.host.name first, it
1282will not add the local hostname. You can do this using the uucpdomain
1283feature.
1284
1285
1286+-------------------+
1287| TWEAKING RULESETS |
1288+-------------------+
1289
1290For more complex configurations, you can define special rules.
1291The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1292the names. Any modifications made here are reflected in the header.
1293
1294A common use is to convert old UUCP addresses to SMTP addresses using
1295the UUCPSMTP macro. For example:
1296
1297 LOCAL_RULE_3
1298 UUCPSMTP(`decvax', `decvax.dec.com')
1299 UUCPSMTP(`research', `research.att.com')
1300
1301will cause addresses of the form "decvax!user" and "research!user"
1302to be converted to "user@decvax.dec.com" and "user@research.att.com"
1303respectively.
1304
1305This could also be used to look up hosts in a database map:
1306
1307 LOCAL_RULE_3
1308 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3
1309
1310This map would be defined in the LOCAL_CONFIG portion, as shown below.
1311
1312Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1313For example, new rules are needed to parse hostnames that you accept
1314via MX records. For example, you might have:
1315
1316 LOCAL_RULE_0
1317 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1318
1319You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1320pointing at this host; this rule catches the message and forwards it on
1321using UUCP.
1322
1323You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1324These rulesets are normally empty.
1325
1326A similar macro is LOCAL_CONFIG. This introduces lines added after the
1327boilerplate option setting but before rulesets. Do not declare rulesets in
1328the LOCAL_CONFIG section. It can be used to declare local database maps or
1329whatever. For example:
1330
1331 LOCAL_CONFIG
1332 Khostmap hash /etc/mail/hostmap
1333 Kyplocal nis -m hosts.byname
1334
1335
1336+---------------------------+
1337| MASQUERADING AND RELAYING |
1338+---------------------------+
1339
1340You can have your host masquerade as another using
1341
1342 MASQUERADE_AS(`host.domain')
1343
1344This causes mail being sent to be labeled as coming from the
1345indicated host.domain, rather than $j. One normally masquerades as
1346one of one's own subdomains (for example, it's unlikely that
1347Berkeley would choose to masquerade as an MIT site). This
1348behaviour is modified by a plethora of FEATUREs; in particular, see
1349masquerade_envelope, allmasquerade, limited_masquerade, and
1350masquerade_entire_domain.
1351
1352The masquerade name is not normally canonified, so it is important
1353that it be your One True Name, that is, fully qualified and not a
1354CNAME. However, if you use a CNAME, the receiving side may canonify
1355it for you, so don't think you can cheat CNAME mapping this way.
1356
1357Normally the only addresses that are masqueraded are those that come
1358from this host (that is, are either unqualified or in class {w}, the list
1359of local domain names). You can augment this list, which is realized
1360by class {M} using
1361
1362 MASQUERADE_DOMAIN(`otherhost.domain')
1363
1364The effect of this is that although mail to user@otherhost.domain
1365will not be delivered locally, any mail including any user@otherhost.domain
1366will, when relayed, be rewritten to have the MASQUERADE_AS address.
1367This can be a space-separated list of names.
1368
1369If these names are in a file, you can use
1370
1371 MASQUERADE_DOMAIN_FILE(`filename')
1372
1373to read the list of names from the indicated file (i.e., to add
1374elements to class {M}).
1375
1376To exempt hosts or subdomains from being masqueraded, you can use
1377
1378 MASQUERADE_EXCEPTION(`host.domain')
1379
1380This can come handy if you want to masquerade a whole domain
1381except for one (or a few) host(s).
1382
1383Normally only header addresses are masqueraded. If you want to
1384masquerade the envelope as well, use
1385
1386 FEATURE(`masquerade_envelope')
1387
1388There are always users that need to be "exposed" -- that is, their
1389internal site name should be displayed instead of the masquerade name.
1390Root is an example (which has been "exposed" by default prior to 8.10).
1391You can add users to this list using
1392
1393 EXPOSED_USER(`usernames')
1394
1395This adds users to class {E}; you could also use something like
1396
1397 FE/etc/mail/exposed-users
1398
1399You can also arrange to relay all unqualified names (that is, names
1400without @host) to a relay host. For example, if you have a central
1401email server, you might relay to that host so that users don't have
1402to have .forward files or aliases. You can do this using
1403
1404 define(`LOCAL_RELAY', `mailer:hostname')
1405
1406The ``mailer:'' can be omitted, in which case the mailer defaults to
1407"relay". There are some user names that you don't want relayed, perhaps
1408because of local aliases. A common example is root, which may be
1409locally aliased. You can add entries to this list using
1410
1411 LOCAL_USER(`usernames')
1412
1413This adds users to class {L}; you could also use something like
1414
1415 FL/etc/mail/local-users
1416
1417If you want all incoming mail sent to a centralized hub, as for a
1418shared /var/spool/mail scheme, use
1419
1420 define(`MAIL_HUB', `mailer:hostname')
1421
1422Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY
1423and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1424be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1425Note: there is a (long standing) bug which keeps this combination from
1426working for addresses of the form user+detail.
1427Names in class {L} will be delivered locally, so you MUST have aliases or
1428.forward files for them.
1429
1430For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1431FEATURE(`stickyhost'), the following combinations of settings will have the
1432indicated effects:
1433
1434email sent to.... eric eric@mastodon.CS.Berkeley.EDU
1435
1436LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally)
1437mail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
1438
1439MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1440mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done)
1441
1442Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1443MAIL_HUB set as above (no local aliasing) (aliasing done)
1444
1445If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1446MAIL_HUB act identically, with MAIL_HUB taking precedence.
1447
1448If you want all outgoing mail to go to a central relay site, define
1449SMART_HOST as well. Briefly:
1450
1451 LOCAL_RELAY applies to unqualified names (e.g., "eric").
1452 MAIL_HUB applies to names qualified with the name of the
1453 local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1454 SMART_HOST applies to names qualified with other hosts or
1455 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1456 or "eric@[127.0.0.1]").
1457
1458However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1459DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1460really want absolutely everything to go to a single central site you will
1461need to unset all the other relays -- or better yet, find or build a
1462minimal config file that does this.
1463
1464For duplicate suppression to work properly, the host name is best
1465specified with a terminal dot:
1466
1467 define(`MAIL_HUB', `host.domain.')
1468 note the trailing dot ---^
1469
1470
1471+--------------+
1472| LDAP ROUTING |
1473+--------------+
1474
1475FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
1476LDAP Schema for Intranet Mail Routing
1477(draft-lachman-laser-ldap-mail-routing-01). This feature enables
1478LDAP-based rerouting of a particular address to either a different host
1479or a different address. The LDAP lookup is first attempted on the full
1480address (e.g., user@example.com) and then on the domain portion
1481(e.g., @example.com). Be sure to setup your domain for LDAP routing using
1482LDAPROUTE_DOMAIN(), e.g.:
1483
1484 LDAPROUTE_DOMAIN(`example.com')
1485
1486By default, the feature will use the schemas as specified in the draft
1487and will not reject addresses not found by the LDAP lookup. However,
1488this behavior can be changed by giving additional arguments to the FEATURE()
1489command:
1490
1491 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>)
1492
1493where <mailHost> is a map definition describing how to lookup an alternative
1494mail host for a particular address; <mailRoutingAddress> is a map definition
1495describing how to lookup an alternative address for a particular address; and
1496the <bounce> argument, if present and not the word "passthru", dictates
1497that mail should be bounced if neither a mailHost nor mailRoutingAddress
1498is found.
1499
1500The default <mailHost> map definition is:
1501
1502 ldap -1 -v mailHost -k (&(objectClass=inetLocalMailRecipient)
1503 (mailLocalAddress=%0))
1504
1505The default <mailRoutingAddress> map definition is:
1506
1507 ldap -1 -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient)
1508 (mailLocalAddress=%0))
1509
1510Note that neither includes the LDAP server hostname (-h server) or base DN
1511(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
1512your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
1513these settings. If this is not the case, the map definitions should be
1514changed as described above.
1515
1516The following possibilities exist as a result of an LDAP lookup on an
1517address:
1518
1519 mailHost is mailRoutingAddress is Results in
1520 ----------- --------------------- ----------
1521 set to a set mail delivered to
1522 "local" host mailRoutingAddress
1523
1524 set to a not set delivered to
1525 "local" host original address
1526
1527 set to a set mailRoutingAddress
1528 remote host relayed to mailHost
1529
1530 set to a not set original address
1531 remote host relayed to mailHost
1532
1533 not set set mail delivered to
1534 mailRoutingAddress
1535
1536 not set not set delivered to
1537 original address *OR*
1538 bounced as unknown user
1539
1540The term "local" host above means the host specified is in class {w}.
1541Note that the last case depends on whether the third argument is given
1542to the FEATURE() command. The default is to deliver the message to the
1543original address.
1544
1545The LDAP entries should be set up with an objectClass of
1546inetLocalMailRecipient and the address be listed in a mailLocalAddress
1547attribute. If present, there must be only one mailHost attribute and it
1548must contain a fully qualified host name as its value. Similarly, if
1549present, there must be only one mailRoutingAddress attribute and it must
1550contain an RFC 822 compliant address. Some example LDAP records (in ldif
1551format):
1552
1553 dn: uid=tom, o=example.com, c=US
1554 objectClass: inetLocalMailRecipient
1555 mailLocalAddress: tom@example.com
1556 mailRoutingAddress: thomas@mailhost.example.com
1557
1558This would deliver mail for tom@example.com to thomas@mailhost.example.com.
1559
1560 dn: uid=dick, o=example.com, c=US
1561 objectClass: inetLocalMailRecipient
1562 mailLocalAddress: dick@example.com
1563 mailHost: eng.example.com
1564
1565This would relay mail for dick@example.com to the same address but redirect
1566the mail to MX records listed for the host eng.example.com.
1567
1568 dn: uid=harry, o=example.com, c=US
1569 objectClass: inetLocalMailRecipient
1570 mailLocalAddress: harry@example.com
1571 mailHost: mktmail.example.com
1572 mailRoutingAddress: harry@mkt.example.com
1573
1574This would relay mail for harry@example.com to the MX records listed for
1575the host mktmail.example.com using the new address harry@mkt.example.com
1576when talking to that host.
1577
1578 dn: uid=virtual.example.com, o=example.com, c=US
1579 objectClass: inetLocalMailRecipient
1580 mailLocalAddress: @virtual.example.com
1581 mailHost: server.example.com
1582 mailRoutingAddress: virtual@example.com
1583
1584This would send all mail destined for any username @virtual.example.com to
1585the machine server.example.com's MX servers and deliver to the address
1586virtual@example.com on that relay machine.
1587
1588
1589+---------------------------------+
1590| ANTI-SPAM CONFIGURATION CONTROL |
1591+---------------------------------+
1592
1593The primary anti-spam features available in sendmail are:
1594
1595* Relaying is denied by default.
1596* Better checking on sender information.
1597* Access database.
1598* Header checks.
1599
1600Relaying (transmission of messages from a site outside your host (class
1601{w}) to another site except yours) is denied by default. Note that this
1602changed in sendmail 8.9; previous versions allowed relaying by default.
1603If you really want to revert to the old behaviour, you will need to use
1604FEATURE(`promiscuous_relay'). You can allow certain domains to relay
1605through your server by adding their domain name or IP address to class
1606{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
1607(described below). The file consists (like any other file based class)
1608of entries listed on separate lines, e.g.,
1609
1610 sendmail.org
1611 128.32
1612 1:2:3:4:5:6:7
1613 host.mydomain.com
1614
1615If you use
1616
1617 FEATURE(`relay_entire_domain')
1618
1619then any host in any of your local domains (that is, class {m})
1620will be relayed (that is, you will accept mail either to or from any
1621host in your domain).
1622
1623You can also allow relaying based on the MX records of the host
1624portion of an incoming recipient address by using
1625
1626 FEATURE(`relay_based_on_MX')
1627
1628For example, if your server receives a recipient of user@domain.com
1629and domain.com lists your server in its MX records, the mail will be
1630accepted for relay to domain.com. Note that this will stop spammers
1631from using your host to relay spam but it will not stop outsiders from
1632using your server as a relay for their site (that is, they set up an
1633MX record pointing to your mail server, and you will relay mail addressed
1634to them without any prior arrangement). Along the same lines,
1635
1636 FEATURE(`relay_local_from')
1637
1638will allow relaying if the sender specifies a return path (i.e.
1639MAIL FROM: <user@domain>) domain which is a local domain. This a
1640dangerous feature as it will allow spammers to spam using your mail
1641server by simply specifying a return address of user@your.domain.com.
1642It should not be used unless absolutely necessary.
1643A slightly better solution is
1644
1645 FEATURE(`relay_mail_from')
1646
1647which allows relaying if the mail sender is listed as RELAY in the
1648access map. If an optional argument `domain' is given, the domain
1649portion of the mail sender is also checked to allowing relaying.
1650This option only works together with the tag From: for the LHS of
1651the access map entries (see below: Finer control...).
1652
1653
1654If source routing is used in the recipient address (i.e.
1655RCPT TO: <user%site.com@othersite.com>), sendmail will check
1656user@site.com for relaying if othersite.com is an allowed relay host
1657in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
1658or the access database if FEATURE(`access_db') is used. To prevent
1659the address from being stripped down, use:
1660
1661 FEATURE(`loose_relay_check')
1662
1663If you think you need to use this feature, you probably do not. This
1664should only be used for sites which have no control over the addresses
1665that they provide a gateway for. Use this FEATURE with caution as it
1666can allow spammers to relay through your server if not setup properly.
1667
1668NOTICE: It is possible to relay mail through a system which the anti-relay
1669rules do not prevent: the case of a system that does use FEATURE(`nouucp',
1670`nospecial') (system A) and relays local messages to a mail hub (e.g., via
1671LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use
1672FEATURE(`nouucp') at all, addresses of the form
1673<example.net!user@local.host> would be relayed to <user@example.net>.
1674System A doesn't recognize `!' as an address separator and therefore
1675forwards it to the mail hub which in turns relays it because it came from
1676a trusted local host. So if a mailserver allows UUCP (bang-format)
1677addresses, all systems from which it allows relaying should do the same
1678or reject those addresses.
1679
1680As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
1681an unresolvable domain (i.e., one that DNS, your local name service,
1682or special case rules in ruleset 3 cannot locate). If you want to
1683continue to accept such domains, e.g., because you are inside a
1684firewall that has only a limited view of the Internet host name space
1685(note that you will not be able to return mail to them unless you have
1686some "smart host" forwarder), use
1687
1688 FEATURE(`accept_unresolvable_domains')
1689
1690sendmail will also refuse mail if the MAIL FROM: parameter is not
1691fully qualified (i.e., contains a domain as well as a user). If you
1692want to continue to accept such senders, use
1693
1694 FEATURE(`accept_unqualified_senders')
1695
1696Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
1697i.e., unqualified addresses are accepted even without this FEATURE. If
1698this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
1699to enforce fully qualified addresses.
1700
1701An ``access'' database can be created to accept or reject mail from
1702selected domains. For example, you may choose to reject all mail
1703originating from known spammers. To enable such a database, use
1704
1705 FEATURE(`access_db')
1706
1707The FEATURE macro can accept a second parameter giving the key file
1708definition for the database; for example
1709
1710 FEATURE(`access_db', `hash /etc/mail/access')
1711
1712Remember, since /etc/mail/access is a database, after creating the text
1713file as described below, you must use makemap to create the database
1714map. For example:
1715
1716 makemap hash /etc/mail/access < /etc/mail/access
1717
1718The table itself uses e-mail addresses, domain names, and network
1719numbers as keys. For example,
1720
1721 spammer@aol.com REJECT
1722 cyberspammer.com REJECT
1723 192.168.212 REJECT
1724
1725would refuse mail from spammer@aol.com, any user from cyberspammer.com
1726(or any host within the cyberspammer.com domain), and any host on the
1727192.168.212.* network.
1728
1729The value part of the map can contain:
1730
1731 OK Accept mail even if other rules in the
1732 running ruleset would reject it, for example,
1733 if the domain name is unresolvable.
1734 RELAY Accept mail addressed to the indicated domain or
1735 received from the indicated domain for relaying
1736 through your SMTP server. RELAY also serves as
1737 an implicit OK for the other checks.
1738 REJECT Reject the sender or recipient with a general
1739 purpose message.
1740 DISCARD Discard the message completely using the
1741 $#discard mailer. If it is used in check_compat,
1742 it affects only the designated recipient, not
1743 the whole message as it does in all other cases.
1744 This should only be used if really necessary.
1745 ### any text where ### is an RFC 821 compliant error code and
1746 "any text" is a message to return for the command.
1747 The string should be quoted to avoid surprises,
1748 e.g., sendmail may remove spaces otherwise.
1749 ERROR:### any text
1750 as above, but useful to mark error messages as such.
1751 ERROR:D.S.N:### any text
1752 where D.S.N is an RFC 1893 compliant error code
1753 and the rest as above.
1754
1755For example:
1756
1757 cyberspammer.com ERROR:"550 We don't accept mail from spammers"
1758 okay.cyberspammer.com OK
1759 sendmail.org RELAY
1760 128.32 RELAY
1761 1:2:3:4:5:6:7 RELAY
1762 [127.0.0.3] OK
1763 [1:2:3:4:5:6:7:8] OK
1764
1765would accept mail from okay.cyberspammer.com, but would reject mail from
1766all other hosts at cyberspammer.com with the indicated message. It would
1767allow relaying mail from and to any hosts in the sendmail.org domain, and
1768allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:*
1769network. The latter two entries are for checks against ${client_name} if
1770the IP address doesn't resolve to a hostname (or is considered as "may be
1771forged").
1772
1773Warning: if you change the RFC 821 compliant error code from the default
1774value of 550, then you should probably also change the RFC 1893 compliant
1775error code to match it. For example, if you use
1776
1777 user@example.com 450 mailbox full
1778
1779the error returned would be "450 4.0.0 mailbox full" which is wrong.
1780Use "450 4.2.2 mailbox full" or "ERROR:4.2.2:450 mailbox full"
1781instead.
1782
1783Note, UUCP users may need to add hostname.UUCP to the access database
1784or class {R}. If you also use:
1785
1786 FEATURE(`relay_hosts_only')
1787
1788then the above example will allow relaying for sendmail.org, but not
1789hosts within the sendmail.org domain. Note that this will also require
1790hosts listed in class {R} to be fully qualified host names.
1791
1792You can also use the access database to block sender addresses based on
1793the username portion of the address. For example:
1794
1795 FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted
1796
1797Note that you must include the @ after the username to signify that
1798this database entry is for checking only the username portion of the
1799sender address.
1800
1801If you use:
1802
1803 FEATURE(`blacklist_recipients')
1804
1805then you can add entries to the map for local users, hosts in your
1806domains, or addresses in your domain which should not receive mail:
1807
1808 badlocaluser@ ERROR:550 Mailbox disabled for this username
1809 host.mydomain.com ERROR:550 That host does not accept mail
1810 user@otherhost.mydomain.com ERROR:550 Mailbox disabled for this recipient
1811
1812This would prevent a recipient of badlocaluser@mydomain.com, any
1813user at host.mydomain.com, and the single address
1814user@otherhost.mydomain.com from receiving mail. Please note: a
1815local username must be now tagged with an @ (this is consistent
1816with the check of the sender address, and hence it is possible to
1817distinguish between hostnames and usernames). Enabling this feature
1818will keep you from sending mails to all addresses that have an
1819error message or REJECT as value part in the access map. Taking
1820the example from above:
1821
1822 spammer@aol.com REJECT
1823 cyberspammer.com REJECT
1824
1825Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
1826
1827There is also a ``Realtime Blackhole List'' run by the MAPS project
1828at http://maps.vix.com/. This is a database maintained in DNS of
1829spammers. To use this database, use
1830
1831 FEATURE(`dnsbl')
1832
1833This will cause sendmail to reject mail from any site in the
1834Realtime Blackhole List database. This default DNS blacklist,
1835blackholes.mail-abuse.org, is a service offered by the Mail Abuse
1836Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription
1837service, so using that network address won't work if you haven't
1838subscribed. Contact MAPS to subscribe (http://mail-abuse.org/).
1839
1840You can specify an alternative RBL server to check by specifying an
1841argument to the FEATURE. The default error message is
1842
1843You can specify an alternative RBL domain to check by specifying an
1844argument to the FEATURE. The default error message is
1845
1846 Mail from $&{client_addr} refused by blackhole site DOMAIN
1847
1848where DOMAIN is the first argument of the feature. A second argument
1849can be used to specify a different text. This FEATURE can be
1850included several times to query different DNS based rejection lists,
1851e.g., the dial-up user list (see http://maps.vix.com/dul/).
1852
1853The features described above make use of the check_relay, check_mail,
1854and check_rcpt rulesets. If you wish to include your own checks,
1855you can put your checks in the rulesets Local_check_relay,
1856Local_check_mail, and Local_check_rcpt. For example if you wanted to
1857block senders with all numeric usernames (i.e. 2312343@bigisp.com),
1858you would use Local_check_mail and the new regex map:
1859
1860 LOCAL_CONFIG
1861 Kallnumbers regex -a@MATCH ^[0-9]+$
1862
1863 LOCAL_RULESETS
1864 SLocal_check_mail
1865 # check address against various regex checks
1866 R$* $: $>Parse0 $>3 $1
1867 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $)
1868 R@MATCH $#error $: 553 Header Error
1869
1870These rules are called with the original arguments of the corresponding
1871check_* ruleset. If the local ruleset returns $#OK, no further checking
1872is done by the features described above and the mail is accepted. If the
1873local ruleset resolves to a mailer (such as $#error or $#discard), the
1874appropriate action is taken. Otherwise, the results of the local
1875rewriting are ignored.
1876
1877Finer control by using tags for the LHS of the access map
1878
1879Read this section only if the options listed so far are not sufficient
1880for your purposes. There is now the option to tag entries in the
1881access map according to their type. Three tags are available:
1882
1883 Connect: connection information (${client_addr}, ${client_name})
1884 From: envelope sender
1885 To: envelope recipient
1886
1887If the required item is looked up in a map, it will be tried first
1888with the corresponding tag in front, then (as fallback to enable
1889backward compatibility) without any tag. For example,
1890
1891 From:spammer@some.dom REJECT
1892 To:friend.domain RELAY
1893 Connect:friend.domain OK
1894 Connect:from.domain RELAY
1895 From:good@another.dom OK
1896 From:another.dom REJECT
1897
1898This would deny mails from spammer@some.dom but you could still
1899send mail to that address even if FEATURE(`blacklist_recipients')
1900is enabled. Your system will allow relaying to friend.domain, but
1901not from it (unless enabled by other means). Connections from that
1902domain will be allowed even if it ends up in one of the DNS based
1903rejection lists. Relaying is enabled from from.domain but not to
1904it (since relaying is based on the connection information for
1905outgoing relaying, the tag Connect: must be used; for incoming
1906relaying, which is based on the recipient address, To: must be
1907used). The last two entries allow mails from good@another.dom but
1908reject mail from all other addresses with another.dom as domain
1909part.
1910
1911Delay all checks
1912
1913By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
1914will not be called when a client connects or issues a MAIL command,
1915respectively. Instead, those rulesets will be called by the check_rcpt
1916ruleset; they will be skipped if a sender has been authenticated using
1917a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
1918If check_mail returns an error then the RCPT TO command will be rejected
1919with that error. If it returns some other result starting with $# then
1920check_relay will be skipped. If the sender address (or a part of it) is
1921listed in the access map and it has a RHS of OK or RELAY, then check_relay
1922will be skipped. This has an interesting side effect: if your domain is
1923my.domain and you have
1924
1925 my.domain RELAY
1926
1927in the access map, then all e-mail with a sender address of
1928<user@my.domain> gets through, even if check_relay would reject it
1929(e.g., based on the hostname or IP address). This allows spammers
1930to get around DNS based blacklist by faking the sender address. To
1931avoid this problem you have to use tagged entries:
1932
1933 To:my.domain RELAY
1934 Connect:my.domain RELAY
1935
1936if you need those entries at all (class {R} may take care of them).
1937
1938FEATURE(`delay_checks') can take an optional argument:
1939
1940 FEATURE(`delay_checks', `friend')
1941 enables spamfriend test
1942 FEATURE(`delay_checks', `hater')
1943 enables spamhater test
1944
1945If such an argument is given, the recipient will be looked up in the access
1946map (using the tag To:). If the argument is `friend', then the other
1947rulesets will be skipped if the recipient address is found and has RHS
1948spamfriend. If the argument is `hater', then the other rulesets will be
1949applied if the recipient address is found and has RHS spamhater.
1950
1951This allows for simple exceptions from the tests, e.g., by activating
1952the spamfriend option and having
1953
1954 To:abuse@ SPAMFRIEND
1955
1956in the access map, mail to abuse@localdomain will get through. It is
1957also possible to specify a full address or an address with +detail:
1958
1959 To:abuse@abuse.my.domain SPAMFRIEND
1960 To:me+abuse@ SPAMFRIEND
1961
1962
1963Header Checks
1964
1965You can also reject mail on the basis of the contents of headers.
1966This is done by adding a ruleset call to the 'H' header definition command
1967in sendmail.cf. For example, this can be used to check the validity of
1968a Message-ID: header:
1969
1970 LOCAL_RULESETS
1971 HMessage-Id: $>CheckMessageId
1972
1973 SCheckMessageId
1974 R< $+ @ $+ > $@ OK
1975 R$* $#error $: 553 Header Error
1976
1977The alternative format:
1978
1979 HSubject: $>+CheckSubject
1980
1981that is, $>+ instead of $>, gives the full Subject: header including
1982comments to the ruleset (comments in parentheses () are stripped
1983by default).
1984
1985A default ruleset for headers which don't have a specific ruleset
1986defined for them can be given by:
1987
1988 H*: $>CheckHdr
1989
1990Notice: All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
1991That may cause problems with simple header checks due to the
1992tokenization. It might be simpler to use a regex map and apply it
1993to $&{currHeader}.
1994
1995After all of the headers are read, the check_eoh ruleset will be called for
1996any final header-related checks. The ruleset is called with the number of
1997headers and the size of all of the headers in bytes separated by $|. One
1998example usage is to reject messages which do not have a Message-Id:
1999header. However, the Message-Id: header is *NOT* a required header and is
2000not a guaranteed spam indicator. This ruleset is an example and should
2001probably not be used in production.
2002
2003 LOCAL_CONFIG
2004 Kstorage macro
2005
2006 LOCAL_RULESETS
2007 HMessage-Id: $>CheckMessageId
2008
2009 SCheckMessageId
2010 # Record the presence of the header
2011 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
2012 R< $+ @ $+ > $@ OK
2013 R$* $#error $: 553 Header Error
2014
2015 Scheck_eoh
2016 # Check the macro
2017 R$* $: < $&{MessageIdCheck} >
2018 # Clear the macro for the next message
2019 R$* $: $(storage {MessageIdCheck} $) $1
2020 # Has a Message-Id: header
2021 R< $+ > $@ OK
2022 # Allow missing Message-Id: from local mail
2023 R$* $: < $&{client_name} >
2024 R< > $@ OK
2025 R< $=w > $@ OK
2026 # Otherwise, reject the mail
2027 R$* $#error $: 553 Header Error
2028
2029+----------+
2030| STARTTLS |
2031+----------+
2032
2033In this text, cert will be used as an abreviation for X.509 certificate,
2034DN is the distinguished name of a cert, and CA is a certification authority.
2035
2036For STARTTLS to be offered by sendmail you need to set at least
2037this variables (the file names and paths are just examples):
2038
2039 define(`confCACERT_PATH', `/etc/mail/certs/')
2040 define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
2041 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
2042 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
2043
2044On systems which do not have the compile flag HASURANDOM set (see
2045sendmail/README) you also must set confRAND_FILE.
2046
2047See doc/op/op.{me,ps} for more information about these options,
2048esp. the sections ``Certificates for STARTTLS'' and ``PRNG for
2049STARTTLS''.
2050
2051Macros related to STARTTLS are:
2052
2053${cert_issuer} holds the DN of the CA (the cert issuer).
2054${cert_subject} holds the DN of the cert (called the cert subject).
2055${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
2056 SSLv3, SSLv2.
2057${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
2058 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
2059${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
2060 used for the connection.
2061${verify} holds the result of the verification of the presented cert. Possible
2062 values are:
2063 OK verification succeeded.
2064 NO no cert presented.
2065 FAIL cert presented but could not be verified, e.g., the signing
2066 CA is missing.
2067 NONE STARTTLS has not been performed.
2068 TEMP temporary error occurred.
2069 PROTOCOL some protocol error occurred.
2070 SOFTWARE STARTTLS handshake failed.
2071${server_name} the name of the server of the current outgoing SMTP
2072 connection.
2073${server_addr} the address of the server of the current outgoing SMTP
2074 connection.
2075
2076Relaying
2077
2078SMTP STARTTLS can allow relaying for senders who have successfully
2079authenticated themselves. This is done in the ruleset RelayAuth. If the
2080verification of the cert failed (${verify} != OK), relaying is subject to
2081the usual rules. Otherwise the DN of the issuer is looked up in the access
2082map using the tag CERTISSUER. If the resulting value is RELAY, relaying is
2083allowed. If it is SUBJECT, the DN of the cert subject is looked up next in
2084the access map. using the tag CERTSUBJECT. If the value is RELAY, relaying
2085is allowed.
2086
2087To make things a bit more flexible (or complicated), the values for
2088${cert_issuer} and ${cert_subject} can be optionally modified by regular
2089expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
2090_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
2091rulesets and map lookups, they are modified as follows: each non-printable
2092character and the characters '<', '>', '(', ')', '"', '+' are replaced by
2093their HEX value with a leading '+'. For example:
2094
2095/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
2096darth+cert@endmail.org
2097
2098is encoded as:
2099
2100/C=US/ST=California/O=endmail.org/OU=private/CN=
2101Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2102
2103(line breaks have been inserted for readability).
2104
2105Of course it is also possible to write a simple rulesets that allows
2106relaying for everyone who can present a cert that can be verified, e.g.,
2107
2108LOCAL_RULESETS
2109SLocal_check_rcpt
2110R$* $: $&{verify}
2111ROK $# OK
2112
2113Allowing Connections
2114
2115The rulesets tls_server and tls_client are used to decide whether an SMTP
2116connection is accepted (or should continue).
2117
2118tls_server is called when sendmail acts as client after a STARTTLS command
2119(should) have been issued. The parameter is the value of ${verify}.
2120
2121tls_client is called when sendmail acts as server, after a STARTTLS command
2122has been issued, and from check_mail. The parameter is the value of
2123${verify} and STARTTLS or MAIL, respectively.
2124
2125Both rulesets behave the same. If no access map is in use, the connection
2126will be accepted unless ${verify} is SOFTWARE, in which case the connection
2127is always aborted. Otherwise, ${client_name} (${server_name}) is looked
2128up in the access map using the tag TLS_Srv (or TLS_Clt), which is done
2129with the ruleset LookUpDomain. If no entry is found, ${client_addr}
2130(${server_addr}) is looked up in the access map (same tag, ruleset
2131LookUpAddr). If this doesn't result in an entry either, just the tag is
2132looked up in the access map (included the trailing :). The result of the
2133lookups is then used to call the ruleset tls_connection, which checks the
2134requirement specified by the RHS in the access map against the actual
2135parameters of the current TLS connection, esp. ${verify} and
2136${cipher_bits}. Legal RHSs in the access map are:
2137
2138VERIFY verification must have succeeded
2139VERIFY:bits verification must have succeeded and ${cipher_bits} must
2140 be greater than or equal bits.
2141ENCR:bits ${cipher_bits} must be greater than or equal bits.
2142
2143The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
2144or permanent error. The default is a temporary error code (403 4.7.0)
2145unless the macro TLS_PERM_ERR is set during generation of the .cf file.
2146
2147If a certain level of encryption is required, then it might also be
2148possible that this level is provided by the security layer from a SASL
2149algorithm, e.g., DIGEST-MD5.
2150
|
2152connection. e-mail received from hosts within the laptop.example.com domain
2153should only be accepted if they have been authenticated.
2154TLS_Srv:secure.example.com ENCR:112
2155TLS_Clt:laptop.example.com PERM+VERIFY:112
2156
2157Notice: requiring that e-mail is sent to a server only encrypted,
2158e.g., via
2159
2160TLS_Srv:secure.domain ENCR:112
2161
2162doesn't necessarily mean that e-mail sent to that domain is encrypted.
2163If the domain has multiple MX servers, e.g.,
2164
2165secure.domain. IN MX 10 mail.secure.domain.
2166secure.domain. IN MX 50 mail.other.domain.
2167
2168then mail to user@secure.domain may go unencrypted to mail.other.domain.
2169
2170
2171Received: Header
2172
2173The Received: header reveals whether STARTTLS has been used. It contains an
2174extra line:
2175
2176(using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify})
2177
2178+---------------------+
2179| SMTP AUTHENTICATION |
2180+---------------------+
2181
2182The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
2183used in anti-relay rulesets to allow relaying for those users that
2184authenticated themselves. A very simple example is:
2185
2186SLocal_check_rcpt
2187R$* $: $&{auth_type}
2188R$+ $# OK
2189
2190which checks whether a user has successfully authenticated using
2191any available mechanism. Depending on the setup of the CYRUS SASL
2192library, more sophisticated rulesets might be required, e.g.,
2193
2194SLocal_check_rcpt
2195R$* $: $&{auth_type} $| $&{auth_authen}
2196RDIGEST-MD5 $| $+@$=w $# OK
2197
2198to allow relaying for users that authenticated using DIGEST-MD5
2199and have an identity in the local domains.
2200
2201The ruleset Strust_auth is used to determine whether a given AUTH=
2202parameter (that is passed to this ruleset) should be trusted. This
2203ruleset may make use of the other ${auth_*} macros. Only if the
2204ruleset resolves to the error mailer, the AUTH= parameter is not
2205trusted. A user supplied ruleset Local_trust_auth can be written
2206to modify the default behavior, which only trust the AUTH=
2207parameter if it is identical to the authenticated user.
2208
2209Per default, relaying is allowed for any user who authenticated
2210via a "trusted" mechanism, i.e., one that is defined via
2211TRUST_AUTH_MECH(`list of mechanisms')
2212For example:
2213TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
2214
2215If the selected mechanism provides a security layer the number of
2216bits used for the key of the symmetric cipher is stored in the
2217macro ${auth_ssf}.
2218
2219+--------------------------------+
2220| ADDING NEW MAILERS OR RULESETS |
2221+--------------------------------+
2222
2223Sometimes you may need to add entirely new mailers or rulesets. They
2224should be introduced with the constructs MAILER_DEFINITIONS and
2225LOCAL_RULESETS respectively. For example:
2226
2227 MAILER_DEFINITIONS
2228 Mmymailer, ...
2229 ...
2230
2231 LOCAL_RULESETS
2232 Smyruleset
2233 ...
2234
2235
2236#if _FFR_MILTER
2237+-------------------------+
2238| ADDING NEW MAIL FILTERS |
2239+-------------------------+
2240
2241Sendmail supports mail filters to filter incoming SMTP messages according
2242to the "Sendmail Mail Filter API" documentation. These filters can be
2243configured in your mc file using the two commands:
2244
2245 MAIL_FILTER(`name', `equates')
2246 INPUT_MAIL_FILTER(`name', `equates')
2247
2248The first command, MAIL_FILTER(), simply defines a filter with the given
2249name and equates. For example:
2250
2251 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2252
2253This creates the equivalent sendmail.cf entry:
2254
2255 Xarchive, S=local:/var/run/archivesock, F=R
2256
2257The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
2258but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
2259of the filter such that the filter will actually be called by sendmail.
2260
2261For example, the two commands:
2262
2263 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2264 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2265
2266are equivalent to the three commands:
2267
2268 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2269 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2270 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
2271
2272In general, INPUT_MAIL_FILTER() should be used unless you need to define
2273more filters than you want to use for `confINPUT_MAIL_FILTERS'.
2274
2275Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
2276commands will clear the list created by the prior INPUT_MAIL_FILTER()
2277commands.
2278#endif /* _FFR_MILTER */
2279
2280
2281+-------------------------------+
2282| NON-SMTP BASED CONFIGURATIONS |
2283+-------------------------------+
2284
2285These configuration files are designed primarily for use by
2286SMTP-based sites. They may not be well tuned for UUCP-only or
2287UUCP-primarily nodes (the latter is defined as a small local net
2288connected to the rest of the world via UUCP). However, there is
2289one hook to handle some special cases.
2290
2291You can define a ``smart host'' that understands a richer address syntax
2292using:
2293
2294 define(`SMART_HOST', `mailer:hostname')
2295
2296In this case, the ``mailer:'' defaults to "relay". Any messages that
2297can't be handled using the usual UUCP rules are passed to this host.
2298
2299If you are on a local SMTP-based net that connects to the outside
2300world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
2301For example:
2302
2303 define(`SMART_HOST', `uucp-new:uunet')
2304 LOCAL_NET_CONFIG
2305 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
2306
2307This will cause all names that end in your domain name ($m) via
2308SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
2309If you have FEATURE(`nocanonify'), you may need to omit the dots after
2310the $m. If you are running a local DNS inside your domain which is
2311not otherwise connected to the outside world, you probably want to
2312use:
2313
2314 define(`SMART_HOST', `smtp:fire.wall.com')
2315 LOCAL_NET_CONFIG
2316 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3
2317
2318That is, send directly only to things you found in your DNS lookup;
2319anything else goes through SMART_HOST.
2320
2321You may need to turn off the anti-spam rules in order to accept
2322UUCP mail with FEATURE(`promiscuous_relay') and
2323FEATURE(`accept_unresolvable_domains').
2324
2325
2326+-----------+
2327| WHO AM I? |
2328+-----------+
2329
2330Normally, the $j macro is automatically defined to be your fully
2331qualified domain name (FQDN). Sendmail does this by getting your
2332host name using gethostname and then calling gethostbyname on the
2333result. For example, in some environments gethostname returns
2334only the root of the host name (such as "foo"); gethostbyname is
2335supposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
2336cases, gethostbyname may fail to return the FQDN. In this case
2337you MUST define confDOMAIN_NAME to be your fully qualified domain
2338name. This is usually done using:
2339
2340 Dmbar.com
2341 define(`confDOMAIN_NAME', `$w.$m')dnl
2342
2343
2344+-----------------------------------+
2345| ACCEPTING MAIL FOR MULTIPLE NAMES |
2346+-----------------------------------+
2347
2348If your host is known by several different names, you need to augment
2349class {w}. This is a list of names by which your host is known, and
2350anything sent to an address using a host name in this list will be
2351treated as local mail. You can do this in two ways: either create the
2352file /etc/mail/local-host-names containing a list of your aliases (one per
2353line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
2354``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
2355name of the host, rather than a short name.
2356
2357If you want to have different address in different domains, take
2358a look at the virtusertable feature, which is also explained at
2359http://www.sendmail.org/virtual-hosting.html
2360
2361
2362+--------------------+
2363| USING MAILERTABLES |
2364+--------------------+
2365
2366To use FEATURE(`mailertable'), you will have to create an external
2367database containing the routing information for various domains.
2368For example, a mailertable file in text format might be:
2369
2370 .my.domain xnet:%1.my.domain
2371 uuhost1.my.domain uucp-new:uuhost1
2372 .bitnet smtp:relay.bit.net
2373
2374This should normally be stored in /etc/mail/mailertable. The actual
2375database version of the mailertable is built using:
2376
2377 makemap hash /etc/mail/mailertable < /etc/mail/mailertable
2378
2379The semantics are simple. Any LHS entry that does not begin with
2380a dot matches the full host name indicated. LHS entries beginning
2381with a dot match anything ending with that domain name (including
2382the leading dot) -- that is, they can be thought of as having a
2383leading ".+" regular expression pattern for a non-empty sequence of
2384characters. Matching is done in order of most-to-least qualified
2385-- for example, even though ".my.domain" is listed first in the
2386above example, an entry of "uuhost1.my.domain" will match the second
2387entry since it is more explicit. Note: e-mail to "user@my.domain"
2388does not match any entry in the above table. You need to have
2389something like:
2390
2391 my.domain esmtp:host.my.domain
2392
2393The RHS should always be a "mailer:host" pair. The mailer is the
2394configuration name of a mailer (that is, an {M} line in the
2395sendmail.cf file). The "host" will be the hostname passed to
2396that mailer. In domain-based matches (that is, those with leading
2397dots) the "%1" may be used to interpolate the wildcarded part of
2398the host name. For example, the first line above sends everything
2399addressed to "anything.my.domain" to that same host name, but using
2400the (presumably experimental) xnet mailer.
2401
2402In some cases you may want to temporarily turn off MX records,
2403particularly on gateways. For example, you may want to MX
2404everything in a domain to one machine that then forwards it
2405directly. To do this, you might use the DNS configuration:
2406
2407 *.domain. IN MX 0 relay.machine
2408
2409and on relay.machine use the mailertable:
2410
2411 .domain smtp:[gateway.domain]
2412
2413The [square brackets] turn off MX records for this host only.
2414If you didn't do this, the mailertable would use the MX record
2415again, which would give you an MX loop.
2416
2417
2418+--------------------------------+
2419| USING USERDB TO MAP FULL NAMES |
2420+--------------------------------+
2421
2422The user database was not originally intended for mapping full names
2423to login names (e.g., Eric.Allman => eric), but some people are using
2424it that way. (it is recommended that you set up aliases for this
2425purpose instead -- since you can specify multiple alias files, this
2426is fairly easy.) The intent was to locate the default maildrop at
2427a site, but allow you to override this by sending to a specific host.
2428
2429If you decide to set up the user database in this fashion, it is
2430imperative that you not use FEATURE(`stickyhost') -- otherwise,
2431e-mail sent to Full.Name@local.host.name will be rejected.
2432
2433To build the internal form of the user database, use:
2434
2435 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
2436
2437As a general rule, it is an extremely bad idea to using full names
2438as e-mail addresses, since they are not in any sense unique. For
2439example, the UNIX software-development community has at least two
2440well-known Peter Deutsches, and at one time Bell Labs had two
2441Stephen R. Bournes with offices along the same hallway. Which one
2442will be forced to suffer the indignity of being Stephen_R_Bourne_2?
2443The less famous of the two, or the one that was hired later?
2444
2445Finger should handle full names (and be fuzzy). Mail should use
2446handles, and not be fuzzy.
2447
2448
2449+--------------------------------+
2450| MISCELLANEOUS SPECIAL FEATURES |
2451+--------------------------------+
2452
2453Plussed users
2454 Sometimes it is convenient to merge configuration on a
2455 centralized mail machine, for example, to forward all
2456 root mail to a mail server. In this case it might be
2457 useful to be able to treat the root addresses as a class
2458 of addresses with subtle differences. You can do this
2459 using plussed users. For example, a client might include
2460 the alias:
2461
2462 root: root+client1@server
2463
2464 On the server, this will match an alias for "root+client1".
2465 If that is not found, the alias "root+*" will be tried,
2466 then "root".
2467
2468
2469+----------------+
2470| SECURITY NOTES |
2471+----------------+
2472
2473A lot of sendmail security comes down to you. Sendmail 8 is much
2474more careful about checking for security problems than previous
2475versions, but there are some things that you still need to watch
2476for. In particular:
2477
2478* Make sure the aliases file isn't writable except by trusted
2479 system personnel. This includes both the text and database
2480 version.
2481
2482* Make sure that other files that sendmail reads, such as the
2483 mailertable, are only writable by trusted system personnel.
2484
2485* The queue directory should not be world writable PARTICULARLY
2486 if your system allows "file giveaways" (that is, if a non-root
2487 user can chown any file they own to any other user).
2488
2489* If your system allows file giveaways, DO NOT create a publically
2490 writable directory for forward files. This will allow anyone
2491 to steal anyone else's e-mail. Instead, create a script that
2492 copies the .forward file from users' home directories once a
2493 night (if you want the non-NFS-mounted forward directory).
2494
2495* If your system allows file giveaways, you'll find that
2496 sendmail is much less trusting of :include: files -- in
2497 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
2498 /etc/shells before they will be trusted (that is, before
2499 files and programs listed in them will be honored).
2500
2501In general, file giveaways are a mistake -- if you can turn them
2502off, do so.
2503
2504
2505+--------------------------------+
2506| TWEAKING CONFIGURATION OPTIONS |
2507+--------------------------------+
2508
2509There are a large number of configuration options that don't normally
2510need to be changed. However, if you feel you need to tweak them, you
2511can define the following M4 variables. This list is shown in four
2512columns: the name you define, the default value for that definition,
2513the option or macro that is affected (either Ox for an option or Dx
2514for a macro), and a brief description. Greater detail of the semantics
2515can be found in the Installation and Operations Guide.
2516
2517Some options are likely to be deprecated in future versions -- that is,
2518the option is only included to provide back-compatibility. These are
2519marked with "*".
2520
2521Remember that these options are M4 variables, and hence may need to
2522be quoted. In particular, arguments with commas will usually have to
2523be ``double quoted, like this phrase'' to avoid having the comma
2524confuse things. This is common for alias file definitions and for
2525the read timeout.
2526
2527M4 Variable Name Configuration Description & [Default]
2528================ ============= =======================
2529confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
2530 for internally generated outgoing
2531 messages.
2532confDOMAIN_NAME $j macro If defined, sets $j. This should
2533 only be done if your system cannot
2534 determine your local domain name,
2535 and then it should be set to
2536 $w.Foo.COM, where Foo.COM is your
2537 domain name.
2538confCF_VERSION $Z macro If defined, this is appended to the
2539 configuration version name.
2540confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
2541 internally generated From: address.
2542confRECEIVED_HEADER Received:
2543 [$?sfrom $s $.$?_($?s$|from $.$_)
2544 $.$?{auth_type}(authenticated)
2545 $.by $j ($v/$Z)$?r with $r$. id $i$?u
2546 for $u; $|;
2547 $.$b]
2548 The format of the Received: header
2549 in messages passed through this host.
2550 It is unwise to try to change this.
2551confCW_FILE Fw class [/etc/mail/local-host-names] Name
2552 of file used to get the local
2553 additions to class {w} (local host
2554 names).
2555confCT_FILE Ft class [/etc/mail/trusted-users] Name of
2556 file used to get the local additions
2557 to class {t} (trusted users).
2558confCR_FILE FR class [/etc/mail/relay-domains] Name of
2559 file used to get the local additions
2560 to class {R} (hosts allowed to relay).
2561confTRUSTED_USERS Ct class [no default] Names of users to add to
2562 the list of trusted users. This list
2563 always includes root, uucp, and daemon.
2564 See also FEATURE(`use_ct_file').
2565confTRUSTED_USER TrustedUser [no default] Trusted user for file
2566 ownership and starting the daemon.
2567 Not to be confused with
2568 confTRUSTED_USERS (see above).
2569confSMTP_MAILER - [esmtp] The mailer name used when
2570 SMTP connectivity is required.
2571 One of "smtp", "smtp8",
2572 "esmtp", or "dsmtp".
2573confUUCP_MAILER - [uucp-old] The mailer to be used by
2574 default for bang-format recipient
2575 addresses. See also discussion of
2576 class {U}, class {Y}, and class {Z}
2577 in the MAILER(`uucp') section.
2578confLOCAL_MAILER - [local] The mailer name used when
2579 local connectivity is required.
2580 Almost always "local".
2581confRELAY_MAILER - [relay] The default mailer name used
2582 for relaying any mail (e.g., to a
2583 BITNET_RELAY, a SMART_HOST, or
2584 whatever). This can reasonably be
2585 "uucp-new" if you are on a
2586 UUCP-connected site.
2587confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits?
2588confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
2589confALIAS_WAIT AliasWait [10m] Time to wait for alias file
2590 rebuild until you get bored and
2591 decide that the apparently pending
2592 rebuild failed.
2593confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on
2594 queue filesystem to accept SMTP mail.
2595 (Prior to 8.7 this was minfree/maxsize,
2596 where minfree was the number of free
2597 blocks and maxsize was the maximum
2598 message size. Use confMAX_MESSAGE_SIZE
2599 for the second value now.)
2600confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages
2601 that will be accepted (in bytes).
2602confBLANK_SUB BlankSub [.] Blank (space) substitution
2603 character.
2604confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately
2605 to mailers marked expensive.
2606confCHECKPOINT_INTERVAL CheckpointInterval
2607 [10] Checkpoint queue files every N
2608 recipients.
2609confDELIVERY_MODE DeliveryMode [background] Default delivery mode.
2610confAUTO_REBUILD AutoRebuildAliases
2611 [False] Automatically rebuild alias
2612 file if needed.
2613 There is a potential for a denial
2614 of service attack if this is set.
2615 This option is deprecated and will
2616 be removed from a future version.
2617confERROR_MODE ErrorMode [print] Error message mode.
2618confERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
2619confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines.
2620confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode.
2621confMATCH_GECOS MatchGECOS [False] Match GECOS field.
2622confMAX_HOP MaxHopCount [25] Maximum hop count.
2623confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
2624 mode] Ignore dot as terminator for
2625 incoming messages?
2626confBIND_OPTS ResolverOptions [undefined] Default options for DNS
2627 resolver.
2628confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
2629 encapsulated messages per RFC 1344.
2630confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward]
2631 The colon-separated list of places to
2632 search for .forward files. N.B.: see
2633 the Security Notes section.
2634confMCI_CACHE_SIZE ConnectionCacheSize
2635 [2] Size of open connection cache.
2636confMCI_CACHE_TIMEOUT ConnectionCacheTimeout
2637 [5m] Open connection cache timeout.
2638confHOST_STATUS_DIRECTORY HostStatusDirectory
2639 [undefined] If set, host status is kept
2640 on disk between sendmail runs in the
2641 named directory tree. This need not be
2642 a full pathname, in which case it is
2643 interpreted relative to the queue
2644 directory.
2645confSINGLE_THREAD_DELIVERY SingleThreadDelivery
2646 [False] If this option and the
2647 HostStatusDirectory option are both
2648 set, single thread deliveries to other
2649 hosts. That is, don't allow any two
2650 sendmails on this host to connect
2651 simultaneously to any other single
2652 host. This can slow down delivery in
2653 some cases, in particular since a
2654 cached but otherwise idle connection
2655 to a host will prevent other sendmails
2656 from connecting to the other host.
2657confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
2658 deliver error messages. This should
2659 not be necessary because of general
2660 acceptance of the envelope/header
2661 distinction.
2662confLOG_LEVEL LogLevel [9] Log level.
2663confME_TOO MeToo [True] Include sender in group
2664 expansions. This option is
2665 deprecated and will be removed from
2666 a future version.
2667confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when
2668 running newaliases. Since this does
2669 DNS lookups on every address, it can
2670 slow down the alias rebuild process
2671 considerably on large alias files.
2672confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without
2673 special chars are old style.
2674confCLIENT_OPTIONS ClientPortOptions
2675 [none] Options for outgoing SMTP client
2676 connections.
2677confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags.
2678confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
2679 copies of all error messages.
2680confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
2681confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
2682 syntax addresses to the minimum
2683 possible.
2684confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk
2685 before forking.
2686confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
2687 on the initial connect.
2688confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial
2689 connect() to complete. This can only
2690 shorten connection timeouts; the kernel
2691 silently enforces an absolute maximum
2692 (which varies depending on the system).
2693confTO_ICONNECT Timeout.iconnect
2694 [undefined] Like Timeout.connect, but
2695 applies only to the very first attempt
2696 to connect to a host in a message.
2697 This allows a single very fast pass
2698 followed by more careful delivery
2699 attempts in the future.
2700confTO_HELO Timeout.helo [5m] The timeout waiting for a response
2701 to a HELO or EHLO command.
2702confTO_MAIL Timeout.mail [10m] The timeout waiting for a
2703 response to the MAIL command.
2704confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response
2705 to the RCPT command.
2706confTO_DATAINIT Timeout.datainit
2707 [5m] The timeout waiting for a 354
2708 response from the DATA command.
2709confTO_DATABLOCK Timeout.datablock
2710 [1h] The timeout waiting for a block
2711 during DATA phase.
2712confTO_DATAFINAL Timeout.datafinal
2713 [1h] The timeout waiting for a response
2714 to the final "." that terminates a
2715 message.
2716confTO_RSET Timeout.rset [5m] The timeout waiting for a response
2717 to the RSET command.
2718confTO_QUIT Timeout.quit [2m] The timeout waiting for a response
2719 to the QUIT command.
2720confTO_MISC Timeout.misc [2m] The timeout waiting for a response
2721 to other SMTP commands.
2722confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout
2723 waiting for a command to be issued.
2724confTO_IDENT Timeout.ident [5s] The timeout waiting for a
2725 response to an IDENT query.
2726confTO_FILEOPEN Timeout.fileopen
2727 [60s] The timeout waiting for a file
2728 (e.g., :include: file) to be opened.
2729confTO_CONTROL Timeout.control
2730 [2m] The timeout for a complete
2731 control socket transaction to complete.
2732confTO_QUEUERETURN Timeout.queuereturn
2733 [5d] The timeout before a message is
2734 returned as undeliverable.
2735confTO_QUEUERETURN_NORMAL
2736 Timeout.queuereturn.normal
2737 [undefined] As above, for normal
2738 priority messages.
2739confTO_QUEUERETURN_URGENT
2740 Timeout.queuereturn.urgent
2741 [undefined] As above, for urgent
2742 priority messages.
2743confTO_QUEUERETURN_NONURGENT
2744 Timeout.queuereturn.non-urgent
2745 [undefined] As above, for non-urgent
2746 (low) priority messages.
2747confTO_QUEUEWARN Timeout.queuewarn
2748 [4h] The timeout before a warning
2749 message is sent to the sender telling
2750 them that the message has been
2751 deferred.
2752confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal
2753 [undefined] As above, for normal
2754 priority messages.
2755confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent
2756 [undefined] As above, for urgent
2757 priority messages.
2758confTO_QUEUEWARN_NONURGENT
2759 Timeout.queuewarn.non-urgent
2760 [undefined] As above, for non-urgent
2761 (low) priority messages.
2762confTO_HOSTSTATUS Timeout.hoststatus
2763 [30m] How long information about host
2764 statuses will be maintained before it
2765 is considered stale and the host should
2766 be retried. This applies both within
2767 a single queue run and to persistent
2768 information (see below).
2769confTO_RESOLVER_RETRANS Timeout.resolver.retrans
2770 [varies] Sets the resolver's
2771 retransmition time interval (in
2772 seconds). Sets both
2773 Timeout.resolver.retrans.first and
2774 Timeout.resolver.retrans.normal.
2775confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
2776 [varies] Sets the resolver's
2777 retransmition time interval (in
2778 seconds) for the first attempt to
2779 deliver a message.
2780confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
2781 [varies] Sets the resolver's
2782 retransmition time interval (in
2783 seconds) for all resolver lookups
2784 except the first delivery attempt.
2785confTO_RESOLVER_RETRY Timeout.resolver.retry
2786 [varies] Sets the number of times
2787 to retransmit a resolver query.
2788 Sets both
2789 Timeout.resolver.retry.first and
2790 Timeout.resolver.retry.normal.
2791confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
2792 [varies] Sets the number of times
2793 to retransmit a resolver query for
2794 the first attempt to deliver a
2795 message.
2796confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
2797 [varies] Sets the number of times
2798 to retransmit a resolver query for
2799 all resolver lookups except the
2800 first delivery attempt.
2801confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
2802 USE_SYSTEM to use the system's idea,
2803 USE_TZ to use the user's TZ envariable,
2804 or something else to force that value.
2805confDEF_USER_ID DefaultUser [1:1] Default user id.
2806confUSERDB_SPEC UserDatabaseSpec
2807 [undefined] User database
2808 specification.
2809confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
2810confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
2811 for a host and other arrangements
2812 haven't been made, try connecting
2813 to the host directly; normally this
2814 would be a config error.
2815confQUEUE_LA QueueLA [varies] Load average at which
2816 queue-only function kicks in.
2817 Default values is (8 * numproc)
2818 where numproc is the number of
2819 processors online (if that can be
2820 determined).
2821confREFUSE_LA RefuseLA [varies] Load average at which
2822 incoming SMTP connections are
2823 refused. Default values is (12 *
2824 numproc) where numproc is the
2825 number of processors online (if
2826 that can be determined).
2827confMAX_ALIAS_RECURSION MaxAliasRecursion
2828 [10] Maximum depth of alias recursion.
2829confMAX_DAEMON_CHILDREN MaxDaemonChildren
2830 [undefined] The maximum number of
2831 children the daemon will permit. After
2832 this number, connections will be
2833 rejected. If not set or <= 0, there is
2834 no limit.
2835confMAX_HEADERS_LENGTH MaxHeadersLength
2836 [32768] Maximum length of the sum
2837 of all headers.
2838confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
2839 [undefined] Maximum length of
2840 certain MIME header field values.
2841confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
2842 [undefined] The maximum number of
2843 connections permitted per second.
2844 After this many connections are
2845 accepted, further connections will be
2846 delayed. If not set or <= 0, there is
2847 no limit.
2848confWORK_RECIPIENT_FACTOR
2849 RecipientFactor [30000] Cost of each recipient.
2850confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a
2851 separate process.
2852confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class.
2853confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
2854confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
2855 Priority, Host, Filename, or Time.
2856confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
2857 must sit in the queue between queue
2858 runs. This allows you to set the
2859 queue run interval low for better
2860 responsiveness without trying all
2861 jobs in each run.
2862confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
2863 unlabeled 8 bit input to MIME, the
2864 character set to use by default.
2865confSERVICE_SWITCH_FILE ServiceSwitchFile
2866 [/etc/mail/service.switch] The file
2867 to use for the service switch on
2868 systems that do not have a
2869 system-defined switch.
2870confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing
2871 "file" type access of hosts names.
2872confDIAL_DELAY DialDelay [0s] If a connection fails, wait this
2873 long and try again. Zero means "don't
2874 retry". This is to allow "dial on
2875 demand" connections to have enough time
2876 to complete a connection.
2877confNO_RCPT_ACTION NoRecipientAction
2878 [none] What to do if there are no legal
2879 recipient fields (To:, Cc: or Bcc:)
2880 in the message. Legal values can
2881 be "none" to just leave the
2882 nonconforming message as is, "add-to"
2883 to add a To: header with all the
2884 known recipients (which may expose
2885 blind recipients), "add-apparently-to"
2886 to do the same but use Apparently-To:
2887 instead of To:, "add-bcc" to add an
2888 empty Bcc: header, or
2889 "add-to-undisclosed" to add the header
2890 ``To: undisclosed-recipients:;''.
2891confSAFE_FILE_ENV SafeFileEnvironment
2892 [undefined] If set, sendmail will do a
2893 chroot() into this directory before
2894 writing files.
2895confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6]
2896 If set, colons are treated as a regular
2897 character in addresses. If not set,
2898 they are treated as the introducer to
2899 the RFC 822 "group" syntax. Colons are
2900 handled properly in route-addrs. This
2901 option defaults on for V5 and lower
2902 configuration files.
2903confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
2904 any given queue run to this number of
2905 entries. Essentially, this will stop
2906 reading each queue directory after this
2907 number of entries are reached; it does
2908 _not_ pick the highest priority jobs,
2909 so this should be as large as your
2910 system can tolerate. If not set, there
2911 is no limit.
2912confDONT_EXPAND_CNAMES DontExpandCnames
2913 [False] If set, $[ ... $] lookups that
2914 do DNS based lookups do not expand
2915 CNAME records. This currently violates
2916 the published standards, but the IETF
2917 seems to be moving toward legalizing
2918 this. For example, if "FTP.Foo.ORG"
2919 is a CNAME for "Cruft.Foo.ORG", then
2920 with this option set a lookup of
2921 "FTP" will return "FTP.Foo.ORG"; if
2922 clear it returns "Cruft.FOO.ORG". N.B.
2923 you may not see any effect until your
2924 downstream neighbors stop doing CNAME
2925 lookups as well.
2926confFROM_LINE UnixFromLine [From $g $d] The From_ line used
2927 when sending to files or programs.
2928confSINGLE_LINE_FROM_HEADER SingleLineFromHeader
2929 [False] From: lines that have
2930 embedded newlines are unwrapped
2931 onto one line.
2932confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that
2933 does not include a host name.
2934confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full
2935 name phrase (@,;:\()[] are automatic).
2936confOPERATORS OperatorChars [.:%@!^/[]+] Address operator
2937 characters.
2938confSMTP_LOGIN_MSG SmtpGreetingMessage
2939 [$j Sendmail $v/$Z; $b]
2940 The initial (spontaneous) SMTP
2941 greeting message. The word "ESMTP"
2942 will be inserted between the first and
2943 second words to convince other
2944 sendmails to try to speak ESMTP.
2945confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3)
2946 routine will never be invoked. You
2947 might want to do this if you are
2948 running NIS and you have a large group
2949 map, since this call does a sequential
2950 scan of the map; in a large site this
2951 can cause your ypserv to run
2952 essentially full time. If you set
2953 this, agents run on behalf of users
2954 will only have their primary
2955 (/etc/passwd) group permissions.
2956confUNSAFE_GROUP_WRITES UnsafeGroupWrites
2957 [False] If set, group-writable
2958 :include: and .forward files are
2959 considered "unsafe", that is, programs
2960 and files cannot be directly referenced
2961 from such files. World-writable files
2962 are always considered unsafe.
2963confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection
2964 address (for testing).
2965confCONTROL_SOCKET_NAME ControlSocketName
2966 [undefined] Control socket for daemon
2967 management.
2968confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress
2969 [postmaster] If an error occurs when
2970 sending an error message, send that
2971 "double bounce" error message to this
2972 address.
2973confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce
2974 messages which could not be returned
2975 to the user or sent to postmaster.
2976 If not set, the queue file will
2977 be renamed.
2978confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header
2979 implies DSN request.
2980confRUN_AS_USER RunAsUser [undefined] If set, become this user
2981 when reading and delivering mail.
2982 Causes all file reads (e.g., .forward
2983 and :include: files) to be done as
2984 this user. Also, all programs will
2985 be run as this user, and all output
2986 files will be written as this user.
2987 Intended for use only on firewalls
2988 where users do not have accounts.
2989confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
2990 [infinite] If set, allow no more than
2991 the specified number of recipients in
2992 an SMTP envelope. Further recipients
2993 receive a 452 error code (i.e., they
2994 are deferred for the next delivery
2995 attempt).
2996confDONT_PROBE_INTERFACES DontProbeInterfaces
2997 [False] If set, sendmail will _not_
2998 insert the names and addresses of any
2999 local interfaces into class {w}
3000 (list of known "equivalent" addresses).
3001 If you set this, you must also include
3002 some support for these addresses (e.g.,
3003 in a mailertable entry) -- otherwise,
3004 mail to addresses in this list will
3005 bounce with a configuration error.
3006confPID_FILE PidFile [system dependent] Location of pid
3007 file.
3008confPROCESS_TITLE_PREFIX ProcessTitlePrefix
3009 [undefined] Prefix string for the
3010 process title shown on 'ps' listings.
3011confDONT_BLAME_SENDMAIL DontBlameSendmail
3012 [safe] Override sendmail's file
3013 safety checks. This will definitely
3014 compromise system security and should
3015 not be used unless absolutely
3016 necessary.
3017confREJECT_MSG - [550 Access denied] The message
3018 given if the access database contains
3019 REJECT in the value portion.
3020confDF_BUFFER_SIZE DataFileBufferSize
3021 [4096] The maximum size of a
3022 memory-buffered data (df) file
3023 before a disk-based file is used.
3024confXF_BUFFER_SIZE XScriptFileBufferSize
3025 [4096] The maximum size of a
3026 memory-buffered transcript (xf)
3027 file before a disk-based file is
3028 used.
3029confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5
3030 CRAM-MD5] List of authentication
3031 mechanisms for AUTH (separated by
3032 spaces). The advertised list of
3033 authentication mechanisms will be the
3034 intersection of this list and the list
3035 of available mechanisms as determined
3036 by the CYRUS SASL library.
3037confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
3038 authentication information for
3039 outgoing connections. This file
3040 must contain the user id, the
3041 authorization id, the password
3042 (plain text), and the realm to use,
3043 each on a separate line and must be
3044 readable by root (or the trusted
3045 user) only. If no realm is
3046 specified, $j is used.
3047
3048 NOTE: Currently, AuthMechanisms is
3049 used to determine the list of
3050 mechanisms to use on an outgoing
3051 connection. Sites which require a
3052 different list of mechanisms for
3053 incoming connections and outgoing
3054 connections will have the ability
3055 to do this in 8.11 by specifying a
3056 list of mechanisms as the fifth
3057 line of the DefaultAuthInfo file.
3058 If no mechanisms are given in the
3059 file, AuthMechanisms is used. The
3060 code for doing so is included as
3061 in the sendmail source code but
3062 disabled. It can be enabled by
3063 recompiling sendmail with:
3064 -D_FFR_DEFAUTHINFO_MECHS
3065confAUTH_OPTIONS AuthOptions [undefined] If this options is 'A'
3066 then the AUTH= parameter for the
3067 MAIL FROM command is only issued
3068 when authentication succeeded.
3069confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
3070 specification for LDAP maps. The
3071 value should only contain LDAP
3072 specific settings such as "-h host
3073 -p port -d bindDN", etc. The
3074 settings will be used for all LDAP
3075 maps unless they are specified in
3076 the individual map specification
3077 ('K' command).
3078confCACERT_PATH CACERTPath [undefined] Path to directory
3079 with certs of CAs.
3080confCACERT CACERTFile [undefined] File containing one CA
3081 cert.
3082confSERVER_CERT ServerCertFile [undefined] File containing the
3083 cert of the server, i.e., this cert
3084 is used when sendmail acts as
3085 server.
3086confSERVER_KEY ServerKeyFile [undefined] File containing the
3087 private key belonging to the server
3088 cert.
3089confCLIENT_CERT ClientCertFile [undefined] File containing the
3090 cert of the client, i.e., this cert
3091 is used when sendmail acts as
3092 client.
3093confCLIENT_KEY ClientKeyFile [undefined] File containing the
3094 private key belonging to the client
3095 cert.
3096confDH_PARAMETERS DHParameters [undefined] File containing the
3097 DH parameters.
3098confRAND_FILE RandFile [undefined] File containing random
3099 data (use prefix file:) or the
3100 name of the UNIX socket if EGD is
3101 used (use prefix egd:). STARTTLS
3102 requires this option if the compile
3103 flag HASURANDOM is not set (see
3104 sendmail/README).
3105
3106See also the description of OSTYPE for some parameters that can be
3107tweaked (generally pathnames to mailers).
3108
3109DaemonPortOptions are a special case since multiple daemons can be
3110defined. This can be done via
3111
3112 DAEMON_OPTIONS(`field1=value1,field2=value2,...')
3113
3114If DAEMON_OPTIONS is not used, then the default is
3115
3116 DAEMON_OPTIONS(`Port=smtp, Name=MTA')
3117 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
3118
3119If you use one DAEMON_OPTIONS macro, it will alter the parameters
3120of the first of these. The second will still be defaulted; it
3121represents a "Message Submission Agent" (MSA) as defined by RFC
31222476 (see below). To turn off the default definition for the MSA,
3123use FEATURE(`no_default_msa') (see also FEATURES). If you use
3124additional DAEMON_OPTIONS macros, they will add additional daemons.
3125
3126Example 1: To change the port for the SMTP listener, while
3127still using the MSA default, use
3128 DAEMON_OPTIONS(`Port=925, Name=MTA')
3129
3130Example 2: To change the port for the MSA daemon, while still
3131using the default SMTP port, use
3132 FEATURE(`no_default_msa')
3133 DAEMON_OPTIONS(`Name=MTA')
3134 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
3135
3136Note that if the first of those DAEMON_OPTIONS lines were omitted, then
3137there would be no listener on the standard SMTP port.
3138
3139Example 3: To listen on both IPv4 and IPv6 interfaces, use
3140
3141 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
3142 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
3143
3144A "Message Submission Agent" still uses all of the same rulesets for
3145processing the message (and therefore still allows message rejection via
3146the check_* rulesets). In accordance with the RFC, the MSA will ensure
3147that all domains in the envelope are fully qualified if the message is
3148relayed to another MTA. It will also enforce the normal address syntax
3149rules and log error messages. Additionally, by using the M=a modifier
3150you can require authentication before messages are accepted by the MSA.
3151Notice: Do NOT use the 'a' modifier on a public accessible MTA!
3152Finally, the M=E modifier shown above disables ETRN as required by RFC
31532476.
3154
3155
3156+-----------+
3157| HIERARCHY |
3158+-----------+
3159
3160Within this directory are several subdirectories, to wit:
3161
3162m4 General support routines. These are typically
3163 very important and should not be changed without
3164 very careful consideration.
3165
3166cf The configuration files themselves. They have
3167 ".mc" suffixes, and must be run through m4 to
3168 become complete. The resulting output should
3169 have a ".cf" suffix.
3170
3171ostype Definitions describing a particular operating
3172 system type. These should always be referenced
3173 using the OSTYPE macro in the .mc file. Examples
3174 include "bsd4.3", "bsd4.4", "sunos3.5", and
3175 "sunos4.1".
3176
3177domain Definitions describing a particular domain, referenced
3178 using the DOMAIN macro in the .mc file. These are
3179 site dependent; for example, "CS.Berkeley.EDU.m4"
3180 describes hosts in the CS.Berkeley.EDU subdomain.
3181
3182mailer Descriptions of mailers. These are referenced using
3183 the MAILER macro in the .mc file.
3184
3185sh Shell files used when building the .cf file from the
3186 .mc file in the cf subdirectory.
3187
3188feature These hold special orthogonal features that you might
3189 want to include. They should be referenced using
3190 the FEATURE macro.
3191
3192hack Local hacks. These can be referenced using the HACK
3193 macro. They shouldn't be of more than voyeuristic
3194 interest outside the .Berkeley.EDU domain, but who knows?
3195
3196siteconfig Site configuration -- e.g., tables of locally connected
3197 UUCP sites.
3198
3199
3200+------------------------+
3201| ADMINISTRATIVE DETAILS |
3202+------------------------+
3203
3204The following sections detail usage of certain internal parts of the
3205sendmail.cf file. Read them carefully if you are trying to modify
3206the current model. If you find the above descriptions adequate, these
3207should be {boring, confusing, tedious, ridiculous} (pick one or more).
3208
3209RULESETS (* means built in to sendmail)
3210
3211 0 * Parsing
3212 1 * Sender rewriting
3213 2 * Recipient rewriting
3214 3 * Canonicalization
3215 4 * Post cleanup
3216 5 * Local address rewrite (after aliasing)
3217 1x mailer rules (sender qualification)
3218 2x mailer rules (recipient qualification)
3219 3x mailer rules (sender header qualification)
3220 4x mailer rules (recipient header qualification)
3221 5x mailer subroutines (general)
3222 6x mailer subroutines (general)
3223 7x mailer subroutines (general)
3224 8x reserved
3225 90 Mailertable host stripping
3226 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
3227 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
3228 98 Local part of ruleset 0 (ruleset 8 in old sendmail)
3229 99 Guaranteed null (for debugging)
3230
3231
3232MAILERS
3233
3234 0 local, prog local and program mailers
3235 1 [e]smtp, relay SMTP channel
3236 2 uucp-* UNIX-to-UNIX Copy Program
3237 3 netnews Network News delivery
3238 4 fax Sam Leffler's HylaFAX software
3239 5 mail11 DECnet mailer
3240
3241
3242MACROS
3243
3244 A
3245 B Bitnet Relay
3246 C DECnet Relay
3247 D The local domain -- usually not needed
3248 E reserved for X.400 Relay
3249 F FAX Relay
3250 G
3251 H mail Hub (for mail clusters)
3252 I
3253 J
3254 K
3255 L Luser Relay
3256 M Masquerade (who you claim to be)
3257 N
3258 O
3259 P
3260 Q
3261 R Relay (for unqualified names)
3262 S Smart Host
3263 T
3264 U my UUCP name (if you have a UUCP connection)
3265 V UUCP Relay (class {V} hosts)
3266 W UUCP Relay (class {W} hosts)
3267 X UUCP Relay (class {X} hosts)
3268 Y UUCP Relay (all other hosts)
3269 Z Version number
3270
3271
3272CLASSES
3273
3274 A
3275 B domains that are candidates for bestmx lookup
3276 C
3277 D
3278 E addresses that should not seem to come from $M
3279 F hosts this system forward for
3280 G domains that should be looked up in genericstable
3281 H
3282 I
3283 J
3284 K
3285 L addresses that should not be forwarded to $R
3286 M domains that should be mapped to $M
3287 N host/domains that should not be mapped to $M
3288 O operators that indicate network operations (cannot be in local names)
3289 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
3290 Q
3291 R domains this system is willing to relay (pass anti-spam filters)
3292 S
3293 T
3294 U locally connected UUCP hosts
3295 V UUCP hosts connected to relay $V
3296 W UUCP hosts connected to relay $W
3297 X UUCP hosts connected to relay $X
3298 Y locally connected smart UUCP hosts
3299 Z locally connected domain-ized UUCP hosts
3300 . the class containing only a dot
3301 [ the class containing only a left bracket
3302
3303
3304M4 DIVERSIONS
3305
3306 1 Local host detection and resolution
3307 2 Local Ruleset 3 additions
3308 3 Local Ruleset 0 additions
3309 4 UUCP Ruleset 0 additions
3310 5 locally interpreted names (overrides $R)
3311 6 local configuration (at top of file)
3312 7 mailer definitions
3313 8 DNS based blacklists
3314 9 special local rulesets (1 and 2)
3315
| 2152connection. e-mail received from hosts within the laptop.example.com domain
2153should only be accepted if they have been authenticated.
2154TLS_Srv:secure.example.com ENCR:112
2155TLS_Clt:laptop.example.com PERM+VERIFY:112
2156
2157Notice: requiring that e-mail is sent to a server only encrypted,
2158e.g., via
2159
2160TLS_Srv:secure.domain ENCR:112
2161
2162doesn't necessarily mean that e-mail sent to that domain is encrypted.
2163If the domain has multiple MX servers, e.g.,
2164
2165secure.domain. IN MX 10 mail.secure.domain.
2166secure.domain. IN MX 50 mail.other.domain.
2167
2168then mail to user@secure.domain may go unencrypted to mail.other.domain.
2169
2170
2171Received: Header
2172
2173The Received: header reveals whether STARTTLS has been used. It contains an
2174extra line:
2175
2176(using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify})
2177
2178+---------------------+
2179| SMTP AUTHENTICATION |
2180+---------------------+
2181
2182The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
2183used in anti-relay rulesets to allow relaying for those users that
2184authenticated themselves. A very simple example is:
2185
2186SLocal_check_rcpt
2187R$* $: $&{auth_type}
2188R$+ $# OK
2189
2190which checks whether a user has successfully authenticated using
2191any available mechanism. Depending on the setup of the CYRUS SASL
2192library, more sophisticated rulesets might be required, e.g.,
2193
2194SLocal_check_rcpt
2195R$* $: $&{auth_type} $| $&{auth_authen}
2196RDIGEST-MD5 $| $+@$=w $# OK
2197
2198to allow relaying for users that authenticated using DIGEST-MD5
2199and have an identity in the local domains.
2200
2201The ruleset Strust_auth is used to determine whether a given AUTH=
2202parameter (that is passed to this ruleset) should be trusted. This
2203ruleset may make use of the other ${auth_*} macros. Only if the
2204ruleset resolves to the error mailer, the AUTH= parameter is not
2205trusted. A user supplied ruleset Local_trust_auth can be written
2206to modify the default behavior, which only trust the AUTH=
2207parameter if it is identical to the authenticated user.
2208
2209Per default, relaying is allowed for any user who authenticated
2210via a "trusted" mechanism, i.e., one that is defined via
2211TRUST_AUTH_MECH(`list of mechanisms')
2212For example:
2213TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
2214
2215If the selected mechanism provides a security layer the number of
2216bits used for the key of the symmetric cipher is stored in the
2217macro ${auth_ssf}.
2218
2219+--------------------------------+
2220| ADDING NEW MAILERS OR RULESETS |
2221+--------------------------------+
2222
2223Sometimes you may need to add entirely new mailers or rulesets. They
2224should be introduced with the constructs MAILER_DEFINITIONS and
2225LOCAL_RULESETS respectively. For example:
2226
2227 MAILER_DEFINITIONS
2228 Mmymailer, ...
2229 ...
2230
2231 LOCAL_RULESETS
2232 Smyruleset
2233 ...
2234
2235
2236#if _FFR_MILTER
2237+-------------------------+
2238| ADDING NEW MAIL FILTERS |
2239+-------------------------+
2240
2241Sendmail supports mail filters to filter incoming SMTP messages according
2242to the "Sendmail Mail Filter API" documentation. These filters can be
2243configured in your mc file using the two commands:
2244
2245 MAIL_FILTER(`name', `equates')
2246 INPUT_MAIL_FILTER(`name', `equates')
2247
2248The first command, MAIL_FILTER(), simply defines a filter with the given
2249name and equates. For example:
2250
2251 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2252
2253This creates the equivalent sendmail.cf entry:
2254
2255 Xarchive, S=local:/var/run/archivesock, F=R
2256
2257The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
2258but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
2259of the filter such that the filter will actually be called by sendmail.
2260
2261For example, the two commands:
2262
2263 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2264 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2265
2266are equivalent to the three commands:
2267
2268 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2269 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2270 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
2271
2272In general, INPUT_MAIL_FILTER() should be used unless you need to define
2273more filters than you want to use for `confINPUT_MAIL_FILTERS'.
2274
2275Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
2276commands will clear the list created by the prior INPUT_MAIL_FILTER()
2277commands.
2278#endif /* _FFR_MILTER */
2279
2280
2281+-------------------------------+
2282| NON-SMTP BASED CONFIGURATIONS |
2283+-------------------------------+
2284
2285These configuration files are designed primarily for use by
2286SMTP-based sites. They may not be well tuned for UUCP-only or
2287UUCP-primarily nodes (the latter is defined as a small local net
2288connected to the rest of the world via UUCP). However, there is
2289one hook to handle some special cases.
2290
2291You can define a ``smart host'' that understands a richer address syntax
2292using:
2293
2294 define(`SMART_HOST', `mailer:hostname')
2295
2296In this case, the ``mailer:'' defaults to "relay". Any messages that
2297can't be handled using the usual UUCP rules are passed to this host.
2298
2299If you are on a local SMTP-based net that connects to the outside
2300world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
2301For example:
2302
2303 define(`SMART_HOST', `uucp-new:uunet')
2304 LOCAL_NET_CONFIG
2305 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
2306
2307This will cause all names that end in your domain name ($m) via
2308SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
2309If you have FEATURE(`nocanonify'), you may need to omit the dots after
2310the $m. If you are running a local DNS inside your domain which is
2311not otherwise connected to the outside world, you probably want to
2312use:
2313
2314 define(`SMART_HOST', `smtp:fire.wall.com')
2315 LOCAL_NET_CONFIG
2316 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3
2317
2318That is, send directly only to things you found in your DNS lookup;
2319anything else goes through SMART_HOST.
2320
2321You may need to turn off the anti-spam rules in order to accept
2322UUCP mail with FEATURE(`promiscuous_relay') and
2323FEATURE(`accept_unresolvable_domains').
2324
2325
2326+-----------+
2327| WHO AM I? |
2328+-----------+
2329
2330Normally, the $j macro is automatically defined to be your fully
2331qualified domain name (FQDN). Sendmail does this by getting your
2332host name using gethostname and then calling gethostbyname on the
2333result. For example, in some environments gethostname returns
2334only the root of the host name (such as "foo"); gethostbyname is
2335supposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
2336cases, gethostbyname may fail to return the FQDN. In this case
2337you MUST define confDOMAIN_NAME to be your fully qualified domain
2338name. This is usually done using:
2339
2340 Dmbar.com
2341 define(`confDOMAIN_NAME', `$w.$m')dnl
2342
2343
2344+-----------------------------------+
2345| ACCEPTING MAIL FOR MULTIPLE NAMES |
2346+-----------------------------------+
2347
2348If your host is known by several different names, you need to augment
2349class {w}. This is a list of names by which your host is known, and
2350anything sent to an address using a host name in this list will be
2351treated as local mail. You can do this in two ways: either create the
2352file /etc/mail/local-host-names containing a list of your aliases (one per
2353line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
2354``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
2355name of the host, rather than a short name.
2356
2357If you want to have different address in different domains, take
2358a look at the virtusertable feature, which is also explained at
2359http://www.sendmail.org/virtual-hosting.html
2360
2361
2362+--------------------+
2363| USING MAILERTABLES |
2364+--------------------+
2365
2366To use FEATURE(`mailertable'), you will have to create an external
2367database containing the routing information for various domains.
2368For example, a mailertable file in text format might be:
2369
2370 .my.domain xnet:%1.my.domain
2371 uuhost1.my.domain uucp-new:uuhost1
2372 .bitnet smtp:relay.bit.net
2373
2374This should normally be stored in /etc/mail/mailertable. The actual
2375database version of the mailertable is built using:
2376
2377 makemap hash /etc/mail/mailertable < /etc/mail/mailertable
2378
2379The semantics are simple. Any LHS entry that does not begin with
2380a dot matches the full host name indicated. LHS entries beginning
2381with a dot match anything ending with that domain name (including
2382the leading dot) -- that is, they can be thought of as having a
2383leading ".+" regular expression pattern for a non-empty sequence of
2384characters. Matching is done in order of most-to-least qualified
2385-- for example, even though ".my.domain" is listed first in the
2386above example, an entry of "uuhost1.my.domain" will match the second
2387entry since it is more explicit. Note: e-mail to "user@my.domain"
2388does not match any entry in the above table. You need to have
2389something like:
2390
2391 my.domain esmtp:host.my.domain
2392
2393The RHS should always be a "mailer:host" pair. The mailer is the
2394configuration name of a mailer (that is, an {M} line in the
2395sendmail.cf file). The "host" will be the hostname passed to
2396that mailer. In domain-based matches (that is, those with leading
2397dots) the "%1" may be used to interpolate the wildcarded part of
2398the host name. For example, the first line above sends everything
2399addressed to "anything.my.domain" to that same host name, but using
2400the (presumably experimental) xnet mailer.
2401
2402In some cases you may want to temporarily turn off MX records,
2403particularly on gateways. For example, you may want to MX
2404everything in a domain to one machine that then forwards it
2405directly. To do this, you might use the DNS configuration:
2406
2407 *.domain. IN MX 0 relay.machine
2408
2409and on relay.machine use the mailertable:
2410
2411 .domain smtp:[gateway.domain]
2412
2413The [square brackets] turn off MX records for this host only.
2414If you didn't do this, the mailertable would use the MX record
2415again, which would give you an MX loop.
2416
2417
2418+--------------------------------+
2419| USING USERDB TO MAP FULL NAMES |
2420+--------------------------------+
2421
2422The user database was not originally intended for mapping full names
2423to login names (e.g., Eric.Allman => eric), but some people are using
2424it that way. (it is recommended that you set up aliases for this
2425purpose instead -- since you can specify multiple alias files, this
2426is fairly easy.) The intent was to locate the default maildrop at
2427a site, but allow you to override this by sending to a specific host.
2428
2429If you decide to set up the user database in this fashion, it is
2430imperative that you not use FEATURE(`stickyhost') -- otherwise,
2431e-mail sent to Full.Name@local.host.name will be rejected.
2432
2433To build the internal form of the user database, use:
2434
2435 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
2436
2437As a general rule, it is an extremely bad idea to using full names
2438as e-mail addresses, since they are not in any sense unique. For
2439example, the UNIX software-development community has at least two
2440well-known Peter Deutsches, and at one time Bell Labs had two
2441Stephen R. Bournes with offices along the same hallway. Which one
2442will be forced to suffer the indignity of being Stephen_R_Bourne_2?
2443The less famous of the two, or the one that was hired later?
2444
2445Finger should handle full names (and be fuzzy). Mail should use
2446handles, and not be fuzzy.
2447
2448
2449+--------------------------------+
2450| MISCELLANEOUS SPECIAL FEATURES |
2451+--------------------------------+
2452
2453Plussed users
2454 Sometimes it is convenient to merge configuration on a
2455 centralized mail machine, for example, to forward all
2456 root mail to a mail server. In this case it might be
2457 useful to be able to treat the root addresses as a class
2458 of addresses with subtle differences. You can do this
2459 using plussed users. For example, a client might include
2460 the alias:
2461
2462 root: root+client1@server
2463
2464 On the server, this will match an alias for "root+client1".
2465 If that is not found, the alias "root+*" will be tried,
2466 then "root".
2467
2468
2469+----------------+
2470| SECURITY NOTES |
2471+----------------+
2472
2473A lot of sendmail security comes down to you. Sendmail 8 is much
2474more careful about checking for security problems than previous
2475versions, but there are some things that you still need to watch
2476for. In particular:
2477
2478* Make sure the aliases file isn't writable except by trusted
2479 system personnel. This includes both the text and database
2480 version.
2481
2482* Make sure that other files that sendmail reads, such as the
2483 mailertable, are only writable by trusted system personnel.
2484
2485* The queue directory should not be world writable PARTICULARLY
2486 if your system allows "file giveaways" (that is, if a non-root
2487 user can chown any file they own to any other user).
2488
2489* If your system allows file giveaways, DO NOT create a publically
2490 writable directory for forward files. This will allow anyone
2491 to steal anyone else's e-mail. Instead, create a script that
2492 copies the .forward file from users' home directories once a
2493 night (if you want the non-NFS-mounted forward directory).
2494
2495* If your system allows file giveaways, you'll find that
2496 sendmail is much less trusting of :include: files -- in
2497 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
2498 /etc/shells before they will be trusted (that is, before
2499 files and programs listed in them will be honored).
2500
2501In general, file giveaways are a mistake -- if you can turn them
2502off, do so.
2503
2504
2505+--------------------------------+
2506| TWEAKING CONFIGURATION OPTIONS |
2507+--------------------------------+
2508
2509There are a large number of configuration options that don't normally
2510need to be changed. However, if you feel you need to tweak them, you
2511can define the following M4 variables. This list is shown in four
2512columns: the name you define, the default value for that definition,
2513the option or macro that is affected (either Ox for an option or Dx
2514for a macro), and a brief description. Greater detail of the semantics
2515can be found in the Installation and Operations Guide.
2516
2517Some options are likely to be deprecated in future versions -- that is,
2518the option is only included to provide back-compatibility. These are
2519marked with "*".
2520
2521Remember that these options are M4 variables, and hence may need to
2522be quoted. In particular, arguments with commas will usually have to
2523be ``double quoted, like this phrase'' to avoid having the comma
2524confuse things. This is common for alias file definitions and for
2525the read timeout.
2526
2527M4 Variable Name Configuration Description & [Default]
2528================ ============= =======================
2529confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
2530 for internally generated outgoing
2531 messages.
2532confDOMAIN_NAME $j macro If defined, sets $j. This should
2533 only be done if your system cannot
2534 determine your local domain name,
2535 and then it should be set to
2536 $w.Foo.COM, where Foo.COM is your
2537 domain name.
2538confCF_VERSION $Z macro If defined, this is appended to the
2539 configuration version name.
2540confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
2541 internally generated From: address.
2542confRECEIVED_HEADER Received:
2543 [$?sfrom $s $.$?_($?s$|from $.$_)
2544 $.$?{auth_type}(authenticated)
2545 $.by $j ($v/$Z)$?r with $r$. id $i$?u
2546 for $u; $|;
2547 $.$b]
2548 The format of the Received: header
2549 in messages passed through this host.
2550 It is unwise to try to change this.
2551confCW_FILE Fw class [/etc/mail/local-host-names] Name
2552 of file used to get the local
2553 additions to class {w} (local host
2554 names).
2555confCT_FILE Ft class [/etc/mail/trusted-users] Name of
2556 file used to get the local additions
2557 to class {t} (trusted users).
2558confCR_FILE FR class [/etc/mail/relay-domains] Name of
2559 file used to get the local additions
2560 to class {R} (hosts allowed to relay).
2561confTRUSTED_USERS Ct class [no default] Names of users to add to
2562 the list of trusted users. This list
2563 always includes root, uucp, and daemon.
2564 See also FEATURE(`use_ct_file').
2565confTRUSTED_USER TrustedUser [no default] Trusted user for file
2566 ownership and starting the daemon.
2567 Not to be confused with
2568 confTRUSTED_USERS (see above).
2569confSMTP_MAILER - [esmtp] The mailer name used when
2570 SMTP connectivity is required.
2571 One of "smtp", "smtp8",
2572 "esmtp", or "dsmtp".
2573confUUCP_MAILER - [uucp-old] The mailer to be used by
2574 default for bang-format recipient
2575 addresses. See also discussion of
2576 class {U}, class {Y}, and class {Z}
2577 in the MAILER(`uucp') section.
2578confLOCAL_MAILER - [local] The mailer name used when
2579 local connectivity is required.
2580 Almost always "local".
2581confRELAY_MAILER - [relay] The default mailer name used
2582 for relaying any mail (e.g., to a
2583 BITNET_RELAY, a SMART_HOST, or
2584 whatever). This can reasonably be
2585 "uucp-new" if you are on a
2586 UUCP-connected site.
2587confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits?
2588confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
2589confALIAS_WAIT AliasWait [10m] Time to wait for alias file
2590 rebuild until you get bored and
2591 decide that the apparently pending
2592 rebuild failed.
2593confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on
2594 queue filesystem to accept SMTP mail.
2595 (Prior to 8.7 this was minfree/maxsize,
2596 where minfree was the number of free
2597 blocks and maxsize was the maximum
2598 message size. Use confMAX_MESSAGE_SIZE
2599 for the second value now.)
2600confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages
2601 that will be accepted (in bytes).
2602confBLANK_SUB BlankSub [.] Blank (space) substitution
2603 character.
2604confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately
2605 to mailers marked expensive.
2606confCHECKPOINT_INTERVAL CheckpointInterval
2607 [10] Checkpoint queue files every N
2608 recipients.
2609confDELIVERY_MODE DeliveryMode [background] Default delivery mode.
2610confAUTO_REBUILD AutoRebuildAliases
2611 [False] Automatically rebuild alias
2612 file if needed.
2613 There is a potential for a denial
2614 of service attack if this is set.
2615 This option is deprecated and will
2616 be removed from a future version.
2617confERROR_MODE ErrorMode [print] Error message mode.
2618confERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
2619confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines.
2620confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode.
2621confMATCH_GECOS MatchGECOS [False] Match GECOS field.
2622confMAX_HOP MaxHopCount [25] Maximum hop count.
2623confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
2624 mode] Ignore dot as terminator for
2625 incoming messages?
2626confBIND_OPTS ResolverOptions [undefined] Default options for DNS
2627 resolver.
2628confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
2629 encapsulated messages per RFC 1344.
2630confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward]
2631 The colon-separated list of places to
2632 search for .forward files. N.B.: see
2633 the Security Notes section.
2634confMCI_CACHE_SIZE ConnectionCacheSize
2635 [2] Size of open connection cache.
2636confMCI_CACHE_TIMEOUT ConnectionCacheTimeout
2637 [5m] Open connection cache timeout.
2638confHOST_STATUS_DIRECTORY HostStatusDirectory
2639 [undefined] If set, host status is kept
2640 on disk between sendmail runs in the
2641 named directory tree. This need not be
2642 a full pathname, in which case it is
2643 interpreted relative to the queue
2644 directory.
2645confSINGLE_THREAD_DELIVERY SingleThreadDelivery
2646 [False] If this option and the
2647 HostStatusDirectory option are both
2648 set, single thread deliveries to other
2649 hosts. That is, don't allow any two
2650 sendmails on this host to connect
2651 simultaneously to any other single
2652 host. This can slow down delivery in
2653 some cases, in particular since a
2654 cached but otherwise idle connection
2655 to a host will prevent other sendmails
2656 from connecting to the other host.
2657confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
2658 deliver error messages. This should
2659 not be necessary because of general
2660 acceptance of the envelope/header
2661 distinction.
2662confLOG_LEVEL LogLevel [9] Log level.
2663confME_TOO MeToo [True] Include sender in group
2664 expansions. This option is
2665 deprecated and will be removed from
2666 a future version.
2667confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when
2668 running newaliases. Since this does
2669 DNS lookups on every address, it can
2670 slow down the alias rebuild process
2671 considerably on large alias files.
2672confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without
2673 special chars are old style.
2674confCLIENT_OPTIONS ClientPortOptions
2675 [none] Options for outgoing SMTP client
2676 connections.
2677confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags.
2678confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
2679 copies of all error messages.
2680confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
2681confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
2682 syntax addresses to the minimum
2683 possible.
2684confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk
2685 before forking.
2686confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
2687 on the initial connect.
2688confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial
2689 connect() to complete. This can only
2690 shorten connection timeouts; the kernel
2691 silently enforces an absolute maximum
2692 (which varies depending on the system).
2693confTO_ICONNECT Timeout.iconnect
2694 [undefined] Like Timeout.connect, but
2695 applies only to the very first attempt
2696 to connect to a host in a message.
2697 This allows a single very fast pass
2698 followed by more careful delivery
2699 attempts in the future.
2700confTO_HELO Timeout.helo [5m] The timeout waiting for a response
2701 to a HELO or EHLO command.
2702confTO_MAIL Timeout.mail [10m] The timeout waiting for a
2703 response to the MAIL command.
2704confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response
2705 to the RCPT command.
2706confTO_DATAINIT Timeout.datainit
2707 [5m] The timeout waiting for a 354
2708 response from the DATA command.
2709confTO_DATABLOCK Timeout.datablock
2710 [1h] The timeout waiting for a block
2711 during DATA phase.
2712confTO_DATAFINAL Timeout.datafinal
2713 [1h] The timeout waiting for a response
2714 to the final "." that terminates a
2715 message.
2716confTO_RSET Timeout.rset [5m] The timeout waiting for a response
2717 to the RSET command.
2718confTO_QUIT Timeout.quit [2m] The timeout waiting for a response
2719 to the QUIT command.
2720confTO_MISC Timeout.misc [2m] The timeout waiting for a response
2721 to other SMTP commands.
2722confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout
2723 waiting for a command to be issued.
2724confTO_IDENT Timeout.ident [5s] The timeout waiting for a
2725 response to an IDENT query.
2726confTO_FILEOPEN Timeout.fileopen
2727 [60s] The timeout waiting for a file
2728 (e.g., :include: file) to be opened.
2729confTO_CONTROL Timeout.control
2730 [2m] The timeout for a complete
2731 control socket transaction to complete.
2732confTO_QUEUERETURN Timeout.queuereturn
2733 [5d] The timeout before a message is
2734 returned as undeliverable.
2735confTO_QUEUERETURN_NORMAL
2736 Timeout.queuereturn.normal
2737 [undefined] As above, for normal
2738 priority messages.
2739confTO_QUEUERETURN_URGENT
2740 Timeout.queuereturn.urgent
2741 [undefined] As above, for urgent
2742 priority messages.
2743confTO_QUEUERETURN_NONURGENT
2744 Timeout.queuereturn.non-urgent
2745 [undefined] As above, for non-urgent
2746 (low) priority messages.
2747confTO_QUEUEWARN Timeout.queuewarn
2748 [4h] The timeout before a warning
2749 message is sent to the sender telling
2750 them that the message has been
2751 deferred.
2752confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal
2753 [undefined] As above, for normal
2754 priority messages.
2755confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent
2756 [undefined] As above, for urgent
2757 priority messages.
2758confTO_QUEUEWARN_NONURGENT
2759 Timeout.queuewarn.non-urgent
2760 [undefined] As above, for non-urgent
2761 (low) priority messages.
2762confTO_HOSTSTATUS Timeout.hoststatus
2763 [30m] How long information about host
2764 statuses will be maintained before it
2765 is considered stale and the host should
2766 be retried. This applies both within
2767 a single queue run and to persistent
2768 information (see below).
2769confTO_RESOLVER_RETRANS Timeout.resolver.retrans
2770 [varies] Sets the resolver's
2771 retransmition time interval (in
2772 seconds). Sets both
2773 Timeout.resolver.retrans.first and
2774 Timeout.resolver.retrans.normal.
2775confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
2776 [varies] Sets the resolver's
2777 retransmition time interval (in
2778 seconds) for the first attempt to
2779 deliver a message.
2780confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
2781 [varies] Sets the resolver's
2782 retransmition time interval (in
2783 seconds) for all resolver lookups
2784 except the first delivery attempt.
2785confTO_RESOLVER_RETRY Timeout.resolver.retry
2786 [varies] Sets the number of times
2787 to retransmit a resolver query.
2788 Sets both
2789 Timeout.resolver.retry.first and
2790 Timeout.resolver.retry.normal.
2791confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
2792 [varies] Sets the number of times
2793 to retransmit a resolver query for
2794 the first attempt to deliver a
2795 message.
2796confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
2797 [varies] Sets the number of times
2798 to retransmit a resolver query for
2799 all resolver lookups except the
2800 first delivery attempt.
2801confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
2802 USE_SYSTEM to use the system's idea,
2803 USE_TZ to use the user's TZ envariable,
2804 or something else to force that value.
2805confDEF_USER_ID DefaultUser [1:1] Default user id.
2806confUSERDB_SPEC UserDatabaseSpec
2807 [undefined] User database
2808 specification.
2809confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
2810confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
2811 for a host and other arrangements
2812 haven't been made, try connecting
2813 to the host directly; normally this
2814 would be a config error.
2815confQUEUE_LA QueueLA [varies] Load average at which
2816 queue-only function kicks in.
2817 Default values is (8 * numproc)
2818 where numproc is the number of
2819 processors online (if that can be
2820 determined).
2821confREFUSE_LA RefuseLA [varies] Load average at which
2822 incoming SMTP connections are
2823 refused. Default values is (12 *
2824 numproc) where numproc is the
2825 number of processors online (if
2826 that can be determined).
2827confMAX_ALIAS_RECURSION MaxAliasRecursion
2828 [10] Maximum depth of alias recursion.
2829confMAX_DAEMON_CHILDREN MaxDaemonChildren
2830 [undefined] The maximum number of
2831 children the daemon will permit. After
2832 this number, connections will be
2833 rejected. If not set or <= 0, there is
2834 no limit.
2835confMAX_HEADERS_LENGTH MaxHeadersLength
2836 [32768] Maximum length of the sum
2837 of all headers.
2838confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
2839 [undefined] Maximum length of
2840 certain MIME header field values.
2841confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
2842 [undefined] The maximum number of
2843 connections permitted per second.
2844 After this many connections are
2845 accepted, further connections will be
2846 delayed. If not set or <= 0, there is
2847 no limit.
2848confWORK_RECIPIENT_FACTOR
2849 RecipientFactor [30000] Cost of each recipient.
2850confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a
2851 separate process.
2852confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class.
2853confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
2854confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
2855 Priority, Host, Filename, or Time.
2856confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
2857 must sit in the queue between queue
2858 runs. This allows you to set the
2859 queue run interval low for better
2860 responsiveness without trying all
2861 jobs in each run.
2862confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
2863 unlabeled 8 bit input to MIME, the
2864 character set to use by default.
2865confSERVICE_SWITCH_FILE ServiceSwitchFile
2866 [/etc/mail/service.switch] The file
2867 to use for the service switch on
2868 systems that do not have a
2869 system-defined switch.
2870confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing
2871 "file" type access of hosts names.
2872confDIAL_DELAY DialDelay [0s] If a connection fails, wait this
2873 long and try again. Zero means "don't
2874 retry". This is to allow "dial on
2875 demand" connections to have enough time
2876 to complete a connection.
2877confNO_RCPT_ACTION NoRecipientAction
2878 [none] What to do if there are no legal
2879 recipient fields (To:, Cc: or Bcc:)
2880 in the message. Legal values can
2881 be "none" to just leave the
2882 nonconforming message as is, "add-to"
2883 to add a To: header with all the
2884 known recipients (which may expose
2885 blind recipients), "add-apparently-to"
2886 to do the same but use Apparently-To:
2887 instead of To:, "add-bcc" to add an
2888 empty Bcc: header, or
2889 "add-to-undisclosed" to add the header
2890 ``To: undisclosed-recipients:;''.
2891confSAFE_FILE_ENV SafeFileEnvironment
2892 [undefined] If set, sendmail will do a
2893 chroot() into this directory before
2894 writing files.
2895confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6]
2896 If set, colons are treated as a regular
2897 character in addresses. If not set,
2898 they are treated as the introducer to
2899 the RFC 822 "group" syntax. Colons are
2900 handled properly in route-addrs. This
2901 option defaults on for V5 and lower
2902 configuration files.
2903confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
2904 any given queue run to this number of
2905 entries. Essentially, this will stop
2906 reading each queue directory after this
2907 number of entries are reached; it does
2908 _not_ pick the highest priority jobs,
2909 so this should be as large as your
2910 system can tolerate. If not set, there
2911 is no limit.
2912confDONT_EXPAND_CNAMES DontExpandCnames
2913 [False] If set, $[ ... $] lookups that
2914 do DNS based lookups do not expand
2915 CNAME records. This currently violates
2916 the published standards, but the IETF
2917 seems to be moving toward legalizing
2918 this. For example, if "FTP.Foo.ORG"
2919 is a CNAME for "Cruft.Foo.ORG", then
2920 with this option set a lookup of
2921 "FTP" will return "FTP.Foo.ORG"; if
2922 clear it returns "Cruft.FOO.ORG". N.B.
2923 you may not see any effect until your
2924 downstream neighbors stop doing CNAME
2925 lookups as well.
2926confFROM_LINE UnixFromLine [From $g $d] The From_ line used
2927 when sending to files or programs.
2928confSINGLE_LINE_FROM_HEADER SingleLineFromHeader
2929 [False] From: lines that have
2930 embedded newlines are unwrapped
2931 onto one line.
2932confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that
2933 does not include a host name.
2934confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full
2935 name phrase (@,;:\()[] are automatic).
2936confOPERATORS OperatorChars [.:%@!^/[]+] Address operator
2937 characters.
2938confSMTP_LOGIN_MSG SmtpGreetingMessage
2939 [$j Sendmail $v/$Z; $b]
2940 The initial (spontaneous) SMTP
2941 greeting message. The word "ESMTP"
2942 will be inserted between the first and
2943 second words to convince other
2944 sendmails to try to speak ESMTP.
2945confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3)
2946 routine will never be invoked. You
2947 might want to do this if you are
2948 running NIS and you have a large group
2949 map, since this call does a sequential
2950 scan of the map; in a large site this
2951 can cause your ypserv to run
2952 essentially full time. If you set
2953 this, agents run on behalf of users
2954 will only have their primary
2955 (/etc/passwd) group permissions.
2956confUNSAFE_GROUP_WRITES UnsafeGroupWrites
2957 [False] If set, group-writable
2958 :include: and .forward files are
2959 considered "unsafe", that is, programs
2960 and files cannot be directly referenced
2961 from such files. World-writable files
2962 are always considered unsafe.
2963confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection
2964 address (for testing).
2965confCONTROL_SOCKET_NAME ControlSocketName
2966 [undefined] Control socket for daemon
2967 management.
2968confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress
2969 [postmaster] If an error occurs when
2970 sending an error message, send that
2971 "double bounce" error message to this
2972 address.
2973confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce
2974 messages which could not be returned
2975 to the user or sent to postmaster.
2976 If not set, the queue file will
2977 be renamed.
2978confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header
2979 implies DSN request.
2980confRUN_AS_USER RunAsUser [undefined] If set, become this user
2981 when reading and delivering mail.
2982 Causes all file reads (e.g., .forward
2983 and :include: files) to be done as
2984 this user. Also, all programs will
2985 be run as this user, and all output
2986 files will be written as this user.
2987 Intended for use only on firewalls
2988 where users do not have accounts.
2989confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
2990 [infinite] If set, allow no more than
2991 the specified number of recipients in
2992 an SMTP envelope. Further recipients
2993 receive a 452 error code (i.e., they
2994 are deferred for the next delivery
2995 attempt).
2996confDONT_PROBE_INTERFACES DontProbeInterfaces
2997 [False] If set, sendmail will _not_
2998 insert the names and addresses of any
2999 local interfaces into class {w}
3000 (list of known "equivalent" addresses).
3001 If you set this, you must also include
3002 some support for these addresses (e.g.,
3003 in a mailertable entry) -- otherwise,
3004 mail to addresses in this list will
3005 bounce with a configuration error.
3006confPID_FILE PidFile [system dependent] Location of pid
3007 file.
3008confPROCESS_TITLE_PREFIX ProcessTitlePrefix
3009 [undefined] Prefix string for the
3010 process title shown on 'ps' listings.
3011confDONT_BLAME_SENDMAIL DontBlameSendmail
3012 [safe] Override sendmail's file
3013 safety checks. This will definitely
3014 compromise system security and should
3015 not be used unless absolutely
3016 necessary.
3017confREJECT_MSG - [550 Access denied] The message
3018 given if the access database contains
3019 REJECT in the value portion.
3020confDF_BUFFER_SIZE DataFileBufferSize
3021 [4096] The maximum size of a
3022 memory-buffered data (df) file
3023 before a disk-based file is used.
3024confXF_BUFFER_SIZE XScriptFileBufferSize
3025 [4096] The maximum size of a
3026 memory-buffered transcript (xf)
3027 file before a disk-based file is
3028 used.
3029confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5
3030 CRAM-MD5] List of authentication
3031 mechanisms for AUTH (separated by
3032 spaces). The advertised list of
3033 authentication mechanisms will be the
3034 intersection of this list and the list
3035 of available mechanisms as determined
3036 by the CYRUS SASL library.
3037confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
3038 authentication information for
3039 outgoing connections. This file
3040 must contain the user id, the
3041 authorization id, the password
3042 (plain text), and the realm to use,
3043 each on a separate line and must be
3044 readable by root (or the trusted
3045 user) only. If no realm is
3046 specified, $j is used.
3047
3048 NOTE: Currently, AuthMechanisms is
3049 used to determine the list of
3050 mechanisms to use on an outgoing
3051 connection. Sites which require a
3052 different list of mechanisms for
3053 incoming connections and outgoing
3054 connections will have the ability
3055 to do this in 8.11 by specifying a
3056 list of mechanisms as the fifth
3057 line of the DefaultAuthInfo file.
3058 If no mechanisms are given in the
3059 file, AuthMechanisms is used. The
3060 code for doing so is included as
3061 in the sendmail source code but
3062 disabled. It can be enabled by
3063 recompiling sendmail with:
3064 -D_FFR_DEFAUTHINFO_MECHS
3065confAUTH_OPTIONS AuthOptions [undefined] If this options is 'A'
3066 then the AUTH= parameter for the
3067 MAIL FROM command is only issued
3068 when authentication succeeded.
3069confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
3070 specification for LDAP maps. The
3071 value should only contain LDAP
3072 specific settings such as "-h host
3073 -p port -d bindDN", etc. The
3074 settings will be used for all LDAP
3075 maps unless they are specified in
3076 the individual map specification
3077 ('K' command).
3078confCACERT_PATH CACERTPath [undefined] Path to directory
3079 with certs of CAs.
3080confCACERT CACERTFile [undefined] File containing one CA
3081 cert.
3082confSERVER_CERT ServerCertFile [undefined] File containing the
3083 cert of the server, i.e., this cert
3084 is used when sendmail acts as
3085 server.
3086confSERVER_KEY ServerKeyFile [undefined] File containing the
3087 private key belonging to the server
3088 cert.
3089confCLIENT_CERT ClientCertFile [undefined] File containing the
3090 cert of the client, i.e., this cert
3091 is used when sendmail acts as
3092 client.
3093confCLIENT_KEY ClientKeyFile [undefined] File containing the
3094 private key belonging to the client
3095 cert.
3096confDH_PARAMETERS DHParameters [undefined] File containing the
3097 DH parameters.
3098confRAND_FILE RandFile [undefined] File containing random
3099 data (use prefix file:) or the
3100 name of the UNIX socket if EGD is
3101 used (use prefix egd:). STARTTLS
3102 requires this option if the compile
3103 flag HASURANDOM is not set (see
3104 sendmail/README).
3105
3106See also the description of OSTYPE for some parameters that can be
3107tweaked (generally pathnames to mailers).
3108
3109DaemonPortOptions are a special case since multiple daemons can be
3110defined. This can be done via
3111
3112 DAEMON_OPTIONS(`field1=value1,field2=value2,...')
3113
3114If DAEMON_OPTIONS is not used, then the default is
3115
3116 DAEMON_OPTIONS(`Port=smtp, Name=MTA')
3117 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
3118
3119If you use one DAEMON_OPTIONS macro, it will alter the parameters
3120of the first of these. The second will still be defaulted; it
3121represents a "Message Submission Agent" (MSA) as defined by RFC
31222476 (see below). To turn off the default definition for the MSA,
3123use FEATURE(`no_default_msa') (see also FEATURES). If you use
3124additional DAEMON_OPTIONS macros, they will add additional daemons.
3125
3126Example 1: To change the port for the SMTP listener, while
3127still using the MSA default, use
3128 DAEMON_OPTIONS(`Port=925, Name=MTA')
3129
3130Example 2: To change the port for the MSA daemon, while still
3131using the default SMTP port, use
3132 FEATURE(`no_default_msa')
3133 DAEMON_OPTIONS(`Name=MTA')
3134 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
3135
3136Note that if the first of those DAEMON_OPTIONS lines were omitted, then
3137there would be no listener on the standard SMTP port.
3138
3139Example 3: To listen on both IPv4 and IPv6 interfaces, use
3140
3141 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
3142 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
3143
3144A "Message Submission Agent" still uses all of the same rulesets for
3145processing the message (and therefore still allows message rejection via
3146the check_* rulesets). In accordance with the RFC, the MSA will ensure
3147that all domains in the envelope are fully qualified if the message is
3148relayed to another MTA. It will also enforce the normal address syntax
3149rules and log error messages. Additionally, by using the M=a modifier
3150you can require authentication before messages are accepted by the MSA.
3151Notice: Do NOT use the 'a' modifier on a public accessible MTA!
3152Finally, the M=E modifier shown above disables ETRN as required by RFC
31532476.
3154
3155
3156+-----------+
3157| HIERARCHY |
3158+-----------+
3159
3160Within this directory are several subdirectories, to wit:
3161
3162m4 General support routines. These are typically
3163 very important and should not be changed without
3164 very careful consideration.
3165
3166cf The configuration files themselves. They have
3167 ".mc" suffixes, and must be run through m4 to
3168 become complete. The resulting output should
3169 have a ".cf" suffix.
3170
3171ostype Definitions describing a particular operating
3172 system type. These should always be referenced
3173 using the OSTYPE macro in the .mc file. Examples
3174 include "bsd4.3", "bsd4.4", "sunos3.5", and
3175 "sunos4.1".
3176
3177domain Definitions describing a particular domain, referenced
3178 using the DOMAIN macro in the .mc file. These are
3179 site dependent; for example, "CS.Berkeley.EDU.m4"
3180 describes hosts in the CS.Berkeley.EDU subdomain.
3181
3182mailer Descriptions of mailers. These are referenced using
3183 the MAILER macro in the .mc file.
3184
3185sh Shell files used when building the .cf file from the
3186 .mc file in the cf subdirectory.
3187
3188feature These hold special orthogonal features that you might
3189 want to include. They should be referenced using
3190 the FEATURE macro.
3191
3192hack Local hacks. These can be referenced using the HACK
3193 macro. They shouldn't be of more than voyeuristic
3194 interest outside the .Berkeley.EDU domain, but who knows?
3195
3196siteconfig Site configuration -- e.g., tables of locally connected
3197 UUCP sites.
3198
3199
3200+------------------------+
3201| ADMINISTRATIVE DETAILS |
3202+------------------------+
3203
3204The following sections detail usage of certain internal parts of the
3205sendmail.cf file. Read them carefully if you are trying to modify
3206the current model. If you find the above descriptions adequate, these
3207should be {boring, confusing, tedious, ridiculous} (pick one or more).
3208
3209RULESETS (* means built in to sendmail)
3210
3211 0 * Parsing
3212 1 * Sender rewriting
3213 2 * Recipient rewriting
3214 3 * Canonicalization
3215 4 * Post cleanup
3216 5 * Local address rewrite (after aliasing)
3217 1x mailer rules (sender qualification)
3218 2x mailer rules (recipient qualification)
3219 3x mailer rules (sender header qualification)
3220 4x mailer rules (recipient header qualification)
3221 5x mailer subroutines (general)
3222 6x mailer subroutines (general)
3223 7x mailer subroutines (general)
3224 8x reserved
3225 90 Mailertable host stripping
3226 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
3227 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
3228 98 Local part of ruleset 0 (ruleset 8 in old sendmail)
3229 99 Guaranteed null (for debugging)
3230
3231
3232MAILERS
3233
3234 0 local, prog local and program mailers
3235 1 [e]smtp, relay SMTP channel
3236 2 uucp-* UNIX-to-UNIX Copy Program
3237 3 netnews Network News delivery
3238 4 fax Sam Leffler's HylaFAX software
3239 5 mail11 DECnet mailer
3240
3241
3242MACROS
3243
3244 A
3245 B Bitnet Relay
3246 C DECnet Relay
3247 D The local domain -- usually not needed
3248 E reserved for X.400 Relay
3249 F FAX Relay
3250 G
3251 H mail Hub (for mail clusters)
3252 I
3253 J
3254 K
3255 L Luser Relay
3256 M Masquerade (who you claim to be)
3257 N
3258 O
3259 P
3260 Q
3261 R Relay (for unqualified names)
3262 S Smart Host
3263 T
3264 U my UUCP name (if you have a UUCP connection)
3265 V UUCP Relay (class {V} hosts)
3266 W UUCP Relay (class {W} hosts)
3267 X UUCP Relay (class {X} hosts)
3268 Y UUCP Relay (all other hosts)
3269 Z Version number
3270
3271
3272CLASSES
3273
3274 A
3275 B domains that are candidates for bestmx lookup
3276 C
3277 D
3278 E addresses that should not seem to come from $M
3279 F hosts this system forward for
3280 G domains that should be looked up in genericstable
3281 H
3282 I
3283 J
3284 K
3285 L addresses that should not be forwarded to $R
3286 M domains that should be mapped to $M
3287 N host/domains that should not be mapped to $M
3288 O operators that indicate network operations (cannot be in local names)
3289 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
3290 Q
3291 R domains this system is willing to relay (pass anti-spam filters)
3292 S
3293 T
3294 U locally connected UUCP hosts
3295 V UUCP hosts connected to relay $V
3296 W UUCP hosts connected to relay $W
3297 X UUCP hosts connected to relay $X
3298 Y locally connected smart UUCP hosts
3299 Z locally connected domain-ized UUCP hosts
3300 . the class containing only a dot
3301 [ the class containing only a left bracket
3302
3303
3304M4 DIVERSIONS
3305
3306 1 Local host detection and resolution
3307 2 Local Ruleset 3 additions
3308 3 Local Ruleset 0 additions
3309 4 UUCP Ruleset 0 additions
3310 5 locally interpreted names (overrides $R)
3311 6 local configuration (at top of file)
3312 7 mailer definitions
3313 8 DNS based blacklists
3314 9 special local rulesets (1 and 2)
3315
|