README (132943) | README (147078) |
---|---|
1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide (doc/op/op.me). 8 --- 1579 unchanged lines hidden (view full) --- 1588end will recognize. If at all possible, you should encourage the 1589other end to go to a domain-based system -- non-domainized addresses 1590don't work entirely properly. 1591 1592The four mailers are: 1593 1594 uucp-old (obsolete name: "uucp") 1595 This is the oldest, the worst (but the closest to UUCP) way of | 1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide (doc/op/op.me). 8 --- 1579 unchanged lines hidden (view full) --- 1588end will recognize. If at all possible, you should encourage the 1589other end to go to a domain-based system -- non-domainized addresses 1590don't work entirely properly. 1591 1592The four mailers are: 1593 1594 uucp-old (obsolete name: "uucp") 1595 This is the oldest, the worst (but the closest to UUCP) way of |
1596 sending messages accros UUCP connections. It does bangify | 1596 sending messages across UUCP connections. It does bangify |
1597 everything and prepends $U (your UUCP name) to the sender's 1598 address (which can already be a bang path itself). It can 1599 only send to one address at a time, so it spends a lot of 1600 time copying duplicates of messages. Avoid this if at all 1601 possible. 1602 1603 uucp-new (obsolete name: "suucp") 1604 The same as above, except that it assumes that in one rmail --- 1052 unchanged lines hidden (view full) --- 2657Notice: to avoid checking your own local domains against those 2658blacklists, use the access_db feature and add: 2659 2660 Connect:10.1 OK 2661 Connect:127.0.0.1 RELAY 2662 2663to the access map, where 10.1 is your local network. You may 2664want to use "RELAY" instead of "OK" to allow also relaying | 1597 everything and prepends $U (your UUCP name) to the sender's 1598 address (which can already be a bang path itself). It can 1599 only send to one address at a time, so it spends a lot of 1600 time copying duplicates of messages. Avoid this if at all 1601 possible. 1602 1603 uucp-new (obsolete name: "suucp") 1604 The same as above, except that it assumes that in one rmail --- 1052 unchanged lines hidden (view full) --- 2657Notice: to avoid checking your own local domains against those 2658blacklists, use the access_db feature and add: 2659 2660 Connect:10.1 OK 2661 Connect:127.0.0.1 RELAY 2662 2663to the access map, where 10.1 is your local network. You may 2664want to use "RELAY" instead of "OK" to allow also relaying |
2665instead of just disabling the DNS lookups in the backlists. | 2665instead of just disabling the DNS lookups in the blacklists. |
2666 2667 2668The features described above make use of the check_relay, check_mail, 2669and check_rcpt rulesets. Note that check_relay checks the SMTP 2670client hostname and IP address when the connection is made to your 2671server. It does not check if a mail message is being relayed to 2672another server. That check is done in check_rcpt. If you wish to 2673include your own checks, you can put your checks in the rulesets --- 191 unchanged lines hidden (view full) --- 2865 2866 FEATURE(`ratecontrol', `nodelay', `terminate') 2867 2868 2869+----------+ 2870| STARTTLS | 2871+----------+ 2872 | 2666 2667 2668The features described above make use of the check_relay, check_mail, 2669and check_rcpt rulesets. Note that check_relay checks the SMTP 2670client hostname and IP address when the connection is made to your 2671server. It does not check if a mail message is being relayed to 2672another server. That check is done in check_rcpt. If you wish to 2673include your own checks, you can put your checks in the rulesets --- 191 unchanged lines hidden (view full) --- 2865 2866 FEATURE(`ratecontrol', `nodelay', `terminate') 2867 2868 2869+----------+ 2870| STARTTLS | 2871+----------+ 2872 |
2873In this text, cert will be used as an abreviation for X.509 certificate, | 2873In this text, cert will be used as an abbreviation for X.509 certificate, |
2874DN (CN) is the distinguished (common) name of a cert, and CA is a 2875certification authority, which signs (issues) certs. 2876 2877For STARTTLS to be offered by sendmail you need to set at least | 2874DN (CN) is the distinguished (common) name of a cert, and CA is a 2875certification authority, which signs (issues) certs. 2876 2877For STARTTLS to be offered by sendmail you need to set at least |
2878this variables (the file names and paths are just examples): | 2878these variables (the file names and paths are just examples): |
2879 2880 define(`confCACERT_PATH', `/etc/mail/certs/') 2881 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 2882 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 2883 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 2884 2885On systems which do not have the compile flag HASURANDOM set (see 2886sendmail/README) you also must set confRAND_FILE. --- 1235 unchanged lines hidden (view full) --- 4122 work for the MSP since it can't read 4123 the file. Use the authinfo ruleset 4124 instead. See also the section SMTP 4125 AUTHENTICATION. 4126confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A' 4127 then the AUTH= parameter for the 4128 MAIL FROM command is only issued 4129 when authentication succeeded. | 2879 2880 define(`confCACERT_PATH', `/etc/mail/certs/') 2881 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 2882 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 2883 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 2884 2885On systems which do not have the compile flag HASURANDOM set (see 2886sendmail/README) you also must set confRAND_FILE. --- 1235 unchanged lines hidden (view full) --- 4122 work for the MSP since it can't read 4123 the file. Use the authinfo ruleset 4124 instead. See also the section SMTP 4125 AUTHENTICATION. 4126confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A' 4127 then the AUTH= parameter for the 4128 MAIL FROM command is only issued 4129 when authentication succeeded. |
4130 Other values (which should be listed 4131 one after the other without any 4132 intervening characters except for 4133 space or comma) are a, c, d, f, p, 4134 and y. See doc/op/op.me for 4135 details. | 4130 See doc/op/op.me for more options 4131 and details. |
4136confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption 4137 strength for the security layer in 4138 SMTP AUTH (SASL). Default is 4139 essentially unlimited. 4140confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 4141 verification is performed, i.e., 4142 the server doesn't ask for a 4143 certificate. --- 438 unchanged lines hidden (view full) --- 4582 3 Local Ruleset 0 additions 4583 4 UUCP Ruleset 0 additions 4584 5 locally interpreted names (overrides $R) 4585 6 local configuration (at top of file) 4586 7 mailer definitions 4587 8 DNS based blacklists 4588 9 special local rulesets (1 and 2) 4589 | 4132confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption 4133 strength for the security layer in 4134 SMTP AUTH (SASL). Default is 4135 essentially unlimited. 4136confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 4137 verification is performed, i.e., 4138 the server doesn't ask for a 4139 certificate. --- 438 unchanged lines hidden (view full) --- 4578 3 Local Ruleset 0 additions 4579 4 UUCP Ruleset 0 additions 4580 5 locally interpreted names (overrides $R) 4581 6 local configuration (at top of file) 4582 7 mailer definitions 4583 8 DNS based blacklists 4584 9 special local rulesets (1 and 2) 4585 |
4590$Revision: 8.691 $, Last updated $Date: 2004/07/19 17:47:34 $ | 4586$Revision: 8.694 $, Last updated $Date: 2005/03/23 21:41:09 $ |