README revision 110560
1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide (doc/op/op.me). 8 9To get started, you may want to look at tcpproto.mc (for TCP-only 10sites) and clientproto.mc (for clusters of clients using a single 11mail host), or the generic-*.mc files as operating system-specific 12examples. 13 14Table of Content: 15 16INTRODUCTION AND EXAMPLE 17A BRIEF INTRODUCTION TO M4 18FILE LOCATIONS 19OSTYPE 20DOMAINS 21MAILERS 22FEATURES 23HACKS 24SITE CONFIGURATION 25USING UUCP MAILERS 26TWEAKING RULESETS 27MASQUERADING AND RELAYING 28USING LDAP FOR ALIASES, MAPS, AND CLASSES 29LDAP ROUTING 30ANTI-SPAM CONFIGURATION CONTROL 31STARTTLS 32SMTP AUTHENTICATION 33ADDING NEW MAILERS OR RULESETS 34ADDING NEW MAIL FILTERS 35QUEUE GROUP DEFINITIONS 36NON-SMTP BASED CONFIGURATIONS 37WHO AM I? 38ACCEPTING MAIL FOR MULTIPLE NAMES 39USING MAILERTABLES 40USING USERDB TO MAP FULL NAMES 41MISCELLANEOUS SPECIAL FEATURES 42SECURITY NOTES 43TWEAKING CONFIGURATION OPTIONS 44MESSAGE SUBMISSION PROGRAM 45FORMAT OF FILES AND MAPS 46DIRECTORY LAYOUT 47ADMINISTRATIVE DETAILS 48 49 50+--------------------------+ 51| INTRODUCTION AND EXAMPLE | 52+--------------------------+ 53 54Configuration files are contained in the subdirectory "cf", with a 55suffix ".mc". They must be run through "m4" to produce a ".cf" file. 56You must pre-load "cf.m4": 57 58 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 59 60Alternatively, you can simply: 61 62 cd ${CFDIR}/cf 63 ./Build config.cf 64 65where ${CFDIR} is the root of the cf directory and config.mc is the 66name of your configuration file. If you are running a version of M4 67that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 68this, but the versions distributed with 4.4BSD and derivatives do not) 69or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 70For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 71use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 72 73 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 74 75Let's examine a typical .mc file: 76 77 divert(-1) 78 # 79 # Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. 80 # All rights reserved. 81 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 82 # Copyright (c) 1988, 1993 83 # The Regents of the University of California. All rights reserved. 84 # 85 # By using this file, you agree to the terms and conditions set 86 # forth in the LICENSE file which can be found at the top level of 87 # the sendmail distribution. 88 # 89 90 # 91 # This is a Berkeley-specific configuration file for HP-UX 9.x. 92 # It applies only to the Computer Science Division at Berkeley, 93 # and should not be used elsewhere. It is provided on the sendmail 94 # distribution as a sample only. To create your own configuration 95 # file, create an appropriate domain file in ../domain, change the 96 # `DOMAIN' macro below to reference that file, and copy the result 97 # to a name of your own choosing. 98 # 99 divert(0) 100 101The divert(-1) will delete the crud in the resulting output file. 102The copyright notice can be replaced by whatever your lawyers require; 103our lawyers require the one that is included in these files. A copyleft 104is a copyright by another name. The divert(0) restores regular output. 105 106 VERSIONID(`<SCCS or RCS version id>') 107 108VERSIONID is a macro that stuffs the version information into the 109resulting file. You could use SCCS, RCS, CVS, something else, or 110omit it completely. This is not the same as the version id included 111in SMTP greeting messages -- this is defined in m4/version.m4. 112 113 OSTYPE(`hpux9')dnl 114 115You must specify an OSTYPE to properly configure things such as the 116pathname of the help and status files, the flags needed for the local 117mailer, and other important things. If you omit it, you will get an 118error when you try to build the configuration. Look at the ostype 119directory for the list of known operating system types. 120 121 DOMAIN(`CS.Berkeley.EDU')dnl 122 123This example is specific to the Computer Science Division at Berkeley. 124You can use "DOMAIN(`generic')" to get a sufficiently bland definition 125that may well work for you, or you can create a customized domain 126definition appropriate for your environment. 127 128 MAILER(`local') 129 MAILER(`smtp') 130 131These describe the mailers used at the default CS site. The local 132mailer is always included automatically. Beware: MAILER declarations 133should always be at the end of the configuration file. The general 134rules are that the order should be: 135 136 VERSIONID 137 OSTYPE 138 DOMAIN 139 FEATURE 140 local macro definitions 141 MAILER 142 LOCAL_CONFIG 143 LOCAL_RULE_* 144 LOCAL_RULESETS 145 146There are a few exceptions to this rule. Local macro definitions which 147influence a FEATURE() should be done before that feature. For example, 148a define(`PROCMAIL_MAILER_PATH', ...) should be done before 149FEATURE(`local_procmail'). 150 151******************************************************************* 152*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 153*** Berkeley-specific assumptions built in, such as the name *** 154*** of their UUCP-relay. You'll want to create your own *** 155*** domain description, and use that in place of *** 156*** domain/Berkeley.EDU.m4. *** 157******************************************************************* 158 159 160+----------------------------+ 161| A BRIEF INTRODUCTION TO M4 | 162+----------------------------+ 163 164Sendmail uses the M4 macro processor to ``compile'' the configuration 165files. The most important thing to know is that M4 is stream-based, 166that is, it doesn't understand about lines. For this reason, in some 167places you may see the word ``dnl'', which stands for ``delete 168through newline''; essentially, it deletes all characters starting 169at the ``dnl'' up to and including the next newline character. In 170most cases sendmail uses this only to avoid lots of unnecessary 171blank lines in the output. 172 173Other important directives are define(A, B) which defines the macro 174``A'' to have value ``B''. Macros are expanded as they are read, so 175one normally quotes both values to prevent expansion. For example, 176 177 define(`SMART_HOST', `smart.foo.com') 178 179One word of warning: M4 macros are expanded even in lines that appear 180to be comments. For example, if you have 181 182 # See FEATURE(`foo') above 183 184it will not do what you expect, because the FEATURE(`foo') will be 185expanded. This also applies to 186 187 # And then define the $X macro to be the return address 188 189because ``define'' is an M4 keyword. If you want to use them, surround 190them with directed quotes, `like this'. 191 192Since m4 uses single quotes (opening "`" and closing "'") to quote 193arguments, those quotes can't be used in arguments. For example, 194it is not possible to define a rejection message containing a single 195quote. Usually there are simple workarounds by changing those 196messages; in the worst case it might be ok to change the value 197directly in the generated .cf file, which however is not advised. 198 199 200Notice: 201------- 202 203This package requires a post-V7 version of m4; if you are running the 2044.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or 205BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works. 206Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a 207Net/2 or GNU version. GNU m4 is available from 208ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version). 209EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU 210m4 on this platform. 211 212 213+----------------+ 214| FILE LOCATIONS | 215+----------------+ 216 217sendmail 8.9 has introduced a new configuration directory for sendmail 218related files, /etc/mail. The new files available for sendmail 8.9 -- 219the class {R} /etc/mail/relay-domains and the access database 220/etc/mail/access -- take advantage of this new directory. Beginning with 2218.10, all files will use this directory by default (some options may be 222set by OSTYPE() files). This new directory should help to restore 223uniformity to sendmail's file locations. 224 225Below is a table of some of the common changes: 226 227Old filename New filename 228------------ ------------ 229/etc/bitdomain /etc/mail/bitdomain 230/etc/domaintable /etc/mail/domaintable 231/etc/genericstable /etc/mail/genericstable 232/etc/uudomain /etc/mail/uudomain 233/etc/virtusertable /etc/mail/virtusertable 234/etc/userdb /etc/mail/userdb 235 236/etc/aliases /etc/mail/aliases 237/etc/sendmail/aliases /etc/mail/aliases 238/etc/ucbmail/aliases /etc/mail/aliases 239/usr/adm/sendmail/aliases /etc/mail/aliases 240/usr/lib/aliases /etc/mail/aliases 241/usr/lib/mail/aliases /etc/mail/aliases 242/usr/ucblib/aliases /etc/mail/aliases 243 244/etc/sendmail.cw /etc/mail/local-host-names 245/etc/mail/sendmail.cw /etc/mail/local-host-names 246/etc/sendmail/sendmail.cw /etc/mail/local-host-names 247 248/etc/sendmail.ct /etc/mail/trusted-users 249 250/etc/sendmail.oE /etc/mail/error-header 251 252/etc/sendmail.hf /etc/mail/helpfile 253/etc/mail/sendmail.hf /etc/mail/helpfile 254/usr/ucblib/sendmail.hf /etc/mail/helpfile 255/etc/ucbmail/sendmail.hf /etc/mail/helpfile 256/usr/lib/sendmail.hf /etc/mail/helpfile 257/usr/share/lib/sendmail.hf /etc/mail/helpfile 258/usr/share/misc/sendmail.hf /etc/mail/helpfile 259/share/misc/sendmail.hf /etc/mail/helpfile 260 261/etc/service.switch /etc/mail/service.switch 262 263/etc/sendmail.st /etc/mail/statistics 264/etc/mail/sendmail.st /etc/mail/statistics 265/etc/mailer/sendmail.st /etc/mail/statistics 266/etc/sendmail/sendmail.st /etc/mail/statistics 267/usr/lib/sendmail.st /etc/mail/statistics 268/usr/ucblib/sendmail.st /etc/mail/statistics 269 270Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR 271to create the pathnames. The default value of this variable is 272`/etc/mail/'. If you set this macro to a different value, you MUST include 273a trailing slash. 274 275Notice: all filenames used in a .mc (or .cf) file should be absolute 276(starting at the root, i.e., with '/'). Relative filenames most 277likely cause surprises during operations (unless otherwise noted). 278 279 280+--------+ 281| OSTYPE | 282+--------+ 283 284You MUST define an operating system environment, or the configuration 285file build will puke. There are several environments available; look 286at the "ostype" directory for the current list. This macro changes 287things like the location of the alias file and queue directory. Some 288of these files are identical to one another. 289 290It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 291In general, the OSTYPE macro should go immediately after any version 292information, and MAILER definitions should always go last. 293 294Operating system definitions are usually easy to write. They may define 295the following variables (everything defaults, so an ostype file may be 296empty). Unfortunately, the list of configuration-supported systems is 297not as broad as the list of source-supported systems, since many of 298the source contributors do not include corresponding ostype files. 299 300ALIAS_FILE [/etc/mail/aliases] The location of the text version 301 of the alias file(s). It can be a comma-separated 302 list of names (but be sure you quote values with 303 commas in them -- for example, use 304 define(`ALIAS_FILE', `a,b') 305 to get "a" and "b" both listed as alias files; 306 otherwise the define() primitive only sees "a"). 307HELP_FILE [/etc/mail/helpfile] The name of the file 308 containing information printed in response to 309 the SMTP HELP command. 310QUEUE_DIR [/var/spool/mqueue] The directory containing 311 queue files. To use multiple queues, supply 312 a value ending with an asterisk. For 313 example, /var/spool/mqueue/qd* will use all of the 314 directories or symbolic links to directories 315 beginning with 'qd' in /var/spool/mqueue as queue 316 directories. The names 'qf', 'df', and 'xf' are 317 reserved as specific subdirectories for the 318 corresponding queue file types as explained in 319 doc/op/op.me. See also QUEUE GROUP DEFINITIONS. 320MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing 321 queue files for the MSP (Mail Submission Program, 322 see sendmail/SECURITY). 323STATUS_FILE [/etc/mail/statistics] The file containing status 324 information. 325LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 326LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The 327 flags lsDFMAw5:/|@q are always included. 328LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 329 mail. 330LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 331 mail that you are willing to accept. 332LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of 333 messages to deliver in a single connection. Only 334 useful for LMTP local mailers. 335LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 336 that ARRIVE from an address that resolves to the 337 local mailer and which are converted to MIME will be 338 labeled with this character set. 339LOCAL_MAILER_EOL [undefined] If defined, the string to use as the 340 end of line for the local mailer. 341LOCAL_MAILER_DSN_DIAGNOSTIC_CODE 342 [X-Unix] The DSN Diagnostic-Code value for the 343 local mailer. This should be changed with care. 344LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 345LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 346 flags lsDFM are always included. 347LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 348 mail. 349LOCAL_SHELL_DIR [$z:/] The directory search path in which the 350 shell should run. 351LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer. 352USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 353 used to submit news. 354USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer. 355USENET_MAILER_ARGS [-m -h -n] The command line arguments for the 356 usenet mailer. NOTE: Some versions of inews 357 (such as those shipped with newer versions of INN) 358 use different flags. Double check the defaults 359 against the inews man page. 360USENET_MAILER_MAX [undefined] The maximum size of messages that will 361 be accepted by the usenet mailer. 362USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer. 363SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 364 flags are `mDFMuX' for all SMTP-based mailers; the 365 "esmtp" mailer adds `a'; "smtp8" adds `8'; and 366 "dsmtp" adds `%'. 367RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default 368 flags are `mDFMuX' for all SMTP-based mailers; the 369 relay mailer adds `a8'. If this is not defined, 370 then SMTP_MAILER_FLAGS is used. 371SMTP_MAILER_MAX [undefined] The maximum size of messages that will 372 be transported using the smtp, smtp8, esmtp, or dsmtp 373 mailers. 374SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of 375 messages to deliver in a single connection for the 376 smtp, smtp8, esmtp, or dsmtp mailers. 377SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 378 recipients to deliver in a single connection for the 379 smtp, smtp8, esmtp, or dsmtp mailers. 380SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. 381 About the only reason you would want to change this 382 would be to change the default port. 383ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. 384SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. 385DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. 386RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. 387SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer. 388ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer. 389SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer. 390DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer. 391RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer. 392RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of 393 messages to deliver in a single connection for the 394 relay mailer. 395SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 396 that ARRIVE from an address that resolves to one of 397 the SMTP mailers and which are converted to MIME will 398 be labeled with this character set. 399UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 400UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 401 flags are `DFMhuU' (and `m' for uucp-new mailer, 402 minus `U' for uucp-dom mailer). 403UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 404 passed to the UUCP mailer. 405UUCP_MAILER_MAX [100000] The maximum size message accepted for 406 transmission by the UUCP mailers. 407UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 408 that ARRIVE from an address that resolves to one of 409 the UUCP mailers and which are converted to MIME will 410 be labeled with this character set. 411UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers. 412FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 413 submit FAX messages. 414FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 415 mailer. 416FAX_MAILER_MAX [100000] The maximum size message accepted for 417 transmission by FAX. 418POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 419POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq 420 are always added. 421POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 422POP_MAILER_QGRP [undefined] The queue group for the pop mailer. 423PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 424 program. This is also used by 425 FEATURE(`local_procmail'). 426PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 427 DFM are always set. This is NOT used by 428 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 429 instead. 430PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 431 the Procmail mailer. This is NOT used by 432 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 433 instead. 434PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 435 will be accepted by the procmail mailer. 436PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer. 437MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 438MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 439MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 440 mailer. 441MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer. 442PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 443 program. 444PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM 445 are always set. 446PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 447PH_MAILER_QGRP [undefined] The queue group for the ph mailer. 448CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The 449 flags lsDFMnPq are always included. 450CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 451 cyrus mail. 452CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 453 to deliver cyrus mail. 454CYRUS_MAILER_MAX [undefined] If set, the maximum size message that 455 will be accepted by the cyrus mailer. 456CYRUS_MAILER_USER [cyrus:mail] The user and group to become when 457 running the cyrus mailer. 458CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer. 459CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. 460 The flags lsDFMnP are always included. 461CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 462 to deliver cyrusbb mail. 463CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The 464 flags lsDFMnqXz are always included. 465CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of 466 messages to deliver in a single connection for the 467 cyrusv2 mailer. 468CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 469 recipients to deliver in a single connection for the 470 cyrusv2 mailer. 471CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed 472 to the cyrusv2 mailer. This can be used to 473 change the name of the Unix domain socket, or 474 to switch to delivery via TCP (e.g., `TCP $h lmtp') 475CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer. 476CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 477 that ARRIVE from an address that resolves to one the 478 Cyrus mailer and which are converted to MIME will 479 be labeled with this character set. 480confEBINDIR [/usr/libexec] The directory for executables. 481 Currently used for FEATURE(`local_lmtp') and 482 FEATURE(`smrsh'). 483QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer. 484QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver 485 qpage mail. 486QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed 487 to deliver qpage mail. 488QPAGE_MAILER_MAX [4096] If set, the maximum size message that 489 will be accepted by the qpage mailer. 490QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer. 491LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer. 492 493Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: 494MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of 495the macro Name_MAILER_FLAGS and change can be: flags that should 496be used directly (thus overriding the default value), or if it 497starts with `+' (`-') then those flags are added to (removed from) 498the default value. Example: 499 500 MODIFY_MAILER_FLAGS(`LOCAL', `+e') 501 502will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are 503several smtp mailers all of which are manipulated individually. 504See the section MAILERS for the available mailer names. 505WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS 506unconditionally, i.e., without respecting any definitions in an 507OSTYPE setting. 508 509 510+---------+ 511| DOMAINS | 512+---------+ 513 514You will probably want to collect domain-dependent defines into one 515file, referenced by the DOMAIN macro. For example, the Berkeley 516domain file includes definitions for several internal distinguished 517hosts: 518 519UUCP_RELAY The host that will accept UUCP-addressed email. 520 If not defined, all UUCP sites must be directly 521 connected. 522BITNET_RELAY The host that will accept BITNET-addressed email. 523 If not defined, the .BITNET pseudo-domain won't work. 524DECNET_RELAY The host that will accept DECNET-addressed email. 525 If not defined, the .DECNET pseudo-domain and addresses 526 of the form node::user will not work. 527FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 528 The "fax" mailer overrides this value. 529LOCAL_RELAY The site that will handle unqualified names -- that 530 is, names without an @domain extension. 531 Normally MAIL_HUB is preferred for this function. 532 LOCAL_RELAY is mostly useful in conjunction with 533 FEATURE(`stickyhost') -- see the discussion of 534 stickyhost below. If not set, they are assumed to 535 belong on this machine. This allows you to have a 536 central site to store a company- or department-wide 537 alias database. This only works at small sites, 538 and only with some user agents. 539LUSER_RELAY The site that will handle lusers -- that is, apparently 540 local names that aren't local accounts or aliases. To 541 specify a local user instead of a site, set this to 542 ``local:username''. 543 544Any of these can be either ``mailer:hostname'' (in which case the 545mailer is the internal mailer name, such as ``uucp-new'' and the hostname 546is the name of the host as appropriate for that mailer) or just a 547``hostname'', in which case a default mailer type (usually ``relay'', 548a variant on SMTP) is used. WARNING: if you have a wildcard MX 549record matching your domain, you probably want to define these to 550have a trailing dot so that you won't get the mail diverted back 551to yourself. 552 553The domain file can also be used to define a domain name, if needed 554(using "DD<domain>") and set certain site-wide features. If all hosts 555at your site masquerade behind one email name, you could also use 556MASQUERADE_AS here. 557 558You do not have to define a domain -- in particular, if you are a 559single machine sitting off somewhere, it is probably more work than 560it's worth. This is just a mechanism for combining "domain dependent 561knowledge" into one place. 562 563 564+---------+ 565| MAILERS | 566+---------+ 567 568There are fewer mailers supported in this version than the previous 569version, owing mostly to a simpler world. As a general rule, put the 570MAILER definitions last in your .mc file. 571 572local The local and prog mailers. You will almost always 573 need these; the only exception is if you relay ALL 574 your mail to another site. This mailer is included 575 automatically. 576 577smtp The Simple Mail Transport Protocol mailer. This does 578 not hide hosts behind a gateway or another other 579 such hack; it assumes a world where everyone is 580 running the name server. This file actually defines 581 five mailers: "smtp" for regular (old-style) SMTP to 582 other servers, "esmtp" for extended SMTP to other 583 servers, "smtp8" to do SMTP to other servers without 584 converting 8-bit data to MIME (essentially, this is 585 your statement that you know the other end is 8-bit 586 clean even if it doesn't say so), "dsmtp" to do on 587 demand delivery, and "relay" for transmission to the 588 RELAY_HOST, LUSER_RELAY, or MAIL_HUB. 589 590uucp The UNIX-to-UNIX Copy Program mailer. Actually, this 591 defines two mailers, "uucp-old" (a.k.a. "uucp") and 592 "uucp-new" (a.k.a. "suucp"). The latter is for when you 593 know that the UUCP mailer at the other end can handle 594 multiple recipients in one transfer. If the smtp mailer 595 is included in your configuration, two other mailers 596 ("uucp-dom" and "uucp-uudom") are also defined [warning: you 597 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you 598 include the uucp mailer, sendmail looks for all names in 599 class {U} and sends them to the uucp-old mailer; all 600 names in class {Y} are sent to uucp-new; and all 601 names in class {Z} are sent to uucp-uudom. Note that 602 this is a function of what version of rmail runs on 603 the receiving end, and hence may be out of your control. 604 See the section below describing UUCP mailers in more 605 detail. 606 607usenet Usenet (network news) delivery. If this is specified, 608 an extra rule is added to ruleset 0 that forwards all 609 local email for users named ``group.usenet'' to the 610 ``inews'' program. Note that this works for all groups, 611 and may be considered a security problem. 612 613fax Facsimile transmission. This is experimental and based 614 on Sam Leffler's HylaFAX software. For more information, 615 see http://www.hylafax.org/. 616 617pop Post Office Protocol. 618 619procmail An interface to procmail (does not come with sendmail). 620 This is designed to be used in mailertables. For example, 621 a common question is "how do I forward all mail for a given 622 domain to a single person?". If you have this mailer 623 defined, you could set up a mailertable reading: 624 625 host.com procmail:/etc/procmailrcs/host.com 626 627 with the file /etc/procmailrcs/host.com reading: 628 629 :0 # forward mail for host.com 630 ! -oi -f $1 person@other.host 631 632 This would arrange for (anything)@host.com to be sent 633 to person@other.host. Within the procmail script, $1 is 634 the name of the sender and $2 is the name of the recipient. 635 If you use this with FEATURE(`local_procmail'), the FEATURE 636 should be listed first. 637 638 Of course there are other ways to solve this particular 639 problem, e.g., a catch-all entry in a virtusertable. 640 641mail11 The DECnet mail11 mailer, useful only if you have the mail11 642 program from gatekeeper.dec.com:/pub/DEC/gwtools (and 643 DECnet, of course). This is for Phase IV DECnet support; 644 if you have Phase V at your site you may have additional 645 problems. 646 647phquery The phquery program. This is somewhat counterintuitively 648 referenced as the "ph" mailer internally. It can be used 649 to do CCSO name server lookups. The phquery program, which 650 this mailer uses, is distributed with the ph client. 651 652cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 653 a local cyrus user. this mailer can make use of the 654 "user+detail@local.host" syntax (see 655 FEATURE(`preserve_local_plus_detail')); it will deliver the 656 mail to the user's "detail" mailbox if the mailbox's ACL 657 permits. The cyrusbb mailer delivers to a system-wide 658 cyrus mailbox if the mailbox's ACL permits. The cyrus 659 mailer must be defined after the local mailer. 660 661cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to 662 local cyrus users via LMTP. This mailer can make use of the 663 "user+detail@local.host" syntax (see 664 FEATURE(`preserve_local_plus_detail')); it will deliver the 665 mail to the user's "detail" mailbox if the mailbox's ACL 666 permits. The cyrusv2 mailer must be defined after the 667 local mailer. 668 669qpage A mailer for QuickPage, a pager interface. See 670 http://www.qpage.org/ for further information. 671 672The local mailer accepts addresses of the form "user+detail", where 673the "+detail" is not used for mailbox matching but is available 674to certain local mail programs (in particular, see 675FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 676"eric+sww" all indicate the same user, but additional arguments <null>, 677"sendmail", and "sww" may be provided for use in sorting mail. 678 679 680+----------+ 681| FEATURES | 682+----------+ 683 684Special features can be requested using the "FEATURE" macro. For 685example, the .mc line: 686 687 FEATURE(`use_cw_file') 688 689tells sendmail that you want to have it read an /etc/mail/local-host-names 690file to get values for class {w}. A FEATURE may contain up to 9 691optional parameters -- for example: 692 693 FEATURE(`mailertable', `dbm /usr/lib/mailertable') 694 695The default database map type for the table features can be set with 696 697 define(`DATABASE_MAP_TYPE', `dbm') 698 699which would set it to use ndbm databases. The default is the Berkeley DB 700hash database format. Note that you must still declare a database map type 701if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 702if no argument is given for the FEATURE. It must be specified before any 703feature that uses a map. 704 705Also, features which can take a map definition as an argument can also take 706the special keyword `LDAP'. If that keyword is used, the map will use the 707LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND 708CLASSES'' section below. 709 710Available features are: 711 712use_cw_file Read the file /etc/mail/local-host-names file to get 713 alternate names for this host. This might be used if you 714 were on a host that MXed for a dynamic set of other hosts. 715 If the set is static, just including the line "Cw<name1> 716 <name2> ..." (where the names are fully qualified domain 717 names) is probably superior. The actual filename can be 718 overridden by redefining confCW_FILE. 719 720use_ct_file Read the file /etc/mail/trusted-users file to get the 721 names of users that will be ``trusted'', that is, able to 722 set their envelope from address using -f without generating 723 a warning message. The actual filename can be overridden 724 by redefining confCT_FILE. 725 726redirect Reject all mail addressed to "address.REDIRECT" with 727 a ``551 User has moved; please try <address>'' message. 728 If this is set, you can alias people who have left 729 to their new address with ".REDIRECT" appended. 730 731nouucp Don't route UUCP addresses. This feature takes one 732 parameter: 733 `reject': reject addresses which have "!" in the local 734 part unless it originates from a system 735 that is allowed to relay. 736 `nospecial': don't do anything special with "!". 737 Warnings: 1. See the notice in the anti-spam section. 738 2. don't remove "!" from OperatorChars if `reject' is 739 given as parameter. 740 741nocanonify Don't pass addresses to $[ ... $] for canonification 742 by default, i.e., host/domain names are considered canonical, 743 except for unqualified names, which must not be used in this 744 mode (violation of the standard). It can be changed by 745 setting the DaemonPortOptions modifiers (M=). That is, 746 FEATURE(`nocanonify') will be overridden by setting the 747 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, 748 it can be emulated by setting the 'C' flag 749 (DaemonPortOptions=Modifiers=C). This would generally only 750 be used by sites that only act as mail gateways or which have 751 user agents that do full canonification themselves. You may 752 also want to use 753 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off 754 the usual resolver options that do a similar thing. 755 756 An exception list for FEATURE(`nocanonify') can be 757 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 758 i.e., a list of domains which are nevertheless passed to 759 $[ ... $] for canonification. This is useful to turn on 760 canonification for local domains, e.g., use 761 CANONIFY_DOMAIN(`my.domain my') to canonify addresses 762 which end in "my.domain" or "my". 763 Another way to require canonification in the local 764 domain is CANONIFY_DOMAIN(`$=m'). 765 766 A trailing dot is added to addresses with more than 767 one component in it such that other features which 768 expect a trailing dot (e.g., virtusertable) will 769 still work. 770 771 If `canonify_hosts' is specified as parameter, i.e., 772 FEATURE(`nocanonify', `canonify_hosts'), then 773 addresses which have only a hostname, e.g., 774 <user@host>, will be canonified (and hopefully fully 775 qualified), too. 776 777stickyhost This feature is sometimes used with LOCAL_RELAY, 778 although it can be used for a different effect with 779 MAIL_HUB. 780 781 When used without MAIL_HUB, email sent to 782 "user@local.host" are marked as "sticky" -- that 783 is, the local addresses aren't matched against UDB, 784 don't go through ruleset 5, and are not forwarded to 785 the LOCAL_RELAY (if defined). 786 787 With MAIL_HUB, mail addressed to "user@local.host" 788 is forwarded to the mail hub, with the envelope 789 address still remaining "user@local.host". 790 Without stickyhost, the envelope would be changed 791 to "user@mail_hub", in order to protect against 792 mailing loops. 793 794mailertable Include a "mailer table" which can be used to override 795 routing for particular domains (which are not in class {w}, 796 i.e. local host names). The argument of the FEATURE may be 797 the key definition. If none is specified, the definition 798 used is: 799 800 hash /etc/mail/mailertable 801 802 Keys in this database are fully qualified domain names 803 or partial domains preceded by a dot -- for example, 804 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a 805 special case of the latter, "." matches any domain not 806 covered by other keys. Values must be of the form: 807 mailer:domain 808 where "mailer" is the internal mailer name, and "domain" 809 is where to send the message. These maps are not 810 reflected into the message header. As a special case, 811 the forms: 812 local:user 813 will forward to the indicated user using the local mailer, 814 local: 815 will forward to the original user in the e-mail address 816 using the local mailer, and 817 error:code message 818 error:D.S.N:code message 819 will give an error message with the indicated SMTP reply 820 code and message, where D.S.N is an RFC 1893 compliant 821 error code. 822 823domaintable Include a "domain table" which can be used to provide 824 domain name mapping. Use of this should really be 825 limited to your own domains. It may be useful if you 826 change names (e.g., your company changes names from 827 oldname.com to newname.com). The argument of the 828 FEATURE may be the key definition. If none is specified, 829 the definition used is: 830 831 hash /etc/mail/domaintable 832 833 The key in this table is the domain name; the value is 834 the new (fully qualified) domain. Anything in the 835 domaintable is reflected into headers; that is, this 836 is done in ruleset 3. 837 838bitdomain Look up bitnet hosts in a table to try to turn them into 839 internet addresses. The table can be built using the 840 bitdomain program contributed by John Gardiner Myers. 841 The argument of the FEATURE may be the key definition; if 842 none is specified, the definition used is: 843 844 hash /etc/mail/bitdomain 845 846 Keys are the bitnet hostname; values are the corresponding 847 internet hostname. 848 849uucpdomain Similar feature for UUCP hosts. The default map definition 850 is: 851 852 hash /etc/mail/uudomain 853 854 At the moment there is no automagic tool to build this 855 database. 856 857always_add_domain 858 Include the local host domain even on locally delivered 859 mail. Normally it is not added on unqualified names. 860 However, if you use a shared message store but do not use 861 the same user name space everywhere, you may need the host 862 name on local names. An optional argument specifies 863 another domain to be added than the local. 864 865allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 866 feature will cause recipient addresses to also masquerade 867 as being from the masquerade host. Normally they get 868 the local hostname. Although this may be right for 869 ordinary users, it can break local aliases. For example, 870 if you send to "localalias", the originating sendmail will 871 find that alias and send to all members, but send the 872 message with "To: localalias@masqueradehost". Since that 873 alias likely does not exist, replies will fail. Use this 874 feature ONLY if you can guarantee that the ENTIRE 875 namespace on your masquerade host supersets all the 876 local entries. 877 878limited_masquerade 879 Normally, any hosts listed in class {w} are masqueraded. If 880 this feature is given, only the hosts listed in class {M} (see 881 below: MASQUERADE_DOMAIN) are masqueraded. This is useful 882 if you have several domains with disjoint namespaces hosted 883 on the same machine. 884 885masquerade_entire_domain 886 If masquerading is enabled (using MASQUERADE_AS) and 887 MASQUERADE_DOMAIN (see below) is set, this feature will 888 cause addresses to be rewritten such that the masquerading 889 domains are actually entire domains to be hidden. All 890 hosts within the masquerading domains will be rewritten 891 to the masquerade name (used in MASQUERADE_AS). For example, 892 if you have: 893 894 MASQUERADE_AS(`masq.com') 895 MASQUERADE_DOMAIN(`foo.org') 896 MASQUERADE_DOMAIN(`bar.com') 897 898 then *foo.org and *bar.com are converted to masq.com. Without 899 this feature, only foo.org and bar.com are masqueraded. 900 901 NOTE: only domains within your jurisdiction and 902 current hierarchy should be masqueraded using this. 903 904local_no_masquerade 905 This feature prevents the local mailer from masquerading even 906 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect 907 on addresses of mail going outside the local domain. 908 909masquerade_envelope 910 If masquerading is enabled (using MASQUERADE_AS) or the 911 genericstable is in use, this feature will cause envelope 912 addresses to also masquerade as being from the masquerade 913 host. Normally only the header addresses are masqueraded. 914 915genericstable This feature will cause unqualified addresses (i.e., without 916 a domain) and addresses with a domain listed in class {G} 917 to be looked up in a map and turned into another ("generic") 918 form, which can change both the domain name and the user name. 919 Notice: if you use an MSP (as it is default starting with 920 8.12), the MTA will only receive qualified addresses from the 921 MSP (as required by the RFCs). Hence you need to add your 922 domain to class {G}. This feature is similar to the userdb 923 functionality. The same types of addresses as for 924 masquerading are looked up, i.e., only header sender 925 addresses unless the allmasquerade and/or masquerade_envelope 926 features are given. Qualified addresses must have the domain 927 part in class {G}; entries can be added to this class by the 928 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously 929 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 930 931 The argument of FEATURE(`genericstable') may be the map 932 definition; the default map definition is: 933 934 hash /etc/mail/genericstable 935 936 The key for this table is either the full address, the domain 937 (with a leading @; the localpart is passed as first argument) 938 or the unqualified username (tried in the order mentioned); 939 the value is the new user address. If the new user address 940 does not include a domain, it will be qualified in the standard 941 manner, i.e., using $j or the masquerade name. Note that the 942 address being looked up must be fully qualified. For local 943 mail, it is necessary to use FEATURE(`always_add_domain') 944 for the addresses to be qualified. 945 The "+detail" of an address is passed as %1, so entries like 946 947 old+*@foo.org new+%1@example.com 948 gen+*@foo.org %1@example.com 949 950 and other forms are possible. 951 952generics_entire_domain 953 If the genericstable is enabled and GENERICS_DOMAIN or 954 GENERICS_DOMAIN_FILE is used, this feature will cause 955 addresses to be searched in the map if their domain 956 parts are subdomains of elements in class {G}. 957 958virtusertable A domain-specific form of aliasing, allowing multiple 959 virtual domains to be hosted on one machine. For example, 960 if the virtuser table contained: 961 962 info@foo.com foo-info 963 info@bar.com bar-info 964 joe@bar.com error:nouser 550 No such user here 965 jax@bar.com error:5.7.0:550 Address invalid 966 @baz.org jane@example.net 967 968 then mail addressed to info@foo.com will be sent to the 969 address foo-info, mail addressed to info@bar.com will be 970 delivered to bar-info, and mail addressed to anyone at baz.org 971 will be sent to jane@example.net, mail to joe@bar.com will 972 be rejected with the specified error message, and mail to 973 jax@bar.com will also have a RFC 1893 compliant error code 974 5.7.0. 975 976 The username from the original address is passed 977 as %1 allowing: 978 979 @foo.org %1@example.com 980 981 meaning someone@foo.org will be sent to someone@example.com. 982 Additionally, if the local part consists of "user+detail" 983 then "detail" is passed as %2 and "+detail" is passed as %3 984 when a match against user+* is attempted, so entries like 985 986 old+*@foo.org new+%2@example.com 987 gen+*@foo.org %2@example.com 988 +*@foo.org %1%3@example.com 989 X++@foo.org Z%3@example.com 990 @bar.org %1%3 991 992 and other forms are possible. Note: to preserve "+detail" 993 for a default case (@domain) %1%3 must be used as RHS. 994 There are two wildcards after "+": "+" matches only a non-empty 995 detail, "*" matches also empty details, e.g., user+@foo.org 996 matches +*@foo.org but not ++@foo.org. This can be used 997 to ensure that the parameters %2 and %3 are not empty. 998 999 All the host names on the left hand side (foo.com, bar.com, 1000 and baz.org) must be in class {w} or class {VirtHost}. The 1001 latter can be defined by the macros VIRTUSER_DOMAIN or 1002 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1003 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or 1004 VIRTUSER_DOMAIN_FILE is used, then the entries of class 1005 {VirtHost} are added to class {R}, i.e., relaying is allowed 1006 to (and from) those domains. The default map definition is: 1007 1008 hash /etc/mail/virtusertable 1009 1010 A new definition can be specified as the second argument of 1011 the FEATURE macro, such as 1012 1013 FEATURE(`virtusertable', `dbm /etc/mail/virtusers') 1014 1015virtuser_entire_domain 1016 If the virtusertable is enabled and VIRTUSER_DOMAIN or 1017 VIRTUSER_DOMAIN_FILE is used, this feature will cause 1018 addresses to be searched in the map if their domain 1019 parts are subdomains of elements in class {VirtHost}. 1020 1021ldap_routing Implement LDAP-based e-mail recipient routing according to 1022 the Internet Draft draft-lachman-laser-ldap-mail-routing-01. 1023 This provides a method to re-route addresses with a 1024 domain portion in class {LDAPRoute} to either a 1025 different mail host or a different address. Hosts can 1026 be added to this class using LDAPROUTE_DOMAIN and 1027 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1028 MASQUERADE_DOMAIN_FILE, see below). 1029 1030 See the LDAP ROUTING section below for more information. 1031 1032nodns If you aren't running DNS at your site (for example, 1033 you are UUCP-only connected). It's hard to consider 1034 this a "feature", but hey, it had to go somewhere. 1035 Actually, as of 8.7 this is a no-op -- remove "dns" from 1036 the hosts service switch entry instead. 1037 1038nullclient This is a special case -- it creates a configuration file 1039 containing nothing but support for forwarding all mail to a 1040 central hub via a local SMTP-based network. The argument 1041 is the name of that hub. 1042 1043 The only other feature that should be used in conjunction 1044 with this one is FEATURE(`nocanonify'). No mailers 1045 should be defined. No aliasing or forwarding is done. 1046 1047local_lmtp Use an LMTP capable local mailer. The argument to this 1048 feature is the pathname of an LMTP capable mailer. By 1049 default, mail.local is used. This is expected to be the 1050 mail.local which came with the 8.9 distribution which is 1051 LMTP capable. The path to mail.local is set by the 1052 confEBINDIR m4 variable -- making the default 1053 LOCAL_MAILER_PATH /usr/libexec/mail.local. 1054 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1055 i.e., without respecting any definitions in an OSTYPE setting. 1056 1057local_procmail Use procmail or another delivery agent as the local mailer. 1058 The argument to this feature is the pathname of the 1059 delivery agent, which defaults to PROCMAIL_MAILER_PATH. 1060 Note that this does NOT use PROCMAIL_MAILER_FLAGS or 1061 PROCMAIL_MAILER_ARGS for the local mailer; tweak 1062 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or 1063 specify the appropriate parameters. When procmail is used, 1064 the local mailer can make use of the 1065 "user+indicator@local.host" syntax; normally the +indicator 1066 is just tossed, but by default it is passed as the -a 1067 argument to procmail. 1068 1069 This feature can take up to three arguments: 1070 1071 1. Path to the mailer program 1072 [default: /usr/local/bin/procmail] 1073 2. Argument vector including name of the program 1074 [default: procmail -Y -a $h -d $u] 1075 3. Flags for the mailer [default: SPfhn9] 1076 1077 Empty arguments cause the defaults to be taken. 1078 Note that if you are on a system with a broken 1079 setreuid() call, you may need to add -f $f to the procmail 1080 argument vector to pass the proper sender to procmail. 1081 1082 For example, this allows it to use the maildrop 1083 (http://www.flounder.net/~mrsam/maildrop/) mailer instead 1084 by specifying: 1085 1086 FEATURE(`local_procmail', `/usr/local/bin/maildrop', 1087 `maildrop -d $u') 1088 1089 or scanmails using: 1090 1091 FEATURE(`local_procmail', `/usr/local/bin/scanmails') 1092 1093 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1094 i.e., without respecting any definitions in an OSTYPE setting. 1095 1096bestmx_is_local Accept mail as though locally addressed for any host that 1097 lists us as the best possible MX record. This generates 1098 additional DNS traffic, but should be OK for low to 1099 medium traffic hosts. The argument may be a set of 1100 domains, which will limit the feature to only apply to 1101 these domains -- this will reduce unnecessary DNS 1102 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 1103 WILDCARD MX RECORDS!!! If you have a wildcard MX record 1104 that matches your domain, you cannot use this feature. 1105 1106smrsh Use the SendMail Restricted SHell (smrsh) provided 1107 with the distribution instead of /bin/sh for mailing 1108 to programs. This improves the ability of the local 1109 system administrator to control what gets run via 1110 e-mail. If an argument is provided it is used as the 1111 pathname to smrsh; otherwise, the path defined by 1112 confEBINDIR is used for the smrsh binary -- by default, 1113 /usr/libexec/smrsh is assumed. 1114 1115promiscuous_relay 1116 By default, the sendmail configuration files do not permit 1117 mail relaying (that is, accepting mail from outside your 1118 local host (class {w}) and sending it to another host than 1119 your local host). This option sets your site to allow 1120 mail relaying from any site to any site. In almost all 1121 cases, it is better to control relaying more carefully 1122 with the access map, class {R}, or authentication. Domains 1123 can be added to class {R} by the macros RELAY_DOMAIN or 1124 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1125 MASQUERADE_DOMAIN_FILE, see below). 1126 1127relay_entire_domain 1128 This option allows any host in your domain as defined by 1129 class {m} to use your server for relaying. Notice: make 1130 sure that your domain is not just a top level domain, 1131 e.g., com. This can happen if you give your host a name 1132 like example.com instead of host.example.com. 1133 1134relay_hosts_only 1135 By default, names that are listed as RELAY in the access 1136 db and class {R} are treated as domain names, not host names. 1137 For example, if you specify ``foo.com'', then mail to or 1138 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 1139 will all be accepted for relaying. This feature changes 1140 the behaviour to lookup individual host names only. 1141 1142relay_based_on_MX 1143 Turns on the ability to allow relaying based on the MX 1144 records of the host portion of an incoming recipient; that 1145 is, if an MX record for host foo.com points to your site, 1146 you will accept and relay mail addressed to foo.com. See 1147 description below for more information before using this 1148 feature. Also, see the KNOWNBUGS entry regarding bestmx 1149 map lookups. 1150 1151 FEATURE(`relay_based_on_MX') does not necessarily allow 1152 routing of these messages which you expect to be allowed, 1153 if route address syntax (or %-hack syntax) is used. If 1154 this is a problem, add entries to the access-table or use 1155 FEATURE(`loose_relay_check'). 1156 1157relay_mail_from 1158 Allows relaying if the mail sender is listed as RELAY in 1159 the access map. If an optional argument `domain' (this 1160 is the literal word `domain', not a placeholder) is given, 1161 relaying can be allowed just based on the domain portion 1162 of the sender address. This feature should only be used if 1163 absolutely necessary as the sender address can be easily 1164 forged. Use of this feature requires the "From:" tag to 1165 be used for the key in the access map; see the discussion 1166 of tags and FEATURE(`relay_mail_from') in the section on 1167 anti-spam configuration control. 1168 1169relay_local_from 1170 Allows relaying if the domain portion of the mail sender 1171 is a local host. This should only be used if absolutely 1172 necessary as it opens a window for spammers. Specifically, 1173 they can send mail to your mail server that claims to be 1174 from your domain (either directly or via a routed address), 1175 and you will go ahead and relay it out to arbitrary hosts 1176 on the Internet. 1177 1178accept_unqualified_senders 1179 Normally, MAIL FROM: commands in the SMTP session will be 1180 refused if the connection is a network connection and the 1181 sender address does not include a domain name. If your 1182 setup sends local mail unqualified (i.e., MAIL FROM: <joe>), 1183 you will need to use this feature to accept unqualified 1184 sender addresses. Setting the DaemonPortOptions modifier 1185 'u' overrides the default behavior, i.e., unqualified 1186 addresses are accepted even without this FEATURE. 1187 If this FEATURE is not used, the DaemonPortOptions modifier 1188 'f' can be used to enforce fully qualified addresses. 1189 1190accept_unresolvable_domains 1191 Normally, MAIL FROM: commands in the SMTP session will be 1192 refused if the host part of the argument to MAIL FROM: 1193 cannot be located in the host name service (e.g., an A or 1194 MX record in DNS). If you are inside a firewall that has 1195 only a limited view of the Internet host name space, this 1196 could cause problems. In this case you probably want to 1197 use this feature to accept all domains on input, even if 1198 they are unresolvable. 1199 1200access_db Turns on the access database feature. The access db gives 1201 you the ability to allow or refuse to accept mail from 1202 specified domains for administrative reasons. Moreover, 1203 it can control the behavior of sendmail in various situations. 1204 By default, the access database specification is: 1205 1206 hash -T<TMPF> /etc/mail/access 1207 1208 See the anti-spam configuration control section for further 1209 important information about this feature. Notice: 1210 "-T<TMPF>" is meant literal, do not replace it by anything. 1211 1212blacklist_recipients 1213 Turns on the ability to block incoming mail for certain 1214 recipient usernames, hostnames, or addresses. For 1215 example, you can block incoming mail to user nobody, 1216 host foo.mydomain.com, or guest@bar.mydomain.com. 1217 These specifications are put in the access db as 1218 described in the anti-spam configuration control section 1219 later in this document. 1220 1221delay_checks The rulesets check_mail and check_relay will not be called 1222 when a client connects or issues a MAIL command, respectively. 1223 Instead, those rulesets will be called by the check_rcpt 1224 ruleset; they will be skipped under certain circumstances. 1225 See "Delay all checks" in the anti-spam configuration control 1226 section. Note: this feature is incompatible to the versions 1227 in 8.10 and 8.11. 1228 1229dnsbl Turns on rejection of hosts found in an DNS based rejection 1230 list. If an argument is provided it is used as the domain 1231 in which blocked hosts are listed; otherwise it defaults to 1232 blackholes.mail-abuse.org. An explanation for an DNS based 1233 rejection list can be found at http://mail-abuse.org/rbl/. 1234 A second argument can be used to change the default error 1235 message. Without that second argument, the error message 1236 will be 1237 Rejected: IP-ADDRESS listed at SERVER 1238 where IP-ADDRESS and SERVER are replaced by the appropriate 1239 information. By default, temporary lookup failures are 1240 ignored. This behavior can be changed by specifying a 1241 third argument, which must be either `t' or a full error 1242 message. See the anti-spam configuration control section for 1243 an example. The dnsbl feature can be included several times 1244 to query different DNS based rejection lists. See also 1245 enhdnsbl for an enhanced version. 1246 1247 Set the DNSBL_MAP mc option to change the default map 1248 definition from `host'. Set the DNSBL_MAP_OPT mc option 1249 to add additional options to the map specification used. 1250 1251 Some DNS based rejection lists cause failures if asked 1252 for AAAA records. If your sendmail version is compiled 1253 with IPv6 support (NETINET6) and you experience this 1254 problem, add 1255 1256 define(`DNSBL_MAP', `dns -R A') 1257 1258 before the first use of this feature. Alternatively you 1259 can use enhdnsbl instead (see below). 1260 1261 NOTE: The default DNS blacklist, blackholes.mail-abuse.org, 1262 is a service offered by the Mail Abuse Prevention System 1263 (MAPS). As of July 31, 2001, MAPS is a subscription 1264 service, so using that network address won't work if you 1265 haven't subscribed. Contact MAPS to subscribe 1266 (http://mail-abuse.org/). 1267 1268enhdnsbl Enhanced version of dnsbl (see above). Further arguments 1269 (up to 5) can be used to specify specific return values 1270 from lookups. Temporary lookup failures are ignored unless 1271 a third argument is given, which must be either `t' or a full 1272 error message. By default, any successful lookup will 1273 generate an error. Otherwise the result of the lookup is 1274 compared with the supplied argument(s), and only if a match 1275 occurs an error is generated. For example, 1276 1277 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.') 1278 1279 will reject the e-mail if the lookup returns the value 1280 ``127.0.0.2.'', or generate a 451 response if the lookup 1281 temporarily failed. The arguments can contain metasymbols 1282 as they are allowed in the LHS of rules. As the example 1283 shows, the default values are also used if an empty argument, 1284 i.e., `', is specified. This feature requires that sendmail 1285 has been compiled with the flag DNSMAP (see sendmail/README). 1286 1287 Set the EDNSBL_TO mc option to change the DNS retry count 1288 from the default value of 5. 1289 1290lookupdotdomain Look up also .domain in the access map. This allows to 1291 match only subdomains. It does not work well with 1292 FEATURE(`relay_hosts_only'), because most lookups for 1293 subdomains are suppressed by the latter feature. 1294 1295loose_relay_check 1296 Normally, if % addressing is used for a recipient, e.g. 1297 user%site@othersite, and othersite is in class {R}, the 1298 check_rcpt ruleset will strip @othersite and recheck 1299 user@site for relaying. This feature changes that 1300 behavior. It should not be needed for most installations. 1301 1302authinfo Provide a separate map for client side authentication 1303 information. See SMTP AUTHENTICATION for details. 1304 By default, the authinfo database specification is: 1305 1306 hash /etc/mail/authinfo 1307 1308preserve_luser_host 1309 Preserve the name of the recipient host if LUSER_RELAY is 1310 used. Without this option, the domain part of the 1311 recipient address will be replaced by the host specified as 1312 LUSER_RELAY. This feature only works if the hostname is 1313 passed to the mailer (see mailer triple in op.me). Note 1314 that in the default configuration the local mailer does not 1315 receive the hostname, i.e., the mailer triple has an empty 1316 hostname. 1317 1318preserve_local_plus_detail 1319 Preserve the +detail portion of the address when passing 1320 address to local delivery agent. Disables alias and 1321 .forward +detail stripping (e.g., given user+detail, only 1322 that address will be looked up in the alias file; user+* and 1323 user will not be looked up). Only use if the local 1324 delivery agent in use supports +detail addressing. 1325 1326compat_check Enable ruleset check_compat to look up pairs of addresses 1327 with the Compat: tag -- Compat:sender<@>recipient -- in the 1328 access map. Valid values for the RHS include 1329 DISCARD silently discard recipient 1330 TEMP: return a temporary error 1331 ERROR: return a permanent error 1332 In the last two cases, a 4xy/5xy SMTP reply code should 1333 follow the colon. 1334 1335no_default_msa Don't generate the default MSA daemon, i.e., 1336 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') 1337 To define a MSA daemon with other parameters, use this 1338 FEATURE and introduce new settings via DAEMON_OPTIONS(). 1339 1340msp Defines config file for Message Submission Program. 1341 See sendmail/SECURITY for details and cf/cf/submit.mc how 1342 to use it. An optional argument can be used to override 1343 the default of `[localhost]' to use as host to send all 1344 e-mails to. Note that MX records will be used if the 1345 specified hostname is not in square brackets (e.g., 1346 [hostname]). If `MSA' is specified as second argument then 1347 port 587 is used to contact the server. Example: 1348 1349 FEATURE(`msp', `', `MSA') 1350 1351 Some more hints about possible changes can be found below 1352 in the section MESSAGE SUBMISSION PROGRAM. 1353 1354 Note: Due to many problems, submit.mc uses 1355 1356 FEATURE(`msp', `[127.0.0.1]') 1357 1358 by default. If you have a machine with IPv6 only, 1359 change it to 1360 1361 FEATURE(`msp', `[IPv6:::1]') 1362 1363 If you want to continue using '[localhost]', (the behavior 1364 up to 8.12.6), use 1365 1366 FEATURE(`msp') 1367 1368queuegroup A simple example how to select a queue group based 1369 on the full e-mail address or the domain of the 1370 recipient. Selection is done via entries in the 1371 access map using the tag QGRP:, for example: 1372 1373 QGRP:example.com main 1374 QGRP:friend@some.org others 1375 QGRP:my.domain local 1376 1377 where "main", "others", and "local" are names of 1378 queue groups. If an argument is specified, it is used 1379 as default queue group. 1380 1381 Note: please read the warning in doc/op/op.me about 1382 queue groups and possible queue manipulations. 1383 1384+-------+ 1385| HACKS | 1386+-------+ 1387 1388Some things just can't be called features. To make this clear, 1389they go in the hack subdirectory and are referenced using the HACK 1390macro. These will tend to be site-dependent. The release 1391includes the Berkeley-dependent "cssubdomain" hack (that makes 1392sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 1393this is intended as a short-term aid while moving hosts into 1394subdomains. 1395 1396 1397+--------------------+ 1398| SITE CONFIGURATION | 1399+--------------------+ 1400 1401 ***************************************************** 1402 * This section is really obsolete, and is preserved * 1403 * only for back compatibility. You should plan on * 1404 * using mailertables for new installations. In * 1405 * particular, it doesn't work for the newer forms * 1406 * of UUCP mailers, such as uucp-uudom. * 1407 ***************************************************** 1408 1409Complex sites will need more local configuration information, such as 1410lists of UUCP hosts they speak with directly. This can get a bit more 1411tricky. For an example of a "complex" site, see cf/ucbvax.mc. 1412 1413The SITECONFIG macro allows you to indirectly reference site-dependent 1414configuration information stored in the siteconfig subdirectory. For 1415example, the line 1416 1417 SITECONFIG(`uucp.ucbvax', `ucbvax', `U') 1418 1419reads the file uucp.ucbvax for local connection information. The 1420second parameter is the local name (in this case just "ucbvax" since 1421it is locally connected, and hence a UUCP hostname). The third 1422parameter is the name of both a macro to store the local name (in 1423this case, {U}) and the name of the class (e.g., {U}) in which to store 1424the host information read from the file. Another SITECONFIG line reads 1425 1426 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W') 1427 1428This says that the file uucp.ucbarpa contains the list of UUCP sites 1429connected to ucbarpa.Berkeley.EDU. Class {W} will be used to 1430store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 1431is, the name of the relay to which the hosts listed in uucp.ucbarpa 1432are connected. [The machine ucbarpa is gone now, but this 1433out-of-date configuration file has been left around to demonstrate 1434how you might do this.] 1435 1436Note that the case of SITECONFIG with a third parameter of ``U'' is 1437special; the second parameter is assumed to be the UUCP name of the 1438local site, rather than the name of a remote site, and the UUCP name 1439is entered into class {w} (the list of local hostnames) as $U.UUCP. 1440 1441The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 1442more than a sequence of SITE macros describing connectivity. For 1443example: 1444 1445 SITE(`cnmat') 1446 SITE(`sgi olympus') 1447 1448The second example demonstrates that you can use two names on the 1449same line; these are usually aliases for the same host (or are at 1450least in the same company). 1451 1452 1453+--------------------+ 1454| USING UUCP MAILERS | 1455+--------------------+ 1456 1457It's hard to get UUCP mailers right because of the extremely ad hoc 1458nature of UUCP addressing. These config files are really designed 1459for domain-based addressing, even for UUCP sites. 1460 1461There are four UUCP mailers available. The choice of which one to 1462use is partly a matter of local preferences and what is running at 1463the other end of your UUCP connection. Unlike good protocols that 1464define what will go over the wire, UUCP uses the policy that you 1465should do what is right for the other end; if they change, you have 1466to change. This makes it hard to do the right thing, and discourages 1467people from updating their software. In general, if you can avoid 1468UUCP, please do. 1469 1470The major choice is whether to go for a domainized scheme or a 1471non-domainized scheme. This depends entirely on what the other 1472end will recognize. If at all possible, you should encourage the 1473other end to go to a domain-based system -- non-domainized addresses 1474don't work entirely properly. 1475 1476The four mailers are: 1477 1478 uucp-old (obsolete name: "uucp") 1479 This is the oldest, the worst (but the closest to UUCP) way of 1480 sending messages accros UUCP connections. It does bangify 1481 everything and prepends $U (your UUCP name) to the sender's 1482 address (which can already be a bang path itself). It can 1483 only send to one address at a time, so it spends a lot of 1484 time copying duplicates of messages. Avoid this if at all 1485 possible. 1486 1487 uucp-new (obsolete name: "suucp") 1488 The same as above, except that it assumes that in one rmail 1489 command you can specify several recipients. It still has a 1490 lot of other problems. 1491 1492 uucp-dom 1493 This UUCP mailer keeps everything as domain addresses. 1494 Basically, it uses the SMTP mailer rewriting rules. This mailer 1495 is only included if MAILER(`smtp') is specified before 1496 MAILER(`uucp'). 1497 1498 Unfortunately, a lot of UUCP mailer transport agents require 1499 bangified addresses in the envelope, although you can use 1500 domain-based addresses in the message header. (The envelope 1501 shows up as the From_ line on UNIX mail.) So.... 1502 1503 uucp-uudom 1504 This is a cross between uucp-new (for the envelope addresses) 1505 and uucp-dom (for the header addresses). It bangifies the 1506 envelope sender (From_ line in messages) without adding the 1507 local hostname, unless there is no host name on the address 1508 at all (e.g., "wolf") or the host component is a UUCP host name 1509 instead of a domain name ("somehost!wolf" instead of 1510 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') 1511 is also specified earlier. 1512 1513Examples: 1514 1515On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following 1516summarizes the sender rewriting for various mailers. 1517 1518Mailer sender rewriting in the envelope 1519------ ------ ------------------------- 1520uucp-{old,new} wolf grasp!wolf 1521uucp-dom wolf wolf@grasp.insa-lyon.fr 1522uucp-uudom wolf grasp.insa-lyon.fr!wolf 1523 1524uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 1525uucp-dom wolf@fr.net wolf@fr.net 1526uucp-uudom wolf@fr.net fr.net!wolf 1527 1528uucp-{old,new} somehost!wolf grasp!somehost!wolf 1529uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1530uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1531 1532If you are using one of the domainized UUCP mailers, you really want 1533to convert all UUCP addresses to domain format -- otherwise, it will 1534do it for you (and probably not the way you expected). For example, 1535if you have the address foo!bar!baz (and you are not sending to foo), 1536the heuristics will add the @uucp.relay.name or @local.host.name to 1537this address. However, if you map foo to foo.host.name first, it 1538will not add the local hostname. You can do this using the uucpdomain 1539feature. 1540 1541 1542+-------------------+ 1543| TWEAKING RULESETS | 1544+-------------------+ 1545 1546For more complex configurations, you can define special rules. 1547The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1548the names. Any modifications made here are reflected in the header. 1549 1550A common use is to convert old UUCP addresses to SMTP addresses using 1551the UUCPSMTP macro. For example: 1552 1553 LOCAL_RULE_3 1554 UUCPSMTP(`decvax', `decvax.dec.com') 1555 UUCPSMTP(`research', `research.att.com') 1556 1557will cause addresses of the form "decvax!user" and "research!user" 1558to be converted to "user@decvax.dec.com" and "user@research.att.com" 1559respectively. 1560 1561This could also be used to look up hosts in a database map: 1562 1563 LOCAL_RULE_3 1564 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1565 1566This map would be defined in the LOCAL_CONFIG portion, as shown below. 1567 1568Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1569For example, new rules are needed to parse hostnames that you accept 1570via MX records. For example, you might have: 1571 1572 LOCAL_RULE_0 1573 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1574 1575You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1576pointing at this host; this rule catches the message and forwards it on 1577using UUCP. 1578 1579You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1580These rulesets are normally empty. 1581 1582A similar macro is LOCAL_CONFIG. This introduces lines added after the 1583boilerplate option setting but before rulesets. Do not declare rulesets in 1584the LOCAL_CONFIG section. It can be used to declare local database maps or 1585whatever. For example: 1586 1587 LOCAL_CONFIG 1588 Khostmap hash /etc/mail/hostmap 1589 Kyplocal nis -m hosts.byname 1590 1591 1592+---------------------------+ 1593| MASQUERADING AND RELAYING | 1594+---------------------------+ 1595 1596You can have your host masquerade as another using 1597 1598 MASQUERADE_AS(`host.domain') 1599 1600This causes mail being sent to be labeled as coming from the 1601indicated host.domain, rather than $j. One normally masquerades as 1602one of one's own subdomains (for example, it's unlikely that 1603Berkeley would choose to masquerade as an MIT site). This 1604behaviour is modified by a plethora of FEATUREs; in particular, see 1605masquerade_envelope, allmasquerade, limited_masquerade, and 1606masquerade_entire_domain. 1607 1608The masquerade name is not normally canonified, so it is important 1609that it be your One True Name, that is, fully qualified and not a 1610CNAME. However, if you use a CNAME, the receiving side may canonify 1611it for you, so don't think you can cheat CNAME mapping this way. 1612 1613Normally the only addresses that are masqueraded are those that come 1614from this host (that is, are either unqualified or in class {w}, the list 1615of local domain names). You can augment this list, which is realized 1616by class {M} using 1617 1618 MASQUERADE_DOMAIN(`otherhost.domain') 1619 1620The effect of this is that although mail to user@otherhost.domain 1621will not be delivered locally, any mail including any user@otherhost.domain 1622will, when relayed, be rewritten to have the MASQUERADE_AS address. 1623This can be a space-separated list of names. 1624 1625If these names are in a file, you can use 1626 1627 MASQUERADE_DOMAIN_FILE(`filename') 1628 1629to read the list of names from the indicated file (i.e., to add 1630elements to class {M}). 1631 1632To exempt hosts or subdomains from being masqueraded, you can use 1633 1634 MASQUERADE_EXCEPTION(`host.domain') 1635 1636This can come handy if you want to masquerade a whole domain 1637except for one (or a few) host(s). If these names are in a file, 1638you can use 1639 1640 MASQUERADE_EXCEPTION_FILE(`filename') 1641 1642Normally only header addresses are masqueraded. If you want to 1643masquerade the envelope as well, use 1644 1645 FEATURE(`masquerade_envelope') 1646 1647There are always users that need to be "exposed" -- that is, their 1648internal site name should be displayed instead of the masquerade name. 1649Root is an example (which has been "exposed" by default prior to 8.10). 1650You can add users to this list using 1651 1652 EXPOSED_USER(`usernames') 1653 1654This adds users to class {E}; you could also use 1655 1656 EXPOSED_USER_FILE(`filename') 1657 1658You can also arrange to relay all unqualified names (that is, names 1659without @host) to a relay host. For example, if you have a central 1660email server, you might relay to that host so that users don't have 1661to have .forward files or aliases. You can do this using 1662 1663 define(`LOCAL_RELAY', `mailer:hostname') 1664 1665The ``mailer:'' can be omitted, in which case the mailer defaults to 1666"relay". There are some user names that you don't want relayed, perhaps 1667because of local aliases. A common example is root, which may be 1668locally aliased. You can add entries to this list using 1669 1670 LOCAL_USER(`usernames') 1671 1672This adds users to class {L}; you could also use 1673 1674 LOCAL_USER_FILE(`filename') 1675 1676If you want all incoming mail sent to a centralized hub, as for a 1677shared /var/spool/mail scheme, use 1678 1679 define(`MAIL_HUB', `mailer:hostname') 1680 1681Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1682and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 1683be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1684Note: there is a (long standing) bug which keeps this combination from 1685working for addresses of the form user+detail. 1686Names in class {L} will be delivered locally, so you MUST have aliases or 1687.forward files for them. 1688 1689For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1690FEATURE(`stickyhost'), the following combinations of settings will have the 1691indicated effects: 1692 1693email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1694 1695LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1696mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1697 1698MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1699mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1700 1701Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1702MAIL_HUB set as above (no local aliasing) (aliasing done) 1703 1704If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 1705MAIL_HUB act identically, with MAIL_HUB taking precedence. 1706 1707If you want all outgoing mail to go to a central relay site, define 1708SMART_HOST as well. Briefly: 1709 1710 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1711 MAIL_HUB applies to names qualified with the name of the 1712 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1713 SMART_HOST applies to names qualified with other hosts or 1714 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" 1715 or "eric@[127.0.0.1]"). 1716 1717However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1718DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1719really want absolutely everything to go to a single central site you will 1720need to unset all the other relays -- or better yet, find or build a 1721minimal config file that does this. 1722 1723For duplicate suppression to work properly, the host name is best 1724specified with a terminal dot: 1725 1726 define(`MAIL_HUB', `host.domain.') 1727 note the trailing dot ---^ 1728 1729 1730+-------------------------------------------+ 1731| USING LDAP FOR ALIASES, MAPS, AND CLASSES | 1732+-------------------------------------------+ 1733 1734LDAP can be used for aliases, maps, and classes by either specifying your 1735own LDAP map specification or using the built-in default LDAP map 1736specification. The built-in default specifications all provide lookups 1737which match against either the machine's fully qualified hostname (${j}) or 1738a "cluster". The cluster allows you to share LDAP entries among a large 1739number of machines without having to enter each of the machine names into 1740each LDAP entry. To set the LDAP cluster name to use for a particular 1741machine or set of machines, set the confLDAP_CLUSTER m4 variable to a 1742unique name. For example: 1743 1744 define(`confLDAP_CLUSTER', `Servers') 1745 1746Here, the word `Servers' will be the cluster name. As an example, assume 1747that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong 1748to the Servers cluster. 1749 1750Some of the LDAP LDIF examples below show use of the Servers cluster. 1751Every entry must have either a sendmailMTAHost or sendmailMTACluster 1752attribute or it will be ignored. Be careful as mixing clusters and 1753individual host records can have surprising results (see the CAUTION 1754sections below). 1755 1756See the file cf/sendmail.schema for the actual LDAP schemas. Note that 1757this schema (and therefore the lookups and examples below) is experimental 1758at this point as it has had little public review. Therefore, it may change 1759in future versions. Feedback via sendmail@sendmail.org is encouraged. 1760 1761------- 1762Aliases 1763------- 1764 1765The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias 1766lookups. To use the default schema, simply use: 1767 1768 define(`ALIAS_FILE', `ldap:') 1769 1770By doing so, you will use the default schema which expands to a map 1771declared as follows: 1772 1773 ldap -k (&(objectClass=sendmailMTAAliasObject) 1774 (sendmailMTAAliasGrouping=aliases) 1775 (|(sendmailMTACluster=${sendmailMTACluster}) 1776 (sendmailMTAHost=$j)) 1777 (sendmailMTAKey=%0)) 1778 -v sendmailMTAAliasValue 1779 1780NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1781used when the binary expands the `ldap:' token as the AliasFile option is 1782not actually macro-expanded when read from the sendmail.cf file. 1783 1784Example LDAP LDIF entries might be: 1785 1786 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org 1787 objectClass: sendmailMTA 1788 objectClass: sendmailMTAAlias 1789 objectClass: sendmailMTAAliasObject 1790 sendmailMTAAliasGrouping: aliases 1791 sendmailMTAHost: etrn.sendmail.org 1792 sendmailMTAKey: sendmail-list 1793 sendmailMTAAliasValue: ca@example.org 1794 sendmailMTAAliasValue: eric 1795 sendmailMTAAliasValue: gshapiro@example.com 1796 1797 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org 1798 objectClass: sendmailMTA 1799 objectClass: sendmailMTAAlias 1800 objectClass: sendmailMTAAliasObject 1801 sendmailMTAAliasGrouping: aliases 1802 sendmailMTAHost: etrn.sendmail.org 1803 sendmailMTAKey: owner-sendmail-list 1804 sendmailMTAAliasValue: eric 1805 1806 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org 1807 objectClass: sendmailMTA 1808 objectClass: sendmailMTAAlias 1809 objectClass: sendmailMTAAliasObject 1810 sendmailMTAAliasGrouping: aliases 1811 sendmailMTACluster: Servers 1812 sendmailMTAKey: postmaster 1813 sendmailMTAAliasValue: eric 1814 1815Here, the aliases sendmail-list and owner-sendmail-list will be available 1816only on etrn.sendmail.org but the postmaster alias will be available on 1817every machine in the Servers cluster (including etrn.sendmail.org). 1818 1819CAUTION: aliases are additive so that entries like these: 1820 1821 dn: sendmailMTAKey=bob, dc=sendmail, dc=org 1822 objectClass: sendmailMTA 1823 objectClass: sendmailMTAAlias 1824 objectClass: sendmailMTAAliasObject 1825 sendmailMTAAliasGrouping: aliases 1826 sendmailMTACluster: Servers 1827 sendmailMTAKey: bob 1828 sendmailMTAAliasValue: eric 1829 1830 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org 1831 objectClass: sendmailMTA 1832 objectClass: sendmailMTAAlias 1833 objectClass: sendmailMTAAliasObject 1834 sendmailMTAAliasGrouping: aliases 1835 sendmailMTAHost: etrn.sendmail.org 1836 sendmailMTAKey: bob 1837 sendmailMTAAliasValue: gshapiro 1838 1839would mean that on all of the hosts in the cluster, mail to bob would go to 1840eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and 1841gshapiro. 1842 1843If you prefer not to use the default LDAP schema for your aliases, you can 1844specify the map parameters when setting ALIAS_FILE. For example: 1845 1846 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember') 1847 1848---- 1849Maps 1850---- 1851 1852FEATURE()'s which take an optional map definition argument (e.g., access, 1853mailertable, virtusertable, etc.) can instead take the special keyword 1854`LDAP', e.g.: 1855 1856 FEATURE(`access_db', `LDAP') 1857 FEATURE(`virtusertable', `LDAP') 1858 1859When this keyword is given, that map will use LDAP lookups consisting of 1860the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName 1861with the map name, a search attribute of sendmailMTAKey, and the value 1862attribute sendmailMTAMapValue. 1863 1864The values for sendmailMTAMapName are: 1865 1866 FEATURE() sendmailMTAMapName 1867 --------- ------------------ 1868 access_db access 1869 authinfo authinfo 1870 bitdomain bitdomain 1871 domaintable domain 1872 genericstable generics 1873 mailertable mailer 1874 uucpdomain uucpdomain 1875 virtusertable virtuser 1876 1877For example, FEATURE(`mailertable', `LDAP') would use the map definition: 1878 1879 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject) 1880 (sendmailMTAMapName=mailer) 1881 (|(sendmailMTACluster=${sendmailMTACluster}) 1882 (sendmailMTAHost=$j)) 1883 (sendmailMTAKey=%0)) 1884 -1 -v sendmailMTAMapValue 1885 1886An example LDAP LDIF entry using this map might be: 1887 1888 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org 1889 objectClass: sendmailMTA 1890 objectClass: sendmailMTAMap 1891 sendmailMTACluster: Servers 1892 sendmailMTAMapName: mailer 1893 1894 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1895 objectClass: sendmailMTA 1896 objectClass: sendmailMTAMap 1897 objectClass: sendmailMTAMapObject 1898 sendmailMTAMapName: mailer 1899 sendmailMTACluster: Servers 1900 sendmailMTAKey: example.com 1901 sendmailMTAMapValue: relay:[smtp.example.com] 1902 1903CAUTION: If your LDAP database contains the record above and *ALSO* a host 1904specific record such as: 1905 1906 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1907 objectClass: sendmailMTA 1908 objectClass: sendmailMTAMap 1909 objectClass: sendmailMTAMapObject 1910 sendmailMTAMapName: mailer 1911 sendmailMTAHost: etrn.sendmail.org 1912 sendmailMTAKey: example.com 1913 sendmailMTAMapValue: relay:[mx.example.com] 1914 1915then these entries will give unexpected results. When the lookup is done 1916on etrn.sendmail.org, the effect is that there is *NO* match at all as maps 1917require a single match. Since the host etrn.sendmail.org is also in the 1918Servers cluster, LDAP would return two answers for the example.com map key 1919in which case sendmail would treat this as no match at all. 1920 1921If you prefer not to use the default LDAP schema for your maps, you can 1922specify the map parameters when using the FEATURE(). For example: 1923 1924 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value') 1925 1926------- 1927Classes 1928------- 1929 1930Normally, classes can be filled via files or programs. As of 8.12, they 1931can also be filled via map lookups using a new syntax: 1932 1933 F{ClassName}mapkey@mapclass:mapspec 1934 1935mapkey is optional and if not provided the map key will be empty. This can 1936be used with LDAP to read classes from LDAP. Note that the lookup is only 1937done when sendmail is initially started. Use the special value `@LDAP' to 1938use the default LDAP schema. For example: 1939 1940 RELAY_DOMAIN_FILE(`@LDAP') 1941 1942would put all of the attribute sendmailMTAClassValue values of LDAP records 1943with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of 1944'R' into class $={R}. In other words, it is equivalent to the LDAP map 1945specification: 1946 1947 F{R}@ldap:-k (&(objectClass=sendmailMTAClass) 1948 (sendmailMTAClassName=R) 1949 (|(sendmailMTACluster=${sendmailMTACluster}) 1950 (sendmailMTAHost=$j))) 1951 -v sendmailMTAClassValue 1952 1953NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1954used when the binary expands the `@LDAP' token as class declarations are 1955not actually macro-expanded when read from the sendmail.cf file. 1956 1957This can be used with class related commands such as RELAY_DOMAIN_FILE(), 1958MASQUERADE_DOMAIN_FILE(), etc: 1959 1960 Command sendmailMTAClassName 1961 ------- -------------------- 1962 CANONIFY_DOMAIN_FILE() Canonify 1963 EXPOSED_USER_FILE() E 1964 GENERICS_DOMAIN_FILE() G 1965 LDAPROUTE_DOMAIN_FILE() LDAPRoute 1966 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv 1967 LOCAL_USER_FILE() L 1968 MASQUERADE_DOMAIN_FILE() M 1969 MASQUERADE_EXCEPTION_FILE() N 1970 RELAY_DOMAIN_FILE() R 1971 VIRTUSER_DOMAIN_FILE() VirtHost 1972 1973You can also add your own as any 'F'ile class of the form: 1974 1975 F{ClassName}@LDAP 1976 ^^^^^^^^^ 1977will use "ClassName" for the sendmailMTAClassName. 1978 1979An example LDAP LDIF entry would look like: 1980 1981 dn: sendmailMTAClassName=R, dc=sendmail, dc=org 1982 objectClass: sendmailMTA 1983 objectClass: sendmailMTAClass 1984 sendmailMTACluster: Servers 1985 sendmailMTAClassName: R 1986 sendmailMTAClassValue: sendmail.org 1987 sendmailMTAClassValue: example.com 1988 sendmailMTAClassValue: 10.56.23 1989 1990CAUTION: If your LDAP database contains the record above and *ALSO* a host 1991specific record such as: 1992 1993 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org 1994 objectClass: sendmailMTA 1995 objectClass: sendmailMTAClass 1996 sendmailMTAHost: etrn.sendmail.org 1997 sendmailMTAClassName: R 1998 sendmailMTAClassValue: example.com 1999 2000the result will be similar to the aliases caution above. When the lookup 2001is done on etrn.sendmail.org, $={R} would contain all of the entries (from 2002both the cluster match and the host match). In other words, the effective 2003is additive. 2004 2005If you prefer not to use the default LDAP schema for your classes, you can 2006specify the map parameters when using the class command. For example: 2007 2008 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host') 2009 2010Remember, macros can not be used in a class declaration as the binary does 2011not expand them. 2012 2013 2014+--------------+ 2015| LDAP ROUTING | 2016+--------------+ 2017 2018FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft 2019LDAP Schema for Intranet Mail Routing 2020(draft-lachman-laser-ldap-mail-routing-01). This feature enables 2021LDAP-based rerouting of a particular address to either a different host 2022or a different address. The LDAP lookup is first attempted on the full 2023address (e.g., user@example.com) and then on the domain portion 2024(e.g., @example.com). Be sure to setup your domain for LDAP routing using 2025LDAPROUTE_DOMAIN(), e.g.: 2026 2027 LDAPROUTE_DOMAIN(`example.com') 2028 2029Additionally, you can specify equivalent domains for LDAP routing using 2030LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent' 2031hostnames are mapped to $M (the masqueraded hostname for the server) before 2032the LDAP query. For example, if the mail is addressed to 2033user@host1.example.com, normally the LDAP lookup would only be done for 2034'user@host1.example.com' and '@host1.example.com'. However, if 2035LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be 2036done on 'user@example.com' and '@example.com' after attempting the 2037host1.example.com lookups. 2038 2039By default, the feature will use the schemas as specified in the draft 2040and will not reject addresses not found by the LDAP lookup. However, 2041this behavior can be changed by giving additional arguments to the FEATURE() 2042command: 2043 2044 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, <detail>) 2045 2046where <mailHost> is a map definition describing how to lookup an alternative 2047mail host for a particular address; <mailRoutingAddress> is a map definition 2048describing how to lookup an alternative address for a particular address; 2049the <bounce> argument, if present and not the word "passthru", dictates 2050that mail should be bounced if neither a mailHost nor mailRoutingAddress 2051is found; and <detail> indicates what actions to take if the address 2052contains +detail information -- `strip' tries the lookup with the +detail 2053and if no matches are found, strips the +detail and tries the lookup again; 2054`preserve', does the same as `strip' but if a mailRoutingAddress match is 2055found, the +detail information is copied to the new address. 2056 2057The default <mailHost> map definition is: 2058 2059 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient) 2060 (mailLocalAddress=%0)) 2061 2062The default <mailRoutingAddress> map definition is: 2063 2064 ldap -1 -T<TMPF> -v mailRoutingAddress 2065 -k (&(objectClass=inetLocalMailRecipient) 2066 (mailLocalAddress=%0)) 2067 2068Note that neither includes the LDAP server hostname (-h server) or base DN 2069(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that 2070your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with 2071these settings. If this is not the case, the map definitions should be 2072changed as described above. The "-T<TMPF>" is required in any user 2073specified map definition to catch temporary errors. 2074 2075The following possibilities exist as a result of an LDAP lookup on an 2076address: 2077 2078 mailHost is mailRoutingAddress is Results in 2079 ----------- --------------------- ---------- 2080 set to a set mail delivered to 2081 "local" host mailRoutingAddress 2082 2083 set to a not set delivered to 2084 "local" host original address 2085 2086 set to a set mailRoutingAddress 2087 remote host relayed to mailHost 2088 2089 set to a not set original address 2090 remote host relayed to mailHost 2091 2092 not set set mail delivered to 2093 mailRoutingAddress 2094 2095 not set not set delivered to 2096 original address *OR* 2097 bounced as unknown user 2098 2099The term "local" host above means the host specified is in class {w}. If 2100the result would mean sending the mail to a different host, that host is 2101looked up in the mailertable before delivery. 2102 2103Note that the last case depends on whether the third argument is given 2104to the FEATURE() command. The default is to deliver the message to the 2105original address. 2106 2107The LDAP entries should be set up with an objectClass of 2108inetLocalMailRecipient and the address be listed in a mailLocalAddress 2109attribute. If present, there must be only one mailHost attribute and it 2110must contain a fully qualified host name as its value. Similarly, if 2111present, there must be only one mailRoutingAddress attribute and it must 2112contain an RFC 822 compliant address. Some example LDAP records (in LDIF 2113format): 2114 2115 dn: uid=tom, o=example.com, c=US 2116 objectClass: inetLocalMailRecipient 2117 mailLocalAddress: tom@example.com 2118 mailRoutingAddress: thomas@mailhost.example.com 2119 2120This would deliver mail for tom@example.com to thomas@mailhost.example.com. 2121 2122 dn: uid=dick, o=example.com, c=US 2123 objectClass: inetLocalMailRecipient 2124 mailLocalAddress: dick@example.com 2125 mailHost: eng.example.com 2126 2127This would relay mail for dick@example.com to the same address but redirect 2128the mail to MX records listed for the host eng.example.com (unless the 2129mailertable overrides). 2130 2131 dn: uid=harry, o=example.com, c=US 2132 objectClass: inetLocalMailRecipient 2133 mailLocalAddress: harry@example.com 2134 mailHost: mktmail.example.com 2135 mailRoutingAddress: harry@mkt.example.com 2136 2137This would relay mail for harry@example.com to the MX records listed for 2138the host mktmail.example.com using the new address harry@mkt.example.com 2139when talking to that host. 2140 2141 dn: uid=virtual.example.com, o=example.com, c=US 2142 objectClass: inetLocalMailRecipient 2143 mailLocalAddress: @virtual.example.com 2144 mailHost: server.example.com 2145 mailRoutingAddress: virtual@example.com 2146 2147This would send all mail destined for any username @virtual.example.com to 2148the machine server.example.com's MX servers and deliver to the address 2149virtual@example.com on that relay machine. 2150 2151 2152+---------------------------------+ 2153| ANTI-SPAM CONFIGURATION CONTROL | 2154+---------------------------------+ 2155 2156The primary anti-spam features available in sendmail are: 2157 2158* Relaying is denied by default. 2159* Better checking on sender information. 2160* Access database. 2161* Header checks. 2162 2163Relaying (transmission of messages from a site outside your host (class 2164{w}) to another site except yours) is denied by default. Note that this 2165changed in sendmail 8.9; previous versions allowed relaying by default. 2166If you really want to revert to the old behaviour, you will need to use 2167FEATURE(`promiscuous_relay'). You can allow certain domains to relay 2168through your server by adding their domain name or IP address to class 2169{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database 2170(described below). Note that IPv6 addresses must be prefaced with "IPv6:". 2171The file consists (like any other file based class) of entries listed on 2172separate lines, e.g., 2173 2174 sendmail.org 2175 128.32 2176 IPv6:2002:c0a8:02c7 2177 IPv6:2002:c0a8:51d2::23f4 2178 host.mydomain.com 2179 [UNIX:localhost] 2180 2181Notice: the last entry allows relaying for connections via a UNIX 2182socket to the MTA/MSP. This might be necessary if your configuration 2183doesn't allow relaying by other means in that case, e.g., by having 2184localhost.$m in class {R} (make sure $m is not just a top level 2185domain). 2186 2187If you use 2188 2189 FEATURE(`relay_entire_domain') 2190 2191then any host in any of your local domains (that is, class {m}) 2192will be relayed (that is, you will accept mail either to or from any 2193host in your domain). 2194 2195You can also allow relaying based on the MX records of the host 2196portion of an incoming recipient address by using 2197 2198 FEATURE(`relay_based_on_MX') 2199 2200For example, if your server receives a recipient of user@domain.com 2201and domain.com lists your server in its MX records, the mail will be 2202accepted for relay to domain.com. This feature may cause problems 2203if MX lookups for the recipient domain are slow or time out. In that 2204case, mail will be temporarily rejected. It is usually better to 2205maintain a list of hosts/domains for which the server acts as relay. 2206Note also that this feature will stop spammers from using your host 2207to relay spam but it will not stop outsiders from using your server 2208as a relay for their site (that is, they set up an MX record pointing 2209to your mail server, and you will relay mail addressed to them 2210without any prior arrangement). Along the same lines, 2211 2212 FEATURE(`relay_local_from') 2213 2214will allow relaying if the sender specifies a return path (i.e. 2215MAIL FROM: <user@domain>) domain which is a local domain. This is a 2216dangerous feature as it will allow spammers to spam using your mail 2217server by simply specifying a return address of user@your.domain.com. 2218It should not be used unless absolutely necessary. 2219A slightly better solution is 2220 2221 FEATURE(`relay_mail_from') 2222 2223which allows relaying if the mail sender is listed as RELAY in the 2224access map. If an optional argument `domain' (this is the literal 2225word `domain', not a placeholder) is given, the domain portion of 2226the mail sender is also checked to allowing relaying. This option 2227only works together with the tag From: for the LHS of the access 2228map entries (see below: Finer control...). This feature allows 2229spammers to abuse your mail server by specifying a return address 2230that you enabled in your access file. This may be harder to figure 2231out for spammers, but it should not be used unless necessary. 2232Instead use SMTP AUTH or STARTTLS to allow relaying for roaming 2233users. 2234 2235 2236If source routing is used in the recipient address (e.g., 2237RCPT TO: <user%site.com@othersite.com>), sendmail will check 2238user@site.com for relaying if othersite.com is an allowed relay host 2239in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, 2240or the access database if FEATURE(`access_db') is used. To prevent 2241the address from being stripped down, use: 2242 2243 FEATURE(`loose_relay_check') 2244 2245If you think you need to use this feature, you probably do not. This 2246should only be used for sites which have no control over the addresses 2247that they provide a gateway for. Use this FEATURE with caution as it 2248can allow spammers to relay through your server if not setup properly. 2249 2250NOTICE: It is possible to relay mail through a system which the anti-relay 2251rules do not prevent: the case of a system that does use FEATURE(`nouucp', 2252`nospecial') (system A) and relays local messages to a mail hub (e.g., via 2253LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use 2254FEATURE(`nouucp') at all, addresses of the form 2255<example.net!user@local.host> would be relayed to <user@example.net>. 2256System A doesn't recognize `!' as an address separator and therefore 2257forwards it to the mail hub which in turns relays it because it came from 2258a trusted local host. So if a mailserver allows UUCP (bang-format) 2259addresses, all systems from which it allows relaying should do the same 2260or reject those addresses. 2261 2262As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 2263an unresolvable domain (i.e., one that DNS, your local name service, 2264or special case rules in ruleset 3 cannot locate). This also applies 2265to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the 2266IP address can't be mapped to a host name. If you want to continue 2267to accept such domains, e.g., because you are inside a firewall that 2268has only a limited view of the Internet host name space (note that you 2269will not be able to return mail to them unless you have some "smart 2270host" forwarder), use 2271 2272 FEATURE(`accept_unresolvable_domains') 2273 2274Alternatively, you can allow specific addresses by adding them to 2275the access map, e.g., 2276 2277 From:unresolvable.domain OK 2278 From:[1.2.3.4] OK 2279 From:[1.2.4] OK 2280 2281Notice: domains which are temporarily unresolvable are (temporarily) 2282rejected with a 451 reply code. If those domains should be accepted 2283(which is discouraged) then you can use 2284 2285 LOCAL_CONFIG 2286 C{ResOk}TEMP 2287 2288sendmail will also refuse mail if the MAIL FROM: parameter is not 2289fully qualified (i.e., contains a domain as well as a user). If you 2290want to continue to accept such senders, use 2291 2292 FEATURE(`accept_unqualified_senders') 2293 2294Setting the DaemonPortOptions modifier 'u' overrides the default behavior, 2295i.e., unqualified addresses are accepted even without this FEATURE. If 2296this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used 2297to enforce fully qualified domain names. 2298 2299An ``access'' database can be created to accept or reject mail from 2300selected domains. For example, you may choose to reject all mail 2301originating from known spammers. To enable such a database, use 2302 2303 FEATURE(`access_db') 2304 2305Notice: the access database is applied to the envelope addresses 2306and the connection information, not to the header. 2307 2308The FEATURE macro can accept as second parameter the key file 2309definition for the database; for example 2310 2311 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map') 2312 2313Notice: If a second argument is specified it must contain the option 2314`-T<TMPF>' as shown above. The optional third and fourth parameters 2315may be `skip' or `lookupdotdomain'. The former enables SKIP as 2316value part (see below), the latter is another way to enable the 2317feature of the same name (see above). 2318 2319Remember, since /etc/mail/access is a database, after creating the text 2320file as described below, you must use makemap to create the database 2321map. For example: 2322 2323 makemap hash /etc/mail/access < /etc/mail/access 2324 2325The table itself uses e-mail addresses, domain names, and network 2326numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:". 2327For example, 2328 2329 spammer@aol.com REJECT 2330 cyberspammer.com REJECT 2331 TLD REJECT 2332 192.168.212 REJECT 2333 IPv6:2002:c0a8:02c7 RELAY 2334 IPv6:2002:c0a8:51d2::23f4 REJECT 2335 2336would refuse mail from spammer@aol.com, any user from cyberspammer.com 2337(or any host within the cyberspammer.com domain), any host in the entire 2338top level domain TLD, 192.168.212.* network, and the IPv6 address 23392002:c0a8:51d2::23f4. It would allow relay for the IPv6 network 23402002:c0a8:02c7::/48. 2341 2342The value part of the map can contain: 2343 2344 OK Accept mail even if other rules in the running 2345 ruleset would reject it, for example, if the domain 2346 name is unresolvable. "Accept" does not mean 2347 "relay", but at most acceptance for local 2348 recipients. That is, OK allows less than RELAY. 2349 RELAY Accept mail addressed to the indicated domain or 2350 received from the indicated domain for relaying 2351 through your SMTP server. RELAY also serves as 2352 an implicit OK for the other checks. 2353 REJECT Reject the sender or recipient with a general 2354 purpose message. 2355 DISCARD Discard the message completely using the 2356 $#discard mailer. If it is used in check_compat, 2357 it affects only the designated recipient, not 2358 the whole message as it does in all other cases. 2359 This should only be used if really necessary. 2360 SKIP This can only be used for host/domain names 2361 and IP addresses/nets. It will abort the current 2362 search for this entry without accepting or rejecting 2363 it but causing the default action. 2364 ### any text where ### is an RFC 821 compliant error code and 2365 "any text" is a message to return for the command. 2366 The string should be quoted to avoid surprises, 2367 e.g., sendmail may remove spaces otherwise. 2368 This type is deprecated, use one the two 2369 ERROR: entries below instead. 2370 ERROR:### any text 2371 as above, but useful to mark error messages as such. 2372 ERROR:D.S.N:### any text 2373 where D.S.N is an RFC 1893 compliant error code 2374 and the rest as above. 2375 2376For example: 2377 2378 cyberspammer.com ERROR:"550 We don't accept mail from spammers" 2379 okay.cyberspammer.com OK 2380 sendmail.org RELAY 2381 128.32 RELAY 2382 IPv6:1:2:3:4:5:6:7 RELAY 2383 [127.0.0.3] OK 2384 [IPv6:1:2:3:4:5:6:7:8] OK 2385 2386would accept mail from okay.cyberspammer.com, but would reject mail from 2387all other hosts at cyberspammer.com with the indicated message. It would 2388allow relaying mail from and to any hosts in the sendmail.org domain, and 2389allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:* 2390network. The latter two entries are for checks against ${client_name} if 2391the IP address doesn't resolve to a hostname (or is considered as "may be 2392forged"). That is, using square brackets means these are host names, 2393not network numbers. 2394 2395Warning: if you change the RFC 821 compliant error code from the default 2396value of 550, then you should probably also change the RFC 1893 compliant 2397error code to match it. For example, if you use 2398 2399 user@example.com ERROR:450 mailbox full 2400 2401the error returned would be "450 5.0.0 mailbox full" which is wrong. 2402Use "ERROR:4.2.2:450 mailbox full" instead. 2403 2404Note, UUCP users may need to add hostname.UUCP to the access database 2405or class {R}. 2406 2407If you also use: 2408 2409 FEATURE(`relay_hosts_only') 2410 2411then the above example will allow relaying for sendmail.org, but not 2412hosts within the sendmail.org domain. Note that this will also require 2413hosts listed in class {R} to be fully qualified host names. 2414 2415You can also use the access database to block sender addresses based on 2416the username portion of the address. For example: 2417 2418 FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted 2419 2420Note that you must include the @ after the username to signify that 2421this database entry is for checking only the username portion of the 2422sender address. 2423 2424If you use: 2425 2426 FEATURE(`blacklist_recipients') 2427 2428then you can add entries to the map for local users, hosts in your 2429domains, or addresses in your domain which should not receive mail: 2430 2431 badlocaluser@ ERROR:550 Mailbox disabled for this username 2432 host.mydomain.com ERROR:550 That host does not accept mail 2433 user@otherhost.mydomain.com ERROR:550 Mailbox disabled for this recipient 2434 2435This would prevent a recipient of badlocaluser@mydomain.com, any 2436user at host.mydomain.com, and the single address 2437user@otherhost.mydomain.com from receiving mail. Please note: a 2438local username must be now tagged with an @ (this is consistent 2439with the check of the sender address, and hence it is possible to 2440distinguish between hostnames and usernames). Enabling this feature 2441will keep you from sending mails to all addresses that have an 2442error message or REJECT as value part in the access map. Taking 2443the example from above: 2444 2445 spammer@aol.com REJECT 2446 cyberspammer.com REJECT 2447 2448Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 2449 2450There are several DNS based blacklists, the first of which was 2451the RBL (``Realtime Blackhole List'') run by the MAPS project, 2452see http://mail-abuse.org/. These are databases of spammers 2453maintained in DNS. To use such a database, specify 2454 2455 FEATURE(`dnsbl') 2456 2457This will cause sendmail to reject mail from any site in the original 2458Realtime Blackhole List database. This default DNS blacklist, 2459blackholes.mail-abuse.org, is a service offered by the Mail Abuse 2460Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription 2461service, so using that network address won't work if you haven't 2462subscribed. Contact MAPS to subscribe (http://mail-abuse.org/). 2463 2464You can specify an alternative RBL server to check by specifying an 2465argument to the FEATURE. The default error message is 2466 2467 Rejected: IP-ADDRESS listed at SERVER 2468 2469where IP-ADDRESS and SERVER are replaced by the appropriate 2470information. A second argument can be used to specify a different 2471text. By default, temporary lookup failures are ignored and hence 2472cause the connection not to be rejected by the DNS based rejection 2473list. This behavior can be changed by specifying a third argument, 2474which must be either `t' or a full error message. For example: 2475 2476 FEATURE(`dnsbl', `dnsbl.example.com', `', 2477 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"') 2478 2479If `t' is used, the error message is: 2480 2481 451 Temporary lookup failure of IP-ADDRESS at SERVER 2482 2483where IP-ADDRESS and SERVER are replaced by the appropriate 2484information. 2485 2486This FEATURE can be included several times to query different 2487DNS based rejection lists, e.g., the dial-up user list (see 2488http://mail-abuse.org/dul/). 2489 2490Notice: to avoid checking your own local domains against those 2491blacklists, use the access_db feature and add: 2492 2493 Connect:10.1 OK 2494 Connect:127.0.0.1 RELAY 2495 2496to the access map, where 10.1 is your local network. You may 2497want to use "RELAY" instead of "OK" to allow also relaying 2498instead of just disabling the DNS lookups in the backlists. 2499 2500 2501The features described above make use of the check_relay, check_mail, 2502and check_rcpt rulesets. Note that check_relay checks the SMTP 2503client hostname and IP address when the connection is made to your 2504server. It does not check if a mail message is being relayed to 2505another server. That check is done in check_rcpt. If you wish to 2506include your own checks, you can put your checks in the rulesets 2507Local_check_relay, Local_check_mail, and Local_check_rcpt. For 2508example if you wanted to block senders with all numeric usernames 2509(i.e. 2312343@bigisp.com), you would use Local_check_mail and the 2510regex map: 2511 2512 LOCAL_CONFIG 2513 Kallnumbers regex -a@MATCH ^[0-9]+$ 2514 2515 LOCAL_RULESETS 2516 SLocal_check_mail 2517 # check address against various regex checks 2518 R$* $: $>Parse0 $>3 $1 2519 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 2520 R@MATCH $#error $: 553 Header Error 2521 2522These rules are called with the original arguments of the corresponding 2523check_* ruleset. If the local ruleset returns $#OK, no further checking 2524is done by the features described above and the mail is accepted. If the 2525local ruleset resolves to a mailer (such as $#error or $#discard), the 2526appropriate action is taken. Otherwise, the results of the local 2527rewriting are ignored. 2528 2529Finer control by using tags for the LHS of the access map 2530--------------------------------------------------------- 2531 2532Read this section only if the options listed so far are not sufficient 2533for your purposes. There is now the option to tag entries in the 2534access map according to their type. Three tags are available: 2535 2536 Connect: connection information (${client_addr}, ${client_name}) 2537 From: envelope sender 2538 To: envelope recipient 2539 2540If the required item is looked up in a map, it will be tried first 2541with the corresponding tag in front, then (as fallback to enable 2542backward compatibility) without any tag, unless the specific feature 2543requires a tag. For example, 2544 2545 From:spammer@some.dom REJECT 2546 To:friend.domain RELAY 2547 Connect:friend.domain OK 2548 Connect:from.domain RELAY 2549 From:good@another.dom OK 2550 From:another.dom REJECT 2551 2552This would deny mails from spammer@some.dom but you could still 2553send mail to that address even if FEATURE(`blacklist_recipients') 2554is enabled. Your system will allow relaying to friend.domain, but 2555not from it (unless enabled by other means). Connections from that 2556domain will be allowed even if it ends up in one of the DNS based 2557rejection lists. Relaying is enabled from from.domain but not to 2558it (since relaying is based on the connection information for 2559outgoing relaying, the tag Connect: must be used; for incoming 2560relaying, which is based on the recipient address, To: must be 2561used). The last two entries allow mails from good@another.dom but 2562reject mail from all other addresses with another.dom as domain 2563part. 2564 2565Delay all checks 2566---------------- 2567 2568By using FEATURE(`delay_checks') the rulesets check_mail and check_relay 2569will not be called when a client connects or issues a MAIL command, 2570respectively. Instead, those rulesets will be called by the check_rcpt 2571ruleset; they will be skipped if a sender has been authenticated using 2572a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). 2573If check_mail returns an error then the RCPT TO command will be rejected 2574with that error. If it returns some other result starting with $# then 2575check_relay will be skipped. If the sender address (or a part of it) is 2576listed in the access map and it has a RHS of OK or RELAY, then check_relay 2577will be skipped. This has an interesting side effect: if your domain is 2578my.domain and you have 2579 2580 my.domain RELAY 2581 2582in the access map, then all e-mail with a sender address of 2583<user@my.domain> gets through, even if check_relay would reject it 2584(e.g., based on the hostname or IP address). This allows spammers 2585to get around DNS based blacklist by faking the sender address. To 2586avoid this problem you have to use tagged entries: 2587 2588 To:my.domain RELAY 2589 Connect:my.domain RELAY 2590 2591if you need those entries at all (class {R} may take care of them). 2592 2593FEATURE(`delay_checks') can take an optional argument: 2594 2595 FEATURE(`delay_checks', `friend') 2596 enables spamfriend test 2597 FEATURE(`delay_checks', `hater') 2598 enables spamhater test 2599 2600If such an argument is given, the recipient will be looked up in the 2601access map (using the tag Spam:). If the argument is `friend', then 2602the default behavior is to apply the other rulesets and make a SPAM 2603friend the exception. The rulesets check_mail and check_relay will be 2604skipped only if the recipient address is found and has RHS FRIEND. If 2605the argument is `hater', then the default behavior is to skip the rulesets 2606check_mail and check_relay and make a SPAM hater the exception. The 2607other two rulesets will be applied only if the recipient address is 2608found and has RHS HATER. 2609 2610This allows for simple exceptions from the tests, e.g., by activating 2611the friend option and having 2612 2613 Spam:abuse@ FRIEND 2614 2615in the access map, mail to abuse@localdomain will get through (where 2616"localdomain" is any domain in class {w}). It is also possible to 2617specify a full address or an address with +detail: 2618 2619 Spam:abuse@my.domain FRIEND 2620 Spam:me+abuse@ FRIEND 2621 Spam:spam.domain FRIEND 2622 2623Note: The required tag has been changed in 8.12 from To: to Spam:. 2624This change is incompatible to previous versions. However, you can 2625(for now) simply add the new entries to the access map, the old 2626ones will be ignored. As soon as you removed the old entries from 2627the access map, specify a third parameter (`n') to this feature and 2628the backward compatibility rules will not be in the generated .cf 2629file. 2630 2631Header Checks 2632------------- 2633 2634You can also reject mail on the basis of the contents of headers. 2635This is done by adding a ruleset call to the 'H' header definition command 2636in sendmail.cf. For example, this can be used to check the validity of 2637a Message-ID: header: 2638 2639 LOCAL_CONFIG 2640 HMessage-Id: $>CheckMessageId 2641 2642 LOCAL_RULESETS 2643 SCheckMessageId 2644 R< $+ @ $+ > $@ OK 2645 R$* $#error $: 553 Header Error 2646 2647The alternative format: 2648 2649 HSubject: $>+CheckSubject 2650 2651that is, $>+ instead of $>, gives the full Subject: header including 2652comments to the ruleset (comments in parentheses () are stripped 2653by default). 2654 2655A default ruleset for headers which don't have a specific ruleset 2656defined for them can be given by: 2657 2658 H*: $>CheckHdr 2659 2660Notice: 26611. All rules act on tokens as explained in doc/op/op.{me,ps,txt}. 2662That may cause problems with simple header checks due to the 2663tokenization. It might be simpler to use a regex map and apply it 2664to $&{currHeader}. 26652. There are no default rulesets coming with this distribution of 2666sendmail. You can either write your own or you can search the 2667WWW for examples, e.g., http://www.digitalanswers.org/check_local/ 2668 2669After all of the headers are read, the check_eoh ruleset will be called for 2670any final header-related checks. The ruleset is called with the number of 2671headers and the size of all of the headers in bytes separated by $|. One 2672example usage is to reject messages which do not have a Message-Id: 2673header. However, the Message-Id: header is *NOT* a required header and is 2674not a guaranteed spam indicator. This ruleset is an example and should 2675probably not be used in production. 2676 2677 LOCAL_CONFIG 2678 Kstorage macro 2679 HMessage-Id: $>CheckMessageId 2680 2681 LOCAL_RULESETS 2682 SCheckMessageId 2683 # Record the presence of the header 2684 R$* $: $(storage {MessageIdCheck} $@ OK $) $1 2685 R< $+ @ $+ > $@ OK 2686 R$* $#error $: 553 Header Error 2687 2688 Scheck_eoh 2689 # Check the macro 2690 R$* $: < $&{MessageIdCheck} > 2691 # Clear the macro for the next message 2692 R$* $: $(storage {MessageIdCheck} $) $1 2693 # Has a Message-Id: header 2694 R< $+ > $@ OK 2695 # Allow missing Message-Id: from local mail 2696 R$* $: < $&{client_name} > 2697 R< > $@ OK 2698 R< $=w > $@ OK 2699 # Otherwise, reject the mail 2700 R$* $#error $: 553 Header Error 2701 2702+----------+ 2703| STARTTLS | 2704+----------+ 2705 2706In this text, cert will be used as an abreviation for X.509 certificate, 2707DN (CN) is the distinguished (common) name of a cert, and CA is a 2708certification authority, which signs (issues) certs. 2709 2710For STARTTLS to be offered by sendmail you need to set at least 2711this variables (the file names and paths are just examples): 2712 2713 define(`confCACERT_PATH', `/etc/mail/certs/') 2714 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 2715 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 2716 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 2717 2718On systems which do not have the compile flag HASURANDOM set (see 2719sendmail/README) you also must set confRAND_FILE. 2720 2721See doc/op/op.{me,ps,txt} for more information about these options, 2722especially the sections ``Certificates for STARTTLS'' and ``PRNG for 2723STARTTLS''. 2724 2725Macros related to STARTTLS are: 2726 2727${cert_issuer} holds the DN of the CA (the cert issuer). 2728${cert_subject} holds the DN of the cert (called the cert subject). 2729${cn_issuer} holds the CN of the CA (the cert issuer). 2730${cn_subject} holds the CN of the cert (called the cert subject). 2731${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, 2732 TLSv1/SSLv3, SSLv3, SSLv2. 2733${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 2734 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. 2735${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm 2736 used for the connection. 2737${verify} holds the result of the verification of the presented cert. 2738 Possible values are: 2739 OK verification succeeded. 2740 NO no cert presented. 2741 NOT no cert requested. 2742 FAIL cert presented but could not be verified, 2743 e.g., the cert of the signing CA is missing. 2744 NONE STARTTLS has not been performed. 2745 TEMP temporary error occurred. 2746 PROTOCOL protocol error occurred (SMTP level). 2747 SOFTWARE STARTTLS handshake failed. 2748${server_name} the name of the server of the current outgoing SMTP 2749 connection. 2750${server_addr} the address of the server of the current outgoing SMTP 2751 connection. 2752 2753Relaying 2754-------- 2755 2756 2757SMTP STARTTLS can allow relaying for remote SMTP clients which have 2758successfully authenticated themselves. This is done in the ruleset 2759RelayAuth. If the verification of the cert failed (${verify} != OK), 2760relaying is subject to the usual rules. Otherwise the DN of the issuer is 2761looked up in the access map using the tag CERTISSUER. If the resulting 2762value is RELAY, relaying is allowed. If it is SUBJECT, the DN of the cert 2763subject is looked up next in the access map using the tag CERTSUBJECT. If 2764the value is RELAY, relaying is allowed. 2765 2766${cert_issuer} and ${cert_subject} can be optionally modified by regular 2767expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and 2768_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in 2769rulesets and map lookups, they are modified as follows: each non-printable 2770character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced 2771by their HEX value with a leading '+'. For example: 2772 2773/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= 2774darth+cert@endmail.org 2775 2776is encoded as: 2777 2778/C=US/ST=California/O=endmail.org/OU=private/CN= 2779Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2780 2781(line breaks have been inserted for readability). 2782 2783The macros which are subject to this encoding are ${cert_subject}, 2784${cert_issuer}, ${cn_subject}, and ${cn_issuer}. 2785 2786Examples: 2787 2788To allow relaying for everyone who can present a cert signed by 2789 2790/C=US/ST=California/O=endmail.org/OU=private/CN= 2791Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2792 2793simply use: 2794 2795CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2796Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY 2797 2798To allow relaying only for a subset of machines that have a cert signed by 2799 2800/C=US/ST=California/O=endmail.org/OU=private/CN= 2801Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2802 2803use: 2804 2805CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2806Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT 2807CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= 2808DeathStar/Email=deathstar@endmail.org RELAY 2809 2810Note: line breaks have been inserted after "CN=" for readability, 2811each tagged entry must be one (long) line in the access map. 2812 2813Of course it is also possible to write a simple ruleset that allows 2814relaying for everyone who can present a cert that can be verified, e.g., 2815 2816LOCAL_RULESETS 2817SLocal_check_rcpt 2818R$* $: $&{verify} 2819ROK $# OK 2820 2821Allowing Connections 2822-------------------- 2823 2824The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether 2825an SMTP connection is accepted (or should continue). 2826 2827tls_server is called when sendmail acts as client after a STARTTLS command 2828(should) have been issued. The parameter is the value of ${verify}. 2829 2830tls_client is called when sendmail acts as server, after a STARTTLS command 2831has been issued, and from check_mail. The parameter is the value of 2832${verify} and STARTTLS or MAIL, respectively. 2833 2834Both rulesets behave the same. If no access map is in use, the connection 2835will be accepted unless ${verify} is SOFTWARE, in which case the connection 2836is always aborted. For tls_server/tls_client, ${client_name}/${server_name} 2837is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done 2838with the ruleset LookUpDomain. If no entry is found, ${client_addr} 2839(${server_addr}) is looked up in the access map (same tag, ruleset 2840LookUpAddr). If this doesn't result in an entry either, just the tag is 2841looked up in the access map (included the trailing colon). Notice: 2842requiring that e-mail is sent to a server only encrypted, e.g., via 2843 2844TLS_Srv:secure.domain ENCR:112 2845 2846doesn't necessarily mean that e-mail sent to that domain is encrypted. 2847If the domain has multiple MX servers, e.g., 2848 2849secure.domain. IN MX 10 mail.secure.domain. 2850secure.domain. IN MX 50 mail.other.domain. 2851 2852then mail to user@secure.domain may go unencrypted to mail.other.domain. 2853tls_rcpt can be used to address this problem. 2854 2855tls_rcpt is called before a RCPT TO: command is sent. The parameter is the 2856current recipient. This ruleset is only defined if FEATURE(`access_db') 2857is selected. A recipient address user@domain is looked up in the access 2858map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain, 2859and TLS_Rcpt:; the first match is taken. 2860 2861The result of the lookups is then used to call the ruleset TLS_connection, 2862which checks the requirement specified by the RHS in the access map against 2863the actual parameters of the current TLS connection, esp. ${verify} and 2864${cipher_bits}. Legal RHSs in the access map are: 2865 2866VERIFY verification must have succeeded 2867VERIFY:bits verification must have succeeded and ${cipher_bits} must 2868 be greater than or equal bits. 2869ENCR:bits ${cipher_bits} must be greater than or equal bits. 2870 2871The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary 2872or permanent error. The default is a temporary error code (403 4.7.0) 2873unless the macro TLS_PERM_ERR is set during generation of the .cf file. 2874 2875If a certain level of encryption is required, then it might also be 2876possible that this level is provided by the security layer from a SASL 2877algorithm, e.g., DIGEST-MD5. 2878 2879Furthermore, there can be a list of extensions added. Such a list 2880starts with '+' and the items are separated by '++'. Allowed 2881extensions are: 2882 2883CN:name name must match ${cn_subject} 2884CN ${server_name} must match ${cn_subject} 2885CS:name name must match ${cert_subject} 2886CI:name name must match ${cert_issuer} 2887 2888Example: e-mail sent to secure.example.com should only use an encrypted 2889connection. E-mail received from hosts within the laptop.example.com domain 2890should only be accepted if they have been authenticated. The host which 2891receives e-mail for darth@endmail.org must present a cert that uses the 2892CN smtp.endmail.org. 2893 2894TLS_Srv:secure.example.com ENCR:112 2895TLS_Clt:laptop.example.com PERM+VERIFY:112 2896TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org 2897 2898 2899Disabling STARTTLS And Setting SMTP Server Features 2900--------------------------------------------------- 2901 2902By default STARTTLS is used whenever possible. However, there are 2903some broken MTAs that don't properly implement STARTTLS. To be able 2904to send to (or receive from) those MTAs, the ruleset try_tls 2905(srv_features) can be used that work together with the access map. 2906Entries for the access map must be tagged with Try_TLS (Srv_Features) 2907and refer to the hostname or IP address of the connecting system. 2908A default case can be specified by using just the tag. For example, 2909the following entries in the access map: 2910 2911 Try_TLS:broken.server NO 2912 Srv_Features:my.domain v 2913 Srv_Features: V 2914 2915will turn off STARTTLS when sending to broken.server (or any host 2916in that domain), and request a client certificate during the TLS 2917handshake only for hosts in my.domain. The valid entries on the RHS 2918for Srv_Features are listed in the Sendmail Installation and 2919Operations Guide. 2920 2921 2922Received: Header 2923---------------- 2924 2925The Received: header reveals whether STARTTLS has been used. It contains an 2926extra line: 2927 2928(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify}) 2929 2930 2931+---------------------+ 2932| SMTP AUTHENTICATION | 2933+---------------------+ 2934 2935The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be 2936used in anti-relay rulesets to allow relaying for those users that 2937authenticated themselves. A very simple example is: 2938 2939SLocal_check_rcpt 2940R$* $: $&{auth_type} 2941R$+ $# OK 2942 2943which checks whether a user has successfully authenticated using 2944any available mechanism. Depending on the setup of the CYRUS SASL 2945library, more sophisticated rulesets might be required, e.g., 2946 2947SLocal_check_rcpt 2948R$* $: $&{auth_type} $| $&{auth_authen} 2949RDIGEST-MD5 $| $+@$=w $# OK 2950 2951to allow relaying for users that authenticated using DIGEST-MD5 2952and have an identity in the local domains. 2953 2954The ruleset trust_auth is used to determine whether a given AUTH= 2955parameter (that is passed to this ruleset) should be trusted. This 2956ruleset may make use of the other ${auth_*} macros. Only if the 2957ruleset resolves to the error mailer, the AUTH= parameter is not 2958trusted. A user supplied ruleset Local_trust_auth can be written 2959to modify the default behavior, which only trust the AUTH= 2960parameter if it is identical to the authenticated user. 2961 2962Per default, relaying is allowed for any user who authenticated 2963via a "trusted" mechanism, i.e., one that is defined via 2964TRUST_AUTH_MECH(`list of mechanisms') 2965For example: 2966TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5') 2967 2968If the selected mechanism provides a security layer the number of 2969bits used for the key of the symmetric cipher is stored in the 2970macro ${auth_ssf}. 2971 2972If sendmail acts as client, it needs some information how to 2973authenticate against another MTA. This information can be provided 2974by the ruleset authinfo or by the option DefaultAuthInfo. The 2975authinfo ruleset looks up {server_name} using the tag AuthInfo: in 2976the access map. If no entry is found, {server_addr} is looked up 2977in the same way and finally just the tag AuthInfo: to provide 2978default values. 2979 2980Notice: the default configuration file causes the option DefaultAuthInfo 2981to fail since the ruleset authinfo is in the .cf file. If you really 2982want to use DefaultAuthInfo (it is deprecated) then you have to 2983remove the ruleset. 2984 2985The RHS for an AuthInfo: entry in the access map should consists of a 2986list of tokens, each of which has the form: "TDstring" (including 2987the quotes). T is a tag which describes the item, D is a delimiter, 2988either ':' for simple text or '=' for a base64 encoded string. 2989Valid values for the tag are: 2990 2991 U user (authorization) id 2992 I authentication id 2993 P password 2994 R realm 2995 M list of mechanisms delimited by spaces 2996 2997Example entries are: 2998 2999AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5" 3000AuthInfo:more.dom "U:user" "P=c2VjcmV0" 3001 3002User or authentication id must exist as well as the password. All 3003other entries have default values. If one of user or authentication 3004id is missing, the existing value is used for the missing item. 3005If "R:" is not specified, realm defaults to $j. The list of mechanisms 3006defaults to those specified by AuthMechanisms. 3007 3008Since this map contains sensitive information, either the access 3009map must be unreadable by everyone but root (or the trusted user) 3010or FEATURE(`authinfo') must be used which provides a separate map. 3011Notice: It is not checked whether the map is actually 3012group/world-unreadable, this is left to the user. 3013 3014+--------------------------------+ 3015| ADDING NEW MAILERS OR RULESETS | 3016+--------------------------------+ 3017 3018Sometimes you may need to add entirely new mailers or rulesets. They 3019should be introduced with the constructs MAILER_DEFINITIONS and 3020LOCAL_RULESETS respectively. For example: 3021 3022 MAILER_DEFINITIONS 3023 Mmymailer, ... 3024 ... 3025 3026 LOCAL_RULESETS 3027 Smyruleset 3028 ... 3029 3030Local additions for the rulesets srv_features, try_tls, tls_rcpt, 3031tls_client, and tls_server can be made using LOCAL_SRV_FEATURES, 3032LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER, 3033respectively. For example, to add a local ruleset that decides 3034whether to try STARTTLS in a sendmail client, use: 3035 3036 LOCAL_TRY_TLS 3037 R... 3038 3039Note: you don't need to add a name for the ruleset, it is implicitly 3040defined by using the appropriate macro. 3041 3042 3043+-------------------------+ 3044| ADDING NEW MAIL FILTERS | 3045+-------------------------+ 3046 3047Sendmail supports mail filters to filter incoming SMTP messages according 3048to the "Sendmail Mail Filter API" documentation. These filters can be 3049configured in your mc file using the two commands: 3050 3051 MAIL_FILTER(`name', `equates') 3052 INPUT_MAIL_FILTER(`name', `equates') 3053 3054The first command, MAIL_FILTER(), simply defines a filter with the given 3055name and equates. For example: 3056 3057 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3058 3059This creates the equivalent sendmail.cf entry: 3060 3061 Xarchive, S=local:/var/run/archivesock, F=R 3062 3063The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER 3064but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name 3065of the filter such that the filter will actually be called by sendmail. 3066 3067For example, the two commands: 3068 3069 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3070 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3071 3072are equivalent to the three commands: 3073 3074 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3075 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3076 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') 3077 3078In general, INPUT_MAIL_FILTER() should be used unless you need to define 3079more filters than you want to use for `confINPUT_MAIL_FILTERS'. 3080 3081Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() 3082commands will clear the list created by the prior INPUT_MAIL_FILTER() 3083commands. 3084 3085 3086+-------------------------+ 3087| QUEUE GROUP DEFINITIONS | 3088+-------------------------+ 3089 3090In addition to the queue directory (which is the default queue group 3091called "mqueue"), sendmail can deal with multiple queue groups, which 3092are collections of queue directories with the same behaviour. Queue 3093groups can be defined using the command: 3094 3095 QUEUE_GROUP(`name', `equates') 3096 3097For details about queue groups, please see doc/op/op.{me,ps,txt}. 3098 3099+-------------------------------+ 3100| NON-SMTP BASED CONFIGURATIONS | 3101+-------------------------------+ 3102 3103These configuration files are designed primarily for use by 3104SMTP-based sites. They may not be well tuned for UUCP-only or 3105UUCP-primarily nodes (the latter is defined as a small local net 3106connected to the rest of the world via UUCP). However, there is 3107one hook to handle some special cases. 3108 3109You can define a ``smart host'' that understands a richer address syntax 3110using: 3111 3112 define(`SMART_HOST', `mailer:hostname') 3113 3114In this case, the ``mailer:'' defaults to "relay". Any messages that 3115can't be handled using the usual UUCP rules are passed to this host. 3116 3117If you are on a local SMTP-based net that connects to the outside 3118world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 3119For example: 3120 3121 define(`SMART_HOST', `uucp-new:uunet') 3122 LOCAL_NET_CONFIG 3123 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 3124 3125This will cause all names that end in your domain name ($m) to be sent 3126via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. 3127If you have FEATURE(`nocanonify'), you may need to omit the dots after 3128the $m. If you are running a local DNS inside your domain which is 3129not otherwise connected to the outside world, you probably want to 3130use: 3131 3132 define(`SMART_HOST', `smtp:fire.wall.com') 3133 LOCAL_NET_CONFIG 3134 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 3135 3136That is, send directly only to things you found in your DNS lookup; 3137anything else goes through SMART_HOST. 3138 3139You may need to turn off the anti-spam rules in order to accept 3140UUCP mail with FEATURE(`promiscuous_relay') and 3141FEATURE(`accept_unresolvable_domains'). 3142 3143 3144+-----------+ 3145| WHO AM I? | 3146+-----------+ 3147 3148Normally, the $j macro is automatically defined to be your fully 3149qualified domain name (FQDN). Sendmail does this by getting your 3150host name using gethostname and then calling gethostbyname on the 3151result. For example, in some environments gethostname returns 3152only the root of the host name (such as "foo"); gethostbyname is 3153supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 3154cases, gethostbyname may fail to return the FQDN. In this case 3155you MUST define confDOMAIN_NAME to be your fully qualified domain 3156name. This is usually done using: 3157 3158 Dmbar.com 3159 define(`confDOMAIN_NAME', `$w.$m')dnl 3160 3161 3162+-----------------------------------+ 3163| ACCEPTING MAIL FOR MULTIPLE NAMES | 3164+-----------------------------------+ 3165 3166If your host is known by several different names, you need to augment 3167class {w}. This is a list of names by which your host is known, and 3168anything sent to an address using a host name in this list will be 3169treated as local mail. You can do this in two ways: either create the 3170file /etc/mail/local-host-names containing a list of your aliases (one per 3171line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add 3172``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified 3173name of the host, rather than a short name. 3174 3175If you want to have different address in different domains, take 3176a look at the virtusertable feature, which is also explained at 3177http://www.sendmail.org/virtual-hosting.html 3178 3179 3180+--------------------+ 3181| USING MAILERTABLES | 3182+--------------------+ 3183 3184To use FEATURE(`mailertable'), you will have to create an external 3185database containing the routing information for various domains. 3186For example, a mailertable file in text format might be: 3187 3188 .my.domain xnet:%1.my.domain 3189 uuhost1.my.domain uucp-new:uuhost1 3190 .bitnet smtp:relay.bit.net 3191 3192This should normally be stored in /etc/mail/mailertable. The actual 3193database version of the mailertable is built using: 3194 3195 makemap hash /etc/mail/mailertable < /etc/mail/mailertable 3196 3197The semantics are simple. Any LHS entry that does not begin with 3198a dot matches the full host name indicated. LHS entries beginning 3199with a dot match anything ending with that domain name (including 3200the leading dot) -- that is, they can be thought of as having a 3201leading ".+" regular expression pattern for a non-empty sequence of 3202characters. Matching is done in order of most-to-least qualified 3203-- for example, even though ".my.domain" is listed first in the 3204above example, an entry of "uuhost1.my.domain" will match the second 3205entry since it is more explicit. Note: e-mail to "user@my.domain" 3206does not match any entry in the above table. You need to have 3207something like: 3208 3209 my.domain esmtp:host.my.domain 3210 3211The RHS should always be a "mailer:host" pair. The mailer is the 3212configuration name of a mailer (that is, an M line in the 3213sendmail.cf file). The "host" will be the hostname passed to 3214that mailer. In domain-based matches (that is, those with leading 3215dots) the "%1" may be used to interpolate the wildcarded part of 3216the host name. For example, the first line above sends everything 3217addressed to "anything.my.domain" to that same host name, but using 3218the (presumably experimental) xnet mailer. 3219 3220In some cases you may want to temporarily turn off MX records, 3221particularly on gateways. For example, you may want to MX 3222everything in a domain to one machine that then forwards it 3223directly. To do this, you might use the DNS configuration: 3224 3225 *.domain. IN MX 0 relay.machine 3226 3227and on relay.machine use the mailertable: 3228 3229 .domain smtp:[gateway.domain] 3230 3231The [square brackets] turn off MX records for this host only. 3232If you didn't do this, the mailertable would use the MX record 3233again, which would give you an MX loop. 3234 3235 3236+--------------------------------+ 3237| USING USERDB TO MAP FULL NAMES | 3238+--------------------------------+ 3239 3240The user database was not originally intended for mapping full names 3241to login names (e.g., Eric.Allman => eric), but some people are using 3242it that way. (it is recommended that you set up aliases for this 3243purpose instead -- since you can specify multiple alias files, this 3244is fairly easy.) The intent was to locate the default maildrop at 3245a site, but allow you to override this by sending to a specific host. 3246 3247If you decide to set up the user database in this fashion, it is 3248imperative that you not use FEATURE(`stickyhost') -- otherwise, 3249e-mail sent to Full.Name@local.host.name will be rejected. 3250 3251To build the internal form of the user database, use: 3252 3253 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt 3254 3255As a general rule, it is an extremely bad idea to using full names 3256as e-mail addresses, since they are not in any sense unique. For 3257example, the UNIX software-development community has at least two 3258well-known Peter Deutsches, and at one time Bell Labs had two 3259Stephen R. Bournes with offices along the same hallway. Which one 3260will be forced to suffer the indignity of being Stephen_R_Bourne_2? 3261The less famous of the two, or the one that was hired later? 3262 3263Finger should handle full names (and be fuzzy). Mail should use 3264handles, and not be fuzzy. 3265 3266 3267+--------------------------------+ 3268| MISCELLANEOUS SPECIAL FEATURES | 3269+--------------------------------+ 3270 3271Plussed users 3272 Sometimes it is convenient to merge configuration on a 3273 centralized mail machine, for example, to forward all 3274 root mail to a mail server. In this case it might be 3275 useful to be able to treat the root addresses as a class 3276 of addresses with subtle differences. You can do this 3277 using plussed users. For example, a client might include 3278 the alias: 3279 3280 root: root+client1@server 3281 3282 On the server, this will match an alias for "root+client1". 3283 If that is not found, the alias "root+*" will be tried, 3284 then "root". 3285 3286 3287+----------------+ 3288| SECURITY NOTES | 3289+----------------+ 3290 3291A lot of sendmail security comes down to you. Sendmail 8 is much 3292more careful about checking for security problems than previous 3293versions, but there are some things that you still need to watch 3294for. In particular: 3295 3296* Make sure the aliases file is not writable except by trusted 3297 system personnel. This includes both the text and database 3298 version. 3299 3300* Make sure that other files that sendmail reads, such as the 3301 mailertable, are only writable by trusted system personnel. 3302 3303* The queue directory should not be world writable PARTICULARLY 3304 if your system allows "file giveaways" (that is, if a non-root 3305 user can chown any file they own to any other user). 3306 3307* If your system allows file giveaways, DO NOT create a publically 3308 writable directory for forward files. This will allow anyone 3309 to steal anyone else's e-mail. Instead, create a script that 3310 copies the .forward file from users' home directories once a 3311 night (if you want the non-NFS-mounted forward directory). 3312 3313* If your system allows file giveaways, you'll find that 3314 sendmail is much less trusting of :include: files -- in 3315 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 3316 /etc/shells before they will be trusted (that is, before 3317 files and programs listed in them will be honored). 3318 3319In general, file giveaways are a mistake -- if you can turn them 3320off, do so. 3321 3322 3323+--------------------------------+ 3324| TWEAKING CONFIGURATION OPTIONS | 3325+--------------------------------+ 3326 3327There are a large number of configuration options that don't normally 3328need to be changed. However, if you feel you need to tweak them, you 3329can define the following M4 variables. This list is shown in four 3330columns: the name you define, the default value for that definition, 3331the option or macro that is affected (either Ox for an option or Dx 3332for a macro), and a brief description. Greater detail of the semantics 3333can be found in the Installation and Operations Guide. 3334 3335Some options are likely to be deprecated in future versions -- that is, 3336the option is only included to provide back-compatibility. These are 3337marked with "*". 3338 3339Remember that these options are M4 variables, and hence may need to 3340be quoted. In particular, arguments with commas will usually have to 3341be ``double quoted, like this phrase'' to avoid having the comma 3342confuse things. This is common for alias file definitions and for 3343the read timeout. 3344 3345M4 Variable Name Configuration Description & [Default] 3346================ ============= ======================= 3347confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 3348 for internally generated outgoing 3349 messages. 3350confDOMAIN_NAME $j macro If defined, sets $j. This should 3351 only be done if your system cannot 3352 determine your local domain name, 3353 and then it should be set to 3354 $w.Foo.COM, where Foo.COM is your 3355 domain name. 3356confCF_VERSION $Z macro If defined, this is appended to the 3357 configuration version name. 3358confLDAP_CLUSTER ${sendmailMTACluster} macro 3359 If defined, this is the LDAP 3360 cluster to use for LDAP searches 3361 as described above in ``USING LDAP 3362 FOR ALIASES, MAPS, AND CLASSES''. 3363confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 3364 internally generated From: address. 3365confRECEIVED_HEADER Received: 3366 [$?sfrom $s $.$?_($?s$|from $.$_) 3367 $.$?{auth_type}(authenticated) 3368 $.by $j ($v/$Z)$?r with $r$. id $i$?u 3369 for $u; $|; 3370 $.$b] 3371 The format of the Received: header 3372 in messages passed through this host. 3373 It is unwise to try to change this. 3374confCW_FILE Fw class [/etc/mail/local-host-names] Name 3375 of file used to get the local 3376 additions to class {w} (local host 3377 names). 3378confCT_FILE Ft class [/etc/mail/trusted-users] Name of 3379 file used to get the local additions 3380 to class {t} (trusted users). 3381confCR_FILE FR class [/etc/mail/relay-domains] Name of 3382 file used to get the local additions 3383 to class {R} (hosts allowed to relay). 3384confTRUSTED_USERS Ct class [no default] Names of users to add to 3385 the list of trusted users. This list 3386 always includes root, uucp, and daemon. 3387 See also FEATURE(`use_ct_file'). 3388confTRUSTED_USER TrustedUser [no default] Trusted user for file 3389 ownership and starting the daemon. 3390 Not to be confused with 3391 confTRUSTED_USERS (see above). 3392confSMTP_MAILER - [esmtp] The mailer name used when 3393 SMTP connectivity is required. 3394 One of "smtp", "smtp8", 3395 "esmtp", or "dsmtp". 3396confUUCP_MAILER - [uucp-old] The mailer to be used by 3397 default for bang-format recipient 3398 addresses. See also discussion of 3399 class {U}, class {Y}, and class {Z} 3400 in the MAILER(`uucp') section. 3401confLOCAL_MAILER - [local] The mailer name used when 3402 local connectivity is required. 3403 Almost always "local". 3404confRELAY_MAILER - [relay] The default mailer name used 3405 for relaying any mail (e.g., to a 3406 BITNET_RELAY, a SMART_HOST, or 3407 whatever). This can reasonably be 3408 "uucp-new" if you are on a 3409 UUCP-connected site. 3410confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 3411confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 3412confALIAS_WAIT AliasWait [10m] Time to wait for alias file 3413 rebuild until you get bored and 3414 decide that the apparently pending 3415 rebuild failed. 3416confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 3417 queue filesystem to accept SMTP mail. 3418 (Prior to 8.7 this was minfree/maxsize, 3419 where minfree was the number of free 3420 blocks and maxsize was the maximum 3421 message size. Use confMAX_MESSAGE_SIZE 3422 for the second value now.) 3423confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 3424 that will be accepted (in bytes). 3425confBLANK_SUB BlankSub [.] Blank (space) substitution 3426 character. 3427confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 3428 to mailers marked expensive. 3429confCHECKPOINT_INTERVAL CheckpointInterval 3430 [10] Checkpoint queue files every N 3431 recipients. 3432confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 3433confERROR_MODE ErrorMode [print] Error message mode. 3434confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 3435confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 3436confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 3437confMATCH_GECOS MatchGECOS [False] Match GECOS field. 3438confMAX_HOP MaxHopCount [25] Maximum hop count. 3439confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd 3440 mode] Ignore dot as terminator for 3441 incoming messages? 3442confBIND_OPTS ResolverOptions [undefined] Default options for DNS 3443 resolver. 3444confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 3445 encapsulated messages per RFC 1344. 3446confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 3447 The colon-separated list of places to 3448 search for .forward files. N.B.: see 3449 the Security Notes section. 3450confMCI_CACHE_SIZE ConnectionCacheSize 3451 [2] Size of open connection cache. 3452confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 3453 [5m] Open connection cache timeout. 3454confHOST_STATUS_DIRECTORY HostStatusDirectory 3455 [undefined] If set, host status is kept 3456 on disk between sendmail runs in the 3457 named directory tree. This need not be 3458 a full pathname, in which case it is 3459 interpreted relative to the queue 3460 directory. 3461confSINGLE_THREAD_DELIVERY SingleThreadDelivery 3462 [False] If this option and the 3463 HostStatusDirectory option are both 3464 set, single thread deliveries to other 3465 hosts. That is, don't allow any two 3466 sendmails on this host to connect 3467 simultaneously to any other single 3468 host. This can slow down delivery in 3469 some cases, in particular since a 3470 cached but otherwise idle connection 3471 to a host will prevent other sendmails 3472 from connecting to the other host. 3473confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to 3474 deliver error messages. This should 3475 not be necessary because of general 3476 acceptance of the envelope/header 3477 distinction. 3478confLOG_LEVEL LogLevel [9] Log level. 3479confME_TOO MeToo [True] Include sender in group 3480 expansions. This option is 3481 deprecated and will be removed from 3482 a future version. 3483confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 3484 running newaliases. Since this does 3485 DNS lookups on every address, it can 3486 slow down the alias rebuild process 3487 considerably on large alias files. 3488confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 3489 special chars are old style. 3490confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 3491confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 3492 copies of all error messages. 3493confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 3494confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for 3495 queue files (octal). If not set, 3496 sendmail uses 0600 unless its real 3497 and effective uid are different in 3498 which case it uses 0644. 3499confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 3500 syntax addresses to the minimum 3501 possible. 3502confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 3503 before forking. 3504confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 3505 on the initial connect. 3506confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 3507 connect() to complete. This can only 3508 shorten connection timeouts; the kernel 3509 silently enforces an absolute maximum 3510 (which varies depending on the system). 3511confTO_ICONNECT Timeout.iconnect 3512 [undefined] Like Timeout.connect, but 3513 applies only to the very first attempt 3514 to connect to a host in a message. 3515 This allows a single very fast pass 3516 followed by more careful delivery 3517 attempts in the future. 3518confTO_ACONNECT Timeout.aconnect 3519 [0] The overall timeout waiting for 3520 all connection for a single delivery 3521 attempt to succeed. If 0, no overall 3522 limit is applied. 3523confTO_HELO Timeout.helo [5m] The timeout waiting for a response 3524 to a HELO or EHLO command. 3525confTO_MAIL Timeout.mail [10m] The timeout waiting for a 3526 response to the MAIL command. 3527confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 3528 to the RCPT command. 3529confTO_DATAINIT Timeout.datainit 3530 [5m] The timeout waiting for a 354 3531 response from the DATA command. 3532confTO_DATABLOCK Timeout.datablock 3533 [1h] The timeout waiting for a block 3534 during DATA phase. 3535confTO_DATAFINAL Timeout.datafinal 3536 [1h] The timeout waiting for a response 3537 to the final "." that terminates a 3538 message. 3539confTO_RSET Timeout.rset [5m] The timeout waiting for a response 3540 to the RSET command. 3541confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 3542 to the QUIT command. 3543confTO_MISC Timeout.misc [2m] The timeout waiting for a response 3544 to other SMTP commands. 3545confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout 3546 waiting for a command to be issued. 3547confTO_IDENT Timeout.ident [5s] The timeout waiting for a 3548 response to an IDENT query. 3549confTO_FILEOPEN Timeout.fileopen 3550 [60s] The timeout waiting for a file 3551 (e.g., :include: file) to be opened. 3552confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response 3553 to an LMTP LHLO command. 3554confTO_AUTH Timeout.auth [10m] The timeout waiting for a 3555 response in an AUTH dialogue. 3556confTO_STARTTLS Timeout.starttls 3557 [1h] The timeout waiting for a 3558 response to an SMTP STARTTLS command. 3559confTO_CONTROL Timeout.control 3560 [2m] The timeout for a complete 3561 control socket transaction to complete. 3562confTO_QUEUERETURN Timeout.queuereturn 3563 [5d] The timeout before a message is 3564 returned as undeliverable. 3565confTO_QUEUERETURN_NORMAL 3566 Timeout.queuereturn.normal 3567 [undefined] As above, for normal 3568 priority messages. 3569confTO_QUEUERETURN_URGENT 3570 Timeout.queuereturn.urgent 3571 [undefined] As above, for urgent 3572 priority messages. 3573confTO_QUEUERETURN_NONURGENT 3574 Timeout.queuereturn.non-urgent 3575 [undefined] As above, for non-urgent 3576 (low) priority messages. 3577confTO_QUEUEWARN Timeout.queuewarn 3578 [4h] The timeout before a warning 3579 message is sent to the sender telling 3580 them that the message has been 3581 deferred. 3582confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 3583 [undefined] As above, for normal 3584 priority messages. 3585confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 3586 [undefined] As above, for urgent 3587 priority messages. 3588confTO_QUEUEWARN_NONURGENT 3589 Timeout.queuewarn.non-urgent 3590 [undefined] As above, for non-urgent 3591 (low) priority messages. 3592confTO_HOSTSTATUS Timeout.hoststatus 3593 [30m] How long information about host 3594 statuses will be maintained before it 3595 is considered stale and the host should 3596 be retried. This applies both within 3597 a single queue run and to persistent 3598 information (see below). 3599confTO_RESOLVER_RETRANS Timeout.resolver.retrans 3600 [varies] Sets the resolver's 3601 retransmission time interval (in 3602 seconds). Sets both 3603 Timeout.resolver.retrans.first and 3604 Timeout.resolver.retrans.normal. 3605confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 3606 [varies] Sets the resolver's 3607 retransmission time interval (in 3608 seconds) for the first attempt to 3609 deliver a message. 3610confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 3611 [varies] Sets the resolver's 3612 retransmission time interval (in 3613 seconds) for all resolver lookups 3614 except the first delivery attempt. 3615confTO_RESOLVER_RETRY Timeout.resolver.retry 3616 [varies] Sets the number of times 3617 to retransmit a resolver query. 3618 Sets both 3619 Timeout.resolver.retry.first and 3620 Timeout.resolver.retry.normal. 3621confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 3622 [varies] Sets the number of times 3623 to retransmit a resolver query for 3624 the first attempt to deliver a 3625 message. 3626confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 3627 [varies] Sets the number of times 3628 to retransmit a resolver query for 3629 all resolver lookups except the 3630 first delivery attempt. 3631confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 3632 USE_SYSTEM to use the system's idea, 3633 USE_TZ to use the user's TZ envariable, 3634 or something else to force that value. 3635confDEF_USER_ID DefaultUser [1:1] Default user id. 3636confUSERDB_SPEC UserDatabaseSpec 3637 [undefined] User database 3638 specification. 3639confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 3640confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX 3641 for a host and other arrangements 3642 haven't been made, try connecting 3643 to the host directly; normally this 3644 would be a config error. 3645confQUEUE_LA QueueLA [varies] Load average at which 3646 queue-only function kicks in. 3647 Default values is (8 * numproc) 3648 where numproc is the number of 3649 processors online (if that can be 3650 determined). 3651confREFUSE_LA RefuseLA [varies] Load average at which 3652 incoming SMTP connections are 3653 refused. Default values is (12 * 3654 numproc) where numproc is the 3655 number of processors online (if 3656 that can be determined). 3657confDELAY_LA DelayLA [0] Load average at which sendmail 3658 will sleep for one second on most 3659 SMTP commands and before accepting 3660 connections. 0 means no limit. 3661confMAX_ALIAS_RECURSION MaxAliasRecursion 3662 [10] Maximum depth of alias recursion. 3663confMAX_DAEMON_CHILDREN MaxDaemonChildren 3664 [undefined] The maximum number of 3665 children the daemon will permit. After 3666 this number, connections will be 3667 rejected. If not set or <= 0, there is 3668 no limit. 3669confMAX_HEADERS_LENGTH MaxHeadersLength 3670 [32768] Maximum length of the sum 3671 of all headers. 3672confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 3673 [undefined] Maximum length of 3674 certain MIME header field values. 3675confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 3676 [undefined] The maximum number of 3677 connections permitted per second per 3678 daemon. After this many connections 3679 are accepted, further connections 3680 will be delayed. If not set or <= 0, 3681 there is no limit. 3682confWORK_RECIPIENT_FACTOR 3683 RecipientFactor [30000] Cost of each recipient. 3684confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a 3685 separate process. 3686confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 3687confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 3688confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 3689 Priority, Host, Filename, Random, 3690 Modification, or Time. 3691confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 3692 must sit in the queue between queue 3693 runs. This allows you to set the 3694 queue run interval low for better 3695 responsiveness without trying all 3696 jobs in each run. 3697confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 3698 unlabeled 8 bit input to MIME, the 3699 character set to use by default. 3700confSERVICE_SWITCH_FILE ServiceSwitchFile 3701 [/etc/mail/service.switch] The file 3702 to use for the service switch on 3703 systems that do not have a 3704 system-defined switch. 3705confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 3706 "file" type access of hosts names. 3707confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 3708 long and try again. Zero means "don't 3709 retry". This is to allow "dial on 3710 demand" connections to have enough time 3711 to complete a connection. 3712confNO_RCPT_ACTION NoRecipientAction 3713 [none] What to do if there are no legal 3714 recipient fields (To:, Cc: or Bcc:) 3715 in the message. Legal values can 3716 be "none" to just leave the 3717 nonconforming message as is, "add-to" 3718 to add a To: header with all the 3719 known recipients (which may expose 3720 blind recipients), "add-apparently-to" 3721 to do the same but use Apparently-To: 3722 instead of To: (strongly discouraged 3723 in accordance with IETF standards), 3724 "add-bcc" to add an empty Bcc: 3725 header, or "add-to-undisclosed" to 3726 add the header 3727 ``To: undisclosed-recipients:;''. 3728confSAFE_FILE_ENV SafeFileEnvironment 3729 [undefined] If set, sendmail will do a 3730 chroot() into this directory before 3731 writing files. 3732confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 3733 If set, colons are treated as a regular 3734 character in addresses. If not set, 3735 they are treated as the introducer to 3736 the RFC 822 "group" syntax. Colons are 3737 handled properly in route-addrs. This 3738 option defaults on for V5 and lower 3739 configuration files. 3740confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 3741 any given queue run to this number of 3742 entries. Essentially, this will stop 3743 reading each queue directory after this 3744 number of entries are reached; it does 3745 _not_ pick the highest priority jobs, 3746 so this should be as large as your 3747 system can tolerate. If not set, there 3748 is no limit. 3749confMAX_QUEUE_CHILDREN MaxQueueChildren 3750 [undefined] Limits the maximum number 3751 of concurrent queue runners active. 3752 This is to keep system resources used 3753 within a reasonable limit. Relates to 3754 Queue Groups and ForkAllJobs. 3755confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 3756 [1] Only active when MaxQueueChildren 3757 defined. Controls the maximum number 3758 of queue runners (aka queue children) 3759 active at the same time in a work 3760 group. See also MaxQueueChildren. 3761confDONT_EXPAND_CNAMES DontExpandCnames 3762 [False] If set, $[ ... $] lookups that 3763 do DNS based lookups do not expand 3764 CNAME records. This currently violates 3765 the published standards, but the IETF 3766 seems to be moving toward legalizing 3767 this. For example, if "FTP.Foo.ORG" 3768 is a CNAME for "Cruft.Foo.ORG", then 3769 with this option set a lookup of 3770 "FTP" will return "FTP.Foo.ORG"; if 3771 clear it returns "Cruft.FOO.ORG". N.B. 3772 you may not see any effect until your 3773 downstream neighbors stop doing CNAME 3774 lookups as well. 3775confFROM_LINE UnixFromLine [From $g $d] The From_ line used 3776 when sending to files or programs. 3777confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 3778 [False] From: lines that have 3779 embedded newlines are unwrapped 3780 onto one line. 3781confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 3782 does not include a host name. 3783confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 3784 name phrase (@,;:\()[] are automatic). 3785confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 3786 characters. 3787confSMTP_LOGIN_MSG SmtpGreetingMessage 3788 [$j Sendmail $v/$Z; $b] 3789 The initial (spontaneous) SMTP 3790 greeting message. The word "ESMTP" 3791 will be inserted between the first and 3792 second words to convince other 3793 sendmails to try to speak ESMTP. 3794confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 3795 routine will never be invoked. You 3796 might want to do this if you are 3797 running NIS and you have a large group 3798 map, since this call does a sequential 3799 scan of the map; in a large site this 3800 can cause your ypserv to run 3801 essentially full time. If you set 3802 this, agents run on behalf of users 3803 will only have their primary 3804 (/etc/passwd) group permissions. 3805confUNSAFE_GROUP_WRITES UnsafeGroupWrites 3806 [False] If set, group-writable 3807 :include: and .forward files are 3808 considered "unsafe", that is, programs 3809 and files cannot be directly referenced 3810 from such files. World-writable files 3811 are always considered unsafe. 3812confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection 3813 address (for testing). 3814confCONTROL_SOCKET_NAME ControlSocketName 3815 [undefined] Control socket for daemon 3816 management. 3817confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 3818 [postmaster] If an error occurs when 3819 sending an error message, send that 3820 "double bounce" error message to this 3821 address. If it expands to an empty 3822 string, double bounces are dropped. 3823confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce 3824 messages which could not be returned 3825 to the user or sent to postmaster. 3826 If not set, the queue file will 3827 be renamed. 3828confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header 3829 implies DSN request. 3830confRUN_AS_USER RunAsUser [undefined] If set, become this user 3831 when reading and delivering mail. 3832 Causes all file reads (e.g., .forward 3833 and :include: files) to be done as 3834 this user. Also, all programs will 3835 be run as this user, and all output 3836 files will be written as this user. 3837 Intended for use only on firewalls 3838 where users do not have accounts. 3839confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 3840 [infinite] If set, allow no more than 3841 the specified number of recipients in 3842 an SMTP envelope. Further recipients 3843 receive a 452 error code (i.e., they 3844 are deferred for the next delivery 3845 attempt). 3846confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and more than the 3847 specified number of recipients in an 3848 envelope are rejected, sleep for one 3849 second after each rejected RCPT 3850 command. 3851confDONT_PROBE_INTERFACES DontProbeInterfaces 3852 [False] If set, sendmail will _not_ 3853 insert the names and addresses of any 3854 local interfaces into class {w} 3855 (list of known "equivalent" addresses). 3856 If you set this, you must also include 3857 some support for these addresses (e.g., 3858 in a mailertable entry) -- otherwise, 3859 mail to addresses in this list will 3860 bounce with a configuration error. 3861 If set to "loopback" (without 3862 quotes), sendmail will skip 3863 loopback interfaces (e.g., "lo0"). 3864confPID_FILE PidFile [system dependent] Location of pid 3865 file. 3866confPROCESS_TITLE_PREFIX ProcessTitlePrefix 3867 [undefined] Prefix string for the 3868 process title shown on 'ps' listings. 3869confDONT_BLAME_SENDMAIL DontBlameSendmail 3870 [safe] Override sendmail's file 3871 safety checks. This will definitely 3872 compromise system security and should 3873 not be used unless absolutely 3874 necessary. 3875confREJECT_MSG - [550 Access denied] The message 3876 given if the access database contains 3877 REJECT in the value portion. 3878confRELAY_MSG - [550 Relaying denied] The message 3879 given if an unauthorized relaying 3880 attempt is rejected. 3881confDF_BUFFER_SIZE DataFileBufferSize 3882 [4096] The maximum size of a 3883 memory-buffered data (df) file 3884 before a disk-based file is used. 3885confXF_BUFFER_SIZE XScriptFileBufferSize 3886 [4096] The maximum size of a 3887 memory-buffered transcript (xf) 3888 file before a disk-based file is 3889 used. 3890confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5 3891 CRAM-MD5] List of authentication 3892 mechanisms for AUTH (separated by 3893 spaces). The advertised list of 3894 authentication mechanisms will be the 3895 intersection of this list and the list 3896 of available mechanisms as determined 3897 by the CYRUS SASL library. 3898confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains 3899 authentication information for 3900 outgoing connections. This file must 3901 contain the user id, the authorization 3902 id, the password (plain text), the 3903 realm to use, and the list of 3904 mechanisms to try, each on a separate 3905 line and must be readable by root (or 3906 the trusted user) only. If no realm 3907 is specified, $j is used. If no 3908 mechanisms are given in the file, 3909 AuthMechanisms is used. Notice: this 3910 option is deprecated and will be 3911 removed in future versions; it doesn't 3912 work for the MSP since it can't read 3913 the file. Use the authinfo ruleset 3914 instead. See also the section SMTP 3915 AUTHENTICATION. 3916confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A' 3917 then the AUTH= parameter for the 3918 MAIL FROM command is only issued 3919 when authentication succeeded. 3920 Other values (which should be listed 3921 one after the other without any 3922 intervening characters except for 3923 space or comma) are a, c, d, f, p, 3924 and y. See doc/op/op.me for 3925 details. 3926confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption 3927 strength for the security layer in 3928 SMTP AUTH (SASL). Default is 3929 essentially unlimited. 3930confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 3931 verification is performed, i.e., 3932 the server doesn't ask for a 3933 certificate. 3934confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map 3935 specification for LDAP maps. The 3936 value should only contain LDAP 3937 specific settings such as "-h host 3938 -p port -d bindDN", etc. The 3939 settings will be used for all LDAP 3940 maps unless they are specified in 3941 the individual map specification 3942 ('K' command). 3943confCACERT_PATH CACertPath [undefined] Path to directory 3944 with certs of CAs. 3945confCACERT CACertFile [undefined] File containing one CA 3946 cert. 3947confSERVER_CERT ServerCertFile [undefined] File containing the 3948 cert of the server, i.e., this cert 3949 is used when sendmail acts as 3950 server. 3951confSERVER_KEY ServerKeyFile [undefined] File containing the 3952 private key belonging to the server 3953 cert. 3954confCLIENT_CERT ClientCertFile [undefined] File containing the 3955 cert of the client, i.e., this cert 3956 is used when sendmail acts as 3957 client. 3958confCLIENT_KEY ClientKeyFile [undefined] File containing the 3959 private key belonging to the client 3960 cert. 3961confDH_PARAMETERS DHParameters [undefined] File containing the 3962 DH parameters. 3963confRAND_FILE RandFile [undefined] File containing random 3964 data (use prefix file:) or the 3965 name of the UNIX socket if EGD is 3966 used (use prefix egd:). STARTTLS 3967 requires this option if the compile 3968 flag HASURANDOM is not set (see 3969 sendmail/README). 3970confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of 3971 queue runners is set the given value 3972 (nice(3)). 3973confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 3974 [undefined] Defines {daemon_flags} 3975 for direct submissions. 3976confUSE_MSP UseMSP [false] Use as mail submission 3977 program, see sendmail/SECURITY. 3978confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By 3979 SMTP Service Extension (RFC 2852). 3980confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory. 3981confFAST_SPLIT FastSplit [1] If set to a value greater than 3982 zero, the initial MX lookups on 3983 addresses is suppressed when they 3984 are sorted which may result in 3985 faster envelope splitting. If the 3986 mail is submitted directly from the 3987 command line, then the value also 3988 limits the number of processes to 3989 deliver the envelopes. 3990confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find 3991 information about local mailboxes. 3992confDEQUOTE_OPTS - [empty] Additional options for the 3993 dequote map. 3994confINPUT_MAIL_FILTERS InputMailFilters 3995 A comma separated list of filters 3996 which determines which filters and 3997 the invocation sequence are 3998 contacted for incoming SMTP 3999 messages. If none are set, no 4000 filters will be contacted. 4001confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter 4002 actions, defaults to LogLevel. 4003confMILTER_MACROS_CONNECT Milter.macros.connect 4004 [j, _, {daemon_name}, {if_name}, 4005 {if_addr}] Macros to transmit to 4006 milters when a session connection 4007 starts. 4008confMILTER_MACROS_HELO Milter.macros.helo 4009 [{tls_version}, {cipher}, 4010 {cipher_bits}, {cert_subject}, 4011 {cert_issuer}] Macros to transmit to 4012 milters after HELO/EHLO command. 4013confMILTER_MACROS_ENVFROM Milter.macros.envfrom 4014 [i, {auth_type}, {auth_authen}, 4015 {auth_ssf}, {auth_author}, 4016 {mail_mailer}, {mail_host}, 4017 {mail_addr}] Macros to transmit to 4018 milters after MAIL FROM command. 4019confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 4020 [{rcpt_mailer}, {rcpt_host}, 4021 {rcpt_addr}] Macros to transmit to 4022 milters after RCPT TO command. 4023 4024 4025See also the description of OSTYPE for some parameters that can be 4026tweaked (generally pathnames to mailers). 4027 4028ClientPortOptions and DaemonPortOptions are special cases since multiple 4029clients/daemons can be defined. This can be done via 4030 4031 CLIENT_OPTIONS(`field1=value1,field2=value2,...') 4032 DAEMON_OPTIONS(`field1=value1,field2=value2,...') 4033 4034Note that multiple CLIENT_OPTIONS() commands (and therefore multiple 4035ClientPortOptions settings) are allowed in order to give settings for each 4036protocol family (e.g., one for Family=inet and one for Family=inet6). A 4037restriction placed on one family only affects outgoing connections on that 4038particular family. 4039 4040If DAEMON_OPTIONS is not used, then the default is 4041 4042 DAEMON_OPTIONS(`Port=smtp, Name=MTA') 4043 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') 4044 4045If you use one DAEMON_OPTIONS macro, it will alter the parameters 4046of the first of these. The second will still be defaulted; it 4047represents a "Message Submission Agent" (MSA) as defined by RFC 40482476 (see below). To turn off the default definition for the MSA, 4049use FEATURE(`no_default_msa') (see also FEATURES). If you use 4050additional DAEMON_OPTIONS macros, they will add additional daemons. 4051 4052Example 1: To change the port for the SMTP listener, while 4053still using the MSA default, use 4054 DAEMON_OPTIONS(`Port=925, Name=MTA') 4055 4056Example 2: To change the port for the MSA daemon, while still 4057using the default SMTP port, use 4058 FEATURE(`no_default_msa') 4059 DAEMON_OPTIONS(`Name=MTA') 4060 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') 4061 4062Note that if the first of those DAEMON_OPTIONS lines were omitted, then 4063there would be no listener on the standard SMTP port. 4064 4065Example 3: To listen on both IPv4 and IPv6 interfaces, use 4066 4067 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') 4068 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') 4069 4070A "Message Submission Agent" still uses all of the same rulesets for 4071processing the message (and therefore still allows message rejection via 4072the check_* rulesets). In accordance with the RFC, the MSA will ensure 4073that all domains in envelope addresses are fully qualified if the message 4074is relayed to another MTA. It will also enforce the normal address syntax 4075rules and log error messages. Additionally, by using the M=a modifier you 4076can require authentication before messages are accepted by the MSA. 4077Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally, 4078the M=E modifier shown above disables ETRN as required by RFC 2476. 4079 4080Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() 4081commands: 4082 4083 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') 4084 MAIL_FILTER(`myfilter', `S=inet:3333@localhost') 4085 4086The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the 4087same order they were specified by also setting confINPUT_MAIL_FILTERS. A 4088filter can be defined without adding it to the input filter list by using 4089MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. 4090Alternatively, you can reset the list of filters and their order by setting 4091confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in 4092your .mc file. 4093 4094 4095+----------------------------+ 4096| MESSAGE SUBMISSION PROGRAM | 4097+----------------------------+ 4098 4099The purpose of the message submission program (MSP) is explained 4100in sendmail/SECURITY. This section contains a list of caveats and 4101a few hints how for those who want to tweak the default configuration 4102for it (which is installed as submit.cf). 4103 4104Notice: do not add options/features to submit.mc unless you are 4105absolutely sure you need them. Options you may want to change 4106include: 4107 4108- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for 4109 avoiding X-Authentication warnings. 4110- confTIME_ZONE to change it from the default `USE_TZ'. 4111- confDELIVERY_MODE is set to interactive in msp.m4 instead 4112 of the default background mode. 4113- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses 4114 to the LOCAL_RELAY instead of the default relay. 4115- confRAND_FILE if you use STARTTLS and sendmail is not compiled with 4116 the flag HASURANDOM. 4117 4118The MSP performs hostname canonicalization by default. As also 4119explained in sendmail/SECURITY, mail may end up for various DNS 4120related reasons in the MSP queue. This problem can be minimized by 4121using 4122 4123 FEATURE(`nocanonify', `canonify_hosts') 4124 define(`confDIRECT_SUBMISSION_MODIFIERS', `C') 4125 4126See the discussion about nocanonify for possible side effects. 4127 4128Some things are not intended to work with the MSP. These include 4129features that influence the delivery process (e.g., mailertable, 4130aliases), or those that are only important for a SMTP server (e.g., 4131virtusertable, DaemonPortOptions, multiple queues). Moreover, 4132relaxing certain restrictions (RestrictQueueRun, permissions on 4133queue directory) or adding features (e.g., enabling prog/file mailer) 4134can cause security problems. 4135 4136Other things don't work well with the MSP and require tweaking or 4137workarounds. For example, to allow for client authentication it 4138is not just sufficient to provide a client certificate and the 4139corresponding key, but it is also necessary to make the key group 4140(smmsp) readable and tell sendmail not to complain about that, i.e., 4141 4142 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile') 4143 4144If the MSP should actually use AUTH then the necessary data 4145should be placed in a map as explained in SMTP AUTHENTICATION: 4146 4147FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo') 4148 4149/etc/mail/msp-authinfo should contain an entry like: 4150 4151 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5" 4152 4153The file and the map created by makemap should be owned by smmsp, 4154its group should be smmsp, and it should have mode 640. The database 4155used by the MTA for AUTH must have a corresponding entry. 4156Additionally the MTA must trust this authentication data so the AUTH= 4157part will be relayed on to the next hop. This can be achieved by 4158adding the following to your sendmail.mc file: 4159 4160 LOCAL_RULESETS 4161 SLocal_trust_auth 4162 R$* $: $&{auth_authen} 4163 Rsmmsp $# OK 4164 4165feature/msp.m4 defines almost all settings for the MSP. Most of 4166those should not be changed at all. Some of the features and options 4167can be overridden if really necessary. It is a bit tricky to do 4168this, because it depends on the actual way the option is defined 4169in feature/msp.m4. If it is directly defined (i.e., define()) then 4170the modified value must be defined after 4171 4172 FEATURE(`msp') 4173 4174If it is conditionally defined (i.e., ifdef()) then the desired 4175value must be defined before the FEATURE line in the .mc file. 4176To see how the options are defined read feature/msp.m4. 4177 4178 4179+--------------------------+ 4180| FORMAT OF FILES AND MAPS | 4181+--------------------------+ 4182 4183Files that define classes, i.e., F{classname}, consist of lines 4184each of which contains a single element of the class. For example, 4185/etc/mail/local-host-names may have the following content: 4186 4187my.domain 4188another.domain 4189 4190Maps must be created using makemap(8) , e.g., 4191 4192 makemap hash MAP < MAP 4193 4194In general, a text file from which a map is created contains lines 4195of the form 4196 4197key value 4198 4199where 'key' and 'value' are also called LHS and RHS, respectively. 4200By default, the delimiter between LHS and RHS is a non-empty sequence 4201of white space characters. 4202 4203 4204+------------------+ 4205| DIRECTORY LAYOUT | 4206+------------------+ 4207 4208Within this directory are several subdirectories, to wit: 4209 4210m4 General support routines. These are typically 4211 very important and should not be changed without 4212 very careful consideration. 4213 4214cf The configuration files themselves. They have 4215 ".mc" suffixes, and must be run through m4 to 4216 become complete. The resulting output should 4217 have a ".cf" suffix. 4218 4219ostype Definitions describing a particular operating 4220 system type. These should always be referenced 4221 using the OSTYPE macro in the .mc file. Examples 4222 include "bsd4.3", "bsd4.4", "sunos3.5", and 4223 "sunos4.1". 4224 4225domain Definitions describing a particular domain, referenced 4226 using the DOMAIN macro in the .mc file. These are 4227 site dependent; for example, "CS.Berkeley.EDU.m4" 4228 describes hosts in the CS.Berkeley.EDU subdomain. 4229 4230mailer Descriptions of mailers. These are referenced using 4231 the MAILER macro in the .mc file. 4232 4233sh Shell files used when building the .cf file from the 4234 .mc file in the cf subdirectory. 4235 4236feature These hold special orthogonal features that you might 4237 want to include. They should be referenced using 4238 the FEATURE macro. 4239 4240hack Local hacks. These can be referenced using the HACK 4241 macro. They shouldn't be of more than voyeuristic 4242 interest outside the .Berkeley.EDU domain, but who knows? 4243 4244siteconfig Site configuration -- e.g., tables of locally connected 4245 UUCP sites. 4246 4247 4248+------------------------+ 4249| ADMINISTRATIVE DETAILS | 4250+------------------------+ 4251 4252The following sections detail usage of certain internal parts of the 4253sendmail.cf file. Read them carefully if you are trying to modify 4254the current model. If you find the above descriptions adequate, these 4255should be {boring, confusing, tedious, ridiculous} (pick one or more). 4256 4257RULESETS (* means built in to sendmail) 4258 4259 0 * Parsing 4260 1 * Sender rewriting 4261 2 * Recipient rewriting 4262 3 * Canonicalization 4263 4 * Post cleanup 4264 5 * Local address rewrite (after aliasing) 4265 1x mailer rules (sender qualification) 4266 2x mailer rules (recipient qualification) 4267 3x mailer rules (sender header qualification) 4268 4x mailer rules (recipient header qualification) 4269 5x mailer subroutines (general) 4270 6x mailer subroutines (general) 4271 7x mailer subroutines (general) 4272 8x reserved 4273 90 Mailertable host stripping 4274 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 4275 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 4276 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 4277 4278 4279MAILERS 4280 4281 0 local, prog local and program mailers 4282 1 [e]smtp, relay SMTP channel 4283 2 uucp-* UNIX-to-UNIX Copy Program 4284 3 netnews Network News delivery 4285 4 fax Sam Leffler's HylaFAX software 4286 5 mail11 DECnet mailer 4287 4288 4289MACROS 4290 4291 A 4292 B Bitnet Relay 4293 C DECnet Relay 4294 D The local domain -- usually not needed 4295 E reserved for X.400 Relay 4296 F FAX Relay 4297 G 4298 H mail Hub (for mail clusters) 4299 I 4300 J 4301 K 4302 L Luser Relay 4303 M Masquerade (who you claim to be) 4304 N 4305 O 4306 P 4307 Q 4308 R Relay (for unqualified names) 4309 S Smart Host 4310 T 4311 U my UUCP name (if you have a UUCP connection) 4312 V UUCP Relay (class {V} hosts) 4313 W UUCP Relay (class {W} hosts) 4314 X UUCP Relay (class {X} hosts) 4315 Y UUCP Relay (all other hosts) 4316 Z Version number 4317 4318 4319CLASSES 4320 4321 A 4322 B domains that are candidates for bestmx lookup 4323 C 4324 D 4325 E addresses that should not seem to come from $M 4326 F hosts this system forward for 4327 G domains that should be looked up in genericstable 4328 H 4329 I 4330 J 4331 K 4332 L addresses that should not be forwarded to $R 4333 M domains that should be mapped to $M 4334 N host/domains that should not be mapped to $M 4335 O operators that indicate network operations (cannot be in local names) 4336 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 4337 Q 4338 R domains this system is willing to relay (pass anti-spam filters) 4339 S 4340 T 4341 U locally connected UUCP hosts 4342 V UUCP hosts connected to relay $V 4343 W UUCP hosts connected to relay $W 4344 X UUCP hosts connected to relay $X 4345 Y locally connected smart UUCP hosts 4346 Z locally connected domain-ized UUCP hosts 4347 . the class containing only a dot 4348 [ the class containing only a left bracket 4349 4350 4351M4 DIVERSIONS 4352 4353 1 Local host detection and resolution 4354 2 Local Ruleset 3 additions 4355 3 Local Ruleset 0 additions 4356 4 UUCP Ruleset 0 additions 4357 5 locally interpreted names (overrides $R) 4358 6 local configuration (at top of file) 4359 7 mailer definitions 4360 8 DNS based blacklists 4361 9 special local rulesets (1 and 2) 4362 4363$Revision: 8.623.2.18 $, Last updated $Date: 2002/12/29 04:16:51 $ 4364