README revision 112810
1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide (doc/op/op.me). 8 9To get started, you may want to look at tcpproto.mc (for TCP-only 10sites) and clientproto.mc (for clusters of clients using a single 11mail host), or the generic-*.mc files as operating system-specific 12examples. 13 14Table of Content: 15 16INTRODUCTION AND EXAMPLE 17A BRIEF INTRODUCTION TO M4 18FILE LOCATIONS 19OSTYPE 20DOMAINS 21MAILERS 22FEATURES 23HACKS 24SITE CONFIGURATION 25USING UUCP MAILERS 26TWEAKING RULESETS 27MASQUERADING AND RELAYING 28USING LDAP FOR ALIASES, MAPS, AND CLASSES 29LDAP ROUTING 30ANTI-SPAM CONFIGURATION CONTROL 31STARTTLS 32SMTP AUTHENTICATION 33ADDING NEW MAILERS OR RULESETS 34ADDING NEW MAIL FILTERS 35QUEUE GROUP DEFINITIONS 36NON-SMTP BASED CONFIGURATIONS 37WHO AM I? 38ACCEPTING MAIL FOR MULTIPLE NAMES 39USING MAILERTABLES 40USING USERDB TO MAP FULL NAMES 41MISCELLANEOUS SPECIAL FEATURES 42SECURITY NOTES 43TWEAKING CONFIGURATION OPTIONS 44MESSAGE SUBMISSION PROGRAM 45FORMAT OF FILES AND MAPS 46DIRECTORY LAYOUT 47ADMINISTRATIVE DETAILS 48 49 50+--------------------------+ 51| INTRODUCTION AND EXAMPLE | 52+--------------------------+ 53 54Configuration files are contained in the subdirectory "cf", with a 55suffix ".mc". They must be run through "m4" to produce a ".cf" file. 56You must pre-load "cf.m4": 57 58 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 59 60Alternatively, you can simply: 61 62 cd ${CFDIR}/cf 63 ./Build config.cf 64 65where ${CFDIR} is the root of the cf directory and config.mc is the 66name of your configuration file. If you are running a version of M4 67that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 68this, but the versions distributed with 4.4BSD and derivatives do not) 69or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 70For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 71use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 72 73 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 74 75Let's examine a typical .mc file: 76 77 divert(-1) 78 # 79 # Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. 80 # All rights reserved. 81 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 82 # Copyright (c) 1988, 1993 83 # The Regents of the University of California. All rights reserved. 84 # 85 # By using this file, you agree to the terms and conditions set 86 # forth in the LICENSE file which can be found at the top level of 87 # the sendmail distribution. 88 # 89 90 # 91 # This is a Berkeley-specific configuration file for HP-UX 9.x. 92 # It applies only to the Computer Science Division at Berkeley, 93 # and should not be used elsewhere. It is provided on the sendmail 94 # distribution as a sample only. To create your own configuration 95 # file, create an appropriate domain file in ../domain, change the 96 # `DOMAIN' macro below to reference that file, and copy the result 97 # to a name of your own choosing. 98 # 99 divert(0) 100 101The divert(-1) will delete the crud in the resulting output file. 102The copyright notice can be replaced by whatever your lawyers require; 103our lawyers require the one that is included in these files. A copyleft 104is a copyright by another name. The divert(0) restores regular output. 105 106 VERSIONID(`<SCCS or RCS version id>') 107 108VERSIONID is a macro that stuffs the version information into the 109resulting file. You could use SCCS, RCS, CVS, something else, or 110omit it completely. This is not the same as the version id included 111in SMTP greeting messages -- this is defined in m4/version.m4. 112 113 OSTYPE(`hpux9')dnl 114 115You must specify an OSTYPE to properly configure things such as the 116pathname of the help and status files, the flags needed for the local 117mailer, and other important things. If you omit it, you will get an 118error when you try to build the configuration. Look at the ostype 119directory for the list of known operating system types. 120 121 DOMAIN(`CS.Berkeley.EDU')dnl 122 123This example is specific to the Computer Science Division at Berkeley. 124You can use "DOMAIN(`generic')" to get a sufficiently bland definition 125that may well work for you, or you can create a customized domain 126definition appropriate for your environment. 127 128 MAILER(`local') 129 MAILER(`smtp') 130 131These describe the mailers used at the default CS site. The local 132mailer is always included automatically. Beware: MAILER declarations 133should always be at the end of the configuration file. The general 134rules are that the order should be: 135 136 VERSIONID 137 OSTYPE 138 DOMAIN 139 FEATURE 140 local macro definitions 141 MAILER 142 LOCAL_CONFIG 143 LOCAL_RULE_* 144 LOCAL_RULESETS 145 146There are a few exceptions to this rule. Local macro definitions which 147influence a FEATURE() should be done before that feature. For example, 148a define(`PROCMAIL_MAILER_PATH', ...) should be done before 149FEATURE(`local_procmail'). 150 151******************************************************************* 152*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 153*** Berkeley-specific assumptions built in, such as the name *** 154*** of their UUCP-relay. You'll want to create your own *** 155*** domain description, and use that in place of *** 156*** domain/Berkeley.EDU.m4. *** 157******************************************************************* 158 159 160+----------------------------+ 161| A BRIEF INTRODUCTION TO M4 | 162+----------------------------+ 163 164Sendmail uses the M4 macro processor to ``compile'' the configuration 165files. The most important thing to know is that M4 is stream-based, 166that is, it doesn't understand about lines. For this reason, in some 167places you may see the word ``dnl'', which stands for ``delete 168through newline''; essentially, it deletes all characters starting 169at the ``dnl'' up to and including the next newline character. In 170most cases sendmail uses this only to avoid lots of unnecessary 171blank lines in the output. 172 173Other important directives are define(A, B) which defines the macro 174``A'' to have value ``B''. Macros are expanded as they are read, so 175one normally quotes both values to prevent expansion. For example, 176 177 define(`SMART_HOST', `smart.foo.com') 178 179One word of warning: M4 macros are expanded even in lines that appear 180to be comments. For example, if you have 181 182 # See FEATURE(`foo') above 183 184it will not do what you expect, because the FEATURE(`foo') will be 185expanded. This also applies to 186 187 # And then define the $X macro to be the return address 188 189because ``define'' is an M4 keyword. If you want to use them, surround 190them with directed quotes, `like this'. 191 192Since m4 uses single quotes (opening "`" and closing "'") to quote 193arguments, those quotes can't be used in arguments. For example, 194it is not possible to define a rejection message containing a single 195quote. Usually there are simple workarounds by changing those 196messages; in the worst case it might be ok to change the value 197directly in the generated .cf file, which however is not advised. 198 199 200Notice: 201------- 202 203This package requires a post-V7 version of m4; if you are running the 2044.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or 205BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works. 206Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a 207Net/2 or GNU version. GNU m4 is available from 208ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version). 209EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU 210m4 on this platform. 211 212 213+----------------+ 214| FILE LOCATIONS | 215+----------------+ 216 217sendmail 8.9 has introduced a new configuration directory for sendmail 218related files, /etc/mail. The new files available for sendmail 8.9 -- 219the class {R} /etc/mail/relay-domains and the access database 220/etc/mail/access -- take advantage of this new directory. Beginning with 2218.10, all files will use this directory by default (some options may be 222set by OSTYPE() files). This new directory should help to restore 223uniformity to sendmail's file locations. 224 225Below is a table of some of the common changes: 226 227Old filename New filename 228------------ ------------ 229/etc/bitdomain /etc/mail/bitdomain 230/etc/domaintable /etc/mail/domaintable 231/etc/genericstable /etc/mail/genericstable 232/etc/uudomain /etc/mail/uudomain 233/etc/virtusertable /etc/mail/virtusertable 234/etc/userdb /etc/mail/userdb 235 236/etc/aliases /etc/mail/aliases 237/etc/sendmail/aliases /etc/mail/aliases 238/etc/ucbmail/aliases /etc/mail/aliases 239/usr/adm/sendmail/aliases /etc/mail/aliases 240/usr/lib/aliases /etc/mail/aliases 241/usr/lib/mail/aliases /etc/mail/aliases 242/usr/ucblib/aliases /etc/mail/aliases 243 244/etc/sendmail.cw /etc/mail/local-host-names 245/etc/mail/sendmail.cw /etc/mail/local-host-names 246/etc/sendmail/sendmail.cw /etc/mail/local-host-names 247 248/etc/sendmail.ct /etc/mail/trusted-users 249 250/etc/sendmail.oE /etc/mail/error-header 251 252/etc/sendmail.hf /etc/mail/helpfile 253/etc/mail/sendmail.hf /etc/mail/helpfile 254/usr/ucblib/sendmail.hf /etc/mail/helpfile 255/etc/ucbmail/sendmail.hf /etc/mail/helpfile 256/usr/lib/sendmail.hf /etc/mail/helpfile 257/usr/share/lib/sendmail.hf /etc/mail/helpfile 258/usr/share/misc/sendmail.hf /etc/mail/helpfile 259/share/misc/sendmail.hf /etc/mail/helpfile 260 261/etc/service.switch /etc/mail/service.switch 262 263/etc/sendmail.st /etc/mail/statistics 264/etc/mail/sendmail.st /etc/mail/statistics 265/etc/mailer/sendmail.st /etc/mail/statistics 266/etc/sendmail/sendmail.st /etc/mail/statistics 267/usr/lib/sendmail.st /etc/mail/statistics 268/usr/ucblib/sendmail.st /etc/mail/statistics 269 270Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR 271to create the pathnames. The default value of this variable is 272`/etc/mail/'. If you set this macro to a different value, you MUST include 273a trailing slash. 274 275Notice: all filenames used in a .mc (or .cf) file should be absolute 276(starting at the root, i.e., with '/'). Relative filenames most 277likely cause surprises during operations (unless otherwise noted). 278 279 280+--------+ 281| OSTYPE | 282+--------+ 283 284You MUST define an operating system environment, or the configuration 285file build will puke. There are several environments available; look 286at the "ostype" directory for the current list. This macro changes 287things like the location of the alias file and queue directory. Some 288of these files are identical to one another. 289 290It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 291In general, the OSTYPE macro should go immediately after any version 292information, and MAILER definitions should always go last. 293 294Operating system definitions are usually easy to write. They may define 295the following variables (everything defaults, so an ostype file may be 296empty). Unfortunately, the list of configuration-supported systems is 297not as broad as the list of source-supported systems, since many of 298the source contributors do not include corresponding ostype files. 299 300ALIAS_FILE [/etc/mail/aliases] The location of the text version 301 of the alias file(s). It can be a comma-separated 302 list of names (but be sure you quote values with 303 commas in them -- for example, use 304 define(`ALIAS_FILE', `a,b') 305 to get "a" and "b" both listed as alias files; 306 otherwise the define() primitive only sees "a"). 307HELP_FILE [/etc/mail/helpfile] The name of the file 308 containing information printed in response to 309 the SMTP HELP command. 310QUEUE_DIR [/var/spool/mqueue] The directory containing 311 queue files. To use multiple queues, supply 312 a value ending with an asterisk. For 313 example, /var/spool/mqueue/qd* will use all of the 314 directories or symbolic links to directories 315 beginning with 'qd' in /var/spool/mqueue as queue 316 directories. The names 'qf', 'df', and 'xf' are 317 reserved as specific subdirectories for the 318 corresponding queue file types as explained in 319 doc/op/op.me. See also QUEUE GROUP DEFINITIONS. 320MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing 321 queue files for the MSP (Mail Submission Program, 322 see sendmail/SECURITY). 323STATUS_FILE [/etc/mail/statistics] The file containing status 324 information. 325LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 326LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The 327 flags lsDFMAw5:/|@q are always included. 328LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 329 mail. 330LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 331 mail that you are willing to accept. 332LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of 333 messages to deliver in a single connection. Only 334 useful for LMTP local mailers. 335LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 336 that ARRIVE from an address that resolves to the 337 local mailer and which are converted to MIME will be 338 labeled with this character set. 339LOCAL_MAILER_EOL [undefined] If defined, the string to use as the 340 end of line for the local mailer. 341LOCAL_MAILER_DSN_DIAGNOSTIC_CODE 342 [X-Unix] The DSN Diagnostic-Code value for the 343 local mailer. This should be changed with care. 344LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 345LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 346 flags lsDFM are always included. 347LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 348 mail. 349LOCAL_SHELL_DIR [$z:/] The directory search path in which the 350 shell should run. 351LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer. 352USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 353 used to submit news. 354USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer. 355USENET_MAILER_ARGS [-m -h -n] The command line arguments for the 356 usenet mailer. NOTE: Some versions of inews 357 (such as those shipped with newer versions of INN) 358 use different flags. Double check the defaults 359 against the inews man page. 360USENET_MAILER_MAX [undefined] The maximum size of messages that will 361 be accepted by the usenet mailer. 362USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer. 363SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 364 flags are `mDFMuX' for all SMTP-based mailers; the 365 "esmtp" mailer adds `a'; "smtp8" adds `8'; and 366 "dsmtp" adds `%'. 367RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default 368 flags are `mDFMuX' for all SMTP-based mailers; the 369 relay mailer adds `a8'. If this is not defined, 370 then SMTP_MAILER_FLAGS is used. 371SMTP_MAILER_MAX [undefined] The maximum size of messages that will 372 be transported using the smtp, smtp8, esmtp, or dsmtp 373 mailers. 374SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of 375 messages to deliver in a single connection for the 376 smtp, smtp8, esmtp, or dsmtp mailers. 377SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 378 recipients to deliver in a single connection for the 379 smtp, smtp8, esmtp, or dsmtp mailers. 380SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. 381 About the only reason you would want to change this 382 would be to change the default port. 383ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. 384SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. 385DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. 386RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. 387SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer. 388ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer. 389SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer. 390DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer. 391RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer. 392RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of 393 messages to deliver in a single connection for the 394 relay mailer. 395SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 396 that ARRIVE from an address that resolves to one of 397 the SMTP mailers and which are converted to MIME will 398 be labeled with this character set. 399UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 400UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 401 flags are `DFMhuU' (and `m' for uucp-new mailer, 402 minus `U' for uucp-dom mailer). 403UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 404 passed to the UUCP mailer. 405UUCP_MAILER_MAX [100000] The maximum size message accepted for 406 transmission by the UUCP mailers. 407UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 408 that ARRIVE from an address that resolves to one of 409 the UUCP mailers and which are converted to MIME will 410 be labeled with this character set. 411UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers. 412FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 413 submit FAX messages. 414FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 415 mailer. 416FAX_MAILER_MAX [100000] The maximum size message accepted for 417 transmission by FAX. 418POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 419POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq 420 are always added. 421POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 422POP_MAILER_QGRP [undefined] The queue group for the pop mailer. 423PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 424 program. This is also used by 425 FEATURE(`local_procmail'). 426PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 427 DFM are always set. This is NOT used by 428 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 429 instead. 430PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 431 the Procmail mailer. This is NOT used by 432 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 433 instead. 434PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 435 will be accepted by the procmail mailer. 436PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer. 437MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 438MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 439MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 440 mailer. 441MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer. 442PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 443 program. 444PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM 445 are always set. 446PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 447PH_MAILER_QGRP [undefined] The queue group for the ph mailer. 448CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The 449 flags lsDFMnPq are always included. 450CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 451 cyrus mail. 452CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 453 to deliver cyrus mail. 454CYRUS_MAILER_MAX [undefined] If set, the maximum size message that 455 will be accepted by the cyrus mailer. 456CYRUS_MAILER_USER [cyrus:mail] The user and group to become when 457 running the cyrus mailer. 458CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer. 459CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. 460 The flags lsDFMnP are always included. 461CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 462 to deliver cyrusbb mail. 463CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The 464 flags lsDFMnqXz are always included. 465CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of 466 messages to deliver in a single connection for the 467 cyrusv2 mailer. 468CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 469 recipients to deliver in a single connection for the 470 cyrusv2 mailer. 471CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed 472 to the cyrusv2 mailer. This can be used to 473 change the name of the Unix domain socket, or 474 to switch to delivery via TCP (e.g., `TCP $h lmtp') 475CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer. 476CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 477 that ARRIVE from an address that resolves to one the 478 Cyrus mailer and which are converted to MIME will 479 be labeled with this character set. 480confEBINDIR [/usr/libexec] The directory for executables. 481 Currently used for FEATURE(`local_lmtp') and 482 FEATURE(`smrsh'). 483QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer. 484QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver 485 qpage mail. 486QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed 487 to deliver qpage mail. 488QPAGE_MAILER_MAX [4096] If set, the maximum size message that 489 will be accepted by the qpage mailer. 490QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer. 491LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer. 492 493Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: 494MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of 495the macro Name_MAILER_FLAGS and change can be: flags that should 496be used directly (thus overriding the default value), or if it 497starts with `+' (`-') then those flags are added to (removed from) 498the default value. Example: 499 500 MODIFY_MAILER_FLAGS(`LOCAL', `+e') 501 502will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are 503several smtp mailers all of which are manipulated individually. 504See the section MAILERS for the available mailer names. 505WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS 506unconditionally, i.e., without respecting any definitions in an 507OSTYPE setting. 508 509 510+---------+ 511| DOMAINS | 512+---------+ 513 514You will probably want to collect domain-dependent defines into one 515file, referenced by the DOMAIN macro. For example, the Berkeley 516domain file includes definitions for several internal distinguished 517hosts: 518 519UUCP_RELAY The host that will accept UUCP-addressed email. 520 If not defined, all UUCP sites must be directly 521 connected. 522BITNET_RELAY The host that will accept BITNET-addressed email. 523 If not defined, the .BITNET pseudo-domain won't work. 524DECNET_RELAY The host that will accept DECNET-addressed email. 525 If not defined, the .DECNET pseudo-domain and addresses 526 of the form node::user will not work. 527FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 528 The "fax" mailer overrides this value. 529LOCAL_RELAY The site that will handle unqualified names -- that 530 is, names without an @domain extension. 531 Normally MAIL_HUB is preferred for this function. 532 LOCAL_RELAY is mostly useful in conjunction with 533 FEATURE(`stickyhost') -- see the discussion of 534 stickyhost below. If not set, they are assumed to 535 belong on this machine. This allows you to have a 536 central site to store a company- or department-wide 537 alias database. This only works at small sites, 538 and only with some user agents. 539LUSER_RELAY The site that will handle lusers -- that is, apparently 540 local names that aren't local accounts or aliases. To 541 specify a local user instead of a site, set this to 542 ``local:username''. 543 544Any of these can be either ``mailer:hostname'' (in which case the 545mailer is the internal mailer name, such as ``uucp-new'' and the hostname 546is the name of the host as appropriate for that mailer) or just a 547``hostname'', in which case a default mailer type (usually ``relay'', 548a variant on SMTP) is used. WARNING: if you have a wildcard MX 549record matching your domain, you probably want to define these to 550have a trailing dot so that you won't get the mail diverted back 551to yourself. 552 553The domain file can also be used to define a domain name, if needed 554(using "DD<domain>") and set certain site-wide features. If all hosts 555at your site masquerade behind one email name, you could also use 556MASQUERADE_AS here. 557 558You do not have to define a domain -- in particular, if you are a 559single machine sitting off somewhere, it is probably more work than 560it's worth. This is just a mechanism for combining "domain dependent 561knowledge" into one place. 562 563 564+---------+ 565| MAILERS | 566+---------+ 567 568There are fewer mailers supported in this version than the previous 569version, owing mostly to a simpler world. As a general rule, put the 570MAILER definitions last in your .mc file. 571 572local The local and prog mailers. You will almost always 573 need these; the only exception is if you relay ALL 574 your mail to another site. This mailer is included 575 automatically. 576 577smtp The Simple Mail Transport Protocol mailer. This does 578 not hide hosts behind a gateway or another other 579 such hack; it assumes a world where everyone is 580 running the name server. This file actually defines 581 five mailers: "smtp" for regular (old-style) SMTP to 582 other servers, "esmtp" for extended SMTP to other 583 servers, "smtp8" to do SMTP to other servers without 584 converting 8-bit data to MIME (essentially, this is 585 your statement that you know the other end is 8-bit 586 clean even if it doesn't say so), "dsmtp" to do on 587 demand delivery, and "relay" for transmission to the 588 RELAY_HOST, LUSER_RELAY, or MAIL_HUB. 589 590uucp The UNIX-to-UNIX Copy Program mailer. Actually, this 591 defines two mailers, "uucp-old" (a.k.a. "uucp") and 592 "uucp-new" (a.k.a. "suucp"). The latter is for when you 593 know that the UUCP mailer at the other end can handle 594 multiple recipients in one transfer. If the smtp mailer 595 is included in your configuration, two other mailers 596 ("uucp-dom" and "uucp-uudom") are also defined [warning: you 597 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you 598 include the uucp mailer, sendmail looks for all names in 599 class {U} and sends them to the uucp-old mailer; all 600 names in class {Y} are sent to uucp-new; and all 601 names in class {Z} are sent to uucp-uudom. Note that 602 this is a function of what version of rmail runs on 603 the receiving end, and hence may be out of your control. 604 See the section below describing UUCP mailers in more 605 detail. 606 607usenet Usenet (network news) delivery. If this is specified, 608 an extra rule is added to ruleset 0 that forwards all 609 local email for users named ``group.usenet'' to the 610 ``inews'' program. Note that this works for all groups, 611 and may be considered a security problem. 612 613fax Facsimile transmission. This is experimental and based 614 on Sam Leffler's HylaFAX software. For more information, 615 see http://www.hylafax.org/. 616 617pop Post Office Protocol. 618 619procmail An interface to procmail (does not come with sendmail). 620 This is designed to be used in mailertables. For example, 621 a common question is "how do I forward all mail for a given 622 domain to a single person?". If you have this mailer 623 defined, you could set up a mailertable reading: 624 625 host.com procmail:/etc/procmailrcs/host.com 626 627 with the file /etc/procmailrcs/host.com reading: 628 629 :0 # forward mail for host.com 630 ! -oi -f $1 person@other.host 631 632 This would arrange for (anything)@host.com to be sent 633 to person@other.host. In a procmail script, $1 is the 634 name of the sender and $2 is the name of the recipient. 635 If you use this with FEATURE(`local_procmail'), the FEATURE 636 should be listed first. 637 638 Of course there are other ways to solve this particular 639 problem, e.g., a catch-all entry in a virtusertable. 640 641mail11 The DECnet mail11 mailer, useful only if you have the mail11 642 program from gatekeeper.dec.com:/pub/DEC/gwtools (and 643 DECnet, of course). This is for Phase IV DECnet support; 644 if you have Phase V at your site you may have additional 645 problems. 646 647phquery The phquery program. This is somewhat counterintuitively 648 referenced as the "ph" mailer internally. It can be used 649 to do CCSO name server lookups. The phquery program, which 650 this mailer uses, is distributed with the ph client. 651 652cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 653 a local cyrus user. this mailer can make use of the 654 "user+detail@local.host" syntax (see 655 FEATURE(`preserve_local_plus_detail')); it will deliver the 656 mail to the user's "detail" mailbox if the mailbox's ACL 657 permits. The cyrusbb mailer delivers to a system-wide 658 cyrus mailbox if the mailbox's ACL permits. The cyrus 659 mailer must be defined after the local mailer. 660 661cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to 662 local cyrus users via LMTP. This mailer can make use of the 663 "user+detail@local.host" syntax (see 664 FEATURE(`preserve_local_plus_detail')); it will deliver the 665 mail to the user's "detail" mailbox if the mailbox's ACL 666 permits. The cyrusv2 mailer must be defined after the 667 local mailer. 668 669qpage A mailer for QuickPage, a pager interface. See 670 http://www.qpage.org/ for further information. 671 672The local mailer accepts addresses of the form "user+detail", where 673the "+detail" is not used for mailbox matching but is available 674to certain local mail programs (in particular, see 675FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 676"eric+sww" all indicate the same user, but additional arguments <null>, 677"sendmail", and "sww" may be provided for use in sorting mail. 678 679 680+----------+ 681| FEATURES | 682+----------+ 683 684Special features can be requested using the "FEATURE" macro. For 685example, the .mc line: 686 687 FEATURE(`use_cw_file') 688 689tells sendmail that you want to have it read an /etc/mail/local-host-names 690file to get values for class {w}. A FEATURE may contain up to 9 691optional parameters -- for example: 692 693 FEATURE(`mailertable', `dbm /usr/lib/mailertable') 694 695The default database map type for the table features can be set with 696 697 define(`DATABASE_MAP_TYPE', `dbm') 698 699which would set it to use ndbm databases. The default is the Berkeley DB 700hash database format. Note that you must still declare a database map type 701if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 702if no argument is given for the FEATURE. It must be specified before any 703feature that uses a map. 704 705Also, features which can take a map definition as an argument can also take 706the special keyword `LDAP'. If that keyword is used, the map will use the 707LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND 708CLASSES'' section below. 709 710Available features are: 711 712use_cw_file Read the file /etc/mail/local-host-names file to get 713 alternate names for this host. This might be used if you 714 were on a host that MXed for a dynamic set of other hosts. 715 If the set is static, just including the line "Cw<name1> 716 <name2> ..." (where the names are fully qualified domain 717 names) is probably superior. The actual filename can be 718 overridden by redefining confCW_FILE. 719 720use_ct_file Read the file /etc/mail/trusted-users file to get the 721 names of users that will be ``trusted'', that is, able to 722 set their envelope from address using -f without generating 723 a warning message. The actual filename can be overridden 724 by redefining confCT_FILE. 725 726redirect Reject all mail addressed to "address.REDIRECT" with 727 a ``551 User has moved; please try <address>'' message. 728 If this is set, you can alias people who have left 729 to their new address with ".REDIRECT" appended. 730 731nouucp Don't route UUCP addresses. This feature takes one 732 parameter: 733 `reject': reject addresses which have "!" in the local 734 part unless it originates from a system 735 that is allowed to relay. 736 `nospecial': don't do anything special with "!". 737 Warnings: 1. See the notice in the anti-spam section. 738 2. don't remove "!" from OperatorChars if `reject' is 739 given as parameter. 740 741nocanonify Don't pass addresses to $[ ... $] for canonification 742 by default, i.e., host/domain names are considered canonical, 743 except for unqualified names, which must not be used in this 744 mode (violation of the standard). It can be changed by 745 setting the DaemonPortOptions modifiers (M=). That is, 746 FEATURE(`nocanonify') will be overridden by setting the 747 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, 748 it can be emulated by setting the 'C' flag 749 (DaemonPortOptions=Modifiers=C). This would generally only 750 be used by sites that only act as mail gateways or which have 751 user agents that do full canonification themselves. You may 752 also want to use 753 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off 754 the usual resolver options that do a similar thing. 755 756 An exception list for FEATURE(`nocanonify') can be 757 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 758 i.e., a list of domains which are nevertheless passed to 759 $[ ... $] for canonification. This is useful to turn on 760 canonification for local domains, e.g., use 761 CANONIFY_DOMAIN(`my.domain my') to canonify addresses 762 which end in "my.domain" or "my". 763 Another way to require canonification in the local 764 domain is CANONIFY_DOMAIN(`$=m'). 765 766 A trailing dot is added to addresses with more than 767 one component in it such that other features which 768 expect a trailing dot (e.g., virtusertable) will 769 still work. 770 771 If `canonify_hosts' is specified as parameter, i.e., 772 FEATURE(`nocanonify', `canonify_hosts'), then 773 addresses which have only a hostname, e.g., 774 <user@host>, will be canonified (and hopefully fully 775 qualified), too. 776 777stickyhost This feature is sometimes used with LOCAL_RELAY, 778 although it can be used for a different effect with 779 MAIL_HUB. 780 781 When used without MAIL_HUB, email sent to 782 "user@local.host" are marked as "sticky" -- that 783 is, the local addresses aren't matched against UDB, 784 don't go through ruleset 5, and are not forwarded to 785 the LOCAL_RELAY (if defined). 786 787 With MAIL_HUB, mail addressed to "user@local.host" 788 is forwarded to the mail hub, with the envelope 789 address still remaining "user@local.host". 790 Without stickyhost, the envelope would be changed 791 to "user@mail_hub", in order to protect against 792 mailing loops. 793 794mailertable Include a "mailer table" which can be used to override 795 routing for particular domains (which are not in class {w}, 796 i.e. local host names). The argument of the FEATURE may be 797 the key definition. If none is specified, the definition 798 used is: 799 800 hash /etc/mail/mailertable 801 802 Keys in this database are fully qualified domain names 803 or partial domains preceded by a dot -- for example, 804 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a 805 special case of the latter, "." matches any domain not 806 covered by other keys. Values must be of the form: 807 mailer:domain 808 where "mailer" is the internal mailer name, and "domain" 809 is where to send the message. These maps are not 810 reflected into the message header. As a special case, 811 the forms: 812 local:user 813 will forward to the indicated user using the local mailer, 814 local: 815 will forward to the original user in the e-mail address 816 using the local mailer, and 817 error:code message 818 error:D.S.N:code message 819 will give an error message with the indicated SMTP reply 820 code and message, where D.S.N is an RFC 1893 compliant 821 error code. 822 823domaintable Include a "domain table" which can be used to provide 824 domain name mapping. Use of this should really be 825 limited to your own domains. It may be useful if you 826 change names (e.g., your company changes names from 827 oldname.com to newname.com). The argument of the 828 FEATURE may be the key definition. If none is specified, 829 the definition used is: 830 831 hash /etc/mail/domaintable 832 833 The key in this table is the domain name; the value is 834 the new (fully qualified) domain. Anything in the 835 domaintable is reflected into headers; that is, this 836 is done in ruleset 3. 837 838bitdomain Look up bitnet hosts in a table to try to turn them into 839 internet addresses. The table can be built using the 840 bitdomain program contributed by John Gardiner Myers. 841 The argument of the FEATURE may be the key definition; if 842 none is specified, the definition used is: 843 844 hash /etc/mail/bitdomain 845 846 Keys are the bitnet hostname; values are the corresponding 847 internet hostname. 848 849uucpdomain Similar feature for UUCP hosts. The default map definition 850 is: 851 852 hash /etc/mail/uudomain 853 854 At the moment there is no automagic tool to build this 855 database. 856 857always_add_domain 858 Include the local host domain even on locally delivered 859 mail. Normally it is not added on unqualified names. 860 However, if you use a shared message store but do not use 861 the same user name space everywhere, you may need the host 862 name on local names. An optional argument specifies 863 another domain to be added than the local. 864 865allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 866 feature will cause recipient addresses to also masquerade 867 as being from the masquerade host. Normally they get 868 the local hostname. Although this may be right for 869 ordinary users, it can break local aliases. For example, 870 if you send to "localalias", the originating sendmail will 871 find that alias and send to all members, but send the 872 message with "To: localalias@masqueradehost". Since that 873 alias likely does not exist, replies will fail. Use this 874 feature ONLY if you can guarantee that the ENTIRE 875 namespace on your masquerade host supersets all the 876 local entries. 877 878limited_masquerade 879 Normally, any hosts listed in class {w} are masqueraded. If 880 this feature is given, only the hosts listed in class {M} (see 881 below: MASQUERADE_DOMAIN) are masqueraded. This is useful 882 if you have several domains with disjoint namespaces hosted 883 on the same machine. 884 885masquerade_entire_domain 886 If masquerading is enabled (using MASQUERADE_AS) and 887 MASQUERADE_DOMAIN (see below) is set, this feature will 888 cause addresses to be rewritten such that the masquerading 889 domains are actually entire domains to be hidden. All 890 hosts within the masquerading domains will be rewritten 891 to the masquerade name (used in MASQUERADE_AS). For example, 892 if you have: 893 894 MASQUERADE_AS(`masq.com') 895 MASQUERADE_DOMAIN(`foo.org') 896 MASQUERADE_DOMAIN(`bar.com') 897 898 then *foo.org and *bar.com are converted to masq.com. Without 899 this feature, only foo.org and bar.com are masqueraded. 900 901 NOTE: only domains within your jurisdiction and 902 current hierarchy should be masqueraded using this. 903 904local_no_masquerade 905 This feature prevents the local mailer from masquerading even 906 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect 907 on addresses of mail going outside the local domain. 908 909masquerade_envelope 910 If masquerading is enabled (using MASQUERADE_AS) or the 911 genericstable is in use, this feature will cause envelope 912 addresses to also masquerade as being from the masquerade 913 host. Normally only the header addresses are masqueraded. 914 915genericstable This feature will cause unqualified addresses (i.e., without 916 a domain) and addresses with a domain listed in class {G} 917 to be looked up in a map and turned into another ("generic") 918 form, which can change both the domain name and the user name. 919 Notice: if you use an MSP (as it is default starting with 920 8.12), the MTA will only receive qualified addresses from the 921 MSP (as required by the RFCs). Hence you need to add your 922 domain to class {G}. This feature is similar to the userdb 923 functionality. The same types of addresses as for 924 masquerading are looked up, i.e., only header sender 925 addresses unless the allmasquerade and/or masquerade_envelope 926 features are given. Qualified addresses must have the domain 927 part in class {G}; entries can be added to this class by the 928 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously 929 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 930 931 The argument of FEATURE(`genericstable') may be the map 932 definition; the default map definition is: 933 934 hash /etc/mail/genericstable 935 936 The key for this table is either the full address, the domain 937 (with a leading @; the localpart is passed as first argument) 938 or the unqualified username (tried in the order mentioned); 939 the value is the new user address. If the new user address 940 does not include a domain, it will be qualified in the standard 941 manner, i.e., using $j or the masquerade name. Note that the 942 address being looked up must be fully qualified. For local 943 mail, it is necessary to use FEATURE(`always_add_domain') 944 for the addresses to be qualified. 945 The "+detail" of an address is passed as %1, so entries like 946 947 old+*@foo.org new+%1@example.com 948 gen+*@foo.org %1@example.com 949 950 and other forms are possible. 951 952generics_entire_domain 953 If the genericstable is enabled and GENERICS_DOMAIN or 954 GENERICS_DOMAIN_FILE is used, this feature will cause 955 addresses to be searched in the map if their domain 956 parts are subdomains of elements in class {G}. 957 958virtusertable A domain-specific form of aliasing, allowing multiple 959 virtual domains to be hosted on one machine. For example, 960 if the virtuser table contained: 961 962 info@foo.com foo-info 963 info@bar.com bar-info 964 joe@bar.com error:nouser 550 No such user here 965 jax@bar.com error:5.7.0:550 Address invalid 966 @baz.org jane@example.net 967 968 then mail addressed to info@foo.com will be sent to the 969 address foo-info, mail addressed to info@bar.com will be 970 delivered to bar-info, and mail addressed to anyone at baz.org 971 will be sent to jane@example.net, mail to joe@bar.com will 972 be rejected with the specified error message, and mail to 973 jax@bar.com will also have a RFC 1893 compliant error code 974 5.7.0. 975 976 The username from the original address is passed 977 as %1 allowing: 978 979 @foo.org %1@example.com 980 981 meaning someone@foo.org will be sent to someone@example.com. 982 Additionally, if the local part consists of "user+detail" 983 then "detail" is passed as %2 and "+detail" is passed as %3 984 when a match against user+* is attempted, so entries like 985 986 old+*@foo.org new+%2@example.com 987 gen+*@foo.org %2@example.com 988 +*@foo.org %1%3@example.com 989 X++@foo.org Z%3@example.com 990 @bar.org %1%3 991 992 and other forms are possible. Note: to preserve "+detail" 993 for a default case (@domain) %1%3 must be used as RHS. 994 There are two wildcards after "+": "+" matches only a non-empty 995 detail, "*" matches also empty details, e.g., user+@foo.org 996 matches +*@foo.org but not ++@foo.org. This can be used 997 to ensure that the parameters %2 and %3 are not empty. 998 999 All the host names on the left hand side (foo.com, bar.com, 1000 and baz.org) must be in class {w} or class {VirtHost}. The 1001 latter can be defined by the macros VIRTUSER_DOMAIN or 1002 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1003 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or 1004 VIRTUSER_DOMAIN_FILE is used, then the entries of class 1005 {VirtHost} are added to class {R}, i.e., relaying is allowed 1006 to (and from) those domains. The default map definition is: 1007 1008 hash /etc/mail/virtusertable 1009 1010 A new definition can be specified as the second argument of 1011 the FEATURE macro, such as 1012 1013 FEATURE(`virtusertable', `dbm /etc/mail/virtusers') 1014 1015virtuser_entire_domain 1016 If the virtusertable is enabled and VIRTUSER_DOMAIN or 1017 VIRTUSER_DOMAIN_FILE is used, this feature will cause 1018 addresses to be searched in the map if their domain 1019 parts are subdomains of elements in class {VirtHost}. 1020 1021ldap_routing Implement LDAP-based e-mail recipient routing according to 1022 the Internet Draft draft-lachman-laser-ldap-mail-routing-01. 1023 This provides a method to re-route addresses with a 1024 domain portion in class {LDAPRoute} to either a 1025 different mail host or a different address. Hosts can 1026 be added to this class using LDAPROUTE_DOMAIN and 1027 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1028 MASQUERADE_DOMAIN_FILE, see below). 1029 1030 See the LDAP ROUTING section below for more information. 1031 1032nodns If you aren't running DNS at your site (for example, 1033 you are UUCP-only connected). It's hard to consider 1034 this a "feature", but hey, it had to go somewhere. 1035 Actually, as of 8.7 this is a no-op -- remove "dns" from 1036 the hosts service switch entry instead. 1037 1038nullclient This is a special case -- it creates a configuration file 1039 containing nothing but support for forwarding all mail to a 1040 central hub via a local SMTP-based network. The argument 1041 is the name of that hub. 1042 1043 The only other feature that should be used in conjunction 1044 with this one is FEATURE(`nocanonify'). No mailers 1045 should be defined. No aliasing or forwarding is done. 1046 1047local_lmtp Use an LMTP capable local mailer. The argument to this 1048 feature is the pathname of an LMTP capable mailer. By 1049 default, mail.local is used. This is expected to be the 1050 mail.local which came with the 8.9 distribution which is 1051 LMTP capable. The path to mail.local is set by the 1052 confEBINDIR m4 variable -- making the default 1053 LOCAL_MAILER_PATH /usr/libexec/mail.local. 1054 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1055 i.e., without respecting any definitions in an OSTYPE setting. 1056 1057local_procmail Use procmail or another delivery agent as the local mailer. 1058 The argument to this feature is the pathname of the 1059 delivery agent, which defaults to PROCMAIL_MAILER_PATH. 1060 Note that this does NOT use PROCMAIL_MAILER_FLAGS or 1061 PROCMAIL_MAILER_ARGS for the local mailer; tweak 1062 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or 1063 specify the appropriate parameters. When procmail is used, 1064 the local mailer can make use of the 1065 "user+indicator@local.host" syntax; normally the +indicator 1066 is just tossed, but by default it is passed as the -a 1067 argument to procmail. 1068 1069 This feature can take up to three arguments: 1070 1071 1. Path to the mailer program 1072 [default: /usr/local/bin/procmail] 1073 2. Argument vector including name of the program 1074 [default: procmail -Y -a $h -d $u] 1075 3. Flags for the mailer [default: SPfhn9] 1076 1077 Empty arguments cause the defaults to be taken. 1078 Note that if you are on a system with a broken 1079 setreuid() call, you may need to add -f $f to the procmail 1080 argument vector to pass the proper sender to procmail. 1081 1082 For example, this allows it to use the maildrop 1083 (http://www.flounder.net/~mrsam/maildrop/) mailer instead 1084 by specifying: 1085 1086 FEATURE(`local_procmail', `/usr/local/bin/maildrop', 1087 `maildrop -d $u') 1088 1089 or scanmails using: 1090 1091 FEATURE(`local_procmail', `/usr/local/bin/scanmails') 1092 1093 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1094 i.e., without respecting any definitions in an OSTYPE setting. 1095 1096bestmx_is_local Accept mail as though locally addressed for any host that 1097 lists us as the best possible MX record. This generates 1098 additional DNS traffic, but should be OK for low to 1099 medium traffic hosts. The argument may be a set of 1100 domains, which will limit the feature to only apply to 1101 these domains -- this will reduce unnecessary DNS 1102 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 1103 WILDCARD MX RECORDS!!! If you have a wildcard MX record 1104 that matches your domain, you cannot use this feature. 1105 1106smrsh Use the SendMail Restricted SHell (smrsh) provided 1107 with the distribution instead of /bin/sh for mailing 1108 to programs. This improves the ability of the local 1109 system administrator to control what gets run via 1110 e-mail. If an argument is provided it is used as the 1111 pathname to smrsh; otherwise, the path defined by 1112 confEBINDIR is used for the smrsh binary -- by default, 1113 /usr/libexec/smrsh is assumed. 1114 1115promiscuous_relay 1116 By default, the sendmail configuration files do not permit 1117 mail relaying (that is, accepting mail from outside your 1118 local host (class {w}) and sending it to another host than 1119 your local host). This option sets your site to allow 1120 mail relaying from any site to any site. In almost all 1121 cases, it is better to control relaying more carefully 1122 with the access map, class {R}, or authentication. Domains 1123 can be added to class {R} by the macros RELAY_DOMAIN or 1124 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1125 MASQUERADE_DOMAIN_FILE, see below). 1126 1127relay_entire_domain 1128 This option allows any host in your domain as defined by 1129 class {m} to use your server for relaying. Notice: make 1130 sure that your domain is not just a top level domain, 1131 e.g., com. This can happen if you give your host a name 1132 like example.com instead of host.example.com. 1133 1134relay_hosts_only 1135 By default, names that are listed as RELAY in the access 1136 db and class {R} are treated as domain names, not host names. 1137 For example, if you specify ``foo.com'', then mail to or 1138 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 1139 will all be accepted for relaying. This feature changes 1140 the behaviour to lookup individual host names only. 1141 1142relay_based_on_MX 1143 Turns on the ability to allow relaying based on the MX 1144 records of the host portion of an incoming recipient; that 1145 is, if an MX record for host foo.com points to your site, 1146 you will accept and relay mail addressed to foo.com. See 1147 description below for more information before using this 1148 feature. Also, see the KNOWNBUGS entry regarding bestmx 1149 map lookups. 1150 1151 FEATURE(`relay_based_on_MX') does not necessarily allow 1152 routing of these messages which you expect to be allowed, 1153 if route address syntax (or %-hack syntax) is used. If 1154 this is a problem, add entries to the access-table or use 1155 FEATURE(`loose_relay_check'). 1156 1157relay_mail_from 1158 Allows relaying if the mail sender is listed as RELAY in 1159 the access map. If an optional argument `domain' (this 1160 is the literal word `domain', not a placeholder) is given, 1161 relaying can be allowed just based on the domain portion 1162 of the sender address. This feature should only be used if 1163 absolutely necessary as the sender address can be easily 1164 forged. Use of this feature requires the "From:" tag to 1165 be used for the key in the access map; see the discussion 1166 of tags and FEATURE(`relay_mail_from') in the section on 1167 anti-spam configuration control. 1168 1169relay_local_from 1170 Allows relaying if the domain portion of the mail sender 1171 is a local host. This should only be used if absolutely 1172 necessary as it opens a window for spammers. Specifically, 1173 they can send mail to your mail server that claims to be 1174 from your domain (either directly or via a routed address), 1175 and you will go ahead and relay it out to arbitrary hosts 1176 on the Internet. 1177 1178accept_unqualified_senders 1179 Normally, MAIL FROM: commands in the SMTP session will be 1180 refused if the connection is a network connection and the 1181 sender address does not include a domain name. If your 1182 setup sends local mail unqualified (i.e., MAIL FROM: <joe>), 1183 you will need to use this feature to accept unqualified 1184 sender addresses. Setting the DaemonPortOptions modifier 1185 'u' overrides the default behavior, i.e., unqualified 1186 addresses are accepted even without this FEATURE. 1187 If this FEATURE is not used, the DaemonPortOptions modifier 1188 'f' can be used to enforce fully qualified addresses. 1189 1190accept_unresolvable_domains 1191 Normally, MAIL FROM: commands in the SMTP session will be 1192 refused if the host part of the argument to MAIL FROM: 1193 cannot be located in the host name service (e.g., an A or 1194 MX record in DNS). If you are inside a firewall that has 1195 only a limited view of the Internet host name space, this 1196 could cause problems. In this case you probably want to 1197 use this feature to accept all domains on input, even if 1198 they are unresolvable. 1199 1200access_db Turns on the access database feature. The access db gives 1201 you the ability to allow or refuse to accept mail from 1202 specified domains for administrative reasons. Moreover, 1203 it can control the behavior of sendmail in various situations. 1204 By default, the access database specification is: 1205 1206 hash -T<TMPF> /etc/mail/access 1207 1208 See the anti-spam configuration control section for further 1209 important information about this feature. Notice: 1210 "-T<TMPF>" is meant literal, do not replace it by anything. 1211 1212blacklist_recipients 1213 Turns on the ability to block incoming mail for certain 1214 recipient usernames, hostnames, or addresses. For 1215 example, you can block incoming mail to user nobody, 1216 host foo.mydomain.com, or guest@bar.mydomain.com. 1217 These specifications are put in the access db as 1218 described in the anti-spam configuration control section 1219 later in this document. 1220 1221delay_checks The rulesets check_mail and check_relay will not be called 1222 when a client connects or issues a MAIL command, respectively. 1223 Instead, those rulesets will be called by the check_rcpt 1224 ruleset; they will be skipped under certain circumstances. 1225 See "Delay all checks" in the anti-spam configuration control 1226 section. Note: this feature is incompatible to the versions 1227 in 8.10 and 8.11. 1228 1229dnsbl Turns on rejection of hosts found in an DNS based rejection 1230 list. If an argument is provided it is used as the domain 1231 in which blocked hosts are listed; otherwise it defaults to 1232 blackholes.mail-abuse.org. An explanation for an DNS based 1233 rejection list can be found at http://mail-abuse.org/rbl/. 1234 A second argument can be used to change the default error 1235 message. Without that second argument, the error message 1236 will be 1237 Rejected: IP-ADDRESS listed at SERVER 1238 where IP-ADDRESS and SERVER are replaced by the appropriate 1239 information. By default, temporary lookup failures are 1240 ignored. This behavior can be changed by specifying a 1241 third argument, which must be either `t' or a full error 1242 message. See the anti-spam configuration control section for 1243 an example. The dnsbl feature can be included several times 1244 to query different DNS based rejection lists. See also 1245 enhdnsbl for an enhanced version. 1246 1247 Set the DNSBL_MAP mc option to change the default map 1248 definition from `host'. Set the DNSBL_MAP_OPT mc option 1249 to add additional options to the map specification used. 1250 1251 Some DNS based rejection lists cause failures if asked 1252 for AAAA records. If your sendmail version is compiled 1253 with IPv6 support (NETINET6) and you experience this 1254 problem, add 1255 1256 define(`DNSBL_MAP', `dns -R A') 1257 1258 before the first use of this feature. Alternatively you 1259 can use enhdnsbl instead (see below). Moreover, this 1260 statement can be used to reduce the number of DNS retries, 1261 e.g., 1262 1263 define(`DNSBL_MAP', `dns -R A -r2') 1264 1265 See below (EDNSBL_TO) for an explanation. 1266 1267 NOTE: The default DNS blacklist, blackholes.mail-abuse.org, 1268 is a service offered by the Mail Abuse Prevention System 1269 (MAPS). As of July 31, 2001, MAPS is a subscription 1270 service, so using that network address won't work if you 1271 haven't subscribed. Contact MAPS to subscribe 1272 (http://mail-abuse.org/). 1273 1274enhdnsbl Enhanced version of dnsbl (see above). Further arguments 1275 (up to 5) can be used to specify specific return values 1276 from lookups. Temporary lookup failures are ignored unless 1277 a third argument is given, which must be either `t' or a full 1278 error message. By default, any successful lookup will 1279 generate an error. Otherwise the result of the lookup is 1280 compared with the supplied argument(s), and only if a match 1281 occurs an error is generated. For example, 1282 1283 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.') 1284 1285 will reject the e-mail if the lookup returns the value 1286 ``127.0.0.2.'', or generate a 451 response if the lookup 1287 temporarily failed. The arguments can contain metasymbols 1288 as they are allowed in the LHS of rules. As the example 1289 shows, the default values are also used if an empty argument, 1290 i.e., `', is specified. This feature requires that sendmail 1291 has been compiled with the flag DNSMAP (see sendmail/README). 1292 1293 Set the EDNSBL_TO mc option to change the DNS retry count 1294 from the default value of 5, this can be very useful when 1295 a DNS server is not responding, which in turn may cause 1296 clients to time out (an entry stating 1297 1298 did not issue MAIL/EXPN/VRFY/ETRN 1299 1300 will be logged). 1301 1302lookupdotdomain Look up also .domain in the access map. This allows to 1303 match only subdomains. It does not work well with 1304 FEATURE(`relay_hosts_only'), because most lookups for 1305 subdomains are suppressed by the latter feature. 1306 1307loose_relay_check 1308 Normally, if % addressing is used for a recipient, e.g. 1309 user%site@othersite, and othersite is in class {R}, the 1310 check_rcpt ruleset will strip @othersite and recheck 1311 user@site for relaying. This feature changes that 1312 behavior. It should not be needed for most installations. 1313 1314authinfo Provide a separate map for client side authentication 1315 information. See SMTP AUTHENTICATION for details. 1316 By default, the authinfo database specification is: 1317 1318 hash /etc/mail/authinfo 1319 1320preserve_luser_host 1321 Preserve the name of the recipient host if LUSER_RELAY is 1322 used. Without this option, the domain part of the 1323 recipient address will be replaced by the host specified as 1324 LUSER_RELAY. This feature only works if the hostname is 1325 passed to the mailer (see mailer triple in op.me). Note 1326 that in the default configuration the local mailer does not 1327 receive the hostname, i.e., the mailer triple has an empty 1328 hostname. 1329 1330preserve_local_plus_detail 1331 Preserve the +detail portion of the address when passing 1332 address to local delivery agent. Disables alias and 1333 .forward +detail stripping (e.g., given user+detail, only 1334 that address will be looked up in the alias file; user+* and 1335 user will not be looked up). Only use if the local 1336 delivery agent in use supports +detail addressing. 1337 1338compat_check Enable ruleset check_compat to look up pairs of addresses 1339 with the Compat: tag -- Compat:sender<@>recipient -- in the 1340 access map. Valid values for the RHS include 1341 DISCARD silently discard recipient 1342 TEMP: return a temporary error 1343 ERROR: return a permanent error 1344 In the last two cases, a 4xy/5xy SMTP reply code should 1345 follow the colon. 1346 1347no_default_msa Don't generate the default MSA daemon, i.e., 1348 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') 1349 To define a MSA daemon with other parameters, use this 1350 FEATURE and introduce new settings via DAEMON_OPTIONS(). 1351 1352msp Defines config file for Message Submission Program. 1353 See sendmail/SECURITY for details and cf/cf/submit.mc how 1354 to use it. An optional argument can be used to override 1355 the default of `[localhost]' to use as host to send all 1356 e-mails to. Note that MX records will be used if the 1357 specified hostname is not in square brackets (e.g., 1358 [hostname]). If `MSA' is specified as second argument then 1359 port 587 is used to contact the server. Example: 1360 1361 FEATURE(`msp', `', `MSA') 1362 1363 Some more hints about possible changes can be found below 1364 in the section MESSAGE SUBMISSION PROGRAM. 1365 1366 Note: Due to many problems, submit.mc uses 1367 1368 FEATURE(`msp', `[127.0.0.1]') 1369 1370 by default. If you have a machine with IPv6 only, 1371 change it to 1372 1373 FEATURE(`msp', `[IPv6:::1]') 1374 1375 If you want to continue using '[localhost]', (the behavior 1376 up to 8.12.6), use 1377 1378 FEATURE(`msp') 1379 1380queuegroup A simple example how to select a queue group based 1381 on the full e-mail address or the domain of the 1382 recipient. Selection is done via entries in the 1383 access map using the tag QGRP:, for example: 1384 1385 QGRP:example.com main 1386 QGRP:friend@some.org others 1387 QGRP:my.domain local 1388 1389 where "main", "others", and "local" are names of 1390 queue groups. If an argument is specified, it is used 1391 as default queue group. 1392 1393 Note: please read the warning in doc/op/op.me about 1394 queue groups and possible queue manipulations. 1395 1396+-------+ 1397| HACKS | 1398+-------+ 1399 1400Some things just can't be called features. To make this clear, 1401they go in the hack subdirectory and are referenced using the HACK 1402macro. These will tend to be site-dependent. The release 1403includes the Berkeley-dependent "cssubdomain" hack (that makes 1404sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 1405this is intended as a short-term aid while moving hosts into 1406subdomains. 1407 1408 1409+--------------------+ 1410| SITE CONFIGURATION | 1411+--------------------+ 1412 1413 ***************************************************** 1414 * This section is really obsolete, and is preserved * 1415 * only for back compatibility. You should plan on * 1416 * using mailertables for new installations. In * 1417 * particular, it doesn't work for the newer forms * 1418 * of UUCP mailers, such as uucp-uudom. * 1419 ***************************************************** 1420 1421Complex sites will need more local configuration information, such as 1422lists of UUCP hosts they speak with directly. This can get a bit more 1423tricky. For an example of a "complex" site, see cf/ucbvax.mc. 1424 1425The SITECONFIG macro allows you to indirectly reference site-dependent 1426configuration information stored in the siteconfig subdirectory. For 1427example, the line 1428 1429 SITECONFIG(`uucp.ucbvax', `ucbvax', `U') 1430 1431reads the file uucp.ucbvax for local connection information. The 1432second parameter is the local name (in this case just "ucbvax" since 1433it is locally connected, and hence a UUCP hostname). The third 1434parameter is the name of both a macro to store the local name (in 1435this case, {U}) and the name of the class (e.g., {U}) in which to store 1436the host information read from the file. Another SITECONFIG line reads 1437 1438 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W') 1439 1440This says that the file uucp.ucbarpa contains the list of UUCP sites 1441connected to ucbarpa.Berkeley.EDU. Class {W} will be used to 1442store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 1443is, the name of the relay to which the hosts listed in uucp.ucbarpa 1444are connected. [The machine ucbarpa is gone now, but this 1445out-of-date configuration file has been left around to demonstrate 1446how you might do this.] 1447 1448Note that the case of SITECONFIG with a third parameter of ``U'' is 1449special; the second parameter is assumed to be the UUCP name of the 1450local site, rather than the name of a remote site, and the UUCP name 1451is entered into class {w} (the list of local hostnames) as $U.UUCP. 1452 1453The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 1454more than a sequence of SITE macros describing connectivity. For 1455example: 1456 1457 SITE(`cnmat') 1458 SITE(`sgi olympus') 1459 1460The second example demonstrates that you can use two names on the 1461same line; these are usually aliases for the same host (or are at 1462least in the same company). 1463 1464 1465+--------------------+ 1466| USING UUCP MAILERS | 1467+--------------------+ 1468 1469It's hard to get UUCP mailers right because of the extremely ad hoc 1470nature of UUCP addressing. These config files are really designed 1471for domain-based addressing, even for UUCP sites. 1472 1473There are four UUCP mailers available. The choice of which one to 1474use is partly a matter of local preferences and what is running at 1475the other end of your UUCP connection. Unlike good protocols that 1476define what will go over the wire, UUCP uses the policy that you 1477should do what is right for the other end; if they change, you have 1478to change. This makes it hard to do the right thing, and discourages 1479people from updating their software. In general, if you can avoid 1480UUCP, please do. 1481 1482The major choice is whether to go for a domainized scheme or a 1483non-domainized scheme. This depends entirely on what the other 1484end will recognize. If at all possible, you should encourage the 1485other end to go to a domain-based system -- non-domainized addresses 1486don't work entirely properly. 1487 1488The four mailers are: 1489 1490 uucp-old (obsolete name: "uucp") 1491 This is the oldest, the worst (but the closest to UUCP) way of 1492 sending messages accros UUCP connections. It does bangify 1493 everything and prepends $U (your UUCP name) to the sender's 1494 address (which can already be a bang path itself). It can 1495 only send to one address at a time, so it spends a lot of 1496 time copying duplicates of messages. Avoid this if at all 1497 possible. 1498 1499 uucp-new (obsolete name: "suucp") 1500 The same as above, except that it assumes that in one rmail 1501 command you can specify several recipients. It still has a 1502 lot of other problems. 1503 1504 uucp-dom 1505 This UUCP mailer keeps everything as domain addresses. 1506 Basically, it uses the SMTP mailer rewriting rules. This mailer 1507 is only included if MAILER(`smtp') is specified before 1508 MAILER(`uucp'). 1509 1510 Unfortunately, a lot of UUCP mailer transport agents require 1511 bangified addresses in the envelope, although you can use 1512 domain-based addresses in the message header. (The envelope 1513 shows up as the From_ line on UNIX mail.) So.... 1514 1515 uucp-uudom 1516 This is a cross between uucp-new (for the envelope addresses) 1517 and uucp-dom (for the header addresses). It bangifies the 1518 envelope sender (From_ line in messages) without adding the 1519 local hostname, unless there is no host name on the address 1520 at all (e.g., "wolf") or the host component is a UUCP host name 1521 instead of a domain name ("somehost!wolf" instead of 1522 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') 1523 is also specified earlier. 1524 1525Examples: 1526 1527On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following 1528summarizes the sender rewriting for various mailers. 1529 1530Mailer sender rewriting in the envelope 1531------ ------ ------------------------- 1532uucp-{old,new} wolf grasp!wolf 1533uucp-dom wolf wolf@grasp.insa-lyon.fr 1534uucp-uudom wolf grasp.insa-lyon.fr!wolf 1535 1536uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 1537uucp-dom wolf@fr.net wolf@fr.net 1538uucp-uudom wolf@fr.net fr.net!wolf 1539 1540uucp-{old,new} somehost!wolf grasp!somehost!wolf 1541uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1542uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1543 1544If you are using one of the domainized UUCP mailers, you really want 1545to convert all UUCP addresses to domain format -- otherwise, it will 1546do it for you (and probably not the way you expected). For example, 1547if you have the address foo!bar!baz (and you are not sending to foo), 1548the heuristics will add the @uucp.relay.name or @local.host.name to 1549this address. However, if you map foo to foo.host.name first, it 1550will not add the local hostname. You can do this using the uucpdomain 1551feature. 1552 1553 1554+-------------------+ 1555| TWEAKING RULESETS | 1556+-------------------+ 1557 1558For more complex configurations, you can define special rules. 1559The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1560the names. Any modifications made here are reflected in the header. 1561 1562A common use is to convert old UUCP addresses to SMTP addresses using 1563the UUCPSMTP macro. For example: 1564 1565 LOCAL_RULE_3 1566 UUCPSMTP(`decvax', `decvax.dec.com') 1567 UUCPSMTP(`research', `research.att.com') 1568 1569will cause addresses of the form "decvax!user" and "research!user" 1570to be converted to "user@decvax.dec.com" and "user@research.att.com" 1571respectively. 1572 1573This could also be used to look up hosts in a database map: 1574 1575 LOCAL_RULE_3 1576 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1577 1578This map would be defined in the LOCAL_CONFIG portion, as shown below. 1579 1580Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1581For example, new rules are needed to parse hostnames that you accept 1582via MX records. For example, you might have: 1583 1584 LOCAL_RULE_0 1585 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1586 1587You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1588pointing at this host; this rule catches the message and forwards it on 1589using UUCP. 1590 1591You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1592These rulesets are normally empty. 1593 1594A similar macro is LOCAL_CONFIG. This introduces lines added after the 1595boilerplate option setting but before rulesets. Do not declare rulesets in 1596the LOCAL_CONFIG section. It can be used to declare local database maps or 1597whatever. For example: 1598 1599 LOCAL_CONFIG 1600 Khostmap hash /etc/mail/hostmap 1601 Kyplocal nis -m hosts.byname 1602 1603 1604+---------------------------+ 1605| MASQUERADING AND RELAYING | 1606+---------------------------+ 1607 1608You can have your host masquerade as another using 1609 1610 MASQUERADE_AS(`host.domain') 1611 1612This causes mail being sent to be labeled as coming from the 1613indicated host.domain, rather than $j. One normally masquerades as 1614one of one's own subdomains (for example, it's unlikely that 1615Berkeley would choose to masquerade as an MIT site). This 1616behaviour is modified by a plethora of FEATUREs; in particular, see 1617masquerade_envelope, allmasquerade, limited_masquerade, and 1618masquerade_entire_domain. 1619 1620The masquerade name is not normally canonified, so it is important 1621that it be your One True Name, that is, fully qualified and not a 1622CNAME. However, if you use a CNAME, the receiving side may canonify 1623it for you, so don't think you can cheat CNAME mapping this way. 1624 1625Normally the only addresses that are masqueraded are those that come 1626from this host (that is, are either unqualified or in class {w}, the list 1627of local domain names). You can augment this list, which is realized 1628by class {M} using 1629 1630 MASQUERADE_DOMAIN(`otherhost.domain') 1631 1632The effect of this is that although mail to user@otherhost.domain 1633will not be delivered locally, any mail including any user@otherhost.domain 1634will, when relayed, be rewritten to have the MASQUERADE_AS address. 1635This can be a space-separated list of names. 1636 1637If these names are in a file, you can use 1638 1639 MASQUERADE_DOMAIN_FILE(`filename') 1640 1641to read the list of names from the indicated file (i.e., to add 1642elements to class {M}). 1643 1644To exempt hosts or subdomains from being masqueraded, you can use 1645 1646 MASQUERADE_EXCEPTION(`host.domain') 1647 1648This can come handy if you want to masquerade a whole domain 1649except for one (or a few) host(s). If these names are in a file, 1650you can use 1651 1652 MASQUERADE_EXCEPTION_FILE(`filename') 1653 1654Normally only header addresses are masqueraded. If you want to 1655masquerade the envelope as well, use 1656 1657 FEATURE(`masquerade_envelope') 1658 1659There are always users that need to be "exposed" -- that is, their 1660internal site name should be displayed instead of the masquerade name. 1661Root is an example (which has been "exposed" by default prior to 8.10). 1662You can add users to this list using 1663 1664 EXPOSED_USER(`usernames') 1665 1666This adds users to class {E}; you could also use 1667 1668 EXPOSED_USER_FILE(`filename') 1669 1670You can also arrange to relay all unqualified names (that is, names 1671without @host) to a relay host. For example, if you have a central 1672email server, you might relay to that host so that users don't have 1673to have .forward files or aliases. You can do this using 1674 1675 define(`LOCAL_RELAY', `mailer:hostname') 1676 1677The ``mailer:'' can be omitted, in which case the mailer defaults to 1678"relay". There are some user names that you don't want relayed, perhaps 1679because of local aliases. A common example is root, which may be 1680locally aliased. You can add entries to this list using 1681 1682 LOCAL_USER(`usernames') 1683 1684This adds users to class {L}; you could also use 1685 1686 LOCAL_USER_FILE(`filename') 1687 1688If you want all incoming mail sent to a centralized hub, as for a 1689shared /var/spool/mail scheme, use 1690 1691 define(`MAIL_HUB', `mailer:hostname') 1692 1693Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1694and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 1695be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1696Note: there is a (long standing) bug which keeps this combination from 1697working for addresses of the form user+detail. 1698Names in class {L} will be delivered locally, so you MUST have aliases or 1699.forward files for them. 1700 1701For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1702FEATURE(`stickyhost'), the following combinations of settings will have the 1703indicated effects: 1704 1705email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1706 1707LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1708mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1709 1710MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1711mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1712 1713Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1714MAIL_HUB set as above (no local aliasing) (aliasing done) 1715 1716If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 1717MAIL_HUB act identically, with MAIL_HUB taking precedence. 1718 1719If you want all outgoing mail to go to a central relay site, define 1720SMART_HOST as well. Briefly: 1721 1722 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1723 MAIL_HUB applies to names qualified with the name of the 1724 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1725 SMART_HOST applies to names qualified with other hosts or 1726 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" 1727 or "eric@[127.0.0.1]"). 1728 1729However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1730DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1731really want absolutely everything to go to a single central site you will 1732need to unset all the other relays -- or better yet, find or build a 1733minimal config file that does this. 1734 1735For duplicate suppression to work properly, the host name is best 1736specified with a terminal dot: 1737 1738 define(`MAIL_HUB', `host.domain.') 1739 note the trailing dot ---^ 1740 1741 1742+-------------------------------------------+ 1743| USING LDAP FOR ALIASES, MAPS, AND CLASSES | 1744+-------------------------------------------+ 1745 1746LDAP can be used for aliases, maps, and classes by either specifying your 1747own LDAP map specification or using the built-in default LDAP map 1748specification. The built-in default specifications all provide lookups 1749which match against either the machine's fully qualified hostname (${j}) or 1750a "cluster". The cluster allows you to share LDAP entries among a large 1751number of machines without having to enter each of the machine names into 1752each LDAP entry. To set the LDAP cluster name to use for a particular 1753machine or set of machines, set the confLDAP_CLUSTER m4 variable to a 1754unique name. For example: 1755 1756 define(`confLDAP_CLUSTER', `Servers') 1757 1758Here, the word `Servers' will be the cluster name. As an example, assume 1759that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong 1760to the Servers cluster. 1761 1762Some of the LDAP LDIF examples below show use of the Servers cluster. 1763Every entry must have either a sendmailMTAHost or sendmailMTACluster 1764attribute or it will be ignored. Be careful as mixing clusters and 1765individual host records can have surprising results (see the CAUTION 1766sections below). 1767 1768See the file cf/sendmail.schema for the actual LDAP schemas. Note that 1769this schema (and therefore the lookups and examples below) is experimental 1770at this point as it has had little public review. Therefore, it may change 1771in future versions. Feedback via sendmail@sendmail.org is encouraged. 1772 1773------- 1774Aliases 1775------- 1776 1777The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias 1778lookups. To use the default schema, simply use: 1779 1780 define(`ALIAS_FILE', `ldap:') 1781 1782By doing so, you will use the default schema which expands to a map 1783declared as follows: 1784 1785 ldap -k (&(objectClass=sendmailMTAAliasObject) 1786 (sendmailMTAAliasGrouping=aliases) 1787 (|(sendmailMTACluster=${sendmailMTACluster}) 1788 (sendmailMTAHost=$j)) 1789 (sendmailMTAKey=%0)) 1790 -v sendmailMTAAliasValue 1791 1792NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1793used when the binary expands the `ldap:' token as the AliasFile option is 1794not actually macro-expanded when read from the sendmail.cf file. 1795 1796Example LDAP LDIF entries might be: 1797 1798 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org 1799 objectClass: sendmailMTA 1800 objectClass: sendmailMTAAlias 1801 objectClass: sendmailMTAAliasObject 1802 sendmailMTAAliasGrouping: aliases 1803 sendmailMTAHost: etrn.sendmail.org 1804 sendmailMTAKey: sendmail-list 1805 sendmailMTAAliasValue: ca@example.org 1806 sendmailMTAAliasValue: eric 1807 sendmailMTAAliasValue: gshapiro@example.com 1808 1809 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org 1810 objectClass: sendmailMTA 1811 objectClass: sendmailMTAAlias 1812 objectClass: sendmailMTAAliasObject 1813 sendmailMTAAliasGrouping: aliases 1814 sendmailMTAHost: etrn.sendmail.org 1815 sendmailMTAKey: owner-sendmail-list 1816 sendmailMTAAliasValue: eric 1817 1818 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org 1819 objectClass: sendmailMTA 1820 objectClass: sendmailMTAAlias 1821 objectClass: sendmailMTAAliasObject 1822 sendmailMTAAliasGrouping: aliases 1823 sendmailMTACluster: Servers 1824 sendmailMTAKey: postmaster 1825 sendmailMTAAliasValue: eric 1826 1827Here, the aliases sendmail-list and owner-sendmail-list will be available 1828only on etrn.sendmail.org but the postmaster alias will be available on 1829every machine in the Servers cluster (including etrn.sendmail.org). 1830 1831CAUTION: aliases are additive so that entries like these: 1832 1833 dn: sendmailMTAKey=bob, dc=sendmail, dc=org 1834 objectClass: sendmailMTA 1835 objectClass: sendmailMTAAlias 1836 objectClass: sendmailMTAAliasObject 1837 sendmailMTAAliasGrouping: aliases 1838 sendmailMTACluster: Servers 1839 sendmailMTAKey: bob 1840 sendmailMTAAliasValue: eric 1841 1842 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org 1843 objectClass: sendmailMTA 1844 objectClass: sendmailMTAAlias 1845 objectClass: sendmailMTAAliasObject 1846 sendmailMTAAliasGrouping: aliases 1847 sendmailMTAHost: etrn.sendmail.org 1848 sendmailMTAKey: bob 1849 sendmailMTAAliasValue: gshapiro 1850 1851would mean that on all of the hosts in the cluster, mail to bob would go to 1852eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and 1853gshapiro. 1854 1855If you prefer not to use the default LDAP schema for your aliases, you can 1856specify the map parameters when setting ALIAS_FILE. For example: 1857 1858 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember') 1859 1860---- 1861Maps 1862---- 1863 1864FEATURE()'s which take an optional map definition argument (e.g., access, 1865mailertable, virtusertable, etc.) can instead take the special keyword 1866`LDAP', e.g.: 1867 1868 FEATURE(`access_db', `LDAP') 1869 FEATURE(`virtusertable', `LDAP') 1870 1871When this keyword is given, that map will use LDAP lookups consisting of 1872the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName 1873with the map name, a search attribute of sendmailMTAKey, and the value 1874attribute sendmailMTAMapValue. 1875 1876The values for sendmailMTAMapName are: 1877 1878 FEATURE() sendmailMTAMapName 1879 --------- ------------------ 1880 access_db access 1881 authinfo authinfo 1882 bitdomain bitdomain 1883 domaintable domain 1884 genericstable generics 1885 mailertable mailer 1886 uucpdomain uucpdomain 1887 virtusertable virtuser 1888 1889For example, FEATURE(`mailertable', `LDAP') would use the map definition: 1890 1891 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject) 1892 (sendmailMTAMapName=mailer) 1893 (|(sendmailMTACluster=${sendmailMTACluster}) 1894 (sendmailMTAHost=$j)) 1895 (sendmailMTAKey=%0)) 1896 -1 -v sendmailMTAMapValue 1897 1898An example LDAP LDIF entry using this map might be: 1899 1900 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org 1901 objectClass: sendmailMTA 1902 objectClass: sendmailMTAMap 1903 sendmailMTACluster: Servers 1904 sendmailMTAMapName: mailer 1905 1906 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1907 objectClass: sendmailMTA 1908 objectClass: sendmailMTAMap 1909 objectClass: sendmailMTAMapObject 1910 sendmailMTAMapName: mailer 1911 sendmailMTACluster: Servers 1912 sendmailMTAKey: example.com 1913 sendmailMTAMapValue: relay:[smtp.example.com] 1914 1915CAUTION: If your LDAP database contains the record above and *ALSO* a host 1916specific record such as: 1917 1918 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1919 objectClass: sendmailMTA 1920 objectClass: sendmailMTAMap 1921 objectClass: sendmailMTAMapObject 1922 sendmailMTAMapName: mailer 1923 sendmailMTAHost: etrn.sendmail.org 1924 sendmailMTAKey: example.com 1925 sendmailMTAMapValue: relay:[mx.example.com] 1926 1927then these entries will give unexpected results. When the lookup is done 1928on etrn.sendmail.org, the effect is that there is *NO* match at all as maps 1929require a single match. Since the host etrn.sendmail.org is also in the 1930Servers cluster, LDAP would return two answers for the example.com map key 1931in which case sendmail would treat this as no match at all. 1932 1933If you prefer not to use the default LDAP schema for your maps, you can 1934specify the map parameters when using the FEATURE(). For example: 1935 1936 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value') 1937 1938------- 1939Classes 1940------- 1941 1942Normally, classes can be filled via files or programs. As of 8.12, they 1943can also be filled via map lookups using a new syntax: 1944 1945 F{ClassName}mapkey@mapclass:mapspec 1946 1947mapkey is optional and if not provided the map key will be empty. This can 1948be used with LDAP to read classes from LDAP. Note that the lookup is only 1949done when sendmail is initially started. Use the special value `@LDAP' to 1950use the default LDAP schema. For example: 1951 1952 RELAY_DOMAIN_FILE(`@LDAP') 1953 1954would put all of the attribute sendmailMTAClassValue values of LDAP records 1955with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of 1956'R' into class $={R}. In other words, it is equivalent to the LDAP map 1957specification: 1958 1959 F{R}@ldap:-k (&(objectClass=sendmailMTAClass) 1960 (sendmailMTAClassName=R) 1961 (|(sendmailMTACluster=${sendmailMTACluster}) 1962 (sendmailMTAHost=$j))) 1963 -v sendmailMTAClassValue 1964 1965NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1966used when the binary expands the `@LDAP' token as class declarations are 1967not actually macro-expanded when read from the sendmail.cf file. 1968 1969This can be used with class related commands such as RELAY_DOMAIN_FILE(), 1970MASQUERADE_DOMAIN_FILE(), etc: 1971 1972 Command sendmailMTAClassName 1973 ------- -------------------- 1974 CANONIFY_DOMAIN_FILE() Canonify 1975 EXPOSED_USER_FILE() E 1976 GENERICS_DOMAIN_FILE() G 1977 LDAPROUTE_DOMAIN_FILE() LDAPRoute 1978 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv 1979 LOCAL_USER_FILE() L 1980 MASQUERADE_DOMAIN_FILE() M 1981 MASQUERADE_EXCEPTION_FILE() N 1982 RELAY_DOMAIN_FILE() R 1983 VIRTUSER_DOMAIN_FILE() VirtHost 1984 1985You can also add your own as any 'F'ile class of the form: 1986 1987 F{ClassName}@LDAP 1988 ^^^^^^^^^ 1989will use "ClassName" for the sendmailMTAClassName. 1990 1991An example LDAP LDIF entry would look like: 1992 1993 dn: sendmailMTAClassName=R, dc=sendmail, dc=org 1994 objectClass: sendmailMTA 1995 objectClass: sendmailMTAClass 1996 sendmailMTACluster: Servers 1997 sendmailMTAClassName: R 1998 sendmailMTAClassValue: sendmail.org 1999 sendmailMTAClassValue: example.com 2000 sendmailMTAClassValue: 10.56.23 2001 2002CAUTION: If your LDAP database contains the record above and *ALSO* a host 2003specific record such as: 2004 2005 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org 2006 objectClass: sendmailMTA 2007 objectClass: sendmailMTAClass 2008 sendmailMTAHost: etrn.sendmail.org 2009 sendmailMTAClassName: R 2010 sendmailMTAClassValue: example.com 2011 2012the result will be similar to the aliases caution above. When the lookup 2013is done on etrn.sendmail.org, $={R} would contain all of the entries (from 2014both the cluster match and the host match). In other words, the effective 2015is additive. 2016 2017If you prefer not to use the default LDAP schema for your classes, you can 2018specify the map parameters when using the class command. For example: 2019 2020 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host') 2021 2022Remember, macros can not be used in a class declaration as the binary does 2023not expand them. 2024 2025 2026+--------------+ 2027| LDAP ROUTING | 2028+--------------+ 2029 2030FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft 2031LDAP Schema for Intranet Mail Routing 2032(draft-lachman-laser-ldap-mail-routing-01). This feature enables 2033LDAP-based rerouting of a particular address to either a different host 2034or a different address. The LDAP lookup is first attempted on the full 2035address (e.g., user@example.com) and then on the domain portion 2036(e.g., @example.com). Be sure to setup your domain for LDAP routing using 2037LDAPROUTE_DOMAIN(), e.g.: 2038 2039 LDAPROUTE_DOMAIN(`example.com') 2040 2041Additionally, you can specify equivalent domains for LDAP routing using 2042LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent' 2043hostnames are mapped to $M (the masqueraded hostname for the server) before 2044the LDAP query. For example, if the mail is addressed to 2045user@host1.example.com, normally the LDAP lookup would only be done for 2046'user@host1.example.com' and '@host1.example.com'. However, if 2047LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be 2048done on 'user@example.com' and '@example.com' after attempting the 2049host1.example.com lookups. 2050 2051By default, the feature will use the schemas as specified in the draft 2052and will not reject addresses not found by the LDAP lookup. However, 2053this behavior can be changed by giving additional arguments to the FEATURE() 2054command: 2055 2056 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, <detail>) 2057 2058where <mailHost> is a map definition describing how to lookup an alternative 2059mail host for a particular address; <mailRoutingAddress> is a map definition 2060describing how to lookup an alternative address for a particular address; 2061the <bounce> argument, if present and not the word "passthru", dictates 2062that mail should be bounced if neither a mailHost nor mailRoutingAddress 2063is found; and <detail> indicates what actions to take if the address 2064contains +detail information -- `strip' tries the lookup with the +detail 2065and if no matches are found, strips the +detail and tries the lookup again; 2066`preserve', does the same as `strip' but if a mailRoutingAddress match is 2067found, the +detail information is copied to the new address. 2068 2069The default <mailHost> map definition is: 2070 2071 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient) 2072 (mailLocalAddress=%0)) 2073 2074The default <mailRoutingAddress> map definition is: 2075 2076 ldap -1 -T<TMPF> -v mailRoutingAddress 2077 -k (&(objectClass=inetLocalMailRecipient) 2078 (mailLocalAddress=%0)) 2079 2080Note that neither includes the LDAP server hostname (-h server) or base DN 2081(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that 2082your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with 2083these settings. If this is not the case, the map definitions should be 2084changed as described above. The "-T<TMPF>" is required in any user 2085specified map definition to catch temporary errors. 2086 2087The following possibilities exist as a result of an LDAP lookup on an 2088address: 2089 2090 mailHost is mailRoutingAddress is Results in 2091 ----------- --------------------- ---------- 2092 set to a set mail delivered to 2093 "local" host mailRoutingAddress 2094 2095 set to a not set delivered to 2096 "local" host original address 2097 2098 set to a set mailRoutingAddress 2099 remote host relayed to mailHost 2100 2101 set to a not set original address 2102 remote host relayed to mailHost 2103 2104 not set set mail delivered to 2105 mailRoutingAddress 2106 2107 not set not set delivered to 2108 original address *OR* 2109 bounced as unknown user 2110 2111The term "local" host above means the host specified is in class {w}. If 2112the result would mean sending the mail to a different host, that host is 2113looked up in the mailertable before delivery. 2114 2115Note that the last case depends on whether the third argument is given 2116to the FEATURE() command. The default is to deliver the message to the 2117original address. 2118 2119The LDAP entries should be set up with an objectClass of 2120inetLocalMailRecipient and the address be listed in a mailLocalAddress 2121attribute. If present, there must be only one mailHost attribute and it 2122must contain a fully qualified host name as its value. Similarly, if 2123present, there must be only one mailRoutingAddress attribute and it must 2124contain an RFC 822 compliant address. Some example LDAP records (in LDIF 2125format): 2126 2127 dn: uid=tom, o=example.com, c=US 2128 objectClass: inetLocalMailRecipient 2129 mailLocalAddress: tom@example.com 2130 mailRoutingAddress: thomas@mailhost.example.com 2131 2132This would deliver mail for tom@example.com to thomas@mailhost.example.com. 2133 2134 dn: uid=dick, o=example.com, c=US 2135 objectClass: inetLocalMailRecipient 2136 mailLocalAddress: dick@example.com 2137 mailHost: eng.example.com 2138 2139This would relay mail for dick@example.com to the same address but redirect 2140the mail to MX records listed for the host eng.example.com (unless the 2141mailertable overrides). 2142 2143 dn: uid=harry, o=example.com, c=US 2144 objectClass: inetLocalMailRecipient 2145 mailLocalAddress: harry@example.com 2146 mailHost: mktmail.example.com 2147 mailRoutingAddress: harry@mkt.example.com 2148 2149This would relay mail for harry@example.com to the MX records listed for 2150the host mktmail.example.com using the new address harry@mkt.example.com 2151when talking to that host. 2152 2153 dn: uid=virtual.example.com, o=example.com, c=US 2154 objectClass: inetLocalMailRecipient 2155 mailLocalAddress: @virtual.example.com 2156 mailHost: server.example.com 2157 mailRoutingAddress: virtual@example.com 2158 2159This would send all mail destined for any username @virtual.example.com to 2160the machine server.example.com's MX servers and deliver to the address 2161virtual@example.com on that relay machine. 2162 2163 2164+---------------------------------+ 2165| ANTI-SPAM CONFIGURATION CONTROL | 2166+---------------------------------+ 2167 2168The primary anti-spam features available in sendmail are: 2169 2170* Relaying is denied by default. 2171* Better checking on sender information. 2172* Access database. 2173* Header checks. 2174 2175Relaying (transmission of messages from a site outside your host (class 2176{w}) to another site except yours) is denied by default. Note that this 2177changed in sendmail 8.9; previous versions allowed relaying by default. 2178If you really want to revert to the old behaviour, you will need to use 2179FEATURE(`promiscuous_relay'). You can allow certain domains to relay 2180through your server by adding their domain name or IP address to class 2181{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database 2182(described below). Note that IPv6 addresses must be prefaced with "IPv6:". 2183The file consists (like any other file based class) of entries listed on 2184separate lines, e.g., 2185 2186 sendmail.org 2187 128.32 2188 IPv6:2002:c0a8:02c7 2189 IPv6:2002:c0a8:51d2::23f4 2190 host.mydomain.com 2191 [UNIX:localhost] 2192 2193Notice: the last entry allows relaying for connections via a UNIX 2194socket to the MTA/MSP. This might be necessary if your configuration 2195doesn't allow relaying by other means in that case, e.g., by having 2196localhost.$m in class {R} (make sure $m is not just a top level 2197domain). 2198 2199If you use 2200 2201 FEATURE(`relay_entire_domain') 2202 2203then any host in any of your local domains (that is, class {m}) 2204will be relayed (that is, you will accept mail either to or from any 2205host in your domain). 2206 2207You can also allow relaying based on the MX records of the host 2208portion of an incoming recipient address by using 2209 2210 FEATURE(`relay_based_on_MX') 2211 2212For example, if your server receives a recipient of user@domain.com 2213and domain.com lists your server in its MX records, the mail will be 2214accepted for relay to domain.com. This feature may cause problems 2215if MX lookups for the recipient domain are slow or time out. In that 2216case, mail will be temporarily rejected. It is usually better to 2217maintain a list of hosts/domains for which the server acts as relay. 2218Note also that this feature will stop spammers from using your host 2219to relay spam but it will not stop outsiders from using your server 2220as a relay for their site (that is, they set up an MX record pointing 2221to your mail server, and you will relay mail addressed to them 2222without any prior arrangement). Along the same lines, 2223 2224 FEATURE(`relay_local_from') 2225 2226will allow relaying if the sender specifies a return path (i.e. 2227MAIL FROM: <user@domain>) domain which is a local domain. This is a 2228dangerous feature as it will allow spammers to spam using your mail 2229server by simply specifying a return address of user@your.domain.com. 2230It should not be used unless absolutely necessary. 2231A slightly better solution is 2232 2233 FEATURE(`relay_mail_from') 2234 2235which allows relaying if the mail sender is listed as RELAY in the 2236access map. If an optional argument `domain' (this is the literal 2237word `domain', not a placeholder) is given, the domain portion of 2238the mail sender is also checked to allowing relaying. This option 2239only works together with the tag From: for the LHS of the access 2240map entries (see below: Finer control...). This feature allows 2241spammers to abuse your mail server by specifying a return address 2242that you enabled in your access file. This may be harder to figure 2243out for spammers, but it should not be used unless necessary. 2244Instead use SMTP AUTH or STARTTLS to allow relaying for roaming 2245users. 2246 2247 2248If source routing is used in the recipient address (e.g., 2249RCPT TO: <user%site.com@othersite.com>), sendmail will check 2250user@site.com for relaying if othersite.com is an allowed relay host 2251in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, 2252or the access database if FEATURE(`access_db') is used. To prevent 2253the address from being stripped down, use: 2254 2255 FEATURE(`loose_relay_check') 2256 2257If you think you need to use this feature, you probably do not. This 2258should only be used for sites which have no control over the addresses 2259that they provide a gateway for. Use this FEATURE with caution as it 2260can allow spammers to relay through your server if not setup properly. 2261 2262NOTICE: It is possible to relay mail through a system which the anti-relay 2263rules do not prevent: the case of a system that does use FEATURE(`nouucp', 2264`nospecial') (system A) and relays local messages to a mail hub (e.g., via 2265LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use 2266FEATURE(`nouucp') at all, addresses of the form 2267<example.net!user@local.host> would be relayed to <user@example.net>. 2268System A doesn't recognize `!' as an address separator and therefore 2269forwards it to the mail hub which in turns relays it because it came from 2270a trusted local host. So if a mailserver allows UUCP (bang-format) 2271addresses, all systems from which it allows relaying should do the same 2272or reject those addresses. 2273 2274As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 2275an unresolvable domain (i.e., one that DNS, your local name service, 2276or special case rules in ruleset 3 cannot locate). This also applies 2277to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the 2278IP address can't be mapped to a host name. If you want to continue 2279to accept such domains, e.g., because you are inside a firewall that 2280has only a limited view of the Internet host name space (note that you 2281will not be able to return mail to them unless you have some "smart 2282host" forwarder), use 2283 2284 FEATURE(`accept_unresolvable_domains') 2285 2286Alternatively, you can allow specific addresses by adding them to 2287the access map, e.g., 2288 2289 From:unresolvable.domain OK 2290 From:[1.2.3.4] OK 2291 From:[1.2.4] OK 2292 2293Notice: domains which are temporarily unresolvable are (temporarily) 2294rejected with a 451 reply code. If those domains should be accepted 2295(which is discouraged) then you can use 2296 2297 LOCAL_CONFIG 2298 C{ResOk}TEMP 2299 2300sendmail will also refuse mail if the MAIL FROM: parameter is not 2301fully qualified (i.e., contains a domain as well as a user). If you 2302want to continue to accept such senders, use 2303 2304 FEATURE(`accept_unqualified_senders') 2305 2306Setting the DaemonPortOptions modifier 'u' overrides the default behavior, 2307i.e., unqualified addresses are accepted even without this FEATURE. If 2308this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used 2309to enforce fully qualified domain names. 2310 2311An ``access'' database can be created to accept or reject mail from 2312selected domains. For example, you may choose to reject all mail 2313originating from known spammers. To enable such a database, use 2314 2315 FEATURE(`access_db') 2316 2317Notice: the access database is applied to the envelope addresses 2318and the connection information, not to the header. 2319 2320The FEATURE macro can accept as second parameter the key file 2321definition for the database; for example 2322 2323 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map') 2324 2325Notice: If a second argument is specified it must contain the option 2326`-T<TMPF>' as shown above. The optional third and fourth parameters 2327may be `skip' or `lookupdotdomain'. The former enables SKIP as 2328value part (see below), the latter is another way to enable the 2329feature of the same name (see above). 2330 2331Remember, since /etc/mail/access is a database, after creating the text 2332file as described below, you must use makemap to create the database 2333map. For example: 2334 2335 makemap hash /etc/mail/access < /etc/mail/access 2336 2337The table itself uses e-mail addresses, domain names, and network 2338numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:". 2339For example, 2340 2341 spammer@aol.com REJECT 2342 cyberspammer.com REJECT 2343 TLD REJECT 2344 192.168.212 REJECT 2345 IPv6:2002:c0a8:02c7 RELAY 2346 IPv6:2002:c0a8:51d2::23f4 REJECT 2347 2348would refuse mail from spammer@aol.com, any user from cyberspammer.com 2349(or any host within the cyberspammer.com domain), any host in the entire 2350top level domain TLD, 192.168.212.* network, and the IPv6 address 23512002:c0a8:51d2::23f4. It would allow relay for the IPv6 network 23522002:c0a8:02c7::/48. 2353 2354The value part of the map can contain: 2355 2356 OK Accept mail even if other rules in the running 2357 ruleset would reject it, for example, if the domain 2358 name is unresolvable. "Accept" does not mean 2359 "relay", but at most acceptance for local 2360 recipients. That is, OK allows less than RELAY. 2361 RELAY Accept mail addressed to the indicated domain or 2362 received from the indicated domain for relaying 2363 through your SMTP server. RELAY also serves as 2364 an implicit OK for the other checks. 2365 REJECT Reject the sender or recipient with a general 2366 purpose message. 2367 DISCARD Discard the message completely using the 2368 $#discard mailer. If it is used in check_compat, 2369 it affects only the designated recipient, not 2370 the whole message as it does in all other cases. 2371 This should only be used if really necessary. 2372 SKIP This can only be used for host/domain names 2373 and IP addresses/nets. It will abort the current 2374 search for this entry without accepting or rejecting 2375 it but causing the default action. 2376 ### any text where ### is an RFC 821 compliant error code and 2377 "any text" is a message to return for the command. 2378 The string should be quoted to avoid surprises, 2379 e.g., sendmail may remove spaces otherwise. 2380 This type is deprecated, use one the two 2381 ERROR: entries below instead. 2382 ERROR:### any text 2383 as above, but useful to mark error messages as such. 2384 ERROR:D.S.N:### any text 2385 where D.S.N is an RFC 1893 compliant error code 2386 and the rest as above. 2387 2388For example: 2389 2390 cyberspammer.com ERROR:"550 We don't accept mail from spammers" 2391 okay.cyberspammer.com OK 2392 sendmail.org RELAY 2393 128.32 RELAY 2394 IPv6:1:2:3:4:5:6:7 RELAY 2395 [127.0.0.3] OK 2396 [IPv6:1:2:3:4:5:6:7:8] OK 2397 2398would accept mail from okay.cyberspammer.com, but would reject mail from 2399all other hosts at cyberspammer.com with the indicated message. It would 2400allow relaying mail from and to any hosts in the sendmail.org domain, and 2401allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:* 2402network. The latter two entries are for checks against ${client_name} if 2403the IP address doesn't resolve to a hostname (or is considered as "may be 2404forged"). That is, using square brackets means these are host names, 2405not network numbers. 2406 2407Warning: if you change the RFC 821 compliant error code from the default 2408value of 550, then you should probably also change the RFC 1893 compliant 2409error code to match it. For example, if you use 2410 2411 user@example.com ERROR:450 mailbox full 2412 2413the error returned would be "450 5.0.0 mailbox full" which is wrong. 2414Use "ERROR:4.2.2:450 mailbox full" instead. 2415 2416Note, UUCP users may need to add hostname.UUCP to the access database 2417or class {R}. 2418 2419If you also use: 2420 2421 FEATURE(`relay_hosts_only') 2422 2423then the above example will allow relaying for sendmail.org, but not 2424hosts within the sendmail.org domain. Note that this will also require 2425hosts listed in class {R} to be fully qualified host names. 2426 2427You can also use the access database to block sender addresses based on 2428the username portion of the address. For example: 2429 2430 FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted 2431 2432Note that you must include the @ after the username to signify that 2433this database entry is for checking only the username portion of the 2434sender address. 2435 2436If you use: 2437 2438 FEATURE(`blacklist_recipients') 2439 2440then you can add entries to the map for local users, hosts in your 2441domains, or addresses in your domain which should not receive mail: 2442 2443 badlocaluser@ ERROR:550 Mailbox disabled for this username 2444 host.mydomain.com ERROR:550 That host does not accept mail 2445 user@otherhost.mydomain.com ERROR:550 Mailbox disabled for this recipient 2446 2447This would prevent a recipient of badlocaluser@mydomain.com, any 2448user at host.mydomain.com, and the single address 2449user@otherhost.mydomain.com from receiving mail. Please note: a 2450local username must be now tagged with an @ (this is consistent 2451with the check of the sender address, and hence it is possible to 2452distinguish between hostnames and usernames). Enabling this feature 2453will keep you from sending mails to all addresses that have an 2454error message or REJECT as value part in the access map. Taking 2455the example from above: 2456 2457 spammer@aol.com REJECT 2458 cyberspammer.com REJECT 2459 2460Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 2461 2462There are several DNS based blacklists, the first of which was 2463the RBL (``Realtime Blackhole List'') run by the MAPS project, 2464see http://mail-abuse.org/. These are databases of spammers 2465maintained in DNS. To use such a database, specify 2466 2467 FEATURE(`dnsbl') 2468 2469This will cause sendmail to reject mail from any site in the original 2470Realtime Blackhole List database. This default DNS blacklist, 2471blackholes.mail-abuse.org, is a service offered by the Mail Abuse 2472Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription 2473service, so using that network address won't work if you haven't 2474subscribed. Contact MAPS to subscribe (http://mail-abuse.org/). 2475 2476You can specify an alternative RBL server to check by specifying an 2477argument to the FEATURE. The default error message is 2478 2479 Rejected: IP-ADDRESS listed at SERVER 2480 2481where IP-ADDRESS and SERVER are replaced by the appropriate 2482information. A second argument can be used to specify a different 2483text. By default, temporary lookup failures are ignored and hence 2484cause the connection not to be rejected by the DNS based rejection 2485list. This behavior can be changed by specifying a third argument, 2486which must be either `t' or a full error message. For example: 2487 2488 FEATURE(`dnsbl', `dnsbl.example.com', `', 2489 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"') 2490 2491If `t' is used, the error message is: 2492 2493 451 Temporary lookup failure of IP-ADDRESS at SERVER 2494 2495where IP-ADDRESS and SERVER are replaced by the appropriate 2496information. 2497 2498This FEATURE can be included several times to query different 2499DNS based rejection lists, e.g., the dial-up user list (see 2500http://mail-abuse.org/dul/). 2501 2502Notice: to avoid checking your own local domains against those 2503blacklists, use the access_db feature and add: 2504 2505 Connect:10.1 OK 2506 Connect:127.0.0.1 RELAY 2507 2508to the access map, where 10.1 is your local network. You may 2509want to use "RELAY" instead of "OK" to allow also relaying 2510instead of just disabling the DNS lookups in the backlists. 2511 2512 2513The features described above make use of the check_relay, check_mail, 2514and check_rcpt rulesets. Note that check_relay checks the SMTP 2515client hostname and IP address when the connection is made to your 2516server. It does not check if a mail message is being relayed to 2517another server. That check is done in check_rcpt. If you wish to 2518include your own checks, you can put your checks in the rulesets 2519Local_check_relay, Local_check_mail, and Local_check_rcpt. For 2520example if you wanted to block senders with all numeric usernames 2521(i.e. 2312343@bigisp.com), you would use Local_check_mail and the 2522regex map: 2523 2524 LOCAL_CONFIG 2525 Kallnumbers regex -a@MATCH ^[0-9]+$ 2526 2527 LOCAL_RULESETS 2528 SLocal_check_mail 2529 # check address against various regex checks 2530 R$* $: $>Parse0 $>3 $1 2531 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 2532 R@MATCH $#error $: 553 Header Error 2533 2534These rules are called with the original arguments of the corresponding 2535check_* ruleset. If the local ruleset returns $#OK, no further checking 2536is done by the features described above and the mail is accepted. If the 2537local ruleset resolves to a mailer (such as $#error or $#discard), the 2538appropriate action is taken. Otherwise, the results of the local 2539rewriting are ignored. 2540 2541Finer control by using tags for the LHS of the access map 2542--------------------------------------------------------- 2543 2544Read this section only if the options listed so far are not sufficient 2545for your purposes. There is now the option to tag entries in the 2546access map according to their type. Three tags are available: 2547 2548 Connect: connection information (${client_addr}, ${client_name}) 2549 From: envelope sender 2550 To: envelope recipient 2551 2552If the required item is looked up in a map, it will be tried first 2553with the corresponding tag in front, then (as fallback to enable 2554backward compatibility) without any tag, unless the specific feature 2555requires a tag. For example, 2556 2557 From:spammer@some.dom REJECT 2558 To:friend.domain RELAY 2559 Connect:friend.domain OK 2560 Connect:from.domain RELAY 2561 From:good@another.dom OK 2562 From:another.dom REJECT 2563 2564This would deny mails from spammer@some.dom but you could still 2565send mail to that address even if FEATURE(`blacklist_recipients') 2566is enabled. Your system will allow relaying to friend.domain, but 2567not from it (unless enabled by other means). Connections from that 2568domain will be allowed even if it ends up in one of the DNS based 2569rejection lists. Relaying is enabled from from.domain but not to 2570it (since relaying is based on the connection information for 2571outgoing relaying, the tag Connect: must be used; for incoming 2572relaying, which is based on the recipient address, To: must be 2573used). The last two entries allow mails from good@another.dom but 2574reject mail from all other addresses with another.dom as domain 2575part. 2576 2577Delay all checks 2578---------------- 2579 2580By using FEATURE(`delay_checks') the rulesets check_mail and check_relay 2581will not be called when a client connects or issues a MAIL command, 2582respectively. Instead, those rulesets will be called by the check_rcpt 2583ruleset; they will be skipped if a sender has been authenticated using 2584a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). 2585If check_mail returns an error then the RCPT TO command will be rejected 2586with that error. If it returns some other result starting with $# then 2587check_relay will be skipped. If the sender address (or a part of it) is 2588listed in the access map and it has a RHS of OK or RELAY, then check_relay 2589will be skipped. This has an interesting side effect: if your domain is 2590my.domain and you have 2591 2592 my.domain RELAY 2593 2594in the access map, then all e-mail with a sender address of 2595<user@my.domain> gets through, even if check_relay would reject it 2596(e.g., based on the hostname or IP address). This allows spammers 2597to get around DNS based blacklist by faking the sender address. To 2598avoid this problem you have to use tagged entries: 2599 2600 To:my.domain RELAY 2601 Connect:my.domain RELAY 2602 2603if you need those entries at all (class {R} may take care of them). 2604 2605FEATURE(`delay_checks') can take an optional argument: 2606 2607 FEATURE(`delay_checks', `friend') 2608 enables spamfriend test 2609 FEATURE(`delay_checks', `hater') 2610 enables spamhater test 2611 2612If such an argument is given, the recipient will be looked up in the 2613access map (using the tag Spam:). If the argument is `friend', then 2614the default behavior is to apply the other rulesets and make a SPAM 2615friend the exception. The rulesets check_mail and check_relay will be 2616skipped only if the recipient address is found and has RHS FRIEND. If 2617the argument is `hater', then the default behavior is to skip the rulesets 2618check_mail and check_relay and make a SPAM hater the exception. The 2619other two rulesets will be applied only if the recipient address is 2620found and has RHS HATER. 2621 2622This allows for simple exceptions from the tests, e.g., by activating 2623the friend option and having 2624 2625 Spam:abuse@ FRIEND 2626 2627in the access map, mail to abuse@localdomain will get through (where 2628"localdomain" is any domain in class {w}). It is also possible to 2629specify a full address or an address with +detail: 2630 2631 Spam:abuse@my.domain FRIEND 2632 Spam:me+abuse@ FRIEND 2633 Spam:spam.domain FRIEND 2634 2635Note: The required tag has been changed in 8.12 from To: to Spam:. 2636This change is incompatible to previous versions. However, you can 2637(for now) simply add the new entries to the access map, the old 2638ones will be ignored. As soon as you removed the old entries from 2639the access map, specify a third parameter (`n') to this feature and 2640the backward compatibility rules will not be in the generated .cf 2641file. 2642 2643Header Checks 2644------------- 2645 2646You can also reject mail on the basis of the contents of headers. 2647This is done by adding a ruleset call to the 'H' header definition command 2648in sendmail.cf. For example, this can be used to check the validity of 2649a Message-ID: header: 2650 2651 LOCAL_CONFIG 2652 HMessage-Id: $>CheckMessageId 2653 2654 LOCAL_RULESETS 2655 SCheckMessageId 2656 R< $+ @ $+ > $@ OK 2657 R$* $#error $: 553 Header Error 2658 2659The alternative format: 2660 2661 HSubject: $>+CheckSubject 2662 2663that is, $>+ instead of $>, gives the full Subject: header including 2664comments to the ruleset (comments in parentheses () are stripped 2665by default). 2666 2667A default ruleset for headers which don't have a specific ruleset 2668defined for them can be given by: 2669 2670 H*: $>CheckHdr 2671 2672Notice: 26731. All rules act on tokens as explained in doc/op/op.{me,ps,txt}. 2674That may cause problems with simple header checks due to the 2675tokenization. It might be simpler to use a regex map and apply it 2676to $&{currHeader}. 26772. There are no default rulesets coming with this distribution of 2678sendmail. You can either write your own or you can search the 2679WWW for examples, e.g., http://www.digitalanswers.org/check_local/ 2680 2681After all of the headers are read, the check_eoh ruleset will be called for 2682any final header-related checks. The ruleset is called with the number of 2683headers and the size of all of the headers in bytes separated by $|. One 2684example usage is to reject messages which do not have a Message-Id: 2685header. However, the Message-Id: header is *NOT* a required header and is 2686not a guaranteed spam indicator. This ruleset is an example and should 2687probably not be used in production. 2688 2689 LOCAL_CONFIG 2690 Kstorage macro 2691 HMessage-Id: $>CheckMessageId 2692 2693 LOCAL_RULESETS 2694 SCheckMessageId 2695 # Record the presence of the header 2696 R$* $: $(storage {MessageIdCheck} $@ OK $) $1 2697 R< $+ @ $+ > $@ OK 2698 R$* $#error $: 553 Header Error 2699 2700 Scheck_eoh 2701 # Check the macro 2702 R$* $: < $&{MessageIdCheck} > 2703 # Clear the macro for the next message 2704 R$* $: $(storage {MessageIdCheck} $) $1 2705 # Has a Message-Id: header 2706 R< $+ > $@ OK 2707 # Allow missing Message-Id: from local mail 2708 R$* $: < $&{client_name} > 2709 R< > $@ OK 2710 R< $=w > $@ OK 2711 # Otherwise, reject the mail 2712 R$* $#error $: 553 Header Error 2713 2714+----------+ 2715| STARTTLS | 2716+----------+ 2717 2718In this text, cert will be used as an abreviation for X.509 certificate, 2719DN (CN) is the distinguished (common) name of a cert, and CA is a 2720certification authority, which signs (issues) certs. 2721 2722For STARTTLS to be offered by sendmail you need to set at least 2723this variables (the file names and paths are just examples): 2724 2725 define(`confCACERT_PATH', `/etc/mail/certs/') 2726 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 2727 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 2728 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 2729 2730On systems which do not have the compile flag HASURANDOM set (see 2731sendmail/README) you also must set confRAND_FILE. 2732 2733See doc/op/op.{me,ps,txt} for more information about these options, 2734especially the sections ``Certificates for STARTTLS'' and ``PRNG for 2735STARTTLS''. 2736 2737Macros related to STARTTLS are: 2738 2739${cert_issuer} holds the DN of the CA (the cert issuer). 2740${cert_subject} holds the DN of the cert (called the cert subject). 2741${cn_issuer} holds the CN of the CA (the cert issuer). 2742${cn_subject} holds the CN of the cert (called the cert subject). 2743${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, 2744 TLSv1/SSLv3, SSLv3, SSLv2. 2745${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 2746 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. 2747${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm 2748 used for the connection. 2749${verify} holds the result of the verification of the presented cert. 2750 Possible values are: 2751 OK verification succeeded. 2752 NO no cert presented. 2753 NOT no cert requested. 2754 FAIL cert presented but could not be verified, 2755 e.g., the cert of the signing CA is missing. 2756 NONE STARTTLS has not been performed. 2757 TEMP temporary error occurred. 2758 PROTOCOL protocol error occurred (SMTP level). 2759 SOFTWARE STARTTLS handshake failed. 2760${server_name} the name of the server of the current outgoing SMTP 2761 connection. 2762${server_addr} the address of the server of the current outgoing SMTP 2763 connection. 2764 2765Relaying 2766-------- 2767 2768 2769SMTP STARTTLS can allow relaying for remote SMTP clients which have 2770successfully authenticated themselves. This is done in the ruleset 2771RelayAuth. If the verification of the cert failed (${verify} != OK), 2772relaying is subject to the usual rules. Otherwise the DN of the issuer is 2773looked up in the access map using the tag CERTISSUER. If the resulting 2774value is RELAY, relaying is allowed. If it is SUBJECT, the DN of the cert 2775subject is looked up next in the access map using the tag CERTSUBJECT. If 2776the value is RELAY, relaying is allowed. 2777 2778${cert_issuer} and ${cert_subject} can be optionally modified by regular 2779expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and 2780_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in 2781rulesets and map lookups, they are modified as follows: each non-printable 2782character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced 2783by their HEX value with a leading '+'. For example: 2784 2785/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= 2786darth+cert@endmail.org 2787 2788is encoded as: 2789 2790/C=US/ST=California/O=endmail.org/OU=private/CN= 2791Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2792 2793(line breaks have been inserted for readability). 2794 2795The macros which are subject to this encoding are ${cert_subject}, 2796${cert_issuer}, ${cn_subject}, and ${cn_issuer}. 2797 2798Examples: 2799 2800To allow relaying for everyone who can present a cert signed by 2801 2802/C=US/ST=California/O=endmail.org/OU=private/CN= 2803Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2804 2805simply use: 2806 2807CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2808Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY 2809 2810To allow relaying only for a subset of machines that have a cert signed by 2811 2812/C=US/ST=California/O=endmail.org/OU=private/CN= 2813Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2814 2815use: 2816 2817CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2818Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT 2819CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= 2820DeathStar/Email=deathstar@endmail.org RELAY 2821 2822Note: line breaks have been inserted after "CN=" for readability, 2823each tagged entry must be one (long) line in the access map. 2824 2825Of course it is also possible to write a simple ruleset that allows 2826relaying for everyone who can present a cert that can be verified, e.g., 2827 2828LOCAL_RULESETS 2829SLocal_check_rcpt 2830R$* $: $&{verify} 2831ROK $# OK 2832 2833Allowing Connections 2834-------------------- 2835 2836The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether 2837an SMTP connection is accepted (or should continue). 2838 2839tls_server is called when sendmail acts as client after a STARTTLS command 2840(should) have been issued. The parameter is the value of ${verify}. 2841 2842tls_client is called when sendmail acts as server, after a STARTTLS command 2843has been issued, and from check_mail. The parameter is the value of 2844${verify} and STARTTLS or MAIL, respectively. 2845 2846Both rulesets behave the same. If no access map is in use, the connection 2847will be accepted unless ${verify} is SOFTWARE, in which case the connection 2848is always aborted. For tls_server/tls_client, ${client_name}/${server_name} 2849is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done 2850with the ruleset LookUpDomain. If no entry is found, ${client_addr} 2851(${server_addr}) is looked up in the access map (same tag, ruleset 2852LookUpAddr). If this doesn't result in an entry either, just the tag is 2853looked up in the access map (included the trailing colon). Notice: 2854requiring that e-mail is sent to a server only encrypted, e.g., via 2855 2856TLS_Srv:secure.domain ENCR:112 2857 2858doesn't necessarily mean that e-mail sent to that domain is encrypted. 2859If the domain has multiple MX servers, e.g., 2860 2861secure.domain. IN MX 10 mail.secure.domain. 2862secure.domain. IN MX 50 mail.other.domain. 2863 2864then mail to user@secure.domain may go unencrypted to mail.other.domain. 2865tls_rcpt can be used to address this problem. 2866 2867tls_rcpt is called before a RCPT TO: command is sent. The parameter is the 2868current recipient. This ruleset is only defined if FEATURE(`access_db') 2869is selected. A recipient address user@domain is looked up in the access 2870map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain, 2871and TLS_Rcpt:; the first match is taken. 2872 2873The result of the lookups is then used to call the ruleset TLS_connection, 2874which checks the requirement specified by the RHS in the access map against 2875the actual parameters of the current TLS connection, esp. ${verify} and 2876${cipher_bits}. Legal RHSs in the access map are: 2877 2878VERIFY verification must have succeeded 2879VERIFY:bits verification must have succeeded and ${cipher_bits} must 2880 be greater than or equal bits. 2881ENCR:bits ${cipher_bits} must be greater than or equal bits. 2882 2883The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary 2884or permanent error. The default is a temporary error code (403 4.7.0) 2885unless the macro TLS_PERM_ERR is set during generation of the .cf file. 2886 2887If a certain level of encryption is required, then it might also be 2888possible that this level is provided by the security layer from a SASL 2889algorithm, e.g., DIGEST-MD5. 2890 2891Furthermore, there can be a list of extensions added. Such a list 2892starts with '+' and the items are separated by '++'. Allowed 2893extensions are: 2894 2895CN:name name must match ${cn_subject} 2896CN ${server_name} must match ${cn_subject} 2897CS:name name must match ${cert_subject} 2898CI:name name must match ${cert_issuer} 2899 2900Example: e-mail sent to secure.example.com should only use an encrypted 2901connection. E-mail received from hosts within the laptop.example.com domain 2902should only be accepted if they have been authenticated. The host which 2903receives e-mail for darth@endmail.org must present a cert that uses the 2904CN smtp.endmail.org. 2905 2906TLS_Srv:secure.example.com ENCR:112 2907TLS_Clt:laptop.example.com PERM+VERIFY:112 2908TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org 2909 2910 2911Disabling STARTTLS And Setting SMTP Server Features 2912--------------------------------------------------- 2913 2914By default STARTTLS is used whenever possible. However, there are 2915some broken MTAs that don't properly implement STARTTLS. To be able 2916to send to (or receive from) those MTAs, the ruleset try_tls 2917(srv_features) can be used that work together with the access map. 2918Entries for the access map must be tagged with Try_TLS (Srv_Features) 2919and refer to the hostname or IP address of the connecting system. 2920A default case can be specified by using just the tag. For example, 2921the following entries in the access map: 2922 2923 Try_TLS:broken.server NO 2924 Srv_Features:my.domain v 2925 Srv_Features: V 2926 2927will turn off STARTTLS when sending to broken.server (or any host 2928in that domain), and request a client certificate during the TLS 2929handshake only for hosts in my.domain. The valid entries on the RHS 2930for Srv_Features are listed in the Sendmail Installation and 2931Operations Guide. 2932 2933 2934Received: Header 2935---------------- 2936 2937The Received: header reveals whether STARTTLS has been used. It contains an 2938extra line: 2939 2940(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify}) 2941 2942 2943+---------------------+ 2944| SMTP AUTHENTICATION | 2945+---------------------+ 2946 2947The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be 2948used in anti-relay rulesets to allow relaying for those users that 2949authenticated themselves. A very simple example is: 2950 2951SLocal_check_rcpt 2952R$* $: $&{auth_type} 2953R$+ $# OK 2954 2955which checks whether a user has successfully authenticated using 2956any available mechanism. Depending on the setup of the CYRUS SASL 2957library, more sophisticated rulesets might be required, e.g., 2958 2959SLocal_check_rcpt 2960R$* $: $&{auth_type} $| $&{auth_authen} 2961RDIGEST-MD5 $| $+@$=w $# OK 2962 2963to allow relaying for users that authenticated using DIGEST-MD5 2964and have an identity in the local domains. 2965 2966The ruleset trust_auth is used to determine whether a given AUTH= 2967parameter (that is passed to this ruleset) should be trusted. This 2968ruleset may make use of the other ${auth_*} macros. Only if the 2969ruleset resolves to the error mailer, the AUTH= parameter is not 2970trusted. A user supplied ruleset Local_trust_auth can be written 2971to modify the default behavior, which only trust the AUTH= 2972parameter if it is identical to the authenticated user. 2973 2974Per default, relaying is allowed for any user who authenticated 2975via a "trusted" mechanism, i.e., one that is defined via 2976TRUST_AUTH_MECH(`list of mechanisms') 2977For example: 2978TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5') 2979 2980If the selected mechanism provides a security layer the number of 2981bits used for the key of the symmetric cipher is stored in the 2982macro ${auth_ssf}. 2983 2984If sendmail acts as client, it needs some information how to 2985authenticate against another MTA. This information can be provided 2986by the ruleset authinfo or by the option DefaultAuthInfo. The 2987authinfo ruleset looks up {server_name} using the tag AuthInfo: in 2988the access map. If no entry is found, {server_addr} is looked up 2989in the same way and finally just the tag AuthInfo: to provide 2990default values. Note: searches for domain parts or IP nets are 2991only performed if the access map is used; if the authinfo feature 2992is used then only up to three lookups are performed (two exact 2993matches, one default). 2994 2995Notice: the default configuration file causes the option DefaultAuthInfo 2996to fail since the ruleset authinfo is in the .cf file. If you really 2997want to use DefaultAuthInfo (it is deprecated) then you have to 2998remove the ruleset. 2999 3000The RHS for an AuthInfo: entry in the access map should consists of a 3001list of tokens, each of which has the form: "TDstring" (including 3002the quotes). T is a tag which describes the item, D is a delimiter, 3003either ':' for simple text or '=' for a base64 encoded string. 3004Valid values for the tag are: 3005 3006 U user (authorization) id 3007 I authentication id 3008 P password 3009 R realm 3010 M list of mechanisms delimited by spaces 3011 3012Example entries are: 3013 3014AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5" 3015AuthInfo:host.more.dom "U:user" "P=c2VjcmV0" 3016 3017User id or authentication id must exist as well as the password. All 3018other entries have default values. If one of user or authentication 3019id is missing, the existing value is used for the missing item. 3020If "R:" is not specified, realm defaults to $j. The list of mechanisms 3021defaults to those specified by AuthMechanisms. 3022 3023Since this map contains sensitive information, either the access 3024map must be unreadable by everyone but root (or the trusted user) 3025or FEATURE(`authinfo') must be used which provides a separate map. 3026Notice: It is not checked whether the map is actually 3027group/world-unreadable, this is left to the user. 3028 3029+--------------------------------+ 3030| ADDING NEW MAILERS OR RULESETS | 3031+--------------------------------+ 3032 3033Sometimes you may need to add entirely new mailers or rulesets. They 3034should be introduced with the constructs MAILER_DEFINITIONS and 3035LOCAL_RULESETS respectively. For example: 3036 3037 MAILER_DEFINITIONS 3038 Mmymailer, ... 3039 ... 3040 3041 LOCAL_RULESETS 3042 Smyruleset 3043 ... 3044 3045Local additions for the rulesets srv_features, try_tls, tls_rcpt, 3046tls_client, and tls_server can be made using LOCAL_SRV_FEATURES, 3047LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER, 3048respectively. For example, to add a local ruleset that decides 3049whether to try STARTTLS in a sendmail client, use: 3050 3051 LOCAL_TRY_TLS 3052 R... 3053 3054Note: you don't need to add a name for the ruleset, it is implicitly 3055defined by using the appropriate macro. 3056 3057 3058+-------------------------+ 3059| ADDING NEW MAIL FILTERS | 3060+-------------------------+ 3061 3062Sendmail supports mail filters to filter incoming SMTP messages according 3063to the "Sendmail Mail Filter API" documentation. These filters can be 3064configured in your mc file using the two commands: 3065 3066 MAIL_FILTER(`name', `equates') 3067 INPUT_MAIL_FILTER(`name', `equates') 3068 3069The first command, MAIL_FILTER(), simply defines a filter with the given 3070name and equates. For example: 3071 3072 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3073 3074This creates the equivalent sendmail.cf entry: 3075 3076 Xarchive, S=local:/var/run/archivesock, F=R 3077 3078The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER 3079but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name 3080of the filter such that the filter will actually be called by sendmail. 3081 3082For example, the two commands: 3083 3084 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3085 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3086 3087are equivalent to the three commands: 3088 3089 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3090 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3091 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') 3092 3093In general, INPUT_MAIL_FILTER() should be used unless you need to define 3094more filters than you want to use for `confINPUT_MAIL_FILTERS'. 3095 3096Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() 3097commands will clear the list created by the prior INPUT_MAIL_FILTER() 3098commands. 3099 3100 3101+-------------------------+ 3102| QUEUE GROUP DEFINITIONS | 3103+-------------------------+ 3104 3105In addition to the queue directory (which is the default queue group 3106called "mqueue"), sendmail can deal with multiple queue groups, which 3107are collections of queue directories with the same behaviour. Queue 3108groups can be defined using the command: 3109 3110 QUEUE_GROUP(`name', `equates') 3111 3112For details about queue groups, please see doc/op/op.{me,ps,txt}. 3113 3114+-------------------------------+ 3115| NON-SMTP BASED CONFIGURATIONS | 3116+-------------------------------+ 3117 3118These configuration files are designed primarily for use by 3119SMTP-based sites. They may not be well tuned for UUCP-only or 3120UUCP-primarily nodes (the latter is defined as a small local net 3121connected to the rest of the world via UUCP). However, there is 3122one hook to handle some special cases. 3123 3124You can define a ``smart host'' that understands a richer address syntax 3125using: 3126 3127 define(`SMART_HOST', `mailer:hostname') 3128 3129In this case, the ``mailer:'' defaults to "relay". Any messages that 3130can't be handled using the usual UUCP rules are passed to this host. 3131 3132If you are on a local SMTP-based net that connects to the outside 3133world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 3134For example: 3135 3136 define(`SMART_HOST', `uucp-new:uunet') 3137 LOCAL_NET_CONFIG 3138 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 3139 3140This will cause all names that end in your domain name ($m) to be sent 3141via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. 3142If you have FEATURE(`nocanonify'), you may need to omit the dots after 3143the $m. If you are running a local DNS inside your domain which is 3144not otherwise connected to the outside world, you probably want to 3145use: 3146 3147 define(`SMART_HOST', `smtp:fire.wall.com') 3148 LOCAL_NET_CONFIG 3149 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 3150 3151That is, send directly only to things you found in your DNS lookup; 3152anything else goes through SMART_HOST. 3153 3154You may need to turn off the anti-spam rules in order to accept 3155UUCP mail with FEATURE(`promiscuous_relay') and 3156FEATURE(`accept_unresolvable_domains'). 3157 3158 3159+-----------+ 3160| WHO AM I? | 3161+-----------+ 3162 3163Normally, the $j macro is automatically defined to be your fully 3164qualified domain name (FQDN). Sendmail does this by getting your 3165host name using gethostname and then calling gethostbyname on the 3166result. For example, in some environments gethostname returns 3167only the root of the host name (such as "foo"); gethostbyname is 3168supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 3169cases, gethostbyname may fail to return the FQDN. In this case 3170you MUST define confDOMAIN_NAME to be your fully qualified domain 3171name. This is usually done using: 3172 3173 Dmbar.com 3174 define(`confDOMAIN_NAME', `$w.$m')dnl 3175 3176 3177+-----------------------------------+ 3178| ACCEPTING MAIL FOR MULTIPLE NAMES | 3179+-----------------------------------+ 3180 3181If your host is known by several different names, you need to augment 3182class {w}. This is a list of names by which your host is known, and 3183anything sent to an address using a host name in this list will be 3184treated as local mail. You can do this in two ways: either create the 3185file /etc/mail/local-host-names containing a list of your aliases (one per 3186line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add 3187``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified 3188name of the host, rather than a short name. 3189 3190If you want to have different address in different domains, take 3191a look at the virtusertable feature, which is also explained at 3192http://www.sendmail.org/virtual-hosting.html 3193 3194 3195+--------------------+ 3196| USING MAILERTABLES | 3197+--------------------+ 3198 3199To use FEATURE(`mailertable'), you will have to create an external 3200database containing the routing information for various domains. 3201For example, a mailertable file in text format might be: 3202 3203 .my.domain xnet:%1.my.domain 3204 uuhost1.my.domain uucp-new:uuhost1 3205 .bitnet smtp:relay.bit.net 3206 3207This should normally be stored in /etc/mail/mailertable. The actual 3208database version of the mailertable is built using: 3209 3210 makemap hash /etc/mail/mailertable < /etc/mail/mailertable 3211 3212The semantics are simple. Any LHS entry that does not begin with 3213a dot matches the full host name indicated. LHS entries beginning 3214with a dot match anything ending with that domain name (including 3215the leading dot) -- that is, they can be thought of as having a 3216leading ".+" regular expression pattern for a non-empty sequence of 3217characters. Matching is done in order of most-to-least qualified 3218-- for example, even though ".my.domain" is listed first in the 3219above example, an entry of "uuhost1.my.domain" will match the second 3220entry since it is more explicit. Note: e-mail to "user@my.domain" 3221does not match any entry in the above table. You need to have 3222something like: 3223 3224 my.domain esmtp:host.my.domain 3225 3226The RHS should always be a "mailer:host" pair. The mailer is the 3227configuration name of a mailer (that is, an M line in the 3228sendmail.cf file). The "host" will be the hostname passed to 3229that mailer. In domain-based matches (that is, those with leading 3230dots) the "%1" may be used to interpolate the wildcarded part of 3231the host name. For example, the first line above sends everything 3232addressed to "anything.my.domain" to that same host name, but using 3233the (presumably experimental) xnet mailer. 3234 3235In some cases you may want to temporarily turn off MX records, 3236particularly on gateways. For example, you may want to MX 3237everything in a domain to one machine that then forwards it 3238directly. To do this, you might use the DNS configuration: 3239 3240 *.domain. IN MX 0 relay.machine 3241 3242and on relay.machine use the mailertable: 3243 3244 .domain smtp:[gateway.domain] 3245 3246The [square brackets] turn off MX records for this host only. 3247If you didn't do this, the mailertable would use the MX record 3248again, which would give you an MX loop. 3249 3250 3251+--------------------------------+ 3252| USING USERDB TO MAP FULL NAMES | 3253+--------------------------------+ 3254 3255The user database was not originally intended for mapping full names 3256to login names (e.g., Eric.Allman => eric), but some people are using 3257it that way. (it is recommended that you set up aliases for this 3258purpose instead -- since you can specify multiple alias files, this 3259is fairly easy.) The intent was to locate the default maildrop at 3260a site, but allow you to override this by sending to a specific host. 3261 3262If you decide to set up the user database in this fashion, it is 3263imperative that you not use FEATURE(`stickyhost') -- otherwise, 3264e-mail sent to Full.Name@local.host.name will be rejected. 3265 3266To build the internal form of the user database, use: 3267 3268 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt 3269 3270As a general rule, it is an extremely bad idea to using full names 3271as e-mail addresses, since they are not in any sense unique. For 3272example, the UNIX software-development community has at least two 3273well-known Peter Deutsches, and at one time Bell Labs had two 3274Stephen R. Bournes with offices along the same hallway. Which one 3275will be forced to suffer the indignity of being Stephen_R_Bourne_2? 3276The less famous of the two, or the one that was hired later? 3277 3278Finger should handle full names (and be fuzzy). Mail should use 3279handles, and not be fuzzy. 3280 3281 3282+--------------------------------+ 3283| MISCELLANEOUS SPECIAL FEATURES | 3284+--------------------------------+ 3285 3286Plussed users 3287 Sometimes it is convenient to merge configuration on a 3288 centralized mail machine, for example, to forward all 3289 root mail to a mail server. In this case it might be 3290 useful to be able to treat the root addresses as a class 3291 of addresses with subtle differences. You can do this 3292 using plussed users. For example, a client might include 3293 the alias: 3294 3295 root: root+client1@server 3296 3297 On the server, this will match an alias for "root+client1". 3298 If that is not found, the alias "root+*" will be tried, 3299 then "root". 3300 3301 3302+----------------+ 3303| SECURITY NOTES | 3304+----------------+ 3305 3306A lot of sendmail security comes down to you. Sendmail 8 is much 3307more careful about checking for security problems than previous 3308versions, but there are some things that you still need to watch 3309for. In particular: 3310 3311* Make sure the aliases file is not writable except by trusted 3312 system personnel. This includes both the text and database 3313 version. 3314 3315* Make sure that other files that sendmail reads, such as the 3316 mailertable, are only writable by trusted system personnel. 3317 3318* The queue directory should not be world writable PARTICULARLY 3319 if your system allows "file giveaways" (that is, if a non-root 3320 user can chown any file they own to any other user). 3321 3322* If your system allows file giveaways, DO NOT create a publically 3323 writable directory for forward files. This will allow anyone 3324 to steal anyone else's e-mail. Instead, create a script that 3325 copies the .forward file from users' home directories once a 3326 night (if you want the non-NFS-mounted forward directory). 3327 3328* If your system allows file giveaways, you'll find that 3329 sendmail is much less trusting of :include: files -- in 3330 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 3331 /etc/shells before they will be trusted (that is, before 3332 files and programs listed in them will be honored). 3333 3334In general, file giveaways are a mistake -- if you can turn them 3335off, do so. 3336 3337 3338+--------------------------------+ 3339| TWEAKING CONFIGURATION OPTIONS | 3340+--------------------------------+ 3341 3342There are a large number of configuration options that don't normally 3343need to be changed. However, if you feel you need to tweak them, you 3344can define the following M4 variables. This list is shown in four 3345columns: the name you define, the default value for that definition, 3346the option or macro that is affected (either Ox for an option or Dx 3347for a macro), and a brief description. Greater detail of the semantics 3348can be found in the Installation and Operations Guide. 3349 3350Some options are likely to be deprecated in future versions -- that is, 3351the option is only included to provide back-compatibility. These are 3352marked with "*". 3353 3354Remember that these options are M4 variables, and hence may need to 3355be quoted. In particular, arguments with commas will usually have to 3356be ``double quoted, like this phrase'' to avoid having the comma 3357confuse things. This is common for alias file definitions and for 3358the read timeout. 3359 3360M4 Variable Name Configuration Description & [Default] 3361================ ============= ======================= 3362confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 3363 for internally generated outgoing 3364 messages. 3365confDOMAIN_NAME $j macro If defined, sets $j. This should 3366 only be done if your system cannot 3367 determine your local domain name, 3368 and then it should be set to 3369 $w.Foo.COM, where Foo.COM is your 3370 domain name. 3371confCF_VERSION $Z macro If defined, this is appended to the 3372 configuration version name. 3373confLDAP_CLUSTER ${sendmailMTACluster} macro 3374 If defined, this is the LDAP 3375 cluster to use for LDAP searches 3376 as described above in ``USING LDAP 3377 FOR ALIASES, MAPS, AND CLASSES''. 3378confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 3379 internally generated From: address. 3380confRECEIVED_HEADER Received: 3381 [$?sfrom $s $.$?_($?s$|from $.$_) 3382 $.$?{auth_type}(authenticated) 3383 $.by $j ($v/$Z)$?r with $r$. id $i$?u 3384 for $u; $|; 3385 $.$b] 3386 The format of the Received: header 3387 in messages passed through this host. 3388 It is unwise to try to change this. 3389confCW_FILE Fw class [/etc/mail/local-host-names] Name 3390 of file used to get the local 3391 additions to class {w} (local host 3392 names). 3393confCT_FILE Ft class [/etc/mail/trusted-users] Name of 3394 file used to get the local additions 3395 to class {t} (trusted users). 3396confCR_FILE FR class [/etc/mail/relay-domains] Name of 3397 file used to get the local additions 3398 to class {R} (hosts allowed to relay). 3399confTRUSTED_USERS Ct class [no default] Names of users to add to 3400 the list of trusted users. This list 3401 always includes root, uucp, and daemon. 3402 See also FEATURE(`use_ct_file'). 3403confTRUSTED_USER TrustedUser [no default] Trusted user for file 3404 ownership and starting the daemon. 3405 Not to be confused with 3406 confTRUSTED_USERS (see above). 3407confSMTP_MAILER - [esmtp] The mailer name used when 3408 SMTP connectivity is required. 3409 One of "smtp", "smtp8", 3410 "esmtp", or "dsmtp". 3411confUUCP_MAILER - [uucp-old] The mailer to be used by 3412 default for bang-format recipient 3413 addresses. See also discussion of 3414 class {U}, class {Y}, and class {Z} 3415 in the MAILER(`uucp') section. 3416confLOCAL_MAILER - [local] The mailer name used when 3417 local connectivity is required. 3418 Almost always "local". 3419confRELAY_MAILER - [relay] The default mailer name used 3420 for relaying any mail (e.g., to a 3421 BITNET_RELAY, a SMART_HOST, or 3422 whatever). This can reasonably be 3423 "uucp-new" if you are on a 3424 UUCP-connected site. 3425confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 3426confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 3427confALIAS_WAIT AliasWait [10m] Time to wait for alias file 3428 rebuild until you get bored and 3429 decide that the apparently pending 3430 rebuild failed. 3431confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 3432 queue filesystem to accept SMTP mail. 3433 (Prior to 8.7 this was minfree/maxsize, 3434 where minfree was the number of free 3435 blocks and maxsize was the maximum 3436 message size. Use confMAX_MESSAGE_SIZE 3437 for the second value now.) 3438confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 3439 that will be accepted (in bytes). 3440confBLANK_SUB BlankSub [.] Blank (space) substitution 3441 character. 3442confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 3443 to mailers marked expensive. 3444confCHECKPOINT_INTERVAL CheckpointInterval 3445 [10] Checkpoint queue files every N 3446 recipients. 3447confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 3448confERROR_MODE ErrorMode [print] Error message mode. 3449confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 3450confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 3451confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 3452confMATCH_GECOS MatchGECOS [False] Match GECOS field. 3453confMAX_HOP MaxHopCount [25] Maximum hop count. 3454confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd 3455 mode] Ignore dot as terminator for 3456 incoming messages? 3457confBIND_OPTS ResolverOptions [undefined] Default options for DNS 3458 resolver. 3459confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 3460 encapsulated messages per RFC 1344. 3461confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 3462 The colon-separated list of places to 3463 search for .forward files. N.B.: see 3464 the Security Notes section. 3465confMCI_CACHE_SIZE ConnectionCacheSize 3466 [2] Size of open connection cache. 3467confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 3468 [5m] Open connection cache timeout. 3469confHOST_STATUS_DIRECTORY HostStatusDirectory 3470 [undefined] If set, host status is kept 3471 on disk between sendmail runs in the 3472 named directory tree. This need not be 3473 a full pathname, in which case it is 3474 interpreted relative to the queue 3475 directory. 3476confSINGLE_THREAD_DELIVERY SingleThreadDelivery 3477 [False] If this option and the 3478 HostStatusDirectory option are both 3479 set, single thread deliveries to other 3480 hosts. That is, don't allow any two 3481 sendmails on this host to connect 3482 simultaneously to any other single 3483 host. This can slow down delivery in 3484 some cases, in particular since a 3485 cached but otherwise idle connection 3486 to a host will prevent other sendmails 3487 from connecting to the other host. 3488confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to 3489 deliver error messages. This should 3490 not be necessary because of general 3491 acceptance of the envelope/header 3492 distinction. 3493confLOG_LEVEL LogLevel [9] Log level. 3494confME_TOO MeToo [True] Include sender in group 3495 expansions. This option is 3496 deprecated and will be removed from 3497 a future version. 3498confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 3499 running newaliases. Since this does 3500 DNS lookups on every address, it can 3501 slow down the alias rebuild process 3502 considerably on large alias files. 3503confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 3504 special chars are old style. 3505confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 3506confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 3507 copies of all error messages. 3508confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 3509confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for 3510 queue files (octal). If not set, 3511 sendmail uses 0600 unless its real 3512 and effective uid are different in 3513 which case it uses 0644. 3514confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 3515 syntax addresses to the minimum 3516 possible. 3517confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 3518 before forking. 3519confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 3520 on the initial connect. 3521confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 3522 connect() to complete. This can only 3523 shorten connection timeouts; the kernel 3524 silently enforces an absolute maximum 3525 (which varies depending on the system). 3526confTO_ICONNECT Timeout.iconnect 3527 [undefined] Like Timeout.connect, but 3528 applies only to the very first attempt 3529 to connect to a host in a message. 3530 This allows a single very fast pass 3531 followed by more careful delivery 3532 attempts in the future. 3533confTO_ACONNECT Timeout.aconnect 3534 [0] The overall timeout waiting for 3535 all connection for a single delivery 3536 attempt to succeed. If 0, no overall 3537 limit is applied. 3538confTO_HELO Timeout.helo [5m] The timeout waiting for a response 3539 to a HELO or EHLO command. 3540confTO_MAIL Timeout.mail [10m] The timeout waiting for a 3541 response to the MAIL command. 3542confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 3543 to the RCPT command. 3544confTO_DATAINIT Timeout.datainit 3545 [5m] The timeout waiting for a 354 3546 response from the DATA command. 3547confTO_DATABLOCK Timeout.datablock 3548 [1h] The timeout waiting for a block 3549 during DATA phase. 3550confTO_DATAFINAL Timeout.datafinal 3551 [1h] The timeout waiting for a response 3552 to the final "." that terminates a 3553 message. 3554confTO_RSET Timeout.rset [5m] The timeout waiting for a response 3555 to the RSET command. 3556confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 3557 to the QUIT command. 3558confTO_MISC Timeout.misc [2m] The timeout waiting for a response 3559 to other SMTP commands. 3560confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout 3561 waiting for a command to be issued. 3562confTO_IDENT Timeout.ident [5s] The timeout waiting for a 3563 response to an IDENT query. 3564confTO_FILEOPEN Timeout.fileopen 3565 [60s] The timeout waiting for a file 3566 (e.g., :include: file) to be opened. 3567confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response 3568 to an LMTP LHLO command. 3569confTO_AUTH Timeout.auth [10m] The timeout waiting for a 3570 response in an AUTH dialogue. 3571confTO_STARTTLS Timeout.starttls 3572 [1h] The timeout waiting for a 3573 response to an SMTP STARTTLS command. 3574confTO_CONTROL Timeout.control 3575 [2m] The timeout for a complete 3576 control socket transaction to complete. 3577confTO_QUEUERETURN Timeout.queuereturn 3578 [5d] The timeout before a message is 3579 returned as undeliverable. 3580confTO_QUEUERETURN_NORMAL 3581 Timeout.queuereturn.normal 3582 [undefined] As above, for normal 3583 priority messages. 3584confTO_QUEUERETURN_URGENT 3585 Timeout.queuereturn.urgent 3586 [undefined] As above, for urgent 3587 priority messages. 3588confTO_QUEUERETURN_NONURGENT 3589 Timeout.queuereturn.non-urgent 3590 [undefined] As above, for non-urgent 3591 (low) priority messages. 3592confTO_QUEUEWARN Timeout.queuewarn 3593 [4h] The timeout before a warning 3594 message is sent to the sender telling 3595 them that the message has been 3596 deferred. 3597confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 3598 [undefined] As above, for normal 3599 priority messages. 3600confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 3601 [undefined] As above, for urgent 3602 priority messages. 3603confTO_QUEUEWARN_NONURGENT 3604 Timeout.queuewarn.non-urgent 3605 [undefined] As above, for non-urgent 3606 (low) priority messages. 3607confTO_HOSTSTATUS Timeout.hoststatus 3608 [30m] How long information about host 3609 statuses will be maintained before it 3610 is considered stale and the host should 3611 be retried. This applies both within 3612 a single queue run and to persistent 3613 information (see below). 3614confTO_RESOLVER_RETRANS Timeout.resolver.retrans 3615 [varies] Sets the resolver's 3616 retransmission time interval (in 3617 seconds). Sets both 3618 Timeout.resolver.retrans.first and 3619 Timeout.resolver.retrans.normal. 3620confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 3621 [varies] Sets the resolver's 3622 retransmission time interval (in 3623 seconds) for the first attempt to 3624 deliver a message. 3625confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 3626 [varies] Sets the resolver's 3627 retransmission time interval (in 3628 seconds) for all resolver lookups 3629 except the first delivery attempt. 3630confTO_RESOLVER_RETRY Timeout.resolver.retry 3631 [varies] Sets the number of times 3632 to retransmit a resolver query. 3633 Sets both 3634 Timeout.resolver.retry.first and 3635 Timeout.resolver.retry.normal. 3636confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 3637 [varies] Sets the number of times 3638 to retransmit a resolver query for 3639 the first attempt to deliver a 3640 message. 3641confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 3642 [varies] Sets the number of times 3643 to retransmit a resolver query for 3644 all resolver lookups except the 3645 first delivery attempt. 3646confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 3647 USE_SYSTEM to use the system's idea, 3648 USE_TZ to use the user's TZ envariable, 3649 or something else to force that value. 3650confDEF_USER_ID DefaultUser [1:1] Default user id. 3651confUSERDB_SPEC UserDatabaseSpec 3652 [undefined] User database 3653 specification. 3654confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 3655confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX 3656 for a host and other arrangements 3657 haven't been made, try connecting 3658 to the host directly; normally this 3659 would be a config error. 3660confQUEUE_LA QueueLA [varies] Load average at which 3661 queue-only function kicks in. 3662 Default values is (8 * numproc) 3663 where numproc is the number of 3664 processors online (if that can be 3665 determined). 3666confREFUSE_LA RefuseLA [varies] Load average at which 3667 incoming SMTP connections are 3668 refused. Default values is (12 * 3669 numproc) where numproc is the 3670 number of processors online (if 3671 that can be determined). 3672confDELAY_LA DelayLA [0] Load average at which sendmail 3673 will sleep for one second on most 3674 SMTP commands and before accepting 3675 connections. 0 means no limit. 3676confMAX_ALIAS_RECURSION MaxAliasRecursion 3677 [10] Maximum depth of alias recursion. 3678confMAX_DAEMON_CHILDREN MaxDaemonChildren 3679 [undefined] The maximum number of 3680 children the daemon will permit. After 3681 this number, connections will be 3682 rejected. If not set or <= 0, there is 3683 no limit. 3684confMAX_HEADERS_LENGTH MaxHeadersLength 3685 [32768] Maximum length of the sum 3686 of all headers. 3687confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 3688 [undefined] Maximum length of 3689 certain MIME header field values. 3690 If not set, sendmail uses 2048/1024. 3691confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 3692 [undefined] The maximum number of 3693 connections permitted per second per 3694 daemon. After this many connections 3695 are accepted, further connections 3696 will be delayed. If not set or <= 0, 3697 there is no limit. 3698confWORK_RECIPIENT_FACTOR 3699 RecipientFactor [30000] Cost of each recipient. 3700confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a 3701 separate process. 3702confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 3703confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 3704confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 3705 Priority, Host, Filename, Random, 3706 Modification, or Time. 3707confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 3708 must sit in the queue between queue 3709 runs. This allows you to set the 3710 queue run interval low for better 3711 responsiveness without trying all 3712 jobs in each run. 3713confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 3714 unlabeled 8 bit input to MIME, the 3715 character set to use by default. 3716confSERVICE_SWITCH_FILE ServiceSwitchFile 3717 [/etc/mail/service.switch] The file 3718 to use for the service switch on 3719 systems that do not have a 3720 system-defined switch. 3721confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 3722 "file" type access of hosts names. 3723confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 3724 long and try again. Zero means "don't 3725 retry". This is to allow "dial on 3726 demand" connections to have enough time 3727 to complete a connection. 3728confNO_RCPT_ACTION NoRecipientAction 3729 [none] What to do if there are no legal 3730 recipient fields (To:, Cc: or Bcc:) 3731 in the message. Legal values can 3732 be "none" to just leave the 3733 nonconforming message as is, "add-to" 3734 to add a To: header with all the 3735 known recipients (which may expose 3736 blind recipients), "add-apparently-to" 3737 to do the same but use Apparently-To: 3738 instead of To: (strongly discouraged 3739 in accordance with IETF standards), 3740 "add-bcc" to add an empty Bcc: 3741 header, or "add-to-undisclosed" to 3742 add the header 3743 ``To: undisclosed-recipients:;''. 3744confSAFE_FILE_ENV SafeFileEnvironment 3745 [undefined] If set, sendmail will do a 3746 chroot() into this directory before 3747 writing files. 3748confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 3749 If set, colons are treated as a regular 3750 character in addresses. If not set, 3751 they are treated as the introducer to 3752 the RFC 822 "group" syntax. Colons are 3753 handled properly in route-addrs. This 3754 option defaults on for V5 and lower 3755 configuration files. 3756confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 3757 any given queue run to this number of 3758 entries. Essentially, this will stop 3759 reading each queue directory after this 3760 number of entries are reached; it does 3761 _not_ pick the highest priority jobs, 3762 so this should be as large as your 3763 system can tolerate. If not set, there 3764 is no limit. 3765confMAX_QUEUE_CHILDREN MaxQueueChildren 3766 [undefined] Limits the maximum number 3767 of concurrent queue runners active. 3768 This is to keep system resources used 3769 within a reasonable limit. Relates to 3770 Queue Groups and ForkAllJobs. 3771confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 3772 [1] Only active when MaxQueueChildren 3773 defined. Controls the maximum number 3774 of queue runners (aka queue children) 3775 active at the same time in a work 3776 group. See also MaxQueueChildren. 3777confDONT_EXPAND_CNAMES DontExpandCnames 3778 [False] If set, $[ ... $] lookups that 3779 do DNS based lookups do not expand 3780 CNAME records. This currently violates 3781 the published standards, but the IETF 3782 seems to be moving toward legalizing 3783 this. For example, if "FTP.Foo.ORG" 3784 is a CNAME for "Cruft.Foo.ORG", then 3785 with this option set a lookup of 3786 "FTP" will return "FTP.Foo.ORG"; if 3787 clear it returns "Cruft.FOO.ORG". N.B. 3788 you may not see any effect until your 3789 downstream neighbors stop doing CNAME 3790 lookups as well. 3791confFROM_LINE UnixFromLine [From $g $d] The From_ line used 3792 when sending to files or programs. 3793confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 3794 [False] From: lines that have 3795 embedded newlines are unwrapped 3796 onto one line. 3797confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 3798 does not include a host name. 3799confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 3800 name phrase (@,;:\()[] are automatic). 3801confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 3802 characters. 3803confSMTP_LOGIN_MSG SmtpGreetingMessage 3804 [$j Sendmail $v/$Z; $b] 3805 The initial (spontaneous) SMTP 3806 greeting message. The word "ESMTP" 3807 will be inserted between the first and 3808 second words to convince other 3809 sendmails to try to speak ESMTP. 3810confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 3811 routine will never be invoked. You 3812 might want to do this if you are 3813 running NIS and you have a large group 3814 map, since this call does a sequential 3815 scan of the map; in a large site this 3816 can cause your ypserv to run 3817 essentially full time. If you set 3818 this, agents run on behalf of users 3819 will only have their primary 3820 (/etc/passwd) group permissions. 3821confUNSAFE_GROUP_WRITES UnsafeGroupWrites 3822 [False] If set, group-writable 3823 :include: and .forward files are 3824 considered "unsafe", that is, programs 3825 and files cannot be directly referenced 3826 from such files. World-writable files 3827 are always considered unsafe. 3828confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection 3829 address (for testing). 3830confCONTROL_SOCKET_NAME ControlSocketName 3831 [undefined] Control socket for daemon 3832 management. 3833confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 3834 [postmaster] If an error occurs when 3835 sending an error message, send that 3836 "double bounce" error message to this 3837 address. If it expands to an empty 3838 string, double bounces are dropped. 3839confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce 3840 messages which could not be returned 3841 to the user or sent to postmaster. 3842 If not set, the queue file will 3843 be renamed. 3844confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header 3845 implies DSN request. 3846confRUN_AS_USER RunAsUser [undefined] If set, become this user 3847 when reading and delivering mail. 3848 Causes all file reads (e.g., .forward 3849 and :include: files) to be done as 3850 this user. Also, all programs will 3851 be run as this user, and all output 3852 files will be written as this user. 3853confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 3854 [infinite] If set, allow no more than 3855 the specified number of recipients in 3856 an SMTP envelope. Further recipients 3857 receive a 452 error code (i.e., they 3858 are deferred for the next delivery 3859 attempt). 3860confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and more than the 3861 specified number of recipients in an 3862 envelope are rejected, sleep for one 3863 second after each rejected RCPT 3864 command. 3865confDONT_PROBE_INTERFACES DontProbeInterfaces 3866 [False] If set, sendmail will _not_ 3867 insert the names and addresses of any 3868 local interfaces into class {w} 3869 (list of known "equivalent" addresses). 3870 If you set this, you must also include 3871 some support for these addresses (e.g., 3872 in a mailertable entry) -- otherwise, 3873 mail to addresses in this list will 3874 bounce with a configuration error. 3875 If set to "loopback" (without 3876 quotes), sendmail will skip 3877 loopback interfaces (e.g., "lo0"). 3878confPID_FILE PidFile [system dependent] Location of pid 3879 file. 3880confPROCESS_TITLE_PREFIX ProcessTitlePrefix 3881 [undefined] Prefix string for the 3882 process title shown on 'ps' listings. 3883confDONT_BLAME_SENDMAIL DontBlameSendmail 3884 [safe] Override sendmail's file 3885 safety checks. This will definitely 3886 compromise system security and should 3887 not be used unless absolutely 3888 necessary. 3889confREJECT_MSG - [550 Access denied] The message 3890 given if the access database contains 3891 REJECT in the value portion. 3892confRELAY_MSG - [550 Relaying denied] The message 3893 given if an unauthorized relaying 3894 attempt is rejected. 3895confDF_BUFFER_SIZE DataFileBufferSize 3896 [4096] The maximum size of a 3897 memory-buffered data (df) file 3898 before a disk-based file is used. 3899confXF_BUFFER_SIZE XScriptFileBufferSize 3900 [4096] The maximum size of a 3901 memory-buffered transcript (xf) 3902 file before a disk-based file is 3903 used. 3904confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5 3905 CRAM-MD5] List of authentication 3906 mechanisms for AUTH (separated by 3907 spaces). The advertised list of 3908 authentication mechanisms will be the 3909 intersection of this list and the list 3910 of available mechanisms as determined 3911 by the CYRUS SASL library. 3912confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains 3913 authentication information for 3914 outgoing connections. This file must 3915 contain the user id, the authorization 3916 id, the password (plain text), the 3917 realm to use, and the list of 3918 mechanisms to try, each on a separate 3919 line and must be readable by root (or 3920 the trusted user) only. If no realm 3921 is specified, $j is used. If no 3922 mechanisms are given in the file, 3923 AuthMechanisms is used. Notice: this 3924 option is deprecated and will be 3925 removed in future versions; it doesn't 3926 work for the MSP since it can't read 3927 the file. Use the authinfo ruleset 3928 instead. See also the section SMTP 3929 AUTHENTICATION. 3930confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A' 3931 then the AUTH= parameter for the 3932 MAIL FROM command is only issued 3933 when authentication succeeded. 3934 Other values (which should be listed 3935 one after the other without any 3936 intervening characters except for 3937 space or comma) are a, c, d, f, p, 3938 and y. See doc/op/op.me for 3939 details. 3940confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption 3941 strength for the security layer in 3942 SMTP AUTH (SASL). Default is 3943 essentially unlimited. 3944confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 3945 verification is performed, i.e., 3946 the server doesn't ask for a 3947 certificate. 3948confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map 3949 specification for LDAP maps. The 3950 value should only contain LDAP 3951 specific settings such as "-h host 3952 -p port -d bindDN", etc. The 3953 settings will be used for all LDAP 3954 maps unless they are specified in 3955 the individual map specification 3956 ('K' command). 3957confCACERT_PATH CACertPath [undefined] Path to directory 3958 with certs of CAs. 3959confCACERT CACertFile [undefined] File containing one CA 3960 cert. 3961confSERVER_CERT ServerCertFile [undefined] File containing the 3962 cert of the server, i.e., this cert 3963 is used when sendmail acts as 3964 server. 3965confSERVER_KEY ServerKeyFile [undefined] File containing the 3966 private key belonging to the server 3967 cert. 3968confCLIENT_CERT ClientCertFile [undefined] File containing the 3969 cert of the client, i.e., this cert 3970 is used when sendmail acts as 3971 client. 3972confCLIENT_KEY ClientKeyFile [undefined] File containing the 3973 private key belonging to the client 3974 cert. 3975confDH_PARAMETERS DHParameters [undefined] File containing the 3976 DH parameters. 3977confRAND_FILE RandFile [undefined] File containing random 3978 data (use prefix file:) or the 3979 name of the UNIX socket if EGD is 3980 used (use prefix egd:). STARTTLS 3981 requires this option if the compile 3982 flag HASURANDOM is not set (see 3983 sendmail/README). 3984confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of 3985 queue runners is set the given value 3986 (nice(3)). 3987confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 3988 [undefined] Defines {daemon_flags} 3989 for direct submissions. 3990confUSE_MSP UseMSP [false] Use as mail submission 3991 program, see sendmail/SECURITY. 3992confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By 3993 SMTP Service Extension (RFC 2852). 3994confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory. 3995confFAST_SPLIT FastSplit [1] If set to a value greater than 3996 zero, the initial MX lookups on 3997 addresses is suppressed when they 3998 are sorted which may result in 3999 faster envelope splitting. If the 4000 mail is submitted directly from the 4001 command line, then the value also 4002 limits the number of processes to 4003 deliver the envelopes. 4004confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find 4005 information about local mailboxes. 4006confDEQUOTE_OPTS - [empty] Additional options for the 4007 dequote map. 4008confINPUT_MAIL_FILTERS InputMailFilters 4009 A comma separated list of filters 4010 which determines which filters and 4011 the invocation sequence are 4012 contacted for incoming SMTP 4013 messages. If none are set, no 4014 filters will be contacted. 4015confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter 4016 actions, defaults to LogLevel. 4017confMILTER_MACROS_CONNECT Milter.macros.connect 4018 [j, _, {daemon_name}, {if_name}, 4019 {if_addr}] Macros to transmit to 4020 milters when a session connection 4021 starts. 4022confMILTER_MACROS_HELO Milter.macros.helo 4023 [{tls_version}, {cipher}, 4024 {cipher_bits}, {cert_subject}, 4025 {cert_issuer}] Macros to transmit to 4026 milters after HELO/EHLO command. 4027confMILTER_MACROS_ENVFROM Milter.macros.envfrom 4028 [i, {auth_type}, {auth_authen}, 4029 {auth_ssf}, {auth_author}, 4030 {mail_mailer}, {mail_host}, 4031 {mail_addr}] Macros to transmit to 4032 milters after MAIL FROM command. 4033confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 4034 [{rcpt_mailer}, {rcpt_host}, 4035 {rcpt_addr}] Macros to transmit to 4036 milters after RCPT TO command. 4037 4038 4039See also the description of OSTYPE for some parameters that can be 4040tweaked (generally pathnames to mailers). 4041 4042ClientPortOptions and DaemonPortOptions are special cases since multiple 4043clients/daemons can be defined. This can be done via 4044 4045 CLIENT_OPTIONS(`field1=value1,field2=value2,...') 4046 DAEMON_OPTIONS(`field1=value1,field2=value2,...') 4047 4048Note that multiple CLIENT_OPTIONS() commands (and therefore multiple 4049ClientPortOptions settings) are allowed in order to give settings for each 4050protocol family (e.g., one for Family=inet and one for Family=inet6). A 4051restriction placed on one family only affects outgoing connections on that 4052particular family. 4053 4054If DAEMON_OPTIONS is not used, then the default is 4055 4056 DAEMON_OPTIONS(`Port=smtp, Name=MTA') 4057 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') 4058 4059If you use one DAEMON_OPTIONS macro, it will alter the parameters 4060of the first of these. The second will still be defaulted; it 4061represents a "Message Submission Agent" (MSA) as defined by RFC 40622476 (see below). To turn off the default definition for the MSA, 4063use FEATURE(`no_default_msa') (see also FEATURES). If you use 4064additional DAEMON_OPTIONS macros, they will add additional daemons. 4065 4066Example 1: To change the port for the SMTP listener, while 4067still using the MSA default, use 4068 DAEMON_OPTIONS(`Port=925, Name=MTA') 4069 4070Example 2: To change the port for the MSA daemon, while still 4071using the default SMTP port, use 4072 FEATURE(`no_default_msa') 4073 DAEMON_OPTIONS(`Name=MTA') 4074 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') 4075 4076Note that if the first of those DAEMON_OPTIONS lines were omitted, then 4077there would be no listener on the standard SMTP port. 4078 4079Example 3: To listen on both IPv4 and IPv6 interfaces, use 4080 4081 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') 4082 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') 4083 4084A "Message Submission Agent" still uses all of the same rulesets for 4085processing the message (and therefore still allows message rejection via 4086the check_* rulesets). In accordance with the RFC, the MSA will ensure 4087that all domains in envelope addresses are fully qualified if the message 4088is relayed to another MTA. It will also enforce the normal address syntax 4089rules and log error messages. Additionally, by using the M=a modifier you 4090can require authentication before messages are accepted by the MSA. 4091Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally, 4092the M=E modifier shown above disables ETRN as required by RFC 2476. 4093 4094Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() 4095commands: 4096 4097 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') 4098 MAIL_FILTER(`myfilter', `S=inet:3333@localhost') 4099 4100The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the 4101same order they were specified by also setting confINPUT_MAIL_FILTERS. A 4102filter can be defined without adding it to the input filter list by using 4103MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. 4104Alternatively, you can reset the list of filters and their order by setting 4105confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in 4106your .mc file. 4107 4108 4109+----------------------------+ 4110| MESSAGE SUBMISSION PROGRAM | 4111+----------------------------+ 4112 4113The purpose of the message submission program (MSP) is explained 4114in sendmail/SECURITY. This section contains a list of caveats and 4115a few hints how for those who want to tweak the default configuration 4116for it (which is installed as submit.cf). 4117 4118Notice: do not add options/features to submit.mc unless you are 4119absolutely sure you need them. Options you may want to change 4120include: 4121 4122- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for 4123 avoiding X-Authentication warnings. 4124- confTIME_ZONE to change it from the default `USE_TZ'. 4125- confDELIVERY_MODE is set to interactive in msp.m4 instead 4126 of the default background mode. 4127- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses 4128 to the LOCAL_RELAY instead of the default relay. 4129- confRAND_FILE if you use STARTTLS and sendmail is not compiled with 4130 the flag HASURANDOM. 4131 4132The MSP performs hostname canonicalization by default. As also 4133explained in sendmail/SECURITY, mail may end up for various DNS 4134related reasons in the MSP queue. This problem can be minimized by 4135using 4136 4137 FEATURE(`nocanonify', `canonify_hosts') 4138 define(`confDIRECT_SUBMISSION_MODIFIERS', `C') 4139 4140See the discussion about nocanonify for possible side effects. 4141 4142Some things are not intended to work with the MSP. These include 4143features that influence the delivery process (e.g., mailertable, 4144aliases), or those that are only important for a SMTP server (e.g., 4145virtusertable, DaemonPortOptions, multiple queues). Moreover, 4146relaxing certain restrictions (RestrictQueueRun, permissions on 4147queue directory) or adding features (e.g., enabling prog/file mailer) 4148can cause security problems. 4149 4150Other things don't work well with the MSP and require tweaking or 4151workarounds. For example, to allow for client authentication it 4152is not just sufficient to provide a client certificate and the 4153corresponding key, but it is also necessary to make the key group 4154(smmsp) readable and tell sendmail not to complain about that, i.e., 4155 4156 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile') 4157 4158If the MSP should actually use AUTH then the necessary data 4159should be placed in a map as explained in SMTP AUTHENTICATION: 4160 4161FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo') 4162 4163/etc/mail/msp-authinfo should contain an entry like: 4164 4165 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5" 4166 4167The file and the map created by makemap should be owned by smmsp, 4168its group should be smmsp, and it should have mode 640. The database 4169used by the MTA for AUTH must have a corresponding entry. 4170Additionally the MTA must trust this authentication data so the AUTH= 4171part will be relayed on to the next hop. This can be achieved by 4172adding the following to your sendmail.mc file: 4173 4174 LOCAL_RULESETS 4175 SLocal_trust_auth 4176 R$* $: $&{auth_authen} 4177 Rsmmsp $# OK 4178 4179feature/msp.m4 defines almost all settings for the MSP. Most of 4180those should not be changed at all. Some of the features and options 4181can be overridden if really necessary. It is a bit tricky to do 4182this, because it depends on the actual way the option is defined 4183in feature/msp.m4. If it is directly defined (i.e., define()) then 4184the modified value must be defined after 4185 4186 FEATURE(`msp') 4187 4188If it is conditionally defined (i.e., ifdef()) then the desired 4189value must be defined before the FEATURE line in the .mc file. 4190To see how the options are defined read feature/msp.m4. 4191 4192 4193+--------------------------+ 4194| FORMAT OF FILES AND MAPS | 4195+--------------------------+ 4196 4197Files that define classes, i.e., F{classname}, consist of lines 4198each of which contains a single element of the class. For example, 4199/etc/mail/local-host-names may have the following content: 4200 4201my.domain 4202another.domain 4203 4204Maps must be created using makemap(8) , e.g., 4205 4206 makemap hash MAP < MAP 4207 4208In general, a text file from which a map is created contains lines 4209of the form 4210 4211key value 4212 4213where 'key' and 'value' are also called LHS and RHS, respectively. 4214By default, the delimiter between LHS and RHS is a non-empty sequence 4215of white space characters. 4216 4217 4218+------------------+ 4219| DIRECTORY LAYOUT | 4220+------------------+ 4221 4222Within this directory are several subdirectories, to wit: 4223 4224m4 General support routines. These are typically 4225 very important and should not be changed without 4226 very careful consideration. 4227 4228cf The configuration files themselves. They have 4229 ".mc" suffixes, and must be run through m4 to 4230 become complete. The resulting output should 4231 have a ".cf" suffix. 4232 4233ostype Definitions describing a particular operating 4234 system type. These should always be referenced 4235 using the OSTYPE macro in the .mc file. Examples 4236 include "bsd4.3", "bsd4.4", "sunos3.5", and 4237 "sunos4.1". 4238 4239domain Definitions describing a particular domain, referenced 4240 using the DOMAIN macro in the .mc file. These are 4241 site dependent; for example, "CS.Berkeley.EDU.m4" 4242 describes hosts in the CS.Berkeley.EDU subdomain. 4243 4244mailer Descriptions of mailers. These are referenced using 4245 the MAILER macro in the .mc file. 4246 4247sh Shell files used when building the .cf file from the 4248 .mc file in the cf subdirectory. 4249 4250feature These hold special orthogonal features that you might 4251 want to include. They should be referenced using 4252 the FEATURE macro. 4253 4254hack Local hacks. These can be referenced using the HACK 4255 macro. They shouldn't be of more than voyeuristic 4256 interest outside the .Berkeley.EDU domain, but who knows? 4257 4258siteconfig Site configuration -- e.g., tables of locally connected 4259 UUCP sites. 4260 4261 4262+------------------------+ 4263| ADMINISTRATIVE DETAILS | 4264+------------------------+ 4265 4266The following sections detail usage of certain internal parts of the 4267sendmail.cf file. Read them carefully if you are trying to modify 4268the current model. If you find the above descriptions adequate, these 4269should be {boring, confusing, tedious, ridiculous} (pick one or more). 4270 4271RULESETS (* means built in to sendmail) 4272 4273 0 * Parsing 4274 1 * Sender rewriting 4275 2 * Recipient rewriting 4276 3 * Canonicalization 4277 4 * Post cleanup 4278 5 * Local address rewrite (after aliasing) 4279 1x mailer rules (sender qualification) 4280 2x mailer rules (recipient qualification) 4281 3x mailer rules (sender header qualification) 4282 4x mailer rules (recipient header qualification) 4283 5x mailer subroutines (general) 4284 6x mailer subroutines (general) 4285 7x mailer subroutines (general) 4286 8x reserved 4287 90 Mailertable host stripping 4288 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 4289 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 4290 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 4291 4292 4293MAILERS 4294 4295 0 local, prog local and program mailers 4296 1 [e]smtp, relay SMTP channel 4297 2 uucp-* UNIX-to-UNIX Copy Program 4298 3 netnews Network News delivery 4299 4 fax Sam Leffler's HylaFAX software 4300 5 mail11 DECnet mailer 4301 4302 4303MACROS 4304 4305 A 4306 B Bitnet Relay 4307 C DECnet Relay 4308 D The local domain -- usually not needed 4309 E reserved for X.400 Relay 4310 F FAX Relay 4311 G 4312 H mail Hub (for mail clusters) 4313 I 4314 J 4315 K 4316 L Luser Relay 4317 M Masquerade (who you claim to be) 4318 N 4319 O 4320 P 4321 Q 4322 R Relay (for unqualified names) 4323 S Smart Host 4324 T 4325 U my UUCP name (if you have a UUCP connection) 4326 V UUCP Relay (class {V} hosts) 4327 W UUCP Relay (class {W} hosts) 4328 X UUCP Relay (class {X} hosts) 4329 Y UUCP Relay (all other hosts) 4330 Z Version number 4331 4332 4333CLASSES 4334 4335 A 4336 B domains that are candidates for bestmx lookup 4337 C 4338 D 4339 E addresses that should not seem to come from $M 4340 F hosts this system forward for 4341 G domains that should be looked up in genericstable 4342 H 4343 I 4344 J 4345 K 4346 L addresses that should not be forwarded to $R 4347 M domains that should be mapped to $M 4348 N host/domains that should not be mapped to $M 4349 O operators that indicate network operations (cannot be in local names) 4350 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 4351 Q 4352 R domains this system is willing to relay (pass anti-spam filters) 4353 S 4354 T 4355 U locally connected UUCP hosts 4356 V UUCP hosts connected to relay $V 4357 W UUCP hosts connected to relay $W 4358 X UUCP hosts connected to relay $X 4359 Y locally connected smart UUCP hosts 4360 Z locally connected domain-ized UUCP hosts 4361 . the class containing only a dot 4362 [ the class containing only a left bracket 4363 4364 4365M4 DIVERSIONS 4366 4367 1 Local host detection and resolution 4368 2 Local Ruleset 3 additions 4369 3 Local Ruleset 0 additions 4370 4 UUCP Ruleset 0 additions 4371 5 locally interpreted names (overrides $R) 4372 6 local configuration (at top of file) 4373 7 mailer definitions 4374 8 DNS based blacklists 4375 9 special local rulesets (1 and 2) 4376 4377$Revision: 8.623.2.23 $, Last updated $Date: 2003/03/28 17:28:26 $ 4378