README revision 125820
1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide (doc/op/op.me). 8 9To get started, you may want to look at tcpproto.mc (for TCP-only 10sites) and clientproto.mc (for clusters of clients using a single 11mail host), or the generic-*.mc files as operating system-specific 12examples. 13 14Table of Content: 15 16INTRODUCTION AND EXAMPLE 17A BRIEF INTRODUCTION TO M4 18FILE LOCATIONS 19OSTYPE 20DOMAINS 21MAILERS 22FEATURES 23HACKS 24SITE CONFIGURATION 25USING UUCP MAILERS 26TWEAKING RULESETS 27MASQUERADING AND RELAYING 28USING LDAP FOR ALIASES, MAPS, AND CLASSES 29LDAP ROUTING 30ANTI-SPAM CONFIGURATION CONTROL 31STARTTLS 32SMTP AUTHENTICATION 33ADDING NEW MAILERS OR RULESETS 34ADDING NEW MAIL FILTERS 35QUEUE GROUP DEFINITIONS 36NON-SMTP BASED CONFIGURATIONS 37WHO AM I? 38ACCEPTING MAIL FOR MULTIPLE NAMES 39USING MAILERTABLES 40USING USERDB TO MAP FULL NAMES 41MISCELLANEOUS SPECIAL FEATURES 42SECURITY NOTES 43TWEAKING CONFIGURATION OPTIONS 44MESSAGE SUBMISSION PROGRAM 45FORMAT OF FILES AND MAPS 46DIRECTORY LAYOUT 47ADMINISTRATIVE DETAILS 48 49 50+--------------------------+ 51| INTRODUCTION AND EXAMPLE | 52+--------------------------+ 53 54Configuration files are contained in the subdirectory "cf", with a 55suffix ".mc". They must be run through "m4" to produce a ".cf" file. 56You must pre-load "cf.m4": 57 58 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 59 60Alternatively, you can simply: 61 62 cd ${CFDIR}/cf 63 ./Build config.cf 64 65where ${CFDIR} is the root of the cf directory and config.mc is the 66name of your configuration file. If you are running a version of M4 67that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 68this, but the versions distributed with 4.4BSD and derivatives do not) 69or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 70For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 71use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 72 73 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 74 75Let's examine a typical .mc file: 76 77 divert(-1) 78 # 79 # Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. 80 # All rights reserved. 81 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 82 # Copyright (c) 1988, 1993 83 # The Regents of the University of California. All rights reserved. 84 # 85 # By using this file, you agree to the terms and conditions set 86 # forth in the LICENSE file which can be found at the top level of 87 # the sendmail distribution. 88 # 89 90 # 91 # This is a Berkeley-specific configuration file for HP-UX 9.x. 92 # It applies only to the Computer Science Division at Berkeley, 93 # and should not be used elsewhere. It is provided on the sendmail 94 # distribution as a sample only. To create your own configuration 95 # file, create an appropriate domain file in ../domain, change the 96 # `DOMAIN' macro below to reference that file, and copy the result 97 # to a name of your own choosing. 98 # 99 divert(0) 100 101The divert(-1) will delete the crud in the resulting output file. 102The copyright notice can be replaced by whatever your lawyers require; 103our lawyers require the one that is included in these files. A copyleft 104is a copyright by another name. The divert(0) restores regular output. 105 106 VERSIONID(`<SCCS or RCS version id>') 107 108VERSIONID is a macro that stuffs the version information into the 109resulting file. You could use SCCS, RCS, CVS, something else, or 110omit it completely. This is not the same as the version id included 111in SMTP greeting messages -- this is defined in m4/version.m4. 112 113 OSTYPE(`hpux9')dnl 114 115You must specify an OSTYPE to properly configure things such as the 116pathname of the help and status files, the flags needed for the local 117mailer, and other important things. If you omit it, you will get an 118error when you try to build the configuration. Look at the ostype 119directory for the list of known operating system types. 120 121 DOMAIN(`CS.Berkeley.EDU')dnl 122 123This example is specific to the Computer Science Division at Berkeley. 124You can use "DOMAIN(`generic')" to get a sufficiently bland definition 125that may well work for you, or you can create a customized domain 126definition appropriate for your environment. 127 128 MAILER(`local') 129 MAILER(`smtp') 130 131These describe the mailers used at the default CS site. The local 132mailer is always included automatically. Beware: MAILER declarations 133should always be at the end of the configuration file. The general 134rules are that the order should be: 135 136 VERSIONID 137 OSTYPE 138 DOMAIN 139 FEATURE 140 local macro definitions 141 MAILER 142 LOCAL_CONFIG 143 LOCAL_RULE_* 144 LOCAL_RULESETS 145 146There are a few exceptions to this rule. Local macro definitions which 147influence a FEATURE() should be done before that feature. For example, 148a define(`PROCMAIL_MAILER_PATH', ...) should be done before 149FEATURE(`local_procmail'). 150 151******************************************************************* 152*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 153*** Berkeley-specific assumptions built in, such as the name *** 154*** of their UUCP-relay. You'll want to create your own *** 155*** domain description, and use that in place of *** 156*** domain/Berkeley.EDU.m4. *** 157******************************************************************* 158 159 160+----------------------------+ 161| A BRIEF INTRODUCTION TO M4 | 162+----------------------------+ 163 164Sendmail uses the M4 macro processor to ``compile'' the configuration 165files. The most important thing to know is that M4 is stream-based, 166that is, it doesn't understand about lines. For this reason, in some 167places you may see the word ``dnl'', which stands for ``delete 168through newline''; essentially, it deletes all characters starting 169at the ``dnl'' up to and including the next newline character. In 170most cases sendmail uses this only to avoid lots of unnecessary 171blank lines in the output. 172 173Other important directives are define(A, B) which defines the macro 174``A'' to have value ``B''. Macros are expanded as they are read, so 175one normally quotes both values to prevent expansion. For example, 176 177 define(`SMART_HOST', `smart.foo.com') 178 179One word of warning: M4 macros are expanded even in lines that appear 180to be comments. For example, if you have 181 182 # See FEATURE(`foo') above 183 184it will not do what you expect, because the FEATURE(`foo') will be 185expanded. This also applies to 186 187 # And then define the $X macro to be the return address 188 189because ``define'' is an M4 keyword. If you want to use them, surround 190them with directed quotes, `like this'. 191 192Since m4 uses single quotes (opening "`" and closing "'") to quote 193arguments, those quotes can't be used in arguments. For example, 194it is not possible to define a rejection message containing a single 195quote. Usually there are simple workarounds by changing those 196messages; in the worst case it might be ok to change the value 197directly in the generated .cf file, which however is not advised. 198 199 200Notice: 201------- 202 203This package requires a post-V7 version of m4; if you are running the 2044.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or 205BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works. 206Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a 207Net/2 or GNU version. GNU m4 is available from 208ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version). 209EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU 210m4 on this platform. 211 212 213+----------------+ 214| FILE LOCATIONS | 215+----------------+ 216 217sendmail 8.9 has introduced a new configuration directory for sendmail 218related files, /etc/mail. The new files available for sendmail 8.9 -- 219the class {R} /etc/mail/relay-domains and the access database 220/etc/mail/access -- take advantage of this new directory. Beginning with 2218.10, all files will use this directory by default (some options may be 222set by OSTYPE() files). This new directory should help to restore 223uniformity to sendmail's file locations. 224 225Below is a table of some of the common changes: 226 227Old filename New filename 228------------ ------------ 229/etc/bitdomain /etc/mail/bitdomain 230/etc/domaintable /etc/mail/domaintable 231/etc/genericstable /etc/mail/genericstable 232/etc/uudomain /etc/mail/uudomain 233/etc/virtusertable /etc/mail/virtusertable 234/etc/userdb /etc/mail/userdb 235 236/etc/aliases /etc/mail/aliases 237/etc/sendmail/aliases /etc/mail/aliases 238/etc/ucbmail/aliases /etc/mail/aliases 239/usr/adm/sendmail/aliases /etc/mail/aliases 240/usr/lib/aliases /etc/mail/aliases 241/usr/lib/mail/aliases /etc/mail/aliases 242/usr/ucblib/aliases /etc/mail/aliases 243 244/etc/sendmail.cw /etc/mail/local-host-names 245/etc/mail/sendmail.cw /etc/mail/local-host-names 246/etc/sendmail/sendmail.cw /etc/mail/local-host-names 247 248/etc/sendmail.ct /etc/mail/trusted-users 249 250/etc/sendmail.oE /etc/mail/error-header 251 252/etc/sendmail.hf /etc/mail/helpfile 253/etc/mail/sendmail.hf /etc/mail/helpfile 254/usr/ucblib/sendmail.hf /etc/mail/helpfile 255/etc/ucbmail/sendmail.hf /etc/mail/helpfile 256/usr/lib/sendmail.hf /etc/mail/helpfile 257/usr/share/lib/sendmail.hf /etc/mail/helpfile 258/usr/share/misc/sendmail.hf /etc/mail/helpfile 259/share/misc/sendmail.hf /etc/mail/helpfile 260 261/etc/service.switch /etc/mail/service.switch 262 263/etc/sendmail.st /etc/mail/statistics 264/etc/mail/sendmail.st /etc/mail/statistics 265/etc/mailer/sendmail.st /etc/mail/statistics 266/etc/sendmail/sendmail.st /etc/mail/statistics 267/usr/lib/sendmail.st /etc/mail/statistics 268/usr/ucblib/sendmail.st /etc/mail/statistics 269 270Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR 271to create the pathnames. The default value of this variable is 272`/etc/mail/'. If you set this macro to a different value, you MUST include 273a trailing slash. 274 275Notice: all filenames used in a .mc (or .cf) file should be absolute 276(starting at the root, i.e., with '/'). Relative filenames most 277likely cause surprises during operations (unless otherwise noted). 278 279 280+--------+ 281| OSTYPE | 282+--------+ 283 284You MUST define an operating system environment, or the configuration 285file build will puke. There are several environments available; look 286at the "ostype" directory for the current list. This macro changes 287things like the location of the alias file and queue directory. Some 288of these files are identical to one another. 289 290It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 291In general, the OSTYPE macro should go immediately after any version 292information, and MAILER definitions should always go last. 293 294Operating system definitions are usually easy to write. They may define 295the following variables (everything defaults, so an ostype file may be 296empty). Unfortunately, the list of configuration-supported systems is 297not as broad as the list of source-supported systems, since many of 298the source contributors do not include corresponding ostype files. 299 300ALIAS_FILE [/etc/mail/aliases] The location of the text version 301 of the alias file(s). It can be a comma-separated 302 list of names (but be sure you quote values with 303 commas in them -- for example, use 304 define(`ALIAS_FILE', `a,b') 305 to get "a" and "b" both listed as alias files; 306 otherwise the define() primitive only sees "a"). 307HELP_FILE [/etc/mail/helpfile] The name of the file 308 containing information printed in response to 309 the SMTP HELP command. 310QUEUE_DIR [/var/spool/mqueue] The directory containing 311 queue files. To use multiple queues, supply 312 a value ending with an asterisk. For 313 example, /var/spool/mqueue/qd* will use all of the 314 directories or symbolic links to directories 315 beginning with 'qd' in /var/spool/mqueue as queue 316 directories. The names 'qf', 'df', and 'xf' are 317 reserved as specific subdirectories for the 318 corresponding queue file types as explained in 319 doc/op/op.me. See also QUEUE GROUP DEFINITIONS. 320MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing 321 queue files for the MSP (Mail Submission Program, 322 see sendmail/SECURITY). 323STATUS_FILE [/etc/mail/statistics] The file containing status 324 information. 325LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 326LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The 327 flags lsDFMAw5:/|@q are always included. 328LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 329 mail. 330LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 331 mail that you are willing to accept. 332LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of 333 messages to deliver in a single connection. Only 334 useful for LMTP local mailers. 335LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 336 that ARRIVE from an address that resolves to the 337 local mailer and which are converted to MIME will be 338 labeled with this character set. 339LOCAL_MAILER_EOL [undefined] If defined, the string to use as the 340 end of line for the local mailer. 341LOCAL_MAILER_DSN_DIAGNOSTIC_CODE 342 [X-Unix] The DSN Diagnostic-Code value for the 343 local mailer. This should be changed with care. 344LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 345LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 346 flags lsDFM are always included. 347LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 348 mail. 349LOCAL_SHELL_DIR [$z:/] The directory search path in which the 350 shell should run. 351LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer. 352USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 353 used to submit news. 354USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer. 355USENET_MAILER_ARGS [-m -h -n] The command line arguments for the 356 usenet mailer. NOTE: Some versions of inews 357 (such as those shipped with newer versions of INN) 358 use different flags. Double check the defaults 359 against the inews man page. 360USENET_MAILER_MAX [undefined] The maximum size of messages that will 361 be accepted by the usenet mailer. 362USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer. 363SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 364 flags are `mDFMuX' for all SMTP-based mailers; the 365 "esmtp" mailer adds `a'; "smtp8" adds `8'; and 366 "dsmtp" adds `%'. 367RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default 368 flags are `mDFMuX' for all SMTP-based mailers; the 369 relay mailer adds `a8'. If this is not defined, 370 then SMTP_MAILER_FLAGS is used. 371SMTP_MAILER_MAX [undefined] The maximum size of messages that will 372 be transported using the smtp, smtp8, esmtp, or dsmtp 373 mailers. 374SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of 375 messages to deliver in a single connection for the 376 smtp, smtp8, esmtp, or dsmtp mailers. 377SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 378 recipients to deliver in a single connection for the 379 smtp, smtp8, esmtp, or dsmtp mailers. 380SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. 381 About the only reason you would want to change this 382 would be to change the default port. 383ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. 384SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. 385DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. 386RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. 387SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer. 388ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer. 389SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer. 390DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer. 391RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer. 392RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of 393 messages to deliver in a single connection for the 394 relay mailer. 395SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 396 that ARRIVE from an address that resolves to one of 397 the SMTP mailers and which are converted to MIME will 398 be labeled with this character set. 399UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 400UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 401 flags are `DFMhuU' (and `m' for uucp-new mailer, 402 minus `U' for uucp-dom mailer). 403UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 404 passed to the UUCP mailer. 405UUCP_MAILER_MAX [100000] The maximum size message accepted for 406 transmission by the UUCP mailers. 407UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 408 that ARRIVE from an address that resolves to one of 409 the UUCP mailers and which are converted to MIME will 410 be labeled with this character set. 411UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers. 412FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 413 submit FAX messages. 414FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 415 mailer. 416FAX_MAILER_MAX [100000] The maximum size message accepted for 417 transmission by FAX. 418POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 419POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq 420 are always added. 421POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 422POP_MAILER_QGRP [undefined] The queue group for the pop mailer. 423PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 424 program. This is also used by 425 FEATURE(`local_procmail'). 426PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 427 DFM are always set. This is NOT used by 428 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 429 instead. 430PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 431 the Procmail mailer. This is NOT used by 432 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 433 instead. 434PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 435 will be accepted by the procmail mailer. 436PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer. 437MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 438MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 439MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 440 mailer. 441MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer. 442PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 443 program. 444PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM 445 are always set. 446PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 447PH_MAILER_QGRP [undefined] The queue group for the ph mailer. 448CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The 449 flags lsDFMnPq are always included. 450CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 451 cyrus mail. 452CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 453 to deliver cyrus mail. 454CYRUS_MAILER_MAX [undefined] If set, the maximum size message that 455 will be accepted by the cyrus mailer. 456CYRUS_MAILER_USER [cyrus:mail] The user and group to become when 457 running the cyrus mailer. 458CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer. 459CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. 460 The flags lsDFMnP are always included. 461CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 462 to deliver cyrusbb mail. 463CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The 464 flags lsDFMnqXz are always included. 465CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of 466 messages to deliver in a single connection for the 467 cyrusv2 mailer. 468CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 469 recipients to deliver in a single connection for the 470 cyrusv2 mailer. 471CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed 472 to the cyrusv2 mailer. This can be used to 473 change the name of the Unix domain socket, or 474 to switch to delivery via TCP (e.g., `TCP $h lmtp') 475CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer. 476CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 477 that ARRIVE from an address that resolves to one the 478 Cyrus mailer and which are converted to MIME will 479 be labeled with this character set. 480confEBINDIR [/usr/libexec] The directory for executables. 481 Currently used for FEATURE(`local_lmtp') and 482 FEATURE(`smrsh'). 483QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer. 484QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver 485 qpage mail. 486QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed 487 to deliver qpage mail. 488QPAGE_MAILER_MAX [4096] If set, the maximum size message that 489 will be accepted by the qpage mailer. 490QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer. 491LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer. 492 493Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: 494MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of 495the macro Name_MAILER_FLAGS and change can be: flags that should 496be used directly (thus overriding the default value), or if it 497starts with `+' (`-') then those flags are added to (removed from) 498the default value. Example: 499 500 MODIFY_MAILER_FLAGS(`LOCAL', `+e') 501 502will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are 503several smtp mailers all of which are manipulated individually. 504See the section MAILERS for the available mailer names. 505WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS 506unconditionally, i.e., without respecting any definitions in an 507OSTYPE setting. 508 509 510+---------+ 511| DOMAINS | 512+---------+ 513 514You will probably want to collect domain-dependent defines into one 515file, referenced by the DOMAIN macro. For example, the Berkeley 516domain file includes definitions for several internal distinguished 517hosts: 518 519UUCP_RELAY The host that will accept UUCP-addressed email. 520 If not defined, all UUCP sites must be directly 521 connected. 522BITNET_RELAY The host that will accept BITNET-addressed email. 523 If not defined, the .BITNET pseudo-domain won't work. 524DECNET_RELAY The host that will accept DECNET-addressed email. 525 If not defined, the .DECNET pseudo-domain and addresses 526 of the form node::user will not work. 527FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 528 The "fax" mailer overrides this value. 529LOCAL_RELAY The site that will handle unqualified names -- that 530 is, names without an @domain extension. 531 Normally MAIL_HUB is preferred for this function. 532 LOCAL_RELAY is mostly useful in conjunction with 533 FEATURE(`stickyhost') -- see the discussion of 534 stickyhost below. If not set, they are assumed to 535 belong on this machine. This allows you to have a 536 central site to store a company- or department-wide 537 alias database. This only works at small sites, 538 and only with some user agents. 539LUSER_RELAY The site that will handle lusers -- that is, apparently 540 local names that aren't local accounts or aliases. To 541 specify a local user instead of a site, set this to 542 ``local:username''. 543 544Any of these can be either ``mailer:hostname'' (in which case the 545mailer is the internal mailer name, such as ``uucp-new'' and the hostname 546is the name of the host as appropriate for that mailer) or just a 547``hostname'', in which case a default mailer type (usually ``relay'', 548a variant on SMTP) is used. WARNING: if you have a wildcard MX 549record matching your domain, you probably want to define these to 550have a trailing dot so that you won't get the mail diverted back 551to yourself. 552 553The domain file can also be used to define a domain name, if needed 554(using "DD<domain>") and set certain site-wide features. If all hosts 555at your site masquerade behind one email name, you could also use 556MASQUERADE_AS here. 557 558You do not have to define a domain -- in particular, if you are a 559single machine sitting off somewhere, it is probably more work than 560it's worth. This is just a mechanism for combining "domain dependent 561knowledge" into one place. 562 563 564+---------+ 565| MAILERS | 566+---------+ 567 568There are fewer mailers supported in this version than the previous 569version, owing mostly to a simpler world. As a general rule, put the 570MAILER definitions last in your .mc file. 571 572local The local and prog mailers. You will almost always 573 need these; the only exception is if you relay ALL 574 your mail to another site. This mailer is included 575 automatically. 576 577smtp The Simple Mail Transport Protocol mailer. This does 578 not hide hosts behind a gateway or another other 579 such hack; it assumes a world where everyone is 580 running the name server. This file actually defines 581 five mailers: "smtp" for regular (old-style) SMTP to 582 other servers, "esmtp" for extended SMTP to other 583 servers, "smtp8" to do SMTP to other servers without 584 converting 8-bit data to MIME (essentially, this is 585 your statement that you know the other end is 8-bit 586 clean even if it doesn't say so), "dsmtp" to do on 587 demand delivery, and "relay" for transmission to the 588 RELAY_HOST, LUSER_RELAY, or MAIL_HUB. 589 590uucp The UNIX-to-UNIX Copy Program mailer. Actually, this 591 defines two mailers, "uucp-old" (a.k.a. "uucp") and 592 "uucp-new" (a.k.a. "suucp"). The latter is for when you 593 know that the UUCP mailer at the other end can handle 594 multiple recipients in one transfer. If the smtp mailer 595 is included in your configuration, two other mailers 596 ("uucp-dom" and "uucp-uudom") are also defined [warning: you 597 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you 598 include the uucp mailer, sendmail looks for all names in 599 class {U} and sends them to the uucp-old mailer; all 600 names in class {Y} are sent to uucp-new; and all 601 names in class {Z} are sent to uucp-uudom. Note that 602 this is a function of what version of rmail runs on 603 the receiving end, and hence may be out of your control. 604 See the section below describing UUCP mailers in more 605 detail. 606 607usenet Usenet (network news) delivery. If this is specified, 608 an extra rule is added to ruleset 0 that forwards all 609 local email for users named ``group.usenet'' to the 610 ``inews'' program. Note that this works for all groups, 611 and may be considered a security problem. 612 613fax Facsimile transmission. This is experimental and based 614 on Sam Leffler's HylaFAX software. For more information, 615 see http://www.hylafax.org/. 616 617pop Post Office Protocol. 618 619procmail An interface to procmail (does not come with sendmail). 620 This is designed to be used in mailertables. For example, 621 a common question is "how do I forward all mail for a given 622 domain to a single person?". If you have this mailer 623 defined, you could set up a mailertable reading: 624 625 host.com procmail:/etc/procmailrcs/host.com 626 627 with the file /etc/procmailrcs/host.com reading: 628 629 :0 # forward mail for host.com 630 ! -oi -f $1 person@other.host 631 632 This would arrange for (anything)@host.com to be sent 633 to person@other.host. In a procmail script, $1 is the 634 name of the sender and $2 is the name of the recipient. 635 If you use this with FEATURE(`local_procmail'), the FEATURE 636 should be listed first. 637 638 Of course there are other ways to solve this particular 639 problem, e.g., a catch-all entry in a virtusertable. 640 641mail11 The DECnet mail11 mailer, useful only if you have the mail11 642 program from gatekeeper.dec.com:/pub/DEC/gwtools (and 643 DECnet, of course). This is for Phase IV DECnet support; 644 if you have Phase V at your site you may have additional 645 problems. 646 647phquery The phquery program. This is somewhat counterintuitively 648 referenced as the "ph" mailer internally. It can be used 649 to do CCSO name server lookups. The phquery program, which 650 this mailer uses, is distributed with the ph client. 651 652cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 653 a local cyrus user. this mailer can make use of the 654 "user+detail@local.host" syntax (see 655 FEATURE(`preserve_local_plus_detail')); it will deliver the 656 mail to the user's "detail" mailbox if the mailbox's ACL 657 permits. The cyrusbb mailer delivers to a system-wide 658 cyrus mailbox if the mailbox's ACL permits. The cyrus 659 mailer must be defined after the local mailer. 660 661cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to 662 local cyrus users via LMTP. This mailer can make use of the 663 "user+detail@local.host" syntax (see 664 FEATURE(`preserve_local_plus_detail')); it will deliver the 665 mail to the user's "detail" mailbox if the mailbox's ACL 666 permits. The cyrusv2 mailer must be defined after the 667 local mailer. 668 669qpage A mailer for QuickPage, a pager interface. See 670 http://www.qpage.org/ for further information. 671 672The local mailer accepts addresses of the form "user+detail", where 673the "+detail" is not used for mailbox matching but is available 674to certain local mail programs (in particular, see 675FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 676"eric+sww" all indicate the same user, but additional arguments <null>, 677"sendmail", and "sww" may be provided for use in sorting mail. 678 679 680+----------+ 681| FEATURES | 682+----------+ 683 684Special features can be requested using the "FEATURE" macro. For 685example, the .mc line: 686 687 FEATURE(`use_cw_file') 688 689tells sendmail that you want to have it read an /etc/mail/local-host-names 690file to get values for class {w}. A FEATURE may contain up to 9 691optional parameters -- for example: 692 693 FEATURE(`mailertable', `dbm /usr/lib/mailertable') 694 695The default database map type for the table features can be set with 696 697 define(`DATABASE_MAP_TYPE', `dbm') 698 699which would set it to use ndbm databases. The default is the Berkeley DB 700hash database format. Note that you must still declare a database map type 701if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 702if no argument is given for the FEATURE. It must be specified before any 703feature that uses a map. 704 705Also, features which can take a map definition as an argument can also take 706the special keyword `LDAP'. If that keyword is used, the map will use the 707LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND 708CLASSES'' section below. 709 710Available features are: 711 712use_cw_file Read the file /etc/mail/local-host-names file to get 713 alternate names for this host. This might be used if you 714 were on a host that MXed for a dynamic set of other hosts. 715 If the set is static, just including the line "Cw<name1> 716 <name2> ..." (where the names are fully qualified domain 717 names) is probably superior. The actual filename can be 718 overridden by redefining confCW_FILE. 719 720use_ct_file Read the file /etc/mail/trusted-users file to get the 721 names of users that will be ``trusted'', that is, able to 722 set their envelope from address using -f without generating 723 a warning message. The actual filename can be overridden 724 by redefining confCT_FILE. 725 726redirect Reject all mail addressed to "address.REDIRECT" with 727 a ``551 User has moved; please try <address>'' message. 728 If this is set, you can alias people who have left 729 to their new address with ".REDIRECT" appended. 730 731nouucp Don't route UUCP addresses. This feature takes one 732 parameter: 733 `reject': reject addresses which have "!" in the local 734 part unless it originates from a system 735 that is allowed to relay. 736 `nospecial': don't do anything special with "!". 737 Warnings: 1. See the notice in the anti-spam section. 738 2. don't remove "!" from OperatorChars if `reject' is 739 given as parameter. 740 741nocanonify Don't pass addresses to $[ ... $] for canonification 742 by default, i.e., host/domain names are considered canonical, 743 except for unqualified names, which must not be used in this 744 mode (violation of the standard). It can be changed by 745 setting the DaemonPortOptions modifiers (M=). That is, 746 FEATURE(`nocanonify') will be overridden by setting the 747 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, 748 it can be emulated by setting the 'C' flag 749 (DaemonPortOptions=Modifiers=C). This would generally only 750 be used by sites that only act as mail gateways or which have 751 user agents that do full canonification themselves. You may 752 also want to use 753 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off 754 the usual resolver options that do a similar thing. 755 756 An exception list for FEATURE(`nocanonify') can be 757 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 758 i.e., a list of domains which are nevertheless passed to 759 $[ ... $] for canonification. This is useful to turn on 760 canonification for local domains, e.g., use 761 CANONIFY_DOMAIN(`my.domain my') to canonify addresses 762 which end in "my.domain" or "my". 763 Another way to require canonification in the local 764 domain is CANONIFY_DOMAIN(`$=m'). 765 766 A trailing dot is added to addresses with more than 767 one component in it such that other features which 768 expect a trailing dot (e.g., virtusertable) will 769 still work. 770 771 If `canonify_hosts' is specified as parameter, i.e., 772 FEATURE(`nocanonify', `canonify_hosts'), then 773 addresses which have only a hostname, e.g., 774 <user@host>, will be canonified (and hopefully fully 775 qualified), too. 776 777stickyhost This feature is sometimes used with LOCAL_RELAY, 778 although it can be used for a different effect with 779 MAIL_HUB. 780 781 When used without MAIL_HUB, email sent to 782 "user@local.host" are marked as "sticky" -- that 783 is, the local addresses aren't matched against UDB, 784 don't go through ruleset 5, and are not forwarded to 785 the LOCAL_RELAY (if defined). 786 787 With MAIL_HUB, mail addressed to "user@local.host" 788 is forwarded to the mail hub, with the envelope 789 address still remaining "user@local.host". 790 Without stickyhost, the envelope would be changed 791 to "user@mail_hub", in order to protect against 792 mailing loops. 793 794mailertable Include a "mailer table" which can be used to override 795 routing for particular domains (which are not in class {w}, 796 i.e. local host names). The argument of the FEATURE may be 797 the key definition. If none is specified, the definition 798 used is: 799 800 hash /etc/mail/mailertable 801 802 Keys in this database are fully qualified domain names 803 or partial domains preceded by a dot -- for example, 804 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a 805 special case of the latter, "." matches any domain not 806 covered by other keys. Values must be of the form: 807 mailer:domain 808 where "mailer" is the internal mailer name, and "domain" 809 is where to send the message. These maps are not 810 reflected into the message header. As a special case, 811 the forms: 812 local:user 813 will forward to the indicated user using the local mailer, 814 local: 815 will forward to the original user in the e-mail address 816 using the local mailer, and 817 error:code message 818 error:D.S.N:code message 819 will give an error message with the indicated SMTP reply 820 code and message, where D.S.N is an RFC 1893 compliant 821 error code. 822 823domaintable Include a "domain table" which can be used to provide 824 domain name mapping. Use of this should really be 825 limited to your own domains. It may be useful if you 826 change names (e.g., your company changes names from 827 oldname.com to newname.com). The argument of the 828 FEATURE may be the key definition. If none is specified, 829 the definition used is: 830 831 hash /etc/mail/domaintable 832 833 The key in this table is the domain name; the value is 834 the new (fully qualified) domain. Anything in the 835 domaintable is reflected into headers; that is, this 836 is done in ruleset 3. 837 838bitdomain Look up bitnet hosts in a table to try to turn them into 839 internet addresses. The table can be built using the 840 bitdomain program contributed by John Gardiner Myers. 841 The argument of the FEATURE may be the key definition; if 842 none is specified, the definition used is: 843 844 hash /etc/mail/bitdomain 845 846 Keys are the bitnet hostname; values are the corresponding 847 internet hostname. 848 849uucpdomain Similar feature for UUCP hosts. The default map definition 850 is: 851 852 hash /etc/mail/uudomain 853 854 At the moment there is no automagic tool to build this 855 database. 856 857always_add_domain 858 Include the local host domain even on locally delivered 859 mail. Normally it is not added on unqualified names. 860 However, if you use a shared message store but do not use 861 the same user name space everywhere, you may need the host 862 name on local names. An optional argument specifies 863 another domain to be added than the local. 864 865allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 866 feature will cause recipient addresses to also masquerade 867 as being from the masquerade host. Normally they get 868 the local hostname. Although this may be right for 869 ordinary users, it can break local aliases. For example, 870 if you send to "localalias", the originating sendmail will 871 find that alias and send to all members, but send the 872 message with "To: localalias@masqueradehost". Since that 873 alias likely does not exist, replies will fail. Use this 874 feature ONLY if you can guarantee that the ENTIRE 875 namespace on your masquerade host supersets all the 876 local entries. 877 878limited_masquerade 879 Normally, any hosts listed in class {w} are masqueraded. If 880 this feature is given, only the hosts listed in class {M} (see 881 below: MASQUERADE_DOMAIN) are masqueraded. This is useful 882 if you have several domains with disjoint namespaces hosted 883 on the same machine. 884 885masquerade_entire_domain 886 If masquerading is enabled (using MASQUERADE_AS) and 887 MASQUERADE_DOMAIN (see below) is set, this feature will 888 cause addresses to be rewritten such that the masquerading 889 domains are actually entire domains to be hidden. All 890 hosts within the masquerading domains will be rewritten 891 to the masquerade name (used in MASQUERADE_AS). For example, 892 if you have: 893 894 MASQUERADE_AS(`masq.com') 895 MASQUERADE_DOMAIN(`foo.org') 896 MASQUERADE_DOMAIN(`bar.com') 897 898 then *foo.org and *bar.com are converted to masq.com. Without 899 this feature, only foo.org and bar.com are masqueraded. 900 901 NOTE: only domains within your jurisdiction and 902 current hierarchy should be masqueraded using this. 903 904local_no_masquerade 905 This feature prevents the local mailer from masquerading even 906 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect 907 on addresses of mail going outside the local domain. 908 909masquerade_envelope 910 If masquerading is enabled (using MASQUERADE_AS) or the 911 genericstable is in use, this feature will cause envelope 912 addresses to also masquerade as being from the masquerade 913 host. Normally only the header addresses are masqueraded. 914 915genericstable This feature will cause unqualified addresses (i.e., without 916 a domain) and addresses with a domain listed in class {G} 917 to be looked up in a map and turned into another ("generic") 918 form, which can change both the domain name and the user name. 919 Notice: if you use an MSP (as it is default starting with 920 8.12), the MTA will only receive qualified addresses from the 921 MSP (as required by the RFCs). Hence you need to add your 922 domain to class {G}. This feature is similar to the userdb 923 functionality. The same types of addresses as for 924 masquerading are looked up, i.e., only header sender 925 addresses unless the allmasquerade and/or masquerade_envelope 926 features are given. Qualified addresses must have the domain 927 part in class {G}; entries can be added to this class by the 928 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously 929 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 930 931 The argument of FEATURE(`genericstable') may be the map 932 definition; the default map definition is: 933 934 hash /etc/mail/genericstable 935 936 The key for this table is either the full address, the domain 937 (with a leading @; the localpart is passed as first argument) 938 or the unqualified username (tried in the order mentioned); 939 the value is the new user address. If the new user address 940 does not include a domain, it will be qualified in the standard 941 manner, i.e., using $j or the masquerade name. Note that the 942 address being looked up must be fully qualified. For local 943 mail, it is necessary to use FEATURE(`always_add_domain') 944 for the addresses to be qualified. 945 The "+detail" of an address is passed as %1, so entries like 946 947 old+*@foo.org new+%1@example.com 948 gen+*@foo.org %1@example.com 949 950 and other forms are possible. 951 952generics_entire_domain 953 If the genericstable is enabled and GENERICS_DOMAIN or 954 GENERICS_DOMAIN_FILE is used, this feature will cause 955 addresses to be searched in the map if their domain 956 parts are subdomains of elements in class {G}. 957 958virtusertable A domain-specific form of aliasing, allowing multiple 959 virtual domains to be hosted on one machine. For example, 960 if the virtuser table contained: 961 962 info@foo.com foo-info 963 info@bar.com bar-info 964 joe@bar.com error:nouser 550 No such user here 965 jax@bar.com error:5.7.0:550 Address invalid 966 @baz.org jane@example.net 967 968 then mail addressed to info@foo.com will be sent to the 969 address foo-info, mail addressed to info@bar.com will be 970 delivered to bar-info, and mail addressed to anyone at baz.org 971 will be sent to jane@example.net, mail to joe@bar.com will 972 be rejected with the specified error message, and mail to 973 jax@bar.com will also have a RFC 1893 compliant error code 974 5.7.0. 975 976 The username from the original address is passed 977 as %1 allowing: 978 979 @foo.org %1@example.com 980 981 meaning someone@foo.org will be sent to someone@example.com. 982 Additionally, if the local part consists of "user+detail" 983 then "detail" is passed as %2 and "+detail" is passed as %3 984 when a match against user+* is attempted, so entries like 985 986 old+*@foo.org new+%2@example.com 987 gen+*@foo.org %2@example.com 988 +*@foo.org %1%3@example.com 989 X++@foo.org Z%3@example.com 990 @bar.org %1%3 991 992 and other forms are possible. Note: to preserve "+detail" 993 for a default case (@domain) %1%3 must be used as RHS. 994 There are two wildcards after "+": "+" matches only a non-empty 995 detail, "*" matches also empty details, e.g., user+@foo.org 996 matches +*@foo.org but not ++@foo.org. This can be used 997 to ensure that the parameters %2 and %3 are not empty. 998 999 All the host names on the left hand side (foo.com, bar.com, 1000 and baz.org) must be in class {w} or class {VirtHost}. The 1001 latter can be defined by the macros VIRTUSER_DOMAIN or 1002 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1003 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or 1004 VIRTUSER_DOMAIN_FILE is used, then the entries of class 1005 {VirtHost} are added to class {R}, i.e., relaying is allowed 1006 to (and from) those domains. The default map definition is: 1007 1008 hash /etc/mail/virtusertable 1009 1010 A new definition can be specified as the second argument of 1011 the FEATURE macro, such as 1012 1013 FEATURE(`virtusertable', `dbm /etc/mail/virtusers') 1014 1015virtuser_entire_domain 1016 If the virtusertable is enabled and VIRTUSER_DOMAIN or 1017 VIRTUSER_DOMAIN_FILE is used, this feature will cause 1018 addresses to be searched in the map if their domain 1019 parts are subdomains of elements in class {VirtHost}. 1020 1021ldap_routing Implement LDAP-based e-mail recipient routing according to 1022 the Internet Draft draft-lachman-laser-ldap-mail-routing-01. 1023 This provides a method to re-route addresses with a 1024 domain portion in class {LDAPRoute} to either a 1025 different mail host or a different address. Hosts can 1026 be added to this class using LDAPROUTE_DOMAIN and 1027 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1028 MASQUERADE_DOMAIN_FILE, see below). 1029 1030 See the LDAP ROUTING section below for more information. 1031 1032nodns If you aren't running DNS at your site (for example, 1033 you are UUCP-only connected). It's hard to consider 1034 this a "feature", but hey, it had to go somewhere. 1035 Actually, as of 8.7 this is a no-op -- remove "dns" from 1036 the hosts service switch entry instead. 1037 1038nullclient This is a special case -- it creates a configuration file 1039 containing nothing but support for forwarding all mail to a 1040 central hub via a local SMTP-based network. The argument 1041 is the name of that hub. 1042 1043 The only other feature that should be used in conjunction 1044 with this one is FEATURE(`nocanonify'). No mailers 1045 should be defined. No aliasing or forwarding is done. 1046 1047local_lmtp Use an LMTP capable local mailer. The argument to this 1048 feature is the pathname of an LMTP capable mailer. By 1049 default, mail.local is used. This is expected to be the 1050 mail.local which came with the 8.9 distribution which is 1051 LMTP capable. The path to mail.local is set by the 1052 confEBINDIR m4 variable -- making the default 1053 LOCAL_MAILER_PATH /usr/libexec/mail.local. 1054 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1055 i.e., without respecting any definitions in an OSTYPE setting. 1056 1057local_procmail Use procmail or another delivery agent as the local mailer. 1058 The argument to this feature is the pathname of the 1059 delivery agent, which defaults to PROCMAIL_MAILER_PATH. 1060 Note that this does NOT use PROCMAIL_MAILER_FLAGS or 1061 PROCMAIL_MAILER_ARGS for the local mailer; tweak 1062 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or 1063 specify the appropriate parameters. When procmail is used, 1064 the local mailer can make use of the 1065 "user+indicator@local.host" syntax; normally the +indicator 1066 is just tossed, but by default it is passed as the -a 1067 argument to procmail. 1068 1069 This feature can take up to three arguments: 1070 1071 1. Path to the mailer program 1072 [default: /usr/local/bin/procmail] 1073 2. Argument vector including name of the program 1074 [default: procmail -Y -a $h -d $u] 1075 3. Flags for the mailer [default: SPfhn9] 1076 1077 Empty arguments cause the defaults to be taken. 1078 Note that if you are on a system with a broken 1079 setreuid() call, you may need to add -f $f to the procmail 1080 argument vector to pass the proper sender to procmail. 1081 1082 For example, this allows it to use the maildrop 1083 (http://www.flounder.net/~mrsam/maildrop/) mailer instead 1084 by specifying: 1085 1086 FEATURE(`local_procmail', `/usr/local/bin/maildrop', 1087 `maildrop -d $u') 1088 1089 or scanmails using: 1090 1091 FEATURE(`local_procmail', `/usr/local/bin/scanmails') 1092 1093 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1094 i.e., without respecting any definitions in an OSTYPE setting. 1095 1096bestmx_is_local Accept mail as though locally addressed for any host that 1097 lists us as the best possible MX record. This generates 1098 additional DNS traffic, but should be OK for low to 1099 medium traffic hosts. The argument may be a set of 1100 domains, which will limit the feature to only apply to 1101 these domains -- this will reduce unnecessary DNS 1102 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 1103 WILDCARD MX RECORDS!!! If you have a wildcard MX record 1104 that matches your domain, you cannot use this feature. 1105 1106smrsh Use the SendMail Restricted SHell (smrsh) provided 1107 with the distribution instead of /bin/sh for mailing 1108 to programs. This improves the ability of the local 1109 system administrator to control what gets run via 1110 e-mail. If an argument is provided it is used as the 1111 pathname to smrsh; otherwise, the path defined by 1112 confEBINDIR is used for the smrsh binary -- by default, 1113 /usr/libexec/smrsh is assumed. 1114 1115promiscuous_relay 1116 By default, the sendmail configuration files do not permit 1117 mail relaying (that is, accepting mail from outside your 1118 local host (class {w}) and sending it to another host than 1119 your local host). This option sets your site to allow 1120 mail relaying from any site to any site. In almost all 1121 cases, it is better to control relaying more carefully 1122 with the access map, class {R}, or authentication. Domains 1123 can be added to class {R} by the macros RELAY_DOMAIN or 1124 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1125 MASQUERADE_DOMAIN_FILE, see below). 1126 1127relay_entire_domain 1128 This option allows any host in your domain as defined by 1129 class {m} to use your server for relaying. Notice: make 1130 sure that your domain is not just a top level domain, 1131 e.g., com. This can happen if you give your host a name 1132 like example.com instead of host.example.com. 1133 1134relay_hosts_only 1135 By default, names that are listed as RELAY in the access 1136 db and class {R} are treated as domain names, not host names. 1137 For example, if you specify ``foo.com'', then mail to or 1138 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 1139 will all be accepted for relaying. This feature changes 1140 the behaviour to lookup individual host names only. 1141 1142relay_based_on_MX 1143 Turns on the ability to allow relaying based on the MX 1144 records of the host portion of an incoming recipient; that 1145 is, if an MX record for host foo.com points to your site, 1146 you will accept and relay mail addressed to foo.com. See 1147 description below for more information before using this 1148 feature. Also, see the KNOWNBUGS entry regarding bestmx 1149 map lookups. 1150 1151 FEATURE(`relay_based_on_MX') does not necessarily allow 1152 routing of these messages which you expect to be allowed, 1153 if route address syntax (or %-hack syntax) is used. If 1154 this is a problem, add entries to the access-table or use 1155 FEATURE(`loose_relay_check'). 1156 1157relay_mail_from 1158 Allows relaying if the mail sender is listed as RELAY in 1159 the access map. If an optional argument `domain' (this 1160 is the literal word `domain', not a placeholder) is given, 1161 relaying can be allowed just based on the domain portion 1162 of the sender address. This feature should only be used if 1163 absolutely necessary as the sender address can be easily 1164 forged. Use of this feature requires the "From:" tag to 1165 be used for the key in the access map; see the discussion 1166 of tags and FEATURE(`relay_mail_from') in the section on 1167 anti-spam configuration control. 1168 1169relay_local_from 1170 Allows relaying if the domain portion of the mail sender 1171 is a local host. This should only be used if absolutely 1172 necessary as it opens a window for spammers. Specifically, 1173 they can send mail to your mail server that claims to be 1174 from your domain (either directly or via a routed address), 1175 and you will go ahead and relay it out to arbitrary hosts 1176 on the Internet. 1177 1178accept_unqualified_senders 1179 Normally, MAIL FROM: commands in the SMTP session will be 1180 refused if the connection is a network connection and the 1181 sender address does not include a domain name. If your 1182 setup sends local mail unqualified (i.e., MAIL FROM: <joe>), 1183 you will need to use this feature to accept unqualified 1184 sender addresses. Setting the DaemonPortOptions modifier 1185 'u' overrides the default behavior, i.e., unqualified 1186 addresses are accepted even without this FEATURE. 1187 If this FEATURE is not used, the DaemonPortOptions modifier 1188 'f' can be used to enforce fully qualified addresses. 1189 1190accept_unresolvable_domains 1191 Normally, MAIL FROM: commands in the SMTP session will be 1192 refused if the host part of the argument to MAIL FROM: 1193 cannot be located in the host name service (e.g., an A or 1194 MX record in DNS). If you are inside a firewall that has 1195 only a limited view of the Internet host name space, this 1196 could cause problems. In this case you probably want to 1197 use this feature to accept all domains on input, even if 1198 they are unresolvable. 1199 1200access_db Turns on the access database feature. The access db gives 1201 you the ability to allow or refuse to accept mail from 1202 specified domains for administrative reasons. Moreover, 1203 it can control the behavior of sendmail in various situations. 1204 By default, the access database specification is: 1205 1206 hash -T<TMPF> /etc/mail/access 1207 1208 See the anti-spam configuration control section for further 1209 important information about this feature. Notice: 1210 "-T<TMPF>" is meant literal, do not replace it by anything. 1211 1212blacklist_recipients 1213 Turns on the ability to block incoming mail for certain 1214 recipient usernames, hostnames, or addresses. For 1215 example, you can block incoming mail to user nobody, 1216 host foo.mydomain.com, or guest@bar.mydomain.com. 1217 These specifications are put in the access db as 1218 described in the anti-spam configuration control section 1219 later in this document. 1220 1221delay_checks The rulesets check_mail and check_relay will not be called 1222 when a client connects or issues a MAIL command, respectively. 1223 Instead, those rulesets will be called by the check_rcpt 1224 ruleset; they will be skipped under certain circumstances. 1225 See "Delay all checks" in the anti-spam configuration control 1226 section. Note: this feature is incompatible to the versions 1227 in 8.10 and 8.11. 1228 1229dnsbl Turns on rejection of hosts found in an DNS based rejection 1230 list. If an argument is provided it is used as the domain 1231 in which blocked hosts are listed; otherwise it defaults to 1232 blackholes.mail-abuse.org. An explanation for an DNS based 1233 rejection list can be found at http://mail-abuse.org/rbl/. 1234 A second argument can be used to change the default error 1235 message. Without that second argument, the error message 1236 will be 1237 Rejected: IP-ADDRESS listed at SERVER 1238 where IP-ADDRESS and SERVER are replaced by the appropriate 1239 information. By default, temporary lookup failures are 1240 ignored. This behavior can be changed by specifying a 1241 third argument, which must be either `t' or a full error 1242 message. See the anti-spam configuration control section for 1243 an example. The dnsbl feature can be included several times 1244 to query different DNS based rejection lists. See also 1245 enhdnsbl for an enhanced version. 1246 1247 Set the DNSBL_MAP mc option to change the default map 1248 definition from `host'. Set the DNSBL_MAP_OPT mc option 1249 to add additional options to the map specification used. 1250 1251 Some DNS based rejection lists cause failures if asked 1252 for AAAA records. If your sendmail version is compiled 1253 with IPv6 support (NETINET6) and you experience this 1254 problem, add 1255 1256 define(`DNSBL_MAP', `dns -R A') 1257 1258 before the first use of this feature. Alternatively you 1259 can use enhdnsbl instead (see below). Moreover, this 1260 statement can be used to reduce the number of DNS retries, 1261 e.g., 1262 1263 define(`DNSBL_MAP', `dns -R A -r2') 1264 1265 See below (EDNSBL_TO) for an explanation. 1266 1267 NOTE: The default DNS blacklist, blackholes.mail-abuse.org, 1268 is a service offered by the Mail Abuse Prevention System 1269 (MAPS). As of July 31, 2001, MAPS is a subscription 1270 service, so using that network address won't work if you 1271 haven't subscribed. Contact MAPS to subscribe 1272 (http://mail-abuse.org/). 1273 1274enhdnsbl Enhanced version of dnsbl (see above). Further arguments 1275 (up to 5) can be used to specify specific return values 1276 from lookups. Temporary lookup failures are ignored unless 1277 a third argument is given, which must be either `t' or a full 1278 error message. By default, any successful lookup will 1279 generate an error. Otherwise the result of the lookup is 1280 compared with the supplied argument(s), and only if a match 1281 occurs an error is generated. For example, 1282 1283 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.') 1284 1285 will reject the e-mail if the lookup returns the value 1286 ``127.0.0.2.'', or generate a 451 response if the lookup 1287 temporarily failed. The arguments can contain metasymbols 1288 as they are allowed in the LHS of rules. As the example 1289 shows, the default values are also used if an empty argument, 1290 i.e., `', is specified. This feature requires that sendmail 1291 has been compiled with the flag DNSMAP (see sendmail/README). 1292 1293 Set the EDNSBL_TO mc option to change the DNS retry count 1294 from the default value of 5, this can be very useful when 1295 a DNS server is not responding, which in turn may cause 1296 clients to time out (an entry stating 1297 1298 did not issue MAIL/EXPN/VRFY/ETRN 1299 1300 will be logged). 1301 1302lookupdotdomain Look up also .domain in the access map. This allows to 1303 match only subdomains. It does not work well with 1304 FEATURE(`relay_hosts_only'), because most lookups for 1305 subdomains are suppressed by the latter feature. 1306 1307loose_relay_check 1308 Normally, if % addressing is used for a recipient, e.g. 1309 user%site@othersite, and othersite is in class {R}, the 1310 check_rcpt ruleset will strip @othersite and recheck 1311 user@site for relaying. This feature changes that 1312 behavior. It should not be needed for most installations. 1313 1314authinfo Provide a separate map for client side authentication 1315 information. See SMTP AUTHENTICATION for details. 1316 By default, the authinfo database specification is: 1317 1318 hash /etc/mail/authinfo 1319 1320preserve_luser_host 1321 Preserve the name of the recipient host if LUSER_RELAY is 1322 used. Without this option, the domain part of the 1323 recipient address will be replaced by the host specified as 1324 LUSER_RELAY. This feature only works if the hostname is 1325 passed to the mailer (see mailer triple in op.me). Note 1326 that in the default configuration the local mailer does not 1327 receive the hostname, i.e., the mailer triple has an empty 1328 hostname. 1329 1330preserve_local_plus_detail 1331 Preserve the +detail portion of the address when passing 1332 address to local delivery agent. Disables alias and 1333 .forward +detail stripping (e.g., given user+detail, only 1334 that address will be looked up in the alias file; user+* and 1335 user will not be looked up). Only use if the local 1336 delivery agent in use supports +detail addressing. 1337 1338compat_check Enable ruleset check_compat to look up pairs of addresses 1339 with the Compat: tag -- Compat:sender<@>recipient -- in the 1340 access map. Valid values for the RHS include 1341 DISCARD silently discard recipient 1342 TEMP: return a temporary error 1343 ERROR: return a permanent error 1344 In the last two cases, a 4xy/5xy SMTP reply code should 1345 follow the colon. 1346 1347no_default_msa Don't generate the default MSA daemon, i.e., 1348 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') 1349 To define a MSA daemon with other parameters, use this 1350 FEATURE and introduce new settings via DAEMON_OPTIONS(). 1351 1352msp Defines config file for Message Submission Program. 1353 See sendmail/SECURITY for details and cf/cf/submit.mc how 1354 to use it. An optional argument can be used to override 1355 the default of `[localhost]' to use as host to send all 1356 e-mails to. Note that MX records will be used if the 1357 specified hostname is not in square brackets (e.g., 1358 [hostname]). If `MSA' is specified as second argument then 1359 port 587 is used to contact the server. Example: 1360 1361 FEATURE(`msp', `', `MSA') 1362 1363 Some more hints about possible changes can be found below 1364 in the section MESSAGE SUBMISSION PROGRAM. 1365 1366 Note: Due to many problems, submit.mc uses 1367 1368 FEATURE(`msp', `[127.0.0.1]') 1369 1370 by default. If you have a machine with IPv6 only, 1371 change it to 1372 1373 FEATURE(`msp', `[IPv6:::1]') 1374 1375 If you want to continue using '[localhost]', (the behavior 1376 up to 8.12.6), use 1377 1378 FEATURE(`msp') 1379 1380queuegroup A simple example how to select a queue group based 1381 on the full e-mail address or the domain of the 1382 recipient. Selection is done via entries in the 1383 access map using the tag QGRP:, for example: 1384 1385 QGRP:example.com main 1386 QGRP:friend@some.org others 1387 QGRP:my.domain local 1388 1389 where "main", "others", and "local" are names of 1390 queue groups. If an argument is specified, it is used 1391 as default queue group. 1392 1393 Note: please read the warning in doc/op/op.me about 1394 queue groups and possible queue manipulations. 1395 1396+-------+ 1397| HACKS | 1398+-------+ 1399 1400Some things just can't be called features. To make this clear, 1401they go in the hack subdirectory and are referenced using the HACK 1402macro. These will tend to be site-dependent. The release 1403includes the Berkeley-dependent "cssubdomain" hack (that makes 1404sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 1405this is intended as a short-term aid while moving hosts into 1406subdomains. 1407 1408 1409+--------------------+ 1410| SITE CONFIGURATION | 1411+--------------------+ 1412 1413 ***************************************************** 1414 * This section is really obsolete, and is preserved * 1415 * only for back compatibility. You should plan on * 1416 * using mailertables for new installations. In * 1417 * particular, it doesn't work for the newer forms * 1418 * of UUCP mailers, such as uucp-uudom. * 1419 ***************************************************** 1420 1421Complex sites will need more local configuration information, such as 1422lists of UUCP hosts they speak with directly. This can get a bit more 1423tricky. For an example of a "complex" site, see cf/ucbvax.mc. 1424 1425The SITECONFIG macro allows you to indirectly reference site-dependent 1426configuration information stored in the siteconfig subdirectory. For 1427example, the line 1428 1429 SITECONFIG(`uucp.ucbvax', `ucbvax', `U') 1430 1431reads the file uucp.ucbvax for local connection information. The 1432second parameter is the local name (in this case just "ucbvax" since 1433it is locally connected, and hence a UUCP hostname). The third 1434parameter is the name of both a macro to store the local name (in 1435this case, {U}) and the name of the class (e.g., {U}) in which to store 1436the host information read from the file. Another SITECONFIG line reads 1437 1438 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W') 1439 1440This says that the file uucp.ucbarpa contains the list of UUCP sites 1441connected to ucbarpa.Berkeley.EDU. Class {W} will be used to 1442store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 1443is, the name of the relay to which the hosts listed in uucp.ucbarpa 1444are connected. [The machine ucbarpa is gone now, but this 1445out-of-date configuration file has been left around to demonstrate 1446how you might do this.] 1447 1448Note that the case of SITECONFIG with a third parameter of ``U'' is 1449special; the second parameter is assumed to be the UUCP name of the 1450local site, rather than the name of a remote site, and the UUCP name 1451is entered into class {w} (the list of local hostnames) as $U.UUCP. 1452 1453The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 1454more than a sequence of SITE macros describing connectivity. For 1455example: 1456 1457 SITE(`cnmat') 1458 SITE(`sgi olympus') 1459 1460The second example demonstrates that you can use two names on the 1461same line; these are usually aliases for the same host (or are at 1462least in the same company). 1463 1464 1465+--------------------+ 1466| USING UUCP MAILERS | 1467+--------------------+ 1468 1469It's hard to get UUCP mailers right because of the extremely ad hoc 1470nature of UUCP addressing. These config files are really designed 1471for domain-based addressing, even for UUCP sites. 1472 1473There are four UUCP mailers available. The choice of which one to 1474use is partly a matter of local preferences and what is running at 1475the other end of your UUCP connection. Unlike good protocols that 1476define what will go over the wire, UUCP uses the policy that you 1477should do what is right for the other end; if they change, you have 1478to change. This makes it hard to do the right thing, and discourages 1479people from updating their software. In general, if you can avoid 1480UUCP, please do. 1481 1482The major choice is whether to go for a domainized scheme or a 1483non-domainized scheme. This depends entirely on what the other 1484end will recognize. If at all possible, you should encourage the 1485other end to go to a domain-based system -- non-domainized addresses 1486don't work entirely properly. 1487 1488The four mailers are: 1489 1490 uucp-old (obsolete name: "uucp") 1491 This is the oldest, the worst (but the closest to UUCP) way of 1492 sending messages accros UUCP connections. It does bangify 1493 everything and prepends $U (your UUCP name) to the sender's 1494 address (which can already be a bang path itself). It can 1495 only send to one address at a time, so it spends a lot of 1496 time copying duplicates of messages. Avoid this if at all 1497 possible. 1498 1499 uucp-new (obsolete name: "suucp") 1500 The same as above, except that it assumes that in one rmail 1501 command you can specify several recipients. It still has a 1502 lot of other problems. 1503 1504 uucp-dom 1505 This UUCP mailer keeps everything as domain addresses. 1506 Basically, it uses the SMTP mailer rewriting rules. This mailer 1507 is only included if MAILER(`smtp') is specified before 1508 MAILER(`uucp'). 1509 1510 Unfortunately, a lot of UUCP mailer transport agents require 1511 bangified addresses in the envelope, although you can use 1512 domain-based addresses in the message header. (The envelope 1513 shows up as the From_ line on UNIX mail.) So.... 1514 1515 uucp-uudom 1516 This is a cross between uucp-new (for the envelope addresses) 1517 and uucp-dom (for the header addresses). It bangifies the 1518 envelope sender (From_ line in messages) without adding the 1519 local hostname, unless there is no host name on the address 1520 at all (e.g., "wolf") or the host component is a UUCP host name 1521 instead of a domain name ("somehost!wolf" instead of 1522 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') 1523 is also specified earlier. 1524 1525Examples: 1526 1527On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following 1528summarizes the sender rewriting for various mailers. 1529 1530Mailer sender rewriting in the envelope 1531------ ------ ------------------------- 1532uucp-{old,new} wolf grasp!wolf 1533uucp-dom wolf wolf@grasp.insa-lyon.fr 1534uucp-uudom wolf grasp.insa-lyon.fr!wolf 1535 1536uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 1537uucp-dom wolf@fr.net wolf@fr.net 1538uucp-uudom wolf@fr.net fr.net!wolf 1539 1540uucp-{old,new} somehost!wolf grasp!somehost!wolf 1541uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1542uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1543 1544If you are using one of the domainized UUCP mailers, you really want 1545to convert all UUCP addresses to domain format -- otherwise, it will 1546do it for you (and probably not the way you expected). For example, 1547if you have the address foo!bar!baz (and you are not sending to foo), 1548the heuristics will add the @uucp.relay.name or @local.host.name to 1549this address. However, if you map foo to foo.host.name first, it 1550will not add the local hostname. You can do this using the uucpdomain 1551feature. 1552 1553 1554+-------------------+ 1555| TWEAKING RULESETS | 1556+-------------------+ 1557 1558For more complex configurations, you can define special rules. 1559The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1560the names. Any modifications made here are reflected in the header. 1561 1562A common use is to convert old UUCP addresses to SMTP addresses using 1563the UUCPSMTP macro. For example: 1564 1565 LOCAL_RULE_3 1566 UUCPSMTP(`decvax', `decvax.dec.com') 1567 UUCPSMTP(`research', `research.att.com') 1568 1569will cause addresses of the form "decvax!user" and "research!user" 1570to be converted to "user@decvax.dec.com" and "user@research.att.com" 1571respectively. 1572 1573This could also be used to look up hosts in a database map: 1574 1575 LOCAL_RULE_3 1576 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1577 1578This map would be defined in the LOCAL_CONFIG portion, as shown below. 1579 1580Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1581For example, new rules are needed to parse hostnames that you accept 1582via MX records. For example, you might have: 1583 1584 LOCAL_RULE_0 1585 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1586 1587You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1588pointing at this host; this rule catches the message and forwards it on 1589using UUCP. 1590 1591You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1592These rulesets are normally empty. 1593 1594A similar macro is LOCAL_CONFIG. This introduces lines added after the 1595boilerplate option setting but before rulesets. Do not declare rulesets in 1596the LOCAL_CONFIG section. It can be used to declare local database maps or 1597whatever. For example: 1598 1599 LOCAL_CONFIG 1600 Khostmap hash /etc/mail/hostmap 1601 Kyplocal nis -m hosts.byname 1602 1603 1604+---------------------------+ 1605| MASQUERADING AND RELAYING | 1606+---------------------------+ 1607 1608You can have your host masquerade as another using 1609 1610 MASQUERADE_AS(`host.domain') 1611 1612This causes mail being sent to be labeled as coming from the 1613indicated host.domain, rather than $j. One normally masquerades as 1614one of one's own subdomains (for example, it's unlikely that 1615Berkeley would choose to masquerade as an MIT site). This 1616behaviour is modified by a plethora of FEATUREs; in particular, see 1617masquerade_envelope, allmasquerade, limited_masquerade, and 1618masquerade_entire_domain. 1619 1620The masquerade name is not normally canonified, so it is important 1621that it be your One True Name, that is, fully qualified and not a 1622CNAME. However, if you use a CNAME, the receiving side may canonify 1623it for you, so don't think you can cheat CNAME mapping this way. 1624 1625Normally the only addresses that are masqueraded are those that come 1626from this host (that is, are either unqualified or in class {w}, the list 1627of local domain names). You can augment this list, which is realized 1628by class {M} using 1629 1630 MASQUERADE_DOMAIN(`otherhost.domain') 1631 1632The effect of this is that although mail to user@otherhost.domain 1633will not be delivered locally, any mail including any user@otherhost.domain 1634will, when relayed, be rewritten to have the MASQUERADE_AS address. 1635This can be a space-separated list of names. 1636 1637If these names are in a file, you can use 1638 1639 MASQUERADE_DOMAIN_FILE(`filename') 1640 1641to read the list of names from the indicated file (i.e., to add 1642elements to class {M}). 1643 1644To exempt hosts or subdomains from being masqueraded, you can use 1645 1646 MASQUERADE_EXCEPTION(`host.domain') 1647 1648This can come handy if you want to masquerade a whole domain 1649except for one (or a few) host(s). If these names are in a file, 1650you can use 1651 1652 MASQUERADE_EXCEPTION_FILE(`filename') 1653 1654Normally only header addresses are masqueraded. If you want to 1655masquerade the envelope as well, use 1656 1657 FEATURE(`masquerade_envelope') 1658 1659There are always users that need to be "exposed" -- that is, their 1660internal site name should be displayed instead of the masquerade name. 1661Root is an example (which has been "exposed" by default prior to 8.10). 1662You can add users to this list using 1663 1664 EXPOSED_USER(`usernames') 1665 1666This adds users to class {E}; you could also use 1667 1668 EXPOSED_USER_FILE(`filename') 1669 1670You can also arrange to relay all unqualified names (that is, names 1671without @host) to a relay host. For example, if you have a central 1672email server, you might relay to that host so that users don't have 1673to have .forward files or aliases. You can do this using 1674 1675 define(`LOCAL_RELAY', `mailer:hostname') 1676 1677The ``mailer:'' can be omitted, in which case the mailer defaults to 1678"relay". There are some user names that you don't want relayed, perhaps 1679because of local aliases. A common example is root, which may be 1680locally aliased. You can add entries to this list using 1681 1682 LOCAL_USER(`usernames') 1683 1684This adds users to class {L}; you could also use 1685 1686 LOCAL_USER_FILE(`filename') 1687 1688If you want all incoming mail sent to a centralized hub, as for a 1689shared /var/spool/mail scheme, use 1690 1691 define(`MAIL_HUB', `mailer:hostname') 1692 1693Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1694and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 1695be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1696Note: there is a (long standing) bug which keeps this combination from 1697working for addresses of the form user+detail. 1698Names in class {L} will be delivered locally, so you MUST have aliases or 1699.forward files for them. 1700 1701For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1702FEATURE(`stickyhost'), the following combinations of settings will have the 1703indicated effects: 1704 1705email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1706 1707LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1708mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1709 1710MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1711mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1712 1713Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1714MAIL_HUB set as above (no local aliasing) (aliasing done) 1715 1716If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 1717MAIL_HUB act identically, with MAIL_HUB taking precedence. 1718 1719If you want all outgoing mail to go to a central relay site, define 1720SMART_HOST as well. Briefly: 1721 1722 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1723 MAIL_HUB applies to names qualified with the name of the 1724 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1725 SMART_HOST applies to names qualified with other hosts or 1726 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" 1727 or "eric@[127.0.0.1]"). 1728 1729However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1730DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1731really want absolutely everything to go to a single central site you will 1732need to unset all the other relays -- or better yet, find or build a 1733minimal config file that does this. 1734 1735For duplicate suppression to work properly, the host name is best 1736specified with a terminal dot: 1737 1738 define(`MAIL_HUB', `host.domain.') 1739 note the trailing dot ---^ 1740 1741 1742+-------------------------------------------+ 1743| USING LDAP FOR ALIASES, MAPS, AND CLASSES | 1744+-------------------------------------------+ 1745 1746LDAP can be used for aliases, maps, and classes by either specifying your 1747own LDAP map specification or using the built-in default LDAP map 1748specification. The built-in default specifications all provide lookups 1749which match against either the machine's fully qualified hostname (${j}) or 1750a "cluster". The cluster allows you to share LDAP entries among a large 1751number of machines without having to enter each of the machine names into 1752each LDAP entry. To set the LDAP cluster name to use for a particular 1753machine or set of machines, set the confLDAP_CLUSTER m4 variable to a 1754unique name. For example: 1755 1756 define(`confLDAP_CLUSTER', `Servers') 1757 1758Here, the word `Servers' will be the cluster name. As an example, assume 1759that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong 1760to the Servers cluster. 1761 1762Some of the LDAP LDIF examples below show use of the Servers cluster. 1763Every entry must have either a sendmailMTAHost or sendmailMTACluster 1764attribute or it will be ignored. Be careful as mixing clusters and 1765individual host records can have surprising results (see the CAUTION 1766sections below). 1767 1768See the file cf/sendmail.schema for the actual LDAP schemas. Note that 1769this schema (and therefore the lookups and examples below) is experimental 1770at this point as it has had little public review. Therefore, it may change 1771in future versions. Feedback via sendmail@sendmail.org is encouraged. 1772 1773------- 1774Aliases 1775------- 1776 1777The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias 1778lookups. To use the default schema, simply use: 1779 1780 define(`ALIAS_FILE', `ldap:') 1781 1782By doing so, you will use the default schema which expands to a map 1783declared as follows: 1784 1785 ldap -k (&(objectClass=sendmailMTAAliasObject) 1786 (sendmailMTAAliasGrouping=aliases) 1787 (|(sendmailMTACluster=${sendmailMTACluster}) 1788 (sendmailMTAHost=$j)) 1789 (sendmailMTAKey=%0)) 1790 -v sendmailMTAAliasValue 1791 1792NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1793used when the binary expands the `ldap:' token as the AliasFile option is 1794not actually macro-expanded when read from the sendmail.cf file. 1795 1796Example LDAP LDIF entries might be: 1797 1798 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org 1799 objectClass: sendmailMTA 1800 objectClass: sendmailMTAAlias 1801 objectClass: sendmailMTAAliasObject 1802 sendmailMTAAliasGrouping: aliases 1803 sendmailMTAHost: etrn.sendmail.org 1804 sendmailMTAKey: sendmail-list 1805 sendmailMTAAliasValue: ca@example.org 1806 sendmailMTAAliasValue: eric 1807 sendmailMTAAliasValue: gshapiro@example.com 1808 1809 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org 1810 objectClass: sendmailMTA 1811 objectClass: sendmailMTAAlias 1812 objectClass: sendmailMTAAliasObject 1813 sendmailMTAAliasGrouping: aliases 1814 sendmailMTAHost: etrn.sendmail.org 1815 sendmailMTAKey: owner-sendmail-list 1816 sendmailMTAAliasValue: eric 1817 1818 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org 1819 objectClass: sendmailMTA 1820 objectClass: sendmailMTAAlias 1821 objectClass: sendmailMTAAliasObject 1822 sendmailMTAAliasGrouping: aliases 1823 sendmailMTACluster: Servers 1824 sendmailMTAKey: postmaster 1825 sendmailMTAAliasValue: eric 1826 1827Here, the aliases sendmail-list and owner-sendmail-list will be available 1828only on etrn.sendmail.org but the postmaster alias will be available on 1829every machine in the Servers cluster (including etrn.sendmail.org). 1830 1831CAUTION: aliases are additive so that entries like these: 1832 1833 dn: sendmailMTAKey=bob, dc=sendmail, dc=org 1834 objectClass: sendmailMTA 1835 objectClass: sendmailMTAAlias 1836 objectClass: sendmailMTAAliasObject 1837 sendmailMTAAliasGrouping: aliases 1838 sendmailMTACluster: Servers 1839 sendmailMTAKey: bob 1840 sendmailMTAAliasValue: eric 1841 1842 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org 1843 objectClass: sendmailMTA 1844 objectClass: sendmailMTAAlias 1845 objectClass: sendmailMTAAliasObject 1846 sendmailMTAAliasGrouping: aliases 1847 sendmailMTAHost: etrn.sendmail.org 1848 sendmailMTAKey: bob 1849 sendmailMTAAliasValue: gshapiro 1850 1851would mean that on all of the hosts in the cluster, mail to bob would go to 1852eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and 1853gshapiro. 1854 1855If you prefer not to use the default LDAP schema for your aliases, you can 1856specify the map parameters when setting ALIAS_FILE. For example: 1857 1858 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember') 1859 1860---- 1861Maps 1862---- 1863 1864FEATURE()'s which take an optional map definition argument (e.g., access, 1865mailertable, virtusertable, etc.) can instead take the special keyword 1866`LDAP', e.g.: 1867 1868 FEATURE(`access_db', `LDAP') 1869 FEATURE(`virtusertable', `LDAP') 1870 1871When this keyword is given, that map will use LDAP lookups consisting of 1872the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName 1873with the map name, a search attribute of sendmailMTAKey, and the value 1874attribute sendmailMTAMapValue. 1875 1876The values for sendmailMTAMapName are: 1877 1878 FEATURE() sendmailMTAMapName 1879 --------- ------------------ 1880 access_db access 1881 authinfo authinfo 1882 bitdomain bitdomain 1883 domaintable domain 1884 genericstable generics 1885 mailertable mailer 1886 uucpdomain uucpdomain 1887 virtusertable virtuser 1888 1889For example, FEATURE(`mailertable', `LDAP') would use the map definition: 1890 1891 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject) 1892 (sendmailMTAMapName=mailer) 1893 (|(sendmailMTACluster=${sendmailMTACluster}) 1894 (sendmailMTAHost=$j)) 1895 (sendmailMTAKey=%0)) 1896 -1 -v sendmailMTAMapValue 1897 1898An example LDAP LDIF entry using this map might be: 1899 1900 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org 1901 objectClass: sendmailMTA 1902 objectClass: sendmailMTAMap 1903 sendmailMTACluster: Servers 1904 sendmailMTAMapName: mailer 1905 1906 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1907 objectClass: sendmailMTA 1908 objectClass: sendmailMTAMap 1909 objectClass: sendmailMTAMapObject 1910 sendmailMTAMapName: mailer 1911 sendmailMTACluster: Servers 1912 sendmailMTAKey: example.com 1913 sendmailMTAMapValue: relay:[smtp.example.com] 1914 1915CAUTION: If your LDAP database contains the record above and *ALSO* a host 1916specific record such as: 1917 1918 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1919 objectClass: sendmailMTA 1920 objectClass: sendmailMTAMap 1921 objectClass: sendmailMTAMapObject 1922 sendmailMTAMapName: mailer 1923 sendmailMTAHost: etrn.sendmail.org 1924 sendmailMTAKey: example.com 1925 sendmailMTAMapValue: relay:[mx.example.com] 1926 1927then these entries will give unexpected results. When the lookup is done 1928on etrn.sendmail.org, the effect is that there is *NO* match at all as maps 1929require a single match. Since the host etrn.sendmail.org is also in the 1930Servers cluster, LDAP would return two answers for the example.com map key 1931in which case sendmail would treat this as no match at all. 1932 1933If you prefer not to use the default LDAP schema for your maps, you can 1934specify the map parameters when using the FEATURE(). For example: 1935 1936 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value') 1937 1938------- 1939Classes 1940------- 1941 1942Normally, classes can be filled via files or programs. As of 8.12, they 1943can also be filled via map lookups using a new syntax: 1944 1945 F{ClassName}mapkey@mapclass:mapspec 1946 1947mapkey is optional and if not provided the map key will be empty. This can 1948be used with LDAP to read classes from LDAP. Note that the lookup is only 1949done when sendmail is initially started. Use the special value `@LDAP' to 1950use the default LDAP schema. For example: 1951 1952 RELAY_DOMAIN_FILE(`@LDAP') 1953 1954would put all of the attribute sendmailMTAClassValue values of LDAP records 1955with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of 1956'R' into class $={R}. In other words, it is equivalent to the LDAP map 1957specification: 1958 1959 F{R}@ldap:-k (&(objectClass=sendmailMTAClass) 1960 (sendmailMTAClassName=R) 1961 (|(sendmailMTACluster=${sendmailMTACluster}) 1962 (sendmailMTAHost=$j))) 1963 -v sendmailMTAClassValue 1964 1965NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1966used when the binary expands the `@LDAP' token as class declarations are 1967not actually macro-expanded when read from the sendmail.cf file. 1968 1969This can be used with class related commands such as RELAY_DOMAIN_FILE(), 1970MASQUERADE_DOMAIN_FILE(), etc: 1971 1972 Command sendmailMTAClassName 1973 ------- -------------------- 1974 CANONIFY_DOMAIN_FILE() Canonify 1975 EXPOSED_USER_FILE() E 1976 GENERICS_DOMAIN_FILE() G 1977 LDAPROUTE_DOMAIN_FILE() LDAPRoute 1978 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv 1979 LOCAL_USER_FILE() L 1980 MASQUERADE_DOMAIN_FILE() M 1981 MASQUERADE_EXCEPTION_FILE() N 1982 RELAY_DOMAIN_FILE() R 1983 VIRTUSER_DOMAIN_FILE() VirtHost 1984 1985You can also add your own as any 'F'ile class of the form: 1986 1987 F{ClassName}@LDAP 1988 ^^^^^^^^^ 1989will use "ClassName" for the sendmailMTAClassName. 1990 1991An example LDAP LDIF entry would look like: 1992 1993 dn: sendmailMTAClassName=R, dc=sendmail, dc=org 1994 objectClass: sendmailMTA 1995 objectClass: sendmailMTAClass 1996 sendmailMTACluster: Servers 1997 sendmailMTAClassName: R 1998 sendmailMTAClassValue: sendmail.org 1999 sendmailMTAClassValue: example.com 2000 sendmailMTAClassValue: 10.56.23 2001 2002CAUTION: If your LDAP database contains the record above and *ALSO* a host 2003specific record such as: 2004 2005 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org 2006 objectClass: sendmailMTA 2007 objectClass: sendmailMTAClass 2008 sendmailMTAHost: etrn.sendmail.org 2009 sendmailMTAClassName: R 2010 sendmailMTAClassValue: example.com 2011 2012the result will be similar to the aliases caution above. When the lookup 2013is done on etrn.sendmail.org, $={R} would contain all of the entries (from 2014both the cluster match and the host match). In other words, the effective 2015is additive. 2016 2017If you prefer not to use the default LDAP schema for your classes, you can 2018specify the map parameters when using the class command. For example: 2019 2020 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host') 2021 2022Remember, macros can not be used in a class declaration as the binary does 2023not expand them. 2024 2025 2026+--------------+ 2027| LDAP ROUTING | 2028+--------------+ 2029 2030FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft 2031LDAP Schema for Intranet Mail Routing 2032(draft-lachman-laser-ldap-mail-routing-01). This feature enables 2033LDAP-based rerouting of a particular address to either a different host 2034or a different address. The LDAP lookup is first attempted on the full 2035address (e.g., user@example.com) and then on the domain portion 2036(e.g., @example.com). Be sure to setup your domain for LDAP routing using 2037LDAPROUTE_DOMAIN(), e.g.: 2038 2039 LDAPROUTE_DOMAIN(`example.com') 2040 2041Additionally, you can specify equivalent domains for LDAP routing using 2042LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent' 2043hostnames are mapped to $M (the masqueraded hostname for the server) before 2044the LDAP query. For example, if the mail is addressed to 2045user@host1.example.com, normally the LDAP lookup would only be done for 2046'user@host1.example.com' and '@host1.example.com'. However, if 2047LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be 2048done on 'user@example.com' and '@example.com' after attempting the 2049host1.example.com lookups. 2050 2051By default, the feature will use the schemas as specified in the draft 2052and will not reject addresses not found by the LDAP lookup. However, 2053this behavior can be changed by giving additional arguments to the FEATURE() 2054command: 2055 2056 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, <detail>) 2057 2058where <mailHost> is a map definition describing how to lookup an alternative 2059mail host for a particular address; <mailRoutingAddress> is a map definition 2060describing how to lookup an alternative address for a particular address; 2061the <bounce> argument, if present and not the word "passthru", dictates 2062that mail should be bounced if neither a mailHost nor mailRoutingAddress 2063is found; and <detail> indicates what actions to take if the address 2064contains +detail information -- `strip' tries the lookup with the +detail 2065and if no matches are found, strips the +detail and tries the lookup again; 2066`preserve', does the same as `strip' but if a mailRoutingAddress match is 2067found, the +detail information is copied to the new address. 2068 2069The default <mailHost> map definition is: 2070 2071 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient) 2072 (mailLocalAddress=%0)) 2073 2074The default <mailRoutingAddress> map definition is: 2075 2076 ldap -1 -T<TMPF> -v mailRoutingAddress 2077 -k (&(objectClass=inetLocalMailRecipient) 2078 (mailLocalAddress=%0)) 2079 2080Note that neither includes the LDAP server hostname (-h server) or base DN 2081(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that 2082your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with 2083these settings. If this is not the case, the map definitions should be 2084changed as described above. The "-T<TMPF>" is required in any user 2085specified map definition to catch temporary errors. 2086 2087The following possibilities exist as a result of an LDAP lookup on an 2088address: 2089 2090 mailHost is mailRoutingAddress is Results in 2091 ----------- --------------------- ---------- 2092 set to a set mail delivered to 2093 "local" host mailRoutingAddress 2094 2095 set to a not set delivered to 2096 "local" host original address 2097 2098 set to a set mailRoutingAddress 2099 remote host relayed to mailHost 2100 2101 set to a not set original address 2102 remote host relayed to mailHost 2103 2104 not set set mail delivered to 2105 mailRoutingAddress 2106 2107 not set not set delivered to 2108 original address *OR* 2109 bounced as unknown user 2110 2111The term "local" host above means the host specified is in class {w}. If 2112the result would mean sending the mail to a different host, that host is 2113looked up in the mailertable before delivery. 2114 2115Note that the last case depends on whether the third argument is given 2116to the FEATURE() command. The default is to deliver the message to the 2117original address. 2118 2119The LDAP entries should be set up with an objectClass of 2120inetLocalMailRecipient and the address be listed in a mailLocalAddress 2121attribute. If present, there must be only one mailHost attribute and it 2122must contain a fully qualified host name as its value. Similarly, if 2123present, there must be only one mailRoutingAddress attribute and it must 2124contain an RFC 822 compliant address. Some example LDAP records (in LDIF 2125format): 2126 2127 dn: uid=tom, o=example.com, c=US 2128 objectClass: inetLocalMailRecipient 2129 mailLocalAddress: tom@example.com 2130 mailRoutingAddress: thomas@mailhost.example.com 2131 2132This would deliver mail for tom@example.com to thomas@mailhost.example.com. 2133 2134 dn: uid=dick, o=example.com, c=US 2135 objectClass: inetLocalMailRecipient 2136 mailLocalAddress: dick@example.com 2137 mailHost: eng.example.com 2138 2139This would relay mail for dick@example.com to the same address but redirect 2140the mail to MX records listed for the host eng.example.com (unless the 2141mailertable overrides). 2142 2143 dn: uid=harry, o=example.com, c=US 2144 objectClass: inetLocalMailRecipient 2145 mailLocalAddress: harry@example.com 2146 mailHost: mktmail.example.com 2147 mailRoutingAddress: harry@mkt.example.com 2148 2149This would relay mail for harry@example.com to the MX records listed for 2150the host mktmail.example.com using the new address harry@mkt.example.com 2151when talking to that host. 2152 2153 dn: uid=virtual.example.com, o=example.com, c=US 2154 objectClass: inetLocalMailRecipient 2155 mailLocalAddress: @virtual.example.com 2156 mailHost: server.example.com 2157 mailRoutingAddress: virtual@example.com 2158 2159This would send all mail destined for any username @virtual.example.com to 2160the machine server.example.com's MX servers and deliver to the address 2161virtual@example.com on that relay machine. 2162 2163 2164+---------------------------------+ 2165| ANTI-SPAM CONFIGURATION CONTROL | 2166+---------------------------------+ 2167 2168The primary anti-spam features available in sendmail are: 2169 2170* Relaying is denied by default. 2171* Better checking on sender information. 2172* Access database. 2173* Header checks. 2174 2175Relaying (transmission of messages from a site outside your host (class 2176{w}) to another site except yours) is denied by default. Note that this 2177changed in sendmail 8.9; previous versions allowed relaying by default. 2178If you really want to revert to the old behaviour, you will need to use 2179FEATURE(`promiscuous_relay'). You can allow certain domains to relay 2180through your server by adding their domain name or IP address to class 2181{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database 2182(described below). Note that IPv6 addresses must be prefaced with "IPv6:". 2183The file consists (like any other file based class) of entries listed on 2184separate lines, e.g., 2185 2186 sendmail.org 2187 128.32 2188 IPv6:2002:c0a8:02c7 2189 IPv6:2002:c0a8:51d2::23f4 2190 host.mydomain.com 2191 [UNIX:localhost] 2192 2193Notice: the last entry allows relaying for connections via a UNIX 2194socket to the MTA/MSP. This might be necessary if your configuration 2195doesn't allow relaying by other means in that case, e.g., by having 2196localhost.$m in class {R} (make sure $m is not just a top level 2197domain). 2198 2199If you use 2200 2201 FEATURE(`relay_entire_domain') 2202 2203then any host in any of your local domains (that is, class {m}) 2204will be relayed (that is, you will accept mail either to or from any 2205host in your domain). 2206 2207You can also allow relaying based on the MX records of the host 2208portion of an incoming recipient address by using 2209 2210 FEATURE(`relay_based_on_MX') 2211 2212For example, if your server receives a recipient of user@domain.com 2213and domain.com lists your server in its MX records, the mail will be 2214accepted for relay to domain.com. This feature may cause problems 2215if MX lookups for the recipient domain are slow or time out. In that 2216case, mail will be temporarily rejected. It is usually better to 2217maintain a list of hosts/domains for which the server acts as relay. 2218Note also that this feature will stop spammers from using your host 2219to relay spam but it will not stop outsiders from using your server 2220as a relay for their site (that is, they set up an MX record pointing 2221to your mail server, and you will relay mail addressed to them 2222without any prior arrangement). Along the same lines, 2223 2224 FEATURE(`relay_local_from') 2225 2226will allow relaying if the sender specifies a return path (i.e. 2227MAIL FROM: <user@domain>) domain which is a local domain. This is a 2228dangerous feature as it will allow spammers to spam using your mail 2229server by simply specifying a return address of user@your.domain.com. 2230It should not be used unless absolutely necessary. 2231A slightly better solution is 2232 2233 FEATURE(`relay_mail_from') 2234 2235which allows relaying if the mail sender is listed as RELAY in the 2236access map. If an optional argument `domain' (this is the literal 2237word `domain', not a placeholder) is given, the domain portion of 2238the mail sender is also checked to allowing relaying. This option 2239only works together with the tag From: for the LHS of the access 2240map entries (see below: Finer control...). This feature allows 2241spammers to abuse your mail server by specifying a return address 2242that you enabled in your access file. This may be harder to figure 2243out for spammers, but it should not be used unless necessary. 2244Instead use SMTP AUTH or STARTTLS to allow relaying for roaming 2245users. 2246 2247 2248If source routing is used in the recipient address (e.g., 2249RCPT TO: <user%site.com@othersite.com>), sendmail will check 2250user@site.com for relaying if othersite.com is an allowed relay host 2251in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, 2252or the access database if FEATURE(`access_db') is used. To prevent 2253the address from being stripped down, use: 2254 2255 FEATURE(`loose_relay_check') 2256 2257If you think you need to use this feature, you probably do not. This 2258should only be used for sites which have no control over the addresses 2259that they provide a gateway for. Use this FEATURE with caution as it 2260can allow spammers to relay through your server if not setup properly. 2261 2262NOTICE: It is possible to relay mail through a system which the anti-relay 2263rules do not prevent: the case of a system that does use FEATURE(`nouucp', 2264`nospecial') (system A) and relays local messages to a mail hub (e.g., via 2265LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use 2266FEATURE(`nouucp') at all, addresses of the form 2267<example.net!user@local.host> would be relayed to <user@example.net>. 2268System A doesn't recognize `!' as an address separator and therefore 2269forwards it to the mail hub which in turns relays it because it came from 2270a trusted local host. So if a mailserver allows UUCP (bang-format) 2271addresses, all systems from which it allows relaying should do the same 2272or reject those addresses. 2273 2274As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 2275an unresolvable domain (i.e., one that DNS, your local name service, 2276or special case rules in ruleset 3 cannot locate). This also applies 2277to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the 2278IP address can't be mapped to a host name. If you want to continue 2279to accept such domains, e.g., because you are inside a firewall that 2280has only a limited view of the Internet host name space (note that you 2281will not be able to return mail to them unless you have some "smart 2282host" forwarder), use 2283 2284 FEATURE(`accept_unresolvable_domains') 2285 2286Alternatively, you can allow specific addresses by adding them to 2287the access map, e.g., 2288 2289 From:unresolvable.domain OK 2290 From:[1.2.3.4] OK 2291 From:[1.2.4] OK 2292 2293Notice: domains which are temporarily unresolvable are (temporarily) 2294rejected with a 451 reply code. If those domains should be accepted 2295(which is discouraged) then you can use 2296 2297 LOCAL_CONFIG 2298 C{ResOk}TEMP 2299 2300sendmail will also refuse mail if the MAIL FROM: parameter is not 2301fully qualified (i.e., contains a domain as well as a user). If you 2302want to continue to accept such senders, use 2303 2304 FEATURE(`accept_unqualified_senders') 2305 2306Setting the DaemonPortOptions modifier 'u' overrides the default behavior, 2307i.e., unqualified addresses are accepted even without this FEATURE. If 2308this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used 2309to enforce fully qualified domain names. 2310 2311An ``access'' database can be created to accept or reject mail from 2312selected domains. For example, you may choose to reject all mail 2313originating from known spammers. To enable such a database, use 2314 2315 FEATURE(`access_db') 2316 2317Notice: the access database is applied to the envelope addresses 2318and the connection information, not to the header. 2319 2320The FEATURE macro can accept as second parameter the key file 2321definition for the database; for example 2322 2323 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map') 2324 2325Notice: If a second argument is specified it must contain the option 2326`-T<TMPF>' as shown above. The optional third and fourth parameters 2327may be `skip' or `lookupdotdomain'. The former enables SKIP as 2328value part (see below), the latter is another way to enable the 2329feature of the same name (see above). 2330 2331Remember, since /etc/mail/access is a database, after creating the text 2332file as described below, you must use makemap to create the database 2333map. For example: 2334 2335 makemap hash /etc/mail/access < /etc/mail/access 2336 2337The table itself uses e-mail addresses, domain names, and network 2338numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:". 2339For example, 2340 2341 spammer@aol.com REJECT 2342 cyberspammer.com REJECT 2343 TLD REJECT 2344 192.168.212 REJECT 2345 IPv6:2002:c0a8:02c7 RELAY 2346 IPv6:2002:c0a8:51d2::23f4 REJECT 2347 2348would refuse mail from spammer@aol.com, any user from cyberspammer.com 2349(or any host within the cyberspammer.com domain), any host in the entire 2350top level domain TLD, 192.168.212.* network, and the IPv6 address 23512002:c0a8:51d2::23f4. It would allow relay for the IPv6 network 23522002:c0a8:02c7::/48. 2353 2354The value part of the map can contain: 2355 2356 OK Accept mail even if other rules in the running 2357 ruleset would reject it, for example, if the domain 2358 name is unresolvable. "Accept" does not mean 2359 "relay", but at most acceptance for local 2360 recipients. That is, OK allows less than RELAY. 2361 RELAY Accept mail addressed to the indicated domain or 2362 received from the indicated domain for relaying 2363 through your SMTP server. RELAY also serves as 2364 an implicit OK for the other checks. 2365 REJECT Reject the sender or recipient with a general 2366 purpose message. 2367 DISCARD Discard the message completely using the 2368 $#discard mailer. If it is used in check_compat, 2369 it affects only the designated recipient, not 2370 the whole message as it does in all other cases. 2371 This should only be used if really necessary. 2372 SKIP This can only be used for host/domain names 2373 and IP addresses/nets. It will abort the current 2374 search for this entry without accepting or rejecting 2375 it but causing the default action. 2376 ### any text where ### is an RFC 821 compliant error code and 2377 "any text" is a message to return for the command. 2378 The string should be quoted to avoid surprises, 2379 e.g., sendmail may remove spaces otherwise. 2380 This type is deprecated, use one the two 2381 ERROR: entries below instead. 2382 ERROR:### any text 2383 as above, but useful to mark error messages as such. 2384 ERROR:D.S.N:### any text 2385 where D.S.N is an RFC 1893 compliant error code 2386 and the rest as above. 2387 2388For example: 2389 2390 cyberspammer.com ERROR:"550 We don't accept mail from spammers" 2391 okay.cyberspammer.com OK 2392 sendmail.org RELAY 2393 128.32 RELAY 2394 IPv6:1:2:3:4:5:6:7 RELAY 2395 [127.0.0.3] OK 2396 [IPv6:1:2:3:4:5:6:7:8] OK 2397 2398would accept mail from okay.cyberspammer.com, but would reject mail from 2399all other hosts at cyberspammer.com with the indicated message. It would 2400allow relaying mail from and to any hosts in the sendmail.org domain, and 2401allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:* 2402network. The latter two entries are for checks against ${client_name} if 2403the IP address doesn't resolve to a hostname (or is considered as "may be 2404forged"). That is, using square brackets means these are host names, 2405not network numbers. 2406 2407Warning: if you change the RFC 821 compliant error code from the default 2408value of 550, then you should probably also change the RFC 1893 compliant 2409error code to match it. For example, if you use 2410 2411 user@example.com ERROR:450 mailbox full 2412 2413the error returned would be "450 5.0.0 mailbox full" which is wrong. 2414Use "ERROR:4.2.2:450 mailbox full" instead. 2415 2416Note, UUCP users may need to add hostname.UUCP to the access database 2417or class {R}. 2418 2419If you also use: 2420 2421 FEATURE(`relay_hosts_only') 2422 2423then the above example will allow relaying for sendmail.org, but not 2424hosts within the sendmail.org domain. Note that this will also require 2425hosts listed in class {R} to be fully qualified host names. 2426 2427You can also use the access database to block sender addresses based on 2428the username portion of the address. For example: 2429 2430 FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted 2431 2432Note that you must include the @ after the username to signify that 2433this database entry is for checking only the username portion of the 2434sender address. 2435 2436If you use: 2437 2438 FEATURE(`blacklist_recipients') 2439 2440then you can add entries to the map for local users, hosts in your 2441domains, or addresses in your domain which should not receive mail: 2442 2443 badlocaluser@ ERROR:550 Mailbox disabled for this username 2444 host.mydomain.com ERROR:550 That host does not accept mail 2445 user@otherhost.mydomain.com ERROR:550 Mailbox disabled for this recipient 2446 2447This would prevent a recipient of badlocaluser@mydomain.com, any 2448user at host.mydomain.com, and the single address 2449user@otherhost.mydomain.com from receiving mail. Please note: a 2450local username must be now tagged with an @ (this is consistent 2451with the check of the sender address, and hence it is possible to 2452distinguish between hostnames and usernames). Enabling this feature 2453will keep you from sending mails to all addresses that have an 2454error message or REJECT as value part in the access map. Taking 2455the example from above: 2456 2457 spammer@aol.com REJECT 2458 cyberspammer.com REJECT 2459 2460Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 2461 2462There are several DNS based blacklists, the first of which was 2463the RBL (``Realtime Blackhole List'') run by the MAPS project, 2464see http://mail-abuse.org/. These are databases of spammers 2465maintained in DNS. To use such a database, specify 2466 2467 FEATURE(`dnsbl') 2468 2469This will cause sendmail to reject mail from any site in the original 2470Realtime Blackhole List database. This default DNS blacklist, 2471blackholes.mail-abuse.org, is a service offered by the Mail Abuse 2472Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription 2473service, so using that network address won't work if you haven't 2474subscribed. Contact MAPS to subscribe (http://mail-abuse.org/). 2475 2476You can specify an alternative RBL server to check by specifying an 2477argument to the FEATURE. The default error message is 2478 2479 Rejected: IP-ADDRESS listed at SERVER 2480 2481where IP-ADDRESS and SERVER are replaced by the appropriate 2482information. A second argument can be used to specify a different 2483text. By default, temporary lookup failures are ignored and hence 2484cause the connection not to be rejected by the DNS based rejection 2485list. This behavior can be changed by specifying a third argument, 2486which must be either `t' or a full error message. For example: 2487 2488 FEATURE(`dnsbl', `dnsbl.example.com', `', 2489 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"') 2490 2491If `t' is used, the error message is: 2492 2493 451 Temporary lookup failure of IP-ADDRESS at SERVER 2494 2495where IP-ADDRESS and SERVER are replaced by the appropriate 2496information. 2497 2498This FEATURE can be included several times to query different 2499DNS based rejection lists, e.g., the dial-up user list (see 2500http://mail-abuse.org/dul/). 2501 2502Notice: to avoid checking your own local domains against those 2503blacklists, use the access_db feature and add: 2504 2505 Connect:10.1 OK 2506 Connect:127.0.0.1 RELAY 2507 2508to the access map, where 10.1 is your local network. You may 2509want to use "RELAY" instead of "OK" to allow also relaying 2510instead of just disabling the DNS lookups in the backlists. 2511 2512 2513The features described above make use of the check_relay, check_mail, 2514and check_rcpt rulesets. Note that check_relay checks the SMTP 2515client hostname and IP address when the connection is made to your 2516server. It does not check if a mail message is being relayed to 2517another server. That check is done in check_rcpt. If you wish to 2518include your own checks, you can put your checks in the rulesets 2519Local_check_relay, Local_check_mail, and Local_check_rcpt. For 2520example if you wanted to block senders with all numeric usernames 2521(i.e. 2312343@bigisp.com), you would use Local_check_mail and the 2522regex map: 2523 2524 LOCAL_CONFIG 2525 Kallnumbers regex -a@MATCH ^[0-9]+$ 2526 2527 LOCAL_RULESETS 2528 SLocal_check_mail 2529 # check address against various regex checks 2530 R$* $: $>Parse0 $>3 $1 2531 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 2532 R@MATCH $#error $: 553 Header Error 2533 2534These rules are called with the original arguments of the corresponding 2535check_* ruleset. If the local ruleset returns $#OK, no further checking 2536is done by the features described above and the mail is accepted. If the 2537local ruleset resolves to a mailer (such as $#error or $#discard), the 2538appropriate action is taken. Otherwise, the results of the local 2539rewriting are ignored. 2540 2541Finer control by using tags for the LHS of the access map 2542--------------------------------------------------------- 2543 2544Read this section only if the options listed so far are not sufficient 2545for your purposes. There is now the option to tag entries in the 2546access map according to their type. Three tags are available: 2547 2548 Connect: connection information (${client_addr}, ${client_name}) 2549 From: envelope sender 2550 To: envelope recipient 2551 2552If the required item is looked up in a map, it will be tried first 2553with the corresponding tag in front, then (as fallback to enable 2554backward compatibility) without any tag, unless the specific feature 2555requires a tag. For example, 2556 2557 From:spammer@some.dom REJECT 2558 To:friend.domain RELAY 2559 Connect:friend.domain OK 2560 Connect:from.domain RELAY 2561 From:good@another.dom OK 2562 From:another.dom REJECT 2563 2564This would deny mails from spammer@some.dom but you could still 2565send mail to that address even if FEATURE(`blacklist_recipients') 2566is enabled. Your system will allow relaying to friend.domain, but 2567not from it (unless enabled by other means). Connections from that 2568domain will be allowed even if it ends up in one of the DNS based 2569rejection lists. Relaying is enabled from from.domain but not to 2570it (since relaying is based on the connection information for 2571outgoing relaying, the tag Connect: must be used; for incoming 2572relaying, which is based on the recipient address, To: must be 2573used). The last two entries allow mails from good@another.dom but 2574reject mail from all other addresses with another.dom as domain 2575part. 2576 2577Delay all checks 2578---------------- 2579 2580By using FEATURE(`delay_checks') the rulesets check_mail and check_relay 2581will not be called when a client connects or issues a MAIL command, 2582respectively. Instead, those rulesets will be called by the check_rcpt 2583ruleset; they will be skipped if a sender has been authenticated using 2584a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). 2585If check_mail returns an error then the RCPT TO command will be rejected 2586with that error. If it returns some other result starting with $# then 2587check_relay will be skipped. If the sender address (or a part of it) is 2588listed in the access map and it has a RHS of OK or RELAY, then check_relay 2589will be skipped. This has an interesting side effect: if your domain is 2590my.domain and you have 2591 2592 my.domain RELAY 2593 2594in the access map, then any e-mail with a sender address of 2595<user@my.domain> will not be rejected by check_relay even though 2596it would match the hostname or IP address. This allows spammers 2597to get around DNS based blacklist by faking the sender address. To 2598avoid this problem you have to use tagged entries: 2599 2600 To:my.domain RELAY 2601 Connect:my.domain RELAY 2602 2603if you need those entries at all (class {R} may take care of them). 2604 2605FEATURE(`delay_checks') can take an optional argument: 2606 2607 FEATURE(`delay_checks', `friend') 2608 enables spamfriend test 2609 FEATURE(`delay_checks', `hater') 2610 enables spamhater test 2611 2612If such an argument is given, the recipient will be looked up in the 2613access map (using the tag Spam:). If the argument is `friend', then 2614the default behavior is to apply the other rulesets and make a SPAM 2615friend the exception. The rulesets check_mail and check_relay will be 2616skipped only if the recipient address is found and has RHS FRIEND. If 2617the argument is `hater', then the default behavior is to skip the rulesets 2618check_mail and check_relay and make a SPAM hater the exception. The 2619other two rulesets will be applied only if the recipient address is 2620found and has RHS HATER. 2621 2622This allows for simple exceptions from the tests, e.g., by activating 2623the friend option and having 2624 2625 Spam:abuse@ FRIEND 2626 2627in the access map, mail to abuse@localdomain will get through (where 2628"localdomain" is any domain in class {w}). It is also possible to 2629specify a full address or an address with +detail: 2630 2631 Spam:abuse@my.domain FRIEND 2632 Spam:me+abuse@ FRIEND 2633 Spam:spam.domain FRIEND 2634 2635Note: The required tag has been changed in 8.12 from To: to Spam:. 2636This change is incompatible to previous versions. However, you can 2637(for now) simply add the new entries to the access map, the old 2638ones will be ignored. As soon as you removed the old entries from 2639the access map, specify a third parameter (`n') to this feature and 2640the backward compatibility rules will not be in the generated .cf 2641file. 2642 2643Header Checks 2644------------- 2645 2646You can also reject mail on the basis of the contents of headers. 2647This is done by adding a ruleset call to the 'H' header definition command 2648in sendmail.cf. For example, this can be used to check the validity of 2649a Message-ID: header: 2650 2651 LOCAL_CONFIG 2652 HMessage-Id: $>CheckMessageId 2653 2654 LOCAL_RULESETS 2655 SCheckMessageId 2656 R< $+ @ $+ > $@ OK 2657 R$* $#error $: 553 Header Error 2658 2659The alternative format: 2660 2661 HSubject: $>+CheckSubject 2662 2663that is, $>+ instead of $>, gives the full Subject: header including 2664comments to the ruleset (comments in parentheses () are stripped 2665by default). 2666 2667A default ruleset for headers which don't have a specific ruleset 2668defined for them can be given by: 2669 2670 H*: $>CheckHdr 2671 2672Notice: 26731. All rules act on tokens as explained in doc/op/op.{me,ps,txt}. 2674That may cause problems with simple header checks due to the 2675tokenization. It might be simpler to use a regex map and apply it 2676to $&{currHeader}. 26772. There are no default rulesets coming with this distribution of 2678sendmail. You can either write your own or you can search the 2679WWW for examples, e.g., http://www.digitalanswers.org/check_local/ 2680 2681After all of the headers are read, the check_eoh ruleset will be called for 2682any final header-related checks. The ruleset is called with the number of 2683headers and the size of all of the headers in bytes separated by $|. One 2684example usage is to reject messages which do not have a Message-Id: 2685header. However, the Message-Id: header is *NOT* a required header and is 2686not a guaranteed spam indicator. This ruleset is an example and should 2687probably not be used in production. 2688 2689 LOCAL_CONFIG 2690 Kstorage macro 2691 HMessage-Id: $>CheckMessageId 2692 2693 LOCAL_RULESETS 2694 SCheckMessageId 2695 # Record the presence of the header 2696 R$* $: $(storage {MessageIdCheck} $@ OK $) $1 2697 R< $+ @ $+ > $@ OK 2698 R$* $#error $: 553 Header Error 2699 2700 Scheck_eoh 2701 # Check the macro 2702 R$* $: < $&{MessageIdCheck} > 2703 # Clear the macro for the next message 2704 R$* $: $(storage {MessageIdCheck} $) $1 2705 # Has a Message-Id: header 2706 R< $+ > $@ OK 2707 # Allow missing Message-Id: from local mail 2708 R$* $: < $&{client_name} > 2709 R< > $@ OK 2710 R< $=w > $@ OK 2711 # Otherwise, reject the mail 2712 R$* $#error $: 553 Header Error 2713 2714+----------+ 2715| STARTTLS | 2716+----------+ 2717 2718In this text, cert will be used as an abreviation for X.509 certificate, 2719DN (CN) is the distinguished (common) name of a cert, and CA is a 2720certification authority, which signs (issues) certs. 2721 2722For STARTTLS to be offered by sendmail you need to set at least 2723this variables (the file names and paths are just examples): 2724 2725 define(`confCACERT_PATH', `/etc/mail/certs/') 2726 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 2727 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 2728 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 2729 2730On systems which do not have the compile flag HASURANDOM set (see 2731sendmail/README) you also must set confRAND_FILE. 2732 2733See doc/op/op.{me,ps,txt} for more information about these options, 2734especially the sections ``Certificates for STARTTLS'' and ``PRNG for 2735STARTTLS''. 2736 2737Macros related to STARTTLS are: 2738 2739${cert_issuer} holds the DN of the CA (the cert issuer). 2740${cert_subject} holds the DN of the cert (called the cert subject). 2741${cn_issuer} holds the CN of the CA (the cert issuer). 2742${cn_subject} holds the CN of the cert (called the cert subject). 2743${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, 2744 TLSv1/SSLv3, SSLv3, SSLv2. 2745${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 2746 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. 2747${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm 2748 used for the connection. 2749${verify} holds the result of the verification of the presented cert. 2750 Possible values are: 2751 OK verification succeeded. 2752 NO no cert presented. 2753 NOT no cert requested. 2754 FAIL cert presented but could not be verified, 2755 e.g., the cert of the signing CA is missing. 2756 NONE STARTTLS has not been performed. 2757 TEMP temporary error occurred. 2758 PROTOCOL protocol error occurred (SMTP level). 2759 SOFTWARE STARTTLS handshake failed. 2760${server_name} the name of the server of the current outgoing SMTP 2761 connection. 2762${server_addr} the address of the server of the current outgoing SMTP 2763 connection. 2764 2765Relaying 2766-------- 2767 2768SMTP STARTTLS can allow relaying for remote SMTP clients which have 2769successfully authenticated themselves. If the verification of the cert 2770failed (${verify} != OK), relaying is subject to the usual rules. 2771Otherwise the DN of the issuer is looked up in the access map using the 2772tag CERTISSUER. If the resulting value is RELAY, relaying is allowed. 2773If it is SUBJECT, the DN of the cert subject is looked up next in the 2774access map using the tag CERTSUBJECT. If the value is RELAY, relaying 2775is allowed. 2776 2777${cert_issuer} and ${cert_subject} can be optionally modified by regular 2778expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and 2779_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in 2780rulesets and map lookups, they are modified as follows: each non-printable 2781character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced 2782by their HEX value with a leading '+'. For example: 2783 2784/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= 2785darth+cert@endmail.org 2786 2787is encoded as: 2788 2789/C=US/ST=California/O=endmail.org/OU=private/CN= 2790Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2791 2792(line breaks have been inserted for readability). 2793 2794The macros which are subject to this encoding are ${cert_subject}, 2795${cert_issuer}, ${cn_subject}, and ${cn_issuer}. 2796 2797Examples: 2798 2799To allow relaying for everyone who can present a cert signed by 2800 2801/C=US/ST=California/O=endmail.org/OU=private/CN= 2802Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2803 2804simply use: 2805 2806CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2807Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY 2808 2809To allow relaying only for a subset of machines that have a cert signed by 2810 2811/C=US/ST=California/O=endmail.org/OU=private/CN= 2812Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2813 2814use: 2815 2816CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2817Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT 2818CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= 2819DeathStar/Email=deathstar@endmail.org RELAY 2820 2821Note: line breaks have been inserted after "CN=" for readability, 2822each tagged entry must be one (long) line in the access map. 2823 2824Of course it is also possible to write a simple ruleset that allows 2825relaying for everyone who can present a cert that can be verified, e.g., 2826 2827LOCAL_RULESETS 2828SLocal_check_rcpt 2829R$* $: $&{verify} 2830ROK $# OK 2831 2832Allowing Connections 2833-------------------- 2834 2835The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether 2836an SMTP connection is accepted (or should continue). 2837 2838tls_server is called when sendmail acts as client after a STARTTLS command 2839(should) have been issued. The parameter is the value of ${verify}. 2840 2841tls_client is called when sendmail acts as server, after a STARTTLS command 2842has been issued, and from check_mail. The parameter is the value of 2843${verify} and STARTTLS or MAIL, respectively. 2844 2845Both rulesets behave the same. If no access map is in use, the connection 2846will be accepted unless ${verify} is SOFTWARE, in which case the connection 2847is always aborted. For tls_server/tls_client, ${client_name}/${server_name} 2848is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done 2849with the ruleset LookUpDomain. If no entry is found, ${client_addr} 2850(${server_addr}) is looked up in the access map (same tag, ruleset 2851LookUpAddr). If this doesn't result in an entry either, just the tag is 2852looked up in the access map (included the trailing colon). Notice: 2853requiring that e-mail is sent to a server only encrypted, e.g., via 2854 2855TLS_Srv:secure.domain ENCR:112 2856 2857doesn't necessarily mean that e-mail sent to that domain is encrypted. 2858If the domain has multiple MX servers, e.g., 2859 2860secure.domain. IN MX 10 mail.secure.domain. 2861secure.domain. IN MX 50 mail.other.domain. 2862 2863then mail to user@secure.domain may go unencrypted to mail.other.domain. 2864tls_rcpt can be used to address this problem. 2865 2866tls_rcpt is called before a RCPT TO: command is sent. The parameter is the 2867current recipient. This ruleset is only defined if FEATURE(`access_db') 2868is selected. A recipient address user@domain is looked up in the access 2869map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain, 2870and TLS_Rcpt:; the first match is taken. 2871 2872The result of the lookups is then used to call the ruleset TLS_connection, 2873which checks the requirement specified by the RHS in the access map against 2874the actual parameters of the current TLS connection, esp. ${verify} and 2875${cipher_bits}. Legal RHSs in the access map are: 2876 2877VERIFY verification must have succeeded 2878VERIFY:bits verification must have succeeded and ${cipher_bits} must 2879 be greater than or equal bits. 2880ENCR:bits ${cipher_bits} must be greater than or equal bits. 2881 2882The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary 2883or permanent error. The default is a temporary error code (403 4.7.0) 2884unless the macro TLS_PERM_ERR is set during generation of the .cf file. 2885 2886If a certain level of encryption is required, then it might also be 2887possible that this level is provided by the security layer from a SASL 2888algorithm, e.g., DIGEST-MD5. 2889 2890Furthermore, there can be a list of extensions added. Such a list 2891starts with '+' and the items are separated by '++'. Allowed 2892extensions are: 2893 2894CN:name name must match ${cn_subject} 2895CN ${server_name} must match ${cn_subject} 2896CS:name name must match ${cert_subject} 2897CI:name name must match ${cert_issuer} 2898 2899Example: e-mail sent to secure.example.com should only use an encrypted 2900connection. E-mail received from hosts within the laptop.example.com domain 2901should only be accepted if they have been authenticated. The host which 2902receives e-mail for darth@endmail.org must present a cert that uses the 2903CN smtp.endmail.org. 2904 2905TLS_Srv:secure.example.com ENCR:112 2906TLS_Clt:laptop.example.com PERM+VERIFY:112 2907TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org 2908 2909 2910Disabling STARTTLS And Setting SMTP Server Features 2911--------------------------------------------------- 2912 2913By default STARTTLS is used whenever possible. However, there are 2914some broken MTAs that don't properly implement STARTTLS. To be able 2915to send to (or receive from) those MTAs, the ruleset try_tls 2916(srv_features) can be used that work together with the access map. 2917Entries for the access map must be tagged with Try_TLS (Srv_Features) 2918and refer to the hostname or IP address of the connecting system. 2919A default case can be specified by using just the tag. For example, 2920the following entries in the access map: 2921 2922 Try_TLS:broken.server NO 2923 Srv_Features:my.domain v 2924 Srv_Features: V 2925 2926will turn off STARTTLS when sending to broken.server (or any host 2927in that domain), and request a client certificate during the TLS 2928handshake only for hosts in my.domain. The valid entries on the RHS 2929for Srv_Features are listed in the Sendmail Installation and 2930Operations Guide. 2931 2932 2933Received: Header 2934---------------- 2935 2936The Received: header reveals whether STARTTLS has been used. It contains an 2937extra line: 2938 2939(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify}) 2940 2941 2942+---------------------+ 2943| SMTP AUTHENTICATION | 2944+---------------------+ 2945 2946The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be 2947used in anti-relay rulesets to allow relaying for those users that 2948authenticated themselves. A very simple example is: 2949 2950SLocal_check_rcpt 2951R$* $: $&{auth_type} 2952R$+ $# OK 2953 2954which checks whether a user has successfully authenticated using 2955any available mechanism. Depending on the setup of the CYRUS SASL 2956library, more sophisticated rulesets might be required, e.g., 2957 2958SLocal_check_rcpt 2959R$* $: $&{auth_type} $| $&{auth_authen} 2960RDIGEST-MD5 $| $+@$=w $# OK 2961 2962to allow relaying for users that authenticated using DIGEST-MD5 2963and have an identity in the local domains. 2964 2965The ruleset trust_auth is used to determine whether a given AUTH= 2966parameter (that is passed to this ruleset) should be trusted. This 2967ruleset may make use of the other ${auth_*} macros. Only if the 2968ruleset resolves to the error mailer, the AUTH= parameter is not 2969trusted. A user supplied ruleset Local_trust_auth can be written 2970to modify the default behavior, which only trust the AUTH= 2971parameter if it is identical to the authenticated user. 2972 2973Per default, relaying is allowed for any user who authenticated 2974via a "trusted" mechanism, i.e., one that is defined via 2975TRUST_AUTH_MECH(`list of mechanisms') 2976For example: 2977TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5') 2978 2979If the selected mechanism provides a security layer the number of 2980bits used for the key of the symmetric cipher is stored in the 2981macro ${auth_ssf}. 2982 2983If sendmail acts as client, it needs some information how to 2984authenticate against another MTA. This information can be provided 2985by the ruleset authinfo or by the option DefaultAuthInfo. The 2986authinfo ruleset looks up {server_name} using the tag AuthInfo: in 2987the access map. If no entry is found, {server_addr} is looked up 2988in the same way and finally just the tag AuthInfo: to provide 2989default values. Note: searches for domain parts or IP nets are 2990only performed if the access map is used; if the authinfo feature 2991is used then only up to three lookups are performed (two exact 2992matches, one default). 2993 2994Notice: the default configuration file causes the option DefaultAuthInfo 2995to fail since the ruleset authinfo is in the .cf file. If you really 2996want to use DefaultAuthInfo (it is deprecated) then you have to 2997remove the ruleset. 2998 2999The RHS for an AuthInfo: entry in the access map should consists of a 3000list of tokens, each of which has the form: "TDstring" (including 3001the quotes). T is a tag which describes the item, D is a delimiter, 3002either ':' for simple text or '=' for a base64 encoded string. 3003Valid values for the tag are: 3004 3005 U user (authorization) id 3006 I authentication id 3007 P password 3008 R realm 3009 M list of mechanisms delimited by spaces 3010 3011Example entries are: 3012 3013AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5" 3014AuthInfo:host.more.dom "U:user" "P=c2VjcmV0" 3015 3016User id or authentication id must exist as well as the password. All 3017other entries have default values. If one of user or authentication 3018id is missing, the existing value is used for the missing item. 3019If "R:" is not specified, realm defaults to $j. The list of mechanisms 3020defaults to those specified by AuthMechanisms. 3021 3022Since this map contains sensitive information, either the access 3023map must be unreadable by everyone but root (or the trusted user) 3024or FEATURE(`authinfo') must be used which provides a separate map. 3025Notice: It is not checked whether the map is actually 3026group/world-unreadable, this is left to the user. 3027 3028+--------------------------------+ 3029| ADDING NEW MAILERS OR RULESETS | 3030+--------------------------------+ 3031 3032Sometimes you may need to add entirely new mailers or rulesets. They 3033should be introduced with the constructs MAILER_DEFINITIONS and 3034LOCAL_RULESETS respectively. For example: 3035 3036 MAILER_DEFINITIONS 3037 Mmymailer, ... 3038 ... 3039 3040 LOCAL_RULESETS 3041 Smyruleset 3042 ... 3043 3044Local additions for the rulesets srv_features, try_tls, tls_rcpt, 3045tls_client, and tls_server can be made using LOCAL_SRV_FEATURES, 3046LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER, 3047respectively. For example, to add a local ruleset that decides 3048whether to try STARTTLS in a sendmail client, use: 3049 3050 LOCAL_TRY_TLS 3051 R... 3052 3053Note: you don't need to add a name for the ruleset, it is implicitly 3054defined by using the appropriate macro. 3055 3056 3057+-------------------------+ 3058| ADDING NEW MAIL FILTERS | 3059+-------------------------+ 3060 3061Sendmail supports mail filters to filter incoming SMTP messages according 3062to the "Sendmail Mail Filter API" documentation. These filters can be 3063configured in your mc file using the two commands: 3064 3065 MAIL_FILTER(`name', `equates') 3066 INPUT_MAIL_FILTER(`name', `equates') 3067 3068The first command, MAIL_FILTER(), simply defines a filter with the given 3069name and equates. For example: 3070 3071 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3072 3073This creates the equivalent sendmail.cf entry: 3074 3075 Xarchive, S=local:/var/run/archivesock, F=R 3076 3077The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER 3078but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name 3079of the filter such that the filter will actually be called by sendmail. 3080 3081For example, the two commands: 3082 3083 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3084 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3085 3086are equivalent to the three commands: 3087 3088 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3089 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3090 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') 3091 3092In general, INPUT_MAIL_FILTER() should be used unless you need to define 3093more filters than you want to use for `confINPUT_MAIL_FILTERS'. 3094 3095Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() 3096commands will clear the list created by the prior INPUT_MAIL_FILTER() 3097commands. 3098 3099 3100+-------------------------+ 3101| QUEUE GROUP DEFINITIONS | 3102+-------------------------+ 3103 3104In addition to the queue directory (which is the default queue group 3105called "mqueue"), sendmail can deal with multiple queue groups, which 3106are collections of queue directories with the same behaviour. Queue 3107groups can be defined using the command: 3108 3109 QUEUE_GROUP(`name', `equates') 3110 3111For details about queue groups, please see doc/op/op.{me,ps,txt}. 3112 3113+-------------------------------+ 3114| NON-SMTP BASED CONFIGURATIONS | 3115+-------------------------------+ 3116 3117These configuration files are designed primarily for use by 3118SMTP-based sites. They may not be well tuned for UUCP-only or 3119UUCP-primarily nodes (the latter is defined as a small local net 3120connected to the rest of the world via UUCP). However, there is 3121one hook to handle some special cases. 3122 3123You can define a ``smart host'' that understands a richer address syntax 3124using: 3125 3126 define(`SMART_HOST', `mailer:hostname') 3127 3128In this case, the ``mailer:'' defaults to "relay". Any messages that 3129can't be handled using the usual UUCP rules are passed to this host. 3130 3131If you are on a local SMTP-based net that connects to the outside 3132world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 3133For example: 3134 3135 define(`SMART_HOST', `uucp-new:uunet') 3136 LOCAL_NET_CONFIG 3137 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 3138 3139This will cause all names that end in your domain name ($m) to be sent 3140via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. 3141If you have FEATURE(`nocanonify'), you may need to omit the dots after 3142the $m. If you are running a local DNS inside your domain which is 3143not otherwise connected to the outside world, you probably want to 3144use: 3145 3146 define(`SMART_HOST', `smtp:fire.wall.com') 3147 LOCAL_NET_CONFIG 3148 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 3149 3150That is, send directly only to things you found in your DNS lookup; 3151anything else goes through SMART_HOST. 3152 3153You may need to turn off the anti-spam rules in order to accept 3154UUCP mail with FEATURE(`promiscuous_relay') and 3155FEATURE(`accept_unresolvable_domains'). 3156 3157 3158+-----------+ 3159| WHO AM I? | 3160+-----------+ 3161 3162Normally, the $j macro is automatically defined to be your fully 3163qualified domain name (FQDN). Sendmail does this by getting your 3164host name using gethostname and then calling gethostbyname on the 3165result. For example, in some environments gethostname returns 3166only the root of the host name (such as "foo"); gethostbyname is 3167supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 3168cases, gethostbyname may fail to return the FQDN. In this case 3169you MUST define confDOMAIN_NAME to be your fully qualified domain 3170name. This is usually done using: 3171 3172 Dmbar.com 3173 define(`confDOMAIN_NAME', `$w.$m')dnl 3174 3175 3176+-----------------------------------+ 3177| ACCEPTING MAIL FOR MULTIPLE NAMES | 3178+-----------------------------------+ 3179 3180If your host is known by several different names, you need to augment 3181class {w}. This is a list of names by which your host is known, and 3182anything sent to an address using a host name in this list will be 3183treated as local mail. You can do this in two ways: either create the 3184file /etc/mail/local-host-names containing a list of your aliases (one per 3185line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add 3186``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified 3187name of the host, rather than a short name. 3188 3189If you want to have different address in different domains, take 3190a look at the virtusertable feature, which is also explained at 3191http://www.sendmail.org/virtual-hosting.html 3192 3193 3194+--------------------+ 3195| USING MAILERTABLES | 3196+--------------------+ 3197 3198To use FEATURE(`mailertable'), you will have to create an external 3199database containing the routing information for various domains. 3200For example, a mailertable file in text format might be: 3201 3202 .my.domain xnet:%1.my.domain 3203 uuhost1.my.domain uucp-new:uuhost1 3204 .bitnet smtp:relay.bit.net 3205 3206This should normally be stored in /etc/mail/mailertable. The actual 3207database version of the mailertable is built using: 3208 3209 makemap hash /etc/mail/mailertable < /etc/mail/mailertable 3210 3211The semantics are simple. Any LHS entry that does not begin with 3212a dot matches the full host name indicated. LHS entries beginning 3213with a dot match anything ending with that domain name (including 3214the leading dot) -- that is, they can be thought of as having a 3215leading ".+" regular expression pattern for a non-empty sequence of 3216characters. Matching is done in order of most-to-least qualified 3217-- for example, even though ".my.domain" is listed first in the 3218above example, an entry of "uuhost1.my.domain" will match the second 3219entry since it is more explicit. Note: e-mail to "user@my.domain" 3220does not match any entry in the above table. You need to have 3221something like: 3222 3223 my.domain esmtp:host.my.domain 3224 3225The RHS should always be a "mailer:host" pair. The mailer is the 3226configuration name of a mailer (that is, an M line in the 3227sendmail.cf file). The "host" will be the hostname passed to 3228that mailer. In domain-based matches (that is, those with leading 3229dots) the "%1" may be used to interpolate the wildcarded part of 3230the host name. For example, the first line above sends everything 3231addressed to "anything.my.domain" to that same host name, but using 3232the (presumably experimental) xnet mailer. 3233 3234In some cases you may want to temporarily turn off MX records, 3235particularly on gateways. For example, you may want to MX 3236everything in a domain to one machine that then forwards it 3237directly. To do this, you might use the DNS configuration: 3238 3239 *.domain. IN MX 0 relay.machine 3240 3241and on relay.machine use the mailertable: 3242 3243 .domain smtp:[gateway.domain] 3244 3245The [square brackets] turn off MX records for this host only. 3246If you didn't do this, the mailertable would use the MX record 3247again, which would give you an MX loop. Note that the use of 3248wildcard MX records is almost always a bad idea. Please avoid 3249using them if possible. 3250 3251 3252+--------------------------------+ 3253| USING USERDB TO MAP FULL NAMES | 3254+--------------------------------+ 3255 3256The user database was not originally intended for mapping full names 3257to login names (e.g., Eric.Allman => eric), but some people are using 3258it that way. (it is recommended that you set up aliases for this 3259purpose instead -- since you can specify multiple alias files, this 3260is fairly easy.) The intent was to locate the default maildrop at 3261a site, but allow you to override this by sending to a specific host. 3262 3263If you decide to set up the user database in this fashion, it is 3264imperative that you not use FEATURE(`stickyhost') -- otherwise, 3265e-mail sent to Full.Name@local.host.name will be rejected. 3266 3267To build the internal form of the user database, use: 3268 3269 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt 3270 3271As a general rule, it is an extremely bad idea to using full names 3272as e-mail addresses, since they are not in any sense unique. For 3273example, the UNIX software-development community has at least two 3274well-known Peter Deutsches, and at one time Bell Labs had two 3275Stephen R. Bournes with offices along the same hallway. Which one 3276will be forced to suffer the indignity of being Stephen_R_Bourne_2? 3277The less famous of the two, or the one that was hired later? 3278 3279Finger should handle full names (and be fuzzy). Mail should use 3280handles, and not be fuzzy. 3281 3282 3283+--------------------------------+ 3284| MISCELLANEOUS SPECIAL FEATURES | 3285+--------------------------------+ 3286 3287Plussed users 3288 Sometimes it is convenient to merge configuration on a 3289 centralized mail machine, for example, to forward all 3290 root mail to a mail server. In this case it might be 3291 useful to be able to treat the root addresses as a class 3292 of addresses with subtle differences. You can do this 3293 using plussed users. For example, a client might include 3294 the alias: 3295 3296 root: root+client1@server 3297 3298 On the server, this will match an alias for "root+client1". 3299 If that is not found, the alias "root+*" will be tried, 3300 then "root". 3301 3302 3303+----------------+ 3304| SECURITY NOTES | 3305+----------------+ 3306 3307A lot of sendmail security comes down to you. Sendmail 8 is much 3308more careful about checking for security problems than previous 3309versions, but there are some things that you still need to watch 3310for. In particular: 3311 3312* Make sure the aliases file is not writable except by trusted 3313 system personnel. This includes both the text and database 3314 version. 3315 3316* Make sure that other files that sendmail reads, such as the 3317 mailertable, are only writable by trusted system personnel. 3318 3319* The queue directory should not be world writable PARTICULARLY 3320 if your system allows "file giveaways" (that is, if a non-root 3321 user can chown any file they own to any other user). 3322 3323* If your system allows file giveaways, DO NOT create a publically 3324 writable directory for forward files. This will allow anyone 3325 to steal anyone else's e-mail. Instead, create a script that 3326 copies the .forward file from users' home directories once a 3327 night (if you want the non-NFS-mounted forward directory). 3328 3329* If your system allows file giveaways, you'll find that 3330 sendmail is much less trusting of :include: files -- in 3331 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 3332 /etc/shells before they will be trusted (that is, before 3333 files and programs listed in them will be honored). 3334 3335In general, file giveaways are a mistake -- if you can turn them 3336off, do so. 3337 3338 3339+--------------------------------+ 3340| TWEAKING CONFIGURATION OPTIONS | 3341+--------------------------------+ 3342 3343There are a large number of configuration options that don't normally 3344need to be changed. However, if you feel you need to tweak them, you 3345can define the following M4 variables. This list is shown in four 3346columns: the name you define, the default value for that definition, 3347the option or macro that is affected (either Ox for an option or Dx 3348for a macro), and a brief description. Greater detail of the semantics 3349can be found in the Installation and Operations Guide. 3350 3351Some options are likely to be deprecated in future versions -- that is, 3352the option is only included to provide back-compatibility. These are 3353marked with "*". 3354 3355Remember that these options are M4 variables, and hence may need to 3356be quoted. In particular, arguments with commas will usually have to 3357be ``double quoted, like this phrase'' to avoid having the comma 3358confuse things. This is common for alias file definitions and for 3359the read timeout. 3360 3361M4 Variable Name Configuration Description & [Default] 3362================ ============= ======================= 3363confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 3364 for internally generated outgoing 3365 messages. 3366confDOMAIN_NAME $j macro If defined, sets $j. This should 3367 only be done if your system cannot 3368 determine your local domain name, 3369 and then it should be set to 3370 $w.Foo.COM, where Foo.COM is your 3371 domain name. 3372confCF_VERSION $Z macro If defined, this is appended to the 3373 configuration version name. 3374confLDAP_CLUSTER ${sendmailMTACluster} macro 3375 If defined, this is the LDAP 3376 cluster to use for LDAP searches 3377 as described above in ``USING LDAP 3378 FOR ALIASES, MAPS, AND CLASSES''. 3379confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 3380 internally generated From: address. 3381confRECEIVED_HEADER Received: 3382 [$?sfrom $s $.$?_($?s$|from $.$_) 3383 $.$?{auth_type}(authenticated) 3384 $.by $j ($v/$Z)$?r with $r$. id $i$?u 3385 for $u; $|; 3386 $.$b] 3387 The format of the Received: header 3388 in messages passed through this host. 3389 It is unwise to try to change this. 3390confCW_FILE Fw class [/etc/mail/local-host-names] Name 3391 of file used to get the local 3392 additions to class {w} (local host 3393 names). 3394confCT_FILE Ft class [/etc/mail/trusted-users] Name of 3395 file used to get the local additions 3396 to class {t} (trusted users). 3397confCR_FILE FR class [/etc/mail/relay-domains] Name of 3398 file used to get the local additions 3399 to class {R} (hosts allowed to relay). 3400confTRUSTED_USERS Ct class [no default] Names of users to add to 3401 the list of trusted users. This list 3402 always includes root, uucp, and daemon. 3403 See also FEATURE(`use_ct_file'). 3404confTRUSTED_USER TrustedUser [no default] Trusted user for file 3405 ownership and starting the daemon. 3406 Not to be confused with 3407 confTRUSTED_USERS (see above). 3408confSMTP_MAILER - [esmtp] The mailer name used when 3409 SMTP connectivity is required. 3410 One of "smtp", "smtp8", 3411 "esmtp", or "dsmtp". 3412confUUCP_MAILER - [uucp-old] The mailer to be used by 3413 default for bang-format recipient 3414 addresses. See also discussion of 3415 class {U}, class {Y}, and class {Z} 3416 in the MAILER(`uucp') section. 3417confLOCAL_MAILER - [local] The mailer name used when 3418 local connectivity is required. 3419 Almost always "local". 3420confRELAY_MAILER - [relay] The default mailer name used 3421 for relaying any mail (e.g., to a 3422 BITNET_RELAY, a SMART_HOST, or 3423 whatever). This can reasonably be 3424 "uucp-new" if you are on a 3425 UUCP-connected site. 3426confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 3427confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 3428confALIAS_WAIT AliasWait [10m] Time to wait for alias file 3429 rebuild until you get bored and 3430 decide that the apparently pending 3431 rebuild failed. 3432confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 3433 queue filesystem to accept SMTP mail. 3434 (Prior to 8.7 this was minfree/maxsize, 3435 where minfree was the number of free 3436 blocks and maxsize was the maximum 3437 message size. Use confMAX_MESSAGE_SIZE 3438 for the second value now.) 3439confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 3440 that will be accepted (in bytes). 3441confBLANK_SUB BlankSub [.] Blank (space) substitution 3442 character. 3443confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 3444 to mailers marked expensive. 3445confCHECKPOINT_INTERVAL CheckpointInterval 3446 [10] Checkpoint queue files every N 3447 recipients. 3448confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 3449confERROR_MODE ErrorMode [print] Error message mode. 3450confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 3451confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 3452confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 3453confMATCH_GECOS MatchGECOS [False] Match GECOS field. 3454confMAX_HOP MaxHopCount [25] Maximum hop count. 3455confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd 3456 mode] Ignore dot as terminator for 3457 incoming messages? 3458confBIND_OPTS ResolverOptions [undefined] Default options for DNS 3459 resolver. 3460confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 3461 encapsulated messages per RFC 1344. 3462confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 3463 The colon-separated list of places to 3464 search for .forward files. N.B.: see 3465 the Security Notes section. 3466confMCI_CACHE_SIZE ConnectionCacheSize 3467 [2] Size of open connection cache. 3468confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 3469 [5m] Open connection cache timeout. 3470confHOST_STATUS_DIRECTORY HostStatusDirectory 3471 [undefined] If set, host status is kept 3472 on disk between sendmail runs in the 3473 named directory tree. This need not be 3474 a full pathname, in which case it is 3475 interpreted relative to the queue 3476 directory. 3477confSINGLE_THREAD_DELIVERY SingleThreadDelivery 3478 [False] If this option and the 3479 HostStatusDirectory option are both 3480 set, single thread deliveries to other 3481 hosts. That is, don't allow any two 3482 sendmails on this host to connect 3483 simultaneously to any other single 3484 host. This can slow down delivery in 3485 some cases, in particular since a 3486 cached but otherwise idle connection 3487 to a host will prevent other sendmails 3488 from connecting to the other host. 3489confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to 3490 deliver error messages. This should 3491 not be necessary because of general 3492 acceptance of the envelope/header 3493 distinction. 3494confLOG_LEVEL LogLevel [9] Log level. 3495confME_TOO MeToo [True] Include sender in group 3496 expansions. This option is 3497 deprecated and will be removed from 3498 a future version. 3499confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 3500 running newaliases. Since this does 3501 DNS lookups on every address, it can 3502 slow down the alias rebuild process 3503 considerably on large alias files. 3504confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 3505 special chars are old style. 3506confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 3507confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 3508 copies of all error messages. 3509confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 3510confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for 3511 queue files (octal). If not set, 3512 sendmail uses 0600 unless its real 3513 and effective uid are different in 3514 which case it uses 0644. 3515confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 3516 syntax addresses to the minimum 3517 possible. 3518confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 3519 before forking. 3520confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 3521 on the initial connect. 3522confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 3523 connect() to complete. This can only 3524 shorten connection timeouts; the kernel 3525 silently enforces an absolute maximum 3526 (which varies depending on the system). 3527confTO_ICONNECT Timeout.iconnect 3528 [undefined] Like Timeout.connect, but 3529 applies only to the very first attempt 3530 to connect to a host in a message. 3531 This allows a single very fast pass 3532 followed by more careful delivery 3533 attempts in the future. 3534confTO_ACONNECT Timeout.aconnect 3535 [0] The overall timeout waiting for 3536 all connection for a single delivery 3537 attempt to succeed. If 0, no overall 3538 limit is applied. 3539confTO_HELO Timeout.helo [5m] The timeout waiting for a response 3540 to a HELO or EHLO command. 3541confTO_MAIL Timeout.mail [10m] The timeout waiting for a 3542 response to the MAIL command. 3543confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 3544 to the RCPT command. 3545confTO_DATAINIT Timeout.datainit 3546 [5m] The timeout waiting for a 354 3547 response from the DATA command. 3548confTO_DATABLOCK Timeout.datablock 3549 [1h] The timeout waiting for a block 3550 during DATA phase. 3551confTO_DATAFINAL Timeout.datafinal 3552 [1h] The timeout waiting for a response 3553 to the final "." that terminates a 3554 message. 3555confTO_RSET Timeout.rset [5m] The timeout waiting for a response 3556 to the RSET command. 3557confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 3558 to the QUIT command. 3559confTO_MISC Timeout.misc [2m] The timeout waiting for a response 3560 to other SMTP commands. 3561confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout 3562 waiting for a command to be issued. 3563confTO_IDENT Timeout.ident [5s] The timeout waiting for a 3564 response to an IDENT query. 3565confTO_FILEOPEN Timeout.fileopen 3566 [60s] The timeout waiting for a file 3567 (e.g., :include: file) to be opened. 3568confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response 3569 to an LMTP LHLO command. 3570confTO_AUTH Timeout.auth [10m] The timeout waiting for a 3571 response in an AUTH dialogue. 3572confTO_STARTTLS Timeout.starttls 3573 [1h] The timeout waiting for a 3574 response to an SMTP STARTTLS command. 3575confTO_CONTROL Timeout.control 3576 [2m] The timeout for a complete 3577 control socket transaction to complete. 3578confTO_QUEUERETURN Timeout.queuereturn 3579 [5d] The timeout before a message is 3580 returned as undeliverable. 3581confTO_QUEUERETURN_NORMAL 3582 Timeout.queuereturn.normal 3583 [undefined] As above, for normal 3584 priority messages. 3585confTO_QUEUERETURN_URGENT 3586 Timeout.queuereturn.urgent 3587 [undefined] As above, for urgent 3588 priority messages. 3589confTO_QUEUERETURN_NONURGENT 3590 Timeout.queuereturn.non-urgent 3591 [undefined] As above, for non-urgent 3592 (low) priority messages. 3593confTO_QUEUEWARN Timeout.queuewarn 3594 [4h] The timeout before a warning 3595 message is sent to the sender telling 3596 them that the message has been 3597 deferred. 3598confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 3599 [undefined] As above, for normal 3600 priority messages. 3601confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 3602 [undefined] As above, for urgent 3603 priority messages. 3604confTO_QUEUEWARN_NONURGENT 3605 Timeout.queuewarn.non-urgent 3606 [undefined] As above, for non-urgent 3607 (low) priority messages. 3608confTO_HOSTSTATUS Timeout.hoststatus 3609 [30m] How long information about host 3610 statuses will be maintained before it 3611 is considered stale and the host should 3612 be retried. This applies both within 3613 a single queue run and to persistent 3614 information (see below). 3615confTO_RESOLVER_RETRANS Timeout.resolver.retrans 3616 [varies] Sets the resolver's 3617 retransmission time interval (in 3618 seconds). Sets both 3619 Timeout.resolver.retrans.first and 3620 Timeout.resolver.retrans.normal. 3621confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 3622 [varies] Sets the resolver's 3623 retransmission time interval (in 3624 seconds) for the first attempt to 3625 deliver a message. 3626confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 3627 [varies] Sets the resolver's 3628 retransmission time interval (in 3629 seconds) for all resolver lookups 3630 except the first delivery attempt. 3631confTO_RESOLVER_RETRY Timeout.resolver.retry 3632 [varies] Sets the number of times 3633 to retransmit a resolver query. 3634 Sets both 3635 Timeout.resolver.retry.first and 3636 Timeout.resolver.retry.normal. 3637confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 3638 [varies] Sets the number of times 3639 to retransmit a resolver query for 3640 the first attempt to deliver a 3641 message. 3642confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 3643 [varies] Sets the number of times 3644 to retransmit a resolver query for 3645 all resolver lookups except the 3646 first delivery attempt. 3647confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 3648 USE_SYSTEM to use the system's idea, 3649 USE_TZ to use the user's TZ envariable, 3650 or something else to force that value. 3651confDEF_USER_ID DefaultUser [1:1] Default user id. 3652confUSERDB_SPEC UserDatabaseSpec 3653 [undefined] User database 3654 specification. 3655confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 3656confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX 3657 for a host and other arrangements 3658 haven't been made, try connecting 3659 to the host directly; normally this 3660 would be a config error. 3661confQUEUE_LA QueueLA [varies] Load average at which 3662 queue-only function kicks in. 3663 Default values is (8 * numproc) 3664 where numproc is the number of 3665 processors online (if that can be 3666 determined). 3667confREFUSE_LA RefuseLA [varies] Load average at which 3668 incoming SMTP connections are 3669 refused. Default values is (12 * 3670 numproc) where numproc is the 3671 number of processors online (if 3672 that can be determined). 3673confDELAY_LA DelayLA [0] Load average at which sendmail 3674 will sleep for one second on most 3675 SMTP commands and before accepting 3676 connections. 0 means no limit. 3677confMAX_ALIAS_RECURSION MaxAliasRecursion 3678 [10] Maximum depth of alias recursion. 3679confMAX_DAEMON_CHILDREN MaxDaemonChildren 3680 [undefined] The maximum number of 3681 children the daemon will permit. After 3682 this number, connections will be 3683 rejected. If not set or <= 0, there is 3684 no limit. 3685confMAX_HEADERS_LENGTH MaxHeadersLength 3686 [32768] Maximum length of the sum 3687 of all headers. 3688confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 3689 [undefined] Maximum length of 3690 certain MIME header field values. 3691 If not set, sendmail uses 2048/1024. 3692confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 3693 [undefined] The maximum number of 3694 connections permitted per second per 3695 daemon. After this many connections 3696 are accepted, further connections 3697 will be delayed. If not set or <= 0, 3698 there is no limit. 3699confWORK_RECIPIENT_FACTOR 3700 RecipientFactor [30000] Cost of each recipient. 3701confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a 3702 separate process. 3703confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 3704confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 3705confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 3706 Priority, Host, Filename, Random, 3707 Modification, or Time. 3708confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 3709 must sit in the queue between queue 3710 runs. This allows you to set the 3711 queue run interval low for better 3712 responsiveness without trying all 3713 jobs in each run. 3714confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 3715 unlabeled 8 bit input to MIME, the 3716 character set to use by default. 3717confSERVICE_SWITCH_FILE ServiceSwitchFile 3718 [/etc/mail/service.switch] The file 3719 to use for the service switch on 3720 systems that do not have a 3721 system-defined switch. 3722confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 3723 "file" type access of hosts names. 3724confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 3725 long and try again. Zero means "don't 3726 retry". This is to allow "dial on 3727 demand" connections to have enough time 3728 to complete a connection. 3729confNO_RCPT_ACTION NoRecipientAction 3730 [none] What to do if there are no legal 3731 recipient fields (To:, Cc: or Bcc:) 3732 in the message. Legal values can 3733 be "none" to just leave the 3734 nonconforming message as is, "add-to" 3735 to add a To: header with all the 3736 known recipients (which may expose 3737 blind recipients), "add-apparently-to" 3738 to do the same but use Apparently-To: 3739 instead of To: (strongly discouraged 3740 in accordance with IETF standards), 3741 "add-bcc" to add an empty Bcc: 3742 header, or "add-to-undisclosed" to 3743 add the header 3744 ``To: undisclosed-recipients:;''. 3745confSAFE_FILE_ENV SafeFileEnvironment 3746 [undefined] If set, sendmail will do a 3747 chroot() into this directory before 3748 writing files. 3749confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 3750 If set, colons are treated as a regular 3751 character in addresses. If not set, 3752 they are treated as the introducer to 3753 the RFC 822 "group" syntax. Colons are 3754 handled properly in route-addrs. This 3755 option defaults on for V5 and lower 3756 configuration files. 3757confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 3758 any given queue run to this number of 3759 entries. Essentially, this will stop 3760 reading each queue directory after this 3761 number of entries are reached; it does 3762 _not_ pick the highest priority jobs, 3763 so this should be as large as your 3764 system can tolerate. If not set, there 3765 is no limit. 3766confMAX_QUEUE_CHILDREN MaxQueueChildren 3767 [undefined] Limits the maximum number 3768 of concurrent queue runners active. 3769 This is to keep system resources used 3770 within a reasonable limit. Relates to 3771 Queue Groups and ForkAllJobs. 3772confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 3773 [1] Only active when MaxQueueChildren 3774 defined. Controls the maximum number 3775 of queue runners (aka queue children) 3776 active at the same time in a work 3777 group. See also MaxQueueChildren. 3778confDONT_EXPAND_CNAMES DontExpandCnames 3779 [False] If set, $[ ... $] lookups that 3780 do DNS based lookups do not expand 3781 CNAME records. This currently violates 3782 the published standards, but the IETF 3783 seems to be moving toward legalizing 3784 this. For example, if "FTP.Foo.ORG" 3785 is a CNAME for "Cruft.Foo.ORG", then 3786 with this option set a lookup of 3787 "FTP" will return "FTP.Foo.ORG"; if 3788 clear it returns "Cruft.FOO.ORG". N.B. 3789 you may not see any effect until your 3790 downstream neighbors stop doing CNAME 3791 lookups as well. 3792confFROM_LINE UnixFromLine [From $g $d] The From_ line used 3793 when sending to files or programs. 3794confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 3795 [False] From: lines that have 3796 embedded newlines are unwrapped 3797 onto one line. 3798confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 3799 does not include a host name. 3800confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 3801 name phrase (@,;:\()[] are automatic). 3802confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 3803 characters. 3804confSMTP_LOGIN_MSG SmtpGreetingMessage 3805 [$j Sendmail $v/$Z; $b] 3806 The initial (spontaneous) SMTP 3807 greeting message. The word "ESMTP" 3808 will be inserted between the first and 3809 second words to convince other 3810 sendmails to try to speak ESMTP. 3811confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 3812 routine will never be invoked. You 3813 might want to do this if you are 3814 running NIS and you have a large group 3815 map, since this call does a sequential 3816 scan of the map; in a large site this 3817 can cause your ypserv to run 3818 essentially full time. If you set 3819 this, agents run on behalf of users 3820 will only have their primary 3821 (/etc/passwd) group permissions. 3822confUNSAFE_GROUP_WRITES UnsafeGroupWrites 3823 [False] If set, group-writable 3824 :include: and .forward files are 3825 considered "unsafe", that is, programs 3826 and files cannot be directly referenced 3827 from such files. World-writable files 3828 are always considered unsafe. 3829confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection 3830 address (for testing). 3831confCONTROL_SOCKET_NAME ControlSocketName 3832 [undefined] Control socket for daemon 3833 management. 3834confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 3835 [postmaster] If an error occurs when 3836 sending an error message, send that 3837 "double bounce" error message to this 3838 address. If it expands to an empty 3839 string, double bounces are dropped. 3840confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce 3841 messages which could not be returned 3842 to the user or sent to postmaster. 3843 If not set, the queue file will 3844 be renamed. 3845confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header 3846 implies DSN request. 3847confRUN_AS_USER RunAsUser [undefined] If set, become this user 3848 when reading and delivering mail. 3849 Causes all file reads (e.g., .forward 3850 and :include: files) to be done as 3851 this user. Also, all programs will 3852 be run as this user, and all output 3853 files will be written as this user. 3854confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 3855 [infinite] If set, allow no more than 3856 the specified number of recipients in 3857 an SMTP envelope. Further recipients 3858 receive a 452 error code (i.e., they 3859 are deferred for the next delivery 3860 attempt). 3861confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified 3862 number of recipients in a single SMTP 3863 transaction have been rejected, sleep 3864 for one second after each subsequent 3865 RCPT command in that transaction. 3866confDONT_PROBE_INTERFACES DontProbeInterfaces 3867 [False] If set, sendmail will _not_ 3868 insert the names and addresses of any 3869 local interfaces into class {w} 3870 (list of known "equivalent" addresses). 3871 If you set this, you must also include 3872 some support for these addresses (e.g., 3873 in a mailertable entry) -- otherwise, 3874 mail to addresses in this list will 3875 bounce with a configuration error. 3876 If set to "loopback" (without 3877 quotes), sendmail will skip 3878 loopback interfaces (e.g., "lo0"). 3879confPID_FILE PidFile [system dependent] Location of pid 3880 file. 3881confPROCESS_TITLE_PREFIX ProcessTitlePrefix 3882 [undefined] Prefix string for the 3883 process title shown on 'ps' listings. 3884confDONT_BLAME_SENDMAIL DontBlameSendmail 3885 [safe] Override sendmail's file 3886 safety checks. This will definitely 3887 compromise system security and should 3888 not be used unless absolutely 3889 necessary. 3890confREJECT_MSG - [550 Access denied] The message 3891 given if the access database contains 3892 REJECT in the value portion. 3893confRELAY_MSG - [550 Relaying denied] The message 3894 given if an unauthorized relaying 3895 attempt is rejected. 3896confDF_BUFFER_SIZE DataFileBufferSize 3897 [4096] The maximum size of a 3898 memory-buffered data (df) file 3899 before a disk-based file is used. 3900confXF_BUFFER_SIZE XScriptFileBufferSize 3901 [4096] The maximum size of a 3902 memory-buffered transcript (xf) 3903 file before a disk-based file is 3904 used. 3905confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5 3906 CRAM-MD5] List of authentication 3907 mechanisms for AUTH (separated by 3908 spaces). The advertised list of 3909 authentication mechanisms will be the 3910 intersection of this list and the list 3911 of available mechanisms as determined 3912 by the CYRUS SASL library. 3913confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains 3914 authentication information for 3915 outgoing connections. This file must 3916 contain the user id, the authorization 3917 id, the password (plain text), the 3918 realm to use, and the list of 3919 mechanisms to try, each on a separate 3920 line and must be readable by root (or 3921 the trusted user) only. If no realm 3922 is specified, $j is used. If no 3923 mechanisms are given in the file, 3924 AuthMechanisms is used. Notice: this 3925 option is deprecated and will be 3926 removed in future versions; it doesn't 3927 work for the MSP since it can't read 3928 the file. Use the authinfo ruleset 3929 instead. See also the section SMTP 3930 AUTHENTICATION. 3931confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A' 3932 then the AUTH= parameter for the 3933 MAIL FROM command is only issued 3934 when authentication succeeded. 3935 Other values (which should be listed 3936 one after the other without any 3937 intervening characters except for 3938 space or comma) are a, c, d, f, p, 3939 and y. See doc/op/op.me for 3940 details. 3941confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption 3942 strength for the security layer in 3943 SMTP AUTH (SASL). Default is 3944 essentially unlimited. 3945confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 3946 verification is performed, i.e., 3947 the server doesn't ask for a 3948 certificate. 3949confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map 3950 specification for LDAP maps. The 3951 value should only contain LDAP 3952 specific settings such as "-h host 3953 -p port -d bindDN", etc. The 3954 settings will be used for all LDAP 3955 maps unless they are specified in 3956 the individual map specification 3957 ('K' command). 3958confCACERT_PATH CACertPath [undefined] Path to directory 3959 with certs of CAs. 3960confCACERT CACertFile [undefined] File containing one CA 3961 cert. 3962confSERVER_CERT ServerCertFile [undefined] File containing the 3963 cert of the server, i.e., this cert 3964 is used when sendmail acts as 3965 server. 3966confSERVER_KEY ServerKeyFile [undefined] File containing the 3967 private key belonging to the server 3968 cert. 3969confCLIENT_CERT ClientCertFile [undefined] File containing the 3970 cert of the client, i.e., this cert 3971 is used when sendmail acts as 3972 client. 3973confCLIENT_KEY ClientKeyFile [undefined] File containing the 3974 private key belonging to the client 3975 cert. 3976confDH_PARAMETERS DHParameters [undefined] File containing the 3977 DH parameters. 3978confRAND_FILE RandFile [undefined] File containing random 3979 data (use prefix file:) or the 3980 name of the UNIX socket if EGD is 3981 used (use prefix egd:). STARTTLS 3982 requires this option if the compile 3983 flag HASURANDOM is not set (see 3984 sendmail/README). 3985confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of 3986 queue runners is set the given value 3987 (nice(3)). 3988confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 3989 [undefined] Defines {daemon_flags} 3990 for direct submissions. 3991confUSE_MSP UseMSP [false] Use as mail submission 3992 program, see sendmail/SECURITY. 3993confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By 3994 SMTP Service Extension (RFC 2852). 3995confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory. 3996confFAST_SPLIT FastSplit [1] If set to a value greater than 3997 zero, the initial MX lookups on 3998 addresses is suppressed when they 3999 are sorted which may result in 4000 faster envelope splitting. If the 4001 mail is submitted directly from the 4002 command line, then the value also 4003 limits the number of processes to 4004 deliver the envelopes. 4005confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find 4006 information about local mailboxes. 4007confDEQUOTE_OPTS - [empty] Additional options for the 4008 dequote map. 4009confINPUT_MAIL_FILTERS InputMailFilters 4010 A comma separated list of filters 4011 which determines which filters and 4012 the invocation sequence are 4013 contacted for incoming SMTP 4014 messages. If none are set, no 4015 filters will be contacted. 4016confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter 4017 actions, defaults to LogLevel. 4018confMILTER_MACROS_CONNECT Milter.macros.connect 4019 [j, _, {daemon_name}, {if_name}, 4020 {if_addr}] Macros to transmit to 4021 milters when a session connection 4022 starts. 4023confMILTER_MACROS_HELO Milter.macros.helo 4024 [{tls_version}, {cipher}, 4025 {cipher_bits}, {cert_subject}, 4026 {cert_issuer}] Macros to transmit to 4027 milters after HELO/EHLO command. 4028confMILTER_MACROS_ENVFROM Milter.macros.envfrom 4029 [i, {auth_type}, {auth_authen}, 4030 {auth_ssf}, {auth_author}, 4031 {mail_mailer}, {mail_host}, 4032 {mail_addr}] Macros to transmit to 4033 milters after MAIL FROM command. 4034confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 4035 [{rcpt_mailer}, {rcpt_host}, 4036 {rcpt_addr}] Macros to transmit to 4037 milters after RCPT TO command. 4038 4039 4040See also the description of OSTYPE for some parameters that can be 4041tweaked (generally pathnames to mailers). 4042 4043ClientPortOptions and DaemonPortOptions are special cases since multiple 4044clients/daemons can be defined. This can be done via 4045 4046 CLIENT_OPTIONS(`field1=value1,field2=value2,...') 4047 DAEMON_OPTIONS(`field1=value1,field2=value2,...') 4048 4049Note that multiple CLIENT_OPTIONS() commands (and therefore multiple 4050ClientPortOptions settings) are allowed in order to give settings for each 4051protocol family (e.g., one for Family=inet and one for Family=inet6). A 4052restriction placed on one family only affects outgoing connections on that 4053particular family. 4054 4055If DAEMON_OPTIONS is not used, then the default is 4056 4057 DAEMON_OPTIONS(`Port=smtp, Name=MTA') 4058 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') 4059 4060If you use one DAEMON_OPTIONS macro, it will alter the parameters 4061of the first of these. The second will still be defaulted; it 4062represents a "Message Submission Agent" (MSA) as defined by RFC 40632476 (see below). To turn off the default definition for the MSA, 4064use FEATURE(`no_default_msa') (see also FEATURES). If you use 4065additional DAEMON_OPTIONS macros, they will add additional daemons. 4066 4067Example 1: To change the port for the SMTP listener, while 4068still using the MSA default, use 4069 DAEMON_OPTIONS(`Port=925, Name=MTA') 4070 4071Example 2: To change the port for the MSA daemon, while still 4072using the default SMTP port, use 4073 FEATURE(`no_default_msa') 4074 DAEMON_OPTIONS(`Name=MTA') 4075 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') 4076 4077Note that if the first of those DAEMON_OPTIONS lines were omitted, then 4078there would be no listener on the standard SMTP port. 4079 4080Example 3: To listen on both IPv4 and IPv6 interfaces, use 4081 4082 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') 4083 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') 4084 4085A "Message Submission Agent" still uses all of the same rulesets for 4086processing the message (and therefore still allows message rejection via 4087the check_* rulesets). In accordance with the RFC, the MSA will ensure 4088that all domains in envelope addresses are fully qualified if the message 4089is relayed to another MTA. It will also enforce the normal address syntax 4090rules and log error messages. Additionally, by using the M=a modifier you 4091can require authentication before messages are accepted by the MSA. 4092Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally, 4093the M=E modifier shown above disables ETRN as required by RFC 2476. 4094 4095Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() 4096commands: 4097 4098 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') 4099 MAIL_FILTER(`myfilter', `S=inet:3333@localhost') 4100 4101The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the 4102same order they were specified by also setting confINPUT_MAIL_FILTERS. A 4103filter can be defined without adding it to the input filter list by using 4104MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. 4105Alternatively, you can reset the list of filters and their order by setting 4106confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in 4107your .mc file. 4108 4109 4110+----------------------------+ 4111| MESSAGE SUBMISSION PROGRAM | 4112+----------------------------+ 4113 4114The purpose of the message submission program (MSP) is explained 4115in sendmail/SECURITY. This section contains a list of caveats and 4116a few hints how for those who want to tweak the default configuration 4117for it (which is installed as submit.cf). 4118 4119Notice: do not add options/features to submit.mc unless you are 4120absolutely sure you need them. Options you may want to change 4121include: 4122 4123- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for 4124 avoiding X-Authentication warnings. 4125- confTIME_ZONE to change it from the default `USE_TZ'. 4126- confDELIVERY_MODE is set to interactive in msp.m4 instead 4127 of the default background mode. 4128- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses 4129 to the LOCAL_RELAY instead of the default relay. 4130- confRAND_FILE if you use STARTTLS and sendmail is not compiled with 4131 the flag HASURANDOM. 4132 4133The MSP performs hostname canonicalization by default. As also 4134explained in sendmail/SECURITY, mail may end up for various DNS 4135related reasons in the MSP queue. This problem can be minimized by 4136using 4137 4138 FEATURE(`nocanonify', `canonify_hosts') 4139 define(`confDIRECT_SUBMISSION_MODIFIERS', `C') 4140 4141See the discussion about nocanonify for possible side effects. 4142 4143Some things are not intended to work with the MSP. These include 4144features that influence the delivery process (e.g., mailertable, 4145aliases), or those that are only important for a SMTP server (e.g., 4146virtusertable, DaemonPortOptions, multiple queues). Moreover, 4147relaxing certain restrictions (RestrictQueueRun, permissions on 4148queue directory) or adding features (e.g., enabling prog/file mailer) 4149can cause security problems. 4150 4151Other things don't work well with the MSP and require tweaking or 4152workarounds. For example, to allow for client authentication it 4153is not just sufficient to provide a client certificate and the 4154corresponding key, but it is also necessary to make the key group 4155(smmsp) readable and tell sendmail not to complain about that, i.e., 4156 4157 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile') 4158 4159If the MSP should actually use AUTH then the necessary data 4160should be placed in a map as explained in SMTP AUTHENTICATION: 4161 4162FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo') 4163 4164/etc/mail/msp-authinfo should contain an entry like: 4165 4166 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5" 4167 4168The file and the map created by makemap should be owned by smmsp, 4169its group should be smmsp, and it should have mode 640. The database 4170used by the MTA for AUTH must have a corresponding entry. 4171Additionally the MTA must trust this authentication data so the AUTH= 4172part will be relayed on to the next hop. This can be achieved by 4173adding the following to your sendmail.mc file: 4174 4175 LOCAL_RULESETS 4176 SLocal_trust_auth 4177 R$* $: $&{auth_authen} 4178 Rsmmsp $# OK 4179 4180feature/msp.m4 defines almost all settings for the MSP. Most of 4181those should not be changed at all. Some of the features and options 4182can be overridden if really necessary. It is a bit tricky to do 4183this, because it depends on the actual way the option is defined 4184in feature/msp.m4. If it is directly defined (i.e., define()) then 4185the modified value must be defined after 4186 4187 FEATURE(`msp') 4188 4189If it is conditionally defined (i.e., ifdef()) then the desired 4190value must be defined before the FEATURE line in the .mc file. 4191To see how the options are defined read feature/msp.m4. 4192 4193 4194+--------------------------+ 4195| FORMAT OF FILES AND MAPS | 4196+--------------------------+ 4197 4198Files that define classes, i.e., F{classname}, consist of lines 4199each of which contains a single element of the class. For example, 4200/etc/mail/local-host-names may have the following content: 4201 4202my.domain 4203another.domain 4204 4205Maps must be created using makemap(8) , e.g., 4206 4207 makemap hash MAP < MAP 4208 4209In general, a text file from which a map is created contains lines 4210of the form 4211 4212key value 4213 4214where 'key' and 'value' are also called LHS and RHS, respectively. 4215By default, the delimiter between LHS and RHS is a non-empty sequence 4216of white space characters. 4217 4218 4219+------------------+ 4220| DIRECTORY LAYOUT | 4221+------------------+ 4222 4223Within this directory are several subdirectories, to wit: 4224 4225m4 General support routines. These are typically 4226 very important and should not be changed without 4227 very careful consideration. 4228 4229cf The configuration files themselves. They have 4230 ".mc" suffixes, and must be run through m4 to 4231 become complete. The resulting output should 4232 have a ".cf" suffix. 4233 4234ostype Definitions describing a particular operating 4235 system type. These should always be referenced 4236 using the OSTYPE macro in the .mc file. Examples 4237 include "bsd4.3", "bsd4.4", "sunos3.5", and 4238 "sunos4.1". 4239 4240domain Definitions describing a particular domain, referenced 4241 using the DOMAIN macro in the .mc file. These are 4242 site dependent; for example, "CS.Berkeley.EDU.m4" 4243 describes hosts in the CS.Berkeley.EDU subdomain. 4244 4245mailer Descriptions of mailers. These are referenced using 4246 the MAILER macro in the .mc file. 4247 4248sh Shell files used when building the .cf file from the 4249 .mc file in the cf subdirectory. 4250 4251feature These hold special orthogonal features that you might 4252 want to include. They should be referenced using 4253 the FEATURE macro. 4254 4255hack Local hacks. These can be referenced using the HACK 4256 macro. They shouldn't be of more than voyeuristic 4257 interest outside the .Berkeley.EDU domain, but who knows? 4258 4259siteconfig Site configuration -- e.g., tables of locally connected 4260 UUCP sites. 4261 4262 4263+------------------------+ 4264| ADMINISTRATIVE DETAILS | 4265+------------------------+ 4266 4267The following sections detail usage of certain internal parts of the 4268sendmail.cf file. Read them carefully if you are trying to modify 4269the current model. If you find the above descriptions adequate, these 4270should be {boring, confusing, tedious, ridiculous} (pick one or more). 4271 4272RULESETS (* means built in to sendmail) 4273 4274 0 * Parsing 4275 1 * Sender rewriting 4276 2 * Recipient rewriting 4277 3 * Canonicalization 4278 4 * Post cleanup 4279 5 * Local address rewrite (after aliasing) 4280 1x mailer rules (sender qualification) 4281 2x mailer rules (recipient qualification) 4282 3x mailer rules (sender header qualification) 4283 4x mailer rules (recipient header qualification) 4284 5x mailer subroutines (general) 4285 6x mailer subroutines (general) 4286 7x mailer subroutines (general) 4287 8x reserved 4288 90 Mailertable host stripping 4289 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 4290 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 4291 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 4292 4293 4294MAILERS 4295 4296 0 local, prog local and program mailers 4297 1 [e]smtp, relay SMTP channel 4298 2 uucp-* UNIX-to-UNIX Copy Program 4299 3 netnews Network News delivery 4300 4 fax Sam Leffler's HylaFAX software 4301 5 mail11 DECnet mailer 4302 4303 4304MACROS 4305 4306 A 4307 B Bitnet Relay 4308 C DECnet Relay 4309 D The local domain -- usually not needed 4310 E reserved for X.400 Relay 4311 F FAX Relay 4312 G 4313 H mail Hub (for mail clusters) 4314 I 4315 J 4316 K 4317 L Luser Relay 4318 M Masquerade (who you claim to be) 4319 N 4320 O 4321 P 4322 Q 4323 R Relay (for unqualified names) 4324 S Smart Host 4325 T 4326 U my UUCP name (if you have a UUCP connection) 4327 V UUCP Relay (class {V} hosts) 4328 W UUCP Relay (class {W} hosts) 4329 X UUCP Relay (class {X} hosts) 4330 Y UUCP Relay (all other hosts) 4331 Z Version number 4332 4333 4334CLASSES 4335 4336 A 4337 B domains that are candidates for bestmx lookup 4338 C 4339 D 4340 E addresses that should not seem to come from $M 4341 F hosts this system forward for 4342 G domains that should be looked up in genericstable 4343 H 4344 I 4345 J 4346 K 4347 L addresses that should not be forwarded to $R 4348 M domains that should be mapped to $M 4349 N host/domains that should not be mapped to $M 4350 O operators that indicate network operations (cannot be in local names) 4351 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 4352 Q 4353 R domains this system is willing to relay (pass anti-spam filters) 4354 S 4355 T 4356 U locally connected UUCP hosts 4357 V UUCP hosts connected to relay $V 4358 W UUCP hosts connected to relay $W 4359 X UUCP hosts connected to relay $X 4360 Y locally connected smart UUCP hosts 4361 Z locally connected domain-ized UUCP hosts 4362 . the class containing only a dot 4363 [ the class containing only a left bracket 4364 4365 4366M4 DIVERSIONS 4367 4368 1 Local host detection and resolution 4369 2 Local Ruleset 3 additions 4370 3 Local Ruleset 0 additions 4371 4 UUCP Ruleset 0 additions 4372 5 locally interpreted names (overrides $R) 4373 6 local configuration (at top of file) 4374 7 mailer definitions 4375 8 DNS based blacklists 4376 9 special local rulesets (1 and 2) 4377 4378$Revision: 8.623.2.27 $, Last updated $Date: 2004/01/11 17:58:25 $ 4379