README revision 132943
1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide (doc/op/op.me). 8 9To get started, you may want to look at tcpproto.mc (for TCP-only 10sites) and clientproto.mc (for clusters of clients using a single 11mail host), or the generic-*.mc files as operating system-specific 12examples. 13 14Table of Content: 15 16INTRODUCTION AND EXAMPLE 17A BRIEF INTRODUCTION TO M4 18FILE LOCATIONS 19OSTYPE 20DOMAINS 21MAILERS 22FEATURES 23HACKS 24SITE CONFIGURATION 25USING UUCP MAILERS 26TWEAKING RULESETS 27MASQUERADING AND RELAYING 28USING LDAP FOR ALIASES, MAPS, AND CLASSES 29LDAP ROUTING 30ANTI-SPAM CONFIGURATION CONTROL 31CONNECTION CONTROL 32STARTTLS 33SMTP AUTHENTICATION 34ADDING NEW MAILERS OR RULESETS 35ADDING NEW MAIL FILTERS 36QUEUE GROUP DEFINITIONS 37NON-SMTP BASED CONFIGURATIONS 38WHO AM I? 39ACCEPTING MAIL FOR MULTIPLE NAMES 40USING MAILERTABLES 41USING USERDB TO MAP FULL NAMES 42MISCELLANEOUS SPECIAL FEATURES 43SECURITY NOTES 44TWEAKING CONFIGURATION OPTIONS 45MESSAGE SUBMISSION PROGRAM 46FORMAT OF FILES AND MAPS 47DIRECTORY LAYOUT 48ADMINISTRATIVE DETAILS 49 50 51+--------------------------+ 52| INTRODUCTION AND EXAMPLE | 53+--------------------------+ 54 55Configuration files are contained in the subdirectory "cf", with a 56suffix ".mc". They must be run through "m4" to produce a ".cf" file. 57You must pre-load "cf.m4": 58 59 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 60 61Alternatively, you can simply: 62 63 cd ${CFDIR}/cf 64 ./Build config.cf 65 66where ${CFDIR} is the root of the cf directory and config.mc is the 67name of your configuration file. If you are running a version of M4 68that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 69this, but the versions distributed with 4.4BSD and derivatives do not) 70or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 71For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 72use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 73 74 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 75 76Let's examine a typical .mc file: 77 78 divert(-1) 79 # 80 # Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. 81 # All rights reserved. 82 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 83 # Copyright (c) 1988, 1993 84 # The Regents of the University of California. All rights reserved. 85 # 86 # By using this file, you agree to the terms and conditions set 87 # forth in the LICENSE file which can be found at the top level of 88 # the sendmail distribution. 89 # 90 91 # 92 # This is a Berkeley-specific configuration file for HP-UX 9.x. 93 # It applies only to the Computer Science Division at Berkeley, 94 # and should not be used elsewhere. It is provided on the sendmail 95 # distribution as a sample only. To create your own configuration 96 # file, create an appropriate domain file in ../domain, change the 97 # `DOMAIN' macro below to reference that file, and copy the result 98 # to a name of your own choosing. 99 # 100 divert(0) 101 102The divert(-1) will delete the crud in the resulting output file. 103The copyright notice can be replaced by whatever your lawyers require; 104our lawyers require the one that is included in these files. A copyleft 105is a copyright by another name. The divert(0) restores regular output. 106 107 VERSIONID(`<SCCS or RCS version id>') 108 109VERSIONID is a macro that stuffs the version information into the 110resulting file. You could use SCCS, RCS, CVS, something else, or 111omit it completely. This is not the same as the version id included 112in SMTP greeting messages -- this is defined in m4/version.m4. 113 114 OSTYPE(`hpux9')dnl 115 116You must specify an OSTYPE to properly configure things such as the 117pathname of the help and status files, the flags needed for the local 118mailer, and other important things. If you omit it, you will get an 119error when you try to build the configuration. Look at the ostype 120directory for the list of known operating system types. 121 122 DOMAIN(`CS.Berkeley.EDU')dnl 123 124This example is specific to the Computer Science Division at Berkeley. 125You can use "DOMAIN(`generic')" to get a sufficiently bland definition 126that may well work for you, or you can create a customized domain 127definition appropriate for your environment. 128 129 MAILER(`local') 130 MAILER(`smtp') 131 132These describe the mailers used at the default CS site. The local 133mailer is always included automatically. Beware: MAILER declarations 134should only be followed by LOCAL_* sections. The general rules are 135that the order should be: 136 137 VERSIONID 138 OSTYPE 139 DOMAIN 140 FEATURE 141 local macro definitions 142 MAILER 143 LOCAL_CONFIG 144 LOCAL_RULE_* 145 LOCAL_RULESETS 146 147There are a few exceptions to this rule. Local macro definitions which 148influence a FEATURE() should be done before that feature. For example, 149a define(`PROCMAIL_MAILER_PATH', ...) should be done before 150FEATURE(`local_procmail'). 151 152******************************************************************* 153*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 154*** Berkeley-specific assumptions built in, such as the name *** 155*** of their UUCP-relay. You'll want to create your own *** 156*** domain description, and use that in place of *** 157*** domain/Berkeley.EDU.m4. *** 158******************************************************************* 159 160 161+----------------------------+ 162| A BRIEF INTRODUCTION TO M4 | 163+----------------------------+ 164 165Sendmail uses the M4 macro processor to ``compile'' the configuration 166files. The most important thing to know is that M4 is stream-based, 167that is, it doesn't understand about lines. For this reason, in some 168places you may see the word ``dnl'', which stands for ``delete 169through newline''; essentially, it deletes all characters starting 170at the ``dnl'' up to and including the next newline character. In 171most cases sendmail uses this only to avoid lots of unnecessary 172blank lines in the output. 173 174Other important directives are define(A, B) which defines the macro 175``A'' to have value ``B''. Macros are expanded as they are read, so 176one normally quotes both values to prevent expansion. For example, 177 178 define(`SMART_HOST', `smart.foo.com') 179 180One word of warning: M4 macros are expanded even in lines that appear 181to be comments. For example, if you have 182 183 # See FEATURE(`foo') above 184 185it will not do what you expect, because the FEATURE(`foo') will be 186expanded. This also applies to 187 188 # And then define the $X macro to be the return address 189 190because ``define'' is an M4 keyword. If you want to use them, surround 191them with directed quotes, `like this'. 192 193Since m4 uses single quotes (opening "`" and closing "'") to quote 194arguments, those quotes can't be used in arguments. For example, 195it is not possible to define a rejection message containing a single 196quote. Usually there are simple workarounds by changing those 197messages; in the worst case it might be ok to change the value 198directly in the generated .cf file, which however is not advised. 199 200 201Notice: 202------- 203 204This package requires a post-V7 version of m4; if you are running the 2054.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or 206BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works. 207Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a 208Net/2 or GNU version. GNU m4 is available from 209ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version). 210EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU 211m4 on this platform. 212 213 214+----------------+ 215| FILE LOCATIONS | 216+----------------+ 217 218sendmail 8.9 has introduced a new configuration directory for sendmail 219related files, /etc/mail. The new files available for sendmail 8.9 -- 220the class {R} /etc/mail/relay-domains and the access database 221/etc/mail/access -- take advantage of this new directory. Beginning with 2228.10, all files will use this directory by default (some options may be 223set by OSTYPE() files). This new directory should help to restore 224uniformity to sendmail's file locations. 225 226Below is a table of some of the common changes: 227 228Old filename New filename 229------------ ------------ 230/etc/bitdomain /etc/mail/bitdomain 231/etc/domaintable /etc/mail/domaintable 232/etc/genericstable /etc/mail/genericstable 233/etc/uudomain /etc/mail/uudomain 234/etc/virtusertable /etc/mail/virtusertable 235/etc/userdb /etc/mail/userdb 236 237/etc/aliases /etc/mail/aliases 238/etc/sendmail/aliases /etc/mail/aliases 239/etc/ucbmail/aliases /etc/mail/aliases 240/usr/adm/sendmail/aliases /etc/mail/aliases 241/usr/lib/aliases /etc/mail/aliases 242/usr/lib/mail/aliases /etc/mail/aliases 243/usr/ucblib/aliases /etc/mail/aliases 244 245/etc/sendmail.cw /etc/mail/local-host-names 246/etc/mail/sendmail.cw /etc/mail/local-host-names 247/etc/sendmail/sendmail.cw /etc/mail/local-host-names 248 249/etc/sendmail.ct /etc/mail/trusted-users 250 251/etc/sendmail.oE /etc/mail/error-header 252 253/etc/sendmail.hf /etc/mail/helpfile 254/etc/mail/sendmail.hf /etc/mail/helpfile 255/usr/ucblib/sendmail.hf /etc/mail/helpfile 256/etc/ucbmail/sendmail.hf /etc/mail/helpfile 257/usr/lib/sendmail.hf /etc/mail/helpfile 258/usr/share/lib/sendmail.hf /etc/mail/helpfile 259/usr/share/misc/sendmail.hf /etc/mail/helpfile 260/share/misc/sendmail.hf /etc/mail/helpfile 261 262/etc/service.switch /etc/mail/service.switch 263 264/etc/sendmail.st /etc/mail/statistics 265/etc/mail/sendmail.st /etc/mail/statistics 266/etc/mailer/sendmail.st /etc/mail/statistics 267/etc/sendmail/sendmail.st /etc/mail/statistics 268/usr/lib/sendmail.st /etc/mail/statistics 269/usr/ucblib/sendmail.st /etc/mail/statistics 270 271Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR 272to create the pathnames. The default value of this variable is 273`/etc/mail/'. If you set this macro to a different value, you MUST include 274a trailing slash. 275 276Notice: all filenames used in a .mc (or .cf) file should be absolute 277(starting at the root, i.e., with '/'). Relative filenames most 278likely cause surprises during operations (unless otherwise noted). 279 280 281+--------+ 282| OSTYPE | 283+--------+ 284 285You MUST define an operating system environment, or the configuration 286file build will puke. There are several environments available; look 287at the "ostype" directory for the current list. This macro changes 288things like the location of the alias file and queue directory. Some 289of these files are identical to one another. 290 291It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 292In general, the OSTYPE macro should go immediately after any version 293information, and MAILER definitions should always go last. 294 295Operating system definitions are usually easy to write. They may define 296the following variables (everything defaults, so an ostype file may be 297empty). Unfortunately, the list of configuration-supported systems is 298not as broad as the list of source-supported systems, since many of 299the source contributors do not include corresponding ostype files. 300 301ALIAS_FILE [/etc/mail/aliases] The location of the text version 302 of the alias file(s). It can be a comma-separated 303 list of names (but be sure you quote values with 304 commas in them -- for example, use 305 define(`ALIAS_FILE', `a,b') 306 to get "a" and "b" both listed as alias files; 307 otherwise the define() primitive only sees "a"). 308HELP_FILE [/etc/mail/helpfile] The name of the file 309 containing information printed in response to 310 the SMTP HELP command. 311QUEUE_DIR [/var/spool/mqueue] The directory containing 312 queue files. To use multiple queues, supply 313 a value ending with an asterisk. For 314 example, /var/spool/mqueue/qd* will use all of the 315 directories or symbolic links to directories 316 beginning with 'qd' in /var/spool/mqueue as queue 317 directories. The names 'qf', 'df', and 'xf' are 318 reserved as specific subdirectories for the 319 corresponding queue file types as explained in 320 doc/op/op.me. See also QUEUE GROUP DEFINITIONS. 321MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing 322 queue files for the MSP (Mail Submission Program, 323 see sendmail/SECURITY). 324STATUS_FILE [/etc/mail/statistics] The file containing status 325 information. 326LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 327LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The 328 flags lsDFMAw5:/|@q are always included. 329LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 330 mail. 331LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 332 mail that you are willing to accept. 333LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of 334 messages to deliver in a single connection. Only 335 useful for LMTP local mailers. 336LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 337 that ARRIVE from an address that resolves to the 338 local mailer and which are converted to MIME will be 339 labeled with this character set. 340LOCAL_MAILER_EOL [undefined] If defined, the string to use as the 341 end of line for the local mailer. 342LOCAL_MAILER_DSN_DIAGNOSTIC_CODE 343 [X-Unix] The DSN Diagnostic-Code value for the 344 local mailer. This should be changed with care. 345LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 346LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 347 flags lsDFM are always included. 348LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 349 mail. 350LOCAL_SHELL_DIR [$z:/] The directory search path in which the 351 shell should run. 352LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer. 353USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 354 used to submit news. 355USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer. 356USENET_MAILER_ARGS [-m -h -n] The command line arguments for the 357 usenet mailer. NOTE: Some versions of inews 358 (such as those shipped with newer versions of INN) 359 use different flags. Double check the defaults 360 against the inews man page. 361USENET_MAILER_MAX [undefined] The maximum size of messages that will 362 be accepted by the usenet mailer. 363USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer. 364SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 365 flags are `mDFMuX' for all SMTP-based mailers; the 366 "esmtp" mailer adds `a'; "smtp8" adds `8'; and 367 "dsmtp" adds `%'. 368RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default 369 flags are `mDFMuX' for all SMTP-based mailers; the 370 relay mailer adds `a8'. If this is not defined, 371 then SMTP_MAILER_FLAGS is used. 372SMTP_MAILER_MAX [undefined] The maximum size of messages that will 373 be transported using the smtp, smtp8, esmtp, or dsmtp 374 mailers. 375SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of 376 messages to deliver in a single connection for the 377 smtp, smtp8, esmtp, or dsmtp mailers. 378SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 379 recipients to deliver in a single connection for the 380 smtp, smtp8, esmtp, or dsmtp mailers. 381SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. 382 About the only reason you would want to change this 383 would be to change the default port. 384ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. 385SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. 386DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. 387RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. 388SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer. 389ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer. 390SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer. 391DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer. 392RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer. 393RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of 394 messages to deliver in a single connection for the 395 relay mailer. 396SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 397 that ARRIVE from an address that resolves to one of 398 the SMTP mailers and which are converted to MIME will 399 be labeled with this character set. 400UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 401UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 402 flags are `DFMhuU' (and `m' for uucp-new mailer, 403 minus `U' for uucp-dom mailer). 404UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 405 passed to the UUCP mailer. 406UUCP_MAILER_MAX [100000] The maximum size message accepted for 407 transmission by the UUCP mailers. 408UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 409 that ARRIVE from an address that resolves to one of 410 the UUCP mailers and which are converted to MIME will 411 be labeled with this character set. 412UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers. 413FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 414 submit FAX messages. 415FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 416 mailer. 417FAX_MAILER_MAX [100000] The maximum size message accepted for 418 transmission by FAX. 419POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 420POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq 421 are always added. 422POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 423POP_MAILER_QGRP [undefined] The queue group for the pop mailer. 424PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 425 program. This is also used by 426 FEATURE(`local_procmail'). 427PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 428 DFM are always set. This is NOT used by 429 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 430 instead. 431PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 432 the Procmail mailer. This is NOT used by 433 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 434 instead. 435PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 436 will be accepted by the procmail mailer. 437PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer. 438MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 439MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 440MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 441 mailer. 442MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer. 443PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 444 program. 445PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM 446 are always set. 447PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 448PH_MAILER_QGRP [undefined] The queue group for the ph mailer. 449CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The 450 flags lsDFMnPq are always included. 451CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 452 cyrus mail. 453CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 454 to deliver cyrus mail. 455CYRUS_MAILER_MAX [undefined] If set, the maximum size message that 456 will be accepted by the cyrus mailer. 457CYRUS_MAILER_USER [cyrus:mail] The user and group to become when 458 running the cyrus mailer. 459CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer. 460CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. 461 The flags lsDFMnP are always included. 462CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 463 to deliver cyrusbb mail. 464CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The 465 flags lsDFMnqXz are always included. 466CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of 467 messages to deliver in a single connection for the 468 cyrusv2 mailer. 469CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 470 recipients to deliver in a single connection for the 471 cyrusv2 mailer. 472CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed 473 to the cyrusv2 mailer. This can be used to 474 change the name of the Unix domain socket, or 475 to switch to delivery via TCP (e.g., `TCP $h lmtp') 476CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer. 477CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 478 that ARRIVE from an address that resolves to one the 479 Cyrus mailer and which are converted to MIME will 480 be labeled with this character set. 481confEBINDIR [/usr/libexec] The directory for executables. 482 Currently used for FEATURE(`local_lmtp') and 483 FEATURE(`smrsh'). 484QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer. 485QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver 486 qpage mail. 487QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed 488 to deliver qpage mail. 489QPAGE_MAILER_MAX [4096] If set, the maximum size message that 490 will be accepted by the qpage mailer. 491QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer. 492LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer. 493 494Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: 495MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of 496the macro Name_MAILER_FLAGS and change can be: flags that should 497be used directly (thus overriding the default value), or if it 498starts with `+' (`-') then those flags are added to (removed from) 499the default value. Example: 500 501 MODIFY_MAILER_FLAGS(`LOCAL', `+e') 502 503will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are 504several smtp mailers all of which are manipulated individually. 505See the section MAILERS for the available mailer names. 506WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS 507unconditionally, i.e., without respecting any definitions in an 508OSTYPE setting. 509 510 511+---------+ 512| DOMAINS | 513+---------+ 514 515You will probably want to collect domain-dependent defines into one 516file, referenced by the DOMAIN macro. For example, the Berkeley 517domain file includes definitions for several internal distinguished 518hosts: 519 520UUCP_RELAY The host that will accept UUCP-addressed email. 521 If not defined, all UUCP sites must be directly 522 connected. 523BITNET_RELAY The host that will accept BITNET-addressed email. 524 If not defined, the .BITNET pseudo-domain won't work. 525DECNET_RELAY The host that will accept DECNET-addressed email. 526 If not defined, the .DECNET pseudo-domain and addresses 527 of the form node::user will not work. 528FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 529 The "fax" mailer overrides this value. 530LOCAL_RELAY The site that will handle unqualified names -- that 531 is, names without an @domain extension. 532 Normally MAIL_HUB is preferred for this function. 533 LOCAL_RELAY is mostly useful in conjunction with 534 FEATURE(`stickyhost') -- see the discussion of 535 stickyhost below. If not set, they are assumed to 536 belong on this machine. This allows you to have a 537 central site to store a company- or department-wide 538 alias database. This only works at small sites, 539 and only with some user agents. 540LUSER_RELAY The site that will handle lusers -- that is, apparently 541 local names that aren't local accounts or aliases. To 542 specify a local user instead of a site, set this to 543 ``local:username''. 544 545Any of these can be either ``mailer:hostname'' (in which case the 546mailer is the internal mailer name, such as ``uucp-new'' and the hostname 547is the name of the host as appropriate for that mailer) or just a 548``hostname'', in which case a default mailer type (usually ``relay'', 549a variant on SMTP) is used. WARNING: if you have a wildcard MX 550record matching your domain, you probably want to define these to 551have a trailing dot so that you won't get the mail diverted back 552to yourself. 553 554The domain file can also be used to define a domain name, if needed 555(using "DD<domain>") and set certain site-wide features. If all hosts 556at your site masquerade behind one email name, you could also use 557MASQUERADE_AS here. 558 559You do not have to define a domain -- in particular, if you are a 560single machine sitting off somewhere, it is probably more work than 561it's worth. This is just a mechanism for combining "domain dependent 562knowledge" into one place. 563 564 565+---------+ 566| MAILERS | 567+---------+ 568 569There are fewer mailers supported in this version than the previous 570version, owing mostly to a simpler world. As a general rule, put the 571MAILER definitions last in your .mc file. 572 573local The local and prog mailers. You will almost always 574 need these; the only exception is if you relay ALL 575 your mail to another site. This mailer is included 576 automatically. 577 578smtp The Simple Mail Transport Protocol mailer. This does 579 not hide hosts behind a gateway or another other 580 such hack; it assumes a world where everyone is 581 running the name server. This file actually defines 582 five mailers: "smtp" for regular (old-style) SMTP to 583 other servers, "esmtp" for extended SMTP to other 584 servers, "smtp8" to do SMTP to other servers without 585 converting 8-bit data to MIME (essentially, this is 586 your statement that you know the other end is 8-bit 587 clean even if it doesn't say so), "dsmtp" to do on 588 demand delivery, and "relay" for transmission to the 589 RELAY_HOST, LUSER_RELAY, or MAIL_HUB. 590 591uucp The UNIX-to-UNIX Copy Program mailer. Actually, this 592 defines two mailers, "uucp-old" (a.k.a. "uucp") and 593 "uucp-new" (a.k.a. "suucp"). The latter is for when you 594 know that the UUCP mailer at the other end can handle 595 multiple recipients in one transfer. If the smtp mailer 596 is included in your configuration, two other mailers 597 ("uucp-dom" and "uucp-uudom") are also defined [warning: you 598 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you 599 include the uucp mailer, sendmail looks for all names in 600 class {U} and sends them to the uucp-old mailer; all 601 names in class {Y} are sent to uucp-new; and all 602 names in class {Z} are sent to uucp-uudom. Note that 603 this is a function of what version of rmail runs on 604 the receiving end, and hence may be out of your control. 605 See the section below describing UUCP mailers in more 606 detail. 607 608usenet Usenet (network news) delivery. If this is specified, 609 an extra rule is added to ruleset 0 that forwards all 610 local email for users named ``group.usenet'' to the 611 ``inews'' program. Note that this works for all groups, 612 and may be considered a security problem. 613 614fax Facsimile transmission. This is experimental and based 615 on Sam Leffler's HylaFAX software. For more information, 616 see http://www.hylafax.org/. 617 618pop Post Office Protocol. 619 620procmail An interface to procmail (does not come with sendmail). 621 This is designed to be used in mailertables. For example, 622 a common question is "how do I forward all mail for a given 623 domain to a single person?". If you have this mailer 624 defined, you could set up a mailertable reading: 625 626 host.com procmail:/etc/procmailrcs/host.com 627 628 with the file /etc/procmailrcs/host.com reading: 629 630 :0 # forward mail for host.com 631 ! -oi -f $1 person@other.host 632 633 This would arrange for (anything)@host.com to be sent 634 to person@other.host. In a procmail script, $1 is the 635 name of the sender and $2 is the name of the recipient. 636 If you use this with FEATURE(`local_procmail'), the FEATURE 637 should be listed first. 638 639 Of course there are other ways to solve this particular 640 problem, e.g., a catch-all entry in a virtusertable. 641 642mail11 The DECnet mail11 mailer, useful only if you have the mail11 643 program from gatekeeper.dec.com:/pub/DEC/gwtools (and 644 DECnet, of course). This is for Phase IV DECnet support; 645 if you have Phase V at your site you may have additional 646 problems. 647 648phquery The phquery program. This is somewhat counterintuitively 649 referenced as the "ph" mailer internally. It can be used 650 to do CCSO name server lookups. The phquery program, which 651 this mailer uses, is distributed with the ph client. 652 653cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 654 a local cyrus user. this mailer can make use of the 655 "user+detail@local.host" syntax (see 656 FEATURE(`preserve_local_plus_detail')); it will deliver the 657 mail to the user's "detail" mailbox if the mailbox's ACL 658 permits. The cyrusbb mailer delivers to a system-wide 659 cyrus mailbox if the mailbox's ACL permits. The cyrus 660 mailer must be defined after the local mailer. 661 662cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to 663 local cyrus users via LMTP. This mailer can make use of the 664 "user+detail@local.host" syntax (see 665 FEATURE(`preserve_local_plus_detail')); it will deliver the 666 mail to the user's "detail" mailbox if the mailbox's ACL 667 permits. The cyrusv2 mailer must be defined after the 668 local mailer. 669 670qpage A mailer for QuickPage, a pager interface. See 671 http://www.qpage.org/ for further information. 672 673The local mailer accepts addresses of the form "user+detail", where 674the "+detail" is not used for mailbox matching but is available 675to certain local mail programs (in particular, see 676FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 677"eric+sww" all indicate the same user, but additional arguments <null>, 678"sendmail", and "sww" may be provided for use in sorting mail. 679 680 681+----------+ 682| FEATURES | 683+----------+ 684 685Special features can be requested using the "FEATURE" macro. For 686example, the .mc line: 687 688 FEATURE(`use_cw_file') 689 690tells sendmail that you want to have it read an /etc/mail/local-host-names 691file to get values for class {w}. A FEATURE may contain up to 9 692optional parameters -- for example: 693 694 FEATURE(`mailertable', `dbm /usr/lib/mailertable') 695 696The default database map type for the table features can be set with 697 698 define(`DATABASE_MAP_TYPE', `dbm') 699 700which would set it to use ndbm databases. The default is the Berkeley DB 701hash database format. Note that you must still declare a database map type 702if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 703if no argument is given for the FEATURE. It must be specified before any 704feature that uses a map. 705 706Also, features which can take a map definition as an argument can also take 707the special keyword `LDAP'. If that keyword is used, the map will use the 708LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND 709CLASSES'' section below. 710 711Available features are: 712 713use_cw_file Read the file /etc/mail/local-host-names file to get 714 alternate names for this host. This might be used if you 715 were on a host that MXed for a dynamic set of other hosts. 716 If the set is static, just including the line "Cw<name1> 717 <name2> ..." (where the names are fully qualified domain 718 names) is probably superior. The actual filename can be 719 overridden by redefining confCW_FILE. 720 721use_ct_file Read the file /etc/mail/trusted-users file to get the 722 names of users that will be ``trusted'', that is, able to 723 set their envelope from address using -f without generating 724 a warning message. The actual filename can be overridden 725 by redefining confCT_FILE. 726 727redirect Reject all mail addressed to "address.REDIRECT" with 728 a ``551 User has moved; please try <address>'' message. 729 If this is set, you can alias people who have left 730 to their new address with ".REDIRECT" appended. 731 732nouucp Don't route UUCP addresses. This feature takes one 733 parameter: 734 `reject': reject addresses which have "!" in the local 735 part unless it originates from a system 736 that is allowed to relay. 737 `nospecial': don't do anything special with "!". 738 Warnings: 1. See the notice in the anti-spam section. 739 2. don't remove "!" from OperatorChars if `reject' is 740 given as parameter. 741 742nocanonify Don't pass addresses to $[ ... $] for canonification 743 by default, i.e., host/domain names are considered canonical, 744 except for unqualified names, which must not be used in this 745 mode (violation of the standard). It can be changed by 746 setting the DaemonPortOptions modifiers (M=). That is, 747 FEATURE(`nocanonify') will be overridden by setting the 748 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, 749 it can be emulated by setting the 'C' flag 750 (DaemonPortOptions=Modifiers=C). This would generally only 751 be used by sites that only act as mail gateways or which have 752 user agents that do full canonification themselves. You may 753 also want to use 754 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off 755 the usual resolver options that do a similar thing. 756 757 An exception list for FEATURE(`nocanonify') can be 758 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 759 i.e., a list of domains which are nevertheless passed to 760 $[ ... $] for canonification. This is useful to turn on 761 canonification for local domains, e.g., use 762 CANONIFY_DOMAIN(`my.domain my') to canonify addresses 763 which end in "my.domain" or "my". 764 Another way to require canonification in the local 765 domain is CANONIFY_DOMAIN(`$=m'). 766 767 A trailing dot is added to addresses with more than 768 one component in it such that other features which 769 expect a trailing dot (e.g., virtusertable) will 770 still work. 771 772 If `canonify_hosts' is specified as parameter, i.e., 773 FEATURE(`nocanonify', `canonify_hosts'), then 774 addresses which have only a hostname, e.g., 775 <user@host>, will be canonified (and hopefully fully 776 qualified), too. 777 778stickyhost This feature is sometimes used with LOCAL_RELAY, 779 although it can be used for a different effect with 780 MAIL_HUB. 781 782 When used without MAIL_HUB, email sent to 783 "user@local.host" are marked as "sticky" -- that 784 is, the local addresses aren't matched against UDB, 785 don't go through ruleset 5, and are not forwarded to 786 the LOCAL_RELAY (if defined). 787 788 With MAIL_HUB, mail addressed to "user@local.host" 789 is forwarded to the mail hub, with the envelope 790 address still remaining "user@local.host". 791 Without stickyhost, the envelope would be changed 792 to "user@mail_hub", in order to protect against 793 mailing loops. 794 795mailertable Include a "mailer table" which can be used to override 796 routing for particular domains (which are not in class {w}, 797 i.e. local host names). The argument of the FEATURE may be 798 the key definition. If none is specified, the definition 799 used is: 800 801 hash /etc/mail/mailertable 802 803 Keys in this database are fully qualified domain names 804 or partial domains preceded by a dot -- for example, 805 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a 806 special case of the latter, "." matches any domain not 807 covered by other keys. Values must be of the form: 808 mailer:domain 809 where "mailer" is the internal mailer name, and "domain" 810 is where to send the message. These maps are not 811 reflected into the message header. As a special case, 812 the forms: 813 local:user 814 will forward to the indicated user using the local mailer, 815 local: 816 will forward to the original user in the e-mail address 817 using the local mailer, and 818 error:code message 819 error:D.S.N:code message 820 will give an error message with the indicated SMTP reply 821 code and message, where D.S.N is an RFC 1893 compliant 822 error code. 823 824domaintable Include a "domain table" which can be used to provide 825 domain name mapping. Use of this should really be 826 limited to your own domains. It may be useful if you 827 change names (e.g., your company changes names from 828 oldname.com to newname.com). The argument of the 829 FEATURE may be the key definition. If none is specified, 830 the definition used is: 831 832 hash /etc/mail/domaintable 833 834 The key in this table is the domain name; the value is 835 the new (fully qualified) domain. Anything in the 836 domaintable is reflected into headers; that is, this 837 is done in ruleset 3. 838 839bitdomain Look up bitnet hosts in a table to try to turn them into 840 internet addresses. The table can be built using the 841 bitdomain program contributed by John Gardiner Myers. 842 The argument of the FEATURE may be the key definition; if 843 none is specified, the definition used is: 844 845 hash /etc/mail/bitdomain 846 847 Keys are the bitnet hostname; values are the corresponding 848 internet hostname. 849 850uucpdomain Similar feature for UUCP hosts. The default map definition 851 is: 852 853 hash /etc/mail/uudomain 854 855 At the moment there is no automagic tool to build this 856 database. 857 858always_add_domain 859 Include the local host domain even on locally delivered 860 mail. Normally it is not added on unqualified names. 861 However, if you use a shared message store but do not use 862 the same user name space everywhere, you may need the host 863 name on local names. An optional argument specifies 864 another domain to be added than the local. 865 866allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 867 feature will cause recipient addresses to also masquerade 868 as being from the masquerade host. Normally they get 869 the local hostname. Although this may be right for 870 ordinary users, it can break local aliases. For example, 871 if you send to "localalias", the originating sendmail will 872 find that alias and send to all members, but send the 873 message with "To: localalias@masqueradehost". Since that 874 alias likely does not exist, replies will fail. Use this 875 feature ONLY if you can guarantee that the ENTIRE 876 namespace on your masquerade host supersets all the 877 local entries. 878 879limited_masquerade 880 Normally, any hosts listed in class {w} are masqueraded. If 881 this feature is given, only the hosts listed in class {M} (see 882 below: MASQUERADE_DOMAIN) are masqueraded. This is useful 883 if you have several domains with disjoint namespaces hosted 884 on the same machine. 885 886masquerade_entire_domain 887 If masquerading is enabled (using MASQUERADE_AS) and 888 MASQUERADE_DOMAIN (see below) is set, this feature will 889 cause addresses to be rewritten such that the masquerading 890 domains are actually entire domains to be hidden. All 891 hosts within the masquerading domains will be rewritten 892 to the masquerade name (used in MASQUERADE_AS). For example, 893 if you have: 894 895 MASQUERADE_AS(`masq.com') 896 MASQUERADE_DOMAIN(`foo.org') 897 MASQUERADE_DOMAIN(`bar.com') 898 899 then *foo.org and *bar.com are converted to masq.com. Without 900 this feature, only foo.org and bar.com are masqueraded. 901 902 NOTE: only domains within your jurisdiction and 903 current hierarchy should be masqueraded using this. 904 905local_no_masquerade 906 This feature prevents the local mailer from masquerading even 907 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect 908 on addresses of mail going outside the local domain. 909 910masquerade_envelope 911 If masquerading is enabled (using MASQUERADE_AS) or the 912 genericstable is in use, this feature will cause envelope 913 addresses to also masquerade as being from the masquerade 914 host. Normally only the header addresses are masqueraded. 915 916genericstable This feature will cause unqualified addresses (i.e., without 917 a domain) and addresses with a domain listed in class {G} 918 to be looked up in a map and turned into another ("generic") 919 form, which can change both the domain name and the user name. 920 Notice: if you use an MSP (as it is default starting with 921 8.12), the MTA will only receive qualified addresses from the 922 MSP (as required by the RFCs). Hence you need to add your 923 domain to class {G}. This feature is similar to the userdb 924 functionality. The same types of addresses as for 925 masquerading are looked up, i.e., only header sender 926 addresses unless the allmasquerade and/or masquerade_envelope 927 features are given. Qualified addresses must have the domain 928 part in class {G}; entries can be added to this class by the 929 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously 930 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 931 932 The argument of FEATURE(`genericstable') may be the map 933 definition; the default map definition is: 934 935 hash /etc/mail/genericstable 936 937 The key for this table is either the full address, the domain 938 (with a leading @; the localpart is passed as first argument) 939 or the unqualified username (tried in the order mentioned); 940 the value is the new user address. If the new user address 941 does not include a domain, it will be qualified in the standard 942 manner, i.e., using $j or the masquerade name. Note that the 943 address being looked up must be fully qualified. For local 944 mail, it is necessary to use FEATURE(`always_add_domain') 945 for the addresses to be qualified. 946 The "+detail" of an address is passed as %1, so entries like 947 948 old+*@foo.org new+%1@example.com 949 gen+*@foo.org %1@example.com 950 951 and other forms are possible. 952 953generics_entire_domain 954 If the genericstable is enabled and GENERICS_DOMAIN or 955 GENERICS_DOMAIN_FILE is used, this feature will cause 956 addresses to be searched in the map if their domain 957 parts are subdomains of elements in class {G}. 958 959virtusertable A domain-specific form of aliasing, allowing multiple 960 virtual domains to be hosted on one machine. For example, 961 if the virtuser table contained: 962 963 info@foo.com foo-info 964 info@bar.com bar-info 965 joe@bar.com error:nouser 550 No such user here 966 jax@bar.com error:5.7.0:550 Address invalid 967 @baz.org jane@example.net 968 969 then mail addressed to info@foo.com will be sent to the 970 address foo-info, mail addressed to info@bar.com will be 971 delivered to bar-info, and mail addressed to anyone at baz.org 972 will be sent to jane@example.net, mail to joe@bar.com will 973 be rejected with the specified error message, and mail to 974 jax@bar.com will also have a RFC 1893 compliant error code 975 5.7.0. 976 977 The username from the original address is passed 978 as %1 allowing: 979 980 @foo.org %1@example.com 981 982 meaning someone@foo.org will be sent to someone@example.com. 983 Additionally, if the local part consists of "user+detail" 984 then "detail" is passed as %2 and "+detail" is passed as %3 985 when a match against user+* is attempted, so entries like 986 987 old+*@foo.org new+%2@example.com 988 gen+*@foo.org %2@example.com 989 +*@foo.org %1%3@example.com 990 X++@foo.org Z%3@example.com 991 @bar.org %1%3 992 993 and other forms are possible. Note: to preserve "+detail" 994 for a default case (@domain) %1%3 must be used as RHS. 995 There are two wildcards after "+": "+" matches only a non-empty 996 detail, "*" matches also empty details, e.g., user+@foo.org 997 matches +*@foo.org but not ++@foo.org. This can be used 998 to ensure that the parameters %2 and %3 are not empty. 999 1000 All the host names on the left hand side (foo.com, bar.com, 1001 and baz.org) must be in class {w} or class {VirtHost}. The 1002 latter can be defined by the macros VIRTUSER_DOMAIN or 1003 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1004 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or 1005 VIRTUSER_DOMAIN_FILE is used, then the entries of class 1006 {VirtHost} are added to class {R}, i.e., relaying is allowed 1007 to (and from) those domains. The default map definition is: 1008 1009 hash /etc/mail/virtusertable 1010 1011 A new definition can be specified as the second argument of 1012 the FEATURE macro, such as 1013 1014 FEATURE(`virtusertable', `dbm /etc/mail/virtusers') 1015 1016virtuser_entire_domain 1017 If the virtusertable is enabled and VIRTUSER_DOMAIN or 1018 VIRTUSER_DOMAIN_FILE is used, this feature will cause 1019 addresses to be searched in the map if their domain 1020 parts are subdomains of elements in class {VirtHost}. 1021 1022ldap_routing Implement LDAP-based e-mail recipient routing according to 1023 the Internet Draft draft-lachman-laser-ldap-mail-routing-01. 1024 This provides a method to re-route addresses with a 1025 domain portion in class {LDAPRoute} to either a 1026 different mail host or a different address. Hosts can 1027 be added to this class using LDAPROUTE_DOMAIN and 1028 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1029 MASQUERADE_DOMAIN_FILE, see below). 1030 1031 See the LDAP ROUTING section below for more information. 1032 1033nodns If you aren't running DNS at your site (for example, 1034 you are UUCP-only connected). It's hard to consider 1035 this a "feature", but hey, it had to go somewhere. 1036 Actually, as of 8.7 this is a no-op -- remove "dns" from 1037 the hosts service switch entry instead. 1038 1039nullclient This is a special case -- it creates a configuration file 1040 containing nothing but support for forwarding all mail to a 1041 central hub via a local SMTP-based network. The argument 1042 is the name of that hub. 1043 1044 The only other feature that should be used in conjunction 1045 with this one is FEATURE(`nocanonify'). No mailers 1046 should be defined. No aliasing or forwarding is done. 1047 1048local_lmtp Use an LMTP capable local mailer. The argument to this 1049 feature is the pathname of an LMTP capable mailer. By 1050 default, mail.local is used. This is expected to be the 1051 mail.local which came with the 8.9 distribution which is 1052 LMTP capable. The path to mail.local is set by the 1053 confEBINDIR m4 variable -- making the default 1054 LOCAL_MAILER_PATH /usr/libexec/mail.local. 1055 If a different LMTP capable mailer is used, its pathname 1056 can be specified as second parameter and the arguments 1057 passed to it (A=) as third parameter, e.g., 1058 1059 FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp') 1060 1061 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1062 i.e., without respecting any definitions in an OSTYPE setting. 1063 1064local_procmail Use procmail or another delivery agent as the local mailer. 1065 The argument to this feature is the pathname of the 1066 delivery agent, which defaults to PROCMAIL_MAILER_PATH. 1067 Note that this does NOT use PROCMAIL_MAILER_FLAGS or 1068 PROCMAIL_MAILER_ARGS for the local mailer; tweak 1069 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or 1070 specify the appropriate parameters. When procmail is used, 1071 the local mailer can make use of the 1072 "user+indicator@local.host" syntax; normally the +indicator 1073 is just tossed, but by default it is passed as the -a 1074 argument to procmail. 1075 1076 This feature can take up to three arguments: 1077 1078 1. Path to the mailer program 1079 [default: /usr/local/bin/procmail] 1080 2. Argument vector including name of the program 1081 [default: procmail -Y -a $h -d $u] 1082 3. Flags for the mailer [default: SPfhn9] 1083 1084 Empty arguments cause the defaults to be taken. 1085 Note that if you are on a system with a broken 1086 setreuid() call, you may need to add -f $f to the procmail 1087 argument vector to pass the proper sender to procmail. 1088 1089 For example, this allows it to use the maildrop 1090 (http://www.flounder.net/~mrsam/maildrop/) mailer instead 1091 by specifying: 1092 1093 FEATURE(`local_procmail', `/usr/local/bin/maildrop', 1094 `maildrop -d $u') 1095 1096 or scanmails using: 1097 1098 FEATURE(`local_procmail', `/usr/local/bin/scanmails') 1099 1100 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1101 i.e., without respecting any definitions in an OSTYPE setting. 1102 1103bestmx_is_local Accept mail as though locally addressed for any host that 1104 lists us as the best possible MX record. This generates 1105 additional DNS traffic, but should be OK for low to 1106 medium traffic hosts. The argument may be a set of 1107 domains, which will limit the feature to only apply to 1108 these domains -- this will reduce unnecessary DNS 1109 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 1110 WILDCARD MX RECORDS!!! If you have a wildcard MX record 1111 that matches your domain, you cannot use this feature. 1112 1113smrsh Use the SendMail Restricted SHell (smrsh) provided 1114 with the distribution instead of /bin/sh for mailing 1115 to programs. This improves the ability of the local 1116 system administrator to control what gets run via 1117 e-mail. If an argument is provided it is used as the 1118 pathname to smrsh; otherwise, the path defined by 1119 confEBINDIR is used for the smrsh binary -- by default, 1120 /usr/libexec/smrsh is assumed. 1121 1122promiscuous_relay 1123 By default, the sendmail configuration files do not permit 1124 mail relaying (that is, accepting mail from outside your 1125 local host (class {w}) and sending it to another host than 1126 your local host). This option sets your site to allow 1127 mail relaying from any site to any site. In almost all 1128 cases, it is better to control relaying more carefully 1129 with the access map, class {R}, or authentication. Domains 1130 can be added to class {R} by the macros RELAY_DOMAIN or 1131 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1132 MASQUERADE_DOMAIN_FILE, see below). 1133 1134relay_entire_domain 1135 This option allows any host in your domain as defined by 1136 class {m} to use your server for relaying. Notice: make 1137 sure that your domain is not just a top level domain, 1138 e.g., com. This can happen if you give your host a name 1139 like example.com instead of host.example.com. 1140 1141relay_hosts_only 1142 By default, names that are listed as RELAY in the access 1143 db and class {R} are treated as domain names, not host names. 1144 For example, if you specify ``foo.com'', then mail to or 1145 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 1146 will all be accepted for relaying. This feature changes 1147 the behaviour to lookup individual host names only. 1148 1149relay_based_on_MX 1150 Turns on the ability to allow relaying based on the MX 1151 records of the host portion of an incoming recipient; that 1152 is, if an MX record for host foo.com points to your site, 1153 you will accept and relay mail addressed to foo.com. See 1154 description below for more information before using this 1155 feature. Also, see the KNOWNBUGS entry regarding bestmx 1156 map lookups. 1157 1158 FEATURE(`relay_based_on_MX') does not necessarily allow 1159 routing of these messages which you expect to be allowed, 1160 if route address syntax (or %-hack syntax) is used. If 1161 this is a problem, add entries to the access-table or use 1162 FEATURE(`loose_relay_check'). 1163 1164relay_mail_from 1165 Allows relaying if the mail sender is listed as RELAY in 1166 the access map. If an optional argument `domain' (this 1167 is the literal word `domain', not a placeholder) is given, 1168 relaying can be allowed just based on the domain portion 1169 of the sender address. This feature should only be used if 1170 absolutely necessary as the sender address can be easily 1171 forged. Use of this feature requires the "From:" tag to 1172 be used for the key in the access map; see the discussion 1173 of tags and FEATURE(`relay_mail_from') in the section on 1174 anti-spam configuration control. 1175 1176relay_local_from 1177 Allows relaying if the domain portion of the mail sender 1178 is a local host. This should only be used if absolutely 1179 necessary as it opens a window for spammers. Specifically, 1180 they can send mail to your mail server that claims to be 1181 from your domain (either directly or via a routed address), 1182 and you will go ahead and relay it out to arbitrary hosts 1183 on the Internet. 1184 1185accept_unqualified_senders 1186 Normally, MAIL FROM: commands in the SMTP session will be 1187 refused if the connection is a network connection and the 1188 sender address does not include a domain name. If your 1189 setup sends local mail unqualified (i.e., MAIL FROM: <joe>), 1190 you will need to use this feature to accept unqualified 1191 sender addresses. Setting the DaemonPortOptions modifier 1192 'u' overrides the default behavior, i.e., unqualified 1193 addresses are accepted even without this FEATURE. 1194 If this FEATURE is not used, the DaemonPortOptions modifier 1195 'f' can be used to enforce fully qualified addresses. 1196 1197accept_unresolvable_domains 1198 Normally, MAIL FROM: commands in the SMTP session will be 1199 refused if the host part of the argument to MAIL FROM: 1200 cannot be located in the host name service (e.g., an A or 1201 MX record in DNS). If you are inside a firewall that has 1202 only a limited view of the Internet host name space, this 1203 could cause problems. In this case you probably want to 1204 use this feature to accept all domains on input, even if 1205 they are unresolvable. 1206 1207access_db Turns on the access database feature. The access db gives 1208 you the ability to allow or refuse to accept mail from 1209 specified domains for administrative reasons. Moreover, 1210 it can control the behavior of sendmail in various situations. 1211 By default, the access database specification is: 1212 1213 hash -T<TMPF> /etc/mail/access 1214 1215 See the anti-spam configuration control section for further 1216 important information about this feature. Notice: 1217 "-T<TMPF>" is meant literal, do not replace it by anything. 1218 1219blacklist_recipients 1220 Turns on the ability to block incoming mail for certain 1221 recipient usernames, hostnames, or addresses. For 1222 example, you can block incoming mail to user nobody, 1223 host foo.mydomain.com, or guest@bar.mydomain.com. 1224 These specifications are put in the access db as 1225 described in the anti-spam configuration control section 1226 later in this document. 1227 1228delay_checks The rulesets check_mail and check_relay will not be called 1229 when a client connects or issues a MAIL command, respectively. 1230 Instead, those rulesets will be called by the check_rcpt 1231 ruleset; they will be skipped under certain circumstances. 1232 See "Delay all checks" in the anti-spam configuration control 1233 section. Note: this feature is incompatible to the versions 1234 in 8.10 and 8.11. 1235 1236use_client_ptr If this feature is enabled then check_relay will override 1237 its first argument with $&{client_ptr}. This is useful for 1238 rejections based on the unverified hostname of client, 1239 which turns on the same behavior as in earlier sendmail 1240 versions when delay_checks was not in use. See doc/op/op.* 1241 about check_relay, {client_name}, and {client_ptr}. 1242 1243dnsbl Turns on rejection of hosts found in an DNS based rejection 1244 list. If an argument is provided it is used as the domain 1245 in which blocked hosts are listed; otherwise it defaults to 1246 blackholes.mail-abuse.org. An explanation for an DNS based 1247 rejection list can be found at http://mail-abuse.org/rbl/. 1248 A second argument can be used to change the default error 1249 message. Without that second argument, the error message 1250 will be 1251 Rejected: IP-ADDRESS listed at SERVER 1252 where IP-ADDRESS and SERVER are replaced by the appropriate 1253 information. By default, temporary lookup failures are 1254 ignored. This behavior can be changed by specifying a 1255 third argument, which must be either `t' or a full error 1256 message. See the anti-spam configuration control section for 1257 an example. The dnsbl feature can be included several times 1258 to query different DNS based rejection lists. See also 1259 enhdnsbl for an enhanced version. 1260 1261 Set the DNSBL_MAP mc option to change the default map 1262 definition from `host'. Set the DNSBL_MAP_OPT mc option 1263 to add additional options to the map specification used. 1264 1265 Some DNS based rejection lists cause failures if asked 1266 for AAAA records. If your sendmail version is compiled 1267 with IPv6 support (NETINET6) and you experience this 1268 problem, add 1269 1270 define(`DNSBL_MAP', `dns -R A') 1271 1272 before the first use of this feature. Alternatively you 1273 can use enhdnsbl instead (see below). Moreover, this 1274 statement can be used to reduce the number of DNS retries, 1275 e.g., 1276 1277 define(`DNSBL_MAP', `dns -R A -r2') 1278 1279 See below (EDNSBL_TO) for an explanation. 1280 1281 NOTE: The default DNS blacklist, blackholes.mail-abuse.org, 1282 is a service offered by the Mail Abuse Prevention System 1283 (MAPS). As of July 31, 2001, MAPS is a subscription 1284 service, so using that network address won't work if you 1285 haven't subscribed. Contact MAPS to subscribe 1286 (http://mail-abuse.org/). 1287 1288enhdnsbl Enhanced version of dnsbl (see above). Further arguments 1289 (up to 5) can be used to specify specific return values 1290 from lookups. Temporary lookup failures are ignored unless 1291 a third argument is given, which must be either `t' or a full 1292 error message. By default, any successful lookup will 1293 generate an error. Otherwise the result of the lookup is 1294 compared with the supplied argument(s), and only if a match 1295 occurs an error is generated. For example, 1296 1297 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.') 1298 1299 will reject the e-mail if the lookup returns the value 1300 ``127.0.0.2.'', or generate a 451 response if the lookup 1301 temporarily failed. The arguments can contain metasymbols 1302 as they are allowed in the LHS of rules. As the example 1303 shows, the default values are also used if an empty argument, 1304 i.e., `', is specified. This feature requires that sendmail 1305 has been compiled with the flag DNSMAP (see sendmail/README). 1306 1307 Set the EDNSBL_TO mc option to change the DNS retry count 1308 from the default value of 5, this can be very useful when 1309 a DNS server is not responding, which in turn may cause 1310 clients to time out (an entry stating 1311 1312 did not issue MAIL/EXPN/VRFY/ETRN 1313 1314 will be logged). 1315 1316ratecontrol Enable simple ruleset to do connection rate control 1317 checking. This requires entries in access_db of the form 1318 1319 ClientRate:IP.ADD.RE.SS LIMIT 1320 1321 The RHS specifies the maximum number of connections 1322 (an integer number) over the time interval defined 1323 by ConnectionRateWindowSize, where 0 means unlimited. 1324 1325 Take the following example: 1326 1327 ClientRate:10.1.2.3 4 1328 ClientRate:127.0.0.1 0 1329 ClientRate: 10 1330 1331 10.1.2.3 can only make up to 4 connections, the 1332 general limit it 10, and 127.0.0.1 can make an unlimited 1333 number of connections per ConnectionRateWindowSize. 1334 1335 See also CONNECTION CONTROL. 1336 1337conncontrol Enable a simple check of the number of incoming SMTP 1338 connections. This requires entries in access_db of the 1339 form 1340 1341 ClientConn:IP.ADD.RE.SS LIMIT 1342 1343 The RHS specifies the maximum number of open connections 1344 (an integer number). 1345 1346 Take the following example: 1347 1348 ClientConn:10.1.2.3 4 1349 ClientConn:127.0.0.1 0 1350 ClientConn: 10 1351 1352 10.1.2.3 can only have up to 4 open connections, the 1353 general limit it 10, and 127.0.0.1 does not have any 1354 explicit limit. 1355 1356 See also CONNECTION CONTROL. 1357 1358mtamark Experimental support for "Marking Mail Transfer Agents in 1359 Reverse DNS with TXT RRs" (MTAMark), see 1360 draft-stumpf-dns-mtamark-01. Optional arguments are: 1361 1362 1. Error message, default: 1363 1364 550 Rejected: $&{client_addr} not listed as MTA 1365 1366 2. Temporary lookup failures are ignored unless a second 1367 argument is given, which must be either `t' or a full 1368 error message. 1369 1370 3. Lookup prefix, default: _perm._smtp._srv. This should 1371 not be changed unless the draft changes it. 1372 1373 Example: 1374 1375 FEATURE(`mtamark', `', `t') 1376 1377lookupdotdomain Look up also .domain in the access map. This allows to 1378 match only subdomains. It does not work well with 1379 FEATURE(`relay_hosts_only'), because most lookups for 1380 subdomains are suppressed by the latter feature. 1381 1382loose_relay_check 1383 Normally, if % addressing is used for a recipient, e.g. 1384 user%site@othersite, and othersite is in class {R}, the 1385 check_rcpt ruleset will strip @othersite and recheck 1386 user@site for relaying. This feature changes that 1387 behavior. It should not be needed for most installations. 1388 1389authinfo Provide a separate map for client side authentication 1390 information. See SMTP AUTHENTICATION for details. 1391 By default, the authinfo database specification is: 1392 1393 hash /etc/mail/authinfo 1394 1395preserve_luser_host 1396 Preserve the name of the recipient host if LUSER_RELAY is 1397 used. Without this option, the domain part of the 1398 recipient address will be replaced by the host specified as 1399 LUSER_RELAY. This feature only works if the hostname is 1400 passed to the mailer (see mailer triple in op.me). Note 1401 that in the default configuration the local mailer does not 1402 receive the hostname, i.e., the mailer triple has an empty 1403 hostname. 1404 1405preserve_local_plus_detail 1406 Preserve the +detail portion of the address when passing 1407 address to local delivery agent. Disables alias and 1408 .forward +detail stripping (e.g., given user+detail, only 1409 that address will be looked up in the alias file; user+* and 1410 user will not be looked up). Only use if the local 1411 delivery agent in use supports +detail addressing. 1412 1413compat_check Enable ruleset check_compat to look up pairs of addresses 1414 with the Compat: tag -- Compat:sender<@>recipient -- in the 1415 access map. Valid values for the RHS include 1416 DISCARD silently discard recipient 1417 TEMP: return a temporary error 1418 ERROR: return a permanent error 1419 In the last two cases, a 4xy/5xy SMTP reply code should 1420 follow the colon. 1421 1422no_default_msa Don't generate the default MSA daemon, i.e., 1423 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') 1424 To define a MSA daemon with other parameters, use this 1425 FEATURE and introduce new settings via DAEMON_OPTIONS(). 1426 1427msp Defines config file for Message Submission Program. 1428 See sendmail/SECURITY for details and cf/cf/submit.mc how 1429 to use it. An optional argument can be used to override 1430 the default of `[localhost]' to use as host to send all 1431 e-mails to. Note that MX records will be used if the 1432 specified hostname is not in square brackets (e.g., 1433 [hostname]). If `MSA' is specified as second argument then 1434 port 587 is used to contact the server. Example: 1435 1436 FEATURE(`msp', `', `MSA') 1437 1438 Some more hints about possible changes can be found below 1439 in the section MESSAGE SUBMISSION PROGRAM. 1440 1441 Note: Due to many problems, submit.mc uses 1442 1443 FEATURE(`msp', `[127.0.0.1]') 1444 1445 by default. If you have a machine with IPv6 only, 1446 change it to 1447 1448 FEATURE(`msp', `[IPv6:::1]') 1449 1450 If you want to continue using '[localhost]', (the behavior 1451 up to 8.12.6), use 1452 1453 FEATURE(`msp') 1454 1455queuegroup A simple example how to select a queue group based 1456 on the full e-mail address or the domain of the 1457 recipient. Selection is done via entries in the 1458 access map using the tag QGRP:, for example: 1459 1460 QGRP:example.com main 1461 QGRP:friend@some.org others 1462 QGRP:my.domain local 1463 1464 where "main", "others", and "local" are names of 1465 queue groups. If an argument is specified, it is used 1466 as default queue group. 1467 1468 Note: please read the warning in doc/op/op.me about 1469 queue groups and possible queue manipulations. 1470 1471greet_pause Adds the greet_pause ruleset which enables open proxy 1472 and SMTP slamming protection. The feature can take an 1473 argument specifying the milliseconds to wait: 1474 1475 FEATURE(`greet_pause', `5000') dnl 5 seconds 1476 1477 If FEATURE(`access_db') is enabled, an access database 1478 lookup with the GreetPause tag is done using client 1479 hostname, domain, IP address, or subnet to determine the 1480 pause time: 1481 1482 GreetPause:my.domain 0 1483 GreetPause:example.com 5000 1484 GreetPause:10.1.2 2000 1485 GreetPause:127.0.0.1 0 1486 1487 When using FEATURE(`access_db'), the optional 1488 FEATURE(`greet_pause') argument becomes the default if 1489 nothing is found in the access database. A ruleset called 1490 Local_greet_pause can be used for local modifications, e.g., 1491 1492 LOCAL_RULESETS 1493 SLocal_greet_pause 1494 R$* $: $&{daemon_flags} 1495 R$* a $* $# 0 1496 1497+-------+ 1498| HACKS | 1499+-------+ 1500 1501Some things just can't be called features. To make this clear, 1502they go in the hack subdirectory and are referenced using the HACK 1503macro. These will tend to be site-dependent. The release 1504includes the Berkeley-dependent "cssubdomain" hack (that makes 1505sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 1506this is intended as a short-term aid while moving hosts into 1507subdomains. 1508 1509 1510+--------------------+ 1511| SITE CONFIGURATION | 1512+--------------------+ 1513 1514 ***************************************************** 1515 * This section is really obsolete, and is preserved * 1516 * only for back compatibility. You should plan on * 1517 * using mailertables for new installations. In * 1518 * particular, it doesn't work for the newer forms * 1519 * of UUCP mailers, such as uucp-uudom. * 1520 ***************************************************** 1521 1522Complex sites will need more local configuration information, such as 1523lists of UUCP hosts they speak with directly. This can get a bit more 1524tricky. For an example of a "complex" site, see cf/ucbvax.mc. 1525 1526The SITECONFIG macro allows you to indirectly reference site-dependent 1527configuration information stored in the siteconfig subdirectory. For 1528example, the line 1529 1530 SITECONFIG(`uucp.ucbvax', `ucbvax', `U') 1531 1532reads the file uucp.ucbvax for local connection information. The 1533second parameter is the local name (in this case just "ucbvax" since 1534it is locally connected, and hence a UUCP hostname). The third 1535parameter is the name of both a macro to store the local name (in 1536this case, {U}) and the name of the class (e.g., {U}) in which to store 1537the host information read from the file. Another SITECONFIG line reads 1538 1539 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W') 1540 1541This says that the file uucp.ucbarpa contains the list of UUCP sites 1542connected to ucbarpa.Berkeley.EDU. Class {W} will be used to 1543store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 1544is, the name of the relay to which the hosts listed in uucp.ucbarpa 1545are connected. [The machine ucbarpa is gone now, but this 1546out-of-date configuration file has been left around to demonstrate 1547how you might do this.] 1548 1549Note that the case of SITECONFIG with a third parameter of ``U'' is 1550special; the second parameter is assumed to be the UUCP name of the 1551local site, rather than the name of a remote site, and the UUCP name 1552is entered into class {w} (the list of local hostnames) as $U.UUCP. 1553 1554The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 1555more than a sequence of SITE macros describing connectivity. For 1556example: 1557 1558 SITE(`cnmat') 1559 SITE(`sgi olympus') 1560 1561The second example demonstrates that you can use two names on the 1562same line; these are usually aliases for the same host (or are at 1563least in the same company). 1564 1565The macro LOCAL_UUCP can be used to add rules into the generated 1566cf file at the place where MAILER(`uucp') inserts its rules. This 1567should only be used if really necessary. 1568 1569+--------------------+ 1570| USING UUCP MAILERS | 1571+--------------------+ 1572 1573It's hard to get UUCP mailers right because of the extremely ad hoc 1574nature of UUCP addressing. These config files are really designed 1575for domain-based addressing, even for UUCP sites. 1576 1577There are four UUCP mailers available. The choice of which one to 1578use is partly a matter of local preferences and what is running at 1579the other end of your UUCP connection. Unlike good protocols that 1580define what will go over the wire, UUCP uses the policy that you 1581should do what is right for the other end; if they change, you have 1582to change. This makes it hard to do the right thing, and discourages 1583people from updating their software. In general, if you can avoid 1584UUCP, please do. 1585 1586The major choice is whether to go for a domainized scheme or a 1587non-domainized scheme. This depends entirely on what the other 1588end will recognize. If at all possible, you should encourage the 1589other end to go to a domain-based system -- non-domainized addresses 1590don't work entirely properly. 1591 1592The four mailers are: 1593 1594 uucp-old (obsolete name: "uucp") 1595 This is the oldest, the worst (but the closest to UUCP) way of 1596 sending messages accros UUCP connections. It does bangify 1597 everything and prepends $U (your UUCP name) to the sender's 1598 address (which can already be a bang path itself). It can 1599 only send to one address at a time, so it spends a lot of 1600 time copying duplicates of messages. Avoid this if at all 1601 possible. 1602 1603 uucp-new (obsolete name: "suucp") 1604 The same as above, except that it assumes that in one rmail 1605 command you can specify several recipients. It still has a 1606 lot of other problems. 1607 1608 uucp-dom 1609 This UUCP mailer keeps everything as domain addresses. 1610 Basically, it uses the SMTP mailer rewriting rules. This mailer 1611 is only included if MAILER(`smtp') is specified before 1612 MAILER(`uucp'). 1613 1614 Unfortunately, a lot of UUCP mailer transport agents require 1615 bangified addresses in the envelope, although you can use 1616 domain-based addresses in the message header. (The envelope 1617 shows up as the From_ line on UNIX mail.) So.... 1618 1619 uucp-uudom 1620 This is a cross between uucp-new (for the envelope addresses) 1621 and uucp-dom (for the header addresses). It bangifies the 1622 envelope sender (From_ line in messages) without adding the 1623 local hostname, unless there is no host name on the address 1624 at all (e.g., "wolf") or the host component is a UUCP host name 1625 instead of a domain name ("somehost!wolf" instead of 1626 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') 1627 is also specified earlier. 1628 1629Examples: 1630 1631On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following 1632summarizes the sender rewriting for various mailers. 1633 1634Mailer sender rewriting in the envelope 1635------ ------ ------------------------- 1636uucp-{old,new} wolf grasp!wolf 1637uucp-dom wolf wolf@grasp.insa-lyon.fr 1638uucp-uudom wolf grasp.insa-lyon.fr!wolf 1639 1640uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 1641uucp-dom wolf@fr.net wolf@fr.net 1642uucp-uudom wolf@fr.net fr.net!wolf 1643 1644uucp-{old,new} somehost!wolf grasp!somehost!wolf 1645uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1646uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1647 1648If you are using one of the domainized UUCP mailers, you really want 1649to convert all UUCP addresses to domain format -- otherwise, it will 1650do it for you (and probably not the way you expected). For example, 1651if you have the address foo!bar!baz (and you are not sending to foo), 1652the heuristics will add the @uucp.relay.name or @local.host.name to 1653this address. However, if you map foo to foo.host.name first, it 1654will not add the local hostname. You can do this using the uucpdomain 1655feature. 1656 1657 1658+-------------------+ 1659| TWEAKING RULESETS | 1660+-------------------+ 1661 1662For more complex configurations, you can define special rules. 1663The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1664the names. Any modifications made here are reflected in the header. 1665 1666A common use is to convert old UUCP addresses to SMTP addresses using 1667the UUCPSMTP macro. For example: 1668 1669 LOCAL_RULE_3 1670 UUCPSMTP(`decvax', `decvax.dec.com') 1671 UUCPSMTP(`research', `research.att.com') 1672 1673will cause addresses of the form "decvax!user" and "research!user" 1674to be converted to "user@decvax.dec.com" and "user@research.att.com" 1675respectively. 1676 1677This could also be used to look up hosts in a database map: 1678 1679 LOCAL_RULE_3 1680 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1681 1682This map would be defined in the LOCAL_CONFIG portion, as shown below. 1683 1684Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1685For example, new rules are needed to parse hostnames that you accept 1686via MX records. For example, you might have: 1687 1688 LOCAL_RULE_0 1689 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1690 1691You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1692pointing at this host; this rule catches the message and forwards it on 1693using UUCP. 1694 1695You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1696These rulesets are normally empty. 1697 1698A similar macro is LOCAL_CONFIG. This introduces lines added after the 1699boilerplate option setting but before rulesets. Do not declare rulesets in 1700the LOCAL_CONFIG section. It can be used to declare local database maps or 1701whatever. For example: 1702 1703 LOCAL_CONFIG 1704 Khostmap hash /etc/mail/hostmap 1705 Kyplocal nis -m hosts.byname 1706 1707 1708+---------------------------+ 1709| MASQUERADING AND RELAYING | 1710+---------------------------+ 1711 1712You can have your host masquerade as another using 1713 1714 MASQUERADE_AS(`host.domain') 1715 1716This causes mail being sent to be labeled as coming from the 1717indicated host.domain, rather than $j. One normally masquerades as 1718one of one's own subdomains (for example, it's unlikely that 1719Berkeley would choose to masquerade as an MIT site). This 1720behaviour is modified by a plethora of FEATUREs; in particular, see 1721masquerade_envelope, allmasquerade, limited_masquerade, and 1722masquerade_entire_domain. 1723 1724The masquerade name is not normally canonified, so it is important 1725that it be your One True Name, that is, fully qualified and not a 1726CNAME. However, if you use a CNAME, the receiving side may canonify 1727it for you, so don't think you can cheat CNAME mapping this way. 1728 1729Normally the only addresses that are masqueraded are those that come 1730from this host (that is, are either unqualified or in class {w}, the list 1731of local domain names). You can augment this list, which is realized 1732by class {M} using 1733 1734 MASQUERADE_DOMAIN(`otherhost.domain') 1735 1736The effect of this is that although mail to user@otherhost.domain 1737will not be delivered locally, any mail including any user@otherhost.domain 1738will, when relayed, be rewritten to have the MASQUERADE_AS address. 1739This can be a space-separated list of names. 1740 1741If these names are in a file, you can use 1742 1743 MASQUERADE_DOMAIN_FILE(`filename') 1744 1745to read the list of names from the indicated file (i.e., to add 1746elements to class {M}). 1747 1748To exempt hosts or subdomains from being masqueraded, you can use 1749 1750 MASQUERADE_EXCEPTION(`host.domain') 1751 1752This can come handy if you want to masquerade a whole domain 1753except for one (or a few) host(s). If these names are in a file, 1754you can use 1755 1756 MASQUERADE_EXCEPTION_FILE(`filename') 1757 1758Normally only header addresses are masqueraded. If you want to 1759masquerade the envelope as well, use 1760 1761 FEATURE(`masquerade_envelope') 1762 1763There are always users that need to be "exposed" -- that is, their 1764internal site name should be displayed instead of the masquerade name. 1765Root is an example (which has been "exposed" by default prior to 8.10). 1766You can add users to this list using 1767 1768 EXPOSED_USER(`usernames') 1769 1770This adds users to class {E}; you could also use 1771 1772 EXPOSED_USER_FILE(`filename') 1773 1774You can also arrange to relay all unqualified names (that is, names 1775without @host) to a relay host. For example, if you have a central 1776email server, you might relay to that host so that users don't have 1777to have .forward files or aliases. You can do this using 1778 1779 define(`LOCAL_RELAY', `mailer:hostname') 1780 1781The ``mailer:'' can be omitted, in which case the mailer defaults to 1782"relay". There are some user names that you don't want relayed, perhaps 1783because of local aliases. A common example is root, which may be 1784locally aliased. You can add entries to this list using 1785 1786 LOCAL_USER(`usernames') 1787 1788This adds users to class {L}; you could also use 1789 1790 LOCAL_USER_FILE(`filename') 1791 1792If you want all incoming mail sent to a centralized hub, as for a 1793shared /var/spool/mail scheme, use 1794 1795 define(`MAIL_HUB', `mailer:hostname') 1796 1797Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1798and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 1799be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1800Note: there is a (long standing) bug which keeps this combination from 1801working for addresses of the form user+detail. 1802Names in class {L} will be delivered locally, so you MUST have aliases or 1803.forward files for them. 1804 1805For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1806FEATURE(`stickyhost'), the following combinations of settings will have the 1807indicated effects: 1808 1809email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1810 1811LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1812mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1813 1814MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1815mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1816 1817Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1818MAIL_HUB set as above (no local aliasing) (aliasing done) 1819 1820If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 1821MAIL_HUB act identically, with MAIL_HUB taking precedence. 1822 1823If you want all outgoing mail to go to a central relay site, define 1824SMART_HOST as well. Briefly: 1825 1826 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1827 MAIL_HUB applies to names qualified with the name of the 1828 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1829 SMART_HOST applies to names qualified with other hosts or 1830 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" 1831 or "eric@[127.0.0.1]"). 1832 1833However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1834DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1835really want absolutely everything to go to a single central site you will 1836need to unset all the other relays -- or better yet, find or build a 1837minimal config file that does this. 1838 1839For duplicate suppression to work properly, the host name is best 1840specified with a terminal dot: 1841 1842 define(`MAIL_HUB', `host.domain.') 1843 note the trailing dot ---^ 1844 1845 1846+-------------------------------------------+ 1847| USING LDAP FOR ALIASES, MAPS, AND CLASSES | 1848+-------------------------------------------+ 1849 1850LDAP can be used for aliases, maps, and classes by either specifying your 1851own LDAP map specification or using the built-in default LDAP map 1852specification. The built-in default specifications all provide lookups 1853which match against either the machine's fully qualified hostname (${j}) or 1854a "cluster". The cluster allows you to share LDAP entries among a large 1855number of machines without having to enter each of the machine names into 1856each LDAP entry. To set the LDAP cluster name to use for a particular 1857machine or set of machines, set the confLDAP_CLUSTER m4 variable to a 1858unique name. For example: 1859 1860 define(`confLDAP_CLUSTER', `Servers') 1861 1862Here, the word `Servers' will be the cluster name. As an example, assume 1863that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong 1864to the Servers cluster. 1865 1866Some of the LDAP LDIF examples below show use of the Servers cluster. 1867Every entry must have either a sendmailMTAHost or sendmailMTACluster 1868attribute or it will be ignored. Be careful as mixing clusters and 1869individual host records can have surprising results (see the CAUTION 1870sections below). 1871 1872See the file cf/sendmail.schema for the actual LDAP schemas. Note that 1873this schema (and therefore the lookups and examples below) is experimental 1874at this point as it has had little public review. Therefore, it may change 1875in future versions. Feedback via sendmail@sendmail.org is encouraged. 1876 1877------- 1878Aliases 1879------- 1880 1881The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias 1882lookups. To use the default schema, simply use: 1883 1884 define(`ALIAS_FILE', `ldap:') 1885 1886By doing so, you will use the default schema which expands to a map 1887declared as follows: 1888 1889 ldap -k (&(objectClass=sendmailMTAAliasObject) 1890 (sendmailMTAAliasGrouping=aliases) 1891 (|(sendmailMTACluster=${sendmailMTACluster}) 1892 (sendmailMTAHost=$j)) 1893 (sendmailMTAKey=%0)) 1894 -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject 1895 1896 1897NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1898used when the binary expands the `ldap:' token as the AliasFile option is 1899not actually macro-expanded when read from the sendmail.cf file. 1900 1901Example LDAP LDIF entries might be: 1902 1903 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org 1904 objectClass: sendmailMTA 1905 objectClass: sendmailMTAAlias 1906 objectClass: sendmailMTAAliasObject 1907 sendmailMTAAliasGrouping: aliases 1908 sendmailMTAHost: etrn.sendmail.org 1909 sendmailMTAKey: sendmail-list 1910 sendmailMTAAliasValue: ca@example.org 1911 sendmailMTAAliasValue: eric 1912 sendmailMTAAliasValue: gshapiro@example.com 1913 1914 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org 1915 objectClass: sendmailMTA 1916 objectClass: sendmailMTAAlias 1917 objectClass: sendmailMTAAliasObject 1918 sendmailMTAAliasGrouping: aliases 1919 sendmailMTAHost: etrn.sendmail.org 1920 sendmailMTAKey: owner-sendmail-list 1921 sendmailMTAAliasValue: eric 1922 1923 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org 1924 objectClass: sendmailMTA 1925 objectClass: sendmailMTAAlias 1926 objectClass: sendmailMTAAliasObject 1927 sendmailMTAAliasGrouping: aliases 1928 sendmailMTACluster: Servers 1929 sendmailMTAKey: postmaster 1930 sendmailMTAAliasValue: eric 1931 1932Here, the aliases sendmail-list and owner-sendmail-list will be available 1933only on etrn.sendmail.org but the postmaster alias will be available on 1934every machine in the Servers cluster (including etrn.sendmail.org). 1935 1936CAUTION: aliases are additive so that entries like these: 1937 1938 dn: sendmailMTAKey=bob, dc=sendmail, dc=org 1939 objectClass: sendmailMTA 1940 objectClass: sendmailMTAAlias 1941 objectClass: sendmailMTAAliasObject 1942 sendmailMTAAliasGrouping: aliases 1943 sendmailMTACluster: Servers 1944 sendmailMTAKey: bob 1945 sendmailMTAAliasValue: eric 1946 1947 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org 1948 objectClass: sendmailMTA 1949 objectClass: sendmailMTAAlias 1950 objectClass: sendmailMTAAliasObject 1951 sendmailMTAAliasGrouping: aliases 1952 sendmailMTAHost: etrn.sendmail.org 1953 sendmailMTAKey: bob 1954 sendmailMTAAliasValue: gshapiro 1955 1956would mean that on all of the hosts in the cluster, mail to bob would go to 1957eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and 1958gshapiro. 1959 1960If you prefer not to use the default LDAP schema for your aliases, you can 1961specify the map parameters when setting ALIAS_FILE. For example: 1962 1963 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember') 1964 1965---- 1966Maps 1967---- 1968 1969FEATURE()'s which take an optional map definition argument (e.g., access, 1970mailertable, virtusertable, etc.) can instead take the special keyword 1971`LDAP', e.g.: 1972 1973 FEATURE(`access_db', `LDAP') 1974 FEATURE(`virtusertable', `LDAP') 1975 1976When this keyword is given, that map will use LDAP lookups consisting of 1977the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName 1978with the map name, a search attribute of sendmailMTAKey, and the value 1979attribute sendmailMTAMapValue. 1980 1981The values for sendmailMTAMapName are: 1982 1983 FEATURE() sendmailMTAMapName 1984 --------- ------------------ 1985 access_db access 1986 authinfo authinfo 1987 bitdomain bitdomain 1988 domaintable domain 1989 genericstable generics 1990 mailertable mailer 1991 uucpdomain uucpdomain 1992 virtusertable virtuser 1993 1994For example, FEATURE(`mailertable', `LDAP') would use the map definition: 1995 1996 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject) 1997 (sendmailMTAMapName=mailer) 1998 (|(sendmailMTACluster=${sendmailMTACluster}) 1999 (sendmailMTAHost=$j)) 2000 (sendmailMTAKey=%0)) 2001 -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject 2002 2003An example LDAP LDIF entry using this map might be: 2004 2005 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org 2006 objectClass: sendmailMTA 2007 objectClass: sendmailMTAMap 2008 sendmailMTACluster: Servers 2009 sendmailMTAMapName: mailer 2010 2011 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org 2012 objectClass: sendmailMTA 2013 objectClass: sendmailMTAMap 2014 objectClass: sendmailMTAMapObject 2015 sendmailMTAMapName: mailer 2016 sendmailMTACluster: Servers 2017 sendmailMTAKey: example.com 2018 sendmailMTAMapValue: relay:[smtp.example.com] 2019 2020CAUTION: If your LDAP database contains the record above and *ALSO* a host 2021specific record such as: 2022 2023 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org 2024 objectClass: sendmailMTA 2025 objectClass: sendmailMTAMap 2026 objectClass: sendmailMTAMapObject 2027 sendmailMTAMapName: mailer 2028 sendmailMTAHost: etrn.sendmail.org 2029 sendmailMTAKey: example.com 2030 sendmailMTAMapValue: relay:[mx.example.com] 2031 2032then these entries will give unexpected results. When the lookup is done 2033on etrn.sendmail.org, the effect is that there is *NO* match at all as maps 2034require a single match. Since the host etrn.sendmail.org is also in the 2035Servers cluster, LDAP would return two answers for the example.com map key 2036in which case sendmail would treat this as no match at all. 2037 2038If you prefer not to use the default LDAP schema for your maps, you can 2039specify the map parameters when using the FEATURE(). For example: 2040 2041 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value') 2042 2043------- 2044Classes 2045------- 2046 2047Normally, classes can be filled via files or programs. As of 8.12, they 2048can also be filled via map lookups using a new syntax: 2049 2050 F{ClassName}mapkey@mapclass:mapspec 2051 2052mapkey is optional and if not provided the map key will be empty. This can 2053be used with LDAP to read classes from LDAP. Note that the lookup is only 2054done when sendmail is initially started. Use the special value `@LDAP' to 2055use the default LDAP schema. For example: 2056 2057 RELAY_DOMAIN_FILE(`@LDAP') 2058 2059would put all of the attribute sendmailMTAClassValue values of LDAP records 2060with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of 2061'R' into class $={R}. In other words, it is equivalent to the LDAP map 2062specification: 2063 2064 F{R}@ldap:-k (&(objectClass=sendmailMTAClass) 2065 (sendmailMTAClassName=R) 2066 (|(sendmailMTACluster=${sendmailMTACluster}) 2067 (sendmailMTAHost=$j))) 2068 -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass 2069 2070NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 2071used when the binary expands the `@LDAP' token as class declarations are 2072not actually macro-expanded when read from the sendmail.cf file. 2073 2074This can be used with class related commands such as RELAY_DOMAIN_FILE(), 2075MASQUERADE_DOMAIN_FILE(), etc: 2076 2077 Command sendmailMTAClassName 2078 ------- -------------------- 2079 CANONIFY_DOMAIN_FILE() Canonify 2080 EXPOSED_USER_FILE() E 2081 GENERICS_DOMAIN_FILE() G 2082 LDAPROUTE_DOMAIN_FILE() LDAPRoute 2083 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv 2084 LOCAL_USER_FILE() L 2085 MASQUERADE_DOMAIN_FILE() M 2086 MASQUERADE_EXCEPTION_FILE() N 2087 RELAY_DOMAIN_FILE() R 2088 VIRTUSER_DOMAIN_FILE() VirtHost 2089 2090You can also add your own as any 'F'ile class of the form: 2091 2092 F{ClassName}@LDAP 2093 ^^^^^^^^^ 2094will use "ClassName" for the sendmailMTAClassName. 2095 2096An example LDAP LDIF entry would look like: 2097 2098 dn: sendmailMTAClassName=R, dc=sendmail, dc=org 2099 objectClass: sendmailMTA 2100 objectClass: sendmailMTAClass 2101 sendmailMTACluster: Servers 2102 sendmailMTAClassName: R 2103 sendmailMTAClassValue: sendmail.org 2104 sendmailMTAClassValue: example.com 2105 sendmailMTAClassValue: 10.56.23 2106 2107CAUTION: If your LDAP database contains the record above and *ALSO* a host 2108specific record such as: 2109 2110 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org 2111 objectClass: sendmailMTA 2112 objectClass: sendmailMTAClass 2113 sendmailMTAHost: etrn.sendmail.org 2114 sendmailMTAClassName: R 2115 sendmailMTAClassValue: example.com 2116 2117the result will be similar to the aliases caution above. When the lookup 2118is done on etrn.sendmail.org, $={R} would contain all of the entries (from 2119both the cluster match and the host match). In other words, the effective 2120is additive. 2121 2122If you prefer not to use the default LDAP schema for your classes, you can 2123specify the map parameters when using the class command. For example: 2124 2125 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host') 2126 2127Remember, macros can not be used in a class declaration as the binary does 2128not expand them. 2129 2130 2131+--------------+ 2132| LDAP ROUTING | 2133+--------------+ 2134 2135FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft 2136LDAP Schema for Intranet Mail Routing 2137(draft-lachman-laser-ldap-mail-routing-01). This feature enables 2138LDAP-based rerouting of a particular address to either a different host 2139or a different address. The LDAP lookup is first attempted on the full 2140address (e.g., user@example.com) and then on the domain portion 2141(e.g., @example.com). Be sure to setup your domain for LDAP routing using 2142LDAPROUTE_DOMAIN(), e.g.: 2143 2144 LDAPROUTE_DOMAIN(`example.com') 2145 2146Additionally, you can specify equivalent domains for LDAP routing using 2147LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent' 2148hostnames are mapped to $M (the masqueraded hostname for the server) before 2149the LDAP query. For example, if the mail is addressed to 2150user@host1.example.com, normally the LDAP lookup would only be done for 2151'user@host1.example.com' and '@host1.example.com'. However, if 2152LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be 2153done on 'user@example.com' and '@example.com' after attempting the 2154host1.example.com lookups. 2155 2156By default, the feature will use the schemas as specified in the draft 2157and will not reject addresses not found by the LDAP lookup. However, 2158this behavior can be changed by giving additional arguments to the FEATURE() 2159command: 2160 2161 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, 2162 <detail>, <nodomain>, <tempfail>) 2163 2164where <mailHost> is a map definition describing how to lookup an alternative 2165mail host for a particular address; <mailRoutingAddress> is a map definition 2166describing how to lookup an alternative address for a particular address; 2167the <bounce> argument, if present and not the word "passthru", dictates 2168that mail should be bounced if neither a mailHost nor mailRoutingAddress 2169is found, if set to "sendertoo", the sender will be rejected if not 2170found in LDAP; and <detail> indicates what actions to take if the address 2171contains +detail information -- `strip' tries the lookup with the +detail 2172and if no matches are found, strips the +detail and tries the lookup again; 2173`preserve', does the same as `strip' but if a mailRoutingAddress match is 2174found, the +detail information is copied to the new address; the <nodomain> 2175argument, if present, will prevent the @domain lookup if the full 2176address is not found in LDAP; the <tempfail> argument, if set to 2177"tempfail", instructs the rules to give an SMTP 4XX temporary 2178error if the LDAP server gives the MTA a temporary failure, or if set to 2179"queue" (the default), the MTA will locally queue the mail. 2180 2181The default <mailHost> map definition is: 2182 2183 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient) 2184 (mailLocalAddress=%0)) 2185 2186The default <mailRoutingAddress> map definition is: 2187 2188 ldap -1 -T<TMPF> -v mailRoutingAddress 2189 -k (&(objectClass=inetLocalMailRecipient) 2190 (mailLocalAddress=%0)) 2191 2192Note that neither includes the LDAP server hostname (-h server) or base DN 2193(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that 2194your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with 2195these settings. If this is not the case, the map definitions should be 2196changed as described above. The "-T<TMPF>" is required in any user 2197specified map definition to catch temporary errors. 2198 2199The following possibilities exist as a result of an LDAP lookup on an 2200address: 2201 2202 mailHost is mailRoutingAddress is Results in 2203 ----------- --------------------- ---------- 2204 set to a set mail delivered to 2205 "local" host mailRoutingAddress 2206 2207 set to a not set delivered to 2208 "local" host original address 2209 2210 set to a set mailRoutingAddress 2211 remote host relayed to mailHost 2212 2213 set to a not set original address 2214 remote host relayed to mailHost 2215 2216 not set set mail delivered to 2217 mailRoutingAddress 2218 2219 not set not set delivered to 2220 original address *OR* 2221 bounced as unknown user 2222 2223The term "local" host above means the host specified is in class {w}. If 2224the result would mean sending the mail to a different host, that host is 2225looked up in the mailertable before delivery. 2226 2227Note that the last case depends on whether the third argument is given 2228to the FEATURE() command. The default is to deliver the message to the 2229original address. 2230 2231The LDAP entries should be set up with an objectClass of 2232inetLocalMailRecipient and the address be listed in a mailLocalAddress 2233attribute. If present, there must be only one mailHost attribute and it 2234must contain a fully qualified host name as its value. Similarly, if 2235present, there must be only one mailRoutingAddress attribute and it must 2236contain an RFC 822 compliant address. Some example LDAP records (in LDIF 2237format): 2238 2239 dn: uid=tom, o=example.com, c=US 2240 objectClass: inetLocalMailRecipient 2241 mailLocalAddress: tom@example.com 2242 mailRoutingAddress: thomas@mailhost.example.com 2243 2244This would deliver mail for tom@example.com to thomas@mailhost.example.com. 2245 2246 dn: uid=dick, o=example.com, c=US 2247 objectClass: inetLocalMailRecipient 2248 mailLocalAddress: dick@example.com 2249 mailHost: eng.example.com 2250 2251This would relay mail for dick@example.com to the same address but redirect 2252the mail to MX records listed for the host eng.example.com (unless the 2253mailertable overrides). 2254 2255 dn: uid=harry, o=example.com, c=US 2256 objectClass: inetLocalMailRecipient 2257 mailLocalAddress: harry@example.com 2258 mailHost: mktmail.example.com 2259 mailRoutingAddress: harry@mkt.example.com 2260 2261This would relay mail for harry@example.com to the MX records listed for 2262the host mktmail.example.com using the new address harry@mkt.example.com 2263when talking to that host. 2264 2265 dn: uid=virtual.example.com, o=example.com, c=US 2266 objectClass: inetLocalMailRecipient 2267 mailLocalAddress: @virtual.example.com 2268 mailHost: server.example.com 2269 mailRoutingAddress: virtual@example.com 2270 2271This would send all mail destined for any username @virtual.example.com to 2272the machine server.example.com's MX servers and deliver to the address 2273virtual@example.com on that relay machine. 2274 2275 2276+---------------------------------+ 2277| ANTI-SPAM CONFIGURATION CONTROL | 2278+---------------------------------+ 2279 2280The primary anti-spam features available in sendmail are: 2281 2282* Relaying is denied by default. 2283* Better checking on sender information. 2284* Access database. 2285* Header checks. 2286 2287Relaying (transmission of messages from a site outside your host (class 2288{w}) to another site except yours) is denied by default. Note that this 2289changed in sendmail 8.9; previous versions allowed relaying by default. 2290If you really want to revert to the old behaviour, you will need to use 2291FEATURE(`promiscuous_relay'). You can allow certain domains to relay 2292through your server by adding their domain name or IP address to class 2293{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database 2294(described below). Note that IPv6 addresses must be prefaced with "IPv6:". 2295The file consists (like any other file based class) of entries listed on 2296separate lines, e.g., 2297 2298 sendmail.org 2299 128.32 2300 IPv6:2002:c0a8:02c7 2301 IPv6:2002:c0a8:51d2::23f4 2302 host.mydomain.com 2303 [UNIX:localhost] 2304 2305Notice: the last entry allows relaying for connections via a UNIX 2306socket to the MTA/MSP. This might be necessary if your configuration 2307doesn't allow relaying by other means in that case, e.g., by having 2308localhost.$m in class {R} (make sure $m is not just a top level 2309domain). 2310 2311If you use 2312 2313 FEATURE(`relay_entire_domain') 2314 2315then any host in any of your local domains (that is, class {m}) 2316will be relayed (that is, you will accept mail either to or from any 2317host in your domain). 2318 2319You can also allow relaying based on the MX records of the host 2320portion of an incoming recipient address by using 2321 2322 FEATURE(`relay_based_on_MX') 2323 2324For example, if your server receives a recipient of user@domain.com 2325and domain.com lists your server in its MX records, the mail will be 2326accepted for relay to domain.com. This feature may cause problems 2327if MX lookups for the recipient domain are slow or time out. In that 2328case, mail will be temporarily rejected. It is usually better to 2329maintain a list of hosts/domains for which the server acts as relay. 2330Note also that this feature will stop spammers from using your host 2331to relay spam but it will not stop outsiders from using your server 2332as a relay for their site (that is, they set up an MX record pointing 2333to your mail server, and you will relay mail addressed to them 2334without any prior arrangement). Along the same lines, 2335 2336 FEATURE(`relay_local_from') 2337 2338will allow relaying if the sender specifies a return path (i.e. 2339MAIL FROM: <user@domain>) domain which is a local domain. This is a 2340dangerous feature as it will allow spammers to spam using your mail 2341server by simply specifying a return address of user@your.domain.com. 2342It should not be used unless absolutely necessary. 2343A slightly better solution is 2344 2345 FEATURE(`relay_mail_from') 2346 2347which allows relaying if the mail sender is listed as RELAY in the 2348access map. If an optional argument `domain' (this is the literal 2349word `domain', not a placeholder) is given, the domain portion of 2350the mail sender is also checked to allowing relaying. This option 2351only works together with the tag From: for the LHS of the access 2352map entries. This feature allows spammers to abuse your mail server 2353by specifying a return address that you enabled in your access file. 2354This may be harder to figure out for spammers, but it should not 2355be used unless necessary. Instead use SMTP AUTH or STARTTLS to 2356allow relaying for roaming users. 2357 2358 2359If source routing is used in the recipient address (e.g., 2360RCPT TO: <user%site.com@othersite.com>), sendmail will check 2361user@site.com for relaying if othersite.com is an allowed relay host 2362in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, 2363or the access database if FEATURE(`access_db') is used. To prevent 2364the address from being stripped down, use: 2365 2366 FEATURE(`loose_relay_check') 2367 2368If you think you need to use this feature, you probably do not. This 2369should only be used for sites which have no control over the addresses 2370that they provide a gateway for. Use this FEATURE with caution as it 2371can allow spammers to relay through your server if not setup properly. 2372 2373NOTICE: It is possible to relay mail through a system which the anti-relay 2374rules do not prevent: the case of a system that does use FEATURE(`nouucp', 2375`nospecial') (system A) and relays local messages to a mail hub (e.g., via 2376LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use 2377FEATURE(`nouucp') at all, addresses of the form 2378<example.net!user@local.host> would be relayed to <user@example.net>. 2379System A doesn't recognize `!' as an address separator and therefore 2380forwards it to the mail hub which in turns relays it because it came from 2381a trusted local host. So if a mailserver allows UUCP (bang-format) 2382addresses, all systems from which it allows relaying should do the same 2383or reject those addresses. 2384 2385As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 2386an unresolvable domain (i.e., one that DNS, your local name service, 2387or special case rules in ruleset 3 cannot locate). This also applies 2388to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the 2389IP address can't be mapped to a host name. If you want to continue 2390to accept such domains, e.g., because you are inside a firewall that 2391has only a limited view of the Internet host name space (note that you 2392will not be able to return mail to them unless you have some "smart 2393host" forwarder), use 2394 2395 FEATURE(`accept_unresolvable_domains') 2396 2397Alternatively, you can allow specific addresses by adding them to 2398the access map, e.g., 2399 2400 From:unresolvable.domain OK 2401 From:[1.2.3.4] OK 2402 From:[1.2.4] OK 2403 2404Notice: domains which are temporarily unresolvable are (temporarily) 2405rejected with a 451 reply code. If those domains should be accepted 2406(which is discouraged) then you can use 2407 2408 LOCAL_CONFIG 2409 C{ResOk}TEMP 2410 2411sendmail will also refuse mail if the MAIL FROM: parameter is not 2412fully qualified (i.e., contains a domain as well as a user). If you 2413want to continue to accept such senders, use 2414 2415 FEATURE(`accept_unqualified_senders') 2416 2417Setting the DaemonPortOptions modifier 'u' overrides the default behavior, 2418i.e., unqualified addresses are accepted even without this FEATURE. If 2419this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used 2420to enforce fully qualified domain names. 2421 2422An ``access'' database can be created to accept or reject mail from 2423selected domains. For example, you may choose to reject all mail 2424originating from known spammers. To enable such a database, use 2425 2426 FEATURE(`access_db') 2427 2428Notice: the access database is applied to the envelope addresses 2429and the connection information, not to the header. 2430 2431The FEATURE macro can accept as second parameter the key file 2432definition for the database; for example 2433 2434 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map') 2435 2436Notice: If a second argument is specified it must contain the option 2437`-T<TMPF>' as shown above. The optional third and fourth parameters 2438may be `skip' or `lookupdotdomain'. The former enables SKIP as 2439value part (see below), the latter is another way to enable the 2440feature of the same name (see above). 2441 2442Remember, since /etc/mail/access is a database, after creating the text 2443file as described below, you must use makemap to create the database 2444map. For example: 2445 2446 makemap hash /etc/mail/access < /etc/mail/access 2447 2448The table itself uses e-mail addresses, domain names, and network 2449numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:". 2450For example, 2451 2452 From:spammer@aol.com REJECT 2453 From:cyberspammer.com REJECT 2454 Connect:cyberspammer.com REJECT 2455 Connect:TLD REJECT 2456 Connect:192.168.212 REJECT 2457 Connect:IPv6:2002:c0a8:02c7 RELAY 2458 Connect:IPv6:2002:c0a8:51d2::23f4 REJECT 2459 2460would refuse mail from spammer@aol.com, any user from cyberspammer.com 2461(or any host within the cyberspammer.com domain), any host in the entire 2462top level domain TLD, 192.168.212.* network, and the IPv6 address 24632002:c0a8:51d2::23f4. It would allow relay for the IPv6 network 24642002:c0a8:02c7::/48. 2465 2466Entries in the access map should be tagged according to their type. 2467Three tags are available: 2468 2469 Connect: connection information (${client_addr}, ${client_name}) 2470 From: envelope sender 2471 To: envelope recipient 2472 2473Notice: untagged entries are deprecated. 2474 2475If the required item is looked up in a map, it will be tried first 2476with the corresponding tag in front, then (as fallback to enable 2477backward compatibility) without any tag, unless the specific feature 2478requires a tag. For example, 2479 2480 From:spammer@some.dom REJECT 2481 To:friend.domain RELAY 2482 Connect:friend.domain OK 2483 Connect:from.domain RELAY 2484 From:good@another.dom OK 2485 From:another.dom REJECT 2486 2487This would deny mails from spammer@some.dom but you could still 2488send mail to that address even if FEATURE(`blacklist_recipients') 2489is enabled. Your system will allow relaying to friend.domain, but 2490not from it (unless enabled by other means). Connections from that 2491domain will be allowed even if it ends up in one of the DNS based 2492rejection lists. Relaying is enabled from from.domain but not to 2493it (since relaying is based on the connection information for 2494outgoing relaying, the tag Connect: must be used; for incoming 2495relaying, which is based on the recipient address, To: must be 2496used). The last two entries allow mails from good@another.dom but 2497reject mail from all other addresses with another.dom as domain 2498part. 2499 2500 2501The value part of the map can contain: 2502 2503 OK Accept mail even if other rules in the running 2504 ruleset would reject it, for example, if the domain 2505 name is unresolvable. "Accept" does not mean 2506 "relay", but at most acceptance for local 2507 recipients. That is, OK allows less than RELAY. 2508 RELAY Accept mail addressed to the indicated domain or 2509 received from the indicated domain for relaying 2510 through your SMTP server. RELAY also serves as 2511 an implicit OK for the other checks. 2512 REJECT Reject the sender or recipient with a general 2513 purpose message. 2514 DISCARD Discard the message completely using the 2515 $#discard mailer. If it is used in check_compat, 2516 it affects only the designated recipient, not 2517 the whole message as it does in all other cases. 2518 This should only be used if really necessary. 2519 SKIP This can only be used for host/domain names 2520 and IP addresses/nets. It will abort the current 2521 search for this entry without accepting or rejecting 2522 it but causing the default action. 2523 ### any text where ### is an RFC 821 compliant error code and 2524 "any text" is a message to return for the command. 2525 The string should be quoted to avoid surprises, 2526 e.g., sendmail may remove spaces otherwise. 2527 This type is deprecated, use one of the two 2528 ERROR: entries below instead. 2529 ERROR:### any text 2530 as above, but useful to mark error messages as such. 2531 ERROR:D.S.N:### any text 2532 where D.S.N is an RFC 1893 compliant error code 2533 and the rest as above. 2534 QUARANTINE:any text 2535 Quarantine the message using the given text as the 2536 quarantining reason. 2537 2538For example: 2539 2540 From:cyberspammer.com ERROR:"550 We don't accept mail from spammers" 2541 From:okay.cyberspammer.com OK 2542 Connect:sendmail.org RELAY 2543 To:sendmail.org RELAY 2544 Connect:128.32 RELAY 2545 Connect:128.32.2 SKIP 2546 Connect:IPv6:1:2:3:4:5:6:7 RELAY 2547 Connect:suspicious.example.com QUARANTINE:Mail from suspicious host 2548 Connect:[127.0.0.3] OK 2549 Connect:[IPv6:1:2:3:4:5:6:7:8] OK 2550 2551would accept mail from okay.cyberspammer.com, but would reject mail 2552from all other hosts at cyberspammer.com with the indicated message. 2553It would allow relaying mail from and to any hosts in the sendmail.org 2554domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network 2555and from the 128.32.*.* network except for the 128.32.2.* network, 2556which shows how SKIP is useful to exempt subnets/subdomains. The 2557last two entries are for checks against ${client_name} if the IP 2558address doesn't resolve to a hostname (or is considered as "may be 2559forged"). That is, using square brackets means these are host 2560names, not network numbers. 2561 2562Warning: if you change the RFC 821 compliant error code from the default 2563value of 550, then you should probably also change the RFC 1893 compliant 2564error code to match it. For example, if you use 2565 2566 To:user@example.com ERROR:450 mailbox full 2567 2568the error returned would be "450 5.0.0 mailbox full" which is wrong. 2569Use "ERROR:4.2.2:450 mailbox full" instead. 2570 2571Note, UUCP users may need to add hostname.UUCP to the access database 2572or class {R}. 2573 2574If you also use: 2575 2576 FEATURE(`relay_hosts_only') 2577 2578then the above example will allow relaying for sendmail.org, but not 2579hosts within the sendmail.org domain. Note that this will also require 2580hosts listed in class {R} to be fully qualified host names. 2581 2582You can also use the access database to block sender addresses based on 2583the username portion of the address. For example: 2584 2585 From:FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted 2586 2587Note that you must include the @ after the username to signify that 2588this database entry is for checking only the username portion of the 2589sender address. 2590 2591If you use: 2592 2593 FEATURE(`blacklist_recipients') 2594 2595then you can add entries to the map for local users, hosts in your 2596domains, or addresses in your domain which should not receive mail: 2597 2598 To:badlocaluser@ ERROR:550 Mailbox disabled for badlocaluser 2599 To:host.my.TLD ERROR:550 That host does not accept mail 2600 To:user@other.my.TLD ERROR:550 Mailbox disabled for this recipient 2601 2602This would prevent a recipient of badlocaluser in any of the local 2603domains (class {w}), any user at host.my.TLD, and the single address 2604user@other.my.TLD from receiving mail. Please note: a local username 2605must be now tagged with an @ (this is consistent with the check of 2606the sender address, and hence it is possible to distinguish between 2607hostnames and usernames). Enabling this feature will keep you from 2608sending mails to all addresses that have an error message or REJECT 2609as value part in the access map. Taking the example from above: 2610 2611 spammer@aol.com REJECT 2612 cyberspammer.com REJECT 2613 2614Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 2615That's why tagged entries should be used. 2616 2617There are several DNS based blacklists, the first of which was 2618the RBL (``Realtime Blackhole List'') run by the MAPS project, 2619see http://mail-abuse.org/. These are databases of spammers 2620maintained in DNS. To use such a database, specify 2621 2622 FEATURE(`dnsbl') 2623 2624This will cause sendmail to reject mail from any site in the original 2625Realtime Blackhole List database. This default DNS blacklist, 2626blackholes.mail-abuse.org, is a service offered by the Mail Abuse 2627Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription 2628service, so using that network address won't work if you haven't 2629subscribed. Contact MAPS to subscribe (http://mail-abuse.org/). 2630 2631You can specify an alternative RBL server to check by specifying an 2632argument to the FEATURE. The default error message is 2633 2634 Rejected: IP-ADDRESS listed at SERVER 2635 2636where IP-ADDRESS and SERVER are replaced by the appropriate 2637information. A second argument can be used to specify a different 2638text. By default, temporary lookup failures are ignored and hence 2639cause the connection not to be rejected by the DNS based rejection 2640list. This behavior can be changed by specifying a third argument, 2641which must be either `t' or a full error message. For example: 2642 2643 FEATURE(`dnsbl', `dnsbl.example.com', `', 2644 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"') 2645 2646If `t' is used, the error message is: 2647 2648 451 Temporary lookup failure of IP-ADDRESS at SERVER 2649 2650where IP-ADDRESS and SERVER are replaced by the appropriate 2651information. 2652 2653This FEATURE can be included several times to query different 2654DNS based rejection lists, e.g., the dial-up user list (see 2655http://mail-abuse.org/dul/). 2656 2657Notice: to avoid checking your own local domains against those 2658blacklists, use the access_db feature and add: 2659 2660 Connect:10.1 OK 2661 Connect:127.0.0.1 RELAY 2662 2663to the access map, where 10.1 is your local network. You may 2664want to use "RELAY" instead of "OK" to allow also relaying 2665instead of just disabling the DNS lookups in the backlists. 2666 2667 2668The features described above make use of the check_relay, check_mail, 2669and check_rcpt rulesets. Note that check_relay checks the SMTP 2670client hostname and IP address when the connection is made to your 2671server. It does not check if a mail message is being relayed to 2672another server. That check is done in check_rcpt. If you wish to 2673include your own checks, you can put your checks in the rulesets 2674Local_check_relay, Local_check_mail, and Local_check_rcpt. For 2675example if you wanted to block senders with all numeric usernames 2676(i.e. 2312343@bigisp.com), you would use Local_check_mail and the 2677regex map: 2678 2679 LOCAL_CONFIG 2680 Kallnumbers regex -a@MATCH ^[0-9]+$ 2681 2682 LOCAL_RULESETS 2683 SLocal_check_mail 2684 # check address against various regex checks 2685 R$* $: $>Parse0 $>3 $1 2686 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 2687 R@MATCH $#error $: 553 Header Error 2688 2689These rules are called with the original arguments of the corresponding 2690check_* ruleset. If the local ruleset returns $#OK, no further checking 2691is done by the features described above and the mail is accepted. If 2692the local ruleset resolves to a mailer (such as $#error or $#discard), 2693the appropriate action is taken. Other results starting with $# are 2694interpreted by sendmail and may lead to unspecified behavior. Note: do 2695NOT create a mailer with the name OK. Return values that do not start 2696with $# are ignored, i.e., normal processing continues. 2697 2698Delay all checks 2699---------------- 2700 2701By using FEATURE(`delay_checks') the rulesets check_mail and check_relay 2702will not be called when a client connects or issues a MAIL command, 2703respectively. Instead, those rulesets will be called by the check_rcpt 2704ruleset; they will be skipped if a sender has been authenticated using 2705a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). 2706If check_mail returns an error then the RCPT TO command will be rejected 2707with that error. If it returns some other result starting with $# then 2708check_relay will be skipped. If the sender address (or a part of it) is 2709listed in the access map and it has a RHS of OK or RELAY, then check_relay 2710will be skipped. This has an interesting side effect: if your domain is 2711my.domain and you have 2712 2713 my.domain RELAY 2714 2715in the access map, then any e-mail with a sender address of 2716<user@my.domain> will not be rejected by check_relay even though 2717it would match the hostname or IP address. This allows spammers 2718to get around DNS based blacklist by faking the sender address. To 2719avoid this problem you have to use tagged entries: 2720 2721 To:my.domain RELAY 2722 Connect:my.domain RELAY 2723 2724if you need those entries at all (class {R} may take care of them). 2725 2726FEATURE(`delay_checks') can take an optional argument: 2727 2728 FEATURE(`delay_checks', `friend') 2729 enables spamfriend test 2730 FEATURE(`delay_checks', `hater') 2731 enables spamhater test 2732 2733If such an argument is given, the recipient will be looked up in the 2734access map (using the tag Spam:). If the argument is `friend', then 2735the default behavior is to apply the other rulesets and make a SPAM 2736friend the exception. The rulesets check_mail and check_relay will be 2737skipped only if the recipient address is found and has RHS FRIEND. If 2738the argument is `hater', then the default behavior is to skip the rulesets 2739check_mail and check_relay and make a SPAM hater the exception. The 2740other two rulesets will be applied only if the recipient address is 2741found and has RHS HATER. 2742 2743This allows for simple exceptions from the tests, e.g., by activating 2744the friend option and having 2745 2746 Spam:abuse@ FRIEND 2747 2748in the access map, mail to abuse@localdomain will get through (where 2749"localdomain" is any domain in class {w}). It is also possible to 2750specify a full address or an address with +detail: 2751 2752 Spam:abuse@my.domain FRIEND 2753 Spam:me+abuse@ FRIEND 2754 Spam:spam.domain FRIEND 2755 2756Note: The required tag has been changed in 8.12 from To: to Spam:. 2757This change is incompatible to previous versions. However, you can 2758(for now) simply add the new entries to the access map, the old 2759ones will be ignored. As soon as you removed the old entries from 2760the access map, specify a third parameter (`n') to this feature and 2761the backward compatibility rules will not be in the generated .cf 2762file. 2763 2764Header Checks 2765------------- 2766 2767You can also reject mail on the basis of the contents of headers. 2768This is done by adding a ruleset call to the 'H' header definition command 2769in sendmail.cf. For example, this can be used to check the validity of 2770a Message-ID: header: 2771 2772 LOCAL_CONFIG 2773 HMessage-Id: $>CheckMessageId 2774 2775 LOCAL_RULESETS 2776 SCheckMessageId 2777 R< $+ @ $+ > $@ OK 2778 R$* $#error $: 553 Header Error 2779 2780The alternative format: 2781 2782 HSubject: $>+CheckSubject 2783 2784that is, $>+ instead of $>, gives the full Subject: header including 2785comments to the ruleset (comments in parentheses () are stripped 2786by default). 2787 2788A default ruleset for headers which don't have a specific ruleset 2789defined for them can be given by: 2790 2791 H*: $>CheckHdr 2792 2793Notice: 27941. All rules act on tokens as explained in doc/op/op.{me,ps,txt}. 2795That may cause problems with simple header checks due to the 2796tokenization. It might be simpler to use a regex map and apply it 2797to $&{currHeader}. 27982. There are no default rulesets coming with this distribution of 2799sendmail. You can either write your own or you can search the 2800WWW for examples, e.g., http://www.digitalanswers.org/check_local/ 28013. When using a default ruleset for headers, the name of the header 2802currently being checked can be found in the $&{hdr_name} macro. 2803 2804After all of the headers are read, the check_eoh ruleset will be called for 2805any final header-related checks. The ruleset is called with the number of 2806headers and the size of all of the headers in bytes separated by $|. One 2807example usage is to reject messages which do not have a Message-Id: 2808header. However, the Message-Id: header is *NOT* a required header and is 2809not a guaranteed spam indicator. This ruleset is an example and should 2810probably not be used in production. 2811 2812 LOCAL_CONFIG 2813 Kstorage macro 2814 HMessage-Id: $>CheckMessageId 2815 2816 LOCAL_RULESETS 2817 SCheckMessageId 2818 # Record the presence of the header 2819 R$* $: $(storage {MessageIdCheck} $@ OK $) $1 2820 R< $+ @ $+ > $@ OK 2821 R$* $#error $: 553 Header Error 2822 2823 Scheck_eoh 2824 # Check the macro 2825 R$* $: < $&{MessageIdCheck} > 2826 # Clear the macro for the next message 2827 R$* $: $(storage {MessageIdCheck} $) $1 2828 # Has a Message-Id: header 2829 R< $+ > $@ OK 2830 # Allow missing Message-Id: from local mail 2831 R$* $: < $&{client_name} > 2832 R< > $@ OK 2833 R< $=w > $@ OK 2834 # Otherwise, reject the mail 2835 R$* $#error $: 553 Header Error 2836 2837 2838+--------------------+ 2839| CONNECTION CONTROL | 2840+--------------------+ 2841 2842The features ratecontrol and conncontrol allow to establish connection 2843limits per client IP address or net. These features can limit the 2844rate of connections (connections per time unit) or the number of 2845incoming SMTP connections, respectively. If enabled, appropriate 2846rulesets are called at the end of check_relay, i.e., after DNS 2847blacklists and generic access_db operations. The features require 2848FEATURE(`access_db') to be listed earlier in the mc file. 2849 2850Note: FEATURE(`delay_checks') delays those connection control checks 2851after a recipient address has been received, hence making these 2852connection control features less useful. To run the checks as early 2853as possible, specify the parameter `nodelay', e.g., 2854 2855 FEATURE(`ratecontrol', `nodelay') 2856 2857In that case, FEATURE(`delay_checks') has no effect on connection 2858control (and it must be specified earlier in the mc file). 2859 2860An optional second argument `terminate' specifies whether the 2861rulesets should return the error code 421 which will cause 2862sendmail to terminate the session with that error if it is 2863returned from check_relay, i.e., not delayed as explained in 2864the previous paragraph. Example: 2865 2866 FEATURE(`ratecontrol', `nodelay', `terminate') 2867 2868 2869+----------+ 2870| STARTTLS | 2871+----------+ 2872 2873In this text, cert will be used as an abreviation for X.509 certificate, 2874DN (CN) is the distinguished (common) name of a cert, and CA is a 2875certification authority, which signs (issues) certs. 2876 2877For STARTTLS to be offered by sendmail you need to set at least 2878this variables (the file names and paths are just examples): 2879 2880 define(`confCACERT_PATH', `/etc/mail/certs/') 2881 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 2882 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 2883 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 2884 2885On systems which do not have the compile flag HASURANDOM set (see 2886sendmail/README) you also must set confRAND_FILE. 2887 2888See doc/op/op.{me,ps,txt} for more information about these options, 2889especially the sections ``Certificates for STARTTLS'' and ``PRNG for 2890STARTTLS''. 2891 2892Macros related to STARTTLS are: 2893 2894${cert_issuer} holds the DN of the CA (the cert issuer). 2895${cert_subject} holds the DN of the cert (called the cert subject). 2896${cn_issuer} holds the CN of the CA (the cert issuer). 2897${cn_subject} holds the CN of the cert (called the cert subject). 2898${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, 2899 TLSv1/SSLv3, SSLv3, SSLv2. 2900${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 2901 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. 2902${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm 2903 used for the connection. 2904${verify} holds the result of the verification of the presented cert. 2905 Possible values are: 2906 OK verification succeeded. 2907 NO no cert presented. 2908 NOT no cert requested. 2909 FAIL cert presented but could not be verified, 2910 e.g., the cert of the signing CA is missing. 2911 NONE STARTTLS has not been performed. 2912 TEMP temporary error occurred. 2913 PROTOCOL protocol error occurred (SMTP level). 2914 SOFTWARE STARTTLS handshake failed. 2915${server_name} the name of the server of the current outgoing SMTP 2916 connection. 2917${server_addr} the address of the server of the current outgoing SMTP 2918 connection. 2919 2920Relaying 2921-------- 2922 2923SMTP STARTTLS can allow relaying for remote SMTP clients which have 2924successfully authenticated themselves. If the verification of the cert 2925failed (${verify} != OK), relaying is subject to the usual rules. 2926Otherwise the DN of the issuer is looked up in the access map using the 2927tag CERTISSUER. If the resulting value is RELAY, relaying is allowed. 2928If it is SUBJECT, the DN of the cert subject is looked up next in the 2929access map using the tag CERTSUBJECT. If the value is RELAY, relaying 2930is allowed. 2931 2932To make things a bit more flexible (or complicated), the values for 2933${cert_issuer} and ${cert_subject} can be optionally modified by regular 2934expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and 2935_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in 2936rulesets and map lookups, they are modified as follows: each non-printable 2937character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced 2938by their HEX value with a leading '+'. For example: 2939 2940/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= 2941darth+cert@endmail.org 2942 2943is encoded as: 2944 2945/C=US/ST=California/O=endmail.org/OU=private/CN= 2946Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2947 2948(line breaks have been inserted for readability). 2949 2950The macros which are subject to this encoding are ${cert_subject}, 2951${cert_issuer}, ${cn_subject}, and ${cn_issuer}. 2952 2953Examples: 2954 2955To allow relaying for everyone who can present a cert signed by 2956 2957/C=US/ST=California/O=endmail.org/OU=private/CN= 2958Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2959 2960simply use: 2961 2962CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2963Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY 2964 2965To allow relaying only for a subset of machines that have a cert signed by 2966 2967/C=US/ST=California/O=endmail.org/OU=private/CN= 2968Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2969 2970use: 2971 2972CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2973Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT 2974CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= 2975DeathStar/Email=deathstar@endmail.org RELAY 2976 2977Notes: 2978- line breaks have been inserted after "CN=" for readability, 2979 each tagged entry must be one (long) line in the access map. 2980- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN 2981 is replaced by "emailAddress=". 2982 2983Of course it is also possible to write a simple ruleset that allows 2984relaying for everyone who can present a cert that can be verified, e.g., 2985 2986LOCAL_RULESETS 2987SLocal_check_rcpt 2988R$* $: $&{verify} 2989ROK $# OK 2990 2991Allowing Connections 2992-------------------- 2993 2994The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether 2995an SMTP connection is accepted (or should continue). 2996 2997tls_server is called when sendmail acts as client after a STARTTLS command 2998(should) have been issued. The parameter is the value of ${verify}. 2999 3000tls_client is called when sendmail acts as server, after a STARTTLS command 3001has been issued, and from check_mail. The parameter is the value of 3002${verify} and STARTTLS or MAIL, respectively. 3003 3004Both rulesets behave the same. If no access map is in use, the connection 3005will be accepted unless ${verify} is SOFTWARE, in which case the connection 3006is always aborted. For tls_server/tls_client, ${client_name}/${server_name} 3007is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done 3008with the ruleset LookUpDomain. If no entry is found, ${client_addr} 3009(${server_addr}) is looked up in the access map (same tag, ruleset 3010LookUpAddr). If this doesn't result in an entry either, just the tag is 3011looked up in the access map (included the trailing colon). Notice: 3012requiring that e-mail is sent to a server only encrypted, e.g., via 3013 3014TLS_Srv:secure.domain ENCR:112 3015 3016doesn't necessarily mean that e-mail sent to that domain is encrypted. 3017If the domain has multiple MX servers, e.g., 3018 3019secure.domain. IN MX 10 mail.secure.domain. 3020secure.domain. IN MX 50 mail.other.domain. 3021 3022then mail to user@secure.domain may go unencrypted to mail.other.domain. 3023tls_rcpt can be used to address this problem. 3024 3025tls_rcpt is called before a RCPT TO: command is sent. The parameter is the 3026current recipient. This ruleset is only defined if FEATURE(`access_db') 3027is selected. A recipient address user@domain is looked up in the access 3028map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain, 3029and TLS_Rcpt:; the first match is taken. 3030 3031The result of the lookups is then used to call the ruleset TLS_connection, 3032which checks the requirement specified by the RHS in the access map against 3033the actual parameters of the current TLS connection, esp. ${verify} and 3034${cipher_bits}. Legal RHSs in the access map are: 3035 3036VERIFY verification must have succeeded 3037VERIFY:bits verification must have succeeded and ${cipher_bits} must 3038 be greater than or equal bits. 3039ENCR:bits ${cipher_bits} must be greater than or equal bits. 3040 3041The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary 3042or permanent error. The default is a temporary error code (403 4.7.0) 3043unless the macro TLS_PERM_ERR is set during generation of the .cf file. 3044 3045If a certain level of encryption is required, then it might also be 3046possible that this level is provided by the security layer from a SASL 3047algorithm, e.g., DIGEST-MD5. 3048 3049Furthermore, there can be a list of extensions added. Such a list 3050starts with '+' and the items are separated by '++'. Allowed 3051extensions are: 3052 3053CN:name name must match ${cn_subject} 3054CN ${server_name} must match ${cn_subject} 3055CS:name name must match ${cert_subject} 3056CI:name name must match ${cert_issuer} 3057 3058Example: e-mail sent to secure.example.com should only use an encrypted 3059connection. E-mail received from hosts within the laptop.example.com domain 3060should only be accepted if they have been authenticated. The host which 3061receives e-mail for darth@endmail.org must present a cert that uses the 3062CN smtp.endmail.org. 3063 3064TLS_Srv:secure.example.com ENCR:112 3065TLS_Clt:laptop.example.com PERM+VERIFY:112 3066TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org 3067 3068 3069Disabling STARTTLS And Setting SMTP Server Features 3070--------------------------------------------------- 3071 3072By default STARTTLS is used whenever possible. However, there are 3073some broken MTAs that don't properly implement STARTTLS. To be able 3074to send to (or receive from) those MTAs, the ruleset try_tls 3075(srv_features) can be used that work together with the access map. 3076Entries for the access map must be tagged with Try_TLS (Srv_Features) 3077and refer to the hostname or IP address of the connecting system. 3078A default case can be specified by using just the tag. For example, 3079the following entries in the access map: 3080 3081 Try_TLS:broken.server NO 3082 Srv_Features:my.domain v 3083 Srv_Features: V 3084 3085will turn off STARTTLS when sending to broken.server (or any host 3086in that domain), and request a client certificate during the TLS 3087handshake only for hosts in my.domain. The valid entries on the RHS 3088for Srv_Features are listed in the Sendmail Installation and 3089Operations Guide. 3090 3091 3092Received: Header 3093---------------- 3094 3095The Received: header reveals whether STARTTLS has been used. It contains an 3096extra line: 3097 3098(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify}) 3099 3100 3101+---------------------+ 3102| SMTP AUTHENTICATION | 3103+---------------------+ 3104 3105The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be 3106used in anti-relay rulesets to allow relaying for those users that 3107authenticated themselves. A very simple example is: 3108 3109SLocal_check_rcpt 3110R$* $: $&{auth_type} 3111R$+ $# OK 3112 3113which checks whether a user has successfully authenticated using 3114any available mechanism. Depending on the setup of the Cyrus SASL 3115library, more sophisticated rulesets might be required, e.g., 3116 3117SLocal_check_rcpt 3118R$* $: $&{auth_type} $| $&{auth_authen} 3119RDIGEST-MD5 $| $+@$=w $# OK 3120 3121to allow relaying for users that authenticated using DIGEST-MD5 3122and have an identity in the local domains. 3123 3124The ruleset trust_auth is used to determine whether a given AUTH= 3125parameter (that is passed to this ruleset) should be trusted. This 3126ruleset may make use of the other ${auth_*} macros. Only if the 3127ruleset resolves to the error mailer, the AUTH= parameter is not 3128trusted. A user supplied ruleset Local_trust_auth can be written 3129to modify the default behavior, which only trust the AUTH= 3130parameter if it is identical to the authenticated user. 3131 3132Per default, relaying is allowed for any user who authenticated 3133via a "trusted" mechanism, i.e., one that is defined via 3134TRUST_AUTH_MECH(`list of mechanisms') 3135For example: 3136TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5') 3137 3138If the selected mechanism provides a security layer the number of 3139bits used for the key of the symmetric cipher is stored in the 3140macro ${auth_ssf}. 3141 3142Providing SMTP AUTH Data when sendmail acts as Client 3143----------------------------------------------------- 3144 3145If sendmail acts as client, it needs some information how to 3146authenticate against another MTA. This information can be provided 3147by the ruleset authinfo or by the option DefaultAuthInfo. The 3148authinfo ruleset looks up {server_name} using the tag AuthInfo: in 3149the access map. If no entry is found, {server_addr} is looked up 3150in the same way and finally just the tag AuthInfo: to provide 3151default values. Note: searches for domain parts or IP nets are 3152only performed if the access map is used; if the authinfo feature 3153is used then only up to three lookups are performed (two exact 3154matches, one default). 3155 3156Note: If your daemon does client authentication when sending, and 3157if it uses either PLAIN or LOGIN authentication, then you *must* 3158prevent ordinary users from seeing verbose output. Do NOT install 3159sendmail set-user-ID. Use PrivacyOptions to turn off verbose output 3160("goaway" works for this). 3161 3162Notice: the default configuration file causes the option DefaultAuthInfo 3163to fail since the ruleset authinfo is in the .cf file. If you really 3164want to use DefaultAuthInfo (it is deprecated) then you have to 3165remove the ruleset. 3166 3167The RHS for an AuthInfo: entry in the access map should consists of a 3168list of tokens, each of which has the form: "TDstring" (including 3169the quotes). T is a tag which describes the item, D is a delimiter, 3170either ':' for simple text or '=' for a base64 encoded string. 3171Valid values for the tag are: 3172 3173 U user (authorization) id 3174 I authentication id 3175 P password 3176 R realm 3177 M list of mechanisms delimited by spaces 3178 3179Example entries are: 3180 3181AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5" 3182AuthInfo:host.more.dom "U:user" "P=c2VjcmV0" 3183 3184User id or authentication id must exist as well as the password. All 3185other entries have default values. If one of user or authentication 3186id is missing, the existing value is used for the missing item. 3187If "R:" is not specified, realm defaults to $j. The list of mechanisms 3188defaults to those specified by AuthMechanisms. 3189 3190Since this map contains sensitive information, either the access 3191map must be unreadable by everyone but root (or the trusted user) 3192or FEATURE(`authinfo') must be used which provides a separate map. 3193Notice: It is not checked whether the map is actually 3194group/world-unreadable, this is left to the user. 3195 3196+--------------------------------+ 3197| ADDING NEW MAILERS OR RULESETS | 3198+--------------------------------+ 3199 3200Sometimes you may need to add entirely new mailers or rulesets. They 3201should be introduced with the constructs MAILER_DEFINITIONS and 3202LOCAL_RULESETS respectively. For example: 3203 3204 MAILER_DEFINITIONS 3205 Mmymailer, ... 3206 ... 3207 3208 LOCAL_RULESETS 3209 Smyruleset 3210 ... 3211 3212Local additions for the rulesets srv_features, try_tls, tls_rcpt, 3213tls_client, and tls_server can be made using LOCAL_SRV_FEATURES, 3214LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER, 3215respectively. For example, to add a local ruleset that decides 3216whether to try STARTTLS in a sendmail client, use: 3217 3218 LOCAL_TRY_TLS 3219 R... 3220 3221Note: you don't need to add a name for the ruleset, it is implicitly 3222defined by using the appropriate macro. 3223 3224 3225+-------------------------+ 3226| ADDING NEW MAIL FILTERS | 3227+-------------------------+ 3228 3229Sendmail supports mail filters to filter incoming SMTP messages according 3230to the "Sendmail Mail Filter API" documentation. These filters can be 3231configured in your mc file using the two commands: 3232 3233 MAIL_FILTER(`name', `equates') 3234 INPUT_MAIL_FILTER(`name', `equates') 3235 3236The first command, MAIL_FILTER(), simply defines a filter with the given 3237name and equates. For example: 3238 3239 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3240 3241This creates the equivalent sendmail.cf entry: 3242 3243 Xarchive, S=local:/var/run/archivesock, F=R 3244 3245The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER 3246but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name 3247of the filter such that the filter will actually be called by sendmail. 3248 3249For example, the two commands: 3250 3251 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3252 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3253 3254are equivalent to the three commands: 3255 3256 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3257 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3258 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') 3259 3260In general, INPUT_MAIL_FILTER() should be used unless you need to define 3261more filters than you want to use for `confINPUT_MAIL_FILTERS'. 3262 3263Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() 3264commands will clear the list created by the prior INPUT_MAIL_FILTER() 3265commands. 3266 3267 3268+-------------------------+ 3269| QUEUE GROUP DEFINITIONS | 3270+-------------------------+ 3271 3272In addition to the queue directory (which is the default queue group 3273called "mqueue"), sendmail can deal with multiple queue groups, which 3274are collections of queue directories with the same behaviour. Queue 3275groups can be defined using the command: 3276 3277 QUEUE_GROUP(`name', `equates') 3278 3279For details about queue groups, please see doc/op/op.{me,ps,txt}. 3280 3281+-------------------------------+ 3282| NON-SMTP BASED CONFIGURATIONS | 3283+-------------------------------+ 3284 3285These configuration files are designed primarily for use by 3286SMTP-based sites. They may not be well tuned for UUCP-only or 3287UUCP-primarily nodes (the latter is defined as a small local net 3288connected to the rest of the world via UUCP). However, there is 3289one hook to handle some special cases. 3290 3291You can define a ``smart host'' that understands a richer address syntax 3292using: 3293 3294 define(`SMART_HOST', `mailer:hostname') 3295 3296In this case, the ``mailer:'' defaults to "relay". Any messages that 3297can't be handled using the usual UUCP rules are passed to this host. 3298 3299If you are on a local SMTP-based net that connects to the outside 3300world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 3301For example: 3302 3303 define(`SMART_HOST', `uucp-new:uunet') 3304 LOCAL_NET_CONFIG 3305 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 3306 3307This will cause all names that end in your domain name ($m) to be sent 3308via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. 3309If you have FEATURE(`nocanonify'), you may need to omit the dots after 3310the $m. If you are running a local DNS inside your domain which is 3311not otherwise connected to the outside world, you probably want to 3312use: 3313 3314 define(`SMART_HOST', `smtp:fire.wall.com') 3315 LOCAL_NET_CONFIG 3316 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 3317 3318That is, send directly only to things you found in your DNS lookup; 3319anything else goes through SMART_HOST. 3320 3321You may need to turn off the anti-spam rules in order to accept 3322UUCP mail with FEATURE(`promiscuous_relay') and 3323FEATURE(`accept_unresolvable_domains'). 3324 3325 3326+-----------+ 3327| WHO AM I? | 3328+-----------+ 3329 3330Normally, the $j macro is automatically defined to be your fully 3331qualified domain name (FQDN). Sendmail does this by getting your 3332host name using gethostname and then calling gethostbyname on the 3333result. For example, in some environments gethostname returns 3334only the root of the host name (such as "foo"); gethostbyname is 3335supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 3336cases, gethostbyname may fail to return the FQDN. In this case 3337you MUST define confDOMAIN_NAME to be your fully qualified domain 3338name. This is usually done using: 3339 3340 Dmbar.com 3341 define(`confDOMAIN_NAME', `$w.$m')dnl 3342 3343 3344+-----------------------------------+ 3345| ACCEPTING MAIL FOR MULTIPLE NAMES | 3346+-----------------------------------+ 3347 3348If your host is known by several different names, you need to augment 3349class {w}. This is a list of names by which your host is known, and 3350anything sent to an address using a host name in this list will be 3351treated as local mail. You can do this in two ways: either create the 3352file /etc/mail/local-host-names containing a list of your aliases (one per 3353line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add 3354``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified 3355name of the host, rather than a short name. 3356 3357If you want to have different address in different domains, take 3358a look at the virtusertable feature, which is also explained at 3359http://www.sendmail.org/virtual-hosting.html 3360 3361 3362+--------------------+ 3363| USING MAILERTABLES | 3364+--------------------+ 3365 3366To use FEATURE(`mailertable'), you will have to create an external 3367database containing the routing information for various domains. 3368For example, a mailertable file in text format might be: 3369 3370 .my.domain xnet:%1.my.domain 3371 uuhost1.my.domain uucp-new:uuhost1 3372 .bitnet smtp:relay.bit.net 3373 3374This should normally be stored in /etc/mail/mailertable. The actual 3375database version of the mailertable is built using: 3376 3377 makemap hash /etc/mail/mailertable < /etc/mail/mailertable 3378 3379The semantics are simple. Any LHS entry that does not begin with 3380a dot matches the full host name indicated. LHS entries beginning 3381with a dot match anything ending with that domain name (including 3382the leading dot) -- that is, they can be thought of as having a 3383leading ".+" regular expression pattern for a non-empty sequence of 3384characters. Matching is done in order of most-to-least qualified 3385-- for example, even though ".my.domain" is listed first in the 3386above example, an entry of "uuhost1.my.domain" will match the second 3387entry since it is more explicit. Note: e-mail to "user@my.domain" 3388does not match any entry in the above table. You need to have 3389something like: 3390 3391 my.domain esmtp:host.my.domain 3392 3393The RHS should always be a "mailer:host" pair. The mailer is the 3394configuration name of a mailer (that is, an M line in the 3395sendmail.cf file). The "host" will be the hostname passed to 3396that mailer. In domain-based matches (that is, those with leading 3397dots) the "%1" may be used to interpolate the wildcarded part of 3398the host name. For example, the first line above sends everything 3399addressed to "anything.my.domain" to that same host name, but using 3400the (presumably experimental) xnet mailer. 3401 3402In some cases you may want to temporarily turn off MX records, 3403particularly on gateways. For example, you may want to MX 3404everything in a domain to one machine that then forwards it 3405directly. To do this, you might use the DNS configuration: 3406 3407 *.domain. IN MX 0 relay.machine 3408 3409and on relay.machine use the mailertable: 3410 3411 .domain smtp:[gateway.domain] 3412 3413The [square brackets] turn off MX records for this host only. 3414If you didn't do this, the mailertable would use the MX record 3415again, which would give you an MX loop. Note that the use of 3416wildcard MX records is almost always a bad idea. Please avoid 3417using them if possible. 3418 3419 3420+--------------------------------+ 3421| USING USERDB TO MAP FULL NAMES | 3422+--------------------------------+ 3423 3424The user database was not originally intended for mapping full names 3425to login names (e.g., Eric.Allman => eric), but some people are using 3426it that way. (it is recommended that you set up aliases for this 3427purpose instead -- since you can specify multiple alias files, this 3428is fairly easy.) The intent was to locate the default maildrop at 3429a site, but allow you to override this by sending to a specific host. 3430 3431If you decide to set up the user database in this fashion, it is 3432imperative that you not use FEATURE(`stickyhost') -- otherwise, 3433e-mail sent to Full.Name@local.host.name will be rejected. 3434 3435To build the internal form of the user database, use: 3436 3437 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt 3438 3439As a general rule, it is an extremely bad idea to using full names 3440as e-mail addresses, since they are not in any sense unique. For 3441example, the UNIX software-development community has at least two 3442well-known Peter Deutsches, and at one time Bell Labs had two 3443Stephen R. Bournes with offices along the same hallway. Which one 3444will be forced to suffer the indignity of being Stephen_R_Bourne_2? 3445The less famous of the two, or the one that was hired later? 3446 3447Finger should handle full names (and be fuzzy). Mail should use 3448handles, and not be fuzzy. 3449 3450 3451+--------------------------------+ 3452| MISCELLANEOUS SPECIAL FEATURES | 3453+--------------------------------+ 3454 3455Plussed users 3456 Sometimes it is convenient to merge configuration on a 3457 centralized mail machine, for example, to forward all 3458 root mail to a mail server. In this case it might be 3459 useful to be able to treat the root addresses as a class 3460 of addresses with subtle differences. You can do this 3461 using plussed users. For example, a client might include 3462 the alias: 3463 3464 root: root+client1@server 3465 3466 On the server, this will match an alias for "root+client1". 3467 If that is not found, the alias "root+*" will be tried, 3468 then "root". 3469 3470 3471+----------------+ 3472| SECURITY NOTES | 3473+----------------+ 3474 3475A lot of sendmail security comes down to you. Sendmail 8 is much 3476more careful about checking for security problems than previous 3477versions, but there are some things that you still need to watch 3478for. In particular: 3479 3480* Make sure the aliases file is not writable except by trusted 3481 system personnel. This includes both the text and database 3482 version. 3483 3484* Make sure that other files that sendmail reads, such as the 3485 mailertable, are only writable by trusted system personnel. 3486 3487* The queue directory should not be world writable PARTICULARLY 3488 if your system allows "file giveaways" (that is, if a non-root 3489 user can chown any file they own to any other user). 3490 3491* If your system allows file giveaways, DO NOT create a publically 3492 writable directory for forward files. This will allow anyone 3493 to steal anyone else's e-mail. Instead, create a script that 3494 copies the .forward file from users' home directories once a 3495 night (if you want the non-NFS-mounted forward directory). 3496 3497* If your system allows file giveaways, you'll find that 3498 sendmail is much less trusting of :include: files -- in 3499 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 3500 /etc/shells before they will be trusted (that is, before 3501 files and programs listed in them will be honored). 3502 3503In general, file giveaways are a mistake -- if you can turn them 3504off, do so. 3505 3506 3507+--------------------------------+ 3508| TWEAKING CONFIGURATION OPTIONS | 3509+--------------------------------+ 3510 3511There are a large number of configuration options that don't normally 3512need to be changed. However, if you feel you need to tweak them, 3513you can define the following M4 variables. Note that some of these 3514variables require formats that are defined in RFC 2821 or RFC 2822. 3515Before changing them you need to make sure you do not violate those 3516(and other relevant) RFCs. 3517 3518This list is shown in four columns: the name you define, the default 3519value for that definition, the option or macro that is affected 3520(either Ox for an option or Dx for a macro), and a brief description. 3521Greater detail of the semantics can be found in the Installation 3522and Operations Guide. 3523 3524Some options are likely to be deprecated in future versions -- that is, 3525the option is only included to provide back-compatibility. These are 3526marked with "*". 3527 3528Remember that these options are M4 variables, and hence may need to 3529be quoted. In particular, arguments with commas will usually have to 3530be ``double quoted, like this phrase'' to avoid having the comma 3531confuse things. This is common for alias file definitions and for 3532the read timeout. 3533 3534M4 Variable Name Configuration [Default] & Description 3535================ ============= ======================= 3536confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 3537 for internally generated outgoing 3538 messages. 3539confDOMAIN_NAME $j macro If defined, sets $j. This should 3540 only be done if your system cannot 3541 determine your local domain name, 3542 and then it should be set to 3543 $w.Foo.COM, where Foo.COM is your 3544 domain name. 3545confCF_VERSION $Z macro If defined, this is appended to the 3546 configuration version name. 3547confLDAP_CLUSTER ${sendmailMTACluster} macro 3548 If defined, this is the LDAP 3549 cluster to use for LDAP searches 3550 as described above in ``USING LDAP 3551 FOR ALIASES, MAPS, AND CLASSES''. 3552confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 3553 internally generated From: address. 3554confRECEIVED_HEADER Received: 3555 [$?sfrom $s $.$?_($?s$|from $.$_) 3556 $.$?{auth_type}(authenticated) 3557 $.by $j ($v/$Z)$?r with $r$. id $i$?u 3558 for $u; $|; 3559 $.$b] 3560 The format of the Received: header 3561 in messages passed through this host. 3562 It is unwise to try to change this. 3563confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an 3564 internally generated Message-Id: 3565 header. 3566confCW_FILE Fw class [/etc/mail/local-host-names] Name 3567 of file used to get the local 3568 additions to class {w} (local host 3569 names). 3570confCT_FILE Ft class [/etc/mail/trusted-users] Name of 3571 file used to get the local additions 3572 to class {t} (trusted users). 3573confCR_FILE FR class [/etc/mail/relay-domains] Name of 3574 file used to get the local additions 3575 to class {R} (hosts allowed to relay). 3576confTRUSTED_USERS Ct class [no default] Names of users to add to 3577 the list of trusted users. This list 3578 always includes root, uucp, and daemon. 3579 See also FEATURE(`use_ct_file'). 3580confTRUSTED_USER TrustedUser [no default] Trusted user for file 3581 ownership and starting the daemon. 3582 Not to be confused with 3583 confTRUSTED_USERS (see above). 3584confSMTP_MAILER - [esmtp] The mailer name used when 3585 SMTP connectivity is required. 3586 One of "smtp", "smtp8", 3587 "esmtp", or "dsmtp". 3588confUUCP_MAILER - [uucp-old] The mailer to be used by 3589 default for bang-format recipient 3590 addresses. See also discussion of 3591 class {U}, class {Y}, and class {Z} 3592 in the MAILER(`uucp') section. 3593confLOCAL_MAILER - [local] The mailer name used when 3594 local connectivity is required. 3595 Almost always "local". 3596confRELAY_MAILER - [relay] The default mailer name used 3597 for relaying any mail (e.g., to a 3598 BITNET_RELAY, a SMART_HOST, or 3599 whatever). This can reasonably be 3600 "uucp-new" if you are on a 3601 UUCP-connected site. 3602confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 3603confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 3604confALIAS_WAIT AliasWait [10m] Time to wait for alias file 3605 rebuild until you get bored and 3606 decide that the apparently pending 3607 rebuild failed. 3608confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 3609 queue filesystem to accept SMTP mail. 3610 (Prior to 8.7 this was minfree/maxsize, 3611 where minfree was the number of free 3612 blocks and maxsize was the maximum 3613 message size. Use confMAX_MESSAGE_SIZE 3614 for the second value now.) 3615confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 3616 that will be accepted (in bytes). 3617confBLANK_SUB BlankSub [.] Blank (space) substitution 3618 character. 3619confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 3620 to mailers marked expensive. 3621confCHECKPOINT_INTERVAL CheckpointInterval 3622 [10] Checkpoint queue files every N 3623 recipients. 3624confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 3625confERROR_MODE ErrorMode [print] Error message mode. 3626confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 3627confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 3628confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 3629confMATCH_GECOS MatchGECOS [False] Match GECOS field. 3630confMAX_HOP MaxHopCount [25] Maximum hop count. 3631confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd 3632 mode] Ignore dot as terminator for 3633 incoming messages? 3634confBIND_OPTS ResolverOptions [undefined] Default options for DNS 3635 resolver. 3636confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 3637 encapsulated messages per RFC 1344. 3638confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 3639 The colon-separated list of places to 3640 search for .forward files. N.B.: see 3641 the Security Notes section. 3642confMCI_CACHE_SIZE ConnectionCacheSize 3643 [2] Size of open connection cache. 3644confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 3645 [5m] Open connection cache timeout. 3646confHOST_STATUS_DIRECTORY HostStatusDirectory 3647 [undefined] If set, host status is kept 3648 on disk between sendmail runs in the 3649 named directory tree. This need not be 3650 a full pathname, in which case it is 3651 interpreted relative to the queue 3652 directory. 3653confSINGLE_THREAD_DELIVERY SingleThreadDelivery 3654 [False] If this option and the 3655 HostStatusDirectory option are both 3656 set, single thread deliveries to other 3657 hosts. That is, don't allow any two 3658 sendmails on this host to connect 3659 simultaneously to any other single 3660 host. This can slow down delivery in 3661 some cases, in particular since a 3662 cached but otherwise idle connection 3663 to a host will prevent other sendmails 3664 from connecting to the other host. 3665confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to 3666 deliver error messages. This should 3667 not be necessary because of general 3668 acceptance of the envelope/header 3669 distinction. 3670confLOG_LEVEL LogLevel [9] Log level. 3671confME_TOO MeToo [True] Include sender in group 3672 expansions. This option is 3673 deprecated and will be removed from 3674 a future version. 3675confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 3676 running newaliases. Since this does 3677 DNS lookups on every address, it can 3678 slow down the alias rebuild process 3679 considerably on large alias files. 3680confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 3681 special chars are old style. 3682confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 3683confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 3684 copies of all error messages. 3685confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 3686confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for 3687 queue files (octal). If not set, 3688 sendmail uses 0600 unless its real 3689 and effective uid are different in 3690 which case it uses 0644. 3691confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 3692 syntax addresses to the minimum 3693 possible. 3694confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 3695 before forking. 3696confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 3697 on the initial connect. 3698confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 3699 connect() to complete. This can only 3700 shorten connection timeouts; the kernel 3701 silently enforces an absolute maximum 3702 (which varies depending on the system). 3703confTO_ICONNECT Timeout.iconnect 3704 [undefined] Like Timeout.connect, but 3705 applies only to the very first attempt 3706 to connect to a host in a message. 3707 This allows a single very fast pass 3708 followed by more careful delivery 3709 attempts in the future. 3710confTO_ACONNECT Timeout.aconnect 3711 [0] The overall timeout waiting for 3712 all connection for a single delivery 3713 attempt to succeed. If 0, no overall 3714 limit is applied. 3715confTO_HELO Timeout.helo [5m] The timeout waiting for a response 3716 to a HELO or EHLO command. 3717confTO_MAIL Timeout.mail [10m] The timeout waiting for a 3718 response to the MAIL command. 3719confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 3720 to the RCPT command. 3721confTO_DATAINIT Timeout.datainit 3722 [5m] The timeout waiting for a 354 3723 response from the DATA command. 3724confTO_DATABLOCK Timeout.datablock 3725 [1h] The timeout waiting for a block 3726 during DATA phase. 3727confTO_DATAFINAL Timeout.datafinal 3728 [1h] The timeout waiting for a response 3729 to the final "." that terminates a 3730 message. 3731confTO_RSET Timeout.rset [5m] The timeout waiting for a response 3732 to the RSET command. 3733confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 3734 to the QUIT command. 3735confTO_MISC Timeout.misc [2m] The timeout waiting for a response 3736 to other SMTP commands. 3737confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout 3738 waiting for a command to be issued. 3739confTO_IDENT Timeout.ident [5s] The timeout waiting for a 3740 response to an IDENT query. 3741confTO_FILEOPEN Timeout.fileopen 3742 [60s] The timeout waiting for a file 3743 (e.g., :include: file) to be opened. 3744confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response 3745 to an LMTP LHLO command. 3746confTO_AUTH Timeout.auth [10m] The timeout waiting for a 3747 response in an AUTH dialogue. 3748confTO_STARTTLS Timeout.starttls 3749 [1h] The timeout waiting for a 3750 response to an SMTP STARTTLS command. 3751confTO_CONTROL Timeout.control 3752 [2m] The timeout for a complete 3753 control socket transaction to complete. 3754confTO_QUEUERETURN Timeout.queuereturn 3755 [5d] The timeout before a message is 3756 returned as undeliverable. 3757confTO_QUEUERETURN_NORMAL 3758 Timeout.queuereturn.normal 3759 [undefined] As above, for normal 3760 priority messages. 3761confTO_QUEUERETURN_URGENT 3762 Timeout.queuereturn.urgent 3763 [undefined] As above, for urgent 3764 priority messages. 3765confTO_QUEUERETURN_NONURGENT 3766 Timeout.queuereturn.non-urgent 3767 [undefined] As above, for non-urgent 3768 (low) priority messages. 3769confTO_QUEUERETURN_DSN 3770 Timeout.queuereturn.dsn 3771 [undefined] As above, for delivery 3772 status notification messages. 3773confTO_QUEUEWARN Timeout.queuewarn 3774 [4h] The timeout before a warning 3775 message is sent to the sender telling 3776 them that the message has been 3777 deferred. 3778confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 3779 [undefined] As above, for normal 3780 priority messages. 3781confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 3782 [undefined] As above, for urgent 3783 priority messages. 3784confTO_QUEUEWARN_NONURGENT 3785 Timeout.queuewarn.non-urgent 3786 [undefined] As above, for non-urgent 3787 (low) priority messages. 3788confTO_QUEUEWARN_DSN 3789 Timeout.queuewarn.dsn 3790 [undefined] As above, for delivery 3791 status notification messages. 3792confTO_HOSTSTATUS Timeout.hoststatus 3793 [30m] How long information about host 3794 statuses will be maintained before it 3795 is considered stale and the host should 3796 be retried. This applies both within 3797 a single queue run and to persistent 3798 information (see below). 3799confTO_RESOLVER_RETRANS Timeout.resolver.retrans 3800 [varies] Sets the resolver's 3801 retransmission time interval (in 3802 seconds). Sets both 3803 Timeout.resolver.retrans.first and 3804 Timeout.resolver.retrans.normal. 3805confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 3806 [varies] Sets the resolver's 3807 retransmission time interval (in 3808 seconds) for the first attempt to 3809 deliver a message. 3810confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 3811 [varies] Sets the resolver's 3812 retransmission time interval (in 3813 seconds) for all resolver lookups 3814 except the first delivery attempt. 3815confTO_RESOLVER_RETRY Timeout.resolver.retry 3816 [varies] Sets the number of times 3817 to retransmit a resolver query. 3818 Sets both 3819 Timeout.resolver.retry.first and 3820 Timeout.resolver.retry.normal. 3821confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 3822 [varies] Sets the number of times 3823 to retransmit a resolver query for 3824 the first attempt to deliver a 3825 message. 3826confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 3827 [varies] Sets the number of times 3828 to retransmit a resolver query for 3829 all resolver lookups except the 3830 first delivery attempt. 3831confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 3832 USE_SYSTEM to use the system's idea, 3833 USE_TZ to use the user's TZ envariable, 3834 or something else to force that value. 3835confDEF_USER_ID DefaultUser [1:1] Default user id. 3836confUSERDB_SPEC UserDatabaseSpec 3837 [undefined] User database 3838 specification. 3839confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 3840confFALLBACK_SMARTHOST FallbackSmartHost 3841 [undefined] Fallback smart host. 3842confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX 3843 for a host and other arrangements 3844 haven't been made, try connecting 3845 to the host directly; normally this 3846 would be a config error. 3847confQUEUE_LA QueueLA [varies] Load average at which 3848 queue-only function kicks in. 3849 Default values is (8 * numproc) 3850 where numproc is the number of 3851 processors online (if that can be 3852 determined). 3853confREFUSE_LA RefuseLA [varies] Load average at which 3854 incoming SMTP connections are 3855 refused. Default values is (12 * 3856 numproc) where numproc is the 3857 number of processors online (if 3858 that can be determined). 3859confREJECT_LOG_INTERVAL RejectLogInterval [3h] Log interval when 3860 refusing connections for this long. 3861confDELAY_LA DelayLA [0] Load average at which sendmail 3862 will sleep for one second on most 3863 SMTP commands and before accepting 3864 connections. 0 means no limit. 3865confMAX_ALIAS_RECURSION MaxAliasRecursion 3866 [10] Maximum depth of alias recursion. 3867confMAX_DAEMON_CHILDREN MaxDaemonChildren 3868 [undefined] The maximum number of 3869 children the daemon will permit. After 3870 this number, connections will be 3871 rejected. If not set or <= 0, there is 3872 no limit. 3873confMAX_HEADERS_LENGTH MaxHeadersLength 3874 [32768] Maximum length of the sum 3875 of all headers. 3876confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 3877 [undefined] Maximum length of 3878 certain MIME header field values. 3879confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 3880 [undefined] The maximum number of 3881 connections permitted per second per 3882 daemon. After this many connections 3883 are accepted, further connections 3884 will be delayed. If not set or <= 0, 3885 there is no limit. 3886confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize 3887 [60s] Define the length of the 3888 interval for which the number of 3889 incoming connections is maintained. 3890confWORK_RECIPIENT_FACTOR 3891 RecipientFactor [30000] Cost of each recipient. 3892confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a 3893 separate process. 3894confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 3895confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 3896confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 3897 Priority, Host, Filename, Random, 3898 Modification, or Time. 3899confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 3900 must sit in the queue between queue 3901 runs. This allows you to set the 3902 queue run interval low for better 3903 responsiveness without trying all 3904 jobs in each run. 3905confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 3906 unlabeled 8 bit input to MIME, the 3907 character set to use by default. 3908confSERVICE_SWITCH_FILE ServiceSwitchFile 3909 [/etc/mail/service.switch] The file 3910 to use for the service switch on 3911 systems that do not have a 3912 system-defined switch. 3913confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 3914 "file" type access of hosts names. 3915confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 3916 long and try again. Zero means "don't 3917 retry". This is to allow "dial on 3918 demand" connections to have enough time 3919 to complete a connection. 3920confNO_RCPT_ACTION NoRecipientAction 3921 [none] What to do if there are no legal 3922 recipient fields (To:, Cc: or Bcc:) 3923 in the message. Legal values can 3924 be "none" to just leave the 3925 nonconforming message as is, "add-to" 3926 to add a To: header with all the 3927 known recipients (which may expose 3928 blind recipients), "add-apparently-to" 3929 to do the same but use Apparently-To: 3930 instead of To: (strongly discouraged 3931 in accordance with IETF standards), 3932 "add-bcc" to add an empty Bcc: 3933 header, or "add-to-undisclosed" to 3934 add the header 3935 ``To: undisclosed-recipients:;''. 3936confSAFE_FILE_ENV SafeFileEnvironment 3937 [undefined] If set, sendmail will do a 3938 chroot() into this directory before 3939 writing files. 3940confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 3941 If set, colons are treated as a regular 3942 character in addresses. If not set, 3943 they are treated as the introducer to 3944 the RFC 822 "group" syntax. Colons are 3945 handled properly in route-addrs. This 3946 option defaults on for V5 and lower 3947 configuration files. 3948confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 3949 any given queue run to this number of 3950 entries. Essentially, this will stop 3951 reading each queue directory after this 3952 number of entries are reached; it does 3953 _not_ pick the highest priority jobs, 3954 so this should be as large as your 3955 system can tolerate. If not set, there 3956 is no limit. 3957confMAX_QUEUE_CHILDREN MaxQueueChildren 3958 [undefined] Limits the maximum number 3959 of concurrent queue runners active. 3960 This is to keep system resources used 3961 within a reasonable limit. Relates to 3962 Queue Groups and ForkEachJob. 3963confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 3964 [1] Only active when MaxQueueChildren 3965 defined. Controls the maximum number 3966 of queue runners (aka queue children) 3967 active at the same time in a work 3968 group. See also MaxQueueChildren. 3969confDONT_EXPAND_CNAMES DontExpandCnames 3970 [False] If set, $[ ... $] lookups that 3971 do DNS based lookups do not expand 3972 CNAME records. This currently violates 3973 the published standards, but the IETF 3974 seems to be moving toward legalizing 3975 this. For example, if "FTP.Foo.ORG" 3976 is a CNAME for "Cruft.Foo.ORG", then 3977 with this option set a lookup of 3978 "FTP" will return "FTP.Foo.ORG"; if 3979 clear it returns "Cruft.FOO.ORG". N.B. 3980 you may not see any effect until your 3981 downstream neighbors stop doing CNAME 3982 lookups as well. 3983confFROM_LINE UnixFromLine [From $g $d] The From_ line used 3984 when sending to files or programs. 3985confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 3986 [False] From: lines that have 3987 embedded newlines are unwrapped 3988 onto one line. 3989confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 3990 does not include a host name. 3991confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 3992 name phrase (@,;:\()[] are automatic). 3993confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 3994 characters. 3995confSMTP_LOGIN_MSG SmtpGreetingMessage 3996 [$j Sendmail $v/$Z; $b] 3997 The initial (spontaneous) SMTP 3998 greeting message. The word "ESMTP" 3999 will be inserted between the first and 4000 second words to convince other 4001 sendmails to try to speak ESMTP. 4002confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 4003 routine will never be invoked. You 4004 might want to do this if you are 4005 running NIS and you have a large group 4006 map, since this call does a sequential 4007 scan of the map; in a large site this 4008 can cause your ypserv to run 4009 essentially full time. If you set 4010 this, agents run on behalf of users 4011 will only have their primary 4012 (/etc/passwd) group permissions. 4013confUNSAFE_GROUP_WRITES UnsafeGroupWrites 4014 [False] If set, group-writable 4015 :include: and .forward files are 4016 considered "unsafe", that is, programs 4017 and files cannot be directly referenced 4018 from such files. World-writable files 4019 are always considered unsafe. 4020confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection 4021 address (for testing). 4022confCONTROL_SOCKET_NAME ControlSocketName 4023 [undefined] Control socket for daemon 4024 management. 4025confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 4026 [postmaster] If an error occurs when 4027 sending an error message, send that 4028 "double bounce" error message to this 4029 address. If it expands to an empty 4030 string, double bounces are dropped. 4031confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce 4032 messages which could not be returned 4033 to the user or sent to postmaster. 4034 If not set, the queue file will 4035 be renamed. 4036confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header 4037 implies DSN request. 4038confRUN_AS_USER RunAsUser [undefined] If set, become this user 4039 when reading and delivering mail. 4040 Causes all file reads (e.g., .forward 4041 and :include: files) to be done as 4042 this user. Also, all programs will 4043 be run as this user, and all output 4044 files will be written as this user. 4045confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 4046 [infinite] If set, allow no more than 4047 the specified number of recipients in 4048 an SMTP envelope. Further recipients 4049 receive a 452 error code (i.e., they 4050 are deferred for the next delivery 4051 attempt). 4052confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified 4053 number of recipients in a single SMTP 4054 transaction have been rejected, sleep 4055 for one second after each subsequent 4056 RCPT command in that transaction. 4057confDONT_PROBE_INTERFACES DontProbeInterfaces 4058 [False] If set, sendmail will _not_ 4059 insert the names and addresses of any 4060 local interfaces into class {w} 4061 (list of known "equivalent" addresses). 4062 If you set this, you must also include 4063 some support for these addresses (e.g., 4064 in a mailertable entry) -- otherwise, 4065 mail to addresses in this list will 4066 bounce with a configuration error. 4067 If set to "loopback" (without 4068 quotes), sendmail will skip 4069 loopback interfaces (e.g., "lo0"). 4070confPID_FILE PidFile [system dependent] Location of pid 4071 file. 4072confPROCESS_TITLE_PREFIX ProcessTitlePrefix 4073 [undefined] Prefix string for the 4074 process title shown on 'ps' listings. 4075confDONT_BLAME_SENDMAIL DontBlameSendmail 4076 [safe] Override sendmail's file 4077 safety checks. This will definitely 4078 compromise system security and should 4079 not be used unless absolutely 4080 necessary. 4081confREJECT_MSG - [550 Access denied] The message 4082 given if the access database contains 4083 REJECT in the value portion. 4084confRELAY_MSG - [550 Relaying denied] The message 4085 given if an unauthorized relaying 4086 attempt is rejected. 4087confDF_BUFFER_SIZE DataFileBufferSize 4088 [4096] The maximum size of a 4089 memory-buffered data (df) file 4090 before a disk-based file is used. 4091confXF_BUFFER_SIZE XScriptFileBufferSize 4092 [4096] The maximum size of a 4093 memory-buffered transcript (xf) 4094 file before a disk-based file is 4095 used. 4096confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5 4097 CRAM-MD5] List of authentication 4098 mechanisms for AUTH (separated by 4099 spaces). The advertised list of 4100 authentication mechanisms will be the 4101 intersection of this list and the list 4102 of available mechanisms as determined 4103 by the Cyrus SASL library. 4104confAUTH_REALM AuthRealm [undefined] The authentication realm 4105 that is passed to the Cyrus SASL 4106 library. If no realm is specified, 4107 $j is used. 4108confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains 4109 authentication information for 4110 outgoing connections. This file must 4111 contain the user id, the authorization 4112 id, the password (plain text), the 4113 realm to use, and the list of 4114 mechanisms to try, each on a separate 4115 line and must be readable by root (or 4116 the trusted user) only. If no realm 4117 is specified, $j is used. If no 4118 mechanisms are given in the file, 4119 AuthMechanisms is used. Notice: this 4120 option is deprecated and will be 4121 removed in future versions; it doesn't 4122 work for the MSP since it can't read 4123 the file. Use the authinfo ruleset 4124 instead. See also the section SMTP 4125 AUTHENTICATION. 4126confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A' 4127 then the AUTH= parameter for the 4128 MAIL FROM command is only issued 4129 when authentication succeeded. 4130 Other values (which should be listed 4131 one after the other without any 4132 intervening characters except for 4133 space or comma) are a, c, d, f, p, 4134 and y. See doc/op/op.me for 4135 details. 4136confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption 4137 strength for the security layer in 4138 SMTP AUTH (SASL). Default is 4139 essentially unlimited. 4140confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 4141 verification is performed, i.e., 4142 the server doesn't ask for a 4143 certificate. 4144confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map 4145 specification for LDAP maps. The 4146 value should only contain LDAP 4147 specific settings such as "-h host 4148 -p port -d bindDN", etc. The 4149 settings will be used for all LDAP 4150 maps unless they are specified in 4151 the individual map specification 4152 ('K' command). 4153confCACERT_PATH CACertPath [undefined] Path to directory 4154 with certs of CAs. 4155confCACERT CACertFile [undefined] File containing one CA 4156 cert. 4157confSERVER_CERT ServerCertFile [undefined] File containing the 4158 cert of the server, i.e., this cert 4159 is used when sendmail acts as 4160 server. 4161confSERVER_KEY ServerKeyFile [undefined] File containing the 4162 private key belonging to the server 4163 cert. 4164confCLIENT_CERT ClientCertFile [undefined] File containing the 4165 cert of the client, i.e., this cert 4166 is used when sendmail acts as 4167 client. 4168confCLIENT_KEY ClientKeyFile [undefined] File containing the 4169 private key belonging to the client 4170 cert. 4171confCRL CRLFile [undefined] File containing certificate 4172 revocation status, useful for X.509v3 4173 authentication. Note that CRL requires 4174 at least OpenSSL version 0.9.7. 4175confDH_PARAMETERS DHParameters [undefined] File containing the 4176 DH parameters. 4177confRAND_FILE RandFile [undefined] File containing random 4178 data (use prefix file:) or the 4179 name of the UNIX socket if EGD is 4180 used (use prefix egd:). STARTTLS 4181 requires this option if the compile 4182 flag HASURANDOM is not set (see 4183 sendmail/README). 4184confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of 4185 queue runners is set the given value 4186 (nice(3)). 4187confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 4188 [undefined] Defines {daemon_flags} 4189 for direct submissions. 4190confUSE_MSP UseMSP [false] Use as mail submission 4191 program, see sendmail/SECURITY. 4192confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By 4193 SMTP Service Extension (RFC 2852). 4194confREQUIRES_DIR_FSYNC RequiresDirfsync [true] RequiresDirfsync can 4195 be used to turn off the compile time 4196 flag REQUIRES_DIR_FSYNC at runtime. 4197 See sendmail/README for details. 4198confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory. 4199confFAST_SPLIT FastSplit [1] If set to a value greater than 4200 zero, the initial MX lookups on 4201 addresses is suppressed when they 4202 are sorted which may result in 4203 faster envelope splitting. If the 4204 mail is submitted directly from the 4205 command line, then the value also 4206 limits the number of processes to 4207 deliver the envelopes. 4208confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find 4209 information about local mailboxes. 4210confDEQUOTE_OPTS - [empty] Additional options for the 4211 dequote map. 4212confINPUT_MAIL_FILTERS InputMailFilters 4213 A comma separated list of filters 4214 which determines which filters and 4215 the invocation sequence are 4216 contacted for incoming SMTP 4217 messages. If none are set, no 4218 filters will be contacted. 4219confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter 4220 actions, defaults to LogLevel. 4221confMILTER_MACROS_CONNECT Milter.macros.connect 4222 [j, _, {daemon_name}, {if_name}, 4223 {if_addr}] Macros to transmit to 4224 milters when a session connection 4225 starts. 4226confMILTER_MACROS_HELO Milter.macros.helo 4227 [{tls_version}, {cipher}, 4228 {cipher_bits}, {cert_subject}, 4229 {cert_issuer}] Macros to transmit to 4230 milters after HELO/EHLO command. 4231confMILTER_MACROS_ENVFROM Milter.macros.envfrom 4232 [i, {auth_type}, {auth_authen}, 4233 {auth_ssf}, {auth_author}, 4234 {mail_mailer}, {mail_host}, 4235 {mail_addr}] Macros to transmit to 4236 milters after MAIL FROM command. 4237confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 4238 [{rcpt_mailer}, {rcpt_host}, 4239 {rcpt_addr}] Macros to transmit to 4240 milters after RCPT TO command. 4241confMILTER_MACROS_EOM Milter.macros.eom 4242 [{msg_id}] Macros to transmit to 4243 milters after DATA command. 4244 4245 4246See also the description of OSTYPE for some parameters that can be 4247tweaked (generally pathnames to mailers). 4248 4249ClientPortOptions and DaemonPortOptions are special cases since multiple 4250clients/daemons can be defined. This can be done via 4251 4252 CLIENT_OPTIONS(`field1=value1,field2=value2,...') 4253 DAEMON_OPTIONS(`field1=value1,field2=value2,...') 4254 4255Note that multiple CLIENT_OPTIONS() commands (and therefore multiple 4256ClientPortOptions settings) are allowed in order to give settings for each 4257protocol family (e.g., one for Family=inet and one for Family=inet6). A 4258restriction placed on one family only affects outgoing connections on that 4259particular family. 4260 4261If DAEMON_OPTIONS is not used, then the default is 4262 4263 DAEMON_OPTIONS(`Port=smtp, Name=MTA') 4264 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') 4265 4266If you use one DAEMON_OPTIONS macro, it will alter the parameters 4267of the first of these. The second will still be defaulted; it 4268represents a "Message Submission Agent" (MSA) as defined by RFC 42692476 (see below). To turn off the default definition for the MSA, 4270use FEATURE(`no_default_msa') (see also FEATURES). If you use 4271additional DAEMON_OPTIONS macros, they will add additional daemons. 4272 4273Example 1: To change the port for the SMTP listener, while 4274still using the MSA default, use 4275 DAEMON_OPTIONS(`Port=925, Name=MTA') 4276 4277Example 2: To change the port for the MSA daemon, while still 4278using the default SMTP port, use 4279 FEATURE(`no_default_msa') 4280 DAEMON_OPTIONS(`Name=MTA') 4281 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') 4282 4283Note that if the first of those DAEMON_OPTIONS lines were omitted, then 4284there would be no listener on the standard SMTP port. 4285 4286Example 3: To listen on both IPv4 and IPv6 interfaces, use 4287 4288 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') 4289 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') 4290 4291A "Message Submission Agent" still uses all of the same rulesets for 4292processing the message (and therefore still allows message rejection via 4293the check_* rulesets). In accordance with the RFC, the MSA will ensure 4294that all domains in envelope addresses are fully qualified if the message 4295is relayed to another MTA. It will also enforce the normal address syntax 4296rules and log error messages. Additionally, by using the M=a modifier you 4297can require authentication before messages are accepted by the MSA. 4298Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally, 4299the M=E modifier shown above disables ETRN as required by RFC 2476. 4300 4301Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() 4302commands: 4303 4304 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') 4305 MAIL_FILTER(`myfilter', `S=inet:3333@localhost') 4306 4307The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the 4308same order they were specified by also setting confINPUT_MAIL_FILTERS. A 4309filter can be defined without adding it to the input filter list by using 4310MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. 4311Alternatively, you can reset the list of filters and their order by setting 4312confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in 4313your .mc file. 4314 4315 4316+----------------------------+ 4317| MESSAGE SUBMISSION PROGRAM | 4318+----------------------------+ 4319 4320The purpose of the message submission program (MSP) is explained 4321in sendmail/SECURITY. This section contains a list of caveats and 4322a few hints how for those who want to tweak the default configuration 4323for it (which is installed as submit.cf). 4324 4325Notice: do not add options/features to submit.mc unless you are 4326absolutely sure you need them. Options you may want to change 4327include: 4328 4329- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for 4330 avoiding X-Authentication warnings. 4331- confTIME_ZONE to change it from the default `USE_TZ'. 4332- confDELIVERY_MODE is set to interactive in msp.m4 instead 4333 of the default background mode. 4334- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses 4335 to the LOCAL_RELAY instead of the default relay. 4336- confRAND_FILE if you use STARTTLS and sendmail is not compiled with 4337 the flag HASURANDOM. 4338 4339The MSP performs hostname canonicalization by default. As also 4340explained in sendmail/SECURITY, mail may end up for various DNS 4341related reasons in the MSP queue. This problem can be minimized by 4342using 4343 4344 FEATURE(`nocanonify', `canonify_hosts') 4345 define(`confDIRECT_SUBMISSION_MODIFIERS', `C') 4346 4347See the discussion about nocanonify for possible side effects. 4348 4349Some things are not intended to work with the MSP. These include 4350features that influence the delivery process (e.g., mailertable, 4351aliases), or those that are only important for a SMTP server (e.g., 4352virtusertable, DaemonPortOptions, multiple queues). Moreover, 4353relaxing certain restrictions (RestrictQueueRun, permissions on 4354queue directory) or adding features (e.g., enabling prog/file mailer) 4355can cause security problems. 4356 4357Other things don't work well with the MSP and require tweaking or 4358workarounds. For example, to allow for client authentication it 4359is not just sufficient to provide a client certificate and the 4360corresponding key, but it is also necessary to make the key group 4361(smmsp) readable and tell sendmail not to complain about that, i.e., 4362 4363 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile') 4364 4365If the MSP should actually use AUTH then the necessary data 4366should be placed in a map as explained in SMTP AUTHENTICATION: 4367 4368FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo') 4369 4370/etc/mail/msp-authinfo should contain an entry like: 4371 4372 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5" 4373 4374The file and the map created by makemap should be owned by smmsp, 4375its group should be smmsp, and it should have mode 640. The database 4376used by the MTA for AUTH must have a corresponding entry. 4377Additionally the MTA must trust this authentication data so the AUTH= 4378part will be relayed on to the next hop. This can be achieved by 4379adding the following to your sendmail.mc file: 4380 4381 LOCAL_RULESETS 4382 SLocal_trust_auth 4383 R$* $: $&{auth_authen} 4384 Rsmmsp $# OK 4385 4386Note: the authentication data can leak to local users who invoke 4387the MSP with debug options or even with -v. For that reason either 4388an authentication mechanism that does not show the password in the 4389AUTH dialogue (e.g., DIGEST-MD5) or a different authentication 4390method like STARTTLS should be used. 4391 4392feature/msp.m4 defines almost all settings for the MSP. Most of 4393those should not be changed at all. Some of the features and options 4394can be overridden if really necessary. It is a bit tricky to do 4395this, because it depends on the actual way the option is defined 4396in feature/msp.m4. If it is directly defined (i.e., define()) then 4397the modified value must be defined after 4398 4399 FEATURE(`msp') 4400 4401If it is conditionally defined (i.e., ifdef()) then the desired 4402value must be defined before the FEATURE line in the .mc file. 4403To see how the options are defined read feature/msp.m4. 4404 4405 4406+--------------------------+ 4407| FORMAT OF FILES AND MAPS | 4408+--------------------------+ 4409 4410Files that define classes, i.e., F{classname}, consist of lines 4411each of which contains a single element of the class. For example, 4412/etc/mail/local-host-names may have the following content: 4413 4414my.domain 4415another.domain 4416 4417Maps must be created using makemap(8) , e.g., 4418 4419 makemap hash MAP < MAP 4420 4421In general, a text file from which a map is created contains lines 4422of the form 4423 4424key value 4425 4426where 'key' and 'value' are also called LHS and RHS, respectively. 4427By default, the delimiter between LHS and RHS is a non-empty sequence 4428of white space characters. 4429 4430 4431+------------------+ 4432| DIRECTORY LAYOUT | 4433+------------------+ 4434 4435Within this directory are several subdirectories, to wit: 4436 4437m4 General support routines. These are typically 4438 very important and should not be changed without 4439 very careful consideration. 4440 4441cf The configuration files themselves. They have 4442 ".mc" suffixes, and must be run through m4 to 4443 become complete. The resulting output should 4444 have a ".cf" suffix. 4445 4446ostype Definitions describing a particular operating 4447 system type. These should always be referenced 4448 using the OSTYPE macro in the .mc file. Examples 4449 include "bsd4.3", "bsd4.4", "sunos3.5", and 4450 "sunos4.1". 4451 4452domain Definitions describing a particular domain, referenced 4453 using the DOMAIN macro in the .mc file. These are 4454 site dependent; for example, "CS.Berkeley.EDU.m4" 4455 describes hosts in the CS.Berkeley.EDU subdomain. 4456 4457mailer Descriptions of mailers. These are referenced using 4458 the MAILER macro in the .mc file. 4459 4460sh Shell files used when building the .cf file from the 4461 .mc file in the cf subdirectory. 4462 4463feature These hold special orthogonal features that you might 4464 want to include. They should be referenced using 4465 the FEATURE macro. 4466 4467hack Local hacks. These can be referenced using the HACK 4468 macro. They shouldn't be of more than voyeuristic 4469 interest outside the .Berkeley.EDU domain, but who knows? 4470 4471siteconfig Site configuration -- e.g., tables of locally connected 4472 UUCP sites. 4473 4474 4475+------------------------+ 4476| ADMINISTRATIVE DETAILS | 4477+------------------------+ 4478 4479The following sections detail usage of certain internal parts of the 4480sendmail.cf file. Read them carefully if you are trying to modify 4481the current model. If you find the above descriptions adequate, these 4482should be {boring, confusing, tedious, ridiculous} (pick one or more). 4483 4484RULESETS (* means built in to sendmail) 4485 4486 0 * Parsing 4487 1 * Sender rewriting 4488 2 * Recipient rewriting 4489 3 * Canonicalization 4490 4 * Post cleanup 4491 5 * Local address rewrite (after aliasing) 4492 1x mailer rules (sender qualification) 4493 2x mailer rules (recipient qualification) 4494 3x mailer rules (sender header qualification) 4495 4x mailer rules (recipient header qualification) 4496 5x mailer subroutines (general) 4497 6x mailer subroutines (general) 4498 7x mailer subroutines (general) 4499 8x reserved 4500 90 Mailertable host stripping 4501 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 4502 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 4503 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 4504 4505 4506MAILERS 4507 4508 0 local, prog local and program mailers 4509 1 [e]smtp, relay SMTP channel 4510 2 uucp-* UNIX-to-UNIX Copy Program 4511 3 netnews Network News delivery 4512 4 fax Sam Leffler's HylaFAX software 4513 5 mail11 DECnet mailer 4514 4515 4516MACROS 4517 4518 A 4519 B Bitnet Relay 4520 C DECnet Relay 4521 D The local domain -- usually not needed 4522 E reserved for X.400 Relay 4523 F FAX Relay 4524 G 4525 H mail Hub (for mail clusters) 4526 I 4527 J 4528 K 4529 L Luser Relay 4530 M Masquerade (who you claim to be) 4531 N 4532 O 4533 P 4534 Q 4535 R Relay (for unqualified names) 4536 S Smart Host 4537 T 4538 U my UUCP name (if you have a UUCP connection) 4539 V UUCP Relay (class {V} hosts) 4540 W UUCP Relay (class {W} hosts) 4541 X UUCP Relay (class {X} hosts) 4542 Y UUCP Relay (all other hosts) 4543 Z Version number 4544 4545 4546CLASSES 4547 4548 A 4549 B domains that are candidates for bestmx lookup 4550 C 4551 D 4552 E addresses that should not seem to come from $M 4553 F hosts this system forward for 4554 G domains that should be looked up in genericstable 4555 H 4556 I 4557 J 4558 K 4559 L addresses that should not be forwarded to $R 4560 M domains that should be mapped to $M 4561 N host/domains that should not be mapped to $M 4562 O operators that indicate network operations (cannot be in local names) 4563 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 4564 Q 4565 R domains this system is willing to relay (pass anti-spam filters) 4566 S 4567 T 4568 U locally connected UUCP hosts 4569 V UUCP hosts connected to relay $V 4570 W UUCP hosts connected to relay $W 4571 X UUCP hosts connected to relay $X 4572 Y locally connected smart UUCP hosts 4573 Z locally connected domain-ized UUCP hosts 4574 . the class containing only a dot 4575 [ the class containing only a left bracket 4576 4577 4578M4 DIVERSIONS 4579 4580 1 Local host detection and resolution 4581 2 Local Ruleset 3 additions 4582 3 Local Ruleset 0 additions 4583 4 UUCP Ruleset 0 additions 4584 5 locally interpreted names (overrides $R) 4585 6 local configuration (at top of file) 4586 7 mailer definitions 4587 8 DNS based blacklists 4588 9 special local rulesets (1 and 2) 4589 4590$Revision: 8.691 $, Last updated $Date: 2004/07/19 17:47:34 $ 4591