README revision 157001
1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide (doc/op/op.me). 8 9To get started, you may want to look at tcpproto.mc (for TCP-only 10sites) and clientproto.mc (for clusters of clients using a single 11mail host), or the generic-*.mc files as operating system-specific 12examples. 13 14Table of Content: 15 16INTRODUCTION AND EXAMPLE 17A BRIEF INTRODUCTION TO M4 18FILE LOCATIONS 19OSTYPE 20DOMAINS 21MAILERS 22FEATURES 23HACKS 24SITE CONFIGURATION 25USING UUCP MAILERS 26TWEAKING RULESETS 27MASQUERADING AND RELAYING 28USING LDAP FOR ALIASES, MAPS, AND CLASSES 29LDAP ROUTING 30ANTI-SPAM CONFIGURATION CONTROL 31CONNECTION CONTROL 32STARTTLS 33SMTP AUTHENTICATION 34ADDING NEW MAILERS OR RULESETS 35ADDING NEW MAIL FILTERS 36QUEUE GROUP DEFINITIONS 37NON-SMTP BASED CONFIGURATIONS 38WHO AM I? 39ACCEPTING MAIL FOR MULTIPLE NAMES 40USING MAILERTABLES 41USING USERDB TO MAP FULL NAMES 42MISCELLANEOUS SPECIAL FEATURES 43SECURITY NOTES 44TWEAKING CONFIGURATION OPTIONS 45MESSAGE SUBMISSION PROGRAM 46FORMAT OF FILES AND MAPS 47DIRECTORY LAYOUT 48ADMINISTRATIVE DETAILS 49 50 51+--------------------------+ 52| INTRODUCTION AND EXAMPLE | 53+--------------------------+ 54 55Configuration files are contained in the subdirectory "cf", with a 56suffix ".mc". They must be run through "m4" to produce a ".cf" file. 57You must pre-load "cf.m4": 58 59 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 60 61Alternatively, you can simply: 62 63 cd ${CFDIR}/cf 64 ./Build config.cf 65 66where ${CFDIR} is the root of the cf directory and config.mc is the 67name of your configuration file. If you are running a version of M4 68that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 69this, but the versions distributed with 4.4BSD and derivatives do not) 70or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 71For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 72use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 73 74 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 75 76Let's examine a typical .mc file: 77 78 divert(-1) 79 # 80 # Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers. 81 # All rights reserved. 82 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 83 # Copyright (c) 1988, 1993 84 # The Regents of the University of California. All rights reserved. 85 # 86 # By using this file, you agree to the terms and conditions set 87 # forth in the LICENSE file which can be found at the top level of 88 # the sendmail distribution. 89 # 90 91 # 92 # This is a Berkeley-specific configuration file for HP-UX 9.x. 93 # It applies only to the Computer Science Division at Berkeley, 94 # and should not be used elsewhere. It is provided on the sendmail 95 # distribution as a sample only. To create your own configuration 96 # file, create an appropriate domain file in ../domain, change the 97 # `DOMAIN' macro below to reference that file, and copy the result 98 # to a name of your own choosing. 99 # 100 divert(0) 101 102The divert(-1) will delete the crud in the resulting output file. 103The copyright notice can be replaced by whatever your lawyers require; 104our lawyers require the one that is included in these files. A copyleft 105is a copyright by another name. The divert(0) restores regular output. 106 107 VERSIONID(`<SCCS or RCS version id>') 108 109VERSIONID is a macro that stuffs the version information into the 110resulting file. You could use SCCS, RCS, CVS, something else, or 111omit it completely. This is not the same as the version id included 112in SMTP greeting messages -- this is defined in m4/version.m4. 113 114 OSTYPE(`hpux9')dnl 115 116You must specify an OSTYPE to properly configure things such as the 117pathname of the help and status files, the flags needed for the local 118mailer, and other important things. If you omit it, you will get an 119error when you try to build the configuration. Look at the ostype 120directory for the list of known operating system types. 121 122 DOMAIN(`CS.Berkeley.EDU')dnl 123 124This example is specific to the Computer Science Division at Berkeley. 125You can use "DOMAIN(`generic')" to get a sufficiently bland definition 126that may well work for you, or you can create a customized domain 127definition appropriate for your environment. 128 129 MAILER(`local') 130 MAILER(`smtp') 131 132These describe the mailers used at the default CS site. The local 133mailer is always included automatically. Beware: MAILER declarations 134should only be followed by LOCAL_* sections. The general rules are 135that the order should be: 136 137 VERSIONID 138 OSTYPE 139 DOMAIN 140 FEATURE 141 local macro definitions 142 MAILER 143 LOCAL_CONFIG 144 LOCAL_RULE_* 145 LOCAL_RULESETS 146 147There are a few exceptions to this rule. Local macro definitions which 148influence a FEATURE() should be done before that feature. For example, 149a define(`PROCMAIL_MAILER_PATH', ...) should be done before 150FEATURE(`local_procmail'). 151 152******************************************************************* 153*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 154*** Berkeley-specific assumptions built in, such as the name *** 155*** of their UUCP-relay. You'll want to create your own *** 156*** domain description, and use that in place of *** 157*** domain/Berkeley.EDU.m4. *** 158******************************************************************* 159 160 161+----------------------------+ 162| A BRIEF INTRODUCTION TO M4 | 163+----------------------------+ 164 165Sendmail uses the M4 macro processor to ``compile'' the configuration 166files. The most important thing to know is that M4 is stream-based, 167that is, it doesn't understand about lines. For this reason, in some 168places you may see the word ``dnl'', which stands for ``delete 169through newline''; essentially, it deletes all characters starting 170at the ``dnl'' up to and including the next newline character. In 171most cases sendmail uses this only to avoid lots of unnecessary 172blank lines in the output. 173 174Other important directives are define(A, B) which defines the macro 175``A'' to have value ``B''. Macros are expanded as they are read, so 176one normally quotes both values to prevent expansion. For example, 177 178 define(`SMART_HOST', `smart.foo.com') 179 180One word of warning: M4 macros are expanded even in lines that appear 181to be comments. For example, if you have 182 183 # See FEATURE(`foo') above 184 185it will not do what you expect, because the FEATURE(`foo') will be 186expanded. This also applies to 187 188 # And then define the $X macro to be the return address 189 190because ``define'' is an M4 keyword. If you want to use them, surround 191them with directed quotes, `like this'. 192 193Since m4 uses single quotes (opening "`" and closing "'") to quote 194arguments, those quotes can't be used in arguments. For example, 195it is not possible to define a rejection message containing a single 196quote. Usually there are simple workarounds by changing those 197messages; in the worst case it might be ok to change the value 198directly in the generated .cf file, which however is not advised. 199 200 201Notice: 202------- 203 204This package requires a post-V7 version of m4; if you are running the 2054.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or 206BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works. 207Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a 208Net/2 or GNU version. GNU m4 is available from 209ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version). 210EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU 211m4 on this platform. 212 213 214+----------------+ 215| FILE LOCATIONS | 216+----------------+ 217 218sendmail 8.9 has introduced a new configuration directory for sendmail 219related files, /etc/mail. The new files available for sendmail 8.9 -- 220the class {R} /etc/mail/relay-domains and the access database 221/etc/mail/access -- take advantage of this new directory. Beginning with 2228.10, all files will use this directory by default (some options may be 223set by OSTYPE() files). This new directory should help to restore 224uniformity to sendmail's file locations. 225 226Below is a table of some of the common changes: 227 228Old filename New filename 229------------ ------------ 230/etc/bitdomain /etc/mail/bitdomain 231/etc/domaintable /etc/mail/domaintable 232/etc/genericstable /etc/mail/genericstable 233/etc/uudomain /etc/mail/uudomain 234/etc/virtusertable /etc/mail/virtusertable 235/etc/userdb /etc/mail/userdb 236 237/etc/aliases /etc/mail/aliases 238/etc/sendmail/aliases /etc/mail/aliases 239/etc/ucbmail/aliases /etc/mail/aliases 240/usr/adm/sendmail/aliases /etc/mail/aliases 241/usr/lib/aliases /etc/mail/aliases 242/usr/lib/mail/aliases /etc/mail/aliases 243/usr/ucblib/aliases /etc/mail/aliases 244 245/etc/sendmail.cw /etc/mail/local-host-names 246/etc/mail/sendmail.cw /etc/mail/local-host-names 247/etc/sendmail/sendmail.cw /etc/mail/local-host-names 248 249/etc/sendmail.ct /etc/mail/trusted-users 250 251/etc/sendmail.oE /etc/mail/error-header 252 253/etc/sendmail.hf /etc/mail/helpfile 254/etc/mail/sendmail.hf /etc/mail/helpfile 255/usr/ucblib/sendmail.hf /etc/mail/helpfile 256/etc/ucbmail/sendmail.hf /etc/mail/helpfile 257/usr/lib/sendmail.hf /etc/mail/helpfile 258/usr/share/lib/sendmail.hf /etc/mail/helpfile 259/usr/share/misc/sendmail.hf /etc/mail/helpfile 260/share/misc/sendmail.hf /etc/mail/helpfile 261 262/etc/service.switch /etc/mail/service.switch 263 264/etc/sendmail.st /etc/mail/statistics 265/etc/mail/sendmail.st /etc/mail/statistics 266/etc/mailer/sendmail.st /etc/mail/statistics 267/etc/sendmail/sendmail.st /etc/mail/statistics 268/usr/lib/sendmail.st /etc/mail/statistics 269/usr/ucblib/sendmail.st /etc/mail/statistics 270 271Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR 272to create the pathnames. The default value of this variable is 273`/etc/mail/'. If you set this macro to a different value, you MUST include 274a trailing slash. 275 276Notice: all filenames used in a .mc (or .cf) file should be absolute 277(starting at the root, i.e., with '/'). Relative filenames most 278likely cause surprises during operations (unless otherwise noted). 279 280 281+--------+ 282| OSTYPE | 283+--------+ 284 285You MUST define an operating system environment, or the configuration 286file build will puke. There are several environments available; look 287at the "ostype" directory for the current list. This macro changes 288things like the location of the alias file and queue directory. Some 289of these files are identical to one another. 290 291It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 292In general, the OSTYPE macro should go immediately after any version 293information, and MAILER definitions should always go last. 294 295Operating system definitions are usually easy to write. They may define 296the following variables (everything defaults, so an ostype file may be 297empty). Unfortunately, the list of configuration-supported systems is 298not as broad as the list of source-supported systems, since many of 299the source contributors do not include corresponding ostype files. 300 301ALIAS_FILE [/etc/mail/aliases] The location of the text version 302 of the alias file(s). It can be a comma-separated 303 list of names (but be sure you quote values with 304 commas in them -- for example, use 305 define(`ALIAS_FILE', `a,b') 306 to get "a" and "b" both listed as alias files; 307 otherwise the define() primitive only sees "a"). 308HELP_FILE [/etc/mail/helpfile] The name of the file 309 containing information printed in response to 310 the SMTP HELP command. 311QUEUE_DIR [/var/spool/mqueue] The directory containing 312 queue files. To use multiple queues, supply 313 a value ending with an asterisk. For 314 example, /var/spool/mqueue/qd* will use all of the 315 directories or symbolic links to directories 316 beginning with 'qd' in /var/spool/mqueue as queue 317 directories. The names 'qf', 'df', and 'xf' are 318 reserved as specific subdirectories for the 319 corresponding queue file types as explained in 320 doc/op/op.me. See also QUEUE GROUP DEFINITIONS. 321MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing 322 queue files for the MSP (Mail Submission Program, 323 see sendmail/SECURITY). 324STATUS_FILE [/etc/mail/statistics] The file containing status 325 information. 326LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 327LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The 328 flags lsDFMAw5:/|@q are always included. 329LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 330 mail. 331LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 332 mail that you are willing to accept. 333LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of 334 messages to deliver in a single connection. Only 335 useful for LMTP local mailers. 336LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 337 that ARRIVE from an address that resolves to the 338 local mailer and which are converted to MIME will be 339 labeled with this character set. 340LOCAL_MAILER_EOL [undefined] If defined, the string to use as the 341 end of line for the local mailer. 342LOCAL_MAILER_DSN_DIAGNOSTIC_CODE 343 [X-Unix] The DSN Diagnostic-Code value for the 344 local mailer. This should be changed with care. 345LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 346LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 347 flags lsDFM are always included. 348LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 349 mail. 350LOCAL_SHELL_DIR [$z:/] The directory search path in which the 351 shell should run. 352LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer. 353USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 354 used to submit news. 355USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer. 356USENET_MAILER_ARGS [-m -h -n] The command line arguments for the 357 usenet mailer. NOTE: Some versions of inews 358 (such as those shipped with newer versions of INN) 359 use different flags. Double check the defaults 360 against the inews man page. 361USENET_MAILER_MAX [undefined] The maximum size of messages that will 362 be accepted by the usenet mailer. 363USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer. 364SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 365 flags are `mDFMuX' for all SMTP-based mailers; the 366 "esmtp" mailer adds `a'; "smtp8" adds `8'; and 367 "dsmtp" adds `%'. 368RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default 369 flags are `mDFMuX' for all SMTP-based mailers; the 370 relay mailer adds `a8'. If this is not defined, 371 then SMTP_MAILER_FLAGS is used. 372SMTP_MAILER_MAX [undefined] The maximum size of messages that will 373 be transported using the smtp, smtp8, esmtp, or dsmtp 374 mailers. 375SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of 376 messages to deliver in a single connection for the 377 smtp, smtp8, esmtp, or dsmtp mailers. 378SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 379 recipients to deliver in a single connection for the 380 smtp, smtp8, esmtp, or dsmtp mailers. 381SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. 382 About the only reason you would want to change this 383 would be to change the default port. 384ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. 385SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. 386DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. 387RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. 388SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer. 389ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer. 390SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer. 391DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer. 392RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer. 393RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of 394 messages to deliver in a single connection for the 395 relay mailer. 396SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 397 that ARRIVE from an address that resolves to one of 398 the SMTP mailers and which are converted to MIME will 399 be labeled with this character set. 400UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 401UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 402 flags are `DFMhuU' (and `m' for uucp-new mailer, 403 minus `U' for uucp-dom mailer). 404UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 405 passed to the UUCP mailer. 406UUCP_MAILER_MAX [100000] The maximum size message accepted for 407 transmission by the UUCP mailers. 408UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 409 that ARRIVE from an address that resolves to one of 410 the UUCP mailers and which are converted to MIME will 411 be labeled with this character set. 412UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers. 413FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 414 submit FAX messages. 415FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 416 mailer. 417FAX_MAILER_MAX [100000] The maximum size message accepted for 418 transmission by FAX. 419POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 420POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq 421 are always added. 422POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 423POP_MAILER_QGRP [undefined] The queue group for the pop mailer. 424PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 425 program. This is also used by 426 FEATURE(`local_procmail'). 427PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 428 DFM are always set. This is NOT used by 429 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 430 instead. 431PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 432 the Procmail mailer. This is NOT used by 433 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 434 instead. 435PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 436 will be accepted by the procmail mailer. 437PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer. 438MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 439MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 440MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 441 mailer. 442MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer. 443PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 444 program. 445PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM 446 are always set. 447PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 448PH_MAILER_QGRP [undefined] The queue group for the ph mailer. 449CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The 450 flags lsDFMnPq are always included. 451CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 452 cyrus mail. 453CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 454 to deliver cyrus mail. 455CYRUS_MAILER_MAX [undefined] If set, the maximum size message that 456 will be accepted by the cyrus mailer. 457CYRUS_MAILER_USER [cyrus:mail] The user and group to become when 458 running the cyrus mailer. 459CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer. 460CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. 461 The flags lsDFMnP are always included. 462CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 463 to deliver cyrusbb mail. 464CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The 465 flags lsDFMnqXz are always included. 466CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of 467 messages to deliver in a single connection for the 468 cyrusv2 mailer. 469CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 470 recipients to deliver in a single connection for the 471 cyrusv2 mailer. 472CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed 473 to the cyrusv2 mailer. This can be used to 474 change the name of the Unix domain socket, or 475 to switch to delivery via TCP (e.g., `TCP $h lmtp') 476CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer. 477CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 478 that ARRIVE from an address that resolves to one the 479 Cyrus mailer and which are converted to MIME will 480 be labeled with this character set. 481confEBINDIR [/usr/libexec] The directory for executables. 482 Currently used for FEATURE(`local_lmtp') and 483 FEATURE(`smrsh'). 484QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer. 485QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver 486 qpage mail. 487QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed 488 to deliver qpage mail. 489QPAGE_MAILER_MAX [4096] If set, the maximum size message that 490 will be accepted by the qpage mailer. 491QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer. 492LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer. 493 494Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: 495MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part 496of the macro Name_MAILER_FLAGS (note: that means Name is entirely in 497upper case) and change can be: flags that should be used directly 498(thus overriding the default value), or if it starts with `+' (`-') 499then those flags are added to (removed from) the default value. 500Example: 501 502 MODIFY_MAILER_FLAGS(`LOCAL', `+e') 503 504will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are 505several smtp mailers all of which are manipulated individually. 506See the section MAILERS for the available mailer names. 507WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS 508unconditionally, i.e., without respecting any definitions in an 509OSTYPE setting. 510 511 512+---------+ 513| DOMAINS | 514+---------+ 515 516You will probably want to collect domain-dependent defines into one 517file, referenced by the DOMAIN macro. For example, the Berkeley 518domain file includes definitions for several internal distinguished 519hosts: 520 521UUCP_RELAY The host that will accept UUCP-addressed email. 522 If not defined, all UUCP sites must be directly 523 connected. 524BITNET_RELAY The host that will accept BITNET-addressed email. 525 If not defined, the .BITNET pseudo-domain won't work. 526DECNET_RELAY The host that will accept DECNET-addressed email. 527 If not defined, the .DECNET pseudo-domain and addresses 528 of the form node::user will not work. 529FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 530 The "fax" mailer overrides this value. 531LOCAL_RELAY The site that will handle unqualified names -- that 532 is, names without an @domain extension. 533 Normally MAIL_HUB is preferred for this function. 534 LOCAL_RELAY is mostly useful in conjunction with 535 FEATURE(`stickyhost') -- see the discussion of 536 stickyhost below. If not set, they are assumed to 537 belong on this machine. This allows you to have a 538 central site to store a company- or department-wide 539 alias database. This only works at small sites, 540 and only with some user agents. 541LUSER_RELAY The site that will handle lusers -- that is, apparently 542 local names that aren't local accounts or aliases. To 543 specify a local user instead of a site, set this to 544 ``local:username''. 545 546Any of these can be either ``mailer:hostname'' (in which case the 547mailer is the internal mailer name, such as ``uucp-new'' and the hostname 548is the name of the host as appropriate for that mailer) or just a 549``hostname'', in which case a default mailer type (usually ``relay'', 550a variant on SMTP) is used. WARNING: if you have a wildcard MX 551record matching your domain, you probably want to define these to 552have a trailing dot so that you won't get the mail diverted back 553to yourself. 554 555The domain file can also be used to define a domain name, if needed 556(using "DD<domain>") and set certain site-wide features. If all hosts 557at your site masquerade behind one email name, you could also use 558MASQUERADE_AS here. 559 560You do not have to define a domain -- in particular, if you are a 561single machine sitting off somewhere, it is probably more work than 562it's worth. This is just a mechanism for combining "domain dependent 563knowledge" into one place. 564 565 566+---------+ 567| MAILERS | 568+---------+ 569 570There are fewer mailers supported in this version than the previous 571version, owing mostly to a simpler world. As a general rule, put the 572MAILER definitions last in your .mc file. 573 574local The local and prog mailers. You will almost always 575 need these; the only exception is if you relay ALL 576 your mail to another site. This mailer is included 577 automatically. 578 579smtp The Simple Mail Transport Protocol mailer. This does 580 not hide hosts behind a gateway or another other 581 such hack; it assumes a world where everyone is 582 running the name server. This file actually defines 583 five mailers: "smtp" for regular (old-style) SMTP to 584 other servers, "esmtp" for extended SMTP to other 585 servers, "smtp8" to do SMTP to other servers without 586 converting 8-bit data to MIME (essentially, this is 587 your statement that you know the other end is 8-bit 588 clean even if it doesn't say so), "dsmtp" to do on 589 demand delivery, and "relay" for transmission to the 590 RELAY_HOST, LUSER_RELAY, or MAIL_HUB. 591 592uucp The UNIX-to-UNIX Copy Program mailer. Actually, this 593 defines two mailers, "uucp-old" (a.k.a. "uucp") and 594 "uucp-new" (a.k.a. "suucp"). The latter is for when you 595 know that the UUCP mailer at the other end can handle 596 multiple recipients in one transfer. If the smtp mailer 597 is included in your configuration, two other mailers 598 ("uucp-dom" and "uucp-uudom") are also defined [warning: you 599 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you 600 include the uucp mailer, sendmail looks for all names in 601 class {U} and sends them to the uucp-old mailer; all 602 names in class {Y} are sent to uucp-new; and all 603 names in class {Z} are sent to uucp-uudom. Note that 604 this is a function of what version of rmail runs on 605 the receiving end, and hence may be out of your control. 606 See the section below describing UUCP mailers in more 607 detail. 608 609usenet Usenet (network news) delivery. If this is specified, 610 an extra rule is added to ruleset 0 that forwards all 611 local email for users named ``group.usenet'' to the 612 ``inews'' program. Note that this works for all groups, 613 and may be considered a security problem. 614 615fax Facsimile transmission. This is experimental and based 616 on Sam Leffler's HylaFAX software. For more information, 617 see http://www.hylafax.org/. 618 619pop Post Office Protocol. 620 621procmail An interface to procmail (does not come with sendmail). 622 This is designed to be used in mailertables. For example, 623 a common question is "how do I forward all mail for a given 624 domain to a single person?". If you have this mailer 625 defined, you could set up a mailertable reading: 626 627 host.com procmail:/etc/procmailrcs/host.com 628 629 with the file /etc/procmailrcs/host.com reading: 630 631 :0 # forward mail for host.com 632 ! -oi -f $1 person@other.host 633 634 This would arrange for (anything)@host.com to be sent 635 to person@other.host. In a procmail script, $1 is the 636 name of the sender and $2 is the name of the recipient. 637 If you use this with FEATURE(`local_procmail'), the FEATURE 638 should be listed first. 639 640 Of course there are other ways to solve this particular 641 problem, e.g., a catch-all entry in a virtusertable. 642 643mail11 The DECnet mail11 mailer, useful only if you have the mail11 644 program from gatekeeper.dec.com:/pub/DEC/gwtools (and 645 DECnet, of course). This is for Phase IV DECnet support; 646 if you have Phase V at your site you may have additional 647 problems. 648 649phquery The phquery program. This is somewhat counterintuitively 650 referenced as the "ph" mailer internally. It can be used 651 to do CCSO name server lookups. The phquery program, which 652 this mailer uses, is distributed with the ph client. 653 654cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 655 a local cyrus user. this mailer can make use of the 656 "user+detail@local.host" syntax (see 657 FEATURE(`preserve_local_plus_detail')); it will deliver the 658 mail to the user's "detail" mailbox if the mailbox's ACL 659 permits. The cyrusbb mailer delivers to a system-wide 660 cyrus mailbox if the mailbox's ACL permits. The cyrus 661 mailer must be defined after the local mailer. 662 663cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to 664 local cyrus users via LMTP. This mailer can make use of the 665 "user+detail@local.host" syntax (see 666 FEATURE(`preserve_local_plus_detail')); it will deliver the 667 mail to the user's "detail" mailbox if the mailbox's ACL 668 permits. The cyrusv2 mailer must be defined after the 669 local mailer. 670 671qpage A mailer for QuickPage, a pager interface. See 672 http://www.qpage.org/ for further information. 673 674The local mailer accepts addresses of the form "user+detail", where 675the "+detail" is not used for mailbox matching but is available 676to certain local mail programs (in particular, see 677FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 678"eric+sww" all indicate the same user, but additional arguments <null>, 679"sendmail", and "sww" may be provided for use in sorting mail. 680 681 682+----------+ 683| FEATURES | 684+----------+ 685 686Special features can be requested using the "FEATURE" macro. For 687example, the .mc line: 688 689 FEATURE(`use_cw_file') 690 691tells sendmail that you want to have it read an /etc/mail/local-host-names 692file to get values for class {w}. A FEATURE may contain up to 9 693optional parameters -- for example: 694 695 FEATURE(`mailertable', `dbm /usr/lib/mailertable') 696 697The default database map type for the table features can be set with 698 699 define(`DATABASE_MAP_TYPE', `dbm') 700 701which would set it to use ndbm databases. The default is the Berkeley DB 702hash database format. Note that you must still declare a database map type 703if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 704if no argument is given for the FEATURE. It must be specified before any 705feature that uses a map. 706 707Also, features which can take a map definition as an argument can also take 708the special keyword `LDAP'. If that keyword is used, the map will use the 709LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND 710CLASSES'' section below. 711 712Available features are: 713 714use_cw_file Read the file /etc/mail/local-host-names file to get 715 alternate names for this host. This might be used if you 716 were on a host that MXed for a dynamic set of other hosts. 717 If the set is static, just including the line "Cw<name1> 718 <name2> ..." (where the names are fully qualified domain 719 names) is probably superior. The actual filename can be 720 overridden by redefining confCW_FILE. 721 722use_ct_file Read the file /etc/mail/trusted-users file to get the 723 names of users that will be ``trusted'', that is, able to 724 set their envelope from address using -f without generating 725 a warning message. The actual filename can be overridden 726 by redefining confCT_FILE. 727 728redirect Reject all mail addressed to "address.REDIRECT" with 729 a ``551 User has moved; please try <address>'' message. 730 If this is set, you can alias people who have left 731 to their new address with ".REDIRECT" appended. 732 733nouucp Don't route UUCP addresses. This feature takes one 734 parameter: 735 `reject': reject addresses which have "!" in the local 736 part unless it originates from a system 737 that is allowed to relay. 738 `nospecial': don't do anything special with "!". 739 Warnings: 1. See the notice in the anti-spam section. 740 2. don't remove "!" from OperatorChars if `reject' is 741 given as parameter. 742 743nocanonify Don't pass addresses to $[ ... $] for canonification 744 by default, i.e., host/domain names are considered canonical, 745 except for unqualified names, which must not be used in this 746 mode (violation of the standard). It can be changed by 747 setting the DaemonPortOptions modifiers (M=). That is, 748 FEATURE(`nocanonify') will be overridden by setting the 749 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, 750 it can be emulated by setting the 'C' flag 751 (DaemonPortOptions=Modifiers=C). This would generally only 752 be used by sites that only act as mail gateways or which have 753 user agents that do full canonification themselves. You may 754 also want to use 755 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off 756 the usual resolver options that do a similar thing. 757 758 An exception list for FEATURE(`nocanonify') can be 759 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 760 i.e., a list of domains which are nevertheless passed to 761 $[ ... $] for canonification. This is useful to turn on 762 canonification for local domains, e.g., use 763 CANONIFY_DOMAIN(`my.domain my') to canonify addresses 764 which end in "my.domain" or "my". 765 Another way to require canonification in the local 766 domain is CANONIFY_DOMAIN(`$=m'). 767 768 A trailing dot is added to addresses with more than 769 one component in it such that other features which 770 expect a trailing dot (e.g., virtusertable) will 771 still work. 772 773 If `canonify_hosts' is specified as parameter, i.e., 774 FEATURE(`nocanonify', `canonify_hosts'), then 775 addresses which have only a hostname, e.g., 776 <user@host>, will be canonified (and hopefully fully 777 qualified), too. 778 779stickyhost This feature is sometimes used with LOCAL_RELAY, 780 although it can be used for a different effect with 781 MAIL_HUB. 782 783 When used without MAIL_HUB, email sent to 784 "user@local.host" are marked as "sticky" -- that 785 is, the local addresses aren't matched against UDB, 786 don't go through ruleset 5, and are not forwarded to 787 the LOCAL_RELAY (if defined). 788 789 With MAIL_HUB, mail addressed to "user@local.host" 790 is forwarded to the mail hub, with the envelope 791 address still remaining "user@local.host". 792 Without stickyhost, the envelope would be changed 793 to "user@mail_hub", in order to protect against 794 mailing loops. 795 796mailertable Include a "mailer table" which can be used to override 797 routing for particular domains (which are not in class {w}, 798 i.e. local host names). The argument of the FEATURE may be 799 the key definition. If none is specified, the definition 800 used is: 801 802 hash /etc/mail/mailertable 803 804 Keys in this database are fully qualified domain names 805 or partial domains preceded by a dot -- for example, 806 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a 807 special case of the latter, "." matches any domain not 808 covered by other keys. Values must be of the form: 809 mailer:domain 810 where "mailer" is the internal mailer name, and "domain" 811 is where to send the message. These maps are not 812 reflected into the message header. As a special case, 813 the forms: 814 local:user 815 will forward to the indicated user using the local mailer, 816 local: 817 will forward to the original user in the e-mail address 818 using the local mailer, and 819 error:code message 820 error:D.S.N:code message 821 will give an error message with the indicated SMTP reply 822 code and message, where D.S.N is an RFC 1893 compliant 823 error code. 824 825domaintable Include a "domain table" which can be used to provide 826 domain name mapping. Use of this should really be 827 limited to your own domains. It may be useful if you 828 change names (e.g., your company changes names from 829 oldname.com to newname.com). The argument of the 830 FEATURE may be the key definition. If none is specified, 831 the definition used is: 832 833 hash /etc/mail/domaintable 834 835 The key in this table is the domain name; the value is 836 the new (fully qualified) domain. Anything in the 837 domaintable is reflected into headers; that is, this 838 is done in ruleset 3. 839 840bitdomain Look up bitnet hosts in a table to try to turn them into 841 internet addresses. The table can be built using the 842 bitdomain program contributed by John Gardiner Myers. 843 The argument of the FEATURE may be the key definition; if 844 none is specified, the definition used is: 845 846 hash /etc/mail/bitdomain 847 848 Keys are the bitnet hostname; values are the corresponding 849 internet hostname. 850 851uucpdomain Similar feature for UUCP hosts. The default map definition 852 is: 853 854 hash /etc/mail/uudomain 855 856 At the moment there is no automagic tool to build this 857 database. 858 859always_add_domain 860 Include the local host domain even on locally delivered 861 mail. Normally it is not added on unqualified names. 862 However, if you use a shared message store but do not use 863 the same user name space everywhere, you may need the host 864 name on local names. An optional argument specifies 865 another domain to be added than the local. 866 867allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 868 feature will cause recipient addresses to also masquerade 869 as being from the masquerade host. Normally they get 870 the local hostname. Although this may be right for 871 ordinary users, it can break local aliases. For example, 872 if you send to "localalias", the originating sendmail will 873 find that alias and send to all members, but send the 874 message with "To: localalias@masqueradehost". Since that 875 alias likely does not exist, replies will fail. Use this 876 feature ONLY if you can guarantee that the ENTIRE 877 namespace on your masquerade host supersets all the 878 local entries. 879 880limited_masquerade 881 Normally, any hosts listed in class {w} are masqueraded. If 882 this feature is given, only the hosts listed in class {M} (see 883 below: MASQUERADE_DOMAIN) are masqueraded. This is useful 884 if you have several domains with disjoint namespaces hosted 885 on the same machine. 886 887masquerade_entire_domain 888 If masquerading is enabled (using MASQUERADE_AS) and 889 MASQUERADE_DOMAIN (see below) is set, this feature will 890 cause addresses to be rewritten such that the masquerading 891 domains are actually entire domains to be hidden. All 892 hosts within the masquerading domains will be rewritten 893 to the masquerade name (used in MASQUERADE_AS). For example, 894 if you have: 895 896 MASQUERADE_AS(`masq.com') 897 MASQUERADE_DOMAIN(`foo.org') 898 MASQUERADE_DOMAIN(`bar.com') 899 900 then *foo.org and *bar.com are converted to masq.com. Without 901 this feature, only foo.org and bar.com are masqueraded. 902 903 NOTE: only domains within your jurisdiction and 904 current hierarchy should be masqueraded using this. 905 906local_no_masquerade 907 This feature prevents the local mailer from masquerading even 908 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect 909 on addresses of mail going outside the local domain. 910 911masquerade_envelope 912 If masquerading is enabled (using MASQUERADE_AS) or the 913 genericstable is in use, this feature will cause envelope 914 addresses to also masquerade as being from the masquerade 915 host. Normally only the header addresses are masqueraded. 916 917genericstable This feature will cause unqualified addresses (i.e., without 918 a domain) and addresses with a domain listed in class {G} 919 to be looked up in a map and turned into another ("generic") 920 form, which can change both the domain name and the user name. 921 Notice: if you use an MSP (as it is default starting with 922 8.12), the MTA will only receive qualified addresses from the 923 MSP (as required by the RFCs). Hence you need to add your 924 domain to class {G}. This feature is similar to the userdb 925 functionality. The same types of addresses as for 926 masquerading are looked up, i.e., only header sender 927 addresses unless the allmasquerade and/or masquerade_envelope 928 features are given. Qualified addresses must have the domain 929 part in class {G}; entries can be added to this class by the 930 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously 931 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 932 933 The argument of FEATURE(`genericstable') may be the map 934 definition; the default map definition is: 935 936 hash /etc/mail/genericstable 937 938 The key for this table is either the full address, the domain 939 (with a leading @; the localpart is passed as first argument) 940 or the unqualified username (tried in the order mentioned); 941 the value is the new user address. If the new user address 942 does not include a domain, it will be qualified in the standard 943 manner, i.e., using $j or the masquerade name. Note that the 944 address being looked up must be fully qualified. For local 945 mail, it is necessary to use FEATURE(`always_add_domain') 946 for the addresses to be qualified. 947 The "+detail" of an address is passed as %1, so entries like 948 949 old+*@foo.org new+%1@example.com 950 gen+*@foo.org %1@example.com 951 952 and other forms are possible. 953 954generics_entire_domain 955 If the genericstable is enabled and GENERICS_DOMAIN or 956 GENERICS_DOMAIN_FILE is used, this feature will cause 957 addresses to be searched in the map if their domain 958 parts are subdomains of elements in class {G}. 959 960virtusertable A domain-specific form of aliasing, allowing multiple 961 virtual domains to be hosted on one machine. For example, 962 if the virtuser table contains: 963 964 info@foo.com foo-info 965 info@bar.com bar-info 966 joe@bar.com error:nouser 550 No such user here 967 jax@bar.com error:5.7.0:550 Address invalid 968 @baz.org jane@example.net 969 970 then mail addressed to info@foo.com will be sent to the 971 address foo-info, mail addressed to info@bar.com will be 972 delivered to bar-info, and mail addressed to anyone at baz.org 973 will be sent to jane@example.net, mail to joe@bar.com will 974 be rejected with the specified error message, and mail to 975 jax@bar.com will also have a RFC 1893 compliant error code 976 5.7.0. 977 978 The username from the original address is passed 979 as %1 allowing: 980 981 @foo.org %1@example.com 982 983 meaning someone@foo.org will be sent to someone@example.com. 984 Additionally, if the local part consists of "user+detail" 985 then "detail" is passed as %2 and "+detail" is passed as %3 986 when a match against user+* is attempted, so entries like 987 988 old+*@foo.org new+%2@example.com 989 gen+*@foo.org %2@example.com 990 +*@foo.org %1%3@example.com 991 X++@foo.org Z%3@example.com 992 @bar.org %1%3 993 994 and other forms are possible. Note: to preserve "+detail" 995 for a default case (@domain) %1%3 must be used as RHS. 996 There are two wildcards after "+": "+" matches only a non-empty 997 detail, "*" matches also empty details, e.g., user+@foo.org 998 matches +*@foo.org but not ++@foo.org. This can be used 999 to ensure that the parameters %2 and %3 are not empty. 1000 1001 All the host names on the left hand side (foo.com, bar.com, 1002 and baz.org) must be in class {w} or class {VirtHost}. The 1003 latter can be defined by the macros VIRTUSER_DOMAIN or 1004 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1005 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or 1006 VIRTUSER_DOMAIN_FILE is used, then the entries of class 1007 {VirtHost} are added to class {R}, i.e., relaying is allowed 1008 to (and from) those domains. The default map definition is: 1009 1010 hash /etc/mail/virtusertable 1011 1012 A new definition can be specified as the second argument of 1013 the FEATURE macro, such as 1014 1015 FEATURE(`virtusertable', `dbm /etc/mail/virtusers') 1016 1017virtuser_entire_domain 1018 If the virtusertable is enabled and VIRTUSER_DOMAIN or 1019 VIRTUSER_DOMAIN_FILE is used, this feature will cause 1020 addresses to be searched in the map if their domain 1021 parts are subdomains of elements in class {VirtHost}. 1022 1023ldap_routing Implement LDAP-based e-mail recipient routing according to 1024 the Internet Draft draft-lachman-laser-ldap-mail-routing-01. 1025 This provides a method to re-route addresses with a 1026 domain portion in class {LDAPRoute} to either a 1027 different mail host or a different address. Hosts can 1028 be added to this class using LDAPROUTE_DOMAIN and 1029 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1030 MASQUERADE_DOMAIN_FILE, see below). 1031 1032 See the LDAP ROUTING section below for more information. 1033 1034nodns If you aren't running DNS at your site (for example, 1035 you are UUCP-only connected). It's hard to consider 1036 this a "feature", but hey, it had to go somewhere. 1037 Actually, as of 8.7 this is a no-op -- remove "dns" from 1038 the hosts service switch entry instead. 1039 1040nullclient This is a special case -- it creates a configuration file 1041 containing nothing but support for forwarding all mail to a 1042 central hub via a local SMTP-based network. The argument 1043 is the name of that hub. 1044 1045 The only other feature that should be used in conjunction 1046 with this one is FEATURE(`nocanonify'). No mailers 1047 should be defined. No aliasing or forwarding is done. 1048 1049local_lmtp Use an LMTP capable local mailer. The argument to this 1050 feature is the pathname of an LMTP capable mailer. By 1051 default, mail.local is used. This is expected to be the 1052 mail.local which came with the 8.9 distribution which is 1053 LMTP capable. The path to mail.local is set by the 1054 confEBINDIR m4 variable -- making the default 1055 LOCAL_MAILER_PATH /usr/libexec/mail.local. 1056 If a different LMTP capable mailer is used, its pathname 1057 can be specified as second parameter and the arguments 1058 passed to it (A=) as third parameter, e.g., 1059 1060 FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp') 1061 1062 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1063 i.e., without respecting any definitions in an OSTYPE setting. 1064 1065local_procmail Use procmail or another delivery agent as the local mailer. 1066 The argument to this feature is the pathname of the 1067 delivery agent, which defaults to PROCMAIL_MAILER_PATH. 1068 Note that this does NOT use PROCMAIL_MAILER_FLAGS or 1069 PROCMAIL_MAILER_ARGS for the local mailer; tweak 1070 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or 1071 specify the appropriate parameters. When procmail is used, 1072 the local mailer can make use of the 1073 "user+indicator@local.host" syntax; normally the +indicator 1074 is just tossed, but by default it is passed as the -a 1075 argument to procmail. 1076 1077 This feature can take up to three arguments: 1078 1079 1. Path to the mailer program 1080 [default: /usr/local/bin/procmail] 1081 2. Argument vector including name of the program 1082 [default: procmail -Y -a $h -d $u] 1083 3. Flags for the mailer [default: SPfhn9] 1084 1085 Empty arguments cause the defaults to be taken. 1086 Note that if you are on a system with a broken 1087 setreuid() call, you may need to add -f $f to the procmail 1088 argument vector to pass the proper sender to procmail. 1089 1090 For example, this allows it to use the maildrop 1091 (http://www.flounder.net/~mrsam/maildrop/) mailer instead 1092 by specifying: 1093 1094 FEATURE(`local_procmail', `/usr/local/bin/maildrop', 1095 `maildrop -d $u') 1096 1097 or scanmails using: 1098 1099 FEATURE(`local_procmail', `/usr/local/bin/scanmails') 1100 1101 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1102 i.e., without respecting any definitions in an OSTYPE setting. 1103 1104bestmx_is_local Accept mail as though locally addressed for any host that 1105 lists us as the best possible MX record. This generates 1106 additional DNS traffic, but should be OK for low to 1107 medium traffic hosts. The argument may be a set of 1108 domains, which will limit the feature to only apply to 1109 these domains -- this will reduce unnecessary DNS 1110 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 1111 WILDCARD MX RECORDS!!! If you have a wildcard MX record 1112 that matches your domain, you cannot use this feature. 1113 1114smrsh Use the SendMail Restricted SHell (smrsh) provided 1115 with the distribution instead of /bin/sh for mailing 1116 to programs. This improves the ability of the local 1117 system administrator to control what gets run via 1118 e-mail. If an argument is provided it is used as the 1119 pathname to smrsh; otherwise, the path defined by 1120 confEBINDIR is used for the smrsh binary -- by default, 1121 /usr/libexec/smrsh is assumed. 1122 1123promiscuous_relay 1124 By default, the sendmail configuration files do not permit 1125 mail relaying (that is, accepting mail from outside your 1126 local host (class {w}) and sending it to another host than 1127 your local host). This option sets your site to allow 1128 mail relaying from any site to any site. In almost all 1129 cases, it is better to control relaying more carefully 1130 with the access map, class {R}, or authentication. Domains 1131 can be added to class {R} by the macros RELAY_DOMAIN or 1132 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1133 MASQUERADE_DOMAIN_FILE, see below). 1134 1135relay_entire_domain 1136 This option allows any host in your domain as defined by 1137 class {m} to use your server for relaying. Notice: make 1138 sure that your domain is not just a top level domain, 1139 e.g., com. This can happen if you give your host a name 1140 like example.com instead of host.example.com. 1141 1142relay_hosts_only 1143 By default, names that are listed as RELAY in the access 1144 db and class {R} are treated as domain names, not host names. 1145 For example, if you specify ``foo.com'', then mail to or 1146 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 1147 will all be accepted for relaying. This feature changes 1148 the behaviour to lookup individual host names only. 1149 1150relay_based_on_MX 1151 Turns on the ability to allow relaying based on the MX 1152 records of the host portion of an incoming recipient; that 1153 is, if an MX record for host foo.com points to your site, 1154 you will accept and relay mail addressed to foo.com. See 1155 description below for more information before using this 1156 feature. Also, see the KNOWNBUGS entry regarding bestmx 1157 map lookups. 1158 1159 FEATURE(`relay_based_on_MX') does not necessarily allow 1160 routing of these messages which you expect to be allowed, 1161 if route address syntax (or %-hack syntax) is used. If 1162 this is a problem, add entries to the access-table or use 1163 FEATURE(`loose_relay_check'). 1164 1165relay_mail_from 1166 Allows relaying if the mail sender is listed as RELAY in 1167 the access map. If an optional argument `domain' (this 1168 is the literal word `domain', not a placeholder) is given, 1169 relaying can be allowed just based on the domain portion 1170 of the sender address. This feature should only be used if 1171 absolutely necessary as the sender address can be easily 1172 forged. Use of this feature requires the "From:" tag to 1173 be used for the key in the access map; see the discussion 1174 of tags and FEATURE(`relay_mail_from') in the section on 1175 anti-spam configuration control. 1176 1177relay_local_from 1178 Allows relaying if the domain portion of the mail sender 1179 is a local host. This should only be used if absolutely 1180 necessary as it opens a window for spammers. Specifically, 1181 they can send mail to your mail server that claims to be 1182 from your domain (either directly or via a routed address), 1183 and you will go ahead and relay it out to arbitrary hosts 1184 on the Internet. 1185 1186accept_unqualified_senders 1187 Normally, MAIL FROM: commands in the SMTP session will be 1188 refused if the connection is a network connection and the 1189 sender address does not include a domain name. If your 1190 setup sends local mail unqualified (i.e., MAIL FROM:<joe>), 1191 you will need to use this feature to accept unqualified 1192 sender addresses. Setting the DaemonPortOptions modifier 1193 'u' overrides the default behavior, i.e., unqualified 1194 addresses are accepted even without this FEATURE. 1195 If this FEATURE is not used, the DaemonPortOptions modifier 1196 'f' can be used to enforce fully qualified addresses. 1197 1198accept_unresolvable_domains 1199 Normally, MAIL FROM: commands in the SMTP session will be 1200 refused if the host part of the argument to MAIL FROM: 1201 cannot be located in the host name service (e.g., an A or 1202 MX record in DNS). If you are inside a firewall that has 1203 only a limited view of the Internet host name space, this 1204 could cause problems. In this case you probably want to 1205 use this feature to accept all domains on input, even if 1206 they are unresolvable. 1207 1208access_db Turns on the access database feature. The access db gives 1209 you the ability to allow or refuse to accept mail from 1210 specified domains for administrative reasons. Moreover, 1211 it can control the behavior of sendmail in various situations. 1212 By default, the access database specification is: 1213 1214 hash -T<TMPF> /etc/mail/access 1215 1216 See the anti-spam configuration control section for further 1217 important information about this feature. Notice: 1218 "-T<TMPF>" is meant literal, do not replace it by anything. 1219 1220blacklist_recipients 1221 Turns on the ability to block incoming mail for certain 1222 recipient usernames, hostnames, or addresses. For 1223 example, you can block incoming mail to user nobody, 1224 host foo.mydomain.com, or guest@bar.mydomain.com. 1225 These specifications are put in the access db as 1226 described in the anti-spam configuration control section 1227 later in this document. 1228 1229delay_checks The rulesets check_mail and check_relay will not be called 1230 when a client connects or issues a MAIL command, respectively. 1231 Instead, those rulesets will be called by the check_rcpt 1232 ruleset; they will be skipped under certain circumstances. 1233 See "Delay all checks" in the anti-spam configuration control 1234 section. Note: this feature is incompatible to the versions 1235 in 8.10 and 8.11. 1236 1237use_client_ptr If this feature is enabled then check_relay will override 1238 its first argument with $&{client_ptr}. This is useful for 1239 rejections based on the unverified hostname of client, 1240 which turns on the same behavior as in earlier sendmail 1241 versions when delay_checks was not in use. See doc/op/op.* 1242 about check_relay, {client_name}, and {client_ptr}. 1243 1244dnsbl Turns on rejection of hosts found in an DNS based rejection 1245 list. If an argument is provided it is used as the domain 1246 in which blocked hosts are listed; otherwise it defaults to 1247 blackholes.mail-abuse.org. An explanation for an DNS based 1248 rejection list can be found at http://mail-abuse.org/rbl/. 1249 A second argument can be used to change the default error 1250 message. Without that second argument, the error message 1251 will be 1252 Rejected: IP-ADDRESS listed at SERVER 1253 where IP-ADDRESS and SERVER are replaced by the appropriate 1254 information. By default, temporary lookup failures are 1255 ignored. This behavior can be changed by specifying a 1256 third argument, which must be either `t' or a full error 1257 message. See the anti-spam configuration control section for 1258 an example. The dnsbl feature can be included several times 1259 to query different DNS based rejection lists. See also 1260 enhdnsbl for an enhanced version. 1261 1262 Set the DNSBL_MAP mc option to change the default map 1263 definition from `host'. Set the DNSBL_MAP_OPT mc option 1264 to add additional options to the map specification used. 1265 1266 Some DNS based rejection lists cause failures if asked 1267 for AAAA records. If your sendmail version is compiled 1268 with IPv6 support (NETINET6) and you experience this 1269 problem, add 1270 1271 define(`DNSBL_MAP', `dns -R A') 1272 1273 before the first use of this feature. Alternatively you 1274 can use enhdnsbl instead (see below). Moreover, this 1275 statement can be used to reduce the number of DNS retries, 1276 e.g., 1277 1278 define(`DNSBL_MAP', `dns -R A -r2') 1279 1280 See below (EDNSBL_TO) for an explanation. 1281 1282 NOTE: The default DNS blacklist, blackholes.mail-abuse.org, 1283 is a service offered by the Mail Abuse Prevention System 1284 (MAPS). As of July 31, 2001, MAPS is a subscription 1285 service, so using that network address won't work if you 1286 haven't subscribed. Contact MAPS to subscribe 1287 (http://mail-abuse.org/). 1288 1289enhdnsbl Enhanced version of dnsbl (see above). Further arguments 1290 (up to 5) can be used to specify specific return values 1291 from lookups. Temporary lookup failures are ignored unless 1292 a third argument is given, which must be either `t' or a full 1293 error message. By default, any successful lookup will 1294 generate an error. Otherwise the result of the lookup is 1295 compared with the supplied argument(s), and only if a match 1296 occurs an error is generated. For example, 1297 1298 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.') 1299 1300 will reject the e-mail if the lookup returns the value 1301 ``127.0.0.2.'', or generate a 451 response if the lookup 1302 temporarily failed. The arguments can contain metasymbols 1303 as they are allowed in the LHS of rules. As the example 1304 shows, the default values are also used if an empty argument, 1305 i.e., `', is specified. This feature requires that sendmail 1306 has been compiled with the flag DNSMAP (see sendmail/README). 1307 1308 Set the EDNSBL_TO mc option to change the DNS retry count 1309 from the default value of 5, this can be very useful when 1310 a DNS server is not responding, which in turn may cause 1311 clients to time out (an entry stating 1312 1313 did not issue MAIL/EXPN/VRFY/ETRN 1314 1315 will be logged). 1316 1317ratecontrol Enable simple ruleset to do connection rate control 1318 checking. This requires entries in access_db of the form 1319 1320 ClientRate:IP.ADD.RE.SS LIMIT 1321 1322 The RHS specifies the maximum number of connections 1323 (an integer number) over the time interval defined 1324 by ConnectionRateWindowSize, where 0 means unlimited. 1325 1326 Take the following example: 1327 1328 ClientRate:10.1.2.3 4 1329 ClientRate:127.0.0.1 0 1330 ClientRate: 10 1331 1332 10.1.2.3 can only make up to 4 connections, the 1333 general limit it 10, and 127.0.0.1 can make an unlimited 1334 number of connections per ConnectionRateWindowSize. 1335 1336 See also CONNECTION CONTROL. 1337 1338conncontrol Enable a simple check of the number of incoming SMTP 1339 connections. This requires entries in access_db of the 1340 form 1341 1342 ClientConn:IP.ADD.RE.SS LIMIT 1343 1344 The RHS specifies the maximum number of open connections 1345 (an integer number). 1346 1347 Take the following example: 1348 1349 ClientConn:10.1.2.3 4 1350 ClientConn:127.0.0.1 0 1351 ClientConn: 10 1352 1353 10.1.2.3 can only have up to 4 open connections, the 1354 general limit it 10, and 127.0.0.1 does not have any 1355 explicit limit. 1356 1357 See also CONNECTION CONTROL. 1358 1359mtamark Experimental support for "Marking Mail Transfer Agents in 1360 Reverse DNS with TXT RRs" (MTAMark), see 1361 draft-stumpf-dns-mtamark-01. Optional arguments are: 1362 1363 1. Error message, default: 1364 1365 550 Rejected: $&{client_addr} not listed as MTA 1366 1367 2. Temporary lookup failures are ignored unless a second 1368 argument is given, which must be either `t' or a full 1369 error message. 1370 1371 3. Lookup prefix, default: _perm._smtp._srv. This should 1372 not be changed unless the draft changes it. 1373 1374 Example: 1375 1376 FEATURE(`mtamark', `', `t') 1377 1378lookupdotdomain Look up also .domain in the access map. This allows to 1379 match only subdomains. It does not work well with 1380 FEATURE(`relay_hosts_only'), because most lookups for 1381 subdomains are suppressed by the latter feature. 1382 1383loose_relay_check 1384 Normally, if % addressing is used for a recipient, e.g. 1385 user%site@othersite, and othersite is in class {R}, the 1386 check_rcpt ruleset will strip @othersite and recheck 1387 user@site for relaying. This feature changes that 1388 behavior. It should not be needed for most installations. 1389 1390authinfo Provide a separate map for client side authentication 1391 information. See SMTP AUTHENTICATION for details. 1392 By default, the authinfo database specification is: 1393 1394 hash /etc/mail/authinfo 1395 1396preserve_luser_host 1397 Preserve the name of the recipient host if LUSER_RELAY is 1398 used. Without this option, the domain part of the 1399 recipient address will be replaced by the host specified as 1400 LUSER_RELAY. This feature only works if the hostname is 1401 passed to the mailer (see mailer triple in op.me). Note 1402 that in the default configuration the local mailer does not 1403 receive the hostname, i.e., the mailer triple has an empty 1404 hostname. 1405 1406preserve_local_plus_detail 1407 Preserve the +detail portion of the address when passing 1408 address to local delivery agent. Disables alias and 1409 .forward +detail stripping (e.g., given user+detail, only 1410 that address will be looked up in the alias file; user+* and 1411 user will not be looked up). Only use if the local 1412 delivery agent in use supports +detail addressing. 1413 1414compat_check Enable ruleset check_compat to look up pairs of addresses 1415 with the Compat: tag -- Compat:sender<@>recipient -- in the 1416 access map. Valid values for the RHS include 1417 DISCARD silently discard recipient 1418 TEMP: return a temporary error 1419 ERROR: return a permanent error 1420 In the last two cases, a 4xy/5xy SMTP reply code should 1421 follow the colon. 1422 1423no_default_msa Don't generate the default MSA daemon, i.e., 1424 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') 1425 To define a MSA daemon with other parameters, use this 1426 FEATURE and introduce new settings via DAEMON_OPTIONS(). 1427 1428msp Defines config file for Message Submission Program. 1429 See sendmail/SECURITY for details and cf/cf/submit.mc how 1430 to use it. An optional argument can be used to override 1431 the default of `[localhost]' to use as host to send all 1432 e-mails to. Note that MX records will be used if the 1433 specified hostname is not in square brackets (e.g., 1434 [hostname]). If `MSA' is specified as second argument then 1435 port 587 is used to contact the server. Example: 1436 1437 FEATURE(`msp', `', `MSA') 1438 1439 Some more hints about possible changes can be found below 1440 in the section MESSAGE SUBMISSION PROGRAM. 1441 1442 Note: Due to many problems, submit.mc uses 1443 1444 FEATURE(`msp', `[127.0.0.1]') 1445 1446 by default. If you have a machine with IPv6 only, 1447 change it to 1448 1449 FEATURE(`msp', `[IPv6:::1]') 1450 1451 If you want to continue using '[localhost]', (the behavior 1452 up to 8.12.6), use 1453 1454 FEATURE(`msp') 1455 1456queuegroup A simple example how to select a queue group based 1457 on the full e-mail address or the domain of the 1458 recipient. Selection is done via entries in the 1459 access map using the tag QGRP:, for example: 1460 1461 QGRP:example.com main 1462 QGRP:friend@some.org others 1463 QGRP:my.domain local 1464 1465 where "main", "others", and "local" are names of 1466 queue groups. If an argument is specified, it is used 1467 as default queue group. 1468 1469 Note: please read the warning in doc/op/op.me about 1470 queue groups and possible queue manipulations. 1471 1472greet_pause Adds the greet_pause ruleset which enables open proxy 1473 and SMTP slamming protection. The feature can take an 1474 argument specifying the milliseconds to wait: 1475 1476 FEATURE(`greet_pause', `5000') dnl 5 seconds 1477 1478 If FEATURE(`access_db') is enabled, an access database 1479 lookup with the GreetPause tag is done using client 1480 hostname, domain, IP address, or subnet to determine the 1481 pause time: 1482 1483 GreetPause:my.domain 0 1484 GreetPause:example.com 5000 1485 GreetPause:10.1.2 2000 1486 GreetPause:127.0.0.1 0 1487 1488 When using FEATURE(`access_db'), the optional 1489 FEATURE(`greet_pause') argument becomes the default if 1490 nothing is found in the access database. A ruleset called 1491 Local_greet_pause can be used for local modifications, e.g., 1492 1493 LOCAL_RULESETS 1494 SLocal_greet_pause 1495 R$* $: $&{daemon_flags} 1496 R$* a $* $# 0 1497 1498+-------+ 1499| HACKS | 1500+-------+ 1501 1502Some things just can't be called features. To make this clear, 1503they go in the hack subdirectory and are referenced using the HACK 1504macro. These will tend to be site-dependent. The release 1505includes the Berkeley-dependent "cssubdomain" hack (that makes 1506sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 1507this is intended as a short-term aid while moving hosts into 1508subdomains. 1509 1510 1511+--------------------+ 1512| SITE CONFIGURATION | 1513+--------------------+ 1514 1515 ***************************************************** 1516 * This section is really obsolete, and is preserved * 1517 * only for back compatibility. You should plan on * 1518 * using mailertables for new installations. In * 1519 * particular, it doesn't work for the newer forms * 1520 * of UUCP mailers, such as uucp-uudom. * 1521 ***************************************************** 1522 1523Complex sites will need more local configuration information, such as 1524lists of UUCP hosts they speak with directly. This can get a bit more 1525tricky. For an example of a "complex" site, see cf/ucbvax.mc. 1526 1527The SITECONFIG macro allows you to indirectly reference site-dependent 1528configuration information stored in the siteconfig subdirectory. For 1529example, the line 1530 1531 SITECONFIG(`uucp.ucbvax', `ucbvax', `U') 1532 1533reads the file uucp.ucbvax for local connection information. The 1534second parameter is the local name (in this case just "ucbvax" since 1535it is locally connected, and hence a UUCP hostname). The third 1536parameter is the name of both a macro to store the local name (in 1537this case, {U}) and the name of the class (e.g., {U}) in which to store 1538the host information read from the file. Another SITECONFIG line reads 1539 1540 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W') 1541 1542This says that the file uucp.ucbarpa contains the list of UUCP sites 1543connected to ucbarpa.Berkeley.EDU. Class {W} will be used to 1544store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 1545is, the name of the relay to which the hosts listed in uucp.ucbarpa 1546are connected. [The machine ucbarpa is gone now, but this 1547out-of-date configuration file has been left around to demonstrate 1548how you might do this.] 1549 1550Note that the case of SITECONFIG with a third parameter of ``U'' is 1551special; the second parameter is assumed to be the UUCP name of the 1552local site, rather than the name of a remote site, and the UUCP name 1553is entered into class {w} (the list of local hostnames) as $U.UUCP. 1554 1555The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 1556more than a sequence of SITE macros describing connectivity. For 1557example: 1558 1559 SITE(`cnmat') 1560 SITE(`sgi olympus') 1561 1562The second example demonstrates that you can use two names on the 1563same line; these are usually aliases for the same host (or are at 1564least in the same company). 1565 1566The macro LOCAL_UUCP can be used to add rules into the generated 1567cf file at the place where MAILER(`uucp') inserts its rules. This 1568should only be used if really necessary. 1569 1570+--------------------+ 1571| USING UUCP MAILERS | 1572+--------------------+ 1573 1574It's hard to get UUCP mailers right because of the extremely ad hoc 1575nature of UUCP addressing. These config files are really designed 1576for domain-based addressing, even for UUCP sites. 1577 1578There are four UUCP mailers available. The choice of which one to 1579use is partly a matter of local preferences and what is running at 1580the other end of your UUCP connection. Unlike good protocols that 1581define what will go over the wire, UUCP uses the policy that you 1582should do what is right for the other end; if they change, you have 1583to change. This makes it hard to do the right thing, and discourages 1584people from updating their software. In general, if you can avoid 1585UUCP, please do. 1586 1587The major choice is whether to go for a domainized scheme or a 1588non-domainized scheme. This depends entirely on what the other 1589end will recognize. If at all possible, you should encourage the 1590other end to go to a domain-based system -- non-domainized addresses 1591don't work entirely properly. 1592 1593The four mailers are: 1594 1595 uucp-old (obsolete name: "uucp") 1596 This is the oldest, the worst (but the closest to UUCP) way of 1597 sending messages across UUCP connections. It does bangify 1598 everything and prepends $U (your UUCP name) to the sender's 1599 address (which can already be a bang path itself). It can 1600 only send to one address at a time, so it spends a lot of 1601 time copying duplicates of messages. Avoid this if at all 1602 possible. 1603 1604 uucp-new (obsolete name: "suucp") 1605 The same as above, except that it assumes that in one rmail 1606 command you can specify several recipients. It still has a 1607 lot of other problems. 1608 1609 uucp-dom 1610 This UUCP mailer keeps everything as domain addresses. 1611 Basically, it uses the SMTP mailer rewriting rules. This mailer 1612 is only included if MAILER(`smtp') is specified before 1613 MAILER(`uucp'). 1614 1615 Unfortunately, a lot of UUCP mailer transport agents require 1616 bangified addresses in the envelope, although you can use 1617 domain-based addresses in the message header. (The envelope 1618 shows up as the From_ line on UNIX mail.) So.... 1619 1620 uucp-uudom 1621 This is a cross between uucp-new (for the envelope addresses) 1622 and uucp-dom (for the header addresses). It bangifies the 1623 envelope sender (From_ line in messages) without adding the 1624 local hostname, unless there is no host name on the address 1625 at all (e.g., "wolf") or the host component is a UUCP host name 1626 instead of a domain name ("somehost!wolf" instead of 1627 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') 1628 is also specified earlier. 1629 1630Examples: 1631 1632On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following 1633summarizes the sender rewriting for various mailers. 1634 1635Mailer sender rewriting in the envelope 1636------ ------ ------------------------- 1637uucp-{old,new} wolf grasp!wolf 1638uucp-dom wolf wolf@grasp.insa-lyon.fr 1639uucp-uudom wolf grasp.insa-lyon.fr!wolf 1640 1641uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 1642uucp-dom wolf@fr.net wolf@fr.net 1643uucp-uudom wolf@fr.net fr.net!wolf 1644 1645uucp-{old,new} somehost!wolf grasp!somehost!wolf 1646uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1647uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1648 1649If you are using one of the domainized UUCP mailers, you really want 1650to convert all UUCP addresses to domain format -- otherwise, it will 1651do it for you (and probably not the way you expected). For example, 1652if you have the address foo!bar!baz (and you are not sending to foo), 1653the heuristics will add the @uucp.relay.name or @local.host.name to 1654this address. However, if you map foo to foo.host.name first, it 1655will not add the local hostname. You can do this using the uucpdomain 1656feature. 1657 1658 1659+-------------------+ 1660| TWEAKING RULESETS | 1661+-------------------+ 1662 1663For more complex configurations, you can define special rules. 1664The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1665the names. Any modifications made here are reflected in the header. 1666 1667A common use is to convert old UUCP addresses to SMTP addresses using 1668the UUCPSMTP macro. For example: 1669 1670 LOCAL_RULE_3 1671 UUCPSMTP(`decvax', `decvax.dec.com') 1672 UUCPSMTP(`research', `research.att.com') 1673 1674will cause addresses of the form "decvax!user" and "research!user" 1675to be converted to "user@decvax.dec.com" and "user@research.att.com" 1676respectively. 1677 1678This could also be used to look up hosts in a database map: 1679 1680 LOCAL_RULE_3 1681 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1682 1683This map would be defined in the LOCAL_CONFIG portion, as shown below. 1684 1685Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1686For example, new rules are needed to parse hostnames that you accept 1687via MX records. For example, you might have: 1688 1689 LOCAL_RULE_0 1690 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1691 1692You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1693pointing at this host; this rule catches the message and forwards it on 1694using UUCP. 1695 1696You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1697These rulesets are normally empty. 1698 1699A similar macro is LOCAL_CONFIG. This introduces lines added after the 1700boilerplate option setting but before rulesets. Do not declare rulesets in 1701the LOCAL_CONFIG section. It can be used to declare local database maps or 1702whatever. For example: 1703 1704 LOCAL_CONFIG 1705 Khostmap hash /etc/mail/hostmap 1706 Kyplocal nis -m hosts.byname 1707 1708 1709+---------------------------+ 1710| MASQUERADING AND RELAYING | 1711+---------------------------+ 1712 1713You can have your host masquerade as another using 1714 1715 MASQUERADE_AS(`host.domain') 1716 1717This causes mail being sent to be labeled as coming from the 1718indicated host.domain, rather than $j. One normally masquerades as 1719one of one's own subdomains (for example, it's unlikely that 1720Berkeley would choose to masquerade as an MIT site). This 1721behaviour is modified by a plethora of FEATUREs; in particular, see 1722masquerade_envelope, allmasquerade, limited_masquerade, and 1723masquerade_entire_domain. 1724 1725The masquerade name is not normally canonified, so it is important 1726that it be your One True Name, that is, fully qualified and not a 1727CNAME. However, if you use a CNAME, the receiving side may canonify 1728it for you, so don't think you can cheat CNAME mapping this way. 1729 1730Normally the only addresses that are masqueraded are those that come 1731from this host (that is, are either unqualified or in class {w}, the list 1732of local domain names). You can augment this list, which is realized 1733by class {M} using 1734 1735 MASQUERADE_DOMAIN(`otherhost.domain') 1736 1737The effect of this is that although mail to user@otherhost.domain 1738will not be delivered locally, any mail including any user@otherhost.domain 1739will, when relayed, be rewritten to have the MASQUERADE_AS address. 1740This can be a space-separated list of names. 1741 1742If these names are in a file, you can use 1743 1744 MASQUERADE_DOMAIN_FILE(`filename') 1745 1746to read the list of names from the indicated file (i.e., to add 1747elements to class {M}). 1748 1749To exempt hosts or subdomains from being masqueraded, you can use 1750 1751 MASQUERADE_EXCEPTION(`host.domain') 1752 1753This can come handy if you want to masquerade a whole domain 1754except for one (or a few) host(s). If these names are in a file, 1755you can use 1756 1757 MASQUERADE_EXCEPTION_FILE(`filename') 1758 1759Normally only header addresses are masqueraded. If you want to 1760masquerade the envelope as well, use 1761 1762 FEATURE(`masquerade_envelope') 1763 1764There are always users that need to be "exposed" -- that is, their 1765internal site name should be displayed instead of the masquerade name. 1766Root is an example (which has been "exposed" by default prior to 8.10). 1767You can add users to this list using 1768 1769 EXPOSED_USER(`usernames') 1770 1771This adds users to class {E}; you could also use 1772 1773 EXPOSED_USER_FILE(`filename') 1774 1775You can also arrange to relay all unqualified names (that is, names 1776without @host) to a relay host. For example, if you have a central 1777email server, you might relay to that host so that users don't have 1778to have .forward files or aliases. You can do this using 1779 1780 define(`LOCAL_RELAY', `mailer:hostname') 1781 1782The ``mailer:'' can be omitted, in which case the mailer defaults to 1783"relay". There are some user names that you don't want relayed, perhaps 1784because of local aliases. A common example is root, which may be 1785locally aliased. You can add entries to this list using 1786 1787 LOCAL_USER(`usernames') 1788 1789This adds users to class {L}; you could also use 1790 1791 LOCAL_USER_FILE(`filename') 1792 1793If you want all incoming mail sent to a centralized hub, as for a 1794shared /var/spool/mail scheme, use 1795 1796 define(`MAIL_HUB', `mailer:hostname') 1797 1798Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1799and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 1800be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1801Note: there is a (long standing) bug which keeps this combination from 1802working for addresses of the form user+detail. 1803Names in class {L} will be delivered locally, so you MUST have aliases or 1804.forward files for them. 1805 1806For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1807FEATURE(`stickyhost'), the following combinations of settings will have the 1808indicated effects: 1809 1810email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1811 1812LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1813mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1814 1815MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1816mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1817 1818Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1819MAIL_HUB set as above (no local aliasing) (aliasing done) 1820 1821If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 1822MAIL_HUB act identically, with MAIL_HUB taking precedence. 1823 1824If you want all outgoing mail to go to a central relay site, define 1825SMART_HOST as well. Briefly: 1826 1827 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1828 MAIL_HUB applies to names qualified with the name of the 1829 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1830 SMART_HOST applies to names qualified with other hosts or 1831 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" 1832 or "eric@[127.0.0.1]"). 1833 1834However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1835DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1836really want absolutely everything to go to a single central site you will 1837need to unset all the other relays -- or better yet, find or build a 1838minimal config file that does this. 1839 1840For duplicate suppression to work properly, the host name is best 1841specified with a terminal dot: 1842 1843 define(`MAIL_HUB', `host.domain.') 1844 note the trailing dot ---^ 1845 1846 1847+-------------------------------------------+ 1848| USING LDAP FOR ALIASES, MAPS, AND CLASSES | 1849+-------------------------------------------+ 1850 1851LDAP can be used for aliases, maps, and classes by either specifying your 1852own LDAP map specification or using the built-in default LDAP map 1853specification. The built-in default specifications all provide lookups 1854which match against either the machine's fully qualified hostname (${j}) or 1855a "cluster". The cluster allows you to share LDAP entries among a large 1856number of machines without having to enter each of the machine names into 1857each LDAP entry. To set the LDAP cluster name to use for a particular 1858machine or set of machines, set the confLDAP_CLUSTER m4 variable to a 1859unique name. For example: 1860 1861 define(`confLDAP_CLUSTER', `Servers') 1862 1863Here, the word `Servers' will be the cluster name. As an example, assume 1864that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong 1865to the Servers cluster. 1866 1867Some of the LDAP LDIF examples below show use of the Servers cluster. 1868Every entry must have either a sendmailMTAHost or sendmailMTACluster 1869attribute or it will be ignored. Be careful as mixing clusters and 1870individual host records can have surprising results (see the CAUTION 1871sections below). 1872 1873See the file cf/sendmail.schema for the actual LDAP schemas. Note that 1874this schema (and therefore the lookups and examples below) is experimental 1875at this point as it has had little public review. Therefore, it may change 1876in future versions. Feedback via sendmail-YYYY@support.sendmail.org is 1877encouraged (replace YYYY with the current year, e.g., 2005). 1878 1879------- 1880Aliases 1881------- 1882 1883The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias 1884lookups. To use the default schema, simply use: 1885 1886 define(`ALIAS_FILE', `ldap:') 1887 1888By doing so, you will use the default schema which expands to a map 1889declared as follows: 1890 1891 ldap -k (&(objectClass=sendmailMTAAliasObject) 1892 (sendmailMTAAliasGrouping=aliases) 1893 (|(sendmailMTACluster=${sendmailMTACluster}) 1894 (sendmailMTAHost=$j)) 1895 (sendmailMTAKey=%0)) 1896 -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject 1897 1898 1899NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1900used when the binary expands the `ldap:' token as the AliasFile option is 1901not actually macro-expanded when read from the sendmail.cf file. 1902 1903Example LDAP LDIF entries might be: 1904 1905 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org 1906 objectClass: sendmailMTA 1907 objectClass: sendmailMTAAlias 1908 objectClass: sendmailMTAAliasObject 1909 sendmailMTAAliasGrouping: aliases 1910 sendmailMTAHost: etrn.sendmail.org 1911 sendmailMTAKey: sendmail-list 1912 sendmailMTAAliasValue: ca@example.org 1913 sendmailMTAAliasValue: eric 1914 sendmailMTAAliasValue: gshapiro@example.com 1915 1916 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org 1917 objectClass: sendmailMTA 1918 objectClass: sendmailMTAAlias 1919 objectClass: sendmailMTAAliasObject 1920 sendmailMTAAliasGrouping: aliases 1921 sendmailMTAHost: etrn.sendmail.org 1922 sendmailMTAKey: owner-sendmail-list 1923 sendmailMTAAliasValue: eric 1924 1925 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org 1926 objectClass: sendmailMTA 1927 objectClass: sendmailMTAAlias 1928 objectClass: sendmailMTAAliasObject 1929 sendmailMTAAliasGrouping: aliases 1930 sendmailMTACluster: Servers 1931 sendmailMTAKey: postmaster 1932 sendmailMTAAliasValue: eric 1933 1934Here, the aliases sendmail-list and owner-sendmail-list will be available 1935only on etrn.sendmail.org but the postmaster alias will be available on 1936every machine in the Servers cluster (including etrn.sendmail.org). 1937 1938CAUTION: aliases are additive so that entries like these: 1939 1940 dn: sendmailMTAKey=bob, dc=sendmail, dc=org 1941 objectClass: sendmailMTA 1942 objectClass: sendmailMTAAlias 1943 objectClass: sendmailMTAAliasObject 1944 sendmailMTAAliasGrouping: aliases 1945 sendmailMTACluster: Servers 1946 sendmailMTAKey: bob 1947 sendmailMTAAliasValue: eric 1948 1949 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org 1950 objectClass: sendmailMTA 1951 objectClass: sendmailMTAAlias 1952 objectClass: sendmailMTAAliasObject 1953 sendmailMTAAliasGrouping: aliases 1954 sendmailMTAHost: etrn.sendmail.org 1955 sendmailMTAKey: bob 1956 sendmailMTAAliasValue: gshapiro 1957 1958would mean that on all of the hosts in the cluster, mail to bob would go to 1959eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and 1960gshapiro. 1961 1962If you prefer not to use the default LDAP schema for your aliases, you can 1963specify the map parameters when setting ALIAS_FILE. For example: 1964 1965 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember') 1966 1967---- 1968Maps 1969---- 1970 1971FEATURE()'s which take an optional map definition argument (e.g., access, 1972mailertable, virtusertable, etc.) can instead take the special keyword 1973`LDAP', e.g.: 1974 1975 FEATURE(`access_db', `LDAP') 1976 FEATURE(`virtusertable', `LDAP') 1977 1978When this keyword is given, that map will use LDAP lookups consisting of 1979the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName 1980with the map name, a search attribute of sendmailMTAKey, and the value 1981attribute sendmailMTAMapValue. 1982 1983The values for sendmailMTAMapName are: 1984 1985 FEATURE() sendmailMTAMapName 1986 --------- ------------------ 1987 access_db access 1988 authinfo authinfo 1989 bitdomain bitdomain 1990 domaintable domain 1991 genericstable generics 1992 mailertable mailer 1993 uucpdomain uucpdomain 1994 virtusertable virtuser 1995 1996For example, FEATURE(`mailertable', `LDAP') would use the map definition: 1997 1998 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject) 1999 (sendmailMTAMapName=mailer) 2000 (|(sendmailMTACluster=${sendmailMTACluster}) 2001 (sendmailMTAHost=$j)) 2002 (sendmailMTAKey=%0)) 2003 -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject 2004 2005An example LDAP LDIF entry using this map might be: 2006 2007 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org 2008 objectClass: sendmailMTA 2009 objectClass: sendmailMTAMap 2010 sendmailMTACluster: Servers 2011 sendmailMTAMapName: mailer 2012 2013 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org 2014 objectClass: sendmailMTA 2015 objectClass: sendmailMTAMap 2016 objectClass: sendmailMTAMapObject 2017 sendmailMTAMapName: mailer 2018 sendmailMTACluster: Servers 2019 sendmailMTAKey: example.com 2020 sendmailMTAMapValue: relay:[smtp.example.com] 2021 2022CAUTION: If your LDAP database contains the record above and *ALSO* a host 2023specific record such as: 2024 2025 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org 2026 objectClass: sendmailMTA 2027 objectClass: sendmailMTAMap 2028 objectClass: sendmailMTAMapObject 2029 sendmailMTAMapName: mailer 2030 sendmailMTAHost: etrn.sendmail.org 2031 sendmailMTAKey: example.com 2032 sendmailMTAMapValue: relay:[mx.example.com] 2033 2034then these entries will give unexpected results. When the lookup is done 2035on etrn.sendmail.org, the effect is that there is *NO* match at all as maps 2036require a single match. Since the host etrn.sendmail.org is also in the 2037Servers cluster, LDAP would return two answers for the example.com map key 2038in which case sendmail would treat this as no match at all. 2039 2040If you prefer not to use the default LDAP schema for your maps, you can 2041specify the map parameters when using the FEATURE(). For example: 2042 2043 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value') 2044 2045------- 2046Classes 2047------- 2048 2049Normally, classes can be filled via files or programs. As of 8.12, they 2050can also be filled via map lookups using a new syntax: 2051 2052 F{ClassName}mapkey@mapclass:mapspec 2053 2054mapkey is optional and if not provided the map key will be empty. This can 2055be used with LDAP to read classes from LDAP. Note that the lookup is only 2056done when sendmail is initially started. Use the special value `@LDAP' to 2057use the default LDAP schema. For example: 2058 2059 RELAY_DOMAIN_FILE(`@LDAP') 2060 2061would put all of the attribute sendmailMTAClassValue values of LDAP records 2062with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of 2063'R' into class $={R}. In other words, it is equivalent to the LDAP map 2064specification: 2065 2066 F{R}@ldap:-k (&(objectClass=sendmailMTAClass) 2067 (sendmailMTAClassName=R) 2068 (|(sendmailMTACluster=${sendmailMTACluster}) 2069 (sendmailMTAHost=$j))) 2070 -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass 2071 2072NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 2073used when the binary expands the `@LDAP' token as class declarations are 2074not actually macro-expanded when read from the sendmail.cf file. 2075 2076This can be used with class related commands such as RELAY_DOMAIN_FILE(), 2077MASQUERADE_DOMAIN_FILE(), etc: 2078 2079 Command sendmailMTAClassName 2080 ------- -------------------- 2081 CANONIFY_DOMAIN_FILE() Canonify 2082 EXPOSED_USER_FILE() E 2083 GENERICS_DOMAIN_FILE() G 2084 LDAPROUTE_DOMAIN_FILE() LDAPRoute 2085 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv 2086 LOCAL_USER_FILE() L 2087 MASQUERADE_DOMAIN_FILE() M 2088 MASQUERADE_EXCEPTION_FILE() N 2089 RELAY_DOMAIN_FILE() R 2090 VIRTUSER_DOMAIN_FILE() VirtHost 2091 2092You can also add your own as any 'F'ile class of the form: 2093 2094 F{ClassName}@LDAP 2095 ^^^^^^^^^ 2096will use "ClassName" for the sendmailMTAClassName. 2097 2098An example LDAP LDIF entry would look like: 2099 2100 dn: sendmailMTAClassName=R, dc=sendmail, dc=org 2101 objectClass: sendmailMTA 2102 objectClass: sendmailMTAClass 2103 sendmailMTACluster: Servers 2104 sendmailMTAClassName: R 2105 sendmailMTAClassValue: sendmail.org 2106 sendmailMTAClassValue: example.com 2107 sendmailMTAClassValue: 10.56.23 2108 2109CAUTION: If your LDAP database contains the record above and *ALSO* a host 2110specific record such as: 2111 2112 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org 2113 objectClass: sendmailMTA 2114 objectClass: sendmailMTAClass 2115 sendmailMTAHost: etrn.sendmail.org 2116 sendmailMTAClassName: R 2117 sendmailMTAClassValue: example.com 2118 2119the result will be similar to the aliases caution above. When the lookup 2120is done on etrn.sendmail.org, $={R} would contain all of the entries (from 2121both the cluster match and the host match). In other words, the effective 2122is additive. 2123 2124If you prefer not to use the default LDAP schema for your classes, you can 2125specify the map parameters when using the class command. For example: 2126 2127 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host') 2128 2129Remember, macros can not be used in a class declaration as the binary does 2130not expand them. 2131 2132 2133+--------------+ 2134| LDAP ROUTING | 2135+--------------+ 2136 2137FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft 2138LDAP Schema for Intranet Mail Routing 2139(draft-lachman-laser-ldap-mail-routing-01). This feature enables 2140LDAP-based rerouting of a particular address to either a different host 2141or a different address. The LDAP lookup is first attempted on the full 2142address (e.g., user@example.com) and then on the domain portion 2143(e.g., @example.com). Be sure to setup your domain for LDAP routing using 2144LDAPROUTE_DOMAIN(), e.g.: 2145 2146 LDAPROUTE_DOMAIN(`example.com') 2147 2148Additionally, you can specify equivalent domains for LDAP routing using 2149LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent' 2150hostnames are mapped to $M (the masqueraded hostname for the server) before 2151the LDAP query. For example, if the mail is addressed to 2152user@host1.example.com, normally the LDAP lookup would only be done for 2153'user@host1.example.com' and '@host1.example.com'. However, if 2154LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be 2155done on 'user@example.com' and '@example.com' after attempting the 2156host1.example.com lookups. 2157 2158By default, the feature will use the schemas as specified in the draft 2159and will not reject addresses not found by the LDAP lookup. However, 2160this behavior can be changed by giving additional arguments to the FEATURE() 2161command: 2162 2163 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, 2164 <detail>, <nodomain>, <tempfail>) 2165 2166where <mailHost> is a map definition describing how to lookup an alternative 2167mail host for a particular address; <mailRoutingAddress> is a map definition 2168describing how to lookup an alternative address for a particular address; 2169the <bounce> argument, if present and not the word "passthru", dictates 2170that mail should be bounced if neither a mailHost nor mailRoutingAddress 2171is found, if set to "sendertoo", the sender will be rejected if not 2172found in LDAP; and <detail> indicates what actions to take if the address 2173contains +detail information -- `strip' tries the lookup with the +detail 2174and if no matches are found, strips the +detail and tries the lookup again; 2175`preserve', does the same as `strip' but if a mailRoutingAddress match is 2176found, the +detail information is copied to the new address; the <nodomain> 2177argument, if present, will prevent the @domain lookup if the full 2178address is not found in LDAP; the <tempfail> argument, if set to 2179"tempfail", instructs the rules to give an SMTP 4XX temporary 2180error if the LDAP server gives the MTA a temporary failure, or if set to 2181"queue" (the default), the MTA will locally queue the mail. 2182 2183The default <mailHost> map definition is: 2184 2185 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient) 2186 (mailLocalAddress=%0)) 2187 2188The default <mailRoutingAddress> map definition is: 2189 2190 ldap -1 -T<TMPF> -v mailRoutingAddress 2191 -k (&(objectClass=inetLocalMailRecipient) 2192 (mailLocalAddress=%0)) 2193 2194Note that neither includes the LDAP server hostname (-h server) or base DN 2195(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that 2196your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with 2197these settings. If this is not the case, the map definitions should be 2198changed as described above. The "-T<TMPF>" is required in any user 2199specified map definition to catch temporary errors. 2200 2201The following possibilities exist as a result of an LDAP lookup on an 2202address: 2203 2204 mailHost is mailRoutingAddress is Results in 2205 ----------- --------------------- ---------- 2206 set to a set mail delivered to 2207 "local" host mailRoutingAddress 2208 2209 set to a not set delivered to 2210 "local" host original address 2211 2212 set to a set mailRoutingAddress 2213 remote host relayed to mailHost 2214 2215 set to a not set original address 2216 remote host relayed to mailHost 2217 2218 not set set mail delivered to 2219 mailRoutingAddress 2220 2221 not set not set delivered to 2222 original address *OR* 2223 bounced as unknown user 2224 2225The term "local" host above means the host specified is in class {w}. If 2226the result would mean sending the mail to a different host, that host is 2227looked up in the mailertable before delivery. 2228 2229Note that the last case depends on whether the third argument is given 2230to the FEATURE() command. The default is to deliver the message to the 2231original address. 2232 2233The LDAP entries should be set up with an objectClass of 2234inetLocalMailRecipient and the address be listed in a mailLocalAddress 2235attribute. If present, there must be only one mailHost attribute and it 2236must contain a fully qualified host name as its value. Similarly, if 2237present, there must be only one mailRoutingAddress attribute and it must 2238contain an RFC 822 compliant address. Some example LDAP records (in LDIF 2239format): 2240 2241 dn: uid=tom, o=example.com, c=US 2242 objectClass: inetLocalMailRecipient 2243 mailLocalAddress: tom@example.com 2244 mailRoutingAddress: thomas@mailhost.example.com 2245 2246This would deliver mail for tom@example.com to thomas@mailhost.example.com. 2247 2248 dn: uid=dick, o=example.com, c=US 2249 objectClass: inetLocalMailRecipient 2250 mailLocalAddress: dick@example.com 2251 mailHost: eng.example.com 2252 2253This would relay mail for dick@example.com to the same address but redirect 2254the mail to MX records listed for the host eng.example.com (unless the 2255mailertable overrides). 2256 2257 dn: uid=harry, o=example.com, c=US 2258 objectClass: inetLocalMailRecipient 2259 mailLocalAddress: harry@example.com 2260 mailHost: mktmail.example.com 2261 mailRoutingAddress: harry@mkt.example.com 2262 2263This would relay mail for harry@example.com to the MX records listed for 2264the host mktmail.example.com using the new address harry@mkt.example.com 2265when talking to that host. 2266 2267 dn: uid=virtual.example.com, o=example.com, c=US 2268 objectClass: inetLocalMailRecipient 2269 mailLocalAddress: @virtual.example.com 2270 mailHost: server.example.com 2271 mailRoutingAddress: virtual@example.com 2272 2273This would send all mail destined for any username @virtual.example.com to 2274the machine server.example.com's MX servers and deliver to the address 2275virtual@example.com on that relay machine. 2276 2277 2278+---------------------------------+ 2279| ANTI-SPAM CONFIGURATION CONTROL | 2280+---------------------------------+ 2281 2282The primary anti-spam features available in sendmail are: 2283 2284* Relaying is denied by default. 2285* Better checking on sender information. 2286* Access database. 2287* Header checks. 2288 2289Relaying (transmission of messages from a site outside your host (class 2290{w}) to another site except yours) is denied by default. Note that this 2291changed in sendmail 8.9; previous versions allowed relaying by default. 2292If you really want to revert to the old behaviour, you will need to use 2293FEATURE(`promiscuous_relay'). You can allow certain domains to relay 2294through your server by adding their domain name or IP address to class 2295{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database 2296(described below). Note that IPv6 addresses must be prefaced with "IPv6:". 2297The file consists (like any other file based class) of entries listed on 2298separate lines, e.g., 2299 2300 sendmail.org 2301 128.32 2302 IPv6:2002:c0a8:02c7 2303 IPv6:2002:c0a8:51d2::23f4 2304 host.mydomain.com 2305 [UNIX:localhost] 2306 2307Notice: the last entry allows relaying for connections via a UNIX 2308socket to the MTA/MSP. This might be necessary if your configuration 2309doesn't allow relaying by other means in that case, e.g., by having 2310localhost.$m in class {R} (make sure $m is not just a top level 2311domain). 2312 2313If you use 2314 2315 FEATURE(`relay_entire_domain') 2316 2317then any host in any of your local domains (that is, class {m}) 2318will be relayed (that is, you will accept mail either to or from any 2319host in your domain). 2320 2321You can also allow relaying based on the MX records of the host 2322portion of an incoming recipient address by using 2323 2324 FEATURE(`relay_based_on_MX') 2325 2326For example, if your server receives a recipient of user@domain.com 2327and domain.com lists your server in its MX records, the mail will be 2328accepted for relay to domain.com. This feature may cause problems 2329if MX lookups for the recipient domain are slow or time out. In that 2330case, mail will be temporarily rejected. It is usually better to 2331maintain a list of hosts/domains for which the server acts as relay. 2332Note also that this feature will stop spammers from using your host 2333to relay spam but it will not stop outsiders from using your server 2334as a relay for their site (that is, they set up an MX record pointing 2335to your mail server, and you will relay mail addressed to them 2336without any prior arrangement). Along the same lines, 2337 2338 FEATURE(`relay_local_from') 2339 2340will allow relaying if the sender specifies a return path (i.e. 2341MAIL FROM:<user@domain>) domain which is a local domain. This is a 2342dangerous feature as it will allow spammers to spam using your mail 2343server by simply specifying a return address of user@your.domain.com. 2344It should not be used unless absolutely necessary. 2345A slightly better solution is 2346 2347 FEATURE(`relay_mail_from') 2348 2349which allows relaying if the mail sender is listed as RELAY in the 2350access map. If an optional argument `domain' (this is the literal 2351word `domain', not a placeholder) is given, the domain portion of 2352the mail sender is also checked to allowing relaying. This option 2353only works together with the tag From: for the LHS of the access 2354map entries. This feature allows spammers to abuse your mail server 2355by specifying a return address that you enabled in your access file. 2356This may be harder to figure out for spammers, but it should not 2357be used unless necessary. Instead use SMTP AUTH or STARTTLS to 2358allow relaying for roaming users. 2359 2360 2361If source routing is used in the recipient address (e.g., 2362RCPT TO:<user%site.com@othersite.com>), sendmail will check 2363user@site.com for relaying if othersite.com is an allowed relay host 2364in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, 2365or the access database if FEATURE(`access_db') is used. To prevent 2366the address from being stripped down, use: 2367 2368 FEATURE(`loose_relay_check') 2369 2370If you think you need to use this feature, you probably do not. This 2371should only be used for sites which have no control over the addresses 2372that they provide a gateway for. Use this FEATURE with caution as it 2373can allow spammers to relay through your server if not setup properly. 2374 2375NOTICE: It is possible to relay mail through a system which the anti-relay 2376rules do not prevent: the case of a system that does use FEATURE(`nouucp', 2377`nospecial') (system A) and relays local messages to a mail hub (e.g., via 2378LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use 2379FEATURE(`nouucp') at all, addresses of the form 2380<example.net!user@local.host> would be relayed to <user@example.net>. 2381System A doesn't recognize `!' as an address separator and therefore 2382forwards it to the mail hub which in turns relays it because it came from 2383a trusted local host. So if a mailserver allows UUCP (bang-format) 2384addresses, all systems from which it allows relaying should do the same 2385or reject those addresses. 2386 2387As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 2388an unresolvable domain (i.e., one that DNS, your local name service, 2389or special case rules in ruleset 3 cannot locate). This also applies 2390to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the 2391IP address can't be mapped to a host name. If you want to continue 2392to accept such domains, e.g., because you are inside a firewall that 2393has only a limited view of the Internet host name space (note that you 2394will not be able to return mail to them unless you have some "smart 2395host" forwarder), use 2396 2397 FEATURE(`accept_unresolvable_domains') 2398 2399Alternatively, you can allow specific addresses by adding them to 2400the access map, e.g., 2401 2402 From:unresolvable.domain OK 2403 From:[1.2.3.4] OK 2404 From:[1.2.4] OK 2405 2406Notice: domains which are temporarily unresolvable are (temporarily) 2407rejected with a 451 reply code. If those domains should be accepted 2408(which is discouraged) then you can use 2409 2410 LOCAL_CONFIG 2411 C{ResOk}TEMP 2412 2413sendmail will also refuse mail if the MAIL FROM: parameter is not 2414fully qualified (i.e., contains a domain as well as a user). If you 2415want to continue to accept such senders, use 2416 2417 FEATURE(`accept_unqualified_senders') 2418 2419Setting the DaemonPortOptions modifier 'u' overrides the default behavior, 2420i.e., unqualified addresses are accepted even without this FEATURE. If 2421this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used 2422to enforce fully qualified domain names. 2423 2424An ``access'' database can be created to accept or reject mail from 2425selected domains. For example, you may choose to reject all mail 2426originating from known spammers. To enable such a database, use 2427 2428 FEATURE(`access_db') 2429 2430Notice: the access database is applied to the envelope addresses 2431and the connection information, not to the header. 2432 2433The FEATURE macro can accept as second parameter the key file 2434definition for the database; for example 2435 2436 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map') 2437 2438Notice: If a second argument is specified it must contain the option 2439`-T<TMPF>' as shown above. The optional third and fourth parameters 2440may be `skip' or `lookupdotdomain'. The former enables SKIP as 2441value part (see below), the latter is another way to enable the 2442feature of the same name (see above). 2443 2444Remember, since /etc/mail/access is a database, after creating the text 2445file as described below, you must use makemap to create the database 2446map. For example: 2447 2448 makemap hash /etc/mail/access < /etc/mail/access 2449 2450The table itself uses e-mail addresses, domain names, and network 2451numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:". 2452For example, 2453 2454 From:spammer@aol.com REJECT 2455 From:cyberspammer.com REJECT 2456 Connect:cyberspammer.com REJECT 2457 Connect:TLD REJECT 2458 Connect:192.168.212 REJECT 2459 Connect:IPv6:2002:c0a8:02c7 RELAY 2460 Connect:IPv6:2002:c0a8:51d2::23f4 REJECT 2461 2462would refuse mail from spammer@aol.com, any user from cyberspammer.com 2463(or any host within the cyberspammer.com domain), any host in the entire 2464top level domain TLD, 192.168.212.* network, and the IPv6 address 24652002:c0a8:51d2::23f4. It would allow relay for the IPv6 network 24662002:c0a8:02c7::/48. 2467 2468Entries in the access map should be tagged according to their type. 2469Three tags are available: 2470 2471 Connect: connection information (${client_addr}, ${client_name}) 2472 From: envelope sender 2473 To: envelope recipient 2474 2475Notice: untagged entries are deprecated. 2476 2477If the required item is looked up in a map, it will be tried first 2478with the corresponding tag in front, then (as fallback to enable 2479backward compatibility) without any tag, unless the specific feature 2480requires a tag. For example, 2481 2482 From:spammer@some.dom REJECT 2483 To:friend.domain RELAY 2484 Connect:friend.domain OK 2485 Connect:from.domain RELAY 2486 From:good@another.dom OK 2487 From:another.dom REJECT 2488 2489This would deny mails from spammer@some.dom but you could still 2490send mail to that address even if FEATURE(`blacklist_recipients') 2491is enabled. Your system will allow relaying to friend.domain, but 2492not from it (unless enabled by other means). Connections from that 2493domain will be allowed even if it ends up in one of the DNS based 2494rejection lists. Relaying is enabled from from.domain but not to 2495it (since relaying is based on the connection information for 2496outgoing relaying, the tag Connect: must be used; for incoming 2497relaying, which is based on the recipient address, To: must be 2498used). The last two entries allow mails from good@another.dom but 2499reject mail from all other addresses with another.dom as domain 2500part. 2501 2502 2503The value part of the map can contain: 2504 2505 OK Accept mail even if other rules in the running 2506 ruleset would reject it, for example, if the domain 2507 name is unresolvable. "Accept" does not mean 2508 "relay", but at most acceptance for local 2509 recipients. That is, OK allows less than RELAY. 2510 RELAY Accept mail addressed to the indicated domain or 2511 received from the indicated domain for relaying 2512 through your SMTP server. RELAY also serves as 2513 an implicit OK for the other checks. 2514 REJECT Reject the sender or recipient with a general 2515 purpose message. 2516 DISCARD Discard the message completely using the 2517 $#discard mailer. If it is used in check_compat, 2518 it affects only the designated recipient, not 2519 the whole message as it does in all other cases. 2520 This should only be used if really necessary. 2521 SKIP This can only be used for host/domain names 2522 and IP addresses/nets. It will abort the current 2523 search for this entry without accepting or rejecting 2524 it but causing the default action. 2525 ### any text where ### is an RFC 821 compliant error code and 2526 "any text" is a message to return for the command. 2527 The entire string should be quoted to avoid 2528 surprises: 2529 2530 "### any text" 2531 2532 Otherwise sendmail formats the text as email 2533 addresses, e.g., it may remove spaces. 2534 This type is deprecated, use one of the two 2535 ERROR: entries below instead. 2536 ERROR:### any text 2537 as above, but useful to mark error messages as such. 2538 If quotes need to be used to avoid modifications 2539 (see above), they should be placed like this: 2540 2541 ERROR:"### any text" 2542 2543 ERROR:D.S.N:### any text 2544 where D.S.N is an RFC 1893 compliant error code 2545 and the rest as above. If quotes need to be used 2546 to avoid modifications, they should be placed 2547 like this: 2548 2549 ERROR:D.S.N:"### any text" 2550 2551 QUARANTINE:any text 2552 Quarantine the message using the given text as the 2553 quarantining reason. 2554 2555For example: 2556 2557 From:cyberspammer.com ERROR:"550 We don't accept mail from spammers" 2558 From:okay.cyberspammer.com OK 2559 Connect:sendmail.org RELAY 2560 To:sendmail.org RELAY 2561 Connect:128.32 RELAY 2562 Connect:128.32.2 SKIP 2563 Connect:IPv6:1:2:3:4:5:6:7 RELAY 2564 Connect:suspicious.example.com QUARANTINE:Mail from suspicious host 2565 Connect:[127.0.0.3] OK 2566 Connect:[IPv6:1:2:3:4:5:6:7:8] OK 2567 2568would accept mail from okay.cyberspammer.com, but would reject mail 2569from all other hosts at cyberspammer.com with the indicated message. 2570It would allow relaying mail from and to any hosts in the sendmail.org 2571domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network 2572and from the 128.32.*.* network except for the 128.32.2.* network, 2573which shows how SKIP is useful to exempt subnets/subdomains. The 2574last two entries are for checks against ${client_name} if the IP 2575address doesn't resolve to a hostname (or is considered as "may be 2576forged"). That is, using square brackets means these are host 2577names, not network numbers. 2578 2579Warning: if you change the RFC 821 compliant error code from the default 2580value of 550, then you should probably also change the RFC 1893 compliant 2581error code to match it. For example, if you use 2582 2583 To:user@example.com ERROR:450 mailbox full 2584 2585the error returned would be "450 5.0.0 mailbox full" which is wrong. 2586Use "ERROR:4.2.2:450 mailbox full" instead. 2587 2588Note, UUCP users may need to add hostname.UUCP to the access database 2589or class {R}. 2590 2591If you also use: 2592 2593 FEATURE(`relay_hosts_only') 2594 2595then the above example will allow relaying for sendmail.org, but not 2596hosts within the sendmail.org domain. Note that this will also require 2597hosts listed in class {R} to be fully qualified host names. 2598 2599You can also use the access database to block sender addresses based on 2600the username portion of the address. For example: 2601 2602 From:FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted 2603 2604Note that you must include the @ after the username to signify that 2605this database entry is for checking only the username portion of the 2606sender address. 2607 2608If you use: 2609 2610 FEATURE(`blacklist_recipients') 2611 2612then you can add entries to the map for local users, hosts in your 2613domains, or addresses in your domain which should not receive mail: 2614 2615 To:badlocaluser@ ERROR:550 Mailbox disabled for badlocaluser 2616 To:host.my.TLD ERROR:550 That host does not accept mail 2617 To:user@other.my.TLD ERROR:550 Mailbox disabled for this recipient 2618 2619This would prevent a recipient of badlocaluser in any of the local 2620domains (class {w}), any user at host.my.TLD, and the single address 2621user@other.my.TLD from receiving mail. Please note: a local username 2622must be now tagged with an @ (this is consistent with the check of 2623the sender address, and hence it is possible to distinguish between 2624hostnames and usernames). Enabling this feature will keep you from 2625sending mails to all addresses that have an error message or REJECT 2626as value part in the access map. Taking the example from above: 2627 2628 spammer@aol.com REJECT 2629 cyberspammer.com REJECT 2630 2631Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 2632That's why tagged entries should be used. 2633 2634There are several DNS based blacklists, the first of which was 2635the RBL (``Realtime Blackhole List'') run by the MAPS project, 2636see http://mail-abuse.org/. These are databases of spammers 2637maintained in DNS. To use such a database, specify 2638 2639 FEATURE(`dnsbl') 2640 2641This will cause sendmail to reject mail from any site in the original 2642Realtime Blackhole List database. This default DNS blacklist, 2643blackholes.mail-abuse.org, is a service offered by the Mail Abuse 2644Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription 2645service, so using that network address won't work if you haven't 2646subscribed. Contact MAPS to subscribe (http://mail-abuse.org/). 2647 2648You can specify an alternative RBL server to check by specifying an 2649argument to the FEATURE. The default error message is 2650 2651 Rejected: IP-ADDRESS listed at SERVER 2652 2653where IP-ADDRESS and SERVER are replaced by the appropriate 2654information. A second argument can be used to specify a different 2655text. By default, temporary lookup failures are ignored and hence 2656cause the connection not to be rejected by the DNS based rejection 2657list. This behavior can be changed by specifying a third argument, 2658which must be either `t' or a full error message. For example: 2659 2660 FEATURE(`dnsbl', `dnsbl.example.com', `', 2661 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"') 2662 2663If `t' is used, the error message is: 2664 2665 451 Temporary lookup failure of IP-ADDRESS at SERVER 2666 2667where IP-ADDRESS and SERVER are replaced by the appropriate 2668information. 2669 2670This FEATURE can be included several times to query different 2671DNS based rejection lists, e.g., the dial-up user list (see 2672http://mail-abuse.org/dul/). 2673 2674Notice: to avoid checking your own local domains against those 2675blacklists, use the access_db feature and add: 2676 2677 Connect:10.1 OK 2678 Connect:127.0.0.1 RELAY 2679 2680to the access map, where 10.1 is your local network. You may 2681want to use "RELAY" instead of "OK" to allow also relaying 2682instead of just disabling the DNS lookups in the blacklists. 2683 2684 2685The features described above make use of the check_relay, check_mail, 2686and check_rcpt rulesets. Note that check_relay checks the SMTP 2687client hostname and IP address when the connection is made to your 2688server. It does not check if a mail message is being relayed to 2689another server. That check is done in check_rcpt. If you wish to 2690include your own checks, you can put your checks in the rulesets 2691Local_check_relay, Local_check_mail, and Local_check_rcpt. For 2692example if you wanted to block senders with all numeric usernames 2693(i.e. 2312343@bigisp.com), you would use Local_check_mail and the 2694regex map: 2695 2696 LOCAL_CONFIG 2697 Kallnumbers regex -a@MATCH ^[0-9]+$ 2698 2699 LOCAL_RULESETS 2700 SLocal_check_mail 2701 # check address against various regex checks 2702 R$* $: $>Parse0 $>3 $1 2703 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 2704 R@MATCH $#error $: 553 Header Error 2705 2706These rules are called with the original arguments of the corresponding 2707check_* ruleset. If the local ruleset returns $#OK, no further checking 2708is done by the features described above and the mail is accepted. If 2709the local ruleset resolves to a mailer (such as $#error or $#discard), 2710the appropriate action is taken. Other results starting with $# are 2711interpreted by sendmail and may lead to unspecified behavior. Note: do 2712NOT create a mailer with the name OK. Return values that do not start 2713with $# are ignored, i.e., normal processing continues. 2714 2715Delay all checks 2716---------------- 2717 2718By using FEATURE(`delay_checks') the rulesets check_mail and check_relay 2719will not be called when a client connects or issues a MAIL command, 2720respectively. Instead, those rulesets will be called by the check_rcpt 2721ruleset; they will be skipped if a sender has been authenticated using 2722a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). 2723If check_mail returns an error then the RCPT TO command will be rejected 2724with that error. If it returns some other result starting with $# then 2725check_relay will be skipped. If the sender address (or a part of it) is 2726listed in the access map and it has a RHS of OK or RELAY, then check_relay 2727will be skipped. This has an interesting side effect: if your domain is 2728my.domain and you have 2729 2730 my.domain RELAY 2731 2732in the access map, then any e-mail with a sender address of 2733<user@my.domain> will not be rejected by check_relay even though 2734it would match the hostname or IP address. This allows spammers 2735to get around DNS based blacklist by faking the sender address. To 2736avoid this problem you have to use tagged entries: 2737 2738 To:my.domain RELAY 2739 Connect:my.domain RELAY 2740 2741if you need those entries at all (class {R} may take care of them). 2742 2743FEATURE(`delay_checks') can take an optional argument: 2744 2745 FEATURE(`delay_checks', `friend') 2746 enables spamfriend test 2747 FEATURE(`delay_checks', `hater') 2748 enables spamhater test 2749 2750If such an argument is given, the recipient will be looked up in the 2751access map (using the tag Spam:). If the argument is `friend', then 2752the default behavior is to apply the other rulesets and make a SPAM 2753friend the exception. The rulesets check_mail and check_relay will be 2754skipped only if the recipient address is found and has RHS FRIEND. If 2755the argument is `hater', then the default behavior is to skip the rulesets 2756check_mail and check_relay and make a SPAM hater the exception. The 2757other two rulesets will be applied only if the recipient address is 2758found and has RHS HATER. 2759 2760This allows for simple exceptions from the tests, e.g., by activating 2761the friend option and having 2762 2763 Spam:abuse@ FRIEND 2764 2765in the access map, mail to abuse@localdomain will get through (where 2766"localdomain" is any domain in class {w}). It is also possible to 2767specify a full address or an address with +detail: 2768 2769 Spam:abuse@my.domain FRIEND 2770 Spam:me+abuse@ FRIEND 2771 Spam:spam.domain FRIEND 2772 2773Note: The required tag has been changed in 8.12 from To: to Spam:. 2774This change is incompatible to previous versions. However, you can 2775(for now) simply add the new entries to the access map, the old 2776ones will be ignored. As soon as you removed the old entries from 2777the access map, specify a third parameter (`n') to this feature and 2778the backward compatibility rules will not be in the generated .cf 2779file. 2780 2781Header Checks 2782------------- 2783 2784You can also reject mail on the basis of the contents of headers. 2785This is done by adding a ruleset call to the 'H' header definition command 2786in sendmail.cf. For example, this can be used to check the validity of 2787a Message-ID: header: 2788 2789 LOCAL_CONFIG 2790 HMessage-Id: $>CheckMessageId 2791 2792 LOCAL_RULESETS 2793 SCheckMessageId 2794 R< $+ @ $+ > $@ OK 2795 R$* $#error $: 553 Header Error 2796 2797The alternative format: 2798 2799 HSubject: $>+CheckSubject 2800 2801that is, $>+ instead of $>, gives the full Subject: header including 2802comments to the ruleset (comments in parentheses () are stripped 2803by default). 2804 2805A default ruleset for headers which don't have a specific ruleset 2806defined for them can be given by: 2807 2808 H*: $>CheckHdr 2809 2810Notice: 28111. All rules act on tokens as explained in doc/op/op.{me,ps,txt}. 2812That may cause problems with simple header checks due to the 2813tokenization. It might be simpler to use a regex map and apply it 2814to $&{currHeader}. 28152. There are no default rulesets coming with this distribution of 2816sendmail. You can write your own, can search the WWW for examples, 2817or take a look at cf/cf/knecht.mc. 28183. When using a default ruleset for headers, the name of the header 2819currently being checked can be found in the $&{hdr_name} macro. 2820 2821After all of the headers are read, the check_eoh ruleset will be called for 2822any final header-related checks. The ruleset is called with the number of 2823headers and the size of all of the headers in bytes separated by $|. One 2824example usage is to reject messages which do not have a Message-Id: 2825header. However, the Message-Id: header is *NOT* a required header and is 2826not a guaranteed spam indicator. This ruleset is an example and should 2827probably not be used in production. 2828 2829 LOCAL_CONFIG 2830 Kstorage macro 2831 HMessage-Id: $>CheckMessageId 2832 2833 LOCAL_RULESETS 2834 SCheckMessageId 2835 # Record the presence of the header 2836 R$* $: $(storage {MessageIdCheck} $@ OK $) $1 2837 R< $+ @ $+ > $@ OK 2838 R$* $#error $: 553 Header Error 2839 2840 Scheck_eoh 2841 # Check the macro 2842 R$* $: < $&{MessageIdCheck} > 2843 # Clear the macro for the next message 2844 R$* $: $(storage {MessageIdCheck} $) $1 2845 # Has a Message-Id: header 2846 R< $+ > $@ OK 2847 # Allow missing Message-Id: from local mail 2848 R$* $: < $&{client_name} > 2849 R< > $@ OK 2850 R< $=w > $@ OK 2851 # Otherwise, reject the mail 2852 R$* $#error $: 553 Header Error 2853 2854 2855+--------------------+ 2856| CONNECTION CONTROL | 2857+--------------------+ 2858 2859The features ratecontrol and conncontrol allow to establish connection 2860limits per client IP address or net. These features can limit the 2861rate of connections (connections per time unit) or the number of 2862incoming SMTP connections, respectively. If enabled, appropriate 2863rulesets are called at the end of check_relay, i.e., after DNS 2864blacklists and generic access_db operations. The features require 2865FEATURE(`access_db') to be listed earlier in the mc file. 2866 2867Note: FEATURE(`delay_checks') delays those connection control checks 2868after a recipient address has been received, hence making these 2869connection control features less useful. To run the checks as early 2870as possible, specify the parameter `nodelay', e.g., 2871 2872 FEATURE(`ratecontrol', `nodelay') 2873 2874In that case, FEATURE(`delay_checks') has no effect on connection 2875control (and it must be specified earlier in the mc file). 2876 2877An optional second argument `terminate' specifies whether the 2878rulesets should return the error code 421 which will cause 2879sendmail to terminate the session with that error if it is 2880returned from check_relay, i.e., not delayed as explained in 2881the previous paragraph. Example: 2882 2883 FEATURE(`ratecontrol', `nodelay', `terminate') 2884 2885 2886+----------+ 2887| STARTTLS | 2888+----------+ 2889 2890In this text, cert will be used as an abbreviation for X.509 certificate, 2891DN (CN) is the distinguished (common) name of a cert, and CA is a 2892certification authority, which signs (issues) certs. 2893 2894For STARTTLS to be offered by sendmail you need to set at least 2895these variables (the file names and paths are just examples): 2896 2897 define(`confCACERT_PATH', `/etc/mail/certs/') 2898 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 2899 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 2900 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 2901 2902On systems which do not have the compile flag HASURANDOM set (see 2903sendmail/README) you also must set confRAND_FILE. 2904 2905See doc/op/op.{me,ps,txt} for more information about these options, 2906especially the sections ``Certificates for STARTTLS'' and ``PRNG for 2907STARTTLS''. 2908 2909Macros related to STARTTLS are: 2910 2911${cert_issuer} holds the DN of the CA (the cert issuer). 2912${cert_subject} holds the DN of the cert (called the cert subject). 2913${cn_issuer} holds the CN of the CA (the cert issuer). 2914${cn_subject} holds the CN of the cert (called the cert subject). 2915${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, 2916 TLSv1/SSLv3, SSLv3, SSLv2. 2917${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 2918 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. 2919${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm 2920 used for the connection. 2921${verify} holds the result of the verification of the presented cert. 2922 Possible values are: 2923 OK verification succeeded. 2924 NO no cert presented. 2925 NOT no cert requested. 2926 FAIL cert presented but could not be verified, 2927 e.g., the cert of the signing CA is missing. 2928 NONE STARTTLS has not been performed. 2929 TEMP temporary error occurred. 2930 PROTOCOL protocol error occurred (SMTP level). 2931 SOFTWARE STARTTLS handshake failed. 2932${server_name} the name of the server of the current outgoing SMTP 2933 connection. 2934${server_addr} the address of the server of the current outgoing SMTP 2935 connection. 2936 2937Relaying 2938-------- 2939 2940SMTP STARTTLS can allow relaying for remote SMTP clients which have 2941successfully authenticated themselves. If the verification of the cert 2942failed (${verify} != OK), relaying is subject to the usual rules. 2943Otherwise the DN of the issuer is looked up in the access map using the 2944tag CERTISSUER. If the resulting value is RELAY, relaying is allowed. 2945If it is SUBJECT, the DN of the cert subject is looked up next in the 2946access map using the tag CERTSUBJECT. If the value is RELAY, relaying 2947is allowed. 2948 2949To make things a bit more flexible (or complicated), the values for 2950${cert_issuer} and ${cert_subject} can be optionally modified by regular 2951expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and 2952_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in 2953rulesets and map lookups, they are modified as follows: each non-printable 2954character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced 2955by their HEX value with a leading '+'. For example: 2956 2957/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= 2958darth+cert@endmail.org 2959 2960is encoded as: 2961 2962/C=US/ST=California/O=endmail.org/OU=private/CN= 2963Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2964 2965(line breaks have been inserted for readability). 2966 2967The macros which are subject to this encoding are ${cert_subject}, 2968${cert_issuer}, ${cn_subject}, and ${cn_issuer}. 2969 2970Examples: 2971 2972To allow relaying for everyone who can present a cert signed by 2973 2974/C=US/ST=California/O=endmail.org/OU=private/CN= 2975Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2976 2977simply use: 2978 2979CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2980Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY 2981 2982To allow relaying only for a subset of machines that have a cert signed by 2983 2984/C=US/ST=California/O=endmail.org/OU=private/CN= 2985Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2986 2987use: 2988 2989CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2990Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT 2991CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= 2992DeathStar/Email=deathstar@endmail.org RELAY 2993 2994Notes: 2995- line breaks have been inserted after "CN=" for readability, 2996 each tagged entry must be one (long) line in the access map. 2997- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN 2998 is replaced by "emailAddress=". 2999 3000Of course it is also possible to write a simple ruleset that allows 3001relaying for everyone who can present a cert that can be verified, e.g., 3002 3003LOCAL_RULESETS 3004SLocal_check_rcpt 3005R$* $: $&{verify} 3006ROK $# OK 3007 3008Allowing Connections 3009-------------------- 3010 3011The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether 3012an SMTP connection is accepted (or should continue). 3013 3014tls_server is called when sendmail acts as client after a STARTTLS command 3015(should) have been issued. The parameter is the value of ${verify}. 3016 3017tls_client is called when sendmail acts as server, after a STARTTLS command 3018has been issued, and from check_mail. The parameter is the value of 3019${verify} and STARTTLS or MAIL, respectively. 3020 3021Both rulesets behave the same. If no access map is in use, the connection 3022will be accepted unless ${verify} is SOFTWARE, in which case the connection 3023is always aborted. For tls_server/tls_client, ${client_name}/${server_name} 3024is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done 3025with the ruleset LookUpDomain. If no entry is found, ${client_addr} 3026(${server_addr}) is looked up in the access map (same tag, ruleset 3027LookUpAddr). If this doesn't result in an entry either, just the tag is 3028looked up in the access map (included the trailing colon). Notice: 3029requiring that e-mail is sent to a server only encrypted, e.g., via 3030 3031TLS_Srv:secure.domain ENCR:112 3032 3033doesn't necessarily mean that e-mail sent to that domain is encrypted. 3034If the domain has multiple MX servers, e.g., 3035 3036secure.domain. IN MX 10 mail.secure.domain. 3037secure.domain. IN MX 50 mail.other.domain. 3038 3039then mail to user@secure.domain may go unencrypted to mail.other.domain. 3040tls_rcpt can be used to address this problem. 3041 3042tls_rcpt is called before a RCPT TO: command is sent. The parameter is the 3043current recipient. This ruleset is only defined if FEATURE(`access_db') 3044is selected. A recipient address user@domain is looked up in the access 3045map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain, 3046and TLS_Rcpt:; the first match is taken. 3047 3048The result of the lookups is then used to call the ruleset TLS_connection, 3049which checks the requirement specified by the RHS in the access map against 3050the actual parameters of the current TLS connection, esp. ${verify} and 3051${cipher_bits}. Legal RHSs in the access map are: 3052 3053VERIFY verification must have succeeded 3054VERIFY:bits verification must have succeeded and ${cipher_bits} must 3055 be greater than or equal bits. 3056ENCR:bits ${cipher_bits} must be greater than or equal bits. 3057 3058The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary 3059or permanent error. The default is a temporary error code (403 4.7.0) 3060unless the macro TLS_PERM_ERR is set during generation of the .cf file. 3061 3062If a certain level of encryption is required, then it might also be 3063possible that this level is provided by the security layer from a SASL 3064algorithm, e.g., DIGEST-MD5. 3065 3066Furthermore, there can be a list of extensions added. Such a list 3067starts with '+' and the items are separated by '++'. Allowed 3068extensions are: 3069 3070CN:name name must match ${cn_subject} 3071CN ${server_name} must match ${cn_subject} 3072CS:name name must match ${cert_subject} 3073CI:name name must match ${cert_issuer} 3074 3075Example: e-mail sent to secure.example.com should only use an encrypted 3076connection. E-mail received from hosts within the laptop.example.com domain 3077should only be accepted if they have been authenticated. The host which 3078receives e-mail for darth@endmail.org must present a cert that uses the 3079CN smtp.endmail.org. 3080 3081TLS_Srv:secure.example.com ENCR:112 3082TLS_Clt:laptop.example.com PERM+VERIFY:112 3083TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org 3084 3085 3086Disabling STARTTLS And Setting SMTP Server Features 3087--------------------------------------------------- 3088 3089By default STARTTLS is used whenever possible. However, there are 3090some broken MTAs that don't properly implement STARTTLS. To be able 3091to send to (or receive from) those MTAs, the ruleset try_tls 3092(srv_features) can be used that work together with the access map. 3093Entries for the access map must be tagged with Try_TLS (Srv_Features) 3094and refer to the hostname or IP address of the connecting system. 3095A default case can be specified by using just the tag. For example, 3096the following entries in the access map: 3097 3098 Try_TLS:broken.server NO 3099 Srv_Features:my.domain v 3100 Srv_Features: V 3101 3102will turn off STARTTLS when sending to broken.server (or any host 3103in that domain), and request a client certificate during the TLS 3104handshake only for hosts in my.domain. The valid entries on the RHS 3105for Srv_Features are listed in the Sendmail Installation and 3106Operations Guide. 3107 3108 3109Received: Header 3110---------------- 3111 3112The Received: header reveals whether STARTTLS has been used. It contains an 3113extra line: 3114 3115(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify}) 3116 3117 3118+---------------------+ 3119| SMTP AUTHENTICATION | 3120+---------------------+ 3121 3122The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be 3123used in anti-relay rulesets to allow relaying for those users that 3124authenticated themselves. A very simple example is: 3125 3126SLocal_check_rcpt 3127R$* $: $&{auth_type} 3128R$+ $# OK 3129 3130which checks whether a user has successfully authenticated using 3131any available mechanism. Depending on the setup of the Cyrus SASL 3132library, more sophisticated rulesets might be required, e.g., 3133 3134SLocal_check_rcpt 3135R$* $: $&{auth_type} $| $&{auth_authen} 3136RDIGEST-MD5 $| $+@$=w $# OK 3137 3138to allow relaying for users that authenticated using DIGEST-MD5 3139and have an identity in the local domains. 3140 3141The ruleset trust_auth is used to determine whether a given AUTH= 3142parameter (that is passed to this ruleset) should be trusted. This 3143ruleset may make use of the other ${auth_*} macros. Only if the 3144ruleset resolves to the error mailer, the AUTH= parameter is not 3145trusted. A user supplied ruleset Local_trust_auth can be written 3146to modify the default behavior, which only trust the AUTH= 3147parameter if it is identical to the authenticated user. 3148 3149Per default, relaying is allowed for any user who authenticated 3150via a "trusted" mechanism, i.e., one that is defined via 3151TRUST_AUTH_MECH(`list of mechanisms') 3152For example: 3153TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5') 3154 3155If the selected mechanism provides a security layer the number of 3156bits used for the key of the symmetric cipher is stored in the 3157macro ${auth_ssf}. 3158 3159Providing SMTP AUTH Data when sendmail acts as Client 3160----------------------------------------------------- 3161 3162If sendmail acts as client, it needs some information how to 3163authenticate against another MTA. This information can be provided 3164by the ruleset authinfo or by the option DefaultAuthInfo. The 3165authinfo ruleset looks up {server_name} using the tag AuthInfo: in 3166the access map. If no entry is found, {server_addr} is looked up 3167in the same way and finally just the tag AuthInfo: to provide 3168default values. Note: searches for domain parts or IP nets are 3169only performed if the access map is used; if the authinfo feature 3170is used then only up to three lookups are performed (two exact 3171matches, one default). 3172 3173Note: If your daemon does client authentication when sending, and 3174if it uses either PLAIN or LOGIN authentication, then you *must* 3175prevent ordinary users from seeing verbose output. Do NOT install 3176sendmail set-user-ID. Use PrivacyOptions to turn off verbose output 3177("goaway" works for this). 3178 3179Notice: the default configuration file causes the option DefaultAuthInfo 3180to fail since the ruleset authinfo is in the .cf file. If you really 3181want to use DefaultAuthInfo (it is deprecated) then you have to 3182remove the ruleset. 3183 3184The RHS for an AuthInfo: entry in the access map should consists of a 3185list of tokens, each of which has the form: "TDstring" (including 3186the quotes). T is a tag which describes the item, D is a delimiter, 3187either ':' for simple text or '=' for a base64 encoded string. 3188Valid values for the tag are: 3189 3190 U user (authorization) id 3191 I authentication id 3192 P password 3193 R realm 3194 M list of mechanisms delimited by spaces 3195 3196Example entries are: 3197 3198AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5" 3199AuthInfo:host.more.dom "U:user" "P=c2VjcmV0" 3200 3201User id or authentication id must exist as well as the password. All 3202other entries have default values. If one of user or authentication 3203id is missing, the existing value is used for the missing item. 3204If "R:" is not specified, realm defaults to $j. The list of mechanisms 3205defaults to those specified by AuthMechanisms. 3206 3207Since this map contains sensitive information, either the access 3208map must be unreadable by everyone but root (or the trusted user) 3209or FEATURE(`authinfo') must be used which provides a separate map. 3210Notice: It is not checked whether the map is actually 3211group/world-unreadable, this is left to the user. 3212 3213+--------------------------------+ 3214| ADDING NEW MAILERS OR RULESETS | 3215+--------------------------------+ 3216 3217Sometimes you may need to add entirely new mailers or rulesets. They 3218should be introduced with the constructs MAILER_DEFINITIONS and 3219LOCAL_RULESETS respectively. For example: 3220 3221 MAILER_DEFINITIONS 3222 Mmymailer, ... 3223 ... 3224 3225 LOCAL_RULESETS 3226 Smyruleset 3227 ... 3228 3229Local additions for the rulesets srv_features, try_tls, tls_rcpt, 3230tls_client, and tls_server can be made using LOCAL_SRV_FEATURES, 3231LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER, 3232respectively. For example, to add a local ruleset that decides 3233whether to try STARTTLS in a sendmail client, use: 3234 3235 LOCAL_TRY_TLS 3236 R... 3237 3238Note: you don't need to add a name for the ruleset, it is implicitly 3239defined by using the appropriate macro. 3240 3241 3242+-------------------------+ 3243| ADDING NEW MAIL FILTERS | 3244+-------------------------+ 3245 3246Sendmail supports mail filters to filter incoming SMTP messages according 3247to the "Sendmail Mail Filter API" documentation. These filters can be 3248configured in your mc file using the two commands: 3249 3250 MAIL_FILTER(`name', `equates') 3251 INPUT_MAIL_FILTER(`name', `equates') 3252 3253The first command, MAIL_FILTER(), simply defines a filter with the given 3254name and equates. For example: 3255 3256 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3257 3258This creates the equivalent sendmail.cf entry: 3259 3260 Xarchive, S=local:/var/run/archivesock, F=R 3261 3262The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER 3263but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name 3264of the filter such that the filter will actually be called by sendmail. 3265 3266For example, the two commands: 3267 3268 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3269 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3270 3271are equivalent to the three commands: 3272 3273 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3274 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3275 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') 3276 3277In general, INPUT_MAIL_FILTER() should be used unless you need to define 3278more filters than you want to use for `confINPUT_MAIL_FILTERS'. 3279 3280Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() 3281commands will clear the list created by the prior INPUT_MAIL_FILTER() 3282commands. 3283 3284 3285+-------------------------+ 3286| QUEUE GROUP DEFINITIONS | 3287+-------------------------+ 3288 3289In addition to the queue directory (which is the default queue group 3290called "mqueue"), sendmail can deal with multiple queue groups, which 3291are collections of queue directories with the same behaviour. Queue 3292groups can be defined using the command: 3293 3294 QUEUE_GROUP(`name', `equates') 3295 3296For details about queue groups, please see doc/op/op.{me,ps,txt}. 3297 3298+-------------------------------+ 3299| NON-SMTP BASED CONFIGURATIONS | 3300+-------------------------------+ 3301 3302These configuration files are designed primarily for use by 3303SMTP-based sites. They may not be well tuned for UUCP-only or 3304UUCP-primarily nodes (the latter is defined as a small local net 3305connected to the rest of the world via UUCP). However, there is 3306one hook to handle some special cases. 3307 3308You can define a ``smart host'' that understands a richer address syntax 3309using: 3310 3311 define(`SMART_HOST', `mailer:hostname') 3312 3313In this case, the ``mailer:'' defaults to "relay". Any messages that 3314can't be handled using the usual UUCP rules are passed to this host. 3315 3316If you are on a local SMTP-based net that connects to the outside 3317world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 3318For example: 3319 3320 define(`SMART_HOST', `uucp-new:uunet') 3321 LOCAL_NET_CONFIG 3322 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 3323 3324This will cause all names that end in your domain name ($m) to be sent 3325via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. 3326If you have FEATURE(`nocanonify'), you may need to omit the dots after 3327the $m. If you are running a local DNS inside your domain which is 3328not otherwise connected to the outside world, you probably want to 3329use: 3330 3331 define(`SMART_HOST', `smtp:fire.wall.com') 3332 LOCAL_NET_CONFIG 3333 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 3334 3335That is, send directly only to things you found in your DNS lookup; 3336anything else goes through SMART_HOST. 3337 3338You may need to turn off the anti-spam rules in order to accept 3339UUCP mail with FEATURE(`promiscuous_relay') and 3340FEATURE(`accept_unresolvable_domains'). 3341 3342 3343+-----------+ 3344| WHO AM I? | 3345+-----------+ 3346 3347Normally, the $j macro is automatically defined to be your fully 3348qualified domain name (FQDN). Sendmail does this by getting your 3349host name using gethostname and then calling gethostbyname on the 3350result. For example, in some environments gethostname returns 3351only the root of the host name (such as "foo"); gethostbyname is 3352supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 3353cases, gethostbyname may fail to return the FQDN. In this case 3354you MUST define confDOMAIN_NAME to be your fully qualified domain 3355name. This is usually done using: 3356 3357 Dmbar.com 3358 define(`confDOMAIN_NAME', `$w.$m')dnl 3359 3360 3361+-----------------------------------+ 3362| ACCEPTING MAIL FOR MULTIPLE NAMES | 3363+-----------------------------------+ 3364 3365If your host is known by several different names, you need to augment 3366class {w}. This is a list of names by which your host is known, and 3367anything sent to an address using a host name in this list will be 3368treated as local mail. You can do this in two ways: either create the 3369file /etc/mail/local-host-names containing a list of your aliases (one per 3370line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add 3371``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified 3372name of the host, rather than a short name. 3373 3374If you want to have different address in different domains, take 3375a look at the virtusertable feature, which is also explained at 3376http://www.sendmail.org/virtual-hosting.html 3377 3378 3379+--------------------+ 3380| USING MAILERTABLES | 3381+--------------------+ 3382 3383To use FEATURE(`mailertable'), you will have to create an external 3384database containing the routing information for various domains. 3385For example, a mailertable file in text format might be: 3386 3387 .my.domain xnet:%1.my.domain 3388 uuhost1.my.domain uucp-new:uuhost1 3389 .bitnet smtp:relay.bit.net 3390 3391This should normally be stored in /etc/mail/mailertable. The actual 3392database version of the mailertable is built using: 3393 3394 makemap hash /etc/mail/mailertable < /etc/mail/mailertable 3395 3396The semantics are simple. Any LHS entry that does not begin with 3397a dot matches the full host name indicated. LHS entries beginning 3398with a dot match anything ending with that domain name (including 3399the leading dot) -- that is, they can be thought of as having a 3400leading ".+" regular expression pattern for a non-empty sequence of 3401characters. Matching is done in order of most-to-least qualified 3402-- for example, even though ".my.domain" is listed first in the 3403above example, an entry of "uuhost1.my.domain" will match the second 3404entry since it is more explicit. Note: e-mail to "user@my.domain" 3405does not match any entry in the above table. You need to have 3406something like: 3407 3408 my.domain esmtp:host.my.domain 3409 3410The RHS should always be a "mailer:host" pair. The mailer is the 3411configuration name of a mailer (that is, an M line in the 3412sendmail.cf file). The "host" will be the hostname passed to 3413that mailer. In domain-based matches (that is, those with leading 3414dots) the "%1" may be used to interpolate the wildcarded part of 3415the host name. For example, the first line above sends everything 3416addressed to "anything.my.domain" to that same host name, but using 3417the (presumably experimental) xnet mailer. 3418 3419In some cases you may want to temporarily turn off MX records, 3420particularly on gateways. For example, you may want to MX 3421everything in a domain to one machine that then forwards it 3422directly. To do this, you might use the DNS configuration: 3423 3424 *.domain. IN MX 0 relay.machine 3425 3426and on relay.machine use the mailertable: 3427 3428 .domain smtp:[gateway.domain] 3429 3430The [square brackets] turn off MX records for this host only. 3431If you didn't do this, the mailertable would use the MX record 3432again, which would give you an MX loop. Note that the use of 3433wildcard MX records is almost always a bad idea. Please avoid 3434using them if possible. 3435 3436 3437+--------------------------------+ 3438| USING USERDB TO MAP FULL NAMES | 3439+--------------------------------+ 3440 3441The user database was not originally intended for mapping full names 3442to login names (e.g., Eric.Allman => eric), but some people are using 3443it that way. (it is recommended that you set up aliases for this 3444purpose instead -- since you can specify multiple alias files, this 3445is fairly easy.) The intent was to locate the default maildrop at 3446a site, but allow you to override this by sending to a specific host. 3447 3448If you decide to set up the user database in this fashion, it is 3449imperative that you not use FEATURE(`stickyhost') -- otherwise, 3450e-mail sent to Full.Name@local.host.name will be rejected. 3451 3452To build the internal form of the user database, use: 3453 3454 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt 3455 3456As a general rule, it is an extremely bad idea to using full names 3457as e-mail addresses, since they are not in any sense unique. For 3458example, the UNIX software-development community has at least two 3459well-known Peter Deutsches, and at one time Bell Labs had two 3460Stephen R. Bournes with offices along the same hallway. Which one 3461will be forced to suffer the indignity of being Stephen_R_Bourne_2? 3462The less famous of the two, or the one that was hired later? 3463 3464Finger should handle full names (and be fuzzy). Mail should use 3465handles, and not be fuzzy. 3466 3467 3468+--------------------------------+ 3469| MISCELLANEOUS SPECIAL FEATURES | 3470+--------------------------------+ 3471 3472Plussed users 3473 Sometimes it is convenient to merge configuration on a 3474 centralized mail machine, for example, to forward all 3475 root mail to a mail server. In this case it might be 3476 useful to be able to treat the root addresses as a class 3477 of addresses with subtle differences. You can do this 3478 using plussed users. For example, a client might include 3479 the alias: 3480 3481 root: root+client1@server 3482 3483 On the server, this will match an alias for "root+client1". 3484 If that is not found, the alias "root+*" will be tried, 3485 then "root". 3486 3487 3488+----------------+ 3489| SECURITY NOTES | 3490+----------------+ 3491 3492A lot of sendmail security comes down to you. Sendmail 8 is much 3493more careful about checking for security problems than previous 3494versions, but there are some things that you still need to watch 3495for. In particular: 3496 3497* Make sure the aliases file is not writable except by trusted 3498 system personnel. This includes both the text and database 3499 version. 3500 3501* Make sure that other files that sendmail reads, such as the 3502 mailertable, are only writable by trusted system personnel. 3503 3504* The queue directory should not be world writable PARTICULARLY 3505 if your system allows "file giveaways" (that is, if a non-root 3506 user can chown any file they own to any other user). 3507 3508* If your system allows file giveaways, DO NOT create a publically 3509 writable directory for forward files. This will allow anyone 3510 to steal anyone else's e-mail. Instead, create a script that 3511 copies the .forward file from users' home directories once a 3512 night (if you want the non-NFS-mounted forward directory). 3513 3514* If your system allows file giveaways, you'll find that 3515 sendmail is much less trusting of :include: files -- in 3516 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 3517 /etc/shells before they will be trusted (that is, before 3518 files and programs listed in them will be honored). 3519 3520In general, file giveaways are a mistake -- if you can turn them 3521off, do so. 3522 3523 3524+--------------------------------+ 3525| TWEAKING CONFIGURATION OPTIONS | 3526+--------------------------------+ 3527 3528There are a large number of configuration options that don't normally 3529need to be changed. However, if you feel you need to tweak them, 3530you can define the following M4 variables. Note that some of these 3531variables require formats that are defined in RFC 2821 or RFC 2822. 3532Before changing them you need to make sure you do not violate those 3533(and other relevant) RFCs. 3534 3535This list is shown in four columns: the name you define, the default 3536value for that definition, the option or macro that is affected 3537(either Ox for an option or Dx for a macro), and a brief description. 3538Greater detail of the semantics can be found in the Installation 3539and Operations Guide. 3540 3541Some options are likely to be deprecated in future versions -- that is, 3542the option is only included to provide back-compatibility. These are 3543marked with "*". 3544 3545Remember that these options are M4 variables, and hence may need to 3546be quoted. In particular, arguments with commas will usually have to 3547be ``double quoted, like this phrase'' to avoid having the comma 3548confuse things. This is common for alias file definitions and for 3549the read timeout. 3550 3551M4 Variable Name Configuration [Default] & Description 3552================ ============= ======================= 3553confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 3554 for internally generated outgoing 3555 messages. 3556confDOMAIN_NAME $j macro If defined, sets $j. This should 3557 only be done if your system cannot 3558 determine your local domain name, 3559 and then it should be set to 3560 $w.Foo.COM, where Foo.COM is your 3561 domain name. 3562confCF_VERSION $Z macro If defined, this is appended to the 3563 configuration version name. 3564confLDAP_CLUSTER ${sendmailMTACluster} macro 3565 If defined, this is the LDAP 3566 cluster to use for LDAP searches 3567 as described above in ``USING LDAP 3568 FOR ALIASES, MAPS, AND CLASSES''. 3569confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 3570 internally generated From: address. 3571confRECEIVED_HEADER Received: 3572 [$?sfrom $s $.$?_($?s$|from $.$_) 3573 $.$?{auth_type}(authenticated) 3574 $.by $j ($v/$Z)$?r with $r$. id $i$?u 3575 for $u; $|; 3576 $.$b] 3577 The format of the Received: header 3578 in messages passed through this host. 3579 It is unwise to try to change this. 3580confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an 3581 internally generated Message-Id: 3582 header. 3583confCW_FILE Fw class [/etc/mail/local-host-names] Name 3584 of file used to get the local 3585 additions to class {w} (local host 3586 names). 3587confCT_FILE Ft class [/etc/mail/trusted-users] Name of 3588 file used to get the local additions 3589 to class {t} (trusted users). 3590confCR_FILE FR class [/etc/mail/relay-domains] Name of 3591 file used to get the local additions 3592 to class {R} (hosts allowed to relay). 3593confTRUSTED_USERS Ct class [no default] Names of users to add to 3594 the list of trusted users. This list 3595 always includes root, uucp, and daemon. 3596 See also FEATURE(`use_ct_file'). 3597confTRUSTED_USER TrustedUser [no default] Trusted user for file 3598 ownership and starting the daemon. 3599 Not to be confused with 3600 confTRUSTED_USERS (see above). 3601confSMTP_MAILER - [esmtp] The mailer name used when 3602 SMTP connectivity is required. 3603 One of "smtp", "smtp8", 3604 "esmtp", or "dsmtp". 3605confUUCP_MAILER - [uucp-old] The mailer to be used by 3606 default for bang-format recipient 3607 addresses. See also discussion of 3608 class {U}, class {Y}, and class {Z} 3609 in the MAILER(`uucp') section. 3610confLOCAL_MAILER - [local] The mailer name used when 3611 local connectivity is required. 3612 Almost always "local". 3613confRELAY_MAILER - [relay] The default mailer name used 3614 for relaying any mail (e.g., to a 3615 BITNET_RELAY, a SMART_HOST, or 3616 whatever). This can reasonably be 3617 "uucp-new" if you are on a 3618 UUCP-connected site. 3619confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 3620confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 3621confALIAS_WAIT AliasWait [10m] Time to wait for alias file 3622 rebuild until you get bored and 3623 decide that the apparently pending 3624 rebuild failed. 3625confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 3626 queue filesystem to accept SMTP mail. 3627 (Prior to 8.7 this was minfree/maxsize, 3628 where minfree was the number of free 3629 blocks and maxsize was the maximum 3630 message size. Use confMAX_MESSAGE_SIZE 3631 for the second value now.) 3632confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 3633 that will be accepted (in bytes). 3634confBLANK_SUB BlankSub [.] Blank (space) substitution 3635 character. 3636confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 3637 to mailers marked expensive. 3638confCHECKPOINT_INTERVAL CheckpointInterval 3639 [10] Checkpoint queue files every N 3640 recipients. 3641confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 3642confERROR_MODE ErrorMode [print] Error message mode. 3643confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 3644confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 3645confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 3646confMATCH_GECOS MatchGECOS [False] Match GECOS field. 3647confMAX_HOP MaxHopCount [25] Maximum hop count. 3648confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd 3649 mode] Ignore dot as terminator for 3650 incoming messages? 3651confBIND_OPTS ResolverOptions [undefined] Default options for DNS 3652 resolver. 3653confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 3654 encapsulated messages per RFC 1344. 3655confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 3656 The colon-separated list of places to 3657 search for .forward files. N.B.: see 3658 the Security Notes section. 3659confMCI_CACHE_SIZE ConnectionCacheSize 3660 [2] Size of open connection cache. 3661confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 3662 [5m] Open connection cache timeout. 3663confHOST_STATUS_DIRECTORY HostStatusDirectory 3664 [undefined] If set, host status is kept 3665 on disk between sendmail runs in the 3666 named directory tree. This need not be 3667 a full pathname, in which case it is 3668 interpreted relative to the queue 3669 directory. 3670confSINGLE_THREAD_DELIVERY SingleThreadDelivery 3671 [False] If this option and the 3672 HostStatusDirectory option are both 3673 set, single thread deliveries to other 3674 hosts. That is, don't allow any two 3675 sendmails on this host to connect 3676 simultaneously to any other single 3677 host. This can slow down delivery in 3678 some cases, in particular since a 3679 cached but otherwise idle connection 3680 to a host will prevent other sendmails 3681 from connecting to the other host. 3682confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to 3683 deliver error messages. This should 3684 not be necessary because of general 3685 acceptance of the envelope/header 3686 distinction. 3687confLOG_LEVEL LogLevel [9] Log level. 3688confME_TOO MeToo [True] Include sender in group 3689 expansions. This option is 3690 deprecated and will be removed from 3691 a future version. 3692confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 3693 running newaliases. Since this does 3694 DNS lookups on every address, it can 3695 slow down the alias rebuild process 3696 considerably on large alias files. 3697confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 3698 special chars are old style. 3699confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 3700confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 3701 copies of all error messages. 3702confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 3703confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for 3704 queue files (octal). If not set, 3705 sendmail uses 0600 unless its real 3706 and effective uid are different in 3707 which case it uses 0644. 3708confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 3709 syntax addresses to the minimum 3710 possible. 3711confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 3712 before forking. 3713confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 3714 on the initial connect. 3715confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 3716 connect() to complete. This can only 3717 shorten connection timeouts; the kernel 3718 silently enforces an absolute maximum 3719 (which varies depending on the system). 3720confTO_ICONNECT Timeout.iconnect 3721 [undefined] Like Timeout.connect, but 3722 applies only to the very first attempt 3723 to connect to a host in a message. 3724 This allows a single very fast pass 3725 followed by more careful delivery 3726 attempts in the future. 3727confTO_ACONNECT Timeout.aconnect 3728 [0] The overall timeout waiting for 3729 all connection for a single delivery 3730 attempt to succeed. If 0, no overall 3731 limit is applied. 3732confTO_HELO Timeout.helo [5m] The timeout waiting for a response 3733 to a HELO or EHLO command. 3734confTO_MAIL Timeout.mail [10m] The timeout waiting for a 3735 response to the MAIL command. 3736confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 3737 to the RCPT command. 3738confTO_DATAINIT Timeout.datainit 3739 [5m] The timeout waiting for a 354 3740 response from the DATA command. 3741confTO_DATABLOCK Timeout.datablock 3742 [1h] The timeout waiting for a block 3743 during DATA phase. 3744confTO_DATAFINAL Timeout.datafinal 3745 [1h] The timeout waiting for a response 3746 to the final "." that terminates a 3747 message. 3748confTO_RSET Timeout.rset [5m] The timeout waiting for a response 3749 to the RSET command. 3750confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 3751 to the QUIT command. 3752confTO_MISC Timeout.misc [2m] The timeout waiting for a response 3753 to other SMTP commands. 3754confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout 3755 waiting for a command to be issued. 3756confTO_IDENT Timeout.ident [5s] The timeout waiting for a 3757 response to an IDENT query. 3758confTO_FILEOPEN Timeout.fileopen 3759 [60s] The timeout waiting for a file 3760 (e.g., :include: file) to be opened. 3761confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response 3762 to an LMTP LHLO command. 3763confTO_AUTH Timeout.auth [10m] The timeout waiting for a 3764 response in an AUTH dialogue. 3765confTO_STARTTLS Timeout.starttls 3766 [1h] The timeout waiting for a 3767 response to an SMTP STARTTLS command. 3768confTO_CONTROL Timeout.control 3769 [2m] The timeout for a complete 3770 control socket transaction to complete. 3771confTO_QUEUERETURN Timeout.queuereturn 3772 [5d] The timeout before a message is 3773 returned as undeliverable. 3774confTO_QUEUERETURN_NORMAL 3775 Timeout.queuereturn.normal 3776 [undefined] As above, for normal 3777 priority messages. 3778confTO_QUEUERETURN_URGENT 3779 Timeout.queuereturn.urgent 3780 [undefined] As above, for urgent 3781 priority messages. 3782confTO_QUEUERETURN_NONURGENT 3783 Timeout.queuereturn.non-urgent 3784 [undefined] As above, for non-urgent 3785 (low) priority messages. 3786confTO_QUEUERETURN_DSN 3787 Timeout.queuereturn.dsn 3788 [undefined] As above, for delivery 3789 status notification messages. 3790confTO_QUEUEWARN Timeout.queuewarn 3791 [4h] The timeout before a warning 3792 message is sent to the sender telling 3793 them that the message has been 3794 deferred. 3795confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 3796 [undefined] As above, for normal 3797 priority messages. 3798confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 3799 [undefined] As above, for urgent 3800 priority messages. 3801confTO_QUEUEWARN_NONURGENT 3802 Timeout.queuewarn.non-urgent 3803 [undefined] As above, for non-urgent 3804 (low) priority messages. 3805confTO_QUEUEWARN_DSN 3806 Timeout.queuewarn.dsn 3807 [undefined] As above, for delivery 3808 status notification messages. 3809confTO_HOSTSTATUS Timeout.hoststatus 3810 [30m] How long information about host 3811 statuses will be maintained before it 3812 is considered stale and the host should 3813 be retried. This applies both within 3814 a single queue run and to persistent 3815 information (see below). 3816confTO_RESOLVER_RETRANS Timeout.resolver.retrans 3817 [varies] Sets the resolver's 3818 retransmission time interval (in 3819 seconds). Sets both 3820 Timeout.resolver.retrans.first and 3821 Timeout.resolver.retrans.normal. 3822confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 3823 [varies] Sets the resolver's 3824 retransmission time interval (in 3825 seconds) for the first attempt to 3826 deliver a message. 3827confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 3828 [varies] Sets the resolver's 3829 retransmission time interval (in 3830 seconds) for all resolver lookups 3831 except the first delivery attempt. 3832confTO_RESOLVER_RETRY Timeout.resolver.retry 3833 [varies] Sets the number of times 3834 to retransmit a resolver query. 3835 Sets both 3836 Timeout.resolver.retry.first and 3837 Timeout.resolver.retry.normal. 3838confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 3839 [varies] Sets the number of times 3840 to retransmit a resolver query for 3841 the first attempt to deliver a 3842 message. 3843confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 3844 [varies] Sets the number of times 3845 to retransmit a resolver query for 3846 all resolver lookups except the 3847 first delivery attempt. 3848confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 3849 USE_SYSTEM to use the system's idea, 3850 USE_TZ to use the user's TZ envariable, 3851 or something else to force that value. 3852confDEF_USER_ID DefaultUser [1:1] Default user id. 3853confUSERDB_SPEC UserDatabaseSpec 3854 [undefined] User database 3855 specification. 3856confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 3857confFALLBACK_SMARTHOST FallbackSmartHost 3858 [undefined] Fallback smart host. 3859confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX 3860 for a host and other arrangements 3861 haven't been made, try connecting 3862 to the host directly; normally this 3863 would be a config error. 3864confQUEUE_LA QueueLA [varies] Load average at which 3865 queue-only function kicks in. 3866 Default values is (8 * numproc) 3867 where numproc is the number of 3868 processors online (if that can be 3869 determined). 3870confREFUSE_LA RefuseLA [varies] Load average at which 3871 incoming SMTP connections are 3872 refused. Default values is (12 * 3873 numproc) where numproc is the 3874 number of processors online (if 3875 that can be determined). 3876confREJECT_LOG_INTERVAL RejectLogInterval [3h] Log interval when 3877 refusing connections for this long. 3878confDELAY_LA DelayLA [0] Load average at which sendmail 3879 will sleep for one second on most 3880 SMTP commands and before accepting 3881 connections. 0 means no limit. 3882confMAX_ALIAS_RECURSION MaxAliasRecursion 3883 [10] Maximum depth of alias recursion. 3884confMAX_DAEMON_CHILDREN MaxDaemonChildren 3885 [undefined] The maximum number of 3886 children the daemon will permit. After 3887 this number, connections will be 3888 rejected. If not set or <= 0, there is 3889 no limit. 3890confMAX_HEADERS_LENGTH MaxHeadersLength 3891 [32768] Maximum length of the sum 3892 of all headers. 3893confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 3894 [undefined] Maximum length of 3895 certain MIME header field values. 3896confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 3897 [undefined] The maximum number of 3898 connections permitted per second per 3899 daemon. After this many connections 3900 are accepted, further connections 3901 will be delayed. If not set or <= 0, 3902 there is no limit. 3903confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize 3904 [60s] Define the length of the 3905 interval for which the number of 3906 incoming connections is maintained. 3907confWORK_RECIPIENT_FACTOR 3908 RecipientFactor [30000] Cost of each recipient. 3909confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a 3910 separate process. 3911confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 3912confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 3913confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 3914 Priority, Host, Filename, Random, 3915 Modification, or Time. 3916confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 3917 must sit in the queue between queue 3918 runs. This allows you to set the 3919 queue run interval low for better 3920 responsiveness without trying all 3921 jobs in each run. 3922confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 3923 unlabeled 8 bit input to MIME, the 3924 character set to use by default. 3925confSERVICE_SWITCH_FILE ServiceSwitchFile 3926 [/etc/mail/service.switch] The file 3927 to use for the service switch on 3928 systems that do not have a 3929 system-defined switch. 3930confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 3931 "file" type access of hosts names. 3932confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 3933 long and try again. Zero means "don't 3934 retry". This is to allow "dial on 3935 demand" connections to have enough time 3936 to complete a connection. 3937confNO_RCPT_ACTION NoRecipientAction 3938 [none] What to do if there are no legal 3939 recipient fields (To:, Cc: or Bcc:) 3940 in the message. Legal values can 3941 be "none" to just leave the 3942 nonconforming message as is, "add-to" 3943 to add a To: header with all the 3944 known recipients (which may expose 3945 blind recipients), "add-apparently-to" 3946 to do the same but use Apparently-To: 3947 instead of To: (strongly discouraged 3948 in accordance with IETF standards), 3949 "add-bcc" to add an empty Bcc: 3950 header, or "add-to-undisclosed" to 3951 add the header 3952 ``To: undisclosed-recipients:;''. 3953confSAFE_FILE_ENV SafeFileEnvironment 3954 [undefined] If set, sendmail will do a 3955 chroot() into this directory before 3956 writing files. 3957confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 3958 If set, colons are treated as a regular 3959 character in addresses. If not set, 3960 they are treated as the introducer to 3961 the RFC 822 "group" syntax. Colons are 3962 handled properly in route-addrs. This 3963 option defaults on for V5 and lower 3964 configuration files. 3965confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 3966 any given queue run to this number of 3967 entries. Essentially, this will stop 3968 reading each queue directory after this 3969 number of entries are reached; it does 3970 _not_ pick the highest priority jobs, 3971 so this should be as large as your 3972 system can tolerate. If not set, there 3973 is no limit. 3974confMAX_QUEUE_CHILDREN MaxQueueChildren 3975 [undefined] Limits the maximum number 3976 of concurrent queue runners active. 3977 This is to keep system resources used 3978 within a reasonable limit. Relates to 3979 Queue Groups and ForkEachJob. 3980confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 3981 [1] Only active when MaxQueueChildren 3982 defined. Controls the maximum number 3983 of queue runners (aka queue children) 3984 active at the same time in a work 3985 group. See also MaxQueueChildren. 3986confDONT_EXPAND_CNAMES DontExpandCnames 3987 [False] If set, $[ ... $] lookups that 3988 do DNS based lookups do not expand 3989 CNAME records. This currently violates 3990 the published standards, but the IETF 3991 seems to be moving toward legalizing 3992 this. For example, if "FTP.Foo.ORG" 3993 is a CNAME for "Cruft.Foo.ORG", then 3994 with this option set a lookup of 3995 "FTP" will return "FTP.Foo.ORG"; if 3996 clear it returns "Cruft.FOO.ORG". N.B. 3997 you may not see any effect until your 3998 downstream neighbors stop doing CNAME 3999 lookups as well. 4000confFROM_LINE UnixFromLine [From $g $d] The From_ line used 4001 when sending to files or programs. 4002confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 4003 [False] From: lines that have 4004 embedded newlines are unwrapped 4005 onto one line. 4006confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 4007 does not include a host name. 4008confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 4009 name phrase (@,;:\()[] are automatic). 4010confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 4011 characters. 4012confSMTP_LOGIN_MSG SmtpGreetingMessage 4013 [$j Sendmail $v/$Z; $b] 4014 The initial (spontaneous) SMTP 4015 greeting message. The word "ESMTP" 4016 will be inserted between the first and 4017 second words to convince other 4018 sendmails to try to speak ESMTP. 4019confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 4020 routine will never be invoked. You 4021 might want to do this if you are 4022 running NIS and you have a large group 4023 map, since this call does a sequential 4024 scan of the map; in a large site this 4025 can cause your ypserv to run 4026 essentially full time. If you set 4027 this, agents run on behalf of users 4028 will only have their primary 4029 (/etc/passwd) group permissions. 4030confUNSAFE_GROUP_WRITES UnsafeGroupWrites 4031 [True] If set, group-writable 4032 :include: and .forward files are 4033 considered "unsafe", that is, programs 4034 and files cannot be directly referenced 4035 from such files. World-writable files 4036 are always considered unsafe. 4037 Notice: this option is deprecated and 4038 will be removed in future versions; 4039 Set GroupWritableForwardFileSafe 4040 and GroupWritableIncludeFileSafe in 4041 DontBlameSendmail if required. 4042confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection 4043 address (for testing). 4044confCONTROL_SOCKET_NAME ControlSocketName 4045 [undefined] Control socket for daemon 4046 management. 4047confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 4048 [postmaster] If an error occurs when 4049 sending an error message, send that 4050 "double bounce" error message to this 4051 address. If it expands to an empty 4052 string, double bounces are dropped. 4053confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce 4054 messages which could not be returned 4055 to the user or sent to postmaster. 4056 If not set, the queue file will 4057 be renamed. 4058confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header 4059 implies DSN request. 4060confRUN_AS_USER RunAsUser [undefined] If set, become this user 4061 when reading and delivering mail. 4062 Causes all file reads (e.g., .forward 4063 and :include: files) to be done as 4064 this user. Also, all programs will 4065 be run as this user, and all output 4066 files will be written as this user. 4067confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 4068 [infinite] If set, allow no more than 4069 the specified number of recipients in 4070 an SMTP envelope. Further recipients 4071 receive a 452 error code (i.e., they 4072 are deferred for the next delivery 4073 attempt). 4074confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified 4075 number of recipients in a single SMTP 4076 transaction have been rejected, sleep 4077 for one second after each subsequent 4078 RCPT command in that transaction. 4079confDONT_PROBE_INTERFACES DontProbeInterfaces 4080 [False] If set, sendmail will _not_ 4081 insert the names and addresses of any 4082 local interfaces into class {w} 4083 (list of known "equivalent" addresses). 4084 If you set this, you must also include 4085 some support for these addresses (e.g., 4086 in a mailertable entry) -- otherwise, 4087 mail to addresses in this list will 4088 bounce with a configuration error. 4089 If set to "loopback" (without 4090 quotes), sendmail will skip 4091 loopback interfaces (e.g., "lo0"). 4092confPID_FILE PidFile [system dependent] Location of pid 4093 file. 4094confPROCESS_TITLE_PREFIX ProcessTitlePrefix 4095 [undefined] Prefix string for the 4096 process title shown on 'ps' listings. 4097confDONT_BLAME_SENDMAIL DontBlameSendmail 4098 [safe] Override sendmail's file 4099 safety checks. This will definitely 4100 compromise system security and should 4101 not be used unless absolutely 4102 necessary. 4103confREJECT_MSG - [550 Access denied] The message 4104 given if the access database contains 4105 REJECT in the value portion. 4106confRELAY_MSG - [550 Relaying denied] The message 4107 given if an unauthorized relaying 4108 attempt is rejected. 4109confDF_BUFFER_SIZE DataFileBufferSize 4110 [4096] The maximum size of a 4111 memory-buffered data (df) file 4112 before a disk-based file is used. 4113confXF_BUFFER_SIZE XScriptFileBufferSize 4114 [4096] The maximum size of a 4115 memory-buffered transcript (xf) 4116 file before a disk-based file is 4117 used. 4118confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5 4119 CRAM-MD5] List of authentication 4120 mechanisms for AUTH (separated by 4121 spaces). The advertised list of 4122 authentication mechanisms will be the 4123 intersection of this list and the list 4124 of available mechanisms as determined 4125 by the Cyrus SASL library. 4126confAUTH_REALM AuthRealm [undefined] The authentication realm 4127 that is passed to the Cyrus SASL 4128 library. If no realm is specified, 4129 $j is used. 4130confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains 4131 authentication information for 4132 outgoing connections. This file must 4133 contain the user id, the authorization 4134 id, the password (plain text), the 4135 realm to use, and the list of 4136 mechanisms to try, each on a separate 4137 line and must be readable by root (or 4138 the trusted user) only. If no realm 4139 is specified, $j is used. If no 4140 mechanisms are given in the file, 4141 AuthMechanisms is used. Notice: this 4142 option is deprecated and will be 4143 removed in future versions; it doesn't 4144 work for the MSP since it can't read 4145 the file. Use the authinfo ruleset 4146 instead. See also the section SMTP 4147 AUTHENTICATION. 4148confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A' 4149 then the AUTH= parameter for the 4150 MAIL FROM command is only issued 4151 when authentication succeeded. 4152 See doc/op/op.me for more options 4153 and details. 4154confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption 4155 strength for the security layer in 4156 SMTP AUTH (SASL). Default is 4157 essentially unlimited. 4158confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 4159 verification is performed, i.e., 4160 the server doesn't ask for a 4161 certificate. 4162confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map 4163 specification for LDAP maps. The 4164 value should only contain LDAP 4165 specific settings such as "-h host 4166 -p port -d bindDN", etc. The 4167 settings will be used for all LDAP 4168 maps unless they are specified in 4169 the individual map specification 4170 ('K' command). 4171confCACERT_PATH CACertPath [undefined] Path to directory 4172 with certs of CAs. 4173confCACERT CACertFile [undefined] File containing one CA 4174 cert. 4175confSERVER_CERT ServerCertFile [undefined] File containing the 4176 cert of the server, i.e., this cert 4177 is used when sendmail acts as 4178 server. 4179confSERVER_KEY ServerKeyFile [undefined] File containing the 4180 private key belonging to the server 4181 cert. 4182confCLIENT_CERT ClientCertFile [undefined] File containing the 4183 cert of the client, i.e., this cert 4184 is used when sendmail acts as 4185 client. 4186confCLIENT_KEY ClientKeyFile [undefined] File containing the 4187 private key belonging to the client 4188 cert. 4189confCRL CRLFile [undefined] File containing certificate 4190 revocation status, useful for X.509v3 4191 authentication. Note that CRL requires 4192 at least OpenSSL version 0.9.7. 4193confDH_PARAMETERS DHParameters [undefined] File containing the 4194 DH parameters. 4195confRAND_FILE RandFile [undefined] File containing random 4196 data (use prefix file:) or the 4197 name of the UNIX socket if EGD is 4198 used (use prefix egd:). STARTTLS 4199 requires this option if the compile 4200 flag HASURANDOM is not set (see 4201 sendmail/README). 4202confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of 4203 queue runners is set the given value 4204 (nice(3)). 4205confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 4206 [undefined] Defines {daemon_flags} 4207 for direct submissions. 4208confUSE_MSP UseMSP [undefined] Use as mail submission 4209 program, see sendmail/SECURITY. 4210confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By 4211 SMTP Service Extension (RFC 2852). 4212confREQUIRES_DIR_FSYNC RequiresDirfsync [true] RequiresDirfsync can 4213 be used to turn off the compile time 4214 flag REQUIRES_DIR_FSYNC at runtime. 4215 See sendmail/README for details. 4216confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory. 4217confFAST_SPLIT FastSplit [1] If set to a value greater than 4218 zero, the initial MX lookups on 4219 addresses is suppressed when they 4220 are sorted which may result in 4221 faster envelope splitting. If the 4222 mail is submitted directly from the 4223 command line, then the value also 4224 limits the number of processes to 4225 deliver the envelopes. 4226confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find 4227 information about local mailboxes. 4228confDEQUOTE_OPTS - [empty] Additional options for the 4229 dequote map. 4230confINPUT_MAIL_FILTERS InputMailFilters 4231 A comma separated list of filters 4232 which determines which filters and 4233 the invocation sequence are 4234 contacted for incoming SMTP 4235 messages. If none are set, no 4236 filters will be contacted. 4237confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter 4238 actions, defaults to LogLevel. 4239confMILTER_MACROS_CONNECT Milter.macros.connect 4240 [j, _, {daemon_name}, {if_name}, 4241 {if_addr}] Macros to transmit to 4242 milters when a session connection 4243 starts. 4244confMILTER_MACROS_HELO Milter.macros.helo 4245 [{tls_version}, {cipher}, 4246 {cipher_bits}, {cert_subject}, 4247 {cert_issuer}] Macros to transmit to 4248 milters after HELO/EHLO command. 4249confMILTER_MACROS_ENVFROM Milter.macros.envfrom 4250 [i, {auth_type}, {auth_authen}, 4251 {auth_ssf}, {auth_author}, 4252 {mail_mailer}, {mail_host}, 4253 {mail_addr}] Macros to transmit to 4254 milters after MAIL FROM command. 4255confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 4256 [{rcpt_mailer}, {rcpt_host}, 4257 {rcpt_addr}] Macros to transmit to 4258 milters after RCPT TO command. 4259confMILTER_MACROS_EOM Milter.macros.eom 4260 [{msg_id}] Macros to transmit to 4261 milters after DATA command. 4262 4263 4264See also the description of OSTYPE for some parameters that can be 4265tweaked (generally pathnames to mailers). 4266 4267ClientPortOptions and DaemonPortOptions are special cases since multiple 4268clients/daemons can be defined. This can be done via 4269 4270 CLIENT_OPTIONS(`field1=value1,field2=value2,...') 4271 DAEMON_OPTIONS(`field1=value1,field2=value2,...') 4272 4273Note that multiple CLIENT_OPTIONS() commands (and therefore multiple 4274ClientPortOptions settings) are allowed in order to give settings for each 4275protocol family (e.g., one for Family=inet and one for Family=inet6). A 4276restriction placed on one family only affects outgoing connections on that 4277particular family. 4278 4279If DAEMON_OPTIONS is not used, then the default is 4280 4281 DAEMON_OPTIONS(`Port=smtp, Name=MTA') 4282 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') 4283 4284If you use one DAEMON_OPTIONS macro, it will alter the parameters 4285of the first of these. The second will still be defaulted; it 4286represents a "Message Submission Agent" (MSA) as defined by RFC 42872476 (see below). To turn off the default definition for the MSA, 4288use FEATURE(`no_default_msa') (see also FEATURES). If you use 4289additional DAEMON_OPTIONS macros, they will add additional daemons. 4290 4291Example 1: To change the port for the SMTP listener, while 4292still using the MSA default, use 4293 DAEMON_OPTIONS(`Port=925, Name=MTA') 4294 4295Example 2: To change the port for the MSA daemon, while still 4296using the default SMTP port, use 4297 FEATURE(`no_default_msa') 4298 DAEMON_OPTIONS(`Name=MTA') 4299 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') 4300 4301Note that if the first of those DAEMON_OPTIONS lines were omitted, then 4302there would be no listener on the standard SMTP port. 4303 4304Example 3: To listen on both IPv4 and IPv6 interfaces, use 4305 4306 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') 4307 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') 4308 4309A "Message Submission Agent" still uses all of the same rulesets for 4310processing the message (and therefore still allows message rejection via 4311the check_* rulesets). In accordance with the RFC, the MSA will ensure 4312that all domains in envelope addresses are fully qualified if the message 4313is relayed to another MTA. It will also enforce the normal address syntax 4314rules and log error messages. Additionally, by using the M=a modifier you 4315can require authentication before messages are accepted by the MSA. 4316Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally, 4317the M=E modifier shown above disables ETRN as required by RFC 2476. 4318 4319Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() 4320commands: 4321 4322 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') 4323 MAIL_FILTER(`myfilter', `S=inet:3333@localhost') 4324 4325The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the 4326same order they were specified by also setting confINPUT_MAIL_FILTERS. A 4327filter can be defined without adding it to the input filter list by using 4328MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. 4329Alternatively, you can reset the list of filters and their order by setting 4330confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in 4331your .mc file. 4332 4333 4334+----------------------------+ 4335| MESSAGE SUBMISSION PROGRAM | 4336+----------------------------+ 4337 4338The purpose of the message submission program (MSP) is explained 4339in sendmail/SECURITY. This section contains a list of caveats and 4340a few hints how for those who want to tweak the default configuration 4341for it (which is installed as submit.cf). 4342 4343Notice: do not add options/features to submit.mc unless you are 4344absolutely sure you need them. Options you may want to change 4345include: 4346 4347- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for 4348 avoiding X-Authentication warnings. 4349- confTIME_ZONE to change it from the default `USE_TZ'. 4350- confDELIVERY_MODE is set to interactive in msp.m4 instead 4351 of the default background mode. 4352- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses 4353 to the LOCAL_RELAY instead of the default relay. 4354- confRAND_FILE if you use STARTTLS and sendmail is not compiled with 4355 the flag HASURANDOM. 4356 4357The MSP performs hostname canonicalization by default. As also 4358explained in sendmail/SECURITY, mail may end up for various DNS 4359related reasons in the MSP queue. This problem can be minimized by 4360using 4361 4362 FEATURE(`nocanonify', `canonify_hosts') 4363 define(`confDIRECT_SUBMISSION_MODIFIERS', `C') 4364 4365See the discussion about nocanonify for possible side effects. 4366 4367Some things are not intended to work with the MSP. These include 4368features that influence the delivery process (e.g., mailertable, 4369aliases), or those that are only important for a SMTP server (e.g., 4370virtusertable, DaemonPortOptions, multiple queues). Moreover, 4371relaxing certain restrictions (RestrictQueueRun, permissions on 4372queue directory) or adding features (e.g., enabling prog/file mailer) 4373can cause security problems. 4374 4375Other things don't work well with the MSP and require tweaking or 4376workarounds. For example, to allow for client authentication it 4377is not just sufficient to provide a client certificate and the 4378corresponding key, but it is also necessary to make the key group 4379(smmsp) readable and tell sendmail not to complain about that, i.e., 4380 4381 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile') 4382 4383If the MSP should actually use AUTH then the necessary data 4384should be placed in a map as explained in SMTP AUTHENTICATION: 4385 4386FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo') 4387 4388/etc/mail/msp-authinfo should contain an entry like: 4389 4390 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5" 4391 4392The file and the map created by makemap should be owned by smmsp, 4393its group should be smmsp, and it should have mode 640. The database 4394used by the MTA for AUTH must have a corresponding entry. 4395Additionally the MTA must trust this authentication data so the AUTH= 4396part will be relayed on to the next hop. This can be achieved by 4397adding the following to your sendmail.mc file: 4398 4399 LOCAL_RULESETS 4400 SLocal_trust_auth 4401 R$* $: $&{auth_authen} 4402 Rsmmsp $# OK 4403 4404Note: the authentication data can leak to local users who invoke 4405the MSP with debug options or even with -v. For that reason either 4406an authentication mechanism that does not show the password in the 4407AUTH dialogue (e.g., DIGEST-MD5) or a different authentication 4408method like STARTTLS should be used. 4409 4410feature/msp.m4 defines almost all settings for the MSP. Most of 4411those should not be changed at all. Some of the features and options 4412can be overridden if really necessary. It is a bit tricky to do 4413this, because it depends on the actual way the option is defined 4414in feature/msp.m4. If it is directly defined (i.e., define()) then 4415the modified value must be defined after 4416 4417 FEATURE(`msp') 4418 4419If it is conditionally defined (i.e., ifdef()) then the desired 4420value must be defined before the FEATURE line in the .mc file. 4421To see how the options are defined read feature/msp.m4. 4422 4423 4424+--------------------------+ 4425| FORMAT OF FILES AND MAPS | 4426+--------------------------+ 4427 4428Files that define classes, i.e., F{classname}, consist of lines 4429each of which contains a single element of the class. For example, 4430/etc/mail/local-host-names may have the following content: 4431 4432my.domain 4433another.domain 4434 4435Maps must be created using makemap(8) , e.g., 4436 4437 makemap hash MAP < MAP 4438 4439In general, a text file from which a map is created contains lines 4440of the form 4441 4442key value 4443 4444where 'key' and 'value' are also called LHS and RHS, respectively. 4445By default, the delimiter between LHS and RHS is a non-empty sequence 4446of white space characters. 4447 4448 4449+------------------+ 4450| DIRECTORY LAYOUT | 4451+------------------+ 4452 4453Within this directory are several subdirectories, to wit: 4454 4455m4 General support routines. These are typically 4456 very important and should not be changed without 4457 very careful consideration. 4458 4459cf The configuration files themselves. They have 4460 ".mc" suffixes, and must be run through m4 to 4461 become complete. The resulting output should 4462 have a ".cf" suffix. 4463 4464ostype Definitions describing a particular operating 4465 system type. These should always be referenced 4466 using the OSTYPE macro in the .mc file. Examples 4467 include "bsd4.3", "bsd4.4", "sunos3.5", and 4468 "sunos4.1". 4469 4470domain Definitions describing a particular domain, referenced 4471 using the DOMAIN macro in the .mc file. These are 4472 site dependent; for example, "CS.Berkeley.EDU.m4" 4473 describes hosts in the CS.Berkeley.EDU subdomain. 4474 4475mailer Descriptions of mailers. These are referenced using 4476 the MAILER macro in the .mc file. 4477 4478sh Shell files used when building the .cf file from the 4479 .mc file in the cf subdirectory. 4480 4481feature These hold special orthogonal features that you might 4482 want to include. They should be referenced using 4483 the FEATURE macro. 4484 4485hack Local hacks. These can be referenced using the HACK 4486 macro. They shouldn't be of more than voyeuristic 4487 interest outside the .Berkeley.EDU domain, but who knows? 4488 4489siteconfig Site configuration -- e.g., tables of locally connected 4490 UUCP sites. 4491 4492 4493+------------------------+ 4494| ADMINISTRATIVE DETAILS | 4495+------------------------+ 4496 4497The following sections detail usage of certain internal parts of the 4498sendmail.cf file. Read them carefully if you are trying to modify 4499the current model. If you find the above descriptions adequate, these 4500should be {boring, confusing, tedious, ridiculous} (pick one or more). 4501 4502RULESETS (* means built in to sendmail) 4503 4504 0 * Parsing 4505 1 * Sender rewriting 4506 2 * Recipient rewriting 4507 3 * Canonicalization 4508 4 * Post cleanup 4509 5 * Local address rewrite (after aliasing) 4510 1x mailer rules (sender qualification) 4511 2x mailer rules (recipient qualification) 4512 3x mailer rules (sender header qualification) 4513 4x mailer rules (recipient header qualification) 4514 5x mailer subroutines (general) 4515 6x mailer subroutines (general) 4516 7x mailer subroutines (general) 4517 8x reserved 4518 90 Mailertable host stripping 4519 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 4520 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 4521 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 4522 4523 4524MAILERS 4525 4526 0 local, prog local and program mailers 4527 1 [e]smtp, relay SMTP channel 4528 2 uucp-* UNIX-to-UNIX Copy Program 4529 3 netnews Network News delivery 4530 4 fax Sam Leffler's HylaFAX software 4531 5 mail11 DECnet mailer 4532 4533 4534MACROS 4535 4536 A 4537 B Bitnet Relay 4538 C DECnet Relay 4539 D The local domain -- usually not needed 4540 E reserved for X.400 Relay 4541 F FAX Relay 4542 G 4543 H mail Hub (for mail clusters) 4544 I 4545 J 4546 K 4547 L Luser Relay 4548 M Masquerade (who you claim to be) 4549 N 4550 O 4551 P 4552 Q 4553 R Relay (for unqualified names) 4554 S Smart Host 4555 T 4556 U my UUCP name (if you have a UUCP connection) 4557 V UUCP Relay (class {V} hosts) 4558 W UUCP Relay (class {W} hosts) 4559 X UUCP Relay (class {X} hosts) 4560 Y UUCP Relay (all other hosts) 4561 Z Version number 4562 4563 4564CLASSES 4565 4566 A 4567 B domains that are candidates for bestmx lookup 4568 C 4569 D 4570 E addresses that should not seem to come from $M 4571 F hosts this system forward for 4572 G domains that should be looked up in genericstable 4573 H 4574 I 4575 J 4576 K 4577 L addresses that should not be forwarded to $R 4578 M domains that should be mapped to $M 4579 N host/domains that should not be mapped to $M 4580 O operators that indicate network operations (cannot be in local names) 4581 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 4582 Q 4583 R domains this system is willing to relay (pass anti-spam filters) 4584 S 4585 T 4586 U locally connected UUCP hosts 4587 V UUCP hosts connected to relay $V 4588 W UUCP hosts connected to relay $W 4589 X UUCP hosts connected to relay $X 4590 Y locally connected smart UUCP hosts 4591 Z locally connected domain-ized UUCP hosts 4592 . the class containing only a dot 4593 [ the class containing only a left bracket 4594 4595 4596M4 DIVERSIONS 4597 4598 1 Local host detection and resolution 4599 2 Local Ruleset 3 additions 4600 3 Local Ruleset 0 additions 4601 4 UUCP Ruleset 0 additions 4602 5 locally interpreted names (overrides $R) 4603 6 local configuration (at top of file) 4604 7 mailer definitions 4605 8 DNS based blacklists 4606 9 special local rulesets (1 and 2) 4607 4608$Revision: 8.704 $, Last updated $Date: 2006/02/15 05:49:31 $ 4609