README revision 38032
138032Speter 238032Speter 338032Speter NEW SENDMAIL CONFIGURATION FILES 438032Speter 538032Speter Eric Allman <eric@Sendmail.ORG> 638032Speter 738032Speter @(#)README 8.174 (Berkeley) 6/30/98 838032Speter 938032Speter 1038032SpeterThis document describes the sendmail configuration files being used 1138032Speterat Berkeley. These use features in the new (R8) sendmail; they will 1238032Speternot work on other versions. 1338032Speter 1438032SpeterThese configuration files are probably not as general as previous 1538032Speterversions, and don't handle as many of the weird cases automagically. 1638032SpeterI was able to simplify them for two reasons. First, the network 1738032Speterhas become more consistent -- for example, at this point, everyone 1838032Speteron the internet is supposed to be running a name server, so hacks to 1938032Speterhandle NIC-registered hosts can go away. Second, I assumed that a 2038032Spetersubdomain would be running SMTP internally -- UUCP is presumed to be 2138032Spetera long-haul protocol. I realize that this is not universal, but it 2238032Speterdoes describe the vast majority of sites with which I am familiar, 2338032Speterincluding those outside the US. 2438032Speter 2538032SpeterOf course, the downside of this is that if you do live in a weird 2638032Speterworld, things are going to get weirder for you. I'm sorry about that, 2738032Speterbut at the time we at Berkeley had a problem, and it seemed like the 2838032Speterright thing to do. 2938032Speter 3038032SpeterThis package requires a post-V7 version of m4; if you are running the 3138032Speter4.2bsd, SysV.2, or 7th Edition version, I suggest finding a friend with 3238032Spetera newer version. You can m4-expand on their system, then run locally. 3338032SpeterSunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work. GNU m4 version 1.1 3438032Speteror later also works. Unfortunately, I'm told that the M4 on BSDI 1.0 3538032Speterdoesn't work -- you'll have to use a Net/2 or GNU version. GNU m4 is 3638032Speteravailable from ftp://ftp.gnu.org/pub/gnu/m4-1.4.tar.gz (check for 3738032Speterthe latest version). EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken 3838032Speter(3.x is fine). Use GNU m4 on this platform. 3938032Speter 4038032SpeterIF YOU DON'T HAVE A BERKELEY MAKE, don't despair! Just run 4138032Speter"m4 ../m4/cf.m4 foo.mc > foo.cf" -- that should be all you need. 4238032SpeterThere is also a fairly crude (but functional) Makefile.dist that works 4338032Speteron the old version of make. 4438032Speter 4538032SpeterTo get started, you may want to look at tcpproto.mc (for TCP-only 4638032Spetersites), uucpproto.mc (for UUCP-only sites), and clientproto.mc (for 4738032Speterclusters of clients using a single mail host). Others are versions 4838032Speterthat we use at Berkeley, although not all are in current use. For 4938032Speterexample, ucbvax has gone away, but I've left ucbvax.mc in because 5038032Speterit demonstrates some interesting techniques. 5138032Speter 5238032SpeterI'm not pretending that this README describes everything that these 5338032Speterconfiguration files can do; clever people can probably tweak them 5438032Speterto great effect. But it should get you started. 5538032Speter 5638032Speter******************************************************************* 5738032Speter*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 5838032Speter*** Berkeley-specific assumptions built in, such as the name *** 5938032Speter*** of our UUCP-relay. You'll want to create your own domain *** 6038032Speter*** description, and use that in place of *** 6138032Speter*** domain/Berkeley.EDU.m4. *** 6238032Speter******************************************************************* 6338032Speter 6438032Speter 6538032Speter+--------------------------+ 6638032Speter| INTRODUCTION AND EXAMPLE | 6738032Speter+--------------------------+ 6838032Speter 6938032SpeterConfiguration files are contained in the subdirectory "cf", with a 7038032Spetersuffix ".mc". They must be run through "m4" to produce a ".cf" file. 7138032SpeterYou must pre-load "cf.m4": 7238032Speter 7338032Speter m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 7438032Speter 7538032Speterwhere ${CFDIR} is the root of the cf directory and config.mc is the 7638032Spetername of your configuration file. If you are running a version of M4 7738032Speterthat understands the __file__ builtin (versions of GNU m4 >= 0.75 do 7838032Speterthis, but the versions distributed with 4.4BSD and derivatives do not) 7938032Speteror the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 8038032SpeterFor "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 8138032Speteruse -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 8238032Speter 8338032Speter m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 8438032Speter 8538032SpeterLet's examine a typical .mc file: 8638032Speter 8738032Speter divert(-1) 8838032Speter # 8938032Speter # Copyright (c) 1998 Sendmail, Inc. All rights reserved. 9038032Speter # Copyright (c) 1983 Eric P. Allman. All rights reserved. 9138032Speter # Copyright (c) 1988, 1993 9238032Speter # The Regents of the University of California. All rights reserved. 9338032Speter # 9438032Speter # By using this file, you agree to the terms and conditions set 9538032Speter # forth in the LICENSE file which can be found at the top level of 9638032Speter # the sendmail distribution. 9738032Speter # 9838032Speter 9938032Speter # 10038032Speter # This is a Berkeley-specific configuration file for HP-UX 9.x. 10138032Speter # It applies only to the Computer Science Division at Berkeley, 10238032Speter # and should not be used elsewhere. It is provided on the sendmail 10338032Speter # distribution as a sample only. To create your own configuration 10438032Speter # file, create an appropriate domain file in ../domain, change the 10538032Speter # `DOMAIN' macro below to reference that file, and copy the result 10638032Speter # to a name of your own choosing. 10738032Speter # 10838032Speter divert(0) 10938032Speter 11038032SpeterThe divert(-1) will delete the crud in the resulting output file. 11138032SpeterThe copyright notice can be replaced by whatever your lawyers require; 11238032Speterour lawyers require the one that I've included in my files. A copyleft 11338032Speteris a copyright by another name. The divert(0) restores regular output. 11438032Speter 11538032Speter VERSIONID(`<SCCS or RCS version id>') 11638032Speter 11738032SpeterVERSIONID is a macro that stuffs the version information into the 11838032Speterresulting file. We use SCCS; you could use RCS, something else, or 11938032Speteromit it completely. This is not the same as the version id included 12038032Speterin SMTP greeting messages -- this is defined in m4/version.m4. 12138032Speter 12238032Speter OSTYPE(hpux9)dnl 12338032Speter 12438032SpeterYou must specify an OSTYPE to properly configure things such as the 12538032Speterpathname of the help and status files, the flags needed for the local 12638032Spetermailer, and other important things. If you omit it, you will get an 12738032Spetererror when you try to build the configuration. Look at the ostype 12838032Speterdirectory for the list of known operating system types. 12938032Speter 13038032Speter DOMAIN(CS.Berkeley.EDU)dnl 13138032Speter 13238032SpeterThis example is specific to the Computer Science Division at Berkeley. 13338032SpeterYou can use "DOMAIN(generic)" to get a sufficiently bland definition 13438032Speterthat may well work for you, or you can create a customized domain 13538032Speterdefinition appropriate for your environment. 13638032Speter 13738032Speter MAILER(local) 13838032Speter MAILER(smtp) 13938032Speter 14038032SpeterThese describe the mailers used at the default CS site site. The 14138032Speterlocal mailer is always included automatically. Beware: MAILER 14238032Speterdeclarations should always be at the end of the configuration file, 14338032Speterand MAILER(smtp) should always precede MAILER(uucp). The general 14438032Speterrules are that the order should be: 14538032Speter 14638032Speter VERSIONID 14738032Speter OSTYPE 14838032Speter DOMAIN 14938032Speter FEATURE 15038032Speter local macro definitions 15138032Speter MAILER 15238032Speter LOCAL_RULESET_* 15338032Speter 15438032Speter 15538032Speter+----------------------------+ 15638032Speter| A BRIEF INTRODUCTION TO M4 | 15738032Speter+----------------------------+ 15838032Speter 15938032SpeterSendmail uses the M4 macro processor to ``compile'' the configuration 16038032Speterfiles. The most important thing to know is that M4 is stream-based, 16138032Speterthat is, it doesn't understand about lines. For this reason, in some 16238032Speterplaces you may see the word ``dnl'', which stands for ``delete 16338032Speterthrough newline''; essentially, it deletes all characters starting 16438032Speterat the ``dnl'' up to and including the next newline character. In 16538032Spetermost cases sendmail uses this only to avoid lots of unnecessary 16638032Speterblank lines in the output. 16738032Speter 16838032SpeterOther important directives are define(A, B) which defines the macro 16938032Speter``A'' to have value ``B''. Macros are expanded as they are read, so 17038032Speterone normally quotes both values to prevent expansion. For example, 17138032Speter 17238032Speter define(`SMART_HOST', `smart.foo.com') 17338032Speter 17438032SpeterOne word of warning: M4 macros are expanded even in lines that appear 17538032Speterto be comments. For example, if you have 17638032Speter 17738032Speter # See FEATURE(foo) above 17838032Speter 17938032Speterit will not do what you expect, because the FEATURE(foo) will be 18038032Speterexpanded. This also applies to 18138032Speter 18238032Speter # And then define the $X macro to be the return address 18338032Speter 18438032Speterbecause ``define'' is an M4 keyword. If you want to use them, surround 18538032Speterthem with directed quotes, `like this'. 18638032Speter 18738032Speter+----------------+ 18838032Speter| FILE LOCATIONS | 18938032Speter+----------------+ 19038032Speter 19138032Spetersendmail 8.9 has introduced a new configuration directory for sendmail 19238032Speterrelated files, /etc/mail. The new files available for sendmail 8.9 -- 19338032Speterthe class 'R' /etc/mail/relay-domains and the access database 19438032Speter/etc/mail/access -- take advantage of this new directory. 8.9 will 19538032Speterserve as a transition release. Beginning with 8.10, all of the files 19638032Speterwill use this directory by default. 19738032Speter 19838032Speter+--------+ 19938032Speter| OSTYPE | 20038032Speter+--------+ 20138032Speter 20238032SpeterYou MUST define an operating system environment, or the configuration 20338032Speterfile build will puke. There are several environments available; look 20438032Speterat the "ostype" directory for the current list. This macro changes 20538032Speterthings like the location of the alias file and queue directory. Some 20638032Speterof these files are identical to one another. 20738032Speter 20838032SpeterIt is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 20938032SpeterIn general, the OSTYPE macro should go immediately after any version 21038032Speterinformation, and MAILER definitions should always go last. 21138032Speter 21238032SpeterOperating system definitions are usually easy to write. They may define 21338032Speterthe following variables (everything defaults, so an ostype file may be 21438032Speterempty). Unfortunately, the list of configuration-supported systems is 21538032Speternot as broad as the list of source-supported systems, since many of 21638032Speterthe source contributors do not include corresponding ostype files. 21738032Speter 21838032SpeterALIAS_FILE [/etc/aliases] The location of the text version 21938032Speter of the alias file(s). It can be a comma-separated 22038032Speter list of names (but be sure you quote values with 22138032Speter commas in them -- for example, use 22238032Speter define(`ALIAS_FILE', `a,b') 22338032Speter to get "a" and "b" both listed as alias files; 22438032Speter otherwise the define() primitive only sees "a"). 22538032SpeterHELP_FILE [/usr/lib/sendmail.hf] The name of the file 22638032Speter containing information printed in response to 22738032Speter the SMTP HELP command. 22838032SpeterQUEUE_DIR [/var/spool/mqueue] The directory containing 22938032Speter queue files. 23038032SpeterSTATUS_FILE [/etc/sendmail.st] The file containing status 23138032Speter information. 23238032SpeterLOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 23338032SpeterLOCAL_MAILER_FLAGS [rmn9] The flags used by the local mailer. The 23438032Speter flags lsDFM are always included. 23538032SpeterLOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 23638032Speter mail. 23738032SpeterLOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 23838032Speter mail that you are willing to accept. 23938032SpeterLOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 24038032Speter that ARRIVE from an address that resolves to the 24138032Speter local mailer and which are converted to MIME will be 24238032Speter labeled with this character set. 24338032SpeterLOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 24438032SpeterLOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 24538032Speter flags lsDFM are always included. 24638032SpeterLOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 24738032Speter mail. 24838032SpeterLOCAL_SHELL_DIR [$z:/] The directory search path in which the 24938032Speter shell should run. 25038032SpeterUSENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 25138032Speter used to submit news. 25238032SpeterUSENET_MAILER_FLAGS [rlsDFMmn] The mailer flags for the usenet mailer. 25338032SpeterUSENET_MAILER_ARGS [-m -h -n] The command line arguments for the 25438032Speter usenet mailer. 25538032SpeterUSENET_MAILER_MAX [100000] The maximum size of messages that will 25638032Speter be accepted by the usenet mailer. 25738032SpeterSMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 25838032Speter flags are `mDFMUX' for all SMTP-based mailers; the 25938032Speter "esmtp" mailer adds `a' and "smtp8" adds `8'. 26038032SpeterSMTP_MAILER_MAX [undefined] The maximum size of messages that will 26138032Speter be transported using the smtp, smtp8, or esmtp 26238032Speter mailers. 26338032SpeterSMTP_MAILER_ARGS [IPC $h] The arguments passed to the smtp mailer. 26438032Speter About the only reason you would want to change this 26538032Speter would be to change the default port. 26638032SpeterESMTP_MAILER_ARGS [IPC $h] The arguments passed to the esmtp mailer. 26738032SpeterSMTP8_MAILER_ARGS [IPC $h] The arguments passed to the smtp8 mailer. 26838032SpeterRELAY_MAILER_ARGS [IPC $h] The arguments passed to the relay mailer. 26938032SpeterSMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 27038032Speter that ARRIVE from an address that resolves to one of 27138032Speter the SMTP mailers and which are converted to MIME will 27238032Speter be labeled with this character set. 27338032SpeterUUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 27438032SpeterUUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 27538032Speter flags are `DFMhuU' (and `m' for uucp-new mailer, 27638032Speter minus `U' for uucp-dom mailer). 27738032SpeterUUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 27838032Speter passed to the UUCP mailer. 27938032SpeterUUCP_MAILER_MAX [100000] The maximum size message accepted for 28038032Speter transmission by the UUCP mailers. 28138032SpeterUUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 28238032Speter that ARRIVE from an address that resolves to one of 28338032Speter the UUCP mailers and which are converted to MIME will 28438032Speter be labeled with this character set. 28538032SpeterFAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 28638032Speter submit FAX messages. 28738032SpeterFAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 28838032Speter mailer. 28938032SpeterFAX_MAILER_MAX [100000] The maximum size message accepted for 29038032Speter transmission by FAX. 29138032SpeterPOP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 29238032SpeterPOP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags "lsDFM" 29338032Speter are always added. 29438032SpeterPOP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 29538032SpeterPROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 29638032Speter program. This is also used by FEATURE(local_procmail). 29738032SpeterPROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 29838032Speter ``DFM'' are always set. This is NOT used by 29938032Speter FEATURE(local_procmail); tweak LOCAL_MAILER_FLAGS 30038032Speter instead. 30138032SpeterPROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 30238032Speter the Procmail mailer. This is NOT used by 30338032Speter FEATURE(local_procmail); tweak LOCAL_MAILER_ARGS 30438032Speter instead. 30538032SpeterPROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 30638032Speter will be accepted by the procmail mailer. 30738032SpeterMAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 30838032SpeterMAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 30938032SpeterMAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 31038032Speter mailer. 31138032SpeterPH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 31238032Speter program. 31338032SpeterPH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. 31438032SpeterPH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 31538032SpeterCYRUS_MAILER_FLAGS [A5@/:|] The flags used by the cyrus mailer. The 31638032Speter flags lsDFMnPq are always included. 31738032SpeterCYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 31838032Speter cyrus mail. 31938032SpeterCYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 32038032Speter to deliver cyrus mail. 32138032SpeterCYRUS_MAILER_MAX [undefined] If set, the maximum size message that 32238032Speter will be accepted by the cyrus mailer. 32338032SpeterCYRUS_MAILER_USER [cyrus:mail] The user and group to become when 32438032Speter running the cyrus mailer. 32538032SpeterCYRUS_BB_MAILER_FLAGS [undefined] The flags used by the cyrusbb 32638032Speter mailer. The flags lsDFMnP are always included. 32738032SpeterCYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 32838032Speter to deliver cyrusbb mail. 32938032SpeterconfEBINDIR [/usr/libexec] The directory for executables. 33038032Speter Currently used for FEATURE(local_lmtp) and 33138032Speter FEATURE(smrsh). 33238032Speter 33338032Speter 33438032Speter 33538032Speter+---------+ 33638032Speter| DOMAINS | 33738032Speter+---------+ 33838032Speter 33938032SpeterYou will probably want to collect domain-dependent defines into one 34038032Speterfile, referenced by the DOMAIN macro. For example, our Berkeley 34138032Speterdomain file includes definitions for several internal distinguished 34238032Speterhosts: 34338032Speter 34438032SpeterUUCP_RELAY The host that will accept UUCP-addressed email. 34538032Speter If not defined, all UUCP sites must be directly 34638032Speter connected. 34738032SpeterBITNET_RELAY The host that will accept BITNET-addressed email. 34838032Speter If not defined, the .BITNET pseudo-domain won't work. 34938032SpeterDECNET_RELAY The host that will accept DECNET-addressed email. 35038032Speter If not defined, the .DECNET pseudo-domain and addresses 35138032Speter of the form node::user will not work. 35238032SpeterFAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 35338032Speter The "fax" mailer overrides this value. 35438032SpeterLOCAL_RELAY DEPRECATED. The site that will handle unqualified 35538032Speter names -- that is, names with out an @domain extension. 35638032Speter If not set, they are assumed to belong on this machine. 35738032Speter This allows you to have a central site to store a 35838032Speter company- or department-wide alias database. This 35938032Speter only works at small sites, and only with some user 36038032Speter agents. 36138032SpeterLUSER_RELAY The site that will handle lusers -- that is, apparently 36238032Speter local names that aren't local accounts or aliases. 36338032Speter 36438032SpeterAny of these can be either ``mailer:hostname'' (in which case the 36538032Spetermailer is the internal mailer name, such as ``uucp-new'' and the hostname 36638032Speteris the name of the host as appropriate for that mailer) or just a 36738032Speter``hostname'', in which case a default mailer type (usually ``relay'', 36838032Spetera variant on SMTP) is used. WARNING: if you have a wildcard MX 36938032Speterrecord matching your domain, you probably want to define these to 37038032Speterhave a trailing dot so that you won't get the mail diverted back 37138032Speterto yourself. 37238032Speter 37338032SpeterThe domain file can also be used to define a domain name, if needed 37438032Speter(using "DD<domain>") and set certain site-wide features. If all hosts 37538032Speterat your site masquerade behind one email name, you could also use 37638032SpeterMASQUERADE_AS here. 37738032Speter 37838032SpeterYou do not have to define a domain -- in particular, if you are a 37938032Spetersingle machine sitting off somewhere, it is probably more work than 38038032Speterit's worth. This is just a mechanism for combining "domain dependent 38138032Speterknowledge" into one place. 38238032Speter 38338032Speter+---------+ 38438032Speter| MAILERS | 38538032Speter+---------+ 38638032Speter 38738032SpeterThere are fewer mailers supported in this version than the previous 38838032Speterversion, owing mostly to a simpler world. As a general rule, put the 38938032SpeterMAILER definitions last in your .mc file, and always put MAILER(smtp) 39038032Speterbefore MAILER(uucp) -- several features and definitions will modify 39138032Speterthe definition of mailers, and the smtp mailer modifies the UUCP 39238032Spetermailer. 39338032Speter 39438032Speterlocal The local and prog mailers. You will almost always 39538032Speter need these; the only exception is if you relay ALL 39638032Speter your mail to another site. This mailer is included 39738032Speter automatically. 39838032Speter 39938032Spetersmtp The Simple Mail Transport Protocol mailer. This does 40038032Speter not hide hosts behind a gateway or another other 40138032Speter such hack; it assumes a world where everyone is 40238032Speter running the name server. This file actually defines 40338032Speter four mailers: "smtp" for regular (old-style) SMTP to 40438032Speter other servers, "esmtp" for extended SMTP to other 40538032Speter servers, "smtp8" to do SMTP to other servers without 40638032Speter converting 8-bit data to MIME (essentially, this is 40738032Speter your statement that you know the other end is 8-bit 40838032Speter clean even if it doesn't say so), and "relay" for 40938032Speter transmission to our RELAY_HOST, LUSER_RELAY, or 41038032Speter MAILER_HUB. 41138032Speter 41238032Speteruucp The Unix-to-Unix Copy Program mailer. Actually, this 41338032Speter defines two mailers, "uucp-old" (a.k.a. "uucp") and 41438032Speter "uucp-new" (a.k.a. "suucp"). The latter is for when you 41538032Speter know that the UUCP mailer at the other end can handle 41638032Speter multiple recipients in one transfer. If the smtp mailer 41738032Speter is also included in your configuration, two other mailers 41838032Speter ("uucp-dom" and "uucp-uudom") are also defined [warning: 41938032Speter you MUST specify MAILER(smtp) before MAILER(uucp)]. When you 42038032Speter include the uucp mailer, sendmail looks for all names in 42138032Speter the $=U class and sends them to the uucp-old mailer; all 42238032Speter names in the $=Y class are sent to uucp-new; and all 42338032Speter names in the $=Z class are sent to uucp-uudom. Note that 42438032Speter this is a function of what version of rmail runs on 42538032Speter the receiving end, and hence may be out of your control. 42638032Speter See the section below describing UUCP mailers in more 42738032Speter detail. 42838032Speter 42938032Speterusenet Usenet (network news) delivery. If this is specified, 43038032Speter an extra rule is added to ruleset 0 that forwards all 43138032Speter local email for users named ``group.usenet'' to the 43238032Speter ``inews'' program. Note that this works for all groups, 43338032Speter and may be considered a security problem. 43438032Speter 43538032Speterfax Facsimile transmission. This is experimental and based 43638032Speter on Sam Leffler's HylaFAX software. For more information, 43738032Speter see http://www.vix.com/hylafax/. 43838032Speter 43938032Speterpop Post Office Protocol. 44038032Speter 44138032Speterprocmail An interface to procmail (does not come with sendmail). 44238032Speter This is designed to be used in mailertables. For example, 44338032Speter a common question is "how do I forward all mail for a given 44438032Speter domain to a single person?". If you have this mailer 44538032Speter defined, you could set up a mailertable reading: 44638032Speter 44738032Speter host.com procmail:/etc/procmailrcs/host.com 44838032Speter 44938032Speter with the file /etc/procmailrcs/host.com reading: 45038032Speter 45138032Speter :0 # forward mail for host.com 45238032Speter ! -oi -f $1 person@other.host 45338032Speter 45438032Speter This would arrange for (anything)@host.com to be sent 45538032Speter to person@other.host. Within the procmail script, $1 is 45638032Speter the name of the sender and $2 is the name of the recipient. 45738032Speter If you use this with FEATURE(local_procmail), the FEATURE 45838032Speter should be listed first. 45938032Speter 46038032Spetermail11 The DECnet mail11 mailer, useful only if you have the mail11 46138032Speter program from gatekeeper.dec.com:/pub/DEC/gwtools (and 46238032Speter DECnet, of course). This is for Phase IV DECnet support; 46338032Speter if you have Phase V at your site you may have additional 46438032Speter problems. 46538032Speter 46638032Speterphquery The phquery program. This is somewhat counterintuitively 46738032Speter referenced as the "ph" mailer internally. It can be used 46838032Speter to do CCSO name server lookups. The phquery program, which 46938032Speter this mailer uses, is distributed with the ph client. 47038032Speter 47138032Spetercyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 47238032Speter a local cyrus user. this mailer can make use of the 47338032Speter "user+detail@local.host" syntax; it will deliver the mail to 47438032Speter the user's "detail" mailbox if the mailbox's ACL permits. 47538032Speter The cyrusbb mailer delivers to a system-wide cyrus mailbox 47638032Speter if the mailbox's ACL permits. 47738032Speter 47838032Speter 47938032SpeterThe local mailer accepts addresses of the form "user+detail", where 48038032Speterthe "+detail" is not used for mailbox matching but is available 48138032Speterto certain local mail programs (in particular, see FEATURE(local_procmail)). 48238032SpeterFor example, "eric", "eric+sendmail", and "eric+sww" all indicate 48338032Speterthe same user, but additional arguments <null>, "sendmail", and "sww" 48438032Spetermay be provided for use in sorting mail. 48538032Speter 48638032Speter 48738032Speter+----------+ 48838032Speter| FEATURES | 48938032Speter+----------+ 49038032Speter 49138032SpeterSpecial features can be requested using the "FEATURE" macro. For 49238032Speterexample, the .mc line: 49338032Speter 49438032Speter FEATURE(use_cw_file) 49538032Speter 49638032Spetertells sendmail that you want to have it read an /etc/sendmail.cw 49738032Speterfile to get values for class $=w. The FEATURE may contain a single 49838032Speteroptional parameter -- for example: 49938032Speter 50038032Speter FEATURE(mailertable, dbm /usr/lib/mailertable) 50138032Speter 50238032SpeterThe default database map type for the table features can be set with 50338032Speter 50438032Speter define(`DATABASE_MAP_TYPE', `dbm') 50538032Speter 50638032Speterwhich would set it to use ndbm databases. The default is the Berkeley DB 50738032Speterhash database format. Note that you must still declare a database map type 50838032Speterif you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 50938032Speterif no argument is given for the FEATURE. 51038032Speter 51138032SpeterAvailable features are: 51238032Speter 51338032Speteruse_cw_file Read the file /etc/sendmail.cw file to get alternate 51438032Speter names for this host. This might be used if you were 51538032Speter on a host that MXed for a dynamic set of other 51638032Speter hosts. If the set is static, just including the line 51738032Speter "Cw<name1> <name2> ..." (where the names are fully 51838032Speter qualified domain names) is probably superior. 51938032Speter The actual filename can be overridden by redefining 52038032Speter confCW_FILE. 52138032Speter 52238032Speteruse_ct_file Read the file /etc/sendmail.ct file to get the names 52338032Speter of users that will be ``trusted'', that is, able to 52438032Speter set their envelope from address using -f without 52538032Speter generating a warning message. 52638032Speter The actual filename can be overridden by redefining 52738032Speter confCT_FILE. 52838032Speter 52938032Speterredirect Reject all mail addressed to "address.REDIRECT" with 53038032Speter a ``551 User not local; please try <address>'' message. 53138032Speter If this is set, you can alias people who have left 53238032Speter to their new address with ".REDIRECT" appended. 53338032Speter 53438032Speternouucp Don't do anything special with UUCP addresses at all. 53538032Speter 53638032Speternocanonify Don't pass addresses to $[ ... $] for canonification. 53738032Speter This would generally only be used by sites that only 53838032Speter act as mail gateways or which have user agents that do 53938032Speter full canonification themselves. You may also want to 54038032Speter use "define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')" to 54138032Speter turn off the usual resolver options that do a similar 54238032Speter thing. 54338032Speter 54438032Speterstickyhost If set, email sent to "user@local.host" are marked 54538032Speter as "sticky" -- that is, the local addresses aren't 54638032Speter matched against UDB and don't go through ruleset 5. 54738032Speter This is used if you want a set up where "user" is 54838032Speter not necessarily the same as "user@local.host", e.g., 54938032Speter to make a distinct domain-wide namespace. Prior to 55038032Speter 8.7 this was the default, and notsticky was used to 55138032Speter turn this off. 55238032Speter 55338032Spetermailertable Include a "mailer table" which can be used to override 55438032Speter routing for particular domains. The argument of the 55538032Speter FEATURE may be the key definition. If none is specified, 55638032Speter the definition used is: 55738032Speter hash -o /etc/mailertable 55838032Speter Keys in this database are fully qualified domain names 55938032Speter or partial domains preceded by a dot -- for example, 56038032Speter "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". 56138032Speter Values must be of the form: 56238032Speter mailer:domain 56338032Speter where "mailer" is the internal mailer name, and "domain" 56438032Speter is where to send the message. These maps are not 56538032Speter reflected into the message header. As a special case, 56638032Speter the forms: 56738032Speter local:user 56838032Speter will forward to the indicated user using the local mailer, 56938032Speter local: 57038032Speter will forward to the original user in the e-mail address 57138032Speter using the local mailer, and 57238032Speter error:code message 57338032Speter will give an error message with the indicated code and 57438032Speter message. 57538032Speter 57638032Speterdomaintable Include a "domain table" which can be used to provide 57738032Speter domain name mapping. Use of this should really be 57838032Speter limited to your own domains. It may be useful if you 57938032Speter change names (e.g., your company changes names from 58038032Speter oldname.com to newname.com). The argument of the 58138032Speter FEATURE may be the key definition. If none is specified, 58238032Speter the definition used is: 58338032Speter hash -o /etc/domaintable 58438032Speter The key in this table is the domain name; the value is 58538032Speter the new (fully qualified) domain. Anything in the 58638032Speter domaintable is reflected into headers; that is, this 58738032Speter is done in ruleset 3. 58838032Speter 58938032Speterbitdomain Look up bitnet hosts in a table to try to turn them into 59038032Speter internet addresses. The table can be built using the 59138032Speter bitdomain program contributed by John Gardiner Myers. 59238032Speter The argument of the FEATURE may be the key definition; if 59338032Speter none is specified, the definition used is: 59438032Speter hash -o /etc/bitdomain.db 59538032Speter Keys are the bitnet hostname; values are the corresponding 59638032Speter internet hostname. 59738032Speter 59838032Speteruucpdomain Similar feature for UUCP hosts. The default map definition 59938032Speter is: 60038032Speter hash -o /etc/uudomain.db 60138032Speter At the moment there is no automagic tool to build this 60238032Speter database. 60338032Speter 60438032Speteralways_add_domain 60538032Speter Include the local host domain even on locally delivered 60638032Speter mail. Normally it is not added on unqualified names. 60738032Speter However, if you use a shared message store but do not use 60838032Speter the same user name space everywhere, you may need the host 60938032Speter name on local names. 61038032Speter 61138032Speterallmasquerade If masquerading is enabled (using MASQUERADE_AS), this 61238032Speter feature will cause recipient addresses to also masquerade 61338032Speter as being from the masquerade host. Normally they get 61438032Speter the local hostname. Although this may be right for 61538032Speter ordinary users, it can break local aliases. For example, 61638032Speter if you send to "localalias", the originating sendmail will 61738032Speter find that alias and send to all members, but send the 61838032Speter message with "To: localalias@masqueradehost". Since that 61938032Speter alias likely does not exist, replies will fail. Use this 62038032Speter feature ONLY if you can guarantee that the ENTIRE 62138032Speter namespace on your masquerade host supersets all the 62238032Speter local entries. 62338032Speter 62438032Speterlimited_masquerade 62538032Speter Normally, any hosts listed in $=w are masqueraded. If this 62638032Speter feature is given, only the hosts listed in $=M are masqueraded. 62738032Speter This is useful if you have several domains with disjoint 62838032Speter namespaces hosted on the same machine. 62938032Speter 63038032Spetermasquerade_entire_domain 63138032Speter If masquerading is enabled (using MASQUERADE_AS) and 63238032Speter MASQUERADE_DOMAIN (see below) is set, this feature will 63338032Speter cause addresses to be rewritten such that the masquerading 63438032Speter domains are actually entire domains to be hidden. All 63538032Speter hosts within the masquerading domains will be rewritten 63638032Speter to the masquerade name (used in MASQUERADE_AS). For example, 63738032Speter if you have: 63838032Speter 63938032Speter MASQUERADE_AS(masq.com) 64038032Speter MASQUERADE_DOMAIN(foo.org) 64138032Speter MASQUERADE_DOMAIN(bar.com) 64238032Speter 64338032Speter then *foo.org and *bar.com are converted to masq.com. Without 64438032Speter this feature, only foo.org and bar.com are masqueraded. 64538032Speter 64638032Speter NOTE: only domains within your jurisdiction and 64738032Speter current hierarchy should be masqueraded using this. 64838032Speter 64938032Spetergenericstable This feature will cause certain addresses originating locally 65038032Speter (i.e. that are unqualified) or a domain listed in $=G to be 65138032Speter looked up in a map and turned into another ("generic") form, 65238032Speter which can change both the domain name and the user name. This 65338032Speter is similar to the userdb functionality. The same types of 65438032Speter addresses as for masquerading are looked up, i.e. only header 65538032Speter sender addresses unless the allmasquerade and/or 65638032Speter masquerade_envelope features are given. Qualified addresses 65738032Speter must have the domain part in the list of names given by the 65838032Speter by the macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE 65938032Speter (analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, 66038032Speter see below). 66138032Speter 66238032Speter The argument of FEATURE(genericstable) may be the map 66338032Speter definition; the default map definition is: 66438032Speter 66538032Speter hash -o /etc/genericstable 66638032Speter 66738032Speter The key for this table is either the full address or the 66838032Speter unqualified username (the former is tried first); the 66938032Speter value is the new user address. If the new user address does 67038032Speter not include a domain, it will be qualified in the standard 67138032Speter manner, i.e. using $j or the masquerade name. Note that the 67238032Speter address being looked up must be fully qualified. For local 67338032Speter mail, it is necessary to use FEATURE(always_add_domain) for 67438032Speter the addresses to be qualified. 67538032Speter 67638032Spetervirtusertable A domain-specific form of aliasing, allowing multiple 67738032Speter virtual domains to be hosted on one machine. For example, 67838032Speter if the virtuser table contained: 67938032Speter 68038032Speter info@foo.com foo-info 68138032Speter info@bar.com bar-info 68238032Speter @baz.org jane@elsewhere.net 68338032Speter 68438032Speter then mail addressed to info@foo.com will be sent to the 68538032Speter address foo-info, mail addressed to info@bar.com will be 68638032Speter delivered to bar-info, and mail addressed to anyone at 68738032Speter baz.org will be sent to jane@elsewhere.net. The username 68838032Speter from the original address is passed as %1 allowing: 68938032Speter 69038032Speter @foo.org %1@elsewhere.com 69138032Speter 69238032Speter meaning someone@foo.org will be sent to someone@elsewhere.com. 69338032Speter 69438032Speter All the host names on the left hand side (foo.com, bar.com, 69538032Speter and baz.org) must be in $=w. The default map definition is: 69638032Speter 69738032Speter hash -o /etc/virtusertable 69838032Speter 69938032Speter A new definition can be specified as the second argument of 70038032Speter the FEATURE macro, such as 70138032Speter 70238032Speter FEATURE(virtusertable, dbm -o /etc/mail/virtusers) 70338032Speter 70438032Speternodns We aren't running DNS at our site (for example, 70538032Speter we are UUCP-only connected). It's hard to consider 70638032Speter this a "feature", but hey, it had to go somewhere. 70738032Speter Actually, as of 8.7 this is a no-op -- remove "dns" from 70838032Speter the hosts service switch entry instead. 70938032Speter 71038032Speternullclient This is a special case -- it creates a stripped down 71138032Speter configuration file containing nothing but support for 71238032Speter forwarding all mail to a central hub via a local 71338032Speter SMTP-based network. The argument is the name of that 71438032Speter hub. 71538032Speter 71638032Speter The only other feature that should be used in conjunction 71738032Speter with this one is "nocanonify" (this causes addresses to 71838032Speter be sent unqualified via the SMTP connection; normally 71938032Speter they are qualified with the masquerade name, which 72038032Speter defaults to the name of the hub machine). No mailers 72138032Speter should be defined. No aliasing or forwarding is done. 72238032Speter 72338032Speterlocal_lmtp Use an LMTP capable local mailer. The argument to this 72438032Speter feature is the pathname of an LMTP capable mailer. By 72538032Speter default, mail.local is used. This is expected to be the 72638032Speter mail.local which came with the 8.9 distribution which is 72738032Speter LMTP capable. The path to mail.local is set by the 72838032Speter confEBINDIR m4 variable -- making the default 72938032Speter LOCAL_MAILER_PATH /usr/libexec/mail.local. 73038032Speter 73138032Speterlocal_procmail Use procmail as the local mailer. This mailer can 73238032Speter make use of the "user+indicator@local.host" syntax; 73338032Speter normally the +indicator is just tossed, but by default 73438032Speter it is passed as the -a argument to procmail. The 73538032Speter argument to this feature is the pathname of procmail, 73638032Speter which defaults to PROCMAIL_MAILER_PATH. Note that this 73738032Speter does NOT use PROCMAIL_MAILER_FLAGS or PROCMAIL_MAILER_ARGS 73838032Speter for the local mailer; tweak LOCAL_MAILER_FLAGS and 73938032Speter LOCAL_MAILER_ARGS instead. 74038032Speter 74138032Speterbestmx_is_local Accept mail as though locally addressed for any host that 74238032Speter lists us as the best possible MX record. This generates 74338032Speter additional DNS traffic, but should be OK for low to 74438032Speter medium traffic hosts. The argument may be a set of 74538032Speter domains, which will limit the feature to only apply to 74638032Speter these domains -- this will reduce unnecessary DNS 74738032Speter traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 74838032Speter WILDCARD MX RECORDS!!! If you have a wildcard MX record 74938032Speter that matches your domain, you cannot use this feature. 75038032Speter 75138032Spetersmrsh Use the SendMail Restricted SHell (smrsh) provided 75238032Speter with the distribution instead of /bin/sh for mailing 75338032Speter to programs. This improves the ability of the local 75438032Speter system administrator to control what gets run via 75538032Speter e-mail. If an argument is provided it is used as the 75638032Speter pathname to smrsh; otherwise, the path defined by 75738032Speter confEBINDIR is used for the smrsh binary -- by default, 75838032Speter /usr/libexec/smrsh is assumed. 75938032Speter 76038032Speterpromiscuous_relay 76138032Speter By default, the sendmail configuration files do not permit 76238032Speter mail relaying (that is, accepting mail from outside your 76338032Speter domain and sending it to another host outside your domain). 76438032Speter This option sets your site to allow mail relaying from any 76538032Speter site to any site. In general, it is better to control the 76638032Speter relaying more carefully with the access db and the 'R' 76738032Speter class ($=R). Domains can be added to class 'R' by the 76838032Speter macros RELAY_DOMAIN or RELAY_DOMAIN_FILE (analogously to 76938032Speter MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 77038032Speter 77138032Speterrelay_entire_domain 77238032Speter By default, only hosts listed as RELAY in the access db 77338032Speter will be allowed to relay. This option also allows any 77438032Speter host in your domain as defined by the 'm' class ($=m). 77538032Speter 77638032Speterrelay_hosts_only 77738032Speter By default, names that are listed as RELAY in the access 77838032Speter db and class 'R' ($=R) are domain names, not host names. 77938032Speter For example, if you specify ``foo.com'', then mail to or 78038032Speter from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 78138032Speter will all be accepted for relaying. This feature changes 78238032Speter the behaviour to lookup individual host names only. 78338032Speter 78438032Speterrelay_based_on_MX 78538032Speter Turns on the ability to allow relaying based on the MX 78638032Speter records of the host portion of an incoming recipient. See 78738032Speter description below for more information before using this 78838032Speter feature. 78938032Speter 79038032Speterrelay_local_from 79138032Speter Allows relaying if the domain portion of the mail sender 79238032Speter is a local host. This should only be used if absolutely 79338032Speter necessary as it opens a window for spammers. 79438032Speter 79538032Speteraccept_unqualified_senders 79638032Speter Normally, MAIL FROM: commands in the SMTP session will be 79738032Speter refused if the connection is a network connection and the 79838032Speter sender address does not include a domain name. If your 79938032Speter setup sends local mail unqualified (i.e. MAIL FROM: <joe>), 80038032Speter you will need to use this feature to accept unqualified 80138032Speter sender addresses. 80238032Speter 80338032Speteraccept_unresolvable_domains 80438032Speter Normally, MAIL FROM: commands in the SMTP session will be 80538032Speter refused if the host part of the argument to MAIL FROM: cannot 80638032Speter be located in the host name service (e.g., DNS). If you are 80738032Speter inside a firewall that has only a limited view of the 80838032Speter Internet host name space, this could cause problems. In this 80938032Speter case you probably want to use this feature to accept all 81038032Speter domains on input, even if they are unresolvable. 81138032Speter 81238032Speteraccess_db Turns on the access database feature. The access db gives 81338032Speter you the ability to allow or refuse to accept mail from 81438032Speter specified domains for administrative reasons. By default, 81538032Speter the access database specification is 81638032Speter ``hash -o /etc/mail/access''. The format of the 81738032Speter database is described below. 81838032Speter 81938032Speterblacklist_recipients 82038032Speter Turns on the ability to block incoming mail for certain 82138032Speter recipient usernames, hostnames, or addresses. For 82238032Speter example, you can block incoming mail to user nobody, 82338032Speter host foo.mydomain.com, or guest@bar.mydomain.com. 82438032Speter These specifications are put in the access db as 82538032Speter described below. 82638032Speter 82738032Speterrbl Turns on rejection of hosts found in the Realtime Blackhole 82838032Speter List. If an argument is provided it is used as the 82938032Speter name sever to contact; otherwise, the main RBL server at 83038032Speter rbl.maps.vix.com is used. For details, see 83138032Speter http://maps.vix.com/rbl/. 83238032Speter 83338032Speterloose_relay_check 83438032Speter Normally, if a recipient using % addressing is used, e.g. 83538032Speter user%site@othersite, and othersite is in class 'R', the 83638032Speter check_rcpt ruleset will strip @othersite and recheck 83738032Speter user@site for relaying. This feature changes that 83838032Speter behavior. It should not be needed for most installations. 83938032Speter 84038032Speter 84138032Speter+-------+ 84238032Speter| HACKS | 84338032Speter+-------+ 84438032Speter 84538032SpeterSome things just can't be called features. To make this clear, 84638032Speterthey go in the hack subdirectory and are referenced using the HACK 84738032Spetermacro. These will tend to be site-dependent. The release 84838032Speterincludes the Berkeley-dependent "cssubdomain" hack (that makes 84938032Spetersendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 85038032Speterthis is intended as a short-term aid while we move hosts into 85138032Spetersubdomains. 85238032Speter 85338032Speter 85438032Speter+--------------------+ 85538032Speter| SITE CONFIGURATION | 85638032Speter+--------------------+ 85738032Speter 85838032Speter ***************************************************** 85938032Speter * This section is really obsolete, and is preserved * 86038032Speter * only for back compatibility. You should plan on * 86138032Speter * using mailertables for new installations. In * 86238032Speter * particular, it doesn't work for the newer forms * 86338032Speter * of UUCP mailers, such as uucp-uudom. * 86438032Speter ***************************************************** 86538032Speter 86638032SpeterComplex sites will need more local configuration information, such as 86738032Speterlists of UUCP hosts they speak with directly. This can get a bit more 86838032Spetertricky. For an example of a "complex" site, see cf/ucbvax.mc. 86938032Speter 87038032SpeterIf your host is known by several different names, you need to augment 87138032Speterthe $=w class. This is a list of names by which you are known, and 87238032Speteranything sent to an address using a host name in this list will be 87338032Spetertreated as local mail. You can do this in two ways: either create 87438032Speterthe file /etc/sendmail.cw containing a list of your aliases (one per 87538032Speterline), and use ``FEATURE(use_cw_file)'' in the .mc file, or add the 87638032Speterline: 87738032Speter 87838032Speter Cw alias.host.name 87938032Speter 88038032Speterat the end of that file. See the ``vangogh.mc'' file for an example. 88138032SpeterBe sure you use the fully-qualified name of the host, rather than a 88238032Spetershort name. 88338032Speter 88438032SpeterThe SITECONFIG macro allows you to indirectly reference site-dependent 88538032Speterconfiguration information stored in the siteconfig subdirectory. For 88638032Speterexample, the line 88738032Speter 88838032Speter SITECONFIG(uucp.ucbvax, ucbvax, U) 88938032Speter 89038032Speterreads the file uucp.ucbvax for local connection information. The 89138032Spetersecond parameter is the local name (in this case just "ucbvax" since 89238032Speterit is locally connected, and hence a UUCP hostname). The third 89338032Speterparameter is the name of both a macro to store the local name (in 89438032Speterthis case, $U) and the name of the class (e.g., $=U) in which to store 89538032Speterthe host information read from the file. Another SITECONFIG line reads 89638032Speter 89738032Speter SITECONFIG(uucp.ucbarpa, ucbarpa.Berkeley.EDU, W) 89838032Speter 89938032SpeterThis says that the file uucp.ucbarpa contains the list of UUCP sites 90038032Speterconnected to ucbarpa.Berkeley.EDU. The $=W class will be used to 90138032Speterstore this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 90238032Speteris, the name of the relay to which the hosts listed in uucp.ucbarpa 90338032Speterare connected. [The machine ucbarpa is gone now, but I've left 90438032Speterthis out-of-date configuration file around to demonstrate how you 90538032Spetermight do this.] 90638032Speter 90738032SpeterNote that the case of SITECONFIG with a third parameter of ``U'' is 90838032Speterspecial; the second parameter is assumed to be the UUCP name of the 90938032Speterlocal site, rather than the name of a remote site, and the UUCP name 91038032Speteris entered into $=w (the list of local hostnames) as $U.UUCP. 91138032Speter 91238032SpeterThe siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 91338032Spetermore than a sequence of SITE macros describing connectivity. For 91438032Speterexample: 91538032Speter 91638032Speter SITE(cnmat) 91738032Speter SITE(sgi olympus) 91838032Speter 91938032SpeterThe second example demonstrates that you can use two names on the 92038032Spetersame line; these are usually aliases for the same host (or are at 92138032Speterleast in the same company). 92238032Speter 92338032Speter 92438032Speter+--------------------+ 92538032Speter| USING UUCP MAILERS | 92638032Speter+--------------------+ 92738032Speter 92838032SpeterIt's hard to get UUCP mailers right because of the extremely ad hoc 92938032Speternature of UUCP addressing. These config files are really designed 93038032Speterfor domain-based addressing, even for UUCP sites. 93138032Speter 93238032SpeterThere are four UUCP mailers available. The choice of which one to 93338032Speteruse is partly a matter of local preferences and what is running at 93438032Speterthe other end of your UUCP connection. Unlike good protocols that 93538032Speterdefine what will go over the wire, UUCP uses the policy that you 93638032Spetershould do what is right for the other end; if they change, you have 93738032Speterto change. This makes it hard to do the right thing, and discourages 93838032Speterpeople from updating their software. In general, if you can avoid 93938032SpeterUUCP, please do. 94038032Speter 94138032SpeterThe major choice is whether to go for a domainized scheme or a 94238032Speternon-domainized scheme. This depends entirely on what the other 94338032Speterend will recognize. If at all possible, you should encourage the 94438032Speterother end to go to a domain-based system -- non-domainized addresses 94538032Speterdon't work entirely properly. 94638032Speter 94738032SpeterThe four mailers are: 94838032Speter 94938032Speter uucp-old (obsolete name: "uucp") 95038032Speter This is the oldest, the worst (but the closest to UUCP) way of 95138032Speter sending messages accros UUCP connections. It does bangify 95238032Speter everything and prepends $U (your UUCP name) to the sender's 95338032Speter address (which can already be a bang path itself). It can 95438032Speter only send to one address at a time, so it spends a lot of 95538032Speter time copying duplicates of messages. Avoid this if at all 95638032Speter possible. 95738032Speter 95838032Speter uucp-new (obsolete name: "suucp") 95938032Speter The same as above, except that it assumes that in one rmail 96038032Speter command you can specify several recipients. It still has a 96138032Speter lot of other problems. 96238032Speter 96338032Speter uucp-dom 96438032Speter This UUCP mailer keeps everything as domain addresses. 96538032Speter Basically, it uses the SMTP mailer rewriting rules. This mailer 96638032Speter is only included if MAILER(smtp) is also specified. 96738032Speter 96838032Speter Unfortunately, a lot of UUCP mailer transport agents require 96938032Speter bangified addresses in the envelope, although you can use 97038032Speter domain-based addresses in the message header. (The envelope 97138032Speter shows up as the From_ line on UNIX mail.) So.... 97238032Speter 97338032Speter uucp-uudom 97438032Speter This is a cross between uucp-new (for the envelope addresses) 97538032Speter and uucp-dom (for the header addresses). It bangifies the 97638032Speter envelope sender (From_ line in messages) without adding the 97738032Speter local hostname, unless there is no host name on the address 97838032Speter at all (e.g., "wolf") or the host component is a UUCP host name 97938032Speter instead of a domain name ("somehost!wolf" instead of 98038032Speter "some.dom.ain!wolf"). This is also included only if MAILER(smtp) 98138032Speter is also specified. 98238032Speter 98338032SpeterExamples: 98438032Speter 98538032SpeterWe are on host grasp.insa-lyon.fr (UUCP host name "grasp"). The 98638032Speterfollowing summarizes the sender rewriting for various mailers. 98738032Speter 98838032SpeterMailer sender rewriting in the envelope 98938032Speter------ ------ ------------------------- 99038032Speteruucp-{old,new} wolf grasp!wolf 99138032Speteruucp-dom wolf wolf@grasp.insa-lyon.fr 99238032Speteruucp-uudom wolf grasp.insa-lyon.fr!wolf 99338032Speter 99438032Speteruucp-{old,new} wolf@fr.net grasp!fr.net!wolf 99538032Speteruucp-dom wolf@fr.net wolf@fr.net 99638032Speteruucp-uudom wolf@fr.net fr.net!wolf 99738032Speter 99838032Speteruucp-{old,new} somehost!wolf grasp!somehost!wolf 99938032Speteruucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 100038032Speteruucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 100138032Speter 100238032SpeterIf you are using one of the domainized UUCP mailers, you really want 100338032Speterto convert all UUCP addresses to domain format -- otherwise, it will 100438032Speterdo it for you (and probably not the way you expected). For example, 100538032Speterif you have the address foo!bar!baz (and you are not sending to foo), 100638032Speterthe heuristics will add the @uucp.relay.name or @local.host.name to 100738032Speterthis address. However, if you map foo to foo.host.name first, it 100838032Speterwill not add the local hostname. You can do this using the uucpdomain 100938032Speterfeature. 101038032Speter 101138032Speter 101238032Speter+-------------------+ 101338032Speter| TWEAKING RULESETS | 101438032Speter+-------------------+ 101538032Speter 101638032SpeterFor more complex configurations, you can define special rules. 101738032SpeterThe macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 101838032Speterthe names. Any modifications made here are reflected in the header. 101938032Speter 102038032SpeterA common use is to convert old UUCP addresses to SMTP addresses using 102138032Speterthe UUCPSMTP macro. For example: 102238032Speter 102338032Speter LOCAL_RULE_3 102438032Speter UUCPSMTP(decvax, decvax.dec.com) 102538032Speter UUCPSMTP(research, research.att.com) 102638032Speter 102738032Speterwill cause addresses of the form "decvax!user" and "research!user" 102838032Speterto be converted to "user@decvax.dec.com" and "user@research.att.com" 102938032Speterrespectively. 103038032Speter 103138032SpeterThis could also be used to look up hosts in a database map: 103238032Speter 103338032Speter LOCAL_RULE_3 103438032Speter R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 103538032Speter 103638032SpeterThis map would be defined in the LOCAL_CONFIG portion, as shown below. 103738032Speter 103838032SpeterSimilarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 103938032SpeterFor example, new rules are needed to parse hostnames that you accept 104038032Spetervia MX records. For example, you might have: 104138032Speter 104238032Speter LOCAL_RULE_0 104338032Speter R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 104438032Speter 104538032SpeterYou would use this if you had installed an MX record for cnmat.Berkeley.EDU 104638032Speterpointing at this host; this rule catches the message and forwards it on 104738032Speterusing UUCP. 104838032Speter 104938032SpeterYou can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 105038032SpeterThese rulesets are normally empty. 105138032Speter 105238032SpeterA similar macro is LOCAL_CONFIG. This introduces lines added after the 105338032Speterboilerplate option setting but before rulesets, and can be used to 105438032Speterdeclare local database maps or whatever. For example: 105538032Speter 105638032Speter LOCAL_CONFIG 105738032Speter Khostmap hash /etc/hostmap.db 105838032Speter Kyplocal nis -m hosts.byname 105938032Speter 106038032Speter 106138032Speter+---------------------------+ 106238032Speter| MASQUERADING AND RELAYING | 106338032Speter+---------------------------+ 106438032Speter 106538032SpeterYou can have your host masquerade as another using 106638032Speter 106738032Speter MASQUERADE_AS(host.domain) 106838032Speter 106938032SpeterThis causes mail being sent to be labeled as coming from the 107038032Speterindicated host.domain, rather than $j. One normally masquerades as 107138032Speterone of one's own subdomains (for example, it's unlikely that I would 107238032Speterchoose to masquerade as an MIT site). This behaviour is modified by 107338032Spetera plethora of FEATUREs; in particular, see masquerade_envelope, 107438032Speterallmasquerade, limited_masquerade, and masquerade_entire_domain. 107538032Speter 107638032SpeterThe masquerade name is not normally canonified, so it is important 107738032Speterthat it be your One True Name, that is, fully qualified and not a 107838032SpeterCNAME. However, if you use a CNAME, the receiving side may canonify 107938032Speterit for you, so don't think you can cheat CNAME mapping this way. 108038032Speter 108138032SpeterNormally the only addresses that are masqueraded are those that come 108238032Speterfrom this host (that is, are either unqualified or in $=w, the list 108338032Speterof local domain names). You can augment this list using 108438032Speter 108538032Speter MASQUERADE_DOMAIN(otherhost.domain) 108638032Speter 108738032SpeterThe effect of this is that although mail to user@otherhost.domain 108838032Speterwill not be delivered locally, any mail including any user@otherhost.domain 108938032Speterwill, when relayed, be rewritten to have the MASQUERADE_AS address. 109038032SpeterThis can be a space-separated list of names. 109138032Speter 109238032SpeterIf these names are in a file, you can use 109338032Speter 109438032Speter MASQUERADE_DOMAIN_FILE(filename) 109538032Speter 109638032Speterto read the list of names from the indicated file. 109738032Speter 109838032SpeterNormally only header addresses are masqueraded. If you want to 109938032Spetermasquerade the envelope as well, use 110038032Speter 110138032Speter FEATURE(masquerade_envelope) 110238032Speter 110338032SpeterThere are always users that need to be "exposed" -- that is, their 110438032Speterinternal site name should be displayed instead of the masquerade name. 110538032SpeterRoot is an example. You can add users to this list using 110638032Speter 110738032Speter EXPOSED_USER(usernames) 110838032Speter 110938032SpeterThis adds users to class E; you could also use something like 111038032Speter 111138032Speter FE/etc/sendmail.cE 111238032Speter 111338032SpeterYou can also arrange to relay all unqualified names (that is, names 111438032Speterwithout @host) to a relay host. For example, if you have a central 111538032Speteremail server, you might relay to that host so that users don't have 111638032Speterto have .forward files or aliases. You can do this using 111738032Speter 111838032Speter define(`LOCAL_RELAY', mailer:hostname) 111938032Speter 112038032SpeterThe ``mailer:'' can be omitted, in which case the mailer defaults to 112138032Speter"relay". There are some user names that you don't want relayed, perhaps 112238032Speterbecause of local aliases. A common example is root, which may be 112338032Speterlocally aliased. You can add entries to this list using 112438032Speter 112538032Speter LOCAL_USER(usernames) 112638032Speter 112738032SpeterThis adds users to class L; you could also use something like 112838032Speter 112938032Speter FL/etc/sendmail.cL 113038032Speter 113138032SpeterIf you want all incoming mail sent to a centralized hub, as for a 113238032Spetershared /var/spool/mail scheme, use 113338032Speter 113438032Speter define(`MAIL_HUB', mailer:hostname) 113538032Speter 113638032SpeterAgain, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 113738032Speterand MAIL_HUB _AND_ you have FEATURE(stickyhost), unqualified names will 113838032Speterbe sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 113938032SpeterNames in $=L will be delivered locally, so you MUST have aliases or 114038032Speter.forward files for them. 114138032Speter 114238032SpeterFor example, if you are on machine mastodon.CS.Berkeley.EDU and you have 114338032SpeterFEATURE(stickyhost), the following combinations of settings will have the 114438032Speterindicated effects: 114538032Speter 114638032Speteremail sent to.... eric eric@mastodon.CS.Berkeley.EDU 114738032Speter 114838032SpeterLOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 114938032Spetermail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 115038032Speter 115138032SpeterMAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 115238032Spetermammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 115338032Speter 115438032SpeterBoth LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 115538032SpeterMAIL_HUB set as above (no local aliasing) (aliasing done) 115638032Speter 115738032SpeterIf you do not have FEATURE(stickyhost) set, then LOCAL_RELAY and 115838032SpeterMAIL_HUB act identically, with MAIL_HUB taking precedence. 115938032Speter 116038032SpeterIf you want all outgoing mail to go to a central relay site, define 116138032SpeterSMART_HOST as well. Briefly: 116238032Speter 116338032Speter LOCAL_RELAY applies to unqualified names (e.g., "eric"). 116438032Speter MAIL_HUB applies to names qualified with the name of the 116538032Speter local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 116638032Speter SMART_HOST applies to names qualified with other hosts. 116738032Speter 116838032SpeterHowever, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 116938032SpeterDECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 117038032Speterreally want absolutely everything to go to a single central site you will 117138032Speterneed to unset all the other relays -- or better yet, find or build a 117238032Speterminimal config file that does this. 117338032Speter 117438032SpeterFor duplicate suppression to work properly, the host name is best 117538032Speterspecified with a terminal dot: 117638032Speter 117738032Speter define(`MAIL_HUB', `host.domain.') 117838032Speter note the trailing dot ---^ 117938032Speter 118038032Speter 118138032Speter+---------------------------------+ 118238032Speter| ANTI-SPAM CONFIGURATION CONTROL | 118338032Speter+---------------------------------+ 118438032Speter 118538032SpeterThe primary anti-spam features available in sendmail are: 118638032Speter 118738032Speter* Relaying is denied by default. 118838032Speter* Better checking on sender information. 118938032Speter* Access database. 119038032Speter* Header checks. 119138032Speter 119238032SpeterRelaying (transmission of messages from a site outside your domain to 119338032Speteranother site outside your domain) is denied by default. Note that 119438032Speterthis changed in sendmail 8.9; previous versions allowed relaying by 119538032Speterdefault. If you want to revert to the old behaviour, you will need 119638032Speterto use FEATURE(promiscuous_relay). You can allow certain domains to 119738032Speterrelay through your server by adding their domain name or IP address to 119838032Speterclass 'R' ($=R) using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the 119938032Speteraccess database (described below). 120038032Speter 120138032SpeterIf you use 120238032Speter 120338032Speter FEATURE(relay_entire_domain) 120438032Speter 120538032Speterthen any host in any of your local domains (that is, the $=m class) 120638032Speterwill be relayed. 120738032Speter 120838032SpeterYou can also allow relaying based on the MX records of the host 120938032Speterportion of an incoming recipient address by using 121038032Speter 121138032Speter FEATURE(relay_based_on_MX) 121238032Speter 121338032SpeterFor example, if your server receives a recipient of user@domain.com 121438032Speterand domain.com lists your server in its MX records, the mail will be 121538032Speteraccepted. Note that this will stop spammers from using your host to 121638032Speterrelay spam but it will not stop outsiders from using your server as a 121738032Speterrelay for their site. Along the same lines, 121838032Speter 121938032Speter FEATURE(relay_local_from) 122038032Speter 122138032Speterwill allow relaying if the sender specifies a return path (i.e. 122238032SpeterMAIL FROM: <user@domain>) domain which is a local domain. This a 122338032Speterdangerous feature as it will allow spammers to spam using your mail 122438032Speterserver by simply specifying a return address of user@your.domain.com. 122538032SpeterIt should not be used unless absolutely necessary. 122638032Speter 122738032SpeterIf source routing is used in the recipient address (i.e. 122838032SpeterRCPT TO: <user%site.com@othersite.com>), sendmail will check 122938032Speteruser@site.com for relaying if othersite.com is an allowed relay host 123038032Speterin either class 'R', class 'm' if FEATURE(relay_entire_domain) is used, 123138032Speteror the access database if FEATURE(access_db) is used. To prevent 123238032Speterthe address from being stripped down, use: 123338032Speter 123438032Speter FEATURE(loose_relay_check) 123538032Speter 123638032SpeterIf you think you need to use this feature, you probably do not. This 123738032Spetershould only be used for sites which have no control over the addresses 123838032Speterthat they provide a gateway for. Use this FEATURE with caution as it 123938032Spetercan allow spammers to relay through your server if not setup properly. 124038032Speter 124138032SpeterAs of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 124238032Speteran unresolvable domain (i.e., one that DNS, your local name service, 124338032Speteror special case rules in ruleset 3 cannot locate). If you want to 124438032Spetercontinue to accept such domains, e.g. because you are inside a 124538032Speterfirewall that has only a limited view of the Internet host name space 124638032Speter(note that you will not be able to return mail to them unless you have 124738032Spetersome "smart host" forwarder), use 124838032Speter 124938032Speter FEATURE(accept_unresolvable_domains) 125038032Speter 125138032Spetersendmail will also refuse mail if the MAIL FROM: parameter is not 125238032Speterfully qualified (i.e., contains a domain as well as a user). If you 125338032Speterwant to continue to accept such senders, use 125438032Speter 125538032Speter FEATURE(accept_unqualified_senders) 125638032Speter 125738032SpeterAn ``access'' database can be created to accept or reject mail from 125838032Speterselected domains. For example, you may choose to reject all mail 125938032Speteroriginating from known spammers. To enable such a database, use 126038032Speter 126138032Speter FEATURE(access_db) 126238032Speter 126338032SpeterThe FEATURE macro can accept a second parameter giving the key file 126438032Speterdefinition for the database; for example 126538032Speter 126638032Speter FEATURE(access_db, hash -o /etc/mail/access) 126738032Speter 126838032SpeterThe table itself uses e-mail addresses, domain names, and network 126938032Speternumbers as keys. For example, 127038032Speter 127138032Speter spammer@aol.com REJECT 127238032Speter cyberspammer.com REJECT 127338032Speter 206.117.147 REJECT 127438032Speter 127538032Speterwould refuse mail from spammer@aol.com, any user from cyberspammer.com 127638032Speter(or any host within the cyberspammer.com domain), and any host on the 127738032Speter206.117.147.* network. 127838032Speter 127938032SpeterThe value part of the map can contain: 128038032Speter 128138032Speter OK accept mail even if other rules in the 128238032Speter running ruleset would reject it. 128338032Speter RELAY Allow domain to relay through your SMTP 128438032Speter server. RELAY also serves an implicit 128538032Speter OK for the other checks. 128638032Speter REJECT reject the sender/recipient with a general 128738032Speter purpose message. 128838032Speter DISCARD discard the message completely using 128938032Speter the $#discard mailer 129038032Speter ### any text where ### is an RFC 821 compliant error code 129138032Speter and "any text" is a message to return for 129238032Speter the command. 129338032Speter 129438032SpeterFor example: 129538032Speter 129638032Speter cyberspammer.com 550 We don't accept mail from spammers 129738032Speter okay.cyberspammer.com OK 129838032Speter sendmail.org OK 129938032Speter 128.32 RELAY 130038032Speter 130138032Speterwould accept mail from okay.cyberspammer.com, but would reject mail 130238032Speterfrom all other hosts at cyberspammer.com with the indicated message. 130338032SpeterIt would allow accept mail from any hosts in the sendmail.org domain, 130438032Speterand allow relaying for the 128.32.*.* network. Note, UUCP users may 130538032Speterneed to add hostname.UUCP to the access database or class 'R' ($=R). 130638032SpeterIf you also use: 130738032Speter 130838032Speter FEATURE(relay_hosts_only) 130938032Speter 131038032Speterthen the above example will allow relaying for sendmail.org, but not 131138032Speterhosts within the sendmail.org domain. Note that this will also require 131238032Speterhosts listed in class 'R' ($=R) to be fully qualified host names. 131338032Speter 131438032SpeterYou can also use the access database to block sender addresses based on 131538032Speterthe username portion of the address. For example: 131638032Speter 131738032Speter FREE.STEALTH.MAILER@ 550 Spam not accepted 131838032Speter 131938032SpeterNote that you must include the @ after the username to signify that 132038032Speterthis database entry is for checking only the username portion of the 132138032Spetersender address. 132238032Speter 132338032SpeterIf you use: 132438032Speter 132538032Speter FEATURE(blacklist_recipients) 132638032Speter 132738032Speterthen you can add entries to the map for local users, hosts in your 132838032Speterdomains, or addresses in your domain which should not receive mail: 132938032Speter 133038032Speter badlocaluser 550 Mailbox disabled for this username 133138032Speter host.mydomain.com 550 That host does not accept mail 133238032Speter user@otherhost.mydomain.com 550 Mailbox disabled for this recipient 133338032Speter 133438032SpeterThis would prevent a recipient of badlocaluser@mydomain.com, any 133538032Speteruser at host.mydomain.com, and the single address 133638032Speteruser@otherhost.mydomain.com from receiving mail. 133738032Speter 133838032SpeterThere is also a ``Realtime Blackhole List'' run by the MAPS project 133938032Speterat http://maps.vix.com/. This is a database maintained in DNS of 134038032Speterspammers. To use this database, use 134138032Speter 134238032Speter FEATURE(rbl) 134338032Speter 134438032SpeterThis will cause sendmail to reject mail from any site in the 134538032SpeterRealtime Blackhole List database. You can specify an alternative 134638032SpeterRBL name server to contact by specifying an argument to the FEATURE. 134738032Speter 134838032SpeterThe features described above make use of the check_relay, check_mail, 134938032Speterand check_rcpt rulesets. If you wish to include your own checks, 135038032Speteryou can put your checks in the rulesets Local_check_relay, 135138032SpeterLocal_check_mail, and Local_check_rcpt. For example if you wanted to 135238032Speterblock senders with all numeric usernames (i.e. 2312343@bigisp.com), 135338032Speteryou would use Local_check_mail and the new regex map: 135438032Speter 135538032Speter LOCAL_CONFIG 135638032Speter Kallnumbers regex -a@MATCH ^[0-9]+$ 135738032Speter 135838032Speter LOCAL_RULESETS 135938032Speter SLocal_check_mail 136038032Speter # check address against various regex checks 136138032Speter R$* $: $>Parse0 $>3 $1 136238032Speter R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 136338032Speter R@MATCH $#error $: 553 Header Error 136438032Speter 136538032SpeterThese rules are called with the original arguments of the corresponding 136638032Spetercheck_* ruleset. If the local ruleset returns $#OK, no further checking 136738032Speteris done by the features described above and the mail is accepted. If the 136838032Speterlocal ruleset resolves to a mailer (such as $#error or $#discard), the 136938032Speterappropriate action is taken. Otherwise, the results of the local 137038032Speterrewriting are ignored. 137138032Speter 137238032Speter 137338032SpeterYou can also reject mail on the basis of the contents of headers. 137438032SpeterThis is done by adding a ruleset call to the 'H' header definition command 137538032Speterin sendmail.cf. For example, this can be used to check the validity of 137638032Spetera Message-ID: header: 137738032Speter 137838032Speter LOCAL_RULESETS 137938032Speter HMessage-Id: $>CheckMessageId 138038032Speter 138138032Speter SCheckMessageId 138238032Speter R< $+ @ $+ > $@ OK 138338032Speter R$* $#error $: 553 Header Error 138438032Speter 138538032Speter 138638032Speter+--------------------------------+ 138738032Speter| ADDING NEW MAILERS OR RULESETS | 138838032Speter+--------------------------------+ 138938032Speter 139038032SpeterSometimes you may need to add entirely new mailers or rulesets. They 139138032Spetershould be introduced with the constructs MAILER_DEFINITIONS and 139238032SpeterLOCAL_RULESETS respectively. For example: 139338032Speter 139438032Speter MAILER_DEFINITIONS 139538032Speter Mmymailer, ... 139638032Speter ... 139738032Speter 139838032Speter LOCAL_RULESETS 139938032Speter Smyruleset 140038032Speter ... 140138032Speter 140238032Speter 140338032Speter+-------------------------------+ 140438032Speter| NON-SMTP BASED CONFIGURATIONS | 140538032Speter+-------------------------------+ 140638032Speter 140738032SpeterThese configuration files are designed primarily for use by SMTP-based 140838032Spetersites. I don't pretend that they are well tuned for UUCP-only or 140938032SpeterUUCP-primarily nodes (the latter is defined as a small local net 141038032Speterconnected to the rest of the world via UUCP). However, there is one 141138032Speterhook to handle some special cases. 141238032Speter 141338032SpeterYou can define a ``smart host'' that understands a richer address syntax 141438032Speterusing: 141538032Speter 141638032Speter define(`SMART_HOST', mailer:hostname) 141738032Speter 141838032SpeterIn this case, the ``mailer:'' defaults to "relay". Any messages that 141938032Spetercan't be handled using the usual UUCP rules are passed to this host. 142038032Speter 142138032SpeterIf you are on a local SMTP-based net that connects to the outside 142238032Speterworld via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 142338032SpeterFor example: 142438032Speter 142538032Speter define(`SMART_HOST', suucp:uunet) 142638032Speter LOCAL_NET_CONFIG 142738032Speter R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 142838032Speter 142938032SpeterThis will cause all names that end in your domain name ($m) via 143038032SpeterSMTP; anything else will be sent via suucp (smart UUCP) to uunet. 143138032SpeterIf you have FEATURE(nocanonify), you may need to omit the dots after 143238032Speterthe $m. If you are running a local DNS inside your domain which is 143338032Speternot otherwise connected to the outside world, you probably want to 143438032Speteruse: 143538032Speter 143638032Speter define(`SMART_HOST', smtp:fire.wall.com) 143738032Speter LOCAL_NET_CONFIG 143838032Speter R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 143938032Speter 144038032SpeterThat is, send directly only to things you found in your DNS lookup; 144138032Speteranything else goes through SMART_HOST. 144238032Speter 144338032SpeterYou may need to turn off the anti-spam rules in order to accept 144438032SpeterUUCP mail with FEATURE(promiscuous_relay) and 144538032SpeterFEATURE(accept_unresolvable_domains). 144638032Speter 144738032Speter 144838032Speter+-----------+ 144938032Speter| WHO AM I? | 145038032Speter+-----------+ 145138032Speter 145238032SpeterNormally, the $j macro is automatically defined to be your fully 145338032Speterqualified domain name (FQDN). Sendmail does this by getting your 145438032Speterhost name using gethostname and then calling gethostbyname on the 145538032Speterresult. For example, in some environments gethostname returns 145638032Speteronly the root of the host name (such as "foo"); gethostbyname is 145738032Spetersupposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 145838032Spetercases, gethostbyname may fail to return the FQDN. In this case 145938032Speteryou MUST define confDOMAIN_NAME to be your fully qualified domain 146038032Spetername. This is usually done using: 146138032Speter 146238032Speter Dmbar.com 146338032Speter define(`confDOMAIN_NAME', `$w.$m')dnl 146438032Speter 146538032Speter 146638032Speter+--------------------+ 146738032Speter| USING MAILERTABLES | 146838032Speter+--------------------+ 146938032Speter 147038032SpeterTo use FEATURE(mailertable), you will have to create an external 147138032Speterdatabase containing the routing information for various domains. 147238032SpeterFor example, a mailertable file in text format might be: 147338032Speter 147438032Speter .my.domain xnet:%1.my.domain 147538032Speter uuhost1.my.domain suucp:uuhost1 147638032Speter .bitnet smtp:relay.bit.net 147738032Speter 147838032SpeterThis should normally be stored in /etc/mailertable. The actual 147938032Speterdatabase version of the mailertable is built using: 148038032Speter 148138032Speter makemap hash /etc/mailertable.db < /etc/mailertable 148238032Speter 148338032SpeterThe semantics are simple. Any LHS entry that does not begin with 148438032Spetera dot matches the full host name indicated. LHS entries beginning 148538032Speterwith a dot match anything ending with that domain name -- that is, 148638032Speterthey can be thought of as having a leading "*" wildcard. Matching 148738032Speteris done in order of most-to-least qualified -- for example, even 148838032Speterthough ".my.domain" is listed first in the above example, an entry 148938032Speterof "uuhost1.my.domain" will match the second entry since it is 149038032Spetermore explicit. 149138032Speter 149238032SpeterThe RHS should always be a "mailer:host" pair. The mailer is the 149338032Speterconfiguration name of a mailer (that is, an `M' line in the 149438032Spetersendmail.cf file). The "host" will be the hostname passed to 149538032Speterthat mailer. In domain-based matches (that is, those with leading 149638032Speterdots) the "%1" may be used to interpolate the wildcarded part of 149738032Speterthe host name. For example, the first line above sends everything 149838032Speteraddressed to "anything.my.domain" to that same host name, but using 149938032Speterthe (presumably experimental) xnet mailer. 150038032Speter 150138032SpeterIn some cases you may want to temporarily turn off MX records, 150238032Speterparticularly on gateways. For example, you may want to MX 150338032Spetereverything in a domain to one machine that then forwards it 150438032Speterdirectly. To do this, you might use the DNS configuration: 150538032Speter 150638032Speter *.domain. IN MX 0 relay.machine 150738032Speter 150838032Speterand on relay.machine use the mailertable: 150938032Speter 151038032Speter .domain smtp:[gateway.domain] 151138032Speter 151238032SpeterThe [square brackets] turn off MX records for this host only. 151338032SpeterIf you didn't do this, the mailertable would use the MX record 151438032Speteragain, which would give you an MX loop. 151538032Speter 151638032Speter 151738032Speter+--------------------------------+ 151838032Speter| USING USERDB TO MAP FULL NAMES | 151938032Speter+--------------------------------+ 152038032Speter 152138032SpeterThe user database was not originally intended for mapping full names 152238032Speterto login names (e.g., Eric.Allman => eric), but some people are using 152338032Speterit that way. (I would recommend that you set up aliases for this 152438032Speterpurpose instead -- since you can specify multiple alias files, this 152538032Speteris fairly easy.) The intent was to locate the default maildrop at 152638032Spetera site, but allow you to override this by sending to a specific host. 152738032Speter 152838032SpeterIf you decide to set up the user database in this fashion, it is 152938032Speterimperative that you not use FEATURE(stickyhost) -- otherwise, 153038032Spetere-mail sent to Full.Name@local.host.name will be rejected. 153138032Speter 153238032SpeterTo build the internal form of the user database, use: 153338032Speter 153438032Speter makemap btree /usr/data/base.db < /usr/data/base.txt 153538032Speter 153638032SpeterAs a general rule, I am adamantly opposed to using full names as 153738032Spetere-mail addresses, since they are not in any sense unique. For example, 153838032Speterthe Unix software-development community has two Andy Tannenbaums, 153938032Speterat least two well-known Peter Deutsches, and at one time Bell Labs 154038032Speterhad two Stephen R. Bournes with offices along the same hallway. 154138032SpeterWhich one will be forced to suffer the indignity of being 154238032SpeterStephen_R_Bourne_2? The less famous of the two, or the one that 154338032Speterwas hired later? 154438032Speter 154538032SpeterFinger should handle full names (and be fuzzy). Mail should use 154638032Speterhandles, and not be fuzzy. [Not that I expect anyone to pay any 154738032Speterattention to my opinions.] 154838032Speter 154938032Speter 155038032Speter+--------------------------------+ 155138032Speter| MISCELLANEOUS SPECIAL FEATURES | 155238032Speter+--------------------------------+ 155338032Speter 155438032SpeterPlussed users 155538032Speter Sometimes it is convenient to merge configuration on a 155638032Speter centralized mail machine, for example, to forward all 155738032Speter root mail to a mail server. In this case it might be 155838032Speter useful to be able to treat the root addresses as a class 155938032Speter of addresses with subtle differences. You can do this 156038032Speter using plussed users. For example, a client might include 156138032Speter the alias: 156238032Speter 156338032Speter root: root+client1@server 156438032Speter 156538032Speter On the server, this will match an alias for "root+client1". 156638032Speter If that is not found, the alias "root+*" will be tried, 156738032Speter then "root". 156838032Speter 156938032SpeterLDAP 157038032Speter For notes on use LDAP in sendmail, see 157138032Speter http://www.stanford.edu/~bbense/Inst.html 157238032Speter 157338032Speter 157438032Speter 157538032Speter+----------------+ 157638032Speter| SECURITY NOTES | 157738032Speter+----------------+ 157838032Speter 157938032SpeterA lot of sendmail security comes down to you. Sendmail 8 is much 158038032Spetermore careful about checking for security problems than previous 158138032Speterversions, but there are some things that you still need to watch 158238032Speterfor. In particular: 158338032Speter 158438032Speter* Make sure the aliases file isn't writable except by trusted 158538032Speter system personnel. This includes both the text and database 158638032Speter version. 158738032Speter 158838032Speter* Make sure that other files that sendmail reads, such as the 158938032Speter mailertable, are only writable by trusted system personnel. 159038032Speter 159138032Speter* The queue directory should not be world writable PARTICULARLY 159238032Speter if your system allows "file giveaways" (that is, if a non-root 159338032Speter user can chown any file they own to any other user). 159438032Speter 159538032Speter* If your system allows file giveaways, DO NOT create a publically 159638032Speter writable directory for forward files. This will allow anyone 159738032Speter to steal anyone else's e-mail. Instead, create a script that 159838032Speter copies the .forward file from users' home directories once a 159938032Speter night (if you want the non-NFS-mounted forward directory). 160038032Speter 160138032Speter* If your system allows file giveaways, you'll find that 160238032Speter sendmail is much less trusting of :include: files -- in 160338032Speter particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 160438032Speter /etc/shells before they will be trusted (that is, before 160538032Speter files and programs listed in them will be honored). 160638032Speter 160738032SpeterIn general, file giveaways are a mistake -- if you can turn them 160838032Speteroff I recommend you do so. 160938032Speter 161038032Speter 161138032Speter+--------------------------------+ 161238032Speter| TWEAKING CONFIGURATION OPTIONS | 161338032Speter+--------------------------------+ 161438032Speter 161538032SpeterThere are a large number of configuration options that don't normally 161638032Speterneed to be changed. However, if you feel you need to tweak them, you 161738032Spetercan define the following M4 variables. This list is shown in four 161838032Spetercolumns: the name you define, the default value for that definition, 161938032Speterthe option or macro that is affected (either Ox for an option or Dx 162038032Speterfor a macro), and a brief description. Greater detail of the semantics 162138032Spetercan be found in the Installation and Operations Guide. 162238032Speter 162338032SpeterSome options are likely to be deprecated in future versions -- that is, 162438032Speterthe option is only included to provide back-compatibility. These are 162538032Spetermarked with "*". 162638032Speter 162738032SpeterRemember that these options are M4 variables, and hence may need to 162838032Speterbe quoted. In particular, arguments with commas will usually have to 162938032Speterbe ``double quoted, like this phrase'' to avoid having the comma 163038032Speterconfuse things. This is common for alias file definitions and for 163138032Speterthe read timeout. 163238032Speter 163338032SpeterM4 Variable Name Configuration Description & [Default] 163438032Speter================ ============= ======================= 163538032SpeterconfMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 163638032Speter for internally generated outgoing 163738032Speter messages. 163838032SpeterconfDOMAIN_NAME $j macro If defined, sets $j. This should 163938032Speter only be done if your system cannot 164038032Speter determine your local domain name, 164138032Speter and then it should be set to 164238032Speter $w.Foo.COM, where Foo.COM is your 164338032Speter domain name. 164438032SpeterconfCF_VERSION $Z macro If defined, this is appended to the 164538032Speter configuration version name. 164638032SpeterconfFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 164738032Speter internally generated From: address. 164838032SpeterconfRECEIVED_HEADER Received: 164938032Speter [$?sfrom $s $.$?_($?s$|from $.$_) 165038032Speter $.by $j ($v/$Z)$?r with $r$. id $i$?u 165138032Speter for $u; $|; 165238032Speter $.$b] 165338032Speter The format of the Received: header 165438032Speter in messages passed through this host. 165538032Speter It is unwise to try to change this. 165638032SpeterconfCW_FILE Fw class [/etc/sendmail.cw] Name of file used 165738032Speter to get the local additions to the $=w 165838032Speter (local host names) class. 165938032SpeterconfCT_FILE Ft class [/etc/sendmail.ct] Name of file used 166038032Speter to get the local additions to the $=t 166138032Speter (trusted users) class. 166238032SpeterconfCR_FILE FR class [/etc/mail/relay-domains] Name of 166338032Speter file used to get the local additions 166438032Speter to the $=R (hosts allowed to relay) 166538032Speter class. 166638032SpeterconfTRUSTED_USERS Ct class [no default] Names of users to add to 166738032Speter the list of trusted users. This list 166838032Speter always includes root, uucp, and daemon. 166938032Speter See also FEATURE(use_ct_file). 167038032SpeterconfSMTP_MAILER - [esmtp] The mailer name used when 167138032Speter SMTP connectivity is required. 167238032Speter One of "smtp", "smtp8", or "esmtp". 167338032SpeterconfUUCP_MAILER - [uucp-old] The mailer to be used by 167438032Speter default for bang-format recipient 167538032Speter addresses. See also discussion of 167638032Speter $=U, $=Y, and $=Z in the MAILER(uucp) 167738032Speter section. 167838032SpeterconfLOCAL_MAILER - [local] The mailer name used when 167938032Speter local connectivity is required. 168038032Speter Almost always "local". 168138032SpeterconfRELAY_MAILER - [relay] The default mailer name used 168238032Speter for relaying any mail (e.g., to a 168338032Speter BITNET_RELAY, a SMART_HOST, or 168438032Speter whatever). This can reasonably be 168538032Speter "uucp-new" if you are on a 168638032Speter UUCP-connected site. 168738032SpeterconfSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 168838032SpeterconfEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 168938032SpeterconfALIAS_WAIT AliasWait [10m] Time to wait for alias file 169038032Speter rebuild until you get bored and 169138032Speter decide that the apparently pending 169238032Speter rebuild failed. 169338032SpeterconfMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 169438032Speter queue filesystem to accept SMTP mail. 169538032Speter (Prior to 8.7 this was minfree/maxsize, 169638032Speter where minfree was the number of free 169738032Speter blocks and maxsize was the maximum 169838032Speter message size. Use confMAX_MESSAGE_SIZE 169938032Speter for the second value now.) 170038032SpeterconfMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 170138032Speter that will be accepted (in bytes). 170238032SpeterconfBLANK_SUB BlankSub [.] Blank (space) substitution 170338032Speter character. 170438032SpeterconfCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 170538032Speter to mailers marked expensive? 170638032SpeterconfCHECKPOINT_INTERVAL CheckpointInterval 170738032Speter [10] Checkpoint queue files every N 170838032Speter recipients. 170938032SpeterconfDELIVERY_MODE DeliveryMode [background] Default delivery mode. 171038032SpeterconfAUTO_REBUILD AutoRebuildAliases 171138032Speter [False] Automatically rebuild alias 171238032Speter file if needed. 171338032SpeterconfERROR_MODE ErrorMode [print] Error message mode. 171438032SpeterconfERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 171538032SpeterconfSAVE_FROM_LINES SafeFromLine Save extra leading From_ lines. 171638032SpeterconfTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 171738032SpeterconfMATCH_GECOS MatchGECOS [False] Match GECOS field. 171838032SpeterconfMAX_HOP MaxHopCount [25] Maximum hop count. 171938032SpeterconfIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd mode] 172038032Speter Ignore dot as terminator for incoming 172138032Speter messages? 172238032SpeterconfBIND_OPTS ResolverOptions [undefined] Default options for DNS 172338032Speter resolver. 172438032SpeterconfMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 172538032Speter encapsulated messages per RFC 1344. 172638032SpeterconfFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 172738032Speter The colon-separated list of places to 172838032Speter search for .forward files. N.B.: see 172938032Speter the Security Notes section. 173038032SpeterconfMCI_CACHE_SIZE ConnectionCacheSize 173138032Speter [2] Size of open connection cache. 173238032SpeterconfMCI_CACHE_TIMEOUT ConnectionCacheTimeout 173338032Speter [5m] Open connection cache timeout. 173438032SpeterconfHOST_STATUS_DIRECTORY HostStatusDirectory 173538032Speter [undefined] If set, host status is kept 173638032Speter on disk between sendmail runs in the 173738032Speter named directory tree. This need not be 173838032Speter a full pathname, in which case it is 173938032Speter interpreted relative to the queue 174038032Speter directory. 174138032SpeterconfSINGLE_THREAD_DELIVERY SingleThreadDelivery 174238032Speter [False] If this option and the 174338032Speter HostStatusDirectory option are both 174438032Speter set, single thread deliveries to other 174538032Speter hosts. That is, don't allow any two 174638032Speter sendmails on this host to connect 174738032Speter simultaneously to any other single 174838032Speter host. This can slow down delivery in 174938032Speter some cases, in particular since a 175038032Speter cached but otherwise idle connection 175138032Speter to a host will prevent other sendmails 175238032Speter from connecting to the other host. 175338032SpeterconfUSE_ERRORS_TO* UserErrorsTo [False] Use the Errors-To: header to 175438032Speter deliver error messages. This should 175538032Speter not be necessary because of general 175638032Speter acceptance of the envelope/header 175738032Speter distinction. 175838032SpeterconfLOG_LEVEL LogLevel [9] Log level. 175938032SpeterconfME_TOO MeToo [False] Include sender in group 176038032Speter expansions. 176138032SpeterconfCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 176238032Speter running newaliases. Since this does 176338032Speter DNS lookups on every address, it can 176438032Speter slow down the alias rebuild process 176538032Speter considerably on large alias files. 176638032SpeterconfOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 176738032Speter special chars are old style. 176838032SpeterconfDAEMON_OPTIONS DaemonPortOptions 176938032Speter [none] SMTP daemon options. 177038032SpeterconfPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 177138032SpeterconfCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 177238032Speter copies of all error messages. 177338032SpeterconfQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 177438032SpeterconfDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 177538032Speter syntax addresses to the minimum 177638032Speter possible. 177738032SpeterconfSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 177838032Speter before forking. 177938032SpeterconfTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 178038032Speter on the initial connect. 178138032SpeterconfTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 178238032Speter connect() to complete. This can only 178338032Speter shorten connection timeouts; the kernel 178438032Speter silently enforces an absolute maximum 178538032Speter (which varies depending on the system). 178638032SpeterconfTO_ICONNECT Timeout.iconnect 178738032Speter [undefined] Like Timeout.connect, but 178838032Speter applies only to the very first attempt 178938032Speter to connect to a host in a message. 179038032Speter This allows a single very fast pass 179138032Speter followed by more careful delivery 179238032Speter attempts in the future. 179338032SpeterconfTO_HELO Timeout.helo [5m] The timeout waiting for a response 179438032Speter to a HELO or EHLO command. 179538032SpeterconfTO_MAIL Timeout.mail [10m] The timeout waiting for a 179638032Speter response to the MAIL command. 179738032SpeterconfTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 179838032Speter to the RCPT command. 179938032SpeterconfTO_DATAINIT Timeout.datainit 180038032Speter [5m] The timeout waiting for a 354 180138032Speter response from the DATA command. 180238032SpeterconfTO_DATABLOCK Timeout.datablock 180338032Speter [1h] The timeout waiting for a block 180438032Speter during DATA phase. 180538032SpeterconfTO_DATAFINAL Timeout.datafinal 180638032Speter [1h] The timeout waiting for a response 180738032Speter to the final "." that terminates a 180838032Speter message. 180938032SpeterconfTO_RSET Timeout.rset [5m] The timeout waiting for a response 181038032Speter to the RSET command. 181138032SpeterconfTO_QUIT Timeout.quit [2m] The timeout waiting for a response 181238032Speter to the QUIT command. 181338032SpeterconfTO_MISC Timeout.misc [2m] The timeout waiting for a response 181438032Speter to other SMTP commands. 181538032SpeterconfTO_COMMAND Timeout.command [1h] In server SMTP, the timeout waiting 181638032Speter for a command to be issued. 181738032SpeterconfTO_IDENT Timeout.ident [30s] The timeout waiting for a response 181838032Speter to an IDENT query. 181938032SpeterconfTO_FILEOPEN Timeout.fileopen 182038032Speter [60s] The timeout waiting for a file 182138032Speter (e.g., :include: file) to be opened. 182238032SpeterconfTO_QUEUERETURN Timeout.queuereturn 182338032Speter [5d] The timeout before a message is 182438032Speter returned as undeliverable. 182538032SpeterconfTO_QUEUERETURN_NORMAL 182638032Speter Timeout.queuereturn.normal 182738032Speter [undefined] As above, for normal 182838032Speter priority messages. 182938032SpeterconfTO_QUEUERETURN_URGENT 183038032Speter Timeout.queuereturn.urgent 183138032Speter [undefined] As above, for urgent 183238032Speter priority messages. 183338032SpeterconfTO_QUEUERETURN_NONURGENT 183438032Speter Timeout.queuereturn.non-urgent 183538032Speter [undefined] As above, for non-urgent 183638032Speter (low) priority messages. 183738032SpeterconfTO_QUEUEWARN Timeout.queuewarn 183838032Speter [4h] The timeout before a warning 183938032Speter message is sent to the sender telling 184038032Speter them that the message has been deferred. 184138032SpeterconfTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 184238032Speter [undefined] As above, for normal 184338032Speter priority messages. 184438032SpeterconfTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 184538032Speter [undefined] As above, for urgent 184638032Speter priority messages. 184738032SpeterconfTO_QUEUEWARN_NONURGENT 184838032Speter Timeout.queuewarn.non-urgent 184938032Speter [undefined] As above, for non-urgent 185038032Speter (low) priority messages. 185138032SpeterconfTO_HOSTSTATUS Timeout.hoststatus 185238032Speter [30m] How long information about host 185338032Speter statuses will be maintained before it 185438032Speter is considered stale and the host should 185538032Speter be retried. This applies both within 185638032Speter a single queue run and to persistent 185738032Speter information (see below). 185838032SpeterconfTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 185938032Speter USE_SYSTEM to use the system's idea, 186038032Speter USE_TZ to use the user's TZ envariable, 186138032Speter or something else to force that value. 186238032SpeterconfDEF_USER_ID DefaultUser [1:1] Default user id. 186338032SpeterconfUSERDB_SPEC UserDatabaseSpec 186438032Speter [undefined] User database specification. 186538032SpeterconfFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 186638032SpeterconfTRY_NULL_MX_LIST TryNullMXList [False] If we are the best MX for a 186738032Speter host and haven't made other 186838032Speter arrangements, try connecting to the 186938032Speter host directly; normally this would be 187038032Speter a config error. 187138032SpeterconfQUEUE_LA QueueLA [8] Load average at which queue-only 187238032Speter function kicks in. 187338032SpeterconfREFUSE_LA RefuseLA [12] Load average at which incoming 187438032Speter SMTP connections are refused. 187538032SpeterconfMAX_DAEMON_CHILDREN MaxDaemonChildren 187638032Speter [undefined] The maximum number of 187738032Speter children the daemon will permit. After 187838032Speter this number, connections will be 187938032Speter rejected. If not set or <= 0, there is 188038032Speter no limit. 188138032SpeterconfCONNECTION_RATE_THROTTLE ConnectionRateThrottle 188238032Speter [undefined] The maximum number of 188338032Speter connections permitted per second. 188438032Speter After this many connections are 188538032Speter accepted, further connections will be 188638032Speter delayed. If not set or <= 0, there is 188738032Speter no limit. 188838032SpeterconfWORK_RECIPIENT_FACTOR 188938032Speter RecipientFactor [30000] Cost of each recipient. 189038032SpeterconfSEPARATE_PROC ForkEachJob [False] Run all deliveries in a separate 189138032Speter process. 189238032SpeterconfWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 189338032SpeterconfWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 189438032SpeterconfQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 189538032Speter Priority, Host, or Time. 189638032SpeterconfMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 189738032Speter must sit in the queue between queue 189838032Speter runs. This allows you to set the 189938032Speter queue run interval low for better 190038032Speter responsiveness without trying all 190138032Speter jobs in each run. 190238032SpeterconfDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 190338032Speter unlabeled 8 bit input to MIME, the 190438032Speter character set to use by default. 190538032SpeterconfSERVICE_SWITCH_FILE ServiceSwitchFile 190638032Speter [/etc/service.switch] The file to use 190738032Speter for the service switch on systems that 190838032Speter do not have a system-defined switch. 190938032SpeterconfHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 191038032Speter "file" type access of hosts names. 191138032SpeterconfDIAL_DELAY DialDelay [0s] If a connection fails, wait this 191238032Speter long and try again. Zero means "don't 191338032Speter retry". This is to allow "dial on 191438032Speter demand" connections to have enough time 191538032Speter to complete a connection. 191638032SpeterconfNO_RCPT_ACTION NoRecipientAction 191738032Speter [none] What to do if there are no legal 191838032Speter recipient fields (To:, Cc: or Bcc:) 191938032Speter in the message. Legal values can 192038032Speter be "none" to just leave the 192138032Speter nonconforming message as is, "add-to" 192238032Speter to add a To: header with all the 192338032Speter known recipients (which may expose 192438032Speter blind recipients), "add-apparently-to" 192538032Speter to do the same but use Apparently-To: 192638032Speter instead of To:, "add-bcc" to add an 192738032Speter empty Bcc: header, or 192838032Speter "add-to-undisclosed" to add the header 192938032Speter ``To: undisclosed-recipients:;''. 193038032SpeterconfSAFE_FILE_ENV SafeFileEnvironment 193138032Speter [undefined] If set, sendmail will do a 193238032Speter chroot() into this directory before 193338032Speter writing files. 193438032SpeterconfCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 193538032Speter If set, colons are treated as a regular 193638032Speter character in addresses. If not set, 193738032Speter they are treated as the introducer to 193838032Speter the RFC 822 "group" syntax. Colons are 193938032Speter handled properly in route-addrs. This 194038032Speter option defaults on for V5 and lower 194138032Speter configuration files. 194238032SpeterconfMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 194338032Speter any given queue run to this number of 194438032Speter entries. Essentially, this will stop 194538032Speter reading the queue directory after this 194638032Speter number of entries are reached; it does 194738032Speter _not_ pick the highest priority jobs, 194838032Speter so this should be as large as your 194938032Speter system can tolerate. If not set, there 195038032Speter is no limit. 195138032SpeterconfDONT_EXPAND_CNAMES DontExpandCnames 195238032Speter [False] If set, $[ ... $] lookups that 195338032Speter do DNS based lookups do not expand 195438032Speter CNAME records. This currently violates 195538032Speter the published standards, but the IETF 195638032Speter seems to be moving toward legalizing 195738032Speter this. For example, if "FTP.Foo.ORG" 195838032Speter is a CNAME for "Cruft.Foo.ORG", then 195938032Speter with this option set a lookup of 196038032Speter "FTP" will return "FTP.Foo.ORG"; if 196138032Speter clear it returns "Cruft.FOO.ORG". N.B. 196238032Speter you may not see any effect until your 196338032Speter downstream neighbors stop doing CNAME 196438032Speter lookups as well. 196538032SpeterconfFROM_LINE UnixFromLine [From $g $d] The From_ line used 196638032Speter when sending to files or programs. 196738032SpeterconfSINGLE_LINE_FROM_HEADER SingleLineFromHeader 196838032Speter [False] From: lines that have 196938032Speter embedded newlines are unwrapped 197038032Speter onto one line. 197138032SpeterconfALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 197238032Speter does not include a host name. 197338032SpeterconfMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 197438032Speter name phrase (@,;:\()[] are automatic). 197538032SpeterconfOPERATORS OperatorChars [.:%@!^/[]+] Address operator 197638032Speter characters. 197738032SpeterconfSMTP_LOGIN_MSG SmtpGreetingMessage 197838032Speter [$j Sendmail $v/$Z; $b] 197938032Speter The initial (spontaneous) SMTP 198038032Speter greeting message. The word "ESMTP" 198138032Speter will be inserted between the first and 198238032Speter second words to convince other 198338032Speter sendmails to try to speak ESMTP. 198438032SpeterconfDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 198538032Speter routine will never be invoked. You 198638032Speter might want to do this if you are 198738032Speter running NIS and you have a large group 198838032Speter map, since this call does a sequential 198938032Speter scan of the map; in a large site this 199038032Speter can cause your ypserv to run 199138032Speter essentially full time. If you set 199238032Speter this, agents run on behalf of users 199338032Speter will only have their primary 199438032Speter (/etc/passwd) group permissions. 199538032SpeterconfUNSAFE_GROUP_WRITES UnsafeGroupWrites 199638032Speter [False] If set, group-writable 199738032Speter :include: and .forward files are 199838032Speter considered "unsafe", that is, programs 199938032Speter and files cannot be directly referenced 200038032Speter from such files. World-writable files 200138032Speter are always considered unsafe. 200238032SpeterconfDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 200338032Speter [postmaster] If an error occurs when 200438032Speter sending an error message, send that 200538032Speter "double bounce" error message to this 200638032Speter address. 200738032SpeterconfRUN_AS_USER RunAsUser [undefined] If set, become this user 200838032Speter when reading and delivering mail. 200938032Speter Causes all file reads (e.g., .forward 201038032Speter and :include: files) to be done as 201138032Speter this user. Also, all programs will 201238032Speter be run as this user, and all output 201338032Speter files will be written as this user. 201438032Speter Intended for use only on firewalls 201538032Speter where users do not have accounts. 201638032SpeterconfMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 201738032Speter [infinite] If set, allow no more than 201838032Speter the specified number of recipients in 201938032Speter an SMTP envelope. Further recipients 202038032Speter receive a 452 error code (i.e., they 202138032Speter are deferred for the next delivery 202238032Speter attempt). 202338032SpeterconfDONT_PROBE_INTERFACES DontProbeInterfaces 202438032Speter [False] If set, sendmail will _not_ 202538032Speter insert the names and addresses of any 202638032Speter local interfaces into the $=w class 202738032Speter (list of known "equivalent" addresses). 202838032Speter If you set this, you must also include 202938032Speter some support for these addresses (e.g., 203038032Speter in a mailertable entry) -- otherwise, 203138032Speter mail to addresses in this list will 203238032Speter bounce with a configuration error. 203338032SpeterconfDONT_BLAME_SENDMAIL DontBlameSendmail 203438032Speter [safe] Override sendmail's file 203538032Speter safety checks. This will definitely 203638032Speter compromise system security and should 203738032Speter not be used unless absolutely 203838032Speter necessary. 203938032SpeterconfREJECT_MSG - [550 Access denied] The message 204038032Speter given if the access database contains 204138032Speter REJECT in the value portion. 204238032Speter 204338032SpeterSee also the description of OSTYPE for some parameters that can be 204438032Spetertweaked (generally pathnames to mailers). 204538032Speter 204638032Speter 204738032Speter+-----------+ 204838032Speter| HIERARCHY | 204938032Speter+-----------+ 205038032Speter 205138032SpeterWithin this directory are several subdirectories, to wit: 205238032Speter 205338032Speterm4 General support routines. These are typically 205438032Speter very important and should not be changed without 205538032Speter very careful consideration. 205638032Speter 205738032Spetercf The configuration files themselves. They have 205838032Speter ".mc" suffixes, and must be run through m4 to 205938032Speter become complete. The resulting output should 206038032Speter have a ".cf" suffix. 206138032Speter 206238032Speterostype Definitions describing a particular operating 206338032Speter system type. These should always be referenced 206438032Speter using the OSTYPE macro in the .mc file. Examples 206538032Speter include "bsd4.3", "bsd4.4", "sunos3.5", and 206638032Speter "sunos4.1". 206738032Speter 206838032Speterdomain Definitions describing a particular domain, referenced 206938032Speter using the DOMAIN macro in the .mc file. These are 207038032Speter site dependent; for example, "CS.Berkeley.EDU.m4" 207138032Speter describes hosts in the CS.Berkeley.EDU subdomain. 207238032Speter 207338032Spetermailer Descriptions of mailers. These are referenced using 207438032Speter the MAILER macro in the .mc file. 207538032Speter 207638032Spetersh Shell files used when building the .cf file from the 207738032Speter .mc file in the cf subdirectory. 207838032Speter 207938032Speterfeature These hold special orthogonal features that you might 208038032Speter want to include. They should be referenced using 208138032Speter the FEATURE macro. 208238032Speter 208338032Speterhack Local hacks. These can be referenced using the HACK 208438032Speter macro. They shouldn't be of more than voyeuristic 208538032Speter interest outside the .Berkeley.EDU domain, but who knows? 208638032Speter We've all got our own peccadillos. 208738032Speter 208838032Spetersiteconfig Site configuration -- e.g., tables of locally connected 208938032Speter UUCP sites. 209038032Speter 209138032Speter 209238032Speter+------------------------+ 209338032Speter| ADMINISTRATIVE DETAILS | 209438032Speter+------------------------+ 209538032Speter 209638032SpeterThe following sections detail usage of certain internal parts of the 209738032Spetersendmail.cf file. Read them carefully if you are trying to modify 209838032Speterthe current model. If you find the above descriptions adequate, these 209938032Spetershould be {boring, confusing, tedious, ridiculous} (pick one or more). 210038032Speter 210138032SpeterRULESETS (* means built in to sendmail) 210238032Speter 210338032Speter 0 * Parsing 210438032Speter 1 * Sender rewriting 210538032Speter 2 * Recipient rewriting 210638032Speter 3 * Canonicalization 210738032Speter 4 * Post cleanup 210838032Speter 5 * Local address rewrite (after aliasing) 210938032Speter 1x mailer rules (sender qualification) 211038032Speter 2x mailer rules (recipient qualification) 211138032Speter 3x mailer rules (sender header qualification) 211238032Speter 4x mailer rules (recipient header qualification) 211338032Speter 5x mailer subroutines (general) 211438032Speter 6x mailer subroutines (general) 211538032Speter 7x mailer subroutines (general) 211638032Speter 8x reserved 211738032Speter 90 Mailertable host stripping 211838032Speter 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 211938032Speter 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 212038032Speter 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 212138032Speter 99 Guaranteed null (for debugging) 212238032Speter 212338032Speter 212438032SpeterMAILERS 212538032Speter 212638032Speter 0 local, prog local and program mailers 212738032Speter 1 [e]smtp, relay SMTP channel 212838032Speter 2 uucp-* UNIX-to-UNIX Copy Program 212938032Speter 3 netnews Network News delivery 213038032Speter 4 fax Sam Leffler's HylaFAX software 213138032Speter 5 mail11 DECnet mailer 213238032Speter 213338032Speter 213438032SpeterMACROS 213538032Speter 213638032Speter A 213738032Speter B Bitnet Relay 213838032Speter C DECnet Relay 213938032Speter D The local domain -- usually not needed 214038032Speter E reserved for X.400 Relay 214138032Speter F FAX Relay 214238032Speter G 214338032Speter H mail Hub (for mail clusters) 214438032Speter I 214538032Speter J 214638032Speter K 214738032Speter L Luser Relay 214838032Speter M Masquerade (who I claim to be) 214938032Speter N 215038032Speter O 215138032Speter P 215238032Speter Q 215338032Speter R Relay (for unqualified names) 215438032Speter S Smart Host 215538032Speter T 215638032Speter U my UUCP name (if I have a UUCP connection) 215738032Speter V UUCP Relay (class V hosts) 215838032Speter W UUCP Relay (class W hosts) 215938032Speter X UUCP Relay (class X hosts) 216038032Speter Y UUCP Relay (all other hosts) 216138032Speter Z Version number 216238032Speter 216338032Speter 216438032SpeterCLASSES 216538032Speter 216638032Speter A 216738032Speter B domains that are candidates for bestmx lookup 216838032Speter C 216938032Speter D 217038032Speter E addresses that should not seem to come from $M 217138032Speter F hosts we forward for 217238032Speter G domains that should be looked up in genericstable 217338032Speter H 217438032Speter I 217538032Speter J 217638032Speter K 217738032Speter L addresses that should not be forwarded to $R 217838032Speter M domains that should be mapped to $M 217938032Speter N 218038032Speter O operators that indicate network operations (cannot be in local names) 218138032Speter P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 218238032Speter Q 218338032Speter R domains we are willing to relay (pass anti-spam filters) 218438032Speter S 218538032Speter T 218638032Speter U locally connected UUCP hosts 218738032Speter V UUCP hosts connected to relay $V 218838032Speter W UUCP hosts connected to relay $W 218938032Speter X UUCP hosts connected to relay $X 219038032Speter Y locally connected smart UUCP hosts 219138032Speter Z locally connected domain-ized UUCP hosts 219238032Speter . the class containing only a dot 219338032Speter [ the class containing only a left bracket 219438032Speter 219538032Speter 219638032SpeterM4 DIVERSIONS 219738032Speter 219838032Speter 1 Local host detection and resolution 219938032Speter 2 Local Ruleset 3 additions 220038032Speter 3 Local Ruleset 0 additions 220138032Speter 4 UUCP Ruleset 0 additions 220238032Speter 5 locally interpreted names (overrides $R) 220338032Speter 6 local configuration (at top of file) 220438032Speter 7 mailer definitions 220538032Speter 8 220638032Speter 9 special local rulesets (1 and 2) 2207