README revision 42575
138032Speter 238032Speter 338032Speter NEW SENDMAIL CONFIGURATION FILES 438032Speter 538032Speter Eric Allman <eric@Sendmail.ORG> 638032Speter 742575Speter @(#)README 8.184 (Berkeley) 12/29/1998 838032Speter 938032Speter 1038032SpeterThis document describes the sendmail configuration files being used 1138032Speterat Berkeley. These use features in the new (R8) sendmail; they will 1238032Speternot work on other versions. 1338032Speter 1438032SpeterThese configuration files are probably not as general as previous 1538032Speterversions, and don't handle as many of the weird cases automagically. 1638032SpeterI was able to simplify them for two reasons. First, the network 1738032Speterhas become more consistent -- for example, at this point, everyone 1838032Speteron the internet is supposed to be running a name server, so hacks to 1938032Speterhandle NIC-registered hosts can go away. Second, I assumed that a 2038032Spetersubdomain would be running SMTP internally -- UUCP is presumed to be 2138032Spetera long-haul protocol. I realize that this is not universal, but it 2238032Speterdoes describe the vast majority of sites with which I am familiar, 2338032Speterincluding those outside the US. 2438032Speter 2538032SpeterOf course, the downside of this is that if you do live in a weird 2638032Speterworld, things are going to get weirder for you. I'm sorry about that, 2738032Speterbut at the time we at Berkeley had a problem, and it seemed like the 2838032Speterright thing to do. 2938032Speter 3038032SpeterThis package requires a post-V7 version of m4; if you are running the 3138032Speter4.2bsd, SysV.2, or 7th Edition version, I suggest finding a friend with 3238032Spetera newer version. You can m4-expand on their system, then run locally. 3338032SpeterSunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work. GNU m4 version 1.1 3438032Speteror later also works. Unfortunately, I'm told that the M4 on BSDI 1.0 3538032Speterdoesn't work -- you'll have to use a Net/2 or GNU version. GNU m4 is 3638032Speteravailable from ftp://ftp.gnu.org/pub/gnu/m4-1.4.tar.gz (check for 3738032Speterthe latest version). EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken 3838032Speter(3.x is fine). Use GNU m4 on this platform. 3938032Speter 4038032SpeterIF YOU DON'T HAVE A BERKELEY MAKE, don't despair! Just run 4138032Speter"m4 ../m4/cf.m4 foo.mc > foo.cf" -- that should be all you need. 4238032SpeterThere is also a fairly crude (but functional) Makefile.dist that works 4338032Speteron the old version of make. 4438032Speter 4538032SpeterTo get started, you may want to look at tcpproto.mc (for TCP-only 4638032Spetersites), uucpproto.mc (for UUCP-only sites), and clientproto.mc (for 4738032Speterclusters of clients using a single mail host). Others are versions 4838032Speterthat we use at Berkeley, although not all are in current use. For 4938032Speterexample, ucbvax has gone away, but I've left ucbvax.mc in because 5038032Speterit demonstrates some interesting techniques. 5138032Speter 5238032SpeterI'm not pretending that this README describes everything that these 5338032Speterconfiguration files can do; clever people can probably tweak them 5438032Speterto great effect. But it should get you started. 5538032Speter 5638032Speter******************************************************************* 5738032Speter*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 5838032Speter*** Berkeley-specific assumptions built in, such as the name *** 5938032Speter*** of our UUCP-relay. You'll want to create your own domain *** 6038032Speter*** description, and use that in place of *** 6138032Speter*** domain/Berkeley.EDU.m4. *** 6238032Speter******************************************************************* 6338032Speter 6438032Speter 6538032Speter+--------------------------+ 6638032Speter| INTRODUCTION AND EXAMPLE | 6738032Speter+--------------------------+ 6838032Speter 6938032SpeterConfiguration files are contained in the subdirectory "cf", with a 7038032Spetersuffix ".mc". They must be run through "m4" to produce a ".cf" file. 7138032SpeterYou must pre-load "cf.m4": 7238032Speter 7338032Speter m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 7438032Speter 7538032Speterwhere ${CFDIR} is the root of the cf directory and config.mc is the 7638032Spetername of your configuration file. If you are running a version of M4 7738032Speterthat understands the __file__ builtin (versions of GNU m4 >= 0.75 do 7838032Speterthis, but the versions distributed with 4.4BSD and derivatives do not) 7938032Speteror the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 8038032SpeterFor "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 8138032Speteruse -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 8238032Speter 8338032Speter m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 8438032Speter 8538032SpeterLet's examine a typical .mc file: 8638032Speter 8738032Speter divert(-1) 8838032Speter # 8938032Speter # Copyright (c) 1998 Sendmail, Inc. All rights reserved. 9038032Speter # Copyright (c) 1983 Eric P. Allman. All rights reserved. 9138032Speter # Copyright (c) 1988, 1993 9238032Speter # The Regents of the University of California. All rights reserved. 9338032Speter # 9438032Speter # By using this file, you agree to the terms and conditions set 9538032Speter # forth in the LICENSE file which can be found at the top level of 9638032Speter # the sendmail distribution. 9738032Speter # 9838032Speter 9938032Speter # 10038032Speter # This is a Berkeley-specific configuration file for HP-UX 9.x. 10138032Speter # It applies only to the Computer Science Division at Berkeley, 10238032Speter # and should not be used elsewhere. It is provided on the sendmail 10338032Speter # distribution as a sample only. To create your own configuration 10438032Speter # file, create an appropriate domain file in ../domain, change the 10538032Speter # `DOMAIN' macro below to reference that file, and copy the result 10638032Speter # to a name of your own choosing. 10738032Speter # 10838032Speter divert(0) 10938032Speter 11038032SpeterThe divert(-1) will delete the crud in the resulting output file. 11138032SpeterThe copyright notice can be replaced by whatever your lawyers require; 11238032Speterour lawyers require the one that I've included in my files. A copyleft 11338032Speteris a copyright by another name. The divert(0) restores regular output. 11438032Speter 11538032Speter VERSIONID(`<SCCS or RCS version id>') 11638032Speter 11738032SpeterVERSIONID is a macro that stuffs the version information into the 11838032Speterresulting file. We use SCCS; you could use RCS, something else, or 11938032Speteromit it completely. This is not the same as the version id included 12038032Speterin SMTP greeting messages -- this is defined in m4/version.m4. 12138032Speter 12238032Speter OSTYPE(hpux9)dnl 12338032Speter 12438032SpeterYou must specify an OSTYPE to properly configure things such as the 12538032Speterpathname of the help and status files, the flags needed for the local 12638032Spetermailer, and other important things. If you omit it, you will get an 12738032Spetererror when you try to build the configuration. Look at the ostype 12838032Speterdirectory for the list of known operating system types. 12938032Speter 13038032Speter DOMAIN(CS.Berkeley.EDU)dnl 13138032Speter 13238032SpeterThis example is specific to the Computer Science Division at Berkeley. 13338032SpeterYou can use "DOMAIN(generic)" to get a sufficiently bland definition 13438032Speterthat may well work for you, or you can create a customized domain 13538032Speterdefinition appropriate for your environment. 13638032Speter 13738032Speter MAILER(local) 13838032Speter MAILER(smtp) 13938032Speter 14038032SpeterThese describe the mailers used at the default CS site site. The 14138032Speterlocal mailer is always included automatically. Beware: MAILER 14238032Speterdeclarations should always be at the end of the configuration file, 14338032Speterand MAILER(smtp) should always precede MAILER(uucp). The general 14438032Speterrules are that the order should be: 14538032Speter 14638032Speter VERSIONID 14738032Speter OSTYPE 14838032Speter DOMAIN 14938032Speter FEATURE 15038032Speter local macro definitions 15138032Speter MAILER 15238032Speter LOCAL_RULESET_* 15338032Speter 15438032Speter 15538032Speter+----------------------------+ 15638032Speter| A BRIEF INTRODUCTION TO M4 | 15738032Speter+----------------------------+ 15838032Speter 15938032SpeterSendmail uses the M4 macro processor to ``compile'' the configuration 16038032Speterfiles. The most important thing to know is that M4 is stream-based, 16138032Speterthat is, it doesn't understand about lines. For this reason, in some 16238032Speterplaces you may see the word ``dnl'', which stands for ``delete 16338032Speterthrough newline''; essentially, it deletes all characters starting 16438032Speterat the ``dnl'' up to and including the next newline character. In 16538032Spetermost cases sendmail uses this only to avoid lots of unnecessary 16638032Speterblank lines in the output. 16738032Speter 16838032SpeterOther important directives are define(A, B) which defines the macro 16938032Speter``A'' to have value ``B''. Macros are expanded as they are read, so 17038032Speterone normally quotes both values to prevent expansion. For example, 17138032Speter 17238032Speter define(`SMART_HOST', `smart.foo.com') 17338032Speter 17438032SpeterOne word of warning: M4 macros are expanded even in lines that appear 17538032Speterto be comments. For example, if you have 17638032Speter 17738032Speter # See FEATURE(foo) above 17838032Speter 17938032Speterit will not do what you expect, because the FEATURE(foo) will be 18038032Speterexpanded. This also applies to 18138032Speter 18238032Speter # And then define the $X macro to be the return address 18338032Speter 18438032Speterbecause ``define'' is an M4 keyword. If you want to use them, surround 18538032Speterthem with directed quotes, `like this'. 18638032Speter 18738032Speter+----------------+ 18838032Speter| FILE LOCATIONS | 18938032Speter+----------------+ 19038032Speter 19138032Spetersendmail 8.9 has introduced a new configuration directory for sendmail 19238032Speterrelated files, /etc/mail. The new files available for sendmail 8.9 -- 19338032Speterthe class 'R' /etc/mail/relay-domains and the access database 19438032Speter/etc/mail/access -- take advantage of this new directory. 8.9 will 19538032Speterserve as a transition release. Beginning with 8.10, all of the files 19638032Speterwill use this directory by default. 19738032Speter 19838032Speter+--------+ 19938032Speter| OSTYPE | 20038032Speter+--------+ 20138032Speter 20238032SpeterYou MUST define an operating system environment, or the configuration 20338032Speterfile build will puke. There are several environments available; look 20438032Speterat the "ostype" directory for the current list. This macro changes 20538032Speterthings like the location of the alias file and queue directory. Some 20638032Speterof these files are identical to one another. 20738032Speter 20838032SpeterIt is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 20938032SpeterIn general, the OSTYPE macro should go immediately after any version 21038032Speterinformation, and MAILER definitions should always go last. 21138032Speter 21238032SpeterOperating system definitions are usually easy to write. They may define 21338032Speterthe following variables (everything defaults, so an ostype file may be 21438032Speterempty). Unfortunately, the list of configuration-supported systems is 21538032Speternot as broad as the list of source-supported systems, since many of 21638032Speterthe source contributors do not include corresponding ostype files. 21738032Speter 21838032SpeterALIAS_FILE [/etc/aliases] The location of the text version 21938032Speter of the alias file(s). It can be a comma-separated 22038032Speter list of names (but be sure you quote values with 22138032Speter commas in them -- for example, use 22238032Speter define(`ALIAS_FILE', `a,b') 22338032Speter to get "a" and "b" both listed as alias files; 22438032Speter otherwise the define() primitive only sees "a"). 22538032SpeterHELP_FILE [/usr/lib/sendmail.hf] The name of the file 22638032Speter containing information printed in response to 22738032Speter the SMTP HELP command. 22838032SpeterQUEUE_DIR [/var/spool/mqueue] The directory containing 22938032Speter queue files. 23038032SpeterSTATUS_FILE [/etc/sendmail.st] The file containing status 23138032Speter information. 23238032SpeterLOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 23338032SpeterLOCAL_MAILER_FLAGS [rmn9] The flags used by the local mailer. The 23438032Speter flags lsDFM are always included. 23538032SpeterLOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 23638032Speter mail. 23738032SpeterLOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 23838032Speter mail that you are willing to accept. 23938032SpeterLOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 24038032Speter that ARRIVE from an address that resolves to the 24138032Speter local mailer and which are converted to MIME will be 24238032Speter labeled with this character set. 24338032SpeterLOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 24438032SpeterLOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 24538032Speter flags lsDFM are always included. 24638032SpeterLOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 24738032Speter mail. 24838032SpeterLOCAL_SHELL_DIR [$z:/] The directory search path in which the 24938032Speter shell should run. 25038032SpeterUSENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 25138032Speter used to submit news. 25238032SpeterUSENET_MAILER_FLAGS [rlsDFMmn] The mailer flags for the usenet mailer. 25338032SpeterUSENET_MAILER_ARGS [-m -h -n] The command line arguments for the 25438032Speter usenet mailer. 25538032SpeterUSENET_MAILER_MAX [100000] The maximum size of messages that will 25638032Speter be accepted by the usenet mailer. 25738032SpeterSMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 25838032Speter flags are `mDFMUX' for all SMTP-based mailers; the 25938032Speter "esmtp" mailer adds `a' and "smtp8" adds `8'. 26038032SpeterSMTP_MAILER_MAX [undefined] The maximum size of messages that will 26138032Speter be transported using the smtp, smtp8, or esmtp 26238032Speter mailers. 26338032SpeterSMTP_MAILER_ARGS [IPC $h] The arguments passed to the smtp mailer. 26438032Speter About the only reason you would want to change this 26538032Speter would be to change the default port. 26638032SpeterESMTP_MAILER_ARGS [IPC $h] The arguments passed to the esmtp mailer. 26738032SpeterSMTP8_MAILER_ARGS [IPC $h] The arguments passed to the smtp8 mailer. 26838032SpeterRELAY_MAILER_ARGS [IPC $h] The arguments passed to the relay mailer. 26938032SpeterSMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 27038032Speter that ARRIVE from an address that resolves to one of 27138032Speter the SMTP mailers and which are converted to MIME will 27238032Speter be labeled with this character set. 27338032SpeterUUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 27438032SpeterUUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 27538032Speter flags are `DFMhuU' (and `m' for uucp-new mailer, 27638032Speter minus `U' for uucp-dom mailer). 27738032SpeterUUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 27838032Speter passed to the UUCP mailer. 27938032SpeterUUCP_MAILER_MAX [100000] The maximum size message accepted for 28038032Speter transmission by the UUCP mailers. 28138032SpeterUUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 28238032Speter that ARRIVE from an address that resolves to one of 28338032Speter the UUCP mailers and which are converted to MIME will 28438032Speter be labeled with this character set. 28538032SpeterFAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 28638032Speter submit FAX messages. 28738032SpeterFAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 28838032Speter mailer. 28938032SpeterFAX_MAILER_MAX [100000] The maximum size message accepted for 29038032Speter transmission by FAX. 29138032SpeterPOP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 29238032SpeterPOP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags "lsDFM" 29338032Speter are always added. 29438032SpeterPOP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 29538032SpeterPROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 29638032Speter program. This is also used by FEATURE(local_procmail). 29738032SpeterPROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 29838032Speter ``DFM'' are always set. This is NOT used by 29938032Speter FEATURE(local_procmail); tweak LOCAL_MAILER_FLAGS 30038032Speter instead. 30138032SpeterPROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 30238032Speter the Procmail mailer. This is NOT used by 30338032Speter FEATURE(local_procmail); tweak LOCAL_MAILER_ARGS 30438032Speter instead. 30538032SpeterPROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 30638032Speter will be accepted by the procmail mailer. 30738032SpeterMAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 30838032SpeterMAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 30938032SpeterMAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 31038032Speter mailer. 31138032SpeterPH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 31238032Speter program. 31338032SpeterPH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. 31438032SpeterPH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 31538032SpeterCYRUS_MAILER_FLAGS [A5@/:|] The flags used by the cyrus mailer. The 31638032Speter flags lsDFMnPq are always included. 31738032SpeterCYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 31838032Speter cyrus mail. 31938032SpeterCYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 32038032Speter to deliver cyrus mail. 32138032SpeterCYRUS_MAILER_MAX [undefined] If set, the maximum size message that 32238032Speter will be accepted by the cyrus mailer. 32338032SpeterCYRUS_MAILER_USER [cyrus:mail] The user and group to become when 32438032Speter running the cyrus mailer. 32538032SpeterCYRUS_BB_MAILER_FLAGS [undefined] The flags used by the cyrusbb 32638032Speter mailer. The flags lsDFMnP are always included. 32738032SpeterCYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 32838032Speter to deliver cyrusbb mail. 32938032SpeterconfEBINDIR [/usr/libexec] The directory for executables. 33038032Speter Currently used for FEATURE(local_lmtp) and 33138032Speter FEATURE(smrsh). 33238032Speter 33338032Speter 33438032Speter 33538032Speter+---------+ 33638032Speter| DOMAINS | 33738032Speter+---------+ 33838032Speter 33938032SpeterYou will probably want to collect domain-dependent defines into one 34038032Speterfile, referenced by the DOMAIN macro. For example, our Berkeley 34138032Speterdomain file includes definitions for several internal distinguished 34238032Speterhosts: 34338032Speter 34438032SpeterUUCP_RELAY The host that will accept UUCP-addressed email. 34538032Speter If not defined, all UUCP sites must be directly 34638032Speter connected. 34738032SpeterBITNET_RELAY The host that will accept BITNET-addressed email. 34838032Speter If not defined, the .BITNET pseudo-domain won't work. 34938032SpeterDECNET_RELAY The host that will accept DECNET-addressed email. 35038032Speter If not defined, the .DECNET pseudo-domain and addresses 35138032Speter of the form node::user will not work. 35238032SpeterFAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 35338032Speter The "fax" mailer overrides this value. 35438032SpeterLOCAL_RELAY DEPRECATED. The site that will handle unqualified 35538032Speter names -- that is, names with out an @domain extension. 35638032Speter If not set, they are assumed to belong on this machine. 35738032Speter This allows you to have a central site to store a 35838032Speter company- or department-wide alias database. This 35938032Speter only works at small sites, and only with some user 36038032Speter agents. 36138032SpeterLUSER_RELAY The site that will handle lusers -- that is, apparently 36238032Speter local names that aren't local accounts or aliases. 36338032Speter 36438032SpeterAny of these can be either ``mailer:hostname'' (in which case the 36538032Spetermailer is the internal mailer name, such as ``uucp-new'' and the hostname 36638032Speteris the name of the host as appropriate for that mailer) or just a 36738032Speter``hostname'', in which case a default mailer type (usually ``relay'', 36838032Spetera variant on SMTP) is used. WARNING: if you have a wildcard MX 36938032Speterrecord matching your domain, you probably want to define these to 37038032Speterhave a trailing dot so that you won't get the mail diverted back 37138032Speterto yourself. 37238032Speter 37338032SpeterThe domain file can also be used to define a domain name, if needed 37438032Speter(using "DD<domain>") and set certain site-wide features. If all hosts 37538032Speterat your site masquerade behind one email name, you could also use 37638032SpeterMASQUERADE_AS here. 37738032Speter 37838032SpeterYou do not have to define a domain -- in particular, if you are a 37938032Spetersingle machine sitting off somewhere, it is probably more work than 38038032Speterit's worth. This is just a mechanism for combining "domain dependent 38138032Speterknowledge" into one place. 38238032Speter 38338032Speter+---------+ 38438032Speter| MAILERS | 38538032Speter+---------+ 38638032Speter 38738032SpeterThere are fewer mailers supported in this version than the previous 38838032Speterversion, owing mostly to a simpler world. As a general rule, put the 38938032SpeterMAILER definitions last in your .mc file, and always put MAILER(smtp) 39038032Speterbefore MAILER(uucp) -- several features and definitions will modify 39138032Speterthe definition of mailers, and the smtp mailer modifies the UUCP 39238032Spetermailer. 39338032Speter 39438032Speterlocal The local and prog mailers. You will almost always 39538032Speter need these; the only exception is if you relay ALL 39638032Speter your mail to another site. This mailer is included 39738032Speter automatically. 39838032Speter 39938032Spetersmtp The Simple Mail Transport Protocol mailer. This does 40038032Speter not hide hosts behind a gateway or another other 40138032Speter such hack; it assumes a world where everyone is 40238032Speter running the name server. This file actually defines 40338032Speter four mailers: "smtp" for regular (old-style) SMTP to 40438032Speter other servers, "esmtp" for extended SMTP to other 40538032Speter servers, "smtp8" to do SMTP to other servers without 40638032Speter converting 8-bit data to MIME (essentially, this is 40738032Speter your statement that you know the other end is 8-bit 40838032Speter clean even if it doesn't say so), and "relay" for 40938032Speter transmission to our RELAY_HOST, LUSER_RELAY, or 41038032Speter MAILER_HUB. 41138032Speter 41238032Speteruucp The Unix-to-Unix Copy Program mailer. Actually, this 41338032Speter defines two mailers, "uucp-old" (a.k.a. "uucp") and 41438032Speter "uucp-new" (a.k.a. "suucp"). The latter is for when you 41538032Speter know that the UUCP mailer at the other end can handle 41638032Speter multiple recipients in one transfer. If the smtp mailer 41738032Speter is also included in your configuration, two other mailers 41838032Speter ("uucp-dom" and "uucp-uudom") are also defined [warning: 41938032Speter you MUST specify MAILER(smtp) before MAILER(uucp)]. When you 42038032Speter include the uucp mailer, sendmail looks for all names in 42138032Speter the $=U class and sends them to the uucp-old mailer; all 42238032Speter names in the $=Y class are sent to uucp-new; and all 42338032Speter names in the $=Z class are sent to uucp-uudom. Note that 42438032Speter this is a function of what version of rmail runs on 42538032Speter the receiving end, and hence may be out of your control. 42638032Speter See the section below describing UUCP mailers in more 42738032Speter detail. 42838032Speter 42938032Speterusenet Usenet (network news) delivery. If this is specified, 43038032Speter an extra rule is added to ruleset 0 that forwards all 43138032Speter local email for users named ``group.usenet'' to the 43238032Speter ``inews'' program. Note that this works for all groups, 43338032Speter and may be considered a security problem. 43438032Speter 43538032Speterfax Facsimile transmission. This is experimental and based 43638032Speter on Sam Leffler's HylaFAX software. For more information, 43738032Speter see http://www.vix.com/hylafax/. 43838032Speter 43938032Speterpop Post Office Protocol. 44038032Speter 44138032Speterprocmail An interface to procmail (does not come with sendmail). 44238032Speter This is designed to be used in mailertables. For example, 44338032Speter a common question is "how do I forward all mail for a given 44438032Speter domain to a single person?". If you have this mailer 44538032Speter defined, you could set up a mailertable reading: 44638032Speter 44738032Speter host.com procmail:/etc/procmailrcs/host.com 44838032Speter 44938032Speter with the file /etc/procmailrcs/host.com reading: 45038032Speter 45138032Speter :0 # forward mail for host.com 45238032Speter ! -oi -f $1 person@other.host 45338032Speter 45438032Speter This would arrange for (anything)@host.com to be sent 45538032Speter to person@other.host. Within the procmail script, $1 is 45638032Speter the name of the sender and $2 is the name of the recipient. 45738032Speter If you use this with FEATURE(local_procmail), the FEATURE 45838032Speter should be listed first. 45938032Speter 46038032Spetermail11 The DECnet mail11 mailer, useful only if you have the mail11 46138032Speter program from gatekeeper.dec.com:/pub/DEC/gwtools (and 46238032Speter DECnet, of course). This is for Phase IV DECnet support; 46338032Speter if you have Phase V at your site you may have additional 46438032Speter problems. 46538032Speter 46638032Speterphquery The phquery program. This is somewhat counterintuitively 46738032Speter referenced as the "ph" mailer internally. It can be used 46838032Speter to do CCSO name server lookups. The phquery program, which 46938032Speter this mailer uses, is distributed with the ph client. 47038032Speter 47138032Spetercyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 47238032Speter a local cyrus user. this mailer can make use of the 47338032Speter "user+detail@local.host" syntax; it will deliver the mail to 47438032Speter the user's "detail" mailbox if the mailbox's ACL permits. 47538032Speter The cyrusbb mailer delivers to a system-wide cyrus mailbox 47638032Speter if the mailbox's ACL permits. 47738032Speter 47838032Speter 47938032SpeterThe local mailer accepts addresses of the form "user+detail", where 48038032Speterthe "+detail" is not used for mailbox matching but is available 48138032Speterto certain local mail programs (in particular, see FEATURE(local_procmail)). 48238032SpeterFor example, "eric", "eric+sendmail", and "eric+sww" all indicate 48338032Speterthe same user, but additional arguments <null>, "sendmail", and "sww" 48438032Spetermay be provided for use in sorting mail. 48538032Speter 48638032Speter 48738032Speter+----------+ 48838032Speter| FEATURES | 48938032Speter+----------+ 49038032Speter 49138032SpeterSpecial features can be requested using the "FEATURE" macro. For 49238032Speterexample, the .mc line: 49338032Speter 49438032Speter FEATURE(use_cw_file) 49538032Speter 49638032Spetertells sendmail that you want to have it read an /etc/sendmail.cw 49738032Speterfile to get values for class $=w. The FEATURE may contain a single 49838032Speteroptional parameter -- for example: 49938032Speter 50038032Speter FEATURE(mailertable, dbm /usr/lib/mailertable) 50138032Speter 50238032SpeterThe default database map type for the table features can be set with 50338032Speter 50438032Speter define(`DATABASE_MAP_TYPE', `dbm') 50538032Speter 50638032Speterwhich would set it to use ndbm databases. The default is the Berkeley DB 50738032Speterhash database format. Note that you must still declare a database map type 50838032Speterif you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 50938032Speterif no argument is given for the FEATURE. 51038032Speter 51138032SpeterAvailable features are: 51238032Speter 51338032Speteruse_cw_file Read the file /etc/sendmail.cw file to get alternate 51438032Speter names for this host. This might be used if you were 51538032Speter on a host that MXed for a dynamic set of other 51638032Speter hosts. If the set is static, just including the line 51738032Speter "Cw<name1> <name2> ..." (where the names are fully 51838032Speter qualified domain names) is probably superior. 51938032Speter The actual filename can be overridden by redefining 52038032Speter confCW_FILE. 52138032Speter 52238032Speteruse_ct_file Read the file /etc/sendmail.ct file to get the names 52338032Speter of users that will be ``trusted'', that is, able to 52438032Speter set their envelope from address using -f without 52538032Speter generating a warning message. 52638032Speter The actual filename can be overridden by redefining 52738032Speter confCT_FILE. 52838032Speter 52938032Speterredirect Reject all mail addressed to "address.REDIRECT" with 53038032Speter a ``551 User not local; please try <address>'' message. 53138032Speter If this is set, you can alias people who have left 53238032Speter to their new address with ".REDIRECT" appended. 53338032Speter 53438032Speternouucp Don't do anything special with UUCP addresses at all. 53538032Speter 53638032Speternocanonify Don't pass addresses to $[ ... $] for canonification. 53738032Speter This would generally only be used by sites that only 53838032Speter act as mail gateways or which have user agents that do 53938032Speter full canonification themselves. You may also want to 54038032Speter use "define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')" to 54138032Speter turn off the usual resolver options that do a similar 54238032Speter thing. 54338032Speter 54438032Speterstickyhost If set, email sent to "user@local.host" are marked 54538032Speter as "sticky" -- that is, the local addresses aren't 54638032Speter matched against UDB and don't go through ruleset 5. 54738032Speter This is used if you want a set up where "user" is 54838032Speter not necessarily the same as "user@local.host", e.g., 54938032Speter to make a distinct domain-wide namespace. Prior to 55038032Speter 8.7 this was the default, and notsticky was used to 55138032Speter turn this off. 55238032Speter 55338032Spetermailertable Include a "mailer table" which can be used to override 55438032Speter routing for particular domains. The argument of the 55538032Speter FEATURE may be the key definition. If none is specified, 55638032Speter the definition used is: 55738032Speter hash -o /etc/mailertable 55838032Speter Keys in this database are fully qualified domain names 55938032Speter or partial domains preceded by a dot -- for example, 56038032Speter "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". 56138032Speter Values must be of the form: 56238032Speter mailer:domain 56338032Speter where "mailer" is the internal mailer name, and "domain" 56438032Speter is where to send the message. These maps are not 56538032Speter reflected into the message header. As a special case, 56638032Speter the forms: 56738032Speter local:user 56838032Speter will forward to the indicated user using the local mailer, 56938032Speter local: 57038032Speter will forward to the original user in the e-mail address 57138032Speter using the local mailer, and 57238032Speter error:code message 57338032Speter will give an error message with the indicated code and 57438032Speter message. 57538032Speter 57638032Speterdomaintable Include a "domain table" which can be used to provide 57738032Speter domain name mapping. Use of this should really be 57838032Speter limited to your own domains. It may be useful if you 57938032Speter change names (e.g., your company changes names from 58038032Speter oldname.com to newname.com). The argument of the 58138032Speter FEATURE may be the key definition. If none is specified, 58238032Speter the definition used is: 58338032Speter hash -o /etc/domaintable 58438032Speter The key in this table is the domain name; the value is 58538032Speter the new (fully qualified) domain. Anything in the 58638032Speter domaintable is reflected into headers; that is, this 58738032Speter is done in ruleset 3. 58838032Speter 58938032Speterbitdomain Look up bitnet hosts in a table to try to turn them into 59038032Speter internet addresses. The table can be built using the 59138032Speter bitdomain program contributed by John Gardiner Myers. 59238032Speter The argument of the FEATURE may be the key definition; if 59338032Speter none is specified, the definition used is: 59438032Speter hash -o /etc/bitdomain.db 59538032Speter Keys are the bitnet hostname; values are the corresponding 59638032Speter internet hostname. 59738032Speter 59838032Speteruucpdomain Similar feature for UUCP hosts. The default map definition 59938032Speter is: 60038032Speter hash -o /etc/uudomain.db 60138032Speter At the moment there is no automagic tool to build this 60238032Speter database. 60338032Speter 60438032Speteralways_add_domain 60538032Speter Include the local host domain even on locally delivered 60638032Speter mail. Normally it is not added on unqualified names. 60738032Speter However, if you use a shared message store but do not use 60838032Speter the same user name space everywhere, you may need the host 60938032Speter name on local names. 61038032Speter 61138032Speterallmasquerade If masquerading is enabled (using MASQUERADE_AS), this 61238032Speter feature will cause recipient addresses to also masquerade 61338032Speter as being from the masquerade host. Normally they get 61438032Speter the local hostname. Although this may be right for 61538032Speter ordinary users, it can break local aliases. For example, 61638032Speter if you send to "localalias", the originating sendmail will 61738032Speter find that alias and send to all members, but send the 61838032Speter message with "To: localalias@masqueradehost". Since that 61938032Speter alias likely does not exist, replies will fail. Use this 62038032Speter feature ONLY if you can guarantee that the ENTIRE 62138032Speter namespace on your masquerade host supersets all the 62238032Speter local entries. 62338032Speter 62438032Speterlimited_masquerade 62538032Speter Normally, any hosts listed in $=w are masqueraded. If this 62638032Speter feature is given, only the hosts listed in $=M are masqueraded. 62738032Speter This is useful if you have several domains with disjoint 62838032Speter namespaces hosted on the same machine. 62938032Speter 63038032Spetermasquerade_entire_domain 63138032Speter If masquerading is enabled (using MASQUERADE_AS) and 63238032Speter MASQUERADE_DOMAIN (see below) is set, this feature will 63338032Speter cause addresses to be rewritten such that the masquerading 63438032Speter domains are actually entire domains to be hidden. All 63538032Speter hosts within the masquerading domains will be rewritten 63638032Speter to the masquerade name (used in MASQUERADE_AS). For example, 63738032Speter if you have: 63838032Speter 63938032Speter MASQUERADE_AS(masq.com) 64038032Speter MASQUERADE_DOMAIN(foo.org) 64138032Speter MASQUERADE_DOMAIN(bar.com) 64238032Speter 64338032Speter then *foo.org and *bar.com are converted to masq.com. Without 64438032Speter this feature, only foo.org and bar.com are masqueraded. 64538032Speter 64638032Speter NOTE: only domains within your jurisdiction and 64738032Speter current hierarchy should be masqueraded using this. 64838032Speter 64938032Spetergenericstable This feature will cause certain addresses originating locally 65038032Speter (i.e. that are unqualified) or a domain listed in $=G to be 65138032Speter looked up in a map and turned into another ("generic") form, 65238032Speter which can change both the domain name and the user name. This 65338032Speter is similar to the userdb functionality. The same types of 65438032Speter addresses as for masquerading are looked up, i.e. only header 65538032Speter sender addresses unless the allmasquerade and/or 65638032Speter masquerade_envelope features are given. Qualified addresses 65738032Speter must have the domain part in the list of names given by the 65838032Speter by the macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE 65938032Speter (analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, 66038032Speter see below). 66138032Speter 66238032Speter The argument of FEATURE(genericstable) may be the map 66338032Speter definition; the default map definition is: 66438032Speter 66538032Speter hash -o /etc/genericstable 66638032Speter 66738032Speter The key for this table is either the full address or the 66838032Speter unqualified username (the former is tried first); the 66938032Speter value is the new user address. If the new user address does 67038032Speter not include a domain, it will be qualified in the standard 67138032Speter manner, i.e. using $j or the masquerade name. Note that the 67238032Speter address being looked up must be fully qualified. For local 67338032Speter mail, it is necessary to use FEATURE(always_add_domain) for 67438032Speter the addresses to be qualified. 67538032Speter 67638032Spetervirtusertable A domain-specific form of aliasing, allowing multiple 67738032Speter virtual domains to be hosted on one machine. For example, 67838032Speter if the virtuser table contained: 67938032Speter 68038032Speter info@foo.com foo-info 68138032Speter info@bar.com bar-info 68238032Speter @baz.org jane@elsewhere.net 68338032Speter 68438032Speter then mail addressed to info@foo.com will be sent to the 68538032Speter address foo-info, mail addressed to info@bar.com will be 68638032Speter delivered to bar-info, and mail addressed to anyone at 68738032Speter baz.org will be sent to jane@elsewhere.net. The username 68838032Speter from the original address is passed as %1 allowing: 68938032Speter 69038032Speter @foo.org %1@elsewhere.com 69138032Speter 69238032Speter meaning someone@foo.org will be sent to someone@elsewhere.com. 69338032Speter 69438032Speter All the host names on the left hand side (foo.com, bar.com, 69538032Speter and baz.org) must be in $=w. The default map definition is: 69638032Speter 69738032Speter hash -o /etc/virtusertable 69838032Speter 69938032Speter A new definition can be specified as the second argument of 70038032Speter the FEATURE macro, such as 70138032Speter 70238032Speter FEATURE(virtusertable, dbm -o /etc/mail/virtusers) 70338032Speter 70438032Speternodns We aren't running DNS at our site (for example, 70538032Speter we are UUCP-only connected). It's hard to consider 70638032Speter this a "feature", but hey, it had to go somewhere. 70738032Speter Actually, as of 8.7 this is a no-op -- remove "dns" from 70838032Speter the hosts service switch entry instead. 70938032Speter 71038032Speternullclient This is a special case -- it creates a stripped down 71138032Speter configuration file containing nothing but support for 71238032Speter forwarding all mail to a central hub via a local 71338032Speter SMTP-based network. The argument is the name of that 71438032Speter hub. 71538032Speter 71638032Speter The only other feature that should be used in conjunction 71738032Speter with this one is "nocanonify" (this causes addresses to 71838032Speter be sent unqualified via the SMTP connection; normally 71938032Speter they are qualified with the masquerade name, which 72038032Speter defaults to the name of the hub machine). No mailers 72138032Speter should be defined. No aliasing or forwarding is done. 72242575Speter Also, note that absolutely no anti-spam or anti-relaying 72342575Speter is done in a null client configuration. More information 72442575Speter can be found in the ANTI-SPAM CONFIGURATION CONTROL section. 72538032Speter 72638032Speterlocal_lmtp Use an LMTP capable local mailer. The argument to this 72738032Speter feature is the pathname of an LMTP capable mailer. By 72838032Speter default, mail.local is used. This is expected to be the 72938032Speter mail.local which came with the 8.9 distribution which is 73038032Speter LMTP capable. The path to mail.local is set by the 73138032Speter confEBINDIR m4 variable -- making the default 73238032Speter LOCAL_MAILER_PATH /usr/libexec/mail.local. 73338032Speter 73438032Speterlocal_procmail Use procmail as the local mailer. This mailer can 73538032Speter make use of the "user+indicator@local.host" syntax; 73638032Speter normally the +indicator is just tossed, but by default 73738032Speter it is passed as the -a argument to procmail. The 73838032Speter argument to this feature is the pathname of procmail, 73938032Speter which defaults to PROCMAIL_MAILER_PATH. Note that this 74038032Speter does NOT use PROCMAIL_MAILER_FLAGS or PROCMAIL_MAILER_ARGS 74138032Speter for the local mailer; tweak LOCAL_MAILER_FLAGS and 74238032Speter LOCAL_MAILER_ARGS instead. 74338032Speter 74438032Speterbestmx_is_local Accept mail as though locally addressed for any host that 74538032Speter lists us as the best possible MX record. This generates 74638032Speter additional DNS traffic, but should be OK for low to 74738032Speter medium traffic hosts. The argument may be a set of 74838032Speter domains, which will limit the feature to only apply to 74938032Speter these domains -- this will reduce unnecessary DNS 75038032Speter traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 75138032Speter WILDCARD MX RECORDS!!! If you have a wildcard MX record 75238032Speter that matches your domain, you cannot use this feature. 75338032Speter 75438032Spetersmrsh Use the SendMail Restricted SHell (smrsh) provided 75538032Speter with the distribution instead of /bin/sh for mailing 75638032Speter to programs. This improves the ability of the local 75738032Speter system administrator to control what gets run via 75838032Speter e-mail. If an argument is provided it is used as the 75938032Speter pathname to smrsh; otherwise, the path defined by 76038032Speter confEBINDIR is used for the smrsh binary -- by default, 76138032Speter /usr/libexec/smrsh is assumed. 76238032Speter 76338032Speterpromiscuous_relay 76438032Speter By default, the sendmail configuration files do not permit 76538032Speter mail relaying (that is, accepting mail from outside your 76638032Speter domain and sending it to another host outside your domain). 76738032Speter This option sets your site to allow mail relaying from any 76838032Speter site to any site. In general, it is better to control the 76938032Speter relaying more carefully with the access db and the 'R' 77038032Speter class ($=R). Domains can be added to class 'R' by the 77138032Speter macros RELAY_DOMAIN or RELAY_DOMAIN_FILE (analogously to 77238032Speter MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 77338032Speter 77438032Speterrelay_entire_domain 77538032Speter By default, only hosts listed as RELAY in the access db 77638032Speter will be allowed to relay. This option also allows any 77738032Speter host in your domain as defined by the 'm' class ($=m). 77838032Speter 77938032Speterrelay_hosts_only 78038032Speter By default, names that are listed as RELAY in the access 78138032Speter db and class 'R' ($=R) are domain names, not host names. 78238032Speter For example, if you specify ``foo.com'', then mail to or 78338032Speter from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 78438032Speter will all be accepted for relaying. This feature changes 78538032Speter the behaviour to lookup individual host names only. 78638032Speter 78738032Speterrelay_based_on_MX 78838032Speter Turns on the ability to allow relaying based on the MX 78942575Speter records of the host portion of an incoming recipient; that 79042575Speter is, if an MX record for host foo.com points to your site, 79142575Speter you will accept and relay mail addressed to foo.com. See 79238032Speter description below for more information before using this 79342575Speter feature. Also, see the KNOWNBUGS entry regarding bestmx 79442575Speter map lookups. 79538032Speter 79642575Speter FEATURE(relay_based_on_MX) does not necessarily allow 79742575Speter routing of these messages which you expect to be allowed, 79842575Speter if route address syntax (or %-hack syntax) is used. If 79942575Speter this is a problem, add entries to the access-table or use 80042575Speter FEATURE(loose_relay_check). 80142575Speter 80238032Speterrelay_local_from 80338032Speter Allows relaying if the domain portion of the mail sender 80438032Speter is a local host. This should only be used if absolutely 80542575Speter necessary as it opens a window for spammers. Specifically, 80642575Speter they can send mail to your mail server that claims to be 80742575Speter from your domain (either directly or via a routed address), 80842575Speter and you will go ahead and relay it out to arbitrary hosts 80942575Speter on the Internet. 81038032Speter 81138032Speteraccept_unqualified_senders 81238032Speter Normally, MAIL FROM: commands in the SMTP session will be 81338032Speter refused if the connection is a network connection and the 81438032Speter sender address does not include a domain name. If your 81538032Speter setup sends local mail unqualified (i.e. MAIL FROM: <joe>), 81638032Speter you will need to use this feature to accept unqualified 81738032Speter sender addresses. 81838032Speter 81938032Speteraccept_unresolvable_domains 82038032Speter Normally, MAIL FROM: commands in the SMTP session will be 82138032Speter refused if the host part of the argument to MAIL FROM: cannot 82238032Speter be located in the host name service (e.g., DNS). If you are 82338032Speter inside a firewall that has only a limited view of the 82438032Speter Internet host name space, this could cause problems. In this 82538032Speter case you probably want to use this feature to accept all 82638032Speter domains on input, even if they are unresolvable. 82738032Speter 82838032Speteraccess_db Turns on the access database feature. The access db gives 82938032Speter you the ability to allow or refuse to accept mail from 83038032Speter specified domains for administrative reasons. By default, 83138032Speter the access database specification is 83238032Speter ``hash -o /etc/mail/access''. The format of the 83338032Speter database is described below. 83438032Speter 83538032Speterblacklist_recipients 83638032Speter Turns on the ability to block incoming mail for certain 83738032Speter recipient usernames, hostnames, or addresses. For 83838032Speter example, you can block incoming mail to user nobody, 83938032Speter host foo.mydomain.com, or guest@bar.mydomain.com. 84038032Speter These specifications are put in the access db as 84138032Speter described below. 84238032Speter 84338032Speterrbl Turns on rejection of hosts found in the Realtime Blackhole 84438032Speter List. If an argument is provided it is used as the 84538032Speter name sever to contact; otherwise, the main RBL server at 84638032Speter rbl.maps.vix.com is used. For details, see 84738032Speter http://maps.vix.com/rbl/. 84838032Speter 84938032Speterloose_relay_check 85038032Speter Normally, if a recipient using % addressing is used, e.g. 85138032Speter user%site@othersite, and othersite is in class 'R', the 85238032Speter check_rcpt ruleset will strip @othersite and recheck 85338032Speter user@site for relaying. This feature changes that 85438032Speter behavior. It should not be needed for most installations. 85538032Speter 85638032Speter 85738032Speter+-------+ 85838032Speter| HACKS | 85938032Speter+-------+ 86038032Speter 86138032SpeterSome things just can't be called features. To make this clear, 86238032Speterthey go in the hack subdirectory and are referenced using the HACK 86338032Spetermacro. These will tend to be site-dependent. The release 86438032Speterincludes the Berkeley-dependent "cssubdomain" hack (that makes 86538032Spetersendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 86638032Speterthis is intended as a short-term aid while we move hosts into 86738032Spetersubdomains. 86838032Speter 86938032Speter 87038032Speter+--------------------+ 87138032Speter| SITE CONFIGURATION | 87238032Speter+--------------------+ 87338032Speter 87438032Speter ***************************************************** 87538032Speter * This section is really obsolete, and is preserved * 87638032Speter * only for back compatibility. You should plan on * 87738032Speter * using mailertables for new installations. In * 87838032Speter * particular, it doesn't work for the newer forms * 87938032Speter * of UUCP mailers, such as uucp-uudom. * 88038032Speter ***************************************************** 88138032Speter 88238032SpeterComplex sites will need more local configuration information, such as 88338032Speterlists of UUCP hosts they speak with directly. This can get a bit more 88438032Spetertricky. For an example of a "complex" site, see cf/ucbvax.mc. 88538032Speter 88638032SpeterIf your host is known by several different names, you need to augment 88738032Speterthe $=w class. This is a list of names by which you are known, and 88838032Speteranything sent to an address using a host name in this list will be 88938032Spetertreated as local mail. You can do this in two ways: either create 89038032Speterthe file /etc/sendmail.cw containing a list of your aliases (one per 89138032Speterline), and use ``FEATURE(use_cw_file)'' in the .mc file, or add the 89238032Speterline: 89338032Speter 89438032Speter Cw alias.host.name 89538032Speter 89638032Speterat the end of that file. See the ``vangogh.mc'' file for an example. 89738032SpeterBe sure you use the fully-qualified name of the host, rather than a 89838032Spetershort name. 89938032Speter 90038032SpeterThe SITECONFIG macro allows you to indirectly reference site-dependent 90138032Speterconfiguration information stored in the siteconfig subdirectory. For 90238032Speterexample, the line 90338032Speter 90438032Speter SITECONFIG(uucp.ucbvax, ucbvax, U) 90538032Speter 90638032Speterreads the file uucp.ucbvax for local connection information. The 90738032Spetersecond parameter is the local name (in this case just "ucbvax" since 90838032Speterit is locally connected, and hence a UUCP hostname). The third 90938032Speterparameter is the name of both a macro to store the local name (in 91038032Speterthis case, $U) and the name of the class (e.g., $=U) in which to store 91138032Speterthe host information read from the file. Another SITECONFIG line reads 91238032Speter 91338032Speter SITECONFIG(uucp.ucbarpa, ucbarpa.Berkeley.EDU, W) 91438032Speter 91538032SpeterThis says that the file uucp.ucbarpa contains the list of UUCP sites 91638032Speterconnected to ucbarpa.Berkeley.EDU. The $=W class will be used to 91738032Speterstore this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 91838032Speteris, the name of the relay to which the hosts listed in uucp.ucbarpa 91938032Speterare connected. [The machine ucbarpa is gone now, but I've left 92038032Speterthis out-of-date configuration file around to demonstrate how you 92138032Spetermight do this.] 92238032Speter 92338032SpeterNote that the case of SITECONFIG with a third parameter of ``U'' is 92438032Speterspecial; the second parameter is assumed to be the UUCP name of the 92538032Speterlocal site, rather than the name of a remote site, and the UUCP name 92638032Speteris entered into $=w (the list of local hostnames) as $U.UUCP. 92738032Speter 92838032SpeterThe siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 92938032Spetermore than a sequence of SITE macros describing connectivity. For 93038032Speterexample: 93138032Speter 93238032Speter SITE(cnmat) 93338032Speter SITE(sgi olympus) 93438032Speter 93538032SpeterThe second example demonstrates that you can use two names on the 93638032Spetersame line; these are usually aliases for the same host (or are at 93738032Speterleast in the same company). 93838032Speter 93938032Speter 94038032Speter+--------------------+ 94138032Speter| USING UUCP MAILERS | 94238032Speter+--------------------+ 94338032Speter 94438032SpeterIt's hard to get UUCP mailers right because of the extremely ad hoc 94538032Speternature of UUCP addressing. These config files are really designed 94638032Speterfor domain-based addressing, even for UUCP sites. 94738032Speter 94838032SpeterThere are four UUCP mailers available. The choice of which one to 94938032Speteruse is partly a matter of local preferences and what is running at 95038032Speterthe other end of your UUCP connection. Unlike good protocols that 95138032Speterdefine what will go over the wire, UUCP uses the policy that you 95238032Spetershould do what is right for the other end; if they change, you have 95338032Speterto change. This makes it hard to do the right thing, and discourages 95438032Speterpeople from updating their software. In general, if you can avoid 95538032SpeterUUCP, please do. 95638032Speter 95738032SpeterThe major choice is whether to go for a domainized scheme or a 95838032Speternon-domainized scheme. This depends entirely on what the other 95938032Speterend will recognize. If at all possible, you should encourage the 96038032Speterother end to go to a domain-based system -- non-domainized addresses 96138032Speterdon't work entirely properly. 96238032Speter 96338032SpeterThe four mailers are: 96438032Speter 96538032Speter uucp-old (obsolete name: "uucp") 96638032Speter This is the oldest, the worst (but the closest to UUCP) way of 96738032Speter sending messages accros UUCP connections. It does bangify 96838032Speter everything and prepends $U (your UUCP name) to the sender's 96938032Speter address (which can already be a bang path itself). It can 97038032Speter only send to one address at a time, so it spends a lot of 97138032Speter time copying duplicates of messages. Avoid this if at all 97238032Speter possible. 97338032Speter 97438032Speter uucp-new (obsolete name: "suucp") 97538032Speter The same as above, except that it assumes that in one rmail 97638032Speter command you can specify several recipients. It still has a 97738032Speter lot of other problems. 97838032Speter 97938032Speter uucp-dom 98038032Speter This UUCP mailer keeps everything as domain addresses. 98138032Speter Basically, it uses the SMTP mailer rewriting rules. This mailer 98238032Speter is only included if MAILER(smtp) is also specified. 98338032Speter 98438032Speter Unfortunately, a lot of UUCP mailer transport agents require 98538032Speter bangified addresses in the envelope, although you can use 98638032Speter domain-based addresses in the message header. (The envelope 98738032Speter shows up as the From_ line on UNIX mail.) So.... 98838032Speter 98938032Speter uucp-uudom 99038032Speter This is a cross between uucp-new (for the envelope addresses) 99138032Speter and uucp-dom (for the header addresses). It bangifies the 99238032Speter envelope sender (From_ line in messages) without adding the 99338032Speter local hostname, unless there is no host name on the address 99438032Speter at all (e.g., "wolf") or the host component is a UUCP host name 99538032Speter instead of a domain name ("somehost!wolf" instead of 99638032Speter "some.dom.ain!wolf"). This is also included only if MAILER(smtp) 99738032Speter is also specified. 99838032Speter 99938032SpeterExamples: 100038032Speter 100138032SpeterWe are on host grasp.insa-lyon.fr (UUCP host name "grasp"). The 100238032Speterfollowing summarizes the sender rewriting for various mailers. 100338032Speter 100438032SpeterMailer sender rewriting in the envelope 100538032Speter------ ------ ------------------------- 100638032Speteruucp-{old,new} wolf grasp!wolf 100738032Speteruucp-dom wolf wolf@grasp.insa-lyon.fr 100838032Speteruucp-uudom wolf grasp.insa-lyon.fr!wolf 100938032Speter 101038032Speteruucp-{old,new} wolf@fr.net grasp!fr.net!wolf 101138032Speteruucp-dom wolf@fr.net wolf@fr.net 101238032Speteruucp-uudom wolf@fr.net fr.net!wolf 101338032Speter 101438032Speteruucp-{old,new} somehost!wolf grasp!somehost!wolf 101538032Speteruucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 101638032Speteruucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 101738032Speter 101838032SpeterIf you are using one of the domainized UUCP mailers, you really want 101938032Speterto convert all UUCP addresses to domain format -- otherwise, it will 102038032Speterdo it for you (and probably not the way you expected). For example, 102138032Speterif you have the address foo!bar!baz (and you are not sending to foo), 102238032Speterthe heuristics will add the @uucp.relay.name or @local.host.name to 102338032Speterthis address. However, if you map foo to foo.host.name first, it 102438032Speterwill not add the local hostname. You can do this using the uucpdomain 102538032Speterfeature. 102638032Speter 102738032Speter 102838032Speter+-------------------+ 102938032Speter| TWEAKING RULESETS | 103038032Speter+-------------------+ 103138032Speter 103238032SpeterFor more complex configurations, you can define special rules. 103338032SpeterThe macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 103438032Speterthe names. Any modifications made here are reflected in the header. 103538032Speter 103638032SpeterA common use is to convert old UUCP addresses to SMTP addresses using 103738032Speterthe UUCPSMTP macro. For example: 103838032Speter 103938032Speter LOCAL_RULE_3 104038032Speter UUCPSMTP(decvax, decvax.dec.com) 104138032Speter UUCPSMTP(research, research.att.com) 104238032Speter 104338032Speterwill cause addresses of the form "decvax!user" and "research!user" 104438032Speterto be converted to "user@decvax.dec.com" and "user@research.att.com" 104538032Speterrespectively. 104638032Speter 104738032SpeterThis could also be used to look up hosts in a database map: 104838032Speter 104938032Speter LOCAL_RULE_3 105038032Speter R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 105138032Speter 105238032SpeterThis map would be defined in the LOCAL_CONFIG portion, as shown below. 105338032Speter 105438032SpeterSimilarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 105538032SpeterFor example, new rules are needed to parse hostnames that you accept 105638032Spetervia MX records. For example, you might have: 105738032Speter 105838032Speter LOCAL_RULE_0 105938032Speter R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 106038032Speter 106138032SpeterYou would use this if you had installed an MX record for cnmat.Berkeley.EDU 106238032Speterpointing at this host; this rule catches the message and forwards it on 106338032Speterusing UUCP. 106438032Speter 106538032SpeterYou can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 106638032SpeterThese rulesets are normally empty. 106738032Speter 106838032SpeterA similar macro is LOCAL_CONFIG. This introduces lines added after the 106938032Speterboilerplate option setting but before rulesets, and can be used to 107038032Speterdeclare local database maps or whatever. For example: 107138032Speter 107238032Speter LOCAL_CONFIG 107338032Speter Khostmap hash /etc/hostmap.db 107438032Speter Kyplocal nis -m hosts.byname 107538032Speter 107638032Speter 107738032Speter+---------------------------+ 107838032Speter| MASQUERADING AND RELAYING | 107938032Speter+---------------------------+ 108038032Speter 108138032SpeterYou can have your host masquerade as another using 108238032Speter 108338032Speter MASQUERADE_AS(host.domain) 108438032Speter 108538032SpeterThis causes mail being sent to be labeled as coming from the 108638032Speterindicated host.domain, rather than $j. One normally masquerades as 108738032Speterone of one's own subdomains (for example, it's unlikely that I would 108838032Speterchoose to masquerade as an MIT site). This behaviour is modified by 108938032Spetera plethora of FEATUREs; in particular, see masquerade_envelope, 109038032Speterallmasquerade, limited_masquerade, and masquerade_entire_domain. 109138032Speter 109238032SpeterThe masquerade name is not normally canonified, so it is important 109338032Speterthat it be your One True Name, that is, fully qualified and not a 109438032SpeterCNAME. However, if you use a CNAME, the receiving side may canonify 109538032Speterit for you, so don't think you can cheat CNAME mapping this way. 109638032Speter 109738032SpeterNormally the only addresses that are masqueraded are those that come 109838032Speterfrom this host (that is, are either unqualified or in $=w, the list 109938032Speterof local domain names). You can augment this list using 110038032Speter 110138032Speter MASQUERADE_DOMAIN(otherhost.domain) 110238032Speter 110338032SpeterThe effect of this is that although mail to user@otherhost.domain 110438032Speterwill not be delivered locally, any mail including any user@otherhost.domain 110538032Speterwill, when relayed, be rewritten to have the MASQUERADE_AS address. 110638032SpeterThis can be a space-separated list of names. 110738032Speter 110838032SpeterIf these names are in a file, you can use 110938032Speter 111038032Speter MASQUERADE_DOMAIN_FILE(filename) 111138032Speter 111238032Speterto read the list of names from the indicated file. 111338032Speter 111438032SpeterNormally only header addresses are masqueraded. If you want to 111538032Spetermasquerade the envelope as well, use 111638032Speter 111738032Speter FEATURE(masquerade_envelope) 111838032Speter 111938032SpeterThere are always users that need to be "exposed" -- that is, their 112038032Speterinternal site name should be displayed instead of the masquerade name. 112138032SpeterRoot is an example. You can add users to this list using 112238032Speter 112338032Speter EXPOSED_USER(usernames) 112438032Speter 112538032SpeterThis adds users to class E; you could also use something like 112638032Speter 112738032Speter FE/etc/sendmail.cE 112838032Speter 112938032SpeterYou can also arrange to relay all unqualified names (that is, names 113038032Speterwithout @host) to a relay host. For example, if you have a central 113138032Speteremail server, you might relay to that host so that users don't have 113238032Speterto have .forward files or aliases. You can do this using 113338032Speter 113438032Speter define(`LOCAL_RELAY', mailer:hostname) 113538032Speter 113638032SpeterThe ``mailer:'' can be omitted, in which case the mailer defaults to 113738032Speter"relay". There are some user names that you don't want relayed, perhaps 113838032Speterbecause of local aliases. A common example is root, which may be 113938032Speterlocally aliased. You can add entries to this list using 114038032Speter 114138032Speter LOCAL_USER(usernames) 114238032Speter 114338032SpeterThis adds users to class L; you could also use something like 114438032Speter 114538032Speter FL/etc/sendmail.cL 114638032Speter 114738032SpeterIf you want all incoming mail sent to a centralized hub, as for a 114838032Spetershared /var/spool/mail scheme, use 114938032Speter 115038032Speter define(`MAIL_HUB', mailer:hostname) 115138032Speter 115238032SpeterAgain, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 115338032Speterand MAIL_HUB _AND_ you have FEATURE(stickyhost), unqualified names will 115438032Speterbe sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 115538032SpeterNames in $=L will be delivered locally, so you MUST have aliases or 115638032Speter.forward files for them. 115738032Speter 115838032SpeterFor example, if you are on machine mastodon.CS.Berkeley.EDU and you have 115938032SpeterFEATURE(stickyhost), the following combinations of settings will have the 116038032Speterindicated effects: 116138032Speter 116238032Speteremail sent to.... eric eric@mastodon.CS.Berkeley.EDU 116338032Speter 116438032SpeterLOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 116538032Spetermail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 116638032Speter 116738032SpeterMAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 116838032Spetermammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 116938032Speter 117038032SpeterBoth LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 117138032SpeterMAIL_HUB set as above (no local aliasing) (aliasing done) 117238032Speter 117338032SpeterIf you do not have FEATURE(stickyhost) set, then LOCAL_RELAY and 117438032SpeterMAIL_HUB act identically, with MAIL_HUB taking precedence. 117538032Speter 117638032SpeterIf you want all outgoing mail to go to a central relay site, define 117738032SpeterSMART_HOST as well. Briefly: 117838032Speter 117938032Speter LOCAL_RELAY applies to unqualified names (e.g., "eric"). 118038032Speter MAIL_HUB applies to names qualified with the name of the 118138032Speter local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 118238032Speter SMART_HOST applies to names qualified with other hosts. 118338032Speter 118438032SpeterHowever, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 118538032SpeterDECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 118638032Speterreally want absolutely everything to go to a single central site you will 118738032Speterneed to unset all the other relays -- or better yet, find or build a 118838032Speterminimal config file that does this. 118938032Speter 119038032SpeterFor duplicate suppression to work properly, the host name is best 119138032Speterspecified with a terminal dot: 119238032Speter 119338032Speter define(`MAIL_HUB', `host.domain.') 119438032Speter note the trailing dot ---^ 119538032Speter 119638032Speter 119738032Speter+---------------------------------+ 119838032Speter| ANTI-SPAM CONFIGURATION CONTROL | 119938032Speter+---------------------------------+ 120038032Speter 120138032SpeterThe primary anti-spam features available in sendmail are: 120238032Speter 120338032Speter* Relaying is denied by default. 120438032Speter* Better checking on sender information. 120538032Speter* Access database. 120638032Speter* Header checks. 120738032Speter 120838032SpeterRelaying (transmission of messages from a site outside your domain to 120938032Speteranother site outside your domain) is denied by default. Note that 121038032Speterthis changed in sendmail 8.9; previous versions allowed relaying by 121138032Speterdefault. If you want to revert to the old behaviour, you will need 121238032Speterto use FEATURE(promiscuous_relay). You can allow certain domains to 121338032Speterrelay through your server by adding their domain name or IP address to 121438032Speterclass 'R' ($=R) using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the 121538032Speteraccess database (described below). 121638032Speter 121738032SpeterIf you use 121838032Speter 121938032Speter FEATURE(relay_entire_domain) 122038032Speter 122138032Speterthen any host in any of your local domains (that is, the $=m class) 122242575Speterwill be relayed (that is, you will accept mail either to or from any 122342575Speterhost in your domain). 122438032Speter 122538032SpeterYou can also allow relaying based on the MX records of the host 122638032Speterportion of an incoming recipient address by using 122738032Speter 122838032Speter FEATURE(relay_based_on_MX) 122938032Speter 123038032SpeterFor example, if your server receives a recipient of user@domain.com 123138032Speterand domain.com lists your server in its MX records, the mail will be 123242575Speteraccepted for relay to domain.com. Note that this will stop spammers 123342575Speterfrom using your host to relay spam but it will not stop outsiders from 123442575Speterusing your server as a relay for their site (that is, they set up an 123542575SpeterMX record pointing to your mail server, and you will relay mail addressed 123642575Speterto them without any prior arrangement). Along the same lines, 123738032Speter 123838032Speter FEATURE(relay_local_from) 123938032Speter 124038032Speterwill allow relaying if the sender specifies a return path (i.e. 124138032SpeterMAIL FROM: <user@domain>) domain which is a local domain. This a 124238032Speterdangerous feature as it will allow spammers to spam using your mail 124338032Speterserver by simply specifying a return address of user@your.domain.com. 124438032SpeterIt should not be used unless absolutely necessary. 124538032Speter 124638032SpeterIf source routing is used in the recipient address (i.e. 124738032SpeterRCPT TO: <user%site.com@othersite.com>), sendmail will check 124838032Speteruser@site.com for relaying if othersite.com is an allowed relay host 124938032Speterin either class 'R', class 'm' if FEATURE(relay_entire_domain) is used, 125038032Speteror the access database if FEATURE(access_db) is used. To prevent 125138032Speterthe address from being stripped down, use: 125238032Speter 125338032Speter FEATURE(loose_relay_check) 125438032Speter 125538032SpeterIf you think you need to use this feature, you probably do not. This 125638032Spetershould only be used for sites which have no control over the addresses 125738032Speterthat they provide a gateway for. Use this FEATURE with caution as it 125838032Spetercan allow spammers to relay through your server if not setup properly. 125938032Speter 126038032SpeterAs of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 126138032Speteran unresolvable domain (i.e., one that DNS, your local name service, 126238032Speteror special case rules in ruleset 3 cannot locate). If you want to 126338032Spetercontinue to accept such domains, e.g. because you are inside a 126438032Speterfirewall that has only a limited view of the Internet host name space 126538032Speter(note that you will not be able to return mail to them unless you have 126638032Spetersome "smart host" forwarder), use 126738032Speter 126838032Speter FEATURE(accept_unresolvable_domains) 126938032Speter 127038032Spetersendmail will also refuse mail if the MAIL FROM: parameter is not 127138032Speterfully qualified (i.e., contains a domain as well as a user). If you 127238032Speterwant to continue to accept such senders, use 127338032Speter 127438032Speter FEATURE(accept_unqualified_senders) 127538032Speter 127638032SpeterAn ``access'' database can be created to accept or reject mail from 127738032Speterselected domains. For example, you may choose to reject all mail 127838032Speteroriginating from known spammers. To enable such a database, use 127938032Speter 128038032Speter FEATURE(access_db) 128138032Speter 128238032SpeterThe FEATURE macro can accept a second parameter giving the key file 128338032Speterdefinition for the database; for example 128438032Speter 128538032Speter FEATURE(access_db, hash -o /etc/mail/access) 128638032Speter 128742575SpeterRemember, since /etc/mail/access is a database, after creating the text 128842575Speterfile as described below, you must use makemap to create the database 128942575Spetermap. For example: 129042575Speter 129142575Spetermakemap hash /etc/mail/access < /etc/mail/access 129242575Speter 129338032SpeterThe table itself uses e-mail addresses, domain names, and network 129438032Speternumbers as keys. For example, 129538032Speter 129638032Speter spammer@aol.com REJECT 129738032Speter cyberspammer.com REJECT 129842575Speter 192.168.212 REJECT 129938032Speter 130038032Speterwould refuse mail from spammer@aol.com, any user from cyberspammer.com 130138032Speter(or any host within the cyberspammer.com domain), and any host on the 130242575Speter192.168.212.* network. 130338032Speter 130438032SpeterThe value part of the map can contain: 130538032Speter 130642575Speter OK Accept mail even if other rules in the 130742575Speter running ruleset would reject it, for example, 130842575Speter if the domain name is unresolvable. 130942575Speter RELAY Accept mail addressed to the indicated domain or 131042575Speter received from the indicated domain for relaying 131142575Speter through your SMTP server. RELAY also serves as 131242575Speter an implicit OK for the other checks. 131342575Speter REJECT Reject the sender or recipient with a general 131438032Speter purpose message. 131542575Speter DISCARD Discard the message completely using the 131642575Speter $#discard mailer. This only works for sender 131742575Speter addresses (i.e., it indicates that you should 131842575Speter discard anything received from the indicated 131942575Speter domain). 132038032Speter ### any text where ### is an RFC 821 compliant error code 132138032Speter and "any text" is a message to return for 132238032Speter the command. 132338032Speter 132438032SpeterFor example: 132538032Speter 132638032Speter cyberspammer.com 550 We don't accept mail from spammers 132738032Speter okay.cyberspammer.com OK 132838032Speter sendmail.org OK 132938032Speter 128.32 RELAY 133038032Speter 133138032Speterwould accept mail from okay.cyberspammer.com, but would reject mail 133238032Speterfrom all other hosts at cyberspammer.com with the indicated message. 133338032SpeterIt would allow accept mail from any hosts in the sendmail.org domain, 133438032Speterand allow relaying for the 128.32.*.* network. Note, UUCP users may 133538032Speterneed to add hostname.UUCP to the access database or class 'R' ($=R). 133638032SpeterIf you also use: 133738032Speter 133838032Speter FEATURE(relay_hosts_only) 133938032Speter 134038032Speterthen the above example will allow relaying for sendmail.org, but not 134138032Speterhosts within the sendmail.org domain. Note that this will also require 134238032Speterhosts listed in class 'R' ($=R) to be fully qualified host names. 134338032Speter 134438032SpeterYou can also use the access database to block sender addresses based on 134538032Speterthe username portion of the address. For example: 134638032Speter 134738032Speter FREE.STEALTH.MAILER@ 550 Spam not accepted 134838032Speter 134938032SpeterNote that you must include the @ after the username to signify that 135038032Speterthis database entry is for checking only the username portion of the 135138032Spetersender address. 135238032Speter 135338032SpeterIf you use: 135438032Speter 135538032Speter FEATURE(blacklist_recipients) 135638032Speter 135738032Speterthen you can add entries to the map for local users, hosts in your 135838032Speterdomains, or addresses in your domain which should not receive mail: 135938032Speter 136038032Speter badlocaluser 550 Mailbox disabled for this username 136138032Speter host.mydomain.com 550 That host does not accept mail 136238032Speter user@otherhost.mydomain.com 550 Mailbox disabled for this recipient 136338032Speter 136438032SpeterThis would prevent a recipient of badlocaluser@mydomain.com, any 136538032Speteruser at host.mydomain.com, and the single address 136642575Speteruser@otherhost.mydomain.com from receiving mail. Enabling this 136742575Speterfeature will keep you from sending mails to all addresses that 136842575Speterhave an error message or REJECT as value part in the access map. 136942575SpeterTaking the example from above: 137038032Speter 137142575Speter spammer@aol.com REJECT 137242575Speter cyberspammer.com REJECT 137342575Speter 137442575SpeterMail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 137542575Speter 137638032SpeterThere is also a ``Realtime Blackhole List'' run by the MAPS project 137738032Speterat http://maps.vix.com/. This is a database maintained in DNS of 137838032Speterspammers. To use this database, use 137938032Speter 138038032Speter FEATURE(rbl) 138138032Speter 138238032SpeterThis will cause sendmail to reject mail from any site in the 138338032SpeterRealtime Blackhole List database. You can specify an alternative 138438032SpeterRBL name server to contact by specifying an argument to the FEATURE. 138538032Speter 138638032SpeterThe features described above make use of the check_relay, check_mail, 138738032Speterand check_rcpt rulesets. If you wish to include your own checks, 138838032Speteryou can put your checks in the rulesets Local_check_relay, 138938032SpeterLocal_check_mail, and Local_check_rcpt. For example if you wanted to 139038032Speterblock senders with all numeric usernames (i.e. 2312343@bigisp.com), 139138032Speteryou would use Local_check_mail and the new regex map: 139238032Speter 139338032Speter LOCAL_CONFIG 139438032Speter Kallnumbers regex -a@MATCH ^[0-9]+$ 139538032Speter 139638032Speter LOCAL_RULESETS 139738032Speter SLocal_check_mail 139838032Speter # check address against various regex checks 139938032Speter R$* $: $>Parse0 $>3 $1 140038032Speter R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 140138032Speter R@MATCH $#error $: 553 Header Error 140238032Speter 140338032SpeterThese rules are called with the original arguments of the corresponding 140438032Spetercheck_* ruleset. If the local ruleset returns $#OK, no further checking 140538032Speteris done by the features described above and the mail is accepted. If the 140638032Speterlocal ruleset resolves to a mailer (such as $#error or $#discard), the 140738032Speterappropriate action is taken. Otherwise, the results of the local 140838032Speterrewriting are ignored. 140938032Speter 141038032Speter 141138032SpeterYou can also reject mail on the basis of the contents of headers. 141238032SpeterThis is done by adding a ruleset call to the 'H' header definition command 141338032Speterin sendmail.cf. For example, this can be used to check the validity of 141438032Spetera Message-ID: header: 141538032Speter 141638032Speter LOCAL_RULESETS 141738032Speter HMessage-Id: $>CheckMessageId 141838032Speter 141938032Speter SCheckMessageId 142038032Speter R< $+ @ $+ > $@ OK 142138032Speter R$* $#error $: 553 Header Error 142238032Speter 142342575SpeterUsers of FEATURE(nullclient) who desire to use the anti-spam and 142442575Speteranti-relaying capabilities should replace FEATURE(nullclient, mailhub) 142542575Speterwith: 142638032Speter 142742575Speter undefine(`ALIAS_FILE') 142842575Speter define(`MAIL_HUB', `mailhub') 142942575Speter define(`SMART_HOST', `mailhub') 143042575Speter define(`confFORWARD_PATH', `') 143142575Speter 143242575Speterwhere mailhub is the fully qualified hostname for their mail server. 143342575Speter 143442575Speter 143538032Speter+--------------------------------+ 143638032Speter| ADDING NEW MAILERS OR RULESETS | 143738032Speter+--------------------------------+ 143838032Speter 143938032SpeterSometimes you may need to add entirely new mailers or rulesets. They 144038032Spetershould be introduced with the constructs MAILER_DEFINITIONS and 144138032SpeterLOCAL_RULESETS respectively. For example: 144238032Speter 144338032Speter MAILER_DEFINITIONS 144438032Speter Mmymailer, ... 144538032Speter ... 144638032Speter 144738032Speter LOCAL_RULESETS 144838032Speter Smyruleset 144938032Speter ... 145038032Speter 145138032Speter 145238032Speter+-------------------------------+ 145338032Speter| NON-SMTP BASED CONFIGURATIONS | 145438032Speter+-------------------------------+ 145538032Speter 145638032SpeterThese configuration files are designed primarily for use by SMTP-based 145738032Spetersites. I don't pretend that they are well tuned for UUCP-only or 145838032SpeterUUCP-primarily nodes (the latter is defined as a small local net 145938032Speterconnected to the rest of the world via UUCP). However, there is one 146038032Speterhook to handle some special cases. 146138032Speter 146238032SpeterYou can define a ``smart host'' that understands a richer address syntax 146338032Speterusing: 146438032Speter 146538032Speter define(`SMART_HOST', mailer:hostname) 146638032Speter 146738032SpeterIn this case, the ``mailer:'' defaults to "relay". Any messages that 146838032Spetercan't be handled using the usual UUCP rules are passed to this host. 146938032Speter 147038032SpeterIf you are on a local SMTP-based net that connects to the outside 147138032Speterworld via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 147238032SpeterFor example: 147338032Speter 147438032Speter define(`SMART_HOST', suucp:uunet) 147538032Speter LOCAL_NET_CONFIG 147638032Speter R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 147738032Speter 147838032SpeterThis will cause all names that end in your domain name ($m) via 147938032SpeterSMTP; anything else will be sent via suucp (smart UUCP) to uunet. 148038032SpeterIf you have FEATURE(nocanonify), you may need to omit the dots after 148138032Speterthe $m. If you are running a local DNS inside your domain which is 148238032Speternot otherwise connected to the outside world, you probably want to 148338032Speteruse: 148438032Speter 148538032Speter define(`SMART_HOST', smtp:fire.wall.com) 148638032Speter LOCAL_NET_CONFIG 148738032Speter R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 148838032Speter 148938032SpeterThat is, send directly only to things you found in your DNS lookup; 149038032Speteranything else goes through SMART_HOST. 149138032Speter 149238032SpeterYou may need to turn off the anti-spam rules in order to accept 149338032SpeterUUCP mail with FEATURE(promiscuous_relay) and 149438032SpeterFEATURE(accept_unresolvable_domains). 149538032Speter 149638032Speter 149738032Speter+-----------+ 149838032Speter| WHO AM I? | 149938032Speter+-----------+ 150038032Speter 150138032SpeterNormally, the $j macro is automatically defined to be your fully 150238032Speterqualified domain name (FQDN). Sendmail does this by getting your 150338032Speterhost name using gethostname and then calling gethostbyname on the 150438032Speterresult. For example, in some environments gethostname returns 150538032Speteronly the root of the host name (such as "foo"); gethostbyname is 150638032Spetersupposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 150738032Spetercases, gethostbyname may fail to return the FQDN. In this case 150838032Speteryou MUST define confDOMAIN_NAME to be your fully qualified domain 150938032Spetername. This is usually done using: 151038032Speter 151138032Speter Dmbar.com 151238032Speter define(`confDOMAIN_NAME', `$w.$m')dnl 151338032Speter 151438032Speter 151538032Speter+--------------------+ 151638032Speter| USING MAILERTABLES | 151738032Speter+--------------------+ 151838032Speter 151938032SpeterTo use FEATURE(mailertable), you will have to create an external 152038032Speterdatabase containing the routing information for various domains. 152138032SpeterFor example, a mailertable file in text format might be: 152238032Speter 152338032Speter .my.domain xnet:%1.my.domain 152438032Speter uuhost1.my.domain suucp:uuhost1 152538032Speter .bitnet smtp:relay.bit.net 152638032Speter 152738032SpeterThis should normally be stored in /etc/mailertable. The actual 152838032Speterdatabase version of the mailertable is built using: 152938032Speter 153038032Speter makemap hash /etc/mailertable.db < /etc/mailertable 153138032Speter 153238032SpeterThe semantics are simple. Any LHS entry that does not begin with 153338032Spetera dot matches the full host name indicated. LHS entries beginning 153438032Speterwith a dot match anything ending with that domain name -- that is, 153538032Speterthey can be thought of as having a leading "*" wildcard. Matching 153638032Speteris done in order of most-to-least qualified -- for example, even 153738032Speterthough ".my.domain" is listed first in the above example, an entry 153838032Speterof "uuhost1.my.domain" will match the second entry since it is 153938032Spetermore explicit. 154038032Speter 154138032SpeterThe RHS should always be a "mailer:host" pair. The mailer is the 154238032Speterconfiguration name of a mailer (that is, an `M' line in the 154338032Spetersendmail.cf file). The "host" will be the hostname passed to 154438032Speterthat mailer. In domain-based matches (that is, those with leading 154538032Speterdots) the "%1" may be used to interpolate the wildcarded part of 154638032Speterthe host name. For example, the first line above sends everything 154738032Speteraddressed to "anything.my.domain" to that same host name, but using 154838032Speterthe (presumably experimental) xnet mailer. 154938032Speter 155038032SpeterIn some cases you may want to temporarily turn off MX records, 155138032Speterparticularly on gateways. For example, you may want to MX 155238032Spetereverything in a domain to one machine that then forwards it 155338032Speterdirectly. To do this, you might use the DNS configuration: 155438032Speter 155538032Speter *.domain. IN MX 0 relay.machine 155638032Speter 155738032Speterand on relay.machine use the mailertable: 155838032Speter 155938032Speter .domain smtp:[gateway.domain] 156038032Speter 156138032SpeterThe [square brackets] turn off MX records for this host only. 156238032SpeterIf you didn't do this, the mailertable would use the MX record 156338032Speteragain, which would give you an MX loop. 156438032Speter 156538032Speter 156638032Speter+--------------------------------+ 156738032Speter| USING USERDB TO MAP FULL NAMES | 156838032Speter+--------------------------------+ 156938032Speter 157038032SpeterThe user database was not originally intended for mapping full names 157138032Speterto login names (e.g., Eric.Allman => eric), but some people are using 157238032Speterit that way. (I would recommend that you set up aliases for this 157338032Speterpurpose instead -- since you can specify multiple alias files, this 157438032Speteris fairly easy.) The intent was to locate the default maildrop at 157538032Spetera site, but allow you to override this by sending to a specific host. 157638032Speter 157738032SpeterIf you decide to set up the user database in this fashion, it is 157838032Speterimperative that you not use FEATURE(stickyhost) -- otherwise, 157938032Spetere-mail sent to Full.Name@local.host.name will be rejected. 158038032Speter 158138032SpeterTo build the internal form of the user database, use: 158238032Speter 158338032Speter makemap btree /usr/data/base.db < /usr/data/base.txt 158438032Speter 158538032SpeterAs a general rule, I am adamantly opposed to using full names as 158638032Spetere-mail addresses, since they are not in any sense unique. For example, 158738032Speterthe Unix software-development community has two Andy Tannenbaums, 158838032Speterat least two well-known Peter Deutsches, and at one time Bell Labs 158938032Speterhad two Stephen R. Bournes with offices along the same hallway. 159038032SpeterWhich one will be forced to suffer the indignity of being 159138032SpeterStephen_R_Bourne_2? The less famous of the two, or the one that 159238032Speterwas hired later? 159338032Speter 159438032SpeterFinger should handle full names (and be fuzzy). Mail should use 159538032Speterhandles, and not be fuzzy. [Not that I expect anyone to pay any 159638032Speterattention to my opinions.] 159738032Speter 159838032Speter 159938032Speter+--------------------------------+ 160038032Speter| MISCELLANEOUS SPECIAL FEATURES | 160138032Speter+--------------------------------+ 160238032Speter 160338032SpeterPlussed users 160438032Speter Sometimes it is convenient to merge configuration on a 160538032Speter centralized mail machine, for example, to forward all 160638032Speter root mail to a mail server. In this case it might be 160738032Speter useful to be able to treat the root addresses as a class 160838032Speter of addresses with subtle differences. You can do this 160938032Speter using plussed users. For example, a client might include 161038032Speter the alias: 161138032Speter 161238032Speter root: root+client1@server 161338032Speter 161438032Speter On the server, this will match an alias for "root+client1". 161538032Speter If that is not found, the alias "root+*" will be tried, 161638032Speter then "root". 161738032Speter 161838032SpeterLDAP 161938032Speter For notes on use LDAP in sendmail, see 162038032Speter http://www.stanford.edu/~bbense/Inst.html 162138032Speter 162238032Speter 162338032Speter 162438032Speter+----------------+ 162538032Speter| SECURITY NOTES | 162638032Speter+----------------+ 162738032Speter 162838032SpeterA lot of sendmail security comes down to you. Sendmail 8 is much 162938032Spetermore careful about checking for security problems than previous 163038032Speterversions, but there are some things that you still need to watch 163138032Speterfor. In particular: 163238032Speter 163338032Speter* Make sure the aliases file isn't writable except by trusted 163438032Speter system personnel. This includes both the text and database 163538032Speter version. 163638032Speter 163738032Speter* Make sure that other files that sendmail reads, such as the 163838032Speter mailertable, are only writable by trusted system personnel. 163938032Speter 164038032Speter* The queue directory should not be world writable PARTICULARLY 164138032Speter if your system allows "file giveaways" (that is, if a non-root 164238032Speter user can chown any file they own to any other user). 164338032Speter 164438032Speter* If your system allows file giveaways, DO NOT create a publically 164538032Speter writable directory for forward files. This will allow anyone 164638032Speter to steal anyone else's e-mail. Instead, create a script that 164738032Speter copies the .forward file from users' home directories once a 164838032Speter night (if you want the non-NFS-mounted forward directory). 164938032Speter 165038032Speter* If your system allows file giveaways, you'll find that 165138032Speter sendmail is much less trusting of :include: files -- in 165238032Speter particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 165338032Speter /etc/shells before they will be trusted (that is, before 165438032Speter files and programs listed in them will be honored). 165538032Speter 165638032SpeterIn general, file giveaways are a mistake -- if you can turn them 165738032Speteroff I recommend you do so. 165838032Speter 165938032Speter 166038032Speter+--------------------------------+ 166138032Speter| TWEAKING CONFIGURATION OPTIONS | 166238032Speter+--------------------------------+ 166338032Speter 166438032SpeterThere are a large number of configuration options that don't normally 166538032Speterneed to be changed. However, if you feel you need to tweak them, you 166638032Spetercan define the following M4 variables. This list is shown in four 166738032Spetercolumns: the name you define, the default value for that definition, 166838032Speterthe option or macro that is affected (either Ox for an option or Dx 166938032Speterfor a macro), and a brief description. Greater detail of the semantics 167038032Spetercan be found in the Installation and Operations Guide. 167138032Speter 167238032SpeterSome options are likely to be deprecated in future versions -- that is, 167338032Speterthe option is only included to provide back-compatibility. These are 167438032Spetermarked with "*". 167538032Speter 167638032SpeterRemember that these options are M4 variables, and hence may need to 167738032Speterbe quoted. In particular, arguments with commas will usually have to 167838032Speterbe ``double quoted, like this phrase'' to avoid having the comma 167938032Speterconfuse things. This is common for alias file definitions and for 168038032Speterthe read timeout. 168138032Speter 168238032SpeterM4 Variable Name Configuration Description & [Default] 168338032Speter================ ============= ======================= 168438032SpeterconfMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 168538032Speter for internally generated outgoing 168638032Speter messages. 168738032SpeterconfDOMAIN_NAME $j macro If defined, sets $j. This should 168838032Speter only be done if your system cannot 168938032Speter determine your local domain name, 169038032Speter and then it should be set to 169138032Speter $w.Foo.COM, where Foo.COM is your 169238032Speter domain name. 169338032SpeterconfCF_VERSION $Z macro If defined, this is appended to the 169438032Speter configuration version name. 169538032SpeterconfFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 169638032Speter internally generated From: address. 169738032SpeterconfRECEIVED_HEADER Received: 169838032Speter [$?sfrom $s $.$?_($?s$|from $.$_) 169938032Speter $.by $j ($v/$Z)$?r with $r$. id $i$?u 170038032Speter for $u; $|; 170138032Speter $.$b] 170238032Speter The format of the Received: header 170338032Speter in messages passed through this host. 170438032Speter It is unwise to try to change this. 170538032SpeterconfCW_FILE Fw class [/etc/sendmail.cw] Name of file used 170638032Speter to get the local additions to the $=w 170738032Speter (local host names) class. 170838032SpeterconfCT_FILE Ft class [/etc/sendmail.ct] Name of file used 170938032Speter to get the local additions to the $=t 171038032Speter (trusted users) class. 171138032SpeterconfCR_FILE FR class [/etc/mail/relay-domains] Name of 171238032Speter file used to get the local additions 171338032Speter to the $=R (hosts allowed to relay) 171438032Speter class. 171538032SpeterconfTRUSTED_USERS Ct class [no default] Names of users to add to 171638032Speter the list of trusted users. This list 171738032Speter always includes root, uucp, and daemon. 171838032Speter See also FEATURE(use_ct_file). 171938032SpeterconfSMTP_MAILER - [esmtp] The mailer name used when 172038032Speter SMTP connectivity is required. 172138032Speter One of "smtp", "smtp8", or "esmtp". 172238032SpeterconfUUCP_MAILER - [uucp-old] The mailer to be used by 172338032Speter default for bang-format recipient 172438032Speter addresses. See also discussion of 172538032Speter $=U, $=Y, and $=Z in the MAILER(uucp) 172638032Speter section. 172738032SpeterconfLOCAL_MAILER - [local] The mailer name used when 172838032Speter local connectivity is required. 172938032Speter Almost always "local". 173038032SpeterconfRELAY_MAILER - [relay] The default mailer name used 173138032Speter for relaying any mail (e.g., to a 173238032Speter BITNET_RELAY, a SMART_HOST, or 173338032Speter whatever). This can reasonably be 173438032Speter "uucp-new" if you are on a 173538032Speter UUCP-connected site. 173638032SpeterconfSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 173738032SpeterconfEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 173838032SpeterconfALIAS_WAIT AliasWait [10m] Time to wait for alias file 173938032Speter rebuild until you get bored and 174038032Speter decide that the apparently pending 174138032Speter rebuild failed. 174238032SpeterconfMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 174338032Speter queue filesystem to accept SMTP mail. 174438032Speter (Prior to 8.7 this was minfree/maxsize, 174538032Speter where minfree was the number of free 174638032Speter blocks and maxsize was the maximum 174738032Speter message size. Use confMAX_MESSAGE_SIZE 174838032Speter for the second value now.) 174938032SpeterconfMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 175038032Speter that will be accepted (in bytes). 175138032SpeterconfBLANK_SUB BlankSub [.] Blank (space) substitution 175238032Speter character. 175338032SpeterconfCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 175438032Speter to mailers marked expensive? 175538032SpeterconfCHECKPOINT_INTERVAL CheckpointInterval 175638032Speter [10] Checkpoint queue files every N 175738032Speter recipients. 175838032SpeterconfDELIVERY_MODE DeliveryMode [background] Default delivery mode. 175938032SpeterconfAUTO_REBUILD AutoRebuildAliases 176038032Speter [False] Automatically rebuild alias 176138032Speter file if needed. 176238032SpeterconfERROR_MODE ErrorMode [print] Error message mode. 176338032SpeterconfERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 176442575SpeterconfSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 176538032SpeterconfTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 176638032SpeterconfMATCH_GECOS MatchGECOS [False] Match GECOS field. 176738032SpeterconfMAX_HOP MaxHopCount [25] Maximum hop count. 176838032SpeterconfIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd mode] 176938032Speter Ignore dot as terminator for incoming 177038032Speter messages? 177138032SpeterconfBIND_OPTS ResolverOptions [undefined] Default options for DNS 177238032Speter resolver. 177338032SpeterconfMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 177438032Speter encapsulated messages per RFC 1344. 177538032SpeterconfFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 177638032Speter The colon-separated list of places to 177738032Speter search for .forward files. N.B.: see 177838032Speter the Security Notes section. 177938032SpeterconfMCI_CACHE_SIZE ConnectionCacheSize 178038032Speter [2] Size of open connection cache. 178138032SpeterconfMCI_CACHE_TIMEOUT ConnectionCacheTimeout 178238032Speter [5m] Open connection cache timeout. 178338032SpeterconfHOST_STATUS_DIRECTORY HostStatusDirectory 178438032Speter [undefined] If set, host status is kept 178538032Speter on disk between sendmail runs in the 178638032Speter named directory tree. This need not be 178738032Speter a full pathname, in which case it is 178838032Speter interpreted relative to the queue 178938032Speter directory. 179038032SpeterconfSINGLE_THREAD_DELIVERY SingleThreadDelivery 179138032Speter [False] If this option and the 179238032Speter HostStatusDirectory option are both 179338032Speter set, single thread deliveries to other 179438032Speter hosts. That is, don't allow any two 179538032Speter sendmails on this host to connect 179638032Speter simultaneously to any other single 179738032Speter host. This can slow down delivery in 179838032Speter some cases, in particular since a 179938032Speter cached but otherwise idle connection 180038032Speter to a host will prevent other sendmails 180138032Speter from connecting to the other host. 180238032SpeterconfUSE_ERRORS_TO* UserErrorsTo [False] Use the Errors-To: header to 180338032Speter deliver error messages. This should 180438032Speter not be necessary because of general 180538032Speter acceptance of the envelope/header 180638032Speter distinction. 180738032SpeterconfLOG_LEVEL LogLevel [9] Log level. 180838032SpeterconfME_TOO MeToo [False] Include sender in group 180938032Speter expansions. 181038032SpeterconfCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 181138032Speter running newaliases. Since this does 181238032Speter DNS lookups on every address, it can 181338032Speter slow down the alias rebuild process 181438032Speter considerably on large alias files. 181538032SpeterconfOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 181638032Speter special chars are old style. 181738032SpeterconfDAEMON_OPTIONS DaemonPortOptions 181838032Speter [none] SMTP daemon options. 181938032SpeterconfPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 182038032SpeterconfCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 182138032Speter copies of all error messages. 182238032SpeterconfQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 182338032SpeterconfDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 182438032Speter syntax addresses to the minimum 182538032Speter possible. 182638032SpeterconfSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 182738032Speter before forking. 182838032SpeterconfTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 182938032Speter on the initial connect. 183038032SpeterconfTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 183138032Speter connect() to complete. This can only 183238032Speter shorten connection timeouts; the kernel 183338032Speter silently enforces an absolute maximum 183438032Speter (which varies depending on the system). 183538032SpeterconfTO_ICONNECT Timeout.iconnect 183638032Speter [undefined] Like Timeout.connect, but 183738032Speter applies only to the very first attempt 183838032Speter to connect to a host in a message. 183938032Speter This allows a single very fast pass 184038032Speter followed by more careful delivery 184138032Speter attempts in the future. 184238032SpeterconfTO_HELO Timeout.helo [5m] The timeout waiting for a response 184338032Speter to a HELO or EHLO command. 184438032SpeterconfTO_MAIL Timeout.mail [10m] The timeout waiting for a 184538032Speter response to the MAIL command. 184638032SpeterconfTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 184738032Speter to the RCPT command. 184838032SpeterconfTO_DATAINIT Timeout.datainit 184938032Speter [5m] The timeout waiting for a 354 185038032Speter response from the DATA command. 185138032SpeterconfTO_DATABLOCK Timeout.datablock 185238032Speter [1h] The timeout waiting for a block 185338032Speter during DATA phase. 185438032SpeterconfTO_DATAFINAL Timeout.datafinal 185538032Speter [1h] The timeout waiting for a response 185638032Speter to the final "." that terminates a 185738032Speter message. 185838032SpeterconfTO_RSET Timeout.rset [5m] The timeout waiting for a response 185938032Speter to the RSET command. 186038032SpeterconfTO_QUIT Timeout.quit [2m] The timeout waiting for a response 186138032Speter to the QUIT command. 186238032SpeterconfTO_MISC Timeout.misc [2m] The timeout waiting for a response 186338032Speter to other SMTP commands. 186438032SpeterconfTO_COMMAND Timeout.command [1h] In server SMTP, the timeout waiting 186538032Speter for a command to be issued. 186638032SpeterconfTO_IDENT Timeout.ident [30s] The timeout waiting for a response 186738032Speter to an IDENT query. 186838032SpeterconfTO_FILEOPEN Timeout.fileopen 186938032Speter [60s] The timeout waiting for a file 187038032Speter (e.g., :include: file) to be opened. 187138032SpeterconfTO_QUEUERETURN Timeout.queuereturn 187238032Speter [5d] The timeout before a message is 187338032Speter returned as undeliverable. 187438032SpeterconfTO_QUEUERETURN_NORMAL 187538032Speter Timeout.queuereturn.normal 187638032Speter [undefined] As above, for normal 187738032Speter priority messages. 187838032SpeterconfTO_QUEUERETURN_URGENT 187938032Speter Timeout.queuereturn.urgent 188038032Speter [undefined] As above, for urgent 188138032Speter priority messages. 188238032SpeterconfTO_QUEUERETURN_NONURGENT 188338032Speter Timeout.queuereturn.non-urgent 188438032Speter [undefined] As above, for non-urgent 188538032Speter (low) priority messages. 188638032SpeterconfTO_QUEUEWARN Timeout.queuewarn 188738032Speter [4h] The timeout before a warning 188838032Speter message is sent to the sender telling 188938032Speter them that the message has been deferred. 189038032SpeterconfTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 189138032Speter [undefined] As above, for normal 189238032Speter priority messages. 189338032SpeterconfTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 189438032Speter [undefined] As above, for urgent 189538032Speter priority messages. 189638032SpeterconfTO_QUEUEWARN_NONURGENT 189738032Speter Timeout.queuewarn.non-urgent 189838032Speter [undefined] As above, for non-urgent 189938032Speter (low) priority messages. 190038032SpeterconfTO_HOSTSTATUS Timeout.hoststatus 190138032Speter [30m] How long information about host 190238032Speter statuses will be maintained before it 190338032Speter is considered stale and the host should 190438032Speter be retried. This applies both within 190538032Speter a single queue run and to persistent 190638032Speter information (see below). 190738032SpeterconfTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 190838032Speter USE_SYSTEM to use the system's idea, 190938032Speter USE_TZ to use the user's TZ envariable, 191038032Speter or something else to force that value. 191138032SpeterconfDEF_USER_ID DefaultUser [1:1] Default user id. 191238032SpeterconfUSERDB_SPEC UserDatabaseSpec 191338032Speter [undefined] User database specification. 191438032SpeterconfFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 191538032SpeterconfTRY_NULL_MX_LIST TryNullMXList [False] If we are the best MX for a 191638032Speter host and haven't made other 191738032Speter arrangements, try connecting to the 191838032Speter host directly; normally this would be 191938032Speter a config error. 192038032SpeterconfQUEUE_LA QueueLA [8] Load average at which queue-only 192138032Speter function kicks in. 192238032SpeterconfREFUSE_LA RefuseLA [12] Load average at which incoming 192338032Speter SMTP connections are refused. 192438032SpeterconfMAX_DAEMON_CHILDREN MaxDaemonChildren 192538032Speter [undefined] The maximum number of 192638032Speter children the daemon will permit. After 192738032Speter this number, connections will be 192838032Speter rejected. If not set or <= 0, there is 192938032Speter no limit. 193038032SpeterconfCONNECTION_RATE_THROTTLE ConnectionRateThrottle 193138032Speter [undefined] The maximum number of 193238032Speter connections permitted per second. 193338032Speter After this many connections are 193438032Speter accepted, further connections will be 193538032Speter delayed. If not set or <= 0, there is 193638032Speter no limit. 193738032SpeterconfWORK_RECIPIENT_FACTOR 193838032Speter RecipientFactor [30000] Cost of each recipient. 193938032SpeterconfSEPARATE_PROC ForkEachJob [False] Run all deliveries in a separate 194038032Speter process. 194138032SpeterconfWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 194238032SpeterconfWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 194338032SpeterconfQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 194438032Speter Priority, Host, or Time. 194538032SpeterconfMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 194638032Speter must sit in the queue between queue 194738032Speter runs. This allows you to set the 194838032Speter queue run interval low for better 194938032Speter responsiveness without trying all 195038032Speter jobs in each run. 195138032SpeterconfDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 195238032Speter unlabeled 8 bit input to MIME, the 195338032Speter character set to use by default. 195438032SpeterconfSERVICE_SWITCH_FILE ServiceSwitchFile 195538032Speter [/etc/service.switch] The file to use 195638032Speter for the service switch on systems that 195738032Speter do not have a system-defined switch. 195838032SpeterconfHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 195938032Speter "file" type access of hosts names. 196038032SpeterconfDIAL_DELAY DialDelay [0s] If a connection fails, wait this 196138032Speter long and try again. Zero means "don't 196238032Speter retry". This is to allow "dial on 196338032Speter demand" connections to have enough time 196438032Speter to complete a connection. 196538032SpeterconfNO_RCPT_ACTION NoRecipientAction 196638032Speter [none] What to do if there are no legal 196738032Speter recipient fields (To:, Cc: or Bcc:) 196838032Speter in the message. Legal values can 196938032Speter be "none" to just leave the 197038032Speter nonconforming message as is, "add-to" 197138032Speter to add a To: header with all the 197238032Speter known recipients (which may expose 197338032Speter blind recipients), "add-apparently-to" 197438032Speter to do the same but use Apparently-To: 197538032Speter instead of To:, "add-bcc" to add an 197638032Speter empty Bcc: header, or 197738032Speter "add-to-undisclosed" to add the header 197838032Speter ``To: undisclosed-recipients:;''. 197938032SpeterconfSAFE_FILE_ENV SafeFileEnvironment 198038032Speter [undefined] If set, sendmail will do a 198138032Speter chroot() into this directory before 198238032Speter writing files. 198338032SpeterconfCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 198438032Speter If set, colons are treated as a regular 198538032Speter character in addresses. If not set, 198638032Speter they are treated as the introducer to 198738032Speter the RFC 822 "group" syntax. Colons are 198838032Speter handled properly in route-addrs. This 198938032Speter option defaults on for V5 and lower 199038032Speter configuration files. 199138032SpeterconfMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 199238032Speter any given queue run to this number of 199338032Speter entries. Essentially, this will stop 199438032Speter reading the queue directory after this 199538032Speter number of entries are reached; it does 199638032Speter _not_ pick the highest priority jobs, 199738032Speter so this should be as large as your 199838032Speter system can tolerate. If not set, there 199938032Speter is no limit. 200038032SpeterconfDONT_EXPAND_CNAMES DontExpandCnames 200138032Speter [False] If set, $[ ... $] lookups that 200238032Speter do DNS based lookups do not expand 200338032Speter CNAME records. This currently violates 200438032Speter the published standards, but the IETF 200538032Speter seems to be moving toward legalizing 200638032Speter this. For example, if "FTP.Foo.ORG" 200738032Speter is a CNAME for "Cruft.Foo.ORG", then 200838032Speter with this option set a lookup of 200938032Speter "FTP" will return "FTP.Foo.ORG"; if 201038032Speter clear it returns "Cruft.FOO.ORG". N.B. 201138032Speter you may not see any effect until your 201238032Speter downstream neighbors stop doing CNAME 201338032Speter lookups as well. 201438032SpeterconfFROM_LINE UnixFromLine [From $g $d] The From_ line used 201538032Speter when sending to files or programs. 201638032SpeterconfSINGLE_LINE_FROM_HEADER SingleLineFromHeader 201738032Speter [False] From: lines that have 201838032Speter embedded newlines are unwrapped 201938032Speter onto one line. 202038032SpeterconfALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 202138032Speter does not include a host name. 202238032SpeterconfMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 202338032Speter name phrase (@,;:\()[] are automatic). 202438032SpeterconfOPERATORS OperatorChars [.:%@!^/[]+] Address operator 202538032Speter characters. 202638032SpeterconfSMTP_LOGIN_MSG SmtpGreetingMessage 202738032Speter [$j Sendmail $v/$Z; $b] 202838032Speter The initial (spontaneous) SMTP 202938032Speter greeting message. The word "ESMTP" 203038032Speter will be inserted between the first and 203138032Speter second words to convince other 203238032Speter sendmails to try to speak ESMTP. 203338032SpeterconfDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 203438032Speter routine will never be invoked. You 203538032Speter might want to do this if you are 203638032Speter running NIS and you have a large group 203738032Speter map, since this call does a sequential 203838032Speter scan of the map; in a large site this 203938032Speter can cause your ypserv to run 204038032Speter essentially full time. If you set 204138032Speter this, agents run on behalf of users 204238032Speter will only have their primary 204338032Speter (/etc/passwd) group permissions. 204438032SpeterconfUNSAFE_GROUP_WRITES UnsafeGroupWrites 204538032Speter [False] If set, group-writable 204638032Speter :include: and .forward files are 204738032Speter considered "unsafe", that is, programs 204838032Speter and files cannot be directly referenced 204938032Speter from such files. World-writable files 205038032Speter are always considered unsafe. 205138032SpeterconfDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 205238032Speter [postmaster] If an error occurs when 205338032Speter sending an error message, send that 205438032Speter "double bounce" error message to this 205538032Speter address. 205638032SpeterconfRUN_AS_USER RunAsUser [undefined] If set, become this user 205738032Speter when reading and delivering mail. 205838032Speter Causes all file reads (e.g., .forward 205938032Speter and :include: files) to be done as 206038032Speter this user. Also, all programs will 206138032Speter be run as this user, and all output 206238032Speter files will be written as this user. 206338032Speter Intended for use only on firewalls 206438032Speter where users do not have accounts. 206538032SpeterconfMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 206638032Speter [infinite] If set, allow no more than 206738032Speter the specified number of recipients in 206838032Speter an SMTP envelope. Further recipients 206938032Speter receive a 452 error code (i.e., they 207038032Speter are deferred for the next delivery 207138032Speter attempt). 207238032SpeterconfDONT_PROBE_INTERFACES DontProbeInterfaces 207338032Speter [False] If set, sendmail will _not_ 207438032Speter insert the names and addresses of any 207538032Speter local interfaces into the $=w class 207638032Speter (list of known "equivalent" addresses). 207738032Speter If you set this, you must also include 207838032Speter some support for these addresses (e.g., 207938032Speter in a mailertable entry) -- otherwise, 208038032Speter mail to addresses in this list will 208138032Speter bounce with a configuration error. 208238032SpeterconfDONT_BLAME_SENDMAIL DontBlameSendmail 208338032Speter [safe] Override sendmail's file 208438032Speter safety checks. This will definitely 208538032Speter compromise system security and should 208638032Speter not be used unless absolutely 208738032Speter necessary. 208838032SpeterconfREJECT_MSG - [550 Access denied] The message 208938032Speter given if the access database contains 209038032Speter REJECT in the value portion. 209138032Speter 209238032SpeterSee also the description of OSTYPE for some parameters that can be 209338032Spetertweaked (generally pathnames to mailers). 209438032Speter 209538032Speter 209638032Speter+-----------+ 209738032Speter| HIERARCHY | 209838032Speter+-----------+ 209938032Speter 210038032SpeterWithin this directory are several subdirectories, to wit: 210138032Speter 210238032Speterm4 General support routines. These are typically 210338032Speter very important and should not be changed without 210438032Speter very careful consideration. 210538032Speter 210638032Spetercf The configuration files themselves. They have 210738032Speter ".mc" suffixes, and must be run through m4 to 210838032Speter become complete. The resulting output should 210938032Speter have a ".cf" suffix. 211038032Speter 211138032Speterostype Definitions describing a particular operating 211238032Speter system type. These should always be referenced 211338032Speter using the OSTYPE macro in the .mc file. Examples 211438032Speter include "bsd4.3", "bsd4.4", "sunos3.5", and 211538032Speter "sunos4.1". 211638032Speter 211738032Speterdomain Definitions describing a particular domain, referenced 211838032Speter using the DOMAIN macro in the .mc file. These are 211938032Speter site dependent; for example, "CS.Berkeley.EDU.m4" 212038032Speter describes hosts in the CS.Berkeley.EDU subdomain. 212138032Speter 212238032Spetermailer Descriptions of mailers. These are referenced using 212338032Speter the MAILER macro in the .mc file. 212438032Speter 212538032Spetersh Shell files used when building the .cf file from the 212638032Speter .mc file in the cf subdirectory. 212738032Speter 212838032Speterfeature These hold special orthogonal features that you might 212938032Speter want to include. They should be referenced using 213038032Speter the FEATURE macro. 213138032Speter 213238032Speterhack Local hacks. These can be referenced using the HACK 213338032Speter macro. They shouldn't be of more than voyeuristic 213438032Speter interest outside the .Berkeley.EDU domain, but who knows? 213538032Speter We've all got our own peccadillos. 213638032Speter 213738032Spetersiteconfig Site configuration -- e.g., tables of locally connected 213838032Speter UUCP sites. 213938032Speter 214038032Speter 214138032Speter+------------------------+ 214238032Speter| ADMINISTRATIVE DETAILS | 214338032Speter+------------------------+ 214438032Speter 214538032SpeterThe following sections detail usage of certain internal parts of the 214638032Spetersendmail.cf file. Read them carefully if you are trying to modify 214738032Speterthe current model. If you find the above descriptions adequate, these 214838032Spetershould be {boring, confusing, tedious, ridiculous} (pick one or more). 214938032Speter 215038032SpeterRULESETS (* means built in to sendmail) 215138032Speter 215238032Speter 0 * Parsing 215338032Speter 1 * Sender rewriting 215438032Speter 2 * Recipient rewriting 215538032Speter 3 * Canonicalization 215638032Speter 4 * Post cleanup 215738032Speter 5 * Local address rewrite (after aliasing) 215838032Speter 1x mailer rules (sender qualification) 215938032Speter 2x mailer rules (recipient qualification) 216038032Speter 3x mailer rules (sender header qualification) 216138032Speter 4x mailer rules (recipient header qualification) 216238032Speter 5x mailer subroutines (general) 216338032Speter 6x mailer subroutines (general) 216438032Speter 7x mailer subroutines (general) 216538032Speter 8x reserved 216638032Speter 90 Mailertable host stripping 216738032Speter 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 216838032Speter 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 216938032Speter 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 217038032Speter 99 Guaranteed null (for debugging) 217138032Speter 217238032Speter 217338032SpeterMAILERS 217438032Speter 217538032Speter 0 local, prog local and program mailers 217638032Speter 1 [e]smtp, relay SMTP channel 217738032Speter 2 uucp-* UNIX-to-UNIX Copy Program 217838032Speter 3 netnews Network News delivery 217938032Speter 4 fax Sam Leffler's HylaFAX software 218038032Speter 5 mail11 DECnet mailer 218138032Speter 218238032Speter 218338032SpeterMACROS 218438032Speter 218538032Speter A 218638032Speter B Bitnet Relay 218738032Speter C DECnet Relay 218838032Speter D The local domain -- usually not needed 218938032Speter E reserved for X.400 Relay 219038032Speter F FAX Relay 219138032Speter G 219238032Speter H mail Hub (for mail clusters) 219338032Speter I 219438032Speter J 219538032Speter K 219638032Speter L Luser Relay 219738032Speter M Masquerade (who I claim to be) 219838032Speter N 219938032Speter O 220038032Speter P 220138032Speter Q 220238032Speter R Relay (for unqualified names) 220338032Speter S Smart Host 220438032Speter T 220538032Speter U my UUCP name (if I have a UUCP connection) 220638032Speter V UUCP Relay (class V hosts) 220738032Speter W UUCP Relay (class W hosts) 220838032Speter X UUCP Relay (class X hosts) 220938032Speter Y UUCP Relay (all other hosts) 221038032Speter Z Version number 221138032Speter 221238032Speter 221338032SpeterCLASSES 221438032Speter 221538032Speter A 221638032Speter B domains that are candidates for bestmx lookup 221738032Speter C 221838032Speter D 221938032Speter E addresses that should not seem to come from $M 222038032Speter F hosts we forward for 222138032Speter G domains that should be looked up in genericstable 222238032Speter H 222338032Speter I 222438032Speter J 222538032Speter K 222638032Speter L addresses that should not be forwarded to $R 222738032Speter M domains that should be mapped to $M 222838032Speter N 222938032Speter O operators that indicate network operations (cannot be in local names) 223038032Speter P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 223138032Speter Q 223238032Speter R domains we are willing to relay (pass anti-spam filters) 223338032Speter S 223438032Speter T 223538032Speter U locally connected UUCP hosts 223638032Speter V UUCP hosts connected to relay $V 223738032Speter W UUCP hosts connected to relay $W 223838032Speter X UUCP hosts connected to relay $X 223938032Speter Y locally connected smart UUCP hosts 224038032Speter Z locally connected domain-ized UUCP hosts 224138032Speter . the class containing only a dot 224238032Speter [ the class containing only a left bracket 224338032Speter 224438032Speter 224538032SpeterM4 DIVERSIONS 224638032Speter 224738032Speter 1 Local host detection and resolution 224838032Speter 2 Local Ruleset 3 additions 224938032Speter 3 Local Ruleset 0 additions 225038032Speter 4 UUCP Ruleset 0 additions 225138032Speter 5 locally interpreted names (overrides $R) 225238032Speter 6 local configuration (at top of file) 225338032Speter 7 mailer definitions 225438032Speter 8 225538032Speter 9 special local rulesets (1 and 2) 2256