README revision 43730
138032Speter 238032Speter 338032Speter NEW SENDMAIL CONFIGURATION FILES 438032Speter 538032Speter Eric Allman <eric@Sendmail.ORG> 638032Speter 743730Speter @(#)README 8.186 (Berkeley) 2/3/1999 838032Speter 938032Speter 1038032SpeterThis document describes the sendmail configuration files being used 1138032Speterat Berkeley. These use features in the new (R8) sendmail; they will 1238032Speternot work on other versions. 1338032Speter 1438032SpeterThese configuration files are probably not as general as previous 1538032Speterversions, and don't handle as many of the weird cases automagically. 1638032SpeterI was able to simplify them for two reasons. First, the network 1738032Speterhas become more consistent -- for example, at this point, everyone 1838032Speteron the internet is supposed to be running a name server, so hacks to 1938032Speterhandle NIC-registered hosts can go away. Second, I assumed that a 2038032Spetersubdomain would be running SMTP internally -- UUCP is presumed to be 2138032Spetera long-haul protocol. I realize that this is not universal, but it 2238032Speterdoes describe the vast majority of sites with which I am familiar, 2338032Speterincluding those outside the US. 2438032Speter 2538032SpeterOf course, the downside of this is that if you do live in a weird 2638032Speterworld, things are going to get weirder for you. I'm sorry about that, 2738032Speterbut at the time we at Berkeley had a problem, and it seemed like the 2838032Speterright thing to do. 2938032Speter 3038032SpeterThis package requires a post-V7 version of m4; if you are running the 3138032Speter4.2bsd, SysV.2, or 7th Edition version, I suggest finding a friend with 3238032Spetera newer version. You can m4-expand on their system, then run locally. 3338032SpeterSunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work. GNU m4 version 1.1 3438032Speteror later also works. Unfortunately, I'm told that the M4 on BSDI 1.0 3538032Speterdoesn't work -- you'll have to use a Net/2 or GNU version. GNU m4 is 3638032Speteravailable from ftp://ftp.gnu.org/pub/gnu/m4-1.4.tar.gz (check for 3738032Speterthe latest version). EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken 3838032Speter(3.x is fine). Use GNU m4 on this platform. 3938032Speter 4038032SpeterIF YOU DON'T HAVE A BERKELEY MAKE, don't despair! Just run 4138032Speter"m4 ../m4/cf.m4 foo.mc > foo.cf" -- that should be all you need. 4238032SpeterThere is also a fairly crude (but functional) Makefile.dist that works 4338032Speteron the old version of make. 4438032Speter 4538032SpeterTo get started, you may want to look at tcpproto.mc (for TCP-only 4638032Spetersites), uucpproto.mc (for UUCP-only sites), and clientproto.mc (for 4738032Speterclusters of clients using a single mail host). Others are versions 4838032Speterthat we use at Berkeley, although not all are in current use. For 4938032Speterexample, ucbvax has gone away, but I've left ucbvax.mc in because 5038032Speterit demonstrates some interesting techniques. 5138032Speter 5238032SpeterI'm not pretending that this README describes everything that these 5338032Speterconfiguration files can do; clever people can probably tweak them 5438032Speterto great effect. But it should get you started. 5538032Speter 5638032Speter******************************************************************* 5738032Speter*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 5838032Speter*** Berkeley-specific assumptions built in, such as the name *** 5938032Speter*** of our UUCP-relay. You'll want to create your own domain *** 6038032Speter*** description, and use that in place of *** 6138032Speter*** domain/Berkeley.EDU.m4. *** 6238032Speter******************************************************************* 6338032Speter 6438032Speter 6538032Speter+--------------------------+ 6638032Speter| INTRODUCTION AND EXAMPLE | 6738032Speter+--------------------------+ 6838032Speter 6938032SpeterConfiguration files are contained in the subdirectory "cf", with a 7038032Spetersuffix ".mc". They must be run through "m4" to produce a ".cf" file. 7138032SpeterYou must pre-load "cf.m4": 7238032Speter 7338032Speter m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 7438032Speter 7538032Speterwhere ${CFDIR} is the root of the cf directory and config.mc is the 7638032Spetername of your configuration file. If you are running a version of M4 7738032Speterthat understands the __file__ builtin (versions of GNU m4 >= 0.75 do 7838032Speterthis, but the versions distributed with 4.4BSD and derivatives do not) 7938032Speteror the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 8038032SpeterFor "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 8138032Speteruse -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 8238032Speter 8338032Speter m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 8438032Speter 8538032SpeterLet's examine a typical .mc file: 8638032Speter 8738032Speter divert(-1) 8838032Speter # 8938032Speter # Copyright (c) 1998 Sendmail, Inc. All rights reserved. 9038032Speter # Copyright (c) 1983 Eric P. Allman. All rights reserved. 9138032Speter # Copyright (c) 1988, 1993 9238032Speter # The Regents of the University of California. All rights reserved. 9338032Speter # 9438032Speter # By using this file, you agree to the terms and conditions set 9538032Speter # forth in the LICENSE file which can be found at the top level of 9638032Speter # the sendmail distribution. 9738032Speter # 9838032Speter 9938032Speter # 10038032Speter # This is a Berkeley-specific configuration file for HP-UX 9.x. 10138032Speter # It applies only to the Computer Science Division at Berkeley, 10238032Speter # and should not be used elsewhere. It is provided on the sendmail 10338032Speter # distribution as a sample only. To create your own configuration 10438032Speter # file, create an appropriate domain file in ../domain, change the 10538032Speter # `DOMAIN' macro below to reference that file, and copy the result 10638032Speter # to a name of your own choosing. 10738032Speter # 10838032Speter divert(0) 10938032Speter 11038032SpeterThe divert(-1) will delete the crud in the resulting output file. 11138032SpeterThe copyright notice can be replaced by whatever your lawyers require; 11238032Speterour lawyers require the one that I've included in my files. A copyleft 11338032Speteris a copyright by another name. The divert(0) restores regular output. 11438032Speter 11538032Speter VERSIONID(`<SCCS or RCS version id>') 11638032Speter 11738032SpeterVERSIONID is a macro that stuffs the version information into the 11838032Speterresulting file. We use SCCS; you could use RCS, something else, or 11938032Speteromit it completely. This is not the same as the version id included 12038032Speterin SMTP greeting messages -- this is defined in m4/version.m4. 12138032Speter 12238032Speter OSTYPE(hpux9)dnl 12338032Speter 12438032SpeterYou must specify an OSTYPE to properly configure things such as the 12538032Speterpathname of the help and status files, the flags needed for the local 12638032Spetermailer, and other important things. If you omit it, you will get an 12738032Spetererror when you try to build the configuration. Look at the ostype 12838032Speterdirectory for the list of known operating system types. 12938032Speter 13038032Speter DOMAIN(CS.Berkeley.EDU)dnl 13138032Speter 13238032SpeterThis example is specific to the Computer Science Division at Berkeley. 13338032SpeterYou can use "DOMAIN(generic)" to get a sufficiently bland definition 13438032Speterthat may well work for you, or you can create a customized domain 13538032Speterdefinition appropriate for your environment. 13638032Speter 13738032Speter MAILER(local) 13838032Speter MAILER(smtp) 13938032Speter 14038032SpeterThese describe the mailers used at the default CS site site. The 14138032Speterlocal mailer is always included automatically. Beware: MAILER 14238032Speterdeclarations should always be at the end of the configuration file, 14338032Speterand MAILER(smtp) should always precede MAILER(uucp). The general 14438032Speterrules are that the order should be: 14538032Speter 14638032Speter VERSIONID 14738032Speter OSTYPE 14838032Speter DOMAIN 14938032Speter FEATURE 15038032Speter local macro definitions 15138032Speter MAILER 15238032Speter LOCAL_RULESET_* 15338032Speter 15438032Speter 15538032Speter+----------------------------+ 15638032Speter| A BRIEF INTRODUCTION TO M4 | 15738032Speter+----------------------------+ 15838032Speter 15938032SpeterSendmail uses the M4 macro processor to ``compile'' the configuration 16038032Speterfiles. The most important thing to know is that M4 is stream-based, 16138032Speterthat is, it doesn't understand about lines. For this reason, in some 16238032Speterplaces you may see the word ``dnl'', which stands for ``delete 16338032Speterthrough newline''; essentially, it deletes all characters starting 16438032Speterat the ``dnl'' up to and including the next newline character. In 16538032Spetermost cases sendmail uses this only to avoid lots of unnecessary 16638032Speterblank lines in the output. 16738032Speter 16838032SpeterOther important directives are define(A, B) which defines the macro 16938032Speter``A'' to have value ``B''. Macros are expanded as they are read, so 17038032Speterone normally quotes both values to prevent expansion. For example, 17138032Speter 17238032Speter define(`SMART_HOST', `smart.foo.com') 17338032Speter 17438032SpeterOne word of warning: M4 macros are expanded even in lines that appear 17538032Speterto be comments. For example, if you have 17638032Speter 17738032Speter # See FEATURE(foo) above 17838032Speter 17938032Speterit will not do what you expect, because the FEATURE(foo) will be 18038032Speterexpanded. This also applies to 18138032Speter 18238032Speter # And then define the $X macro to be the return address 18338032Speter 18438032Speterbecause ``define'' is an M4 keyword. If you want to use them, surround 18538032Speterthem with directed quotes, `like this'. 18638032Speter 18738032Speter+----------------+ 18838032Speter| FILE LOCATIONS | 18938032Speter+----------------+ 19038032Speter 19138032Spetersendmail 8.9 has introduced a new configuration directory for sendmail 19238032Speterrelated files, /etc/mail. The new files available for sendmail 8.9 -- 19338032Speterthe class 'R' /etc/mail/relay-domains and the access database 19438032Speter/etc/mail/access -- take advantage of this new directory. 8.9 will 19538032Speterserve as a transition release. Beginning with 8.10, all of the files 19638032Speterwill use this directory by default. 19738032Speter 19838032Speter+--------+ 19938032Speter| OSTYPE | 20038032Speter+--------+ 20138032Speter 20238032SpeterYou MUST define an operating system environment, or the configuration 20338032Speterfile build will puke. There are several environments available; look 20438032Speterat the "ostype" directory for the current list. This macro changes 20538032Speterthings like the location of the alias file and queue directory. Some 20638032Speterof these files are identical to one another. 20738032Speter 20838032SpeterIt is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 20938032SpeterIn general, the OSTYPE macro should go immediately after any version 21038032Speterinformation, and MAILER definitions should always go last. 21138032Speter 21238032SpeterOperating system definitions are usually easy to write. They may define 21338032Speterthe following variables (everything defaults, so an ostype file may be 21438032Speterempty). Unfortunately, the list of configuration-supported systems is 21538032Speternot as broad as the list of source-supported systems, since many of 21638032Speterthe source contributors do not include corresponding ostype files. 21738032Speter 21838032SpeterALIAS_FILE [/etc/aliases] The location of the text version 21938032Speter of the alias file(s). It can be a comma-separated 22038032Speter list of names (but be sure you quote values with 22138032Speter commas in them -- for example, use 22238032Speter define(`ALIAS_FILE', `a,b') 22338032Speter to get "a" and "b" both listed as alias files; 22438032Speter otherwise the define() primitive only sees "a"). 22538032SpeterHELP_FILE [/usr/lib/sendmail.hf] The name of the file 22638032Speter containing information printed in response to 22738032Speter the SMTP HELP command. 22838032SpeterQUEUE_DIR [/var/spool/mqueue] The directory containing 22938032Speter queue files. 23038032SpeterSTATUS_FILE [/etc/sendmail.st] The file containing status 23138032Speter information. 23238032SpeterLOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 23338032SpeterLOCAL_MAILER_FLAGS [rmn9] The flags used by the local mailer. The 23438032Speter flags lsDFM are always included. 23538032SpeterLOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 23638032Speter mail. 23738032SpeterLOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 23838032Speter mail that you are willing to accept. 23938032SpeterLOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 24038032Speter that ARRIVE from an address that resolves to the 24138032Speter local mailer and which are converted to MIME will be 24238032Speter labeled with this character set. 24338032SpeterLOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 24438032SpeterLOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 24538032Speter flags lsDFM are always included. 24638032SpeterLOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 24738032Speter mail. 24838032SpeterLOCAL_SHELL_DIR [$z:/] The directory search path in which the 24938032Speter shell should run. 25038032SpeterUSENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 25138032Speter used to submit news. 25238032SpeterUSENET_MAILER_FLAGS [rlsDFMmn] The mailer flags for the usenet mailer. 25338032SpeterUSENET_MAILER_ARGS [-m -h -n] The command line arguments for the 25438032Speter usenet mailer. 25538032SpeterUSENET_MAILER_MAX [100000] The maximum size of messages that will 25638032Speter be accepted by the usenet mailer. 25738032SpeterSMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 25838032Speter flags are `mDFMUX' for all SMTP-based mailers; the 25938032Speter "esmtp" mailer adds `a' and "smtp8" adds `8'. 26038032SpeterSMTP_MAILER_MAX [undefined] The maximum size of messages that will 26138032Speter be transported using the smtp, smtp8, or esmtp 26238032Speter mailers. 26338032SpeterSMTP_MAILER_ARGS [IPC $h] The arguments passed to the smtp mailer. 26438032Speter About the only reason you would want to change this 26538032Speter would be to change the default port. 26638032SpeterESMTP_MAILER_ARGS [IPC $h] The arguments passed to the esmtp mailer. 26738032SpeterSMTP8_MAILER_ARGS [IPC $h] The arguments passed to the smtp8 mailer. 26838032SpeterRELAY_MAILER_ARGS [IPC $h] The arguments passed to the relay mailer. 26938032SpeterSMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 27038032Speter that ARRIVE from an address that resolves to one of 27138032Speter the SMTP mailers and which are converted to MIME will 27238032Speter be labeled with this character set. 27338032SpeterUUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 27438032SpeterUUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 27538032Speter flags are `DFMhuU' (and `m' for uucp-new mailer, 27638032Speter minus `U' for uucp-dom mailer). 27738032SpeterUUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 27838032Speter passed to the UUCP mailer. 27938032SpeterUUCP_MAILER_MAX [100000] The maximum size message accepted for 28038032Speter transmission by the UUCP mailers. 28138032SpeterUUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 28238032Speter that ARRIVE from an address that resolves to one of 28338032Speter the UUCP mailers and which are converted to MIME will 28438032Speter be labeled with this character set. 28538032SpeterFAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 28638032Speter submit FAX messages. 28738032SpeterFAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 28838032Speter mailer. 28938032SpeterFAX_MAILER_MAX [100000] The maximum size message accepted for 29038032Speter transmission by FAX. 29138032SpeterPOP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 29238032SpeterPOP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags "lsDFM" 29338032Speter are always added. 29438032SpeterPOP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 29538032SpeterPROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 29643730Speter program. This is also used by 29743730Speter FEATURE(`local_procmail'). 29838032SpeterPROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 29938032Speter ``DFM'' are always set. This is NOT used by 30043730Speter FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 30138032Speter instead. 30238032SpeterPROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 30338032Speter the Procmail mailer. This is NOT used by 30443730Speter FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 30538032Speter instead. 30638032SpeterPROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 30738032Speter will be accepted by the procmail mailer. 30838032SpeterMAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 30938032SpeterMAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 31038032SpeterMAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 31138032Speter mailer. 31238032SpeterPH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 31338032Speter program. 31438032SpeterPH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. 31538032SpeterPH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 31638032SpeterCYRUS_MAILER_FLAGS [A5@/:|] The flags used by the cyrus mailer. The 31738032Speter flags lsDFMnPq are always included. 31838032SpeterCYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 31938032Speter cyrus mail. 32038032SpeterCYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 32138032Speter to deliver cyrus mail. 32238032SpeterCYRUS_MAILER_MAX [undefined] If set, the maximum size message that 32338032Speter will be accepted by the cyrus mailer. 32438032SpeterCYRUS_MAILER_USER [cyrus:mail] The user and group to become when 32538032Speter running the cyrus mailer. 32638032SpeterCYRUS_BB_MAILER_FLAGS [undefined] The flags used by the cyrusbb 32738032Speter mailer. The flags lsDFMnP are always included. 32838032SpeterCYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 32938032Speter to deliver cyrusbb mail. 33038032SpeterconfEBINDIR [/usr/libexec] The directory for executables. 33143730Speter Currently used for FEATURE(`local_lmtp') and 33243730Speter FEATURE(`smrsh'). 33338032Speter 33438032Speter 33538032Speter 33638032Speter+---------+ 33738032Speter| DOMAINS | 33838032Speter+---------+ 33938032Speter 34038032SpeterYou will probably want to collect domain-dependent defines into one 34138032Speterfile, referenced by the DOMAIN macro. For example, our Berkeley 34238032Speterdomain file includes definitions for several internal distinguished 34338032Speterhosts: 34438032Speter 34538032SpeterUUCP_RELAY The host that will accept UUCP-addressed email. 34638032Speter If not defined, all UUCP sites must be directly 34738032Speter connected. 34838032SpeterBITNET_RELAY The host that will accept BITNET-addressed email. 34938032Speter If not defined, the .BITNET pseudo-domain won't work. 35038032SpeterDECNET_RELAY The host that will accept DECNET-addressed email. 35138032Speter If not defined, the .DECNET pseudo-domain and addresses 35238032Speter of the form node::user will not work. 35338032SpeterFAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 35438032Speter The "fax" mailer overrides this value. 35538032SpeterLOCAL_RELAY DEPRECATED. The site that will handle unqualified 35638032Speter names -- that is, names with out an @domain extension. 35738032Speter If not set, they are assumed to belong on this machine. 35838032Speter This allows you to have a central site to store a 35938032Speter company- or department-wide alias database. This 36038032Speter only works at small sites, and only with some user 36138032Speter agents. 36238032SpeterLUSER_RELAY The site that will handle lusers -- that is, apparently 36338032Speter local names that aren't local accounts or aliases. 36438032Speter 36538032SpeterAny of these can be either ``mailer:hostname'' (in which case the 36638032Spetermailer is the internal mailer name, such as ``uucp-new'' and the hostname 36738032Speteris the name of the host as appropriate for that mailer) or just a 36838032Speter``hostname'', in which case a default mailer type (usually ``relay'', 36938032Spetera variant on SMTP) is used. WARNING: if you have a wildcard MX 37038032Speterrecord matching your domain, you probably want to define these to 37138032Speterhave a trailing dot so that you won't get the mail diverted back 37238032Speterto yourself. 37338032Speter 37438032SpeterThe domain file can also be used to define a domain name, if needed 37538032Speter(using "DD<domain>") and set certain site-wide features. If all hosts 37638032Speterat your site masquerade behind one email name, you could also use 37738032SpeterMASQUERADE_AS here. 37838032Speter 37938032SpeterYou do not have to define a domain -- in particular, if you are a 38038032Spetersingle machine sitting off somewhere, it is probably more work than 38138032Speterit's worth. This is just a mechanism for combining "domain dependent 38238032Speterknowledge" into one place. 38338032Speter 38438032Speter+---------+ 38538032Speter| MAILERS | 38638032Speter+---------+ 38738032Speter 38838032SpeterThere are fewer mailers supported in this version than the previous 38938032Speterversion, owing mostly to a simpler world. As a general rule, put the 39038032SpeterMAILER definitions last in your .mc file, and always put MAILER(smtp) 39138032Speterbefore MAILER(uucp) -- several features and definitions will modify 39238032Speterthe definition of mailers, and the smtp mailer modifies the UUCP 39338032Spetermailer. 39438032Speter 39538032Speterlocal The local and prog mailers. You will almost always 39638032Speter need these; the only exception is if you relay ALL 39738032Speter your mail to another site. This mailer is included 39838032Speter automatically. 39938032Speter 40038032Spetersmtp The Simple Mail Transport Protocol mailer. This does 40138032Speter not hide hosts behind a gateway or another other 40238032Speter such hack; it assumes a world where everyone is 40338032Speter running the name server. This file actually defines 40438032Speter four mailers: "smtp" for regular (old-style) SMTP to 40538032Speter other servers, "esmtp" for extended SMTP to other 40638032Speter servers, "smtp8" to do SMTP to other servers without 40738032Speter converting 8-bit data to MIME (essentially, this is 40838032Speter your statement that you know the other end is 8-bit 40938032Speter clean even if it doesn't say so), and "relay" for 41038032Speter transmission to our RELAY_HOST, LUSER_RELAY, or 41138032Speter MAILER_HUB. 41238032Speter 41338032Speteruucp The Unix-to-Unix Copy Program mailer. Actually, this 41438032Speter defines two mailers, "uucp-old" (a.k.a. "uucp") and 41538032Speter "uucp-new" (a.k.a. "suucp"). The latter is for when you 41638032Speter know that the UUCP mailer at the other end can handle 41738032Speter multiple recipients in one transfer. If the smtp mailer 41838032Speter is also included in your configuration, two other mailers 41938032Speter ("uucp-dom" and "uucp-uudom") are also defined [warning: 42038032Speter you MUST specify MAILER(smtp) before MAILER(uucp)]. When you 42138032Speter include the uucp mailer, sendmail looks for all names in 42238032Speter the $=U class and sends them to the uucp-old mailer; all 42338032Speter names in the $=Y class are sent to uucp-new; and all 42438032Speter names in the $=Z class are sent to uucp-uudom. Note that 42538032Speter this is a function of what version of rmail runs on 42638032Speter the receiving end, and hence may be out of your control. 42738032Speter See the section below describing UUCP mailers in more 42838032Speter detail. 42938032Speter 43038032Speterusenet Usenet (network news) delivery. If this is specified, 43138032Speter an extra rule is added to ruleset 0 that forwards all 43238032Speter local email for users named ``group.usenet'' to the 43338032Speter ``inews'' program. Note that this works for all groups, 43438032Speter and may be considered a security problem. 43538032Speter 43638032Speterfax Facsimile transmission. This is experimental and based 43738032Speter on Sam Leffler's HylaFAX software. For more information, 43838032Speter see http://www.vix.com/hylafax/. 43938032Speter 44038032Speterpop Post Office Protocol. 44138032Speter 44238032Speterprocmail An interface to procmail (does not come with sendmail). 44338032Speter This is designed to be used in mailertables. For example, 44438032Speter a common question is "how do I forward all mail for a given 44538032Speter domain to a single person?". If you have this mailer 44638032Speter defined, you could set up a mailertable reading: 44738032Speter 44838032Speter host.com procmail:/etc/procmailrcs/host.com 44938032Speter 45038032Speter with the file /etc/procmailrcs/host.com reading: 45138032Speter 45238032Speter :0 # forward mail for host.com 45338032Speter ! -oi -f $1 person@other.host 45438032Speter 45538032Speter This would arrange for (anything)@host.com to be sent 45638032Speter to person@other.host. Within the procmail script, $1 is 45738032Speter the name of the sender and $2 is the name of the recipient. 45843730Speter If you use this with FEATURE(`local_procmail'), the FEATURE 45938032Speter should be listed first. 46038032Speter 46138032Spetermail11 The DECnet mail11 mailer, useful only if you have the mail11 46238032Speter program from gatekeeper.dec.com:/pub/DEC/gwtools (and 46338032Speter DECnet, of course). This is for Phase IV DECnet support; 46438032Speter if you have Phase V at your site you may have additional 46538032Speter problems. 46638032Speter 46738032Speterphquery The phquery program. This is somewhat counterintuitively 46838032Speter referenced as the "ph" mailer internally. It can be used 46938032Speter to do CCSO name server lookups. The phquery program, which 47038032Speter this mailer uses, is distributed with the ph client. 47138032Speter 47238032Spetercyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 47338032Speter a local cyrus user. this mailer can make use of the 47438032Speter "user+detail@local.host" syntax; it will deliver the mail to 47538032Speter the user's "detail" mailbox if the mailbox's ACL permits. 47638032Speter The cyrusbb mailer delivers to a system-wide cyrus mailbox 47738032Speter if the mailbox's ACL permits. 47838032Speter 47938032Speter 48038032SpeterThe local mailer accepts addresses of the form "user+detail", where 48138032Speterthe "+detail" is not used for mailbox matching but is available 48243730Speterto certain local mail programs (in particular, see 48343730SpeterFEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 48443730Speter"eric+sww" all indicate the same user, but additional arguments <null>, 48543730Speter"sendmail", and "sww" may be provided for use in sorting mail. 48638032Speter 48738032Speter 48838032Speter+----------+ 48938032Speter| FEATURES | 49038032Speter+----------+ 49138032Speter 49238032SpeterSpecial features can be requested using the "FEATURE" macro. For 49338032Speterexample, the .mc line: 49438032Speter 49543730Speter FEATURE(`use_cw_file') 49638032Speter 49738032Spetertells sendmail that you want to have it read an /etc/sendmail.cw 49838032Speterfile to get values for class $=w. The FEATURE may contain a single 49938032Speteroptional parameter -- for example: 50038032Speter 50143730Speter FEATURE(`mailertable', `dbm /usr/lib/mailertable') 50238032Speter 50338032SpeterThe default database map type for the table features can be set with 50438032Speter 50538032Speter define(`DATABASE_MAP_TYPE', `dbm') 50638032Speter 50738032Speterwhich would set it to use ndbm databases. The default is the Berkeley DB 50838032Speterhash database format. Note that you must still declare a database map type 50938032Speterif you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 51038032Speterif no argument is given for the FEATURE. 51138032Speter 51238032SpeterAvailable features are: 51338032Speter 51438032Speteruse_cw_file Read the file /etc/sendmail.cw file to get alternate 51538032Speter names for this host. This might be used if you were 51638032Speter on a host that MXed for a dynamic set of other 51738032Speter hosts. If the set is static, just including the line 51838032Speter "Cw<name1> <name2> ..." (where the names are fully 51938032Speter qualified domain names) is probably superior. 52038032Speter The actual filename can be overridden by redefining 52138032Speter confCW_FILE. 52238032Speter 52338032Speteruse_ct_file Read the file /etc/sendmail.ct file to get the names 52438032Speter of users that will be ``trusted'', that is, able to 52538032Speter set their envelope from address using -f without 52638032Speter generating a warning message. 52738032Speter The actual filename can be overridden by redefining 52838032Speter confCT_FILE. 52938032Speter 53038032Speterredirect Reject all mail addressed to "address.REDIRECT" with 53138032Speter a ``551 User not local; please try <address>'' message. 53238032Speter If this is set, you can alias people who have left 53338032Speter to their new address with ".REDIRECT" appended. 53438032Speter 53538032Speternouucp Don't do anything special with UUCP addresses at all. 53638032Speter 53738032Speternocanonify Don't pass addresses to $[ ... $] for canonification. 53838032Speter This would generally only be used by sites that only 53938032Speter act as mail gateways or which have user agents that do 54038032Speter full canonification themselves. You may also want to 54138032Speter use "define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')" to 54238032Speter turn off the usual resolver options that do a similar 54338032Speter thing. 54438032Speter 54538032Speterstickyhost If set, email sent to "user@local.host" are marked 54638032Speter as "sticky" -- that is, the local addresses aren't 54738032Speter matched against UDB and don't go through ruleset 5. 54838032Speter This is used if you want a set up where "user" is 54938032Speter not necessarily the same as "user@local.host", e.g., 55038032Speter to make a distinct domain-wide namespace. Prior to 55138032Speter 8.7 this was the default, and notsticky was used to 55238032Speter turn this off. 55338032Speter 55438032Spetermailertable Include a "mailer table" which can be used to override 55538032Speter routing for particular domains. The argument of the 55638032Speter FEATURE may be the key definition. If none is specified, 55738032Speter the definition used is: 55843730Speter 55938032Speter hash -o /etc/mailertable 56043730Speter 56138032Speter Keys in this database are fully qualified domain names 56238032Speter or partial domains preceded by a dot -- for example, 56338032Speter "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". 56438032Speter Values must be of the form: 56538032Speter mailer:domain 56638032Speter where "mailer" is the internal mailer name, and "domain" 56738032Speter is where to send the message. These maps are not 56838032Speter reflected into the message header. As a special case, 56938032Speter the forms: 57038032Speter local:user 57138032Speter will forward to the indicated user using the local mailer, 57238032Speter local: 57338032Speter will forward to the original user in the e-mail address 57438032Speter using the local mailer, and 57538032Speter error:code message 57638032Speter will give an error message with the indicated code and 57738032Speter message. 57838032Speter 57938032Speterdomaintable Include a "domain table" which can be used to provide 58038032Speter domain name mapping. Use of this should really be 58138032Speter limited to your own domains. It may be useful if you 58238032Speter change names (e.g., your company changes names from 58338032Speter oldname.com to newname.com). The argument of the 58438032Speter FEATURE may be the key definition. If none is specified, 58538032Speter the definition used is: 58643730Speter 58738032Speter hash -o /etc/domaintable 58843730Speter 58938032Speter The key in this table is the domain name; the value is 59038032Speter the new (fully qualified) domain. Anything in the 59138032Speter domaintable is reflected into headers; that is, this 59238032Speter is done in ruleset 3. 59338032Speter 59438032Speterbitdomain Look up bitnet hosts in a table to try to turn them into 59538032Speter internet addresses. The table can be built using the 59638032Speter bitdomain program contributed by John Gardiner Myers. 59738032Speter The argument of the FEATURE may be the key definition; if 59838032Speter none is specified, the definition used is: 59943730Speter 60038032Speter hash -o /etc/bitdomain.db 60143730Speter 60238032Speter Keys are the bitnet hostname; values are the corresponding 60338032Speter internet hostname. 60438032Speter 60538032Speteruucpdomain Similar feature for UUCP hosts. The default map definition 60638032Speter is: 60743730Speter 60838032Speter hash -o /etc/uudomain.db 60943730Speter 61038032Speter At the moment there is no automagic tool to build this 61138032Speter database. 61238032Speter 61338032Speteralways_add_domain 61438032Speter Include the local host domain even on locally delivered 61538032Speter mail. Normally it is not added on unqualified names. 61638032Speter However, if you use a shared message store but do not use 61738032Speter the same user name space everywhere, you may need the host 61838032Speter name on local names. 61938032Speter 62038032Speterallmasquerade If masquerading is enabled (using MASQUERADE_AS), this 62138032Speter feature will cause recipient addresses to also masquerade 62238032Speter as being from the masquerade host. Normally they get 62338032Speter the local hostname. Although this may be right for 62438032Speter ordinary users, it can break local aliases. For example, 62538032Speter if you send to "localalias", the originating sendmail will 62638032Speter find that alias and send to all members, but send the 62738032Speter message with "To: localalias@masqueradehost". Since that 62838032Speter alias likely does not exist, replies will fail. Use this 62938032Speter feature ONLY if you can guarantee that the ENTIRE 63038032Speter namespace on your masquerade host supersets all the 63138032Speter local entries. 63238032Speter 63338032Speterlimited_masquerade 63438032Speter Normally, any hosts listed in $=w are masqueraded. If this 63538032Speter feature is given, only the hosts listed in $=M are masqueraded. 63638032Speter This is useful if you have several domains with disjoint 63738032Speter namespaces hosted on the same machine. 63838032Speter 63938032Spetermasquerade_entire_domain 64038032Speter If masquerading is enabled (using MASQUERADE_AS) and 64138032Speter MASQUERADE_DOMAIN (see below) is set, this feature will 64238032Speter cause addresses to be rewritten such that the masquerading 64338032Speter domains are actually entire domains to be hidden. All 64438032Speter hosts within the masquerading domains will be rewritten 64538032Speter to the masquerade name (used in MASQUERADE_AS). For example, 64638032Speter if you have: 64738032Speter 64838032Speter MASQUERADE_AS(masq.com) 64938032Speter MASQUERADE_DOMAIN(foo.org) 65038032Speter MASQUERADE_DOMAIN(bar.com) 65138032Speter 65238032Speter then *foo.org and *bar.com are converted to masq.com. Without 65338032Speter this feature, only foo.org and bar.com are masqueraded. 65438032Speter 65538032Speter NOTE: only domains within your jurisdiction and 65638032Speter current hierarchy should be masqueraded using this. 65738032Speter 65838032Spetergenericstable This feature will cause certain addresses originating locally 65938032Speter (i.e. that are unqualified) or a domain listed in $=G to be 66038032Speter looked up in a map and turned into another ("generic") form, 66138032Speter which can change both the domain name and the user name. This 66238032Speter is similar to the userdb functionality. The same types of 66338032Speter addresses as for masquerading are looked up, i.e. only header 66438032Speter sender addresses unless the allmasquerade and/or 66538032Speter masquerade_envelope features are given. Qualified addresses 66638032Speter must have the domain part in the list of names given by the 66738032Speter by the macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE 66838032Speter (analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, 66938032Speter see below). 67038032Speter 67143730Speter The argument of FEATURE(`genericstable') may be the map 67238032Speter definition; the default map definition is: 67338032Speter 67438032Speter hash -o /etc/genericstable 67538032Speter 67638032Speter The key for this table is either the full address or the 67738032Speter unqualified username (the former is tried first); the 67838032Speter value is the new user address. If the new user address does 67938032Speter not include a domain, it will be qualified in the standard 68038032Speter manner, i.e. using $j or the masquerade name. Note that the 68138032Speter address being looked up must be fully qualified. For local 68243730Speter mail, it is necessary to use FEATURE(`always_add_domain') 68343730Speter for the addresses to be qualified. 68438032Speter 68538032Spetervirtusertable A domain-specific form of aliasing, allowing multiple 68638032Speter virtual domains to be hosted on one machine. For example, 68738032Speter if the virtuser table contained: 68838032Speter 68938032Speter info@foo.com foo-info 69038032Speter info@bar.com bar-info 69138032Speter @baz.org jane@elsewhere.net 69238032Speter 69338032Speter then mail addressed to info@foo.com will be sent to the 69438032Speter address foo-info, mail addressed to info@bar.com will be 69538032Speter delivered to bar-info, and mail addressed to anyone at 69638032Speter baz.org will be sent to jane@elsewhere.net. The username 69738032Speter from the original address is passed as %1 allowing: 69838032Speter 69938032Speter @foo.org %1@elsewhere.com 70038032Speter 70138032Speter meaning someone@foo.org will be sent to someone@elsewhere.com. 70238032Speter 70338032Speter All the host names on the left hand side (foo.com, bar.com, 70438032Speter and baz.org) must be in $=w. The default map definition is: 70538032Speter 70638032Speter hash -o /etc/virtusertable 70738032Speter 70838032Speter A new definition can be specified as the second argument of 70938032Speter the FEATURE macro, such as 71038032Speter 71143730Speter FEATURE(`virtusertable', `dbm -o /etc/mail/virtusers') 71238032Speter 71338032Speternodns We aren't running DNS at our site (for example, 71438032Speter we are UUCP-only connected). It's hard to consider 71538032Speter this a "feature", but hey, it had to go somewhere. 71638032Speter Actually, as of 8.7 this is a no-op -- remove "dns" from 71738032Speter the hosts service switch entry instead. 71838032Speter 71938032Speternullclient This is a special case -- it creates a stripped down 72038032Speter configuration file containing nothing but support for 72138032Speter forwarding all mail to a central hub via a local 72238032Speter SMTP-based network. The argument is the name of that 72338032Speter hub. 72438032Speter 72538032Speter The only other feature that should be used in conjunction 72638032Speter with this one is "nocanonify" (this causes addresses to 72738032Speter be sent unqualified via the SMTP connection; normally 72838032Speter they are qualified with the masquerade name, which 72938032Speter defaults to the name of the hub machine). No mailers 73038032Speter should be defined. No aliasing or forwarding is done. 73142575Speter Also, note that absolutely no anti-spam or anti-relaying 73242575Speter is done in a null client configuration. More information 73342575Speter can be found in the ANTI-SPAM CONFIGURATION CONTROL section. 73438032Speter 73538032Speterlocal_lmtp Use an LMTP capable local mailer. The argument to this 73638032Speter feature is the pathname of an LMTP capable mailer. By 73738032Speter default, mail.local is used. This is expected to be the 73838032Speter mail.local which came with the 8.9 distribution which is 73938032Speter LMTP capable. The path to mail.local is set by the 74038032Speter confEBINDIR m4 variable -- making the default 74138032Speter LOCAL_MAILER_PATH /usr/libexec/mail.local. 74238032Speter 74338032Speterlocal_procmail Use procmail as the local mailer. This mailer can 74438032Speter make use of the "user+indicator@local.host" syntax; 74538032Speter normally the +indicator is just tossed, but by default 74638032Speter it is passed as the -a argument to procmail. The 74738032Speter argument to this feature is the pathname of procmail, 74838032Speter which defaults to PROCMAIL_MAILER_PATH. Note that this 74938032Speter does NOT use PROCMAIL_MAILER_FLAGS or PROCMAIL_MAILER_ARGS 75038032Speter for the local mailer; tweak LOCAL_MAILER_FLAGS and 75138032Speter LOCAL_MAILER_ARGS instead. 75238032Speter 75338032Speterbestmx_is_local Accept mail as though locally addressed for any host that 75438032Speter lists us as the best possible MX record. This generates 75538032Speter additional DNS traffic, but should be OK for low to 75638032Speter medium traffic hosts. The argument may be a set of 75738032Speter domains, which will limit the feature to only apply to 75838032Speter these domains -- this will reduce unnecessary DNS 75938032Speter traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 76038032Speter WILDCARD MX RECORDS!!! If you have a wildcard MX record 76138032Speter that matches your domain, you cannot use this feature. 76238032Speter 76338032Spetersmrsh Use the SendMail Restricted SHell (smrsh) provided 76438032Speter with the distribution instead of /bin/sh for mailing 76538032Speter to programs. This improves the ability of the local 76638032Speter system administrator to control what gets run via 76738032Speter e-mail. If an argument is provided it is used as the 76838032Speter pathname to smrsh; otherwise, the path defined by 76938032Speter confEBINDIR is used for the smrsh binary -- by default, 77038032Speter /usr/libexec/smrsh is assumed. 77138032Speter 77238032Speterpromiscuous_relay 77338032Speter By default, the sendmail configuration files do not permit 77438032Speter mail relaying (that is, accepting mail from outside your 77538032Speter domain and sending it to another host outside your domain). 77638032Speter This option sets your site to allow mail relaying from any 77738032Speter site to any site. In general, it is better to control the 77838032Speter relaying more carefully with the access db and the 'R' 77938032Speter class ($=R). Domains can be added to class 'R' by the 78038032Speter macros RELAY_DOMAIN or RELAY_DOMAIN_FILE (analogously to 78138032Speter MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 78238032Speter 78338032Speterrelay_entire_domain 78438032Speter By default, only hosts listed as RELAY in the access db 78538032Speter will be allowed to relay. This option also allows any 78638032Speter host in your domain as defined by the 'm' class ($=m). 78738032Speter 78838032Speterrelay_hosts_only 78938032Speter By default, names that are listed as RELAY in the access 79038032Speter db and class 'R' ($=R) are domain names, not host names. 79138032Speter For example, if you specify ``foo.com'', then mail to or 79238032Speter from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 79338032Speter will all be accepted for relaying. This feature changes 79438032Speter the behaviour to lookup individual host names only. 79538032Speter 79638032Speterrelay_based_on_MX 79738032Speter Turns on the ability to allow relaying based on the MX 79842575Speter records of the host portion of an incoming recipient; that 79942575Speter is, if an MX record for host foo.com points to your site, 80042575Speter you will accept and relay mail addressed to foo.com. See 80138032Speter description below for more information before using this 80242575Speter feature. Also, see the KNOWNBUGS entry regarding bestmx 80342575Speter map lookups. 80438032Speter 80543730Speter FEATURE(`relay_based_on_MX') does not necessarily allow 80642575Speter routing of these messages which you expect to be allowed, 80742575Speter if route address syntax (or %-hack syntax) is used. If 80842575Speter this is a problem, add entries to the access-table or use 80943730Speter FEATURE(`loose_relay_check'). 81042575Speter 81138032Speterrelay_local_from 81238032Speter Allows relaying if the domain portion of the mail sender 81338032Speter is a local host. This should only be used if absolutely 81442575Speter necessary as it opens a window for spammers. Specifically, 81542575Speter they can send mail to your mail server that claims to be 81642575Speter from your domain (either directly or via a routed address), 81742575Speter and you will go ahead and relay it out to arbitrary hosts 81842575Speter on the Internet. 81938032Speter 82038032Speteraccept_unqualified_senders 82138032Speter Normally, MAIL FROM: commands in the SMTP session will be 82238032Speter refused if the connection is a network connection and the 82338032Speter sender address does not include a domain name. If your 82438032Speter setup sends local mail unqualified (i.e. MAIL FROM: <joe>), 82538032Speter you will need to use this feature to accept unqualified 82638032Speter sender addresses. 82738032Speter 82838032Speteraccept_unresolvable_domains 82938032Speter Normally, MAIL FROM: commands in the SMTP session will be 83038032Speter refused if the host part of the argument to MAIL FROM: cannot 83138032Speter be located in the host name service (e.g., DNS). If you are 83238032Speter inside a firewall that has only a limited view of the 83338032Speter Internet host name space, this could cause problems. In this 83438032Speter case you probably want to use this feature to accept all 83538032Speter domains on input, even if they are unresolvable. 83638032Speter 83738032Speteraccess_db Turns on the access database feature. The access db gives 83838032Speter you the ability to allow or refuse to accept mail from 83938032Speter specified domains for administrative reasons. By default, 84043730Speter the access database specification is: 84138032Speter 84243730Speter hash -o /etc/mail/access 84343730Speter 84443730Speter The format of the database is described below. 84543730Speter 84638032Speterblacklist_recipients 84738032Speter Turns on the ability to block incoming mail for certain 84838032Speter recipient usernames, hostnames, or addresses. For 84938032Speter example, you can block incoming mail to user nobody, 85038032Speter host foo.mydomain.com, or guest@bar.mydomain.com. 85138032Speter These specifications are put in the access db as 85238032Speter described below. 85338032Speter 85438032Speterrbl Turns on rejection of hosts found in the Realtime Blackhole 85538032Speter List. If an argument is provided it is used as the 85638032Speter name sever to contact; otherwise, the main RBL server at 85738032Speter rbl.maps.vix.com is used. For details, see 85838032Speter http://maps.vix.com/rbl/. 85938032Speter 86038032Speterloose_relay_check 86138032Speter Normally, if a recipient using % addressing is used, e.g. 86238032Speter user%site@othersite, and othersite is in class 'R', the 86338032Speter check_rcpt ruleset will strip @othersite and recheck 86438032Speter user@site for relaying. This feature changes that 86538032Speter behavior. It should not be needed for most installations. 86638032Speter 86738032Speter 86838032Speter+-------+ 86938032Speter| HACKS | 87038032Speter+-------+ 87138032Speter 87238032SpeterSome things just can't be called features. To make this clear, 87338032Speterthey go in the hack subdirectory and are referenced using the HACK 87438032Spetermacro. These will tend to be site-dependent. The release 87538032Speterincludes the Berkeley-dependent "cssubdomain" hack (that makes 87638032Spetersendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 87738032Speterthis is intended as a short-term aid while we move hosts into 87838032Spetersubdomains. 87938032Speter 88038032Speter 88138032Speter+--------------------+ 88238032Speter| SITE CONFIGURATION | 88338032Speter+--------------------+ 88438032Speter 88538032Speter ***************************************************** 88638032Speter * This section is really obsolete, and is preserved * 88738032Speter * only for back compatibility. You should plan on * 88838032Speter * using mailertables for new installations. In * 88938032Speter * particular, it doesn't work for the newer forms * 89038032Speter * of UUCP mailers, such as uucp-uudom. * 89138032Speter ***************************************************** 89238032Speter 89338032SpeterComplex sites will need more local configuration information, such as 89438032Speterlists of UUCP hosts they speak with directly. This can get a bit more 89538032Spetertricky. For an example of a "complex" site, see cf/ucbvax.mc. 89638032Speter 89738032SpeterIf your host is known by several different names, you need to augment 89838032Speterthe $=w class. This is a list of names by which you are known, and 89938032Speteranything sent to an address using a host name in this list will be 90038032Spetertreated as local mail. You can do this in two ways: either create 90138032Speterthe file /etc/sendmail.cw containing a list of your aliases (one per 90243730Speterline), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add the 90338032Speterline: 90438032Speter 90538032Speter Cw alias.host.name 90638032Speter 90738032Speterat the end of that file. See the ``vangogh.mc'' file for an example. 90838032SpeterBe sure you use the fully-qualified name of the host, rather than a 90938032Spetershort name. 91038032Speter 91138032SpeterThe SITECONFIG macro allows you to indirectly reference site-dependent 91238032Speterconfiguration information stored in the siteconfig subdirectory. For 91338032Speterexample, the line 91438032Speter 91538032Speter SITECONFIG(uucp.ucbvax, ucbvax, U) 91638032Speter 91738032Speterreads the file uucp.ucbvax for local connection information. The 91838032Spetersecond parameter is the local name (in this case just "ucbvax" since 91938032Speterit is locally connected, and hence a UUCP hostname). The third 92038032Speterparameter is the name of both a macro to store the local name (in 92138032Speterthis case, $U) and the name of the class (e.g., $=U) in which to store 92238032Speterthe host information read from the file. Another SITECONFIG line reads 92338032Speter 92438032Speter SITECONFIG(uucp.ucbarpa, ucbarpa.Berkeley.EDU, W) 92538032Speter 92638032SpeterThis says that the file uucp.ucbarpa contains the list of UUCP sites 92738032Speterconnected to ucbarpa.Berkeley.EDU. The $=W class will be used to 92838032Speterstore this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 92938032Speteris, the name of the relay to which the hosts listed in uucp.ucbarpa 93038032Speterare connected. [The machine ucbarpa is gone now, but I've left 93138032Speterthis out-of-date configuration file around to demonstrate how you 93238032Spetermight do this.] 93338032Speter 93438032SpeterNote that the case of SITECONFIG with a third parameter of ``U'' is 93538032Speterspecial; the second parameter is assumed to be the UUCP name of the 93638032Speterlocal site, rather than the name of a remote site, and the UUCP name 93738032Speteris entered into $=w (the list of local hostnames) as $U.UUCP. 93838032Speter 93938032SpeterThe siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 94038032Spetermore than a sequence of SITE macros describing connectivity. For 94138032Speterexample: 94238032Speter 94338032Speter SITE(cnmat) 94438032Speter SITE(sgi olympus) 94538032Speter 94638032SpeterThe second example demonstrates that you can use two names on the 94738032Spetersame line; these are usually aliases for the same host (or are at 94838032Speterleast in the same company). 94938032Speter 95038032Speter 95138032Speter+--------------------+ 95238032Speter| USING UUCP MAILERS | 95338032Speter+--------------------+ 95438032Speter 95538032SpeterIt's hard to get UUCP mailers right because of the extremely ad hoc 95638032Speternature of UUCP addressing. These config files are really designed 95738032Speterfor domain-based addressing, even for UUCP sites. 95838032Speter 95938032SpeterThere are four UUCP mailers available. The choice of which one to 96038032Speteruse is partly a matter of local preferences and what is running at 96138032Speterthe other end of your UUCP connection. Unlike good protocols that 96238032Speterdefine what will go over the wire, UUCP uses the policy that you 96338032Spetershould do what is right for the other end; if they change, you have 96438032Speterto change. This makes it hard to do the right thing, and discourages 96538032Speterpeople from updating their software. In general, if you can avoid 96638032SpeterUUCP, please do. 96738032Speter 96838032SpeterThe major choice is whether to go for a domainized scheme or a 96938032Speternon-domainized scheme. This depends entirely on what the other 97038032Speterend will recognize. If at all possible, you should encourage the 97138032Speterother end to go to a domain-based system -- non-domainized addresses 97238032Speterdon't work entirely properly. 97338032Speter 97438032SpeterThe four mailers are: 97538032Speter 97638032Speter uucp-old (obsolete name: "uucp") 97738032Speter This is the oldest, the worst (but the closest to UUCP) way of 97838032Speter sending messages accros UUCP connections. It does bangify 97938032Speter everything and prepends $U (your UUCP name) to the sender's 98038032Speter address (which can already be a bang path itself). It can 98138032Speter only send to one address at a time, so it spends a lot of 98238032Speter time copying duplicates of messages. Avoid this if at all 98338032Speter possible. 98438032Speter 98538032Speter uucp-new (obsolete name: "suucp") 98638032Speter The same as above, except that it assumes that in one rmail 98738032Speter command you can specify several recipients. It still has a 98838032Speter lot of other problems. 98938032Speter 99038032Speter uucp-dom 99138032Speter This UUCP mailer keeps everything as domain addresses. 99238032Speter Basically, it uses the SMTP mailer rewriting rules. This mailer 99338032Speter is only included if MAILER(smtp) is also specified. 99438032Speter 99538032Speter Unfortunately, a lot of UUCP mailer transport agents require 99638032Speter bangified addresses in the envelope, although you can use 99738032Speter domain-based addresses in the message header. (The envelope 99838032Speter shows up as the From_ line on UNIX mail.) So.... 99938032Speter 100038032Speter uucp-uudom 100138032Speter This is a cross between uucp-new (for the envelope addresses) 100238032Speter and uucp-dom (for the header addresses). It bangifies the 100338032Speter envelope sender (From_ line in messages) without adding the 100438032Speter local hostname, unless there is no host name on the address 100538032Speter at all (e.g., "wolf") or the host component is a UUCP host name 100638032Speter instead of a domain name ("somehost!wolf" instead of 100738032Speter "some.dom.ain!wolf"). This is also included only if MAILER(smtp) 100838032Speter is also specified. 100938032Speter 101038032SpeterExamples: 101138032Speter 101238032SpeterWe are on host grasp.insa-lyon.fr (UUCP host name "grasp"). The 101338032Speterfollowing summarizes the sender rewriting for various mailers. 101438032Speter 101538032SpeterMailer sender rewriting in the envelope 101638032Speter------ ------ ------------------------- 101738032Speteruucp-{old,new} wolf grasp!wolf 101838032Speteruucp-dom wolf wolf@grasp.insa-lyon.fr 101938032Speteruucp-uudom wolf grasp.insa-lyon.fr!wolf 102038032Speter 102138032Speteruucp-{old,new} wolf@fr.net grasp!fr.net!wolf 102238032Speteruucp-dom wolf@fr.net wolf@fr.net 102338032Speteruucp-uudom wolf@fr.net fr.net!wolf 102438032Speter 102538032Speteruucp-{old,new} somehost!wolf grasp!somehost!wolf 102638032Speteruucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 102738032Speteruucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 102838032Speter 102938032SpeterIf you are using one of the domainized UUCP mailers, you really want 103038032Speterto convert all UUCP addresses to domain format -- otherwise, it will 103138032Speterdo it for you (and probably not the way you expected). For example, 103238032Speterif you have the address foo!bar!baz (and you are not sending to foo), 103338032Speterthe heuristics will add the @uucp.relay.name or @local.host.name to 103438032Speterthis address. However, if you map foo to foo.host.name first, it 103538032Speterwill not add the local hostname. You can do this using the uucpdomain 103638032Speterfeature. 103738032Speter 103838032Speter 103938032Speter+-------------------+ 104038032Speter| TWEAKING RULESETS | 104138032Speter+-------------------+ 104238032Speter 104338032SpeterFor more complex configurations, you can define special rules. 104438032SpeterThe macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 104538032Speterthe names. Any modifications made here are reflected in the header. 104638032Speter 104738032SpeterA common use is to convert old UUCP addresses to SMTP addresses using 104838032Speterthe UUCPSMTP macro. For example: 104938032Speter 105038032Speter LOCAL_RULE_3 105138032Speter UUCPSMTP(decvax, decvax.dec.com) 105238032Speter UUCPSMTP(research, research.att.com) 105338032Speter 105438032Speterwill cause addresses of the form "decvax!user" and "research!user" 105538032Speterto be converted to "user@decvax.dec.com" and "user@research.att.com" 105638032Speterrespectively. 105738032Speter 105838032SpeterThis could also be used to look up hosts in a database map: 105938032Speter 106038032Speter LOCAL_RULE_3 106138032Speter R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 106238032Speter 106338032SpeterThis map would be defined in the LOCAL_CONFIG portion, as shown below. 106438032Speter 106538032SpeterSimilarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 106638032SpeterFor example, new rules are needed to parse hostnames that you accept 106738032Spetervia MX records. For example, you might have: 106838032Speter 106938032Speter LOCAL_RULE_0 107038032Speter R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 107138032Speter 107238032SpeterYou would use this if you had installed an MX record for cnmat.Berkeley.EDU 107338032Speterpointing at this host; this rule catches the message and forwards it on 107438032Speterusing UUCP. 107538032Speter 107638032SpeterYou can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 107738032SpeterThese rulesets are normally empty. 107838032Speter 107938032SpeterA similar macro is LOCAL_CONFIG. This introduces lines added after the 108038032Speterboilerplate option setting but before rulesets, and can be used to 108138032Speterdeclare local database maps or whatever. For example: 108238032Speter 108338032Speter LOCAL_CONFIG 108438032Speter Khostmap hash /etc/hostmap.db 108538032Speter Kyplocal nis -m hosts.byname 108638032Speter 108738032Speter 108838032Speter+---------------------------+ 108938032Speter| MASQUERADING AND RELAYING | 109038032Speter+---------------------------+ 109138032Speter 109238032SpeterYou can have your host masquerade as another using 109338032Speter 109438032Speter MASQUERADE_AS(host.domain) 109538032Speter 109638032SpeterThis causes mail being sent to be labeled as coming from the 109738032Speterindicated host.domain, rather than $j. One normally masquerades as 109838032Speterone of one's own subdomains (for example, it's unlikely that I would 109938032Speterchoose to masquerade as an MIT site). This behaviour is modified by 110038032Spetera plethora of FEATUREs; in particular, see masquerade_envelope, 110138032Speterallmasquerade, limited_masquerade, and masquerade_entire_domain. 110238032Speter 110338032SpeterThe masquerade name is not normally canonified, so it is important 110438032Speterthat it be your One True Name, that is, fully qualified and not a 110538032SpeterCNAME. However, if you use a CNAME, the receiving side may canonify 110638032Speterit for you, so don't think you can cheat CNAME mapping this way. 110738032Speter 110838032SpeterNormally the only addresses that are masqueraded are those that come 110938032Speterfrom this host (that is, are either unqualified or in $=w, the list 111038032Speterof local domain names). You can augment this list using 111138032Speter 111238032Speter MASQUERADE_DOMAIN(otherhost.domain) 111338032Speter 111438032SpeterThe effect of this is that although mail to user@otherhost.domain 111538032Speterwill not be delivered locally, any mail including any user@otherhost.domain 111638032Speterwill, when relayed, be rewritten to have the MASQUERADE_AS address. 111738032SpeterThis can be a space-separated list of names. 111838032Speter 111938032SpeterIf these names are in a file, you can use 112038032Speter 112138032Speter MASQUERADE_DOMAIN_FILE(filename) 112238032Speter 112338032Speterto read the list of names from the indicated file. 112438032Speter 112538032SpeterNormally only header addresses are masqueraded. If you want to 112638032Spetermasquerade the envelope as well, use 112738032Speter 112843730Speter FEATURE(`masquerade_envelope') 112938032Speter 113038032SpeterThere are always users that need to be "exposed" -- that is, their 113138032Speterinternal site name should be displayed instead of the masquerade name. 113238032SpeterRoot is an example. You can add users to this list using 113338032Speter 113438032Speter EXPOSED_USER(usernames) 113538032Speter 113638032SpeterThis adds users to class E; you could also use something like 113738032Speter 113838032Speter FE/etc/sendmail.cE 113938032Speter 114038032SpeterYou can also arrange to relay all unqualified names (that is, names 114138032Speterwithout @host) to a relay host. For example, if you have a central 114238032Speteremail server, you might relay to that host so that users don't have 114338032Speterto have .forward files or aliases. You can do this using 114438032Speter 114543730Speter define(`LOCAL_RELAY', `mailer:hostname') 114638032Speter 114738032SpeterThe ``mailer:'' can be omitted, in which case the mailer defaults to 114838032Speter"relay". There are some user names that you don't want relayed, perhaps 114938032Speterbecause of local aliases. A common example is root, which may be 115038032Speterlocally aliased. You can add entries to this list using 115138032Speter 115238032Speter LOCAL_USER(usernames) 115338032Speter 115438032SpeterThis adds users to class L; you could also use something like 115538032Speter 115638032Speter FL/etc/sendmail.cL 115738032Speter 115838032SpeterIf you want all incoming mail sent to a centralized hub, as for a 115938032Spetershared /var/spool/mail scheme, use 116038032Speter 116143730Speter define(`MAIL_HUB', `mailer:hostname') 116238032Speter 116338032SpeterAgain, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 116443730Speterand MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 116538032Speterbe sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 116638032SpeterNames in $=L will be delivered locally, so you MUST have aliases or 116738032Speter.forward files for them. 116838032Speter 116938032SpeterFor example, if you are on machine mastodon.CS.Berkeley.EDU and you have 117043730SpeterFEATURE(`stickyhost'), the following combinations of settings will have the 117138032Speterindicated effects: 117238032Speter 117338032Speteremail sent to.... eric eric@mastodon.CS.Berkeley.EDU 117438032Speter 117538032SpeterLOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 117638032Spetermail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 117738032Speter 117838032SpeterMAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 117938032Spetermammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 118038032Speter 118138032SpeterBoth LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 118238032SpeterMAIL_HUB set as above (no local aliasing) (aliasing done) 118338032Speter 118443730SpeterIf you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 118538032SpeterMAIL_HUB act identically, with MAIL_HUB taking precedence. 118638032Speter 118738032SpeterIf you want all outgoing mail to go to a central relay site, define 118838032SpeterSMART_HOST as well. Briefly: 118938032Speter 119038032Speter LOCAL_RELAY applies to unqualified names (e.g., "eric"). 119138032Speter MAIL_HUB applies to names qualified with the name of the 119238032Speter local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 119338032Speter SMART_HOST applies to names qualified with other hosts. 119438032Speter 119538032SpeterHowever, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 119638032SpeterDECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 119738032Speterreally want absolutely everything to go to a single central site you will 119838032Speterneed to unset all the other relays -- or better yet, find or build a 119938032Speterminimal config file that does this. 120038032Speter 120138032SpeterFor duplicate suppression to work properly, the host name is best 120238032Speterspecified with a terminal dot: 120338032Speter 120438032Speter define(`MAIL_HUB', `host.domain.') 120538032Speter note the trailing dot ---^ 120638032Speter 120738032Speter 120838032Speter+---------------------------------+ 120938032Speter| ANTI-SPAM CONFIGURATION CONTROL | 121038032Speter+---------------------------------+ 121138032Speter 121238032SpeterThe primary anti-spam features available in sendmail are: 121338032Speter 121438032Speter* Relaying is denied by default. 121538032Speter* Better checking on sender information. 121638032Speter* Access database. 121738032Speter* Header checks. 121838032Speter 121938032SpeterRelaying (transmission of messages from a site outside your domain to 122038032Speteranother site outside your domain) is denied by default. Note that 122138032Speterthis changed in sendmail 8.9; previous versions allowed relaying by 122238032Speterdefault. If you want to revert to the old behaviour, you will need 122343730Speterto use FEATURE(`promiscuous_relay'). You can allow certain domains to 122438032Speterrelay through your server by adding their domain name or IP address to 122538032Speterclass 'R' ($=R) using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the 122638032Speteraccess database (described below). 122738032Speter 122838032SpeterIf you use 122938032Speter 123043730Speter FEATURE(`relay_entire_domain') 123138032Speter 123238032Speterthen any host in any of your local domains (that is, the $=m class) 123342575Speterwill be relayed (that is, you will accept mail either to or from any 123442575Speterhost in your domain). 123538032Speter 123638032SpeterYou can also allow relaying based on the MX records of the host 123738032Speterportion of an incoming recipient address by using 123838032Speter 123943730Speter FEATURE(`relay_based_on_MX') 124038032Speter 124138032SpeterFor example, if your server receives a recipient of user@domain.com 124238032Speterand domain.com lists your server in its MX records, the mail will be 124342575Speteraccepted for relay to domain.com. Note that this will stop spammers 124442575Speterfrom using your host to relay spam but it will not stop outsiders from 124542575Speterusing your server as a relay for their site (that is, they set up an 124642575SpeterMX record pointing to your mail server, and you will relay mail addressed 124742575Speterto them without any prior arrangement). Along the same lines, 124838032Speter 124943730Speter FEATURE(`relay_local_from') 125038032Speter 125138032Speterwill allow relaying if the sender specifies a return path (i.e. 125238032SpeterMAIL FROM: <user@domain>) domain which is a local domain. This a 125338032Speterdangerous feature as it will allow spammers to spam using your mail 125438032Speterserver by simply specifying a return address of user@your.domain.com. 125538032SpeterIt should not be used unless absolutely necessary. 125638032Speter 125738032SpeterIf source routing is used in the recipient address (i.e. 125838032SpeterRCPT TO: <user%site.com@othersite.com>), sendmail will check 125938032Speteruser@site.com for relaying if othersite.com is an allowed relay host 126043730Speterin either class 'R', class 'm' if FEATURE(`relay_entire_domain') is used, 126143730Speteror the access database if FEATURE(`access_db') is used. To prevent 126238032Speterthe address from being stripped down, use: 126338032Speter 126443730Speter FEATURE(`loose_relay_check') 126538032Speter 126638032SpeterIf you think you need to use this feature, you probably do not. This 126738032Spetershould only be used for sites which have no control over the addresses 126838032Speterthat they provide a gateway for. Use this FEATURE with caution as it 126938032Spetercan allow spammers to relay through your server if not setup properly. 127038032Speter 127138032SpeterAs of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 127238032Speteran unresolvable domain (i.e., one that DNS, your local name service, 127338032Speteror special case rules in ruleset 3 cannot locate). If you want to 127438032Spetercontinue to accept such domains, e.g. because you are inside a 127538032Speterfirewall that has only a limited view of the Internet host name space 127638032Speter(note that you will not be able to return mail to them unless you have 127738032Spetersome "smart host" forwarder), use 127838032Speter 127943730Speter FEATURE(`accept_unresolvable_domains') 128038032Speter 128138032Spetersendmail will also refuse mail if the MAIL FROM: parameter is not 128238032Speterfully qualified (i.e., contains a domain as well as a user). If you 128338032Speterwant to continue to accept such senders, use 128438032Speter 128543730Speter FEATURE(`accept_unqualified_senders') 128638032Speter 128738032SpeterAn ``access'' database can be created to accept or reject mail from 128838032Speterselected domains. For example, you may choose to reject all mail 128938032Speteroriginating from known spammers. To enable such a database, use 129038032Speter 129143730Speter FEATURE(`access_db') 129238032Speter 129338032SpeterThe FEATURE macro can accept a second parameter giving the key file 129438032Speterdefinition for the database; for example 129538032Speter 129643730Speter FEATURE(`access_db', `hash -o /etc/mail/access') 129738032Speter 129842575SpeterRemember, since /etc/mail/access is a database, after creating the text 129942575Speterfile as described below, you must use makemap to create the database 130042575Spetermap. For example: 130142575Speter 130243730Speter makemap hash /etc/mail/access < /etc/mail/access 130342575Speter 130438032SpeterThe table itself uses e-mail addresses, domain names, and network 130538032Speternumbers as keys. For example, 130638032Speter 130738032Speter spammer@aol.com REJECT 130838032Speter cyberspammer.com REJECT 130942575Speter 192.168.212 REJECT 131038032Speter 131138032Speterwould refuse mail from spammer@aol.com, any user from cyberspammer.com 131238032Speter(or any host within the cyberspammer.com domain), and any host on the 131342575Speter192.168.212.* network. 131438032Speter 131538032SpeterThe value part of the map can contain: 131638032Speter 131742575Speter OK Accept mail even if other rules in the 131842575Speter running ruleset would reject it, for example, 131942575Speter if the domain name is unresolvable. 132042575Speter RELAY Accept mail addressed to the indicated domain or 132142575Speter received from the indicated domain for relaying 132242575Speter through your SMTP server. RELAY also serves as 132342575Speter an implicit OK for the other checks. 132442575Speter REJECT Reject the sender or recipient with a general 132538032Speter purpose message. 132642575Speter DISCARD Discard the message completely using the 132742575Speter $#discard mailer. This only works for sender 132842575Speter addresses (i.e., it indicates that you should 132942575Speter discard anything received from the indicated 133042575Speter domain). 133138032Speter ### any text where ### is an RFC 821 compliant error code 133238032Speter and "any text" is a message to return for 133338032Speter the command. 133438032Speter 133538032SpeterFor example: 133638032Speter 133738032Speter cyberspammer.com 550 We don't accept mail from spammers 133838032Speter okay.cyberspammer.com OK 133938032Speter sendmail.org OK 134038032Speter 128.32 RELAY 134138032Speter 134238032Speterwould accept mail from okay.cyberspammer.com, but would reject mail 134338032Speterfrom all other hosts at cyberspammer.com with the indicated message. 134438032SpeterIt would allow accept mail from any hosts in the sendmail.org domain, 134538032Speterand allow relaying for the 128.32.*.* network. Note, UUCP users may 134638032Speterneed to add hostname.UUCP to the access database or class 'R' ($=R). 134738032SpeterIf you also use: 134838032Speter 134943730Speter FEATURE(`relay_hosts_only') 135038032Speter 135138032Speterthen the above example will allow relaying for sendmail.org, but not 135238032Speterhosts within the sendmail.org domain. Note that this will also require 135338032Speterhosts listed in class 'R' ($=R) to be fully qualified host names. 135438032Speter 135538032SpeterYou can also use the access database to block sender addresses based on 135638032Speterthe username portion of the address. For example: 135738032Speter 135838032Speter FREE.STEALTH.MAILER@ 550 Spam not accepted 135938032Speter 136038032SpeterNote that you must include the @ after the username to signify that 136138032Speterthis database entry is for checking only the username portion of the 136238032Spetersender address. 136338032Speter 136438032SpeterIf you use: 136538032Speter 136643730Speter FEATURE(`blacklist_recipients') 136738032Speter 136838032Speterthen you can add entries to the map for local users, hosts in your 136938032Speterdomains, or addresses in your domain which should not receive mail: 137038032Speter 137138032Speter badlocaluser 550 Mailbox disabled for this username 137238032Speter host.mydomain.com 550 That host does not accept mail 137338032Speter user@otherhost.mydomain.com 550 Mailbox disabled for this recipient 137438032Speter 137538032SpeterThis would prevent a recipient of badlocaluser@mydomain.com, any 137638032Speteruser at host.mydomain.com, and the single address 137742575Speteruser@otherhost.mydomain.com from receiving mail. Enabling this 137842575Speterfeature will keep you from sending mails to all addresses that 137942575Speterhave an error message or REJECT as value part in the access map. 138042575SpeterTaking the example from above: 138138032Speter 138242575Speter spammer@aol.com REJECT 138342575Speter cyberspammer.com REJECT 138442575Speter 138542575SpeterMail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 138642575Speter 138738032SpeterThere is also a ``Realtime Blackhole List'' run by the MAPS project 138838032Speterat http://maps.vix.com/. This is a database maintained in DNS of 138938032Speterspammers. To use this database, use 139038032Speter 139143730Speter FEATURE(`rbl') 139238032Speter 139338032SpeterThis will cause sendmail to reject mail from any site in the 139438032SpeterRealtime Blackhole List database. You can specify an alternative 139538032SpeterRBL name server to contact by specifying an argument to the FEATURE. 139638032Speter 139738032SpeterThe features described above make use of the check_relay, check_mail, 139838032Speterand check_rcpt rulesets. If you wish to include your own checks, 139938032Speteryou can put your checks in the rulesets Local_check_relay, 140038032SpeterLocal_check_mail, and Local_check_rcpt. For example if you wanted to 140138032Speterblock senders with all numeric usernames (i.e. 2312343@bigisp.com), 140238032Speteryou would use Local_check_mail and the new regex map: 140338032Speter 140438032Speter LOCAL_CONFIG 140538032Speter Kallnumbers regex -a@MATCH ^[0-9]+$ 140638032Speter 140738032Speter LOCAL_RULESETS 140838032Speter SLocal_check_mail 140938032Speter # check address against various regex checks 141038032Speter R$* $: $>Parse0 $>3 $1 141138032Speter R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 141238032Speter R@MATCH $#error $: 553 Header Error 141338032Speter 141438032SpeterThese rules are called with the original arguments of the corresponding 141538032Spetercheck_* ruleset. If the local ruleset returns $#OK, no further checking 141638032Speteris done by the features described above and the mail is accepted. If the 141738032Speterlocal ruleset resolves to a mailer (such as $#error or $#discard), the 141838032Speterappropriate action is taken. Otherwise, the results of the local 141938032Speterrewriting are ignored. 142038032Speter 142138032Speter 142238032SpeterYou can also reject mail on the basis of the contents of headers. 142338032SpeterThis is done by adding a ruleset call to the 'H' header definition command 142438032Speterin sendmail.cf. For example, this can be used to check the validity of 142538032Spetera Message-ID: header: 142638032Speter 142738032Speter LOCAL_RULESETS 142838032Speter HMessage-Id: $>CheckMessageId 142938032Speter 143038032Speter SCheckMessageId 143138032Speter R< $+ @ $+ > $@ OK 143238032Speter R$* $#error $: 553 Header Error 143338032Speter 143443730SpeterUsers of FEATURE(`nullclient') who desire to use the anti-spam and 143543730Speteranti-relaying capabilities should replace FEATURE(`nullclient', `mailhub') 143642575Speterwith: 143738032Speter 143842575Speter undefine(`ALIAS_FILE') 143942575Speter define(`MAIL_HUB', `mailhub') 144042575Speter define(`SMART_HOST', `mailhub') 144142575Speter define(`confFORWARD_PATH', `') 144242575Speter 144342575Speterwhere mailhub is the fully qualified hostname for their mail server. 144443730SpeterThe above rules will provide the relaying to the mailhub without local 144543730Speteralias and forward file expansion. To match the other behavior of 144643730SpeterFEATURE(`nullclient'), you should also add these lines along with those 144743730Speterlisted above: 144842575Speter 144943730Speter MASQUERADE_AS(`mailhub') 145043730Speter FEATURE(`allmasquerade') 145143730Speter FEATURE(`masquerade_envelope') 145242575Speter 145343730Speter 145438032Speter+--------------------------------+ 145538032Speter| ADDING NEW MAILERS OR RULESETS | 145638032Speter+--------------------------------+ 145738032Speter 145838032SpeterSometimes you may need to add entirely new mailers or rulesets. They 145938032Spetershould be introduced with the constructs MAILER_DEFINITIONS and 146038032SpeterLOCAL_RULESETS respectively. For example: 146138032Speter 146238032Speter MAILER_DEFINITIONS 146338032Speter Mmymailer, ... 146438032Speter ... 146538032Speter 146638032Speter LOCAL_RULESETS 146738032Speter Smyruleset 146838032Speter ... 146938032Speter 147038032Speter 147138032Speter+-------------------------------+ 147238032Speter| NON-SMTP BASED CONFIGURATIONS | 147338032Speter+-------------------------------+ 147438032Speter 147538032SpeterThese configuration files are designed primarily for use by SMTP-based 147638032Spetersites. I don't pretend that they are well tuned for UUCP-only or 147738032SpeterUUCP-primarily nodes (the latter is defined as a small local net 147838032Speterconnected to the rest of the world via UUCP). However, there is one 147938032Speterhook to handle some special cases. 148038032Speter 148138032SpeterYou can define a ``smart host'' that understands a richer address syntax 148238032Speterusing: 148338032Speter 148443730Speter define(`SMART_HOST', `mailer:hostname') 148538032Speter 148638032SpeterIn this case, the ``mailer:'' defaults to "relay". Any messages that 148738032Spetercan't be handled using the usual UUCP rules are passed to this host. 148838032Speter 148938032SpeterIf you are on a local SMTP-based net that connects to the outside 149038032Speterworld via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 149138032SpeterFor example: 149238032Speter 149343730Speter define(`SMART_HOST', `suucp:uunet') 149438032Speter LOCAL_NET_CONFIG 149538032Speter R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 149638032Speter 149738032SpeterThis will cause all names that end in your domain name ($m) via 149838032SpeterSMTP; anything else will be sent via suucp (smart UUCP) to uunet. 149943730SpeterIf you have FEATURE(`nocanonify'), you may need to omit the dots after 150038032Speterthe $m. If you are running a local DNS inside your domain which is 150138032Speternot otherwise connected to the outside world, you probably want to 150238032Speteruse: 150338032Speter 150443730Speter define(`SMART_HOST', `smtp:fire.wall.com') 150538032Speter LOCAL_NET_CONFIG 150638032Speter R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 150738032Speter 150838032SpeterThat is, send directly only to things you found in your DNS lookup; 150938032Speteranything else goes through SMART_HOST. 151038032Speter 151138032SpeterYou may need to turn off the anti-spam rules in order to accept 151243730SpeterUUCP mail with FEATURE(`promiscuous_relay') and 151343730SpeterFEATURE(`accept_unresolvable_domains'). 151438032Speter 151538032Speter 151638032Speter+-----------+ 151738032Speter| WHO AM I? | 151838032Speter+-----------+ 151938032Speter 152038032SpeterNormally, the $j macro is automatically defined to be your fully 152138032Speterqualified domain name (FQDN). Sendmail does this by getting your 152238032Speterhost name using gethostname and then calling gethostbyname on the 152338032Speterresult. For example, in some environments gethostname returns 152438032Speteronly the root of the host name (such as "foo"); gethostbyname is 152538032Spetersupposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 152638032Spetercases, gethostbyname may fail to return the FQDN. In this case 152738032Speteryou MUST define confDOMAIN_NAME to be your fully qualified domain 152838032Spetername. This is usually done using: 152938032Speter 153038032Speter Dmbar.com 153138032Speter define(`confDOMAIN_NAME', `$w.$m')dnl 153238032Speter 153338032Speter 153438032Speter+--------------------+ 153538032Speter| USING MAILERTABLES | 153638032Speter+--------------------+ 153738032Speter 153843730SpeterTo use FEATURE(`mailertable'), you will have to create an external 153938032Speterdatabase containing the routing information for various domains. 154038032SpeterFor example, a mailertable file in text format might be: 154138032Speter 154238032Speter .my.domain xnet:%1.my.domain 154338032Speter uuhost1.my.domain suucp:uuhost1 154438032Speter .bitnet smtp:relay.bit.net 154538032Speter 154638032SpeterThis should normally be stored in /etc/mailertable. The actual 154738032Speterdatabase version of the mailertable is built using: 154838032Speter 154938032Speter makemap hash /etc/mailertable.db < /etc/mailertable 155038032Speter 155138032SpeterThe semantics are simple. Any LHS entry that does not begin with 155238032Spetera dot matches the full host name indicated. LHS entries beginning 155338032Speterwith a dot match anything ending with that domain name -- that is, 155438032Speterthey can be thought of as having a leading "*" wildcard. Matching 155538032Speteris done in order of most-to-least qualified -- for example, even 155638032Speterthough ".my.domain" is listed first in the above example, an entry 155738032Speterof "uuhost1.my.domain" will match the second entry since it is 155838032Spetermore explicit. 155938032Speter 156038032SpeterThe RHS should always be a "mailer:host" pair. The mailer is the 156138032Speterconfiguration name of a mailer (that is, an `M' line in the 156238032Spetersendmail.cf file). The "host" will be the hostname passed to 156338032Speterthat mailer. In domain-based matches (that is, those with leading 156438032Speterdots) the "%1" may be used to interpolate the wildcarded part of 156538032Speterthe host name. For example, the first line above sends everything 156638032Speteraddressed to "anything.my.domain" to that same host name, but using 156738032Speterthe (presumably experimental) xnet mailer. 156838032Speter 156938032SpeterIn some cases you may want to temporarily turn off MX records, 157038032Speterparticularly on gateways. For example, you may want to MX 157138032Spetereverything in a domain to one machine that then forwards it 157238032Speterdirectly. To do this, you might use the DNS configuration: 157338032Speter 157438032Speter *.domain. IN MX 0 relay.machine 157538032Speter 157638032Speterand on relay.machine use the mailertable: 157738032Speter 157838032Speter .domain smtp:[gateway.domain] 157938032Speter 158038032SpeterThe [square brackets] turn off MX records for this host only. 158138032SpeterIf you didn't do this, the mailertable would use the MX record 158238032Speteragain, which would give you an MX loop. 158338032Speter 158438032Speter 158538032Speter+--------------------------------+ 158638032Speter| USING USERDB TO MAP FULL NAMES | 158738032Speter+--------------------------------+ 158838032Speter 158938032SpeterThe user database was not originally intended for mapping full names 159038032Speterto login names (e.g., Eric.Allman => eric), but some people are using 159138032Speterit that way. (I would recommend that you set up aliases for this 159238032Speterpurpose instead -- since you can specify multiple alias files, this 159338032Speteris fairly easy.) The intent was to locate the default maildrop at 159438032Spetera site, but allow you to override this by sending to a specific host. 159538032Speter 159638032SpeterIf you decide to set up the user database in this fashion, it is 159743730Speterimperative that you not use FEATURE(`stickyhost') -- otherwise, 159838032Spetere-mail sent to Full.Name@local.host.name will be rejected. 159938032Speter 160038032SpeterTo build the internal form of the user database, use: 160138032Speter 160238032Speter makemap btree /usr/data/base.db < /usr/data/base.txt 160338032Speter 160438032SpeterAs a general rule, I am adamantly opposed to using full names as 160538032Spetere-mail addresses, since they are not in any sense unique. For example, 160638032Speterthe Unix software-development community has two Andy Tannenbaums, 160738032Speterat least two well-known Peter Deutsches, and at one time Bell Labs 160838032Speterhad two Stephen R. Bournes with offices along the same hallway. 160938032SpeterWhich one will be forced to suffer the indignity of being 161038032SpeterStephen_R_Bourne_2? The less famous of the two, or the one that 161138032Speterwas hired later? 161238032Speter 161338032SpeterFinger should handle full names (and be fuzzy). Mail should use 161438032Speterhandles, and not be fuzzy. [Not that I expect anyone to pay any 161538032Speterattention to my opinions.] 161638032Speter 161738032Speter 161838032Speter+--------------------------------+ 161938032Speter| MISCELLANEOUS SPECIAL FEATURES | 162038032Speter+--------------------------------+ 162138032Speter 162238032SpeterPlussed users 162338032Speter Sometimes it is convenient to merge configuration on a 162438032Speter centralized mail machine, for example, to forward all 162538032Speter root mail to a mail server. In this case it might be 162638032Speter useful to be able to treat the root addresses as a class 162738032Speter of addresses with subtle differences. You can do this 162838032Speter using plussed users. For example, a client might include 162938032Speter the alias: 163038032Speter 163138032Speter root: root+client1@server 163238032Speter 163338032Speter On the server, this will match an alias for "root+client1". 163438032Speter If that is not found, the alias "root+*" will be tried, 163538032Speter then "root". 163638032Speter 163738032SpeterLDAP 163838032Speter For notes on use LDAP in sendmail, see 163938032Speter http://www.stanford.edu/~bbense/Inst.html 164038032Speter 164138032Speter 164238032Speter 164338032Speter+----------------+ 164438032Speter| SECURITY NOTES | 164538032Speter+----------------+ 164638032Speter 164738032SpeterA lot of sendmail security comes down to you. Sendmail 8 is much 164838032Spetermore careful about checking for security problems than previous 164938032Speterversions, but there are some things that you still need to watch 165038032Speterfor. In particular: 165138032Speter 165238032Speter* Make sure the aliases file isn't writable except by trusted 165338032Speter system personnel. This includes both the text and database 165438032Speter version. 165538032Speter 165638032Speter* Make sure that other files that sendmail reads, such as the 165738032Speter mailertable, are only writable by trusted system personnel. 165838032Speter 165938032Speter* The queue directory should not be world writable PARTICULARLY 166038032Speter if your system allows "file giveaways" (that is, if a non-root 166138032Speter user can chown any file they own to any other user). 166238032Speter 166338032Speter* If your system allows file giveaways, DO NOT create a publically 166438032Speter writable directory for forward files. This will allow anyone 166538032Speter to steal anyone else's e-mail. Instead, create a script that 166638032Speter copies the .forward file from users' home directories once a 166738032Speter night (if you want the non-NFS-mounted forward directory). 166838032Speter 166938032Speter* If your system allows file giveaways, you'll find that 167038032Speter sendmail is much less trusting of :include: files -- in 167138032Speter particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 167238032Speter /etc/shells before they will be trusted (that is, before 167338032Speter files and programs listed in them will be honored). 167438032Speter 167538032SpeterIn general, file giveaways are a mistake -- if you can turn them 167638032Speteroff I recommend you do so. 167738032Speter 167838032Speter 167938032Speter+--------------------------------+ 168038032Speter| TWEAKING CONFIGURATION OPTIONS | 168138032Speter+--------------------------------+ 168238032Speter 168338032SpeterThere are a large number of configuration options that don't normally 168438032Speterneed to be changed. However, if you feel you need to tweak them, you 168538032Spetercan define the following M4 variables. This list is shown in four 168638032Spetercolumns: the name you define, the default value for that definition, 168738032Speterthe option or macro that is affected (either Ox for an option or Dx 168838032Speterfor a macro), and a brief description. Greater detail of the semantics 168938032Spetercan be found in the Installation and Operations Guide. 169038032Speter 169138032SpeterSome options are likely to be deprecated in future versions -- that is, 169238032Speterthe option is only included to provide back-compatibility. These are 169338032Spetermarked with "*". 169438032Speter 169538032SpeterRemember that these options are M4 variables, and hence may need to 169638032Speterbe quoted. In particular, arguments with commas will usually have to 169738032Speterbe ``double quoted, like this phrase'' to avoid having the comma 169838032Speterconfuse things. This is common for alias file definitions and for 169938032Speterthe read timeout. 170038032Speter 170138032SpeterM4 Variable Name Configuration Description & [Default] 170238032Speter================ ============= ======================= 170338032SpeterconfMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 170438032Speter for internally generated outgoing 170538032Speter messages. 170638032SpeterconfDOMAIN_NAME $j macro If defined, sets $j. This should 170738032Speter only be done if your system cannot 170838032Speter determine your local domain name, 170938032Speter and then it should be set to 171038032Speter $w.Foo.COM, where Foo.COM is your 171138032Speter domain name. 171238032SpeterconfCF_VERSION $Z macro If defined, this is appended to the 171338032Speter configuration version name. 171438032SpeterconfFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 171538032Speter internally generated From: address. 171638032SpeterconfRECEIVED_HEADER Received: 171738032Speter [$?sfrom $s $.$?_($?s$|from $.$_) 171838032Speter $.by $j ($v/$Z)$?r with $r$. id $i$?u 171938032Speter for $u; $|; 172038032Speter $.$b] 172138032Speter The format of the Received: header 172238032Speter in messages passed through this host. 172338032Speter It is unwise to try to change this. 172438032SpeterconfCW_FILE Fw class [/etc/sendmail.cw] Name of file used 172538032Speter to get the local additions to the $=w 172638032Speter (local host names) class. 172738032SpeterconfCT_FILE Ft class [/etc/sendmail.ct] Name of file used 172838032Speter to get the local additions to the $=t 172938032Speter (trusted users) class. 173038032SpeterconfCR_FILE FR class [/etc/mail/relay-domains] Name of 173138032Speter file used to get the local additions 173238032Speter to the $=R (hosts allowed to relay) 173338032Speter class. 173438032SpeterconfTRUSTED_USERS Ct class [no default] Names of users to add to 173538032Speter the list of trusted users. This list 173638032Speter always includes root, uucp, and daemon. 173743730Speter See also FEATURE(`use_ct_file'). 173838032SpeterconfSMTP_MAILER - [esmtp] The mailer name used when 173938032Speter SMTP connectivity is required. 174038032Speter One of "smtp", "smtp8", or "esmtp". 174138032SpeterconfUUCP_MAILER - [uucp-old] The mailer to be used by 174238032Speter default for bang-format recipient 174338032Speter addresses. See also discussion of 174438032Speter $=U, $=Y, and $=Z in the MAILER(uucp) 174538032Speter section. 174638032SpeterconfLOCAL_MAILER - [local] The mailer name used when 174738032Speter local connectivity is required. 174838032Speter Almost always "local". 174938032SpeterconfRELAY_MAILER - [relay] The default mailer name used 175038032Speter for relaying any mail (e.g., to a 175138032Speter BITNET_RELAY, a SMART_HOST, or 175238032Speter whatever). This can reasonably be 175338032Speter "uucp-new" if you are on a 175438032Speter UUCP-connected site. 175538032SpeterconfSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 175638032SpeterconfEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 175738032SpeterconfALIAS_WAIT AliasWait [10m] Time to wait for alias file 175838032Speter rebuild until you get bored and 175938032Speter decide that the apparently pending 176038032Speter rebuild failed. 176138032SpeterconfMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 176238032Speter queue filesystem to accept SMTP mail. 176338032Speter (Prior to 8.7 this was minfree/maxsize, 176438032Speter where minfree was the number of free 176538032Speter blocks and maxsize was the maximum 176638032Speter message size. Use confMAX_MESSAGE_SIZE 176738032Speter for the second value now.) 176838032SpeterconfMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 176938032Speter that will be accepted (in bytes). 177038032SpeterconfBLANK_SUB BlankSub [.] Blank (space) substitution 177138032Speter character. 177238032SpeterconfCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 177338032Speter to mailers marked expensive? 177438032SpeterconfCHECKPOINT_INTERVAL CheckpointInterval 177538032Speter [10] Checkpoint queue files every N 177638032Speter recipients. 177738032SpeterconfDELIVERY_MODE DeliveryMode [background] Default delivery mode. 177838032SpeterconfAUTO_REBUILD AutoRebuildAliases 177938032Speter [False] Automatically rebuild alias 178038032Speter file if needed. 178138032SpeterconfERROR_MODE ErrorMode [print] Error message mode. 178238032SpeterconfERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 178342575SpeterconfSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 178438032SpeterconfTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 178538032SpeterconfMATCH_GECOS MatchGECOS [False] Match GECOS field. 178638032SpeterconfMAX_HOP MaxHopCount [25] Maximum hop count. 178738032SpeterconfIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd mode] 178838032Speter Ignore dot as terminator for incoming 178938032Speter messages? 179038032SpeterconfBIND_OPTS ResolverOptions [undefined] Default options for DNS 179138032Speter resolver. 179238032SpeterconfMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 179338032Speter encapsulated messages per RFC 1344. 179438032SpeterconfFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 179538032Speter The colon-separated list of places to 179638032Speter search for .forward files. N.B.: see 179738032Speter the Security Notes section. 179838032SpeterconfMCI_CACHE_SIZE ConnectionCacheSize 179938032Speter [2] Size of open connection cache. 180038032SpeterconfMCI_CACHE_TIMEOUT ConnectionCacheTimeout 180138032Speter [5m] Open connection cache timeout. 180238032SpeterconfHOST_STATUS_DIRECTORY HostStatusDirectory 180338032Speter [undefined] If set, host status is kept 180438032Speter on disk between sendmail runs in the 180538032Speter named directory tree. This need not be 180638032Speter a full pathname, in which case it is 180738032Speter interpreted relative to the queue 180838032Speter directory. 180938032SpeterconfSINGLE_THREAD_DELIVERY SingleThreadDelivery 181038032Speter [False] If this option and the 181138032Speter HostStatusDirectory option are both 181238032Speter set, single thread deliveries to other 181338032Speter hosts. That is, don't allow any two 181438032Speter sendmails on this host to connect 181538032Speter simultaneously to any other single 181638032Speter host. This can slow down delivery in 181738032Speter some cases, in particular since a 181838032Speter cached but otherwise idle connection 181938032Speter to a host will prevent other sendmails 182038032Speter from connecting to the other host. 182138032SpeterconfUSE_ERRORS_TO* UserErrorsTo [False] Use the Errors-To: header to 182238032Speter deliver error messages. This should 182338032Speter not be necessary because of general 182438032Speter acceptance of the envelope/header 182538032Speter distinction. 182638032SpeterconfLOG_LEVEL LogLevel [9] Log level. 182738032SpeterconfME_TOO MeToo [False] Include sender in group 182838032Speter expansions. 182938032SpeterconfCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 183038032Speter running newaliases. Since this does 183138032Speter DNS lookups on every address, it can 183238032Speter slow down the alias rebuild process 183338032Speter considerably on large alias files. 183438032SpeterconfOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 183538032Speter special chars are old style. 183638032SpeterconfDAEMON_OPTIONS DaemonPortOptions 183738032Speter [none] SMTP daemon options. 183838032SpeterconfPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 183938032SpeterconfCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 184038032Speter copies of all error messages. 184138032SpeterconfQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 184238032SpeterconfDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 184338032Speter syntax addresses to the minimum 184438032Speter possible. 184538032SpeterconfSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 184638032Speter before forking. 184738032SpeterconfTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 184838032Speter on the initial connect. 184938032SpeterconfTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 185038032Speter connect() to complete. This can only 185138032Speter shorten connection timeouts; the kernel 185238032Speter silently enforces an absolute maximum 185338032Speter (which varies depending on the system). 185438032SpeterconfTO_ICONNECT Timeout.iconnect 185538032Speter [undefined] Like Timeout.connect, but 185638032Speter applies only to the very first attempt 185738032Speter to connect to a host in a message. 185838032Speter This allows a single very fast pass 185938032Speter followed by more careful delivery 186038032Speter attempts in the future. 186138032SpeterconfTO_HELO Timeout.helo [5m] The timeout waiting for a response 186238032Speter to a HELO or EHLO command. 186338032SpeterconfTO_MAIL Timeout.mail [10m] The timeout waiting for a 186438032Speter response to the MAIL command. 186538032SpeterconfTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 186638032Speter to the RCPT command. 186738032SpeterconfTO_DATAINIT Timeout.datainit 186838032Speter [5m] The timeout waiting for a 354 186938032Speter response from the DATA command. 187038032SpeterconfTO_DATABLOCK Timeout.datablock 187138032Speter [1h] The timeout waiting for a block 187238032Speter during DATA phase. 187338032SpeterconfTO_DATAFINAL Timeout.datafinal 187438032Speter [1h] The timeout waiting for a response 187538032Speter to the final "." that terminates a 187638032Speter message. 187738032SpeterconfTO_RSET Timeout.rset [5m] The timeout waiting for a response 187838032Speter to the RSET command. 187938032SpeterconfTO_QUIT Timeout.quit [2m] The timeout waiting for a response 188038032Speter to the QUIT command. 188138032SpeterconfTO_MISC Timeout.misc [2m] The timeout waiting for a response 188238032Speter to other SMTP commands. 188338032SpeterconfTO_COMMAND Timeout.command [1h] In server SMTP, the timeout waiting 188438032Speter for a command to be issued. 188538032SpeterconfTO_IDENT Timeout.ident [30s] The timeout waiting for a response 188638032Speter to an IDENT query. 188738032SpeterconfTO_FILEOPEN Timeout.fileopen 188838032Speter [60s] The timeout waiting for a file 188938032Speter (e.g., :include: file) to be opened. 189038032SpeterconfTO_QUEUERETURN Timeout.queuereturn 189138032Speter [5d] The timeout before a message is 189238032Speter returned as undeliverable. 189338032SpeterconfTO_QUEUERETURN_NORMAL 189438032Speter Timeout.queuereturn.normal 189538032Speter [undefined] As above, for normal 189638032Speter priority messages. 189738032SpeterconfTO_QUEUERETURN_URGENT 189838032Speter Timeout.queuereturn.urgent 189938032Speter [undefined] As above, for urgent 190038032Speter priority messages. 190138032SpeterconfTO_QUEUERETURN_NONURGENT 190238032Speter Timeout.queuereturn.non-urgent 190338032Speter [undefined] As above, for non-urgent 190438032Speter (low) priority messages. 190538032SpeterconfTO_QUEUEWARN Timeout.queuewarn 190638032Speter [4h] The timeout before a warning 190738032Speter message is sent to the sender telling 190838032Speter them that the message has been deferred. 190938032SpeterconfTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 191038032Speter [undefined] As above, for normal 191138032Speter priority messages. 191238032SpeterconfTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 191338032Speter [undefined] As above, for urgent 191438032Speter priority messages. 191538032SpeterconfTO_QUEUEWARN_NONURGENT 191638032Speter Timeout.queuewarn.non-urgent 191738032Speter [undefined] As above, for non-urgent 191838032Speter (low) priority messages. 191938032SpeterconfTO_HOSTSTATUS Timeout.hoststatus 192038032Speter [30m] How long information about host 192138032Speter statuses will be maintained before it 192238032Speter is considered stale and the host should 192338032Speter be retried. This applies both within 192438032Speter a single queue run and to persistent 192538032Speter information (see below). 192638032SpeterconfTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 192738032Speter USE_SYSTEM to use the system's idea, 192838032Speter USE_TZ to use the user's TZ envariable, 192938032Speter or something else to force that value. 193038032SpeterconfDEF_USER_ID DefaultUser [1:1] Default user id. 193138032SpeterconfUSERDB_SPEC UserDatabaseSpec 193238032Speter [undefined] User database specification. 193338032SpeterconfFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 193438032SpeterconfTRY_NULL_MX_LIST TryNullMXList [False] If we are the best MX for a 193538032Speter host and haven't made other 193638032Speter arrangements, try connecting to the 193738032Speter host directly; normally this would be 193838032Speter a config error. 193938032SpeterconfQUEUE_LA QueueLA [8] Load average at which queue-only 194038032Speter function kicks in. 194138032SpeterconfREFUSE_LA RefuseLA [12] Load average at which incoming 194238032Speter SMTP connections are refused. 194338032SpeterconfMAX_DAEMON_CHILDREN MaxDaemonChildren 194438032Speter [undefined] The maximum number of 194538032Speter children the daemon will permit. After 194638032Speter this number, connections will be 194738032Speter rejected. If not set or <= 0, there is 194838032Speter no limit. 194938032SpeterconfCONNECTION_RATE_THROTTLE ConnectionRateThrottle 195038032Speter [undefined] The maximum number of 195138032Speter connections permitted per second. 195238032Speter After this many connections are 195338032Speter accepted, further connections will be 195438032Speter delayed. If not set or <= 0, there is 195538032Speter no limit. 195638032SpeterconfWORK_RECIPIENT_FACTOR 195738032Speter RecipientFactor [30000] Cost of each recipient. 195838032SpeterconfSEPARATE_PROC ForkEachJob [False] Run all deliveries in a separate 195938032Speter process. 196038032SpeterconfWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 196138032SpeterconfWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 196238032SpeterconfQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 196338032Speter Priority, Host, or Time. 196438032SpeterconfMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 196538032Speter must sit in the queue between queue 196638032Speter runs. This allows you to set the 196738032Speter queue run interval low for better 196838032Speter responsiveness without trying all 196938032Speter jobs in each run. 197038032SpeterconfDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 197138032Speter unlabeled 8 bit input to MIME, the 197238032Speter character set to use by default. 197338032SpeterconfSERVICE_SWITCH_FILE ServiceSwitchFile 197438032Speter [/etc/service.switch] The file to use 197538032Speter for the service switch on systems that 197638032Speter do not have a system-defined switch. 197738032SpeterconfHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 197838032Speter "file" type access of hosts names. 197938032SpeterconfDIAL_DELAY DialDelay [0s] If a connection fails, wait this 198038032Speter long and try again. Zero means "don't 198138032Speter retry". This is to allow "dial on 198238032Speter demand" connections to have enough time 198338032Speter to complete a connection. 198438032SpeterconfNO_RCPT_ACTION NoRecipientAction 198538032Speter [none] What to do if there are no legal 198638032Speter recipient fields (To:, Cc: or Bcc:) 198738032Speter in the message. Legal values can 198838032Speter be "none" to just leave the 198938032Speter nonconforming message as is, "add-to" 199038032Speter to add a To: header with all the 199138032Speter known recipients (which may expose 199238032Speter blind recipients), "add-apparently-to" 199338032Speter to do the same but use Apparently-To: 199438032Speter instead of To:, "add-bcc" to add an 199538032Speter empty Bcc: header, or 199638032Speter "add-to-undisclosed" to add the header 199738032Speter ``To: undisclosed-recipients:;''. 199838032SpeterconfSAFE_FILE_ENV SafeFileEnvironment 199938032Speter [undefined] If set, sendmail will do a 200038032Speter chroot() into this directory before 200138032Speter writing files. 200238032SpeterconfCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 200338032Speter If set, colons are treated as a regular 200438032Speter character in addresses. If not set, 200538032Speter they are treated as the introducer to 200638032Speter the RFC 822 "group" syntax. Colons are 200738032Speter handled properly in route-addrs. This 200838032Speter option defaults on for V5 and lower 200938032Speter configuration files. 201038032SpeterconfMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 201138032Speter any given queue run to this number of 201238032Speter entries. Essentially, this will stop 201338032Speter reading the queue directory after this 201438032Speter number of entries are reached; it does 201538032Speter _not_ pick the highest priority jobs, 201638032Speter so this should be as large as your 201738032Speter system can tolerate. If not set, there 201838032Speter is no limit. 201938032SpeterconfDONT_EXPAND_CNAMES DontExpandCnames 202038032Speter [False] If set, $[ ... $] lookups that 202138032Speter do DNS based lookups do not expand 202238032Speter CNAME records. This currently violates 202338032Speter the published standards, but the IETF 202438032Speter seems to be moving toward legalizing 202538032Speter this. For example, if "FTP.Foo.ORG" 202638032Speter is a CNAME for "Cruft.Foo.ORG", then 202738032Speter with this option set a lookup of 202838032Speter "FTP" will return "FTP.Foo.ORG"; if 202938032Speter clear it returns "Cruft.FOO.ORG". N.B. 203038032Speter you may not see any effect until your 203138032Speter downstream neighbors stop doing CNAME 203238032Speter lookups as well. 203338032SpeterconfFROM_LINE UnixFromLine [From $g $d] The From_ line used 203438032Speter when sending to files or programs. 203538032SpeterconfSINGLE_LINE_FROM_HEADER SingleLineFromHeader 203638032Speter [False] From: lines that have 203738032Speter embedded newlines are unwrapped 203838032Speter onto one line. 203938032SpeterconfALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 204038032Speter does not include a host name. 204138032SpeterconfMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 204238032Speter name phrase (@,;:\()[] are automatic). 204338032SpeterconfOPERATORS OperatorChars [.:%@!^/[]+] Address operator 204438032Speter characters. 204538032SpeterconfSMTP_LOGIN_MSG SmtpGreetingMessage 204638032Speter [$j Sendmail $v/$Z; $b] 204738032Speter The initial (spontaneous) SMTP 204838032Speter greeting message. The word "ESMTP" 204938032Speter will be inserted between the first and 205038032Speter second words to convince other 205138032Speter sendmails to try to speak ESMTP. 205238032SpeterconfDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 205338032Speter routine will never be invoked. You 205438032Speter might want to do this if you are 205538032Speter running NIS and you have a large group 205638032Speter map, since this call does a sequential 205738032Speter scan of the map; in a large site this 205838032Speter can cause your ypserv to run 205938032Speter essentially full time. If you set 206038032Speter this, agents run on behalf of users 206138032Speter will only have their primary 206238032Speter (/etc/passwd) group permissions. 206338032SpeterconfUNSAFE_GROUP_WRITES UnsafeGroupWrites 206438032Speter [False] If set, group-writable 206538032Speter :include: and .forward files are 206638032Speter considered "unsafe", that is, programs 206738032Speter and files cannot be directly referenced 206838032Speter from such files. World-writable files 206938032Speter are always considered unsafe. 207038032SpeterconfDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 207138032Speter [postmaster] If an error occurs when 207238032Speter sending an error message, send that 207338032Speter "double bounce" error message to this 207438032Speter address. 207538032SpeterconfRUN_AS_USER RunAsUser [undefined] If set, become this user 207638032Speter when reading and delivering mail. 207738032Speter Causes all file reads (e.g., .forward 207838032Speter and :include: files) to be done as 207938032Speter this user. Also, all programs will 208038032Speter be run as this user, and all output 208138032Speter files will be written as this user. 208238032Speter Intended for use only on firewalls 208338032Speter where users do not have accounts. 208438032SpeterconfMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 208538032Speter [infinite] If set, allow no more than 208638032Speter the specified number of recipients in 208738032Speter an SMTP envelope. Further recipients 208838032Speter receive a 452 error code (i.e., they 208938032Speter are deferred for the next delivery 209038032Speter attempt). 209138032SpeterconfDONT_PROBE_INTERFACES DontProbeInterfaces 209238032Speter [False] If set, sendmail will _not_ 209338032Speter insert the names and addresses of any 209438032Speter local interfaces into the $=w class 209538032Speter (list of known "equivalent" addresses). 209638032Speter If you set this, you must also include 209738032Speter some support for these addresses (e.g., 209838032Speter in a mailertable entry) -- otherwise, 209938032Speter mail to addresses in this list will 210038032Speter bounce with a configuration error. 210138032SpeterconfDONT_BLAME_SENDMAIL DontBlameSendmail 210238032Speter [safe] Override sendmail's file 210338032Speter safety checks. This will definitely 210438032Speter compromise system security and should 210538032Speter not be used unless absolutely 210638032Speter necessary. 210738032SpeterconfREJECT_MSG - [550 Access denied] The message 210838032Speter given if the access database contains 210938032Speter REJECT in the value portion. 211038032Speter 211138032SpeterSee also the description of OSTYPE for some parameters that can be 211238032Spetertweaked (generally pathnames to mailers). 211338032Speter 211438032Speter 211538032Speter+-----------+ 211638032Speter| HIERARCHY | 211738032Speter+-----------+ 211838032Speter 211938032SpeterWithin this directory are several subdirectories, to wit: 212038032Speter 212138032Speterm4 General support routines. These are typically 212238032Speter very important and should not be changed without 212338032Speter very careful consideration. 212438032Speter 212538032Spetercf The configuration files themselves. They have 212638032Speter ".mc" suffixes, and must be run through m4 to 212738032Speter become complete. The resulting output should 212838032Speter have a ".cf" suffix. 212938032Speter 213038032Speterostype Definitions describing a particular operating 213138032Speter system type. These should always be referenced 213238032Speter using the OSTYPE macro in the .mc file. Examples 213338032Speter include "bsd4.3", "bsd4.4", "sunos3.5", and 213438032Speter "sunos4.1". 213538032Speter 213638032Speterdomain Definitions describing a particular domain, referenced 213738032Speter using the DOMAIN macro in the .mc file. These are 213838032Speter site dependent; for example, "CS.Berkeley.EDU.m4" 213938032Speter describes hosts in the CS.Berkeley.EDU subdomain. 214038032Speter 214138032Spetermailer Descriptions of mailers. These are referenced using 214238032Speter the MAILER macro in the .mc file. 214338032Speter 214438032Spetersh Shell files used when building the .cf file from the 214538032Speter .mc file in the cf subdirectory. 214638032Speter 214738032Speterfeature These hold special orthogonal features that you might 214838032Speter want to include. They should be referenced using 214938032Speter the FEATURE macro. 215038032Speter 215138032Speterhack Local hacks. These can be referenced using the HACK 215238032Speter macro. They shouldn't be of more than voyeuristic 215338032Speter interest outside the .Berkeley.EDU domain, but who knows? 215438032Speter We've all got our own peccadillos. 215538032Speter 215638032Spetersiteconfig Site configuration -- e.g., tables of locally connected 215738032Speter UUCP sites. 215838032Speter 215938032Speter 216038032Speter+------------------------+ 216138032Speter| ADMINISTRATIVE DETAILS | 216238032Speter+------------------------+ 216338032Speter 216438032SpeterThe following sections detail usage of certain internal parts of the 216538032Spetersendmail.cf file. Read them carefully if you are trying to modify 216638032Speterthe current model. If you find the above descriptions adequate, these 216738032Spetershould be {boring, confusing, tedious, ridiculous} (pick one or more). 216838032Speter 216938032SpeterRULESETS (* means built in to sendmail) 217038032Speter 217138032Speter 0 * Parsing 217238032Speter 1 * Sender rewriting 217338032Speter 2 * Recipient rewriting 217438032Speter 3 * Canonicalization 217538032Speter 4 * Post cleanup 217638032Speter 5 * Local address rewrite (after aliasing) 217738032Speter 1x mailer rules (sender qualification) 217838032Speter 2x mailer rules (recipient qualification) 217938032Speter 3x mailer rules (sender header qualification) 218038032Speter 4x mailer rules (recipient header qualification) 218138032Speter 5x mailer subroutines (general) 218238032Speter 6x mailer subroutines (general) 218338032Speter 7x mailer subroutines (general) 218438032Speter 8x reserved 218538032Speter 90 Mailertable host stripping 218638032Speter 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 218738032Speter 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 218838032Speter 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 218938032Speter 99 Guaranteed null (for debugging) 219038032Speter 219138032Speter 219238032SpeterMAILERS 219338032Speter 219438032Speter 0 local, prog local and program mailers 219538032Speter 1 [e]smtp, relay SMTP channel 219638032Speter 2 uucp-* UNIX-to-UNIX Copy Program 219738032Speter 3 netnews Network News delivery 219838032Speter 4 fax Sam Leffler's HylaFAX software 219938032Speter 5 mail11 DECnet mailer 220038032Speter 220138032Speter 220238032SpeterMACROS 220338032Speter 220438032Speter A 220538032Speter B Bitnet Relay 220638032Speter C DECnet Relay 220738032Speter D The local domain -- usually not needed 220838032Speter E reserved for X.400 Relay 220938032Speter F FAX Relay 221038032Speter G 221138032Speter H mail Hub (for mail clusters) 221238032Speter I 221338032Speter J 221438032Speter K 221538032Speter L Luser Relay 221638032Speter M Masquerade (who I claim to be) 221738032Speter N 221838032Speter O 221938032Speter P 222038032Speter Q 222138032Speter R Relay (for unqualified names) 222238032Speter S Smart Host 222338032Speter T 222438032Speter U my UUCP name (if I have a UUCP connection) 222538032Speter V UUCP Relay (class V hosts) 222638032Speter W UUCP Relay (class W hosts) 222738032Speter X UUCP Relay (class X hosts) 222838032Speter Y UUCP Relay (all other hosts) 222938032Speter Z Version number 223038032Speter 223138032Speter 223238032SpeterCLASSES 223338032Speter 223438032Speter A 223538032Speter B domains that are candidates for bestmx lookup 223638032Speter C 223738032Speter D 223838032Speter E addresses that should not seem to come from $M 223938032Speter F hosts we forward for 224038032Speter G domains that should be looked up in genericstable 224138032Speter H 224238032Speter I 224338032Speter J 224438032Speter K 224538032Speter L addresses that should not be forwarded to $R 224638032Speter M domains that should be mapped to $M 224738032Speter N 224838032Speter O operators that indicate network operations (cannot be in local names) 224938032Speter P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 225038032Speter Q 225138032Speter R domains we are willing to relay (pass anti-spam filters) 225238032Speter S 225338032Speter T 225438032Speter U locally connected UUCP hosts 225538032Speter V UUCP hosts connected to relay $V 225638032Speter W UUCP hosts connected to relay $W 225738032Speter X UUCP hosts connected to relay $X 225838032Speter Y locally connected smart UUCP hosts 225938032Speter Z locally connected domain-ized UUCP hosts 226038032Speter . the class containing only a dot 226138032Speter [ the class containing only a left bracket 226238032Speter 226338032Speter 226438032SpeterM4 DIVERSIONS 226538032Speter 226638032Speter 1 Local host detection and resolution 226738032Speter 2 Local Ruleset 3 additions 226838032Speter 3 Local Ruleset 0 additions 226938032Speter 4 UUCP Ruleset 0 additions 227038032Speter 5 locally interpreted names (overrides $R) 227138032Speter 6 local configuration (at top of file) 227238032Speter 7 mailer definitions 227338032Speter 8 227438032Speter 9 special local rulesets (1 and 2) 2275