README revision 66494
138032Speter 264562Sgshapiro SENDMAIL CONFIGURATION FILES 338032Speter 464562SgshapiroThis document describes the sendmail configuration files. This package 564562Sgshapirorequires a post-V7 version of m4; if you are running the 4.2bsd, SysV.2, or 664562Sgshapiro7th Edition version. SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work. 764562SgshapiroGNU m4 version 1.1 or later also works. Unfortunately, the M4 on BSDI 1.0 838032Speterdoesn't work -- you'll have to use a Net/2 or GNU version. GNU m4 is 966494Sgshapiroavailable from ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the 1064562Sgshapirolatset version). EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x 1164562Sgshapirois fine). Use GNU m4 on this platform. 1238032Speter 1364562SgshapiroTo get started, you may want to look at tcpproto.mc (for TCP-only sites), 1464562Sgshapirouucpproto.mc (for UUCP-only sites), and clientproto.mc (for clusters of 1564562Sgshapiroclients using a single mail host). Others are versions previously used at 1664562SgshapiroBerkeley. For example, ucbvax has gone away, but ucbvax.mc demonstrates 1764562Sgshapirosome interesting techniques. 1838032Speter 1938032Speter******************************************************************* 2038032Speter*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 2138032Speter*** Berkeley-specific assumptions built in, such as the name *** 2264562Sgshapiro*** of their UUCP-relay. You'll want to create your own *** 2364562Sgshapiro*** domain description, and use that in place of *** 2438032Speter*** domain/Berkeley.EDU.m4. *** 2538032Speter******************************************************************* 2638032Speter 2738032Speter 2838032Speter+--------------------------+ 2938032Speter| INTRODUCTION AND EXAMPLE | 3038032Speter+--------------------------+ 3138032Speter 3238032SpeterConfiguration files are contained in the subdirectory "cf", with a 3338032Spetersuffix ".mc". They must be run through "m4" to produce a ".cf" file. 3438032SpeterYou must pre-load "cf.m4": 3538032Speter 3638032Speter m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 3738032Speter 3864562SgshapiroAlternatively, you can simply: 3964562Sgshapiro 4064562Sgshapiro cd ${CFDIR}/cf 4164562Sgshapiro ./Build config.cf 4264562Sgshapiro 4338032Speterwhere ${CFDIR} is the root of the cf directory and config.mc is the 4438032Spetername of your configuration file. If you are running a version of M4 4538032Speterthat understands the __file__ builtin (versions of GNU m4 >= 0.75 do 4638032Speterthis, but the versions distributed with 4.4BSD and derivatives do not) 4738032Speteror the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 4838032SpeterFor "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 4938032Speteruse -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 5038032Speter 5138032Speter m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 5238032Speter 5338032SpeterLet's examine a typical .mc file: 5438032Speter 5538032Speter divert(-1) 5638032Speter # 5764562Sgshapiro # Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. 5864562Sgshapiro # All rights reserved. 5938032Speter # Copyright (c) 1983 Eric P. Allman. All rights reserved. 6038032Speter # Copyright (c) 1988, 1993 6138032Speter # The Regents of the University of California. All rights reserved. 6238032Speter # 6338032Speter # By using this file, you agree to the terms and conditions set 6438032Speter # forth in the LICENSE file which can be found at the top level of 6538032Speter # the sendmail distribution. 6638032Speter # 6738032Speter 6838032Speter # 6938032Speter # This is a Berkeley-specific configuration file for HP-UX 9.x. 7038032Speter # It applies only to the Computer Science Division at Berkeley, 7138032Speter # and should not be used elsewhere. It is provided on the sendmail 7238032Speter # distribution as a sample only. To create your own configuration 7338032Speter # file, create an appropriate domain file in ../domain, change the 7438032Speter # `DOMAIN' macro below to reference that file, and copy the result 7538032Speter # to a name of your own choosing. 7638032Speter # 7738032Speter divert(0) 7838032Speter 7938032SpeterThe divert(-1) will delete the crud in the resulting output file. 8038032SpeterThe copyright notice can be replaced by whatever your lawyers require; 8164562Sgshapiroour lawyers require the one that is included in these files. A copyleft 8238032Speteris a copyright by another name. The divert(0) restores regular output. 8338032Speter 8438032Speter VERSIONID(`<SCCS or RCS version id>') 8538032Speter 8638032SpeterVERSIONID is a macro that stuffs the version information into the 8764562Sgshapiroresulting file. You could use SCCS, RCS, CVS, something else, or 8838032Speteromit it completely. This is not the same as the version id included 8938032Speterin SMTP greeting messages -- this is defined in m4/version.m4. 9038032Speter 9164562Sgshapiro OSTYPE(`hpux9')dnl 9238032Speter 9338032SpeterYou must specify an OSTYPE to properly configure things such as the 9438032Speterpathname of the help and status files, the flags needed for the local 9538032Spetermailer, and other important things. If you omit it, you will get an 9638032Spetererror when you try to build the configuration. Look at the ostype 9738032Speterdirectory for the list of known operating system types. 9838032Speter 9964562Sgshapiro DOMAIN(`CS.Berkeley.EDU')dnl 10038032Speter 10138032SpeterThis example is specific to the Computer Science Division at Berkeley. 10264562SgshapiroYou can use "DOMAIN(`generic')" to get a sufficiently bland definition 10338032Speterthat may well work for you, or you can create a customized domain 10438032Speterdefinition appropriate for your environment. 10538032Speter 10664562Sgshapiro MAILER(`local') 10764562Sgshapiro MAILER(`smtp') 10838032Speter 10964562SgshapiroThese describe the mailers used at the default CS site. The 11038032Speterlocal mailer is always included automatically. Beware: MAILER 11138032Speterdeclarations should always be at the end of the configuration file, 11264562Sgshapiroand MAILER(`smtp') should always precede MAILER(`procmail'), and 11364562SgshapiroMAILER(`uucp'). The general rules are that the order should be: 11438032Speter 11538032Speter VERSIONID 11638032Speter OSTYPE 11738032Speter DOMAIN 11838032Speter FEATURE 11938032Speter local macro definitions 12038032Speter MAILER 12164562Sgshapiro LOCAL_RULE_* 12264562Sgshapiro LOCAL_RULESETS 12338032Speter 12464562SgshapiroThere are a few exceptions to this rule. Local macro definitions which 12564562Sgshapiroinfluence a FEATURE() should be done before that feature. For example, 12664562Sgshapiroa define(`PROCMAIL_MAILER_PATH', ...) should be done before 12764562SgshapiroFEATURE(`local_procmail'). 12838032Speter 12964562Sgshapiro 13038032Speter+----------------------------+ 13138032Speter| A BRIEF INTRODUCTION TO M4 | 13238032Speter+----------------------------+ 13338032Speter 13438032SpeterSendmail uses the M4 macro processor to ``compile'' the configuration 13538032Speterfiles. The most important thing to know is that M4 is stream-based, 13638032Speterthat is, it doesn't understand about lines. For this reason, in some 13738032Speterplaces you may see the word ``dnl'', which stands for ``delete 13838032Speterthrough newline''; essentially, it deletes all characters starting 13938032Speterat the ``dnl'' up to and including the next newline character. In 14038032Spetermost cases sendmail uses this only to avoid lots of unnecessary 14138032Speterblank lines in the output. 14238032Speter 14338032SpeterOther important directives are define(A, B) which defines the macro 14438032Speter``A'' to have value ``B''. Macros are expanded as they are read, so 14538032Speterone normally quotes both values to prevent expansion. For example, 14638032Speter 14738032Speter define(`SMART_HOST', `smart.foo.com') 14838032Speter 14938032SpeterOne word of warning: M4 macros are expanded even in lines that appear 15038032Speterto be comments. For example, if you have 15138032Speter 15264562Sgshapiro # See FEATURE(`foo') above 15338032Speter 15464562Sgshapiroit will not do what you expect, because the FEATURE(`foo') will be 15538032Speterexpanded. This also applies to 15638032Speter 15738032Speter # And then define the $X macro to be the return address 15838032Speter 15938032Speterbecause ``define'' is an M4 keyword. If you want to use them, surround 16038032Speterthem with directed quotes, `like this'. 16138032Speter 16238032Speter+----------------+ 16338032Speter| FILE LOCATIONS | 16438032Speter+----------------+ 16538032Speter 16638032Spetersendmail 8.9 has introduced a new configuration directory for sendmail 16738032Speterrelated files, /etc/mail. The new files available for sendmail 8.9 -- 16864562Sgshapirothe class {R} /etc/mail/relay-domains and the access database 16964562Sgshapiro/etc/mail/access -- take advantage of this new directory. Beginning with 17064562Sgshapiro8.10, all files will use this directory by default (some options may be 17164562Sgshapiroset by OSTYPE() files). This new directory should help to restore 17264562Sgshapirouniformity to sendmail's file locations. 17338032Speter 17464562SgshapiroBelow is a table of some of the common changes: 17564562Sgshapiro 17664562SgshapiroOld filename New filename 17764562Sgshapiro------------ ------------ 17864562Sgshapiro/etc/bitdomain /etc/mail/bitdomain 17964562Sgshapiro/etc/domaintable /etc/mail/domaintable 18064562Sgshapiro/etc/genericstable /etc/mail/genericstable 18164562Sgshapiro/etc/uudomain /etc/mail/uudomain 18264562Sgshapiro/etc/virtusertable /etc/mail/virtusertable 18364562Sgshapiro/etc/userdb /etc/mail/userdb 18464562Sgshapiro 18564562Sgshapiro/etc/aliases /etc/mail/aliases 18664562Sgshapiro/etc/sendmail/aliases /etc/mail/aliases 18764562Sgshapiro/etc/ucbmail/aliases /etc/mail/aliases 18864562Sgshapiro/usr/adm/sendmail/aliases /etc/mail/aliases 18964562Sgshapiro/usr/lib/aliases /etc/mail/aliases 19064562Sgshapiro/usr/lib/mail/aliases /etc/mail/aliases 19164562Sgshapiro/usr/ucblib/aliases /etc/mail/aliases 19264562Sgshapiro 19364562Sgshapiro/etc/sendmail.cw /etc/mail/local-host-names 19464562Sgshapiro/etc/mail/sendmail.cw /etc/mail/local-host-names 19564562Sgshapiro/etc/sendmail/sendmail.cw /etc/mail/local-host-names 19664562Sgshapiro 19764562Sgshapiro/etc/sendmail.ct /etc/mail/trusted-users 19864562Sgshapiro 19964562Sgshapiro/etc/sendmail.oE /etc/mail/error-header 20064562Sgshapiro 20164562Sgshapiro/etc/sendmail.hf /etc/mail/helpfile 20264562Sgshapiro/etc/mail/sendmail.hf /etc/mail/helpfile 20364562Sgshapiro/usr/ucblib/sendmail.hf /etc/mail/helpfile 20464562Sgshapiro/etc/ucbmail/sendmail.hf /etc/mail/helpfile 20564562Sgshapiro/usr/lib/sendmail.hf /etc/mail/helpfile 20664562Sgshapiro/usr/share/lib/sendmail.hf /etc/mail/helpfile 20764562Sgshapiro/usr/share/misc/sendmail.hf /etc/mail/helpfile 20864562Sgshapiro/share/misc/sendmail.hf /etc/mail/helpfile 20964562Sgshapiro 21064562Sgshapiro/etc/service.switch /etc/mail/service.switch 21164562Sgshapiro 21264562Sgshapiro/etc/sendmail.st /etc/mail/statistics 21364562Sgshapiro/etc/mail/sendmail.st /etc/mail/statistics 21464562Sgshapiro/etc/mailer/sendmail.st /etc/mail/statistics 21564562Sgshapiro/etc/sendmail/sendmail.st /etc/mail/statistics 21664562Sgshapiro/usr/lib/sendmail.st /etc/mail/statistics 21764562Sgshapiro/usr/ucblib/sendmail.st /etc/mail/statistics 21864562Sgshapiro 21964562SgshapiroNote that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR 22064562Sgshapiroto create the pathnames. The default value of this variable is 22164562Sgshapiro`/etc/mail/'. If you set this macro to a different value, you MUST include 22264562Sgshapiroa trailing slash. 22364562Sgshapiro 22438032Speter+--------+ 22538032Speter| OSTYPE | 22638032Speter+--------+ 22738032Speter 22838032SpeterYou MUST define an operating system environment, or the configuration 22938032Speterfile build will puke. There are several environments available; look 23038032Speterat the "ostype" directory for the current list. This macro changes 23138032Speterthings like the location of the alias file and queue directory. Some 23238032Speterof these files are identical to one another. 23338032Speter 23438032SpeterIt is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 23538032SpeterIn general, the OSTYPE macro should go immediately after any version 23638032Speterinformation, and MAILER definitions should always go last. 23738032Speter 23838032SpeterOperating system definitions are usually easy to write. They may define 23938032Speterthe following variables (everything defaults, so an ostype file may be 24038032Speterempty). Unfortunately, the list of configuration-supported systems is 24138032Speternot as broad as the list of source-supported systems, since many of 24238032Speterthe source contributors do not include corresponding ostype files. 24338032Speter 24464562SgshapiroALIAS_FILE [/etc/mail/aliases] The location of the text version 24538032Speter of the alias file(s). It can be a comma-separated 24638032Speter list of names (but be sure you quote values with 24738032Speter commas in them -- for example, use 24838032Speter define(`ALIAS_FILE', `a,b') 24938032Speter to get "a" and "b" both listed as alias files; 25038032Speter otherwise the define() primitive only sees "a"). 25164562SgshapiroHELP_FILE [/etc/mail/helpfile] The name of the file 25238032Speter containing information printed in response to 25338032Speter the SMTP HELP command. 25438032SpeterQUEUE_DIR [/var/spool/mqueue] The directory containing 25564562Sgshapiro queue files. To use multiple queues, supply 25664562Sgshapiro a value ending with an asterisk. For 25764562Sgshapiro example, /var/spool/mqueue/q* will use all of the 25864562Sgshapiro directories or symbolic links to directories 25964562Sgshapiro beginning with 'q' in /var/spool/mqueue as queue 26064562Sgshapiro directories. The names 'qf', 'df', and 'xf' are 26164562Sgshapiro used as specific subdirectories for the corresponding 26264562Sgshapiro queue file types. 26364562SgshapiroSTATUS_FILE [/etc/mail/statistics] The file containing status 26438032Speter information. 26538032SpeterLOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 26664562SgshapiroLOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The 26764562Sgshapiro flags lsDFMAw5:/|@q are always included. 26838032SpeterLOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 26938032Speter mail. 27038032SpeterLOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 27138032Speter mail that you are willing to accept. 27264562SgshapiroLOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of 27364562Sgshapiro messages to deliver in a single connection. Only 27464562Sgshapiro useful for LMTP local mailers. 27538032SpeterLOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 27638032Speter that ARRIVE from an address that resolves to the 27738032Speter local mailer and which are converted to MIME will be 27838032Speter labeled with this character set. 27964562SgshapiroLOCAL_MAILER_EOL [undefined] If defined, the string to use as the 28064562Sgshapiro end of line for the local mailer. 28164562SgshapiroLOCAL_MAILER_DSN_DIAGNOSTIC_CODE 28264562Sgshapiro [X-Unix] The DSN Diagnostic-Code value for the 28364562Sgshapiro local mailer. This should be changed with care. 28438032SpeterLOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 28538032SpeterLOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 28638032Speter flags lsDFM are always included. 28738032SpeterLOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 28838032Speter mail. 28938032SpeterLOCAL_SHELL_DIR [$z:/] The directory search path in which the 29038032Speter shell should run. 29138032SpeterUSENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 29238032Speter used to submit news. 29364562SgshapiroUSENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer. 29438032SpeterUSENET_MAILER_ARGS [-m -h -n] The command line arguments for the 29538032Speter usenet mailer. 29638032SpeterUSENET_MAILER_MAX [100000] The maximum size of messages that will 29738032Speter be accepted by the usenet mailer. 29838032SpeterSMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 29964562Sgshapiro flags are `mDFMuX' for all SMTP-based mailers; the 30064562Sgshapiro "esmtp" mailer adds `a'; "smtp8" adds `8'; and 30164562Sgshapiro "dsmtp" adds `%'. 30264562SgshapiroRELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default 30364562Sgshapiro flags are `mDFMuX' for all SMTP-based mailers; the 30464562Sgshapiro relay mailer adds `a8'. If this is not defined, 30564562Sgshapiro then SMTP_MAILER_FLAGS is used. 30638032SpeterSMTP_MAILER_MAX [undefined] The maximum size of messages that will 30764562Sgshapiro be transported using the smtp, smtp8, esmtp, or dsmtp 30838032Speter mailers. 30964562SgshapiroSMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of 31064562Sgshapiro messages to deliver in a single connection for the 31164562Sgshapiro smtp, smtp8, esmtp, or dsmtp mailers. 31266494SgshapiroSMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. 31338032Speter About the only reason you would want to change this 31438032Speter would be to change the default port. 31566494SgshapiroESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. 31666494SgshapiroSMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. 31766494SgshapiroDSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. 31866494SgshapiroRELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. 31964562SgshapiroRELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of 32064562Sgshapiro messages to deliver in a single connection for the 32164562Sgshapiro relay mailer. 32238032SpeterSMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 32338032Speter that ARRIVE from an address that resolves to one of 32438032Speter the SMTP mailers and which are converted to MIME will 32538032Speter be labeled with this character set. 32638032SpeterUUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 32738032SpeterUUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 32838032Speter flags are `DFMhuU' (and `m' for uucp-new mailer, 32938032Speter minus `U' for uucp-dom mailer). 33038032SpeterUUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 33138032Speter passed to the UUCP mailer. 33238032SpeterUUCP_MAILER_MAX [100000] The maximum size message accepted for 33338032Speter transmission by the UUCP mailers. 33438032SpeterUUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 33538032Speter that ARRIVE from an address that resolves to one of 33638032Speter the UUCP mailers and which are converted to MIME will 33738032Speter be labeled with this character set. 33838032SpeterFAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 33938032Speter submit FAX messages. 34038032SpeterFAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 34138032Speter mailer. 34238032SpeterFAX_MAILER_MAX [100000] The maximum size message accepted for 34338032Speter transmission by FAX. 34438032SpeterPOP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 34564562SgshapiroPOP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq 34638032Speter are always added. 34738032SpeterPOP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 34838032SpeterPROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 34943730Speter program. This is also used by 35043730Speter FEATURE(`local_procmail'). 35138032SpeterPROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 35264562Sgshapiro DFM are always set. This is NOT used by 35343730Speter FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 35438032Speter instead. 35538032SpeterPROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 35638032Speter the Procmail mailer. This is NOT used by 35743730Speter FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 35838032Speter instead. 35938032SpeterPROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 36038032Speter will be accepted by the procmail mailer. 36138032SpeterMAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 36238032SpeterMAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 36338032SpeterMAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 36438032Speter mailer. 36538032SpeterPH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 36638032Speter program. 36764562SgshapiroPH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM 36864562Sgshapiro are always set. 36938032SpeterPH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 37064562SgshapiroCYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The 37138032Speter flags lsDFMnPq are always included. 37238032SpeterCYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 37338032Speter cyrus mail. 37438032SpeterCYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 37538032Speter to deliver cyrus mail. 37638032SpeterCYRUS_MAILER_MAX [undefined] If set, the maximum size message that 37738032Speter will be accepted by the cyrus mailer. 37838032SpeterCYRUS_MAILER_USER [cyrus:mail] The user and group to become when 37938032Speter running the cyrus mailer. 38064562SgshapiroCYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. 38164562Sgshapiro The flags lsDFMnP are always included. 38238032SpeterCYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 38338032Speter to deliver cyrusbb mail. 38438032SpeterconfEBINDIR [/usr/libexec] The directory for executables. 38543730Speter Currently used for FEATURE(`local_lmtp') and 38643730Speter FEATURE(`smrsh'). 38764562SgshapiroQPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer. 38864562SgshapiroQPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver 38964562Sgshapiro qpage mail. 39064562SgshapiroQPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed 39164562Sgshapiro to deliver qpage mail. 39264562SgshapiroQPAGE_MAILER_MAX [4096] If set, the maximum size message that 39364562Sgshapiro will be accepted by the qpage mailer. 39438032Speter 39564562SgshapiroNote: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: 39664562SgshapiroMODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of 39764562Sgshapirothe macro Name_MAILER_FLAGS and change can be: flags that should 39864562Sgshapirobe used directly (thus overriding the default value), or if it 39964562Sgshapirostarts with `+' (`-') then those flags are added to (removed from) 40064562Sgshapirothe default value. Example: 40138032Speter 40264562Sgshapiro MODIFY_MAILER_FLAGS(`LOCAL', `+e') 40338032Speter 40464562Sgshapirowill add the flag `e' to LOCAL_MAILER_FLAGS. 40564562SgshapiroWARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS 40664562Sgshapirounconditionally, i.e., without respecting any definitions in an 40764562SgshapiroOSTYPE setting. 40864562Sgshapiro 40964562Sgshapiro 41038032Speter+---------+ 41138032Speter| DOMAINS | 41238032Speter+---------+ 41338032Speter 41438032SpeterYou will probably want to collect domain-dependent defines into one 41564562Sgshapirofile, referenced by the DOMAIN macro. For example, the Berkeley 41638032Speterdomain file includes definitions for several internal distinguished 41738032Speterhosts: 41838032Speter 41938032SpeterUUCP_RELAY The host that will accept UUCP-addressed email. 42038032Speter If not defined, all UUCP sites must be directly 42138032Speter connected. 42238032SpeterBITNET_RELAY The host that will accept BITNET-addressed email. 42338032Speter If not defined, the .BITNET pseudo-domain won't work. 42438032SpeterDECNET_RELAY The host that will accept DECNET-addressed email. 42538032Speter If not defined, the .DECNET pseudo-domain and addresses 42638032Speter of the form node::user will not work. 42738032SpeterFAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 42838032Speter The "fax" mailer overrides this value. 42938032SpeterLOCAL_RELAY DEPRECATED. The site that will handle unqualified 43038032Speter names -- that is, names with out an @domain extension. 43138032Speter If not set, they are assumed to belong on this machine. 43238032Speter This allows you to have a central site to store a 43338032Speter company- or department-wide alias database. This 43438032Speter only works at small sites, and only with some user 43538032Speter agents. 43638032SpeterLUSER_RELAY The site that will handle lusers -- that is, apparently 43764562Sgshapiro local names that aren't local accounts or aliases. To 43864562Sgshapiro specify a local user instead of a site, set this to 43964562Sgshapiro ``local:username''. 44038032Speter 44138032SpeterAny of these can be either ``mailer:hostname'' (in which case the 44238032Spetermailer is the internal mailer name, such as ``uucp-new'' and the hostname 44338032Speteris the name of the host as appropriate for that mailer) or just a 44438032Speter``hostname'', in which case a default mailer type (usually ``relay'', 44538032Spetera variant on SMTP) is used. WARNING: if you have a wildcard MX 44638032Speterrecord matching your domain, you probably want to define these to 44738032Speterhave a trailing dot so that you won't get the mail diverted back 44838032Speterto yourself. 44938032Speter 45038032SpeterThe domain file can also be used to define a domain name, if needed 45138032Speter(using "DD<domain>") and set certain site-wide features. If all hosts 45238032Speterat your site masquerade behind one email name, you could also use 45338032SpeterMASQUERADE_AS here. 45438032Speter 45538032SpeterYou do not have to define a domain -- in particular, if you are a 45638032Spetersingle machine sitting off somewhere, it is probably more work than 45738032Speterit's worth. This is just a mechanism for combining "domain dependent 45838032Speterknowledge" into one place. 45938032Speter 46038032Speter+---------+ 46138032Speter| MAILERS | 46238032Speter+---------+ 46338032Speter 46438032SpeterThere are fewer mailers supported in this version than the previous 46538032Speterversion, owing mostly to a simpler world. As a general rule, put the 46664562SgshapiroMAILER definitions last in your .mc file, and always put MAILER(`smtp') 46764562Sgshapirobefore MAILER(`uucp') and MAILER(`procmail') -- several features and 46864562Sgshapirodefinitions will modify the definition of mailers, and the smtp mailer 46964562Sgshapiromodifies the UUCP mailer. Moreover, MAILER(`cyrus'), MAILER(`pop'), 47064562SgshapiroMAILER(`phquery'), and MAILER(`usenet') must be defined after 47164562SgshapiroMAILER(`local'). 47238032Speter 47338032Speterlocal The local and prog mailers. You will almost always 47438032Speter need these; the only exception is if you relay ALL 47538032Speter your mail to another site. This mailer is included 47638032Speter automatically. 47738032Speter 47838032Spetersmtp The Simple Mail Transport Protocol mailer. This does 47938032Speter not hide hosts behind a gateway or another other 48038032Speter such hack; it assumes a world where everyone is 48138032Speter running the name server. This file actually defines 48264562Sgshapiro five mailers: "smtp" for regular (old-style) SMTP to 48338032Speter other servers, "esmtp" for extended SMTP to other 48438032Speter servers, "smtp8" to do SMTP to other servers without 48538032Speter converting 8-bit data to MIME (essentially, this is 48638032Speter your statement that you know the other end is 8-bit 48764562Sgshapiro clean even if it doesn't say so), "dsmtp" to do on 48864562Sgshapiro demand delivery, and "relay" for transmission to the 48964562Sgshapiro RELAY_HOST, LUSER_RELAY, or MAIL_HUB. 49038032Speter 49166494Sgshapirouucp The UNIX-to-UNIX Copy Program mailer. Actually, this 49238032Speter defines two mailers, "uucp-old" (a.k.a. "uucp") and 49338032Speter "uucp-new" (a.k.a. "suucp"). The latter is for when you 49438032Speter know that the UUCP mailer at the other end can handle 49538032Speter multiple recipients in one transfer. If the smtp mailer 49638032Speter is also included in your configuration, two other mailers 49738032Speter ("uucp-dom" and "uucp-uudom") are also defined [warning: 49838032Speter you MUST specify MAILER(smtp) before MAILER(uucp)]. When you 49938032Speter include the uucp mailer, sendmail looks for all names in 50064562Sgshapiro class {U} and sends them to the uucp-old mailer; all 50164562Sgshapiro names in class {Y} are sent to uucp-new; and all 50264562Sgshapiro names in class {Z} are sent to uucp-uudom. Note that 50338032Speter this is a function of what version of rmail runs on 50438032Speter the receiving end, and hence may be out of your control. 50538032Speter See the section below describing UUCP mailers in more 50638032Speter detail. 50738032Speter 50838032Speterusenet Usenet (network news) delivery. If this is specified, 50938032Speter an extra rule is added to ruleset 0 that forwards all 51038032Speter local email for users named ``group.usenet'' to the 51138032Speter ``inews'' program. Note that this works for all groups, 51238032Speter and may be considered a security problem. 51338032Speter 51438032Speterfax Facsimile transmission. This is experimental and based 51538032Speter on Sam Leffler's HylaFAX software. For more information, 51638032Speter see http://www.vix.com/hylafax/. 51738032Speter 51838032Speterpop Post Office Protocol. 51938032Speter 52038032Speterprocmail An interface to procmail (does not come with sendmail). 52138032Speter This is designed to be used in mailertables. For example, 52238032Speter a common question is "how do I forward all mail for a given 52338032Speter domain to a single person?". If you have this mailer 52438032Speter defined, you could set up a mailertable reading: 52538032Speter 52638032Speter host.com procmail:/etc/procmailrcs/host.com 52738032Speter 52838032Speter with the file /etc/procmailrcs/host.com reading: 52938032Speter 53038032Speter :0 # forward mail for host.com 53138032Speter ! -oi -f $1 person@other.host 53238032Speter 53338032Speter This would arrange for (anything)@host.com to be sent 53438032Speter to person@other.host. Within the procmail script, $1 is 53538032Speter the name of the sender and $2 is the name of the recipient. 53643730Speter If you use this with FEATURE(`local_procmail'), the FEATURE 53738032Speter should be listed first. 53838032Speter 53938032Spetermail11 The DECnet mail11 mailer, useful only if you have the mail11 54038032Speter program from gatekeeper.dec.com:/pub/DEC/gwtools (and 54138032Speter DECnet, of course). This is for Phase IV DECnet support; 54238032Speter if you have Phase V at your site you may have additional 54338032Speter problems. 54438032Speter 54538032Speterphquery The phquery program. This is somewhat counterintuitively 54638032Speter referenced as the "ph" mailer internally. It can be used 54738032Speter to do CCSO name server lookups. The phquery program, which 54838032Speter this mailer uses, is distributed with the ph client. 54938032Speter 55038032Spetercyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 55138032Speter a local cyrus user. this mailer can make use of the 55238032Speter "user+detail@local.host" syntax; it will deliver the mail to 55338032Speter the user's "detail" mailbox if the mailbox's ACL permits. 55438032Speter The cyrusbb mailer delivers to a system-wide cyrus mailbox 55564562Sgshapiro if the mailbox's ACL permits. The cyrus mailer must be 55664562Sgshapiro defined after the local mailer. 55738032Speter 55864562Sgshapiroqpage A mailer for QuickPage, a pager interface. See 55964562Sgshapiro http://www.qpage.org/ for further information. 56038032Speter 56138032SpeterThe local mailer accepts addresses of the form "user+detail", where 56238032Speterthe "+detail" is not used for mailbox matching but is available 56343730Speterto certain local mail programs (in particular, see 56443730SpeterFEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 56543730Speter"eric+sww" all indicate the same user, but additional arguments <null>, 56643730Speter"sendmail", and "sww" may be provided for use in sorting mail. 56738032Speter 56838032Speter 56938032Speter+----------+ 57038032Speter| FEATURES | 57138032Speter+----------+ 57238032Speter 57338032SpeterSpecial features can be requested using the "FEATURE" macro. For 57438032Speterexample, the .mc line: 57538032Speter 57643730Speter FEATURE(`use_cw_file') 57738032Speter 57864562Sgshapirotells sendmail that you want to have it read an /etc/mail/local-host-names 57964562Sgshapirofile to get values for class {w}. The FEATURE may contain up to 9 58064562Sgshapirooptional parameters -- for example: 58138032Speter 58243730Speter FEATURE(`mailertable', `dbm /usr/lib/mailertable') 58338032Speter 58438032SpeterThe default database map type for the table features can be set with 58564562Sgshapiro 58638032Speter define(`DATABASE_MAP_TYPE', `dbm') 58738032Speter 58838032Speterwhich would set it to use ndbm databases. The default is the Berkeley DB 58938032Speterhash database format. Note that you must still declare a database map type 59038032Speterif you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 59164562Sgshapiroif no argument is given for the FEATURE. It must be specified before any 59264562Sgshapirofeature that uses a map. 59338032Speter 59438032SpeterAvailable features are: 59538032Speter 59664562Sgshapirouse_cw_file Read the file /etc/mail/local-host-names file to get 59764562Sgshapiro alternate names for this host. This might be used if you 59864562Sgshapiro were on a host that MXed for a dynamic set of other hosts. 59964562Sgshapiro If the set is static, just including the line "Cw<name1> 60064562Sgshapiro <name2> ..." (where the names are fully qualified domain 60164562Sgshapiro names) is probably superior. The actual filename can be 60264562Sgshapiro overridden by redefining confCW_FILE. 60338032Speter 60464562Sgshapirouse_ct_file Read the file /etc/mail/trusted-users file to get the 60564562Sgshapiro names of users that will be ``trusted'', that is, able to 60664562Sgshapiro set their envelope from address using -f without generating 60764562Sgshapiro a warning message. The actual filename can be overridden 60864562Sgshapiro by redefining confCT_FILE. 60938032Speter 61038032Speterredirect Reject all mail addressed to "address.REDIRECT" with 61164562Sgshapiro a ``551 User has moved; please try <address>'' message. 61238032Speter If this is set, you can alias people who have left 61338032Speter to their new address with ".REDIRECT" appended. 61438032Speter 61564562Sgshapironouucp Don't route UUCP addresses. This feature takes one 61664562Sgshapiro parameter: 61764562Sgshapiro `reject': reject addresses which have "!" in the local 61864562Sgshapiro part unless it originates from a system 61964562Sgshapiro that is allowed to relay. 62064562Sgshapiro `nospecial': don't do anything special with "!". 62164562Sgshapiro Warnings: 1. See the NOTICE in the ANTI-SPAM section. 62264562Sgshapiro 2. don't remove "!" from OperatorChars if `reject' is 62364562Sgshapiro given as parameter. 62438032Speter 62564562Sgshapironocanonify Don't pass addresses to $[ ... $] for canonification 62664562Sgshapiro by default. It can be changed by setting the 62764562Sgshapiro DaemonPortOptions modifiers (M=). That is, 62864562Sgshapiro FEATURE(`nocanonify') will be overridden by setting the 62964562Sgshapiro 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, 63064562Sgshapiro it can be emulated by setting the 'C' flag 63164562Sgshapiro (DaemonPortOptions=Modifiers=C). This would generally only 63264562Sgshapiro be used by sites that only act as mail gateways or which have 63364562Sgshapiro user agents that do full canonification themselves. You may 63464562Sgshapiro also want to use 63564562Sgshapiro "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off 63664562Sgshapiro the usual resolver options that do a similar thing. 63738032Speter 63864562Sgshapiro An exception list for FEATURE(`nocanonify') can be 63964562Sgshapiro specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 64064562Sgshapiro i.e., a list of domains which are nevertheless passed to 64164562Sgshapiro $[ ... $] for canonification. This is useful to turn on 64264562Sgshapiro canonification for local domains, e.g., use 64364562Sgshapiro CANONIFY_DOMAIN(`my.domain my') to canonify addresses 64464562Sgshapiro which end in "my.domain" or "my". 64564562Sgshapiro Another way to require canonification in the local 64664562Sgshapiro domain is CANONIFY_DOMAIN(`$=m'). 64764562Sgshapiro 64864562Sgshapiro A trailing dot is added to addresses with more than 64964562Sgshapiro one component in it such that other features which 65064562Sgshapiro expect a trailing dot (e.g., virtusertable) will 65164562Sgshapiro still work. 65264562Sgshapiro 65364562Sgshapiro If `canonify_hosts' is specified as parameter, i.e., 65464562Sgshapiro FEATURE(`nocanonify', `canonify_hosts'), then 65564562Sgshapiro addresses which have only a hostname, e.g., 65664562Sgshapiro <user@host>, will be canonified (and hopefully fully 65764562Sgshapiro qualified), too. 65864562Sgshapiro 65938032Speterstickyhost If set, email sent to "user@local.host" are marked 66038032Speter as "sticky" -- that is, the local addresses aren't 66138032Speter matched against UDB and don't go through ruleset 5. 66238032Speter This is used if you want a set up where "user" is 66338032Speter not necessarily the same as "user@local.host", e.g., 66438032Speter to make a distinct domain-wide namespace. Prior to 66538032Speter 8.7 this was the default, and notsticky was used to 66638032Speter turn this off. 66738032Speter 66838032Spetermailertable Include a "mailer table" which can be used to override 66964562Sgshapiro routing for particular domains (which are not in class {w}, 67064562Sgshapiro i.e. local host names). The argument of the FEATURE may be 67164562Sgshapiro the key definition. If none is specified, the definition 67264562Sgshapiro used is: 67343730Speter 67464562Sgshapiro hash /etc/mail/mailertable 67543730Speter 67638032Speter Keys in this database are fully qualified domain names 67738032Speter or partial domains preceded by a dot -- for example, 67864562Sgshapiro "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a 67964562Sgshapiro special case of the latter, "." matches any domain not 68064562Sgshapiro covered by other keys. Values must be of the form: 68138032Speter mailer:domain 68238032Speter where "mailer" is the internal mailer name, and "domain" 68338032Speter is where to send the message. These maps are not 68438032Speter reflected into the message header. As a special case, 68538032Speter the forms: 68638032Speter local:user 68738032Speter will forward to the indicated user using the local mailer, 68838032Speter local: 68938032Speter will forward to the original user in the e-mail address 69038032Speter using the local mailer, and 69138032Speter error:code message 69264562Sgshapiro error:D.S.N:code message 69364562Sgshapiro will give an error message with the indicated SMTP reply 69464562Sgshapiro code and message, where D.S.N is an RFC 1893 compliant 69564562Sgshapiro error code. 69638032Speter 69738032Speterdomaintable Include a "domain table" which can be used to provide 69838032Speter domain name mapping. Use of this should really be 69938032Speter limited to your own domains. It may be useful if you 70038032Speter change names (e.g., your company changes names from 70138032Speter oldname.com to newname.com). The argument of the 70238032Speter FEATURE may be the key definition. If none is specified, 70338032Speter the definition used is: 70443730Speter 70564562Sgshapiro hash /etc/mail/domaintable 70643730Speter 70738032Speter The key in this table is the domain name; the value is 70838032Speter the new (fully qualified) domain. Anything in the 70938032Speter domaintable is reflected into headers; that is, this 71038032Speter is done in ruleset 3. 71138032Speter 71238032Speterbitdomain Look up bitnet hosts in a table to try to turn them into 71338032Speter internet addresses. The table can be built using the 71438032Speter bitdomain program contributed by John Gardiner Myers. 71538032Speter The argument of the FEATURE may be the key definition; if 71638032Speter none is specified, the definition used is: 71743730Speter 71864562Sgshapiro hash /etc/mail/bitdomain 71943730Speter 72038032Speter Keys are the bitnet hostname; values are the corresponding 72138032Speter internet hostname. 72238032Speter 72338032Speteruucpdomain Similar feature for UUCP hosts. The default map definition 72438032Speter is: 72543730Speter 72664562Sgshapiro hash /etc/mail/uudomain 72743730Speter 72838032Speter At the moment there is no automagic tool to build this 72938032Speter database. 73038032Speter 73138032Speteralways_add_domain 73238032Speter Include the local host domain even on locally delivered 73338032Speter mail. Normally it is not added on unqualified names. 73438032Speter However, if you use a shared message store but do not use 73538032Speter the same user name space everywhere, you may need the host 73638032Speter name on local names. 73738032Speter 73838032Speterallmasquerade If masquerading is enabled (using MASQUERADE_AS), this 73938032Speter feature will cause recipient addresses to also masquerade 74038032Speter as being from the masquerade host. Normally they get 74138032Speter the local hostname. Although this may be right for 74238032Speter ordinary users, it can break local aliases. For example, 74338032Speter if you send to "localalias", the originating sendmail will 74438032Speter find that alias and send to all members, but send the 74538032Speter message with "To: localalias@masqueradehost". Since that 74638032Speter alias likely does not exist, replies will fail. Use this 74738032Speter feature ONLY if you can guarantee that the ENTIRE 74838032Speter namespace on your masquerade host supersets all the 74938032Speter local entries. 75038032Speter 75138032Speterlimited_masquerade 75264562Sgshapiro Normally, any hosts listed in class {w} are masqueraded. If 75364562Sgshapiro this feature is given, only the hosts listed in class {M} (see 75464562Sgshapiro below: MASQUERADE_DOMAIN) are masqueraded. This is useful 75564562Sgshapiro if you have several domains with disjoint namespaces hosted 75664562Sgshapiro on the same machine. 75738032Speter 75838032Spetermasquerade_entire_domain 75964562Sgshapiro If masquerading is enabled (using MASQUERADE_AS) and 76038032Speter MASQUERADE_DOMAIN (see below) is set, this feature will 76138032Speter cause addresses to be rewritten such that the masquerading 76238032Speter domains are actually entire domains to be hidden. All 76338032Speter hosts within the masquerading domains will be rewritten 76438032Speter to the masquerade name (used in MASQUERADE_AS). For example, 76538032Speter if you have: 76638032Speter 76764562Sgshapiro MASQUERADE_AS(`masq.com') 76864562Sgshapiro MASQUERADE_DOMAIN(`foo.org') 76964562Sgshapiro MASQUERADE_DOMAIN(`bar.com') 77038032Speter 77138032Speter then *foo.org and *bar.com are converted to masq.com. Without 77238032Speter this feature, only foo.org and bar.com are masqueraded. 77338032Speter 77438032Speter NOTE: only domains within your jurisdiction and 77538032Speter current hierarchy should be masqueraded using this. 77638032Speter 77764562Sgshapirogenericstable This feature will cause unqualified addresses (i.e., without 77864562Sgshapiro a domain) and addresses with a domain listed in class {G} 77964562Sgshapiro to be looked up in a map and turned into another ("generic") 78064562Sgshapiro form, which can change both the domain name and the user name. 78164562Sgshapiro This is similar to the userdb functionality. The same types of 78264562Sgshapiro addresses as for masquerading are looked up, i.e., only header 78338032Speter sender addresses unless the allmasquerade and/or 78438032Speter masquerade_envelope features are given. Qualified addresses 78564562Sgshapiro must have the domain part in class {G}; entries can 78664562Sgshapiro be added to this class by the macros GENERICS_DOMAIN or 78764562Sgshapiro GENERICS_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 78864562Sgshapiro MASQUERADE_DOMAIN_FILE, see below). 78938032Speter 79043730Speter The argument of FEATURE(`genericstable') may be the map 79138032Speter definition; the default map definition is: 79238032Speter 79364562Sgshapiro hash /etc/mail/genericstable 79438032Speter 79564562Sgshapiro The key for this table is either the full address, the domain 79664562Sgshapiro (with a leading @; the localpart is passed as first argument) 79764562Sgshapiro or the unqualified username (tried in the order mentioned); 79864562Sgshapiro the value is the new user address. If the new user address 79964562Sgshapiro does not include a domain, it will be qualified in the standard 80064562Sgshapiro manner, i.e., using $j or the masquerade name. Note that the 80138032Speter address being looked up must be fully qualified. For local 80243730Speter mail, it is necessary to use FEATURE(`always_add_domain') 80343730Speter for the addresses to be qualified. 80464562Sgshapiro The "+detail" of an address is passed as %1, so entries like 80538032Speter 80664562Sgshapiro old+*@foo.org new+%1@example.com 80764562Sgshapiro gen+*@foo.org %1@example.com 80864562Sgshapiro 80964562Sgshapiro and other forms are possible. 81064562Sgshapiro 81164562Sgshapirogenerics_entire_domain 81264562Sgshapiro If the genericstable is enabled and GENERICS_DOMAIN or 81364562Sgshapiro GENERICS_DOMAIN_FILE is used, this feature will cause 81464562Sgshapiro addresses to be searched in the map if their domain 81564562Sgshapiro parts are subdomains of elements in class {G}. 81664562Sgshapiro 81738032Spetervirtusertable A domain-specific form of aliasing, allowing multiple 81838032Speter virtual domains to be hosted on one machine. For example, 81938032Speter if the virtuser table contained: 82038032Speter 82138032Speter info@foo.com foo-info 82238032Speter info@bar.com bar-info 82364562Sgshapiro joe@bar.com error:nouser No such user here 82464562Sgshapiro jax@bar.com error:D.S.N:unavailable Address invalid 82564562Sgshapiro @baz.org jane@example.net 82638032Speter 82738032Speter then mail addressed to info@foo.com will be sent to the 82838032Speter address foo-info, mail addressed to info@bar.com will be 82964562Sgshapiro delivered to bar-info, and mail addressed to anyone at baz.org 83064562Sgshapiro will be sent to jane@example.net, mail to joe@bar.com will 83164562Sgshapiro be rejected with the specified error message, and mail to 83264562Sgshapiro jax@bar.com will also have a RFC 1893 compliant error code 83364562Sgshapiro D.S.N. 83438032Speter 83564562Sgshapiro The username from the original address is passed 83664562Sgshapiro as %1 allowing: 83738032Speter 83864562Sgshapiro @foo.org %1@example.com 83938032Speter 84064562Sgshapiro meaning someone@foo.org will be sent to someone@example.com. 84164562Sgshapiro Additionally, if the local part consists of "user+detail" 84264562Sgshapiro then "detail" is passed as %2 when a match against user+* 84364562Sgshapiro is attempted, so entries like 84464562Sgshapiro 84564562Sgshapiro old+*@foo.org new+%2@example.com 84664562Sgshapiro gen+*@foo.org %2@example.com 84764562Sgshapiro +*@foo.org %1+%2@example.com 84864562Sgshapiro 84964562Sgshapiro and other forms are possible. Note: to preserve "+detail" 85064562Sgshapiro for a default case (@domain) +*@domain must be used as 85164562Sgshapiro exemplified above. 85264562Sgshapiro 85338032Speter All the host names on the left hand side (foo.com, bar.com, 85464562Sgshapiro and baz.org) must be in class {w} or class {VirtHost}, the 85564562Sgshapiro latter can be defined by the macros VIRTUSER_DOMAIN or 85664562Sgshapiro VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 85764562Sgshapiro MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or 85864562Sgshapiro VIRTUSER_DOMAIN_FILE is used, then the entries of class 85964562Sgshapiro {VirtHost} are added to class {R}, i.e., relaying is allowed 86064562Sgshapiro to (and from) those domains. The default map definition is: 86138032Speter 86264562Sgshapiro hash /etc/mail/virtusertable 86338032Speter 86438032Speter A new definition can be specified as the second argument of 86538032Speter the FEATURE macro, such as 86638032Speter 86764562Sgshapiro FEATURE(`virtusertable', `dbm /etc/mail/virtusers') 86838032Speter 86964562Sgshapirovirtuser_entire_domain 87064562Sgshapiro If the virtusertable is enabled and VIRTUSER_DOMAIN or 87164562Sgshapiro VIRTUSER_DOMAIN_FILE is used, this feature will cause 87264562Sgshapiro addresses to be searched in the map if their domain 87364562Sgshapiro parts are subdomains of elements in class {VirtHost}. 87464562Sgshapiro 87564562Sgshapiroldap_routing Implement LDAP-based e-mail recipient routing according to 87664562Sgshapiro the Internet Draft draft-lachman-laser-ldap-mail-routing-01. 87764562Sgshapiro This provides a method to re-route addresses with a 87864562Sgshapiro domain portion in class {LDAPRoute} to either a 87964562Sgshapiro different mail host or a different address. Hosts can 88064562Sgshapiro be added to this class using LDAPROUTE_DOMAIN and 88164562Sgshapiro LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 88264562Sgshapiro MASQUERADE_DOMAIN_FILE, see below). 88364562Sgshapiro 88464562Sgshapiro See the LDAP ROUTING section below for more information. 88564562Sgshapiro 88664562Sgshapironodns If you aren't running DNS at your site (for example, 88764562Sgshapiro you are UUCP-only connected). It's hard to consider 88838032Speter this a "feature", but hey, it had to go somewhere. 88938032Speter Actually, as of 8.7 this is a no-op -- remove "dns" from 89038032Speter the hosts service switch entry instead. 89138032Speter 89264562Sgshapironullclient This is a special case -- it creates a configuration file 89364562Sgshapiro containing nothing but support for forwarding all mail to a 89464562Sgshapiro central hub via a local SMTP-based network. The argument 89564562Sgshapiro is the name of that hub. 89664562Sgshapiro 89738032Speter The only other feature that should be used in conjunction 89864562Sgshapiro with this one is FEATURE(`nocanonify'). No mailers 89938032Speter should be defined. No aliasing or forwarding is done. 90038032Speter 90138032Speterlocal_lmtp Use an LMTP capable local mailer. The argument to this 90238032Speter feature is the pathname of an LMTP capable mailer. By 90338032Speter default, mail.local is used. This is expected to be the 90438032Speter mail.local which came with the 8.9 distribution which is 90538032Speter LMTP capable. The path to mail.local is set by the 90638032Speter confEBINDIR m4 variable -- making the default 90738032Speter LOCAL_MAILER_PATH /usr/libexec/mail.local. 90864562Sgshapiro WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 90964562Sgshapiro i.e., without respecting any definitions in an OSTYPE setting. 91038032Speter 91164562Sgshapirolocal_procmail Use procmail or another delivery agent as the local mailer. 91264562Sgshapiro The argument to this feature is the pathname of the 91364562Sgshapiro delivery agent, which defaults to PROCMAIL_MAILER_PATH. 91464562Sgshapiro Note that this does NOT use PROCMAIL_MAILER_FLAGS or 91564562Sgshapiro PROCMAIL_MAILER_ARGS for the local mailer; tweak 91664562Sgshapiro LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or 91764562Sgshapiro specify the appropriate parameters. When procmail is used, 91864562Sgshapiro the local mailer can make use of the 91964562Sgshapiro "user+indicator@local.host" syntax; normally the +indicator 92064562Sgshapiro is just tossed, but by default it is passed as the -a 92164562Sgshapiro argument to procmail. 92238032Speter 92364562Sgshapiro This feature can take up to three arguments: 92464562Sgshapiro 92564562Sgshapiro 1. Path to the mailer program 92664562Sgshapiro [default: /usr/local/bin/procmail] 92764562Sgshapiro 2. Argument vector including name of the program 92864562Sgshapiro [default: procmail -Y -a $h -d $u] 92964562Sgshapiro 3. Flags for the mailer [default: SPfhn9] 93064562Sgshapiro 93164562Sgshapiro Empty arguments cause the defaults to be taken. 93264562Sgshapiro 93364562Sgshapiro For example, this allows it to use the maildrop 93464562Sgshapiro (http://www.flounder.net/~mrsam/maildrop/) mailer instead 93564562Sgshapiro by specifying: 93664562Sgshapiro 93764562Sgshapiro FEATURE(`local_procmail', `/usr/local/bin/maildrop', 93864562Sgshapiro `maildrop -d $u') 93964562Sgshapiro 94064562Sgshapiro or scanmails using: 94164562Sgshapiro 94264562Sgshapiro FEATURE(`local_procmail', `/usr/local/bin/scanmails') 94364562Sgshapiro 94464562Sgshapiro WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 94564562Sgshapiro i.e., without respecting any definitions in an OSTYPE setting. 94664562Sgshapiro 94738032Speterbestmx_is_local Accept mail as though locally addressed for any host that 94838032Speter lists us as the best possible MX record. This generates 94938032Speter additional DNS traffic, but should be OK for low to 95038032Speter medium traffic hosts. The argument may be a set of 95138032Speter domains, which will limit the feature to only apply to 95238032Speter these domains -- this will reduce unnecessary DNS 95338032Speter traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 95438032Speter WILDCARD MX RECORDS!!! If you have a wildcard MX record 95538032Speter that matches your domain, you cannot use this feature. 95638032Speter 95738032Spetersmrsh Use the SendMail Restricted SHell (smrsh) provided 95838032Speter with the distribution instead of /bin/sh for mailing 95938032Speter to programs. This improves the ability of the local 96038032Speter system administrator to control what gets run via 96138032Speter e-mail. If an argument is provided it is used as the 96238032Speter pathname to smrsh; otherwise, the path defined by 96338032Speter confEBINDIR is used for the smrsh binary -- by default, 96438032Speter /usr/libexec/smrsh is assumed. 96538032Speter 96638032Speterpromiscuous_relay 96738032Speter By default, the sendmail configuration files do not permit 96838032Speter mail relaying (that is, accepting mail from outside your 96964562Sgshapiro local host (class {w}) and sending it to another host than 97064562Sgshapiro your local host). This option sets your site to allow 97164562Sgshapiro mail relaying from any site to any site. In almost all 97264562Sgshapiro cases, it is better to control relaying more carefully 97364562Sgshapiro with the access map, class {R}, or authentication. Domains 97464562Sgshapiro can be added to class {R} by the macros RELAY_DOMAIN or 97564562Sgshapiro RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 97664562Sgshapiro MASQUERADE_DOMAIN_FILE, see below). 97738032Speter 97838032Speterrelay_entire_domain 97938032Speter By default, only hosts listed as RELAY in the access db 98038032Speter will be allowed to relay. This option also allows any 98164562Sgshapiro host in your domain as defined by class {m}. 98238032Speter 98338032Speterrelay_hosts_only 98438032Speter By default, names that are listed as RELAY in the access 98564562Sgshapiro db and class {R} are domain names, not host names. 98638032Speter For example, if you specify ``foo.com'', then mail to or 98738032Speter from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 98838032Speter will all be accepted for relaying. This feature changes 98938032Speter the behaviour to lookup individual host names only. 99038032Speter 99138032Speterrelay_based_on_MX 99238032Speter Turns on the ability to allow relaying based on the MX 99342575Speter records of the host portion of an incoming recipient; that 99442575Speter is, if an MX record for host foo.com points to your site, 99542575Speter you will accept and relay mail addressed to foo.com. See 99638032Speter description below for more information before using this 99742575Speter feature. Also, see the KNOWNBUGS entry regarding bestmx 99842575Speter map lookups. 99938032Speter 100043730Speter FEATURE(`relay_based_on_MX') does not necessarily allow 100142575Speter routing of these messages which you expect to be allowed, 100242575Speter if route address syntax (or %-hack syntax) is used. If 100342575Speter this is a problem, add entries to the access-table or use 100443730Speter FEATURE(`loose_relay_check'). 100542575Speter 100664562Sgshapirorelay_mail_from 100764562Sgshapiro Allows relaying if the mail sender is listed as RELAY in 100864562Sgshapiro the access map. If an optional argument `domain' is given, 100964562Sgshapiro the domain portion of the mail sender is checked too. 101064562Sgshapiro This should only be used if absolutely necessary as the 101164562Sgshapiro sender address can be easily forged. Use of this feature 101264562Sgshapiro requires the "From:" tag be prepended to the key in the 101364562Sgshapiro access map; see the discussion of tags and 101464562Sgshapiro FEATURE(`relay_mail_from') in the section on ANTI-SPAM 101564562Sgshapiro CONFIGURATION CONTROL. 101664562Sgshapiro 101738032Speterrelay_local_from 101838032Speter Allows relaying if the domain portion of the mail sender 101938032Speter is a local host. This should only be used if absolutely 102042575Speter necessary as it opens a window for spammers. Specifically, 102142575Speter they can send mail to your mail server that claims to be 102242575Speter from your domain (either directly or via a routed address), 102342575Speter and you will go ahead and relay it out to arbitrary hosts 102442575Speter on the Internet. 102564562Sgshapiro 102638032Speteraccept_unqualified_senders 102738032Speter Normally, MAIL FROM: commands in the SMTP session will be 102838032Speter refused if the connection is a network connection and the 102938032Speter sender address does not include a domain name. If your 103064562Sgshapiro setup sends local mail unqualified (i.e., MAIL FROM: <joe>), 103138032Speter you will need to use this feature to accept unqualified 103264562Sgshapiro sender addresses. Setting the DaemonPortOptions modifier 103364562Sgshapiro 'u' overrides the default behavior, i.e., unqualified 103464562Sgshapiro addresses are accepted even without this FEATURE. 103564562Sgshapiro If this FEATURE is not used, the DaemonPortOptions modifier 103664562Sgshapiro 'f' can be used to enforce fully qualified addresses. 103764562Sgshapiro 103838032Speteraccept_unresolvable_domains 103938032Speter Normally, MAIL FROM: commands in the SMTP session will be 104064562Sgshapiro refused if the host part of the argument to MAIL FROM: 104164562Sgshapiro cannot be located in the host name service (e.g., an A or 104264562Sgshapiro MX record in DNS). If you are inside a firewall that has 104364562Sgshapiro only a limited view of the Internet host name space, this 104464562Sgshapiro could cause problems. In this case you probably want to 104564562Sgshapiro use this feature to accept all domains on input, even if 104664562Sgshapiro they are unresolvable. 104738032Speter 104838032Speteraccess_db Turns on the access database feature. The access db gives 104938032Speter you the ability to allow or refuse to accept mail from 105038032Speter specified domains for administrative reasons. By default, 105143730Speter the access database specification is: 105238032Speter 105364562Sgshapiro hash /etc/mail/access 105443730Speter 105564562Sgshapiro The format of the database is described in the anti-spam 105664562Sgshapiro configuration control section later in this document. 105743730Speter 105838032Speterblacklist_recipients 105938032Speter Turns on the ability to block incoming mail for certain 106038032Speter recipient usernames, hostnames, or addresses. For 106138032Speter example, you can block incoming mail to user nobody, 106238032Speter host foo.mydomain.com, or guest@bar.mydomain.com. 106338032Speter These specifications are put in the access db as 106464562Sgshapiro described in the anti-spam configuration control section 106564562Sgshapiro later in this document. 106638032Speter 106764562Sgshapirorbl This feature is deprecated! Please use dnsbl instead. 106864562Sgshapiro Turns on rejection of hosts found in the Realtime Blackhole 106964562Sgshapiro List. If an argument is provided it is used as the domain 107064562Sgshapiro in which blocked hosts are listed; otherwise, the main 107164562Sgshapiro RBL domain rbl.maps.vix.com is used. For details, see 107238032Speter http://maps.vix.com/rbl/. 107338032Speter 107464562Sgshapirodnsbl Turns on rejection of hosts found in an DNS based rejection 107564562Sgshapiro list. If an argument is provided it is used as the domain 107664562Sgshapiro in which blocked hosts are listed; otherwise it defaults to 107764562Sgshapiro rbl.maps.vix.com. An explanation for an DNS based rejection 107864562Sgshapiro list can be found http://maps.vix.com/rbl/. A second argument 107964562Sgshapiro can be used to change the default error message of 108064562Sgshapiro Mail from $&{client_addr} refused by blackhole site SERVER 108164562Sgshapiro where SERVER is replaced by the first argument. This feature 108264562Sgshapiro can be included several times to query different DNS based 108364562Sgshapiro rejection lists. 108464562Sgshapiro 108538032Speterloose_relay_check 108664562Sgshapiro Normally, if % addressing is used for a recipient, e.g. 108764562Sgshapiro user%site@othersite, and othersite is in class {R}, the 108838032Speter check_rcpt ruleset will strip @othersite and recheck 108938032Speter user@site for relaying. This feature changes that 109038032Speter behavior. It should not be needed for most installations. 109138032Speter 109264562Sgshapirono_default_msa Don't generate the default MSA daemon, i.e., 109364562Sgshapiro DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') 109464562Sgshapiro To define a MSA daemon with other parameters, use this 109564562Sgshapiro FEATURE and introduce new settings via DAEMON_OPTIONS(). 109638032Speter 109738032Speter+-------+ 109838032Speter| HACKS | 109938032Speter+-------+ 110038032Speter 110138032SpeterSome things just can't be called features. To make this clear, 110238032Speterthey go in the hack subdirectory and are referenced using the HACK 110338032Spetermacro. These will tend to be site-dependent. The release 110438032Speterincludes the Berkeley-dependent "cssubdomain" hack (that makes 110538032Spetersendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 110664562Sgshapirothis is intended as a short-term aid while moving hosts into 110738032Spetersubdomains. 110838032Speter 110938032Speter 111038032Speter+--------------------+ 111138032Speter| SITE CONFIGURATION | 111238032Speter+--------------------+ 111338032Speter 111438032Speter ***************************************************** 111538032Speter * This section is really obsolete, and is preserved * 111638032Speter * only for back compatibility. You should plan on * 111738032Speter * using mailertables for new installations. In * 111838032Speter * particular, it doesn't work for the newer forms * 111938032Speter * of UUCP mailers, such as uucp-uudom. * 112038032Speter ***************************************************** 112138032Speter 112238032SpeterComplex sites will need more local configuration information, such as 112338032Speterlists of UUCP hosts they speak with directly. This can get a bit more 112438032Spetertricky. For an example of a "complex" site, see cf/ucbvax.mc. 112538032Speter 112638032SpeterThe SITECONFIG macro allows you to indirectly reference site-dependent 112738032Speterconfiguration information stored in the siteconfig subdirectory. For 112838032Speterexample, the line 112938032Speter 113064562Sgshapiro SITECONFIG(`uucp.ucbvax', `ucbvax', `U') 113138032Speter 113238032Speterreads the file uucp.ucbvax for local connection information. The 113338032Spetersecond parameter is the local name (in this case just "ucbvax" since 113438032Speterit is locally connected, and hence a UUCP hostname). The third 113538032Speterparameter is the name of both a macro to store the local name (in 113664562Sgshapirothis case, {U}) and the name of the class (e.g., {U}) in which to store 113738032Speterthe host information read from the file. Another SITECONFIG line reads 113838032Speter 113964562Sgshapiro SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W') 114038032Speter 114138032SpeterThis says that the file uucp.ucbarpa contains the list of UUCP sites 114264562Sgshapiroconnected to ucbarpa.Berkeley.EDU. Class {W} will be used to 114338032Speterstore this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 114438032Speteris, the name of the relay to which the hosts listed in uucp.ucbarpa 114564562Sgshapiroare connected. [The machine ucbarpa is gone now, but this 114664562Sgshapiroout-of-date configuration file has been left around to demonstrate 114764562Sgshapirohow you might do this.] 114838032Speter 114938032SpeterNote that the case of SITECONFIG with a third parameter of ``U'' is 115038032Speterspecial; the second parameter is assumed to be the UUCP name of the 115138032Speterlocal site, rather than the name of a remote site, and the UUCP name 115264562Sgshapirois entered into class {w} (the list of local hostnames) as $U.UUCP. 115338032Speter 115438032SpeterThe siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 115538032Spetermore than a sequence of SITE macros describing connectivity. For 115638032Speterexample: 115738032Speter 115864562Sgshapiro SITE(`cnmat') 115964562Sgshapiro SITE(`sgi olympus') 116038032Speter 116138032SpeterThe second example demonstrates that you can use two names on the 116238032Spetersame line; these are usually aliases for the same host (or are at 116338032Speterleast in the same company). 116438032Speter 116538032Speter 116638032Speter+--------------------+ 116738032Speter| USING UUCP MAILERS | 116838032Speter+--------------------+ 116938032Speter 117038032SpeterIt's hard to get UUCP mailers right because of the extremely ad hoc 117138032Speternature of UUCP addressing. These config files are really designed 117238032Speterfor domain-based addressing, even for UUCP sites. 117338032Speter 117438032SpeterThere are four UUCP mailers available. The choice of which one to 117538032Speteruse is partly a matter of local preferences and what is running at 117638032Speterthe other end of your UUCP connection. Unlike good protocols that 117738032Speterdefine what will go over the wire, UUCP uses the policy that you 117838032Spetershould do what is right for the other end; if they change, you have 117938032Speterto change. This makes it hard to do the right thing, and discourages 118038032Speterpeople from updating their software. In general, if you can avoid 118138032SpeterUUCP, please do. 118238032Speter 118338032SpeterThe major choice is whether to go for a domainized scheme or a 118438032Speternon-domainized scheme. This depends entirely on what the other 118538032Speterend will recognize. If at all possible, you should encourage the 118638032Speterother end to go to a domain-based system -- non-domainized addresses 118738032Speterdon't work entirely properly. 118838032Speter 118938032SpeterThe four mailers are: 119038032Speter 119138032Speter uucp-old (obsolete name: "uucp") 119238032Speter This is the oldest, the worst (but the closest to UUCP) way of 119338032Speter sending messages accros UUCP connections. It does bangify 119438032Speter everything and prepends $U (your UUCP name) to the sender's 119538032Speter address (which can already be a bang path itself). It can 119638032Speter only send to one address at a time, so it spends a lot of 119738032Speter time copying duplicates of messages. Avoid this if at all 119838032Speter possible. 119938032Speter 120038032Speter uucp-new (obsolete name: "suucp") 120138032Speter The same as above, except that it assumes that in one rmail 120238032Speter command you can specify several recipients. It still has a 120338032Speter lot of other problems. 120438032Speter 120538032Speter uucp-dom 120638032Speter This UUCP mailer keeps everything as domain addresses. 120738032Speter Basically, it uses the SMTP mailer rewriting rules. This mailer 120864562Sgshapiro is only included if MAILER(`smtp') is also specified. 120938032Speter 121038032Speter Unfortunately, a lot of UUCP mailer transport agents require 121138032Speter bangified addresses in the envelope, although you can use 121238032Speter domain-based addresses in the message header. (The envelope 121338032Speter shows up as the From_ line on UNIX mail.) So.... 121438032Speter 121538032Speter uucp-uudom 121638032Speter This is a cross between uucp-new (for the envelope addresses) 121738032Speter and uucp-dom (for the header addresses). It bangifies the 121838032Speter envelope sender (From_ line in messages) without adding the 121938032Speter local hostname, unless there is no host name on the address 122038032Speter at all (e.g., "wolf") or the host component is a UUCP host name 122138032Speter instead of a domain name ("somehost!wolf" instead of 122264562Sgshapiro "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') 122338032Speter is also specified. 122438032Speter 122538032SpeterExamples: 122638032Speter 122764562SgshapiroOn host grasp.insa-lyon.fr (UUCP host name "grasp"), the following 122864562Sgshapirosummarizes the sender rewriting for various mailers. 122938032Speter 123066494SgshapiroMailer sender rewriting in the envelope 123138032Speter------ ------ ------------------------- 123238032Speteruucp-{old,new} wolf grasp!wolf 123338032Speteruucp-dom wolf wolf@grasp.insa-lyon.fr 123438032Speteruucp-uudom wolf grasp.insa-lyon.fr!wolf 123538032Speter 123638032Speteruucp-{old,new} wolf@fr.net grasp!fr.net!wolf 123738032Speteruucp-dom wolf@fr.net wolf@fr.net 123838032Speteruucp-uudom wolf@fr.net fr.net!wolf 123938032Speter 124038032Speteruucp-{old,new} somehost!wolf grasp!somehost!wolf 124138032Speteruucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 124238032Speteruucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 124338032Speter 124438032SpeterIf you are using one of the domainized UUCP mailers, you really want 124538032Speterto convert all UUCP addresses to domain format -- otherwise, it will 124638032Speterdo it for you (and probably not the way you expected). For example, 124738032Speterif you have the address foo!bar!baz (and you are not sending to foo), 124838032Speterthe heuristics will add the @uucp.relay.name or @local.host.name to 124938032Speterthis address. However, if you map foo to foo.host.name first, it 125038032Speterwill not add the local hostname. You can do this using the uucpdomain 125138032Speterfeature. 125238032Speter 125338032Speter 125438032Speter+-------------------+ 125538032Speter| TWEAKING RULESETS | 125638032Speter+-------------------+ 125738032Speter 125838032SpeterFor more complex configurations, you can define special rules. 125938032SpeterThe macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 126038032Speterthe names. Any modifications made here are reflected in the header. 126138032Speter 126238032SpeterA common use is to convert old UUCP addresses to SMTP addresses using 126338032Speterthe UUCPSMTP macro. For example: 126438032Speter 126538032Speter LOCAL_RULE_3 126664562Sgshapiro UUCPSMTP(`decvax', `decvax.dec.com') 126764562Sgshapiro UUCPSMTP(`research', `research.att.com') 126838032Speter 126938032Speterwill cause addresses of the form "decvax!user" and "research!user" 127038032Speterto be converted to "user@decvax.dec.com" and "user@research.att.com" 127138032Speterrespectively. 127238032Speter 127338032SpeterThis could also be used to look up hosts in a database map: 127438032Speter 127538032Speter LOCAL_RULE_3 127638032Speter R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 127738032Speter 127838032SpeterThis map would be defined in the LOCAL_CONFIG portion, as shown below. 127938032Speter 128038032SpeterSimilarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 128138032SpeterFor example, new rules are needed to parse hostnames that you accept 128238032Spetervia MX records. For example, you might have: 128338032Speter 128438032Speter LOCAL_RULE_0 128538032Speter R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 128638032Speter 128738032SpeterYou would use this if you had installed an MX record for cnmat.Berkeley.EDU 128838032Speterpointing at this host; this rule catches the message and forwards it on 128938032Speterusing UUCP. 129038032Speter 129138032SpeterYou can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 129238032SpeterThese rulesets are normally empty. 129338032Speter 129438032SpeterA similar macro is LOCAL_CONFIG. This introduces lines added after the 129564562Sgshapiroboilerplate option setting but before rulesets. Do not declare rulesets in 129664562Sgshapirothe LOCAL_CONFIG section. It can be used to declare local database maps or 129764562Sgshapirowhatever. For example: 129838032Speter 129938032Speter LOCAL_CONFIG 130064562Sgshapiro Khostmap hash /etc/mail/hostmap 130138032Speter Kyplocal nis -m hosts.byname 130238032Speter 130338032Speter 130438032Speter+---------------------------+ 130538032Speter| MASQUERADING AND RELAYING | 130638032Speter+---------------------------+ 130738032Speter 130838032SpeterYou can have your host masquerade as another using 130938032Speter 131064562Sgshapiro MASQUERADE_AS(`host.domain') 131138032Speter 131238032SpeterThis causes mail being sent to be labeled as coming from the 131338032Speterindicated host.domain, rather than $j. One normally masquerades as 131464562Sgshapiroone of one's own subdomains (for example, it's unlikely that 131564562SgshapiroBerkeley would choose to masquerade as an MIT site). This 131664562Sgshapirobehaviour is modified by a plethora of FEATUREs; in particular, see 131764562Sgshapiromasquerade_envelope, allmasquerade, limited_masquerade, and 131864562Sgshapiromasquerade_entire_domain. 131938032Speter 132038032SpeterThe masquerade name is not normally canonified, so it is important 132138032Speterthat it be your One True Name, that is, fully qualified and not a 132238032SpeterCNAME. However, if you use a CNAME, the receiving side may canonify 132338032Speterit for you, so don't think you can cheat CNAME mapping this way. 132438032Speter 132538032SpeterNormally the only addresses that are masqueraded are those that come 132664562Sgshapirofrom this host (that is, are either unqualified or in class {w}, the list 132764562Sgshapiroof local domain names). You can augment this list, which is realized 132864562Sgshapiroby class {M} using 132938032Speter 133064562Sgshapiro MASQUERADE_DOMAIN(`otherhost.domain') 133138032Speter 133238032SpeterThe effect of this is that although mail to user@otherhost.domain 133338032Speterwill not be delivered locally, any mail including any user@otherhost.domain 133438032Speterwill, when relayed, be rewritten to have the MASQUERADE_AS address. 133538032SpeterThis can be a space-separated list of names. 133638032Speter 133738032SpeterIf these names are in a file, you can use 133838032Speter 133964562Sgshapiro MASQUERADE_DOMAIN_FILE(`filename') 134038032Speter 134164562Sgshapiroto read the list of names from the indicated file (i.e., to add 134264562Sgshapiroelements to class {M}). 134338032Speter 134464562SgshapiroTo exempt hosts or subdomains from being masqueraded, you can use 134564562Sgshapiro 134664562Sgshapiro MASQUERADE_EXCEPTION(`host.domain') 134764562Sgshapiro 134864562SgshapiroThis can come handy if you want to masquerade a whole domain 134964562Sgshapiroexcept for one (or a few) host(s). 135064562Sgshapiro 135138032SpeterNormally only header addresses are masqueraded. If you want to 135238032Spetermasquerade the envelope as well, use 135338032Speter 135443730Speter FEATURE(`masquerade_envelope') 135538032Speter 135638032SpeterThere are always users that need to be "exposed" -- that is, their 135738032Speterinternal site name should be displayed instead of the masquerade name. 135864562SgshapiroRoot is an example (which has been "exposed" by default prior to 8.10). 135964562SgshapiroYou can add users to this list using 136038032Speter 136164562Sgshapiro EXPOSED_USER(`usernames') 136238032Speter 136364562SgshapiroThis adds users to class {E}; you could also use something like 136438032Speter 136564562Sgshapiro FE/etc/mail/exposed-users 136638032Speter 136738032SpeterYou can also arrange to relay all unqualified names (that is, names 136838032Speterwithout @host) to a relay host. For example, if you have a central 136938032Speteremail server, you might relay to that host so that users don't have 137038032Speterto have .forward files or aliases. You can do this using 137138032Speter 137243730Speter define(`LOCAL_RELAY', `mailer:hostname') 137338032Speter 137438032SpeterThe ``mailer:'' can be omitted, in which case the mailer defaults to 137538032Speter"relay". There are some user names that you don't want relayed, perhaps 137638032Speterbecause of local aliases. A common example is root, which may be 137738032Speterlocally aliased. You can add entries to this list using 137838032Speter 137964562Sgshapiro LOCAL_USER(`usernames') 138038032Speter 138164562SgshapiroThis adds users to class {L}; you could also use something like 138238032Speter 138364562Sgshapiro FL/etc/mail/local-users 138438032Speter 138538032SpeterIf you want all incoming mail sent to a centralized hub, as for a 138638032Spetershared /var/spool/mail scheme, use 138738032Speter 138843730Speter define(`MAIL_HUB', `mailer:hostname') 138938032Speter 139038032SpeterAgain, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 139143730Speterand MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 139238032Speterbe sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 139364562SgshapiroNote: there is a (long standing) bug which keeps this combination from 139464562Sgshapiroworking for addresses of the form user+detail. 139564562SgshapiroNames in class {L} will be delivered locally, so you MUST have aliases or 139638032Speter.forward files for them. 139738032Speter 139838032SpeterFor example, if you are on machine mastodon.CS.Berkeley.EDU and you have 139943730SpeterFEATURE(`stickyhost'), the following combinations of settings will have the 140038032Speterindicated effects: 140138032Speter 140238032Speteremail sent to.... eric eric@mastodon.CS.Berkeley.EDU 140338032Speter 140438032SpeterLOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 140538032Spetermail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 140638032Speter 140738032SpeterMAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 140838032Spetermammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 140938032Speter 141038032SpeterBoth LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 141138032SpeterMAIL_HUB set as above (no local aliasing) (aliasing done) 141238032Speter 141343730SpeterIf you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 141438032SpeterMAIL_HUB act identically, with MAIL_HUB taking precedence. 141538032Speter 141638032SpeterIf you want all outgoing mail to go to a central relay site, define 141738032SpeterSMART_HOST as well. Briefly: 141838032Speter 141938032Speter LOCAL_RELAY applies to unqualified names (e.g., "eric"). 142038032Speter MAIL_HUB applies to names qualified with the name of the 142138032Speter local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 142264562Sgshapiro SMART_HOST applies to names qualified with other hosts or 142364562Sgshapiro bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" 142464562Sgshapiro or "eric@[127.0.0.1]"). 142538032Speter 142638032SpeterHowever, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 142738032SpeterDECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 142838032Speterreally want absolutely everything to go to a single central site you will 142938032Speterneed to unset all the other relays -- or better yet, find or build a 143038032Speterminimal config file that does this. 143138032Speter 143238032SpeterFor duplicate suppression to work properly, the host name is best 143338032Speterspecified with a terminal dot: 143438032Speter 143538032Speter define(`MAIL_HUB', `host.domain.') 143638032Speter note the trailing dot ---^ 143738032Speter 143838032Speter 143964562Sgshapiro+--------------+ 144064562Sgshapiro| LDAP ROUTING | 144164562Sgshapiro+--------------+ 144264562Sgshapiro 144364562SgshapiroFEATURE(`ldap_routing') can be used to implement the IETF Internet Draft 144464562SgshapiroLDAP Schema for Intranet Mail Routing 144564562Sgshapiro(draft-lachman-laser-ldap-mail-routing-01). This feature enables 144664562SgshapiroLDAP-based rerouting of a particular address to either a different host 144764562Sgshapiroor a different address. The LDAP lookup is first attempted on the full 144864562Sgshapiroaddress (e.g., user@example.com) and then on the domain portion 144964562Sgshapiro(e.g., @example.com). Be sure to setup your domain for LDAP routing using 145064562SgshapiroLDAPROUTE_DOMAIN(), e.g.: 145164562Sgshapiro 145264562Sgshapiro LDAPROUTE_DOMAIN(`example.com') 145364562Sgshapiro 145464562SgshapiroBy default, the feature will use the schemas as specified in the draft 145564562Sgshapiroand will not reject addresses not found by the LDAP lookup. However, 145664562Sgshapirothis behavior can be changed by giving additional arguments to the FEATURE() 145764562Sgshapirocommand: 145864562Sgshapiro 145964562Sgshapiro FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>) 146064562Sgshapiro 146164562Sgshapirowhere <mailHost> is a map definition describing how to lookup an alternative 146264562Sgshapiromail host for a particular address; <mailRoutingAddress> is a map definition 146364562Sgshapirodescribing how to lookup an alternative address for a particular address; and 146464562Sgshapirothe <bounce> argument, if present and not the word "passthru", dictates 146564562Sgshapirothat mail should be bounced if neither a mailHost nor mailRoutingAddress 146664562Sgshapirois found. 146764562Sgshapiro 146864562SgshapiroThe default <mailHost> map definition is: 146964562Sgshapiro 147064562Sgshapiro ldap -1 -v mailHost -k (&(objectClass=inetLocalMailRecipient) 147164562Sgshapiro (mailLocalAddress=%0)) 147264562Sgshapiro 147364562SgshapiroThe default <mailRoutingAddress> map definition is: 147464562Sgshapiro 147564562Sgshapiro ldap -1 -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient) 147664562Sgshapiro (mailLocalAddress=%0)) 147764562Sgshapiro 147864562SgshapiroNote that neither includes the LDAP server hostname (-h server) or base DN 147964562Sgshapiro(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that 148064562Sgshapiroyour .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with 148164562Sgshapirothese settings. If this is not the case, the map definitions should be 148264562Sgshapirochanged as described above. 148364562Sgshapiro 148464562SgshapiroThe following possibilities exist as a result of an LDAP lookup on an 148564562Sgshapiroaddress: 148664562Sgshapiro 148764562Sgshapiro mailHost is mailRoutingAddress is Results in 148864562Sgshapiro ----------- --------------------- ---------- 148964562Sgshapiro set to a set mail delivered to 149064562Sgshapiro "local" host mailRoutingAddress 149164562Sgshapiro 149264562Sgshapiro set to a not set delivered to 149364562Sgshapiro "local" host original address 149464562Sgshapiro 149564562Sgshapiro set to a set mailRoutingAddress 149664562Sgshapiro remote host relayed to mailHost 149764562Sgshapiro 149864562Sgshapiro set to a not set original address 149964562Sgshapiro remote host relayed to mailHost 150064562Sgshapiro 150164562Sgshapiro not set set mail delivered to 150264562Sgshapiro mailRoutingAddress 150364562Sgshapiro 150464562Sgshapiro not set not set delivered to 150564562Sgshapiro original address *OR* 150664562Sgshapiro bounced as unknown user 150764562Sgshapiro 150864562SgshapiroThe term "local" host above means the host specified is in class {w}. 150964562SgshapiroNote that the last case depends on whether the third argument is given 151064562Sgshapiroto the FEATURE() command. The default is to deliver the message to the 151164562Sgshapirooriginal address. 151264562Sgshapiro 151364562SgshapiroThe LDAP entries should be set up with an objectClass of 151464562SgshapiroinetLocalMailRecipient and the address be listed in a mailLocalAddress 151564562Sgshapiroattribute. If present, there must be only one mailHost attribute and it 151664562Sgshapiromust contain a fully qualified host name as its value. Similarly, if 151764562Sgshapiropresent, there must be only one mailRoutingAddress attribute and it must 151864562Sgshapirocontain an RFC 822 compliant address. Some example LDAP records (in ldif 151964562Sgshapiroformat): 152064562Sgshapiro 152164562Sgshapiro dn: uid=tom, o=example.com, c=US 152264562Sgshapiro objectClass: inetLocalMailRecipient 152364562Sgshapiro mailLocalAddress: tom@example.com 152464562Sgshapiro mailRoutingAddress: thomas@mailhost.example.com 152564562Sgshapiro 152664562SgshapiroThis would deliver mail for tom@example.com to thomas@mailhost.example.com. 152764562Sgshapiro 152864562Sgshapiro dn: uid=dick, o=example.com, c=US 152964562Sgshapiro objectClass: inetLocalMailRecipient 153064562Sgshapiro mailLocalAddress: dick@example.com 153164562Sgshapiro mailHost: eng.example.com 153264562Sgshapiro 153364562SgshapiroThis would relay mail for dick@example.com to the same address but redirect 153464562Sgshapirothe mail to MX records listed for the host eng.example.com. 153564562Sgshapiro 153664562Sgshapiro dn: uid=harry, o=example.com, c=US 153764562Sgshapiro objectClass: inetLocalMailRecipient 153864562Sgshapiro mailLocalAddress: harry@example.com 153964562Sgshapiro mailHost: mktmail.example.com 154064562Sgshapiro mailRoutingAddress: harry@mkt.example.com 154164562Sgshapiro 154264562SgshapiroThis would relay mail for harry@example.com to the MX records listed for 154364562Sgshapirothe host mktmail.example.com using the new address harry@mkt.example.com 154464562Sgshapirowhen talking to that host. 154564562Sgshapiro 154664562Sgshapiro dn: uid=virtual.example.com, o=example.com, c=US 154764562Sgshapiro objectClass: inetLocalMailRecipient 154864562Sgshapiro mailLocalAddress: @virtual.example.com 154964562Sgshapiro mailHost: server.example.com 155064562Sgshapiro mailRoutingAddress: virtual@example.com 155164562Sgshapiro 155264562SgshapiroThis would send all mail destined for any username @virtual.example.com to 155364562Sgshapirothe machine server.example.com's MX servers and deliver to the address 155464562Sgshapirovirtual@example.com on that relay machine. 155564562Sgshapiro 155664562Sgshapiro 155738032Speter+---------------------------------+ 155838032Speter| ANTI-SPAM CONFIGURATION CONTROL | 155938032Speter+---------------------------------+ 156038032Speter 156138032SpeterThe primary anti-spam features available in sendmail are: 156238032Speter 156338032Speter* Relaying is denied by default. 156438032Speter* Better checking on sender information. 156538032Speter* Access database. 156638032Speter* Header checks. 156738032Speter 156864562SgshapiroRelaying (transmission of messages from a site outside your host (class 156964562Sgshapiro{w}) to another site except yours) is denied by default. Note that this 157064562Sgshapirochanged in sendmail 8.9; previous versions allowed relaying by default. 157164562SgshapiroIf you really want to revert to the old behaviour, you will need to use 157264562SgshapiroFEATURE(`promiscuous_relay'). You can allow certain domains to relay 157364562Sgshapirothrough your server by adding their domain name or IP address to class 157464562Sgshapiro{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database 157564562Sgshapiro(described below). The file consists (like any other file based class) 157664562Sgshapiroof entries listed on separate lines, e.g., 157738032Speter 157864562Sgshapiro sendmail.org 157964562Sgshapiro 128.32 158064562Sgshapiro 1:2:3:4:5:6:7 158164562Sgshapiro host.mydomain.com 158264562Sgshapiro 158338032SpeterIf you use 158438032Speter 158543730Speter FEATURE(`relay_entire_domain') 158638032Speter 158764562Sgshapirothen any host in any of your local domains (that is, class {m}) 158842575Speterwill be relayed (that is, you will accept mail either to or from any 158942575Speterhost in your domain). 159038032Speter 159138032SpeterYou can also allow relaying based on the MX records of the host 159238032Speterportion of an incoming recipient address by using 159338032Speter 159443730Speter FEATURE(`relay_based_on_MX') 159538032Speter 159638032SpeterFor example, if your server receives a recipient of user@domain.com 159738032Speterand domain.com lists your server in its MX records, the mail will be 159842575Speteraccepted for relay to domain.com. Note that this will stop spammers 159942575Speterfrom using your host to relay spam but it will not stop outsiders from 160042575Speterusing your server as a relay for their site (that is, they set up an 160142575SpeterMX record pointing to your mail server, and you will relay mail addressed 160242575Speterto them without any prior arrangement). Along the same lines, 160338032Speter 160443730Speter FEATURE(`relay_local_from') 160538032Speter 160638032Speterwill allow relaying if the sender specifies a return path (i.e. 160738032SpeterMAIL FROM: <user@domain>) domain which is a local domain. This a 160838032Speterdangerous feature as it will allow spammers to spam using your mail 160938032Speterserver by simply specifying a return address of user@your.domain.com. 161038032SpeterIt should not be used unless absolutely necessary. 161164562SgshapiroA slightly better solution is 161238032Speter 161364562Sgshapiro FEATURE(`relay_mail_from') 161464562Sgshapiro 161564562Sgshapirowhich allows relaying if the mail sender is listed as RELAY in the 161664562Sgshapiroaccess map. If an optional argument `domain' is given, the domain 161764562Sgshapiroportion of the mail sender is also checked to allowing relaying. 161864562SgshapiroThis option only works together with the tag From: for the LHS of 161964562Sgshapirothe access map entries (see below: Finer control...). 162064562Sgshapiro 162164562Sgshapiro 162238032SpeterIf source routing is used in the recipient address (i.e. 162338032SpeterRCPT TO: <user%site.com@othersite.com>), sendmail will check 162438032Speteruser@site.com for relaying if othersite.com is an allowed relay host 162564562Sgshapiroin either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, 162643730Speteror the access database if FEATURE(`access_db') is used. To prevent 162738032Speterthe address from being stripped down, use: 162838032Speter 162943730Speter FEATURE(`loose_relay_check') 163038032Speter 163138032SpeterIf you think you need to use this feature, you probably do not. This 163238032Spetershould only be used for sites which have no control over the addresses 163338032Speterthat they provide a gateway for. Use this FEATURE with caution as it 163438032Spetercan allow spammers to relay through your server if not setup properly. 163538032Speter 163664562SgshapiroNOTICE: It is possible to relay mail through a system which the anti-relay 163764562Sgshapirorules do not prevent: the case of a system that does use FEATURE(`nouucp', 163864562Sgshapiro`nospecial') (system A) and relays local messages to a mail hub (e.g., via 163964562SgshapiroLOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use 164064562SgshapiroFEATURE(`nouucp') at all, addresses of the form 164164562Sgshapiro<example.net!user@local.host> would be relayed to <user@example.net>. 164264562SgshapiroSystem A doesn't recognize `!' as an address separator and therefore 164364562Sgshapiroforwards it to the mail hub which in turns relays it because it came from 164464562Sgshapiroa trusted local host. So if a mailserver allows UUCP (bang-format) 164564562Sgshapiroaddresses, all systems from which it allows relaying should do the same 164664562Sgshapiroor reject those addresses. 164764562Sgshapiro 164838032SpeterAs of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 164938032Speteran unresolvable domain (i.e., one that DNS, your local name service, 165038032Speteror special case rules in ruleset 3 cannot locate). If you want to 165164562Sgshapirocontinue to accept such domains, e.g., because you are inside a 165238032Speterfirewall that has only a limited view of the Internet host name space 165338032Speter(note that you will not be able to return mail to them unless you have 165438032Spetersome "smart host" forwarder), use 165538032Speter 165643730Speter FEATURE(`accept_unresolvable_domains') 165738032Speter 165838032Spetersendmail will also refuse mail if the MAIL FROM: parameter is not 165938032Speterfully qualified (i.e., contains a domain as well as a user). If you 166038032Speterwant to continue to accept such senders, use 166138032Speter 166243730Speter FEATURE(`accept_unqualified_senders') 166338032Speter 166464562SgshapiroSetting the DaemonPortOptions modifier 'u' overrides the default behavior, 166564562Sgshapiroi.e., unqualified addresses are accepted even without this FEATURE. If 166664562Sgshapirothis FEATURE is not used, the DaemonPortOptions modifier 'f' can be used 166764562Sgshapiroto enforce fully qualified addresses. 166864562Sgshapiro 166938032SpeterAn ``access'' database can be created to accept or reject mail from 167038032Speterselected domains. For example, you may choose to reject all mail 167138032Speteroriginating from known spammers. To enable such a database, use 167238032Speter 167343730Speter FEATURE(`access_db') 167438032Speter 167538032SpeterThe FEATURE macro can accept a second parameter giving the key file 167638032Speterdefinition for the database; for example 167738032Speter 167864562Sgshapiro FEATURE(`access_db', `hash /etc/mail/access') 167938032Speter 168042575SpeterRemember, since /etc/mail/access is a database, after creating the text 168142575Speterfile as described below, you must use makemap to create the database 168242575Spetermap. For example: 168342575Speter 168443730Speter makemap hash /etc/mail/access < /etc/mail/access 168542575Speter 168638032SpeterThe table itself uses e-mail addresses, domain names, and network 168738032Speternumbers as keys. For example, 168838032Speter 168938032Speter spammer@aol.com REJECT 169038032Speter cyberspammer.com REJECT 169142575Speter 192.168.212 REJECT 169238032Speter 169338032Speterwould refuse mail from spammer@aol.com, any user from cyberspammer.com 169438032Speter(or any host within the cyberspammer.com domain), and any host on the 169542575Speter192.168.212.* network. 169638032Speter 169738032SpeterThe value part of the map can contain: 169838032Speter 169942575Speter OK Accept mail even if other rules in the 170042575Speter running ruleset would reject it, for example, 170142575Speter if the domain name is unresolvable. 170242575Speter RELAY Accept mail addressed to the indicated domain or 170342575Speter received from the indicated domain for relaying 170442575Speter through your SMTP server. RELAY also serves as 170542575Speter an implicit OK for the other checks. 170642575Speter REJECT Reject the sender or recipient with a general 170738032Speter purpose message. 170842575Speter DISCARD Discard the message completely using the 170964562Sgshapiro $#discard mailer. For sender addresses it 171064562Sgshapiro indicates that you should discard anything 171164562Sgshapiro received from the indicated domain. If it 171264562Sgshapiro is used for recipients, it affects only 171364562Sgshapiro the designated recipients, not the whole 171464562Sgshapiro message. 171566494Sgshapiro ### any text where ### is an RFC 821 compliant error code and 171666494Sgshapiro "any text" is a message to return for the command. 171766494Sgshapiro The string should be quoted to avoid surprises, 171866494Sgshapiro e.g., sendmail may remove spaces otherwise. 171964562Sgshapiro ERROR:### any text 172064562Sgshapiro as above, but useful to mark error messages as such. 172164562Sgshapiro ERROR:D.S.N:### any text 172264562Sgshapiro where D.S.N is an RFC 1893 compliant error code 172364562Sgshapiro and the rest as above. 172438032Speter 172538032SpeterFor example: 172638032Speter 172766494Sgshapiro cyberspammer.com ERROR:"550 We don't accept mail from spammers" 172838032Speter okay.cyberspammer.com OK 172964562Sgshapiro sendmail.org RELAY 173038032Speter 128.32 RELAY 173164562Sgshapiro 1:2:3:4:5:6:7 RELAY 173264562Sgshapiro [127.0.0.3] OK 173364562Sgshapiro [1:2:3:4:5:6:7:8] OK 173438032Speter 173564562Sgshapirowould accept mail from okay.cyberspammer.com, but would reject mail from 173664562Sgshapiroall other hosts at cyberspammer.com with the indicated message. It would 173764562Sgshapiroallow relaying mail from and to any hosts in the sendmail.org domain, and 173864562Sgshapiroallow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:* 173964562Sgshapironetwork. The latter two entries are for checks against ${client_name} if 174064562Sgshapirothe IP address doesn't resolve to a hostname (or is considered as "may be 174164562Sgshapiroforged"). 174238032Speter 174364562SgshapiroWarning: if you change the RFC 821 compliant error code from the default 174464562Sgshapirovalue of 550, then you should probably also change the RFC 1893 compliant 174564562Sgshapiroerror code to match it. For example, if you use 174664562Sgshapiro 174764562Sgshapiro user@example.com 450 mailbox full 174864562Sgshapiro 174964562Sgshapirothe error returned would be "450 4.0.0 mailbox full" which is wrong. 175064562SgshapiroUse "450 4.2.2 mailbox full" or "ERROR:4.2.2:450 mailbox full" 175164562Sgshapiroinstead. 175264562Sgshapiro 175364562SgshapiroNote, UUCP users may need to add hostname.UUCP to the access database 175464562Sgshapiroor class {R}. If you also use: 175564562Sgshapiro 175643730Speter FEATURE(`relay_hosts_only') 175738032Speter 175838032Speterthen the above example will allow relaying for sendmail.org, but not 175938032Speterhosts within the sendmail.org domain. Note that this will also require 176064562Sgshapirohosts listed in class {R} to be fully qualified host names. 176138032Speter 176238032SpeterYou can also use the access database to block sender addresses based on 176338032Speterthe username portion of the address. For example: 176438032Speter 176566494Sgshapiro FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted 176638032Speter 176738032SpeterNote that you must include the @ after the username to signify that 176838032Speterthis database entry is for checking only the username portion of the 176938032Spetersender address. 177038032Speter 177138032SpeterIf you use: 177238032Speter 177343730Speter FEATURE(`blacklist_recipients') 177438032Speter 177538032Speterthen you can add entries to the map for local users, hosts in your 177638032Speterdomains, or addresses in your domain which should not receive mail: 177738032Speter 177866494Sgshapiro badlocaluser@ ERROR:550 Mailbox disabled for this username 177966494Sgshapiro host.mydomain.com ERROR:550 That host does not accept mail 178066494Sgshapiro user@otherhost.mydomain.com ERROR:550 Mailbox disabled for this recipient 178138032Speter 178238032SpeterThis would prevent a recipient of badlocaluser@mydomain.com, any 178338032Speteruser at host.mydomain.com, and the single address 178464562Sgshapirouser@otherhost.mydomain.com from receiving mail. Please note: a 178564562Sgshapirolocal username must be now tagged with an @ (this is consistent 178664562Sgshapirowith the check of the sender address, and hence it is possible to 178764562Sgshapirodistinguish between hostnames and usernames). Enabling this feature 178864562Sgshapirowill keep you from sending mails to all addresses that have an 178964562Sgshapiroerror message or REJECT as value part in the access map. Taking 179064562Sgshapirothe example from above: 179138032Speter 179242575Speter spammer@aol.com REJECT 179342575Speter cyberspammer.com REJECT 179442575Speter 179542575SpeterMail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 179642575Speter 179738032SpeterThere is also a ``Realtime Blackhole List'' run by the MAPS project 179838032Speterat http://maps.vix.com/. This is a database maintained in DNS of 179938032Speterspammers. To use this database, use 180038032Speter 180164562Sgshapiro FEATURE(`dnsbl') 180238032Speter 180338032SpeterThis will cause sendmail to reject mail from any site in the 180438032SpeterRealtime Blackhole List database. You can specify an alternative 180564562SgshapiroRBL domain to check by specifying an argument to the FEATURE. 180664562SgshapiroA second argument can be used to change the default error message 180764562SgshapiroMail from $&{client_addr} refused by blackhole site DOMAIN 180864562Sgshapirowhere DOMAIN is replaced by the first argument. This FEATURE can 180964562Sgshapirobe included several times to query different DNS based rejection 181064562Sgshapirolists, e.g., the dial-up user list (see http://maps.vix.com/dul/). 181138032Speter 181238032SpeterThe features described above make use of the check_relay, check_mail, 181338032Speterand check_rcpt rulesets. If you wish to include your own checks, 181438032Speteryou can put your checks in the rulesets Local_check_relay, 181538032SpeterLocal_check_mail, and Local_check_rcpt. For example if you wanted to 181638032Speterblock senders with all numeric usernames (i.e. 2312343@bigisp.com), 181738032Speteryou would use Local_check_mail and the new regex map: 181838032Speter 181964562Sgshapiro LOCAL_CONFIG 182064562Sgshapiro Kallnumbers regex -a@MATCH ^[0-9]+$ 182164562Sgshapiro 182264562Sgshapiro LOCAL_RULESETS 182364562Sgshapiro SLocal_check_mail 182464562Sgshapiro # check address against various regex checks 182538032Speter R$* $: $>Parse0 $>3 $1 182664562Sgshapiro R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 182764562Sgshapiro R@MATCH $#error $: 553 Header Error 182838032Speter 182938032SpeterThese rules are called with the original arguments of the corresponding 183038032Spetercheck_* ruleset. If the local ruleset returns $#OK, no further checking 183138032Speteris done by the features described above and the mail is accepted. If the 183238032Speterlocal ruleset resolves to a mailer (such as $#error or $#discard), the 183338032Speterappropriate action is taken. Otherwise, the results of the local 183438032Speterrewriting are ignored. 183538032Speter 183664562SgshapiroFiner control by using tags for the LHS of the access map 183738032Speter 183864562SgshapiroRead this section only if the options listed so far are not sufficient 183964562Sgshapirofor your purposes. There is now the option to tag entries in the 184064562Sgshapiroaccess map according to their type. Three tags are available: 184164562Sgshapiro 184264562Sgshapiro Connect: connection information (${client_addr}, ${client_name}) 184364562Sgshapiro From: sender 184464562Sgshapiro To: recipient 184564562Sgshapiro 184664562SgshapiroIf the required item is looked up in a map, it will be tried first 184764562Sgshapirowith the corresponding tag in front, then (as fallback to enable 184864562Sgshapirobackward compatibility) without any tag. For example, 184964562Sgshapiro 185064562Sgshapiro From:spammer@some.dom REJECT 185164562Sgshapiro To:friend.domain RELAY 185264562Sgshapiro Connect:friend.domain OK 185364562Sgshapiro Connect:from.domain RELAY 185464562Sgshapiro From:good@another.dom OK 185564562Sgshapiro From:another.dom REJECT 185664562Sgshapiro 185764562SgshapiroThis would deny mails from spammer@some.dom but you could still 185864562Sgshapirosend mail to that address even if FEATURE(`blacklist_recipients') 185964562Sgshapirois enabled. Your system will allow relaying to friend.domain, but 186064562Sgshapironot from it (unless enabled by other means). Connections from that 186164562Sgshapirodomain will be allowed even if it ends up in one of the DNS based 186264562Sgshapirorejection lists. Relaying is enabled from from.domain but not to 186364562Sgshapiroit (since relaying is based on the connection information for 186464562Sgshapirooutgoing relaying, the tag Connect: must be used; for incoming 186564562Sgshapirorelaying, which is based on the recipient address, To: must be 186664562Sgshapiroused). The last two entries allow mails from good@another.dom but 186764562Sgshapiroreject mail from all other addresses with another.dom as domain 186864562Sgshapiropart. 186964562Sgshapiro 187064562SgshapiroDelay all checks 187164562Sgshapiro 187264562SgshapiroBy using FEATURE(`delay_checks') the rulesets check_mail and check_relay 187364562Sgshapirowill not be called when a client connects or issues a MAIL command, 187464562Sgshapirorespectively. Instead, those rulesets will be called by the check_rcpt 187564562Sgshapiroruleset; they will be skipped if a sender has been authenticated using 187664562Sgshapiroa "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). 187764562SgshapiroIf check_mail returns an error then the RCPT TO command will be rejected 187864562Sgshapirowith that error. If it returns some other result starting with $# then 187964562Sgshapirocheck_relay will be skipped. If the sender address (or a part of it) is 188064562Sgshapirolisted in the access map and it has a RHS of OK or RELAY, then check_relay 188164562Sgshapirowill be skipped. This has an interesting side effect: if your domain is 188264562Sgshapiromy.domain and you have 188364562Sgshapiro 188464562Sgshapiro my.domain RELAY 188564562Sgshapiro 188664562Sgshapiroin the access map, then all e-mail with a sender address of 188764562Sgshapiro<user@my.domain> gets through, even if check_relay would reject it 188864562Sgshapiro(e.g., based on the hostname or IP address). This allows spammers 188964562Sgshapiroto get around DNS based blacklist by faking the sender address. To 189064562Sgshapiroavoid this problem you have to use tagged entries: 189164562Sgshapiro 189264562Sgshapiro To:my.domain RELAY 189364562Sgshapiro Connect:my.domain RELAY 189464562Sgshapiro 189564562Sgshapiroif you need those entries at all (class {R} may take care of them). 189664562Sgshapiro 189764562SgshapiroFEATURE(`delay_checks') can take an optional argument: 189864562Sgshapiro 189964562Sgshapiro FEATURE(`delay_checks', `friend') 190064562Sgshapiro enables spamfriend test 190164562Sgshapiro FEATURE(`delay_checks', `hater') 190264562Sgshapiro enables spamhater test 190364562Sgshapiro 190464562SgshapiroIf such an argument is given, the recipient will be looked up in the access 190564562Sgshapiromap (using the tag To:). If the argument is `friend', then the other 190664562Sgshapirorulesets will be skipped if the recipient address is found and has RHS 190764562Sgshapirospamfriend. If the argument is `hater', then the other rulesets will be 190864562Sgshapiroapplied if the recipient address is found and has RHS spamhater. 190964562Sgshapiro 191064562SgshapiroThis allows for simple exceptions from the tests, e.g., by activating 191164562Sgshapirothe spamfriend option and having 191264562Sgshapiro 191364562Sgshapiro To:abuse@ SPAMFRIEND 191464562Sgshapiro 191564562Sgshapiroin the access map, mail to abuse@localdomain will get through. It is 191664562Sgshapiroalso possible to specify a full address or an address with +detail: 191764562Sgshapiro 191864562Sgshapiro To:abuse@abuse.my.domain SPAMFRIEND 191964562Sgshapiro To:me+abuse@ SPAMFRIEND 192064562Sgshapiro 192164562Sgshapiro 192264562SgshapiroHeader Checks 192364562Sgshapiro 192438032SpeterYou can also reject mail on the basis of the contents of headers. 192538032SpeterThis is done by adding a ruleset call to the 'H' header definition command 192638032Speterin sendmail.cf. For example, this can be used to check the validity of 192738032Spetera Message-ID: header: 192838032Speter 192938032Speter LOCAL_RULESETS 193038032Speter HMessage-Id: $>CheckMessageId 193138032Speter 193238032Speter SCheckMessageId 193338032Speter R< $+ @ $+ > $@ OK 193438032Speter R$* $#error $: 553 Header Error 193538032Speter 193664562SgshapiroThe alternative format: 193738032Speter 193864562Sgshapiro HSubject: $>+CheckSubject 193942575Speter 194064562Sgshapirothat is, $>+ instead of $>, gives the full Subject: header including 194164562Sgshapirocomments to the ruleset (comments in parentheses () are stripped 194264562Sgshapiroby default). 194342575Speter 194464562SgshapiroA default ruleset for headers which don't have a specific ruleset 194564562Sgshapirodefined for them can be given by: 194642575Speter 194764562Sgshapiro H*: $>CheckHdr 194843730Speter 194964562SgshapiroAfter all of the headers are read, the check_eoh ruleset will be called for 195064562Sgshapiroany final header-related checks. The ruleset is called with the number of 195164562Sgshapiroheaders and the size of all of the headers in bytes separated by $|. One 195264562Sgshapiroexample usage is to reject messages which do not have a Message-Id: 195364562Sgshapiroheader. However, the Message-Id: header is *NOT* a required header and is 195464562Sgshapironot a guaranteed spam indicator. This ruleset is an example and should 195564562Sgshapiroprobably not be used in production. 195664562Sgshapiro 195764562Sgshapiro LOCAL_CONFIG 195864562Sgshapiro Kstorage macro 195964562Sgshapiro 196064562Sgshapiro LOCAL_RULESETS 196164562Sgshapiro HMessage-Id: $>CheckMessageId 196264562Sgshapiro 196364562Sgshapiro SCheckMessageId 196464562Sgshapiro # Record the presence of the header 196564562Sgshapiro R$* $: $(storage {MessageIdCheck} $@ OK $) $1 196664562Sgshapiro R< $+ @ $+ > $@ OK 196764562Sgshapiro R$* $#error $: 553 Header Error 196864562Sgshapiro 196964562Sgshapiro Scheck_eoh 197064562Sgshapiro # Check the macro 197164562Sgshapiro R$* $: < $&{MessageIdCheck} > 197264562Sgshapiro # Clear the macro for the next message 197364562Sgshapiro R$* $: $(storage {MessageIdCheck} $) $1 197464562Sgshapiro # Has a Message-Id: header 197564562Sgshapiro R< $+ > $@ OK 197664562Sgshapiro # Allow missing Message-Id: from local mail 197764562Sgshapiro R$* $: < $&{client_name} > 197864562Sgshapiro R< > $@ OK 197964562Sgshapiro R< $=w > $@ OK 198064562Sgshapiro # Otherwise, reject the mail 198164562Sgshapiro R$* $#error $: 553 Header Error 198264562Sgshapiro 198366494Sgshapiro+----------+ 198466494Sgshapiro| STARTTLS | 198566494Sgshapiro+----------+ 198664562Sgshapiro 198764562SgshapiroIn this text, cert will be used as an abreviation for X.509 certificate, 198864562SgshapiroDN is the distinguished name of a cert, and CA is a certification authority. 198964562Sgshapiro 199064562SgshapiroMacros related to STARTTLS are: 199164562Sgshapiro 199264562Sgshapiro${cert_issuer} holds the DN of the CA (the cert issuer). 199364562Sgshapiro${cert_subject} holds the DN of the cert (called the cert subject). 199464562Sgshapiro${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, 199564562Sgshapiro SSLv3, SSLv2. 199664562Sgshapiro${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 199764562Sgshapiro EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. 199864562Sgshapiro${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm 199964562Sgshapiro used for the connection. 200064562Sgshapiro${verify} holds the result of the verification of the presented cert. Possible 200164562Sgshapiro values are: 200264562Sgshapiro OK verification succeeded. 200364562Sgshapiro NO no cert presented. 200464562Sgshapiro FAIL cert presented but could not be verified, e.g., the signing 200564562Sgshapiro CA is missing. 200664562Sgshapiro NONE STARTTLS has not been performed. 200764562Sgshapiro TEMP temporary error occurred. 200864562Sgshapiro PROTOCOL some protocol error occurred. 200964562Sgshapiro SOFTWARE STARTTLS handshake failed. 201064562Sgshapiro${server_name} the name of the server of the current outgoing SMTP 201164562Sgshapiro connection. 201264562Sgshapiro${server_addr} the address of the server of the current outgoing SMTP 201364562Sgshapiro connection. 201464562Sgshapiro 201564562SgshapiroRelaying 201664562Sgshapiro 201764562SgshapiroSMTP STARTTLS can allow relaying for senders who have successfully 201864562Sgshapiroauthenticated themselves. This is done in the ruleset RelayAuth. If the 201964562Sgshapiroverification of the cert failed (${verify} != OK), relaying is subject to 202064562Sgshapirothe usual rules. Otherwise the DN of the issuer is looked up in the access 202164562Sgshapiromap using the tag CERTISSUER. If the resulting value is RELAY, relaying is 202264562Sgshapiroallowed. If it is SUBJECT, the DN of the cert subject is looked up next in 202364562Sgshapirothe access map. using the tag CERTSUBJECT. If the value is RELAY, relaying 202464562Sgshapirois allowed. 202564562Sgshapiro 202664562SgshapiroTo make things a bit more flexible (or complicated), the values for 202764562Sgshapiro${cert_issuer} and ${cert_subject} can be optionally modified by regular 202864562Sgshapiroexpressions defined in the m4 variables _CERT_REGEX_ISSUER_ and 202964562Sgshapiro_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in 203064562Sgshapirorulesets and map lookups, they are modified as follows: each non-printable 203164562Sgshapirocharacter and the characters '<', '>', '(', ')', '"', '+' are replaced by 203264562Sgshapirotheir HEX value with a leading '+'. For example: 203364562Sgshapiro 203464562Sgshapiro/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= 203564562Sgshapirodarth+cert@endmail.org 203664562Sgshapiro 203764562Sgshapirois encoded as: 203864562Sgshapiro 203964562Sgshapiro/C=US/ST=California/O=endmail.org/OU=private/CN= 204064562SgshapiroDarth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 204164562Sgshapiro 204264562Sgshapiro(line breaks have been inserted for readability). 204364562Sgshapiro 204464562SgshapiroOf course it is also possible to write a simple rulesets that allows 204564562Sgshapirorelaying for everyone who can present a cert that can be verified, e.g., 204664562Sgshapiro 204764562SgshapiroLOCAL_RULESETS 204864562SgshapiroSLocal_check_rcpt 204964562SgshapiroR$* $: $&{verify} 205064562SgshapiroROK $# OK 205164562Sgshapiro 205264562SgshapiroAllowing Connections 205364562Sgshapiro 205464562SgshapiroThe rulesets tls_server and tls_client are used to decide whether an SMTP 205564562Sgshapiroconnection is accepted (or should continue). 205664562Sgshapiro 205764562Sgshapirotls_server is called when sendmail acts as client after a STARTTLS command 205864562Sgshapiro(should) have been issued. The parameter is the value of ${verify}. 205964562Sgshapiro 206064562Sgshapirotls_client is called when sendmail acts as server, after a STARTTLS command 206164562Sgshapirohas been issued, and from check_mail. The parameter is the value of 206264562Sgshapiro${verify} and STARTTLS or MAIL, respectively. 206364562Sgshapiro 206464562SgshapiroBoth rulesets behave the same. If no access map is in use, the connection 206564562Sgshapirowill be accepted unless ${verify} is SOFTWARE, in which case the connection 206664562Sgshapirois always aborted. Otherwise, ${client_name} (${server_name}) is looked 206764562Sgshapiroup in the access map using the tag TLS_Srv (or TLS_Clt), which is done 206864562Sgshapirowith the ruleset LookUpDomain. If no entry is found, ${client_addr} 206964562Sgshapiro(${server_addr}) is looked up in the access map (same tag, ruleset 207064562SgshapiroLookUpAddr). If this doesn't result in an entry either, just the tag is 207164562Sgshapirolooked up in the access map (included the trailing :). The result of the 207264562Sgshapirolookups is then used to call the ruleset tls_connection, which checks the 207364562Sgshapirorequirement specified by the RHS in the access map against the actual 207464562Sgshapiroparameters of the current TLS connection, esp. ${verify} and 207564562Sgshapiro${cipher_bits}. Legal RHSs in the access map are: 207664562Sgshapiro 207764562SgshapiroVERIFY verification must have succeeded 207864562SgshapiroVERIFY:bits verification must have succeeded and ${cipher_bits} must 207964562Sgshapiro be greater than or equal bits. 208064562SgshapiroENCR:bits ${cipher_bits} must be greater than or equal bits. 208164562Sgshapiro 208264562SgshapiroThe RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary 208364562Sgshapiroor permanent error. The default is a temporary error code (403 4.7.0) 208464562Sgshapirounless the macro TLS_PERM_ERR is set during generation of the .cf file. 208564562Sgshapiro 208664562SgshapiroIf a certain level of encryption is required, then it might also be 208764562Sgshapiropossible that this level is provided by the security layer from a SASL 208864562Sgshapiroalgorithm, e.g., DIGEST-MD5. 208964562Sgshapiro 209064562SgshapiroExample: e-mail send to secure.example.com should only use an encrypted 209164562Sgshapiroconnection. e-mail received from hosts within the laptop.example.com domain 209264562Sgshapiroshould only be accepted if they have been authenticated. 209364562SgshapiroTLS_Srv:secure.example.com ENCR:112 209464562SgshapiroTLS_Clt:laptop.example.com PERM+VERIFY:112 209564562Sgshapiro 209664562SgshapiroReceived: Header 209764562Sgshapiro 209864562SgshapiroThe Received: header reveals whether STARTTLS has been used. It contains an 209964562Sgshapiroextra line: 210064562Sgshapiro 210164562Sgshapiro(using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify}) 210264562Sgshapiro 210366494Sgshapiro+---------------------+ 210466494Sgshapiro| SMTP AUTHENTICATION | 210566494Sgshapiro+---------------------+ 210664562Sgshapiro 210764562SgshapiroThe macros ${auth_authen}, ${auth_author}, and ${auth_type} can be 210864562Sgshapiroused in anti-relay rulesets to allow relaying for those users that 210964562Sgshapiroauthenticated themselves. A very simple example is: 211064562Sgshapiro 211164562SgshapiroSLocal_check_rcpt 211264562SgshapiroR$* $: $&{auth_type} 211364562SgshapiroR$+ $# OK 211464562Sgshapiro 211564562Sgshapirowhich checks whether a user has successfully authenticated using 211664562Sgshapiroany available mechanism. Depending on the setup of the CYRUS SASL 211764562Sgshapirolibrary, more sophisticated rulesets might be required, e.g., 211864562Sgshapiro 211964562SgshapiroSLocal_check_rcpt 212064562SgshapiroR$* $: $&{auth_type} $| $&{auth_authen} 212164562SgshapiroRDIGEST-MD5 $| $+@$=w $# OK 212264562Sgshapiro 212364562Sgshapiroto allow relaying for users that authenticated using DIGEST-MD5 212464562Sgshapiroand have an identity in the local domains. 212564562Sgshapiro 212664562SgshapiroThe ruleset Strust_auth is used to determine whether a given AUTH= 212764562Sgshapiroparameter (that is passed to this ruleset) should be trusted. This 212864562Sgshapiroruleset may make use of the other ${auth_*} macros. Only if the 212964562Sgshapiroruleset resolves to the error mailer, the AUTH= parameter is not 213064562Sgshapirotrusted. A user supplied ruleset Local_trust_auth can be written 213164562Sgshapiroto modify the default behavior, which only trust the AUTH= 213264562Sgshapiroparameter if it is identical to the authenticated user. 213364562Sgshapiro 213464562SgshapiroPer default, relaying is allowed for any user who authenticated 213564562Sgshapirovia a "trusted" mechanism, i.e., one that is defined via 213664562SgshapiroTRUST_AUTH_MECH(`list of mechanisms') 213764562Sgshapiro 213864562SgshapiroIf the selected mechanism provides a security layer the number of 213964562Sgshapirobits used for the key of the symmetric cipher is stored in the 214064562Sgshapiromacro ${auth_ssf}. 214164562Sgshapiro 214264562Sgshapiro+--------------------------------+ 214338032Speter| ADDING NEW MAILERS OR RULESETS | 214438032Speter+--------------------------------+ 214538032Speter 214638032SpeterSometimes you may need to add entirely new mailers or rulesets. They 214738032Spetershould be introduced with the constructs MAILER_DEFINITIONS and 214838032SpeterLOCAL_RULESETS respectively. For example: 214938032Speter 215038032Speter MAILER_DEFINITIONS 215138032Speter Mmymailer, ... 215238032Speter ... 215338032Speter 215438032Speter LOCAL_RULESETS 215538032Speter Smyruleset 215638032Speter ... 215738032Speter 215838032Speter 215964562Sgshapiro#if _FFR_MILTER 216064562Sgshapiro+---------------------------+ 216164562Sgshapiro| ADDING NEW MAILER FILTERS | 216264562Sgshapiro+---------------------------+ 216364562Sgshapiro 216464562SgshapiroSendmail supports mail filters to filter incoming SMTP messages according 216564562Sgshapiroto the "Sendmail Mail Filter API" documentation. These filters can be 216664562Sgshapiroconfigured in your mc file using the two commands: 216764562Sgshapiro 216864562Sgshapiro MAIL_FILTER(`name', `equates') 216964562Sgshapiro INPUT_MAIL_FILTER(`name', `equates') 217064562Sgshapiro 217164562SgshapiroThe first command, MAIL_FILTER(), simply defines a filter with the given 217264562Sgshapironame and equates. For example: 217364562Sgshapiro 217464562Sgshapiro MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 217564562Sgshapiro 217664562SgshapiroThis creates the equivalent sendmail.cf entry: 217764562Sgshapiro 217864562Sgshapiro Xarchive, S=local:/var/run/archivesock, F=R 217964562Sgshapiro 218064562SgshapiroThe INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER 218164562Sgshapirobut also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name 218264562Sgshapiroof the filter such that the filter will actually be called by sendmail. 218364562Sgshapiro 218464562SgshapiroFor example, the two commands: 218564562Sgshapiro 218664562Sgshapiro INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 218764562Sgshapiro INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 218864562Sgshapiro 218964562Sgshapiroare equivalent to the three commands: 219064562Sgshapiro 219164562Sgshapiro MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 219264562Sgshapiro MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 219364562Sgshapiro define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') 219464562Sgshapiro 219564562SgshapiroIn general, INPUT_MAIL_FILTER() should be used unless you need to define 219664562Sgshapiromore filters than you want to use for `confINPUT_MAIL_FILTERS'. 219764562Sgshapiro 219864562SgshapiroNote that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() 219964562Sgshapirocommands will clear the list created by the prior INPUT_MAIL_FILTER() 220064562Sgshapirocommands. 220164562Sgshapiro#endif /* _FFR_MILTER */ 220264562Sgshapiro 220364562Sgshapiro 220438032Speter+-------------------------------+ 220538032Speter| NON-SMTP BASED CONFIGURATIONS | 220638032Speter+-------------------------------+ 220738032Speter 220864562SgshapiroThese configuration files are designed primarily for use by 220964562SgshapiroSMTP-based sites. They may not be well tuned for UUCP-only or 221038032SpeterUUCP-primarily nodes (the latter is defined as a small local net 221164562Sgshapiroconnected to the rest of the world via UUCP). However, there is 221264562Sgshapiroone hook to handle some special cases. 221338032Speter 221438032SpeterYou can define a ``smart host'' that understands a richer address syntax 221538032Speterusing: 221638032Speter 221743730Speter define(`SMART_HOST', `mailer:hostname') 221838032Speter 221938032SpeterIn this case, the ``mailer:'' defaults to "relay". Any messages that 222038032Spetercan't be handled using the usual UUCP rules are passed to this host. 222138032Speter 222238032SpeterIf you are on a local SMTP-based net that connects to the outside 222338032Speterworld via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 222438032SpeterFor example: 222538032Speter 222664562Sgshapiro define(`SMART_HOST', `uucp-new:uunet') 222738032Speter LOCAL_NET_CONFIG 222838032Speter R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 222938032Speter 223038032SpeterThis will cause all names that end in your domain name ($m) via 223164562SgshapiroSMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. 223243730SpeterIf you have FEATURE(`nocanonify'), you may need to omit the dots after 223338032Speterthe $m. If you are running a local DNS inside your domain which is 223438032Speternot otherwise connected to the outside world, you probably want to 223538032Speteruse: 223638032Speter 223743730Speter define(`SMART_HOST', `smtp:fire.wall.com') 223838032Speter LOCAL_NET_CONFIG 223938032Speter R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 224038032Speter 224138032SpeterThat is, send directly only to things you found in your DNS lookup; 224238032Speteranything else goes through SMART_HOST. 224338032Speter 224438032SpeterYou may need to turn off the anti-spam rules in order to accept 224543730SpeterUUCP mail with FEATURE(`promiscuous_relay') and 224643730SpeterFEATURE(`accept_unresolvable_domains'). 224738032Speter 224838032Speter 224938032Speter+-----------+ 225038032Speter| WHO AM I? | 225138032Speter+-----------+ 225238032Speter 225338032SpeterNormally, the $j macro is automatically defined to be your fully 225438032Speterqualified domain name (FQDN). Sendmail does this by getting your 225538032Speterhost name using gethostname and then calling gethostbyname on the 225638032Speterresult. For example, in some environments gethostname returns 225738032Speteronly the root of the host name (such as "foo"); gethostbyname is 225838032Spetersupposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 225938032Spetercases, gethostbyname may fail to return the FQDN. In this case 226038032Speteryou MUST define confDOMAIN_NAME to be your fully qualified domain 226138032Spetername. This is usually done using: 226238032Speter 226338032Speter Dmbar.com 226438032Speter define(`confDOMAIN_NAME', `$w.$m')dnl 226538032Speter 226638032Speter 226764562Sgshapiro+-----------------------------------+ 226864562Sgshapiro| ACCEPTING MAIL FOR MULTIPLE NAMES | 226964562Sgshapiro+-----------------------------------+ 227064562Sgshapiro 227164562SgshapiroIf your host is known by several different names, you need to augment 227264562Sgshapiroclass {w}. This is a list of names by which your host is known, and 227364562Sgshapiroanything sent to an address using a host name in this list will be 227464562Sgshapirotreated as local mail. You can do this in two ways: either create the 227564562Sgshapirofile /etc/mail/local-host-names containing a list of your aliases (one per 227664562Sgshapiroline), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add 227764562Sgshapiro``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified 227864562Sgshapironame of the host, rather than a short name. 227964562Sgshapiro 228064562SgshapiroIf you want to have different address in different domains, take 228164562Sgshapiroa look at the virtusertable feature, which is also explained at 228264562Sgshapirohttp://www.sendmail.org/virtual-hosting.html 228364562Sgshapiro 228464562Sgshapiro 228538032Speter+--------------------+ 228638032Speter| USING MAILERTABLES | 228738032Speter+--------------------+ 228838032Speter 228943730SpeterTo use FEATURE(`mailertable'), you will have to create an external 229038032Speterdatabase containing the routing information for various domains. 229138032SpeterFor example, a mailertable file in text format might be: 229238032Speter 229338032Speter .my.domain xnet:%1.my.domain 229464562Sgshapiro uuhost1.my.domain uucp-new:uuhost1 229538032Speter .bitnet smtp:relay.bit.net 229638032Speter 229764562SgshapiroThis should normally be stored in /etc/mail/mailertable. The actual 229838032Speterdatabase version of the mailertable is built using: 229938032Speter 230064562Sgshapiro makemap hash /etc/mail/mailertable < /etc/mail/mailertable 230138032Speter 230238032SpeterThe semantics are simple. Any LHS entry that does not begin with 230338032Spetera dot matches the full host name indicated. LHS entries beginning 230466494Sgshapirowith a dot match anything ending with that domain name (including 230566494Sgshapirothe leading dot) -- that is, they can be thought of as having a 230666494Sgshapiroleading ".+" regular expression pattern for a non-empty sequence of 230766494Sgshapirocharacters. Matching is done in order of most-to-least qualified 230866494Sgshapiro-- for example, even though ".my.domain" is listed first in the 230966494Sgshapiroabove example, an entry of "uuhost1.my.domain" will match the second 231066494Sgshapiroentry since it is more explicit. Note: e-mail to "user@my.domain" 231166494Sgshapirodoes not match any entry in the above table. You need to have 231266494Sgshapirosomething like: 231338032Speter 231464562Sgshapiro my.domain esmtp:host.my.domain 231564562Sgshapiro 231638032SpeterThe RHS should always be a "mailer:host" pair. The mailer is the 231764562Sgshapiroconfiguration name of a mailer (that is, an {M} line in the 231838032Spetersendmail.cf file). The "host" will be the hostname passed to 231938032Speterthat mailer. In domain-based matches (that is, those with leading 232038032Speterdots) the "%1" may be used to interpolate the wildcarded part of 232138032Speterthe host name. For example, the first line above sends everything 232238032Speteraddressed to "anything.my.domain" to that same host name, but using 232338032Speterthe (presumably experimental) xnet mailer. 232438032Speter 232538032SpeterIn some cases you may want to temporarily turn off MX records, 232638032Speterparticularly on gateways. For example, you may want to MX 232738032Spetereverything in a domain to one machine that then forwards it 232838032Speterdirectly. To do this, you might use the DNS configuration: 232938032Speter 233038032Speter *.domain. IN MX 0 relay.machine 233138032Speter 233238032Speterand on relay.machine use the mailertable: 233338032Speter 233438032Speter .domain smtp:[gateway.domain] 233538032Speter 233638032SpeterThe [square brackets] turn off MX records for this host only. 233738032SpeterIf you didn't do this, the mailertable would use the MX record 233838032Speteragain, which would give you an MX loop. 233938032Speter 234038032Speter 234138032Speter+--------------------------------+ 234238032Speter| USING USERDB TO MAP FULL NAMES | 234338032Speter+--------------------------------+ 234438032Speter 234538032SpeterThe user database was not originally intended for mapping full names 234638032Speterto login names (e.g., Eric.Allman => eric), but some people are using 234764562Sgshapiroit that way. (it is recommended that you set up aliases for this 234838032Speterpurpose instead -- since you can specify multiple alias files, this 234938032Speteris fairly easy.) The intent was to locate the default maildrop at 235038032Spetera site, but allow you to override this by sending to a specific host. 235138032Speter 235238032SpeterIf you decide to set up the user database in this fashion, it is 235343730Speterimperative that you not use FEATURE(`stickyhost') -- otherwise, 235438032Spetere-mail sent to Full.Name@local.host.name will be rejected. 235538032Speter 235638032SpeterTo build the internal form of the user database, use: 235738032Speter 235864562Sgshapiro makemap btree /etc/mail/userdb < /etc/mail/userdb.txt 235938032Speter 236064562SgshapiroAs a general rule, it is an extremely bad idea to using full names 236164562Sgshapiroas e-mail addresses, since they are not in any sense unique. For 236266494Sgshapiroexample, the UNIX software-development community has at least two 236364562Sgshapirowell-known Peter Deutsches, and at one time Bell Labs had two 236464562SgshapiroStephen R. Bournes with offices along the same hallway. Which one 236564562Sgshapirowill be forced to suffer the indignity of being Stephen_R_Bourne_2? 236664562SgshapiroThe less famous of the two, or the one that was hired later? 236738032Speter 236838032SpeterFinger should handle full names (and be fuzzy). Mail should use 236964562Sgshapirohandles, and not be fuzzy. 237038032Speter 237138032Speter 237238032Speter+--------------------------------+ 237338032Speter| MISCELLANEOUS SPECIAL FEATURES | 237438032Speter+--------------------------------+ 237538032Speter 237638032SpeterPlussed users 237738032Speter Sometimes it is convenient to merge configuration on a 237838032Speter centralized mail machine, for example, to forward all 237938032Speter root mail to a mail server. In this case it might be 238038032Speter useful to be able to treat the root addresses as a class 238138032Speter of addresses with subtle differences. You can do this 238238032Speter using plussed users. For example, a client might include 238338032Speter the alias: 238438032Speter 238538032Speter root: root+client1@server 238638032Speter 238738032Speter On the server, this will match an alias for "root+client1". 238838032Speter If that is not found, the alias "root+*" will be tried, 238938032Speter then "root". 239038032Speter 239138032Speter 239238032Speter+----------------+ 239338032Speter| SECURITY NOTES | 239438032Speter+----------------+ 239538032Speter 239638032SpeterA lot of sendmail security comes down to you. Sendmail 8 is much 239738032Spetermore careful about checking for security problems than previous 239838032Speterversions, but there are some things that you still need to watch 239938032Speterfor. In particular: 240038032Speter 240138032Speter* Make sure the aliases file isn't writable except by trusted 240238032Speter system personnel. This includes both the text and database 240338032Speter version. 240438032Speter 240538032Speter* Make sure that other files that sendmail reads, such as the 240638032Speter mailertable, are only writable by trusted system personnel. 240738032Speter 240838032Speter* The queue directory should not be world writable PARTICULARLY 240938032Speter if your system allows "file giveaways" (that is, if a non-root 241038032Speter user can chown any file they own to any other user). 241138032Speter 241238032Speter* If your system allows file giveaways, DO NOT create a publically 241338032Speter writable directory for forward files. This will allow anyone 241438032Speter to steal anyone else's e-mail. Instead, create a script that 241538032Speter copies the .forward file from users' home directories once a 241638032Speter night (if you want the non-NFS-mounted forward directory). 241738032Speter 241838032Speter* If your system allows file giveaways, you'll find that 241938032Speter sendmail is much less trusting of :include: files -- in 242038032Speter particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 242138032Speter /etc/shells before they will be trusted (that is, before 242238032Speter files and programs listed in them will be honored). 242338032Speter 242438032SpeterIn general, file giveaways are a mistake -- if you can turn them 242564562Sgshapirooff, do so. 242638032Speter 242738032Speter 242838032Speter+--------------------------------+ 242938032Speter| TWEAKING CONFIGURATION OPTIONS | 243038032Speter+--------------------------------+ 243138032Speter 243238032SpeterThere are a large number of configuration options that don't normally 243338032Speterneed to be changed. However, if you feel you need to tweak them, you 243438032Spetercan define the following M4 variables. This list is shown in four 243538032Spetercolumns: the name you define, the default value for that definition, 243638032Speterthe option or macro that is affected (either Ox for an option or Dx 243738032Speterfor a macro), and a brief description. Greater detail of the semantics 243838032Spetercan be found in the Installation and Operations Guide. 243938032Speter 244038032SpeterSome options are likely to be deprecated in future versions -- that is, 244138032Speterthe option is only included to provide back-compatibility. These are 244238032Spetermarked with "*". 244338032Speter 244438032SpeterRemember that these options are M4 variables, and hence may need to 244538032Speterbe quoted. In particular, arguments with commas will usually have to 244638032Speterbe ``double quoted, like this phrase'' to avoid having the comma 244738032Speterconfuse things. This is common for alias file definitions and for 244838032Speterthe read timeout. 244938032Speter 245038032SpeterM4 Variable Name Configuration Description & [Default] 245138032Speter================ ============= ======================= 245238032SpeterconfMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 245338032Speter for internally generated outgoing 245438032Speter messages. 245538032SpeterconfDOMAIN_NAME $j macro If defined, sets $j. This should 245638032Speter only be done if your system cannot 245738032Speter determine your local domain name, 245838032Speter and then it should be set to 245938032Speter $w.Foo.COM, where Foo.COM is your 246038032Speter domain name. 246138032SpeterconfCF_VERSION $Z macro If defined, this is appended to the 246238032Speter configuration version name. 246364562SgshapiroconfFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 246438032Speter internally generated From: address. 246538032SpeterconfRECEIVED_HEADER Received: 246638032Speter [$?sfrom $s $.$?_($?s$|from $.$_) 246764562Sgshapiro $.$?{auth_type}(authenticated) 246838032Speter $.by $j ($v/$Z)$?r with $r$. id $i$?u 246938032Speter for $u; $|; 247038032Speter $.$b] 247138032Speter The format of the Received: header 247238032Speter in messages passed through this host. 247338032Speter It is unwise to try to change this. 247464562SgshapiroconfCW_FILE Fw class [/etc/mail/local-host-names] Name 247564562Sgshapiro of file used to get the local 247664562Sgshapiro additions to class {w} (local host 247764562Sgshapiro names). 247864562SgshapiroconfCT_FILE Ft class [/etc/mail/trusted-users] Name of 247964562Sgshapiro file used to get the local additions 248064562Sgshapiro to class {t} (trusted users). 248138032SpeterconfCR_FILE FR class [/etc/mail/relay-domains] Name of 248238032Speter file used to get the local additions 248364562Sgshapiro to class {R} (hosts allowed to relay). 248438032SpeterconfTRUSTED_USERS Ct class [no default] Names of users to add to 248538032Speter the list of trusted users. This list 248638032Speter always includes root, uucp, and daemon. 248743730Speter See also FEATURE(`use_ct_file'). 248864562SgshapiroconfTRUSTED_USER TrustedUser [no default] Trusted user for file 248964562Sgshapiro ownership and starting the daemon. 249064562Sgshapiro Not to be confused with 249164562Sgshapiro confTRUSTED_USERS (see above). 249238032SpeterconfSMTP_MAILER - [esmtp] The mailer name used when 249338032Speter SMTP connectivity is required. 249464562Sgshapiro One of "smtp", "smtp8", 249564562Sgshapiro "esmtp", or "dsmtp". 249638032SpeterconfUUCP_MAILER - [uucp-old] The mailer to be used by 249738032Speter default for bang-format recipient 249838032Speter addresses. See also discussion of 249964562Sgshapiro class {U}, class {Y}, and class {Z} 250064562Sgshapiro in the MAILER(`uucp') section. 250138032SpeterconfLOCAL_MAILER - [local] The mailer name used when 250238032Speter local connectivity is required. 250338032Speter Almost always "local". 250438032SpeterconfRELAY_MAILER - [relay] The default mailer name used 250538032Speter for relaying any mail (e.g., to a 250638032Speter BITNET_RELAY, a SMART_HOST, or 250738032Speter whatever). This can reasonably be 250838032Speter "uucp-new" if you are on a 250938032Speter UUCP-connected site. 251038032SpeterconfSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 251138032SpeterconfEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 251238032SpeterconfALIAS_WAIT AliasWait [10m] Time to wait for alias file 251338032Speter rebuild until you get bored and 251438032Speter decide that the apparently pending 251538032Speter rebuild failed. 251638032SpeterconfMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 251738032Speter queue filesystem to accept SMTP mail. 251838032Speter (Prior to 8.7 this was minfree/maxsize, 251938032Speter where minfree was the number of free 252038032Speter blocks and maxsize was the maximum 252138032Speter message size. Use confMAX_MESSAGE_SIZE 252238032Speter for the second value now.) 252338032SpeterconfMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 252438032Speter that will be accepted (in bytes). 252538032SpeterconfBLANK_SUB BlankSub [.] Blank (space) substitution 252638032Speter character. 252738032SpeterconfCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 252864562Sgshapiro to mailers marked expensive. 252938032SpeterconfCHECKPOINT_INTERVAL CheckpointInterval 253038032Speter [10] Checkpoint queue files every N 253138032Speter recipients. 253238032SpeterconfDELIVERY_MODE DeliveryMode [background] Default delivery mode. 253338032SpeterconfAUTO_REBUILD AutoRebuildAliases 253438032Speter [False] Automatically rebuild alias 253538032Speter file if needed. 253664562Sgshapiro There is a potential for a denial 253764562Sgshapiro of service attack if this is set. 253864562Sgshapiro This option is deprecated and will 253964562Sgshapiro be removed from a future version. 254038032SpeterconfERROR_MODE ErrorMode [print] Error message mode. 254138032SpeterconfERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 254242575SpeterconfSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 254338032SpeterconfTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 254438032SpeterconfMATCH_GECOS MatchGECOS [False] Match GECOS field. 254538032SpeterconfMAX_HOP MaxHopCount [25] Maximum hop count. 254664562SgshapiroconfIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd 254764562Sgshapiro mode] Ignore dot as terminator for 254864562Sgshapiro incoming messages? 254938032SpeterconfBIND_OPTS ResolverOptions [undefined] Default options for DNS 255038032Speter resolver. 255138032SpeterconfMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 255238032Speter encapsulated messages per RFC 1344. 255338032SpeterconfFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 255438032Speter The colon-separated list of places to 255538032Speter search for .forward files. N.B.: see 255638032Speter the Security Notes section. 255738032SpeterconfMCI_CACHE_SIZE ConnectionCacheSize 255838032Speter [2] Size of open connection cache. 255938032SpeterconfMCI_CACHE_TIMEOUT ConnectionCacheTimeout 256038032Speter [5m] Open connection cache timeout. 256138032SpeterconfHOST_STATUS_DIRECTORY HostStatusDirectory 256238032Speter [undefined] If set, host status is kept 256338032Speter on disk between sendmail runs in the 256438032Speter named directory tree. This need not be 256538032Speter a full pathname, in which case it is 256638032Speter interpreted relative to the queue 256738032Speter directory. 256838032SpeterconfSINGLE_THREAD_DELIVERY SingleThreadDelivery 256938032Speter [False] If this option and the 257038032Speter HostStatusDirectory option are both 257138032Speter set, single thread deliveries to other 257238032Speter hosts. That is, don't allow any two 257338032Speter sendmails on this host to connect 257438032Speter simultaneously to any other single 257538032Speter host. This can slow down delivery in 257638032Speter some cases, in particular since a 257738032Speter cached but otherwise idle connection 257838032Speter to a host will prevent other sendmails 257938032Speter from connecting to the other host. 258064562SgshapiroconfUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to 258138032Speter deliver error messages. This should 258238032Speter not be necessary because of general 258338032Speter acceptance of the envelope/header 258438032Speter distinction. 258538032SpeterconfLOG_LEVEL LogLevel [9] Log level. 258664562SgshapiroconfME_TOO MeToo [True] Include sender in group 258764562Sgshapiro expansions. This option is 258864562Sgshapiro deprecated and will be removed from 258964562Sgshapiro a future version. 259038032SpeterconfCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 259138032Speter running newaliases. Since this does 259238032Speter DNS lookups on every address, it can 259338032Speter slow down the alias rebuild process 259438032Speter considerably on large alias files. 259538032SpeterconfOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 259638032Speter special chars are old style. 259764562SgshapiroconfCLIENT_OPTIONS ClientPortOptions 259864562Sgshapiro [none] Options for outgoing SMTP client 259964562Sgshapiro connections. 260038032SpeterconfPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 260138032SpeterconfCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 260238032Speter copies of all error messages. 260338032SpeterconfQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 260438032SpeterconfDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 260538032Speter syntax addresses to the minimum 260638032Speter possible. 260738032SpeterconfSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 260838032Speter before forking. 260938032SpeterconfTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 261038032Speter on the initial connect. 261138032SpeterconfTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 261238032Speter connect() to complete. This can only 261338032Speter shorten connection timeouts; the kernel 261438032Speter silently enforces an absolute maximum 261538032Speter (which varies depending on the system). 261638032SpeterconfTO_ICONNECT Timeout.iconnect 261738032Speter [undefined] Like Timeout.connect, but 261838032Speter applies only to the very first attempt 261938032Speter to connect to a host in a message. 262038032Speter This allows a single very fast pass 262138032Speter followed by more careful delivery 262238032Speter attempts in the future. 262338032SpeterconfTO_HELO Timeout.helo [5m] The timeout waiting for a response 262438032Speter to a HELO or EHLO command. 262538032SpeterconfTO_MAIL Timeout.mail [10m] The timeout waiting for a 262638032Speter response to the MAIL command. 262738032SpeterconfTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 262838032Speter to the RCPT command. 262938032SpeterconfTO_DATAINIT Timeout.datainit 263038032Speter [5m] The timeout waiting for a 354 263138032Speter response from the DATA command. 263238032SpeterconfTO_DATABLOCK Timeout.datablock 263338032Speter [1h] The timeout waiting for a block 263438032Speter during DATA phase. 263538032SpeterconfTO_DATAFINAL Timeout.datafinal 263638032Speter [1h] The timeout waiting for a response 263738032Speter to the final "." that terminates a 263838032Speter message. 263938032SpeterconfTO_RSET Timeout.rset [5m] The timeout waiting for a response 264038032Speter to the RSET command. 264138032SpeterconfTO_QUIT Timeout.quit [2m] The timeout waiting for a response 264238032Speter to the QUIT command. 264338032SpeterconfTO_MISC Timeout.misc [2m] The timeout waiting for a response 264438032Speter to other SMTP commands. 264564562SgshapiroconfTO_COMMAND Timeout.command [1h] In server SMTP, the timeout 264664562Sgshapiro waiting for a command to be issued. 264764562SgshapiroconfTO_IDENT Timeout.ident [5s] The timeout waiting for a 264864562Sgshapiro response to an IDENT query. 264938032SpeterconfTO_FILEOPEN Timeout.fileopen 265038032Speter [60s] The timeout waiting for a file 265138032Speter (e.g., :include: file) to be opened. 265264562SgshapiroconfTO_CONTROL Timeout.control 265364562Sgshapiro [2m] The timeout for a complete 265464562Sgshapiro control socket transaction to complete. 265538032SpeterconfTO_QUEUERETURN Timeout.queuereturn 265638032Speter [5d] The timeout before a message is 265738032Speter returned as undeliverable. 265838032SpeterconfTO_QUEUERETURN_NORMAL 265938032Speter Timeout.queuereturn.normal 266038032Speter [undefined] As above, for normal 266138032Speter priority messages. 266238032SpeterconfTO_QUEUERETURN_URGENT 266338032Speter Timeout.queuereturn.urgent 266438032Speter [undefined] As above, for urgent 266538032Speter priority messages. 266638032SpeterconfTO_QUEUERETURN_NONURGENT 266738032Speter Timeout.queuereturn.non-urgent 266838032Speter [undefined] As above, for non-urgent 266938032Speter (low) priority messages. 267038032SpeterconfTO_QUEUEWARN Timeout.queuewarn 267138032Speter [4h] The timeout before a warning 267238032Speter message is sent to the sender telling 267364562Sgshapiro them that the message has been 267464562Sgshapiro deferred. 267538032SpeterconfTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 267638032Speter [undefined] As above, for normal 267738032Speter priority messages. 267838032SpeterconfTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 267938032Speter [undefined] As above, for urgent 268038032Speter priority messages. 268138032SpeterconfTO_QUEUEWARN_NONURGENT 268238032Speter Timeout.queuewarn.non-urgent 268338032Speter [undefined] As above, for non-urgent 268438032Speter (low) priority messages. 268538032SpeterconfTO_HOSTSTATUS Timeout.hoststatus 268638032Speter [30m] How long information about host 268738032Speter statuses will be maintained before it 268838032Speter is considered stale and the host should 268938032Speter be retried. This applies both within 269038032Speter a single queue run and to persistent 269138032Speter information (see below). 269264562SgshapiroconfTO_RESOLVER_RETRANS Timeout.resolver.retrans 269364562Sgshapiro [varies] Sets the resolver's 269464562Sgshapiro retransmition time interval (in 269564562Sgshapiro seconds). Sets both 269664562Sgshapiro Timeout.resolver.retrans.first and 269764562Sgshapiro Timeout.resolver.retrans.normal. 269864562SgshapiroconfTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 269964562Sgshapiro [varies] Sets the resolver's 270064562Sgshapiro retransmition time interval (in 270164562Sgshapiro seconds) for the first attempt to 270264562Sgshapiro deliver a message. 270364562SgshapiroconfTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 270464562Sgshapiro [varies] Sets the resolver's 270564562Sgshapiro retransmition time interval (in 270664562Sgshapiro seconds) for all resolver lookups 270764562Sgshapiro except the first delivery attempt. 270864562SgshapiroconfTO_RESOLVER_RETRY Timeout.resolver.retry 270964562Sgshapiro [varies] Sets the number of times 271064562Sgshapiro to retransmit a resolver query. 271164562Sgshapiro Sets both 271264562Sgshapiro Timeout.resolver.retry.first and 271364562Sgshapiro Timeout.resolver.retry.normal. 271464562SgshapiroconfTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 271564562Sgshapiro [varies] Sets the number of times 271664562Sgshapiro to retransmit a resolver query for 271764562Sgshapiro the first attempt to deliver a 271864562Sgshapiro message. 271964562SgshapiroconfTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 272064562Sgshapiro [varies] Sets the number of times 272164562Sgshapiro to retransmit a resolver query for 272264562Sgshapiro all resolver lookups except the 272364562Sgshapiro first delivery attempt. 272438032SpeterconfTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 272538032Speter USE_SYSTEM to use the system's idea, 272638032Speter USE_TZ to use the user's TZ envariable, 272738032Speter or something else to force that value. 272838032SpeterconfDEF_USER_ID DefaultUser [1:1] Default user id. 272938032SpeterconfUSERDB_SPEC UserDatabaseSpec 273064562Sgshapiro [undefined] User database 273164562Sgshapiro specification. 273238032SpeterconfFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 273364562SgshapiroconfTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX 273464562Sgshapiro for a host and other arrangements 273564562Sgshapiro haven't been made, try connecting 273664562Sgshapiro to the host directly; normally this 273764562Sgshapiro would be a config error. 273864562SgshapiroconfQUEUE_LA QueueLA [varies] Load average at which 273964562Sgshapiro queue-only function kicks in. 274064562Sgshapiro Default values is (8 * numproc) 274164562Sgshapiro where numproc is the number of 274264562Sgshapiro processors online (if that can be 274364562Sgshapiro determined). 274464562SgshapiroconfREFUSE_LA RefuseLA [varies] Load average at which 274564562Sgshapiro incoming SMTP connections are 274664562Sgshapiro refused. Default values is (12 * 274764562Sgshapiro numproc) where numproc is the 274864562Sgshapiro number of processors online (if 274964562Sgshapiro that can be determined). 275064562SgshapiroconfMAX_ALIAS_RECURSION MaxAliasRecursion 275164562Sgshapiro [10] Maximum depth of alias recursion. 275238032SpeterconfMAX_DAEMON_CHILDREN MaxDaemonChildren 275338032Speter [undefined] The maximum number of 275438032Speter children the daemon will permit. After 275538032Speter this number, connections will be 275638032Speter rejected. If not set or <= 0, there is 275738032Speter no limit. 275864562SgshapiroconfMAX_HEADERS_LENGTH MaxHeadersLength 275964562Sgshapiro [undefined] Maximum length of the sum 276064562Sgshapiro of all headers. 276164562SgshapiroconfMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 276264562Sgshapiro [undefined] Maximum length of 276364562Sgshapiro certain MIME header field values. 276438032SpeterconfCONNECTION_RATE_THROTTLE ConnectionRateThrottle 276538032Speter [undefined] The maximum number of 276638032Speter connections permitted per second. 276738032Speter After this many connections are 276838032Speter accepted, further connections will be 276938032Speter delayed. If not set or <= 0, there is 277038032Speter no limit. 277138032SpeterconfWORK_RECIPIENT_FACTOR 277238032Speter RecipientFactor [30000] Cost of each recipient. 277364562SgshapiroconfSEPARATE_PROC ForkEachJob [False] Run all deliveries in a 277464562Sgshapiro separate process. 277538032SpeterconfWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 277638032SpeterconfWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 277738032SpeterconfQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 277864562Sgshapiro Priority, Host, Filename, or Time. 277938032SpeterconfMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 278038032Speter must sit in the queue between queue 278138032Speter runs. This allows you to set the 278238032Speter queue run interval low for better 278338032Speter responsiveness without trying all 278438032Speter jobs in each run. 278538032SpeterconfDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 278638032Speter unlabeled 8 bit input to MIME, the 278738032Speter character set to use by default. 278838032SpeterconfSERVICE_SWITCH_FILE ServiceSwitchFile 278964562Sgshapiro [/etc/mail/service.switch] The file 279064562Sgshapiro to use for the service switch on 279164562Sgshapiro systems that do not have a 279264562Sgshapiro system-defined switch. 279338032SpeterconfHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 279438032Speter "file" type access of hosts names. 279538032SpeterconfDIAL_DELAY DialDelay [0s] If a connection fails, wait this 279638032Speter long and try again. Zero means "don't 279738032Speter retry". This is to allow "dial on 279838032Speter demand" connections to have enough time 279938032Speter to complete a connection. 280038032SpeterconfNO_RCPT_ACTION NoRecipientAction 280138032Speter [none] What to do if there are no legal 280238032Speter recipient fields (To:, Cc: or Bcc:) 280338032Speter in the message. Legal values can 280438032Speter be "none" to just leave the 280538032Speter nonconforming message as is, "add-to" 280638032Speter to add a To: header with all the 280738032Speter known recipients (which may expose 280838032Speter blind recipients), "add-apparently-to" 280938032Speter to do the same but use Apparently-To: 281038032Speter instead of To:, "add-bcc" to add an 281138032Speter empty Bcc: header, or 281238032Speter "add-to-undisclosed" to add the header 281338032Speter ``To: undisclosed-recipients:;''. 281438032SpeterconfSAFE_FILE_ENV SafeFileEnvironment 281538032Speter [undefined] If set, sendmail will do a 281638032Speter chroot() into this directory before 281738032Speter writing files. 281838032SpeterconfCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 281938032Speter If set, colons are treated as a regular 282038032Speter character in addresses. If not set, 282138032Speter they are treated as the introducer to 282238032Speter the RFC 822 "group" syntax. Colons are 282338032Speter handled properly in route-addrs. This 282438032Speter option defaults on for V5 and lower 282538032Speter configuration files. 282638032SpeterconfMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 282738032Speter any given queue run to this number of 282838032Speter entries. Essentially, this will stop 282964562Sgshapiro reading each queue directory after this 283038032Speter number of entries are reached; it does 283138032Speter _not_ pick the highest priority jobs, 283238032Speter so this should be as large as your 283338032Speter system can tolerate. If not set, there 283438032Speter is no limit. 283538032SpeterconfDONT_EXPAND_CNAMES DontExpandCnames 283638032Speter [False] If set, $[ ... $] lookups that 283738032Speter do DNS based lookups do not expand 283838032Speter CNAME records. This currently violates 283938032Speter the published standards, but the IETF 284038032Speter seems to be moving toward legalizing 284138032Speter this. For example, if "FTP.Foo.ORG" 284238032Speter is a CNAME for "Cruft.Foo.ORG", then 284338032Speter with this option set a lookup of 284438032Speter "FTP" will return "FTP.Foo.ORG"; if 284538032Speter clear it returns "Cruft.FOO.ORG". N.B. 284638032Speter you may not see any effect until your 284738032Speter downstream neighbors stop doing CNAME 284838032Speter lookups as well. 284964562SgshapiroconfFROM_LINE UnixFromLine [From $g $d] The From_ line used 285038032Speter when sending to files or programs. 285138032SpeterconfSINGLE_LINE_FROM_HEADER SingleLineFromHeader 285238032Speter [False] From: lines that have 285338032Speter embedded newlines are unwrapped 285438032Speter onto one line. 285538032SpeterconfALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 285638032Speter does not include a host name. 285738032SpeterconfMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 285838032Speter name phrase (@,;:\()[] are automatic). 285938032SpeterconfOPERATORS OperatorChars [.:%@!^/[]+] Address operator 286038032Speter characters. 286138032SpeterconfSMTP_LOGIN_MSG SmtpGreetingMessage 286238032Speter [$j Sendmail $v/$Z; $b] 286338032Speter The initial (spontaneous) SMTP 286438032Speter greeting message. The word "ESMTP" 286538032Speter will be inserted between the first and 286638032Speter second words to convince other 286738032Speter sendmails to try to speak ESMTP. 286838032SpeterconfDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 286938032Speter routine will never be invoked. You 287038032Speter might want to do this if you are 287138032Speter running NIS and you have a large group 287238032Speter map, since this call does a sequential 287338032Speter scan of the map; in a large site this 287438032Speter can cause your ypserv to run 287538032Speter essentially full time. If you set 287638032Speter this, agents run on behalf of users 287738032Speter will only have their primary 287838032Speter (/etc/passwd) group permissions. 287938032SpeterconfUNSAFE_GROUP_WRITES UnsafeGroupWrites 288038032Speter [False] If set, group-writable 288138032Speter :include: and .forward files are 288238032Speter considered "unsafe", that is, programs 288338032Speter and files cannot be directly referenced 288438032Speter from such files. World-writable files 288538032Speter are always considered unsafe. 288664562SgshapiroconfCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection 288764562Sgshapiro address (for testing). 288864562SgshapiroconfCONTROL_SOCKET_NAME ControlSocketName 288964562Sgshapiro [undefined] Control socket for daemon 289064562Sgshapiro management. 289138032SpeterconfDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 289238032Speter [postmaster] If an error occurs when 289338032Speter sending an error message, send that 289438032Speter "double bounce" error message to this 289538032Speter address. 289664562SgshapiroconfDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce 289764562Sgshapiro messages which could not be returned 289864562Sgshapiro to the user or sent to postmaster. 289964562Sgshapiro If not set, the queue file will 290064562Sgshapiro be renamed. 290164562SgshapiroconfRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header 290264562Sgshapiro implies DSN request. 290338032SpeterconfRUN_AS_USER RunAsUser [undefined] If set, become this user 290438032Speter when reading and delivering mail. 290538032Speter Causes all file reads (e.g., .forward 290638032Speter and :include: files) to be done as 290738032Speter this user. Also, all programs will 290838032Speter be run as this user, and all output 290938032Speter files will be written as this user. 291038032Speter Intended for use only on firewalls 291138032Speter where users do not have accounts. 291238032SpeterconfMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 291338032Speter [infinite] If set, allow no more than 291438032Speter the specified number of recipients in 291538032Speter an SMTP envelope. Further recipients 291638032Speter receive a 452 error code (i.e., they 291738032Speter are deferred for the next delivery 291838032Speter attempt). 291938032SpeterconfDONT_PROBE_INTERFACES DontProbeInterfaces 292038032Speter [False] If set, sendmail will _not_ 292138032Speter insert the names and addresses of any 292264562Sgshapiro local interfaces into class {w} 292338032Speter (list of known "equivalent" addresses). 292438032Speter If you set this, you must also include 292538032Speter some support for these addresses (e.g., 292638032Speter in a mailertable entry) -- otherwise, 292738032Speter mail to addresses in this list will 292838032Speter bounce with a configuration error. 292964562SgshapiroconfPID_FILE PidFile [system dependent] Location of pid 293064562Sgshapiro file. 293164562SgshapiroconfPROCESS_TITLE_PREFIX ProcessTitlePrefix 293264562Sgshapiro [undefined] Prefix string for the 293364562Sgshapiro process title shown on 'ps' listings. 293438032SpeterconfDONT_BLAME_SENDMAIL DontBlameSendmail 293538032Speter [safe] Override sendmail's file 293638032Speter safety checks. This will definitely 293738032Speter compromise system security and should 293838032Speter not be used unless absolutely 293938032Speter necessary. 294038032SpeterconfREJECT_MSG - [550 Access denied] The message 294138032Speter given if the access database contains 294238032Speter REJECT in the value portion. 294364562SgshapiroconfDF_BUFFER_SIZE DataFileBufferSize 294464562Sgshapiro [4096] The maximum size of a 294564562Sgshapiro memory-buffered data (df) file 294664562Sgshapiro before a disk-based file is used. 294764562SgshapiroconfXF_BUFFER_SIZE XScriptFileBufferSize 294864562Sgshapiro [4096] The maximum size of a 294964562Sgshapiro memory-buffered transcript (xf) 295064562Sgshapiro file before a disk-based file is 295164562Sgshapiro used. 295264562SgshapiroconfAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5 295364562Sgshapiro CRAM-MD5] List of authentication 295464562Sgshapiro mechanisms for AUTH (separated by 295564562Sgshapiro spaces). The advertised list of 295664562Sgshapiro authentication mechanisms will be the 295764562Sgshapiro intersection of this list and the list 295864562Sgshapiro of available mechanisms as determined 295964562Sgshapiro by the CYRUS SASL library. 296064562SgshapiroconfDEF_AUTH_INFO DefaultAuthInfo [undefined] Filename that contains 296164562Sgshapiro authentication information for 296264562Sgshapiro outgoing connections. This file 296364562Sgshapiro must contain the user id, the 296464562Sgshapiro authorization id, the password 296564562Sgshapiro (plain text), and the realm to use, 296664562Sgshapiro each on a separate line and must be 296764562Sgshapiro readable by root (or the trusted 296864562Sgshapiro user) only. If no realm is 296964562Sgshapiro specified, $j is used. 297038032Speter 297164562Sgshapiro NOTE: Currently, AuthMechanisms is 297264562Sgshapiro used to determine the list of 297364562Sgshapiro mechanisms to use on an outgoing 297464562Sgshapiro connection. Sites which require a 297564562Sgshapiro different list of mechanisms for 297664562Sgshapiro incoming connections and outgoing 297764562Sgshapiro connections will have the ability 297864562Sgshapiro to do this in 8.11 by specifying a 297964562Sgshapiro list of mechanisms as the fifth 298064562Sgshapiro line of the DefaultAuthInfo file. 298164562Sgshapiro If no mechanisms are given in the 298264562Sgshapiro file, AuthMechanisms is used. The 298364562Sgshapiro code for doing so is included as 298464562Sgshapiro in the sendmail source code but 298564562Sgshapiro disabled. It can be enabled by 298664562Sgshapiro recompiling sendmail with: 298764562Sgshapiro -D_FFR_DEFAUTHINFO_MECHS 298864562SgshapiroconfAUTH_OPTIONS AuthOptions [undefined] If this options is 'A' 298964562Sgshapiro then the AUTH= parameter for the 299064562Sgshapiro MAIL FROM command is only issued 299164562Sgshapiro when authentication succeeded. 299264562SgshapiroconfLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map 299364562Sgshapiro specification for LDAP maps. The 299464562Sgshapiro value should only contain LDAP 299564562Sgshapiro specific settings such as "-h host 299664562Sgshapiro -p port -d bindDN", etc. The 299764562Sgshapiro settings will be used for all LDAP 299864562Sgshapiro maps unless they are specified in 299964562Sgshapiro the individual map specification 300064562Sgshapiro ('K' command). 300164562SgshapiroconfCACERT_PATH CACERTPath [undefined] Path to directory 300264562Sgshapiro with certs of CAs. 300364562SgshapiroconfCACERT CACERTFile [undefined] File containing one CA 300464562Sgshapiro cert. 300564562SgshapiroconfSERVER_CERT ServerCertFile [undefined] File containing the 300664562Sgshapiro cert of the server, i.e., this cert 300764562Sgshapiro is used when sendmail acts as 300864562Sgshapiro server. 300964562SgshapiroconfSERVER_KEY ServerKeyFile [undefined] File containing the 301064562Sgshapiro private key belonging to the server 301164562Sgshapiro cert. 301264562SgshapiroconfCLIENT_CERT ClientCertFile [undefined] File containing the 301364562Sgshapiro cert of the client, i.e., this cert 301464562Sgshapiro is used when sendmail acts as 301564562Sgshapiro client. 301664562SgshapiroconfCLIENT_KEY ClientKeyFile [undefined] File containing the 301764562Sgshapiro private key belonging to the client 301864562Sgshapiro cert. 301964562SgshapiroconfDH_PARAMETERS DHParameters [undefined] File containing the 302064562Sgshapiro DH parameters. 302164562SgshapiroconfRAND_FILE RandFile [undefined] File containing random 302266494Sgshapiro data (use prefix file:) or the 302366494Sgshapiro name of the UNIX socket if EGD is 302466494Sgshapiro used (use prefix egd:). STARTTLS 302566494Sgshapiro requires this option if the compile 302666494Sgshapiro flag HASURANDOM is not set (see 302764562Sgshapiro sendmail/README). 302864562Sgshapiro 302938032SpeterSee also the description of OSTYPE for some parameters that can be 303038032Spetertweaked (generally pathnames to mailers). 303138032Speter 303264562SgshapiroDaemonPortOptions are a special case since multiple daemons can be 303364562Sgshapirodefined. This can be done via 303438032Speter 303564562Sgshapiro DAEMON_OPTIONS(`field1=value1,field2=value2,...') 303664562Sgshapiro 303764562SgshapiroIf DAEMON_OPTIONS is not used, then the default is 303864562Sgshapiro 303964562Sgshapiro DAEMON_OPTIONS(`Port=smtp, Name=MTA') 304064562Sgshapiro DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') 304164562Sgshapiro 304264562SgshapiroIf you use one DAEMON_OPTIONS macro, it will alter the parameters 304364562Sgshapiroof the first of these. The second will still be defaulted; it 304464562Sgshapirorepresents a "Message Submission Agent" (MSA) as defined by RFC 304564562Sgshapiro2476 (see below). To turn off the default definition for the MSA, 304664562Sgshapirouse FEATURE(`no_default_msa') (see also FEATURES). If you use 304764562Sgshapiroadditional DAEMON_OPTIONS macros, they will add additional daemons. 304864562Sgshapiro 304964562SgshapiroExample 1: To change the port for the SMTP listener, while 305064562Sgshapirostill using the MSA default, use 305164562Sgshapiro DAEMON_OPTIONS(`Port=925, Name=MTA') 305264562Sgshapiro 305364562SgshapiroExample 2: To change the port for the MSA daemon, while still 305464562Sgshapirousing the default SMTP port, use 305564562Sgshapiro FEATURE(`no_default_msa') 305664562Sgshapiro DAEMON_OPTIONS(`Name=MTA') 305764562Sgshapiro DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') 305864562Sgshapiro 305964562SgshapiroNote that if the first of those DAEMON_OPTIONS lines were omitted, then 306064562Sgshapirothere would be no listener on the standard SMTP port. 306164562Sgshapiro 306264562SgshapiroExample 3: To listen on both IPv4 and IPv6 interfaces, use 306364562Sgshapiro 306464562Sgshapiro DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') 306564562Sgshapiro DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') 306664562Sgshapiro 306764562SgshapiroA "Message Submission Agent" still uses all of the same rulesets for 306864562Sgshapiroprocessing the message (and therefore still allows message rejection via 306964562Sgshapirothe check_* rulesets). In accordance with the RFC, the MSA will ensure 307064562Sgshapirothat all domains in the envelope are fully qualified if the message is 307164562Sgshapirorelayed to another MTA. It will also enforce the normal address syntax 307264562Sgshapirorules and log error messages. Additionally, by using the M=a modifier 307364562Sgshapiroyou can require authentication before messages are accepted by the MSA. 307464562SgshapiroFinally, the M=E modifier shown above disables ETRN as required by RFC 307564562Sgshapiro2476. 307664562Sgshapiro 307764562Sgshapiro 307838032Speter+-----------+ 307938032Speter| HIERARCHY | 308038032Speter+-----------+ 308138032Speter 308238032SpeterWithin this directory are several subdirectories, to wit: 308338032Speter 308438032Speterm4 General support routines. These are typically 308538032Speter very important and should not be changed without 308638032Speter very careful consideration. 308738032Speter 308838032Spetercf The configuration files themselves. They have 308938032Speter ".mc" suffixes, and must be run through m4 to 309038032Speter become complete. The resulting output should 309138032Speter have a ".cf" suffix. 309238032Speter 309338032Speterostype Definitions describing a particular operating 309438032Speter system type. These should always be referenced 309538032Speter using the OSTYPE macro in the .mc file. Examples 309638032Speter include "bsd4.3", "bsd4.4", "sunos3.5", and 309738032Speter "sunos4.1". 309838032Speter 309938032Speterdomain Definitions describing a particular domain, referenced 310038032Speter using the DOMAIN macro in the .mc file. These are 310138032Speter site dependent; for example, "CS.Berkeley.EDU.m4" 310238032Speter describes hosts in the CS.Berkeley.EDU subdomain. 310338032Speter 310466494Sgshapiromailer Descriptions of mailers. These are referenced using 310538032Speter the MAILER macro in the .mc file. 310638032Speter 310738032Spetersh Shell files used when building the .cf file from the 310838032Speter .mc file in the cf subdirectory. 310938032Speter 311038032Speterfeature These hold special orthogonal features that you might 311138032Speter want to include. They should be referenced using 311238032Speter the FEATURE macro. 311338032Speter 311438032Speterhack Local hacks. These can be referenced using the HACK 311538032Speter macro. They shouldn't be of more than voyeuristic 311638032Speter interest outside the .Berkeley.EDU domain, but who knows? 311738032Speter 311838032Spetersiteconfig Site configuration -- e.g., tables of locally connected 311938032Speter UUCP sites. 312038032Speter 312138032Speter 312238032Speter+------------------------+ 312338032Speter| ADMINISTRATIVE DETAILS | 312438032Speter+------------------------+ 312538032Speter 312638032SpeterThe following sections detail usage of certain internal parts of the 312738032Spetersendmail.cf file. Read them carefully if you are trying to modify 312838032Speterthe current model. If you find the above descriptions adequate, these 312938032Spetershould be {boring, confusing, tedious, ridiculous} (pick one or more). 313038032Speter 313138032SpeterRULESETS (* means built in to sendmail) 313238032Speter 313338032Speter 0 * Parsing 313438032Speter 1 * Sender rewriting 313538032Speter 2 * Recipient rewriting 313638032Speter 3 * Canonicalization 313738032Speter 4 * Post cleanup 313838032Speter 5 * Local address rewrite (after aliasing) 313938032Speter 1x mailer rules (sender qualification) 314038032Speter 2x mailer rules (recipient qualification) 314138032Speter 3x mailer rules (sender header qualification) 314238032Speter 4x mailer rules (recipient header qualification) 314338032Speter 5x mailer subroutines (general) 314438032Speter 6x mailer subroutines (general) 314538032Speter 7x mailer subroutines (general) 314638032Speter 8x reserved 314738032Speter 90 Mailertable host stripping 314838032Speter 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 314938032Speter 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 315038032Speter 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 315138032Speter 99 Guaranteed null (for debugging) 315238032Speter 315338032Speter 315438032SpeterMAILERS 315538032Speter 315638032Speter 0 local, prog local and program mailers 315738032Speter 1 [e]smtp, relay SMTP channel 315838032Speter 2 uucp-* UNIX-to-UNIX Copy Program 315938032Speter 3 netnews Network News delivery 316038032Speter 4 fax Sam Leffler's HylaFAX software 316138032Speter 5 mail11 DECnet mailer 316238032Speter 316338032Speter 316438032SpeterMACROS 316538032Speter 316638032Speter A 316738032Speter B Bitnet Relay 316838032Speter C DECnet Relay 316938032Speter D The local domain -- usually not needed 317038032Speter E reserved for X.400 Relay 317138032Speter F FAX Relay 317238032Speter G 317338032Speter H mail Hub (for mail clusters) 317438032Speter I 317538032Speter J 317638032Speter K 317738032Speter L Luser Relay 317864562Sgshapiro M Masquerade (who you claim to be) 317938032Speter N 318038032Speter O 318138032Speter P 318238032Speter Q 318338032Speter R Relay (for unqualified names) 318438032Speter S Smart Host 318538032Speter T 318664562Sgshapiro U my UUCP name (if you have a UUCP connection) 318764562Sgshapiro V UUCP Relay (class {V} hosts) 318864562Sgshapiro W UUCP Relay (class {W} hosts) 318964562Sgshapiro X UUCP Relay (class {X} hosts) 319038032Speter Y UUCP Relay (all other hosts) 319138032Speter Z Version number 319238032Speter 319338032Speter 319438032SpeterCLASSES 319538032Speter 319638032Speter A 319738032Speter B domains that are candidates for bestmx lookup 319838032Speter C 319938032Speter D 320038032Speter E addresses that should not seem to come from $M 320164562Sgshapiro F hosts this system forward for 320238032Speter G domains that should be looked up in genericstable 320338032Speter H 320438032Speter I 320538032Speter J 320638032Speter K 320738032Speter L addresses that should not be forwarded to $R 320838032Speter M domains that should be mapped to $M 320964562Sgshapiro N host/domains that should not be mapped to $M 321038032Speter O operators that indicate network operations (cannot be in local names) 321138032Speter P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 321238032Speter Q 321364562Sgshapiro R domains this system is willing to relay (pass anti-spam filters) 321438032Speter S 321538032Speter T 321638032Speter U locally connected UUCP hosts 321738032Speter V UUCP hosts connected to relay $V 321838032Speter W UUCP hosts connected to relay $W 321938032Speter X UUCP hosts connected to relay $X 322038032Speter Y locally connected smart UUCP hosts 322138032Speter Z locally connected domain-ized UUCP hosts 322238032Speter . the class containing only a dot 322338032Speter [ the class containing only a left bracket 322438032Speter 322538032Speter 322638032SpeterM4 DIVERSIONS 322738032Speter 322838032Speter 1 Local host detection and resolution 322938032Speter 2 Local Ruleset 3 additions 323038032Speter 3 Local Ruleset 0 additions 323138032Speter 4 UUCP Ruleset 0 additions 323238032Speter 5 locally interpreted names (overrides $R) 323338032Speter 6 local configuration (at top of file) 323438032Speter 7 mailer definitions 323564562Sgshapiro 8 DNS based blacklists 323638032Speter 9 special local rulesets (1 and 2) 323764562Sgshapiro 323866494Sgshapiro$Revision: 8.383.2.1.2.24 $, Last updated $Date: 2000/09/24 02:05:54 $ 3239