README revision 38032
1 2 3 NEW SENDMAIL CONFIGURATION FILES 4 5 Eric Allman <eric@Sendmail.ORG> 6 7 @(#)README 8.174 (Berkeley) 6/30/98 8 9 10This document describes the sendmail configuration files being used 11at Berkeley. These use features in the new (R8) sendmail; they will 12not work on other versions. 13 14These configuration files are probably not as general as previous 15versions, and don't handle as many of the weird cases automagically. 16I was able to simplify them for two reasons. First, the network 17has become more consistent -- for example, at this point, everyone 18on the internet is supposed to be running a name server, so hacks to 19handle NIC-registered hosts can go away. Second, I assumed that a 20subdomain would be running SMTP internally -- UUCP is presumed to be 21a long-haul protocol. I realize that this is not universal, but it 22does describe the vast majority of sites with which I am familiar, 23including those outside the US. 24 25Of course, the downside of this is that if you do live in a weird 26world, things are going to get weirder for you. I'm sorry about that, 27but at the time we at Berkeley had a problem, and it seemed like the 28right thing to do. 29 30This package requires a post-V7 version of m4; if you are running the 314.2bsd, SysV.2, or 7th Edition version, I suggest finding a friend with 32a newer version. You can m4-expand on their system, then run locally. 33SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work. GNU m4 version 1.1 34or later also works. Unfortunately, I'm told that the M4 on BSDI 1.0 35doesn't work -- you'll have to use a Net/2 or GNU version. GNU m4 is 36available from ftp://ftp.gnu.org/pub/gnu/m4-1.4.tar.gz (check for 37the latest version). EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken 38(3.x is fine). Use GNU m4 on this platform. 39 40IF YOU DON'T HAVE A BERKELEY MAKE, don't despair! Just run 41"m4 ../m4/cf.m4 foo.mc > foo.cf" -- that should be all you need. 42There is also a fairly crude (but functional) Makefile.dist that works 43on the old version of make. 44 45To get started, you may want to look at tcpproto.mc (for TCP-only 46sites), uucpproto.mc (for UUCP-only sites), and clientproto.mc (for 47clusters of clients using a single mail host). Others are versions 48that we use at Berkeley, although not all are in current use. For 49example, ucbvax has gone away, but I've left ucbvax.mc in because 50it demonstrates some interesting techniques. 51 52I'm not pretending that this README describes everything that these 53configuration files can do; clever people can probably tweak them 54to great effect. But it should get you started. 55 56******************************************************************* 57*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 58*** Berkeley-specific assumptions built in, such as the name *** 59*** of our UUCP-relay. You'll want to create your own domain *** 60*** description, and use that in place of *** 61*** domain/Berkeley.EDU.m4. *** 62******************************************************************* 63 64 65+--------------------------+ 66| INTRODUCTION AND EXAMPLE | 67+--------------------------+ 68 69Configuration files are contained in the subdirectory "cf", with a 70suffix ".mc". They must be run through "m4" to produce a ".cf" file. 71You must pre-load "cf.m4": 72 73 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 74 75where ${CFDIR} is the root of the cf directory and config.mc is the 76name of your configuration file. If you are running a version of M4 77that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 78this, but the versions distributed with 4.4BSD and derivatives do not) 79or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 80For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 81use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 82 83 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 84 85Let's examine a typical .mc file: 86 87 divert(-1) 88 # 89 # Copyright (c) 1998 Sendmail, Inc. All rights reserved. 90 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 91 # Copyright (c) 1988, 1993 92 # The Regents of the University of California. All rights reserved. 93 # 94 # By using this file, you agree to the terms and conditions set 95 # forth in the LICENSE file which can be found at the top level of 96 # the sendmail distribution. 97 # 98 99 # 100 # This is a Berkeley-specific configuration file for HP-UX 9.x. 101 # It applies only to the Computer Science Division at Berkeley, 102 # and should not be used elsewhere. It is provided on the sendmail 103 # distribution as a sample only. To create your own configuration 104 # file, create an appropriate domain file in ../domain, change the 105 # `DOMAIN' macro below to reference that file, and copy the result 106 # to a name of your own choosing. 107 # 108 divert(0) 109 110The divert(-1) will delete the crud in the resulting output file. 111The copyright notice can be replaced by whatever your lawyers require; 112our lawyers require the one that I've included in my files. A copyleft 113is a copyright by another name. The divert(0) restores regular output. 114 115 VERSIONID(`<SCCS or RCS version id>') 116 117VERSIONID is a macro that stuffs the version information into the 118resulting file. We use SCCS; you could use RCS, something else, or 119omit it completely. This is not the same as the version id included 120in SMTP greeting messages -- this is defined in m4/version.m4. 121 122 OSTYPE(hpux9)dnl 123 124You must specify an OSTYPE to properly configure things such as the 125pathname of the help and status files, the flags needed for the local 126mailer, and other important things. If you omit it, you will get an 127error when you try to build the configuration. Look at the ostype 128directory for the list of known operating system types. 129 130 DOMAIN(CS.Berkeley.EDU)dnl 131 132This example is specific to the Computer Science Division at Berkeley. 133You can use "DOMAIN(generic)" to get a sufficiently bland definition 134that may well work for you, or you can create a customized domain 135definition appropriate for your environment. 136 137 MAILER(local) 138 MAILER(smtp) 139 140These describe the mailers used at the default CS site site. The 141local mailer is always included automatically. Beware: MAILER 142declarations should always be at the end of the configuration file, 143and MAILER(smtp) should always precede MAILER(uucp). The general 144rules are that the order should be: 145 146 VERSIONID 147 OSTYPE 148 DOMAIN 149 FEATURE 150 local macro definitions 151 MAILER 152 LOCAL_RULESET_* 153 154 155+----------------------------+ 156| A BRIEF INTRODUCTION TO M4 | 157+----------------------------+ 158 159Sendmail uses the M4 macro processor to ``compile'' the configuration 160files. The most important thing to know is that M4 is stream-based, 161that is, it doesn't understand about lines. For this reason, in some 162places you may see the word ``dnl'', which stands for ``delete 163through newline''; essentially, it deletes all characters starting 164at the ``dnl'' up to and including the next newline character. In 165most cases sendmail uses this only to avoid lots of unnecessary 166blank lines in the output. 167 168Other important directives are define(A, B) which defines the macro 169``A'' to have value ``B''. Macros are expanded as they are read, so 170one normally quotes both values to prevent expansion. For example, 171 172 define(`SMART_HOST', `smart.foo.com') 173 174One word of warning: M4 macros are expanded even in lines that appear 175to be comments. For example, if you have 176 177 # See FEATURE(foo) above 178 179it will not do what you expect, because the FEATURE(foo) will be 180expanded. This also applies to 181 182 # And then define the $X macro to be the return address 183 184because ``define'' is an M4 keyword. If you want to use them, surround 185them with directed quotes, `like this'. 186 187+----------------+ 188| FILE LOCATIONS | 189+----------------+ 190 191sendmail 8.9 has introduced a new configuration directory for sendmail 192related files, /etc/mail. The new files available for sendmail 8.9 -- 193the class 'R' /etc/mail/relay-domains and the access database 194/etc/mail/access -- take advantage of this new directory. 8.9 will 195serve as a transition release. Beginning with 8.10, all of the files 196will use this directory by default. 197 198+--------+ 199| OSTYPE | 200+--------+ 201 202You MUST define an operating system environment, or the configuration 203file build will puke. There are several environments available; look 204at the "ostype" directory for the current list. This macro changes 205things like the location of the alias file and queue directory. Some 206of these files are identical to one another. 207 208It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 209In general, the OSTYPE macro should go immediately after any version 210information, and MAILER definitions should always go last. 211 212Operating system definitions are usually easy to write. They may define 213the following variables (everything defaults, so an ostype file may be 214empty). Unfortunately, the list of configuration-supported systems is 215not as broad as the list of source-supported systems, since many of 216the source contributors do not include corresponding ostype files. 217 218ALIAS_FILE [/etc/aliases] The location of the text version 219 of the alias file(s). It can be a comma-separated 220 list of names (but be sure you quote values with 221 commas in them -- for example, use 222 define(`ALIAS_FILE', `a,b') 223 to get "a" and "b" both listed as alias files; 224 otherwise the define() primitive only sees "a"). 225HELP_FILE [/usr/lib/sendmail.hf] The name of the file 226 containing information printed in response to 227 the SMTP HELP command. 228QUEUE_DIR [/var/spool/mqueue] The directory containing 229 queue files. 230STATUS_FILE [/etc/sendmail.st] The file containing status 231 information. 232LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 233LOCAL_MAILER_FLAGS [rmn9] The flags used by the local mailer. The 234 flags lsDFM are always included. 235LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 236 mail. 237LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 238 mail that you are willing to accept. 239LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 240 that ARRIVE from an address that resolves to the 241 local mailer and which are converted to MIME will be 242 labeled with this character set. 243LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 244LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 245 flags lsDFM are always included. 246LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 247 mail. 248LOCAL_SHELL_DIR [$z:/] The directory search path in which the 249 shell should run. 250USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 251 used to submit news. 252USENET_MAILER_FLAGS [rlsDFMmn] The mailer flags for the usenet mailer. 253USENET_MAILER_ARGS [-m -h -n] The command line arguments for the 254 usenet mailer. 255USENET_MAILER_MAX [100000] The maximum size of messages that will 256 be accepted by the usenet mailer. 257SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 258 flags are `mDFMUX' for all SMTP-based mailers; the 259 "esmtp" mailer adds `a' and "smtp8" adds `8'. 260SMTP_MAILER_MAX [undefined] The maximum size of messages that will 261 be transported using the smtp, smtp8, or esmtp 262 mailers. 263SMTP_MAILER_ARGS [IPC $h] The arguments passed to the smtp mailer. 264 About the only reason you would want to change this 265 would be to change the default port. 266ESMTP_MAILER_ARGS [IPC $h] The arguments passed to the esmtp mailer. 267SMTP8_MAILER_ARGS [IPC $h] The arguments passed to the smtp8 mailer. 268RELAY_MAILER_ARGS [IPC $h] The arguments passed to the relay mailer. 269SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 270 that ARRIVE from an address that resolves to one of 271 the SMTP mailers and which are converted to MIME will 272 be labeled with this character set. 273UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 274UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 275 flags are `DFMhuU' (and `m' for uucp-new mailer, 276 minus `U' for uucp-dom mailer). 277UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 278 passed to the UUCP mailer. 279UUCP_MAILER_MAX [100000] The maximum size message accepted for 280 transmission by the UUCP mailers. 281UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 282 that ARRIVE from an address that resolves to one of 283 the UUCP mailers and which are converted to MIME will 284 be labeled with this character set. 285FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 286 submit FAX messages. 287FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 288 mailer. 289FAX_MAILER_MAX [100000] The maximum size message accepted for 290 transmission by FAX. 291POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 292POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags "lsDFM" 293 are always added. 294POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 295PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 296 program. This is also used by FEATURE(local_procmail). 297PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 298 ``DFM'' are always set. This is NOT used by 299 FEATURE(local_procmail); tweak LOCAL_MAILER_FLAGS 300 instead. 301PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 302 the Procmail mailer. This is NOT used by 303 FEATURE(local_procmail); tweak LOCAL_MAILER_ARGS 304 instead. 305PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 306 will be accepted by the procmail mailer. 307MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 308MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 309MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 310 mailer. 311PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 312 program. 313PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. 314PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 315CYRUS_MAILER_FLAGS [A5@/:|] The flags used by the cyrus mailer. The 316 flags lsDFMnPq are always included. 317CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 318 cyrus mail. 319CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 320 to deliver cyrus mail. 321CYRUS_MAILER_MAX [undefined] If set, the maximum size message that 322 will be accepted by the cyrus mailer. 323CYRUS_MAILER_USER [cyrus:mail] The user and group to become when 324 running the cyrus mailer. 325CYRUS_BB_MAILER_FLAGS [undefined] The flags used by the cyrusbb 326 mailer. The flags lsDFMnP are always included. 327CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 328 to deliver cyrusbb mail. 329confEBINDIR [/usr/libexec] The directory for executables. 330 Currently used for FEATURE(local_lmtp) and 331 FEATURE(smrsh). 332 333 334 335+---------+ 336| DOMAINS | 337+---------+ 338 339You will probably want to collect domain-dependent defines into one 340file, referenced by the DOMAIN macro. For example, our Berkeley 341domain file includes definitions for several internal distinguished 342hosts: 343 344UUCP_RELAY The host that will accept UUCP-addressed email. 345 If not defined, all UUCP sites must be directly 346 connected. 347BITNET_RELAY The host that will accept BITNET-addressed email. 348 If not defined, the .BITNET pseudo-domain won't work. 349DECNET_RELAY The host that will accept DECNET-addressed email. 350 If not defined, the .DECNET pseudo-domain and addresses 351 of the form node::user will not work. 352FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 353 The "fax" mailer overrides this value. 354LOCAL_RELAY DEPRECATED. The site that will handle unqualified 355 names -- that is, names with out an @domain extension. 356 If not set, they are assumed to belong on this machine. 357 This allows you to have a central site to store a 358 company- or department-wide alias database. This 359 only works at small sites, and only with some user 360 agents. 361LUSER_RELAY The site that will handle lusers -- that is, apparently 362 local names that aren't local accounts or aliases. 363 364Any of these can be either ``mailer:hostname'' (in which case the 365mailer is the internal mailer name, such as ``uucp-new'' and the hostname 366is the name of the host as appropriate for that mailer) or just a 367``hostname'', in which case a default mailer type (usually ``relay'', 368a variant on SMTP) is used. WARNING: if you have a wildcard MX 369record matching your domain, you probably want to define these to 370have a trailing dot so that you won't get the mail diverted back 371to yourself. 372 373The domain file can also be used to define a domain name, if needed 374(using "DD<domain>") and set certain site-wide features. If all hosts 375at your site masquerade behind one email name, you could also use 376MASQUERADE_AS here. 377 378You do not have to define a domain -- in particular, if you are a 379single machine sitting off somewhere, it is probably more work than 380it's worth. This is just a mechanism for combining "domain dependent 381knowledge" into one place. 382 383+---------+ 384| MAILERS | 385+---------+ 386 387There are fewer mailers supported in this version than the previous 388version, owing mostly to a simpler world. As a general rule, put the 389MAILER definitions last in your .mc file, and always put MAILER(smtp) 390before MAILER(uucp) -- several features and definitions will modify 391the definition of mailers, and the smtp mailer modifies the UUCP 392mailer. 393 394local The local and prog mailers. You will almost always 395 need these; the only exception is if you relay ALL 396 your mail to another site. This mailer is included 397 automatically. 398 399smtp The Simple Mail Transport Protocol mailer. This does 400 not hide hosts behind a gateway or another other 401 such hack; it assumes a world where everyone is 402 running the name server. This file actually defines 403 four mailers: "smtp" for regular (old-style) SMTP to 404 other servers, "esmtp" for extended SMTP to other 405 servers, "smtp8" to do SMTP to other servers without 406 converting 8-bit data to MIME (essentially, this is 407 your statement that you know the other end is 8-bit 408 clean even if it doesn't say so), and "relay" for 409 transmission to our RELAY_HOST, LUSER_RELAY, or 410 MAILER_HUB. 411 412uucp The Unix-to-Unix Copy Program mailer. Actually, this 413 defines two mailers, "uucp-old" (a.k.a. "uucp") and 414 "uucp-new" (a.k.a. "suucp"). The latter is for when you 415 know that the UUCP mailer at the other end can handle 416 multiple recipients in one transfer. If the smtp mailer 417 is also included in your configuration, two other mailers 418 ("uucp-dom" and "uucp-uudom") are also defined [warning: 419 you MUST specify MAILER(smtp) before MAILER(uucp)]. When you 420 include the uucp mailer, sendmail looks for all names in 421 the $=U class and sends them to the uucp-old mailer; all 422 names in the $=Y class are sent to uucp-new; and all 423 names in the $=Z class are sent to uucp-uudom. Note that 424 this is a function of what version of rmail runs on 425 the receiving end, and hence may be out of your control. 426 See the section below describing UUCP mailers in more 427 detail. 428 429usenet Usenet (network news) delivery. If this is specified, 430 an extra rule is added to ruleset 0 that forwards all 431 local email for users named ``group.usenet'' to the 432 ``inews'' program. Note that this works for all groups, 433 and may be considered a security problem. 434 435fax Facsimile transmission. This is experimental and based 436 on Sam Leffler's HylaFAX software. For more information, 437 see http://www.vix.com/hylafax/. 438 439pop Post Office Protocol. 440 441procmail An interface to procmail (does not come with sendmail). 442 This is designed to be used in mailertables. For example, 443 a common question is "how do I forward all mail for a given 444 domain to a single person?". If you have this mailer 445 defined, you could set up a mailertable reading: 446 447 host.com procmail:/etc/procmailrcs/host.com 448 449 with the file /etc/procmailrcs/host.com reading: 450 451 :0 # forward mail for host.com 452 ! -oi -f $1 person@other.host 453 454 This would arrange for (anything)@host.com to be sent 455 to person@other.host. Within the procmail script, $1 is 456 the name of the sender and $2 is the name of the recipient. 457 If you use this with FEATURE(local_procmail), the FEATURE 458 should be listed first. 459 460mail11 The DECnet mail11 mailer, useful only if you have the mail11 461 program from gatekeeper.dec.com:/pub/DEC/gwtools (and 462 DECnet, of course). This is for Phase IV DECnet support; 463 if you have Phase V at your site you may have additional 464 problems. 465 466phquery The phquery program. This is somewhat counterintuitively 467 referenced as the "ph" mailer internally. It can be used 468 to do CCSO name server lookups. The phquery program, which 469 this mailer uses, is distributed with the ph client. 470 471cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 472 a local cyrus user. this mailer can make use of the 473 "user+detail@local.host" syntax; it will deliver the mail to 474 the user's "detail" mailbox if the mailbox's ACL permits. 475 The cyrusbb mailer delivers to a system-wide cyrus mailbox 476 if the mailbox's ACL permits. 477 478 479The local mailer accepts addresses of the form "user+detail", where 480the "+detail" is not used for mailbox matching but is available 481to certain local mail programs (in particular, see FEATURE(local_procmail)). 482For example, "eric", "eric+sendmail", and "eric+sww" all indicate 483the same user, but additional arguments <null>, "sendmail", and "sww" 484may be provided for use in sorting mail. 485 486 487+----------+ 488| FEATURES | 489+----------+ 490 491Special features can be requested using the "FEATURE" macro. For 492example, the .mc line: 493 494 FEATURE(use_cw_file) 495 496tells sendmail that you want to have it read an /etc/sendmail.cw 497file to get values for class $=w. The FEATURE may contain a single 498optional parameter -- for example: 499 500 FEATURE(mailertable, dbm /usr/lib/mailertable) 501 502The default database map type for the table features can be set with 503 504 define(`DATABASE_MAP_TYPE', `dbm') 505 506which would set it to use ndbm databases. The default is the Berkeley DB 507hash database format. Note that you must still declare a database map type 508if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 509if no argument is given for the FEATURE. 510 511Available features are: 512 513use_cw_file Read the file /etc/sendmail.cw file to get alternate 514 names for this host. This might be used if you were 515 on a host that MXed for a dynamic set of other 516 hosts. If the set is static, just including the line 517 "Cw<name1> <name2> ..." (where the names are fully 518 qualified domain names) is probably superior. 519 The actual filename can be overridden by redefining 520 confCW_FILE. 521 522use_ct_file Read the file /etc/sendmail.ct file to get the names 523 of users that will be ``trusted'', that is, able to 524 set their envelope from address using -f without 525 generating a warning message. 526 The actual filename can be overridden by redefining 527 confCT_FILE. 528 529redirect Reject all mail addressed to "address.REDIRECT" with 530 a ``551 User not local; please try <address>'' message. 531 If this is set, you can alias people who have left 532 to their new address with ".REDIRECT" appended. 533 534nouucp Don't do anything special with UUCP addresses at all. 535 536nocanonify Don't pass addresses to $[ ... $] for canonification. 537 This would generally only be used by sites that only 538 act as mail gateways or which have user agents that do 539 full canonification themselves. You may also want to 540 use "define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')" to 541 turn off the usual resolver options that do a similar 542 thing. 543 544stickyhost If set, email sent to "user@local.host" are marked 545 as "sticky" -- that is, the local addresses aren't 546 matched against UDB and don't go through ruleset 5. 547 This is used if you want a set up where "user" is 548 not necessarily the same as "user@local.host", e.g., 549 to make a distinct domain-wide namespace. Prior to 550 8.7 this was the default, and notsticky was used to 551 turn this off. 552 553mailertable Include a "mailer table" which can be used to override 554 routing for particular domains. The argument of the 555 FEATURE may be the key definition. If none is specified, 556 the definition used is: 557 hash -o /etc/mailertable 558 Keys in this database are fully qualified domain names 559 or partial domains preceded by a dot -- for example, 560 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". 561 Values must be of the form: 562 mailer:domain 563 where "mailer" is the internal mailer name, and "domain" 564 is where to send the message. These maps are not 565 reflected into the message header. As a special case, 566 the forms: 567 local:user 568 will forward to the indicated user using the local mailer, 569 local: 570 will forward to the original user in the e-mail address 571 using the local mailer, and 572 error:code message 573 will give an error message with the indicated code and 574 message. 575 576domaintable Include a "domain table" which can be used to provide 577 domain name mapping. Use of this should really be 578 limited to your own domains. It may be useful if you 579 change names (e.g., your company changes names from 580 oldname.com to newname.com). The argument of the 581 FEATURE may be the key definition. If none is specified, 582 the definition used is: 583 hash -o /etc/domaintable 584 The key in this table is the domain name; the value is 585 the new (fully qualified) domain. Anything in the 586 domaintable is reflected into headers; that is, this 587 is done in ruleset 3. 588 589bitdomain Look up bitnet hosts in a table to try to turn them into 590 internet addresses. The table can be built using the 591 bitdomain program contributed by John Gardiner Myers. 592 The argument of the FEATURE may be the key definition; if 593 none is specified, the definition used is: 594 hash -o /etc/bitdomain.db 595 Keys are the bitnet hostname; values are the corresponding 596 internet hostname. 597 598uucpdomain Similar feature for UUCP hosts. The default map definition 599 is: 600 hash -o /etc/uudomain.db 601 At the moment there is no automagic tool to build this 602 database. 603 604always_add_domain 605 Include the local host domain even on locally delivered 606 mail. Normally it is not added on unqualified names. 607 However, if you use a shared message store but do not use 608 the same user name space everywhere, you may need the host 609 name on local names. 610 611allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 612 feature will cause recipient addresses to also masquerade 613 as being from the masquerade host. Normally they get 614 the local hostname. Although this may be right for 615 ordinary users, it can break local aliases. For example, 616 if you send to "localalias", the originating sendmail will 617 find that alias and send to all members, but send the 618 message with "To: localalias@masqueradehost". Since that 619 alias likely does not exist, replies will fail. Use this 620 feature ONLY if you can guarantee that the ENTIRE 621 namespace on your masquerade host supersets all the 622 local entries. 623 624limited_masquerade 625 Normally, any hosts listed in $=w are masqueraded. If this 626 feature is given, only the hosts listed in $=M are masqueraded. 627 This is useful if you have several domains with disjoint 628 namespaces hosted on the same machine. 629 630masquerade_entire_domain 631 If masquerading is enabled (using MASQUERADE_AS) and 632 MASQUERADE_DOMAIN (see below) is set, this feature will 633 cause addresses to be rewritten such that the masquerading 634 domains are actually entire domains to be hidden. All 635 hosts within the masquerading domains will be rewritten 636 to the masquerade name (used in MASQUERADE_AS). For example, 637 if you have: 638 639 MASQUERADE_AS(masq.com) 640 MASQUERADE_DOMAIN(foo.org) 641 MASQUERADE_DOMAIN(bar.com) 642 643 then *foo.org and *bar.com are converted to masq.com. Without 644 this feature, only foo.org and bar.com are masqueraded. 645 646 NOTE: only domains within your jurisdiction and 647 current hierarchy should be masqueraded using this. 648 649genericstable This feature will cause certain addresses originating locally 650 (i.e. that are unqualified) or a domain listed in $=G to be 651 looked up in a map and turned into another ("generic") form, 652 which can change both the domain name and the user name. This 653 is similar to the userdb functionality. The same types of 654 addresses as for masquerading are looked up, i.e. only header 655 sender addresses unless the allmasquerade and/or 656 masquerade_envelope features are given. Qualified addresses 657 must have the domain part in the list of names given by the 658 by the macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE 659 (analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, 660 see below). 661 662 The argument of FEATURE(genericstable) may be the map 663 definition; the default map definition is: 664 665 hash -o /etc/genericstable 666 667 The key for this table is either the full address or the 668 unqualified username (the former is tried first); the 669 value is the new user address. If the new user address does 670 not include a domain, it will be qualified in the standard 671 manner, i.e. using $j or the masquerade name. Note that the 672 address being looked up must be fully qualified. For local 673 mail, it is necessary to use FEATURE(always_add_domain) for 674 the addresses to be qualified. 675 676virtusertable A domain-specific form of aliasing, allowing multiple 677 virtual domains to be hosted on one machine. For example, 678 if the virtuser table contained: 679 680 info@foo.com foo-info 681 info@bar.com bar-info 682 @baz.org jane@elsewhere.net 683 684 then mail addressed to info@foo.com will be sent to the 685 address foo-info, mail addressed to info@bar.com will be 686 delivered to bar-info, and mail addressed to anyone at 687 baz.org will be sent to jane@elsewhere.net. The username 688 from the original address is passed as %1 allowing: 689 690 @foo.org %1@elsewhere.com 691 692 meaning someone@foo.org will be sent to someone@elsewhere.com. 693 694 All the host names on the left hand side (foo.com, bar.com, 695 and baz.org) must be in $=w. The default map definition is: 696 697 hash -o /etc/virtusertable 698 699 A new definition can be specified as the second argument of 700 the FEATURE macro, such as 701 702 FEATURE(virtusertable, dbm -o /etc/mail/virtusers) 703 704nodns We aren't running DNS at our site (for example, 705 we are UUCP-only connected). It's hard to consider 706 this a "feature", but hey, it had to go somewhere. 707 Actually, as of 8.7 this is a no-op -- remove "dns" from 708 the hosts service switch entry instead. 709 710nullclient This is a special case -- it creates a stripped down 711 configuration file containing nothing but support for 712 forwarding all mail to a central hub via a local 713 SMTP-based network. The argument is the name of that 714 hub. 715 716 The only other feature that should be used in conjunction 717 with this one is "nocanonify" (this causes addresses to 718 be sent unqualified via the SMTP connection; normally 719 they are qualified with the masquerade name, which 720 defaults to the name of the hub machine). No mailers 721 should be defined. No aliasing or forwarding is done. 722 723local_lmtp Use an LMTP capable local mailer. The argument to this 724 feature is the pathname of an LMTP capable mailer. By 725 default, mail.local is used. This is expected to be the 726 mail.local which came with the 8.9 distribution which is 727 LMTP capable. The path to mail.local is set by the 728 confEBINDIR m4 variable -- making the default 729 LOCAL_MAILER_PATH /usr/libexec/mail.local. 730 731local_procmail Use procmail as the local mailer. This mailer can 732 make use of the "user+indicator@local.host" syntax; 733 normally the +indicator is just tossed, but by default 734 it is passed as the -a argument to procmail. The 735 argument to this feature is the pathname of procmail, 736 which defaults to PROCMAIL_MAILER_PATH. Note that this 737 does NOT use PROCMAIL_MAILER_FLAGS or PROCMAIL_MAILER_ARGS 738 for the local mailer; tweak LOCAL_MAILER_FLAGS and 739 LOCAL_MAILER_ARGS instead. 740 741bestmx_is_local Accept mail as though locally addressed for any host that 742 lists us as the best possible MX record. This generates 743 additional DNS traffic, but should be OK for low to 744 medium traffic hosts. The argument may be a set of 745 domains, which will limit the feature to only apply to 746 these domains -- this will reduce unnecessary DNS 747 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 748 WILDCARD MX RECORDS!!! If you have a wildcard MX record 749 that matches your domain, you cannot use this feature. 750 751smrsh Use the SendMail Restricted SHell (smrsh) provided 752 with the distribution instead of /bin/sh for mailing 753 to programs. This improves the ability of the local 754 system administrator to control what gets run via 755 e-mail. If an argument is provided it is used as the 756 pathname to smrsh; otherwise, the path defined by 757 confEBINDIR is used for the smrsh binary -- by default, 758 /usr/libexec/smrsh is assumed. 759 760promiscuous_relay 761 By default, the sendmail configuration files do not permit 762 mail relaying (that is, accepting mail from outside your 763 domain and sending it to another host outside your domain). 764 This option sets your site to allow mail relaying from any 765 site to any site. In general, it is better to control the 766 relaying more carefully with the access db and the 'R' 767 class ($=R). Domains can be added to class 'R' by the 768 macros RELAY_DOMAIN or RELAY_DOMAIN_FILE (analogously to 769 MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 770 771relay_entire_domain 772 By default, only hosts listed as RELAY in the access db 773 will be allowed to relay. This option also allows any 774 host in your domain as defined by the 'm' class ($=m). 775 776relay_hosts_only 777 By default, names that are listed as RELAY in the access 778 db and class 'R' ($=R) are domain names, not host names. 779 For example, if you specify ``foo.com'', then mail to or 780 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 781 will all be accepted for relaying. This feature changes 782 the behaviour to lookup individual host names only. 783 784relay_based_on_MX 785 Turns on the ability to allow relaying based on the MX 786 records of the host portion of an incoming recipient. See 787 description below for more information before using this 788 feature. 789 790relay_local_from 791 Allows relaying if the domain portion of the mail sender 792 is a local host. This should only be used if absolutely 793 necessary as it opens a window for spammers. 794 795accept_unqualified_senders 796 Normally, MAIL FROM: commands in the SMTP session will be 797 refused if the connection is a network connection and the 798 sender address does not include a domain name. If your 799 setup sends local mail unqualified (i.e. MAIL FROM: <joe>), 800 you will need to use this feature to accept unqualified 801 sender addresses. 802 803accept_unresolvable_domains 804 Normally, MAIL FROM: commands in the SMTP session will be 805 refused if the host part of the argument to MAIL FROM: cannot 806 be located in the host name service (e.g., DNS). If you are 807 inside a firewall that has only a limited view of the 808 Internet host name space, this could cause problems. In this 809 case you probably want to use this feature to accept all 810 domains on input, even if they are unresolvable. 811 812access_db Turns on the access database feature. The access db gives 813 you the ability to allow or refuse to accept mail from 814 specified domains for administrative reasons. By default, 815 the access database specification is 816 ``hash -o /etc/mail/access''. The format of the 817 database is described below. 818 819blacklist_recipients 820 Turns on the ability to block incoming mail for certain 821 recipient usernames, hostnames, or addresses. For 822 example, you can block incoming mail to user nobody, 823 host foo.mydomain.com, or guest@bar.mydomain.com. 824 These specifications are put in the access db as 825 described below. 826 827rbl Turns on rejection of hosts found in the Realtime Blackhole 828 List. If an argument is provided it is used as the 829 name sever to contact; otherwise, the main RBL server at 830 rbl.maps.vix.com is used. For details, see 831 http://maps.vix.com/rbl/. 832 833loose_relay_check 834 Normally, if a recipient using % addressing is used, e.g. 835 user%site@othersite, and othersite is in class 'R', the 836 check_rcpt ruleset will strip @othersite and recheck 837 user@site for relaying. This feature changes that 838 behavior. It should not be needed for most installations. 839 840 841+-------+ 842| HACKS | 843+-------+ 844 845Some things just can't be called features. To make this clear, 846they go in the hack subdirectory and are referenced using the HACK 847macro. These will tend to be site-dependent. The release 848includes the Berkeley-dependent "cssubdomain" hack (that makes 849sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 850this is intended as a short-term aid while we move hosts into 851subdomains. 852 853 854+--------------------+ 855| SITE CONFIGURATION | 856+--------------------+ 857 858 ***************************************************** 859 * This section is really obsolete, and is preserved * 860 * only for back compatibility. You should plan on * 861 * using mailertables for new installations. In * 862 * particular, it doesn't work for the newer forms * 863 * of UUCP mailers, such as uucp-uudom. * 864 ***************************************************** 865 866Complex sites will need more local configuration information, such as 867lists of UUCP hosts they speak with directly. This can get a bit more 868tricky. For an example of a "complex" site, see cf/ucbvax.mc. 869 870If your host is known by several different names, you need to augment 871the $=w class. This is a list of names by which you are known, and 872anything sent to an address using a host name in this list will be 873treated as local mail. You can do this in two ways: either create 874the file /etc/sendmail.cw containing a list of your aliases (one per 875line), and use ``FEATURE(use_cw_file)'' in the .mc file, or add the 876line: 877 878 Cw alias.host.name 879 880at the end of that file. See the ``vangogh.mc'' file for an example. 881Be sure you use the fully-qualified name of the host, rather than a 882short name. 883 884The SITECONFIG macro allows you to indirectly reference site-dependent 885configuration information stored in the siteconfig subdirectory. For 886example, the line 887 888 SITECONFIG(uucp.ucbvax, ucbvax, U) 889 890reads the file uucp.ucbvax for local connection information. The 891second parameter is the local name (in this case just "ucbvax" since 892it is locally connected, and hence a UUCP hostname). The third 893parameter is the name of both a macro to store the local name (in 894this case, $U) and the name of the class (e.g., $=U) in which to store 895the host information read from the file. Another SITECONFIG line reads 896 897 SITECONFIG(uucp.ucbarpa, ucbarpa.Berkeley.EDU, W) 898 899This says that the file uucp.ucbarpa contains the list of UUCP sites 900connected to ucbarpa.Berkeley.EDU. The $=W class will be used to 901store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 902is, the name of the relay to which the hosts listed in uucp.ucbarpa 903are connected. [The machine ucbarpa is gone now, but I've left 904this out-of-date configuration file around to demonstrate how you 905might do this.] 906 907Note that the case of SITECONFIG with a third parameter of ``U'' is 908special; the second parameter is assumed to be the UUCP name of the 909local site, rather than the name of a remote site, and the UUCP name 910is entered into $=w (the list of local hostnames) as $U.UUCP. 911 912The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 913more than a sequence of SITE macros describing connectivity. For 914example: 915 916 SITE(cnmat) 917 SITE(sgi olympus) 918 919The second example demonstrates that you can use two names on the 920same line; these are usually aliases for the same host (or are at 921least in the same company). 922 923 924+--------------------+ 925| USING UUCP MAILERS | 926+--------------------+ 927 928It's hard to get UUCP mailers right because of the extremely ad hoc 929nature of UUCP addressing. These config files are really designed 930for domain-based addressing, even for UUCP sites. 931 932There are four UUCP mailers available. The choice of which one to 933use is partly a matter of local preferences and what is running at 934the other end of your UUCP connection. Unlike good protocols that 935define what will go over the wire, UUCP uses the policy that you 936should do what is right for the other end; if they change, you have 937to change. This makes it hard to do the right thing, and discourages 938people from updating their software. In general, if you can avoid 939UUCP, please do. 940 941The major choice is whether to go for a domainized scheme or a 942non-domainized scheme. This depends entirely on what the other 943end will recognize. If at all possible, you should encourage the 944other end to go to a domain-based system -- non-domainized addresses 945don't work entirely properly. 946 947The four mailers are: 948 949 uucp-old (obsolete name: "uucp") 950 This is the oldest, the worst (but the closest to UUCP) way of 951 sending messages accros UUCP connections. It does bangify 952 everything and prepends $U (your UUCP name) to the sender's 953 address (which can already be a bang path itself). It can 954 only send to one address at a time, so it spends a lot of 955 time copying duplicates of messages. Avoid this if at all 956 possible. 957 958 uucp-new (obsolete name: "suucp") 959 The same as above, except that it assumes that in one rmail 960 command you can specify several recipients. It still has a 961 lot of other problems. 962 963 uucp-dom 964 This UUCP mailer keeps everything as domain addresses. 965 Basically, it uses the SMTP mailer rewriting rules. This mailer 966 is only included if MAILER(smtp) is also specified. 967 968 Unfortunately, a lot of UUCP mailer transport agents require 969 bangified addresses in the envelope, although you can use 970 domain-based addresses in the message header. (The envelope 971 shows up as the From_ line on UNIX mail.) So.... 972 973 uucp-uudom 974 This is a cross between uucp-new (for the envelope addresses) 975 and uucp-dom (for the header addresses). It bangifies the 976 envelope sender (From_ line in messages) without adding the 977 local hostname, unless there is no host name on the address 978 at all (e.g., "wolf") or the host component is a UUCP host name 979 instead of a domain name ("somehost!wolf" instead of 980 "some.dom.ain!wolf"). This is also included only if MAILER(smtp) 981 is also specified. 982 983Examples: 984 985We are on host grasp.insa-lyon.fr (UUCP host name "grasp"). The 986following summarizes the sender rewriting for various mailers. 987 988Mailer sender rewriting in the envelope 989------ ------ ------------------------- 990uucp-{old,new} wolf grasp!wolf 991uucp-dom wolf wolf@grasp.insa-lyon.fr 992uucp-uudom wolf grasp.insa-lyon.fr!wolf 993 994uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 995uucp-dom wolf@fr.net wolf@fr.net 996uucp-uudom wolf@fr.net fr.net!wolf 997 998uucp-{old,new} somehost!wolf grasp!somehost!wolf 999uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1000uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1001 1002If you are using one of the domainized UUCP mailers, you really want 1003to convert all UUCP addresses to domain format -- otherwise, it will 1004do it for you (and probably not the way you expected). For example, 1005if you have the address foo!bar!baz (and you are not sending to foo), 1006the heuristics will add the @uucp.relay.name or @local.host.name to 1007this address. However, if you map foo to foo.host.name first, it 1008will not add the local hostname. You can do this using the uucpdomain 1009feature. 1010 1011 1012+-------------------+ 1013| TWEAKING RULESETS | 1014+-------------------+ 1015 1016For more complex configurations, you can define special rules. 1017The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1018the names. Any modifications made here are reflected in the header. 1019 1020A common use is to convert old UUCP addresses to SMTP addresses using 1021the UUCPSMTP macro. For example: 1022 1023 LOCAL_RULE_3 1024 UUCPSMTP(decvax, decvax.dec.com) 1025 UUCPSMTP(research, research.att.com) 1026 1027will cause addresses of the form "decvax!user" and "research!user" 1028to be converted to "user@decvax.dec.com" and "user@research.att.com" 1029respectively. 1030 1031This could also be used to look up hosts in a database map: 1032 1033 LOCAL_RULE_3 1034 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1035 1036This map would be defined in the LOCAL_CONFIG portion, as shown below. 1037 1038Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1039For example, new rules are needed to parse hostnames that you accept 1040via MX records. For example, you might have: 1041 1042 LOCAL_RULE_0 1043 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1044 1045You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1046pointing at this host; this rule catches the message and forwards it on 1047using UUCP. 1048 1049You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1050These rulesets are normally empty. 1051 1052A similar macro is LOCAL_CONFIG. This introduces lines added after the 1053boilerplate option setting but before rulesets, and can be used to 1054declare local database maps or whatever. For example: 1055 1056 LOCAL_CONFIG 1057 Khostmap hash /etc/hostmap.db 1058 Kyplocal nis -m hosts.byname 1059 1060 1061+---------------------------+ 1062| MASQUERADING AND RELAYING | 1063+---------------------------+ 1064 1065You can have your host masquerade as another using 1066 1067 MASQUERADE_AS(host.domain) 1068 1069This causes mail being sent to be labeled as coming from the 1070indicated host.domain, rather than $j. One normally masquerades as 1071one of one's own subdomains (for example, it's unlikely that I would 1072choose to masquerade as an MIT site). This behaviour is modified by 1073a plethora of FEATUREs; in particular, see masquerade_envelope, 1074allmasquerade, limited_masquerade, and masquerade_entire_domain. 1075 1076The masquerade name is not normally canonified, so it is important 1077that it be your One True Name, that is, fully qualified and not a 1078CNAME. However, if you use a CNAME, the receiving side may canonify 1079it for you, so don't think you can cheat CNAME mapping this way. 1080 1081Normally the only addresses that are masqueraded are those that come 1082from this host (that is, are either unqualified or in $=w, the list 1083of local domain names). You can augment this list using 1084 1085 MASQUERADE_DOMAIN(otherhost.domain) 1086 1087The effect of this is that although mail to user@otherhost.domain 1088will not be delivered locally, any mail including any user@otherhost.domain 1089will, when relayed, be rewritten to have the MASQUERADE_AS address. 1090This can be a space-separated list of names. 1091 1092If these names are in a file, you can use 1093 1094 MASQUERADE_DOMAIN_FILE(filename) 1095 1096to read the list of names from the indicated file. 1097 1098Normally only header addresses are masqueraded. If you want to 1099masquerade the envelope as well, use 1100 1101 FEATURE(masquerade_envelope) 1102 1103There are always users that need to be "exposed" -- that is, their 1104internal site name should be displayed instead of the masquerade name. 1105Root is an example. You can add users to this list using 1106 1107 EXPOSED_USER(usernames) 1108 1109This adds users to class E; you could also use something like 1110 1111 FE/etc/sendmail.cE 1112 1113You can also arrange to relay all unqualified names (that is, names 1114without @host) to a relay host. For example, if you have a central 1115email server, you might relay to that host so that users don't have 1116to have .forward files or aliases. You can do this using 1117 1118 define(`LOCAL_RELAY', mailer:hostname) 1119 1120The ``mailer:'' can be omitted, in which case the mailer defaults to 1121"relay". There are some user names that you don't want relayed, perhaps 1122because of local aliases. A common example is root, which may be 1123locally aliased. You can add entries to this list using 1124 1125 LOCAL_USER(usernames) 1126 1127This adds users to class L; you could also use something like 1128 1129 FL/etc/sendmail.cL 1130 1131If you want all incoming mail sent to a centralized hub, as for a 1132shared /var/spool/mail scheme, use 1133 1134 define(`MAIL_HUB', mailer:hostname) 1135 1136Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1137and MAIL_HUB _AND_ you have FEATURE(stickyhost), unqualified names will 1138be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1139Names in $=L will be delivered locally, so you MUST have aliases or 1140.forward files for them. 1141 1142For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1143FEATURE(stickyhost), the following combinations of settings will have the 1144indicated effects: 1145 1146email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1147 1148LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1149mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1150 1151MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1152mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1153 1154Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1155MAIL_HUB set as above (no local aliasing) (aliasing done) 1156 1157If you do not have FEATURE(stickyhost) set, then LOCAL_RELAY and 1158MAIL_HUB act identically, with MAIL_HUB taking precedence. 1159 1160If you want all outgoing mail to go to a central relay site, define 1161SMART_HOST as well. Briefly: 1162 1163 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1164 MAIL_HUB applies to names qualified with the name of the 1165 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1166 SMART_HOST applies to names qualified with other hosts. 1167 1168However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1169DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1170really want absolutely everything to go to a single central site you will 1171need to unset all the other relays -- or better yet, find or build a 1172minimal config file that does this. 1173 1174For duplicate suppression to work properly, the host name is best 1175specified with a terminal dot: 1176 1177 define(`MAIL_HUB', `host.domain.') 1178 note the trailing dot ---^ 1179 1180 1181+---------------------------------+ 1182| ANTI-SPAM CONFIGURATION CONTROL | 1183+---------------------------------+ 1184 1185The primary anti-spam features available in sendmail are: 1186 1187* Relaying is denied by default. 1188* Better checking on sender information. 1189* Access database. 1190* Header checks. 1191 1192Relaying (transmission of messages from a site outside your domain to 1193another site outside your domain) is denied by default. Note that 1194this changed in sendmail 8.9; previous versions allowed relaying by 1195default. If you want to revert to the old behaviour, you will need 1196to use FEATURE(promiscuous_relay). You can allow certain domains to 1197relay through your server by adding their domain name or IP address to 1198class 'R' ($=R) using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the 1199access database (described below). 1200 1201If you use 1202 1203 FEATURE(relay_entire_domain) 1204 1205then any host in any of your local domains (that is, the $=m class) 1206will be relayed. 1207 1208You can also allow relaying based on the MX records of the host 1209portion of an incoming recipient address by using 1210 1211 FEATURE(relay_based_on_MX) 1212 1213For example, if your server receives a recipient of user@domain.com 1214and domain.com lists your server in its MX records, the mail will be 1215accepted. Note that this will stop spammers from using your host to 1216relay spam but it will not stop outsiders from using your server as a 1217relay for their site. Along the same lines, 1218 1219 FEATURE(relay_local_from) 1220 1221will allow relaying if the sender specifies a return path (i.e. 1222MAIL FROM: <user@domain>) domain which is a local domain. This a 1223dangerous feature as it will allow spammers to spam using your mail 1224server by simply specifying a return address of user@your.domain.com. 1225It should not be used unless absolutely necessary. 1226 1227If source routing is used in the recipient address (i.e. 1228RCPT TO: <user%site.com@othersite.com>), sendmail will check 1229user@site.com for relaying if othersite.com is an allowed relay host 1230in either class 'R', class 'm' if FEATURE(relay_entire_domain) is used, 1231or the access database if FEATURE(access_db) is used. To prevent 1232the address from being stripped down, use: 1233 1234 FEATURE(loose_relay_check) 1235 1236If you think you need to use this feature, you probably do not. This 1237should only be used for sites which have no control over the addresses 1238that they provide a gateway for. Use this FEATURE with caution as it 1239can allow spammers to relay through your server if not setup properly. 1240 1241As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 1242an unresolvable domain (i.e., one that DNS, your local name service, 1243or special case rules in ruleset 3 cannot locate). If you want to 1244continue to accept such domains, e.g. because you are inside a 1245firewall that has only a limited view of the Internet host name space 1246(note that you will not be able to return mail to them unless you have 1247some "smart host" forwarder), use 1248 1249 FEATURE(accept_unresolvable_domains) 1250 1251sendmail will also refuse mail if the MAIL FROM: parameter is not 1252fully qualified (i.e., contains a domain as well as a user). If you 1253want to continue to accept such senders, use 1254 1255 FEATURE(accept_unqualified_senders) 1256 1257An ``access'' database can be created to accept or reject mail from 1258selected domains. For example, you may choose to reject all mail 1259originating from known spammers. To enable such a database, use 1260 1261 FEATURE(access_db) 1262 1263The FEATURE macro can accept a second parameter giving the key file 1264definition for the database; for example 1265 1266 FEATURE(access_db, hash -o /etc/mail/access) 1267 1268The table itself uses e-mail addresses, domain names, and network 1269numbers as keys. For example, 1270 1271 spammer@aol.com REJECT 1272 cyberspammer.com REJECT 1273 206.117.147 REJECT 1274 1275would refuse mail from spammer@aol.com, any user from cyberspammer.com 1276(or any host within the cyberspammer.com domain), and any host on the 1277206.117.147.* network. 1278 1279The value part of the map can contain: 1280 1281 OK accept mail even if other rules in the 1282 running ruleset would reject it. 1283 RELAY Allow domain to relay through your SMTP 1284 server. RELAY also serves an implicit 1285 OK for the other checks. 1286 REJECT reject the sender/recipient with a general 1287 purpose message. 1288 DISCARD discard the message completely using 1289 the $#discard mailer 1290 ### any text where ### is an RFC 821 compliant error code 1291 and "any text" is a message to return for 1292 the command. 1293 1294For example: 1295 1296 cyberspammer.com 550 We don't accept mail from spammers 1297 okay.cyberspammer.com OK 1298 sendmail.org OK 1299 128.32 RELAY 1300 1301would accept mail from okay.cyberspammer.com, but would reject mail 1302from all other hosts at cyberspammer.com with the indicated message. 1303It would allow accept mail from any hosts in the sendmail.org domain, 1304and allow relaying for the 128.32.*.* network. Note, UUCP users may 1305need to add hostname.UUCP to the access database or class 'R' ($=R). 1306If you also use: 1307 1308 FEATURE(relay_hosts_only) 1309 1310then the above example will allow relaying for sendmail.org, but not 1311hosts within the sendmail.org domain. Note that this will also require 1312hosts listed in class 'R' ($=R) to be fully qualified host names. 1313 1314You can also use the access database to block sender addresses based on 1315the username portion of the address. For example: 1316 1317 FREE.STEALTH.MAILER@ 550 Spam not accepted 1318 1319Note that you must include the @ after the username to signify that 1320this database entry is for checking only the username portion of the 1321sender address. 1322 1323If you use: 1324 1325 FEATURE(blacklist_recipients) 1326 1327then you can add entries to the map for local users, hosts in your 1328domains, or addresses in your domain which should not receive mail: 1329 1330 badlocaluser 550 Mailbox disabled for this username 1331 host.mydomain.com 550 That host does not accept mail 1332 user@otherhost.mydomain.com 550 Mailbox disabled for this recipient 1333 1334This would prevent a recipient of badlocaluser@mydomain.com, any 1335user at host.mydomain.com, and the single address 1336user@otherhost.mydomain.com from receiving mail. 1337 1338There is also a ``Realtime Blackhole List'' run by the MAPS project 1339at http://maps.vix.com/. This is a database maintained in DNS of 1340spammers. To use this database, use 1341 1342 FEATURE(rbl) 1343 1344This will cause sendmail to reject mail from any site in the 1345Realtime Blackhole List database. You can specify an alternative 1346RBL name server to contact by specifying an argument to the FEATURE. 1347 1348The features described above make use of the check_relay, check_mail, 1349and check_rcpt rulesets. If you wish to include your own checks, 1350you can put your checks in the rulesets Local_check_relay, 1351Local_check_mail, and Local_check_rcpt. For example if you wanted to 1352block senders with all numeric usernames (i.e. 2312343@bigisp.com), 1353you would use Local_check_mail and the new regex map: 1354 1355 LOCAL_CONFIG 1356 Kallnumbers regex -a@MATCH ^[0-9]+$ 1357 1358 LOCAL_RULESETS 1359 SLocal_check_mail 1360 # check address against various regex checks 1361 R$* $: $>Parse0 $>3 $1 1362 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 1363 R@MATCH $#error $: 553 Header Error 1364 1365These rules are called with the original arguments of the corresponding 1366check_* ruleset. If the local ruleset returns $#OK, no further checking 1367is done by the features described above and the mail is accepted. If the 1368local ruleset resolves to a mailer (such as $#error or $#discard), the 1369appropriate action is taken. Otherwise, the results of the local 1370rewriting are ignored. 1371 1372 1373You can also reject mail on the basis of the contents of headers. 1374This is done by adding a ruleset call to the 'H' header definition command 1375in sendmail.cf. For example, this can be used to check the validity of 1376a Message-ID: header: 1377 1378 LOCAL_RULESETS 1379 HMessage-Id: $>CheckMessageId 1380 1381 SCheckMessageId 1382 R< $+ @ $+ > $@ OK 1383 R$* $#error $: 553 Header Error 1384 1385 1386+--------------------------------+ 1387| ADDING NEW MAILERS OR RULESETS | 1388+--------------------------------+ 1389 1390Sometimes you may need to add entirely new mailers or rulesets. They 1391should be introduced with the constructs MAILER_DEFINITIONS and 1392LOCAL_RULESETS respectively. For example: 1393 1394 MAILER_DEFINITIONS 1395 Mmymailer, ... 1396 ... 1397 1398 LOCAL_RULESETS 1399 Smyruleset 1400 ... 1401 1402 1403+-------------------------------+ 1404| NON-SMTP BASED CONFIGURATIONS | 1405+-------------------------------+ 1406 1407These configuration files are designed primarily for use by SMTP-based 1408sites. I don't pretend that they are well tuned for UUCP-only or 1409UUCP-primarily nodes (the latter is defined as a small local net 1410connected to the rest of the world via UUCP). However, there is one 1411hook to handle some special cases. 1412 1413You can define a ``smart host'' that understands a richer address syntax 1414using: 1415 1416 define(`SMART_HOST', mailer:hostname) 1417 1418In this case, the ``mailer:'' defaults to "relay". Any messages that 1419can't be handled using the usual UUCP rules are passed to this host. 1420 1421If you are on a local SMTP-based net that connects to the outside 1422world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 1423For example: 1424 1425 define(`SMART_HOST', suucp:uunet) 1426 LOCAL_NET_CONFIG 1427 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 1428 1429This will cause all names that end in your domain name ($m) via 1430SMTP; anything else will be sent via suucp (smart UUCP) to uunet. 1431If you have FEATURE(nocanonify), you may need to omit the dots after 1432the $m. If you are running a local DNS inside your domain which is 1433not otherwise connected to the outside world, you probably want to 1434use: 1435 1436 define(`SMART_HOST', smtp:fire.wall.com) 1437 LOCAL_NET_CONFIG 1438 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 1439 1440That is, send directly only to things you found in your DNS lookup; 1441anything else goes through SMART_HOST. 1442 1443You may need to turn off the anti-spam rules in order to accept 1444UUCP mail with FEATURE(promiscuous_relay) and 1445FEATURE(accept_unresolvable_domains). 1446 1447 1448+-----------+ 1449| WHO AM I? | 1450+-----------+ 1451 1452Normally, the $j macro is automatically defined to be your fully 1453qualified domain name (FQDN). Sendmail does this by getting your 1454host name using gethostname and then calling gethostbyname on the 1455result. For example, in some environments gethostname returns 1456only the root of the host name (such as "foo"); gethostbyname is 1457supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 1458cases, gethostbyname may fail to return the FQDN. In this case 1459you MUST define confDOMAIN_NAME to be your fully qualified domain 1460name. This is usually done using: 1461 1462 Dmbar.com 1463 define(`confDOMAIN_NAME', `$w.$m')dnl 1464 1465 1466+--------------------+ 1467| USING MAILERTABLES | 1468+--------------------+ 1469 1470To use FEATURE(mailertable), you will have to create an external 1471database containing the routing information for various domains. 1472For example, a mailertable file in text format might be: 1473 1474 .my.domain xnet:%1.my.domain 1475 uuhost1.my.domain suucp:uuhost1 1476 .bitnet smtp:relay.bit.net 1477 1478This should normally be stored in /etc/mailertable. The actual 1479database version of the mailertable is built using: 1480 1481 makemap hash /etc/mailertable.db < /etc/mailertable 1482 1483The semantics are simple. Any LHS entry that does not begin with 1484a dot matches the full host name indicated. LHS entries beginning 1485with a dot match anything ending with that domain name -- that is, 1486they can be thought of as having a leading "*" wildcard. Matching 1487is done in order of most-to-least qualified -- for example, even 1488though ".my.domain" is listed first in the above example, an entry 1489of "uuhost1.my.domain" will match the second entry since it is 1490more explicit. 1491 1492The RHS should always be a "mailer:host" pair. The mailer is the 1493configuration name of a mailer (that is, an `M' line in the 1494sendmail.cf file). The "host" will be the hostname passed to 1495that mailer. In domain-based matches (that is, those with leading 1496dots) the "%1" may be used to interpolate the wildcarded part of 1497the host name. For example, the first line above sends everything 1498addressed to "anything.my.domain" to that same host name, but using 1499the (presumably experimental) xnet mailer. 1500 1501In some cases you may want to temporarily turn off MX records, 1502particularly on gateways. For example, you may want to MX 1503everything in a domain to one machine that then forwards it 1504directly. To do this, you might use the DNS configuration: 1505 1506 *.domain. IN MX 0 relay.machine 1507 1508and on relay.machine use the mailertable: 1509 1510 .domain smtp:[gateway.domain] 1511 1512The [square brackets] turn off MX records for this host only. 1513If you didn't do this, the mailertable would use the MX record 1514again, which would give you an MX loop. 1515 1516 1517+--------------------------------+ 1518| USING USERDB TO MAP FULL NAMES | 1519+--------------------------------+ 1520 1521The user database was not originally intended for mapping full names 1522to login names (e.g., Eric.Allman => eric), but some people are using 1523it that way. (I would recommend that you set up aliases for this 1524purpose instead -- since you can specify multiple alias files, this 1525is fairly easy.) The intent was to locate the default maildrop at 1526a site, but allow you to override this by sending to a specific host. 1527 1528If you decide to set up the user database in this fashion, it is 1529imperative that you not use FEATURE(stickyhost) -- otherwise, 1530e-mail sent to Full.Name@local.host.name will be rejected. 1531 1532To build the internal form of the user database, use: 1533 1534 makemap btree /usr/data/base.db < /usr/data/base.txt 1535 1536As a general rule, I am adamantly opposed to using full names as 1537e-mail addresses, since they are not in any sense unique. For example, 1538the Unix software-development community has two Andy Tannenbaums, 1539at least two well-known Peter Deutsches, and at one time Bell Labs 1540had two Stephen R. Bournes with offices along the same hallway. 1541Which one will be forced to suffer the indignity of being 1542Stephen_R_Bourne_2? The less famous of the two, or the one that 1543was hired later? 1544 1545Finger should handle full names (and be fuzzy). Mail should use 1546handles, and not be fuzzy. [Not that I expect anyone to pay any 1547attention to my opinions.] 1548 1549 1550+--------------------------------+ 1551| MISCELLANEOUS SPECIAL FEATURES | 1552+--------------------------------+ 1553 1554Plussed users 1555 Sometimes it is convenient to merge configuration on a 1556 centralized mail machine, for example, to forward all 1557 root mail to a mail server. In this case it might be 1558 useful to be able to treat the root addresses as a class 1559 of addresses with subtle differences. You can do this 1560 using plussed users. For example, a client might include 1561 the alias: 1562 1563 root: root+client1@server 1564 1565 On the server, this will match an alias for "root+client1". 1566 If that is not found, the alias "root+*" will be tried, 1567 then "root". 1568 1569LDAP 1570 For notes on use LDAP in sendmail, see 1571 http://www.stanford.edu/~bbense/Inst.html 1572 1573 1574 1575+----------------+ 1576| SECURITY NOTES | 1577+----------------+ 1578 1579A lot of sendmail security comes down to you. Sendmail 8 is much 1580more careful about checking for security problems than previous 1581versions, but there are some things that you still need to watch 1582for. In particular: 1583 1584* Make sure the aliases file isn't writable except by trusted 1585 system personnel. This includes both the text and database 1586 version. 1587 1588* Make sure that other files that sendmail reads, such as the 1589 mailertable, are only writable by trusted system personnel. 1590 1591* The queue directory should not be world writable PARTICULARLY 1592 if your system allows "file giveaways" (that is, if a non-root 1593 user can chown any file they own to any other user). 1594 1595* If your system allows file giveaways, DO NOT create a publically 1596 writable directory for forward files. This will allow anyone 1597 to steal anyone else's e-mail. Instead, create a script that 1598 copies the .forward file from users' home directories once a 1599 night (if you want the non-NFS-mounted forward directory). 1600 1601* If your system allows file giveaways, you'll find that 1602 sendmail is much less trusting of :include: files -- in 1603 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 1604 /etc/shells before they will be trusted (that is, before 1605 files and programs listed in them will be honored). 1606 1607In general, file giveaways are a mistake -- if you can turn them 1608off I recommend you do so. 1609 1610 1611+--------------------------------+ 1612| TWEAKING CONFIGURATION OPTIONS | 1613+--------------------------------+ 1614 1615There are a large number of configuration options that don't normally 1616need to be changed. However, if you feel you need to tweak them, you 1617can define the following M4 variables. This list is shown in four 1618columns: the name you define, the default value for that definition, 1619the option or macro that is affected (either Ox for an option or Dx 1620for a macro), and a brief description. Greater detail of the semantics 1621can be found in the Installation and Operations Guide. 1622 1623Some options are likely to be deprecated in future versions -- that is, 1624the option is only included to provide back-compatibility. These are 1625marked with "*". 1626 1627Remember that these options are M4 variables, and hence may need to 1628be quoted. In particular, arguments with commas will usually have to 1629be ``double quoted, like this phrase'' to avoid having the comma 1630confuse things. This is common for alias file definitions and for 1631the read timeout. 1632 1633M4 Variable Name Configuration Description & [Default] 1634================ ============= ======================= 1635confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 1636 for internally generated outgoing 1637 messages. 1638confDOMAIN_NAME $j macro If defined, sets $j. This should 1639 only be done if your system cannot 1640 determine your local domain name, 1641 and then it should be set to 1642 $w.Foo.COM, where Foo.COM is your 1643 domain name. 1644confCF_VERSION $Z macro If defined, this is appended to the 1645 configuration version name. 1646confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 1647 internally generated From: address. 1648confRECEIVED_HEADER Received: 1649 [$?sfrom $s $.$?_($?s$|from $.$_) 1650 $.by $j ($v/$Z)$?r with $r$. id $i$?u 1651 for $u; $|; 1652 $.$b] 1653 The format of the Received: header 1654 in messages passed through this host. 1655 It is unwise to try to change this. 1656confCW_FILE Fw class [/etc/sendmail.cw] Name of file used 1657 to get the local additions to the $=w 1658 (local host names) class. 1659confCT_FILE Ft class [/etc/sendmail.ct] Name of file used 1660 to get the local additions to the $=t 1661 (trusted users) class. 1662confCR_FILE FR class [/etc/mail/relay-domains] Name of 1663 file used to get the local additions 1664 to the $=R (hosts allowed to relay) 1665 class. 1666confTRUSTED_USERS Ct class [no default] Names of users to add to 1667 the list of trusted users. This list 1668 always includes root, uucp, and daemon. 1669 See also FEATURE(use_ct_file). 1670confSMTP_MAILER - [esmtp] The mailer name used when 1671 SMTP connectivity is required. 1672 One of "smtp", "smtp8", or "esmtp". 1673confUUCP_MAILER - [uucp-old] The mailer to be used by 1674 default for bang-format recipient 1675 addresses. See also discussion of 1676 $=U, $=Y, and $=Z in the MAILER(uucp) 1677 section. 1678confLOCAL_MAILER - [local] The mailer name used when 1679 local connectivity is required. 1680 Almost always "local". 1681confRELAY_MAILER - [relay] The default mailer name used 1682 for relaying any mail (e.g., to a 1683 BITNET_RELAY, a SMART_HOST, or 1684 whatever). This can reasonably be 1685 "uucp-new" if you are on a 1686 UUCP-connected site. 1687confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 1688confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 1689confALIAS_WAIT AliasWait [10m] Time to wait for alias file 1690 rebuild until you get bored and 1691 decide that the apparently pending 1692 rebuild failed. 1693confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 1694 queue filesystem to accept SMTP mail. 1695 (Prior to 8.7 this was minfree/maxsize, 1696 where minfree was the number of free 1697 blocks and maxsize was the maximum 1698 message size. Use confMAX_MESSAGE_SIZE 1699 for the second value now.) 1700confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 1701 that will be accepted (in bytes). 1702confBLANK_SUB BlankSub [.] Blank (space) substitution 1703 character. 1704confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 1705 to mailers marked expensive? 1706confCHECKPOINT_INTERVAL CheckpointInterval 1707 [10] Checkpoint queue files every N 1708 recipients. 1709confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 1710confAUTO_REBUILD AutoRebuildAliases 1711 [False] Automatically rebuild alias 1712 file if needed. 1713confERROR_MODE ErrorMode [print] Error message mode. 1714confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 1715confSAVE_FROM_LINES SafeFromLine Save extra leading From_ lines. 1716confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 1717confMATCH_GECOS MatchGECOS [False] Match GECOS field. 1718confMAX_HOP MaxHopCount [25] Maximum hop count. 1719confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd mode] 1720 Ignore dot as terminator for incoming 1721 messages? 1722confBIND_OPTS ResolverOptions [undefined] Default options for DNS 1723 resolver. 1724confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 1725 encapsulated messages per RFC 1344. 1726confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 1727 The colon-separated list of places to 1728 search for .forward files. N.B.: see 1729 the Security Notes section. 1730confMCI_CACHE_SIZE ConnectionCacheSize 1731 [2] Size of open connection cache. 1732confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 1733 [5m] Open connection cache timeout. 1734confHOST_STATUS_DIRECTORY HostStatusDirectory 1735 [undefined] If set, host status is kept 1736 on disk between sendmail runs in the 1737 named directory tree. This need not be 1738 a full pathname, in which case it is 1739 interpreted relative to the queue 1740 directory. 1741confSINGLE_THREAD_DELIVERY SingleThreadDelivery 1742 [False] If this option and the 1743 HostStatusDirectory option are both 1744 set, single thread deliveries to other 1745 hosts. That is, don't allow any two 1746 sendmails on this host to connect 1747 simultaneously to any other single 1748 host. This can slow down delivery in 1749 some cases, in particular since a 1750 cached but otherwise idle connection 1751 to a host will prevent other sendmails 1752 from connecting to the other host. 1753confUSE_ERRORS_TO* UserErrorsTo [False] Use the Errors-To: header to 1754 deliver error messages. This should 1755 not be necessary because of general 1756 acceptance of the envelope/header 1757 distinction. 1758confLOG_LEVEL LogLevel [9] Log level. 1759confME_TOO MeToo [False] Include sender in group 1760 expansions. 1761confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 1762 running newaliases. Since this does 1763 DNS lookups on every address, it can 1764 slow down the alias rebuild process 1765 considerably on large alias files. 1766confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 1767 special chars are old style. 1768confDAEMON_OPTIONS DaemonPortOptions 1769 [none] SMTP daemon options. 1770confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 1771confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 1772 copies of all error messages. 1773confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 1774confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 1775 syntax addresses to the minimum 1776 possible. 1777confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 1778 before forking. 1779confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 1780 on the initial connect. 1781confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 1782 connect() to complete. This can only 1783 shorten connection timeouts; the kernel 1784 silently enforces an absolute maximum 1785 (which varies depending on the system). 1786confTO_ICONNECT Timeout.iconnect 1787 [undefined] Like Timeout.connect, but 1788 applies only to the very first attempt 1789 to connect to a host in a message. 1790 This allows a single very fast pass 1791 followed by more careful delivery 1792 attempts in the future. 1793confTO_HELO Timeout.helo [5m] The timeout waiting for a response 1794 to a HELO or EHLO command. 1795confTO_MAIL Timeout.mail [10m] The timeout waiting for a 1796 response to the MAIL command. 1797confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 1798 to the RCPT command. 1799confTO_DATAINIT Timeout.datainit 1800 [5m] The timeout waiting for a 354 1801 response from the DATA command. 1802confTO_DATABLOCK Timeout.datablock 1803 [1h] The timeout waiting for a block 1804 during DATA phase. 1805confTO_DATAFINAL Timeout.datafinal 1806 [1h] The timeout waiting for a response 1807 to the final "." that terminates a 1808 message. 1809confTO_RSET Timeout.rset [5m] The timeout waiting for a response 1810 to the RSET command. 1811confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 1812 to the QUIT command. 1813confTO_MISC Timeout.misc [2m] The timeout waiting for a response 1814 to other SMTP commands. 1815confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout waiting 1816 for a command to be issued. 1817confTO_IDENT Timeout.ident [30s] The timeout waiting for a response 1818 to an IDENT query. 1819confTO_FILEOPEN Timeout.fileopen 1820 [60s] The timeout waiting for a file 1821 (e.g., :include: file) to be opened. 1822confTO_QUEUERETURN Timeout.queuereturn 1823 [5d] The timeout before a message is 1824 returned as undeliverable. 1825confTO_QUEUERETURN_NORMAL 1826 Timeout.queuereturn.normal 1827 [undefined] As above, for normal 1828 priority messages. 1829confTO_QUEUERETURN_URGENT 1830 Timeout.queuereturn.urgent 1831 [undefined] As above, for urgent 1832 priority messages. 1833confTO_QUEUERETURN_NONURGENT 1834 Timeout.queuereturn.non-urgent 1835 [undefined] As above, for non-urgent 1836 (low) priority messages. 1837confTO_QUEUEWARN Timeout.queuewarn 1838 [4h] The timeout before a warning 1839 message is sent to the sender telling 1840 them that the message has been deferred. 1841confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 1842 [undefined] As above, for normal 1843 priority messages. 1844confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 1845 [undefined] As above, for urgent 1846 priority messages. 1847confTO_QUEUEWARN_NONURGENT 1848 Timeout.queuewarn.non-urgent 1849 [undefined] As above, for non-urgent 1850 (low) priority messages. 1851confTO_HOSTSTATUS Timeout.hoststatus 1852 [30m] How long information about host 1853 statuses will be maintained before it 1854 is considered stale and the host should 1855 be retried. This applies both within 1856 a single queue run and to persistent 1857 information (see below). 1858confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 1859 USE_SYSTEM to use the system's idea, 1860 USE_TZ to use the user's TZ envariable, 1861 or something else to force that value. 1862confDEF_USER_ID DefaultUser [1:1] Default user id. 1863confUSERDB_SPEC UserDatabaseSpec 1864 [undefined] User database specification. 1865confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 1866confTRY_NULL_MX_LIST TryNullMXList [False] If we are the best MX for a 1867 host and haven't made other 1868 arrangements, try connecting to the 1869 host directly; normally this would be 1870 a config error. 1871confQUEUE_LA QueueLA [8] Load average at which queue-only 1872 function kicks in. 1873confREFUSE_LA RefuseLA [12] Load average at which incoming 1874 SMTP connections are refused. 1875confMAX_DAEMON_CHILDREN MaxDaemonChildren 1876 [undefined] The maximum number of 1877 children the daemon will permit. After 1878 this number, connections will be 1879 rejected. If not set or <= 0, there is 1880 no limit. 1881confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 1882 [undefined] The maximum number of 1883 connections permitted per second. 1884 After this many connections are 1885 accepted, further connections will be 1886 delayed. If not set or <= 0, there is 1887 no limit. 1888confWORK_RECIPIENT_FACTOR 1889 RecipientFactor [30000] Cost of each recipient. 1890confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a separate 1891 process. 1892confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 1893confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 1894confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 1895 Priority, Host, or Time. 1896confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 1897 must sit in the queue between queue 1898 runs. This allows you to set the 1899 queue run interval low for better 1900 responsiveness without trying all 1901 jobs in each run. 1902confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 1903 unlabeled 8 bit input to MIME, the 1904 character set to use by default. 1905confSERVICE_SWITCH_FILE ServiceSwitchFile 1906 [/etc/service.switch] The file to use 1907 for the service switch on systems that 1908 do not have a system-defined switch. 1909confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 1910 "file" type access of hosts names. 1911confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 1912 long and try again. Zero means "don't 1913 retry". This is to allow "dial on 1914 demand" connections to have enough time 1915 to complete a connection. 1916confNO_RCPT_ACTION NoRecipientAction 1917 [none] What to do if there are no legal 1918 recipient fields (To:, Cc: or Bcc:) 1919 in the message. Legal values can 1920 be "none" to just leave the 1921 nonconforming message as is, "add-to" 1922 to add a To: header with all the 1923 known recipients (which may expose 1924 blind recipients), "add-apparently-to" 1925 to do the same but use Apparently-To: 1926 instead of To:, "add-bcc" to add an 1927 empty Bcc: header, or 1928 "add-to-undisclosed" to add the header 1929 ``To: undisclosed-recipients:;''. 1930confSAFE_FILE_ENV SafeFileEnvironment 1931 [undefined] If set, sendmail will do a 1932 chroot() into this directory before 1933 writing files. 1934confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 1935 If set, colons are treated as a regular 1936 character in addresses. If not set, 1937 they are treated as the introducer to 1938 the RFC 822 "group" syntax. Colons are 1939 handled properly in route-addrs. This 1940 option defaults on for V5 and lower 1941 configuration files. 1942confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 1943 any given queue run to this number of 1944 entries. Essentially, this will stop 1945 reading the queue directory after this 1946 number of entries are reached; it does 1947 _not_ pick the highest priority jobs, 1948 so this should be as large as your 1949 system can tolerate. If not set, there 1950 is no limit. 1951confDONT_EXPAND_CNAMES DontExpandCnames 1952 [False] If set, $[ ... $] lookups that 1953 do DNS based lookups do not expand 1954 CNAME records. This currently violates 1955 the published standards, but the IETF 1956 seems to be moving toward legalizing 1957 this. For example, if "FTP.Foo.ORG" 1958 is a CNAME for "Cruft.Foo.ORG", then 1959 with this option set a lookup of 1960 "FTP" will return "FTP.Foo.ORG"; if 1961 clear it returns "Cruft.FOO.ORG". N.B. 1962 you may not see any effect until your 1963 downstream neighbors stop doing CNAME 1964 lookups as well. 1965confFROM_LINE UnixFromLine [From $g $d] The From_ line used 1966 when sending to files or programs. 1967confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 1968 [False] From: lines that have 1969 embedded newlines are unwrapped 1970 onto one line. 1971confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 1972 does not include a host name. 1973confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 1974 name phrase (@,;:\()[] are automatic). 1975confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 1976 characters. 1977confSMTP_LOGIN_MSG SmtpGreetingMessage 1978 [$j Sendmail $v/$Z; $b] 1979 The initial (spontaneous) SMTP 1980 greeting message. The word "ESMTP" 1981 will be inserted between the first and 1982 second words to convince other 1983 sendmails to try to speak ESMTP. 1984confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 1985 routine will never be invoked. You 1986 might want to do this if you are 1987 running NIS and you have a large group 1988 map, since this call does a sequential 1989 scan of the map; in a large site this 1990 can cause your ypserv to run 1991 essentially full time. If you set 1992 this, agents run on behalf of users 1993 will only have their primary 1994 (/etc/passwd) group permissions. 1995confUNSAFE_GROUP_WRITES UnsafeGroupWrites 1996 [False] If set, group-writable 1997 :include: and .forward files are 1998 considered "unsafe", that is, programs 1999 and files cannot be directly referenced 2000 from such files. World-writable files 2001 are always considered unsafe. 2002confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 2003 [postmaster] If an error occurs when 2004 sending an error message, send that 2005 "double bounce" error message to this 2006 address. 2007confRUN_AS_USER RunAsUser [undefined] If set, become this user 2008 when reading and delivering mail. 2009 Causes all file reads (e.g., .forward 2010 and :include: files) to be done as 2011 this user. Also, all programs will 2012 be run as this user, and all output 2013 files will be written as this user. 2014 Intended for use only on firewalls 2015 where users do not have accounts. 2016confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 2017 [infinite] If set, allow no more than 2018 the specified number of recipients in 2019 an SMTP envelope. Further recipients 2020 receive a 452 error code (i.e., they 2021 are deferred for the next delivery 2022 attempt). 2023confDONT_PROBE_INTERFACES DontProbeInterfaces 2024 [False] If set, sendmail will _not_ 2025 insert the names and addresses of any 2026 local interfaces into the $=w class 2027 (list of known "equivalent" addresses). 2028 If you set this, you must also include 2029 some support for these addresses (e.g., 2030 in a mailertable entry) -- otherwise, 2031 mail to addresses in this list will 2032 bounce with a configuration error. 2033confDONT_BLAME_SENDMAIL DontBlameSendmail 2034 [safe] Override sendmail's file 2035 safety checks. This will definitely 2036 compromise system security and should 2037 not be used unless absolutely 2038 necessary. 2039confREJECT_MSG - [550 Access denied] The message 2040 given if the access database contains 2041 REJECT in the value portion. 2042 2043See also the description of OSTYPE for some parameters that can be 2044tweaked (generally pathnames to mailers). 2045 2046 2047+-----------+ 2048| HIERARCHY | 2049+-----------+ 2050 2051Within this directory are several subdirectories, to wit: 2052 2053m4 General support routines. These are typically 2054 very important and should not be changed without 2055 very careful consideration. 2056 2057cf The configuration files themselves. They have 2058 ".mc" suffixes, and must be run through m4 to 2059 become complete. The resulting output should 2060 have a ".cf" suffix. 2061 2062ostype Definitions describing a particular operating 2063 system type. These should always be referenced 2064 using the OSTYPE macro in the .mc file. Examples 2065 include "bsd4.3", "bsd4.4", "sunos3.5", and 2066 "sunos4.1". 2067 2068domain Definitions describing a particular domain, referenced 2069 using the DOMAIN macro in the .mc file. These are 2070 site dependent; for example, "CS.Berkeley.EDU.m4" 2071 describes hosts in the CS.Berkeley.EDU subdomain. 2072 2073mailer Descriptions of mailers. These are referenced using 2074 the MAILER macro in the .mc file. 2075 2076sh Shell files used when building the .cf file from the 2077 .mc file in the cf subdirectory. 2078 2079feature These hold special orthogonal features that you might 2080 want to include. They should be referenced using 2081 the FEATURE macro. 2082 2083hack Local hacks. These can be referenced using the HACK 2084 macro. They shouldn't be of more than voyeuristic 2085 interest outside the .Berkeley.EDU domain, but who knows? 2086 We've all got our own peccadillos. 2087 2088siteconfig Site configuration -- e.g., tables of locally connected 2089 UUCP sites. 2090 2091 2092+------------------------+ 2093| ADMINISTRATIVE DETAILS | 2094+------------------------+ 2095 2096The following sections detail usage of certain internal parts of the 2097sendmail.cf file. Read them carefully if you are trying to modify 2098the current model. If you find the above descriptions adequate, these 2099should be {boring, confusing, tedious, ridiculous} (pick one or more). 2100 2101RULESETS (* means built in to sendmail) 2102 2103 0 * Parsing 2104 1 * Sender rewriting 2105 2 * Recipient rewriting 2106 3 * Canonicalization 2107 4 * Post cleanup 2108 5 * Local address rewrite (after aliasing) 2109 1x mailer rules (sender qualification) 2110 2x mailer rules (recipient qualification) 2111 3x mailer rules (sender header qualification) 2112 4x mailer rules (recipient header qualification) 2113 5x mailer subroutines (general) 2114 6x mailer subroutines (general) 2115 7x mailer subroutines (general) 2116 8x reserved 2117 90 Mailertable host stripping 2118 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 2119 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 2120 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 2121 99 Guaranteed null (for debugging) 2122 2123 2124MAILERS 2125 2126 0 local, prog local and program mailers 2127 1 [e]smtp, relay SMTP channel 2128 2 uucp-* UNIX-to-UNIX Copy Program 2129 3 netnews Network News delivery 2130 4 fax Sam Leffler's HylaFAX software 2131 5 mail11 DECnet mailer 2132 2133 2134MACROS 2135 2136 A 2137 B Bitnet Relay 2138 C DECnet Relay 2139 D The local domain -- usually not needed 2140 E reserved for X.400 Relay 2141 F FAX Relay 2142 G 2143 H mail Hub (for mail clusters) 2144 I 2145 J 2146 K 2147 L Luser Relay 2148 M Masquerade (who I claim to be) 2149 N 2150 O 2151 P 2152 Q 2153 R Relay (for unqualified names) 2154 S Smart Host 2155 T 2156 U my UUCP name (if I have a UUCP connection) 2157 V UUCP Relay (class V hosts) 2158 W UUCP Relay (class W hosts) 2159 X UUCP Relay (class X hosts) 2160 Y UUCP Relay (all other hosts) 2161 Z Version number 2162 2163 2164CLASSES 2165 2166 A 2167 B domains that are candidates for bestmx lookup 2168 C 2169 D 2170 E addresses that should not seem to come from $M 2171 F hosts we forward for 2172 G domains that should be looked up in genericstable 2173 H 2174 I 2175 J 2176 K 2177 L addresses that should not be forwarded to $R 2178 M domains that should be mapped to $M 2179 N 2180 O operators that indicate network operations (cannot be in local names) 2181 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 2182 Q 2183 R domains we are willing to relay (pass anti-spam filters) 2184 S 2185 T 2186 U locally connected UUCP hosts 2187 V UUCP hosts connected to relay $V 2188 W UUCP hosts connected to relay $W 2189 X UUCP hosts connected to relay $X 2190 Y locally connected smart UUCP hosts 2191 Z locally connected domain-ized UUCP hosts 2192 . the class containing only a dot 2193 [ the class containing only a left bracket 2194 2195 2196M4 DIVERSIONS 2197 2198 1 Local host detection and resolution 2199 2 Local Ruleset 3 additions 2200 3 Local Ruleset 0 additions 2201 4 UUCP Ruleset 0 additions 2202 5 locally interpreted names (overrides $R) 2203 6 local configuration (at top of file) 2204 7 mailer definitions 2205 8 2206 9 special local rulesets (1 and 2) 2207