README revision 42575
1 2 3 NEW SENDMAIL CONFIGURATION FILES 4 5 Eric Allman <eric@Sendmail.ORG> 6 7 @(#)README 8.184 (Berkeley) 12/29/1998 8 9 10This document describes the sendmail configuration files being used 11at Berkeley. These use features in the new (R8) sendmail; they will 12not work on other versions. 13 14These configuration files are probably not as general as previous 15versions, and don't handle as many of the weird cases automagically. 16I was able to simplify them for two reasons. First, the network 17has become more consistent -- for example, at this point, everyone 18on the internet is supposed to be running a name server, so hacks to 19handle NIC-registered hosts can go away. Second, I assumed that a 20subdomain would be running SMTP internally -- UUCP is presumed to be 21a long-haul protocol. I realize that this is not universal, but it 22does describe the vast majority of sites with which I am familiar, 23including those outside the US. 24 25Of course, the downside of this is that if you do live in a weird 26world, things are going to get weirder for you. I'm sorry about that, 27but at the time we at Berkeley had a problem, and it seemed like the 28right thing to do. 29 30This package requires a post-V7 version of m4; if you are running the 314.2bsd, SysV.2, or 7th Edition version, I suggest finding a friend with 32a newer version. You can m4-expand on their system, then run locally. 33SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work. GNU m4 version 1.1 34or later also works. Unfortunately, I'm told that the M4 on BSDI 1.0 35doesn't work -- you'll have to use a Net/2 or GNU version. GNU m4 is 36available from ftp://ftp.gnu.org/pub/gnu/m4-1.4.tar.gz (check for 37the latest version). EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken 38(3.x is fine). Use GNU m4 on this platform. 39 40IF YOU DON'T HAVE A BERKELEY MAKE, don't despair! Just run 41"m4 ../m4/cf.m4 foo.mc > foo.cf" -- that should be all you need. 42There is also a fairly crude (but functional) Makefile.dist that works 43on the old version of make. 44 45To get started, you may want to look at tcpproto.mc (for TCP-only 46sites), uucpproto.mc (for UUCP-only sites), and clientproto.mc (for 47clusters of clients using a single mail host). Others are versions 48that we use at Berkeley, although not all are in current use. For 49example, ucbvax has gone away, but I've left ucbvax.mc in because 50it demonstrates some interesting techniques. 51 52I'm not pretending that this README describes everything that these 53configuration files can do; clever people can probably tweak them 54to great effect. But it should get you started. 55 56******************************************************************* 57*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 58*** Berkeley-specific assumptions built in, such as the name *** 59*** of our UUCP-relay. You'll want to create your own domain *** 60*** description, and use that in place of *** 61*** domain/Berkeley.EDU.m4. *** 62******************************************************************* 63 64 65+--------------------------+ 66| INTRODUCTION AND EXAMPLE | 67+--------------------------+ 68 69Configuration files are contained in the subdirectory "cf", with a 70suffix ".mc". They must be run through "m4" to produce a ".cf" file. 71You must pre-load "cf.m4": 72 73 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 74 75where ${CFDIR} is the root of the cf directory and config.mc is the 76name of your configuration file. If you are running a version of M4 77that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 78this, but the versions distributed with 4.4BSD and derivatives do not) 79or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 80For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 81use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 82 83 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 84 85Let's examine a typical .mc file: 86 87 divert(-1) 88 # 89 # Copyright (c) 1998 Sendmail, Inc. All rights reserved. 90 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 91 # Copyright (c) 1988, 1993 92 # The Regents of the University of California. All rights reserved. 93 # 94 # By using this file, you agree to the terms and conditions set 95 # forth in the LICENSE file which can be found at the top level of 96 # the sendmail distribution. 97 # 98 99 # 100 # This is a Berkeley-specific configuration file for HP-UX 9.x. 101 # It applies only to the Computer Science Division at Berkeley, 102 # and should not be used elsewhere. It is provided on the sendmail 103 # distribution as a sample only. To create your own configuration 104 # file, create an appropriate domain file in ../domain, change the 105 # `DOMAIN' macro below to reference that file, and copy the result 106 # to a name of your own choosing. 107 # 108 divert(0) 109 110The divert(-1) will delete the crud in the resulting output file. 111The copyright notice can be replaced by whatever your lawyers require; 112our lawyers require the one that I've included in my files. A copyleft 113is a copyright by another name. The divert(0) restores regular output. 114 115 VERSIONID(`<SCCS or RCS version id>') 116 117VERSIONID is a macro that stuffs the version information into the 118resulting file. We use SCCS; you could use RCS, something else, or 119omit it completely. This is not the same as the version id included 120in SMTP greeting messages -- this is defined in m4/version.m4. 121 122 OSTYPE(hpux9)dnl 123 124You must specify an OSTYPE to properly configure things such as the 125pathname of the help and status files, the flags needed for the local 126mailer, and other important things. If you omit it, you will get an 127error when you try to build the configuration. Look at the ostype 128directory for the list of known operating system types. 129 130 DOMAIN(CS.Berkeley.EDU)dnl 131 132This example is specific to the Computer Science Division at Berkeley. 133You can use "DOMAIN(generic)" to get a sufficiently bland definition 134that may well work for you, or you can create a customized domain 135definition appropriate for your environment. 136 137 MAILER(local) 138 MAILER(smtp) 139 140These describe the mailers used at the default CS site site. The 141local mailer is always included automatically. Beware: MAILER 142declarations should always be at the end of the configuration file, 143and MAILER(smtp) should always precede MAILER(uucp). The general 144rules are that the order should be: 145 146 VERSIONID 147 OSTYPE 148 DOMAIN 149 FEATURE 150 local macro definitions 151 MAILER 152 LOCAL_RULESET_* 153 154 155+----------------------------+ 156| A BRIEF INTRODUCTION TO M4 | 157+----------------------------+ 158 159Sendmail uses the M4 macro processor to ``compile'' the configuration 160files. The most important thing to know is that M4 is stream-based, 161that is, it doesn't understand about lines. For this reason, in some 162places you may see the word ``dnl'', which stands for ``delete 163through newline''; essentially, it deletes all characters starting 164at the ``dnl'' up to and including the next newline character. In 165most cases sendmail uses this only to avoid lots of unnecessary 166blank lines in the output. 167 168Other important directives are define(A, B) which defines the macro 169``A'' to have value ``B''. Macros are expanded as they are read, so 170one normally quotes both values to prevent expansion. For example, 171 172 define(`SMART_HOST', `smart.foo.com') 173 174One word of warning: M4 macros are expanded even in lines that appear 175to be comments. For example, if you have 176 177 # See FEATURE(foo) above 178 179it will not do what you expect, because the FEATURE(foo) will be 180expanded. This also applies to 181 182 # And then define the $X macro to be the return address 183 184because ``define'' is an M4 keyword. If you want to use them, surround 185them with directed quotes, `like this'. 186 187+----------------+ 188| FILE LOCATIONS | 189+----------------+ 190 191sendmail 8.9 has introduced a new configuration directory for sendmail 192related files, /etc/mail. The new files available for sendmail 8.9 -- 193the class 'R' /etc/mail/relay-domains and the access database 194/etc/mail/access -- take advantage of this new directory. 8.9 will 195serve as a transition release. Beginning with 8.10, all of the files 196will use this directory by default. 197 198+--------+ 199| OSTYPE | 200+--------+ 201 202You MUST define an operating system environment, or the configuration 203file build will puke. There are several environments available; look 204at the "ostype" directory for the current list. This macro changes 205things like the location of the alias file and queue directory. Some 206of these files are identical to one another. 207 208It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 209In general, the OSTYPE macro should go immediately after any version 210information, and MAILER definitions should always go last. 211 212Operating system definitions are usually easy to write. They may define 213the following variables (everything defaults, so an ostype file may be 214empty). Unfortunately, the list of configuration-supported systems is 215not as broad as the list of source-supported systems, since many of 216the source contributors do not include corresponding ostype files. 217 218ALIAS_FILE [/etc/aliases] The location of the text version 219 of the alias file(s). It can be a comma-separated 220 list of names (but be sure you quote values with 221 commas in them -- for example, use 222 define(`ALIAS_FILE', `a,b') 223 to get "a" and "b" both listed as alias files; 224 otherwise the define() primitive only sees "a"). 225HELP_FILE [/usr/lib/sendmail.hf] The name of the file 226 containing information printed in response to 227 the SMTP HELP command. 228QUEUE_DIR [/var/spool/mqueue] The directory containing 229 queue files. 230STATUS_FILE [/etc/sendmail.st] The file containing status 231 information. 232LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 233LOCAL_MAILER_FLAGS [rmn9] The flags used by the local mailer. The 234 flags lsDFM are always included. 235LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 236 mail. 237LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 238 mail that you are willing to accept. 239LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 240 that ARRIVE from an address that resolves to the 241 local mailer and which are converted to MIME will be 242 labeled with this character set. 243LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 244LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 245 flags lsDFM are always included. 246LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 247 mail. 248LOCAL_SHELL_DIR [$z:/] The directory search path in which the 249 shell should run. 250USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 251 used to submit news. 252USENET_MAILER_FLAGS [rlsDFMmn] The mailer flags for the usenet mailer. 253USENET_MAILER_ARGS [-m -h -n] The command line arguments for the 254 usenet mailer. 255USENET_MAILER_MAX [100000] The maximum size of messages that will 256 be accepted by the usenet mailer. 257SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 258 flags are `mDFMUX' for all SMTP-based mailers; the 259 "esmtp" mailer adds `a' and "smtp8" adds `8'. 260SMTP_MAILER_MAX [undefined] The maximum size of messages that will 261 be transported using the smtp, smtp8, or esmtp 262 mailers. 263SMTP_MAILER_ARGS [IPC $h] The arguments passed to the smtp mailer. 264 About the only reason you would want to change this 265 would be to change the default port. 266ESMTP_MAILER_ARGS [IPC $h] The arguments passed to the esmtp mailer. 267SMTP8_MAILER_ARGS [IPC $h] The arguments passed to the smtp8 mailer. 268RELAY_MAILER_ARGS [IPC $h] The arguments passed to the relay mailer. 269SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 270 that ARRIVE from an address that resolves to one of 271 the SMTP mailers and which are converted to MIME will 272 be labeled with this character set. 273UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 274UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 275 flags are `DFMhuU' (and `m' for uucp-new mailer, 276 minus `U' for uucp-dom mailer). 277UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 278 passed to the UUCP mailer. 279UUCP_MAILER_MAX [100000] The maximum size message accepted for 280 transmission by the UUCP mailers. 281UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 282 that ARRIVE from an address that resolves to one of 283 the UUCP mailers and which are converted to MIME will 284 be labeled with this character set. 285FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 286 submit FAX messages. 287FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 288 mailer. 289FAX_MAILER_MAX [100000] The maximum size message accepted for 290 transmission by FAX. 291POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 292POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags "lsDFM" 293 are always added. 294POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 295PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 296 program. This is also used by FEATURE(local_procmail). 297PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 298 ``DFM'' are always set. This is NOT used by 299 FEATURE(local_procmail); tweak LOCAL_MAILER_FLAGS 300 instead. 301PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 302 the Procmail mailer. This is NOT used by 303 FEATURE(local_procmail); tweak LOCAL_MAILER_ARGS 304 instead. 305PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 306 will be accepted by the procmail mailer. 307MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 308MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 309MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 310 mailer. 311PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 312 program. 313PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. 314PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 315CYRUS_MAILER_FLAGS [A5@/:|] The flags used by the cyrus mailer. The 316 flags lsDFMnPq are always included. 317CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 318 cyrus mail. 319CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 320 to deliver cyrus mail. 321CYRUS_MAILER_MAX [undefined] If set, the maximum size message that 322 will be accepted by the cyrus mailer. 323CYRUS_MAILER_USER [cyrus:mail] The user and group to become when 324 running the cyrus mailer. 325CYRUS_BB_MAILER_FLAGS [undefined] The flags used by the cyrusbb 326 mailer. The flags lsDFMnP are always included. 327CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 328 to deliver cyrusbb mail. 329confEBINDIR [/usr/libexec] The directory for executables. 330 Currently used for FEATURE(local_lmtp) and 331 FEATURE(smrsh). 332 333 334 335+---------+ 336| DOMAINS | 337+---------+ 338 339You will probably want to collect domain-dependent defines into one 340file, referenced by the DOMAIN macro. For example, our Berkeley 341domain file includes definitions for several internal distinguished 342hosts: 343 344UUCP_RELAY The host that will accept UUCP-addressed email. 345 If not defined, all UUCP sites must be directly 346 connected. 347BITNET_RELAY The host that will accept BITNET-addressed email. 348 If not defined, the .BITNET pseudo-domain won't work. 349DECNET_RELAY The host that will accept DECNET-addressed email. 350 If not defined, the .DECNET pseudo-domain and addresses 351 of the form node::user will not work. 352FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 353 The "fax" mailer overrides this value. 354LOCAL_RELAY DEPRECATED. The site that will handle unqualified 355 names -- that is, names with out an @domain extension. 356 If not set, they are assumed to belong on this machine. 357 This allows you to have a central site to store a 358 company- or department-wide alias database. This 359 only works at small sites, and only with some user 360 agents. 361LUSER_RELAY The site that will handle lusers -- that is, apparently 362 local names that aren't local accounts or aliases. 363 364Any of these can be either ``mailer:hostname'' (in which case the 365mailer is the internal mailer name, such as ``uucp-new'' and the hostname 366is the name of the host as appropriate for that mailer) or just a 367``hostname'', in which case a default mailer type (usually ``relay'', 368a variant on SMTP) is used. WARNING: if you have a wildcard MX 369record matching your domain, you probably want to define these to 370have a trailing dot so that you won't get the mail diverted back 371to yourself. 372 373The domain file can also be used to define a domain name, if needed 374(using "DD<domain>") and set certain site-wide features. If all hosts 375at your site masquerade behind one email name, you could also use 376MASQUERADE_AS here. 377 378You do not have to define a domain -- in particular, if you are a 379single machine sitting off somewhere, it is probably more work than 380it's worth. This is just a mechanism for combining "domain dependent 381knowledge" into one place. 382 383+---------+ 384| MAILERS | 385+---------+ 386 387There are fewer mailers supported in this version than the previous 388version, owing mostly to a simpler world. As a general rule, put the 389MAILER definitions last in your .mc file, and always put MAILER(smtp) 390before MAILER(uucp) -- several features and definitions will modify 391the definition of mailers, and the smtp mailer modifies the UUCP 392mailer. 393 394local The local and prog mailers. You will almost always 395 need these; the only exception is if you relay ALL 396 your mail to another site. This mailer is included 397 automatically. 398 399smtp The Simple Mail Transport Protocol mailer. This does 400 not hide hosts behind a gateway or another other 401 such hack; it assumes a world where everyone is 402 running the name server. This file actually defines 403 four mailers: "smtp" for regular (old-style) SMTP to 404 other servers, "esmtp" for extended SMTP to other 405 servers, "smtp8" to do SMTP to other servers without 406 converting 8-bit data to MIME (essentially, this is 407 your statement that you know the other end is 8-bit 408 clean even if it doesn't say so), and "relay" for 409 transmission to our RELAY_HOST, LUSER_RELAY, or 410 MAILER_HUB. 411 412uucp The Unix-to-Unix Copy Program mailer. Actually, this 413 defines two mailers, "uucp-old" (a.k.a. "uucp") and 414 "uucp-new" (a.k.a. "suucp"). The latter is for when you 415 know that the UUCP mailer at the other end can handle 416 multiple recipients in one transfer. If the smtp mailer 417 is also included in your configuration, two other mailers 418 ("uucp-dom" and "uucp-uudom") are also defined [warning: 419 you MUST specify MAILER(smtp) before MAILER(uucp)]. When you 420 include the uucp mailer, sendmail looks for all names in 421 the $=U class and sends them to the uucp-old mailer; all 422 names in the $=Y class are sent to uucp-new; and all 423 names in the $=Z class are sent to uucp-uudom. Note that 424 this is a function of what version of rmail runs on 425 the receiving end, and hence may be out of your control. 426 See the section below describing UUCP mailers in more 427 detail. 428 429usenet Usenet (network news) delivery. If this is specified, 430 an extra rule is added to ruleset 0 that forwards all 431 local email for users named ``group.usenet'' to the 432 ``inews'' program. Note that this works for all groups, 433 and may be considered a security problem. 434 435fax Facsimile transmission. This is experimental and based 436 on Sam Leffler's HylaFAX software. For more information, 437 see http://www.vix.com/hylafax/. 438 439pop Post Office Protocol. 440 441procmail An interface to procmail (does not come with sendmail). 442 This is designed to be used in mailertables. For example, 443 a common question is "how do I forward all mail for a given 444 domain to a single person?". If you have this mailer 445 defined, you could set up a mailertable reading: 446 447 host.com procmail:/etc/procmailrcs/host.com 448 449 with the file /etc/procmailrcs/host.com reading: 450 451 :0 # forward mail for host.com 452 ! -oi -f $1 person@other.host 453 454 This would arrange for (anything)@host.com to be sent 455 to person@other.host. Within the procmail script, $1 is 456 the name of the sender and $2 is the name of the recipient. 457 If you use this with FEATURE(local_procmail), the FEATURE 458 should be listed first. 459 460mail11 The DECnet mail11 mailer, useful only if you have the mail11 461 program from gatekeeper.dec.com:/pub/DEC/gwtools (and 462 DECnet, of course). This is for Phase IV DECnet support; 463 if you have Phase V at your site you may have additional 464 problems. 465 466phquery The phquery program. This is somewhat counterintuitively 467 referenced as the "ph" mailer internally. It can be used 468 to do CCSO name server lookups. The phquery program, which 469 this mailer uses, is distributed with the ph client. 470 471cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 472 a local cyrus user. this mailer can make use of the 473 "user+detail@local.host" syntax; it will deliver the mail to 474 the user's "detail" mailbox if the mailbox's ACL permits. 475 The cyrusbb mailer delivers to a system-wide cyrus mailbox 476 if the mailbox's ACL permits. 477 478 479The local mailer accepts addresses of the form "user+detail", where 480the "+detail" is not used for mailbox matching but is available 481to certain local mail programs (in particular, see FEATURE(local_procmail)). 482For example, "eric", "eric+sendmail", and "eric+sww" all indicate 483the same user, but additional arguments <null>, "sendmail", and "sww" 484may be provided for use in sorting mail. 485 486 487+----------+ 488| FEATURES | 489+----------+ 490 491Special features can be requested using the "FEATURE" macro. For 492example, the .mc line: 493 494 FEATURE(use_cw_file) 495 496tells sendmail that you want to have it read an /etc/sendmail.cw 497file to get values for class $=w. The FEATURE may contain a single 498optional parameter -- for example: 499 500 FEATURE(mailertable, dbm /usr/lib/mailertable) 501 502The default database map type for the table features can be set with 503 504 define(`DATABASE_MAP_TYPE', `dbm') 505 506which would set it to use ndbm databases. The default is the Berkeley DB 507hash database format. Note that you must still declare a database map type 508if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 509if no argument is given for the FEATURE. 510 511Available features are: 512 513use_cw_file Read the file /etc/sendmail.cw file to get alternate 514 names for this host. This might be used if you were 515 on a host that MXed for a dynamic set of other 516 hosts. If the set is static, just including the line 517 "Cw<name1> <name2> ..." (where the names are fully 518 qualified domain names) is probably superior. 519 The actual filename can be overridden by redefining 520 confCW_FILE. 521 522use_ct_file Read the file /etc/sendmail.ct file to get the names 523 of users that will be ``trusted'', that is, able to 524 set their envelope from address using -f without 525 generating a warning message. 526 The actual filename can be overridden by redefining 527 confCT_FILE. 528 529redirect Reject all mail addressed to "address.REDIRECT" with 530 a ``551 User not local; please try <address>'' message. 531 If this is set, you can alias people who have left 532 to their new address with ".REDIRECT" appended. 533 534nouucp Don't do anything special with UUCP addresses at all. 535 536nocanonify Don't pass addresses to $[ ... $] for canonification. 537 This would generally only be used by sites that only 538 act as mail gateways or which have user agents that do 539 full canonification themselves. You may also want to 540 use "define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')" to 541 turn off the usual resolver options that do a similar 542 thing. 543 544stickyhost If set, email sent to "user@local.host" are marked 545 as "sticky" -- that is, the local addresses aren't 546 matched against UDB and don't go through ruleset 5. 547 This is used if you want a set up where "user" is 548 not necessarily the same as "user@local.host", e.g., 549 to make a distinct domain-wide namespace. Prior to 550 8.7 this was the default, and notsticky was used to 551 turn this off. 552 553mailertable Include a "mailer table" which can be used to override 554 routing for particular domains. The argument of the 555 FEATURE may be the key definition. If none is specified, 556 the definition used is: 557 hash -o /etc/mailertable 558 Keys in this database are fully qualified domain names 559 or partial domains preceded by a dot -- for example, 560 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". 561 Values must be of the form: 562 mailer:domain 563 where "mailer" is the internal mailer name, and "domain" 564 is where to send the message. These maps are not 565 reflected into the message header. As a special case, 566 the forms: 567 local:user 568 will forward to the indicated user using the local mailer, 569 local: 570 will forward to the original user in the e-mail address 571 using the local mailer, and 572 error:code message 573 will give an error message with the indicated code and 574 message. 575 576domaintable Include a "domain table" which can be used to provide 577 domain name mapping. Use of this should really be 578 limited to your own domains. It may be useful if you 579 change names (e.g., your company changes names from 580 oldname.com to newname.com). The argument of the 581 FEATURE may be the key definition. If none is specified, 582 the definition used is: 583 hash -o /etc/domaintable 584 The key in this table is the domain name; the value is 585 the new (fully qualified) domain. Anything in the 586 domaintable is reflected into headers; that is, this 587 is done in ruleset 3. 588 589bitdomain Look up bitnet hosts in a table to try to turn them into 590 internet addresses. The table can be built using the 591 bitdomain program contributed by John Gardiner Myers. 592 The argument of the FEATURE may be the key definition; if 593 none is specified, the definition used is: 594 hash -o /etc/bitdomain.db 595 Keys are the bitnet hostname; values are the corresponding 596 internet hostname. 597 598uucpdomain Similar feature for UUCP hosts. The default map definition 599 is: 600 hash -o /etc/uudomain.db 601 At the moment there is no automagic tool to build this 602 database. 603 604always_add_domain 605 Include the local host domain even on locally delivered 606 mail. Normally it is not added on unqualified names. 607 However, if you use a shared message store but do not use 608 the same user name space everywhere, you may need the host 609 name on local names. 610 611allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 612 feature will cause recipient addresses to also masquerade 613 as being from the masquerade host. Normally they get 614 the local hostname. Although this may be right for 615 ordinary users, it can break local aliases. For example, 616 if you send to "localalias", the originating sendmail will 617 find that alias and send to all members, but send the 618 message with "To: localalias@masqueradehost". Since that 619 alias likely does not exist, replies will fail. Use this 620 feature ONLY if you can guarantee that the ENTIRE 621 namespace on your masquerade host supersets all the 622 local entries. 623 624limited_masquerade 625 Normally, any hosts listed in $=w are masqueraded. If this 626 feature is given, only the hosts listed in $=M are masqueraded. 627 This is useful if you have several domains with disjoint 628 namespaces hosted on the same machine. 629 630masquerade_entire_domain 631 If masquerading is enabled (using MASQUERADE_AS) and 632 MASQUERADE_DOMAIN (see below) is set, this feature will 633 cause addresses to be rewritten such that the masquerading 634 domains are actually entire domains to be hidden. All 635 hosts within the masquerading domains will be rewritten 636 to the masquerade name (used in MASQUERADE_AS). For example, 637 if you have: 638 639 MASQUERADE_AS(masq.com) 640 MASQUERADE_DOMAIN(foo.org) 641 MASQUERADE_DOMAIN(bar.com) 642 643 then *foo.org and *bar.com are converted to masq.com. Without 644 this feature, only foo.org and bar.com are masqueraded. 645 646 NOTE: only domains within your jurisdiction and 647 current hierarchy should be masqueraded using this. 648 649genericstable This feature will cause certain addresses originating locally 650 (i.e. that are unqualified) or a domain listed in $=G to be 651 looked up in a map and turned into another ("generic") form, 652 which can change both the domain name and the user name. This 653 is similar to the userdb functionality. The same types of 654 addresses as for masquerading are looked up, i.e. only header 655 sender addresses unless the allmasquerade and/or 656 masquerade_envelope features are given. Qualified addresses 657 must have the domain part in the list of names given by the 658 by the macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE 659 (analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, 660 see below). 661 662 The argument of FEATURE(genericstable) may be the map 663 definition; the default map definition is: 664 665 hash -o /etc/genericstable 666 667 The key for this table is either the full address or the 668 unqualified username (the former is tried first); the 669 value is the new user address. If the new user address does 670 not include a domain, it will be qualified in the standard 671 manner, i.e. using $j or the masquerade name. Note that the 672 address being looked up must be fully qualified. For local 673 mail, it is necessary to use FEATURE(always_add_domain) for 674 the addresses to be qualified. 675 676virtusertable A domain-specific form of aliasing, allowing multiple 677 virtual domains to be hosted on one machine. For example, 678 if the virtuser table contained: 679 680 info@foo.com foo-info 681 info@bar.com bar-info 682 @baz.org jane@elsewhere.net 683 684 then mail addressed to info@foo.com will be sent to the 685 address foo-info, mail addressed to info@bar.com will be 686 delivered to bar-info, and mail addressed to anyone at 687 baz.org will be sent to jane@elsewhere.net. The username 688 from the original address is passed as %1 allowing: 689 690 @foo.org %1@elsewhere.com 691 692 meaning someone@foo.org will be sent to someone@elsewhere.com. 693 694 All the host names on the left hand side (foo.com, bar.com, 695 and baz.org) must be in $=w. The default map definition is: 696 697 hash -o /etc/virtusertable 698 699 A new definition can be specified as the second argument of 700 the FEATURE macro, such as 701 702 FEATURE(virtusertable, dbm -o /etc/mail/virtusers) 703 704nodns We aren't running DNS at our site (for example, 705 we are UUCP-only connected). It's hard to consider 706 this a "feature", but hey, it had to go somewhere. 707 Actually, as of 8.7 this is a no-op -- remove "dns" from 708 the hosts service switch entry instead. 709 710nullclient This is a special case -- it creates a stripped down 711 configuration file containing nothing but support for 712 forwarding all mail to a central hub via a local 713 SMTP-based network. The argument is the name of that 714 hub. 715 716 The only other feature that should be used in conjunction 717 with this one is "nocanonify" (this causes addresses to 718 be sent unqualified via the SMTP connection; normally 719 they are qualified with the masquerade name, which 720 defaults to the name of the hub machine). No mailers 721 should be defined. No aliasing or forwarding is done. 722 Also, note that absolutely no anti-spam or anti-relaying 723 is done in a null client configuration. More information 724 can be found in the ANTI-SPAM CONFIGURATION CONTROL section. 725 726local_lmtp Use an LMTP capable local mailer. The argument to this 727 feature is the pathname of an LMTP capable mailer. By 728 default, mail.local is used. This is expected to be the 729 mail.local which came with the 8.9 distribution which is 730 LMTP capable. The path to mail.local is set by the 731 confEBINDIR m4 variable -- making the default 732 LOCAL_MAILER_PATH /usr/libexec/mail.local. 733 734local_procmail Use procmail as the local mailer. This mailer can 735 make use of the "user+indicator@local.host" syntax; 736 normally the +indicator is just tossed, but by default 737 it is passed as the -a argument to procmail. The 738 argument to this feature is the pathname of procmail, 739 which defaults to PROCMAIL_MAILER_PATH. Note that this 740 does NOT use PROCMAIL_MAILER_FLAGS or PROCMAIL_MAILER_ARGS 741 for the local mailer; tweak LOCAL_MAILER_FLAGS and 742 LOCAL_MAILER_ARGS instead. 743 744bestmx_is_local Accept mail as though locally addressed for any host that 745 lists us as the best possible MX record. This generates 746 additional DNS traffic, but should be OK for low to 747 medium traffic hosts. The argument may be a set of 748 domains, which will limit the feature to only apply to 749 these domains -- this will reduce unnecessary DNS 750 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 751 WILDCARD MX RECORDS!!! If you have a wildcard MX record 752 that matches your domain, you cannot use this feature. 753 754smrsh Use the SendMail Restricted SHell (smrsh) provided 755 with the distribution instead of /bin/sh for mailing 756 to programs. This improves the ability of the local 757 system administrator to control what gets run via 758 e-mail. If an argument is provided it is used as the 759 pathname to smrsh; otherwise, the path defined by 760 confEBINDIR is used for the smrsh binary -- by default, 761 /usr/libexec/smrsh is assumed. 762 763promiscuous_relay 764 By default, the sendmail configuration files do not permit 765 mail relaying (that is, accepting mail from outside your 766 domain and sending it to another host outside your domain). 767 This option sets your site to allow mail relaying from any 768 site to any site. In general, it is better to control the 769 relaying more carefully with the access db and the 'R' 770 class ($=R). Domains can be added to class 'R' by the 771 macros RELAY_DOMAIN or RELAY_DOMAIN_FILE (analogously to 772 MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 773 774relay_entire_domain 775 By default, only hosts listed as RELAY in the access db 776 will be allowed to relay. This option also allows any 777 host in your domain as defined by the 'm' class ($=m). 778 779relay_hosts_only 780 By default, names that are listed as RELAY in the access 781 db and class 'R' ($=R) are domain names, not host names. 782 For example, if you specify ``foo.com'', then mail to or 783 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 784 will all be accepted for relaying. This feature changes 785 the behaviour to lookup individual host names only. 786 787relay_based_on_MX 788 Turns on the ability to allow relaying based on the MX 789 records of the host portion of an incoming recipient; that 790 is, if an MX record for host foo.com points to your site, 791 you will accept and relay mail addressed to foo.com. See 792 description below for more information before using this 793 feature. Also, see the KNOWNBUGS entry regarding bestmx 794 map lookups. 795 796 FEATURE(relay_based_on_MX) does not necessarily allow 797 routing of these messages which you expect to be allowed, 798 if route address syntax (or %-hack syntax) is used. If 799 this is a problem, add entries to the access-table or use 800 FEATURE(loose_relay_check). 801 802relay_local_from 803 Allows relaying if the domain portion of the mail sender 804 is a local host. This should only be used if absolutely 805 necessary as it opens a window for spammers. Specifically, 806 they can send mail to your mail server that claims to be 807 from your domain (either directly or via a routed address), 808 and you will go ahead and relay it out to arbitrary hosts 809 on the Internet. 810 811accept_unqualified_senders 812 Normally, MAIL FROM: commands in the SMTP session will be 813 refused if the connection is a network connection and the 814 sender address does not include a domain name. If your 815 setup sends local mail unqualified (i.e. MAIL FROM: <joe>), 816 you will need to use this feature to accept unqualified 817 sender addresses. 818 819accept_unresolvable_domains 820 Normally, MAIL FROM: commands in the SMTP session will be 821 refused if the host part of the argument to MAIL FROM: cannot 822 be located in the host name service (e.g., DNS). If you are 823 inside a firewall that has only a limited view of the 824 Internet host name space, this could cause problems. In this 825 case you probably want to use this feature to accept all 826 domains on input, even if they are unresolvable. 827 828access_db Turns on the access database feature. The access db gives 829 you the ability to allow or refuse to accept mail from 830 specified domains for administrative reasons. By default, 831 the access database specification is 832 ``hash -o /etc/mail/access''. The format of the 833 database is described below. 834 835blacklist_recipients 836 Turns on the ability to block incoming mail for certain 837 recipient usernames, hostnames, or addresses. For 838 example, you can block incoming mail to user nobody, 839 host foo.mydomain.com, or guest@bar.mydomain.com. 840 These specifications are put in the access db as 841 described below. 842 843rbl Turns on rejection of hosts found in the Realtime Blackhole 844 List. If an argument is provided it is used as the 845 name sever to contact; otherwise, the main RBL server at 846 rbl.maps.vix.com is used. For details, see 847 http://maps.vix.com/rbl/. 848 849loose_relay_check 850 Normally, if a recipient using % addressing is used, e.g. 851 user%site@othersite, and othersite is in class 'R', the 852 check_rcpt ruleset will strip @othersite and recheck 853 user@site for relaying. This feature changes that 854 behavior. It should not be needed for most installations. 855 856 857+-------+ 858| HACKS | 859+-------+ 860 861Some things just can't be called features. To make this clear, 862they go in the hack subdirectory and are referenced using the HACK 863macro. These will tend to be site-dependent. The release 864includes the Berkeley-dependent "cssubdomain" hack (that makes 865sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 866this is intended as a short-term aid while we move hosts into 867subdomains. 868 869 870+--------------------+ 871| SITE CONFIGURATION | 872+--------------------+ 873 874 ***************************************************** 875 * This section is really obsolete, and is preserved * 876 * only for back compatibility. You should plan on * 877 * using mailertables for new installations. In * 878 * particular, it doesn't work for the newer forms * 879 * of UUCP mailers, such as uucp-uudom. * 880 ***************************************************** 881 882Complex sites will need more local configuration information, such as 883lists of UUCP hosts they speak with directly. This can get a bit more 884tricky. For an example of a "complex" site, see cf/ucbvax.mc. 885 886If your host is known by several different names, you need to augment 887the $=w class. This is a list of names by which you are known, and 888anything sent to an address using a host name in this list will be 889treated as local mail. You can do this in two ways: either create 890the file /etc/sendmail.cw containing a list of your aliases (one per 891line), and use ``FEATURE(use_cw_file)'' in the .mc file, or add the 892line: 893 894 Cw alias.host.name 895 896at the end of that file. See the ``vangogh.mc'' file for an example. 897Be sure you use the fully-qualified name of the host, rather than a 898short name. 899 900The SITECONFIG macro allows you to indirectly reference site-dependent 901configuration information stored in the siteconfig subdirectory. For 902example, the line 903 904 SITECONFIG(uucp.ucbvax, ucbvax, U) 905 906reads the file uucp.ucbvax for local connection information. The 907second parameter is the local name (in this case just "ucbvax" since 908it is locally connected, and hence a UUCP hostname). The third 909parameter is the name of both a macro to store the local name (in 910this case, $U) and the name of the class (e.g., $=U) in which to store 911the host information read from the file. Another SITECONFIG line reads 912 913 SITECONFIG(uucp.ucbarpa, ucbarpa.Berkeley.EDU, W) 914 915This says that the file uucp.ucbarpa contains the list of UUCP sites 916connected to ucbarpa.Berkeley.EDU. The $=W class will be used to 917store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 918is, the name of the relay to which the hosts listed in uucp.ucbarpa 919are connected. [The machine ucbarpa is gone now, but I've left 920this out-of-date configuration file around to demonstrate how you 921might do this.] 922 923Note that the case of SITECONFIG with a third parameter of ``U'' is 924special; the second parameter is assumed to be the UUCP name of the 925local site, rather than the name of a remote site, and the UUCP name 926is entered into $=w (the list of local hostnames) as $U.UUCP. 927 928The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 929more than a sequence of SITE macros describing connectivity. For 930example: 931 932 SITE(cnmat) 933 SITE(sgi olympus) 934 935The second example demonstrates that you can use two names on the 936same line; these are usually aliases for the same host (or are at 937least in the same company). 938 939 940+--------------------+ 941| USING UUCP MAILERS | 942+--------------------+ 943 944It's hard to get UUCP mailers right because of the extremely ad hoc 945nature of UUCP addressing. These config files are really designed 946for domain-based addressing, even for UUCP sites. 947 948There are four UUCP mailers available. The choice of which one to 949use is partly a matter of local preferences and what is running at 950the other end of your UUCP connection. Unlike good protocols that 951define what will go over the wire, UUCP uses the policy that you 952should do what is right for the other end; if they change, you have 953to change. This makes it hard to do the right thing, and discourages 954people from updating their software. In general, if you can avoid 955UUCP, please do. 956 957The major choice is whether to go for a domainized scheme or a 958non-domainized scheme. This depends entirely on what the other 959end will recognize. If at all possible, you should encourage the 960other end to go to a domain-based system -- non-domainized addresses 961don't work entirely properly. 962 963The four mailers are: 964 965 uucp-old (obsolete name: "uucp") 966 This is the oldest, the worst (but the closest to UUCP) way of 967 sending messages accros UUCP connections. It does bangify 968 everything and prepends $U (your UUCP name) to the sender's 969 address (which can already be a bang path itself). It can 970 only send to one address at a time, so it spends a lot of 971 time copying duplicates of messages. Avoid this if at all 972 possible. 973 974 uucp-new (obsolete name: "suucp") 975 The same as above, except that it assumes that in one rmail 976 command you can specify several recipients. It still has a 977 lot of other problems. 978 979 uucp-dom 980 This UUCP mailer keeps everything as domain addresses. 981 Basically, it uses the SMTP mailer rewriting rules. This mailer 982 is only included if MAILER(smtp) is also specified. 983 984 Unfortunately, a lot of UUCP mailer transport agents require 985 bangified addresses in the envelope, although you can use 986 domain-based addresses in the message header. (The envelope 987 shows up as the From_ line on UNIX mail.) So.... 988 989 uucp-uudom 990 This is a cross between uucp-new (for the envelope addresses) 991 and uucp-dom (for the header addresses). It bangifies the 992 envelope sender (From_ line in messages) without adding the 993 local hostname, unless there is no host name on the address 994 at all (e.g., "wolf") or the host component is a UUCP host name 995 instead of a domain name ("somehost!wolf" instead of 996 "some.dom.ain!wolf"). This is also included only if MAILER(smtp) 997 is also specified. 998 999Examples: 1000 1001We are on host grasp.insa-lyon.fr (UUCP host name "grasp"). The 1002following summarizes the sender rewriting for various mailers. 1003 1004Mailer sender rewriting in the envelope 1005------ ------ ------------------------- 1006uucp-{old,new} wolf grasp!wolf 1007uucp-dom wolf wolf@grasp.insa-lyon.fr 1008uucp-uudom wolf grasp.insa-lyon.fr!wolf 1009 1010uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 1011uucp-dom wolf@fr.net wolf@fr.net 1012uucp-uudom wolf@fr.net fr.net!wolf 1013 1014uucp-{old,new} somehost!wolf grasp!somehost!wolf 1015uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1016uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1017 1018If you are using one of the domainized UUCP mailers, you really want 1019to convert all UUCP addresses to domain format -- otherwise, it will 1020do it for you (and probably not the way you expected). For example, 1021if you have the address foo!bar!baz (and you are not sending to foo), 1022the heuristics will add the @uucp.relay.name or @local.host.name to 1023this address. However, if you map foo to foo.host.name first, it 1024will not add the local hostname. You can do this using the uucpdomain 1025feature. 1026 1027 1028+-------------------+ 1029| TWEAKING RULESETS | 1030+-------------------+ 1031 1032For more complex configurations, you can define special rules. 1033The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1034the names. Any modifications made here are reflected in the header. 1035 1036A common use is to convert old UUCP addresses to SMTP addresses using 1037the UUCPSMTP macro. For example: 1038 1039 LOCAL_RULE_3 1040 UUCPSMTP(decvax, decvax.dec.com) 1041 UUCPSMTP(research, research.att.com) 1042 1043will cause addresses of the form "decvax!user" and "research!user" 1044to be converted to "user@decvax.dec.com" and "user@research.att.com" 1045respectively. 1046 1047This could also be used to look up hosts in a database map: 1048 1049 LOCAL_RULE_3 1050 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1051 1052This map would be defined in the LOCAL_CONFIG portion, as shown below. 1053 1054Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1055For example, new rules are needed to parse hostnames that you accept 1056via MX records. For example, you might have: 1057 1058 LOCAL_RULE_0 1059 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1060 1061You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1062pointing at this host; this rule catches the message and forwards it on 1063using UUCP. 1064 1065You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1066These rulesets are normally empty. 1067 1068A similar macro is LOCAL_CONFIG. This introduces lines added after the 1069boilerplate option setting but before rulesets, and can be used to 1070declare local database maps or whatever. For example: 1071 1072 LOCAL_CONFIG 1073 Khostmap hash /etc/hostmap.db 1074 Kyplocal nis -m hosts.byname 1075 1076 1077+---------------------------+ 1078| MASQUERADING AND RELAYING | 1079+---------------------------+ 1080 1081You can have your host masquerade as another using 1082 1083 MASQUERADE_AS(host.domain) 1084 1085This causes mail being sent to be labeled as coming from the 1086indicated host.domain, rather than $j. One normally masquerades as 1087one of one's own subdomains (for example, it's unlikely that I would 1088choose to masquerade as an MIT site). This behaviour is modified by 1089a plethora of FEATUREs; in particular, see masquerade_envelope, 1090allmasquerade, limited_masquerade, and masquerade_entire_domain. 1091 1092The masquerade name is not normally canonified, so it is important 1093that it be your One True Name, that is, fully qualified and not a 1094CNAME. However, if you use a CNAME, the receiving side may canonify 1095it for you, so don't think you can cheat CNAME mapping this way. 1096 1097Normally the only addresses that are masqueraded are those that come 1098from this host (that is, are either unqualified or in $=w, the list 1099of local domain names). You can augment this list using 1100 1101 MASQUERADE_DOMAIN(otherhost.domain) 1102 1103The effect of this is that although mail to user@otherhost.domain 1104will not be delivered locally, any mail including any user@otherhost.domain 1105will, when relayed, be rewritten to have the MASQUERADE_AS address. 1106This can be a space-separated list of names. 1107 1108If these names are in a file, you can use 1109 1110 MASQUERADE_DOMAIN_FILE(filename) 1111 1112to read the list of names from the indicated file. 1113 1114Normally only header addresses are masqueraded. If you want to 1115masquerade the envelope as well, use 1116 1117 FEATURE(masquerade_envelope) 1118 1119There are always users that need to be "exposed" -- that is, their 1120internal site name should be displayed instead of the masquerade name. 1121Root is an example. You can add users to this list using 1122 1123 EXPOSED_USER(usernames) 1124 1125This adds users to class E; you could also use something like 1126 1127 FE/etc/sendmail.cE 1128 1129You can also arrange to relay all unqualified names (that is, names 1130without @host) to a relay host. For example, if you have a central 1131email server, you might relay to that host so that users don't have 1132to have .forward files or aliases. You can do this using 1133 1134 define(`LOCAL_RELAY', mailer:hostname) 1135 1136The ``mailer:'' can be omitted, in which case the mailer defaults to 1137"relay". There are some user names that you don't want relayed, perhaps 1138because of local aliases. A common example is root, which may be 1139locally aliased. You can add entries to this list using 1140 1141 LOCAL_USER(usernames) 1142 1143This adds users to class L; you could also use something like 1144 1145 FL/etc/sendmail.cL 1146 1147If you want all incoming mail sent to a centralized hub, as for a 1148shared /var/spool/mail scheme, use 1149 1150 define(`MAIL_HUB', mailer:hostname) 1151 1152Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1153and MAIL_HUB _AND_ you have FEATURE(stickyhost), unqualified names will 1154be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1155Names in $=L will be delivered locally, so you MUST have aliases or 1156.forward files for them. 1157 1158For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1159FEATURE(stickyhost), the following combinations of settings will have the 1160indicated effects: 1161 1162email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1163 1164LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1165mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1166 1167MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1168mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1169 1170Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1171MAIL_HUB set as above (no local aliasing) (aliasing done) 1172 1173If you do not have FEATURE(stickyhost) set, then LOCAL_RELAY and 1174MAIL_HUB act identically, with MAIL_HUB taking precedence. 1175 1176If you want all outgoing mail to go to a central relay site, define 1177SMART_HOST as well. Briefly: 1178 1179 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1180 MAIL_HUB applies to names qualified with the name of the 1181 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1182 SMART_HOST applies to names qualified with other hosts. 1183 1184However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1185DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1186really want absolutely everything to go to a single central site you will 1187need to unset all the other relays -- or better yet, find or build a 1188minimal config file that does this. 1189 1190For duplicate suppression to work properly, the host name is best 1191specified with a terminal dot: 1192 1193 define(`MAIL_HUB', `host.domain.') 1194 note the trailing dot ---^ 1195 1196 1197+---------------------------------+ 1198| ANTI-SPAM CONFIGURATION CONTROL | 1199+---------------------------------+ 1200 1201The primary anti-spam features available in sendmail are: 1202 1203* Relaying is denied by default. 1204* Better checking on sender information. 1205* Access database. 1206* Header checks. 1207 1208Relaying (transmission of messages from a site outside your domain to 1209another site outside your domain) is denied by default. Note that 1210this changed in sendmail 8.9; previous versions allowed relaying by 1211default. If you want to revert to the old behaviour, you will need 1212to use FEATURE(promiscuous_relay). You can allow certain domains to 1213relay through your server by adding their domain name or IP address to 1214class 'R' ($=R) using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the 1215access database (described below). 1216 1217If you use 1218 1219 FEATURE(relay_entire_domain) 1220 1221then any host in any of your local domains (that is, the $=m class) 1222will be relayed (that is, you will accept mail either to or from any 1223host in your domain). 1224 1225You can also allow relaying based on the MX records of the host 1226portion of an incoming recipient address by using 1227 1228 FEATURE(relay_based_on_MX) 1229 1230For example, if your server receives a recipient of user@domain.com 1231and domain.com lists your server in its MX records, the mail will be 1232accepted for relay to domain.com. Note that this will stop spammers 1233from using your host to relay spam but it will not stop outsiders from 1234using your server as a relay for their site (that is, they set up an 1235MX record pointing to your mail server, and you will relay mail addressed 1236to them without any prior arrangement). Along the same lines, 1237 1238 FEATURE(relay_local_from) 1239 1240will allow relaying if the sender specifies a return path (i.e. 1241MAIL FROM: <user@domain>) domain which is a local domain. This a 1242dangerous feature as it will allow spammers to spam using your mail 1243server by simply specifying a return address of user@your.domain.com. 1244It should not be used unless absolutely necessary. 1245 1246If source routing is used in the recipient address (i.e. 1247RCPT TO: <user%site.com@othersite.com>), sendmail will check 1248user@site.com for relaying if othersite.com is an allowed relay host 1249in either class 'R', class 'm' if FEATURE(relay_entire_domain) is used, 1250or the access database if FEATURE(access_db) is used. To prevent 1251the address from being stripped down, use: 1252 1253 FEATURE(loose_relay_check) 1254 1255If you think you need to use this feature, you probably do not. This 1256should only be used for sites which have no control over the addresses 1257that they provide a gateway for. Use this FEATURE with caution as it 1258can allow spammers to relay through your server if not setup properly. 1259 1260As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 1261an unresolvable domain (i.e., one that DNS, your local name service, 1262or special case rules in ruleset 3 cannot locate). If you want to 1263continue to accept such domains, e.g. because you are inside a 1264firewall that has only a limited view of the Internet host name space 1265(note that you will not be able to return mail to them unless you have 1266some "smart host" forwarder), use 1267 1268 FEATURE(accept_unresolvable_domains) 1269 1270sendmail will also refuse mail if the MAIL FROM: parameter is not 1271fully qualified (i.e., contains a domain as well as a user). If you 1272want to continue to accept such senders, use 1273 1274 FEATURE(accept_unqualified_senders) 1275 1276An ``access'' database can be created to accept or reject mail from 1277selected domains. For example, you may choose to reject all mail 1278originating from known spammers. To enable such a database, use 1279 1280 FEATURE(access_db) 1281 1282The FEATURE macro can accept a second parameter giving the key file 1283definition for the database; for example 1284 1285 FEATURE(access_db, hash -o /etc/mail/access) 1286 1287Remember, since /etc/mail/access is a database, after creating the text 1288file as described below, you must use makemap to create the database 1289map. For example: 1290 1291makemap hash /etc/mail/access < /etc/mail/access 1292 1293The table itself uses e-mail addresses, domain names, and network 1294numbers as keys. For example, 1295 1296 spammer@aol.com REJECT 1297 cyberspammer.com REJECT 1298 192.168.212 REJECT 1299 1300would refuse mail from spammer@aol.com, any user from cyberspammer.com 1301(or any host within the cyberspammer.com domain), and any host on the 1302192.168.212.* network. 1303 1304The value part of the map can contain: 1305 1306 OK Accept mail even if other rules in the 1307 running ruleset would reject it, for example, 1308 if the domain name is unresolvable. 1309 RELAY Accept mail addressed to the indicated domain or 1310 received from the indicated domain for relaying 1311 through your SMTP server. RELAY also serves as 1312 an implicit OK for the other checks. 1313 REJECT Reject the sender or recipient with a general 1314 purpose message. 1315 DISCARD Discard the message completely using the 1316 $#discard mailer. This only works for sender 1317 addresses (i.e., it indicates that you should 1318 discard anything received from the indicated 1319 domain). 1320 ### any text where ### is an RFC 821 compliant error code 1321 and "any text" is a message to return for 1322 the command. 1323 1324For example: 1325 1326 cyberspammer.com 550 We don't accept mail from spammers 1327 okay.cyberspammer.com OK 1328 sendmail.org OK 1329 128.32 RELAY 1330 1331would accept mail from okay.cyberspammer.com, but would reject mail 1332from all other hosts at cyberspammer.com with the indicated message. 1333It would allow accept mail from any hosts in the sendmail.org domain, 1334and allow relaying for the 128.32.*.* network. Note, UUCP users may 1335need to add hostname.UUCP to the access database or class 'R' ($=R). 1336If you also use: 1337 1338 FEATURE(relay_hosts_only) 1339 1340then the above example will allow relaying for sendmail.org, but not 1341hosts within the sendmail.org domain. Note that this will also require 1342hosts listed in class 'R' ($=R) to be fully qualified host names. 1343 1344You can also use the access database to block sender addresses based on 1345the username portion of the address. For example: 1346 1347 FREE.STEALTH.MAILER@ 550 Spam not accepted 1348 1349Note that you must include the @ after the username to signify that 1350this database entry is for checking only the username portion of the 1351sender address. 1352 1353If you use: 1354 1355 FEATURE(blacklist_recipients) 1356 1357then you can add entries to the map for local users, hosts in your 1358domains, or addresses in your domain which should not receive mail: 1359 1360 badlocaluser 550 Mailbox disabled for this username 1361 host.mydomain.com 550 That host does not accept mail 1362 user@otherhost.mydomain.com 550 Mailbox disabled for this recipient 1363 1364This would prevent a recipient of badlocaluser@mydomain.com, any 1365user at host.mydomain.com, and the single address 1366user@otherhost.mydomain.com from receiving mail. Enabling this 1367feature will keep you from sending mails to all addresses that 1368have an error message or REJECT as value part in the access map. 1369Taking the example from above: 1370 1371 spammer@aol.com REJECT 1372 cyberspammer.com REJECT 1373 1374Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 1375 1376There is also a ``Realtime Blackhole List'' run by the MAPS project 1377at http://maps.vix.com/. This is a database maintained in DNS of 1378spammers. To use this database, use 1379 1380 FEATURE(rbl) 1381 1382This will cause sendmail to reject mail from any site in the 1383Realtime Blackhole List database. You can specify an alternative 1384RBL name server to contact by specifying an argument to the FEATURE. 1385 1386The features described above make use of the check_relay, check_mail, 1387and check_rcpt rulesets. If you wish to include your own checks, 1388you can put your checks in the rulesets Local_check_relay, 1389Local_check_mail, and Local_check_rcpt. For example if you wanted to 1390block senders with all numeric usernames (i.e. 2312343@bigisp.com), 1391you would use Local_check_mail and the new regex map: 1392 1393 LOCAL_CONFIG 1394 Kallnumbers regex -a@MATCH ^[0-9]+$ 1395 1396 LOCAL_RULESETS 1397 SLocal_check_mail 1398 # check address against various regex checks 1399 R$* $: $>Parse0 $>3 $1 1400 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 1401 R@MATCH $#error $: 553 Header Error 1402 1403These rules are called with the original arguments of the corresponding 1404check_* ruleset. If the local ruleset returns $#OK, no further checking 1405is done by the features described above and the mail is accepted. If the 1406local ruleset resolves to a mailer (such as $#error or $#discard), the 1407appropriate action is taken. Otherwise, the results of the local 1408rewriting are ignored. 1409 1410 1411You can also reject mail on the basis of the contents of headers. 1412This is done by adding a ruleset call to the 'H' header definition command 1413in sendmail.cf. For example, this can be used to check the validity of 1414a Message-ID: header: 1415 1416 LOCAL_RULESETS 1417 HMessage-Id: $>CheckMessageId 1418 1419 SCheckMessageId 1420 R< $+ @ $+ > $@ OK 1421 R$* $#error $: 553 Header Error 1422 1423Users of FEATURE(nullclient) who desire to use the anti-spam and 1424anti-relaying capabilities should replace FEATURE(nullclient, mailhub) 1425with: 1426 1427 undefine(`ALIAS_FILE') 1428 define(`MAIL_HUB', `mailhub') 1429 define(`SMART_HOST', `mailhub') 1430 define(`confFORWARD_PATH', `') 1431 1432where mailhub is the fully qualified hostname for their mail server. 1433 1434 1435+--------------------------------+ 1436| ADDING NEW MAILERS OR RULESETS | 1437+--------------------------------+ 1438 1439Sometimes you may need to add entirely new mailers or rulesets. They 1440should be introduced with the constructs MAILER_DEFINITIONS and 1441LOCAL_RULESETS respectively. For example: 1442 1443 MAILER_DEFINITIONS 1444 Mmymailer, ... 1445 ... 1446 1447 LOCAL_RULESETS 1448 Smyruleset 1449 ... 1450 1451 1452+-------------------------------+ 1453| NON-SMTP BASED CONFIGURATIONS | 1454+-------------------------------+ 1455 1456These configuration files are designed primarily for use by SMTP-based 1457sites. I don't pretend that they are well tuned for UUCP-only or 1458UUCP-primarily nodes (the latter is defined as a small local net 1459connected to the rest of the world via UUCP). However, there is one 1460hook to handle some special cases. 1461 1462You can define a ``smart host'' that understands a richer address syntax 1463using: 1464 1465 define(`SMART_HOST', mailer:hostname) 1466 1467In this case, the ``mailer:'' defaults to "relay". Any messages that 1468can't be handled using the usual UUCP rules are passed to this host. 1469 1470If you are on a local SMTP-based net that connects to the outside 1471world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 1472For example: 1473 1474 define(`SMART_HOST', suucp:uunet) 1475 LOCAL_NET_CONFIG 1476 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 1477 1478This will cause all names that end in your domain name ($m) via 1479SMTP; anything else will be sent via suucp (smart UUCP) to uunet. 1480If you have FEATURE(nocanonify), you may need to omit the dots after 1481the $m. If you are running a local DNS inside your domain which is 1482not otherwise connected to the outside world, you probably want to 1483use: 1484 1485 define(`SMART_HOST', smtp:fire.wall.com) 1486 LOCAL_NET_CONFIG 1487 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 1488 1489That is, send directly only to things you found in your DNS lookup; 1490anything else goes through SMART_HOST. 1491 1492You may need to turn off the anti-spam rules in order to accept 1493UUCP mail with FEATURE(promiscuous_relay) and 1494FEATURE(accept_unresolvable_domains). 1495 1496 1497+-----------+ 1498| WHO AM I? | 1499+-----------+ 1500 1501Normally, the $j macro is automatically defined to be your fully 1502qualified domain name (FQDN). Sendmail does this by getting your 1503host name using gethostname and then calling gethostbyname on the 1504result. For example, in some environments gethostname returns 1505only the root of the host name (such as "foo"); gethostbyname is 1506supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 1507cases, gethostbyname may fail to return the FQDN. In this case 1508you MUST define confDOMAIN_NAME to be your fully qualified domain 1509name. This is usually done using: 1510 1511 Dmbar.com 1512 define(`confDOMAIN_NAME', `$w.$m')dnl 1513 1514 1515+--------------------+ 1516| USING MAILERTABLES | 1517+--------------------+ 1518 1519To use FEATURE(mailertable), you will have to create an external 1520database containing the routing information for various domains. 1521For example, a mailertable file in text format might be: 1522 1523 .my.domain xnet:%1.my.domain 1524 uuhost1.my.domain suucp:uuhost1 1525 .bitnet smtp:relay.bit.net 1526 1527This should normally be stored in /etc/mailertable. The actual 1528database version of the mailertable is built using: 1529 1530 makemap hash /etc/mailertable.db < /etc/mailertable 1531 1532The semantics are simple. Any LHS entry that does not begin with 1533a dot matches the full host name indicated. LHS entries beginning 1534with a dot match anything ending with that domain name -- that is, 1535they can be thought of as having a leading "*" wildcard. Matching 1536is done in order of most-to-least qualified -- for example, even 1537though ".my.domain" is listed first in the above example, an entry 1538of "uuhost1.my.domain" will match the second entry since it is 1539more explicit. 1540 1541The RHS should always be a "mailer:host" pair. The mailer is the 1542configuration name of a mailer (that is, an `M' line in the 1543sendmail.cf file). The "host" will be the hostname passed to 1544that mailer. In domain-based matches (that is, those with leading 1545dots) the "%1" may be used to interpolate the wildcarded part of 1546the host name. For example, the first line above sends everything 1547addressed to "anything.my.domain" to that same host name, but using 1548the (presumably experimental) xnet mailer. 1549 1550In some cases you may want to temporarily turn off MX records, 1551particularly on gateways. For example, you may want to MX 1552everything in a domain to one machine that then forwards it 1553directly. To do this, you might use the DNS configuration: 1554 1555 *.domain. IN MX 0 relay.machine 1556 1557and on relay.machine use the mailertable: 1558 1559 .domain smtp:[gateway.domain] 1560 1561The [square brackets] turn off MX records for this host only. 1562If you didn't do this, the mailertable would use the MX record 1563again, which would give you an MX loop. 1564 1565 1566+--------------------------------+ 1567| USING USERDB TO MAP FULL NAMES | 1568+--------------------------------+ 1569 1570The user database was not originally intended for mapping full names 1571to login names (e.g., Eric.Allman => eric), but some people are using 1572it that way. (I would recommend that you set up aliases for this 1573purpose instead -- since you can specify multiple alias files, this 1574is fairly easy.) The intent was to locate the default maildrop at 1575a site, but allow you to override this by sending to a specific host. 1576 1577If you decide to set up the user database in this fashion, it is 1578imperative that you not use FEATURE(stickyhost) -- otherwise, 1579e-mail sent to Full.Name@local.host.name will be rejected. 1580 1581To build the internal form of the user database, use: 1582 1583 makemap btree /usr/data/base.db < /usr/data/base.txt 1584 1585As a general rule, I am adamantly opposed to using full names as 1586e-mail addresses, since they are not in any sense unique. For example, 1587the Unix software-development community has two Andy Tannenbaums, 1588at least two well-known Peter Deutsches, and at one time Bell Labs 1589had two Stephen R. Bournes with offices along the same hallway. 1590Which one will be forced to suffer the indignity of being 1591Stephen_R_Bourne_2? The less famous of the two, or the one that 1592was hired later? 1593 1594Finger should handle full names (and be fuzzy). Mail should use 1595handles, and not be fuzzy. [Not that I expect anyone to pay any 1596attention to my opinions.] 1597 1598 1599+--------------------------------+ 1600| MISCELLANEOUS SPECIAL FEATURES | 1601+--------------------------------+ 1602 1603Plussed users 1604 Sometimes it is convenient to merge configuration on a 1605 centralized mail machine, for example, to forward all 1606 root mail to a mail server. In this case it might be 1607 useful to be able to treat the root addresses as a class 1608 of addresses with subtle differences. You can do this 1609 using plussed users. For example, a client might include 1610 the alias: 1611 1612 root: root+client1@server 1613 1614 On the server, this will match an alias for "root+client1". 1615 If that is not found, the alias "root+*" will be tried, 1616 then "root". 1617 1618LDAP 1619 For notes on use LDAP in sendmail, see 1620 http://www.stanford.edu/~bbense/Inst.html 1621 1622 1623 1624+----------------+ 1625| SECURITY NOTES | 1626+----------------+ 1627 1628A lot of sendmail security comes down to you. Sendmail 8 is much 1629more careful about checking for security problems than previous 1630versions, but there are some things that you still need to watch 1631for. In particular: 1632 1633* Make sure the aliases file isn't writable except by trusted 1634 system personnel. This includes both the text and database 1635 version. 1636 1637* Make sure that other files that sendmail reads, such as the 1638 mailertable, are only writable by trusted system personnel. 1639 1640* The queue directory should not be world writable PARTICULARLY 1641 if your system allows "file giveaways" (that is, if a non-root 1642 user can chown any file they own to any other user). 1643 1644* If your system allows file giveaways, DO NOT create a publically 1645 writable directory for forward files. This will allow anyone 1646 to steal anyone else's e-mail. Instead, create a script that 1647 copies the .forward file from users' home directories once a 1648 night (if you want the non-NFS-mounted forward directory). 1649 1650* If your system allows file giveaways, you'll find that 1651 sendmail is much less trusting of :include: files -- in 1652 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 1653 /etc/shells before they will be trusted (that is, before 1654 files and programs listed in them will be honored). 1655 1656In general, file giveaways are a mistake -- if you can turn them 1657off I recommend you do so. 1658 1659 1660+--------------------------------+ 1661| TWEAKING CONFIGURATION OPTIONS | 1662+--------------------------------+ 1663 1664There are a large number of configuration options that don't normally 1665need to be changed. However, if you feel you need to tweak them, you 1666can define the following M4 variables. This list is shown in four 1667columns: the name you define, the default value for that definition, 1668the option or macro that is affected (either Ox for an option or Dx 1669for a macro), and a brief description. Greater detail of the semantics 1670can be found in the Installation and Operations Guide. 1671 1672Some options are likely to be deprecated in future versions -- that is, 1673the option is only included to provide back-compatibility. These are 1674marked with "*". 1675 1676Remember that these options are M4 variables, and hence may need to 1677be quoted. In particular, arguments with commas will usually have to 1678be ``double quoted, like this phrase'' to avoid having the comma 1679confuse things. This is common for alias file definitions and for 1680the read timeout. 1681 1682M4 Variable Name Configuration Description & [Default] 1683================ ============= ======================= 1684confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 1685 for internally generated outgoing 1686 messages. 1687confDOMAIN_NAME $j macro If defined, sets $j. This should 1688 only be done if your system cannot 1689 determine your local domain name, 1690 and then it should be set to 1691 $w.Foo.COM, where Foo.COM is your 1692 domain name. 1693confCF_VERSION $Z macro If defined, this is appended to the 1694 configuration version name. 1695confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 1696 internally generated From: address. 1697confRECEIVED_HEADER Received: 1698 [$?sfrom $s $.$?_($?s$|from $.$_) 1699 $.by $j ($v/$Z)$?r with $r$. id $i$?u 1700 for $u; $|; 1701 $.$b] 1702 The format of the Received: header 1703 in messages passed through this host. 1704 It is unwise to try to change this. 1705confCW_FILE Fw class [/etc/sendmail.cw] Name of file used 1706 to get the local additions to the $=w 1707 (local host names) class. 1708confCT_FILE Ft class [/etc/sendmail.ct] Name of file used 1709 to get the local additions to the $=t 1710 (trusted users) class. 1711confCR_FILE FR class [/etc/mail/relay-domains] Name of 1712 file used to get the local additions 1713 to the $=R (hosts allowed to relay) 1714 class. 1715confTRUSTED_USERS Ct class [no default] Names of users to add to 1716 the list of trusted users. This list 1717 always includes root, uucp, and daemon. 1718 See also FEATURE(use_ct_file). 1719confSMTP_MAILER - [esmtp] The mailer name used when 1720 SMTP connectivity is required. 1721 One of "smtp", "smtp8", or "esmtp". 1722confUUCP_MAILER - [uucp-old] The mailer to be used by 1723 default for bang-format recipient 1724 addresses. See also discussion of 1725 $=U, $=Y, and $=Z in the MAILER(uucp) 1726 section. 1727confLOCAL_MAILER - [local] The mailer name used when 1728 local connectivity is required. 1729 Almost always "local". 1730confRELAY_MAILER - [relay] The default mailer name used 1731 for relaying any mail (e.g., to a 1732 BITNET_RELAY, a SMART_HOST, or 1733 whatever). This can reasonably be 1734 "uucp-new" if you are on a 1735 UUCP-connected site. 1736confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 1737confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 1738confALIAS_WAIT AliasWait [10m] Time to wait for alias file 1739 rebuild until you get bored and 1740 decide that the apparently pending 1741 rebuild failed. 1742confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 1743 queue filesystem to accept SMTP mail. 1744 (Prior to 8.7 this was minfree/maxsize, 1745 where minfree was the number of free 1746 blocks and maxsize was the maximum 1747 message size. Use confMAX_MESSAGE_SIZE 1748 for the second value now.) 1749confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 1750 that will be accepted (in bytes). 1751confBLANK_SUB BlankSub [.] Blank (space) substitution 1752 character. 1753confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 1754 to mailers marked expensive? 1755confCHECKPOINT_INTERVAL CheckpointInterval 1756 [10] Checkpoint queue files every N 1757 recipients. 1758confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 1759confAUTO_REBUILD AutoRebuildAliases 1760 [False] Automatically rebuild alias 1761 file if needed. 1762confERROR_MODE ErrorMode [print] Error message mode. 1763confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 1764confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 1765confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 1766confMATCH_GECOS MatchGECOS [False] Match GECOS field. 1767confMAX_HOP MaxHopCount [25] Maximum hop count. 1768confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd mode] 1769 Ignore dot as terminator for incoming 1770 messages? 1771confBIND_OPTS ResolverOptions [undefined] Default options for DNS 1772 resolver. 1773confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 1774 encapsulated messages per RFC 1344. 1775confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 1776 The colon-separated list of places to 1777 search for .forward files. N.B.: see 1778 the Security Notes section. 1779confMCI_CACHE_SIZE ConnectionCacheSize 1780 [2] Size of open connection cache. 1781confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 1782 [5m] Open connection cache timeout. 1783confHOST_STATUS_DIRECTORY HostStatusDirectory 1784 [undefined] If set, host status is kept 1785 on disk between sendmail runs in the 1786 named directory tree. This need not be 1787 a full pathname, in which case it is 1788 interpreted relative to the queue 1789 directory. 1790confSINGLE_THREAD_DELIVERY SingleThreadDelivery 1791 [False] If this option and the 1792 HostStatusDirectory option are both 1793 set, single thread deliveries to other 1794 hosts. That is, don't allow any two 1795 sendmails on this host to connect 1796 simultaneously to any other single 1797 host. This can slow down delivery in 1798 some cases, in particular since a 1799 cached but otherwise idle connection 1800 to a host will prevent other sendmails 1801 from connecting to the other host. 1802confUSE_ERRORS_TO* UserErrorsTo [False] Use the Errors-To: header to 1803 deliver error messages. This should 1804 not be necessary because of general 1805 acceptance of the envelope/header 1806 distinction. 1807confLOG_LEVEL LogLevel [9] Log level. 1808confME_TOO MeToo [False] Include sender in group 1809 expansions. 1810confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 1811 running newaliases. Since this does 1812 DNS lookups on every address, it can 1813 slow down the alias rebuild process 1814 considerably on large alias files. 1815confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 1816 special chars are old style. 1817confDAEMON_OPTIONS DaemonPortOptions 1818 [none] SMTP daemon options. 1819confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 1820confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 1821 copies of all error messages. 1822confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 1823confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 1824 syntax addresses to the minimum 1825 possible. 1826confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 1827 before forking. 1828confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 1829 on the initial connect. 1830confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 1831 connect() to complete. This can only 1832 shorten connection timeouts; the kernel 1833 silently enforces an absolute maximum 1834 (which varies depending on the system). 1835confTO_ICONNECT Timeout.iconnect 1836 [undefined] Like Timeout.connect, but 1837 applies only to the very first attempt 1838 to connect to a host in a message. 1839 This allows a single very fast pass 1840 followed by more careful delivery 1841 attempts in the future. 1842confTO_HELO Timeout.helo [5m] The timeout waiting for a response 1843 to a HELO or EHLO command. 1844confTO_MAIL Timeout.mail [10m] The timeout waiting for a 1845 response to the MAIL command. 1846confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 1847 to the RCPT command. 1848confTO_DATAINIT Timeout.datainit 1849 [5m] The timeout waiting for a 354 1850 response from the DATA command. 1851confTO_DATABLOCK Timeout.datablock 1852 [1h] The timeout waiting for a block 1853 during DATA phase. 1854confTO_DATAFINAL Timeout.datafinal 1855 [1h] The timeout waiting for a response 1856 to the final "." that terminates a 1857 message. 1858confTO_RSET Timeout.rset [5m] The timeout waiting for a response 1859 to the RSET command. 1860confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 1861 to the QUIT command. 1862confTO_MISC Timeout.misc [2m] The timeout waiting for a response 1863 to other SMTP commands. 1864confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout waiting 1865 for a command to be issued. 1866confTO_IDENT Timeout.ident [30s] The timeout waiting for a response 1867 to an IDENT query. 1868confTO_FILEOPEN Timeout.fileopen 1869 [60s] The timeout waiting for a file 1870 (e.g., :include: file) to be opened. 1871confTO_QUEUERETURN Timeout.queuereturn 1872 [5d] The timeout before a message is 1873 returned as undeliverable. 1874confTO_QUEUERETURN_NORMAL 1875 Timeout.queuereturn.normal 1876 [undefined] As above, for normal 1877 priority messages. 1878confTO_QUEUERETURN_URGENT 1879 Timeout.queuereturn.urgent 1880 [undefined] As above, for urgent 1881 priority messages. 1882confTO_QUEUERETURN_NONURGENT 1883 Timeout.queuereturn.non-urgent 1884 [undefined] As above, for non-urgent 1885 (low) priority messages. 1886confTO_QUEUEWARN Timeout.queuewarn 1887 [4h] The timeout before a warning 1888 message is sent to the sender telling 1889 them that the message has been deferred. 1890confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 1891 [undefined] As above, for normal 1892 priority messages. 1893confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 1894 [undefined] As above, for urgent 1895 priority messages. 1896confTO_QUEUEWARN_NONURGENT 1897 Timeout.queuewarn.non-urgent 1898 [undefined] As above, for non-urgent 1899 (low) priority messages. 1900confTO_HOSTSTATUS Timeout.hoststatus 1901 [30m] How long information about host 1902 statuses will be maintained before it 1903 is considered stale and the host should 1904 be retried. This applies both within 1905 a single queue run and to persistent 1906 information (see below). 1907confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 1908 USE_SYSTEM to use the system's idea, 1909 USE_TZ to use the user's TZ envariable, 1910 or something else to force that value. 1911confDEF_USER_ID DefaultUser [1:1] Default user id. 1912confUSERDB_SPEC UserDatabaseSpec 1913 [undefined] User database specification. 1914confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 1915confTRY_NULL_MX_LIST TryNullMXList [False] If we are the best MX for a 1916 host and haven't made other 1917 arrangements, try connecting to the 1918 host directly; normally this would be 1919 a config error. 1920confQUEUE_LA QueueLA [8] Load average at which queue-only 1921 function kicks in. 1922confREFUSE_LA RefuseLA [12] Load average at which incoming 1923 SMTP connections are refused. 1924confMAX_DAEMON_CHILDREN MaxDaemonChildren 1925 [undefined] The maximum number of 1926 children the daemon will permit. After 1927 this number, connections will be 1928 rejected. If not set or <= 0, there is 1929 no limit. 1930confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 1931 [undefined] The maximum number of 1932 connections permitted per second. 1933 After this many connections are 1934 accepted, further connections will be 1935 delayed. If not set or <= 0, there is 1936 no limit. 1937confWORK_RECIPIENT_FACTOR 1938 RecipientFactor [30000] Cost of each recipient. 1939confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a separate 1940 process. 1941confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 1942confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 1943confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 1944 Priority, Host, or Time. 1945confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 1946 must sit in the queue between queue 1947 runs. This allows you to set the 1948 queue run interval low for better 1949 responsiveness without trying all 1950 jobs in each run. 1951confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 1952 unlabeled 8 bit input to MIME, the 1953 character set to use by default. 1954confSERVICE_SWITCH_FILE ServiceSwitchFile 1955 [/etc/service.switch] The file to use 1956 for the service switch on systems that 1957 do not have a system-defined switch. 1958confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 1959 "file" type access of hosts names. 1960confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 1961 long and try again. Zero means "don't 1962 retry". This is to allow "dial on 1963 demand" connections to have enough time 1964 to complete a connection. 1965confNO_RCPT_ACTION NoRecipientAction 1966 [none] What to do if there are no legal 1967 recipient fields (To:, Cc: or Bcc:) 1968 in the message. Legal values can 1969 be "none" to just leave the 1970 nonconforming message as is, "add-to" 1971 to add a To: header with all the 1972 known recipients (which may expose 1973 blind recipients), "add-apparently-to" 1974 to do the same but use Apparently-To: 1975 instead of To:, "add-bcc" to add an 1976 empty Bcc: header, or 1977 "add-to-undisclosed" to add the header 1978 ``To: undisclosed-recipients:;''. 1979confSAFE_FILE_ENV SafeFileEnvironment 1980 [undefined] If set, sendmail will do a 1981 chroot() into this directory before 1982 writing files. 1983confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 1984 If set, colons are treated as a regular 1985 character in addresses. If not set, 1986 they are treated as the introducer to 1987 the RFC 822 "group" syntax. Colons are 1988 handled properly in route-addrs. This 1989 option defaults on for V5 and lower 1990 configuration files. 1991confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 1992 any given queue run to this number of 1993 entries. Essentially, this will stop 1994 reading the queue directory after this 1995 number of entries are reached; it does 1996 _not_ pick the highest priority jobs, 1997 so this should be as large as your 1998 system can tolerate. If not set, there 1999 is no limit. 2000confDONT_EXPAND_CNAMES DontExpandCnames 2001 [False] If set, $[ ... $] lookups that 2002 do DNS based lookups do not expand 2003 CNAME records. This currently violates 2004 the published standards, but the IETF 2005 seems to be moving toward legalizing 2006 this. For example, if "FTP.Foo.ORG" 2007 is a CNAME for "Cruft.Foo.ORG", then 2008 with this option set a lookup of 2009 "FTP" will return "FTP.Foo.ORG"; if 2010 clear it returns "Cruft.FOO.ORG". N.B. 2011 you may not see any effect until your 2012 downstream neighbors stop doing CNAME 2013 lookups as well. 2014confFROM_LINE UnixFromLine [From $g $d] The From_ line used 2015 when sending to files or programs. 2016confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 2017 [False] From: lines that have 2018 embedded newlines are unwrapped 2019 onto one line. 2020confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 2021 does not include a host name. 2022confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 2023 name phrase (@,;:\()[] are automatic). 2024confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 2025 characters. 2026confSMTP_LOGIN_MSG SmtpGreetingMessage 2027 [$j Sendmail $v/$Z; $b] 2028 The initial (spontaneous) SMTP 2029 greeting message. The word "ESMTP" 2030 will be inserted between the first and 2031 second words to convince other 2032 sendmails to try to speak ESMTP. 2033confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 2034 routine will never be invoked. You 2035 might want to do this if you are 2036 running NIS and you have a large group 2037 map, since this call does a sequential 2038 scan of the map; in a large site this 2039 can cause your ypserv to run 2040 essentially full time. If you set 2041 this, agents run on behalf of users 2042 will only have their primary 2043 (/etc/passwd) group permissions. 2044confUNSAFE_GROUP_WRITES UnsafeGroupWrites 2045 [False] If set, group-writable 2046 :include: and .forward files are 2047 considered "unsafe", that is, programs 2048 and files cannot be directly referenced 2049 from such files. World-writable files 2050 are always considered unsafe. 2051confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 2052 [postmaster] If an error occurs when 2053 sending an error message, send that 2054 "double bounce" error message to this 2055 address. 2056confRUN_AS_USER RunAsUser [undefined] If set, become this user 2057 when reading and delivering mail. 2058 Causes all file reads (e.g., .forward 2059 and :include: files) to be done as 2060 this user. Also, all programs will 2061 be run as this user, and all output 2062 files will be written as this user. 2063 Intended for use only on firewalls 2064 where users do not have accounts. 2065confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 2066 [infinite] If set, allow no more than 2067 the specified number of recipients in 2068 an SMTP envelope. Further recipients 2069 receive a 452 error code (i.e., they 2070 are deferred for the next delivery 2071 attempt). 2072confDONT_PROBE_INTERFACES DontProbeInterfaces 2073 [False] If set, sendmail will _not_ 2074 insert the names and addresses of any 2075 local interfaces into the $=w class 2076 (list of known "equivalent" addresses). 2077 If you set this, you must also include 2078 some support for these addresses (e.g., 2079 in a mailertable entry) -- otherwise, 2080 mail to addresses in this list will 2081 bounce with a configuration error. 2082confDONT_BLAME_SENDMAIL DontBlameSendmail 2083 [safe] Override sendmail's file 2084 safety checks. This will definitely 2085 compromise system security and should 2086 not be used unless absolutely 2087 necessary. 2088confREJECT_MSG - [550 Access denied] The message 2089 given if the access database contains 2090 REJECT in the value portion. 2091 2092See also the description of OSTYPE for some parameters that can be 2093tweaked (generally pathnames to mailers). 2094 2095 2096+-----------+ 2097| HIERARCHY | 2098+-----------+ 2099 2100Within this directory are several subdirectories, to wit: 2101 2102m4 General support routines. These are typically 2103 very important and should not be changed without 2104 very careful consideration. 2105 2106cf The configuration files themselves. They have 2107 ".mc" suffixes, and must be run through m4 to 2108 become complete. The resulting output should 2109 have a ".cf" suffix. 2110 2111ostype Definitions describing a particular operating 2112 system type. These should always be referenced 2113 using the OSTYPE macro in the .mc file. Examples 2114 include "bsd4.3", "bsd4.4", "sunos3.5", and 2115 "sunos4.1". 2116 2117domain Definitions describing a particular domain, referenced 2118 using the DOMAIN macro in the .mc file. These are 2119 site dependent; for example, "CS.Berkeley.EDU.m4" 2120 describes hosts in the CS.Berkeley.EDU subdomain. 2121 2122mailer Descriptions of mailers. These are referenced using 2123 the MAILER macro in the .mc file. 2124 2125sh Shell files used when building the .cf file from the 2126 .mc file in the cf subdirectory. 2127 2128feature These hold special orthogonal features that you might 2129 want to include. They should be referenced using 2130 the FEATURE macro. 2131 2132hack Local hacks. These can be referenced using the HACK 2133 macro. They shouldn't be of more than voyeuristic 2134 interest outside the .Berkeley.EDU domain, but who knows? 2135 We've all got our own peccadillos. 2136 2137siteconfig Site configuration -- e.g., tables of locally connected 2138 UUCP sites. 2139 2140 2141+------------------------+ 2142| ADMINISTRATIVE DETAILS | 2143+------------------------+ 2144 2145The following sections detail usage of certain internal parts of the 2146sendmail.cf file. Read them carefully if you are trying to modify 2147the current model. If you find the above descriptions adequate, these 2148should be {boring, confusing, tedious, ridiculous} (pick one or more). 2149 2150RULESETS (* means built in to sendmail) 2151 2152 0 * Parsing 2153 1 * Sender rewriting 2154 2 * Recipient rewriting 2155 3 * Canonicalization 2156 4 * Post cleanup 2157 5 * Local address rewrite (after aliasing) 2158 1x mailer rules (sender qualification) 2159 2x mailer rules (recipient qualification) 2160 3x mailer rules (sender header qualification) 2161 4x mailer rules (recipient header qualification) 2162 5x mailer subroutines (general) 2163 6x mailer subroutines (general) 2164 7x mailer subroutines (general) 2165 8x reserved 2166 90 Mailertable host stripping 2167 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 2168 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 2169 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 2170 99 Guaranteed null (for debugging) 2171 2172 2173MAILERS 2174 2175 0 local, prog local and program mailers 2176 1 [e]smtp, relay SMTP channel 2177 2 uucp-* UNIX-to-UNIX Copy Program 2178 3 netnews Network News delivery 2179 4 fax Sam Leffler's HylaFAX software 2180 5 mail11 DECnet mailer 2181 2182 2183MACROS 2184 2185 A 2186 B Bitnet Relay 2187 C DECnet Relay 2188 D The local domain -- usually not needed 2189 E reserved for X.400 Relay 2190 F FAX Relay 2191 G 2192 H mail Hub (for mail clusters) 2193 I 2194 J 2195 K 2196 L Luser Relay 2197 M Masquerade (who I claim to be) 2198 N 2199 O 2200 P 2201 Q 2202 R Relay (for unqualified names) 2203 S Smart Host 2204 T 2205 U my UUCP name (if I have a UUCP connection) 2206 V UUCP Relay (class V hosts) 2207 W UUCP Relay (class W hosts) 2208 X UUCP Relay (class X hosts) 2209 Y UUCP Relay (all other hosts) 2210 Z Version number 2211 2212 2213CLASSES 2214 2215 A 2216 B domains that are candidates for bestmx lookup 2217 C 2218 D 2219 E addresses that should not seem to come from $M 2220 F hosts we forward for 2221 G domains that should be looked up in genericstable 2222 H 2223 I 2224 J 2225 K 2226 L addresses that should not be forwarded to $R 2227 M domains that should be mapped to $M 2228 N 2229 O operators that indicate network operations (cannot be in local names) 2230 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 2231 Q 2232 R domains we are willing to relay (pass anti-spam filters) 2233 S 2234 T 2235 U locally connected UUCP hosts 2236 V UUCP hosts connected to relay $V 2237 W UUCP hosts connected to relay $W 2238 X UUCP hosts connected to relay $X 2239 Y locally connected smart UUCP hosts 2240 Z locally connected domain-ized UUCP hosts 2241 . the class containing only a dot 2242 [ the class containing only a left bracket 2243 2244 2245M4 DIVERSIONS 2246 2247 1 Local host detection and resolution 2248 2 Local Ruleset 3 additions 2249 3 Local Ruleset 0 additions 2250 4 UUCP Ruleset 0 additions 2251 5 locally interpreted names (overrides $R) 2252 6 local configuration (at top of file) 2253 7 mailer definitions 2254 8 2255 9 special local rulesets (1 and 2) 2256