README revision 90792
1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide (doc/op/op.me). 8 9To get started, you may want to look at tcpproto.mc (for TCP-only 10sites) and clientproto.mc (for clusters of clients using a single 11mail host), or the generic-*.mc files as operating system-specific 12examples. 13 14Table of Content: 15 16INTRODUCTION AND EXAMPLE 17A BRIEF INTRODUCTION TO M4 18FILE LOCATIONS 19OSTYPE 20DOMAINS 21MAILERS 22FEATURES 23HACKS 24SITE CONFIGURATION 25USING UUCP MAILERS 26TWEAKING RULESETS 27MASQUERADING AND RELAYING 28USING LDAP FOR ALIASES, MAPS, AND CLASSES 29LDAP ROUTING 30ANTI-SPAM CONFIGURATION CONTROL 31STARTTLS 32SMTP AUTHENTICATION 33ADDING NEW MAILERS OR RULESETS 34ADDING NEW MAIL FILTERS 35QUEUE GROUP DEFINITIONS 36NON-SMTP BASED CONFIGURATIONS 37WHO AM I? 38ACCEPTING MAIL FOR MULTIPLE NAMES 39USING MAILERTABLES 40USING USERDB TO MAP FULL NAMES 41MISCELLANEOUS SPECIAL FEATURES 42SECURITY NOTES 43TWEAKING CONFIGURATION OPTIONS 44MESSAGE SUBMISSION PROGRAM 45FORMAT OF FILES AND MAPS 46DIRECTORY LAYOUT 47ADMINISTRATIVE DETAILS 48 49 50+--------------------------+ 51| INTRODUCTION AND EXAMPLE | 52+--------------------------+ 53 54Configuration files are contained in the subdirectory "cf", with a 55suffix ".mc". They must be run through "m4" to produce a ".cf" file. 56You must pre-load "cf.m4": 57 58 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 59 60Alternatively, you can simply: 61 62 cd ${CFDIR}/cf 63 ./Build config.cf 64 65where ${CFDIR} is the root of the cf directory and config.mc is the 66name of your configuration file. If you are running a version of M4 67that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 68this, but the versions distributed with 4.4BSD and derivatives do not) 69or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 70For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 71use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 72 73 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 74 75Let's examine a typical .mc file: 76 77 divert(-1) 78 # 79 # Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. 80 # All rights reserved. 81 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 82 # Copyright (c) 1988, 1993 83 # The Regents of the University of California. All rights reserved. 84 # 85 # By using this file, you agree to the terms and conditions set 86 # forth in the LICENSE file which can be found at the top level of 87 # the sendmail distribution. 88 # 89 90 # 91 # This is a Berkeley-specific configuration file for HP-UX 9.x. 92 # It applies only to the Computer Science Division at Berkeley, 93 # and should not be used elsewhere. It is provided on the sendmail 94 # distribution as a sample only. To create your own configuration 95 # file, create an appropriate domain file in ../domain, change the 96 # `DOMAIN' macro below to reference that file, and copy the result 97 # to a name of your own choosing. 98 # 99 divert(0) 100 101The divert(-1) will delete the crud in the resulting output file. 102The copyright notice can be replaced by whatever your lawyers require; 103our lawyers require the one that is included in these files. A copyleft 104is a copyright by another name. The divert(0) restores regular output. 105 106 VERSIONID(`<SCCS or RCS version id>') 107 108VERSIONID is a macro that stuffs the version information into the 109resulting file. You could use SCCS, RCS, CVS, something else, or 110omit it completely. This is not the same as the version id included 111in SMTP greeting messages -- this is defined in m4/version.m4. 112 113 OSTYPE(`hpux9')dnl 114 115You must specify an OSTYPE to properly configure things such as the 116pathname of the help and status files, the flags needed for the local 117mailer, and other important things. If you omit it, you will get an 118error when you try to build the configuration. Look at the ostype 119directory for the list of known operating system types. 120 121 DOMAIN(`CS.Berkeley.EDU')dnl 122 123This example is specific to the Computer Science Division at Berkeley. 124You can use "DOMAIN(`generic')" to get a sufficiently bland definition 125that may well work for you, or you can create a customized domain 126definition appropriate for your environment. 127 128 MAILER(`local') 129 MAILER(`smtp') 130 131These describe the mailers used at the default CS site. The local 132mailer is always included automatically. Beware: MAILER declarations 133should always be at the end of the configuration file. The general 134rules are that the order should be: 135 136 VERSIONID 137 OSTYPE 138 DOMAIN 139 FEATURE 140 local macro definitions 141 MAILER 142 LOCAL_CONFIG 143 LOCAL_RULE_* 144 LOCAL_RULESETS 145 146There are a few exceptions to this rule. Local macro definitions which 147influence a FEATURE() should be done before that feature. For example, 148a define(`PROCMAIL_MAILER_PATH', ...) should be done before 149FEATURE(`local_procmail'). 150 151******************************************************************* 152*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 153*** Berkeley-specific assumptions built in, such as the name *** 154*** of their UUCP-relay. You'll want to create your own *** 155*** domain description, and use that in place of *** 156*** domain/Berkeley.EDU.m4. *** 157******************************************************************* 158 159 160+----------------------------+ 161| A BRIEF INTRODUCTION TO M4 | 162+----------------------------+ 163 164Sendmail uses the M4 macro processor to ``compile'' the configuration 165files. The most important thing to know is that M4 is stream-based, 166that is, it doesn't understand about lines. For this reason, in some 167places you may see the word ``dnl'', which stands for ``delete 168through newline''; essentially, it deletes all characters starting 169at the ``dnl'' up to and including the next newline character. In 170most cases sendmail uses this only to avoid lots of unnecessary 171blank lines in the output. 172 173Other important directives are define(A, B) which defines the macro 174``A'' to have value ``B''. Macros are expanded as they are read, so 175one normally quotes both values to prevent expansion. For example, 176 177 define(`SMART_HOST', `smart.foo.com') 178 179One word of warning: M4 macros are expanded even in lines that appear 180to be comments. For example, if you have 181 182 # See FEATURE(`foo') above 183 184it will not do what you expect, because the FEATURE(`foo') will be 185expanded. This also applies to 186 187 # And then define the $X macro to be the return address 188 189because ``define'' is an M4 keyword. If you want to use them, surround 190them with directed quotes, `like this'. 191 192 193Notice: 194------- 195 196This package requires a post-V7 version of m4; if you are running the 1974.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or 198BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works. 199Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a 200Net/2 or GNU version. GNU m4 is available from 201ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version). 202EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU 203m4 on this platform. 204 205 206+----------------+ 207| FILE LOCATIONS | 208+----------------+ 209 210sendmail 8.9 has introduced a new configuration directory for sendmail 211related files, /etc/mail. The new files available for sendmail 8.9 -- 212the class {R} /etc/mail/relay-domains and the access database 213/etc/mail/access -- take advantage of this new directory. Beginning with 2148.10, all files will use this directory by default (some options may be 215set by OSTYPE() files). This new directory should help to restore 216uniformity to sendmail's file locations. 217 218Below is a table of some of the common changes: 219 220Old filename New filename 221------------ ------------ 222/etc/bitdomain /etc/mail/bitdomain 223/etc/domaintable /etc/mail/domaintable 224/etc/genericstable /etc/mail/genericstable 225/etc/uudomain /etc/mail/uudomain 226/etc/virtusertable /etc/mail/virtusertable 227/etc/userdb /etc/mail/userdb 228 229/etc/aliases /etc/mail/aliases 230/etc/sendmail/aliases /etc/mail/aliases 231/etc/ucbmail/aliases /etc/mail/aliases 232/usr/adm/sendmail/aliases /etc/mail/aliases 233/usr/lib/aliases /etc/mail/aliases 234/usr/lib/mail/aliases /etc/mail/aliases 235/usr/ucblib/aliases /etc/mail/aliases 236 237/etc/sendmail.cw /etc/mail/local-host-names 238/etc/mail/sendmail.cw /etc/mail/local-host-names 239/etc/sendmail/sendmail.cw /etc/mail/local-host-names 240 241/etc/sendmail.ct /etc/mail/trusted-users 242 243/etc/sendmail.oE /etc/mail/error-header 244 245/etc/sendmail.hf /etc/mail/helpfile 246/etc/mail/sendmail.hf /etc/mail/helpfile 247/usr/ucblib/sendmail.hf /etc/mail/helpfile 248/etc/ucbmail/sendmail.hf /etc/mail/helpfile 249/usr/lib/sendmail.hf /etc/mail/helpfile 250/usr/share/lib/sendmail.hf /etc/mail/helpfile 251/usr/share/misc/sendmail.hf /etc/mail/helpfile 252/share/misc/sendmail.hf /etc/mail/helpfile 253 254/etc/service.switch /etc/mail/service.switch 255 256/etc/sendmail.st /etc/mail/statistics 257/etc/mail/sendmail.st /etc/mail/statistics 258/etc/mailer/sendmail.st /etc/mail/statistics 259/etc/sendmail/sendmail.st /etc/mail/statistics 260/usr/lib/sendmail.st /etc/mail/statistics 261/usr/ucblib/sendmail.st /etc/mail/statistics 262 263Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR 264to create the pathnames. The default value of this variable is 265`/etc/mail/'. If you set this macro to a different value, you MUST include 266a trailing slash. 267 268Notice: all filenames used in a .mc (or .cf) file should be absolute 269(starting at the root, i.e., with '/'). Relative filenames most 270likely cause surprises during operations (unless otherwise noted). 271 272 273+--------+ 274| OSTYPE | 275+--------+ 276 277You MUST define an operating system environment, or the configuration 278file build will puke. There are several environments available; look 279at the "ostype" directory for the current list. This macro changes 280things like the location of the alias file and queue directory. Some 281of these files are identical to one another. 282 283It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 284In general, the OSTYPE macro should go immediately after any version 285information, and MAILER definitions should always go last. 286 287Operating system definitions are usually easy to write. They may define 288the following variables (everything defaults, so an ostype file may be 289empty). Unfortunately, the list of configuration-supported systems is 290not as broad as the list of source-supported systems, since many of 291the source contributors do not include corresponding ostype files. 292 293ALIAS_FILE [/etc/mail/aliases] The location of the text version 294 of the alias file(s). It can be a comma-separated 295 list of names (but be sure you quote values with 296 commas in them -- for example, use 297 define(`ALIAS_FILE', `a,b') 298 to get "a" and "b" both listed as alias files; 299 otherwise the define() primitive only sees "a"). 300HELP_FILE [/etc/mail/helpfile] The name of the file 301 containing information printed in response to 302 the SMTP HELP command. 303QUEUE_DIR [/var/spool/mqueue] The directory containing 304 queue files. To use multiple queues, supply 305 a value ending with an asterisk. For 306 example, /var/spool/mqueue/qd* will use all of the 307 directories or symbolic links to directories 308 beginning with 'qd' in /var/spool/mqueue as queue 309 directories. The names 'qf', 'df', and 'xf' are 310 reserved as specific subdirectories for the 311 corresponding queue file types as explained in 312 doc/op/op.me. See also QUEUE GROUP DEFINITIONS. 313MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing 314 queue files for the MSP (Mail Submission Program, 315 see sendmail/SECURITY). 316STATUS_FILE [/etc/mail/statistics] The file containing status 317 information. 318LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 319LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The 320 flags lsDFMAw5:/|@q are always included. 321LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 322 mail. 323LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 324 mail that you are willing to accept. 325LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of 326 messages to deliver in a single connection. Only 327 useful for LMTP local mailers. 328LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 329 that ARRIVE from an address that resolves to the 330 local mailer and which are converted to MIME will be 331 labeled with this character set. 332LOCAL_MAILER_EOL [undefined] If defined, the string to use as the 333 end of line for the local mailer. 334LOCAL_MAILER_DSN_DIAGNOSTIC_CODE 335 [X-Unix] The DSN Diagnostic-Code value for the 336 local mailer. This should be changed with care. 337LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 338LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 339 flags lsDFM are always included. 340LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 341 mail. 342LOCAL_SHELL_DIR [$z:/] The directory search path in which the 343 shell should run. 344LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer. 345USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 346 used to submit news. 347USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer. 348USENET_MAILER_ARGS [-m -h -n] The command line arguments for the 349 usenet mailer. NOTE: Some versions of inews 350 (such as those shipped with newer versions of INN) 351 use different flags. Double check the defaults 352 against the inews man page. 353USENET_MAILER_MAX [100000] The maximum size of messages that will 354 be accepted by the usenet mailer. 355USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer. 356SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 357 flags are `mDFMuX' for all SMTP-based mailers; the 358 "esmtp" mailer adds `a'; "smtp8" adds `8'; and 359 "dsmtp" adds `%'. 360RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default 361 flags are `mDFMuX' for all SMTP-based mailers; the 362 relay mailer adds `a8'. If this is not defined, 363 then SMTP_MAILER_FLAGS is used. 364SMTP_MAILER_MAX [undefined] The maximum size of messages that will 365 be transported using the smtp, smtp8, esmtp, or dsmtp 366 mailers. 367SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of 368 messages to deliver in a single connection for the 369 smtp, smtp8, esmtp, or dsmtp mailers. 370SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. 371 About the only reason you would want to change this 372 would be to change the default port. 373ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. 374SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. 375DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. 376RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. 377SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer. 378ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer. 379SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer. 380DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer. 381RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer. 382RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of 383 messages to deliver in a single connection for the 384 relay mailer. 385SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 386 that ARRIVE from an address that resolves to one of 387 the SMTP mailers and which are converted to MIME will 388 be labeled with this character set. 389UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 390UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 391 flags are `DFMhuU' (and `m' for uucp-new mailer, 392 minus `U' for uucp-dom mailer). 393UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 394 passed to the UUCP mailer. 395UUCP_MAILER_MAX [100000] The maximum size message accepted for 396 transmission by the UUCP mailers. 397UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 398 that ARRIVE from an address that resolves to one of 399 the UUCP mailers and which are converted to MIME will 400 be labeled with this character set. 401UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers. 402FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 403 submit FAX messages. 404FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 405 mailer. 406FAX_MAILER_MAX [100000] The maximum size message accepted for 407 transmission by FAX. 408POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 409POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq 410 are always added. 411POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 412POP_MAILER_QGRP [undefined] The queue group for the pop mailer. 413PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 414 program. This is also used by 415 FEATURE(`local_procmail'). 416PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 417 DFM are always set. This is NOT used by 418 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 419 instead. 420PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 421 the Procmail mailer. This is NOT used by 422 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 423 instead. 424PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 425 will be accepted by the procmail mailer. 426PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer. 427MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 428MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 429MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 430 mailer. 431MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer. 432PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 433 program. 434PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM 435 are always set. 436PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 437PH_MAILER_QGRP [undefined] The queue group for the ph mailer. 438CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The 439 flags lsDFMnPq are always included. 440CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 441 cyrus mail. 442CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 443 to deliver cyrus mail. 444CYRUS_MAILER_MAX [undefined] If set, the maximum size message that 445 will be accepted by the cyrus mailer. 446CYRUS_MAILER_USER [cyrus:mail] The user and group to become when 447 running the cyrus mailer. 448CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer. 449CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. 450 The flags lsDFMnP are always included. 451CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 452 to deliver cyrusbb mail. 453confEBINDIR [/usr/libexec] The directory for executables. 454 Currently used for FEATURE(`local_lmtp') and 455 FEATURE(`smrsh'). 456QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer. 457QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver 458 qpage mail. 459QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed 460 to deliver qpage mail. 461QPAGE_MAILER_MAX [4096] If set, the maximum size message that 462 will be accepted by the qpage mailer. 463QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer. 464LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer. 465 466Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: 467MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of 468the macro Name_MAILER_FLAGS and change can be: flags that should 469be used directly (thus overriding the default value), or if it 470starts with `+' (`-') then those flags are added to (removed from) 471the default value. Example: 472 473 MODIFY_MAILER_FLAGS(`LOCAL', `+e') 474 475will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are 476several smtp mailers all of which are manipulated individually. 477See the section MAILERS for the available mailer names. 478WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS 479unconditionally, i.e., without respecting any definitions in an 480OSTYPE setting. 481 482 483+---------+ 484| DOMAINS | 485+---------+ 486 487You will probably want to collect domain-dependent defines into one 488file, referenced by the DOMAIN macro. For example, the Berkeley 489domain file includes definitions for several internal distinguished 490hosts: 491 492UUCP_RELAY The host that will accept UUCP-addressed email. 493 If not defined, all UUCP sites must be directly 494 connected. 495BITNET_RELAY The host that will accept BITNET-addressed email. 496 If not defined, the .BITNET pseudo-domain won't work. 497DECNET_RELAY The host that will accept DECNET-addressed email. 498 If not defined, the .DECNET pseudo-domain and addresses 499 of the form node::user will not work. 500FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 501 The "fax" mailer overrides this value. 502LOCAL_RELAY The site that will handle unqualified names -- that 503 is, names without an @domain extension. 504 Normally MAIL_HUB is preferred for this function. 505 LOCAL_RELAY is mostly useful in conjunction with 506 FEATURE(`stickyhost') -- see the discussion of 507 stickyhost below. If not set, they are assumed to 508 belong on this machine. This allows you to have a 509 central site to store a company- or department-wide 510 alias database. This only works at small sites, 511 and only with some user agents. 512LUSER_RELAY The site that will handle lusers -- that is, apparently 513 local names that aren't local accounts or aliases. To 514 specify a local user instead of a site, set this to 515 ``local:username''. 516 517Any of these can be either ``mailer:hostname'' (in which case the 518mailer is the internal mailer name, such as ``uucp-new'' and the hostname 519is the name of the host as appropriate for that mailer) or just a 520``hostname'', in which case a default mailer type (usually ``relay'', 521a variant on SMTP) is used. WARNING: if you have a wildcard MX 522record matching your domain, you probably want to define these to 523have a trailing dot so that you won't get the mail diverted back 524to yourself. 525 526The domain file can also be used to define a domain name, if needed 527(using "DD<domain>") and set certain site-wide features. If all hosts 528at your site masquerade behind one email name, you could also use 529MASQUERADE_AS here. 530 531You do not have to define a domain -- in particular, if you are a 532single machine sitting off somewhere, it is probably more work than 533it's worth. This is just a mechanism for combining "domain dependent 534knowledge" into one place. 535 536 537+---------+ 538| MAILERS | 539+---------+ 540 541There are fewer mailers supported in this version than the previous 542version, owing mostly to a simpler world. As a general rule, put the 543MAILER definitions last in your .mc file. 544 545local The local and prog mailers. You will almost always 546 need these; the only exception is if you relay ALL 547 your mail to another site. This mailer is included 548 automatically. 549 550smtp The Simple Mail Transport Protocol mailer. This does 551 not hide hosts behind a gateway or another other 552 such hack; it assumes a world where everyone is 553 running the name server. This file actually defines 554 five mailers: "smtp" for regular (old-style) SMTP to 555 other servers, "esmtp" for extended SMTP to other 556 servers, "smtp8" to do SMTP to other servers without 557 converting 8-bit data to MIME (essentially, this is 558 your statement that you know the other end is 8-bit 559 clean even if it doesn't say so), "dsmtp" to do on 560 demand delivery, and "relay" for transmission to the 561 RELAY_HOST, LUSER_RELAY, or MAIL_HUB. 562 563uucp The UNIX-to-UNIX Copy Program mailer. Actually, this 564 defines two mailers, "uucp-old" (a.k.a. "uucp") and 565 "uucp-new" (a.k.a. "suucp"). The latter is for when you 566 know that the UUCP mailer at the other end can handle 567 multiple recipients in one transfer. If the smtp mailer 568 is included in your configuration, two other mailers 569 ("uucp-dom" and "uucp-uudom") are also defined [warning: you 570 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you 571 include the uucp mailer, sendmail looks for all names in 572 class {U} and sends them to the uucp-old mailer; all 573 names in class {Y} are sent to uucp-new; and all 574 names in class {Z} are sent to uucp-uudom. Note that 575 this is a function of what version of rmail runs on 576 the receiving end, and hence may be out of your control. 577 See the section below describing UUCP mailers in more 578 detail. 579 580usenet Usenet (network news) delivery. If this is specified, 581 an extra rule is added to ruleset 0 that forwards all 582 local email for users named ``group.usenet'' to the 583 ``inews'' program. Note that this works for all groups, 584 and may be considered a security problem. 585 586fax Facsimile transmission. This is experimental and based 587 on Sam Leffler's HylaFAX software. For more information, 588 see http://www.hylafax.org/. 589 590pop Post Office Protocol. 591 592procmail An interface to procmail (does not come with sendmail). 593 This is designed to be used in mailertables. For example, 594 a common question is "how do I forward all mail for a given 595 domain to a single person?". If you have this mailer 596 defined, you could set up a mailertable reading: 597 598 host.com procmail:/etc/procmailrcs/host.com 599 600 with the file /etc/procmailrcs/host.com reading: 601 602 :0 # forward mail for host.com 603 ! -oi -f $1 person@other.host 604 605 This would arrange for (anything)@host.com to be sent 606 to person@other.host. Within the procmail script, $1 is 607 the name of the sender and $2 is the name of the recipient. 608 If you use this with FEATURE(`local_procmail'), the FEATURE 609 should be listed first. 610 611 Of course there are other ways to solve this particular 612 problem, e.g., a catch-all entry in a virtusertable. 613 614mail11 The DECnet mail11 mailer, useful only if you have the mail11 615 program from gatekeeper.dec.com:/pub/DEC/gwtools (and 616 DECnet, of course). This is for Phase IV DECnet support; 617 if you have Phase V at your site you may have additional 618 problems. 619 620phquery The phquery program. This is somewhat counterintuitively 621 referenced as the "ph" mailer internally. It can be used 622 to do CCSO name server lookups. The phquery program, which 623 this mailer uses, is distributed with the ph client. 624 625cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 626 a local cyrus user. this mailer can make use of the 627 "user+detail@local.host" syntax (see 628 FEATURE(`preserve_local_plus_detail')); it will deliver the 629 mail to the user's "detail" mailbox if the mailbox's ACL 630 permits. The cyrusbb mailer delivers to a system-wide 631 cyrus mailbox if the mailbox's ACL permits. The cyrus 632 mailer must be defined after the local mailer. 633 634qpage A mailer for QuickPage, a pager interface. See 635 http://www.qpage.org/ for further information. 636 637The local mailer accepts addresses of the form "user+detail", where 638the "+detail" is not used for mailbox matching but is available 639to certain local mail programs (in particular, see 640FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 641"eric+sww" all indicate the same user, but additional arguments <null>, 642"sendmail", and "sww" may be provided for use in sorting mail. 643 644 645+----------+ 646| FEATURES | 647+----------+ 648 649Special features can be requested using the "FEATURE" macro. For 650example, the .mc line: 651 652 FEATURE(`use_cw_file') 653 654tells sendmail that you want to have it read an /etc/mail/local-host-names 655file to get values for class {w}. A FEATURE may contain up to 9 656optional parameters -- for example: 657 658 FEATURE(`mailertable', `dbm /usr/lib/mailertable') 659 660The default database map type for the table features can be set with 661 662 define(`DATABASE_MAP_TYPE', `dbm') 663 664which would set it to use ndbm databases. The default is the Berkeley DB 665hash database format. Note that you must still declare a database map type 666if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 667if no argument is given for the FEATURE. It must be specified before any 668feature that uses a map. 669 670Also, features which can take a map definition as an argument can also take 671the special keyword `LDAP'. If that keyword is used, the map will use the 672LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND 673CLASSES'' section below. 674 675Available features are: 676 677use_cw_file Read the file /etc/mail/local-host-names file to get 678 alternate names for this host. This might be used if you 679 were on a host that MXed for a dynamic set of other hosts. 680 If the set is static, just including the line "Cw<name1> 681 <name2> ..." (where the names are fully qualified domain 682 names) is probably superior. The actual filename can be 683 overridden by redefining confCW_FILE. 684 685use_ct_file Read the file /etc/mail/trusted-users file to get the 686 names of users that will be ``trusted'', that is, able to 687 set their envelope from address using -f without generating 688 a warning message. The actual filename can be overridden 689 by redefining confCT_FILE. 690 691redirect Reject all mail addressed to "address.REDIRECT" with 692 a ``551 User has moved; please try <address>'' message. 693 If this is set, you can alias people who have left 694 to their new address with ".REDIRECT" appended. 695 696nouucp Don't route UUCP addresses. This feature takes one 697 parameter: 698 `reject': reject addresses which have "!" in the local 699 part unless it originates from a system 700 that is allowed to relay. 701 `nospecial': don't do anything special with "!". 702 Warnings: 1. See the notice in the anti-spam section. 703 2. don't remove "!" from OperatorChars if `reject' is 704 given as parameter. 705 706nocanonify Don't pass addresses to $[ ... $] for canonification 707 by default, i.e., host/domain names are considered canonical, 708 except for unqualified names, which must not be used in this 709 mode (violation of the standard). It can be changed by 710 setting the DaemonPortOptions modifiers (M=). That is, 711 FEATURE(`nocanonify') will be overridden by setting the 712 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, 713 it can be emulated by setting the 'C' flag 714 (DaemonPortOptions=Modifiers=C). This would generally only 715 be used by sites that only act as mail gateways or which have 716 user agents that do full canonification themselves. You may 717 also want to use 718 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off 719 the usual resolver options that do a similar thing. 720 721 An exception list for FEATURE(`nocanonify') can be 722 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 723 i.e., a list of domains which are nevertheless passed to 724 $[ ... $] for canonification. This is useful to turn on 725 canonification for local domains, e.g., use 726 CANONIFY_DOMAIN(`my.domain my') to canonify addresses 727 which end in "my.domain" or "my". 728 Another way to require canonification in the local 729 domain is CANONIFY_DOMAIN(`$=m'). 730 731 A trailing dot is added to addresses with more than 732 one component in it such that other features which 733 expect a trailing dot (e.g., virtusertable) will 734 still work. 735 736 If `canonify_hosts' is specified as parameter, i.e., 737 FEATURE(`nocanonify', `canonify_hosts'), then 738 addresses which have only a hostname, e.g., 739 <user@host>, will be canonified (and hopefully fully 740 qualified), too. 741 742stickyhost This feature is sometimes used with LOCAL_RELAY, 743 although it can be used for a different effect with 744 MAIL_HUB. 745 746 When used without MAIL_HUB, email sent to 747 "user@local.host" are marked as "sticky" -- that 748 is, the local addresses aren't matched against UDB, 749 don't go through ruleset 5, and are not forwarded to 750 the LOCAL_RELAY (if defined). 751 752 With MAIL_HUB, mail addressed to "user@local.host" 753 is forwarded to the mail hub, with the envelope 754 address still remaining "user@local.host". 755 Without stickyhost, the envelope would be changed 756 to "user@mail_hub", in order to protect against 757 mailing loops. 758 759mailertable Include a "mailer table" which can be used to override 760 routing for particular domains (which are not in class {w}, 761 i.e. local host names). The argument of the FEATURE may be 762 the key definition. If none is specified, the definition 763 used is: 764 765 hash /etc/mail/mailertable 766 767 Keys in this database are fully qualified domain names 768 or partial domains preceded by a dot -- for example, 769 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a 770 special case of the latter, "." matches any domain not 771 covered by other keys. Values must be of the form: 772 mailer:domain 773 where "mailer" is the internal mailer name, and "domain" 774 is where to send the message. These maps are not 775 reflected into the message header. As a special case, 776 the forms: 777 local:user 778 will forward to the indicated user using the local mailer, 779 local: 780 will forward to the original user in the e-mail address 781 using the local mailer, and 782 error:code message 783 error:D.S.N:code message 784 will give an error message with the indicated SMTP reply 785 code and message, where D.S.N is an RFC 1893 compliant 786 error code. 787 788domaintable Include a "domain table" which can be used to provide 789 domain name mapping. Use of this should really be 790 limited to your own domains. It may be useful if you 791 change names (e.g., your company changes names from 792 oldname.com to newname.com). The argument of the 793 FEATURE may be the key definition. If none is specified, 794 the definition used is: 795 796 hash /etc/mail/domaintable 797 798 The key in this table is the domain name; the value is 799 the new (fully qualified) domain. Anything in the 800 domaintable is reflected into headers; that is, this 801 is done in ruleset 3. 802 803bitdomain Look up bitnet hosts in a table to try to turn them into 804 internet addresses. The table can be built using the 805 bitdomain program contributed by John Gardiner Myers. 806 The argument of the FEATURE may be the key definition; if 807 none is specified, the definition used is: 808 809 hash /etc/mail/bitdomain 810 811 Keys are the bitnet hostname; values are the corresponding 812 internet hostname. 813 814uucpdomain Similar feature for UUCP hosts. The default map definition 815 is: 816 817 hash /etc/mail/uudomain 818 819 At the moment there is no automagic tool to build this 820 database. 821 822always_add_domain 823 Include the local host domain even on locally delivered 824 mail. Normally it is not added on unqualified names. 825 However, if you use a shared message store but do not use 826 the same user name space everywhere, you may need the host 827 name on local names. An optional argument specifies 828 another domain to be added than the local. 829 830allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 831 feature will cause recipient addresses to also masquerade 832 as being from the masquerade host. Normally they get 833 the local hostname. Although this may be right for 834 ordinary users, it can break local aliases. For example, 835 if you send to "localalias", the originating sendmail will 836 find that alias and send to all members, but send the 837 message with "To: localalias@masqueradehost". Since that 838 alias likely does not exist, replies will fail. Use this 839 feature ONLY if you can guarantee that the ENTIRE 840 namespace on your masquerade host supersets all the 841 local entries. 842 843limited_masquerade 844 Normally, any hosts listed in class {w} are masqueraded. If 845 this feature is given, only the hosts listed in class {M} (see 846 below: MASQUERADE_DOMAIN) are masqueraded. This is useful 847 if you have several domains with disjoint namespaces hosted 848 on the same machine. 849 850masquerade_entire_domain 851 If masquerading is enabled (using MASQUERADE_AS) and 852 MASQUERADE_DOMAIN (see below) is set, this feature will 853 cause addresses to be rewritten such that the masquerading 854 domains are actually entire domains to be hidden. All 855 hosts within the masquerading domains will be rewritten 856 to the masquerade name (used in MASQUERADE_AS). For example, 857 if you have: 858 859 MASQUERADE_AS(`masq.com') 860 MASQUERADE_DOMAIN(`foo.org') 861 MASQUERADE_DOMAIN(`bar.com') 862 863 then *foo.org and *bar.com are converted to masq.com. Without 864 this feature, only foo.org and bar.com are masqueraded. 865 866 NOTE: only domains within your jurisdiction and 867 current hierarchy should be masqueraded using this. 868 869local_no_masquerade 870 This feature prevents the local mailer from masquerading even 871 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect 872 on addresses of mail going outside the local domain. 873 874genericstable This feature will cause unqualified addresses (i.e., without 875 a domain) and addresses with a domain listed in class {G} 876 to be looked up in a map and turned into another ("generic") 877 form, which can change both the domain name and the user name. 878 Notice: if you use an MSP (as it is default starting with 879 8.12), the MTA will only receive qualified addresses from the 880 MSP (as required by the RFCs). Hence you need to add your 881 domain to class {G}. This feature is similar to the userdb 882 functionality. The same types of addresses as for 883 masquerading are looked up, i.e., only header sender 884 addresses unless the allmasquerade and/or masquerade_envelope 885 features are given. Qualified addresses must have the domain 886 part in class {G}; entries can be added to this class by the 887 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously 888 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 889 890 The argument of FEATURE(`genericstable') may be the map 891 definition; the default map definition is: 892 893 hash /etc/mail/genericstable 894 895 The key for this table is either the full address, the domain 896 (with a leading @; the localpart is passed as first argument) 897 or the unqualified username (tried in the order mentioned); 898 the value is the new user address. If the new user address 899 does not include a domain, it will be qualified in the standard 900 manner, i.e., using $j or the masquerade name. Note that the 901 address being looked up must be fully qualified. For local 902 mail, it is necessary to use FEATURE(`always_add_domain') 903 for the addresses to be qualified. 904 The "+detail" of an address is passed as %1, so entries like 905 906 old+*@foo.org new+%1@example.com 907 gen+*@foo.org %1@example.com 908 909 and other forms are possible. 910 911generics_entire_domain 912 If the genericstable is enabled and GENERICS_DOMAIN or 913 GENERICS_DOMAIN_FILE is used, this feature will cause 914 addresses to be searched in the map if their domain 915 parts are subdomains of elements in class {G}. 916 917virtusertable A domain-specific form of aliasing, allowing multiple 918 virtual domains to be hosted on one machine. For example, 919 if the virtuser table contained: 920 921 info@foo.com foo-info 922 info@bar.com bar-info 923 joe@bar.com error:nouser 550 No such user here 924 jax@bar.com error:5.7.0:550 Address invalid 925 @baz.org jane@example.net 926 927 then mail addressed to info@foo.com will be sent to the 928 address foo-info, mail addressed to info@bar.com will be 929 delivered to bar-info, and mail addressed to anyone at baz.org 930 will be sent to jane@example.net, mail to joe@bar.com will 931 be rejected with the specified error message, and mail to 932 jax@bar.com will also have a RFC 1893 compliant error code 933 5.7.0. 934 935 The username from the original address is passed 936 as %1 allowing: 937 938 @foo.org %1@example.com 939 940 meaning someone@foo.org will be sent to someone@example.com. 941 Additionally, if the local part consists of "user+detail" 942 then "detail" is passed as %2 and "+detail" is passed as %3 943 when a match against user+* is attempted, so entries like 944 945 old+*@foo.org new+%2@example.com 946 gen+*@foo.org %2@example.com 947 +*@foo.org %1%3@example.com 948 X++@foo.org Z%3@example.com 949 @bar.org %1%3 950 951 and other forms are possible. Note: to preserve "+detail" 952 for a default case (@domain) %1%3 must be used as RHS. 953 There are two wildcards after "+": "+" matches only a non-empty 954 detail, "*" matches also empty details, e.g., user+@foo.org 955 matches +*@foo.org but not ++@foo.org. This can be used 956 to ensure that the parameters %2 and %3 are not empty. 957 958 All the host names on the left hand side (foo.com, bar.com, 959 and baz.org) must be in class {w} or class {VirtHost}. The 960 latter can be defined by the macros VIRTUSER_DOMAIN or 961 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 962 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or 963 VIRTUSER_DOMAIN_FILE is used, then the entries of class 964 {VirtHost} are added to class {R}, i.e., relaying is allowed 965 to (and from) those domains. The default map definition is: 966 967 hash /etc/mail/virtusertable 968 969 A new definition can be specified as the second argument of 970 the FEATURE macro, such as 971 972 FEATURE(`virtusertable', `dbm /etc/mail/virtusers') 973 974virtuser_entire_domain 975 If the virtusertable is enabled and VIRTUSER_DOMAIN or 976 VIRTUSER_DOMAIN_FILE is used, this feature will cause 977 addresses to be searched in the map if their domain 978 parts are subdomains of elements in class {VirtHost}. 979 980ldap_routing Implement LDAP-based e-mail recipient routing according to 981 the Internet Draft draft-lachman-laser-ldap-mail-routing-01. 982 This provides a method to re-route addresses with a 983 domain portion in class {LDAPRoute} to either a 984 different mail host or a different address. Hosts can 985 be added to this class using LDAPROUTE_DOMAIN and 986 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 987 MASQUERADE_DOMAIN_FILE, see below). 988 989 See the LDAP ROUTING section below for more information. 990 991nodns If you aren't running DNS at your site (for example, 992 you are UUCP-only connected). It's hard to consider 993 this a "feature", but hey, it had to go somewhere. 994 Actually, as of 8.7 this is a no-op -- remove "dns" from 995 the hosts service switch entry instead. 996 997nullclient This is a special case -- it creates a configuration file 998 containing nothing but support for forwarding all mail to a 999 central hub via a local SMTP-based network. The argument 1000 is the name of that hub. 1001 1002 The only other feature that should be used in conjunction 1003 with this one is FEATURE(`nocanonify'). No mailers 1004 should be defined. No aliasing or forwarding is done. 1005 1006local_lmtp Use an LMTP capable local mailer. The argument to this 1007 feature is the pathname of an LMTP capable mailer. By 1008 default, mail.local is used. This is expected to be the 1009 mail.local which came with the 8.9 distribution which is 1010 LMTP capable. The path to mail.local is set by the 1011 confEBINDIR m4 variable -- making the default 1012 LOCAL_MAILER_PATH /usr/libexec/mail.local. 1013 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1014 i.e., without respecting any definitions in an OSTYPE setting. 1015 1016local_procmail Use procmail or another delivery agent as the local mailer. 1017 The argument to this feature is the pathname of the 1018 delivery agent, which defaults to PROCMAIL_MAILER_PATH. 1019 Note that this does NOT use PROCMAIL_MAILER_FLAGS or 1020 PROCMAIL_MAILER_ARGS for the local mailer; tweak 1021 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or 1022 specify the appropriate parameters. When procmail is used, 1023 the local mailer can make use of the 1024 "user+indicator@local.host" syntax; normally the +indicator 1025 is just tossed, but by default it is passed as the -a 1026 argument to procmail. 1027 1028 This feature can take up to three arguments: 1029 1030 1. Path to the mailer program 1031 [default: /usr/local/bin/procmail] 1032 2. Argument vector including name of the program 1033 [default: procmail -Y -a $h -d $u] 1034 3. Flags for the mailer [default: SPfhn9] 1035 1036 Empty arguments cause the defaults to be taken. 1037 1038 For example, this allows it to use the maildrop 1039 (http://www.flounder.net/~mrsam/maildrop/) mailer instead 1040 by specifying: 1041 1042 FEATURE(`local_procmail', `/usr/local/bin/maildrop', 1043 `maildrop -d $u') 1044 1045 or scanmails using: 1046 1047 FEATURE(`local_procmail', `/usr/local/bin/scanmails') 1048 1049 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1050 i.e., without respecting any definitions in an OSTYPE setting. 1051 1052bestmx_is_local Accept mail as though locally addressed for any host that 1053 lists us as the best possible MX record. This generates 1054 additional DNS traffic, but should be OK for low to 1055 medium traffic hosts. The argument may be a set of 1056 domains, which will limit the feature to only apply to 1057 these domains -- this will reduce unnecessary DNS 1058 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 1059 WILDCARD MX RECORDS!!! If you have a wildcard MX record 1060 that matches your domain, you cannot use this feature. 1061 1062smrsh Use the SendMail Restricted SHell (smrsh) provided 1063 with the distribution instead of /bin/sh for mailing 1064 to programs. This improves the ability of the local 1065 system administrator to control what gets run via 1066 e-mail. If an argument is provided it is used as the 1067 pathname to smrsh; otherwise, the path defined by 1068 confEBINDIR is used for the smrsh binary -- by default, 1069 /usr/libexec/smrsh is assumed. 1070 1071promiscuous_relay 1072 By default, the sendmail configuration files do not permit 1073 mail relaying (that is, accepting mail from outside your 1074 local host (class {w}) and sending it to another host than 1075 your local host). This option sets your site to allow 1076 mail relaying from any site to any site. In almost all 1077 cases, it is better to control relaying more carefully 1078 with the access map, class {R}, or authentication. Domains 1079 can be added to class {R} by the macros RELAY_DOMAIN or 1080 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1081 MASQUERADE_DOMAIN_FILE, see below). 1082 1083relay_entire_domain 1084 By default, only hosts listed as RELAY in the access db 1085 will be allowed to relay. This option also allows any 1086 host in your domain as defined by class {m}. 1087 1088relay_hosts_only 1089 By default, names that are listed as RELAY in the access 1090 db and class {R} are domain names, not host names. 1091 For example, if you specify ``foo.com'', then mail to or 1092 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 1093 will all be accepted for relaying. This feature changes 1094 the behaviour to lookup individual host names only. 1095 1096relay_based_on_MX 1097 Turns on the ability to allow relaying based on the MX 1098 records of the host portion of an incoming recipient; that 1099 is, if an MX record for host foo.com points to your site, 1100 you will accept and relay mail addressed to foo.com. See 1101 description below for more information before using this 1102 feature. Also, see the KNOWNBUGS entry regarding bestmx 1103 map lookups. 1104 1105 FEATURE(`relay_based_on_MX') does not necessarily allow 1106 routing of these messages which you expect to be allowed, 1107 if route address syntax (or %-hack syntax) is used. If 1108 this is a problem, add entries to the access-table or use 1109 FEATURE(`loose_relay_check'). 1110 1111relay_mail_from 1112 Allows relaying if the mail sender is listed as RELAY in 1113 the access map. If an optional argument `domain' is given, 1114 relaying can be allowed just based on the domain portion 1115 of the sender address. This feature should only be used if 1116 absolutely necessary as the sender address can be easily 1117 forged. Use of this feature requires the "From:" tag be 1118 prepended to the key in the access map; see the discussion 1119 of tags and FEATURE(`relay_mail_from') in the section on 1120 anti-spam configuration control. 1121 1122relay_local_from 1123 Allows relaying if the domain portion of the mail sender 1124 is a local host. This should only be used if absolutely 1125 necessary as it opens a window for spammers. Specifically, 1126 they can send mail to your mail server that claims to be 1127 from your domain (either directly or via a routed address), 1128 and you will go ahead and relay it out to arbitrary hosts 1129 on the Internet. 1130 1131accept_unqualified_senders 1132 Normally, MAIL FROM: commands in the SMTP session will be 1133 refused if the connection is a network connection and the 1134 sender address does not include a domain name. If your 1135 setup sends local mail unqualified (i.e., MAIL FROM: <joe>), 1136 you will need to use this feature to accept unqualified 1137 sender addresses. Setting the DaemonPortOptions modifier 1138 'u' overrides the default behavior, i.e., unqualified 1139 addresses are accepted even without this FEATURE. 1140 If this FEATURE is not used, the DaemonPortOptions modifier 1141 'f' can be used to enforce fully qualified addresses. 1142 1143accept_unresolvable_domains 1144 Normally, MAIL FROM: commands in the SMTP session will be 1145 refused if the host part of the argument to MAIL FROM: 1146 cannot be located in the host name service (e.g., an A or 1147 MX record in DNS). If you are inside a firewall that has 1148 only a limited view of the Internet host name space, this 1149 could cause problems. In this case you probably want to 1150 use this feature to accept all domains on input, even if 1151 they are unresolvable. 1152 1153access_db Turns on the access database feature. The access db gives 1154 you the ability to allow or refuse to accept mail from 1155 specified domains for administrative reasons. Moreover, 1156 it can control the behavior of sendmail in various situations. 1157 By default, the access database specification is: 1158 1159 hash -T<TMPF> /etc/mail/access 1160 1161 See the anti-spam configuration control section for further 1162 important information about this feature. Notice: 1163 "-T<TMPF>" is meant literal, do not replace it by anything. 1164 1165blacklist_recipients 1166 Turns on the ability to block incoming mail for certain 1167 recipient usernames, hostnames, or addresses. For 1168 example, you can block incoming mail to user nobody, 1169 host foo.mydomain.com, or guest@bar.mydomain.com. 1170 These specifications are put in the access db as 1171 described in the anti-spam configuration control section 1172 later in this document. 1173 1174delay_checks The rulesets check_mail and check_relay will not be called 1175 when a client connects or issues a MAIL command, respectively. 1176 Instead, those rulesets will be called by the check_rcpt 1177 ruleset; they will be skipped under certain circumstances. 1178 See "Delay all checks" in the anti-spam configuration control 1179 section. Note: this feature is incompatible to the versions 1180 in 8.10 and 8.11. 1181 1182dnsbl Turns on rejection of hosts found in an DNS based rejection 1183 list. If an argument is provided it is used as the domain 1184 in which blocked hosts are listed; otherwise it defaults to 1185 blackholes.mail-abuse.org. An explanation for an DNS based 1186 rejection list can be found at http://mail-abuse.org/rbl/. 1187 A second argument can be used to change the default error 1188 message. Without that second argument, the error message 1189 will be 1190 Mail from IP-ADDRESS refused by blackhole site SERVER 1191 where IP-ADDRESS and SERVER are replaced by the appropriate 1192 information. By default, temporary lookup failures are 1193 ignored. This behavior can be changed by specifying a 1194 third argument, which must be either `t' or a full error 1195 message. See the anti-spam configuration control section for 1196 an example. The dnsbl feature can be included several times 1197 to query different DNS based rejection lists. See also 1198 enhdnsbl for an enhanced version. 1199 1200 NOTE: The default DNS blacklist, blackholes.mail-abuse.org, 1201 is a service offered by the Mail Abuse Prevention System 1202 (MAPS). As of July 31, 2001, MAPS is a subscription 1203 service, so using that network address won't work if you 1204 haven't subscribed. Contact MAPS to subscribe 1205 (http://mail-abuse.org/). 1206 1207enhdnsbl Enhanced version of dnsbl (see above). Further arguments 1208 (up to 5) can be used to specify specific return values 1209 from lookups. Temporary lookup failures are ignored unless 1210 a third argument is given, which must be either `t' or a full 1211 error message. By default, any successful lookup will 1212 generate an error. Otherwise the result of the lookup is 1213 compared with the supplied argument(s), and only if a match 1214 occurs an error is generated. For example, 1215 1216 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.') 1217 1218 will reject the e-mail if the lookup returns the value 1219 ``127.0.0.2.'', or generate a 451 response if the lookup 1220 temporarily failed. The arguments can contain metasymbols 1221 as they are allowed in the LHS of rules. As the example 1222 shows, the default values are also used if an empty argument, 1223 i.e., `', is specified. This feature requires that sendmail 1224 has been compiled with the flag DNSMAP (see sendmail/README). 1225 1226lookupdotdomain Look up also .domain in the access map. This allows to 1227 match only subdomains. It does not work well with 1228 FEATURE(`relay_hosts_only'), because most lookups for 1229 subdomains are suppressed by the latter feature. 1230 1231loose_relay_check 1232 Normally, if % addressing is used for a recipient, e.g. 1233 user%site@othersite, and othersite is in class {R}, the 1234 check_rcpt ruleset will strip @othersite and recheck 1235 user@site for relaying. This feature changes that 1236 behavior. It should not be needed for most installations. 1237 1238authinfo Provide a separate map for client side authentication 1239 information. See SMTP AUTHENTICATION for details. 1240 By default, the authinfo database specification is: 1241 1242 hash /etc/mail/authinfo 1243 1244preserve_luser_host 1245 Preserve the name of the recipient host if LUSER_RELAY is 1246 used. Without this option, the domain part of the 1247 recipient address will be replaced by the host specified as 1248 LUSER_RELAY. This feature only works if the hostname is 1249 passed to the mailer (see mailer triple in op.me). Note 1250 that in the default configuration the local mailer does not 1251 receive the hostname, i.e., the mailer triple has an empty 1252 hostname. 1253 1254preserve_local_plus_detail 1255 Preserve the +detail portion of the address when passing 1256 address to local delivery agent. Disables alias and 1257 .forward +detail stripping (e.g., given user+detail, only 1258 that address will be looked up in the alias file; user+* and 1259 user will not be looked up). Only use if the local 1260 delivery agent in use supports +detail addressing. 1261 1262compat_check Enable ruleset check_compat to look up pairs of addresses 1263 with the Compat: tag -- Compat:sender<@>recipient -- in the 1264 access map. Valid values for the RHS include 1265 DISCARD silently discard recipient 1266 TEMP: return a temporary error 1267 ERROR: return a permanent error 1268 In the last two cases, a 4xy/5xy SMTP reply code should 1269 follow the colon. 1270 1271no_default_msa Don't generate the default MSA daemon, i.e., 1272 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') 1273 To define a MSA daemon with other parameters, use this 1274 FEATURE and introduce new settings via DAEMON_OPTIONS(). 1275 1276msp Defines config file for Message Submission Program. 1277 See sendmail/SECURITY for details and cf/cf/submit.mc 1278 how to use it. An optional argument can be used to 1279 override the default of `localhost' to use as host to send 1280 all e-mails to. If `MSA' is specified as second argument 1281 then port 587 is used to contact the server. Example: 1282 1283 FEATURE(`msp', `', `MSA') 1284 1285 Some more hints about possible changes can be found below 1286 in the section MESSAGE SUBMISSION PROGRAM. 1287 1288queuegroup A simple example how to select a queue group based 1289 on the full e-mail address or the domain of the 1290 recipient. Selection is done via entries in the 1291 access map using the tag QGRP:, for example: 1292 1293 QGRP:example.com main 1294 QGRP:friend@some.org others 1295 QGRP:my.domain local 1296 1297 where "main", "others", and "local" are names of 1298 queue groups. If an argument is specified, it is used 1299 as default queue group. 1300 1301+-------+ 1302| HACKS | 1303+-------+ 1304 1305Some things just can't be called features. To make this clear, 1306they go in the hack subdirectory and are referenced using the HACK 1307macro. These will tend to be site-dependent. The release 1308includes the Berkeley-dependent "cssubdomain" hack (that makes 1309sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 1310this is intended as a short-term aid while moving hosts into 1311subdomains. 1312 1313 1314+--------------------+ 1315| SITE CONFIGURATION | 1316+--------------------+ 1317 1318 ***************************************************** 1319 * This section is really obsolete, and is preserved * 1320 * only for back compatibility. You should plan on * 1321 * using mailertables for new installations. In * 1322 * particular, it doesn't work for the newer forms * 1323 * of UUCP mailers, such as uucp-uudom. * 1324 ***************************************************** 1325 1326Complex sites will need more local configuration information, such as 1327lists of UUCP hosts they speak with directly. This can get a bit more 1328tricky. For an example of a "complex" site, see cf/ucbvax.mc. 1329 1330The SITECONFIG macro allows you to indirectly reference site-dependent 1331configuration information stored in the siteconfig subdirectory. For 1332example, the line 1333 1334 SITECONFIG(`uucp.ucbvax', `ucbvax', `U') 1335 1336reads the file uucp.ucbvax for local connection information. The 1337second parameter is the local name (in this case just "ucbvax" since 1338it is locally connected, and hence a UUCP hostname). The third 1339parameter is the name of both a macro to store the local name (in 1340this case, {U}) and the name of the class (e.g., {U}) in which to store 1341the host information read from the file. Another SITECONFIG line reads 1342 1343 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W') 1344 1345This says that the file uucp.ucbarpa contains the list of UUCP sites 1346connected to ucbarpa.Berkeley.EDU. Class {W} will be used to 1347store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 1348is, the name of the relay to which the hosts listed in uucp.ucbarpa 1349are connected. [The machine ucbarpa is gone now, but this 1350out-of-date configuration file has been left around to demonstrate 1351how you might do this.] 1352 1353Note that the case of SITECONFIG with a third parameter of ``U'' is 1354special; the second parameter is assumed to be the UUCP name of the 1355local site, rather than the name of a remote site, and the UUCP name 1356is entered into class {w} (the list of local hostnames) as $U.UUCP. 1357 1358The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 1359more than a sequence of SITE macros describing connectivity. For 1360example: 1361 1362 SITE(`cnmat') 1363 SITE(`sgi olympus') 1364 1365The second example demonstrates that you can use two names on the 1366same line; these are usually aliases for the same host (or are at 1367least in the same company). 1368 1369 1370+--------------------+ 1371| USING UUCP MAILERS | 1372+--------------------+ 1373 1374It's hard to get UUCP mailers right because of the extremely ad hoc 1375nature of UUCP addressing. These config files are really designed 1376for domain-based addressing, even for UUCP sites. 1377 1378There are four UUCP mailers available. The choice of which one to 1379use is partly a matter of local preferences and what is running at 1380the other end of your UUCP connection. Unlike good protocols that 1381define what will go over the wire, UUCP uses the policy that you 1382should do what is right for the other end; if they change, you have 1383to change. This makes it hard to do the right thing, and discourages 1384people from updating their software. In general, if you can avoid 1385UUCP, please do. 1386 1387The major choice is whether to go for a domainized scheme or a 1388non-domainized scheme. This depends entirely on what the other 1389end will recognize. If at all possible, you should encourage the 1390other end to go to a domain-based system -- non-domainized addresses 1391don't work entirely properly. 1392 1393The four mailers are: 1394 1395 uucp-old (obsolete name: "uucp") 1396 This is the oldest, the worst (but the closest to UUCP) way of 1397 sending messages accros UUCP connections. It does bangify 1398 everything and prepends $U (your UUCP name) to the sender's 1399 address (which can already be a bang path itself). It can 1400 only send to one address at a time, so it spends a lot of 1401 time copying duplicates of messages. Avoid this if at all 1402 possible. 1403 1404 uucp-new (obsolete name: "suucp") 1405 The same as above, except that it assumes that in one rmail 1406 command you can specify several recipients. It still has a 1407 lot of other problems. 1408 1409 uucp-dom 1410 This UUCP mailer keeps everything as domain addresses. 1411 Basically, it uses the SMTP mailer rewriting rules. This mailer 1412 is only included if MAILER(`smtp') is specified before 1413 MAILER(`uucp'). 1414 1415 Unfortunately, a lot of UUCP mailer transport agents require 1416 bangified addresses in the envelope, although you can use 1417 domain-based addresses in the message header. (The envelope 1418 shows up as the From_ line on UNIX mail.) So.... 1419 1420 uucp-uudom 1421 This is a cross between uucp-new (for the envelope addresses) 1422 and uucp-dom (for the header addresses). It bangifies the 1423 envelope sender (From_ line in messages) without adding the 1424 local hostname, unless there is no host name on the address 1425 at all (e.g., "wolf") or the host component is a UUCP host name 1426 instead of a domain name ("somehost!wolf" instead of 1427 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') 1428 is also specified earlier. 1429 1430Examples: 1431 1432On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following 1433summarizes the sender rewriting for various mailers. 1434 1435Mailer sender rewriting in the envelope 1436------ ------ ------------------------- 1437uucp-{old,new} wolf grasp!wolf 1438uucp-dom wolf wolf@grasp.insa-lyon.fr 1439uucp-uudom wolf grasp.insa-lyon.fr!wolf 1440 1441uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 1442uucp-dom wolf@fr.net wolf@fr.net 1443uucp-uudom wolf@fr.net fr.net!wolf 1444 1445uucp-{old,new} somehost!wolf grasp!somehost!wolf 1446uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1447uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1448 1449If you are using one of the domainized UUCP mailers, you really want 1450to convert all UUCP addresses to domain format -- otherwise, it will 1451do it for you (and probably not the way you expected). For example, 1452if you have the address foo!bar!baz (and you are not sending to foo), 1453the heuristics will add the @uucp.relay.name or @local.host.name to 1454this address. However, if you map foo to foo.host.name first, it 1455will not add the local hostname. You can do this using the uucpdomain 1456feature. 1457 1458 1459+-------------------+ 1460| TWEAKING RULESETS | 1461+-------------------+ 1462 1463For more complex configurations, you can define special rules. 1464The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1465the names. Any modifications made here are reflected in the header. 1466 1467A common use is to convert old UUCP addresses to SMTP addresses using 1468the UUCPSMTP macro. For example: 1469 1470 LOCAL_RULE_3 1471 UUCPSMTP(`decvax', `decvax.dec.com') 1472 UUCPSMTP(`research', `research.att.com') 1473 1474will cause addresses of the form "decvax!user" and "research!user" 1475to be converted to "user@decvax.dec.com" and "user@research.att.com" 1476respectively. 1477 1478This could also be used to look up hosts in a database map: 1479 1480 LOCAL_RULE_3 1481 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1482 1483This map would be defined in the LOCAL_CONFIG portion, as shown below. 1484 1485Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1486For example, new rules are needed to parse hostnames that you accept 1487via MX records. For example, you might have: 1488 1489 LOCAL_RULE_0 1490 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1491 1492You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1493pointing at this host; this rule catches the message and forwards it on 1494using UUCP. 1495 1496You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1497These rulesets are normally empty. 1498 1499A similar macro is LOCAL_CONFIG. This introduces lines added after the 1500boilerplate option setting but before rulesets. Do not declare rulesets in 1501the LOCAL_CONFIG section. It can be used to declare local database maps or 1502whatever. For example: 1503 1504 LOCAL_CONFIG 1505 Khostmap hash /etc/mail/hostmap 1506 Kyplocal nis -m hosts.byname 1507 1508 1509+---------------------------+ 1510| MASQUERADING AND RELAYING | 1511+---------------------------+ 1512 1513You can have your host masquerade as another using 1514 1515 MASQUERADE_AS(`host.domain') 1516 1517This causes mail being sent to be labeled as coming from the 1518indicated host.domain, rather than $j. One normally masquerades as 1519one of one's own subdomains (for example, it's unlikely that 1520Berkeley would choose to masquerade as an MIT site). This 1521behaviour is modified by a plethora of FEATUREs; in particular, see 1522masquerade_envelope, allmasquerade, limited_masquerade, and 1523masquerade_entire_domain. 1524 1525The masquerade name is not normally canonified, so it is important 1526that it be your One True Name, that is, fully qualified and not a 1527CNAME. However, if you use a CNAME, the receiving side may canonify 1528it for you, so don't think you can cheat CNAME mapping this way. 1529 1530Normally the only addresses that are masqueraded are those that come 1531from this host (that is, are either unqualified or in class {w}, the list 1532of local domain names). You can augment this list, which is realized 1533by class {M} using 1534 1535 MASQUERADE_DOMAIN(`otherhost.domain') 1536 1537The effect of this is that although mail to user@otherhost.domain 1538will not be delivered locally, any mail including any user@otherhost.domain 1539will, when relayed, be rewritten to have the MASQUERADE_AS address. 1540This can be a space-separated list of names. 1541 1542If these names are in a file, you can use 1543 1544 MASQUERADE_DOMAIN_FILE(`filename') 1545 1546to read the list of names from the indicated file (i.e., to add 1547elements to class {M}). 1548 1549To exempt hosts or subdomains from being masqueraded, you can use 1550 1551 MASQUERADE_EXCEPTION(`host.domain') 1552 1553This can come handy if you want to masquerade a whole domain 1554except for one (or a few) host(s). If these names are in a file, 1555you can use 1556 1557 MASQUERADE_EXCEPTION_FILE(`filename') 1558 1559Normally only header addresses are masqueraded. If you want to 1560masquerade the envelope as well, use 1561 1562 FEATURE(`masquerade_envelope') 1563 1564There are always users that need to be "exposed" -- that is, their 1565internal site name should be displayed instead of the masquerade name. 1566Root is an example (which has been "exposed" by default prior to 8.10). 1567You can add users to this list using 1568 1569 EXPOSED_USER(`usernames') 1570 1571This adds users to class {E}; you could also use 1572 1573 EXPOSED_USER_FILE(`filename') 1574 1575You can also arrange to relay all unqualified names (that is, names 1576without @host) to a relay host. For example, if you have a central 1577email server, you might relay to that host so that users don't have 1578to have .forward files or aliases. You can do this using 1579 1580 define(`LOCAL_RELAY', `mailer:hostname') 1581 1582The ``mailer:'' can be omitted, in which case the mailer defaults to 1583"relay". There are some user names that you don't want relayed, perhaps 1584because of local aliases. A common example is root, which may be 1585locally aliased. You can add entries to this list using 1586 1587 LOCAL_USER(`usernames') 1588 1589This adds users to class {L}; you could also use 1590 1591 LOCAL_USER_FILE(`filename') 1592 1593If you want all incoming mail sent to a centralized hub, as for a 1594shared /var/spool/mail scheme, use 1595 1596 define(`MAIL_HUB', `mailer:hostname') 1597 1598Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1599and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 1600be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1601Note: there is a (long standing) bug which keeps this combination from 1602working for addresses of the form user+detail. 1603Names in class {L} will be delivered locally, so you MUST have aliases or 1604.forward files for them. 1605 1606For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1607FEATURE(`stickyhost'), the following combinations of settings will have the 1608indicated effects: 1609 1610email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1611 1612LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1613mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1614 1615MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1616mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1617 1618Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1619MAIL_HUB set as above (no local aliasing) (aliasing done) 1620 1621If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 1622MAIL_HUB act identically, with MAIL_HUB taking precedence. 1623 1624If you want all outgoing mail to go to a central relay site, define 1625SMART_HOST as well. Briefly: 1626 1627 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1628 MAIL_HUB applies to names qualified with the name of the 1629 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1630 SMART_HOST applies to names qualified with other hosts or 1631 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" 1632 or "eric@[127.0.0.1]"). 1633 1634However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1635DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1636really want absolutely everything to go to a single central site you will 1637need to unset all the other relays -- or better yet, find or build a 1638minimal config file that does this. 1639 1640For duplicate suppression to work properly, the host name is best 1641specified with a terminal dot: 1642 1643 define(`MAIL_HUB', `host.domain.') 1644 note the trailing dot ---^ 1645 1646 1647+-------------------------------------------+ 1648| USING LDAP FOR ALIASES, MAPS, AND CLASSES | 1649+-------------------------------------------+ 1650 1651LDAP can be used for aliases, maps, and classes by either specifying your 1652own LDAP map specification or using the built-in default LDAP map 1653specification. The built-in default specifications all provide lookups 1654which match against either the machine's fully qualified hostname (${j}) or 1655a "cluster". The cluster allows you to share LDAP entries among a large 1656number of machines without having to enter each of the machine names into 1657each LDAP entry. To set the LDAP cluster name to use for a particular 1658machine or set of machines, set the confLDAP_CLUSTER m4 variable to a 1659unique name. For example: 1660 1661 define(`confLDAP_CLUSTER', `Servers') 1662 1663Here, the word `Servers' will be the cluster name. As an example, assume 1664that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong 1665to the Servers cluster. 1666 1667Some of the LDAP LDIF examples below show use of the Servers cluster. 1668Every entry must have either a sendmailMTAHost or sendmailMTACluster 1669attribute or it will be ignored. Be careful as mixing clusters and 1670individual host records can have surprising results (see the CAUTION 1671sections below). 1672 1673See the file cf/sendmail.schema for the actual LDAP schemas. Note that 1674this schema (and therefore the lookups and examples below) is experimental 1675at this point as it has had little public review. Therefore, it may change 1676in future versions. Feedback via sendmail@sendmail.org is encouraged. 1677 1678------- 1679Aliases 1680------- 1681 1682The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias 1683lookups. To use the default schema, simply use: 1684 1685 define(`ALIAS_FILE', `ldap:') 1686 1687By doing so, you will use the default schema which expands to a map 1688declared as follows: 1689 1690 ldap -k (&(objectClass=sendmailMTAAliasObject) 1691 (sendmailMTAAliasGrouping=aliases) 1692 (|(sendmailMTACluster=${sendmailMTACluster}) 1693 (sendmailMTAHost=$j)) 1694 (sendmailMTAKey=%0)) 1695 -v sendmailMTAAliasValue 1696 1697NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1698used when the binary expands the `ldap:' token as the AliasFile option is 1699not actually macro-expanded when read from the sendmail.cf file. 1700 1701Example LDAP LDIF entries might be: 1702 1703 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org 1704 objectClass: sendmailMTA 1705 objectClass: sendmailMTAAlias 1706 objectClass: sendmailMTAAliasObject 1707 sendmailMTAAliasGrouping: aliases 1708 sendmailMTAHost: etrn.sendmail.org 1709 sendmailMTAKey: sendmail-list 1710 sendmailMTAAliasValue: ca@example.org 1711 sendmailMTAAliasValue: eric 1712 sendmailMTAAliasValue: gshapiro@example.com 1713 1714 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org 1715 objectClass: sendmailMTA 1716 objectClass: sendmailMTAAlias 1717 objectClass: sendmailMTAAliasObject 1718 sendmailMTAAliasGrouping: aliases 1719 sendmailMTAHost: etrn.sendmail.org 1720 sendmailMTAKey: owner-sendmail-list 1721 sendmailMTAAliasValue: eric 1722 1723 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org 1724 objectClass: sendmailMTA 1725 objectClass: sendmailMTAAlias 1726 objectClass: sendmailMTAAliasObject 1727 sendmailMTAAliasGrouping: aliases 1728 sendmailMTACluster: Servers 1729 sendmailMTAKey: postmaster 1730 sendmailMTAAliasValue: eric 1731 1732Here, the aliases sendmail-list and owner-sendmail-list will be available 1733only on etrn.sendmail.org but the postmaster alias will be available on 1734every machine in the Servers cluster (including etrn.sendmail.org). 1735 1736CAUTION: aliases are additive so that entries like these: 1737 1738 dn: sendmailMTAKey=bob, dc=sendmail, dc=org 1739 objectClass: sendmailMTA 1740 objectClass: sendmailMTAAlias 1741 objectClass: sendmailMTAAliasObject 1742 sendmailMTAAliasGrouping: aliases 1743 sendmailMTACluster: Servers 1744 sendmailMTAKey: bob 1745 sendmailMTAAliasValue: eric 1746 1747 dn: sendmailMTAKey=bob, dc=sendmail, dc=org 1748 objectClass: sendmailMTA 1749 objectClass: sendmailMTAAlias 1750 objectClass: sendmailMTAAliasObject 1751 sendmailMTAAliasGrouping: aliases 1752 sendmailMTAHost: etrn.sendmail.org 1753 sendmailMTAKey: bob 1754 sendmailMTAAliasValue: gshapiro 1755 1756would mean that on all of the hosts in the cluster, mail to bob would go to 1757eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and 1758gshapiro. 1759 1760If you prefer not to use the default LDAP schema for your aliases, you can 1761specify the map parameters when setting ALIAS_FILE. For example: 1762 1763 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember') 1764 1765---- 1766Maps 1767---- 1768 1769FEATURE()'s which take an optional map definition argument (e.g., access, 1770mailertable, virtusertable, etc.) can instead take the special keyword 1771`LDAP', e.g.: 1772 1773 FEATURE(`access_db', `LDAP') 1774 FEATURE(`virtusertable', `LDAP') 1775 1776When this keyword is given, that map will use LDAP lookups consisting of 1777the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName 1778with the map name, a search attribute of sendmailMTAKey, and the value 1779attribute sendmailMTAMapValue. 1780 1781The values for sendmailMTAMapName are: 1782 1783 FEATURE() sendmailMTAMapName 1784 --------- ------------------ 1785 access_db access 1786 authinfo authinfo 1787 bitdomain bitdomain 1788 domaintable domain 1789 genericstable generics 1790 mailertable mailer 1791 uucpdomain uucpdomain 1792 virtusertable virtuser 1793 1794For example, FEATURE(`mailertable', `LDAP') would use the map definition: 1795 1796 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject) 1797 (sendmailMTAMapName=mailer) 1798 (|(sendmailMTACluster=${sendmailMTACluster}) 1799 (sendmailMTAHost=$j)) 1800 (sendmailMTAKey=%0)) 1801 -1 -v sendmailMTAMapValue 1802 1803An example LDAP LDIF entry using this map might be: 1804 1805 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org 1806 objectClass: sendmailMTA 1807 objectClass: sendmailMTAMap 1808 sendmailMTACluster: Servers 1809 sendmailMTAMapName: mailer 1810 1811 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1812 objectClass: sendmailMTA 1813 objectClass: sendmailMTAMap 1814 objectClass: sendmailMTAMapObject 1815 sendmailMTAMapName: mailer 1816 sendmailMTACluster: Servers 1817 sendmailMTAKey: example.com 1818 sendmailMTAMapValue: relay:[smtp.example.com] 1819 1820CAUTION: If your LDAP database contains the record above and *ALSO* a host 1821specific record such as: 1822 1823 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1824 objectClass: sendmailMTA 1825 objectClass: sendmailMTAMap 1826 objectClass: sendmailMTAMapObject 1827 sendmailMTAMapName: mailer 1828 sendmailMTAHost: etrn.sendmail.org 1829 sendmailMTAKey: example.com 1830 sendmailMTAMapValue: relay:[mx.example.com] 1831 1832then these entries will give unexpected results. When the lookup is done 1833on etrn.sendmail.org, the effect is that there is *NO* match at all as maps 1834require a single match. Since the host etrn.sendmail.org is also in the 1835Servers cluster, LDAP would return two answers for the example.com map key 1836in which case sendmail would treat this as no match at all. 1837 1838If you prefer not to use the default LDAP schema for your maps, you can 1839specify the map parameters when using the FEATURE(). For example: 1840 1841 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value') 1842 1843------- 1844Classes 1845------- 1846 1847Normally, classes can be filled via files or programs. As of 8.12, they 1848can also be filled via map lookups using a new syntax: 1849 1850 F{ClassName}mapkey@mapclass:mapspec 1851 1852mapkey is optional and if not provided the map key will be empty. This can 1853be used with LDAP to read classes from LDAP. Note that the lookup is only 1854done when sendmail is initially started. Use the special value `@LDAP' to 1855use the default LDAP schema. For example: 1856 1857 RELAY_DOMAIN_FILE(`@LDAP') 1858 1859would put all of the attribute sendmailMTAClassValue values of LDAP records 1860with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of 1861'R' into class $={R}. In other words, it is equivalent to the LDAP map 1862specification: 1863 1864 F{R}@ldap:-k (&(objectClass=sendmailMTAClass) 1865 (sendmailMTAClassName=R) 1866 (|(sendmailMTACluster=${sendmailMTACluster}) 1867 (sendmailMTAHost=$j))) 1868 -v sendmailMTAClassValue 1869 1870NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1871used when the binary expands the `@LDAP' token as class declarations are 1872not actually macro-expanded when read from the sendmail.cf file. 1873 1874This can be used with class related commands such as RELAY_DOMAIN_FILE(), 1875MASQUERADE_DOMAIN_FILE(), etc: 1876 1877 Command sendmailMTAClassName 1878 ------- -------------------- 1879 CANONIFY_DOMAIN_FILE() Canonify 1880 EXPOSED_USER_FILE() E 1881 GENERICS_DOMAIN_FILE() G 1882 LDAPROUTE_DOMAIN_FILE() LDAPRoute 1883 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv 1884 LOCAL_USER_FILE() L 1885 MASQUERADE_DOMAIN_FILE() M 1886 MASQUERADE_EXCEPTION_FILE() N 1887 RELAY_DOMAIN_FILE() R 1888 VIRTUSER_DOMAIN_FILE() VirtHost 1889 1890You can also add your own as any 'F'ile class of the form: 1891 1892 F{ClassName}@LDAP 1893 ^^^^^^^^^ 1894will use "ClassName" for the sendmailMTAClassName. 1895 1896An example LDAP LDIF entry would look like: 1897 1898 dn: sendmailMTAClassName=R, dc=sendmail, dc=org 1899 objectClass: sendmailMTA 1900 objectClass: sendmailMTAClass 1901 sendmailMTACluster: Servers 1902 sendmailMTAClassName: R 1903 sendmailMTAClassValue: sendmail.org 1904 sendmailMTAClassValue: example.com 1905 sendmailMTAClassValue: 10.56.23 1906 1907CAUTION: If your LDAP database contains the record above and *ALSO* a host 1908specific record such as: 1909 1910 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org 1911 objectClass: sendmailMTA 1912 objectClass: sendmailMTAClass 1913 sendmailMTAHost: etrn.sendmail.org 1914 sendmailMTAClassName: R 1915 sendmailMTAClassValue: example.com 1916 1917the result will be similar to the aliases caution above. When the lookup 1918is done on etrn.sendmail.org, $={R} would contain all of the entries (from 1919both the cluster match and the host match). In other words, the effective 1920is additive. 1921 1922If you prefer not to use the default LDAP schema for your classes, you can 1923specify the map parameters when using the class command. For example: 1924 1925 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host') 1926 1927Remember, macros can not be used in a class declaration as the binary does 1928not expand them. 1929 1930 1931+--------------+ 1932| LDAP ROUTING | 1933+--------------+ 1934 1935FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft 1936LDAP Schema for Intranet Mail Routing 1937(draft-lachman-laser-ldap-mail-routing-01). This feature enables 1938LDAP-based rerouting of a particular address to either a different host 1939or a different address. The LDAP lookup is first attempted on the full 1940address (e.g., user@example.com) and then on the domain portion 1941(e.g., @example.com). Be sure to setup your domain for LDAP routing using 1942LDAPROUTE_DOMAIN(), e.g.: 1943 1944 LDAPROUTE_DOMAIN(`example.com') 1945 1946Additionally, you can specify equivalent domains for LDAP routing using 1947LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent' 1948hostnames are mapped to $M (the masqueraded hostname for the server) before 1949the LDAP query. For example, if the mail is addressed to 1950user@host1.example.com, normally the LDAP lookup would only be done for 1951'user@host1.example.com' and '@host1.example.com'. However, if 1952LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be 1953done on 'user@example.com' and '@example.com' after attempting the 1954host1.example.com lookups. 1955 1956By default, the feature will use the schemas as specified in the draft 1957and will not reject addresses not found by the LDAP lookup. However, 1958this behavior can be changed by giving additional arguments to the FEATURE() 1959command: 1960 1961 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, <detail>) 1962 1963where <mailHost> is a map definition describing how to lookup an alternative 1964mail host for a particular address; <mailRoutingAddress> is a map definition 1965describing how to lookup an alternative address for a particular address; 1966the <bounce> argument, if present and not the word "passthru", dictates 1967that mail should be bounced if neither a mailHost nor mailRoutingAddress 1968is found; and <detail> indicates what actions to take if the address 1969contains +detail information -- `strip' tries the lookup with the +detail 1970and if no matches are found, strips the +detail and tries the lookup again; 1971`preserve', does the same as `strip' but if a mailRoutingAddress match is 1972found, the +detail information is copied to the new address. 1973 1974The default <mailHost> map definition is: 1975 1976 ldap -1 -v mailHost -k (&(objectClass=inetLocalMailRecipient) 1977 (mailLocalAddress=%0)) 1978 1979The default <mailRoutingAddress> map definition is: 1980 1981 ldap -1 -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient) 1982 (mailLocalAddress=%0)) 1983 1984Note that neither includes the LDAP server hostname (-h server) or base DN 1985(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that 1986your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with 1987these settings. If this is not the case, the map definitions should be 1988changed as described above. 1989 1990The following possibilities exist as a result of an LDAP lookup on an 1991address: 1992 1993 mailHost is mailRoutingAddress is Results in 1994 ----------- --------------------- ---------- 1995 set to a set mail delivered to 1996 "local" host mailRoutingAddress 1997 1998 set to a not set delivered to 1999 "local" host original address 2000 2001 set to a set mailRoutingAddress 2002 remote host relayed to mailHost 2003 2004 set to a not set original address 2005 remote host relayed to mailHost 2006 2007 not set set mail delivered to 2008 mailRoutingAddress 2009 2010 not set not set delivered to 2011 original address *OR* 2012 bounced as unknown user 2013 2014The term "local" host above means the host specified is in class {w}. If 2015the result would mean sending the mail to a different host, that host is 2016looked up in the mailertable before delivery. 2017 2018Note that the last case depends on whether the third argument is given 2019to the FEATURE() command. The default is to deliver the message to the 2020original address. 2021 2022The LDAP entries should be set up with an objectClass of 2023inetLocalMailRecipient and the address be listed in a mailLocalAddress 2024attribute. If present, there must be only one mailHost attribute and it 2025must contain a fully qualified host name as its value. Similarly, if 2026present, there must be only one mailRoutingAddress attribute and it must 2027contain an RFC 822 compliant address. Some example LDAP records (in LDIF 2028format): 2029 2030 dn: uid=tom, o=example.com, c=US 2031 objectClass: inetLocalMailRecipient 2032 mailLocalAddress: tom@example.com 2033 mailRoutingAddress: thomas@mailhost.example.com 2034 2035This would deliver mail for tom@example.com to thomas@mailhost.example.com. 2036 2037 dn: uid=dick, o=example.com, c=US 2038 objectClass: inetLocalMailRecipient 2039 mailLocalAddress: dick@example.com 2040 mailHost: eng.example.com 2041 2042This would relay mail for dick@example.com to the same address but redirect 2043the mail to MX records listed for the host eng.example.com (unless the 2044mailertable overrides). 2045 2046 dn: uid=harry, o=example.com, c=US 2047 objectClass: inetLocalMailRecipient 2048 mailLocalAddress: harry@example.com 2049 mailHost: mktmail.example.com 2050 mailRoutingAddress: harry@mkt.example.com 2051 2052This would relay mail for harry@example.com to the MX records listed for 2053the host mktmail.example.com using the new address harry@mkt.example.com 2054when talking to that host. 2055 2056 dn: uid=virtual.example.com, o=example.com, c=US 2057 objectClass: inetLocalMailRecipient 2058 mailLocalAddress: @virtual.example.com 2059 mailHost: server.example.com 2060 mailRoutingAddress: virtual@example.com 2061 2062This would send all mail destined for any username @virtual.example.com to 2063the machine server.example.com's MX servers and deliver to the address 2064virtual@example.com on that relay machine. 2065 2066 2067+---------------------------------+ 2068| ANTI-SPAM CONFIGURATION CONTROL | 2069+---------------------------------+ 2070 2071The primary anti-spam features available in sendmail are: 2072 2073* Relaying is denied by default. 2074* Better checking on sender information. 2075* Access database. 2076* Header checks. 2077 2078Relaying (transmission of messages from a site outside your host (class 2079{w}) to another site except yours) is denied by default. Note that this 2080changed in sendmail 8.9; previous versions allowed relaying by default. 2081If you really want to revert to the old behaviour, you will need to use 2082FEATURE(`promiscuous_relay'). You can allow certain domains to relay 2083through your server by adding their domain name or IP address to class 2084{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database 2085(described below). Note that IPv6 addresses must be prefaced with "IPv6:". 2086The file consists (like any other file based class) of entries listed on 2087separate lines, e.g., 2088 2089 sendmail.org 2090 128.32 2091 IPv6:2002:c0a8:02c7 2092 IPv6:2002:c0a8:51d2::23f4 2093 host.mydomain.com 2094 [UNIX:localhost] 2095 2096Notice: the last entry allows relaying for connections via a UNIX 2097socket to the MTA/MSP. This might be necessary if your configuration 2098doesn't allow relaying by other means in that case, e.g., by having 2099localhost.$m in class {R} (make sure $m is not just a top level 2100domain). 2101 2102If you use 2103 2104 FEATURE(`relay_entire_domain') 2105 2106then any host in any of your local domains (that is, class {m}) 2107will be relayed (that is, you will accept mail either to or from any 2108host in your domain). 2109 2110You can also allow relaying based on the MX records of the host 2111portion of an incoming recipient address by using 2112 2113 FEATURE(`relay_based_on_MX') 2114 2115For example, if your server receives a recipient of user@domain.com 2116and domain.com lists your server in its MX records, the mail will be 2117accepted for relay to domain.com. This feature may cause problems 2118if MX lookups for the recipient domain are slow or time out. In that 2119case, mail will be temporarily rejected. It is usually better to 2120maintain a list of hosts/domains for which the server acts as relay. 2121Note also that this feature will stop spammers from using your host 2122to relay spam but it will not stop outsiders from using your server 2123as a relay for their site (that is, they set up an MX record pointing 2124to your mail server, and you will relay mail addressed to them 2125without any prior arrangement). Along the same lines, 2126 2127 FEATURE(`relay_local_from') 2128 2129will allow relaying if the sender specifies a return path (i.e. 2130MAIL FROM: <user@domain>) domain which is a local domain. This is a 2131dangerous feature as it will allow spammers to spam using your mail 2132server by simply specifying a return address of user@your.domain.com. 2133It should not be used unless absolutely necessary. 2134A slightly better solution is 2135 2136 FEATURE(`relay_mail_from') 2137 2138which allows relaying if the mail sender is listed as RELAY in the 2139access map. If an optional argument `domain' is given, the domain 2140portion of the mail sender is also checked to allowing relaying. 2141This option only works together with the tag From: for the LHS of 2142the access map entries (see below: Finer control...). This feature 2143allows spammers to abuse your mail server by specifying a return 2144address that you enabled in your access file. This may be harder 2145to figure out for spammers, but it should not be used unless 2146necessary. Instead use SMTP AUTH or STARTTLS to allow relaying 2147for roaming users. 2148 2149 2150If source routing is used in the recipient address (e.g., 2151RCPT TO: <user%site.com@othersite.com>), sendmail will check 2152user@site.com for relaying if othersite.com is an allowed relay host 2153in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, 2154or the access database if FEATURE(`access_db') is used. To prevent 2155the address from being stripped down, use: 2156 2157 FEATURE(`loose_relay_check') 2158 2159If you think you need to use this feature, you probably do not. This 2160should only be used for sites which have no control over the addresses 2161that they provide a gateway for. Use this FEATURE with caution as it 2162can allow spammers to relay through your server if not setup properly. 2163 2164NOTICE: It is possible to relay mail through a system which the anti-relay 2165rules do not prevent: the case of a system that does use FEATURE(`nouucp', 2166`nospecial') (system A) and relays local messages to a mail hub (e.g., via 2167LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use 2168FEATURE(`nouucp') at all, addresses of the form 2169<example.net!user@local.host> would be relayed to <user@example.net>. 2170System A doesn't recognize `!' as an address separator and therefore 2171forwards it to the mail hub which in turns relays it because it came from 2172a trusted local host. So if a mailserver allows UUCP (bang-format) 2173addresses, all systems from which it allows relaying should do the same 2174or reject those addresses. 2175 2176As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 2177an unresolvable domain (i.e., one that DNS, your local name service, 2178or special case rules in ruleset 3 cannot locate). This also applies 2179to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the 2180IP address can't be mapped to a host name. If you want to continue 2181to accept such domains, e.g., because you are inside a firewall that 2182has only a limited view of the Internet host name space (note that you 2183will not be able to return mail to them unless you have some "smart 2184host" forwarder), use 2185 2186 FEATURE(`accept_unresolvable_domains') 2187 2188Alternatively, you can allow specific addresses by adding them to 2189the access map, e.g., 2190 2191 From:unresolvable.domain OK 2192 From:[1.2.3.4] OK 2193 From:[1.2.4] OK 2194 2195Notice: domains which are temporarily unresolvable are (temporarily) 2196rejected with a 451 reply code. If those domains should be accepted 2197(which is discouraged) then you can use 2198 2199 LOCAL_CONFIG 2200 C{ResOk}TEMP 2201 2202sendmail will also refuse mail if the MAIL FROM: parameter is not 2203fully qualified (i.e., contains a domain as well as a user). If you 2204want to continue to accept such senders, use 2205 2206 FEATURE(`accept_unqualified_senders') 2207 2208Setting the DaemonPortOptions modifier 'u' overrides the default behavior, 2209i.e., unqualified addresses are accepted even without this FEATURE. If 2210this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used 2211to enforce fully qualified domain names. 2212 2213An ``access'' database can be created to accept or reject mail from 2214selected domains. For example, you may choose to reject all mail 2215originating from known spammers. To enable such a database, use 2216 2217 FEATURE(`access_db') 2218 2219Notice: the access database is applied to the envelope addresses 2220and the connection information, not to the header. 2221 2222The FEATURE macro can accept as second parameter the key file 2223definition for the database; for example 2224 2225 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map') 2226 2227Notice: If a second argument is specified it must contain the option 2228`-T<TMPF>' as shown above. The optional third and fourth parameters 2229may be `skip' or `lookupdotdomain'. The former enables SKIP as 2230value part (see below), the latter is another way to enable the 2231feature of the same name (see above). 2232 2233Remember, since /etc/mail/access is a database, after creating the text 2234file as described below, you must use makemap to create the database 2235map. For example: 2236 2237 makemap hash /etc/mail/access < /etc/mail/access 2238 2239The table itself uses e-mail addresses, domain names, and network 2240numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:". 2241For example, 2242 2243 spammer@aol.com REJECT 2244 cyberspammer.com REJECT 2245 192.168.212 REJECT 2246 IPv6:2002:c0a8:02c7 RELAY 2247 IPv6:2002:c0a8:51d2::23f4 REJECT 2248 2249would refuse mail from spammer@aol.com, any user from cyberspammer.com 2250(or any host within the cyberspammer.com domain), any host on the 2251192.168.212.* network, and the IPv6 address 2002:c0a8:51d2::23f4. It would 2252allow relay for the IPv6 network 2002:c0a8:02c7::/48. 2253 2254The value part of the map can contain: 2255 2256 OK Accept mail even if other rules in the running 2257 ruleset would reject it, for example, if the domain 2258 name is unresolvable. "Accept" does not mean 2259 "relay", but at most acceptance for local 2260 recipients. That is, OK allows less than RELAY. 2261 RELAY Accept mail addressed to the indicated domain or 2262 received from the indicated domain for relaying 2263 through your SMTP server. RELAY also serves as 2264 an implicit OK for the other checks. 2265 REJECT Reject the sender or recipient with a general 2266 purpose message. 2267 DISCARD Discard the message completely using the 2268 $#discard mailer. If it is used in check_compat, 2269 it affects only the designated recipient, not 2270 the whole message as it does in all other cases. 2271 This should only be used if really necessary. 2272 SKIP This can only be used for host/domain names 2273 and IP addresses/nets. It will abort the current 2274 search for this entry without accepting or rejecting 2275 it but causing the default action. 2276 ### any text where ### is an RFC 821 compliant error code and 2277 "any text" is a message to return for the command. 2278 The string should be quoted to avoid surprises, 2279 e.g., sendmail may remove spaces otherwise. 2280 This type is deprecated, use one the two 2281 ERROR: entries below instead. 2282 ERROR:### any text 2283 as above, but useful to mark error messages as such. 2284 ERROR:D.S.N:### any text 2285 where D.S.N is an RFC 1893 compliant error code 2286 and the rest as above. 2287 2288For example: 2289 2290 cyberspammer.com ERROR:550 "We don't accept mail from spammers" 2291 okay.cyberspammer.com OK 2292 sendmail.org RELAY 2293 128.32 RELAY 2294 IPv6:1:2:3:4:5:6:7 RELAY 2295 [127.0.0.3] OK 2296 [IPv6:1:2:3:4:5:6:7:8] OK 2297 2298would accept mail from okay.cyberspammer.com, but would reject mail from 2299all other hosts at cyberspammer.com with the indicated message. It would 2300allow relaying mail from and to any hosts in the sendmail.org domain, and 2301allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:* 2302network. The latter two entries are for checks against ${client_name} if 2303the IP address doesn't resolve to a hostname (or is considered as "may be 2304forged"). That is, using square brackets means these are host names, 2305not network numbers. 2306 2307Warning: if you change the RFC 821 compliant error code from the default 2308value of 550, then you should probably also change the RFC 1893 compliant 2309error code to match it. For example, if you use 2310 2311 user@example.com ERROR:450 mailbox full 2312 2313the error returned would be "450 5.0.0 mailbox full" which is wrong. 2314Use "ERROR:4.2.2:450 mailbox full" instead. 2315 2316Note, UUCP users may need to add hostname.UUCP to the access database 2317or class {R}. 2318 2319If you also use: 2320 2321 FEATURE(`relay_hosts_only') 2322 2323then the above example will allow relaying for sendmail.org, but not 2324hosts within the sendmail.org domain. Note that this will also require 2325hosts listed in class {R} to be fully qualified host names. 2326 2327You can also use the access database to block sender addresses based on 2328the username portion of the address. For example: 2329 2330 FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted 2331 2332Note that you must include the @ after the username to signify that 2333this database entry is for checking only the username portion of the 2334sender address. 2335 2336If you use: 2337 2338 FEATURE(`blacklist_recipients') 2339 2340then you can add entries to the map for local users, hosts in your 2341domains, or addresses in your domain which should not receive mail: 2342 2343 badlocaluser@ ERROR:550 Mailbox disabled for this username 2344 host.mydomain.com ERROR:550 That host does not accept mail 2345 user@otherhost.mydomain.com ERROR:550 Mailbox disabled for this recipient 2346 2347This would prevent a recipient of badlocaluser@mydomain.com, any 2348user at host.mydomain.com, and the single address 2349user@otherhost.mydomain.com from receiving mail. Please note: a 2350local username must be now tagged with an @ (this is consistent 2351with the check of the sender address, and hence it is possible to 2352distinguish between hostnames and usernames). Enabling this feature 2353will keep you from sending mails to all addresses that have an 2354error message or REJECT as value part in the access map. Taking 2355the example from above: 2356 2357 spammer@aol.com REJECT 2358 cyberspammer.com REJECT 2359 2360Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 2361 2362There are several DNS based blacklists, the first of which was 2363the RBL (``Realtime Blackhole List'') run by the MAPS project, 2364see http://mail-abuse.org/. These are databases of spammers 2365maintained in DNS. To use such a database, specify 2366 2367 FEATURE(`dnsbl') 2368 2369This will cause sendmail to reject mail from any site in the original 2370Realtime Blackhole List database. This default DNS blacklist, 2371blackholes.mail-abuse.org, is a service offered by the Mail Abuse 2372Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription 2373service, so using that network address won't work if you haven't 2374subscribed. Contact MAPS to subscribe (http://mail-abuse.org/). 2375 2376You can specify an alternative RBL server to check by specifying an 2377argument to the FEATURE. The default error message is 2378 2379 Mail from IP-ADDRESS refused by blackhole site SERVER 2380 2381where IP-ADDRESS and SERVER are replaced by the appropriate 2382information. A second argument can be used to specify a different 2383text. By default, temporary lookup failures are ignored and hence 2384cause the connection not to be rejected by the DNS based rejection 2385list. This behavior can be changed by specifying a third argument, 2386which must be either `t' or a full error message. For example: 2387 2388 FEATURE(`dnsbl', `dnsbl.example.com', `', 2389 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"') 2390 2391If `t' is used, the error message is: 2392 2393 451 Temporary lookup failure of IP-ADDRESS at SERVER 2394 2395where IP-ADDRESS and SERVER are replaced by the appropriate 2396information. 2397 2398This FEATURE can be included several times to query different 2399DNS based rejection lists, e.g., the dial-up user list (see 2400http://mail-abuse.org/dul/). 2401 2402Notice: to avoid checking your own local domains against those 2403blacklists, use the access_db feature and add: 2404 2405 Connect:10.1 OK 2406 Connect:127.0.0.1 RELAY 2407 2408to the access map, where 10.1 is your local network. You may 2409want to use "RELAY" instead of "OK" to allow also relaying 2410instead of just disabling the DNS lookups in the backlists. 2411 2412 2413The features described above make use of the check_relay, check_mail, 2414and check_rcpt rulesets. If you wish to include your own checks, 2415you can put your checks in the rulesets Local_check_relay, 2416Local_check_mail, and Local_check_rcpt. For example if you wanted to 2417block senders with all numeric usernames (i.e. 2312343@bigisp.com), 2418you would use Local_check_mail and the regex map: 2419 2420 LOCAL_CONFIG 2421 Kallnumbers regex -a@MATCH ^[0-9]+$ 2422 2423 LOCAL_RULESETS 2424 SLocal_check_mail 2425 # check address against various regex checks 2426 R$* $: $>Parse0 $>3 $1 2427 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 2428 R@MATCH $#error $: 553 Header Error 2429 2430These rules are called with the original arguments of the corresponding 2431check_* ruleset. If the local ruleset returns $#OK, no further checking 2432is done by the features described above and the mail is accepted. If the 2433local ruleset resolves to a mailer (such as $#error or $#discard), the 2434appropriate action is taken. Otherwise, the results of the local 2435rewriting are ignored. 2436 2437Finer control by using tags for the LHS of the access map 2438--------------------------------------------------------- 2439 2440Read this section only if the options listed so far are not sufficient 2441for your purposes. There is now the option to tag entries in the 2442access map according to their type. Three tags are available: 2443 2444 Connect: connection information (${client_addr}, ${client_name}) 2445 From: envelope sender 2446 To: envelope recipient 2447 2448If the required item is looked up in a map, it will be tried first 2449with the corresponding tag in front, then (as fallback to enable 2450backward compatibility) without any tag, unless the specific feature 2451requires a tag. For example, 2452 2453 From:spammer@some.dom REJECT 2454 To:friend.domain RELAY 2455 Connect:friend.domain OK 2456 Connect:from.domain RELAY 2457 From:good@another.dom OK 2458 From:another.dom REJECT 2459 2460This would deny mails from spammer@some.dom but you could still 2461send mail to that address even if FEATURE(`blacklist_recipients') 2462is enabled. Your system will allow relaying to friend.domain, but 2463not from it (unless enabled by other means). Connections from that 2464domain will be allowed even if it ends up in one of the DNS based 2465rejection lists. Relaying is enabled from from.domain but not to 2466it (since relaying is based on the connection information for 2467outgoing relaying, the tag Connect: must be used; for incoming 2468relaying, which is based on the recipient address, To: must be 2469used). The last two entries allow mails from good@another.dom but 2470reject mail from all other addresses with another.dom as domain 2471part. 2472 2473Delay all checks 2474---------------- 2475 2476By using FEATURE(`delay_checks') the rulesets check_mail and check_relay 2477will not be called when a client connects or issues a MAIL command, 2478respectively. Instead, those rulesets will be called by the check_rcpt 2479ruleset; they will be skipped if a sender has been authenticated using 2480a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). 2481If check_mail returns an error then the RCPT TO command will be rejected 2482with that error. If it returns some other result starting with $# then 2483check_relay will be skipped. If the sender address (or a part of it) is 2484listed in the access map and it has a RHS of OK or RELAY, then check_relay 2485will be skipped. This has an interesting side effect: if your domain is 2486my.domain and you have 2487 2488 my.domain RELAY 2489 2490in the access map, then all e-mail with a sender address of 2491<user@my.domain> gets through, even if check_relay would reject it 2492(e.g., based on the hostname or IP address). This allows spammers 2493to get around DNS based blacklist by faking the sender address. To 2494avoid this problem you have to use tagged entries: 2495 2496 To:my.domain RELAY 2497 Connect:my.domain RELAY 2498 2499if you need those entries at all (class {R} may take care of them). 2500 2501FEATURE(`delay_checks') can take an optional argument: 2502 2503 FEATURE(`delay_checks', `friend') 2504 enables spamfriend test 2505 FEATURE(`delay_checks', `hater') 2506 enables spamhater test 2507 2508If such an argument is given, the recipient will be looked up in the access 2509map (using the tag Spam:). If the argument is `friend', then the other 2510rulesets will be skipped if the recipient address is found and has RHS 2511friend. If the argument is `hater', then the other rulesets will be 2512applied if the recipient address is found and has RHS hater. 2513 2514This allows for simple exceptions from the tests, e.g., by activating 2515the friend option and having 2516 2517 Spam:abuse@ FRIEND 2518 2519in the access map, mail to abuse@localdomain will get through. It is 2520also possible to specify a full address or an address with +detail: 2521 2522 Spam:abuse@my.domain FRIEND 2523 Spam:me+abuse@ FRIEND 2524 Spam:spam.domain FRIEND 2525 2526Note: The required tag has been changed in 8.12 from To: to Spam:. 2527This change is incompatible to previous versions. However, you can 2528(for now) simply add the new entries to the access map, the old 2529ones will be ignored. As soon as you removed the old entries from 2530the access map, specify a third parameter (`n') to this feature and 2531the backward compatibility rules will not be in the generated .cf 2532file. 2533 2534Header Checks 2535------------- 2536 2537You can also reject mail on the basis of the contents of headers. 2538This is done by adding a ruleset call to the 'H' header definition command 2539in sendmail.cf. For example, this can be used to check the validity of 2540a Message-ID: header: 2541 2542 LOCAL_RULESETS 2543 HMessage-Id: $>CheckMessageId 2544 2545 SCheckMessageId 2546 R< $+ @ $+ > $@ OK 2547 R$* $#error $: 553 Header Error 2548 2549The alternative format: 2550 2551 HSubject: $>+CheckSubject 2552 2553that is, $>+ instead of $>, gives the full Subject: header including 2554comments to the ruleset (comments in parentheses () are stripped 2555by default). 2556 2557A default ruleset for headers which don't have a specific ruleset 2558defined for them can be given by: 2559 2560 H*: $>CheckHdr 2561 2562Notice: 25631. All rules act on tokens as explained in doc/op/op.{me,ps,txt}. 2564That may cause problems with simple header checks due to the 2565tokenization. It might be simpler to use a regex map and apply it 2566to $&{currHeader}. 25672. There are no default rulesets coming with this distribution of 2568sendmail. You can either write your own or you can search the 2569WWW for examples, e.g., http://www.digitalanswers.org/check_local/ 2570 2571After all of the headers are read, the check_eoh ruleset will be called for 2572any final header-related checks. The ruleset is called with the number of 2573headers and the size of all of the headers in bytes separated by $|. One 2574example usage is to reject messages which do not have a Message-Id: 2575header. However, the Message-Id: header is *NOT* a required header and is 2576not a guaranteed spam indicator. This ruleset is an example and should 2577probably not be used in production. 2578 2579 LOCAL_CONFIG 2580 Kstorage macro 2581 2582 LOCAL_RULESETS 2583 HMessage-Id: $>CheckMessageId 2584 2585 SCheckMessageId 2586 # Record the presence of the header 2587 R$* $: $(storage {MessageIdCheck} $@ OK $) $1 2588 R< $+ @ $+ > $@ OK 2589 R$* $#error $: 553 Header Error 2590 2591 Scheck_eoh 2592 # Check the macro 2593 R$* $: < $&{MessageIdCheck} > 2594 # Clear the macro for the next message 2595 R$* $: $(storage {MessageIdCheck} $) $1 2596 # Has a Message-Id: header 2597 R< $+ > $@ OK 2598 # Allow missing Message-Id: from local mail 2599 R$* $: < $&{client_name} > 2600 R< > $@ OK 2601 R< $=w > $@ OK 2602 # Otherwise, reject the mail 2603 R$* $#error $: 553 Header Error 2604 2605+----------+ 2606| STARTTLS | 2607+----------+ 2608 2609In this text, cert will be used as an abreviation for X.509 certificate, 2610DN (CN) is the distinguished (common) name of a cert, and CA is a 2611certification authority, which signs (issues) certs. 2612 2613For STARTTLS to be offered by sendmail you need to set at least 2614this variables (the file names and paths are just examples): 2615 2616 define(`confCACERT_PATH', `/etc/mail/certs/') 2617 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 2618 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 2619 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 2620 2621On systems which do not have the compile flag HASURANDOM set (see 2622sendmail/README) you also must set confRAND_FILE. 2623 2624See doc/op/op.{me,ps,txt} for more information about these options, 2625especially the sections ``Certificates for STARTTLS'' and ``PRNG for 2626STARTTLS''. 2627 2628Macros related to STARTTLS are: 2629 2630${cert_issuer} holds the DN of the CA (the cert issuer). 2631${cert_subject} holds the DN of the cert (called the cert subject). 2632${cn_issuer} holds the CN of the CA (the cert issuer). 2633${cn_subject} holds the CN of the cert (called the cert subject). 2634${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, 2635 TLSv1/SSLv3, SSLv3, SSLv2. 2636${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 2637 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. 2638${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm 2639 used for the connection. 2640${verify} holds the result of the verification of the presented cert. 2641 Possible values are: 2642 OK verification succeeded. 2643 NO no cert presented. 2644 NOT no cert requested. 2645 FAIL cert presented but could not be verified, 2646 e.g., the cert of the signing CA is missing. 2647 NONE STARTTLS has not been performed. 2648 TEMP temporary error occurred. 2649 PROTOCOL protocol error occurred (SMTP level). 2650 SOFTWARE STARTTLS handshake failed. 2651${server_name} the name of the server of the current outgoing SMTP 2652 connection. 2653${server_addr} the address of the server of the current outgoing SMTP 2654 connection. 2655 2656Relaying 2657-------- 2658 2659SMTP STARTTLS can allow relaying for senders who have successfully 2660authenticated themselves. This is done in the ruleset RelayAuth. If the 2661verification of the cert failed (${verify} != OK), relaying is subject to 2662the usual rules. Otherwise the DN of the issuer is looked up in the access 2663map using the tag CERTISSUER. If the resulting value is RELAY, relaying is 2664allowed. If it is SUBJECT, the DN of the cert subject is looked up next in 2665the access map using the tag CERTSUBJECT. If the value is RELAY, relaying 2666is allowed. 2667 2668To make things a bit more flexible (or complicated), the values for 2669${cert_issuer} and ${cert_subject} can be optionally modified by regular 2670expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and 2671_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in 2672rulesets and map lookups, they are modified as follows: each non-printable 2673character and the characters '<', '>', '(', ')', '"', '+' are replaced by 2674their HEX value with a leading '+'. For example: 2675 2676/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= 2677darth+cert@endmail.org 2678 2679is encoded as: 2680 2681/C=US/ST=California/O=endmail.org/OU=private/CN= 2682Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2683 2684(line breaks have been inserted for readability). 2685 2686Examples: 2687 2688To allow relaying for everyone who can present a cert signed by 2689 2690/C=US/ST=California/O=endmail.org/OU=private/CN= 2691Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2692 2693simply use: 2694 2695CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2696Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY 2697 2698To allow relaying only for a subset of machines that have a cert signed by 2699 2700/C=US/ST=California/O=endmail.org/OU=private/CN= 2701Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2702 2703use: 2704 2705CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2706Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT 2707CERTSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= 2708DeathStar/Email=deathstar@endmail.org RELAY 2709 2710Note: line breaks have been inserted after "CN=" for readability, 2711each tagged entry must be one (long) line in the access map. 2712 2713Of course it is also possible to write a simple ruleset that allows 2714relaying for everyone who can present a cert that can be verified, e.g., 2715 2716LOCAL_RULESETS 2717SLocal_check_rcpt 2718R$* $: $&{verify} 2719ROK $# OK 2720 2721Allowing Connections 2722-------------------- 2723 2724The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether 2725an SMTP connection is accepted (or should continue). 2726 2727tls_server is called when sendmail acts as client after a STARTTLS command 2728(should) have been issued. The parameter is the value of ${verify}. 2729 2730tls_client is called when sendmail acts as server, after a STARTTLS command 2731has been issued, and from check_mail. The parameter is the value of 2732${verify} and STARTTLS or MAIL, respectively. 2733 2734Both rulesets behave the same. If no access map is in use, the connection 2735will be accepted unless ${verify} is SOFTWARE, in which case the connection 2736is always aborted. For tls_server/tls_client, ${client_name}/${server_name} 2737is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done 2738with the ruleset LookUpDomain. If no entry is found, ${client_addr} 2739(${server_addr}) is looked up in the access map (same tag, ruleset 2740LookUpAddr). If this doesn't result in an entry either, just the tag is 2741looked up in the access map (included the trailing colon). Notice: 2742requiring that e-mail is sent to a server only encrypted, e.g., via 2743 2744TLS_Srv:secure.domain ENCR:112 2745 2746doesn't necessarily mean that e-mail sent to that domain is encrypted. 2747If the domain has multiple MX servers, e.g., 2748 2749secure.domain. IN MX 10 mail.secure.domain. 2750secure.domain. IN MX 50 mail.other.domain. 2751 2752then mail to user@secure.domain may go unencrypted to mail.other.domain. 2753tls_rcpt can be used to address this problem. 2754 2755tls_rcpt is called before a RCPT TO: command is sent. The parameter is the 2756current recipient. This ruleset is only defined if FEATURE(`access_db') 2757is selected. A recipient address user@domain is looked up in the access 2758map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain, 2759and TLS_Rcpt:; the first match is taken. 2760 2761The result of the lookups is then used to call the ruleset TLS_connection, 2762which checks the requirement specified by the RHS in the access map against 2763the actual parameters of the current TLS connection, esp. ${verify} and 2764${cipher_bits}. Legal RHSs in the access map are: 2765 2766VERIFY verification must have succeeded 2767VERIFY:bits verification must have succeeded and ${cipher_bits} must 2768 be greater than or equal bits. 2769ENCR:bits ${cipher_bits} must be greater than or equal bits. 2770 2771The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary 2772or permanent error. The default is a temporary error code (403 4.7.0) 2773unless the macro TLS_PERM_ERR is set during generation of the .cf file. 2774 2775If a certain level of encryption is required, then it might also be 2776possible that this level is provided by the security layer from a SASL 2777algorithm, e.g., DIGEST-MD5. 2778 2779Furthermore, there can be a list of extensions added. Such a list 2780starts with '+' and the items are separated by '++'. Allowed 2781extensions are: 2782 2783CN:name name must match ${cn_subject} 2784CN ${server_name} must match ${cn_subject} 2785CS:name name must match ${cert_subject} 2786CI:name name must match ${cert_issuer} 2787 2788Example: e-mail sent to secure.example.com should only use an encrypted 2789connection. E-mail received from hosts within the laptop.example.com domain 2790should only be accepted if they have been authenticated. The host which 2791receives e-mail for darth@endmail.org must present a cert that uses the 2792CN smtp.endmail.org. 2793 2794TLS_Srv:secure.example.com ENCR:112 2795TLS_Clt:laptop.example.com PERM+VERIFY:112 2796TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org 2797 2798 2799Disabling STARTTLS And Setting SMTP Server Features 2800--------------------------------------------------- 2801 2802By default STARTTLS is used whenever possible. However, there are 2803some broken MTAs that don't properly implement STARTTLS. To be able 2804to send to (or receive from) those MTAs, the ruleset try_tls 2805(srv_features) can be used that work together with the access map. 2806Entries for the access map must be tagged with Try_TLS (Srv_Features) 2807and refer to the hostname or IP address of the connecting system. 2808A default case can be specified by using just the tag. For example, 2809the following entries in the access map: 2810 2811 Try_TLS:broken.server NO 2812 Srv_Features:my.domain v 2813 Srv_Features: V 2814 2815will turn off STARTTLS when sending to broken.server (or any host 2816in that domain), and request a client certificate during the TLS 2817handshake only for hosts in my.domain. The valid entries on the RHS 2818for Srv_Features are listed in the Sendmail Installation and 2819Operations Guide. 2820 2821 2822Received: Header 2823---------------- 2824 2825The Received: header reveals whether STARTTLS has been used. It contains an 2826extra line: 2827 2828(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify}) 2829 2830 2831+---------------------+ 2832| SMTP AUTHENTICATION | 2833+---------------------+ 2834 2835The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be 2836used in anti-relay rulesets to allow relaying for those users that 2837authenticated themselves. A very simple example is: 2838 2839SLocal_check_rcpt 2840R$* $: $&{auth_type} 2841R$+ $# OK 2842 2843which checks whether a user has successfully authenticated using 2844any available mechanism. Depending on the setup of the CYRUS SASL 2845library, more sophisticated rulesets might be required, e.g., 2846 2847SLocal_check_rcpt 2848R$* $: $&{auth_type} $| $&{auth_authen} 2849RDIGEST-MD5 $| $+@$=w $# OK 2850 2851to allow relaying for users that authenticated using DIGEST-MD5 2852and have an identity in the local domains. 2853 2854The ruleset trust_auth is used to determine whether a given AUTH= 2855parameter (that is passed to this ruleset) should be trusted. This 2856ruleset may make use of the other ${auth_*} macros. Only if the 2857ruleset resolves to the error mailer, the AUTH= parameter is not 2858trusted. A user supplied ruleset Local_trust_auth can be written 2859to modify the default behavior, which only trust the AUTH= 2860parameter if it is identical to the authenticated user. 2861 2862Per default, relaying is allowed for any user who authenticated 2863via a "trusted" mechanism, i.e., one that is defined via 2864TRUST_AUTH_MECH(`list of mechanisms') 2865For example: 2866TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5') 2867 2868If the selected mechanism provides a security layer the number of 2869bits used for the key of the symmetric cipher is stored in the 2870macro ${auth_ssf}. 2871 2872If sendmail acts as client, it needs some information how to 2873authenticate against another MTA. This information can be provided 2874by the ruleset authinfo or by the option DefaultAuthInfo. The 2875authinfo ruleset looks up {server_name} using the tag AuthInfo: in 2876the access map. If no entry is found, {server_addr} is looked up 2877in the same way and finally just the tag AuthInfo: to provide 2878default values. 2879 2880Notice: the default configuration file causes the option DefaultAuthInfo 2881to fail since the ruleset authinfo is in the .cf file. If you really 2882want to use DefaultAuthInfo (it is deprecated) then you have to 2883remove the ruleset. 2884 2885The RHS for an AuthInfo: entry in the access map should consists of a 2886list of tokens, each of which has the form: "TDstring" (including 2887the quotes). T is a tag which describes the item, D is a delimiter, 2888either ':' for simple text or '=' for a base64 encoded string. 2889Valid values for the tag are: 2890 2891 U user (authorization) id 2892 I authentication id 2893 P password 2894 R realm 2895 M list of mechanisms delimited by spaces 2896 2897Example entries are: 2898 2899AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5" 2900AuthInfo:more.dom "U:user" "P=c2VjcmV0" 2901 2902User or authentication id must exist as well as the password. All 2903other entries have default values. If one of user or authentication 2904id is missing, the existing value is used for the missing item. 2905If "R:" is not specified, realm defaults to $j. The list of mechanisms 2906defaults to those specified by AuthMechanisms. 2907 2908Since this map contains sensitive information, either the access 2909map must be unreadable by everyone but root (or the trusted user) 2910or FEATURE(`authinfo') must be used which provides a separate map. 2911Notice: It is not checked whether the map is actually 2912group/world-unreadable, this is left to the user. 2913 2914+--------------------------------+ 2915| ADDING NEW MAILERS OR RULESETS | 2916+--------------------------------+ 2917 2918Sometimes you may need to add entirely new mailers or rulesets. They 2919should be introduced with the constructs MAILER_DEFINITIONS and 2920LOCAL_RULESETS respectively. For example: 2921 2922 MAILER_DEFINITIONS 2923 Mmymailer, ... 2924 ... 2925 2926 LOCAL_RULESETS 2927 Smyruleset 2928 ... 2929 2930Local additions for the rulesets srv_features, try_tls, tls_rcpt, 2931tls_client, and tls_server can be made using LOCAL_SRV_FEATURES, 2932LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER, 2933respectively. For example, to add a local ruleset that decides 2934whether to try STARTTLS in a sendmail client, use: 2935 2936 LOCAL_TRY_TLS 2937 R... 2938 2939Note: you don't need to add a name for the ruleset, it is implicitly 2940defined by using the appropriate macro. 2941 2942 2943+-------------------------+ 2944| ADDING NEW MAIL FILTERS | 2945+-------------------------+ 2946 2947Sendmail supports mail filters to filter incoming SMTP messages according 2948to the "Sendmail Mail Filter API" documentation. These filters can be 2949configured in your mc file using the two commands: 2950 2951 MAIL_FILTER(`name', `equates') 2952 INPUT_MAIL_FILTER(`name', `equates') 2953 2954The first command, MAIL_FILTER(), simply defines a filter with the given 2955name and equates. For example: 2956 2957 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 2958 2959This creates the equivalent sendmail.cf entry: 2960 2961 Xarchive, S=local:/var/run/archivesock, F=R 2962 2963The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER 2964but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name 2965of the filter such that the filter will actually be called by sendmail. 2966 2967For example, the two commands: 2968 2969 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 2970 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 2971 2972are equivalent to the three commands: 2973 2974 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 2975 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 2976 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') 2977 2978In general, INPUT_MAIL_FILTER() should be used unless you need to define 2979more filters than you want to use for `confINPUT_MAIL_FILTERS'. 2980 2981Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() 2982commands will clear the list created by the prior INPUT_MAIL_FILTER() 2983commands. 2984 2985 2986+-------------------------+ 2987| QUEUE GROUP DEFINITIONS | 2988+-------------------------+ 2989 2990In addition to the queue directory (which is the default queue group 2991called "mqueue"), sendmail can deal with multiple queue groups, which 2992are collections of queue directories with the same behaviour. Queue 2993groups can be defined using the command: 2994 2995 QUEUE_GROUP(`name', `equates') 2996 2997For details about queue groups, please see doc/op/op.{me,ps,txt}. 2998 2999+-------------------------------+ 3000| NON-SMTP BASED CONFIGURATIONS | 3001+-------------------------------+ 3002 3003These configuration files are designed primarily for use by 3004SMTP-based sites. They may not be well tuned for UUCP-only or 3005UUCP-primarily nodes (the latter is defined as a small local net 3006connected to the rest of the world via UUCP). However, there is 3007one hook to handle some special cases. 3008 3009You can define a ``smart host'' that understands a richer address syntax 3010using: 3011 3012 define(`SMART_HOST', `mailer:hostname') 3013 3014In this case, the ``mailer:'' defaults to "relay". Any messages that 3015can't be handled using the usual UUCP rules are passed to this host. 3016 3017If you are on a local SMTP-based net that connects to the outside 3018world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 3019For example: 3020 3021 define(`SMART_HOST', `uucp-new:uunet') 3022 LOCAL_NET_CONFIG 3023 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 3024 3025This will cause all names that end in your domain name ($m) via 3026SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. 3027If you have FEATURE(`nocanonify'), you may need to omit the dots after 3028the $m. If you are running a local DNS inside your domain which is 3029not otherwise connected to the outside world, you probably want to 3030use: 3031 3032 define(`SMART_HOST', `smtp:fire.wall.com') 3033 LOCAL_NET_CONFIG 3034 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 3035 3036That is, send directly only to things you found in your DNS lookup; 3037anything else goes through SMART_HOST. 3038 3039You may need to turn off the anti-spam rules in order to accept 3040UUCP mail with FEATURE(`promiscuous_relay') and 3041FEATURE(`accept_unresolvable_domains'). 3042 3043 3044+-----------+ 3045| WHO AM I? | 3046+-----------+ 3047 3048Normally, the $j macro is automatically defined to be your fully 3049qualified domain name (FQDN). Sendmail does this by getting your 3050host name using gethostname and then calling gethostbyname on the 3051result. For example, in some environments gethostname returns 3052only the root of the host name (such as "foo"); gethostbyname is 3053supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 3054cases, gethostbyname may fail to return the FQDN. In this case 3055you MUST define confDOMAIN_NAME to be your fully qualified domain 3056name. This is usually done using: 3057 3058 Dmbar.com 3059 define(`confDOMAIN_NAME', `$w.$m')dnl 3060 3061 3062+-----------------------------------+ 3063| ACCEPTING MAIL FOR MULTIPLE NAMES | 3064+-----------------------------------+ 3065 3066If your host is known by several different names, you need to augment 3067class {w}. This is a list of names by which your host is known, and 3068anything sent to an address using a host name in this list will be 3069treated as local mail. You can do this in two ways: either create the 3070file /etc/mail/local-host-names containing a list of your aliases (one per 3071line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add 3072``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified 3073name of the host, rather than a short name. 3074 3075If you want to have different address in different domains, take 3076a look at the virtusertable feature, which is also explained at 3077http://www.sendmail.org/virtual-hosting.html 3078 3079 3080+--------------------+ 3081| USING MAILERTABLES | 3082+--------------------+ 3083 3084To use FEATURE(`mailertable'), you will have to create an external 3085database containing the routing information for various domains. 3086For example, a mailertable file in text format might be: 3087 3088 .my.domain xnet:%1.my.domain 3089 uuhost1.my.domain uucp-new:uuhost1 3090 .bitnet smtp:relay.bit.net 3091 3092This should normally be stored in /etc/mail/mailertable. The actual 3093database version of the mailertable is built using: 3094 3095 makemap hash /etc/mail/mailertable < /etc/mail/mailertable 3096 3097The semantics are simple. Any LHS entry that does not begin with 3098a dot matches the full host name indicated. LHS entries beginning 3099with a dot match anything ending with that domain name (including 3100the leading dot) -- that is, they can be thought of as having a 3101leading ".+" regular expression pattern for a non-empty sequence of 3102characters. Matching is done in order of most-to-least qualified 3103-- for example, even though ".my.domain" is listed first in the 3104above example, an entry of "uuhost1.my.domain" will match the second 3105entry since it is more explicit. Note: e-mail to "user@my.domain" 3106does not match any entry in the above table. You need to have 3107something like: 3108 3109 my.domain esmtp:host.my.domain 3110 3111The RHS should always be a "mailer:host" pair. The mailer is the 3112configuration name of a mailer (that is, an M line in the 3113sendmail.cf file). The "host" will be the hostname passed to 3114that mailer. In domain-based matches (that is, those with leading 3115dots) the "%1" may be used to interpolate the wildcarded part of 3116the host name. For example, the first line above sends everything 3117addressed to "anything.my.domain" to that same host name, but using 3118the (presumably experimental) xnet mailer. 3119 3120In some cases you may want to temporarily turn off MX records, 3121particularly on gateways. For example, you may want to MX 3122everything in a domain to one machine that then forwards it 3123directly. To do this, you might use the DNS configuration: 3124 3125 *.domain. IN MX 0 relay.machine 3126 3127and on relay.machine use the mailertable: 3128 3129 .domain smtp:[gateway.domain] 3130 3131The [square brackets] turn off MX records for this host only. 3132If you didn't do this, the mailertable would use the MX record 3133again, which would give you an MX loop. 3134 3135 3136+--------------------------------+ 3137| USING USERDB TO MAP FULL NAMES | 3138+--------------------------------+ 3139 3140The user database was not originally intended for mapping full names 3141to login names (e.g., Eric.Allman => eric), but some people are using 3142it that way. (it is recommended that you set up aliases for this 3143purpose instead -- since you can specify multiple alias files, this 3144is fairly easy.) The intent was to locate the default maildrop at 3145a site, but allow you to override this by sending to a specific host. 3146 3147If you decide to set up the user database in this fashion, it is 3148imperative that you not use FEATURE(`stickyhost') -- otherwise, 3149e-mail sent to Full.Name@local.host.name will be rejected. 3150 3151To build the internal form of the user database, use: 3152 3153 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt 3154 3155As a general rule, it is an extremely bad idea to using full names 3156as e-mail addresses, since they are not in any sense unique. For 3157example, the UNIX software-development community has at least two 3158well-known Peter Deutsches, and at one time Bell Labs had two 3159Stephen R. Bournes with offices along the same hallway. Which one 3160will be forced to suffer the indignity of being Stephen_R_Bourne_2? 3161The less famous of the two, or the one that was hired later? 3162 3163Finger should handle full names (and be fuzzy). Mail should use 3164handles, and not be fuzzy. 3165 3166 3167+--------------------------------+ 3168| MISCELLANEOUS SPECIAL FEATURES | 3169+--------------------------------+ 3170 3171Plussed users 3172 Sometimes it is convenient to merge configuration on a 3173 centralized mail machine, for example, to forward all 3174 root mail to a mail server. In this case it might be 3175 useful to be able to treat the root addresses as a class 3176 of addresses with subtle differences. You can do this 3177 using plussed users. For example, a client might include 3178 the alias: 3179 3180 root: root+client1@server 3181 3182 On the server, this will match an alias for "root+client1". 3183 If that is not found, the alias "root+*" will be tried, 3184 then "root". 3185 3186 3187+----------------+ 3188| SECURITY NOTES | 3189+----------------+ 3190 3191A lot of sendmail security comes down to you. Sendmail 8 is much 3192more careful about checking for security problems than previous 3193versions, but there are some things that you still need to watch 3194for. In particular: 3195 3196* Make sure the aliases file isn't writable except by trusted 3197 system personnel. This includes both the text and database 3198 version. 3199 3200* Make sure that other files that sendmail reads, such as the 3201 mailertable, are only writable by trusted system personnel. 3202 3203* The queue directory should not be world writable PARTICULARLY 3204 if your system allows "file giveaways" (that is, if a non-root 3205 user can chown any file they own to any other user). 3206 3207* If your system allows file giveaways, DO NOT create a publically 3208 writable directory for forward files. This will allow anyone 3209 to steal anyone else's e-mail. Instead, create a script that 3210 copies the .forward file from users' home directories once a 3211 night (if you want the non-NFS-mounted forward directory). 3212 3213* If your system allows file giveaways, you'll find that 3214 sendmail is much less trusting of :include: files -- in 3215 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 3216 /etc/shells before they will be trusted (that is, before 3217 files and programs listed in them will be honored). 3218 3219In general, file giveaways are a mistake -- if you can turn them 3220off, do so. 3221 3222 3223+--------------------------------+ 3224| TWEAKING CONFIGURATION OPTIONS | 3225+--------------------------------+ 3226 3227There are a large number of configuration options that don't normally 3228need to be changed. However, if you feel you need to tweak them, you 3229can define the following M4 variables. This list is shown in four 3230columns: the name you define, the default value for that definition, 3231the option or macro that is affected (either Ox for an option or Dx 3232for a macro), and a brief description. Greater detail of the semantics 3233can be found in the Installation and Operations Guide. 3234 3235Some options are likely to be deprecated in future versions -- that is, 3236the option is only included to provide back-compatibility. These are 3237marked with "*". 3238 3239Remember that these options are M4 variables, and hence may need to 3240be quoted. In particular, arguments with commas will usually have to 3241be ``double quoted, like this phrase'' to avoid having the comma 3242confuse things. This is common for alias file definitions and for 3243the read timeout. 3244 3245M4 Variable Name Configuration Description & [Default] 3246================ ============= ======================= 3247confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 3248 for internally generated outgoing 3249 messages. 3250confDOMAIN_NAME $j macro If defined, sets $j. This should 3251 only be done if your system cannot 3252 determine your local domain name, 3253 and then it should be set to 3254 $w.Foo.COM, where Foo.COM is your 3255 domain name. 3256confCF_VERSION $Z macro If defined, this is appended to the 3257 configuration version name. 3258confLDAP_CLUSTER ${sendmailMTACluster} macro 3259 If defined, this is the LDAP 3260 cluster to use for LDAP searches 3261 as described above in ``USING LDAP 3262 FOR ALIASES, MAPS, AND CLASSES''. 3263confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 3264 internally generated From: address. 3265confRECEIVED_HEADER Received: 3266 [$?sfrom $s $.$?_($?s$|from $.$_) 3267 $.$?{auth_type}(authenticated) 3268 $.by $j ($v/$Z)$?r with $r$. id $i$?u 3269 for $u; $|; 3270 $.$b] 3271 The format of the Received: header 3272 in messages passed through this host. 3273 It is unwise to try to change this. 3274confCW_FILE Fw class [/etc/mail/local-host-names] Name 3275 of file used to get the local 3276 additions to class {w} (local host 3277 names). 3278confCT_FILE Ft class [/etc/mail/trusted-users] Name of 3279 file used to get the local additions 3280 to class {t} (trusted users). 3281confCR_FILE FR class [/etc/mail/relay-domains] Name of 3282 file used to get the local additions 3283 to class {R} (hosts allowed to relay). 3284confTRUSTED_USERS Ct class [no default] Names of users to add to 3285 the list of trusted users. This list 3286 always includes root, uucp, and daemon. 3287 See also FEATURE(`use_ct_file'). 3288confTRUSTED_USER TrustedUser [no default] Trusted user for file 3289 ownership and starting the daemon. 3290 Not to be confused with 3291 confTRUSTED_USERS (see above). 3292confSMTP_MAILER - [esmtp] The mailer name used when 3293 SMTP connectivity is required. 3294 One of "smtp", "smtp8", 3295 "esmtp", or "dsmtp". 3296confUUCP_MAILER - [uucp-old] The mailer to be used by 3297 default for bang-format recipient 3298 addresses. See also discussion of 3299 class {U}, class {Y}, and class {Z} 3300 in the MAILER(`uucp') section. 3301confLOCAL_MAILER - [local] The mailer name used when 3302 local connectivity is required. 3303 Almost always "local". 3304confRELAY_MAILER - [relay] The default mailer name used 3305 for relaying any mail (e.g., to a 3306 BITNET_RELAY, a SMART_HOST, or 3307 whatever). This can reasonably be 3308 "uucp-new" if you are on a 3309 UUCP-connected site. 3310confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 3311confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 3312confALIAS_WAIT AliasWait [10m] Time to wait for alias file 3313 rebuild until you get bored and 3314 decide that the apparently pending 3315 rebuild failed. 3316confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 3317 queue filesystem to accept SMTP mail. 3318 (Prior to 8.7 this was minfree/maxsize, 3319 where minfree was the number of free 3320 blocks and maxsize was the maximum 3321 message size. Use confMAX_MESSAGE_SIZE 3322 for the second value now.) 3323confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 3324 that will be accepted (in bytes). 3325confBLANK_SUB BlankSub [.] Blank (space) substitution 3326 character. 3327confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 3328 to mailers marked expensive. 3329confCHECKPOINT_INTERVAL CheckpointInterval 3330 [10] Checkpoint queue files every N 3331 recipients. 3332confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 3333confERROR_MODE ErrorMode [print] Error message mode. 3334confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 3335confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 3336confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 3337confMATCH_GECOS MatchGECOS [False] Match GECOS field. 3338confMAX_HOP MaxHopCount [25] Maximum hop count. 3339confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd 3340 mode] Ignore dot as terminator for 3341 incoming messages? 3342confBIND_OPTS ResolverOptions [undefined] Default options for DNS 3343 resolver. 3344confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 3345 encapsulated messages per RFC 1344. 3346confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 3347 The colon-separated list of places to 3348 search for .forward files. N.B.: see 3349 the Security Notes section. 3350confMCI_CACHE_SIZE ConnectionCacheSize 3351 [2] Size of open connection cache. 3352confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 3353 [5m] Open connection cache timeout. 3354confHOST_STATUS_DIRECTORY HostStatusDirectory 3355 [undefined] If set, host status is kept 3356 on disk between sendmail runs in the 3357 named directory tree. This need not be 3358 a full pathname, in which case it is 3359 interpreted relative to the queue 3360 directory. 3361confSINGLE_THREAD_DELIVERY SingleThreadDelivery 3362 [False] If this option and the 3363 HostStatusDirectory option are both 3364 set, single thread deliveries to other 3365 hosts. That is, don't allow any two 3366 sendmails on this host to connect 3367 simultaneously to any other single 3368 host. This can slow down delivery in 3369 some cases, in particular since a 3370 cached but otherwise idle connection 3371 to a host will prevent other sendmails 3372 from connecting to the other host. 3373confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to 3374 deliver error messages. This should 3375 not be necessary because of general 3376 acceptance of the envelope/header 3377 distinction. 3378confLOG_LEVEL LogLevel [9] Log level. 3379confME_TOO MeToo [True] Include sender in group 3380 expansions. This option is 3381 deprecated and will be removed from 3382 a future version. 3383confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 3384 running newaliases. Since this does 3385 DNS lookups on every address, it can 3386 slow down the alias rebuild process 3387 considerably on large alias files. 3388confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 3389 special chars are old style. 3390confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 3391confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 3392 copies of all error messages. 3393confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 3394confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for 3395 queue files (octal). If not set, 3396 sendmail uses 0600 unless its real 3397 and effective uid are different in 3398 which case it uses 0644. 3399confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 3400 syntax addresses to the minimum 3401 possible. 3402confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 3403 before forking. 3404confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 3405 on the initial connect. 3406confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 3407 connect() to complete. This can only 3408 shorten connection timeouts; the kernel 3409 silently enforces an absolute maximum 3410 (which varies depending on the system). 3411confTO_ICONNECT Timeout.iconnect 3412 [undefined] Like Timeout.connect, but 3413 applies only to the very first attempt 3414 to connect to a host in a message. 3415 This allows a single very fast pass 3416 followed by more careful delivery 3417 attempts in the future. 3418confTO_ACONNECT Timeout.aconnect 3419 [0] The overall timeout waiting for 3420 all connection for a single delivery 3421 attempt to succeed. If 0, no overall 3422 limit is applied. 3423confTO_HELO Timeout.helo [5m] The timeout waiting for a response 3424 to a HELO or EHLO command. 3425confTO_MAIL Timeout.mail [10m] The timeout waiting for a 3426 response to the MAIL command. 3427confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 3428 to the RCPT command. 3429confTO_DATAINIT Timeout.datainit 3430 [5m] The timeout waiting for a 354 3431 response from the DATA command. 3432confTO_DATABLOCK Timeout.datablock 3433 [1h] The timeout waiting for a block 3434 during DATA phase. 3435confTO_DATAFINAL Timeout.datafinal 3436 [1h] The timeout waiting for a response 3437 to the final "." that terminates a 3438 message. 3439confTO_RSET Timeout.rset [5m] The timeout waiting for a response 3440 to the RSET command. 3441confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 3442 to the QUIT command. 3443confTO_MISC Timeout.misc [2m] The timeout waiting for a response 3444 to other SMTP commands. 3445confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout 3446 waiting for a command to be issued. 3447confTO_IDENT Timeout.ident [5s] The timeout waiting for a 3448 response to an IDENT query. 3449confTO_FILEOPEN Timeout.fileopen 3450 [60s] The timeout waiting for a file 3451 (e.g., :include: file) to be opened. 3452confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response 3453 to an LMTP LHLO command. 3454confTO_AUTH Timeout.auth [10m] The timeout waiting for a 3455 response in an AUTH dialogue. 3456confTO_STARTTLS Timeout.starttls 3457 [1h] The timeout waiting for a 3458 response to an SMTP STARTTLS command. 3459confTO_CONTROL Timeout.control 3460 [2m] The timeout for a complete 3461 control socket transaction to complete. 3462confTO_QUEUERETURN Timeout.queuereturn 3463 [5d] The timeout before a message is 3464 returned as undeliverable. 3465confTO_QUEUERETURN_NORMAL 3466 Timeout.queuereturn.normal 3467 [undefined] As above, for normal 3468 priority messages. 3469confTO_QUEUERETURN_URGENT 3470 Timeout.queuereturn.urgent 3471 [undefined] As above, for urgent 3472 priority messages. 3473confTO_QUEUERETURN_NONURGENT 3474 Timeout.queuereturn.non-urgent 3475 [undefined] As above, for non-urgent 3476 (low) priority messages. 3477confTO_QUEUEWARN Timeout.queuewarn 3478 [4h] The timeout before a warning 3479 message is sent to the sender telling 3480 them that the message has been 3481 deferred. 3482confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 3483 [undefined] As above, for normal 3484 priority messages. 3485confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 3486 [undefined] As above, for urgent 3487 priority messages. 3488confTO_QUEUEWARN_NONURGENT 3489 Timeout.queuewarn.non-urgent 3490 [undefined] As above, for non-urgent 3491 (low) priority messages. 3492confTO_HOSTSTATUS Timeout.hoststatus 3493 [30m] How long information about host 3494 statuses will be maintained before it 3495 is considered stale and the host should 3496 be retried. This applies both within 3497 a single queue run and to persistent 3498 information (see below). 3499confTO_RESOLVER_RETRANS Timeout.resolver.retrans 3500 [varies] Sets the resolver's 3501 retransmition time interval (in 3502 seconds). Sets both 3503 Timeout.resolver.retrans.first and 3504 Timeout.resolver.retrans.normal. 3505confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 3506 [varies] Sets the resolver's 3507 retransmition time interval (in 3508 seconds) for the first attempt to 3509 deliver a message. 3510confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 3511 [varies] Sets the resolver's 3512 retransmition time interval (in 3513 seconds) for all resolver lookups 3514 except the first delivery attempt. 3515confTO_RESOLVER_RETRY Timeout.resolver.retry 3516 [varies] Sets the number of times 3517 to retransmit a resolver query. 3518 Sets both 3519 Timeout.resolver.retry.first and 3520 Timeout.resolver.retry.normal. 3521confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 3522 [varies] Sets the number of times 3523 to retransmit a resolver query for 3524 the first attempt to deliver a 3525 message. 3526confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 3527 [varies] Sets the number of times 3528 to retransmit a resolver query for 3529 all resolver lookups except the 3530 first delivery attempt. 3531confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 3532 USE_SYSTEM to use the system's idea, 3533 USE_TZ to use the user's TZ envariable, 3534 or something else to force that value. 3535confDEF_USER_ID DefaultUser [1:1] Default user id. 3536confUSERDB_SPEC UserDatabaseSpec 3537 [undefined] User database 3538 specification. 3539confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 3540confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX 3541 for a host and other arrangements 3542 haven't been made, try connecting 3543 to the host directly; normally this 3544 would be a config error. 3545confQUEUE_LA QueueLA [varies] Load average at which 3546 queue-only function kicks in. 3547 Default values is (8 * numproc) 3548 where numproc is the number of 3549 processors online (if that can be 3550 determined). 3551confREFUSE_LA RefuseLA [varies] Load average at which 3552 incoming SMTP connections are 3553 refused. Default values is (12 * 3554 numproc) where numproc is the 3555 number of processors online (if 3556 that can be determined). 3557confDELAY_LA DelayLA [0] Load average at which sendmail 3558 will sleep for one second on most 3559 SMTP commands and before accepting 3560 connections. 0 means no limit. 3561confMAX_ALIAS_RECURSION MaxAliasRecursion 3562 [10] Maximum depth of alias recursion. 3563confMAX_DAEMON_CHILDREN MaxDaemonChildren 3564 [undefined] The maximum number of 3565 children the daemon will permit. After 3566 this number, connections will be 3567 rejected. If not set or <= 0, there is 3568 no limit. 3569confMAX_HEADERS_LENGTH MaxHeadersLength 3570 [32768] Maximum length of the sum 3571 of all headers. 3572confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 3573 [undefined] Maximum length of 3574 certain MIME header field values. 3575confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 3576 [undefined] The maximum number of 3577 connections permitted per second per 3578 daemon. After this many connections 3579 are accepted, further connections 3580 will be delayed. If not set or <= 0, 3581 there is no limit. 3582confWORK_RECIPIENT_FACTOR 3583 RecipientFactor [30000] Cost of each recipient. 3584confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a 3585 separate process. 3586confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 3587confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 3588confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 3589 Priority, Host, Filename, Random, 3590 Modification, or Time. 3591confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 3592 must sit in the queue between queue 3593 runs. This allows you to set the 3594 queue run interval low for better 3595 responsiveness without trying all 3596 jobs in each run. 3597confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 3598 unlabeled 8 bit input to MIME, the 3599 character set to use by default. 3600confSERVICE_SWITCH_FILE ServiceSwitchFile 3601 [/etc/mail/service.switch] The file 3602 to use for the service switch on 3603 systems that do not have a 3604 system-defined switch. 3605confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 3606 "file" type access of hosts names. 3607confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 3608 long and try again. Zero means "don't 3609 retry". This is to allow "dial on 3610 demand" connections to have enough time 3611 to complete a connection. 3612confNO_RCPT_ACTION NoRecipientAction 3613 [none] What to do if there are no legal 3614 recipient fields (To:, Cc: or Bcc:) 3615 in the message. Legal values can 3616 be "none" to just leave the 3617 nonconforming message as is, "add-to" 3618 to add a To: header with all the 3619 known recipients (which may expose 3620 blind recipients), "add-apparently-to" 3621 to do the same but use Apparently-To: 3622 instead of To: (strongly discouraged 3623 in accordance with IETF standards), 3624 "add-bcc" to add an empty Bcc: 3625 header, or "add-to-undisclosed" to 3626 add the header 3627 ``To: undisclosed-recipients:;''. 3628confSAFE_FILE_ENV SafeFileEnvironment 3629 [undefined] If set, sendmail will do a 3630 chroot() into this directory before 3631 writing files. 3632confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 3633 If set, colons are treated as a regular 3634 character in addresses. If not set, 3635 they are treated as the introducer to 3636 the RFC 822 "group" syntax. Colons are 3637 handled properly in route-addrs. This 3638 option defaults on for V5 and lower 3639 configuration files. 3640confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 3641 any given queue run to this number of 3642 entries. Essentially, this will stop 3643 reading each queue directory after this 3644 number of entries are reached; it does 3645 _not_ pick the highest priority jobs, 3646 so this should be as large as your 3647 system can tolerate. If not set, there 3648 is no limit. 3649confMAX_QUEUE_CHILDREN MaxQueueChildren 3650 [undefined] Limits the maximum number 3651 of concurrent queue runners active. 3652 This is to keep system resources used 3653 within a reasonable limit. Relates to 3654 Queue Groups and ForkAllJobs. 3655confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 3656 [1] Only active when MaxQueueChildren 3657 defined. Controls the maximum number 3658 of queue runners (aka queue children) 3659 active at the same time in a work 3660 group. See also MaxQueueChildren. 3661confDONT_EXPAND_CNAMES DontExpandCnames 3662 [False] If set, $[ ... $] lookups that 3663 do DNS based lookups do not expand 3664 CNAME records. This currently violates 3665 the published standards, but the IETF 3666 seems to be moving toward legalizing 3667 this. For example, if "FTP.Foo.ORG" 3668 is a CNAME for "Cruft.Foo.ORG", then 3669 with this option set a lookup of 3670 "FTP" will return "FTP.Foo.ORG"; if 3671 clear it returns "Cruft.FOO.ORG". N.B. 3672 you may not see any effect until your 3673 downstream neighbors stop doing CNAME 3674 lookups as well. 3675confFROM_LINE UnixFromLine [From $g $d] The From_ line used 3676 when sending to files or programs. 3677confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 3678 [False] From: lines that have 3679 embedded newlines are unwrapped 3680 onto one line. 3681confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 3682 does not include a host name. 3683confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 3684 name phrase (@,;:\()[] are automatic). 3685confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 3686 characters. 3687confSMTP_LOGIN_MSG SmtpGreetingMessage 3688 [$j Sendmail $v/$Z; $b] 3689 The initial (spontaneous) SMTP 3690 greeting message. The word "ESMTP" 3691 will be inserted between the first and 3692 second words to convince other 3693 sendmails to try to speak ESMTP. 3694confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 3695 routine will never be invoked. You 3696 might want to do this if you are 3697 running NIS and you have a large group 3698 map, since this call does a sequential 3699 scan of the map; in a large site this 3700 can cause your ypserv to run 3701 essentially full time. If you set 3702 this, agents run on behalf of users 3703 will only have their primary 3704 (/etc/passwd) group permissions. 3705confUNSAFE_GROUP_WRITES UnsafeGroupWrites 3706 [False] If set, group-writable 3707 :include: and .forward files are 3708 considered "unsafe", that is, programs 3709 and files cannot be directly referenced 3710 from such files. World-writable files 3711 are always considered unsafe. 3712confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection 3713 address (for testing). 3714confCONTROL_SOCKET_NAME ControlSocketName 3715 [undefined] Control socket for daemon 3716 management. 3717confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 3718 [postmaster] If an error occurs when 3719 sending an error message, send that 3720 "double bounce" error message to this 3721 address. If it expands to an empty 3722 string, double bounces are dropped. 3723confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce 3724 messages which could not be returned 3725 to the user or sent to postmaster. 3726 If not set, the queue file will 3727 be renamed. 3728confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header 3729 implies DSN request. 3730confRUN_AS_USER RunAsUser [undefined] If set, become this user 3731 when reading and delivering mail. 3732 Causes all file reads (e.g., .forward 3733 and :include: files) to be done as 3734 this user. Also, all programs will 3735 be run as this user, and all output 3736 files will be written as this user. 3737 Intended for use only on firewalls 3738 where users do not have accounts. 3739confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 3740 [infinite] If set, allow no more than 3741 the specified number of recipients in 3742 an SMTP envelope. Further recipients 3743 receive a 452 error code (i.e., they 3744 are deferred for the next delivery 3745 attempt). 3746confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and more than the 3747 specified number of recipients in an 3748 envelope are rejected, sleep for one 3749 second after each rejected RCPT 3750 command. 3751confDONT_PROBE_INTERFACES DontProbeInterfaces 3752 [False] If set, sendmail will _not_ 3753 insert the names and addresses of any 3754 local interfaces into class {w} 3755 (list of known "equivalent" addresses). 3756 If you set this, you must also include 3757 some support for these addresses (e.g., 3758 in a mailertable entry) -- otherwise, 3759 mail to addresses in this list will 3760 bounce with a configuration error. 3761 If set to "loopback" (without 3762 quotes), sendmail will skip 3763 loopback interfaces (e.g., "lo0"). 3764confPID_FILE PidFile [system dependent] Location of pid 3765 file. 3766confPROCESS_TITLE_PREFIX ProcessTitlePrefix 3767 [undefined] Prefix string for the 3768 process title shown on 'ps' listings. 3769confDONT_BLAME_SENDMAIL DontBlameSendmail 3770 [safe] Override sendmail's file 3771 safety checks. This will definitely 3772 compromise system security and should 3773 not be used unless absolutely 3774 necessary. 3775confREJECT_MSG - [550 Access denied] The message 3776 given if the access database contains 3777 REJECT in the value portion. 3778confRELAY_MSG - [550 Relaying denied] The message 3779 given if an unauthorized relaying 3780 attempt is rejected. 3781confDF_BUFFER_SIZE DataFileBufferSize 3782 [4096] The maximum size of a 3783 memory-buffered data (df) file 3784 before a disk-based file is used. 3785confXF_BUFFER_SIZE XScriptFileBufferSize 3786 [4096] The maximum size of a 3787 memory-buffered transcript (xf) 3788 file before a disk-based file is 3789 used. 3790confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5 3791 CRAM-MD5] List of authentication 3792 mechanisms for AUTH (separated by 3793 spaces). The advertised list of 3794 authentication mechanisms will be the 3795 intersection of this list and the list 3796 of available mechanisms as determined 3797 by the CYRUS SASL library. 3798confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains 3799 authentication information for 3800 outgoing connections. This file must 3801 contain the user id, the authorization 3802 id, the password (plain text), the 3803 realm to use, and the list of 3804 mechanisms to try, each on a separate 3805 line and must be readable by root (or 3806 the trusted user) only. If no realm 3807 is specified, $j is used. If no 3808 mechanisms are given in the file, 3809 AuthMechanisms is used. Notice: this 3810 option is deprecated and will be 3811 removed in future versions; it doesn't 3812 work for the MSP since it can't read 3813 the file. Use the authinfo ruleset 3814 instead. See also the section SMTP 3815 AUTHENTICATION. 3816confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A' 3817 then the AUTH= parameter for the 3818 MAIL FROM command is only issued 3819 when authentication succeeded. 3820 Other values (which should be listed 3821 one after the other without any 3822 intervening characters except for 3823 space or comma) are a, c, d, f, p, 3824 and y. See doc/op/op.me for 3825 details. 3826confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption 3827 strength for the security layer in 3828 SMTP AUTH (SASL). Default is 3829 essentially unlimited. 3830confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 3831 verification is performed, i.e., 3832 the server doesn't ask for a 3833 certificate. 3834confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map 3835 specification for LDAP maps. The 3836 value should only contain LDAP 3837 specific settings such as "-h host 3838 -p port -d bindDN", etc. The 3839 settings will be used for all LDAP 3840 maps unless they are specified in 3841 the individual map specification 3842 ('K' command). 3843confCACERT_PATH CACERTPath [undefined] Path to directory 3844 with certs of CAs. 3845confCACERT CACERTFile [undefined] File containing one CA 3846 cert. 3847confSERVER_CERT ServerCertFile [undefined] File containing the 3848 cert of the server, i.e., this cert 3849 is used when sendmail acts as 3850 server. 3851confSERVER_KEY ServerKeyFile [undefined] File containing the 3852 private key belonging to the server 3853 cert. 3854confCLIENT_CERT ClientCertFile [undefined] File containing the 3855 cert of the client, i.e., this cert 3856 is used when sendmail acts as 3857 client. 3858confCLIENT_KEY ClientKeyFile [undefined] File containing the 3859 private key belonging to the client 3860 cert. 3861confDH_PARAMETERS DHParameters [undefined] File containing the 3862 DH parameters. 3863confRAND_FILE RandFile [undefined] File containing random 3864 data (use prefix file:) or the 3865 name of the UNIX socket if EGD is 3866 used (use prefix egd:). STARTTLS 3867 requires this option if the compile 3868 flag HASURANDOM is not set (see 3869 sendmail/README). 3870confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of 3871 queue runners is set the given value 3872 (nice(3)). 3873confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 3874 [undefined] Defines {daemon_flags} 3875 for direct submissions. 3876confUSE_MSP UseMSP [false] Use as mail submission 3877 program, see sendmail/SECURITY. 3878confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By 3879 SMTP Service Extension (RFC 2852). 3880confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory. 3881confFAST_SPLIT FastSplit [1] If set to a value greater than 3882 zero, the initial MX lookups on 3883 addresses is suppressed when they 3884 are sorted which may result in 3885 faster envelope splitting. If the 3886 mail is submitted directly from the 3887 command line, then the value also 3888 limits the number of processes to 3889 deliver the envelopes. 3890confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find 3891 information about local mailboxes. 3892confDEQUOTE_OPTS - [empty] Additional options for the 3893 dequote map. 3894confINPUT_MAIL_FILTERS InputMailFilters 3895 A comma separated list of filters 3896 which determines which filters and 3897 the invocation sequence are 3898 contacted for incoming SMTP 3899 messages. If none are set, no 3900 filters will be contacted. 3901confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter 3902 actions, defaults to LogLevel. 3903confMILTER_MACROS_CONNECT Milter.macros.connect 3904 [empty] Macros to transmit to milters 3905 when a session connection starts. 3906confMILTER_MACROS_HELO Milter.macros.helo 3907 [empty] Macros to transmit to milters 3908 after HELO command. 3909confMILTER_MACROS_ENVFROM Milter.macros.envfrom 3910 [empty] Macros to transmit to milters 3911 after MAIL FROM command. 3912confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 3913 [empty] Macros to transmit to milters 3914 after RCPT TO command. 3915 3916 3917See also the description of OSTYPE for some parameters that can be 3918tweaked (generally pathnames to mailers). 3919 3920ClientPortOptions and DaemonPortOptions are special cases since multiple 3921clients/daemons can be defined. This can be done via 3922 3923 CLIENT_OPTIONS(`field1=value1,field2=value2,...') 3924 DAEMON_OPTIONS(`field1=value1,field2=value2,...') 3925 3926Note that multiple CLIENT_OPTIONS() commands (and therefore multiple 3927ClientPortOptions settings) are allowed in order to give settings for each 3928protocol family (e.g., one for Family=inet and one for Family=inet6). A 3929restriction placed on one family only affects outgoing connections on that 3930particular family. 3931 3932If DAEMON_OPTIONS is not used, then the default is 3933 3934 DAEMON_OPTIONS(`Port=smtp, Name=MTA') 3935 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') 3936 3937If you use one DAEMON_OPTIONS macro, it will alter the parameters 3938of the first of these. The second will still be defaulted; it 3939represents a "Message Submission Agent" (MSA) as defined by RFC 39402476 (see below). To turn off the default definition for the MSA, 3941use FEATURE(`no_default_msa') (see also FEATURES). If you use 3942additional DAEMON_OPTIONS macros, they will add additional daemons. 3943 3944Example 1: To change the port for the SMTP listener, while 3945still using the MSA default, use 3946 DAEMON_OPTIONS(`Port=925, Name=MTA') 3947 3948Example 2: To change the port for the MSA daemon, while still 3949using the default SMTP port, use 3950 FEATURE(`no_default_msa') 3951 DAEMON_OPTIONS(`Name=MTA') 3952 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') 3953 3954Note that if the first of those DAEMON_OPTIONS lines were omitted, then 3955there would be no listener on the standard SMTP port. 3956 3957Example 3: To listen on both IPv4 and IPv6 interfaces, use 3958 3959 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') 3960 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') 3961 3962A "Message Submission Agent" still uses all of the same rulesets for 3963processing the message (and therefore still allows message rejection via 3964the check_* rulesets). In accordance with the RFC, the MSA will ensure 3965that all domains in the envelope are fully qualified if the message is 3966relayed to another MTA. It will also enforce the normal address syntax 3967rules and log error messages. Additionally, by using the M=a modifier 3968you can require authentication before messages are accepted by the MSA. 3969Notice: Do NOT use the 'a' modifier on a public accessible MTA! 3970Finally, the M=E modifier shown above disables ETRN as required by RFC 39712476. 3972 3973Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() 3974commands: 3975 3976 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') 3977 MAIL_FILTER(`myfilter', `S=inet:3333@localhost') 3978 3979The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the 3980same order they were specified by also setting confINPUT_MAIL_FILTERS. A 3981filter can be defined without adding it to the input filter list by using 3982MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. 3983Alternatively, you can reset the list of filters and their order by setting 3984confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in 3985your .mc file. 3986 3987 3988+----------------------------+ 3989| MESSAGE SUBMISSION PROGRAM | 3990+----------------------------+ 3991 3992The purpose of the message submission program (MSP) is explained 3993in sendmail/SECURITY. This section contains a list of caveats and 3994a few hints how for those who want to tweak the default configuration 3995for it (which is installed as submit.cf). 3996 3997Notice: do not add options/features to submit.mc unless you are 3998absolutely sure you need them. Options you may want to change 3999include: 4000 4001- confTIME_ZONE on OS that don't use the default, e.g., Irix. 4002- confDELIVERY_MODE is set to interactive in msp.m4 instead 4003 of the default background mode. 4004 4005Some things are not intended to work with the MSP. These include 4006features that influence the delivery process (e.g., mailertable, 4007aliases), or those that are only important for a SMTP server (e.g., 4008virtusertable, DaemonPortOptions, multiple queues). Moreover, 4009relaxing certain restrictions (RestrictQueueRun, permissions on 4010queue directory) or adding features (e.g., enabling prog/file mailer) 4011can cause security problems. 4012 4013Other things don't work well with the MSP and require tweaking or 4014workarounds. For example, to allow for client authentication it 4015is not just sufficient to provide a client certificate and the 4016corresponding key, but it is also necessary to make the key group 4017(smmsp) readable and tell sendmail not to complain about that, i.e., 4018 4019 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile') 4020 4021If the MSP should actually use AUTH then the necessary data 4022should be placed in a map as explained in SMTP AUTHENTICATION: 4023 4024FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo') 4025 4026/etc/mail/msp-authinfo should contain an entry like: 4027 4028 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5" 4029 4030The file and the map created by makemap should be owned by smmsp, 4031its group should be smmsp, and it should have mode 640. The database 4032used by the MTA for AUTH must have a corresponding entry. 4033Additionally the MTA must trust this authentication data so the AUTH= 4034part will be relayed on to the next hop. This can be achieved by 4035adding the following to your sendmail.mc file: 4036 4037 LOCAL_RULESETS 4038 SLocal_trust_auth 4039 R$* $: $&{auth_authen} 4040 Rsmmsp $# OK 4041 4042feature/msp.m4 defines almost all settings for the MSP. Most of 4043those should not be changed at all. Some of the features and options 4044can be overridden if really necessary. It is a bit tricky to do 4045this, because it depends on the actual way the option is defined 4046in feature/msp.m4. If it is directly defined (i.e., define()) then 4047the modified value must be defined after 4048 4049 FEATURE(`msp') 4050 4051If it is conditionally defined (i.e., ifdef()) then the desired 4052value must be defined before the FEATURE line in the .mc file. 4053To see how the options are defined read feature/msp.m4. 4054 4055 4056+--------------------------+ 4057| FORMAT OF FILES AND MAPS | 4058+--------------------------+ 4059 4060Files that define classes, i.e., F{classname}, consist of lines 4061each of which contains a single element of the class. For example, 4062/etc/mail/local-host-names may have the following content: 4063 4064my.domain 4065another.domain 4066 4067Maps must be created using makemap(8) , e.g., 4068 4069 makemap hash MAP < MAP 4070 4071In general, a text file from which a map is created contains lines 4072of the form 4073 4074key value 4075 4076where 'key' and 'value' are also called LHS and RHS, respectively. 4077By default, the delimiter between LHS and RHS is a non-empty sequence 4078of white space characters. 4079 4080 4081+------------------+ 4082| DIRECTORY LAYOUT | 4083+------------------+ 4084 4085Within this directory are several subdirectories, to wit: 4086 4087m4 General support routines. These are typically 4088 very important and should not be changed without 4089 very careful consideration. 4090 4091cf The configuration files themselves. They have 4092 ".mc" suffixes, and must be run through m4 to 4093 become complete. The resulting output should 4094 have a ".cf" suffix. 4095 4096ostype Definitions describing a particular operating 4097 system type. These should always be referenced 4098 using the OSTYPE macro in the .mc file. Examples 4099 include "bsd4.3", "bsd4.4", "sunos3.5", and 4100 "sunos4.1". 4101 4102domain Definitions describing a particular domain, referenced 4103 using the DOMAIN macro in the .mc file. These are 4104 site dependent; for example, "CS.Berkeley.EDU.m4" 4105 describes hosts in the CS.Berkeley.EDU subdomain. 4106 4107mailer Descriptions of mailers. These are referenced using 4108 the MAILER macro in the .mc file. 4109 4110sh Shell files used when building the .cf file from the 4111 .mc file in the cf subdirectory. 4112 4113feature These hold special orthogonal features that you might 4114 want to include. They should be referenced using 4115 the FEATURE macro. 4116 4117hack Local hacks. These can be referenced using the HACK 4118 macro. They shouldn't be of more than voyeuristic 4119 interest outside the .Berkeley.EDU domain, but who knows? 4120 4121siteconfig Site configuration -- e.g., tables of locally connected 4122 UUCP sites. 4123 4124 4125+------------------------+ 4126| ADMINISTRATIVE DETAILS | 4127+------------------------+ 4128 4129The following sections detail usage of certain internal parts of the 4130sendmail.cf file. Read them carefully if you are trying to modify 4131the current model. If you find the above descriptions adequate, these 4132should be {boring, confusing, tedious, ridiculous} (pick one or more). 4133 4134RULESETS (* means built in to sendmail) 4135 4136 0 * Parsing 4137 1 * Sender rewriting 4138 2 * Recipient rewriting 4139 3 * Canonicalization 4140 4 * Post cleanup 4141 5 * Local address rewrite (after aliasing) 4142 1x mailer rules (sender qualification) 4143 2x mailer rules (recipient qualification) 4144 3x mailer rules (sender header qualification) 4145 4x mailer rules (recipient header qualification) 4146 5x mailer subroutines (general) 4147 6x mailer subroutines (general) 4148 7x mailer subroutines (general) 4149 8x reserved 4150 90 Mailertable host stripping 4151 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 4152 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 4153 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 4154 4155 4156MAILERS 4157 4158 0 local, prog local and program mailers 4159 1 [e]smtp, relay SMTP channel 4160 2 uucp-* UNIX-to-UNIX Copy Program 4161 3 netnews Network News delivery 4162 4 fax Sam Leffler's HylaFAX software 4163 5 mail11 DECnet mailer 4164 4165 4166MACROS 4167 4168 A 4169 B Bitnet Relay 4170 C DECnet Relay 4171 D The local domain -- usually not needed 4172 E reserved for X.400 Relay 4173 F FAX Relay 4174 G 4175 H mail Hub (for mail clusters) 4176 I 4177 J 4178 K 4179 L Luser Relay 4180 M Masquerade (who you claim to be) 4181 N 4182 O 4183 P 4184 Q 4185 R Relay (for unqualified names) 4186 S Smart Host 4187 T 4188 U my UUCP name (if you have a UUCP connection) 4189 V UUCP Relay (class {V} hosts) 4190 W UUCP Relay (class {W} hosts) 4191 X UUCP Relay (class {X} hosts) 4192 Y UUCP Relay (all other hosts) 4193 Z Version number 4194 4195 4196CLASSES 4197 4198 A 4199 B domains that are candidates for bestmx lookup 4200 C 4201 D 4202 E addresses that should not seem to come from $M 4203 F hosts this system forward for 4204 G domains that should be looked up in genericstable 4205 H 4206 I 4207 J 4208 K 4209 L addresses that should not be forwarded to $R 4210 M domains that should be mapped to $M 4211 N host/domains that should not be mapped to $M 4212 O operators that indicate network operations (cannot be in local names) 4213 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 4214 Q 4215 R domains this system is willing to relay (pass anti-spam filters) 4216 S 4217 T 4218 U locally connected UUCP hosts 4219 V UUCP hosts connected to relay $V 4220 W UUCP hosts connected to relay $W 4221 X UUCP hosts connected to relay $X 4222 Y locally connected smart UUCP hosts 4223 Z locally connected domain-ized UUCP hosts 4224 . the class containing only a dot 4225 [ the class containing only a left bracket 4226 4227 4228M4 DIVERSIONS 4229 4230 1 Local host detection and resolution 4231 2 Local Ruleset 3 additions 4232 3 Local Ruleset 0 additions 4233 4 UUCP Ruleset 0 additions 4234 5 locally interpreted names (overrides $R) 4235 6 local configuration (at top of file) 4236 7 mailer definitions 4237 8 DNS based blacklists 4238 9 special local rulesets (1 and 2) 4239 4240$Revision: 8.600 $, Last updated $Date: 2002/01/10 17:43:41 $ 4241