1
2 SENDMAIL CONFIGURATION FILES
3
4This document describes the sendmail configuration files. It
5explains how to create a sendmail.cf file for use with sendmail.
6It also describes how to set options for sendmail which are explained
7in the Sendmail Installation and Operation guide (doc/op/op.me).
8
9To get started, you may want to look at tcpproto.mc (for TCP-only
10sites) and clientproto.mc (for clusters of clients using a single
11mail host), or the generic-*.mc files as operating system-specific
12examples.
13
14Table of Content:
15
16INTRODUCTION AND EXAMPLE
17A BRIEF INTRODUCTION TO M4
18FILE LOCATIONS
19OSTYPE
20DOMAINS
21MAILERS
22FEATURES
23HACKS
24SITE CONFIGURATION
25USING UUCP MAILERS
26TWEAKING RULESETS
27MASQUERADING AND RELAYING
28USING LDAP FOR ALIASES, MAPS, AND CLASSES
29LDAP ROUTING
30ANTI-SPAM CONFIGURATION CONTROL
31CONNECTION CONTROL
32STARTTLS
33SMTP AUTHENTICATION
34ADDING NEW MAILERS OR RULESETS
35ADDING NEW MAIL FILTERS
36QUEUE GROUP DEFINITIONS
37NON-SMTP BASED CONFIGURATIONS
38WHO AM I?
39ACCEPTING MAIL FOR MULTIPLE NAMES
40USING MAILERTABLES
41USING USERDB TO MAP FULL NAMES
42MISCELLANEOUS SPECIAL FEATURES
43SECURITY NOTES
44TWEAKING CONFIGURATION OPTIONS
45MESSAGE SUBMISSION PROGRAM
46FORMAT OF FILES AND MAPS
47DIRECTORY LAYOUT
48ADMINISTRATIVE DETAILS
49
50
51+--------------------------+
52| INTRODUCTION AND EXAMPLE |
53+--------------------------+
54
55Configuration files are contained in the subdirectory "cf", with a
56suffix ".mc". They must be run through "m4" to produce a ".cf" file.
57You must pre-load "cf.m4":
58
59 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
60
61Alternatively, you can simply:
62
63 cd ${CFDIR}/cf
64 ./Build config.cf
65
66where ${CFDIR} is the root of the cf directory and config.mc is the
67name of your configuration file. If you are running a version of M4
68that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
69this, but the versions distributed with 4.4BSD and derivatives do not)
70or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
71For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
72use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example:
73
74 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
75
76Let's examine a typical .mc file:
77
78 divert(-1)
79 #
80 # Copyright (c) 1998-2005 Proofpoint, Inc. and its suppliers.
81 # All rights reserved.
82 # Copyright (c) 1983 Eric P. Allman. All rights reserved.
83 # Copyright (c) 1988, 1993
84 # The Regents of the University of California. All rights reserved.
85 #
86 # By using this file, you agree to the terms and conditions set
87 # forth in the LICENSE file which can be found at the top level of
88 # the sendmail distribution.
89 #
90
91 #
92 # This is a Berkeley-specific configuration file for HP-UX 9.x.
93 # It applies only to the Computer Science Division at Berkeley,
94 # and should not be used elsewhere. It is provided on the sendmail
95 # distribution as a sample only. To create your own configuration
96 # file, create an appropriate domain file in ../domain, change the
97 # `DOMAIN' macro below to reference that file, and copy the result
98 # to a name of your own choosing.
99 #
100 divert(0)
101
102The divert(-1) will delete the crud in the resulting output file.
103The copyright notice can be replaced by whatever your lawyers require;
104our lawyers require the one that is included in these files. A copyleft
105is a copyright by another name. The divert(0) restores regular output.
106
107 VERSIONID(`<SCCS or RCS version id>')
108
109VERSIONID is a macro that stuffs the version information into the
110resulting file. You could use SCCS, RCS, CVS, something else, or
111omit it completely. This is not the same as the version id included
112in SMTP greeting messages -- this is defined in m4/version.m4.
113
114 OSTYPE(`hpux9')dnl
115
116You must specify an OSTYPE to properly configure things such as the
117pathname of the help and status files, the flags needed for the local
118mailer, and other important things. If you omit it, you will get an
119error when you try to build the configuration. Look at the ostype
120directory for the list of known operating system types.
121
122 DOMAIN(`CS.Berkeley.EDU')dnl
123
124This example is specific to the Computer Science Division at Berkeley.
125You can use "DOMAIN(`generic')" to get a sufficiently bland definition
126that may well work for you, or you can create a customized domain
127definition appropriate for your environment.
128
129 MAILER(`local')
130 MAILER(`smtp')
131
132These describe the mailers used at the default CS site. The local
133mailer is always included automatically. Beware: MAILER declarations
134should only be followed by LOCAL_* sections. The general rules are
135that the order should be:
136
137 VERSIONID
138 OSTYPE
139 DOMAIN
140 FEATURE
141 local macro definitions
142 MAILER
143 LOCAL_CONFIG
144 LOCAL_RULE_*
145 LOCAL_RULESETS
146
147There are a few exceptions to this rule. Local macro definitions which
148influence a FEATURE() should be done before that feature. For example,
149a define(`PROCMAIL_MAILER_PATH', ...) should be done before
150FEATURE(`local_procmail').
151
152*******************************************************************
153*** BE SURE YOU CUSTOMIZE THESE FILES! They have some ***
154*** Berkeley-specific assumptions built in, such as the name ***
155*** of their UUCP-relay. You'll want to create your own ***
156*** domain description, and use that in place of ***
157*** domain/Berkeley.EDU.m4. ***
158*******************************************************************
159
160
161Note:
162Some rulesets, features, and options are only useful if the sendmail
163binary has been compiled with the appropriate options, e.g., the
164ruleset tls_server is only invoked if sendmail has been compiled
165with STARTTLS. This is usually obvious from the context and hence
166not further specified here.
167There are also so called "For Future Releases" (FFR) compile time
168options which might be included in a subsequent version or might
169simply be removed as they turned out not to be really useful.
170These are generally not documented but if they are, then the required
171compile time options are listed in doc/op/op.* for rulesets and
172macros, and for mc/cf specific options they are usually listed here.
173In addition to compile time options for the sendmail binary, there
174can also be FFRs for mc/cf which in general can be enabled when the
175configuration file is generated by defining them at the top of your
176.mc file:
177
178define(`_FFR_NAME_HERE', 1)
179
180
181+----------------------------+
182| A BRIEF INTRODUCTION TO M4 |
183+----------------------------+
184
185Sendmail uses the M4 macro processor to ``compile'' the configuration
186files. The most important thing to know is that M4 is stream-based,
187that is, it doesn't understand about lines. For this reason, in some
188places you may see the word ``dnl'', which stands for ``delete
189through newline''; essentially, it deletes all characters starting
190at the ``dnl'' up to and including the next newline character. In
191most cases sendmail uses this only to avoid lots of unnecessary
192blank lines in the output.
193
194Other important directives are define(A, B) which defines the macro
195``A'' to have value ``B''. Macros are expanded as they are read, so
196one normally quotes both values to prevent expansion. For example,
197
198 define(`SMART_HOST', `smart.foo.com')
199
200One word of warning: M4 macros are expanded even in lines that appear
201to be comments. For example, if you have
202
203 # See FEATURE(`foo') above
204
205it will not do what you expect, because the FEATURE(`foo') will be
206expanded. This also applies to
207
208 # And then define the $X macro to be the return address
209
210because ``define'' is an M4 keyword. If you want to use them, surround
211them with directed quotes, `like this'.
212
213Since m4 uses single quotes (opening "`" and closing "'") to quote
214arguments, those quotes can't be used in arguments. For example,
215it is not possible to define a rejection message containing a single
216quote. Usually there are simple workarounds by changing those
217messages; in the worst case it might be ok to change the value
218directly in the generated .cf file, which however is not advised.
219
220
221Notice:
222-------
223
224This package requires a post-V7 version of m4; if you are running the
2254.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or
226BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works.
227Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a
228Net/2 or GNU version. GNU m4 is available from
229ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version).
230EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU
231m4 on this platform.
232
233
234+----------------+
235| FILE LOCATIONS |
236+----------------+
237
238sendmail 8.9 has introduced a new configuration directory for sendmail
239related files, /etc/mail. The new files available for sendmail 8.9 --
240the class {R} /etc/mail/relay-domains and the access database
241/etc/mail/access -- take advantage of this new directory. Beginning with
2428.10, all files will use this directory by default (some options may be
243set by OSTYPE() files). This new directory should help to restore
244uniformity to sendmail's file locations.
245
246Below is a table of some of the common changes:
247
248Old filename New filename
249------------ ------------
250/etc/bitdomain /etc/mail/bitdomain
251/etc/domaintable /etc/mail/domaintable
252/etc/genericstable /etc/mail/genericstable
253/etc/uudomain /etc/mail/uudomain
254/etc/virtusertable /etc/mail/virtusertable
255/etc/userdb /etc/mail/userdb
256
257/etc/aliases /etc/mail/aliases
258/etc/sendmail/aliases /etc/mail/aliases
259/etc/ucbmail/aliases /etc/mail/aliases
260/usr/adm/sendmail/aliases /etc/mail/aliases
261/usr/lib/aliases /etc/mail/aliases
262/usr/lib/mail/aliases /etc/mail/aliases
263/usr/ucblib/aliases /etc/mail/aliases
264
265/etc/sendmail.cw /etc/mail/local-host-names
266/etc/mail/sendmail.cw /etc/mail/local-host-names
267/etc/sendmail/sendmail.cw /etc/mail/local-host-names
268
269/etc/sendmail.ct /etc/mail/trusted-users
270
271/etc/sendmail.oE /etc/mail/error-header
272
273/etc/sendmail.hf /etc/mail/helpfile
274/etc/mail/sendmail.hf /etc/mail/helpfile
275/usr/ucblib/sendmail.hf /etc/mail/helpfile
276/etc/ucbmail/sendmail.hf /etc/mail/helpfile
277/usr/lib/sendmail.hf /etc/mail/helpfile
278/usr/share/lib/sendmail.hf /etc/mail/helpfile
279/usr/share/misc/sendmail.hf /etc/mail/helpfile
280/share/misc/sendmail.hf /etc/mail/helpfile
281
282/etc/service.switch /etc/mail/service.switch
283
284/etc/sendmail.st /etc/mail/statistics
285/etc/mail/sendmail.st /etc/mail/statistics
286/etc/mailer/sendmail.st /etc/mail/statistics
287/etc/sendmail/sendmail.st /etc/mail/statistics
288/usr/lib/sendmail.st /etc/mail/statistics
289/usr/ucblib/sendmail.st /etc/mail/statistics
290
291Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
292to create the pathnames. The default value of this variable is
293`/etc/mail/'. If you set this macro to a different value, you MUST include
294a trailing slash.
295
296Notice: all filenames used in a .mc (or .cf) file should be absolute
297(starting at the root, i.e., with '/'). Relative filenames most
298likely cause surprises during operations (unless otherwise noted).
299
300
301+--------+
302| OSTYPE |
303+--------+
304
305You MUST define an operating system environment, or the configuration
306file build will puke. There are several environments available; look
307at the "ostype" directory for the current list. This macro changes
308things like the location of the alias file and queue directory. Some
309of these files are identical to one another.
310
311It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
312In general, the OSTYPE macro should go immediately after any version
313information, and MAILER definitions should always go last.
314
315Operating system definitions are usually easy to write. They may define
316the following variables (everything defaults, so an ostype file may be
317empty). Unfortunately, the list of configuration-supported systems is
318not as broad as the list of source-supported systems, since many of
319the source contributors do not include corresponding ostype files.
320
321ALIAS_FILE [/etc/mail/aliases] The location of the text version
322 of the alias file(s). It can be a comma-separated
323 list of names (but be sure you quote values with
324 commas in them -- for example, use
325 define(`ALIAS_FILE', `a,b')
326 to get "a" and "b" both listed as alias files;
327 otherwise the define() primitive only sees "a").
328HELP_FILE [/etc/mail/helpfile] The name of the file
329 containing information printed in response to
330 the SMTP HELP command.
331QUEUE_DIR [/var/spool/mqueue] The directory containing
332 queue files. To use multiple queues, supply
333 a value ending with an asterisk. For
334 example, /var/spool/mqueue/qd* will use all of the
335 directories or symbolic links to directories
336 beginning with 'qd' in /var/spool/mqueue as queue
337 directories. The names 'qf', 'df', and 'xf' are
338 reserved as specific subdirectories for the
339 corresponding queue file types as explained in
340 doc/op/op.me. See also QUEUE GROUP DEFINITIONS.
341MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing
342 queue files for the MSP (Mail Submission Program,
343 see sendmail/SECURITY).
344STATUS_FILE [/etc/mail/statistics] The file containing status
345 information.
346LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail.
347LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The
348 flags lsDFMAw5:/|@q are always included.
349LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local
350 mail.
351LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local
352 mail that you are willing to accept.
353LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of
354 messages to deliver in a single connection. Only
355 useful for LMTP local mailers.
356LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
357 that ARRIVE from an address that resolves to the
358 local mailer and which are converted to MIME will be
359 labeled with this character set.
360LOCAL_MAILER_EOL [undefined] If defined, the string to use as the
361 end of line for the local mailer.
362LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
363 [X-Unix] The DSN Diagnostic-Code value for the
364 local mailer. This should be changed with care.
365LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email.
366LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The
367 flags lsDFM are always included.
368LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
369 mail.
370LOCAL_SHELL_DIR [$z:/] The directory search path in which the
371 shell should run.
372LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer.
373USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program
374 used to submit news.
375USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer.
376USENET_MAILER_ARGS [-m -h -n] The command line arguments for the
377 usenet mailer. NOTE: Some versions of inews
378 (such as those shipped with newer versions of INN)
379 use different flags. Double check the defaults
380 against the inews man page.
381USENET_MAILER_MAX [undefined] The maximum size of messages that will
382 be accepted by the usenet mailer.
383USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer.
384SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default
385 flags are `mDFMuX' for all SMTP-based mailers; the
386 "esmtp" mailer adds `a'; "smtp8" adds `8'; and
387 "dsmtp" adds `%'.
388RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default
389 flags are `mDFMuX' for all SMTP-based mailers; the
390 relay mailer adds `a8'. If this is not defined,
391 then SMTP_MAILER_FLAGS is used.
392SMTP_MAILER_MAX [undefined] The maximum size of messages that will
393 be transported using the smtp, smtp8, esmtp, or dsmtp
394 mailers.
395SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of
396 messages to deliver in a single connection for the
397 smtp, smtp8, esmtp, or dsmtp mailers.
398SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
399 recipients to deliver in a single envelope for the
400 smtp, smtp8, esmtp, or dsmtp mailers.
401SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer.
402 About the only reason you would want to change this
403 would be to change the default port.
404ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer.
405SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer.
406DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer.
407RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer.
408SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer.
409ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer.
410SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer.
411DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer.
412RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer.
413RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of
414 messages to deliver in a single connection for the
415 relay mailer.
416SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
417 that ARRIVE from an address that resolves to one of
418 the SMTP mailers and which are converted to MIME will
419 be labeled with this character set.
420RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
421 that ARRIVE from an address that resolves to the
422 relay mailers and which are converted to MIME will
423 be labeled with this character set.
424SMTP_MAILER_LL [990] The maximum line length for SMTP mailers
425 (except the relay mailer).
426RELAY_MAILER_LL [2040] The maximum line length for the relay mailer.
427UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail.
428UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default
429 flags are `DFMhuU' (and `m' for uucp-new mailer,
430 minus `U' for uucp-dom mailer).
431UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
432 passed to the UUCP mailer.
433UUCP_MAILER_MAX [100000] The maximum size message accepted for
434 transmission by the UUCP mailers.
435UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
436 that ARRIVE from an address that resolves to one of
437 the UUCP mailers and which are converted to MIME will
438 be labeled with this character set.
439UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers.
440FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to
441 submit FAX messages.
442FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX
443 mailer.
444FAX_MAILER_MAX [100000] The maximum size message accepted for
445 transmission by FAX.
446POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer.
447POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq
448 are always added.
449POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer.
450POP_MAILER_QGRP [undefined] The queue group for the pop mailer.
451PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail
452 program. This is also used by
453 FEATURE(`local_procmail').
454PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags
455 DFM are always set. This is NOT used by
456 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
457 instead.
458PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
459 the Procmail mailer. This is NOT used by
460 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
461 instead.
462PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that
463 will be accepted by the procmail mailer.
464PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer.
465MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer.
466MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer.
467MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11
468 mailer.
469MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer.
470PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery
471 program.
472PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM
473 are always set.
474PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer.
475PH_MAILER_QGRP [undefined] The queue group for the ph mailer.
476CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The
477 flags lsDFMnPq are always included.
478CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver
479 cyrus mail.
480CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed
481 to deliver cyrus mail.
482CYRUS_MAILER_MAX [undefined] If set, the maximum size message that
483 will be accepted by the cyrus mailer.
484CYRUS_MAILER_USER [cyrus:mail] The user and group to become when
485 running the cyrus mailer.
486CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer.
487CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer.
488 The flags lsDFMnP are always included.
489CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed
490 to deliver cyrusbb mail.
491CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The
492 flags lsDFMnqXz are always included.
493CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of
494 messages to deliver in a single connection for the
495 cyrusv2 mailer.
496CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
497 recipients to deliver in a single connection for the
498 cyrusv2 mailer.
499CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed
500 to the cyrusv2 mailer. This can be used to
501 change the name of the Unix domain socket, or
502 to switch to delivery via TCP (e.g., `TCP $h lmtp')
503CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer.
504CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
505 that ARRIVE from an address that resolves to one the
506 Cyrus mailer and which are converted to MIME will
507 be labeled with this character set.
508confEBINDIR [/usr/libexec] The directory for executables.
509 Currently used for FEATURE(`local_lmtp') and
510 FEATURE(`smrsh').
511QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer.
512QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver
513 qpage mail.
514QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed
515 to deliver qpage mail.
516QPAGE_MAILER_MAX [4096] If set, the maximum size message that
517 will be accepted by the qpage mailer.
518QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer.
519LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer.
520
521Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
522MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
523of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
524upper case) and change can be: flags that should be used directly
525(thus overriding the default value), or if it starts with `+' (`-')
526then those flags are added to (removed from) the default value.
527Example:
528
529 MODIFY_MAILER_FLAGS(`LOCAL', `+e')
530
531will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are
532several smtp mailers all of which are manipulated individually.
533See the section MAILERS for the available mailer names.
534WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
535unconditionally, i.e., without respecting any definitions in an
536OSTYPE setting.
537
538
539+---------+
540| DOMAINS |
541+---------+
542
543You will probably want to collect domain-dependent defines into one
544file, referenced by the DOMAIN macro. For example, the Berkeley
545domain file includes definitions for several internal distinguished
546hosts:
547
548UUCP_RELAY The host that will accept UUCP-addressed email.
549 If not defined, all UUCP sites must be directly
550 connected.
551BITNET_RELAY The host that will accept BITNET-addressed email.
552 If not defined, the .BITNET pseudo-domain won't work.
553DECNET_RELAY The host that will accept DECNET-addressed email.
554 If not defined, the .DECNET pseudo-domain and addresses
555 of the form node::user will not work.
556FAX_RELAY The host that will accept mail to the .FAX pseudo-domain.
557 The "fax" mailer overrides this value.
558LOCAL_RELAY The site that will handle unqualified names -- that
559 is, names without an @domain extension.
560 Normally MAIL_HUB is preferred for this function.
561 LOCAL_RELAY is mostly useful in conjunction with
562 FEATURE(`stickyhost') -- see the discussion of
563 stickyhost below. If not set, they are assumed to
564 belong on this machine. This allows you to have a
565 central site to store a company- or department-wide
566 alias database. This only works at small sites,
567 and only with some user agents.
568LUSER_RELAY The site that will handle lusers -- that is, apparently
569 local names that aren't local accounts or aliases. To
570 specify a local user instead of a site, set this to
571 ``local:username''.
572
573Any of these can be either ``mailer:hostname'' (in which case the
574mailer is the internal mailer name, such as ``uucp-new'' and the hostname
575is the name of the host as appropriate for that mailer) or just a
576``hostname'', in which case a default mailer type (usually ``relay'',
577a variant on SMTP) is used. WARNING: if you have a wildcard MX
578record matching your domain, you probably want to define these to
579have a trailing dot so that you won't get the mail diverted back
580to yourself.
581
582The domain file can also be used to define a domain name, if needed
583(using "DD<domain>") and set certain site-wide features. If all hosts
584at your site masquerade behind one email name, you could also use
585MASQUERADE_AS here.
586
587You do not have to define a domain -- in particular, if you are a
588single machine sitting off somewhere, it is probably more work than
589it's worth. This is just a mechanism for combining "domain dependent
590knowledge" into one place.
591
592
593+---------+
594| MAILERS |
595+---------+
596
597There are fewer mailers supported in this version than the previous
598version, owing mostly to a simpler world. As a general rule, put the
599MAILER definitions last in your .mc file.
600
601local The local and prog mailers. You will almost always
602 need these; the only exception is if you relay ALL
603 your mail to another site. This mailer is included
604 automatically.
605
606smtp The Simple Mail Transport Protocol mailer. This does
607 not hide hosts behind a gateway or another other
608 such hack; it assumes a world where everyone is
609 running the name server. This file actually defines
610 five mailers: "smtp" for regular (old-style) SMTP to
611 other servers, "esmtp" for extended SMTP to other
612 servers, "smtp8" to do SMTP to other servers without
613 converting 8-bit data to MIME (essentially, this is
614 your statement that you know the other end is 8-bit
615 clean even if it doesn't say so), "dsmtp" to do on
616 demand delivery, and "relay" for transmission to the
617 RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
618
619uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
620 defines two mailers, "uucp-old" (a.k.a. "uucp") and
621 "uucp-new" (a.k.a. "suucp"). The latter is for when you
622 know that the UUCP mailer at the other end can handle
623 multiple recipients in one transfer. If the smtp mailer
624 is included in your configuration, two other mailers
625 ("uucp-dom" and "uucp-uudom") are also defined [warning: you
626 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you
627 include the uucp mailer, sendmail looks for all names in
628 class {U} and sends them to the uucp-old mailer; all
629 names in class {Y} are sent to uucp-new; and all
630 names in class {Z} are sent to uucp-uudom. Note that
631 this is a function of what version of rmail runs on
632 the receiving end, and hence may be out of your control.
633 See the section below describing UUCP mailers in more
634 detail.
635
636usenet Usenet (network news) delivery. If this is specified,
637 an extra rule is added to ruleset 0 that forwards all
638 local email for users named ``group.usenet'' to the
639 ``inews'' program. Note that this works for all groups,
640 and may be considered a security problem.
641
642fax Facsimile transmission. This is experimental and based
643 on Sam Leffler's HylaFAX software. For more information,
644 see http://www.hylafax.org/.
645
646pop Post Office Protocol.
647
648procmail An interface to procmail (does not come with sendmail).
649 This is designed to be used in mailertables. For example,
650 a common question is "how do I forward all mail for a given
651 domain to a single person?". If you have this mailer
652 defined, you could set up a mailertable reading:
653
654 host.com procmail:/etc/procmailrcs/host.com
655
656 with the file /etc/procmailrcs/host.com reading:
657
658 :0 # forward mail for host.com
659 ! -oi -f $1 person@other.host
660
661 This would arrange for (anything)@host.com to be sent
662 to person@other.host. In a procmail script, $1 is the
663 name of the sender and $2 is the name of the recipient.
664 If you use this with FEATURE(`local_procmail'), the FEATURE
665 should be listed first.
666
667 Of course there are other ways to solve this particular
668 problem, e.g., a catch-all entry in a virtusertable.
669
670mail11 The DECnet mail11 mailer, useful only if you have the mail11
671 program from gatekeeper.dec.com:/pub/DEC/gwtools (and
672 DECnet, of course). This is for Phase IV DECnet support;
673 if you have Phase V at your site you may have additional
674 problems.
675
676phquery The phquery program. This is somewhat counterintuitively
677 referenced as the "ph" mailer internally. It can be used
678 to do CCSO name server lookups. The phquery program, which
679 this mailer uses, is distributed with the ph client.
680
681cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to
682 a local cyrus user. this mailer can make use of the
683 "user+detail@local.host" syntax (see
684 FEATURE(`preserve_local_plus_detail')); it will deliver the
685 mail to the user's "detail" mailbox if the mailbox's ACL
686 permits. The cyrusbb mailer delivers to a system-wide
687 cyrus mailbox if the mailbox's ACL permits. The cyrus
688 mailer must be defined after the local mailer.
689
690cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to
691 local cyrus users via LMTP. This mailer can make use of the
692 "user+detail@local.host" syntax (see
693 FEATURE(`preserve_local_plus_detail')); it will deliver the
694 mail to the user's "detail" mailbox if the mailbox's ACL
695 permits. The cyrusv2 mailer must be defined after the
696 local mailer.
697
698qpage A mailer for QuickPage, a pager interface. See
699 http://www.qpage.org/ for further information.
700
701The local mailer accepts addresses of the form "user+detail", where
702the "+detail" is not used for mailbox matching but is available
703to certain local mail programs (in particular, see
704FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and
705"eric+sww" all indicate the same user, but additional arguments <null>,
706"sendmail", and "sww" may be provided for use in sorting mail.
707
708
709+----------+
710| FEATURES |
711+----------+
712
713Special features can be requested using the "FEATURE" macro. For
714example, the .mc line:
715
716 FEATURE(`use_cw_file')
717
718tells sendmail that you want to have it read an /etc/mail/local-host-names
719file to get values for class {w}. A FEATURE may contain up to 9
720optional parameters -- for example:
721
722 FEATURE(`mailertable', `dbm /usr/lib/mailertable')
723
724The default database map type for the table features can be set with
725
726 define(`DATABASE_MAP_TYPE', `dbm')
727
728which would set it to use ndbm databases. The default is the Berkeley DB
729hash database format. Note that you must still declare a database map type
730if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
731if no argument is given for the FEATURE. It must be specified before any
732feature that uses a map.
733
734Also, features which can take a map definition as an argument can also take
735the special keyword `LDAP'. If that keyword is used, the map will use the
736LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
737CLASSES'' section below.
738
739Available features are:
740
741use_cw_file Read the file /etc/mail/local-host-names file to get
742 alternate names for this host. This might be used if you
743 were on a host that MXed for a dynamic set of other hosts.
744 If the set is static, just including the line "Cw<name1>
745 <name2> ..." (where the names are fully qualified domain
746 names) is probably superior. The actual filename can be
747 overridden by redefining confCW_FILE.
748
749use_ct_file Read the file /etc/mail/trusted-users file to get the
750 names of users that will be ``trusted'', that is, able to
751 set their envelope from address using -f without generating
752 a warning message. The actual filename can be overridden
753 by redefining confCT_FILE.
754
755redirect Reject all mail addressed to "address.REDIRECT" with
756 a ``551 User has moved; please try <address>'' message.
757 If this is set, you can alias people who have left
758 to their new address with ".REDIRECT" appended.
759
760nouucp Don't route UUCP addresses. This feature takes one
761 parameter:
762 `reject': reject addresses which have "!" in the local
763 part unless it originates from a system
764 that is allowed to relay.
765 `nospecial': don't do anything special with "!".
766 Warnings: 1. See the notice in the anti-spam section.
767 2. don't remove "!" from OperatorChars if `reject' is
768 given as parameter.
769
770nopercenthack Don't treat % as routing character. This feature takes one
771 parameter:
772 `reject': reject addresses which have % in the local
773 part unless it originates from a system
774 that is allowed to relay.
775 `nospecial': don't do anything special with %.
776 Warnings: 1. See the notice in the anti-spam section.
777 2. Don't remove % from OperatorChars if `reject' is
778 given as parameter.
779
780nocanonify Don't pass addresses to $[ ... $] for canonification
781 by default, i.e., host/domain names are considered canonical,
782 except for unqualified names, which must not be used in this
783 mode (violation of the standard). It can be changed by
784 setting the DaemonPortOptions modifiers (M=). That is,
785 FEATURE(`nocanonify') will be overridden by setting the
786 'c' flag. Conversely, if FEATURE(`nocanonify') is not used,
787 it can be emulated by setting the 'C' flag
788 (DaemonPortOptions=Modifiers=C). This would generally only
789 be used by sites that only act as mail gateways or which have
790 user agents that do full canonification themselves. You may
791 also want to use
792 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
793 the usual resolver options that do a similar thing.
794
795 An exception list for FEATURE(`nocanonify') can be
796 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
797 i.e., a list of domains which are nevertheless passed to
798 $[ ... $] for canonification. This is useful to turn on
799 canonification for local domains, e.g., use
800 CANONIFY_DOMAIN(`my.domain my') to canonify addresses
801 which end in "my.domain" or "my".
802 Another way to require canonification in the local
803 domain is CANONIFY_DOMAIN(`$=m').
804
805 A trailing dot is added to addresses with more than
806 one component in it such that other features which
807 expect a trailing dot (e.g., virtusertable) will
808 still work.
809
810 If `canonify_hosts' is specified as parameter, i.e.,
811 FEATURE(`nocanonify', `canonify_hosts'), then
812 addresses which have only a hostname, e.g.,
813 <user@host>, will be canonified (and hopefully fully
814 qualified), too.
815
816stickyhost This feature is sometimes used with LOCAL_RELAY,
817 although it can be used for a different effect with
818 MAIL_HUB.
819
820 When used without MAIL_HUB, email sent to
821 "user@local.host" are marked as "sticky" -- that
822 is, the local addresses aren't matched against UDB,
823 don't go through ruleset 5, and are not forwarded to
824 the LOCAL_RELAY (if defined).
825
826 With MAIL_HUB, mail addressed to "user@local.host"
827 is forwarded to the mail hub, with the envelope
828 address still remaining "user@local.host".
829 Without stickyhost, the envelope would be changed
830 to "user@mail_hub", in order to protect against
831 mailing loops.
832
833mailertable Include a "mailer table" which can be used to override
834 routing for particular domains (which are not in class {w},
835 i.e. local host names). The argument of the FEATURE may be
836 the key definition. If none is specified, the definition
837 used is:
838
839 hash /etc/mail/mailertable
840
841 Keys in this database are fully qualified domain names
842 or partial domains preceded by a dot -- for example,
843 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a
844 special case of the latter, "." matches any domain not
845 covered by other keys. Values must be of the form:
846 mailer:domain
847 where "mailer" is the internal mailer name, and "domain"
848 is where to send the message. These maps are not
849 reflected into the message header. As a special case,
850 the forms:
851 local:user
852 will forward to the indicated user using the local mailer,
853 local:
854 will forward to the original user in the e-mail address
855 using the local mailer, and
856 error:code message
857 error:D.S.N:code message
858 will give an error message with the indicated SMTP reply
859 code and message, where D.S.N is an RFC 1893 compliant
860 error code.
861
862domaintable Include a "domain table" which can be used to provide
863 domain name mapping. Use of this should really be
864 limited to your own domains. It may be useful if you
865 change names (e.g., your company changes names from
866 oldname.com to newname.com). The argument of the
867 FEATURE may be the key definition. If none is specified,
868 the definition used is:
869
870 hash /etc/mail/domaintable
871
872 The key in this table is the domain name; the value is
873 the new (fully qualified) domain. Anything in the
874 domaintable is reflected into headers; that is, this
875 is done in ruleset 3.
876
877bitdomain Look up bitnet hosts in a table to try to turn them into
878 internet addresses. The table can be built using the
879 bitdomain program contributed by John Gardiner Myers.
880 The argument of the FEATURE may be the key definition; if
881 none is specified, the definition used is:
882
883 hash /etc/mail/bitdomain
884
885 Keys are the bitnet hostname; values are the corresponding
886 internet hostname.
887
888uucpdomain Similar feature for UUCP hosts. The default map definition
889 is:
890
891 hash /etc/mail/uudomain
892
893 At the moment there is no automagic tool to build this
894 database.
895
896always_add_domain
897 Include the local host domain even on locally delivered
898 mail. Normally it is not added on unqualified names.
899 However, if you use a shared message store but do not use
900 the same user name space everywhere, you may need the host
901 name on local names. An optional argument specifies
902 another domain to be added than the local.
903
904allmasquerade If masquerading is enabled (using MASQUERADE_AS), this
905 feature will cause recipient addresses to also masquerade
906 as being from the masquerade host. Normally they get
907 the local hostname. Although this may be right for
908 ordinary users, it can break local aliases. For example,
909 if you send to "localalias", the originating sendmail will
910 find that alias and send to all members, but send the
911 message with "To: localalias@masqueradehost". Since that
912 alias likely does not exist, replies will fail. Use this
913 feature ONLY if you can guarantee that the ENTIRE
914 namespace on your masquerade host supersets all the
915 local entries.
916
917limited_masquerade
918 Normally, any hosts listed in class {w} are masqueraded. If
919 this feature is given, only the hosts listed in class {M} (see
920 below: MASQUERADE_DOMAIN) are masqueraded. This is useful
921 if you have several domains with disjoint namespaces hosted
922 on the same machine.
923
924masquerade_entire_domain
925 If masquerading is enabled (using MASQUERADE_AS) and
926 MASQUERADE_DOMAIN (see below) is set, this feature will
927 cause addresses to be rewritten such that the masquerading
928 domains are actually entire domains to be hidden. All
929 hosts within the masquerading domains will be rewritten
930 to the masquerade name (used in MASQUERADE_AS). For example,
931 if you have:
932
933 MASQUERADE_AS(`masq.com')
934 MASQUERADE_DOMAIN(`foo.org')
935 MASQUERADE_DOMAIN(`bar.com')
936
937 then *foo.org and *bar.com are converted to masq.com. Without
938 this feature, only foo.org and bar.com are masqueraded.
939
940 NOTE: only domains within your jurisdiction and
941 current hierarchy should be masqueraded using this.
942
943local_no_masquerade
944 This feature prevents the local mailer from masquerading even
945 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect
946 on addresses of mail going outside the local domain.
947
948masquerade_envelope
949 If masquerading is enabled (using MASQUERADE_AS) or the
950 genericstable is in use, this feature will cause envelope
951 addresses to also masquerade as being from the masquerade
952 host. Normally only the header addresses are masqueraded.
953
954genericstable This feature will cause unqualified addresses (i.e., without
955 a domain) and addresses with a domain listed in class {G}
956 to be looked up in a map and turned into another ("generic")
957 form, which can change both the domain name and the user name.
958 Notice: if you use an MSP (as it is default starting with
959 8.12), the MTA will only receive qualified addresses from the
960 MSP (as required by the RFCs). Hence you need to add your
961 domain to class {G}. This feature is similar to the userdb
962 functionality. The same types of addresses as for
963 masquerading are looked up, i.e., only header sender
964 addresses unless the allmasquerade and/or masquerade_envelope
965 features are given. Qualified addresses must have the domain
966 part in class {G}; entries can be added to this class by the
967 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
968 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
969
970 The argument of FEATURE(`genericstable') may be the map
971 definition; the default map definition is:
972
973 hash /etc/mail/genericstable
974
975 The key for this table is either the full address, the domain
976 (with a leading @; the localpart is passed as first argument)
977 or the unqualified username (tried in the order mentioned);
978 the value is the new user address. If the new user address
979 does not include a domain, it will be qualified in the standard
980 manner, i.e., using $j or the masquerade name. Note that the
981 address being looked up must be fully qualified. For local
982 mail, it is necessary to use FEATURE(`always_add_domain')
983 for the addresses to be qualified.
984 The "+detail" of an address is passed as %1, so entries like
985
986 old+*@foo.org new+%1@example.com
987 gen+*@foo.org %1@example.com
988
989 and other forms are possible.
990
991generics_entire_domain
992 If the genericstable is enabled and GENERICS_DOMAIN or
993 GENERICS_DOMAIN_FILE is used, this feature will cause
994 addresses to be searched in the map if their domain
995 parts are subdomains of elements in class {G}.
996
997virtusertable A domain-specific form of aliasing, allowing multiple
998 virtual domains to be hosted on one machine. For example,
999 if the virtuser table contains:
1000
1001 info@foo.com foo-info
1002 info@bar.com bar-info
1003 joe@bar.com error:nouser 550 No such user here
1004 jax@bar.com error:5.7.0:550 Address invalid
1005 @baz.org jane@example.net
1006
1007 then mail addressed to info@foo.com will be sent to the
1008 address foo-info, mail addressed to info@bar.com will be
1009 delivered to bar-info, and mail addressed to anyone at baz.org
1010 will be sent to jane@example.net, mail to joe@bar.com will
1011 be rejected with the specified error message, and mail to
1012 jax@bar.com will also have a RFC 1893 compliant error code
1013 5.7.0.
1014
1015 The username from the original address is passed
1016 as %1 allowing:
1017
1018 @foo.org %1@example.com
1019
1020 meaning someone@foo.org will be sent to someone@example.com.
1021 Additionally, if the local part consists of "user+detail"
1022 then "detail" is passed as %2 and "+detail" is passed as %3
1023 when a match against user+* is attempted, so entries like
1024
1025 old+*@foo.org new+%2@example.com
1026 gen+*@foo.org %2@example.com
1027 +*@foo.org %1%3@example.com
1028 X++@foo.org Z%3@example.com
1029 @bar.org %1%3
1030
1031 and other forms are possible. Note: to preserve "+detail"
1032 for a default case (@domain) %1%3 must be used as RHS.
1033 There are two wildcards after "+": "+" matches only a non-empty
1034 detail, "*" matches also empty details, e.g., user+@foo.org
1035 matches +*@foo.org but not ++@foo.org. This can be used
1036 to ensure that the parameters %2 and %3 are not empty.
1037
1038 All the host names on the left hand side (foo.com, bar.com,
1039 and baz.org) must be in class {w} or class {VirtHost}. The
1040 latter can be defined by the macros VIRTUSER_DOMAIN or
1041 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1042 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
1043 VIRTUSER_DOMAIN_FILE is used, then the entries of class
1044 {VirtHost} are added to class {R}, i.e., relaying is allowed
1045 to (and from) those domains, which by default includes also
1046 all subdomains (see relay_hosts_only). The default map
1047 definition is:
1048
1049 hash /etc/mail/virtusertable
1050
1051 A new definition can be specified as the second argument of
1052 the FEATURE macro, such as
1053
1054 FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
1055
1056virtuser_entire_domain
1057 If the virtusertable is enabled and VIRTUSER_DOMAIN or
1058 VIRTUSER_DOMAIN_FILE is used, this feature will cause
1059 addresses to be searched in the map if their domain
1060 parts are subdomains of elements in class {VirtHost}.
1061
1062ldap_routing Implement LDAP-based e-mail recipient routing according to
1063 the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
1064 This provides a method to re-route addresses with a
1065 domain portion in class {LDAPRoute} to either a
1066 different mail host or a different address. Hosts can
1067 be added to this class using LDAPROUTE_DOMAIN and
1068 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1069 MASQUERADE_DOMAIN_FILE, see below).
1070
1071 See the LDAP ROUTING section below for more information.
1072
1073nullclient This is a special case -- it creates a configuration file
1074 containing nothing but support for forwarding all mail to a
1075 central hub via a local SMTP-based network. The argument
1076 is the name of that hub.
1077
1078 The only other feature that should be used in conjunction
1079 with this one is FEATURE(`nocanonify'). No mailers
1080 should be defined. No aliasing or forwarding is done.
1081
1082local_lmtp Use an LMTP capable local mailer. The argument to this
1083 feature is the pathname of an LMTP capable mailer. By
1084 default, mail.local is used. This is expected to be the
1085 mail.local which came with the 8.9 distribution which is
1086 LMTP capable. The path to mail.local is set by the
1087 confEBINDIR m4 variable -- making the default
1088 LOCAL_MAILER_PATH /usr/libexec/mail.local.
1089 If a different LMTP capable mailer is used, its pathname
1090 can be specified as second parameter and the arguments
1091 passed to it (A=) as third parameter, e.g.,
1092
1093 FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
1094
1095 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1096 i.e., without respecting any definitions in an OSTYPE setting.
1097
1098local_procmail Use procmail or another delivery agent as the local mailer.
1099 The argument to this feature is the pathname of the
1100 delivery agent, which defaults to PROCMAIL_MAILER_PATH.
1101 Note that this does NOT use PROCMAIL_MAILER_FLAGS or
1102 PROCMAIL_MAILER_ARGS for the local mailer; tweak
1103 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
1104 specify the appropriate parameters. When procmail is used,
1105 the local mailer can make use of the
1106 "user+indicator@local.host" syntax; normally the +indicator
1107 is just tossed, but by default it is passed as the -a
1108 argument to procmail.
1109
1110 This feature can take up to three arguments:
1111
1112 1. Path to the mailer program
1113 [default: /usr/local/bin/procmail]
1114 2. Argument vector including name of the program
1115 [default: procmail -Y -a $h -d $u]
1116 3. Flags for the mailer [default: SPfhn9]
1117
1118 Empty arguments cause the defaults to be taken.
1119 Note that if you are on a system with a broken
1120 setreuid() call, you may need to add -f $f to the procmail
1121 argument vector to pass the proper sender to procmail.
1122
1123 For example, this allows it to use the maildrop
1124 (http://www.flounder.net/~mrsam/maildrop/) mailer instead
1125 by specifying:
1126
1127 FEATURE(`local_procmail', `/usr/local/bin/maildrop',
1128 `maildrop -d $u')
1129
1130 or scanmails using:
1131
1132 FEATURE(`local_procmail', `/usr/local/bin/scanmails')
1133
1134 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1135 i.e., without respecting any definitions in an OSTYPE setting.
1136
1137bestmx_is_local Accept mail as though locally addressed for any host that
1138 lists us as the best possible MX record. This generates
1139 additional DNS traffic, but should be OK for low to
1140 medium traffic hosts. The argument may be a set of
1141 domains, which will limit the feature to only apply to
1142 these domains -- this will reduce unnecessary DNS
1143 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
1144 WILDCARD MX RECORDS!!! If you have a wildcard MX record
1145 that matches your domain, you cannot use this feature.
1146
1147smrsh Use the SendMail Restricted SHell (smrsh) provided
1148 with the distribution instead of /bin/sh for mailing
1149 to programs. This improves the ability of the local
1150 system administrator to control what gets run via
1151 e-mail. If an argument is provided it is used as the
1152 pathname to smrsh; otherwise, the path defined by
1153 confEBINDIR is used for the smrsh binary -- by default,
1154 /usr/libexec/smrsh is assumed.
1155
1156promiscuous_relay
1157 By default, the sendmail configuration files do not permit
1158 mail relaying (that is, accepting mail from outside your
1159 local host (class {w}) and sending it to another host than
1160 your local host). This option sets your site to allow
1161 mail relaying from any site to any site. In almost all
1162 cases, it is better to control relaying more carefully
1163 with the access map, class {R}, or authentication. Domains
1164 can be added to class {R} by the macros RELAY_DOMAIN or
1165 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1166 MASQUERADE_DOMAIN_FILE, see below).
1167
1168relay_entire_domain
1169 This option allows any host in your domain as defined by
1170 class {m} to use your server for relaying. Notice: make
1171 sure that your domain is not just a top level domain,
1172 e.g., com. This can happen if you give your host a name
1173 like example.com instead of host.example.com.
1174
1175relay_hosts_only
1176 By default, names that are listed as RELAY in the access
1177 db and class {R} are treated as domain names, not host names.
1178 For example, if you specify ``foo.com'', then mail to or
1179 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1180 will all be accepted for relaying. This feature changes
1181 the behaviour to look up individual host names only.
1182
1183relay_based_on_MX
1184 Turns on the ability to allow relaying based on the MX
1185 records of the host portion of an incoming recipient; that
1186 is, if an MX record for host foo.com points to your site,
1187 you will accept and relay mail addressed to foo.com. See
1188 description below for more information before using this
1189 feature. Also, see the KNOWNBUGS entry regarding bestmx
1190 map lookups.
1191
1192 FEATURE(`relay_based_on_MX') does not necessarily allow
1193 routing of these messages which you expect to be allowed,
1194 if route address syntax (or %-hack syntax) is used. If
1195 this is a problem, add entries to the access-table or use
1196 FEATURE(`loose_relay_check').
1197
1198relay_mail_from
1199 Allows relaying if the mail sender is listed as RELAY in
1200 the access map. If an optional argument `domain' (this
1201 is the literal word `domain', not a placeholder) is given,
1202 relaying can be allowed just based on the domain portion
1203 of the sender address. This feature should only be used if
1204 absolutely necessary as the sender address can be easily
1205 forged. Use of this feature requires the "From:" tag to
1206 be used for the key in the access map; see the discussion
1207 of tags and FEATURE(`relay_mail_from') in the section on
1208 anti-spam configuration control.
1209
1210relay_local_from
1211 Allows relaying if the domain portion of the mail sender
1212 is a local host. This should only be used if absolutely
1213 necessary as it opens a window for spammers. Specifically,
1214 they can send mail to your mail server that claims to be
1215 from your domain (either directly or via a routed address),
1216 and you will go ahead and relay it out to arbitrary hosts
1217 on the Internet.
1218
1219accept_unqualified_senders
1220 Normally, MAIL FROM: commands in the SMTP session will be
1221 refused if the connection is a network connection and the
1222 sender address does not include a domain name. If your
1223 setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1224 you will need to use this feature to accept unqualified
1225 sender addresses. Setting the DaemonPortOptions modifier
1226 'u' overrides the default behavior, i.e., unqualified
1227 addresses are accepted even without this FEATURE.
1228 If this FEATURE is not used, the DaemonPortOptions modifier
1229 'f' can be used to enforce fully qualified addresses.
1230
1231accept_unresolvable_domains
1232 Normally, MAIL FROM: commands in the SMTP session will be
1233 refused if the host part of the argument to MAIL FROM:
1234 cannot be located in the host name service (e.g., an A or
1235 MX record in DNS). If you are inside a firewall that has
1236 only a limited view of the Internet host name space, this
1237 could cause problems. In this case you probably want to
1238 use this feature to accept all domains on input, even if
1239 they are unresolvable.
1240
1241access_db Turns on the access database feature. The access db gives
1242 you the ability to allow or refuse to accept mail from
1243 specified domains for administrative reasons. Moreover,
1244 it can control the behavior of sendmail in various situations.
1245 By default, the access database specification is:
1246
1247 hash -T<TMPF> /etc/mail/access
1248
1249 See the anti-spam configuration control section for further
1250 important information about this feature. Notice:
1251 "-T<TMPF>" is meant literal, do not replace it by anything.
1252
1253blocklist_recipients
1254 Turns on the ability to block incoming mail for certain
1255 recipient usernames, hostnames, or addresses. For
1256 example, you can block incoming mail to user nobody,
1257 host foo.mydomain.com, or guest@bar.mydomain.com.
1258 These specifications are put in the access db as
1259 described in the anti-spam configuration control section
1260 later in this document.
1261
1262delay_checks The rulesets check_mail and check_relay will not be called
1263 when a client connects or issues a MAIL command, respectively.
1264 Instead, those rulesets will be called by the check_rcpt
1265 ruleset; they will be skipped under certain circumstances.
1266 See "Delay all checks" in the anti-spam configuration control
1267 section. Note: this feature is incompatible to the versions
1268 in 8.10 and 8.11.
1269
1270use_client_ptr If this feature is enabled then check_relay will override
1271 its first argument with $&{client_ptr}. This is useful for
1272 rejections based on the unverified hostname of client,
1273 which turns on the same behavior as in earlier sendmail
1274 versions when delay_checks was not in use. See doc/op/op.*
1275 about check_relay, {client_name}, and {client_ptr}.
1276
1277dnsbl Turns on rejection, discarding, or quarantining of hosts
1278 found in a DNS based list. The first argument is used as
1279 the domain in which blocked hosts are listed. A second
1280 argument can be used to change the default error message,
1281 or select one of the operations `discard' and `quarantine'.
1282 Without that second argument, the error message will be
1283
1284 Rejected: IP-ADDRESS listed at SERVER
1285
1286 where IP-ADDRESS and SERVER are replaced by the appropriate
1287 information. By default, temporary lookup failures are
1288 ignored. This behavior can be changed by specifying a
1289 third argument, which must be either `t' or a full error
1290 message. See the anti-spam configuration control section for
1291 an example. The dnsbl feature can be included several times
1292 to query different DNS based rejection lists. See also
1293 enhdnsbl for an enhanced version.
1294
1295 Set the DNSBL_MAP mc option to change the default map
1296 definition from `host'. Set the DNSBL_MAP_OPT mc option
1297 to add additional options to the map specification used.
1298
1299 Some DNS based rejection lists cause failures if asked
1300 for AAAA records. If your sendmail version is compiled
1301 with IPv6 support (NETINET6) and you experience this
1302 problem, add
1303
1304 define(`DNSBL_MAP', `dns -R A')
1305
1306 before the first use of this feature. Alternatively you
1307 can use enhdnsbl instead (see below). Moreover, this
1308 statement can be used to reduce the number of DNS retries,
1309 e.g.,
1310
1311 define(`DNSBL_MAP', `dns -R A -r2')
1312
1313 See below (EDNSBL_TO) for an explanation.
1314
1315enhdnsbl Enhanced version of dnsbl (see above). Further arguments
1316 (up to 5) can be used to specify specific return values
1317 from lookups. Temporary lookup failures are ignored unless
1318 a third argument is given, which must be either `t' or a full
1319 error message. By default, any successful lookup will
1320 generate an error. Otherwise the result of the lookup is
1321 compared with the supplied argument(s), and only if a match
1322 occurs an error is generated. For example,
1323
1324 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
1325
1326 will reject the e-mail if the lookup returns the value
1327 ``127.0.0.2.'', or generate a 451 response if the lookup
1328 temporarily failed. The arguments can contain metasymbols
1329 as they are allowed in the LHS of rules. As the example
1330 shows, the default values are also used if an empty argument,
1331 i.e., `', is specified. This feature requires that sendmail
1332 has been compiled with the flag DNSMAP (see sendmail/README).
1333
1334 Set the EDNSBL_TO mc option to change the DNS retry count
1335 from the default value of 5, this can be very useful when
1336 a DNS server is not responding, which in turn may cause
1337 clients to time out (an entry stating
1338
1339 did not issue MAIL/EXPN/VRFY/ETRN
1340
1341 will be logged).
1342
1343ratecontrol Enable simple ruleset to do connection rate control
1344 checking. This requires entries in access_db of the form
1345
1346 ClientRate:IP.ADD.RE.SS LIMIT
1347
1348 The RHS specifies the maximum number of connections
1349 (an integer number) over the time interval defined
1350 by ConnectionRateWindowSize, where 0 means unlimited.
1351
1352 Take the following example:
1353
1354 ClientRate:10.1.2.3 4
1355 ClientRate:127.0.0.1 0
1356 ClientRate: 10
1357
1358 10.1.2.3 can only make up to 4 connections, the
1359 general limit it 10, and 127.0.0.1 can make an unlimited
1360 number of connections per ConnectionRateWindowSize.
1361
1362 See also CONNECTION CONTROL.
1363
1364conncontrol Enable a simple check of the number of incoming SMTP
1365 connections. This requires entries in access_db of the
1366 form
1367
1368 ClientConn:IP.ADD.RE.SS LIMIT
1369
1370 The RHS specifies the maximum number of open connections
1371 (an integer number).
1372
1373 Take the following example:
1374
1375 ClientConn:10.1.2.3 4
1376 ClientConn:127.0.0.1 0
1377 ClientConn: 10
1378
1379 10.1.2.3 can only have up to 4 open connections, the
1380 general limit it 10, and 127.0.0.1 does not have any
1381 explicit limit.
1382
1383 See also CONNECTION CONTROL.
1384
1385mtamark Experimental support for "Marking Mail Transfer Agents in
1386 Reverse DNS with TXT RRs" (MTAMark), see
1387 draft-stumpf-dns-mtamark-01. Optional arguments are:
1388
1389 1. Error message, default:
1390
1391 550 Rejected: $&{client_addr} not listed as MTA
1392
1393 2. Temporary lookup failures are ignored unless a second
1394 argument is given, which must be either `t' or a full
1395 error message.
1396
1397 3. Lookup prefix, default: _perm._smtp._srv. This should
1398 not be changed unless the draft changes it.
1399
1400 Example:
1401
1402 FEATURE(`mtamark', `', `t')
1403
1404lookupdotdomain Look up also .domain in the access map. This allows to
1405 match only subdomains. It does not work well with
1406 FEATURE(`relay_hosts_only'), because most lookups for
1407 subdomains are suppressed by the latter feature.
1408
1409loose_relay_check
1410 Normally, if % addressing is used for a recipient, e.g.
1411 user%site@othersite, and othersite is in class {R}, the
1412 check_rcpt ruleset will strip @othersite and recheck
1413 user@site for relaying. This feature changes that
1414 behavior. It should not be needed for most installations.
1415
1416authinfo Provide a separate map for client side authentication
1417 information. See SMTP AUTHENTICATION for details.
1418 By default, the authinfo database specification is:
1419
1420 hash /etc/mail/authinfo
1421
1422preserve_luser_host
1423 Preserve the name of the recipient host if LUSER_RELAY is
1424 used. Without this option, the domain part of the
1425 recipient address will be replaced by the host specified as
1426 LUSER_RELAY. This feature only works if the hostname is
1427 passed to the mailer (see mailer triple in op.me). Note
1428 that in the default configuration the local mailer does not
1429 receive the hostname, i.e., the mailer triple has an empty
1430 hostname.
1431
1432preserve_local_plus_detail
1433 Preserve the +detail portion of the address when passing
1434 address to local delivery agent. Disables alias and
1435 .forward +detail stripping (e.g., given user+detail, only
1436 that address will be looked up in the alias file; user+* and
1437 user will not be looked up). Only use if the local
1438 delivery agent in use supports +detail addressing.
1439 Moreover, this will most likely not work if the 'w' flag
1440 for the local mailer is set as the entire local address
1441 including +detail is passed to the user lookup function.
1442
1443compat_check Enable ruleset check_compat to look up pairs of addresses
1444 with the Compat: tag -- Compat:sender<@>recipient -- in the
1445 access map. Valid values for the RHS include
1446 DISCARD silently discard recipient
1447 TEMP: return a temporary error
1448 ERROR: return a permanent error
1449 In the last two cases, a 4xy/5xy SMTP reply code should
1450 follow the colon.
1451
1452no_default_msa Don't generate the default MSA daemon, i.e.,
1453 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1454 To define a MSA daemon with other parameters, use this
1455 FEATURE and introduce new settings via DAEMON_OPTIONS().
1456
1457msp Defines config file for Message Submission Program.
1458 See sendmail/SECURITY for details and cf/cf/submit.mc how
1459 to use it. An optional argument can be used to override
1460 the default of `[localhost]' to use as host to send all
1461 e-mails to. Note that MX records will be used if the
1462 specified hostname is not in square brackets (e.g.,
1463 [hostname]). If `MSA' is specified as second argument then
1464 port 587 is used to contact the server. Example:
1465
1466 FEATURE(`msp', `', `MSA')
1467
1468 Some more hints about possible changes can be found below
1469 in the section MESSAGE SUBMISSION PROGRAM.
1470
1471 Note: Due to many problems, submit.mc uses
1472
1473 FEATURE(`msp', `[127.0.0.1]')
1474
1475 by default. If you have a machine with IPv6 only,
1476 change it to
1477
1478 FEATURE(`msp', `[IPv6:0:0:0:0:0:0:0:1]')
1479
1480 If you want to continue using '[localhost]', (the behavior
1481 up to 8.12.6), use
1482
1483 FEATURE(`msp')
1484
1485queuegroup A simple example how to select a queue group based
1486 on the full e-mail address or the domain of the
1487 recipient. Selection is done via entries in the
1488 access map using the tag QGRP:, for example:
1489
1490 QGRP:example.com main
1491 QGRP:friend@some.org others
1492 QGRP:my.domain local
1493
1494 where "main", "others", and "local" are names of
1495 queue groups. If an argument is specified, it is used
1496 as default queue group.
1497
1498 Note: please read the warning in doc/op/op.me about
1499 queue groups and possible queue manipulations.
1500
1501greet_pause Adds the greet_pause ruleset which enables open proxy
1502 and SMTP slamming protection. The feature can take an
1503 argument specifying the milliseconds to wait:
1504
1505 FEATURE(`greet_pause', `5000') dnl 5 seconds
1506
1507 If FEATURE(`access_db') is enabled, an access database
1508 lookup with the GreetPause tag is done using client
1509 hostname, domain, IP address, or subnet to determine the
1510 pause time:
1511
1512 GreetPause:my.domain 0
1513 GreetPause:example.com 5000
1514 GreetPause:10.1.2 2000
1515 GreetPause:127.0.0.1 0
1516
1517 When using FEATURE(`access_db'), the optional
1518 FEATURE(`greet_pause') argument becomes the default if
1519 nothing is found in the access database. A ruleset called
1520 Local_greet_pause can be used for local modifications, e.g.,
1521
1522 LOCAL_RULESETS
1523 SLocal_greet_pause
1524 R$* $: $&{daemon_flags}
1525 R$* a $* $# 0
1526
1527block_bad_helo Reject messages from SMTP clients which provide a HELO/EHLO
1528 argument which is either unqualified, or is one of our own
1529 names (i.e., the server name instead of the client name).
1530 This check is performed at RCPT stage and disabled for the
1531 following cases:
1532 - authenticated sessions,
1533 - connections from IP addresses in class $={R}.
1534 Currently access_db lookups can not be used to
1535 (selectively) disable this test, moreover,
1536
1537 FEATURE(`delay_checks')
1538
1539 is required. Note, the block_bad_helo feature automatically
1540 adds the IPv6 and IPv4 localhost IP addresses to $={w} (local
1541 host names) and $={R} (relay permitted).
1542
1543require_rdns Reject mail from connecting SMTP clients without proper
1544 rDNS (reverse DNS), functional gethostbyaddr() resolution.
1545 Note: this feature will cause false positives, i.e., there
1546 are legitimate MTAs that do not have proper DNS entries.
1547 Rejecting mails from those MTAs is a local policy decision.
1548
1549 The basic policy is to reject message with a 5xx error if
1550 the IP address fails to resolve. However, if this is a
1551 temporary failure, a 4xx temporary failure is returned.
1552 If the look-up succeeds, but returns an apparently forged
1553 value, this is treated as a temporary failure with a 4xx
1554 error code.
1555
1556 EXCEPTIONS:
1557
1558 Exceptions based on access entries are discussed below.
1559 Any IP address matched using $=R (the "relay-domains" file)
1560 is excepted from the rules. Since we have explicitly
1561 allowed relaying for this host, based on IP address, we
1562 ignore the rDNS failure.
1563
1564 The philosophical assumption here is that most users do
1565 not control their rDNS. They should be able to send mail
1566 through their ISP, whether or not they have valid rDNS.
1567 The class $=R, roughly speaking, contains those IP addresses
1568 and address ranges for which we are the ISP, or are acting
1569 as if the ISP.
1570
1571 If `delay_checks' is in effect (recommended), then any
1572 sender who has authenticated is also excepted from the
1573 restrictions. This happens because the rules produced by
1574 this FEATURE() will not be applied to authenticated senders
1575 (assuming `delay_checks').
1576
1577 ACCESS MAP ENTRIES:
1578
1579 Entries such as
1580 Connect:1.2.3.4 OK
1581 Connect:1.2 RELAY
1582 will allowlist IP address 1.2.3.4, so that the rDNS
1583 blocking does apply to that IP address
1584
1585 Entries such as
1586 Connect:1.2.3.4 REJECT
1587 will have the effect of forcing a temporary failure for
1588 that address to be treated as a permanent failure.
1589
1590badmx Reject envelope sender addresses (MAIL) whose domain part
1591 resolves to a "bad" MX record. By default these are
1592 MX records which resolve to A records that match the
1593 regular expression:
1594
1595 ^(127\.|10\.|0\.0\.0\.0)
1596
1597 This default regular expression can be overridden by
1598 specifying an argument, e.g.,
1599
1600 FEATURE(`badmx', `^127\.0\.0\.1')
1601
1602 Note: this feature requires that the sendmail binary
1603 has been compiled with the options MAP_REGEX and
1604 DNSMAP.
1605
1606+-------+
1607| HACKS |
1608+-------+
1609
1610Some things just can't be called features. To make this clear,
1611they go in the hack subdirectory and are referenced using the HACK
1612macro. These will tend to be site-dependent. The release
1613includes the Berkeley-dependent "cssubdomain" hack (that makes
1614sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
1615this is intended as a short-term aid while moving hosts into
1616subdomains.
1617
1618
1619+--------------------+
1620| SITE CONFIGURATION |
1621+--------------------+
1622
1623 *****************************************************
1624 * This section is really obsolete, and is preserved *
1625 * only for back compatibility. You should plan on *
1626 * using mailertables for new installations. In *
1627 * particular, it doesn't work for the newer forms *
1628 * of UUCP mailers, such as uucp-uudom. *
1629 *****************************************************
1630
1631Complex sites will need more local configuration information, such as
1632lists of UUCP hosts they speak with directly. This can get a bit more
1633tricky. For an example of a "complex" site, see cf/ucbvax.mc.
1634
1635The SITECONFIG macro allows you to indirectly reference site-dependent
1636configuration information stored in the siteconfig subdirectory. For
1637example, the line
1638
1639 SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
1640
1641reads the file uucp.ucbvax for local connection information. The
1642second parameter is the local name (in this case just "ucbvax" since
1643it is locally connected, and hence a UUCP hostname). The third
1644parameter is the name of both a macro to store the local name (in
1645this case, {U}) and the name of the class (e.g., {U}) in which to store
1646the host information read from the file. Another SITECONFIG line reads
1647
1648 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
1649
1650This says that the file uucp.ucbarpa contains the list of UUCP sites
1651connected to ucbarpa.Berkeley.EDU. Class {W} will be used to
1652store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
1653is, the name of the relay to which the hosts listed in uucp.ucbarpa
1654are connected. [The machine ucbarpa is gone now, but this
1655out-of-date configuration file has been left around to demonstrate
1656how you might do this.]
1657
1658Note that the case of SITECONFIG with a third parameter of ``U'' is
1659special; the second parameter is assumed to be the UUCP name of the
1660local site, rather than the name of a remote site, and the UUCP name
1661is entered into class {w} (the list of local hostnames) as $U.UUCP.
1662
1663The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
1664more than a sequence of SITE macros describing connectivity. For
1665example:
1666
1667 SITE(`cnmat')
1668 SITE(`sgi olympus')
1669
1670The second example demonstrates that you can use two names on the
1671same line; these are usually aliases for the same host (or are at
1672least in the same company).
1673
1674The macro LOCAL_UUCP can be used to add rules into the generated
1675cf file at the place where MAILER(`uucp') inserts its rules. This
1676should only be used if really necessary.
1677
1678+--------------------+
1679| USING UUCP MAILERS |
1680+--------------------+
1681
1682It's hard to get UUCP mailers right because of the extremely ad hoc
1683nature of UUCP addressing. These config files are really designed
1684for domain-based addressing, even for UUCP sites.
1685
1686There are four UUCP mailers available. The choice of which one to
1687use is partly a matter of local preferences and what is running at
1688the other end of your UUCP connection. Unlike good protocols that
1689define what will go over the wire, UUCP uses the policy that you
1690should do what is right for the other end; if they change, you have
1691to change. This makes it hard to do the right thing, and discourages
1692people from updating their software. In general, if you can avoid
1693UUCP, please do.
1694
1695The major choice is whether to go for a domainized scheme or a
1696non-domainized scheme. This depends entirely on what the other
1697end will recognize. If at all possible, you should encourage the
1698other end to go to a domain-based system -- non-domainized addresses
1699don't work entirely properly.
1700
1701The four mailers are:
1702
1703 uucp-old (obsolete name: "uucp")
1704 This is the oldest, the worst (but the closest to UUCP) way of
1705 sending messages across UUCP connections. It does bangify
1706 everything and prepends $U (your UUCP name) to the sender's
1707 address (which can already be a bang path itself). It can
1708 only send to one address at a time, so it spends a lot of
1709 time copying duplicates of messages. Avoid this if at all
1710 possible.
1711
1712 uucp-new (obsolete name: "suucp")
1713 The same as above, except that it assumes that in one rmail
1714 command you can specify several recipients. It still has a
1715 lot of other problems.
1716
1717 uucp-dom
1718 This UUCP mailer keeps everything as domain addresses.
1719 Basically, it uses the SMTP mailer rewriting rules. This mailer
1720 is only included if MAILER(`smtp') is specified before
1721 MAILER(`uucp').
1722
1723 Unfortunately, a lot of UUCP mailer transport agents require
1724 bangified addresses in the envelope, although you can use
1725 domain-based addresses in the message header. (The envelope
1726 shows up as the From_ line on UNIX mail.) So....
1727
1728 uucp-uudom
1729 This is a cross between uucp-new (for the envelope addresses)
1730 and uucp-dom (for the header addresses). It bangifies the
1731 envelope sender (From_ line in messages) without adding the
1732 local hostname, unless there is no host name on the address
1733 at all (e.g., "wolf") or the host component is a UUCP host name
1734 instead of a domain name ("somehost!wolf" instead of
1735 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
1736 is also specified earlier.
1737
1738Examples:
1739
1740On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1741summarizes the sender rewriting for various mailers.
1742
1743Mailer sender rewriting in the envelope
1744------ ------ -------------------------
1745uucp-{old,new} wolf grasp!wolf
1746uucp-dom wolf wolf@grasp.insa-lyon.fr
1747uucp-uudom wolf grasp.insa-lyon.fr!wolf
1748
1749uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
1750uucp-dom wolf@fr.net wolf@fr.net
1751uucp-uudom wolf@fr.net fr.net!wolf
1752
1753uucp-{old,new} somehost!wolf grasp!somehost!wolf
1754uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
1755uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
1756
1757If you are using one of the domainized UUCP mailers, you really want
1758to convert all UUCP addresses to domain format -- otherwise, it will
1759do it for you (and probably not the way you expected). For example,
1760if you have the address foo!bar!baz (and you are not sending to foo),
1761the heuristics will add the @uucp.relay.name or @local.host.name to
1762this address. However, if you map foo to foo.host.name first, it
1763will not add the local hostname. You can do this using the uucpdomain
1764feature.
1765
1766
1767+-------------------+
1768| TWEAKING RULESETS |
1769+-------------------+
1770
1771For more complex configurations, you can define special rules.
1772The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1773the names. Any modifications made here are reflected in the header.
1774
1775A common use is to convert old UUCP addresses to SMTP addresses using
1776the UUCPSMTP macro. For example:
1777
1778 LOCAL_RULE_3
1779 UUCPSMTP(`decvax', `decvax.dec.com')
1780 UUCPSMTP(`research', `research.att.com')
1781
1782will cause addresses of the form "decvax!user" and "research!user"
1783to be converted to "user@decvax.dec.com" and "user@research.att.com"
1784respectively.
1785
1786This could also be used to look up hosts in a database map:
1787
1788 LOCAL_RULE_3
1789 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3
1790
1791This map would be defined in the LOCAL_CONFIG portion, as shown below.
1792
1793Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1794For example, new rules are needed to parse hostnames that you accept
1795via MX records. For example, you might have:
1796
1797 LOCAL_RULE_0
1798 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1799
1800You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1801pointing at this host; this rule catches the message and forwards it on
1802using UUCP.
1803
1804You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1805These rulesets are normally empty.
1806
1807A similar macro is LOCAL_CONFIG. This introduces lines added after the
1808boilerplate option setting but before rulesets. Do not declare rulesets in
1809the LOCAL_CONFIG section. It can be used to declare local database maps or
1810whatever. For example:
1811
1812 LOCAL_CONFIG
1813 Khostmap hash /etc/mail/hostmap
1814 Kyplocal nis -m hosts.byname
1815
1816
1817+---------------------------+
1818| MASQUERADING AND RELAYING |
1819+---------------------------+
1820
1821You can have your host masquerade as another using
1822
1823 MASQUERADE_AS(`host.domain')
1824
1825This causes mail being sent to be labeled as coming from the
1826indicated host.domain, rather than $j. One normally masquerades as
1827one of one's own subdomains (for example, it's unlikely that
1828Berkeley would choose to masquerade as an MIT site). This
1829behaviour is modified by a plethora of FEATUREs; in particular, see
1830masquerade_envelope, allmasquerade, limited_masquerade, and
1831masquerade_entire_domain.
1832
1833The masquerade name is not normally canonified, so it is important
1834that it be your One True Name, that is, fully qualified and not a
1835CNAME. However, if you use a CNAME, the receiving side may canonify
1836it for you, so don't think you can cheat CNAME mapping this way.
1837
1838Normally the only addresses that are masqueraded are those that come
1839from this host (that is, are either unqualified or in class {w}, the list
1840of local domain names). You can augment this list, which is realized
1841by class {M} using
1842
1843 MASQUERADE_DOMAIN(`otherhost.domain')
1844
1845The effect of this is that although mail to user@otherhost.domain
1846will not be delivered locally, any mail including any user@otherhost.domain
1847will, when relayed, be rewritten to have the MASQUERADE_AS address.
1848This can be a space-separated list of names.
1849
1850If these names are in a file, you can use
1851
1852 MASQUERADE_DOMAIN_FILE(`filename')
1853
1854to read the list of names from the indicated file (i.e., to add
1855elements to class {M}).
1856
1857To exempt hosts or subdomains from being masqueraded, you can use
1858
1859 MASQUERADE_EXCEPTION(`host.domain')
1860
1861This can come handy if you want to masquerade a whole domain
1862except for one (or a few) host(s). If these names are in a file,
1863you can use
1864
1865 MASQUERADE_EXCEPTION_FILE(`filename')
1866
1867Normally only header addresses are masqueraded. If you want to
1868masquerade the envelope as well, use
1869
1870 FEATURE(`masquerade_envelope')
1871
1872There are always users that need to be "exposed" -- that is, their
1873internal site name should be displayed instead of the masquerade name.
1874Root is an example (which has been "exposed" by default prior to 8.10).
1875You can add users to this list using
1876
1877 EXPOSED_USER(`usernames')
1878
1879This adds users to class {E}; you could also use
1880
1881 EXPOSED_USER_FILE(`filename')
1882
1883You can also arrange to relay all unqualified names (that is, names
1884without @host) to a relay host. For example, if you have a central
1885email server, you might relay to that host so that users don't have
1886to have .forward files or aliases. You can do this using
1887
1888 define(`LOCAL_RELAY', `mailer:hostname')
1889
1890The ``mailer:'' can be omitted, in which case the mailer defaults to
1891"relay". There are some user names that you don't want relayed, perhaps
1892because of local aliases. A common example is root, which may be
1893locally aliased. You can add entries to this list using
1894
1895 LOCAL_USER(`usernames')
1896
1897This adds users to class {L}; you could also use
1898
1899 LOCAL_USER_FILE(`filename')
1900
1901If you want all incoming mail sent to a centralized hub, as for a
1902shared /var/spool/mail scheme, use
1903
1904 define(`MAIL_HUB', `mailer:hostname')
1905
1906Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY
1907and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1908be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1909Note: there is a (long standing) bug which keeps this combination from
1910working for addresses of the form user+detail.
1911Names in class {L} will be delivered locally, so you MUST have aliases or
1912.forward files for them.
1913
1914For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1915FEATURE(`stickyhost'), the following combinations of settings will have the
1916indicated effects:
1917
1918email sent to.... eric eric@mastodon.CS.Berkeley.EDU
1919
1920LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally)
1921mail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
1922
1923MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1924mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done)
1925
1926Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1927MAIL_HUB set as above (no local aliasing) (aliasing done)
1928
1929If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1930MAIL_HUB act identically, with MAIL_HUB taking precedence.
1931
1932If you want all outgoing mail to go to a central relay site, define
1933SMART_HOST as well. Briefly:
1934
1935 LOCAL_RELAY applies to unqualified names (e.g., "eric").
1936 MAIL_HUB applies to names qualified with the name of the
1937 local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1938 SMART_HOST applies to names qualified with other hosts or
1939 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1940 or "eric@[127.0.0.1]").
1941
1942However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1943DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1944really want absolutely everything to go to a single central site you will
1945need to unset all the other relays -- or better yet, find or build a
1946minimal config file that does this.
1947
1948For duplicate suppression to work properly, the host name is best
1949specified with a terminal dot:
1950
1951 define(`MAIL_HUB', `host.domain.')
1952 note the trailing dot ---^
1953
1954
1955+-------------------------------------------+
1956| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1957+-------------------------------------------+
1958
1959LDAP can be used for aliases, maps, and classes by either specifying your
1960own LDAP map specification or using the built-in default LDAP map
1961specification. The built-in default specifications all provide lookups
1962which match against either the machine's fully qualified hostname (${j}) or
1963a "cluster". The cluster allows you to share LDAP entries among a large
1964number of machines without having to enter each of the machine names into
1965each LDAP entry. To set the LDAP cluster name to use for a particular
1966machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1967unique name. For example:
1968
1969 define(`confLDAP_CLUSTER', `Servers')
1970
1971Here, the word `Servers' will be the cluster name. As an example, assume
1972that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1973to the Servers cluster.
1974
1975Some of the LDAP LDIF examples below show use of the Servers cluster.
1976Every entry must have either a sendmailMTAHost or sendmailMTACluster
1977attribute or it will be ignored. Be careful as mixing clusters and
1978individual host records can have surprising results (see the CAUTION
1979sections below).
1980
1981See the file cf/sendmail.schema for the actual LDAP schemas. Note that
1982this schema (and therefore the lookups and examples below) is experimental
1983at this point as it has had little public review. Therefore, it may change
1984in future versions. Feedback via sendmail-YYYY@support.sendmail.org is
1985encouraged (replace YYYY with the current year, e.g., 2005).
1986
1987-------
1988Aliases
1989-------
1990
1991The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
1992lookups. To use the default schema, simply use:
1993
1994 define(`ALIAS_FILE', `ldap:')
1995
1996By doing so, you will use the default schema which expands to a map
1997declared as follows:
1998
1999 ldap -k (&(objectClass=sendmailMTAAliasObject)
2000 (sendmailMTAAliasGrouping=aliases)
2001 (|(sendmailMTACluster=${sendmailMTACluster})
2002 (sendmailMTAHost=$j))
2003 (sendmailMTAKey=%0))
2004 -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
2005
2006
2007NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
2008used when the binary expands the `ldap:' token as the AliasFile option is
2009not actually macro-expanded when read from the sendmail.cf file.
2010
2011Example LDAP LDIF entries might be:
2012
2013 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
2014 objectClass: sendmailMTA
2015 objectClass: sendmailMTAAlias
2016 objectClass: sendmailMTAAliasObject
2017 sendmailMTAAliasGrouping: aliases
2018 sendmailMTAHost: etrn.sendmail.org
2019 sendmailMTAKey: sendmail-list
2020 sendmailMTAAliasValue: ca@example.org
2021 sendmailMTAAliasValue: eric
2022 sendmailMTAAliasValue: gshapiro@example.com
2023
2024 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
2025 objectClass: sendmailMTA
2026 objectClass: sendmailMTAAlias
2027 objectClass: sendmailMTAAliasObject
2028 sendmailMTAAliasGrouping: aliases
2029 sendmailMTAHost: etrn.sendmail.org
2030 sendmailMTAKey: owner-sendmail-list
2031 sendmailMTAAliasValue: eric
2032
2033 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
2034 objectClass: sendmailMTA
2035 objectClass: sendmailMTAAlias
2036 objectClass: sendmailMTAAliasObject
2037 sendmailMTAAliasGrouping: aliases
2038 sendmailMTACluster: Servers
2039 sendmailMTAKey: postmaster
2040 sendmailMTAAliasValue: eric
2041
2042Here, the aliases sendmail-list and owner-sendmail-list will be available
2043only on etrn.sendmail.org but the postmaster alias will be available on
2044every machine in the Servers cluster (including etrn.sendmail.org).
2045
2046CAUTION: aliases are additive so that entries like these:
2047
2048 dn: sendmailMTAKey=bob, dc=sendmail, dc=org
2049 objectClass: sendmailMTA
2050 objectClass: sendmailMTAAlias
2051 objectClass: sendmailMTAAliasObject
2052 sendmailMTAAliasGrouping: aliases
2053 sendmailMTACluster: Servers
2054 sendmailMTAKey: bob
2055 sendmailMTAAliasValue: eric
2056
2057 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
2058 objectClass: sendmailMTA
2059 objectClass: sendmailMTAAlias
2060 objectClass: sendmailMTAAliasObject
2061 sendmailMTAAliasGrouping: aliases
2062 sendmailMTAHost: etrn.sendmail.org
2063 sendmailMTAKey: bob
2064 sendmailMTAAliasValue: gshapiro
2065
2066would mean that on all of the hosts in the cluster, mail to bob would go to
2067eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
2068gshapiro.
2069
2070If you prefer not to use the default LDAP schema for your aliases, you can
2071specify the map parameters when setting ALIAS_FILE. For example:
2072
2073 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
2074
2075----
2076Maps
2077----
2078
2079FEATURE()'s which take an optional map definition argument (e.g., access,
2080mailertable, virtusertable, etc.) can instead take the special keyword
2081`LDAP', e.g.:
2082
2083 FEATURE(`access_db', `LDAP')
2084 FEATURE(`virtusertable', `LDAP')
2085
2086When this keyword is given, that map will use LDAP lookups consisting of
2087the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
2088with the map name, a search attribute of sendmailMTAKey, and the value
2089attribute sendmailMTAMapValue.
2090
2091The values for sendmailMTAMapName are:
2092
2093 FEATURE() sendmailMTAMapName
2094 --------- ------------------
2095 access_db access
2096 authinfo authinfo
2097 bitdomain bitdomain
2098 domaintable domain
2099 genericstable generics
2100 mailertable mailer
2101 uucpdomain uucpdomain
2102 virtusertable virtuser
2103
2104For example, FEATURE(`mailertable', `LDAP') would use the map definition:
2105
2106 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
2107 (sendmailMTAMapName=mailer)
2108 (|(sendmailMTACluster=${sendmailMTACluster})
2109 (sendmailMTAHost=$j))
2110 (sendmailMTAKey=%0))
2111 -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
2112
2113An example LDAP LDIF entry using this map might be:
2114
2115 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
2116 objectClass: sendmailMTA
2117 objectClass: sendmailMTAMap
2118 sendmailMTACluster: Servers
2119 sendmailMTAMapName: mailer
2120
2121 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2122 objectClass: sendmailMTA
2123 objectClass: sendmailMTAMap
2124 objectClass: sendmailMTAMapObject
2125 sendmailMTAMapName: mailer
2126 sendmailMTACluster: Servers
2127 sendmailMTAKey: example.com
2128 sendmailMTAMapValue: relay:[smtp.example.com]
2129
2130CAUTION: If your LDAP database contains the record above and *ALSO* a host
2131specific record such as:
2132
2133 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2134 objectClass: sendmailMTA
2135 objectClass: sendmailMTAMap
2136 objectClass: sendmailMTAMapObject
2137 sendmailMTAMapName: mailer
2138 sendmailMTAHost: etrn.sendmail.org
2139 sendmailMTAKey: example.com
2140 sendmailMTAMapValue: relay:[mx.example.com]
2141
2142then these entries will give unexpected results. When the lookup is done
2143on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
2144require a single match. Since the host etrn.sendmail.org is also in the
2145Servers cluster, LDAP would return two answers for the example.com map key
2146in which case sendmail would treat this as no match at all.
2147
2148If you prefer not to use the default LDAP schema for your maps, you can
2149specify the map parameters when using the FEATURE(). For example:
2150
2151 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
2152
2153-------
2154Classes
2155-------
2156
2157Normally, classes can be filled via files or programs. As of 8.12, they
2158can also be filled via map lookups using a new syntax:
2159
2160 F{ClassName}mapkey@mapclass:mapspec
2161
2162mapkey is optional and if not provided the map key will be empty. This can
2163be used with LDAP to read classes from LDAP. Note that the lookup is only
2164done when sendmail is initially started. Use the special value `@LDAP' to
2165use the default LDAP schema. For example:
2166
2167 RELAY_DOMAIN_FILE(`@LDAP')
2168
2169would put all of the attribute sendmailMTAClassValue values of LDAP records
2170with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
2171'R' into class $={R}. In other words, it is equivalent to the LDAP map
2172specification:
2173
2174 F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
2175 (sendmailMTAClassName=R)
2176 (|(sendmailMTACluster=${sendmailMTACluster})
2177 (sendmailMTAHost=$j)))
2178 -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
2179
2180NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
2181used when the binary expands the `@LDAP' token as class declarations are
2182not actually macro-expanded when read from the sendmail.cf file.
2183
2184This can be used with class related commands such as RELAY_DOMAIN_FILE(),
2185MASQUERADE_DOMAIN_FILE(), etc:
2186
2187 Command sendmailMTAClassName
2188 ------- --------------------
2189 CANONIFY_DOMAIN_FILE() Canonify
2190 EXPOSED_USER_FILE() E
2191 GENERICS_DOMAIN_FILE() G
2192 LDAPROUTE_DOMAIN_FILE() LDAPRoute
2193 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv
2194 LOCAL_USER_FILE() L
2195 MASQUERADE_DOMAIN_FILE() M
2196 MASQUERADE_EXCEPTION_FILE() N
2197 RELAY_DOMAIN_FILE() R
2198 VIRTUSER_DOMAIN_FILE() VirtHost
2199
2200You can also add your own as any 'F'ile class of the form:
2201
2202 F{ClassName}@LDAP
2203 ^^^^^^^^^
2204will use "ClassName" for the sendmailMTAClassName.
2205
2206An example LDAP LDIF entry would look like:
2207
2208 dn: sendmailMTAClassName=R, dc=sendmail, dc=org
2209 objectClass: sendmailMTA
2210 objectClass: sendmailMTAClass
2211 sendmailMTACluster: Servers
2212 sendmailMTAClassName: R
2213 sendmailMTAClassValue: sendmail.org
2214 sendmailMTAClassValue: example.com
2215 sendmailMTAClassValue: 10.56.23
2216
2217CAUTION: If your LDAP database contains the record above and *ALSO* a host
2218specific record such as:
2219
2220 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
2221 objectClass: sendmailMTA
2222 objectClass: sendmailMTAClass
2223 sendmailMTAHost: etrn.sendmail.org
2224 sendmailMTAClassName: R
2225 sendmailMTAClassValue: example.com
2226
2227the result will be similar to the aliases caution above. When the lookup
2228is done on etrn.sendmail.org, $={R} would contain all of the entries (from
2229both the cluster match and the host match). In other words, the effective
2230is additive.
2231
2232If you prefer not to use the default LDAP schema for your classes, you can
2233specify the map parameters when using the class command. For example:
2234
2235 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
2236
2237Remember, macros can not be used in a class declaration as the binary does
2238not expand them.
2239
2240
2241+--------------+
2242| LDAP ROUTING |
2243+--------------+
2244
2245FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
2246LDAP Schema for Intranet Mail Routing
2247(draft-lachman-laser-ldap-mail-routing-01). This feature enables
2248LDAP-based rerouting of a particular address to either a different host
2249or a different address. The LDAP lookup is first attempted on the full
2250address (e.g., user@example.com) and then on the domain portion
2251(e.g., @example.com). Be sure to setup your domain for LDAP routing using
2252LDAPROUTE_DOMAIN(), e.g.:
2253
2254 LDAPROUTE_DOMAIN(`example.com')
2255
2256Additionally, you can specify equivalent domains for LDAP routing using
2257LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent'
2258hostnames are mapped to $M (the masqueraded hostname for the server) before
2259the LDAP query. For example, if the mail is addressed to
2260user@host1.example.com, normally the LDAP lookup would only be done for
2261'user@host1.example.com' and '@host1.example.com'. However, if
2262LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
2263done on 'user@example.com' and '@example.com' after attempting the
2264host1.example.com lookups.
2265
2266By default, the feature will use the schemas as specified in the draft
2267and will not reject addresses not found by the LDAP lookup. However,
2268this behavior can be changed by giving additional arguments to the FEATURE()
2269command:
2270
2271 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
2272 <detail>, <nodomain>, <tempfail>)
2273
2274where <mailHost> is a map definition describing how to look up an alternative
2275mail host for a particular address; <mailRoutingAddress> is a map definition
2276describing how to look up an alternative address for a particular address;
2277the <bounce> argument, if present and not the word "passthru", dictates
2278that mail should be bounced if neither a mailHost nor mailRoutingAddress
2279is found, if set to "sendertoo", the sender will be rejected if not
2280found in LDAP; and <detail> indicates what actions to take if the address
2281contains +detail information -- `strip' tries the lookup with the +detail
2282and if no matches are found, strips the +detail and tries the lookup again;
2283`preserve', does the same as `strip' but if a mailRoutingAddress match is
2284found, the +detail information is copied to the new address; the <nodomain>
2285argument, if present, will prevent the @domain lookup if the full
2286address is not found in LDAP; the <tempfail> argument, if set to
2287"tempfail", instructs the rules to give an SMTP 4XX temporary
2288error if the LDAP server gives the MTA a temporary failure, or if set to
2289"queue" (the default), the MTA will locally queue the mail.
2290
2291The default <mailHost> map definition is:
2292
2293 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2294 (mailLocalAddress=%0))
2295
2296The default <mailRoutingAddress> map definition is:
2297
2298 ldap -1 -T<TMPF> -v mailRoutingAddress
2299 -k (&(objectClass=inetLocalMailRecipient)
2300 (mailLocalAddress=%0))
2301
2302Note that neither includes the LDAP server hostname (-h server) or base DN
2303(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
2304your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
2305these settings. If this is not the case, the map definitions should be
2306changed as described above. The "-T<TMPF>" is required in any user
2307specified map definition to catch temporary errors.
2308
2309The following possibilities exist as a result of an LDAP lookup on an
2310address:
2311
2312 mailHost is mailRoutingAddress is Results in
2313 ----------- --------------------- ----------
2314 set to a set mail delivered to
2315 "local" host mailRoutingAddress
2316
2317 set to a not set delivered to
2318 "local" host original address
2319
2320 set to a set mailRoutingAddress
2321 remote host relayed to mailHost
2322
2323 set to a not set original address
2324 remote host relayed to mailHost
2325
2326 not set set mail delivered to
2327 mailRoutingAddress
2328
2329 not set not set delivered to
2330 original address *OR*
2331 bounced as unknown user
2332
2333The term "local" host above means the host specified is in class {w}. If
2334the result would mean sending the mail to a different host, that host is
2335looked up in the mailertable before delivery.
2336
2337Note that the last case depends on whether the third argument is given
2338to the FEATURE() command. The default is to deliver the message to the
2339original address.
2340
2341The LDAP entries should be set up with an objectClass of
2342inetLocalMailRecipient and the address be listed in a mailLocalAddress
2343attribute. If present, there must be only one mailHost attribute and it
2344must contain a fully qualified host name as its value. Similarly, if
2345present, there must be only one mailRoutingAddress attribute and it must
2346contain an RFC 822 compliant address. Some example LDAP records (in LDIF
2347format):
2348
2349 dn: uid=tom, o=example.com, c=US
2350 objectClass: inetLocalMailRecipient
2351 mailLocalAddress: tom@example.com
2352 mailRoutingAddress: thomas@mailhost.example.com
2353
2354This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2355
2356 dn: uid=dick, o=example.com, c=US
2357 objectClass: inetLocalMailRecipient
2358 mailLocalAddress: dick@example.com
2359 mailHost: eng.example.com
2360
2361This would relay mail for dick@example.com to the same address but redirect
2362the mail to MX records listed for the host eng.example.com (unless the
2363mailertable overrides).
2364
2365 dn: uid=harry, o=example.com, c=US
2366 objectClass: inetLocalMailRecipient
2367 mailLocalAddress: harry@example.com
2368 mailHost: mktmail.example.com
2369 mailRoutingAddress: harry@mkt.example.com
2370
2371This would relay mail for harry@example.com to the MX records listed for
2372the host mktmail.example.com using the new address harry@mkt.example.com
2373when talking to that host.
2374
2375 dn: uid=virtual.example.com, o=example.com, c=US
2376 objectClass: inetLocalMailRecipient
2377 mailLocalAddress: @virtual.example.com
2378 mailHost: server.example.com
2379 mailRoutingAddress: virtual@example.com
2380
2381This would send all mail destined for any username @virtual.example.com to
2382the machine server.example.com's MX servers and deliver to the address
2383virtual@example.com on that relay machine.
2384
2385
2386+---------------------------------+
2387| ANTI-SPAM CONFIGURATION CONTROL |
2388+---------------------------------+
2389
2390The primary anti-spam features available in sendmail are:
2391
2392* Relaying is denied by default.
2393* Better checking on sender information.
2394* Access database.
2395* Header checks.
2396
2397Relaying (transmission of messages from a site outside your host (class
2398{w}) to another site except yours) is denied by default. Note that this
2399changed in sendmail 8.9; previous versions allowed relaying by default.
2400If you really want to revert to the old behaviour, you will need to use
2401FEATURE(`promiscuous_relay'). You can allow certain domains to relay
2402through your server by adding their domain name or IP address to class
2403{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2404(described below). Note that IPv6 addresses must be prefaced with "IPv6:".
2405The file consists (like any other file based class) of entries listed on
2406separate lines, e.g.,
2407
2408 sendmail.org
2409 128.32
2410 IPv6:2002:c0a8:02c7
2411 IPv6:2002:c0a8:51d2::23f4
2412 host.mydomain.com
2413 [UNIX:localhost]
2414
2415Notice: the last entry allows relaying for connections via a UNIX
2416socket to the MTA/MSP. This might be necessary if your configuration
2417doesn't allow relaying by other means in that case, e.g., by having
2418localhost.$m in class {R} (make sure $m is not just a top level
2419domain).
2420
2421If you use
2422
2423 FEATURE(`relay_entire_domain')
2424
2425then any host in any of your local domains (that is, class {m})
2426will be relayed (that is, you will accept mail either to or from any
2427host in your domain).
2428
2429You can also allow relaying based on the MX records of the host
2430portion of an incoming recipient address by using
2431
2432 FEATURE(`relay_based_on_MX')
2433
2434For example, if your server receives a recipient of user@domain.com
2435and domain.com lists your server in its MX records, the mail will be
2436accepted for relay to domain.com. This feature may cause problems
2437if MX lookups for the recipient domain are slow or time out. In that
2438case, mail will be temporarily rejected. It is usually better to
2439maintain a list of hosts/domains for which the server acts as relay.
2440Note also that this feature will stop spammers from using your host
2441to relay spam but it will not stop outsiders from using your server
2442as a relay for their site (that is, they set up an MX record pointing
2443to your mail server, and you will relay mail addressed to them
2444without any prior arrangement). Along the same lines,
2445
2446 FEATURE(`relay_local_from')
2447
2448will allow relaying if the sender specifies a return path (i.e.
2449MAIL FROM:<user@domain>) domain which is a local domain. This is a
2450dangerous feature as it will allow spammers to spam using your mail
2451server by simply specifying a return address of user@your.domain.com.
2452It should not be used unless absolutely necessary.
2453A slightly better solution is
2454
2455 FEATURE(`relay_mail_from')
2456
2457which allows relaying if the mail sender is listed as RELAY in the
2458access map. If an optional argument `domain' (this is the literal
2459word `domain', not a placeholder) is given, the domain portion of
2460the mail sender is also checked to allowing relaying. This option
2461only works together with the tag From: for the LHS of the access
2462map entries. This feature allows spammers to abuse your mail server
2463by specifying a return address that you enabled in your access file.
2464This may be harder to figure out for spammers, but it should not
2465be used unless necessary. Instead use SMTP AUTH or STARTTLS to
2466allow relaying for roaming users.
2467
2468
2469If source routing is used in the recipient address (e.g.,
2470RCPT TO:<user%site.com@othersite.com>), sendmail will check
2471user@site.com for relaying if othersite.com is an allowed relay host
2472in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2473or the access database if FEATURE(`access_db') is used. To prevent
2474the address from being stripped down, use:
2475
2476 FEATURE(`loose_relay_check')
2477
2478If you think you need to use this feature, you probably do not. This
2479should only be used for sites which have no control over the addresses
2480that they provide a gateway for. Use this FEATURE with caution as it
2481can allow spammers to relay through your server if not setup properly.
2482
2483NOTICE: It is possible to relay mail through a system which the
2484anti-relay rules do not prevent: the case of a system that does use
2485FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial')
2486(system A) and relays local messages to a mail hub (e.g., via
2487LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the
2488same feature (nouucp / nopercenthack) at all, addresses of the form
2489<example.net!user@local.host> / <user%example.net@local.host>
2490would be relayed to <user@example.net>.
2491System A doesn't recognize `!' / `%' as an address separator and
2492therefore forwards it to the mail hub which in turns relays it
2493because it came from a trusted local host. So if a mailserver
2494allows UUCP (bang-format) / %-hack addresses, all systems from which
2495it allows relaying should do the same or reject those addresses.
2496
2497As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2498an unresolvable domain (i.e., one that DNS, your local name service,
2499or special case rules in ruleset 3 cannot locate). This also applies
2500to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2501IP address can't be mapped to a host name. If you want to continue
2502to accept such domains, e.g., because you are inside a firewall that
2503has only a limited view of the Internet host name space (note that you
2504will not be able to return mail to them unless you have some "smart
2505host" forwarder), use
2506
2507 FEATURE(`accept_unresolvable_domains')
2508
2509Alternatively, you can allow specific addresses by adding them to
2510the access map, e.g.,
2511
2512 From:unresolvable.domain OK
2513 From:[1.2.3.4] OK
2514 From:[1.2.4] OK
2515
2516Notice: domains which are temporarily unresolvable are (temporarily)
2517rejected with a 451 reply code. If those domains should be accepted
2518(which is discouraged) then you can use
2519
2520 LOCAL_CONFIG
2521 C{ResOk}TEMP
2522
2523sendmail will also refuse mail if the MAIL FROM: parameter is not
2524fully qualified (i.e., contains a domain as well as a user). If you
2525want to continue to accept such senders, use
2526
2527 FEATURE(`accept_unqualified_senders')
2528
2529Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2530i.e., unqualified addresses are accepted even without this FEATURE. If
2531this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2532to enforce fully qualified domain names.
2533
2534An ``access'' database can be created to accept or reject mail from
2535selected domains. For example, you may choose to reject all mail
2536originating from known spammers. To enable such a database, use
2537
2538 FEATURE(`access_db')
2539
2540Notice: the access database is applied to the envelope addresses
2541and the connection information, not to the header.
2542
2543The FEATURE macro can accept as second parameter the key file
2544definition for the database; for example
2545
2546 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2547
2548Notice: If a second argument is specified it must contain the option
2549`-T<TMPF>' as shown above. The optional parameters may be
2550
2551 `skip' enables SKIP as value part (see below).
2552 `lookupdotdomain' another way to enable the feature of the
2553 same name (see above).
2554 `relaytofulladdress' enable entries of the form
2555 To:user@example.com RELAY
2556 to allow relaying to just a specific
2557 e-mail address instead of an entire domain.
2558
2559Remember, since /etc/mail/access is a database, after creating the text
2560file as described below, you must use makemap to create the database
2561map. For example:
2562
2563 makemap hash /etc/mail/access < /etc/mail/access
2564
2565The table itself uses e-mail addresses, domain names, and network
2566numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:".
2567For example,
2568
2569 From:spammer@aol.com REJECT
2570 From:cyberspammer.com REJECT
2571 Connect:cyberspammer.com REJECT
2572 Connect:TLD REJECT
2573 Connect:192.168.212 REJECT
2574 Connect:IPv6:2002:c0a8:02c7 RELAY
2575 Connect:IPv6:2002:c0a8:51d2::23f4 REJECT
2576
2577would refuse mail from spammer@aol.com, any user from cyberspammer.com
2578(or any host within the cyberspammer.com domain), any host in the entire
2579top level domain TLD, 192.168.212.* network, and the IPv6 address
25802002:c0a8:51d2::23f4. It would allow relay for the IPv6 network
25812002:c0a8:02c7::/48.
2582
2583Entries in the access map should be tagged according to their type.
2584Three tags are available:
2585
2586 Connect: connection information (${client_addr}, ${client_name})
2587 From: envelope sender
2588 To: envelope recipient
2589
2590Notice: untagged entries are deprecated.
2591
2592If the required item is looked up in a map, it will be tried first
2593with the corresponding tag in front, then (as fallback to enable
2594backward compatibility) without any tag, unless the specific feature
2595requires a tag. For example,
2596
2597 From:spammer@some.dom REJECT
2598 To:friend.domain RELAY
2599 Connect:friend.domain OK
2600 Connect:from.domain RELAY
2601 From:good@another.dom OK
2602 From:another.dom REJECT
2603
2604This would deny mails from spammer@some.dom but you could still
2605send mail to that address even if FEATURE(`blocklist_recipients')
2606is enabled. Your system will allow relaying to friend.domain, but
2607not from it (unless enabled by other means). Connections from that
2608domain will be allowed even if it ends up in one of the DNS based
2609rejection lists. Relaying is enabled from from.domain but not to
2610it (since relaying is based on the connection information for
2611outgoing relaying, the tag Connect: must be used; for incoming
2612relaying, which is based on the recipient address, To: must be
2613used). The last two entries allow mails from good@another.dom but
2614reject mail from all other addresses with another.dom as domain
2615part.
2616
2617
2618The value part of the map can contain:
2619
2620 OK Accept mail even if other rules in the running
2621 ruleset would reject it, for example, if the domain
2622 name is unresolvable. "Accept" does not mean
2623 "relay", but at most acceptance for local
2624 recipients. That is, OK allows less than RELAY.
2625 RELAY Accept mail addressed to the indicated domain
2626 (or address if `relaytofulladdress' is set) or
2627 received from the indicated domain for relaying
2628 through your SMTP server. RELAY also serves as
2629 an implicit OK for the other checks.
2630 REJECT Reject the sender or recipient with a general
2631 purpose message.
2632 DISCARD Discard the message completely using the
2633 $#discard mailer. If it is used in check_compat,
2634 it affects only the designated recipient, not
2635 the whole message as it does in all other cases.
2636 This should only be used if really necessary.
2637 SKIP This can only be used for host/domain names
2638 and IP addresses/nets. It will abort the current
2639 search for this entry without accepting or rejecting
2640 it but causing the default action.
2641 ### any text where ### is an RFC 821 compliant error code and
2642 "any text" is a message to return for the command.
2643 The entire string should be quoted to avoid
2644 surprises:
2645
2646 "### any text"
2647
2648 Otherwise sendmail formats the text as email
2649 addresses, e.g., it may remove spaces.
2650 This type is deprecated, use one of the two
2651 ERROR: entries below instead.
2652 ERROR:### any text
2653 as above, but useful to mark error messages as such.
2654 If quotes need to be used to avoid modifications
2655 (see above), they should be placed like this:
2656
2657 ERROR:"### any text"
2658
2659 ERROR:D.S.N:### any text
2660 where D.S.N is an RFC 1893 compliant error code
2661 and the rest as above. If quotes need to be used
2662 to avoid modifications, they should be placed
2663 like this:
2664
2665 ERROR:D.S.N:"### any text"
2666
2667 QUARANTINE:any text
2668 Quarantine the message using the given text as the
2669 quarantining reason.
2670
2671For example:
2672
2673 From:cyberspammer.com ERROR:"550 We don't accept mail from spammers"
2674 From:okay.cyberspammer.com OK
2675 Connect:sendmail.org RELAY
2676 To:sendmail.org RELAY
2677 Connect:128.32 RELAY
2678 Connect:128.32.2 SKIP
2679 Connect:IPv6:1:2:3:4:5:6:7 RELAY
2680 Connect:suspicious.example.com QUARANTINE:Mail from suspicious host
2681 Connect:[127.0.0.3] OK
2682 Connect:[IPv6:1:2:3:4:5:6:7:8] OK
2683
2684would accept mail from okay.cyberspammer.com, but would reject mail
2685from all other hosts at cyberspammer.com with the indicated message.
2686It would allow relaying mail from and to any hosts in the sendmail.org
2687domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2688and from the 128.32.*.* network except for the 128.32.2.* network,
2689which shows how SKIP is useful to exempt subnets/subdomains. The
2690last two entries are for checks against ${client_name} if the IP
2691address doesn't resolve to a hostname (or is considered as "may be
2692forged"). That is, using square brackets means these are host
2693names, not network numbers.
2694
2695Warning: if you change the RFC 821 compliant error code from the default
2696value of 550, then you should probably also change the RFC 1893 compliant
2697error code to match it. For example, if you use
2698
2699 To:user@example.com ERROR:450 mailbox full
2700
2701the error returned would be "450 5.0.0 mailbox full" which is wrong.
2702Use "ERROR:4.2.2:450 mailbox full" instead.
2703
2704Note, UUCP users may need to add hostname.UUCP to the access database
2705or class {R}.
2706
2707If you also use:
2708
2709 FEATURE(`relay_hosts_only')
2710
2711then the above example will allow relaying for sendmail.org, but not
2712hosts within the sendmail.org domain. Note that this will also require
2713hosts listed in class {R} to be fully qualified host names.
2714
2715You can also use the access database to block sender addresses based on
2716the username portion of the address. For example:
2717
2718 From:FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted
2719
2720Note that you must include the @ after the username to signify that
2721this database entry is for checking only the username portion of the
2722sender address.
2723
2724If you use:
2725
2726 FEATURE(`blocklist_recipients')
2727
2728then you can add entries to the map for local users, hosts in your
2729domains, or addresses in your domain which should not receive mail:
2730
2731 To:badlocaluser@ ERROR:550 Mailbox disabled for badlocaluser
2732 To:host.my.TLD ERROR:550 That host does not accept mail
2733 To:user@other.my.TLD ERROR:550 Mailbox disabled for this recipient
2734
2735This would prevent a recipient of badlocaluser in any of the local
2736domains (class {w}), any user at host.my.TLD, and the single address
2737user@other.my.TLD from receiving mail. Please note: a local username
2738must be now tagged with an @ (this is consistent with the check of
2739the sender address, and hence it is possible to distinguish between
2740hostnames and usernames). Enabling this feature will keep you from
2741sending mails to all addresses that have an error message or REJECT
2742as value part in the access map. Taking the example from above:
2743
2744 spammer@aol.com REJECT
2745 cyberspammer.com REJECT
2746
2747Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2748That's why tagged entries should be used.
2749
2750There are several DNS based blocklists which can be found by
2751querying a search engine. These are databases of spammers
2752maintained in DNS. To use such a database, specify
2753
2754 FEATURE(`dnsbl', `dnsbl.example.com')
2755
2756This will cause sendmail to reject mail from any site listed in the
2757DNS based blocklist. You must select a DNS based blocklist domain
2758to check by specifying an argument to the FEATURE. The default
2759error message is
2760
2761 Rejected: IP-ADDRESS listed at SERVER
2762
2763where IP-ADDRESS and SERVER are replaced by the appropriate
2764information. A second argument can be used to specify a different
2765text or action. For example,
2766
2767 FEATURE(`dnsbl', `dnsbl.example.com', `quarantine')
2768
2769would quarantine the message if the client IP address is listed
2770at `dnsbl.example.com'.
2771
2772By default, temporary lookup failures are ignored
2773and hence cause the connection not to be rejected by the DNS based
2774rejection list. This behavior can be changed by specifying a third
2775argument, which must be either `t' or a full error message. For
2776example:
2777
2778 FEATURE(`dnsbl', `dnsbl.example.com', `',
2779 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2780
2781If `t' is used, the error message is:
2782
2783 451 Temporary lookup failure of IP-ADDRESS at SERVER
2784
2785where IP-ADDRESS and SERVER are replaced by the appropriate
2786information.
2787
2788This FEATURE can be included several times to query different
2789DNS based rejection lists.
2790
2791Notice: to avoid checking your own local domains against those
2792blocklists, use the access_db feature and add:
2793
2794 Connect:10.1 OK
2795 Connect:127.0.0.1 RELAY
2796
2797to the access map, where 10.1 is your local network. You may
2798want to use "RELAY" instead of "OK" to allow also relaying
2799instead of just disabling the DNS lookups in the blocklists.
2800
2801
2802The features described above make use of the check_relay, check_mail,
2803and check_rcpt rulesets. Note that check_relay checks the SMTP
2804client hostname and IP address when the connection is made to your
2805server. It does not check if a mail message is being relayed to
2806another server. That check is done in check_rcpt. If you wish to
2807include your own checks, you can put your checks in the rulesets
2808Local_check_relay, Local_check_mail, and Local_check_rcpt. For
2809example if you wanted to block senders with all numeric usernames
2810(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2811regex map:
2812
2813 LOCAL_CONFIG
2814 Kallnumbers regex -a@MATCH ^[0-9]+$
2815
2816 LOCAL_RULESETS
2817 SLocal_check_mail
2818 # check address against various regex checks
2819 R$* $: $>Parse0 $>3 $1
2820 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $)
2821 R@MATCH $#error $: 553 Header Error
2822
2823These rules are called with the original arguments of the corresponding
2824check_* ruleset. If the local ruleset returns $#OK, no further checking
2825is done by the features described above and the mail is accepted. If
2826the local ruleset resolves to a mailer (such as $#error or $#discard),
2827the appropriate action is taken. Other results starting with $# are
2828interpreted by sendmail and may lead to unspecified behavior. Note: do
2829NOT create a mailer with the name OK. Return values that do not start
2830with $# are ignored, i.e., normal processing continues.
2831
2832Delay all checks
2833----------------
2834
2835By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2836will not be called when a client connects or issues a MAIL command,
2837respectively. Instead, those rulesets will be called by the check_rcpt
2838ruleset; they will be skipped if a sender has been authenticated using
2839a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2840If check_mail returns an error then the RCPT TO command will be rejected
2841with that error. If it returns some other result starting with $# then
2842check_relay will be skipped. If the sender address (or a part of it) is
2843listed in the access map and it has a RHS of OK or RELAY, then check_relay
2844will be skipped. This has an interesting side effect: if your domain is
2845my.domain and you have
2846
2847 my.domain RELAY
2848
2849in the access map, then any e-mail with a sender address of
2850<user@my.domain> will not be rejected by check_relay even though
2851it would match the hostname or IP address. This allows spammers
2852to get around DNS based blocklist by faking the sender address. To
2853avoid this problem you have to use tagged entries:
2854
2855 To:my.domain RELAY
2856 Connect:my.domain RELAY
2857
2858if you need those entries at all (class {R} may take care of them).
2859
2860FEATURE(`delay_checks') can take an optional argument:
2861
2862 FEATURE(`delay_checks', `friend')
2863 enables spamfriend test
2864 FEATURE(`delay_checks', `hater')
2865 enables spamhater test
2866
2867If such an argument is given, the recipient will be looked up in the
2868access map (using the tag Spam:). If the argument is `friend', then
2869the default behavior is to apply the other rulesets and make a SPAM
2870friend the exception. The rulesets check_mail and check_relay will be
2871skipped only if the recipient address is found and has RHS FRIEND. If
2872the argument is `hater', then the default behavior is to skip the rulesets
2873check_mail and check_relay and make a SPAM hater the exception. The
2874other two rulesets will be applied only if the recipient address is
2875found and has RHS HATER.
2876
2877This allows for simple exceptions from the tests, e.g., by activating
2878the friend option and having
2879
2880 Spam:abuse@ FRIEND
2881
2882in the access map, mail to abuse@localdomain will get through (where
2883"localdomain" is any domain in class {w}). It is also possible to
2884specify a full address or an address with +detail:
2885
2886 Spam:abuse@my.domain FRIEND
2887 Spam:me+abuse@ FRIEND
2888 Spam:spam.domain FRIEND
2889
2890Note: The required tag has been changed in 8.12 from To: to Spam:.
2891This change is incompatible to previous versions. However, you can
2892(for now) simply add the new entries to the access map, the old
2893ones will be ignored. As soon as you removed the old entries from
2894the access map, specify a third parameter (`n') to this feature and
2895the backward compatibility rules will not be in the generated .cf
2896file.
2897
2898Header Checks
2899-------------
2900
2901You can also reject mail on the basis of the contents of headers.
2902This is done by adding a ruleset call to the 'H' header definition command
2903in sendmail.cf. For example, this can be used to check the validity of
2904a Message-ID: header:
2905
2906 LOCAL_CONFIG
2907 HMessage-Id: $>CheckMessageId
2908
2909 LOCAL_RULESETS
2910 SCheckMessageId
2911 R< $+ @ $+ > $@ OK
2912 R$* $#error $: 553 Header Error
2913
2914The alternative format:
2915
2916 HSubject: $>+CheckSubject
2917
2918that is, $>+ instead of $>, gives the full Subject: header including
2919comments to the ruleset (comments in parentheses () are stripped
2920by default).
2921
2922A default ruleset for headers which don't have a specific ruleset
2923defined for them can be given by:
2924
2925 H*: $>CheckHdr
2926
2927Notice:
29281. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2929That may cause problems with simple header checks due to the
2930tokenization. It might be simpler to use a regex map and apply it
2931to $&{currHeader}.
29322. There are no default rulesets coming with this distribution of
2933sendmail. You can write your own, can search the WWW for examples,
2934or take a look at cf/cf/knecht.mc.
29353. When using a default ruleset for headers, the name of the header
2936currently being checked can be found in the $&{hdr_name} macro.
2937
2938After all of the headers are read, the check_eoh ruleset will be called for
2939any final header-related checks. The ruleset is called with the number of
2940headers and the size of all of the headers in bytes separated by $|. One
2941example usage is to reject messages which do not have a Message-Id:
2942header. However, the Message-Id: header is *NOT* a required header and is
2943not a guaranteed spam indicator. This ruleset is an example and should
2944probably not be used in production.
2945
2946 LOCAL_CONFIG
2947 Kstorage macro
2948 HMessage-Id: $>CheckMessageId
2949
2950 LOCAL_RULESETS
2951 SCheckMessageId
2952 # Record the presence of the header
2953 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
2954 R< $+ @ $+ > $@ OK
2955 R$* $#error $: 553 Header Error
2956
2957 Scheck_eoh
2958 # Check the macro
2959 R$* $: < $&{MessageIdCheck} >
2960 # Clear the macro for the next message
2961 R$* $: $(storage {MessageIdCheck} $) $1
2962 # Has a Message-Id: header
2963 R< $+ > $@ OK
2964 # Allow missing Message-Id: from local mail
2965 R$* $: < $&{client_name} >
2966 R< > $@ OK
2967 R< $=w > $@ OK
2968 # Otherwise, reject the mail
2969 R$* $#error $: 553 Header Error
2970
2971
2972+--------------------+
2973| CONNECTION CONTROL |
2974+--------------------+
2975
2976The features ratecontrol and conncontrol allow to establish connection
2977limits per client IP address or net. These features can limit the
2978rate of connections (connections per time unit) or the number of
2979incoming SMTP connections, respectively. If enabled, appropriate
2980rulesets are called at the end of check_relay, i.e., after DNS
2981blocklists and generic access_db operations. The features require
2982FEATURE(`access_db') to be listed earlier in the mc file.
2983
2984Note: FEATURE(`delay_checks') delays those connection control checks
2985after a recipient address has been received, hence making these
2986connection control features less useful. To run the checks as early
2987as possible, specify the parameter `nodelay', e.g.,
2988
2989 FEATURE(`ratecontrol', `nodelay')
2990
2991In that case, FEATURE(`delay_checks') has no effect on connection
2992control (and it must be specified earlier in the mc file).
2993
2994An optional second argument `terminate' specifies whether the
2995rulesets should return the error code 421 which will cause
2996sendmail to terminate the session with that error if it is
2997returned from check_relay, i.e., not delayed as explained in
2998the previous paragraph. Example:
2999
3000 FEATURE(`ratecontrol', `nodelay', `terminate')
3001
3002
3003+----------+
3004| STARTTLS |
3005+----------+
3006
3007In this text, cert will be used as an abbreviation for X.509 certificate,
3008DN (CN) is the distinguished (common) name of a cert, and CA is a
3009certification authority, which signs (issues) certs.
3010
3011For STARTTLS to be offered by sendmail you need to set at least
3012these variables (the file names and paths are just examples):
3013
3014 define(`confCACERT_PATH', `/etc/mail/certs/')
3015 define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
3016 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
3017 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
3018
3019On systems which do not have the compile flag HASURANDOM set (see
3020sendmail/README) you also must set confRAND_FILE.
3021
3022See doc/op/op.{me,ps,txt} for more information about these options,
3023especially the sections ``Certificates for STARTTLS'' and ``PRNG for
3024STARTTLS''.
3025
3026Macros related to STARTTLS are:
3027
3028${cert_issuer} holds the DN of the CA (the cert issuer).
3029${cert_subject} holds the DN of the cert (called the cert subject).
3030${cn_issuer} holds the CN of the CA (the cert issuer).
3031${cn_subject} holds the CN of the cert (called the cert subject).
3032${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
3033 TLSv1/SSLv3, SSLv3, SSLv2.
3034${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
3035 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
3036${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
3037 used for the connection.
3038${verify} holds the result of the verification of the presented cert.
3039 Possible values are:
3040 OK verification succeeded.
3041 NO no cert presented.
3042 NOT no cert requested.
3043 FAIL cert presented but could not be verified,
3044 e.g., the cert of the signing CA is missing.
3045 NONE STARTTLS has not been performed.
3046 TEMP temporary error occurred.
3047 PROTOCOL protocol error occurred (SMTP level).
3048 SOFTWARE STARTTLS handshake failed.
3049${server_name} the name of the server of the current outgoing SMTP
3050 connection.
3051${server_addr} the address of the server of the current outgoing SMTP
3052 connection.
3053
3054Relaying
3055--------
3056
3057SMTP STARTTLS can allow relaying for remote SMTP clients which have
3058successfully authenticated themselves. If the verification of the cert
3059failed (${verify} != OK), relaying is subject to the usual rules.
3060Otherwise the DN of the issuer is looked up in the access map using the
3061tag CERTISSUER. If the resulting value is RELAY, relaying is allowed.
3062If it is SUBJECT, the DN of the cert subject is looked up next in the
3063access map using the tag CERTSUBJECT. If the value is RELAY, relaying
3064is allowed.
3065
3066To make things a bit more flexible (or complicated), the values for
3067${cert_issuer} and ${cert_subject} can be optionally modified by regular
3068expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
3069_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
3070rulesets and map lookups, they are modified as follows: each non-printable
3071character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
3072by their HEX value with a leading '+'. For example:
3073
3074/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/emailAddress=
3075darth+cert@endmail.org
3076
3077is encoded as:
3078
3079/C=US/ST=California/O=endmail.org/OU=private/CN=
3080Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3081
3082(line breaks have been inserted for readability).
3083
3084The macros which are subject to this encoding are ${cert_subject},
3085${cert_issuer}, ${cn_subject}, and ${cn_issuer}.
3086
3087Examples:
3088
3089To allow relaying for everyone who can present a cert signed by
3090
3091/C=US/ST=California/O=endmail.org/OU=private/CN=
3092Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3093
3094simply use:
3095
3096CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3097Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org RELAY
3098
3099To allow relaying only for a subset of machines that have a cert signed by
3100
3101/C=US/ST=California/O=endmail.org/OU=private/CN=
3102Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3103
3104use:
3105
3106CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3107Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org SUBJECT
3108CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
3109DeathStar/emailAddress=deathstar@endmail.org RELAY
3110
3111Note: line breaks have been inserted after "CN=" for readability,
3112each tagged entry must be one (long) line in the access map.
3113
3114Of course it is also possible to write a simple ruleset that allows
3115relaying for everyone who can present a cert that can be verified, e.g.,
3116
3117LOCAL_RULESETS
3118SLocal_check_rcpt
3119R$* $: $&{verify}
3120ROK $# OK
3121
3122Allowing Connections
3123--------------------
3124
3125The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
3126an SMTP connection is accepted (or should continue).
3127
3128tls_server is called when sendmail acts as client after a STARTTLS command
3129(should) have been issued. The parameter is the value of ${verify}.
3130
3131tls_client is called when sendmail acts as server, after a STARTTLS command
3132has been issued, and from check_mail. The parameter is the value of
3133${verify} and STARTTLS or MAIL, respectively.
3134
3135Both rulesets behave the same. If no access map is in use, the connection
3136will be accepted unless ${verify} is SOFTWARE, in which case the connection
3137is always aborted. For tls_server/tls_client, ${client_name}/${server_name}
3138is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
3139with the ruleset LookUpDomain. If no entry is found, ${client_addr}
3140(${server_addr}) is looked up in the access map (same tag, ruleset
3141LookUpAddr). If this doesn't result in an entry either, just the tag is
3142looked up in the access map (included the trailing colon). Notice:
3143requiring that e-mail is sent to a server only encrypted, e.g., via
3144
3145TLS_Srv:secure.domain ENCR:112
3146
3147doesn't necessarily mean that e-mail sent to that domain is encrypted.
3148If the domain has multiple MX servers, e.g.,
3149
3150secure.domain. IN MX 10 mail.secure.domain.
3151secure.domain. IN MX 50 mail.other.domain.
3152
3153then mail to user@secure.domain may go unencrypted to mail.other.domain.
3154tls_rcpt can be used to address this problem.
3155
3156tls_rcpt is called before a RCPT TO: command is sent. The parameter is the
3157current recipient. This ruleset is only defined if FEATURE(`access_db')
3158is selected. A recipient address user@domain is looked up in the access
3159map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
3160and TLS_Rcpt:; the first match is taken.
3161
3162The result of the lookups is then used to call the ruleset TLS_connection,
3163which checks the requirement specified by the RHS in the access map against
3164the actual parameters of the current TLS connection, esp. ${verify} and
3165${cipher_bits}. Legal RHSs in the access map are:
3166
3167VERIFY verification must have succeeded
3168VERIFY:bits verification must have succeeded and ${cipher_bits} must
3169 be greater than or equal bits.
3170ENCR:bits ${cipher_bits} must be greater than or equal bits.
3171
3172The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
3173or permanent error. The default is a temporary error code (403 4.7.0)
3174unless the macro TLS_PERM_ERR is set during generation of the .cf file.
3175
3176If a certain level of encryption is required, then it might also be
3177possible that this level is provided by the security layer from a SASL
3178algorithm, e.g., DIGEST-MD5.
3179
3180Furthermore, there can be a list of extensions added. Such a list
3181starts with '+' and the items are separated by '++'. Allowed
3182extensions are:
3183
3184CN:name name must match ${cn_subject}
3185CN ${client_name}/${server_name} must match ${cn_subject}
3186CS:name name must match ${cert_subject}
3187CI:name name must match ${cert_issuer}
3188CITag:MYTag look up MYTag:${cert_issuer} in access map; the check
3189 only succeeds if it is found with a RHS of OK.
3190
3191Example: e-mail sent to secure.example.com should only use an encrypted
3192connection. E-mail received from hosts within the laptop.example.com domain
3193should only be accepted if they have been authenticated. The host which
3194receives e-mail for darth@endmail.org must present a cert that uses the
3195CN smtp.endmail.org. E-mail sent to safe.example.com must be verified,
3196have a matching CN, and must present a cert signed by a CA with one of
3197the listed DNs.
3198
3199TLS_Srv:secure.example.com ENCR:112
3200TLS_Clt:laptop.example.com PERM+VERIFY:112
3201TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
3202TLS_Srv:safe.example.net VERIFY+CN++CITag:MyCA
3203MyCA:/C=US/ST=CA/O=safe/CN=example.net/ OK
3204MyCA:/C=US/ST=CA/O=secure/CN=example.net/ OK
3205
3206
3207TLS Options per Session
3208-----------------------
3209
3210By default STARTTLS is used whenever possible. However, there are
3211MTAs with STARTTLS interoperability issues. To be able to send to
3212(or receive from) those MTAs several features are available:
3213
32141) Various TLS options be be set per IP/domain.
32152) STARTTLS can be turned off for specific IP addresses/domains.
3216
3217About 1): the rulesets tls_srv_features and tls_clt_features can
3218be used to return a (semicolon separated) list of TLS related
3219options:
3220
3221- Options: compare {Server,Client}SSLOptions.
3222- CipherList: same as the global option.
3223- CertFile, KeyFile: {Server,Client}{Cert,Key}File
3224- Flags: see doc/op/op.me for details.
3225
3226If FEATURE(`tls_session_features') is used, then default rulesets
3227are activated which look up entries in the access map with the tags
3228TLS_Srv_features and TLS_Clt_features, respectively.
3229For example, these entries:
3230
3231 TLS_Srv_features:10.0.2.4 CipherList=MEDIUM+aRSA;
3232 TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT
3233
3234specify a cipherlist with MEDIUM strength ciphers that use RSA
3235certificates only for the client with the IP address 10.0.2.4,
3236and turn off TLSv1.2 when connecting to the server with the IP
3237address 10.1.0.1 as well as setting a specific cipherlist.
3238If FEATURE(`tls_session_features') is not used the user can provide
3239their own rulesets which must return the appropriate data.
3240If the rulesets are not defined or do not return a value, the
3241default TLS options are not modified.
3242
3243About 2): the ruleset try_tls (srv_features) can be used together
3244with the access map. Entries for the access map must be tagged
3245with Try_TLS (Srv_Features) and refer to the hostname or IP address
3246of the connecting system. A default case can be specified by using
3247just the tag. For example, the following entries in the access map:
3248
3249 Try_TLS:broken.server NO
3250 Srv_Features:my.domain v
3251 Srv_Features: V
3252
3253will turn off STARTTLS when sending to broken.server (or any host
3254in that domain), and request a client certificate during the TLS
3255handshake only for hosts in my.domain. The valid entries on the RHS
3256for Srv_Features are listed in the Sendmail Installation and
3257Operations Guide.
3258
3259
3260Received: Header
3261----------------
3262
3263The Received: header reveals whether STARTTLS has been used. It contains an
3264extra line:
3265
3266(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
3267
3268
3269+---------------------+
3270| SMTP AUTHENTICATION |
3271+---------------------+
3272
3273The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
3274used in anti-relay rulesets to allow relaying for those users that
3275authenticated themselves. A very simple example is:
3276
3277SLocal_check_rcpt
3278R$* $: $&{auth_type}
3279R$+ $# OK
3280
3281which checks whether a user has successfully authenticated using
3282any available mechanism. Depending on the setup of the Cyrus SASL
3283library, more sophisticated rulesets might be required, e.g.,
3284
3285SLocal_check_rcpt
3286R$* $: $&{auth_type} $| $&{auth_authen}
3287RDIGEST-MD5 $| $+@$=w $# OK
3288
3289to allow relaying for users that authenticated using DIGEST-MD5
3290and have an identity in the local domains.
3291
3292The ruleset trust_auth is used to determine whether a given AUTH=
3293parameter (that is passed to this ruleset) should be trusted. This
3294ruleset may make use of the other ${auth_*} macros. Only if the
3295ruleset resolves to the error mailer, the AUTH= parameter is not
3296trusted. A user supplied ruleset Local_trust_auth can be written
3297to modify the default behavior, which only trust the AUTH=
3298parameter if it is identical to the authenticated user.
3299
3300Per default, relaying is allowed for any user who authenticated
3301via a "trusted" mechanism, i.e., one that is defined via
3302TRUST_AUTH_MECH(`list of mechanisms')
3303For example:
3304TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
3305
3306If the selected mechanism provides a security layer the number of
3307bits used for the key of the symmetric cipher is stored in the
3308macro ${auth_ssf}.
3309
3310Providing SMTP AUTH Data when sendmail acts as Client
3311-----------------------------------------------------
3312
3313If sendmail acts as client, it needs some information how to
3314authenticate against another MTA. This information can be provided
3315by the ruleset authinfo or by the option DefaultAuthInfo. The
3316authinfo ruleset looks up {server_name} using the tag AuthInfo: in
3317the access map. If no entry is found, {server_addr} is looked up
3318in the same way and finally just the tag AuthInfo: to provide
3319default values. Note: searches for domain parts or IP nets are
3320only performed if the access map is used; if the authinfo feature
3321is used then only up to three lookups are performed (two exact
3322matches, one default).
3323
3324Note: If your daemon does client authentication when sending, and
3325if it uses either PLAIN or LOGIN authentication, then you *must*
3326prevent ordinary users from seeing verbose output. Do NOT install
3327sendmail set-user-ID. Use PrivacyOptions to turn off verbose output
3328("goaway" works for this).
3329
3330Notice: the default configuration file causes the option DefaultAuthInfo
3331to fail since the ruleset authinfo is in the .cf file. If you really
3332want to use DefaultAuthInfo (it is deprecated) then you have to
3333remove the ruleset.
3334
3335The RHS for an AuthInfo: entry in the access map should consists of a
3336list of tokens, each of which has the form: "TDstring" (including
3337the quotes). T is a tag which describes the item, D is a delimiter,
3338either ':' for simple text or '=' for a base64 encoded string.
3339Valid values for the tag are:
3340
3341 U user (authorization) id
3342 I authentication id
3343 P password
3344 R realm
3345 M list of mechanisms delimited by spaces
3346
3347Example entries are:
3348
3349AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
3350AuthInfo:host.more.dom "U:user" "P=c2VjcmV0"
3351
3352User id or authentication id must exist as well as the password. All
3353other entries have default values. If one of user or authentication
3354id is missing, the existing value is used for the missing item.
3355If "R:" is not specified, realm defaults to $j. The list of mechanisms
3356defaults to those specified by AuthMechanisms.
3357
3358Since this map contains sensitive information, either the access
3359map must be unreadable by everyone but root (or the trusted user)
3360or FEATURE(`authinfo') must be used which provides a separate map.
3361Notice: It is not checked whether the map is actually
3362group/world-unreadable, this is left to the user.
3363
3364+--------------------------------+
3365| ADDING NEW MAILERS OR RULESETS |
3366+--------------------------------+
3367
3368Sometimes you may need to add entirely new mailers or rulesets. They
3369should be introduced with the constructs MAILER_DEFINITIONS and
3370LOCAL_RULESETS respectively. For example:
3371
3372 MAILER_DEFINITIONS
3373 Mmymailer, ...
3374 ...
3375
3376 LOCAL_RULESETS
3377 Smyruleset
3378 ...
3379
3380Local additions for the rulesets srv_features, try_tls, tls_rcpt,
3381tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
3382LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
3383respectively. For example, to add a local ruleset that decides
3384whether to try STARTTLS in a sendmail client, use:
3385
3386 LOCAL_TRY_TLS
3387 R...
3388
3389Note: you don't need to add a name for the ruleset, it is implicitly
3390defined by using the appropriate macro.
3391
3392
3393+-------------------------+
3394| ADDING NEW MAIL FILTERS |
3395+-------------------------+
3396
3397Sendmail supports mail filters to filter incoming SMTP messages according
3398to the "Sendmail Mail Filter API" documentation. These filters can be
3399configured in your mc file using the two commands:
3400
3401 MAIL_FILTER(`name', `equates')
3402 INPUT_MAIL_FILTER(`name', `equates')
3403
3404The first command, MAIL_FILTER(), simply defines a filter with the given
3405name and equates. For example:
3406
3407 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3408
3409This creates the equivalent sendmail.cf entry:
3410
3411 Xarchive, S=local:/var/run/archivesock, F=R
3412
3413The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
3414but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
3415of the filter such that the filter will actually be called by sendmail.
3416
3417For example, the two commands:
3418
3419 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3420 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3421
3422are equivalent to the three commands:
3423
3424 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3425 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3426 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
3427
3428In general, INPUT_MAIL_FILTER() should be used unless you need to define
3429more filters than you want to use for `confINPUT_MAIL_FILTERS'.
3430
3431Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
3432commands will clear the list created by the prior INPUT_MAIL_FILTER()
3433commands.
3434
3435
3436+-------------------------+
3437| QUEUE GROUP DEFINITIONS |
3438+-------------------------+
3439
3440In addition to the queue directory (which is the default queue group
3441called "mqueue"), sendmail can deal with multiple queue groups, which
3442are collections of queue directories with the same behaviour. Queue
3443groups can be defined using the command:
3444
3445 QUEUE_GROUP(`name', `equates')
3446
3447For details about queue groups, please see doc/op/op.{me,ps,txt}.
3448
3449+-------------------------------+
3450| NON-SMTP BASED CONFIGURATIONS |
3451+-------------------------------+
3452
3453These configuration files are designed primarily for use by
3454SMTP-based sites. They may not be well tuned for UUCP-only or
3455UUCP-primarily nodes (the latter is defined as a small local net
3456connected to the rest of the world via UUCP). However, there is
3457one hook to handle some special cases.
3458
3459You can define a ``smart host'' that understands a richer address syntax
3460using:
3461
3462 define(`SMART_HOST', `mailer:hostname')
3463
3464In this case, the ``mailer:'' defaults to "relay". Any messages that
3465can't be handled using the usual UUCP rules are passed to this host.
3466
3467If you are on a local SMTP-based net that connects to the outside
3468world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
3469For example:
3470
3471 define(`SMART_HOST', `uucp-new:uunet')
3472 LOCAL_NET_CONFIG
3473 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
3474
3475This will cause all names that end in your domain name ($m) to be sent
3476via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3477If you have FEATURE(`nocanonify'), you may need to omit the dots after
3478the $m. If you are running a local DNS inside your domain which is
3479not otherwise connected to the outside world, you probably want to
3480use:
3481
3482 define(`SMART_HOST', `smtp:fire.wall.com')
3483 LOCAL_NET_CONFIG
3484 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3
3485
3486That is, send directly only to things you found in your DNS lookup;
3487anything else goes through SMART_HOST.
3488
3489You may need to turn off the anti-spam rules in order to accept
3490UUCP mail with FEATURE(`promiscuous_relay') and
3491FEATURE(`accept_unresolvable_domains').
3492
3493
3494+-----------+
3495| WHO AM I? |
3496+-----------+
3497
3498Normally, the $j macro is automatically defined to be your fully
3499qualified domain name (FQDN). Sendmail does this by getting your
3500host name using gethostname and then calling gethostbyname on the
3501result. For example, in some environments gethostname returns
3502only the root of the host name (such as "foo"); gethostbyname is
3503supposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
3504cases, gethostbyname may fail to return the FQDN. In this case
3505you MUST define confDOMAIN_NAME to be your fully qualified domain
3506name. This is usually done using:
3507
3508 Dmbar.com
3509 define(`confDOMAIN_NAME', `$w.$m')dnl
3510
3511
3512+-----------------------------------+
3513| ACCEPTING MAIL FOR MULTIPLE NAMES |
3514+-----------------------------------+
3515
3516If your host is known by several different names, you need to augment
3517class {w}. This is a list of names by which your host is known, and
3518anything sent to an address using a host name in this list will be
3519treated as local mail. You can do this in two ways: either create the
3520file /etc/mail/local-host-names containing a list of your aliases (one per
3521line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3522``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
3523name of the host, rather than a short name.
3524
3525If you want to have different address in different domains, take
3526a look at the virtusertable feature, which is also explained at
3527http://www.sendmail.org/virtual-hosting.html
3528
3529
3530+--------------------+
3531| USING MAILERTABLES |
3532+--------------------+
3533
3534To use FEATURE(`mailertable'), you will have to create an external
3535database containing the routing information for various domains.
3536For example, a mailertable file in text format might be:
3537
3538 .my.domain xnet:%1.my.domain
3539 uuhost1.my.domain uucp-new:uuhost1
3540 .bitnet smtp:relay.bit.net
3541
3542This should normally be stored in /etc/mail/mailertable. The actual
3543database version of the mailertable is built using:
3544
3545 makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3546
3547The semantics are simple. Any LHS entry that does not begin with
3548a dot matches the full host name indicated. LHS entries beginning
3549with a dot match anything ending with that domain name (including
3550the leading dot) -- that is, they can be thought of as having a
3551leading ".+" regular expression pattern for a non-empty sequence of
3552characters. Matching is done in order of most-to-least qualified
3553-- for example, even though ".my.domain" is listed first in the
3554above example, an entry of "uuhost1.my.domain" will match the second
3555entry since it is more explicit. Note: e-mail to "user@my.domain"
3556does not match any entry in the above table. You need to have
3557something like:
3558
3559 my.domain esmtp:host.my.domain
3560
3561The RHS should always be a "mailer:host" pair. The mailer is the
3562configuration name of a mailer (that is, an M line in the
3563sendmail.cf file). The "host" will be the hostname passed to
3564that mailer. In domain-based matches (that is, those with leading
3565dots) the "%1" may be used to interpolate the wildcarded part of
3566the host name. For example, the first line above sends everything
3567addressed to "anything.my.domain" to that same host name, but using
3568the (presumably experimental) xnet mailer.
3569
3570In some cases you may want to temporarily turn off MX records,
3571particularly on gateways. For example, you may want to MX
3572everything in a domain to one machine that then forwards it
3573directly. To do this, you might use the DNS configuration:
3574
3575 *.domain. IN MX 0 relay.machine
3576
3577and on relay.machine use the mailertable:
3578
3579 .domain smtp:[gateway.domain]
3580
3581The [square brackets] turn off MX records for this host only.
3582If you didn't do this, the mailertable would use the MX record
3583again, which would give you an MX loop. Note that the use of
3584wildcard MX records is almost always a bad idea. Please avoid
3585using them if possible.
3586
3587
3588+--------------------------------+
3589| USING USERDB TO MAP FULL NAMES |
3590+--------------------------------+
3591
3592The user database was not originally intended for mapping full names
3593to login names (e.g., Eric.Allman => eric), but some people are using
3594it that way. (it is recommended that you set up aliases for this
3595purpose instead -- since you can specify multiple alias files, this
3596is fairly easy.) The intent was to locate the default maildrop at
3597a site, but allow you to override this by sending to a specific host.
3598
3599If you decide to set up the user database in this fashion, it is
3600imperative that you not use FEATURE(`stickyhost') -- otherwise,
3601e-mail sent to Full.Name@local.host.name will be rejected.
3602
3603To build the internal form of the user database, use:
3604
3605 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3606
3607As a general rule, it is an extremely bad idea to using full names
3608as e-mail addresses, since they are not in any sense unique. For
3609example, the UNIX software-development community has at least two
3610well-known Peter Deutsches, and at one time Bell Labs had two
3611Stephen R. Bournes with offices along the same hallway. Which one
3612will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3613The less famous of the two, or the one that was hired later?
3614
3615Finger should handle full names (and be fuzzy). Mail should use
3616handles, and not be fuzzy.
3617
3618
3619+--------------------------------+
3620| MISCELLANEOUS SPECIAL FEATURES |
3621+--------------------------------+
3622
3623Plussed users
3624 Sometimes it is convenient to merge configuration on a
3625 centralized mail machine, for example, to forward all
3626 root mail to a mail server. In this case it might be
3627 useful to be able to treat the root addresses as a class
3628 of addresses with subtle differences. You can do this
3629 using plussed users. For example, a client might include
3630 the alias:
3631
3632 root: root+client1@server
3633
3634 On the server, this will match an alias for "root+client1".
3635 If that is not found, the alias "root+*" will be tried,
3636 then "root".
3637
3638
3639+----------------+
3640| SECURITY NOTES |
3641+----------------+
3642
3643A lot of sendmail security comes down to you. Sendmail 8 is much
3644more careful about checking for security problems than previous
3645versions, but there are some things that you still need to watch
3646for. In particular:
3647
3648* Make sure the aliases file is not writable except by trusted
3649 system personnel. This includes both the text and database
3650 version.
3651
3652* Make sure that other files that sendmail reads, such as the
3653 mailertable, are only writable by trusted system personnel.
3654
3655* The queue directory should not be world writable PARTICULARLY
3656 if your system allows "file giveaways" (that is, if a non-root
3657 user can chown any file they own to any other user).
3658
3659* If your system allows file giveaways, DO NOT create a publicly
3660 writable directory for forward files. This will allow anyone
3661 to steal anyone else's e-mail. Instead, create a script that
3662 copies the .forward file from users' home directories once a
3663 night (if you want the non-NFS-mounted forward directory).
3664
3665* If your system allows file giveaways, you'll find that
3666 sendmail is much less trusting of :include: files -- in
3667 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3668 /etc/shells before they will be trusted (that is, before
3669 files and programs listed in them will be honored).
3670
3671In general, file giveaways are a mistake -- if you can turn them
3672off, do so.
3673
3674
3675+--------------------------------+
3676| TWEAKING CONFIGURATION OPTIONS |
3677+--------------------------------+
3678
3679There are a large number of configuration options that don't normally
3680need to be changed. However, if you feel you need to tweak them,
3681you can define the following M4 variables. Note that some of these
3682variables require formats that are defined in RFC 2821 or RFC 2822.
3683Before changing them you need to make sure you do not violate those
3684(and other relevant) RFCs.
3685
3686This list is shown in four columns: the name you define, the default
3687value for that definition, the option or macro that is affected
3688(either Ox for an option or Dx for a macro), and a brief description.
3689Greater detail of the semantics can be found in the Installation
3690and Operations Guide.
3691
3692Some options are likely to be deprecated in future versions -- that is,
3693the option is only included to provide back-compatibility. These are
3694marked with "*".
3695
3696Remember that these options are M4 variables, and hence may need to
3697be quoted. In particular, arguments with commas will usually have to
3698be ``double quoted, like this phrase'' to avoid having the comma
3699confuse things. This is common for alias file definitions and for
3700the read timeout.
3701
3702M4 Variable Name Configuration [Default] & Description
3703================ ============= =======================
3704confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
3705 for internally generated outgoing
3706 messages.
3707confDOMAIN_NAME $j macro If defined, sets $j. This should
3708 only be done if your system cannot
3709 determine your local domain name,
3710 and then it should be set to
3711 $w.Foo.COM, where Foo.COM is your
3712 domain name.
3713confCF_VERSION $Z macro If defined, this is appended to the
3714 configuration version name.
3715confLDAP_CLUSTER ${sendmailMTACluster} macro
3716 If defined, this is the LDAP
3717 cluster to use for LDAP searches
3718 as described above in ``USING LDAP
3719 FOR ALIASES, MAPS, AND CLASSES''.
3720confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
3721 internally generated From: address.
3722confRECEIVED_HEADER Received:
3723 [$?sfrom $s $.$?_($?s$|from $.$_)
3724 $.$?{auth_type}(authenticated)
3725 $.by $j ($v/$Z)$?r with $r$. id $i$?u
3726 for $u; $|;
3727 $.$b]
3728 The format of the Received: header
3729 in messages passed through this host.
3730 It is unwise to try to change this.
3731confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an
3732 internally generated Message-Id:
3733 header.
3734confCW_FILE Fw class [/etc/mail/local-host-names] Name
3735 of file used to get the local
3736 additions to class {w} (local host
3737 names).
3738confCT_FILE Ft class [/etc/mail/trusted-users] Name of
3739 file used to get the local additions
3740 to class {t} (trusted users).
3741confCR_FILE FR class [/etc/mail/relay-domains] Name of
3742 file used to get the local additions
3743 to class {R} (hosts allowed to relay).
3744confTRUSTED_USERS Ct class [no default] Names of users to add to
3745 the list of trusted users. This list
3746 always includes root, uucp, and daemon.
3747 See also FEATURE(`use_ct_file').
3748confTRUSTED_USER TrustedUser [no default] Trusted user for file
3749 ownership and starting the daemon.
3750 Not to be confused with
3751 confTRUSTED_USERS (see above).
3752confSMTP_MAILER - [esmtp] The mailer name used when
3753 SMTP connectivity is required.
3754 One of "smtp", "smtp8",
3755 "esmtp", or "dsmtp".
3756confUUCP_MAILER - [uucp-old] The mailer to be used by
3757 default for bang-format recipient
3758 addresses. See also discussion of
3759 class {U}, class {Y}, and class {Z}
3760 in the MAILER(`uucp') section.
3761confLOCAL_MAILER - [local] The mailer name used when
3762 local connectivity is required.
3763 Almost always "local".
3764confRELAY_MAILER - [relay] The default mailer name used
3765 for relaying any mail (e.g., to a
3766 BITNET_RELAY, a SMART_HOST, or
3767 whatever). This can reasonably be
3768 "uucp-new" if you are on a
3769 UUCP-connected site.
3770confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits?
3771confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
3772confALIAS_WAIT AliasWait [10m] Time to wait for alias file
3773 rebuild until you get bored and
3774 decide that the apparently pending
3775 rebuild failed.
3776confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on
3777 queue filesystem to accept SMTP mail.
3778 (Prior to 8.7 this was minfree/maxsize,
3779 where minfree was the number of free
3780 blocks and maxsize was the maximum
3781 message size. Use confMAX_MESSAGE_SIZE
3782 for the second value now.)
3783confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages
3784 that will be accepted (in bytes).
3785confBLANK_SUB BlankSub [.] Blank (space) substitution
3786 character.
3787confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately
3788 to mailers marked expensive.
3789confCHECKPOINT_INTERVAL CheckpointInterval
3790 [10] Checkpoint queue files every N
3791 recipients.
3792confDELIVERY_MODE DeliveryMode [background] Default delivery mode.
3793confERROR_MODE ErrorMode [print] Error message mode.
3794confERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
3795confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines.
3796confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode.
3797confMATCH_GECOS MatchGECOS [False] Match GECOS field.
3798confMAX_HOP MaxHopCount [25] Maximum hop count.
3799confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
3800 mode] Ignore dot as terminator for
3801 incoming messages?
3802confBIND_OPTS ResolverOptions [undefined] Default options for DNS
3803 resolver.
3804confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
3805 encapsulated messages per RFC 1344.
3806confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward]
3807 The colon-separated list of places to
3808 search for .forward files. N.B.: see
3809 the Security Notes section.
3810confMCI_CACHE_SIZE ConnectionCacheSize
3811 [2] Size of open connection cache.
3812confMCI_CACHE_TIMEOUT ConnectionCacheTimeout
3813 [5m] Open connection cache timeout.
3814confHOST_STATUS_DIRECTORY HostStatusDirectory
3815 [undefined] If set, host status is kept
3816 on disk between sendmail runs in the
3817 named directory tree. This need not be
3818 a full pathname, in which case it is
3819 interpreted relative to the queue
3820 directory.
3821confSINGLE_THREAD_DELIVERY SingleThreadDelivery
3822 [False] If this option and the
3823 HostStatusDirectory option are both
3824 set, single thread deliveries to other
3825 hosts. That is, don't allow any two
3826 sendmails on this host to connect
3827 simultaneously to any other single
3828 host. This can slow down delivery in
3829 some cases, in particular since a
3830 cached but otherwise idle connection
3831 to a host will prevent other sendmails
3832 from connecting to the other host.
3833confUSE_COMPRESSED_IPV6_ADDRESSES
3834 UseCompressedIPv6Addresses
3835 [undefined] If set, use the compressed
3836 form of IPv6 addresses, such as
3837 IPV6:::1, instead of the uncompressed
3838 form, such as IPv6:0:0:0:0:0:0:0:1.
3839confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
3840 deliver error messages. This should
3841 not be necessary because of general
3842 acceptance of the envelope/header
3843 distinction.
3844confLOG_LEVEL LogLevel [9] Log level.
3845confME_TOO MeToo [True] Include sender in group
3846 expansions. This option is
3847 deprecated and will be removed from
3848 a future version.
3849confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when
3850 running newaliases. Since this does
3851 DNS lookups on every address, it can
3852 slow down the alias rebuild process
3853 considerably on large alias files.
3854confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without
3855 special chars are old style.
3856confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags.
3857confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
3858 copies of all error messages.
3859confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
3860confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for
3861 queue files (octal). If not set,
3862 sendmail uses 0600 unless its real
3863 and effective uid are different in
3864 which case it uses 0644.
3865confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
3866 syntax addresses to the minimum
3867 possible.
3868confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk
3869 before forking.
3870confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
3871 on the initial connect.
3872confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial
3873 connect() to complete. This can only
3874 shorten connection timeouts; the kernel
3875 silently enforces an absolute maximum
3876 (which varies depending on the system).
3877confTO_ICONNECT Timeout.iconnect
3878 [undefined] Like Timeout.connect, but
3879 applies only to the very first attempt
3880 to connect to a host in a message.
3881 This allows a single very fast pass
3882 followed by more careful delivery
3883 attempts in the future.
3884confTO_ACONNECT Timeout.aconnect
3885 [0] The overall timeout waiting for
3886 all connection for a single delivery
3887 attempt to succeed. If 0, no overall
3888 limit is applied.
3889confTO_HELO Timeout.helo [5m] The timeout waiting for a response
3890 to a HELO or EHLO command.
3891confTO_MAIL Timeout.mail [10m] The timeout waiting for a
3892 response to the MAIL command.
3893confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response
3894 to the RCPT command.
3895confTO_DATAINIT Timeout.datainit
3896 [5m] The timeout waiting for a 354
3897 response from the DATA command.
3898confTO_DATABLOCK Timeout.datablock
3899 [1h] The timeout waiting for a block
3900 during DATA phase.
3901confTO_DATAFINAL Timeout.datafinal
3902 [1h] The timeout waiting for a response
3903 to the final "." that terminates a
3904 message.
3905confTO_RSET Timeout.rset [5m] The timeout waiting for a response
3906 to the RSET command.
3907confTO_QUIT Timeout.quit [2m] The timeout waiting for a response
3908 to the QUIT command.
3909confTO_MISC Timeout.misc [2m] The timeout waiting for a response
3910 to other SMTP commands.
3911confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout
3912 waiting for a command to be issued.
3913confTO_IDENT Timeout.ident [5s] The timeout waiting for a
3914 response to an IDENT query.
3915confTO_FILEOPEN Timeout.fileopen
3916 [60s] The timeout waiting for a file
3917 (e.g., :include: file) to be opened.
3918confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response
3919 to an LMTP LHLO command.
3920confTO_AUTH Timeout.auth [10m] The timeout waiting for a
3921 response in an AUTH dialogue.
3922confTO_STARTTLS Timeout.starttls
3923 [1h] The timeout waiting for a
3924 response to an SMTP STARTTLS command.
3925confTO_CONTROL Timeout.control
3926 [2m] The timeout for a complete
3927 control socket transaction to complete.
3928confTO_QUEUERETURN Timeout.queuereturn
3929 [5d] The timeout before a message is
3930 returned as undeliverable.
3931confTO_QUEUERETURN_NORMAL
3932 Timeout.queuereturn.normal
3933 [undefined] As above, for normal
3934 priority messages.
3935confTO_QUEUERETURN_URGENT
3936 Timeout.queuereturn.urgent
3937 [undefined] As above, for urgent
3938 priority messages.
3939confTO_QUEUERETURN_NONURGENT
3940 Timeout.queuereturn.non-urgent
3941 [undefined] As above, for non-urgent
3942 (low) priority messages.
3943confTO_QUEUERETURN_DSN
3944 Timeout.queuereturn.dsn
3945 [undefined] As above, for delivery
3946 status notification messages.
3947confTO_QUEUEWARN Timeout.queuewarn
3948 [4h] The timeout before a warning
3949 message is sent to the sender telling
3950 them that the message has been
3951 deferred.
3952confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal
3953 [undefined] As above, for normal
3954 priority messages.
3955confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent
3956 [undefined] As above, for urgent
3957 priority messages.
3958confTO_QUEUEWARN_NONURGENT
3959 Timeout.queuewarn.non-urgent
3960 [undefined] As above, for non-urgent
3961 (low) priority messages.
3962confTO_QUEUEWARN_DSN
3963 Timeout.queuewarn.dsn
3964 [undefined] As above, for delivery
3965 status notification messages.
3966confTO_HOSTSTATUS Timeout.hoststatus
3967 [30m] How long information about host
3968 statuses will be maintained before it
3969 is considered stale and the host should
3970 be retried. This applies both within
3971 a single queue run and to persistent
3972 information (see below).
3973confTO_RESOLVER_RETRANS Timeout.resolver.retrans
3974 [varies] Sets the resolver's
3975 retransmission time interval (in
3976 seconds). Sets both
3977 Timeout.resolver.retrans.first and
3978 Timeout.resolver.retrans.normal.
3979confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
3980 [varies] Sets the resolver's
3981 retransmission time interval (in
3982 seconds) for the first attempt to
3983 deliver a message.
3984confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
3985 [varies] Sets the resolver's
3986 retransmission time interval (in
3987 seconds) for all resolver lookups
3988 except the first delivery attempt.
3989confTO_RESOLVER_RETRY Timeout.resolver.retry
3990 [varies] Sets the number of times
3991 to retransmit a resolver query.
3992 Sets both
3993 Timeout.resolver.retry.first and
3994 Timeout.resolver.retry.normal.
3995confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
3996 [varies] Sets the number of times
3997 to retransmit a resolver query for
3998 the first attempt to deliver a
3999 message.
4000confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
4001 [varies] Sets the number of times
4002 to retransmit a resolver query for
4003 all resolver lookups except the
4004 first delivery attempt.
4005confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
4006 USE_SYSTEM to use the system's idea,
4007 USE_TZ to use the user's TZ envariable,
4008 or something else to force that value.
4009confDEF_USER_ID DefaultUser [1:1] Default user id.
4010confUSERDB_SPEC UserDatabaseSpec
4011 [undefined] User database
4012 specification.
4013confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
4014confFALLBACK_SMARTHOST FallbackSmartHost
4015 [undefined] Fallback smart host.
4016confTLS_FALLBACK_TO_CLEAR TLSFallbacktoClear
4017 [undefined] If set, immediately try
4018 a connection again without STARTTLS
4019 after a TLS handshake failure.
4020confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
4021 for a host and other arrangements
4022 haven't been made, try connecting
4023 to the host directly; normally this
4024 would be a config error.
4025confQUEUE_LA QueueLA [varies] Load average at which
4026 queue-only function kicks in.
4027 Default values is (8 * numproc)
4028 where numproc is the number of
4029 processors online (if that can be
4030 determined).
4031confREFUSE_LA RefuseLA [varies] Load average at which
4032 incoming SMTP connections are
4033 refused. Default values is (12 *
4034 numproc) where numproc is the
4035 number of processors online (if
4036 that can be determined).
4037confREJECT_LOG_INTERVAL RejectLogInterval [3h] Log interval when
4038 refusing connections for this long.
4039confDELAY_LA DelayLA [0] Load average at which sendmail
4040 will sleep for one second on most
4041 SMTP commands and before accepting
4042 connections. 0 means no limit.
4043confMAX_ALIAS_RECURSION MaxAliasRecursion
4044 [10] Maximum depth of alias recursion.
4045confMAX_DAEMON_CHILDREN MaxDaemonChildren
4046 [undefined] The maximum number of
4047 children the daemon will permit. After
4048 this number, connections will be
4049 rejected. If not set or <= 0, there is
4050 no limit.
4051confMAX_HEADERS_LENGTH MaxHeadersLength
4052 [32768] Maximum length of the sum
4053 of all headers.
4054confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
4055 [undefined] Maximum length of
4056 certain MIME header field values.
4057confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
4058 [undefined] The maximum number of
4059 connections permitted per second per
4060 daemon. After this many connections
4061 are accepted, further connections
4062 will be delayed. If not set or <= 0,
4063 there is no limit.
4064confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
4065 [60s] Define the length of the
4066 interval for which the number of
4067 incoming connections is maintained.
4068confWORK_RECIPIENT_FACTOR
4069 RecipientFactor [30000] Cost of each recipient.
4070confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a
4071 separate process.
4072confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class.
4073confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
4074confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
4075 Priority, Host, Filename, Random,
4076 Modification, or Time.
4077confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater
4078 than zero, entries in the queue
4079 will be retried during a queue run
4080 only if the individual retry time
4081 has been reached which is doubled
4082 for each attempt. The maximum retry
4083 time is limited by the specified value.
4084confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
4085 must sit in the queue between queue
4086 runs. This allows you to set the
4087 queue run interval low for better
4088 responsiveness without trying all
4089 jobs in each run.
4090confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
4091 unlabeled 8 bit input to MIME, the
4092 character set to use by default.
4093confSERVICE_SWITCH_FILE ServiceSwitchFile
4094 [/etc/mail/service.switch] The file
4095 to use for the service switch on
4096 systems that do not have a
4097 system-defined switch.
4098confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing
4099 "file" type access of hosts names.
4100confDIAL_DELAY DialDelay [0s] If a connection fails, wait this
4101 long and try again. Zero means "don't
4102 retry". This is to allow "dial on
4103 demand" connections to have enough time
4104 to complete a connection.
4105confNO_RCPT_ACTION NoRecipientAction
4106 [none] What to do if there are no legal
4107 recipient fields (To:, Cc: or Bcc:)
4108 in the message. Legal values can
4109 be "none" to just leave the
4110 nonconforming message as is, "add-to"
4111 to add a To: header with all the
4112 known recipients (which may expose
4113 blind recipients), "add-apparently-to"
4114 to do the same but use Apparently-To:
4115 instead of To: (strongly discouraged
4116 in accordance with IETF standards),
4117 "add-bcc" to add an empty Bcc:
4118 header, or "add-to-undisclosed" to
4119 add the header
4120 ``To: undisclosed-recipients:;''.
4121confSAFE_FILE_ENV SafeFileEnvironment
4122 [undefined] If set, sendmail will do a
4123 chroot() into this directory before
4124 writing files.
4125confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6]
4126 If set, colons are treated as a regular
4127 character in addresses. If not set,
4128 they are treated as the introducer to
4129 the RFC 822 "group" syntax. Colons are
4130 handled properly in route-addrs. This
4131 option defaults on for V5 and lower
4132 configuration files.
4133confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
4134 any given queue run to this number of
4135 entries. Essentially, this will stop
4136 reading each queue directory after this
4137 number of entries are reached; it does
4138 _not_ pick the highest priority jobs,
4139 so this should be as large as your
4140 system can tolerate. If not set, there
4141 is no limit.
4142confMAX_QUEUE_CHILDREN MaxQueueChildren
4143 [undefined] Limits the maximum number
4144 of concurrent queue runners active.
4145 This is to keep system resources used
4146 within a reasonable limit. Relates to
4147 Queue Groups and ForkEachJob.
4148confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
4149 [1] Only active when MaxQueueChildren
4150 defined. Controls the maximum number
4151 of queue runners (aka queue children)
4152 active at the same time in a work
4153 group. See also MaxQueueChildren.
4154confDONT_EXPAND_CNAMES DontExpandCnames
4155 [False] If set, $[ ... $] lookups that
4156 do DNS based lookups do not expand
4157 CNAME records. This currently violates
4158 the published standards, but the IETF
4159 seems to be moving toward legalizing
4160 this. For example, if "FTP.Foo.ORG"
4161 is a CNAME for "Cruft.Foo.ORG", then
4162 with this option set a lookup of
4163 "FTP" will return "FTP.Foo.ORG"; if
4164 clear it returns "Cruft.FOO.ORG". N.B.
4165 you may not see any effect until your
4166 downstream neighbors stop doing CNAME
4167 lookups as well.
4168confFROM_LINE UnixFromLine [From $g $d] The From_ line used
4169 when sending to files or programs.
4170confSINGLE_LINE_FROM_HEADER SingleLineFromHeader
4171 [False] From: lines that have
4172 embedded newlines are unwrapped
4173 onto one line.
4174confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that
4175 does not include a host name.
4176confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full
4177 name phrase (@,;:\()[] are automatic).
4178confOPERATORS OperatorChars [.:%@!^/[]+] Address operator
4179 characters.
4180confSMTP_LOGIN_MSG SmtpGreetingMessage
4181 [$j Sendmail $v/$Z; $b]
4182 The initial (spontaneous) SMTP
4183 greeting message. The word "ESMTP"
4184 will be inserted between the first and
4185 second words to convince other
4186 sendmails to try to speak ESMTP.
4187confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3)
4188 routine will never be invoked. You
4189 might want to do this if you are
4190 running NIS and you have a large group
4191 map, since this call does a sequential
4192 scan of the map; in a large site this
4193 can cause your ypserv to run
4194 essentially full time. If you set
4195 this, agents run on behalf of users
4196 will only have their primary
4197 (/etc/passwd) group permissions.
4198confUNSAFE_GROUP_WRITES UnsafeGroupWrites
4199 [True] If set, group-writable
4200 :include: and .forward files are
4201 considered "unsafe", that is, programs
4202 and files cannot be directly referenced
4203 from such files. World-writable files
4204 are always considered unsafe.
4205 Notice: this option is deprecated and
4206 will be removed in future versions;
4207 Set GroupWritableForwardFileSafe
4208 and GroupWritableIncludeFileSafe in
4209 DontBlameSendmail if required.
4210confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection
4211 address (for testing).
4212confCONTROL_SOCKET_NAME ControlSocketName
4213 [undefined] Control socket for daemon
4214 management.
4215confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress
4216 [postmaster] If an error occurs when
4217 sending an error message, send that
4218 "double bounce" error message to this
4219 address. If it expands to an empty
4220 string, double bounces are dropped.
4221confSOFT_BOUNCE SoftBounce [False] If set, issue temporary errors
4222 (4xy) instead of permanent errors
4223 (5xy). This can be useful during
4224 testing of a new configuration to
4225 avoid erroneous bouncing of mails.
4226confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce
4227 messages which could not be returned
4228 to the user or sent to postmaster.
4229 If not set, the queue file will
4230 be renamed.
4231confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header
4232 implies DSN request.
4233confRUN_AS_USER RunAsUser [undefined] If set, become this user
4234 when reading and delivering mail.
4235 Causes all file reads (e.g., .forward
4236 and :include: files) to be done as
4237 this user. Also, all programs will
4238 be run as this user, and all output
4239 files will be written as this user.
4240confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
4241 [infinite] If set, allow no more than
4242 the specified number of recipients in
4243 an SMTP envelope. Further recipients
4244 receive a 452 error code (i.e., they
4245 are deferred for the next delivery
4246 attempt).
4247confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified
4248 number of recipients in a single SMTP
4249 transaction have been rejected, sleep
4250 for one second after each subsequent
4251 RCPT command in that transaction.
4252confDONT_PROBE_INTERFACES DontProbeInterfaces
4253 [False] If set, sendmail will _not_
4254 insert the names and addresses of any
4255 local interfaces into class {w}
4256 (list of known "equivalent" addresses).
4257 If you set this, you must also include
4258 some support for these addresses (e.g.,
4259 in a mailertable entry) -- otherwise,
4260 mail to addresses in this list will
4261 bounce with a configuration error.
4262 If set to "loopback" (without
4263 quotes), sendmail will skip
4264 loopback interfaces (e.g., "lo0").
4265confPID_FILE PidFile [system dependent] Location of pid
4266 file.
4267confPROCESS_TITLE_PREFIX ProcessTitlePrefix
4268 [undefined] Prefix string for the
4269 process title shown on 'ps' listings.
4270confDONT_BLAME_SENDMAIL DontBlameSendmail
4271 [safe] Override sendmail's file
4272 safety checks. This will definitely
4273 compromise system security and should
4274 not be used unless absolutely
4275 necessary.
4276confREJECT_MSG - [550 Access denied] The message
4277 given if the access database contains
4278 REJECT in the value portion.
4279confRELAY_MSG - [550 Relaying denied] The message
4280 given if an unauthorized relaying
4281 attempt is rejected.
4282confDF_BUFFER_SIZE DataFileBufferSize
4283 [4096] The maximum size of a
4284 memory-buffered data (df) file
4285 before a disk-based file is used.
4286confXF_BUFFER_SIZE XScriptFileBufferSize
4287 [4096] The maximum size of a
4288 memory-buffered transcript (xf)
4289 file before a disk-based file is
4290 used.
4291confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5
4292 CRAM-MD5] List of authentication
4293 mechanisms for AUTH (separated by
4294 spaces). The advertised list of
4295 authentication mechanisms will be the
4296 intersection of this list and the list
4297 of available mechanisms as determined
4298 by the Cyrus SASL library.
4299confAUTH_REALM AuthRealm [undefined] The authentication realm
4300 that is passed to the Cyrus SASL
4301 library. If no realm is specified,
4302 $j is used. See KNOWNBUGS.
4303confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
4304 authentication information for
4305 outgoing connections. This file must
4306 contain the user id, the authorization
4307 id, the password (plain text), the
4308 realm to use, and the list of
4309 mechanisms to try, each on a separate
4310 line and must be readable by root (or
4311 the trusted user) only. If no realm
4312 is specified, $j is used. If no
4313 mechanisms are given in the file,
4314 AuthMechanisms is used. Notice: this
4315 option is deprecated and will be
4316 removed in future versions; it doesn't
4317 work for the MSP since it can't read
4318 the file. Use the authinfo ruleset
4319 instead. See also the section SMTP
4320 AUTHENTICATION.
4321confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A'
4322 then the AUTH= parameter for the
4323 MAIL FROM command is only issued
4324 when authentication succeeded.
4325 See doc/op/op.me for more options
4326 and details.
4327confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption
4328 strength for the security layer in
4329 SMTP AUTH (SASL). Default is
4330 essentially unlimited.
4331confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client
4332 verification is performed, i.e.,
4333 the server doesn't ask for a
4334 certificate.
4335confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related
4336 options for server side. See
4337 SSL_CTX_set_options(3) for a list.
4338confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related
4339 options for client side. See
4340 SSL_CTX_set_options(3) for a list.
4341confCIPHER_LIST CipherList [undefined] Cipher list for TLS.
4342 See ciphers(1) for possible values.
4343confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
4344 specification for LDAP maps. The
4345 value should only contain LDAP
4346 specific settings such as "-h host
4347 -p port -d bindDN", etc. The
4348 settings will be used for all LDAP
4349 maps unless they are specified in
4350 the individual map specification
4351 ('K' command).
4352confCACERT_PATH CACertPath [undefined] Path to directory with
4353 certificates of CAs which must contain
4354 their hashes as filenames or links.
4355confCACERT CACertFile [undefined] File containing at least
4356 one CA certificate.
4357confSERVER_CERT ServerCertFile [undefined] File containing the
4358 cert of the server, i.e., this cert
4359 is used when sendmail acts as
4360 server.
4361confSERVER_KEY ServerKeyFile [undefined] File containing the
4362 private key belonging to the server
4363 cert.
4364confCLIENT_CERT ClientCertFile [undefined] File containing the
4365 cert of the client, i.e., this cert
4366 is used when sendmail acts as
4367 client.
4368confCLIENT_KEY ClientKeyFile [undefined] File containing the
4369 private key belonging to the client
4370 cert.
4371confCRL CRLFile [undefined] File containing certificate
4372 revocation status, useful for X.509v3
4373 authentication.
4374confCRL_PATH CRLPath [undefined] Directory containing
4375 hashes pointing to certificate
4376 revocation status files.
4377confDH_PARAMETERS DHParameters [undefined] File containing the
4378 DH parameters.
4379confDANE DANE [false] Enable DANE support.
4380confRAND_FILE RandFile [undefined] File containing random
4381 data (use prefix file:) or the
4382 name of the UNIX socket if EGD is
4383 used (use prefix egd:). STARTTLS
4384 requires this option if the compile
4385 flag HASURANDOM is not set (see
4386 sendmail/README).
4387confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm
4388 [undefined] The fingerprint algorithm
4389 (digest) to use for the presented
4390 cert.
4391confSSL_ENGINE SSLEngine [undefined] Name of SSLEngine.
4392confSSL_ENGINE_PATH SSLEnginePath [undefined] Path to dynamic library
4393 for SSLEngine.
4394confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
4395 queue runners is set the given value
4396 (nice(3)).
4397confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
4398 [undefined] Defines {daemon_flags}
4399 for direct submissions.
4400confUSE_MSP UseMSP [undefined] Use as mail submission
4401 program, see sendmail/SECURITY.
4402confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By
4403 SMTP Service Extension (RFC 2852).
4404confREQUIRES_DIR_FSYNC RequiresDirfsync [true] RequiresDirfsync can
4405 be used to turn off the compile time
4406 flag REQUIRES_DIR_FSYNC at runtime.
4407 See sendmail/README for details.
4408confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory.
4409confSHARED_MEMORY_KEY_FILE
4410 SharedMemoryKeyFile
4411 [undefined] File where the
4412 automatically selected key for
4413 shared memory is stored.
4414confFAST_SPLIT FastSplit [1] If set to a value greater than
4415 zero, the initial MX lookups on
4416 addresses is suppressed when they
4417 are sorted which may result in
4418 faster envelope splitting. If the
4419 mail is submitted directly from the
4420 command line, then the value also
4421 limits the number of processes to
4422 deliver the envelopes.
4423confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find
4424 information about local mailboxes.
4425confDEQUOTE_OPTS - [empty] Additional options for the
4426 dequote map.
4427confMAX_NOOP_COMMANDS MaxNOOPCommands [20] Maximum number of "useless"
4428 commands before the SMTP server
4429 will slow down responding.
4430confHELO_NAME HeloName If defined, use as name for EHLO/HELO
4431 command (instead of $j).
4432confINPUT_MAIL_FILTERS InputMailFilters
4433 A comma separated list of filters
4434 which determines which filters and
4435 the invocation sequence are
4436 contacted for incoming SMTP
4437 messages. If none are set, no
4438 filters will be contacted.
4439confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter
4440 actions, defaults to LogLevel.
4441confMILTER_MACROS_CONNECT Milter.macros.connect
4442 [j, _, {daemon_name}, {if_name},
4443 {if_addr}] Macros to transmit to
4444 milters when a session connection
4445 starts.
4446confMILTER_MACROS_HELO Milter.macros.helo
4447 [{tls_version}, {cipher},
4448 {cipher_bits}, {cert_subject},
4449 {cert_issuer}] Macros to transmit to
4450 milters after HELO/EHLO command.
4451confMILTER_MACROS_ENVFROM Milter.macros.envfrom
4452 [i, {auth_type}, {auth_authen},
4453 {auth_ssf}, {auth_author},
4454 {mail_mailer}, {mail_host},
4455 {mail_addr}] Macros to transmit to
4456 milters after MAIL FROM command.
4457confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
4458 [{rcpt_mailer}, {rcpt_host},
4459 {rcpt_addr}] Macros to transmit to
4460 milters after RCPT TO command.
4461confMILTER_MACROS_EOM Milter.macros.eom
4462 [{msg_id}] Macros to transmit to
4463 milters after the terminating
4464 DATA '.' is received.
4465confMILTER_MACROS_EOH Milter.macros.eoh
4466 Macros to transmit to milters
4467 after the end of headers.
4468confMILTER_MACROS_DATA Milter.macros.data
4469 Macros to transmit to milters
4470 after DATA command is received.
4471
4472
4473See also the description of OSTYPE for some parameters that can be
4474tweaked (generally pathnames to mailers).
4475
4476ClientPortOptions and DaemonPortOptions are special cases since multiple
4477clients/daemons can be defined. This can be done via
4478
4479 CLIENT_OPTIONS(`field1=value1,field2=value2,...')
4480 DAEMON_OPTIONS(`field1=value1,field2=value2,...')
4481
4482Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
4483ClientPortOptions settings) are allowed in order to give settings for each
4484protocol family (e.g., one for Family=inet and one for Family=inet6). A
4485restriction placed on one family only affects outgoing connections on that
4486particular family.
4487
4488If DAEMON_OPTIONS is not used, then the default is
4489
4490 DAEMON_OPTIONS(`Port=smtp, Name=MTA')
4491 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
4492
4493If you use one DAEMON_OPTIONS macro, it will alter the parameters
4494of the first of these. The second will still be defaulted; it
4495represents a "Message Submission Agent" (MSA) as defined by RFC
44962476 (see below). To turn off the default definition for the MSA,
4497use FEATURE(`no_default_msa') (see also FEATURES). If you use
4498additional DAEMON_OPTIONS macros, they will add additional daemons.
4499
4500Example 1: To change the port for the SMTP listener, while
4501still using the MSA default, use
4502 DAEMON_OPTIONS(`Port=925, Name=MTA')
4503
4504Example 2: To change the port for the MSA daemon, while still
4505using the default SMTP port, use
4506 FEATURE(`no_default_msa')
4507 DAEMON_OPTIONS(`Name=MTA')
4508 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
4509
4510Note that if the first of those DAEMON_OPTIONS lines were omitted, then
4511there would be no listener on the standard SMTP port.
4512
4513Example 3: To listen on both IPv4 and IPv6 interfaces, use
4514
4515 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4516 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4517
4518A "Message Submission Agent" still uses all of the same rulesets for
4519processing the message (and therefore still allows message rejection via
4520the check_* rulesets). In accordance with the RFC, the MSA will ensure
4521that all domains in envelope addresses are fully qualified if the message
4522is relayed to another MTA. It will also enforce the normal address syntax
4523rules and log error messages. Additionally, by using the M=a modifier you
4524can require authentication before messages are accepted by the MSA.
4525Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally,
4526the M=E modifier shown above disables ETRN as required by RFC 2476.
4527
4528Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
4529commands:
4530
4531 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
4532 MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
4533
4534The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
4535same order they were specified by also setting confINPUT_MAIL_FILTERS. A
4536filter can be defined without adding it to the input filter list by using
4537MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
4538Alternatively, you can reset the list of filters and their order by setting
4539confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
4540your .mc file.
4541
4542
4543+----------------------------+
4544| MESSAGE SUBMISSION PROGRAM |
4545+----------------------------+
4546
4547The purpose of the message submission program (MSP) is explained
4548in sendmail/SECURITY. This section contains a list of caveats and
4549a few hints how for those who want to tweak the default configuration
4550for it (which is installed as submit.cf).
4551
4552Notice: do not add options/features to submit.mc unless you are
4553absolutely sure you need them. Options you may want to change
4554include:
4555
4556- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4557 avoiding X-Authentication warnings.
4558- confTIME_ZONE to change it from the default `USE_TZ'.
4559- confDELIVERY_MODE is set to interactive in msp.m4 instead
4560 of the default background mode.
4561- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4562 to the LOCAL_RELAY instead of the default relay.
4563- confRAND_FILE if you use STARTTLS and sendmail is not compiled with
4564 the flag HASURANDOM.
4565
4566The MSP performs hostname canonicalization by default. As also
4567explained in sendmail/SECURITY, mail may end up for various DNS
4568related reasons in the MSP queue. This problem can be minimized by
4569using
4570
4571 FEATURE(`nocanonify', `canonify_hosts')
4572 define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
4573
4574See the discussion about nocanonify for possible side effects.
4575
4576Some things are not intended to work with the MSP. These include
4577features that influence the delivery process (e.g., mailertable,
4578aliases), or those that are only important for a SMTP server (e.g.,
4579virtusertable, DaemonPortOptions, multiple queues). Moreover,
4580relaxing certain restrictions (RestrictQueueRun, permissions on
4581queue directory) or adding features (e.g., enabling prog/file mailer)
4582can cause security problems.
4583
4584Other things don't work well with the MSP and require tweaking or
4585workarounds. For example, to allow for client authentication it
4586is not just sufficient to provide a client certificate and the
4587corresponding key, but it is also necessary to make the key group
4588(smmsp) readable and tell sendmail not to complain about that, i.e.,
4589
4590 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
4591
4592If the MSP should actually use AUTH then the necessary data
4593should be placed in a map as explained in SMTP AUTHENTICATION:
4594
4595FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')
4596
4597/etc/mail/msp-authinfo should contain an entry like:
4598
4599 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5"
4600
4601The file and the map created by makemap should be owned by smmsp,
4602its group should be smmsp, and it should have mode 640. The database
4603used by the MTA for AUTH must have a corresponding entry.
4604Additionally the MTA must trust this authentication data so the AUTH=
4605part will be relayed on to the next hop. This can be achieved by
4606adding the following to your sendmail.mc file:
4607
4608 LOCAL_RULESETS
4609 SLocal_trust_auth
4610 R$* $: $&{auth_authen}
4611 Rsmmsp $# OK
4612
4613Note: the authentication data can leak to local users who invoke
4614the MSP with debug options or even with -v. For that reason either
4615an authentication mechanism that does not show the password in the
4616AUTH dialogue (e.g., DIGEST-MD5) or a different authentication
4617method like STARTTLS should be used.
4618
4619feature/msp.m4 defines almost all settings for the MSP. Most of
4620those should not be changed at all. Some of the features and options
4621can be overridden if really necessary. It is a bit tricky to do
4622this, because it depends on the actual way the option is defined
4623in feature/msp.m4. If it is directly defined (i.e., define()) then
4624the modified value must be defined after
4625
4626 FEATURE(`msp')
4627
4628If it is conditionally defined (i.e., ifdef()) then the desired
4629value must be defined before the FEATURE line in the .mc file.
4630To see how the options are defined read feature/msp.m4.
4631
4632
4633+--------------------------+
4634| FORMAT OF FILES AND MAPS |
4635+--------------------------+
4636
4637Files that define classes, i.e., F{classname}, consist of lines
4638each of which contains a single element of the class. For example,
4639/etc/mail/local-host-names may have the following content:
4640
4641my.domain
4642another.domain
4643
4644Maps must be created using makemap(8) , e.g.,
4645
4646 makemap hash MAP < MAP
4647
4648In general, a text file from which a map is created contains lines
4649of the form
4650
4651key value
4652
4653where 'key' and 'value' are also called LHS and RHS, respectively.
4654By default, the delimiter between LHS and RHS is a non-empty sequence
4655of white space characters.
4656
4657
4658+------------------+
4659| DIRECTORY LAYOUT |
4660+------------------+
4661
4662Within this directory are several subdirectories, to wit:
4663
4664m4 General support routines. These are typically
4665 very important and should not be changed without
4666 very careful consideration.
4667
4668cf The configuration files themselves. They have
4669 ".mc" suffixes, and must be run through m4 to
4670 become complete. The resulting output should
4671 have a ".cf" suffix.
4672
4673ostype Definitions describing a particular operating
4674 system type. These should always be referenced
4675 using the OSTYPE macro in the .mc file. Examples
4676 include "bsd4.3", "bsd4.4", "sunos3.5", and
4677 "sunos4.1".
4678
4679domain Definitions describing a particular domain, referenced
4680 using the DOMAIN macro in the .mc file. These are
4681 site dependent; for example, "CS.Berkeley.EDU.m4"
4682 describes hosts in the CS.Berkeley.EDU subdomain.
4683
4684mailer Descriptions of mailers. These are referenced using
4685 the MAILER macro in the .mc file.
4686
4687sh Shell files used when building the .cf file from the
4688 .mc file in the cf subdirectory.
4689
4690feature These hold special orthogonal features that you might
4691 want to include. They should be referenced using
4692 the FEATURE macro.
4693
4694hack Local hacks. These can be referenced using the HACK
4695 macro. They shouldn't be of more than voyeuristic
4696 interest outside the .Berkeley.EDU domain, but who knows?
4697
4698siteconfig Site configuration -- e.g., tables of locally connected
4699 UUCP sites.
4700
4701
4702+------------------------+
4703| ADMINISTRATIVE DETAILS |
4704+------------------------+
4705
4706The following sections detail usage of certain internal parts of the
4707sendmail.cf file. Read them carefully if you are trying to modify
4708the current model. If you find the above descriptions adequate, these
4709should be {boring, confusing, tedious, ridiculous} (pick one or more).
4710
4711RULESETS (* means built in to sendmail)
4712
4713 0 * Parsing
4714 1 * Sender rewriting
4715 2 * Recipient rewriting
4716 3 * Canonicalization
4717 4 * Post cleanup
4718 5 * Local address rewrite (after aliasing)
4719 1x mailer rules (sender qualification)
4720 2x mailer rules (recipient qualification)
4721 3x mailer rules (sender header qualification)
4722 4x mailer rules (recipient header qualification)
4723 5x mailer subroutines (general)
4724 6x mailer subroutines (general)
4725 7x mailer subroutines (general)
4726 8x reserved
4727 90 Mailertable host stripping
4728 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4729 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4730 98 Local part of ruleset 0 (ruleset 8 in old sendmail)
4731
4732
4733MAILERS
4734
4735 0 local, prog local and program mailers
4736 1 [e]smtp, relay SMTP channel
4737 2 uucp-* UNIX-to-UNIX Copy Program
4738 3 netnews Network News delivery
4739 4 fax Sam Leffler's HylaFAX software
4740 5 mail11 DECnet mailer
4741
4742
4743MACROS
4744
4745 A
4746 B Bitnet Relay
4747 C DECnet Relay
4748 D The local domain -- usually not needed
4749 E reserved for X.400 Relay
4750 F FAX Relay
4751 G
4752 H mail Hub (for mail clusters)
4753 I
4754 J
4755 K
4756 L Luser Relay
4757 M Masquerade (who you claim to be)
4758 N
4759 O
4760 P
4761 Q
4762 R Relay (for unqualified names)
4763 S Smart Host
4764 T
4765 U my UUCP name (if you have a UUCP connection)
4766 V UUCP Relay (class {V} hosts)
4767 W UUCP Relay (class {W} hosts)
4768 X UUCP Relay (class {X} hosts)
4769 Y UUCP Relay (all other hosts)
4770 Z Version number
4771
4772
4773CLASSES
4774
4775 A
4776 B domains that are candidates for bestmx lookup
4777 C
4778 D
4779 E addresses that should not seem to come from $M
4780 F hosts this system forward for
4781 G domains that should be looked up in genericstable
4782 H
4783 I
4784 J
4785 K
4786 L addresses that should not be forwarded to $R
4787 M domains that should be mapped to $M
4788 N host/domains that should not be mapped to $M
4789 O operators that indicate network operations (cannot be in local names)
4790 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4791 Q
4792 R domains this system is willing to relay (pass anti-spam filters)
4793 S
4794 T
4795 U locally connected UUCP hosts
4796 V UUCP hosts connected to relay $V
4797 W UUCP hosts connected to relay $W
4798 X UUCP hosts connected to relay $X
4799 Y locally connected smart UUCP hosts
4800 Z locally connected domain-ized UUCP hosts
4801 . the class containing only a dot
4802 [ the class containing only a left bracket
4803
4804
4805M4 DIVERSIONS
4806
4807 1 Local host detection and resolution
4808 2 Local Ruleset 3 additions
4809 3 Local Ruleset 0 additions
4810 4 UUCP Ruleset 0 additions
4811 5 locally interpreted names (overrides $R)
4812 6 local configuration (at top of file)
4813 7 mailer definitions
4814 8 DNS based blocklists
4815 9 special local rulesets (1 and 2)
4816
4817