Lines Matching +full:host +full:- +full:only
9 To get started, you may want to look at tcpproto.mc (for TCP-only
11 mail host), or the generic-*.mc files as operating system-specific
30 ANTI-SPAM CONFIGURATION CONTROL
37 NON-SMTP BASED CONFIGURATIONS
51 +--------------------------+
53 +--------------------------+
57 You must pre-load "cf.m4":
70 or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
72 use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example:
74 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
78 divert(-1)
80 # Copyright (c) 1998-2005 Proofpoint, Inc. and its suppliers.
92 # This is a Berkeley-specific configuration file for HP-UX 9.x.
93 # It applies only to the Computer Science Division at Berkeley,
95 # distribution as a sample only. To create your own configuration
102 The divert(-1) will delete the crud in the resulting output file.
112 in SMTP greeting messages -- this is defined in m4/version.m4.
134 should only be followed by LOCAL_* sections. The general rules are
154 *** Berkeley-specific assumptions built in, such as the name ***
155 *** of their UUCP-relay. You'll want to create your own ***
162 Some rulesets, features, and options are only useful if the sendmail
164 ruleset tls_server is only invoked if sendmail has been compiled
181 +----------------------------+
183 +----------------------------+
186 files. The most important thing to know is that M4 is stream-based,
191 most cases sendmail uses this only to avoid lots of unnecessary
222 -------
224 This package requires a post-V7 version of m4; if you are running the
226 BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works.
227 Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a
229 ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version).
234 +----------------+
236 +----------------+
239 related files, /etc/mail. The new files available for sendmail 8.9 --
240 the class {R} /etc/mail/relay-domains and the access database
241 /etc/mail/access -- take advantage of this new directory. Beginning with
249 ------------ ------------
265 /etc/sendmail.cw /etc/mail/local-host-names
266 /etc/mail/sendmail.cw /etc/mail/local-host-names
267 /etc/sendmail/sendmail.cw /etc/mail/local-host-names
269 /etc/sendmail.ct /etc/mail/trusted-users
271 /etc/sendmail.oE /etc/mail/error-header
301 +--------+
303 +--------+
317 empty). Unfortunately, the list of configuration-supported systems is
318 not as broad as the list of source-supported systems, since many of
322 of the alias file(s). It can be a comma-separated
324 commas in them -- for example, use
327 otherwise the define() primitive only sees "a").
349 LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local
354 messages to deliver in a single connection. Only
356 LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
363 [X-Unix] The DSN Diagnostic-Code value for the
368 LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
376 USENET_MAILER_ARGS [-m -h -n] The command line arguments for the
385 flags are `mDFMuX' for all SMTP-based mailers; the
389 flags are `mDFMuX' for all SMTP-based mailers; the
402 About the only reason you would want to change this
416 SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
420 RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
429 flags are `DFMhuU' (and `m' for uucp-new mailer,
430 minus `U' for uucp-dom mailer).
431 UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
435 UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
458 PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
474 PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer.
480 CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed
489 CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed
504 CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
514 QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed
525 (thus overriding the default value), or if it starts with `+' (`-')
539 +---------+
541 +---------+
543 You will probably want to collect domain-dependent defines into one
548 UUCP_RELAY The host that will accept UUCP-addressed email.
551 BITNET_RELAY The host that will accept BITNET-addressed email.
552 If not defined, the .BITNET pseudo-domain won't work.
553 DECNET_RELAY The host that will accept DECNET-addressed email.
554 If not defined, the .DECNET pseudo-domain and addresses
556 FAX_RELAY The host that will accept mail to the .FAX pseudo-domain.
558 LOCAL_RELAY The site that will handle unqualified names -- that
562 FEATURE(`stickyhost') -- see the discussion of
565 central site to store a company- or department-wide
566 alias database. This only works at small sites,
567 and only with some user agents.
568 LUSER_RELAY The site that will handle lusers -- that is, apparently
574 mailer is the internal mailer name, such as ``uucp-new'' and the hostname
575 is the name of the host as appropriate for that mailer) or just a
583 (using "DD<domain>") and set certain site-wide features. If all hosts
587 You do not have to define a domain -- in particular, if you are a
593 +---------+
595 +---------+
602 need these; the only exception is if you relay ALL
610 five mailers: "smtp" for regular (old-style) SMTP to
613 converting 8-bit data to MIME (essentially, this is
614 your statement that you know the other end is 8-bit
619 uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
620 defines two mailers, "uucp-old" (a.k.a. "uucp") and
621 "uucp-new" (a.k.a. "suucp"). The latter is for when you
625 ("uucp-dom" and "uucp-uudom") are also defined [warning: you
628 class {U} and sends them to the uucp-old mailer; all
629 names in class {Y} are sent to uucp-new; and all
630 names in class {Z} are sent to uucp-uudom. Note that
654 host.com procmail:/etc/procmailrcs/host.com
656 with the file /etc/procmailrcs/host.com reading:
658 :0 # forward mail for host.com
659 ! -oi -f $1 person@other.host
661 This would arrange for (anything)@host.com to be sent
662 to person@other.host. In a procmail script, $1 is the
668 problem, e.g., a catch-all entry in a virtusertable.
670 mail11 The DECnet mail11 mailer, useful only if you have the mail11
683 "user+detail@local.host" syntax (see
686 permits. The cyrusbb mailer delivers to a system-wide
692 "user+detail@local.host" syntax (see
709 +----------+
711 +----------+
718 tells sendmail that you want to have it read an /etc/mail/local-host-names
720 optional parameters -- for example:
730 if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
741 use_cw_file Read the file /etc/mail/local-host-names file to get
742 alternate names for this host. This might be used if you
743 were on a host that MXed for a dynamic set of other hosts.
749 use_ct_file Read the file /etc/mail/trusted-users file to get the
751 set their envelope from address using -f without generating
766 Warnings: 1. See the notice in the anti-spam section.
776 Warnings: 1. See the notice in the anti-spam section.
781 by default, i.e., host/domain names are considered canonical,
788 (DaemonPortOptions=Modifiers=C). This would generally only
789 be used by sites that only act as mail gateways or which have
792 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
812 addresses which have only a hostname, e.g.,
813 <user@host>, will be canonified (and hopefully fully
821 "user@local.host" are marked as "sticky" -- that
826 With MAIL_HUB, mail addressed to "user@local.host"
828 address still remaining "user@local.host".
835 i.e. local host names). The argument of the FEATURE may be
842 or partial domains preceded by a dot -- for example,
854 will forward to the original user in the e-mail address
897 Include the local host domain even on locally delivered
900 the same user name space everywhere, you may need the host
906 as being from the masquerade host. Normally they get
913 feature ONLY if you can guarantee that the ENTIRE
914 namespace on your masquerade host supersets all the
919 this feature is given, only the hosts listed in class {M} (see
938 this feature, only foo.org and bar.com are masqueraded.
940 NOTE: only domains within your jurisdiction and
945 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect
952 host. Normally only the header addresses are masqueraded.
959 8.12), the MTA will only receive qualified addresses from the
963 masquerading are looked up, i.e., only header sender
997 virtusertable A domain-specific form of aliasing, allowing multiple
1001 info@foo.com foo-info
1002 info@bar.com bar-info
1008 address foo-info, mail addressed to info@bar.com will be
1009 delivered to bar-info, and mail addressed to anyone at baz.org
1033 There are two wildcards after "+": "+" matches only a non-empty
1038 All the host names on the left hand side (foo.com, bar.com,
1062 ldap_routing Implement LDAP-based e-mail recipient routing according to
1063 the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
1064 This provides a method to re-route addresses with a
1066 different mail host or a different address. Hosts can
1073 nullclient This is a special case -- it creates a configuration file
1075 central hub via a local SMTP-based network. The argument
1078 The only other feature that should be used in conjunction
1087 confEBINDIR m4 variable -- making the default
1106 "user+indicator@local.host" syntax; normally the +indicator
1107 is just tossed, but by default it is passed as the -a
1115 [default: procmail -Y -a $h -d $u]
1120 setreuid() call, you may need to add -f $f to the procmail
1127 `maildrop -d $u')
1136 bestmx_is_local Accept mail as though locally addressed for any host that
1140 domains, which will limit the feature to only apply to
1141 these domains -- this will reduce unnecessary DNS
1150 e-mail. If an argument is provided it is used as the
1152 confEBINDIR is used for the smrsh binary -- by default,
1158 local host (class {w}) and sending it to another host than
1159 your local host). This option sets your site to allow
1168 This option allows any host in your domain as defined by
1171 e.g., com. This can happen if you give your host a name
1172 like example.com instead of host.example.com.
1176 db and class {R} are treated as domain names, not host names.
1180 the behaviour to look up individual host names only.
1184 records of the host portion of an incoming recipient; that
1185 is, if an MX record for host foo.com points to your site,
1193 if route address syntax (or %-hack syntax) is used. If
1194 this is a problem, add entries to the access-table or use
1202 of the sender address. This feature should only be used if
1207 anti-spam configuration control.
1211 is a local host. This should only be used if absolutely
1232 refused if the host part of the argument to MAIL FROM:
1233 cannot be located in the host name service (e.g., an A or
1235 only a limited view of the Internet host name space, this
1246 hash -T<TMPF> /etc/mail/access
1248 See the anti-spam configuration control section for further
1250 "-T<TMPF>" is meant literal, do not replace it by anything.
1256 host foo.mydomain.com, or guest@bar.mydomain.com.
1258 described in the anti-spam configuration control section
1265 See "Delay all checks" in the anti-spam configuration control
1289 Rejected: IP-ADDRESS listed at SERVER
1291 where IP-ADDRESS and SERVER are replaced by the appropriate
1295 message. See the anti-spam configuration control section for
1301 definition from `host'. Set the DNSBL_MAP_OPT mc option
1304 Note: currently only IPv4 addresses are checked.
1311 define(`DNSBL_MAP', `dns -R A')
1318 define(`DNSBL_MAP', `dns -R A -r2')
1328 compared with the supplied argument(s), and only if a match
1333 will reject the e-mail if the lookup returns the value
1365 10.1.2.3 can only make up to 4 connections, the
1386 10.1.2.3 can only have up to 4 open connections, the
1394 draft-stumpf-dns-mtamark-01. Optional arguments are:
1412 match only subdomains. It does not work well with
1430 Preserve the name of the recipient host if LUSER_RELAY is
1432 recipient address will be replaced by the host specified as
1433 LUSER_RELAY. This feature only works if the hostname is
1442 .forward +detail stripping (e.g., given user+detail, only
1444 user will not be looked up). Only use if the local
1451 with the Compat: tag -- Compat:sender<@>recipient -- in the
1467 the default of `[localhost]' to use as host to send all
1468 e-mails to. Note that MX records will be used if the
1482 by default. If you have a machine with IPv6 only,
1493 on the full e-mail address or the domain of the
1539 - authenticated sessions,
1540 - connections from IP addresses in class $={R}.
1548 host names) and $={R} (relay permitted).
1559 If the look-up succeeds, but returns an apparently forged
1566 Any IP address matched using $=R (the "relay-domains" file)
1568 allowed relaying for this host, based on IP address, we
1614 (MTA-STS, see RFC 8461). It sets the option
1617 postfix-mta-sts-resolver (see feature/sts.m4
1627 +-------+
1629 +-------+
1633 macro. These will tend to be site-dependent. The release
1634 includes the Berkeley-dependent "cssubdomain" hack (that makes
1636 this is intended as a short-term aid while moving hosts into
1640 +--------------------+
1642 +--------------------+
1646 * only for back compatibility. You should plan on *
1649 * of UUCP mailers, such as uucp-uudom. *
1656 The SITECONFIG macro allows you to indirectly reference site-dependent
1667 the host information read from the file. Another SITECONFIG line reads
1676 out-of-date configuration file has been left around to demonstrate
1692 same line; these are usually aliases for the same host (or are at
1697 should only be used if really necessary.
1700 +--------------------+
1702 +--------------------+
1706 for domain-based addressing, even for UUCP sites.
1718 non-domainized scheme. This depends entirely on what the other
1720 other end to go to a domain-based system -- non-domainized addresses
1725 uucp-old (obsolete name: "uucp")
1730 only send to one address at a time, so it spends a lot of
1734 uucp-new (obsolete name: "suucp")
1739 uucp-dom
1742 is only included if MAILER(`smtp') is specified before
1747 domain-based addresses in the message header. (The envelope
1750 uucp-uudom
1751 This is a cross between uucp-new (for the envelope addresses)
1752 and uucp-dom (for the header addresses). It bangifies the
1754 local hostname, unless there is no host name on the address
1755 at all (e.g., "wolf") or the host component is a UUCP host name
1757 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
1762 On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1766 ------ ------ -------------------------
1767 uucp-{old,new} wolf grasp!wolf
1768 uucp-dom wolf wolf@grasp.insa-lyon.fr
1769 uucp-uudom wolf grasp.insa-lyon.fr!wolf
1771 uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
1772 uucp-dom wolf@fr.net wolf@fr.net
1773 uucp-uudom wolf@fr.net fr.net!wolf
1775 uucp-{old,new} somehost!wolf grasp!somehost!wolf
1776 uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
1777 uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
1780 to convert all UUCP addresses to domain format -- otherwise, it will
1783 the heuristics will add the @uucp.relay.name or @local.host.name to
1784 this address. However, if you map foo to foo.host.name first, it
1789 +-------------------+
1791 +-------------------+
1820 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1823 pointing at this host; this rule catches the message and forwards it on
1836 Kyplocal nis -m hosts.byname
1839 +---------------------------+
1841 +---------------------------+
1843 You can have your host masquerade as another using
1845 MASQUERADE_AS(`host.domain')
1848 indicated host.domain, rather than $j. One normally masquerades as
1860 Normally the only addresses that are masqueraded are those that come
1861 from this host (that is, are either unqualified or in class {w}, the list
1870 This can be a space-separated list of names.
1881 MASQUERADE_EXCEPTION(`host.domain')
1884 except for one (or a few) host(s). If these names are in a file,
1889 Normally only header addresses are masqueraded. If you want to
1894 There are always users that need to be "exposed" -- that is, their
1906 without @host) to a relay host. For example, if you have a central
1907 email server, you might relay to that host so that users don't have
1959 local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1967 need to unset all the other relays -- or better yet, find or build a
1970 For duplicate suppression to work properly, the host name is best
1973 define(`MAIL_HUB', `host.domain.')
1974 note the trailing dot ---^
1977 +-------------------------------------------+
1979 +-------------------------------------------+
1982 own LDAP map specification or using the built-in default LDAP map
1983 specification. The built-in default specifications all provide lookups
2000 individual host records can have surprising results (see the CAUTION
2006 in future versions. Feedback via sendmail-YYYY@support.sendmail.org is
2009 -------
2011 -------
2021 ldap -k (&(objectClass=sendmailMTAAliasObject)
2026 …-v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:…
2031 not actually macro-expanded when read from the sendmail.cf file.
2035 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
2041 sendmailMTAKey: sendmail-list
2046 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
2052 sendmailMTAKey: owner-sendmail-list
2064 Here, the aliases sendmail-list and owner-sendmail-list will be available
2065 only on etrn.sendmail.org but the postmaster alias will be available on
2095 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
2097 ----
2099 ----
2116 --------- ------------------
2128 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
2133 …-1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:s…
2152 CAUTION: If your LDAP database contains the record above and *ALSO* a host
2166 require a single match. Since the host etrn.sendmail.org is also in the
2173 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
2175 -------
2177 -------
2185 be used with LDAP to read classes from LDAP. Note that the lookup is only
2196 F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
2200 …-v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:se…
2204 not actually macro-expanded when read from the sendmail.cf file.
2210 ------- --------------------
2239 CAUTION: If your LDAP database contains the record above and *ALSO* a host
2251 both the cluster match and the host match). In other words, the effective
2257 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
2263 +--------------+
2265 +--------------+
2269 (draft-lachman-laser-ldap-mail-routing-01). This feature enables
2270 LDAP-based rerouting of a particular address to either a different host
2282 user@host1.example.com, normally the LDAP lookup would only be done for
2297 mail host for a particular address; <mailRoutingAddress> is a map definition
2303 contains +detail information -- `strip' tries the lookup with the +detail
2315 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2320 ldap -1 -T<TMPF> -v mailRoutingAddress
2321 -k (&(objectClass=inetLocalMailRecipient)
2324 Note that neither includes the LDAP server hostname (-h server) or base DN
2325 (-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
2328 changed as described above. The "-T<TMPF>" is required in any user
2335 ----------- --------------------- ----------
2337 "local" host mailRoutingAddress
2340 "local" host original address
2343 remote host relayed to mailHost
2346 remote host relayed to mailHost
2355 The term "local" host above means the host specified is in class {w}. If
2356 the result would mean sending the mail to a different host, that host is
2365 attribute. If present, there must be only one mailHost attribute and it
2366 must contain a fully qualified host name as its value. Similarly, if
2367 present, there must be only one mailRoutingAddress attribute and it must
2384 the mail to MX records listed for the host eng.example.com (unless the
2394 the host mktmail.example.com using the new address harry@mkt.example.com
2395 when talking to that host.
2408 +---------------------------------+
2409 | ANTI-SPAM CONFIGURATION CONTROL |
2410 +---------------------------------+
2412 The primary anti-spam features available in sendmail are:
2419 Relaying (transmission of messages from a site outside your host (class
2434 host.mydomain.com
2447 then any host in any of your local domains (that is, class {m})
2449 host in your domain).
2451 You can also allow relaying based on the MX records of the host
2462 Note also that this feature will stop spammers from using your host
2483 only works together with the tag From: for the LHS of the access
2493 user@site.com for relaying if othersite.com is an allowed relay host
2501 should only be used for sites which have no control over the addresses
2506 anti-relay rules do not prevent: the case of a system that does use
2511 <example.net!user@local.host> / <user%example.net@local.host>
2515 because it came from a trusted local host. So if a mailserver
2516 allows UUCP (bang-format) / %-hack addresses, all systems from which
2523 IP address can't be mapped to a host name. If you want to continue
2525 has only a limited view of the Internet host name space (note that you
2527 host" forwarder), use
2568 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2571 `-T<TMPF>' as shown above. The optional parameters may be
2579 e-mail address instead of an entire domain.
2587 The table itself uses e-mail addresses, domain names, and network
2600 (or any host within the cyberspammer.com domain), any host in the entire
2656 it affects only the designated recipient, not
2658 This should only be used if really necessary.
2659 SKIP This can only be used for host/domain names
2702 Connect:suspicious.example.com QUARANTINE:Mail from suspicious host
2714 forged"). That is, using square brackets means these are host
2735 hosts listed in class {R} to be fully qualified host names.
2743 this database entry is for checking only the username portion of the
2754 To:host.my.TLD ERROR:550 That host does not accept mail
2758 domains (class {w}), any user at host.my.TLD, and the single address
2783 Rejected: IP-ADDRESS listed at SERVER
2785 where IP-ADDRESS and SERVER are replaced by the appropriate
2805 451 Temporary lookup failure of IP-ADDRESS at SERVER
2807 where IP-ADDRESS and SERVER are replaced by the appropriate
2836 Kallnumbers regex -a@MATCH ^[0-9]+$
2855 ----------------
2871 in the access map, then any e-mail with a sender address of
2893 skipped only if the recipient address is found and has RHS FRIEND. If
2896 other two rulesets will be applied only if the recipient address is
2921 -------------
2926 a Message-ID: header:
2929 HMessage-Id: $>CheckMessageId
2961 any final header-related checks. The ruleset is called with the number of
2963 example usage is to reject messages which do not have a Message-Id:
2964 header. However, the Message-Id: header is *NOT* a required header and is
2970 HMessage-Id: $>CheckMessageId
2984 # Has a Message-Id: header
2986 # Allow missing Message-Id: from local mail
2994 +--------------------+
2996 +--------------------+
3025 +----------+
3027 +----------+
3056 ${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
3057 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
3077 --------
3092 rulesets and map lookups, they are modified as follows: each non-printable
3121 To allow relaying only for a subset of machines that have a cert signed by
3145 --------------------
3165 requiring that e-mail is sent to a server only encrypted, e.g., via
3169 doesn't necessarily mean that e-mail sent to that domain is encrypted.
3179 current recipient. This ruleset is only defined if FEATURE(`access_db')
3200 algorithm, e.g., DIGEST-MD5.
3211 only succeeds if it is found with a RHS of OK.
3213 Example: e-mail sent to secure.example.com should only use an encrypted
3214 connection. E-mail received from hosts within the laptop.example.com domain
3215 should only be accepted if they have been authenticated. The host which
3216 receives e-mail for darth@endmail.org must present a cert that uses the
3217 CN smtp.endmail.org. E-mail sent to safe.example.com must be verified,
3230 -----------------------
3243 - Options: compare {Server,Client}SSLOptions.
3244 - CipherList: same as the global option.
3245 - CertFile, KeyFile: {Server,Client}{Cert,Key}File
3246 - Flags: see doc/op/op.me for details.
3254 TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT
3257 certificates only for the client with the IP address 10.0.2.4,
3278 will turn off STARTTLS when sending to broken.server (or any host
3280 only for hosts in my.domain, and disable MTA-STS for broken.sts.
3286 ----------------
3294 +---------------------+
3296 +---------------------+
3299 used in anti-relay rulesets to allow relaying for those users that
3312 RDIGEST-MD5 $| $+@$=w $# OK
3314 to allow relaying for users that authenticated using DIGEST-MD5
3319 ruleset may make use of the other ${auth_*} macros. Only if the
3322 to modify the default behavior, which only trust the AUTH=
3329 TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
3336 -----------------------------------------------------
3345 only performed if the access map is used; if the authinfo feature
3346 is used then only up to three lookups are performed (two exact
3352 sendmail set-user-ID. Use PrivacyOptions to turn off verbose output
3374 AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
3375 AuthInfo:host.more.dom "U:user" "P=c2VjcmV0"
3387 group/world-unreadable, this is left to the user.
3390 +--------------------------------+
3392 +--------------------------------+
3419 +-------------------------+
3421 +-------------------------+
3462 +-------------------------+
3464 +-------------------------+
3476 +-------------------------------+
3477 | NON-SMTP BASED CONFIGURATIONS |
3478 +-------------------------------+
3481 SMTP-based sites. They may not be well tuned for UUCP-only or
3482 UUCP-primarily nodes (the latter is defined as a small local net
3486 You can define a ``smart host'' that understands a richer address syntax
3492 can't be handled using the usual UUCP rules are passed to this host.
3494 If you are on a local SMTP-based net that connects to the outside
3498 define(`SMART_HOST', `uucp-new:uunet')
3503 via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3513 That is, send directly only to things you found in your DNS lookup;
3516 You may need to turn off the anti-spam rules in order to accept
3521 +-----------+
3523 +-----------+
3527 host name using gethostname and then calling gethostbyname on the
3529 only the root of the host name (such as "foo"); gethostbyname is
3539 +-----------------------------------+
3541 +-----------------------------------+
3543 If your host is known by several different names, you need to augment
3544 class {w}. This is a list of names by which your host is known, and
3545 anything sent to an address using a host name in this list will be
3547 file /etc/mail/local-host-names containing a list of your aliases (one per
3549 ``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
3550 name of the host, rather than a short name.
3554 http://www.sendmail.org/virtual-hosting.html
3557 +--------------------+
3559 +--------------------+
3566 uuhost1.my.domain uucp-new:uuhost1
3575 a dot matches the full host name indicated. LHS entries beginning
3577 the leading dot) -- that is, they can be thought of as having a
3578 leading ".+" regular expression pattern for a non-empty sequence of
3579 characters. Matching is done in order of most-to-least qualified
3580 -- for example, even though ".my.domain" is listed first in the
3582 entry since it is more explicit. Note: e-mail to "user@my.domain"
3586 my.domain esmtp:host.my.domain
3588 The RHS should always be a "mailer:host" pair. The mailer is the
3590 sendmail.cf file). The "host" will be the hostname passed to
3591 that mailer. In domain-based matches (that is, those with leading
3593 the host name. For example, the first line above sends everything
3594 addressed to "anything.my.domain" to that same host name, but using
3608 The [square brackets] turn off MX records for this host only.
3615 +--------------------------------+
3617 +--------------------------------+
3622 purpose instead -- since you can specify multiple alias files, this
3624 a site, but allow you to override this by sending to a specific host.
3627 imperative that you not use FEATURE(`stickyhost') -- otherwise,
3628 e-mail sent to Full.Name@local.host.name will be rejected.
3635 as e-mail addresses, since they are not in any sense unique. For
3636 example, the UNIX software-development community has at least two
3637 well-known Peter Deutsches, and at one time Bell Labs had two
3646 +--------------------------------+
3648 +--------------------------------+
3666 +----------------+
3668 +----------------+
3680 mailertable, are only writable by trusted system personnel.
3683 if your system allows "file giveaways" (that is, if a non-root
3688 to steal anyone else's e-mail. Instead, create a script that
3690 night (if you want the non-NFS-mounted forward directory).
3693 sendmail is much less trusting of :include: files -- in
3698 In general, file giveaways are a mistake -- if you can turn them
3702 +--------------------------------+
3704 +--------------------------------+
3719 Some options are likely to be deprecated in future versions -- that is,
3720 the option is only included to provide back-compatibility. These are
3731 confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
3735 only be done if your system cannot
3756 in messages passed through this host.
3758 confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an
3759 internally generated Message-Id:
3761 confCW_FILE Fw class [/etc/mail/local-host-names] Name
3763 additions to class {w} (local host
3765 confCT_FILE Ft class [/etc/mail/trusted-users] Name of
3768 confCR_FILE FR class [/etc/mail/relay-domains] Name of
3779 confSMTP_MAILER - [esmtp] The mailer name used when
3783 confUUCP_MAILER - [uucp-old] The mailer to be used by
3784 default for bang-format recipient
3788 confLOCAL_MAILER - [local] The mailer name used when
3791 confRELAY_MAILER - [relay] The default mailer name used
3795 "uucp-new" if you are on a
3796 UUCP-connected site.
3798 confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
3826 confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
3831 confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
3834 The colon-separated list of places to
3842 [undefined] If set, host status is kept
3853 sendmails on this host to connect
3855 host. This can slow down delivery in
3858 to a host will prevent other sendmails
3859 from connecting to the other host.
3866 confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
3886 confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
3892 confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
3900 connect() to complete. This can only
3906 applies only to the very first attempt
3907 to connect to a host in a message.
3967 Timeout.queuereturn.non-urgent
3968 [undefined] As above, for non-urgent
3986 Timeout.queuewarn.non-urgent
3987 [undefined] As above, for non-urgent
3994 [30m] How long information about host
3996 is considered stale and the host should
4032 confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
4040 confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
4042 [undefined] Fallback smart host.
4047 confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
4048 for a host and other arrangements
4050 to the host directly; normally this
4053 queue-only function kicks in.
4102 Priority, Host, Filename, Random,
4107 only if the individual retry time
4117 confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
4124 system-defined switch.
4137 nonconforming message as is, "add-to"
4140 blind recipients), "add-apparently-to"
4141 to do the same but use Apparently-To:
4144 "add-bcc" to add an empty Bcc:
4145 header, or "add-to-undisclosed" to
4147 ``To: undisclosed-recipients:;''.
4157 handled properly in route-addrs. This
4176 [1] Only active when MaxQueueChildren
4202 does not include a host name.
4223 will only have their primary
4226 [True] If set, group-writable
4230 from such files. World-writable files
4258 confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header
4286 in a mailertable entry) -- otherwise,
4303 confREJECT_MSG - [550 Access denied] The message
4306 confRELAY_MSG - [550 Relaying denied] The message
4311 memory-buffered data (df) file
4312 before a disk-based file is used.
4315 memory-buffered transcript (xf)
4316 file before a disk-based file is
4318 confAUTH_MECHANISMS AuthMechanisms [EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5
4319 CRAM-MD5] List of authentication
4338 the trusted user) only. If no realm
4350 MAIL FROM command is only issued
4372 value should only contain LDAP
4373 specific settings such as "-h host
4374 -p port -d bindDN", etc. The
4455 confDEQUOTE_OPTS - [empty] Additional options for the
4515 restriction placed on one family only affects outgoing connections on that
4545 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4546 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4573 +----------------------------+
4575 +----------------------------+
4586 - confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4587 avoiding X-Authentication warnings.
4588 - confTIME_ZONE to change it from the default `USE_TZ'.
4589 - confDELIVERY_MODE is set to interactive in msp.m4 instead
4591 - FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4593 - confRAND_FILE if you use STARTTLS and sendmail is not compiled with
4608 aliases), or those that are only important for a SMTP server (e.g.,
4625 FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')
4627 /etc/mail/msp-authinfo should contain an entry like:
4629 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5"
4644 the MSP with debug options or even with -v. For that reason either
4646 AUTH dialogue (e.g., DIGEST-MD5) or a different authentication
4663 +--------------------------+
4665 +--------------------------+
4669 /etc/mail/local-host-names may have the following content:
4684 By default, the delimiter between LHS and RHS is a non-empty sequence
4688 +------------------+
4690 +------------------+
4728 siteconfig Site configuration -- e.g., tables of locally connected
4732 +------------------------+
4734 +------------------------+
4757 90 Mailertable host stripping
4767 2 uucp-* UNIX-to-UNIX Copy Program
4778 D The local domain -- usually not needed
4793 S Smart Host
4818 N host/domains that should not be mapped to $M
4820 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4822 R domains this system is willing to relay (pass anti-spam filters)
4830 Z locally connected domain-ized UUCP hosts
4831 . the class containing only a dot
4832 [ the class containing only a left bracket
4837 1 Local host detection and resolution