xref: /freebsd/contrib/sendmail/cf/README (revision 0fca6ea1d4eea4c934cfff25ac9ee8ad6fe95583)
1
2		SENDMAIL CONFIGURATION FILES
3
4This document describes the sendmail configuration files.  It
5explains how to create a sendmail.cf file for use with sendmail.
6It also describes how to set options for sendmail which are explained
7in the Sendmail Installation and Operation guide (doc/op/op.me).
8
9To get started, you may want to look at tcpproto.mc (for TCP-only
10sites) and clientproto.mc (for clusters of clients using a single
11mail host), or the generic-*.mc files as operating system-specific
12examples.
13
14Table of Content:
15
16INTRODUCTION AND EXAMPLE
17A BRIEF INTRODUCTION TO M4
18FILE LOCATIONS
19OSTYPE
20DOMAINS
21MAILERS
22FEATURES
23HACKS
24SITE CONFIGURATION
25USING UUCP MAILERS
26TWEAKING RULESETS
27MASQUERADING AND RELAYING
28USING LDAP FOR ALIASES, MAPS, AND CLASSES
29LDAP ROUTING
30ANTI-SPAM CONFIGURATION CONTROL
31CONNECTION CONTROL
32STARTTLS
33SMTP AUTHENTICATION
34ADDING NEW MAILERS OR RULESETS
35ADDING NEW MAIL FILTERS
36QUEUE GROUP DEFINITIONS
37NON-SMTP BASED CONFIGURATIONS
38WHO AM I?
39ACCEPTING MAIL FOR MULTIPLE NAMES
40USING MAILERTABLES
41USING USERDB TO MAP FULL NAMES
42MISCELLANEOUS SPECIAL FEATURES
43SECURITY NOTES
44TWEAKING CONFIGURATION OPTIONS
45MESSAGE SUBMISSION PROGRAM
46FORMAT OF FILES AND MAPS
47DIRECTORY LAYOUT
48ADMINISTRATIVE DETAILS
49
50
51+--------------------------+
52| INTRODUCTION AND EXAMPLE |
53+--------------------------+
54
55Configuration files are contained in the subdirectory "cf", with a
56suffix ".mc".  They must be run through "m4" to produce a ".cf" file.
57You must pre-load "cf.m4":
58
59	m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
60
61Alternatively, you can simply:
62
63	cd ${CFDIR}/cf
64	./Build config.cf
65
66where ${CFDIR} is the root of the cf directory and config.mc is the
67name of your configuration file.  If you are running a version of M4
68that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
69this, but the versions distributed with 4.4BSD and derivatives do not)
70or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
71For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
72use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash!  For example:
73
74	m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
75
76Let's examine a typical .mc file:
77
78	divert(-1)
79	#
80	# Copyright (c) 1998-2005 Proofpoint, Inc. and its suppliers.
81	#	All rights reserved.
82	# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
83	# Copyright (c) 1988, 1993
84	#	The Regents of the University of California.  All rights reserved.
85	#
86	# By using this file, you agree to the terms and conditions set
87	# forth in the LICENSE file which can be found at the top level of
88	# the sendmail distribution.
89	#
90
91	#
92	#  This is a Berkeley-specific configuration file for HP-UX 9.x.
93	#  It applies only to the Computer Science Division at Berkeley,
94	#  and should not be used elsewhere.   It is provided on the sendmail
95	#  distribution as a sample only.  To create your own configuration
96	#  file, create an appropriate domain file in ../domain, change the
97	#  `DOMAIN' macro below to reference that file, and copy the result
98	#  to a name of your own choosing.
99	#
100	divert(0)
101
102The divert(-1) will delete the crud in the resulting output file.
103The copyright notice can be replaced by whatever your lawyers require;
104our lawyers require the one that is included in these files.  A copyleft
105is a copyright by another name.  The divert(0) restores regular output.
106
107	VERSIONID(`<SCCS or RCS version id>')
108
109VERSIONID is a macro that stuffs the version information into the
110resulting file.  You could use SCCS, RCS, CVS, something else, or
111omit it completely.  This is not the same as the version id included
112in SMTP greeting messages -- this is defined in m4/version.m4.
113
114	OSTYPE(`hpux9')dnl
115
116You must specify an OSTYPE to properly configure things such as the
117pathname of the help and status files, the flags needed for the local
118mailer, and other important things.  If you omit it, you will get an
119error when you try to build the configuration.  Look at the ostype
120directory for the list of known operating system types.
121
122	DOMAIN(`CS.Berkeley.EDU')dnl
123
124This example is specific to the Computer Science Division at Berkeley.
125You can use "DOMAIN(`generic')" to get a sufficiently bland definition
126that may well work for you, or you can create a customized domain
127definition appropriate for your environment.
128
129	MAILER(`local')
130	MAILER(`smtp')
131
132These describe the mailers used at the default CS site.  The local
133mailer is always included automatically.  Beware: MAILER declarations
134should only be followed by LOCAL_* sections.  The general rules are
135that the order should be:
136
137	VERSIONID
138	OSTYPE
139	DOMAIN
140	FEATURE
141	local macro definitions
142	MAILER
143	LOCAL_CONFIG
144	LOCAL_RULE_*
145	LOCAL_RULESETS
146
147There are a few exceptions to this rule.  Local macro definitions which
148influence a FEATURE() should be done before that feature.  For example,
149a define(`PROCMAIL_MAILER_PATH', ...) should be done before
150FEATURE(`local_procmail').
151
152*******************************************************************
153***  BE SURE YOU CUSTOMIZE THESE FILES!  They have some		***
154***  Berkeley-specific assumptions built in, such as the name	***
155***  of their UUCP-relay.  You'll want to create your own	***
156***  domain description, and use that in place of		***
157***  domain/Berkeley.EDU.m4.					***
158*******************************************************************
159
160
161Note:
162Some rulesets, features, and options are only useful if the sendmail
163binary has been compiled with the appropriate options, e.g., the
164ruleset tls_server is only invoked if sendmail has been compiled
165with STARTTLS. This is usually obvious from the context and hence
166not further specified here.
167There are also so called "For Future Releases" (FFR) compile time
168options which might be included in a subsequent version or might
169simply be removed as they turned out not to be really useful.
170These are generally not documented but if they are, then the required
171compile time options are listed in doc/op/op.* for rulesets and
172macros, and for mc/cf specific options they are usually listed here.
173In addition to compile time options for the sendmail binary, there
174can also be FFRs for mc/cf which in general can be enabled when the
175configuration file is generated by defining them at the top of your
176.mc file:
177
178define(`_FFR_NAME_HERE', 1)
179
180
181+----------------------------+
182| A BRIEF INTRODUCTION TO M4 |
183+----------------------------+
184
185Sendmail uses the M4 macro processor to ``compile'' the configuration
186files.  The most important thing to know is that M4 is stream-based,
187that is, it doesn't understand about lines.  For this reason, in some
188places you may see the word ``dnl'', which stands for ``delete
189through newline''; essentially, it deletes all characters starting
190at the ``dnl'' up to and including the next newline character.  In
191most cases sendmail uses this only to avoid lots of unnecessary
192blank lines in the output.
193
194Other important directives are define(A, B) which defines the macro
195``A'' to have value ``B''.  Macros are expanded as they are read, so
196one normally quotes both values to prevent expansion.  For example,
197
198	define(`SMART_HOST', `smart.foo.com')
199
200One word of warning:  M4 macros are expanded even in lines that appear
201to be comments.  For example, if you have
202
203	# See FEATURE(`foo') above
204
205it will not do what you expect, because the FEATURE(`foo') will be
206expanded.  This also applies to
207
208	# And then define the $X macro to be the return address
209
210because ``define'' is an M4 keyword.  If you want to use them, surround
211them with directed quotes, `like this'.
212
213Since m4 uses single quotes (opening "`" and closing "'") to quote
214arguments, those quotes can't be used in arguments.  For example,
215it is not possible to define a rejection message containing a single
216quote. Usually there are simple workarounds by changing those
217messages; in the worst case it might be ok to change the value
218directly in the generated .cf file, which however is not advised.
219
220
221Notice:
222-------
223
224This package requires a post-V7 version of m4; if you are running the
2254.2bsd, SysV.2, or 7th Edition version.  SunOS's /usr/5bin/m4 or
226BSD-Net/2's m4 both work.  GNU m4 version 1.1 or later also works.
227Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a
228Net/2 or GNU version.  GNU m4 is available from
229ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version).
230EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine).  Use GNU
231m4 on this platform.
232
233
234+----------------+
235| FILE LOCATIONS |
236+----------------+
237
238sendmail 8.9 has introduced a new configuration directory for sendmail
239related files, /etc/mail.  The new files available for sendmail 8.9 --
240the class {R} /etc/mail/relay-domains and the access database
241/etc/mail/access -- take advantage of this new directory.  Beginning with
2428.10, all files will use this directory by default (some options may be
243set by OSTYPE() files).  This new directory should help to restore
244uniformity to sendmail's file locations.
245
246Below is a table of some of the common changes:
247
248Old filename			New filename
249------------			------------
250/etc/bitdomain			/etc/mail/bitdomain
251/etc/domaintable		/etc/mail/domaintable
252/etc/genericstable		/etc/mail/genericstable
253/etc/uudomain			/etc/mail/uudomain
254/etc/virtusertable		/etc/mail/virtusertable
255/etc/userdb			/etc/mail/userdb
256
257/etc/aliases			/etc/mail/aliases
258/etc/sendmail/aliases		/etc/mail/aliases
259/etc/ucbmail/aliases		/etc/mail/aliases
260/usr/adm/sendmail/aliases	/etc/mail/aliases
261/usr/lib/aliases		/etc/mail/aliases
262/usr/lib/mail/aliases		/etc/mail/aliases
263/usr/ucblib/aliases		/etc/mail/aliases
264
265/etc/sendmail.cw		/etc/mail/local-host-names
266/etc/mail/sendmail.cw		/etc/mail/local-host-names
267/etc/sendmail/sendmail.cw	/etc/mail/local-host-names
268
269/etc/sendmail.ct		/etc/mail/trusted-users
270
271/etc/sendmail.oE		/etc/mail/error-header
272
273/etc/sendmail.hf		/etc/mail/helpfile
274/etc/mail/sendmail.hf		/etc/mail/helpfile
275/usr/ucblib/sendmail.hf		/etc/mail/helpfile
276/etc/ucbmail/sendmail.hf	/etc/mail/helpfile
277/usr/lib/sendmail.hf		/etc/mail/helpfile
278/usr/share/lib/sendmail.hf	/etc/mail/helpfile
279/usr/share/misc/sendmail.hf	/etc/mail/helpfile
280/share/misc/sendmail.hf		/etc/mail/helpfile
281
282/etc/service.switch		/etc/mail/service.switch
283
284/etc/sendmail.st		/etc/mail/statistics
285/etc/mail/sendmail.st		/etc/mail/statistics
286/etc/mailer/sendmail.st		/etc/mail/statistics
287/etc/sendmail/sendmail.st	/etc/mail/statistics
288/usr/lib/sendmail.st		/etc/mail/statistics
289/usr/ucblib/sendmail.st		/etc/mail/statistics
290
291Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
292to create the pathnames.  The default value of this variable is
293`/etc/mail/'.  If you set this macro to a different value, you MUST include
294a trailing slash.
295
296Notice: all filenames used in a .mc (or .cf) file should be absolute
297(starting at the root, i.e., with '/').  Relative filenames most
298likely cause surprises during operations (unless otherwise noted).
299
300
301+--------+
302| OSTYPE |
303+--------+
304
305You MUST define an operating system environment, or the configuration
306file build will puke.  There are several environments available; look
307at the "ostype" directory for the current list.  This macro changes
308things like the location of the alias file and queue directory.  Some
309of these files are identical to one another.
310
311It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
312In general, the OSTYPE macro should go immediately after any version
313information, and MAILER definitions should always go last.
314
315Operating system definitions are usually easy to write.  They may define
316the following variables (everything defaults, so an ostype file may be
317empty).  Unfortunately, the list of configuration-supported systems is
318not as broad as the list of source-supported systems, since many of
319the source contributors do not include corresponding ostype files.
320
321ALIAS_FILE		[/etc/mail/aliases] The location of the text version
322			of the alias file(s).  It can be a comma-separated
323			list of names (but be sure you quote values with
324			commas in them -- for example, use
325				define(`ALIAS_FILE', `a,b')
326			to get "a" and "b" both listed as alias files;
327			otherwise the define() primitive only sees "a").
328HELP_FILE		[/etc/mail/helpfile] The name of the file
329			containing information printed in response to
330			the SMTP HELP command.
331QUEUE_DIR		[/var/spool/mqueue] The directory containing
332			queue files.  To use multiple queues, supply
333			a value ending with an asterisk.  For
334			example, /var/spool/mqueue/qd* will use all of the
335			directories or symbolic links to directories
336			beginning with 'qd' in /var/spool/mqueue as queue
337			directories.  The names 'qf', 'df', and 'xf' are
338			reserved as specific subdirectories for the
339			corresponding queue file types as explained in
340			doc/op/op.me.  See also QUEUE GROUP DEFINITIONS.
341MSP_QUEUE_DIR		[/var/spool/clientmqueue] The directory containing
342			queue files for the MSP (Mail Submission Program,
343			see sendmail/SECURITY).
344STATUS_FILE		[/etc/mail/statistics] The file containing status
345			information.
346LOCAL_MAILER_PATH	[/bin/mail] The program used to deliver local mail.
347LOCAL_MAILER_FLAGS	[Prmn9] The flags used by the local mailer.  The
348			flags lsDFMAw5:/|@q are always included.
349LOCAL_MAILER_ARGS	[mail -d $u] The arguments passed to deliver local
350			mail.
351LOCAL_MAILER_MAX	[undefined] If defined, the maximum size of local
352			mail that you are willing to accept.
353LOCAL_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
354			messages to deliver in a single connection.  Only
355			useful for LMTP local mailers.
356LOCAL_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
357			that ARRIVE from an address that resolves to the
358			local mailer and which are converted to MIME will be
359			labeled with this character set.
360LOCAL_MAILER_EOL	[undefined] If defined, the string to use as the
361			end of line for the local mailer.
362LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
363			[X-Unix] The DSN Diagnostic-Code value for the
364			local mailer.  This should be changed with care.
365LOCAL_SHELL_PATH	[/bin/sh] The shell used to deliver piped email.
366LOCAL_SHELL_FLAGS	[eu9] The flags used by the shell mailer.  The
367			flags lsDFM are always included.
368LOCAL_SHELL_ARGS	[sh -c $u] The arguments passed to deliver "prog"
369			mail.
370LOCAL_SHELL_DIR		[$z:/] The directory search path in which the
371			shell should run.
372LOCAL_MAILER_QGRP	[undefined] The queue group for the local mailer.
373USENET_MAILER_PATH	[/usr/lib/news/inews] The name of the program
374			used to submit news.
375USENET_MAILER_FLAGS	[rsDFMmn] The mailer flags for the usenet mailer.
376USENET_MAILER_ARGS	[-m -h -n] The command line arguments for the
377			usenet mailer.  NOTE: Some versions of inews
378			(such as those shipped with newer versions of INN)
379			use different flags.  Double check the defaults
380			against the inews man page.
381USENET_MAILER_MAX	[undefined] The maximum size of messages that will
382			be accepted by the usenet mailer.
383USENET_MAILER_QGRP	[undefined] The queue group for the usenet mailer.
384SMTP_MAILER_FLAGS	[undefined] Flags added to SMTP mailer.  Default
385			flags are `mDFMuX' for all SMTP-based mailers; the
386			"esmtp" mailer adds `a'; "smtp8" adds `8'; and
387			"dsmtp" adds `%'.
388RELAY_MAILER_FLAGS	[undefined] Flags added to the relay mailer.  Default
389			flags are `mDFMuX' for all SMTP-based mailers; the
390			relay mailer adds `a8'.  If this is not defined,
391			then SMTP_MAILER_FLAGS is used.
392SMTP_MAILER_MAX		[undefined] The maximum size of messages that will
393			be transported using the smtp, smtp8, esmtp, or dsmtp
394			mailers.
395SMTP_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
396			messages to deliver in a single connection for the
397			smtp, smtp8, esmtp, or dsmtp mailers.
398SMTP_MAILER_MAXRCPTS	[undefined] If defined, the maximum number of
399			recipients to deliver in a single envelope for the
400			smtp, smtp8, esmtp, or dsmtp mailers.
401SMTP_MAILER_ARGS	[TCP $h] The arguments passed to the smtp mailer.
402			About the only reason you would want to change this
403			would be to change the default port.
404ESMTP_MAILER_ARGS	[TCP $h] The arguments passed to the esmtp mailer.
405SMTP8_MAILER_ARGS	[TCP $h] The arguments passed to the smtp8 mailer.
406DSMTP_MAILER_ARGS	[TCP $h] The arguments passed to the dsmtp mailer.
407RELAY_MAILER_ARGS	[TCP $h] The arguments passed to the relay mailer.
408SMTP_MAILER_QGRP	[undefined] The queue group for the smtp mailer.
409ESMTP_MAILER_QGRP	[undefined] The queue group for the esmtp mailer.
410SMTP8_MAILER_QGRP	[undefined] The queue group for the smtp8 mailer.
411DSMTP_MAILER_QGRP	[undefined] The queue group for the dsmtp mailer.
412RELAY_MAILER_QGRP	[undefined] The queue group for the relay mailer.
413RELAY_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
414			messages to deliver in a single connection for the
415			relay mailer.
416SMTP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
417			that ARRIVE from an address that resolves to one of
418			the SMTP mailers and which are converted to MIME will
419			be labeled with this character set.
420RELAY_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
421			that ARRIVE from an address that resolves to the
422			relay mailers and which are converted to MIME will
423			be labeled with this character set.
424SMTP_MAILER_LL		[990] The maximum line length for SMTP mailers
425			(except the relay mailer).
426RELAY_MAILER_LL		[2040] The maximum line length for the relay mailer.
427UUCP_MAILER_PATH	[/usr/bin/uux] The program used to send UUCP mail.
428UUCP_MAILER_FLAGS	[undefined] Flags added to UUCP mailer.  Default
429			flags are `DFMhuU' (and `m' for uucp-new mailer,
430			minus `U' for uucp-dom mailer).
431UUCP_MAILER_ARGS	[uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
432			passed to the UUCP mailer.
433UUCP_MAILER_MAX		[100000] The maximum size message accepted for
434			transmission by the UUCP mailers.
435UUCP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
436			that ARRIVE from an address that resolves to one of
437			the UUCP mailers and which are converted to MIME will
438			be labeled with this character set.
439UUCP_MAILER_QGRP	[undefined] The queue group for the UUCP mailers.
440FAX_MAILER_PATH		[/usr/local/lib/fax/mailfax] The program used to
441			submit FAX messages.
442FAX_MAILER_ARGS		[mailfax $u $h $f] The arguments passed to the FAX
443			mailer.
444FAX_MAILER_MAX		[100000] The maximum size message accepted for
445			transmission by FAX.
446POP_MAILER_PATH		[/usr/lib/mh/spop] The pathname of the POP mailer.
447POP_MAILER_FLAGS	[Penu] Flags added to POP mailer.  Flags lsDFMq
448			are always added.
449POP_MAILER_ARGS		[pop $u] The arguments passed to the POP mailer.
450POP_MAILER_QGRP		[undefined] The queue group for the pop mailer.
451PROCMAIL_MAILER_PATH	[/usr/local/bin/procmail] The path to the procmail
452			program.  This is also used by
453			FEATURE(`local_procmail').
454PROCMAIL_MAILER_FLAGS	[SPhnu9] Flags added to Procmail mailer.  Flags
455			DFM are always set.  This is NOT used by
456			FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
457			instead.
458PROCMAIL_MAILER_ARGS	[procmail -Y -m $h $f $u] The arguments passed to
459			the Procmail mailer.  This is NOT used by
460			FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
461			instead.
462PROCMAIL_MAILER_MAX	[undefined] If set, the maximum size message that
463			will be accepted by the procmail mailer.
464PROCMAIL_MAILER_QGRP	[undefined] The queue group for the procmail mailer.
465MAIL11_MAILER_PATH	[/usr/etc/mail11] The path to the mail11 mailer.
466MAIL11_MAILER_FLAGS	[nsFx] Flags for the mail11 mailer.
467MAIL11_MAILER_ARGS	[mail11 $g $x $h $u] Arguments passed to the mail11
468			mailer.
469MAIL11_MAILER_QGRP	[undefined] The queue group for the mail11 mailer.
470PH_MAILER_PATH		[/usr/local/etc/phquery] The path to the phquery
471			program.
472PH_MAILER_FLAGS		[ehmu] Flags for the phquery mailer.  Flags nrDFM
473			are always set.
474PH_MAILER_ARGS		[phquery -- $u] -- arguments to the phquery mailer.
475PH_MAILER_QGRP		[undefined] The queue group for the ph mailer.
476CYRUS_MAILER_FLAGS	[Ah5@/:|] The flags used by the cyrus mailer.  The
477			flags lsDFMnPq are always included.
478CYRUS_MAILER_PATH	[/usr/cyrus/bin/deliver] The program used to deliver
479			cyrus mail.
480CYRUS_MAILER_ARGS	[deliver -e -m $h -- $u] The arguments passed
481			to deliver cyrus mail.
482CYRUS_MAILER_MAX	[undefined] If set, the maximum size message that
483			will be accepted by the cyrus mailer.
484CYRUS_MAILER_USER	[cyrus:mail] The user and group to become when
485			running the cyrus mailer.
486CYRUS_MAILER_QGRP	[undefined] The queue group for the cyrus mailer.
487CYRUS_BB_MAILER_FLAGS	[u] The flags used by the cyrusbb mailer.
488			The flags lsDFMnP are always included.
489CYRUS_BB_MAILER_ARGS	[deliver -e -m $u] The arguments passed
490			to deliver cyrusbb mail.
491CYRUSV2_MAILER_FLAGS	[A@/:|m] The flags used by the cyrusv2 mailer.  The
492			flags lsDFMnqXz are always included.
493CYRUSV2_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
494			messages to deliver in a single connection for the
495			cyrusv2 mailer.
496CYRUSV2_MAILER_MAXRCPTS	[undefined] If defined, the maximum number of
497			recipients to deliver in a single connection for the
498			cyrusv2 mailer.
499CYRUSV2_MAILER_ARGS	[FILE /var/imap/socket/lmtp] The arguments passed
500			to the cyrusv2 mailer.  This can be used to
501			change the name of the Unix domain socket, or
502			to switch to delivery via TCP (e.g., `TCP $h lmtp')
503CYRUSV2_MAILER_QGRP	[undefined] The queue group for the cyrusv2 mailer.
504CYRUSV2_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
505			that ARRIVE from an address that resolves to one the
506			Cyrus mailer and which are converted to MIME will
507			be labeled with this character set.
508confEBINDIR		[/usr/libexec] The directory for executables.
509			Currently used for FEATURE(`local_lmtp') and
510			FEATURE(`smrsh').
511QPAGE_MAILER_FLAGS	[mDFMs] The flags used by the qpage mailer.
512QPAGE_MAILER_PATH	[/usr/local/bin/qpage] The program used to deliver
513			qpage mail.
514QPAGE_MAILER_ARGS	[qpage -l0 -m -P$u] The arguments passed
515			to deliver qpage mail.
516QPAGE_MAILER_MAX	[4096] If set, the maximum size message that
517			will be accepted by the qpage mailer.
518QPAGE_MAILER_QGRP	[undefined] The queue group for the qpage mailer.
519LOCAL_PROG_QGRP		[undefined] The queue group for the prog mailer.
520
521Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
522MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
523of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
524upper case) and change can be: flags that should be used directly
525(thus overriding the default value), or if it starts with `+' (`-')
526then those flags are added to (removed from) the default value.
527Example:
528
529	MODIFY_MAILER_FLAGS(`LOCAL', `+e')
530
531will add the flag `e' to LOCAL_MAILER_FLAGS.  Notice: there are
532several smtp mailers all of which are manipulated individually.
533See the section MAILERS for the available mailer names.
534WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
535unconditionally, i.e., without respecting any definitions in an
536OSTYPE setting.
537
538
539+---------+
540| DOMAINS |
541+---------+
542
543You will probably want to collect domain-dependent defines into one
544file, referenced by the DOMAIN macro.  For example, the Berkeley
545domain file includes definitions for several internal distinguished
546hosts:
547
548UUCP_RELAY	The host that will accept UUCP-addressed email.
549		If not defined, all UUCP sites must be directly
550		connected.
551BITNET_RELAY	The host that will accept BITNET-addressed email.
552		If not defined, the .BITNET pseudo-domain won't work.
553DECNET_RELAY	The host that will accept DECNET-addressed email.
554		If not defined, the .DECNET pseudo-domain and addresses
555		of the form node::user will not work.
556FAX_RELAY	The host that will accept mail to the .FAX pseudo-domain.
557		The "fax" mailer overrides this value.
558LOCAL_RELAY	The site that will handle unqualified names -- that
559		is, names without an @domain extension.
560		Normally MAIL_HUB is preferred for this function.
561		LOCAL_RELAY is mostly useful in conjunction with
562		FEATURE(`stickyhost') -- see the discussion of
563		stickyhost below.  If not set, they are assumed to
564		belong on this machine.  This allows you to have a
565		central site to store a company- or department-wide
566		alias database.  This only works at small sites,
567		and only with some user agents.
568LUSER_RELAY	The site that will handle lusers -- that is, apparently
569		local names that aren't local accounts or aliases.  To
570		specify a local user instead of a site, set this to
571		``local:username''.
572
573Any of these can be either ``mailer:hostname'' (in which case the
574mailer is the internal mailer name, such as ``uucp-new'' and the hostname
575is the name of the host as appropriate for that mailer) or just a
576``hostname'', in which case a default mailer type (usually ``relay'',
577a variant on SMTP) is used.  WARNING: if you have a wildcard MX
578record matching your domain, you probably want to define these to
579have a trailing dot so that you won't get the mail diverted back
580to yourself.
581
582The domain file can also be used to define a domain name, if needed
583(using "DD<domain>") and set certain site-wide features.  If all hosts
584at your site masquerade behind one email name, you could also use
585MASQUERADE_AS here.
586
587You do not have to define a domain -- in particular, if you are a
588single machine sitting off somewhere, it is probably more work than
589it's worth.  This is just a mechanism for combining "domain dependent
590knowledge" into one place.
591
592
593+---------+
594| MAILERS |
595+---------+
596
597There are fewer mailers supported in this version than the previous
598version, owing mostly to a simpler world.  As a general rule, put the
599MAILER definitions last in your .mc file.
600
601local		The local and prog mailers.  You will almost always
602		need these; the only exception is if you relay ALL
603		your mail to another site.  This mailer is included
604		automatically.
605
606smtp		The Simple Mail Transport Protocol mailer.  This does
607		not hide hosts behind a gateway or another other
608		such hack; it assumes a world where everyone is
609		running the name server.  This file actually defines
610		five mailers: "smtp" for regular (old-style) SMTP to
611		other servers, "esmtp" for extended SMTP to other
612		servers, "smtp8" to do SMTP to other servers without
613		converting 8-bit data to MIME (essentially, this is
614		your statement that you know the other end is 8-bit
615		clean even if it doesn't say so), "dsmtp" to do on
616		demand delivery, and "relay" for transmission to the
617		RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
618
619uucp		The UNIX-to-UNIX Copy Program mailer.  Actually, this
620		defines two mailers, "uucp-old" (a.k.a. "uucp") and
621		"uucp-new" (a.k.a. "suucp").  The latter is for when you
622		know that the UUCP mailer at the other end can handle
623		multiple recipients in one transfer.  If the smtp mailer
624		is included in your configuration, two other mailers
625		("uucp-dom" and "uucp-uudom") are also defined [warning: you
626		MUST specify MAILER(`smtp') before MAILER(`uucp')].  When you
627		include the uucp mailer, sendmail looks for all names in
628		class {U} and sends them to the uucp-old mailer; all
629		names in class {Y} are sent to uucp-new; and all
630		names in class {Z} are sent to uucp-uudom.  Note that
631		this is a function of what version of rmail runs on
632		the receiving end, and hence may be out of your control.
633		See the section below describing UUCP mailers in more
634		detail.
635
636usenet		Usenet (network news) delivery.  If this is specified,
637		an extra rule is added to ruleset 0 that forwards all
638		local email for users named ``group.usenet'' to the
639		``inews'' program.  Note that this works for all groups,
640		and may be considered a security problem.
641
642fax		Facsimile transmission.  This is experimental and based
643		on Sam Leffler's HylaFAX software.  For more information,
644		see http://www.hylafax.org/.
645
646pop		Post Office Protocol.
647
648procmail	An interface to procmail (does not come with sendmail).
649		This is designed to be used in mailertables.  For example,
650		a common question is "how do I forward all mail for a given
651		domain to a single person?".  If you have this mailer
652		defined, you could set up a mailertable reading:
653
654			host.com	procmail:/etc/procmailrcs/host.com
655
656		with the file /etc/procmailrcs/host.com reading:
657
658			:0	# forward mail for host.com
659			! -oi -f $1 person@other.host
660
661		This would arrange for (anything)@host.com to be sent
662		to person@other.host.  In a procmail script, $1 is the
663		name of the sender and $2 is the name of the recipient.
664		If you use this with FEATURE(`local_procmail'), the FEATURE
665		should be listed first.
666
667		Of course there are other ways to solve this particular
668		problem, e.g., a catch-all entry in a virtusertable.
669
670mail11		The DECnet mail11 mailer, useful only if you have the mail11
671		program from gatekeeper.dec.com:/pub/DEC/gwtools (and
672		DECnet, of course).  This is for Phase IV DECnet support;
673		if you have Phase V at your site you may have additional
674		problems.
675
676phquery		The phquery program.  This is somewhat counterintuitively
677		referenced as the "ph" mailer internally.  It can be used
678		to do CCSO name server lookups.  The phquery program, which
679		this mailer uses, is distributed with the ph client.
680
681cyrus		The cyrus and cyrusbb mailers.  The cyrus mailer delivers to
682		a local cyrus user.  this mailer can make use of the
683		"user+detail@local.host" syntax (see
684		FEATURE(`preserve_local_plus_detail')); it will deliver the
685		mail to the user's "detail" mailbox if the mailbox's ACL
686		permits.  The cyrusbb mailer delivers to a system-wide
687		cyrus mailbox if the mailbox's ACL permits.  The cyrus
688		mailer must be defined after the local mailer.
689
690cyrusv2		The mailer for Cyrus v2.x.  The cyrusv2 mailer delivers to
691		local cyrus users via LMTP.  This mailer can make use of the
692		"user+detail@local.host" syntax (see
693		FEATURE(`preserve_local_plus_detail')); it will deliver the
694		mail to the user's "detail" mailbox if the mailbox's ACL
695		permits.  The cyrusv2 mailer must be defined after the
696		local mailer.
697
698qpage		A mailer for QuickPage, a pager interface.  See
699		http://www.qpage.org/ for further information.
700
701The local mailer accepts addresses of the form "user+detail", where
702the "+detail" is not used for mailbox matching but is available
703to certain local mail programs (in particular, see
704FEATURE(`local_procmail')).  For example, "eric", "eric+sendmail", and
705"eric+sww" all indicate the same user, but additional arguments <null>,
706"sendmail", and "sww" may be provided for use in sorting mail.
707
708
709+----------+
710| FEATURES |
711+----------+
712
713Special features can be requested using the "FEATURE" macro.  For
714example, the .mc line:
715
716	FEATURE(`use_cw_file')
717
718tells sendmail that you want to have it read an /etc/mail/local-host-names
719file to get values for class {w}.  A FEATURE may contain up to 9
720optional parameters -- for example:
721
722	FEATURE(`mailertable', `dbm /usr/lib/mailertable')
723
724The default database map type for the table features can be set with
725
726	define(`DATABASE_MAP_TYPE', `dbm')
727
728which would set it to use ndbm databases.  The default is the Berkeley DB
729hash database format.  Note that you must still declare a database map type
730if you specify an argument to a FEATURE.  DATABASE_MAP_TYPE is only used
731if no argument is given for the FEATURE.  It must be specified before any
732feature that uses a map.
733
734Also, features which can take a map definition as an argument can also take
735the special keyword `LDAP'.  If that keyword is used, the map will use the
736LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
737CLASSES'' section below.
738
739Available features are:
740
741use_cw_file	Read the file /etc/mail/local-host-names file to get
742		alternate names for this host.  This might be used if you
743		were on a host that MXed for a dynamic set of other hosts.
744		If the set is static, just including the line "Cw<name1>
745		<name2> ..." (where the names are fully qualified domain
746		names) is probably superior.  The actual filename can be
747		overridden by redefining confCW_FILE.
748
749use_ct_file	Read the file /etc/mail/trusted-users file to get the
750		names of users that will be ``trusted'', that is, able to
751		set their envelope from address using -f without generating
752		a warning message.  The actual filename can be overridden
753		by redefining confCT_FILE.
754
755redirect	Reject all mail addressed to "address.REDIRECT" with
756		a ``551 User has moved; please try <address>'' message.
757		If this is set, you can alias people who have left
758		to their new address with ".REDIRECT" appended.
759
760nouucp		Don't route UUCP addresses.  This feature takes one
761		parameter:
762		`reject': reject addresses which have "!" in the local
763			part unless it originates from a system
764			that is allowed to relay.
765		`nospecial': don't do anything special with "!".
766		Warnings: 1. See the notice in the anti-spam section.
767		2. don't remove "!" from OperatorChars if `reject' is
768		given as parameter.
769
770nopercenthack	Don't treat % as routing character.  This feature takes one
771		parameter:
772		`reject': reject addresses which have % in the local
773			part unless it originates from a system
774			that is allowed to relay.
775		`nospecial': don't do anything special with %.
776		Warnings: 1. See the notice in the anti-spam section.
777		2. Don't remove % from OperatorChars if `reject' is
778		given as parameter.
779
780nocanonify	Don't pass addresses to $[ ... $] for canonification
781		by default, i.e., host/domain names are considered canonical,
782		except for unqualified names, which must not be used in this
783		mode (violation of the standard).  It can be changed by
784		setting the DaemonPortOptions modifiers (M=).  That is,
785		FEATURE(`nocanonify') will be overridden by setting the
786		'c' flag.  Conversely, if FEATURE(`nocanonify') is not used,
787		it can be emulated by setting the 'C' flag
788		(DaemonPortOptions=Modifiers=C).  This would generally only
789		be used by sites that only act as mail gateways or which have
790		user agents that do full canonification themselves.  You may
791		also want to use
792		"define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
793		the usual resolver options that do a similar thing.
794
795		An exception list for FEATURE(`nocanonify') can be
796		specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
797		i.e., a list of domains which are nevertheless passed to
798		$[ ... $] for canonification.  This is useful to turn on
799		canonification for local domains, e.g., use
800		CANONIFY_DOMAIN(`my.domain my') to canonify addresses
801		which end in "my.domain" or "my".
802		Another way to require canonification in the local
803		domain is CANONIFY_DOMAIN(`$=m').
804
805		A trailing dot is added to addresses with more than
806		one component in it such that other features which
807		expect a trailing dot (e.g., virtusertable) will
808		still work.
809
810		If `canonify_hosts' is specified as parameter, i.e.,
811		FEATURE(`nocanonify', `canonify_hosts'), then
812		addresses which have only a hostname, e.g.,
813		<user@host>, will be canonified (and hopefully fully
814		qualified), too.
815
816stickyhost	This feature is sometimes used with LOCAL_RELAY,
817		although it can be used for a different effect with
818		MAIL_HUB.
819
820		When used without MAIL_HUB, email sent to
821		"user@local.host" are marked as "sticky" -- that
822		is, the local addresses aren't matched against UDB,
823		don't go through ruleset 5, and are not forwarded to
824		the LOCAL_RELAY (if defined).
825
826		With MAIL_HUB, mail addressed to "user@local.host"
827		is forwarded to the mail hub, with the envelope
828		address still remaining "user@local.host".
829		Without stickyhost, the envelope would be changed
830		to "user@mail_hub", in order to protect against
831		mailing loops.
832
833mailertable	Include a "mailer table" which can be used to override
834		routing for particular domains (which are not in class {w},
835		i.e.  local host names).  The argument of the FEATURE may be
836		the key definition.  If none is specified, the definition
837		used is:
838
839			hash /etc/mail/mailertable
840
841		Keys in this database are fully qualified domain names
842		or partial domains preceded by a dot -- for example,
843		"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".  As a
844		special case of the latter, "." matches any domain not
845		covered by other keys.  Values must be of the form:
846			mailer:domain
847		where "mailer" is the internal mailer name, and "domain"
848		is where to send the message.  These maps are not
849		reflected into the message header.  As a special case,
850		the forms:
851			local:user
852		will forward to the indicated user using the local mailer,
853			local:
854		will forward to the original user in the e-mail address
855		using the local mailer, and
856			error:code message
857			error:D.S.N:code message
858		will give an error message with the indicated SMTP reply
859		code and message, where D.S.N is an RFC 1893 compliant
860		error code.
861
862domaintable	Include a "domain table" which can be used to provide
863		domain name mapping.  Use of this should really be
864		limited to your own domains.  It may be useful if you
865		change names (e.g., your company changes names from
866		oldname.com to newname.com).  The argument of the
867		FEATURE may be the key definition.  If none is specified,
868		the definition used is:
869
870			hash /etc/mail/domaintable
871
872		The key in this table is the domain name; the value is
873		the new (fully qualified) domain.  Anything in the
874		domaintable is reflected into headers; that is, this
875		is done in ruleset 3.
876
877bitdomain	Look up bitnet hosts in a table to try to turn them into
878		internet addresses.  The table can be built using the
879		bitdomain program contributed by John Gardiner Myers.
880		The argument of the FEATURE may be the key definition; if
881		none is specified, the definition used is:
882
883			hash /etc/mail/bitdomain
884
885		Keys are the bitnet hostname; values are the corresponding
886		internet hostname.
887
888uucpdomain	Similar feature for UUCP hosts.  The default map definition
889		is:
890
891			hash /etc/mail/uudomain
892
893		At the moment there is no automagic tool to build this
894		database.
895
896always_add_domain
897		Include the local host domain even on locally delivered
898		mail.  Normally it is not added on unqualified names.
899		However, if you use a shared message store but do not use
900		the same user name space everywhere, you may need the host
901		name on local names.  An optional argument specifies
902		another domain to be added than the local.
903
904allmasquerade	If masquerading is enabled (using MASQUERADE_AS), this
905		feature will cause recipient addresses to also masquerade
906		as being from the masquerade host.  Normally they get
907		the local hostname.  Although this may be right for
908		ordinary users, it can break local aliases.  For example,
909		if you send to "localalias", the originating sendmail will
910		find that alias and send to all members, but send the
911		message with "To: localalias@masqueradehost".  Since that
912		alias likely does not exist, replies will fail.  Use this
913		feature ONLY if you can guarantee that the ENTIRE
914		namespace on your masquerade host supersets all the
915		local entries.
916
917limited_masquerade
918		Normally, any hosts listed in class {w} are masqueraded.  If
919		this feature is given, only the hosts listed in class {M} (see
920		below:  MASQUERADE_DOMAIN) are masqueraded.  This is useful
921		if you have several domains with disjoint namespaces hosted
922		on the same machine.
923
924masquerade_entire_domain
925		If masquerading is enabled (using MASQUERADE_AS) and
926		MASQUERADE_DOMAIN (see below) is set, this feature will
927		cause addresses to be rewritten such that the masquerading
928		domains are actually entire domains to be hidden.  All
929		hosts within the masquerading domains will be rewritten
930		to the masquerade name (used in MASQUERADE_AS).  For example,
931		if you have:
932
933			MASQUERADE_AS(`masq.com')
934			MASQUERADE_DOMAIN(`foo.org')
935			MASQUERADE_DOMAIN(`bar.com')
936
937		then *foo.org and *bar.com are converted to masq.com.  Without
938		this feature, only foo.org and bar.com are masqueraded.
939
940		    NOTE: only domains within your jurisdiction and
941		    current hierarchy should be masqueraded using this.
942
943local_no_masquerade
944		This feature prevents the local mailer from masquerading even
945		if MASQUERADE_AS is used.  MASQUERADE_AS will only have effect
946		on addresses of mail going outside the local domain.
947
948masquerade_envelope
949		If masquerading is enabled (using MASQUERADE_AS) or the
950		genericstable is in use, this feature will cause envelope
951		addresses to also masquerade as being from the masquerade
952		host.  Normally only the header addresses are masqueraded.
953
954genericstable	This feature will cause unqualified addresses (i.e., without
955		a domain) and addresses with a domain listed in class {G}
956		to be looked up in a map and turned into another ("generic")
957		form, which can change both the domain name and the user name.
958		Notice: if you use an MSP (as it is default starting with
959		8.12), the MTA will only receive qualified addresses from the
960		MSP (as required by the RFCs).  Hence you need to add your
961		domain to class {G}.  This feature is similar to the userdb
962		functionality.  The same types of addresses as for
963		masquerading are looked up, i.e., only header sender
964		addresses unless the allmasquerade and/or masquerade_envelope
965		features are given.  Qualified addresses must have the domain
966		part in class {G}; entries can be added to this class by the
967		macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
968		to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
969
970		The argument of FEATURE(`genericstable') may be the map
971		definition; the default map definition is:
972
973			hash /etc/mail/genericstable
974
975		The key for this table is either the full address, the domain
976		(with a leading @; the localpart is passed as first argument)
977		or the unqualified username (tried in the order mentioned);
978		the value is the new user address.  If the new user address
979		does not include a domain, it will be qualified in the standard
980		manner, i.e., using $j or the masquerade name.  Note that the
981		address being looked up must be fully qualified.  For local
982		mail, it is necessary to use FEATURE(`always_add_domain')
983		for the addresses to be qualified.
984		The "+detail" of an address is passed as %1, so entries like
985
986			old+*@foo.org	new+%1@example.com
987			gen+*@foo.org	%1@example.com
988
989		and other forms are possible.
990
991generics_entire_domain
992		If the genericstable is enabled and GENERICS_DOMAIN or
993		GENERICS_DOMAIN_FILE is used, this feature will cause
994		addresses to be searched in the map if their domain
995		parts are subdomains of elements in class {G}.
996
997virtusertable	A domain-specific form of aliasing, allowing multiple
998		virtual domains to be hosted on one machine.  For example,
999		if the virtuser table contains:
1000
1001			info@foo.com	foo-info
1002			info@bar.com	bar-info
1003			joe@bar.com	error:nouser 550 No such user here
1004			jax@bar.com	error:5.7.0:550 Address invalid
1005			@baz.org	jane@example.net
1006
1007		then mail addressed to info@foo.com will be sent to the
1008		address foo-info, mail addressed to info@bar.com will be
1009		delivered to bar-info, and mail addressed to anyone at baz.org
1010		will be sent to jane@example.net, mail to joe@bar.com will
1011		be rejected with the specified error message, and mail to
1012		jax@bar.com will also have a RFC 1893 compliant error code
1013		5.7.0.
1014
1015		The username from the original address is passed
1016		as %1 allowing:
1017
1018			@foo.org	%1@example.com
1019
1020		meaning someone@foo.org will be sent to someone@example.com.
1021		Additionally, if the local part consists of "user+detail"
1022		then "detail" is passed as %2 and "+detail" is passed as %3
1023		when a match against user+* is attempted, so entries like
1024
1025			old+*@foo.org	new+%2@example.com
1026			gen+*@foo.org	%2@example.com
1027			+*@foo.org	%1%3@example.com
1028			X++@foo.org	Z%3@example.com
1029			@bar.org	%1%3
1030
1031		and other forms are possible.  Note: to preserve "+detail"
1032		for a default case (@domain) %1%3 must be used as RHS.
1033		There are two wildcards after "+": "+" matches only a non-empty
1034		detail, "*" matches also empty details, e.g., user+@foo.org
1035		matches +*@foo.org but not ++@foo.org.  This can be used
1036		to ensure that the parameters %2 and %3 are not empty.
1037
1038		All the host names on the left hand side (foo.com, bar.com,
1039		and baz.org) must be in class {w} or class {VirtHost}.  The
1040		latter can be defined by the macros VIRTUSER_DOMAIN or
1041		VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1042		MASQUERADE_DOMAIN_FILE, see below).  If VIRTUSER_DOMAIN or
1043		VIRTUSER_DOMAIN_FILE is used, then the entries of class
1044		{VirtHost} are added to class {R}, i.e., relaying is allowed
1045		to (and from) those domains, which by default includes also
1046		all subdomains (see relay_hosts_only).  The default map
1047		definition is:
1048
1049			hash /etc/mail/virtusertable
1050
1051		A new definition can be specified as the second argument of
1052		the FEATURE macro, such as
1053
1054			FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
1055
1056virtuser_entire_domain
1057		If the virtusertable is enabled and VIRTUSER_DOMAIN or
1058		VIRTUSER_DOMAIN_FILE is used, this feature will cause
1059		addresses to be searched in the map if their domain
1060		parts are subdomains of elements in class {VirtHost}.
1061
1062ldap_routing	Implement LDAP-based e-mail recipient routing according to
1063		the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
1064		This provides a method to re-route addresses with a
1065		domain portion in class {LDAPRoute} to either a
1066		different mail host or a different address.  Hosts can
1067		be added to this class using LDAPROUTE_DOMAIN and
1068		LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1069		MASQUERADE_DOMAIN_FILE, see below).
1070
1071		See the LDAP ROUTING section below for more information.
1072
1073nullclient	This is a special case -- it creates a configuration file
1074		containing nothing but support for forwarding all mail to a
1075		central hub via a local SMTP-based network.  The argument
1076		is the name of that hub.
1077
1078		The only other feature that should be used in conjunction
1079		with this one is FEATURE(`nocanonify').  No mailers
1080		should be defined.  No aliasing or forwarding is done.
1081
1082local_lmtp	Use an LMTP capable local mailer.  The argument to this
1083		feature is the pathname of an LMTP capable mailer.  By
1084		default, mail.local is used.  This is expected to be the
1085		mail.local which came with the 8.9 distribution which is
1086		LMTP capable.  The path to mail.local is set by the
1087		confEBINDIR m4 variable -- making the default
1088		LOCAL_MAILER_PATH /usr/libexec/mail.local.
1089		If a different LMTP capable mailer is used, its pathname
1090		can be specified as second parameter and the arguments
1091		passed to it (A=) as third parameter, e.g.,
1092
1093			FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
1094
1095		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1096		i.e., without respecting any definitions in an OSTYPE setting.
1097
1098local_procmail	Use procmail or another delivery agent as the local mailer.
1099		The argument to this feature is the pathname of the
1100		delivery agent, which defaults to PROCMAIL_MAILER_PATH.
1101		Note that this does NOT use PROCMAIL_MAILER_FLAGS or
1102		PROCMAIL_MAILER_ARGS for the local mailer; tweak
1103		LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
1104		specify the appropriate parameters.  When procmail is used,
1105		the local mailer can make use of the
1106		"user+indicator@local.host" syntax; normally the +indicator
1107		is just tossed, but by default it is passed as the -a
1108		argument to procmail.
1109
1110		This feature can take up to three arguments:
1111
1112		1. Path to the mailer program
1113		   [default: /usr/local/bin/procmail]
1114		2. Argument vector including name of the program
1115		   [default: procmail -Y -a $h -d $u]
1116		3. Flags for the mailer [default: SPfhn9]
1117
1118		Empty arguments cause the defaults to be taken.
1119		Note that if you are on a system with a broken
1120		setreuid() call, you may need to add -f $f to the procmail
1121		argument vector to pass the proper sender to procmail.
1122
1123		For example, this allows it to use the maildrop mailer
1124		instead by specifying:
1125
1126		FEATURE(`local_procmail', `/usr/local/bin/maildrop',
1127		 `maildrop -d $u')
1128
1129		or scanmails using:
1130
1131		FEATURE(`local_procmail', `/usr/local/bin/scanmails')
1132
1133		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1134		i.e., without respecting any definitions in an OSTYPE setting.
1135
1136bestmx_is_local	Accept mail as though locally addressed for any host that
1137		lists us as the best possible MX record.  This generates
1138		additional DNS traffic, but should be OK for low to
1139		medium traffic hosts.  The argument may be a set of
1140		domains, which will limit the feature to only apply to
1141		these domains -- this will reduce unnecessary DNS
1142		traffic.  THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
1143		WILDCARD MX RECORDS!!!  If you have a wildcard MX record
1144		that matches your domain, you cannot use this feature.
1145
1146smrsh		Use the SendMail Restricted SHell (smrsh) provided
1147		with the distribution instead of /bin/sh for mailing
1148		to programs.  This improves the ability of the local
1149		system administrator to control what gets run via
1150		e-mail.  If an argument is provided it is used as the
1151		pathname to smrsh; otherwise, the path defined by
1152		confEBINDIR is used for the smrsh binary -- by default,
1153		/usr/libexec/smrsh is assumed.
1154
1155promiscuous_relay
1156		By default, the sendmail configuration files do not permit
1157		mail relaying (that is, accepting mail from outside your
1158		local host (class {w}) and sending it to another host than
1159		your local host).  This option sets your site to allow
1160		mail relaying from any site to any site.  In almost all
1161		cases, it is better to control relaying more carefully
1162		with the access map, class {R}, or authentication.  Domains
1163		can be added to class {R} by the macros RELAY_DOMAIN or
1164		RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1165		MASQUERADE_DOMAIN_FILE, see below).
1166
1167relay_entire_domain
1168		This option allows any host in your domain as defined by
1169		class {m} to use your server for relaying.  Notice: make
1170		sure that your domain is not just a top level domain,
1171		e.g., com.  This can happen if you give your host a name
1172		like example.com instead of host.example.com.
1173
1174relay_hosts_only
1175		By default, names that are listed as RELAY in the access
1176		db and class {R} are treated as domain names, not host names.
1177		For example, if you specify ``foo.com'', then mail to or
1178		from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1179		will all be accepted for relaying.  This feature changes
1180		the behaviour to look up individual host names only.
1181
1182relay_based_on_MX
1183		Turns on the ability to allow relaying based on the MX
1184		records of the host portion of an incoming recipient; that
1185		is, if an MX record for host foo.com points to your site,
1186		you will accept and relay mail addressed to foo.com.  See
1187		description below for more information before using this
1188		feature.  Also, see the KNOWNBUGS entry regarding bestmx
1189		map lookups.
1190
1191		FEATURE(`relay_based_on_MX') does not necessarily allow
1192		routing of these messages which you expect to be allowed,
1193		if route address syntax (or %-hack syntax) is used.  If
1194		this is a problem, add entries to the access-table or use
1195		FEATURE(`loose_relay_check').
1196
1197relay_mail_from
1198		Allows relaying if the mail sender is listed as RELAY in
1199		the access map.  If an optional argument `domain' (this
1200		is the literal word `domain', not a placeholder) is given,
1201		relaying can be allowed just based on the domain portion
1202		of the sender address.  This feature should only be used if
1203		absolutely necessary as the sender address can be easily
1204		forged.  Use of this feature requires the "From:" tag to
1205		be used for the key in the access map; see the discussion
1206		of tags and FEATURE(`relay_mail_from') in the section on
1207		anti-spam configuration control.
1208
1209relay_local_from
1210		Allows relaying if the domain portion of the mail sender
1211		is a local host.  This should only be used if absolutely
1212		necessary as it opens a window for spammers.  Specifically,
1213		they can send mail to your mail server that claims to be
1214		from your domain (either directly or via a routed address),
1215		and you will go ahead and relay it out to arbitrary hosts
1216		on the Internet.
1217
1218accept_unqualified_senders
1219		Normally, MAIL FROM: commands in the SMTP session will be
1220		refused if the connection is a network connection and the
1221		sender address does not include a domain name.  If your
1222		setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1223		you will need to use this feature to accept unqualified
1224		sender addresses.  Setting the DaemonPortOptions modifier
1225		'u' overrides the default behavior, i.e., unqualified
1226		addresses are accepted even without this FEATURE.
1227		If this FEATURE is not used, the DaemonPortOptions modifier
1228		'f' can be used to enforce fully qualified addresses.
1229
1230accept_unresolvable_domains
1231		Normally, MAIL FROM: commands in the SMTP session will be
1232		refused if the host part of the argument to MAIL FROM:
1233		cannot be located in the host name service (e.g., an A or
1234		MX record in DNS).  If you are inside a firewall that has
1235		only a limited view of the Internet host name space, this
1236		could cause problems.  In this case you probably want to
1237		use this feature to accept all domains on input, even if
1238		they are unresolvable.
1239
1240access_db	Turns on the access database feature.  The access db gives
1241		you the ability to allow or refuse to accept mail from
1242		specified domains for administrative reasons.  Moreover,
1243		it can control the behavior of sendmail in various situations.
1244		By default, the access database specification is:
1245
1246			hash -T<TMPF> /etc/mail/access
1247
1248		See the anti-spam configuration control section for further
1249		important information about this feature.  Notice:
1250		"-T<TMPF>" is meant literal, do not replace it by anything.
1251
1252blocklist_recipients
1253		Turns on the ability to block incoming mail for certain
1254		recipient usernames, hostnames, or addresses.  For
1255		example, you can block incoming mail to user nobody,
1256		host foo.mydomain.com, or guest@bar.mydomain.com.
1257		These specifications are put in the access db as
1258		described in the anti-spam configuration control section
1259		later in this document.
1260
1261delay_checks	The rulesets check_mail and check_relay will not be called
1262		when a client connects or issues a MAIL command, respectively.
1263		Instead, those rulesets will be called by the check_rcpt
1264		ruleset; they will be skipped under certain circumstances.
1265		See "Delay all checks" in the anti-spam configuration control
1266		section.  Note: this feature is incompatible to the versions
1267		in 8.10 and 8.11.
1268
1269check_other	Enable a default check_other ruleset which terminates
1270		an SMTP session when it encounters a command which matches
1271		a regular expression given as argument. If no argument
1272		is given, then the default (to match potential headers) is:
1273			^[[:print:]]+ *:
1274
1275use_client_ptr	If this feature is enabled then check_relay will override
1276		its first argument with $&{client_ptr}.  This is useful for
1277		rejections based on the unverified hostname of client,
1278		which turns on the same behavior as in earlier sendmail
1279		versions when delay_checks was not in use.  See doc/op/op.*
1280		about check_relay, {client_name}, and {client_ptr}.
1281
1282dnsbl		Turns on rejection, discarding, or quarantining of hosts
1283		found in a DNS based list.  The first argument is used as
1284		the domain in which blocked hosts are listed.  A second
1285		argument can be used to change the default error message,
1286		or select one of the operations `discard' and `quarantine'.
1287		Without that second argument, the error message will be
1288
1289			Rejected: IP-ADDRESS listed at SERVER
1290
1291		where IP-ADDRESS and SERVER are replaced by the appropriate
1292		information.  By default, temporary lookup failures are
1293		ignored.  This behavior can be changed by specifying a
1294		third argument, which must be either `t' or a full error
1295		message.  See the anti-spam configuration control section for
1296		an example.  The dnsbl feature can be included several times
1297		to query different DNS based rejection lists.  See also
1298		enhdnsbl for an enhanced version.
1299
1300		Set the DNSBL_MAP mc option to change the default map
1301		definition from `host'.  Set the DNSBL_MAP_OPT mc option
1302		to add additional options to the map specification used.
1303
1304		Note: currently only IPv4 addresses are checked.
1305
1306		Some DNS based rejection lists cause failures if asked
1307		for AAAA records. If your sendmail version is compiled
1308		with IPv6 support (NETINET6) and you experience this
1309		problem, add
1310
1311			define(`DNSBL_MAP', `dns -R A')
1312
1313		before the first use of this feature.  Alternatively you
1314		can use enhdnsbl instead (see below).  Moreover, this
1315		statement can be used to reduce the number of DNS retries,
1316		e.g.,
1317
1318			define(`DNSBL_MAP', `dns -R A -r2')
1319
1320		See below (EDNSBL_TO) for an explanation.
1321
1322enhdnsbl	Enhanced version of dnsbl (see above).  Further arguments
1323		(up to 5) can be used to specify specific return values
1324		from lookups.  Temporary lookup failures are ignored unless
1325		a third argument is given, which must be either `t' or a full
1326		error message.  By default, any successful lookup will
1327		generate an error.  Otherwise the result of the lookup is
1328		compared with the supplied argument(s), and only if a match
1329		occurs an error is generated.  For example,
1330
1331		FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2')
1332
1333		will reject the e-mail if the lookup returns the value
1334		``127.0.0.2'', or generate a 451 response if the lookup
1335		temporarily failed.  The arguments can contain metasymbols
1336		as they are allowed in the LHS of rules.  As the example
1337		shows, the default values are also used if an empty argument,
1338		i.e., `', is specified.  This feature requires that sendmail
1339		has been compiled with the flag DNSMAP (see sendmail/README).
1340
1341		Set the EDNSBL_TO mc option to change the DNS retry count
1342		from the default value of 5, this can be very useful when
1343		a DNS server is not responding, which in turn may cause
1344		clients to time out (an entry stating
1345
1346			did not issue MAIL/EXPN/VRFY/ETRN
1347
1348		will be logged).
1349
1350ratecontrol	Enable simple ruleset to do connection rate control
1351		checking.  This requires entries in access_db of the form
1352
1353			ClientRate:IP.ADD.RE.SS		LIMIT
1354
1355		The RHS specifies the maximum number of connections
1356		(an integer number) over the time interval defined
1357		by ConnectionRateWindowSize, where 0 means unlimited.
1358
1359		Take the following example:
1360
1361			ClientRate:10.1.2.3		4
1362			ClientRate:127.0.0.1		0
1363			ClientRate:			10
1364
1365		10.1.2.3 can only make up to 4 connections, the
1366		general limit it 10, and 127.0.0.1 can make an unlimited
1367		number of connections per ConnectionRateWindowSize.
1368
1369		See also CONNECTION CONTROL.
1370
1371conncontrol	Enable a simple check of the number of incoming SMTP
1372		connections.  This requires entries in access_db of the
1373		form
1374
1375			ClientConn:IP.ADD.RE.SS		LIMIT
1376
1377		The RHS specifies the maximum number of open connections
1378		(an integer number).
1379
1380		Take the following example:
1381
1382			ClientConn:10.1.2.3		4
1383			ClientConn:127.0.0.1		0
1384			ClientConn:			10
1385
1386		10.1.2.3 can only have up to 4 open connections, the
1387		general limit it 10, and 127.0.0.1 does not have any
1388		explicit limit.
1389
1390		See also CONNECTION CONTROL.
1391
1392mtamark		Experimental support for "Marking Mail Transfer Agents in
1393		Reverse DNS with TXT RRs" (MTAMark), see
1394		draft-stumpf-dns-mtamark-01.  Optional arguments are:
1395
1396		1. Error message, default:
1397
1398			550 Rejected: $&{client_addr} not listed as MTA
1399
1400		2. Temporary lookup failures are ignored unless a second
1401		argument is given, which must be either `t' or a full
1402		error message.
1403
1404		3. Lookup prefix, default: _perm._smtp._srv.  This should
1405		not be changed unless the draft changes it.
1406
1407		Example:
1408
1409			FEATURE(`mtamark', `', `t')
1410
1411lookupdotdomain	Look up also .domain in the access map.  This allows to
1412		match only subdomains.  It does not work well with
1413		FEATURE(`relay_hosts_only'), because most lookups for
1414		subdomains are suppressed by the latter feature.
1415
1416loose_relay_check
1417		Normally, if % addressing is used for a recipient, e.g.
1418		user%site@othersite, and othersite is in class {R}, the
1419		check_rcpt ruleset will strip @othersite and recheck
1420		user@site for relaying.  This feature changes that
1421		behavior.  It should not be needed for most installations.
1422
1423authinfo	Provide a separate map for client side authentication
1424		information.  See SMTP AUTHENTICATION for details.
1425		By default, the authinfo database specification is:
1426
1427			hash /etc/mail/authinfo
1428
1429preserve_luser_host
1430		Preserve the name of the recipient host if LUSER_RELAY is
1431		used.  Without this option, the domain part of the
1432		recipient address will be replaced by the host specified as
1433		LUSER_RELAY.  This feature only works if the hostname is
1434		passed to the mailer (see mailer triple in op.me).  Note
1435		that in the default configuration the local mailer does not
1436		receive the hostname, i.e., the mailer triple has an empty
1437		hostname.
1438
1439preserve_local_plus_detail
1440		Preserve the +detail portion of the address when passing
1441		address to local delivery agent.  Disables alias and
1442		.forward +detail stripping (e.g., given user+detail, only
1443		that address will be looked up in the alias file; user+* and
1444		user will not be looked up).  Only use if the local
1445		delivery agent in use supports +detail addressing.
1446		Moreover, this will most likely not work if the 'w' flag
1447		for the local mailer is set as the entire local address
1448		including +detail is passed to the user lookup function.
1449
1450compat_check	Enable ruleset check_compat to look up pairs of addresses
1451		with the Compat: tag --	Compat:sender<@>recipient -- in the
1452		access map.  Valid values for the RHS include
1453			DISCARD	silently discard recipient
1454			TEMP:	return a temporary error
1455			ERROR:	return a permanent error
1456		In the last two cases, a 4xy/5xy SMTP reply code should
1457		follow the colon.
1458
1459no_default_msa	Don't generate the default MSA daemon, i.e.,
1460		DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1461		To define a MSA daemon with other parameters, use this
1462		FEATURE and introduce new settings via DAEMON_OPTIONS().
1463
1464msp		Defines config file for Message Submission Program.
1465		See sendmail/SECURITY for details and cf/cf/submit.mc how
1466		to use it.  An optional argument can be used to override
1467		the default of `[localhost]' to use as host to send all
1468		e-mails to.  Note that MX records will be used if the
1469		specified hostname is not in square brackets (e.g.,
1470		[hostname]).  If `MSA' is specified as second argument then
1471		port 587 is used to contact the server.  Example:
1472
1473			FEATURE(`msp', `', `MSA')
1474
1475		Some more hints about possible changes can be found below
1476		in the section MESSAGE SUBMISSION PROGRAM.
1477
1478		Note: Due to many problems, submit.mc uses
1479
1480			FEATURE(`msp', `[127.0.0.1]')
1481
1482		by default.  If you have a machine with IPv6 only,
1483		change it to
1484
1485			FEATURE(`msp', `[IPv6:0:0:0:0:0:0:0:1]')
1486
1487		If you want to continue using '[localhost]', (the behavior
1488		up to 8.12.6), use
1489
1490			FEATURE(`msp')
1491
1492queuegroup	A simple example how to select a queue group based
1493		on the full e-mail address or the domain of the
1494		recipient.  Selection is done via entries in the
1495		access map using the tag QGRP:, for example:
1496
1497			QGRP:example.com	main
1498			QGRP:friend@some.org	others
1499			QGRP:my.domain		local
1500
1501		where "main", "others", and "local" are names of
1502		queue groups.  If an argument is specified, it is used
1503		as default queue group.
1504
1505		Note: please read the warning in doc/op/op.me about
1506		queue groups and possible queue manipulations.
1507
1508greet_pause	Adds the greet_pause ruleset which enables open proxy
1509		and SMTP slamming protection.  The feature can take an
1510		argument specifying the milliseconds to wait:
1511
1512			FEATURE(`greet_pause', `5000')  dnl 5 seconds
1513
1514		If FEATURE(`access_db') is enabled, an access database
1515		lookup with the GreetPause tag is done using client
1516		hostname, domain, IP address, or subnet to determine the
1517		pause time:
1518
1519			GreetPause:my.domain	0
1520			GreetPause:example.com	5000
1521			GreetPause:10.1.2	2000
1522			GreetPause:127.0.0.1	0
1523
1524		When using FEATURE(`access_db'), the optional
1525		FEATURE(`greet_pause') argument becomes the default if
1526		nothing is found in the access database.  A ruleset called
1527		Local_greet_pause can be used for local modifications, e.g.,
1528
1529			LOCAL_RULESETS
1530			SLocal_greet_pause
1531			R$*		$: $&{daemon_flags}
1532			R$* a $*	$# 0
1533
1534block_bad_helo	Reject messages from SMTP clients which provide a HELO/EHLO
1535		argument which is either unqualified, or is one of our own
1536		names (i.e., the server name instead of the client name).
1537		This check is performed at RCPT stage and disabled for the
1538		following cases:
1539		- authenticated sessions,
1540		- connections from IP addresses in class $={R}.
1541		Currently access_db lookups can not be used to
1542		(selectively) disable this test, moreover,
1543
1544		FEATURE(`delay_checks')
1545
1546		is required.  Note, the block_bad_helo feature automatically
1547		adds the IPv6 and IPv4 localhost IP addresses to $={w} (local
1548		host names) and $={R} (relay permitted).
1549
1550require_rdns	Reject mail from connecting SMTP clients without proper
1551		rDNS (reverse DNS), functional gethostbyaddr() resolution.
1552		Note: this feature will cause false positives, i.e., there
1553		are legitimate MTAs that do not have proper DNS entries.
1554		Rejecting mails from those MTAs is a local policy decision.
1555
1556		The basic policy is to reject message with a 5xx error if
1557		the IP address fails to resolve.  However, if this is a
1558		temporary failure, a 4xx temporary failure is returned.
1559		If the look-up succeeds, but returns an apparently forged
1560		value, this is treated as a temporary failure with a 4xx
1561		error code.
1562
1563		EXCEPTIONS:
1564
1565		Exceptions based on access entries are discussed below.
1566		Any IP address matched using $=R (the "relay-domains" file)
1567		is excepted from the rules.  Since we have explicitly
1568		allowed relaying for this host, based on IP address, we
1569		ignore the rDNS failure.
1570
1571		The philosophical assumption here is that most users do
1572		not control their rDNS.  They should be able to send mail
1573		through their ISP, whether or not they have valid rDNS.
1574		The class $=R, roughly speaking, contains those IP addresses
1575		and address ranges for which we are the ISP, or are acting
1576		as if the ISP.
1577
1578		If `delay_checks' is in effect (recommended), then any
1579		sender who has authenticated is also excepted from the
1580		restrictions.  This happens because the rules produced by
1581		this FEATURE() will not be applied to authenticated senders
1582		(assuming `delay_checks').
1583
1584		ACCESS MAP ENTRIES:
1585
1586		Entries such as
1587			Connect:1.2.3.4		OK
1588			Connect:1.3		RELAY
1589		will allowlist IP address 1.2.3.4 and IP net 1.3.*
1590		so that the rDNS blocking does apply not to those IPs.
1591
1592		Entries such as
1593			Connect:1.2.3.4		REJECT
1594		will have the effect of forcing a temporary failure for
1595		that address to be treated as a permanent failure.
1596
1597badmx		Reject envelope sender addresses (MAIL) whose domain part
1598		resolves to a "bad" MX record.  By default these are
1599		MX records which resolve to A records that match the
1600		regular expression:
1601
1602		^(127\.|10\.|0\.0\.0\.0)
1603
1604		This default regular expression can be overridden by
1605		specifying an argument, e.g.,
1606
1607		FEATURE(`badmx', `^127\.0\.0\.1')
1608
1609		Note: this feature requires that the sendmail binary
1610		has been compiled with the options MAP_REGEX and
1611		DNSMAP.
1612
1613sts		Experimental support for Strict Transport Security
1614		(MTA-STS, see RFC 8461).  It sets the option
1615		StrictTransportSecurity and takes one optional
1616		argument: the socket map specification to access
1617		postfix-mta-sts-resolver (see feature/sts.m4
1618		for the default value).
1619		For more information see doc/op/op.me.
1620
1621fips3		Basic support for FIPS in OpenSSL 3 by setting
1622		the environment variables OPENSSL_CONF and
1623		OPENSSL_MODULES to the first and second argument,
1624		respectively.  For details, see the file and
1625		the OpenSSL documentation.
1626
1627+-------+
1628| HACKS |
1629+-------+
1630
1631Some things just can't be called features.  To make this clear,
1632they go in the hack subdirectory and are referenced using the HACK
1633macro.  These will tend to be site-dependent.  The release
1634includes the Berkeley-dependent "cssubdomain" hack (that makes
1635sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
1636this is intended as a short-term aid while moving hosts into
1637subdomains.
1638
1639
1640+--------------------+
1641| SITE CONFIGURATION |
1642+--------------------+
1643
1644    *****************************************************
1645    * This section is really obsolete, and is preserved	*
1646    * only for back compatibility.  You should plan on	*
1647    * using mailertables for new installations.  In	*
1648    * particular, it doesn't work for the newer forms	*
1649    * of UUCP mailers, such as uucp-uudom.		*
1650    *****************************************************
1651
1652Complex sites will need more local configuration information, such as
1653lists of UUCP hosts they speak with directly.  This can get a bit more
1654tricky.  For an example of a "complex" site, see cf/ucbvax.mc.
1655
1656The SITECONFIG macro allows you to indirectly reference site-dependent
1657configuration information stored in the siteconfig subdirectory.  For
1658example, the line
1659
1660	SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
1661
1662reads the file uucp.ucbvax for local connection information.  The
1663second parameter is the local name (in this case just "ucbvax" since
1664it is locally connected, and hence a UUCP hostname).  The third
1665parameter is the name of both a macro to store the local name (in
1666this case, {U}) and the name of the class (e.g., {U}) in which to store
1667the host information read from the file.  Another SITECONFIG line reads
1668
1669	SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
1670
1671This says that the file uucp.ucbarpa contains the list of UUCP sites
1672connected to ucbarpa.Berkeley.EDU.  Class {W} will be used to
1673store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
1674is, the name of the relay to which the hosts listed in uucp.ucbarpa
1675are connected.  [The machine ucbarpa is gone now, but this
1676out-of-date configuration file has been left around to demonstrate
1677how you might do this.]
1678
1679Note that the case of SITECONFIG with a third parameter of ``U'' is
1680special; the second parameter is assumed to be the UUCP name of the
1681local site, rather than the name of a remote site, and the UUCP name
1682is entered into class {w} (the list of local hostnames) as $U.UUCP.
1683
1684The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
1685more than a sequence of SITE macros describing connectivity.  For
1686example:
1687
1688	SITE(`cnmat')
1689	SITE(`sgi olympus')
1690
1691The second example demonstrates that you can use two names on the
1692same line; these are usually aliases for the same host (or are at
1693least in the same company).
1694
1695The macro LOCAL_UUCP can be used to add rules into the generated
1696cf file at the place where MAILER(`uucp') inserts its rules.  This
1697should only be used if really necessary.
1698
1699
1700+--------------------+
1701| USING UUCP MAILERS |
1702+--------------------+
1703
1704It's hard to get UUCP mailers right because of the extremely ad hoc
1705nature of UUCP addressing.  These config files are really designed
1706for domain-based addressing, even for UUCP sites.
1707
1708There are four UUCP mailers available.  The choice of which one to
1709use is partly a matter of local preferences and what is running at
1710the other end of your UUCP connection.  Unlike good protocols that
1711define what will go over the wire, UUCP uses the policy that you
1712should do what is right for the other end; if they change, you have
1713to change.  This makes it hard to do the right thing, and discourages
1714people from updating their software.  In general, if you can avoid
1715UUCP, please do.
1716
1717The major choice is whether to go for a domainized scheme or a
1718non-domainized scheme.  This depends entirely on what the other
1719end will recognize.  If at all possible, you should encourage the
1720other end to go to a domain-based system -- non-domainized addresses
1721don't work entirely properly.
1722
1723The four mailers are:
1724
1725    uucp-old (obsolete name: "uucp")
1726	This is the oldest, the worst (but the closest to UUCP) way of
1727	sending messages across UUCP connections.  It does bangify
1728	everything and prepends $U (your UUCP name) to the sender's
1729	address (which can already be a bang path itself).  It can
1730	only send to one address at a time, so it spends a lot of
1731	time copying duplicates of messages.  Avoid this if at all
1732	possible.
1733
1734    uucp-new (obsolete name: "suucp")
1735	The same as above, except that it assumes that in one rmail
1736	command you can specify several recipients.  It still has a
1737	lot of other problems.
1738
1739    uucp-dom
1740	This UUCP mailer keeps everything as domain addresses.
1741	Basically, it uses the SMTP mailer rewriting rules.  This mailer
1742	is only included if MAILER(`smtp') is specified before
1743	MAILER(`uucp').
1744
1745	Unfortunately, a lot of UUCP mailer transport agents require
1746	bangified addresses in the envelope, although you can use
1747	domain-based addresses in the message header.  (The envelope
1748	shows up as the From_ line on UNIX mail.)  So....
1749
1750    uucp-uudom
1751	This is a cross between uucp-new (for the envelope addresses)
1752	and uucp-dom (for the header addresses).  It bangifies the
1753	envelope sender (From_ line in messages) without adding the
1754	local hostname, unless there is no host name on the address
1755	at all (e.g., "wolf") or the host component is a UUCP host name
1756	instead of a domain name ("somehost!wolf" instead of
1757	"some.dom.ain!wolf").  This is also included only if MAILER(`smtp')
1758	is also specified earlier.
1759
1760Examples:
1761
1762On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1763summarizes the sender rewriting for various mailers.
1764
1765Mailer		sender		rewriting in the envelope
1766------		------		-------------------------
1767uucp-{old,new}	wolf		grasp!wolf
1768uucp-dom	wolf		wolf@grasp.insa-lyon.fr
1769uucp-uudom	wolf		grasp.insa-lyon.fr!wolf
1770
1771uucp-{old,new}	wolf@fr.net	grasp!fr.net!wolf
1772uucp-dom	wolf@fr.net	wolf@fr.net
1773uucp-uudom	wolf@fr.net	fr.net!wolf
1774
1775uucp-{old,new}	somehost!wolf	grasp!somehost!wolf
1776uucp-dom	somehost!wolf	somehost!wolf@grasp.insa-lyon.fr
1777uucp-uudom	somehost!wolf	grasp.insa-lyon.fr!somehost!wolf
1778
1779If you are using one of the domainized UUCP mailers, you really want
1780to convert all UUCP addresses to domain format -- otherwise, it will
1781do it for you (and probably not the way you expected).  For example,
1782if you have the address foo!bar!baz (and you are not sending to foo),
1783the heuristics will add the @uucp.relay.name or @local.host.name to
1784this address.  However, if you map foo to foo.host.name first, it
1785will not add the local hostname.  You can do this using the uucpdomain
1786feature.
1787
1788
1789+-------------------+
1790| TWEAKING RULESETS |
1791+-------------------+
1792
1793For more complex configurations, you can define special rules.
1794The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1795the names.  Any modifications made here are reflected in the header.
1796
1797A common use is to convert old UUCP addresses to SMTP addresses using
1798the UUCPSMTP macro.  For example:
1799
1800	LOCAL_RULE_3
1801	UUCPSMTP(`decvax',	`decvax.dec.com')
1802	UUCPSMTP(`research',	`research.att.com')
1803
1804will cause addresses of the form "decvax!user" and "research!user"
1805to be converted to "user@decvax.dec.com" and "user@research.att.com"
1806respectively.
1807
1808This could also be used to look up hosts in a database map:
1809
1810	LOCAL_RULE_3
1811	R$* < @ $+ > $*		$: $1 < @ $(hostmap $2 $) > $3
1812
1813This map would be defined in the LOCAL_CONFIG portion, as shown below.
1814
1815Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1816For example, new rules are needed to parse hostnames that you accept
1817via MX records.  For example, you might have:
1818
1819	LOCAL_RULE_0
1820	R$+ <@ host.dom.ain.>	$#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1821
1822You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1823pointing at this host; this rule catches the message and forwards it on
1824using UUCP.
1825
1826You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1827These rulesets are normally empty.
1828
1829A similar macro is LOCAL_CONFIG.  This introduces lines added after the
1830boilerplate option setting but before rulesets.  Do not declare rulesets in
1831the LOCAL_CONFIG section.  It can be used to declare local database maps or
1832whatever.  For example:
1833
1834	LOCAL_CONFIG
1835	Khostmap hash /etc/mail/hostmap
1836	Kyplocal nis -m hosts.byname
1837
1838
1839+---------------------------+
1840| MASQUERADING AND RELAYING |
1841+---------------------------+
1842
1843You can have your host masquerade as another using
1844
1845	MASQUERADE_AS(`host.domain')
1846
1847This causes mail being sent to be labeled as coming from the
1848indicated host.domain, rather than $j.  One normally masquerades as
1849one of one's own subdomains (for example, it's unlikely that
1850Berkeley would choose to masquerade as an MIT site).  This
1851behaviour is modified by a plethora of FEATUREs; in particular, see
1852masquerade_envelope, allmasquerade, limited_masquerade, and
1853masquerade_entire_domain.
1854
1855The masquerade name is not normally canonified, so it is important
1856that it be your One True Name, that is, fully qualified and not a
1857CNAME.  However, if you use a CNAME, the receiving side may canonify
1858it for you, so don't think you can cheat CNAME mapping this way.
1859
1860Normally the only addresses that are masqueraded are those that come
1861from this host (that is, are either unqualified or in class {w}, the list
1862of local domain names).  You can augment this list, which is realized
1863by class {M} using
1864
1865	MASQUERADE_DOMAIN(`otherhost.domain')
1866
1867The effect of this is that although mail to user@otherhost.domain
1868will not be delivered locally, any mail including any user@otherhost.domain
1869will, when relayed, be rewritten to have the MASQUERADE_AS address.
1870This can be a space-separated list of names.
1871
1872If these names are in a file, you can use
1873
1874	MASQUERADE_DOMAIN_FILE(`filename')
1875
1876to read the list of names from the indicated file (i.e., to add
1877elements to class {M}).
1878
1879To exempt hosts or subdomains from being masqueraded, you can use
1880
1881	MASQUERADE_EXCEPTION(`host.domain')
1882
1883This can come handy if you want to masquerade a whole domain
1884except for one (or a few) host(s).  If these names are in a file,
1885you can use
1886
1887	MASQUERADE_EXCEPTION_FILE(`filename')
1888
1889Normally only header addresses are masqueraded.  If you want to
1890masquerade the envelope as well, use
1891
1892	FEATURE(`masquerade_envelope')
1893
1894There are always users that need to be "exposed" -- that is, their
1895internal site name should be displayed instead of the masquerade name.
1896Root is an example (which has been "exposed" by default prior to 8.10).
1897You can add users to this list using
1898
1899	EXPOSED_USER(`usernames')
1900
1901This adds users to class {E}; you could also use
1902
1903	EXPOSED_USER_FILE(`filename')
1904
1905You can also arrange to relay all unqualified names (that is, names
1906without @host) to a relay host.  For example, if you have a central
1907email server, you might relay to that host so that users don't have
1908to have .forward files or aliases.  You can do this using
1909
1910	define(`LOCAL_RELAY', `mailer:hostname')
1911
1912The ``mailer:'' can be omitted, in which case the mailer defaults to
1913"relay".  There are some user names that you don't want relayed, perhaps
1914because of local aliases.  A common example is root, which may be
1915locally aliased.  You can add entries to this list using
1916
1917	LOCAL_USER(`usernames')
1918
1919This adds users to class {L}; you could also use
1920
1921	LOCAL_USER_FILE(`filename')
1922
1923If you want all incoming mail sent to a centralized hub, as for a
1924shared /var/spool/mail scheme, use
1925
1926	define(`MAIL_HUB', `mailer:hostname')
1927
1928Again, ``mailer:'' defaults to "relay".  If you define both LOCAL_RELAY
1929and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1930be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1931Note: there is a (long standing) bug which keeps this combination from
1932working for addresses of the form user+detail.
1933Names in class {L} will be delivered locally, so you MUST have aliases or
1934.forward files for them.
1935
1936For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1937FEATURE(`stickyhost'), the following combinations of settings will have the
1938indicated effects:
1939
1940email sent to....	eric			  eric@mastodon.CS.Berkeley.EDU
1941
1942LOCAL_RELAY set to	mail.CS.Berkeley.EDU	  (delivered locally)
1943mail.CS.Berkeley.EDU	  (no local aliasing)	    (aliasing done)
1944
1945MAIL_HUB set to		mammoth.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1946mammoth.CS.Berkeley.EDU	  (aliasing done)	    (aliasing done)
1947
1948Both LOCAL_RELAY and	mail.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1949MAIL_HUB set as above	  (no local aliasing)	    (aliasing done)
1950
1951If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1952MAIL_HUB act identically, with MAIL_HUB taking precedence.
1953
1954If you want all outgoing mail to go to a central relay site, define
1955SMART_HOST as well.  Briefly:
1956
1957	LOCAL_RELAY applies to unqualified names (e.g., "eric").
1958	MAIL_HUB applies to names qualified with the name of the
1959		local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1960	SMART_HOST applies to names qualified with other hosts or
1961		bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1962		or "eric@[127.0.0.1]").
1963
1964However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1965DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1966really want absolutely everything to go to a single central site you will
1967need to unset all the other relays -- or better yet, find or build a
1968minimal config file that does this.
1969
1970For duplicate suppression to work properly, the host name is best
1971specified with a terminal dot:
1972
1973	define(`MAIL_HUB', `host.domain.')
1974	      note the trailing dot ---^
1975
1976
1977+-------------------------------------------+
1978| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1979+-------------------------------------------+
1980
1981LDAP can be used for aliases, maps, and classes by either specifying your
1982own LDAP map specification or using the built-in default LDAP map
1983specification.  The built-in default specifications all provide lookups
1984which match against either the machine's fully qualified hostname (${j}) or
1985a "cluster".  The cluster allows you to share LDAP entries among a large
1986number of machines without having to enter each of the machine names into
1987each LDAP entry.  To set the LDAP cluster name to use for a particular
1988machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1989unique name.  For example:
1990
1991	define(`confLDAP_CLUSTER', `Servers')
1992
1993Here, the word `Servers' will be the cluster name.  As an example, assume
1994that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1995to the Servers cluster.
1996
1997Some of the LDAP LDIF examples below show use of the Servers cluster.
1998Every entry must have either a sendmailMTAHost or sendmailMTACluster
1999attribute or it will be ignored.  Be careful as mixing clusters and
2000individual host records can have surprising results (see the CAUTION
2001sections below).
2002
2003See the file cf/sendmail.schema for the actual LDAP schemas.  Note that
2004this schema (and therefore the lookups and examples below) is experimental
2005at this point as it has had little public review.  Therefore, it may change
2006in future versions.  Feedback via sendmail-YYYY@support.sendmail.org is
2007encouraged (replace YYYY with the current year, e.g., 2005).
2008
2009-------
2010Aliases
2011-------
2012
2013The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
2014lookups.  To use the default schema, simply use:
2015
2016	define(`ALIAS_FILE', `ldap:')
2017
2018By doing so, you will use the default schema which expands to a map
2019declared as follows:
2020
2021	ldap -k (&(objectClass=sendmailMTAAliasObject)
2022		  (sendmailMTAAliasGrouping=aliases)
2023		  (|(sendmailMTACluster=${sendmailMTACluster})
2024		    (sendmailMTAHost=$j))
2025		  (sendmailMTAKey=%0))
2026	     -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
2027
2028
2029NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
2030used when the binary expands the `ldap:' token as the AliasFile option is
2031not actually macro-expanded when read from the sendmail.cf file.
2032
2033Example LDAP LDIF entries might be:
2034
2035	dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
2036	objectClass: sendmailMTA
2037	objectClass: sendmailMTAAlias
2038	objectClass: sendmailMTAAliasObject
2039	sendmailMTAAliasGrouping: aliases
2040	sendmailMTAHost: etrn.sendmail.org
2041	sendmailMTAKey: sendmail-list
2042	sendmailMTAAliasValue: ca@example.org
2043	sendmailMTAAliasValue: eric
2044	sendmailMTAAliasValue: gshapiro@example.com
2045
2046	dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
2047	objectClass: sendmailMTA
2048	objectClass: sendmailMTAAlias
2049	objectClass: sendmailMTAAliasObject
2050	sendmailMTAAliasGrouping: aliases
2051	sendmailMTAHost: etrn.sendmail.org
2052	sendmailMTAKey: owner-sendmail-list
2053	sendmailMTAAliasValue: eric
2054
2055	dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
2056	objectClass: sendmailMTA
2057	objectClass: sendmailMTAAlias
2058	objectClass: sendmailMTAAliasObject
2059	sendmailMTAAliasGrouping: aliases
2060	sendmailMTACluster: Servers
2061	sendmailMTAKey: postmaster
2062	sendmailMTAAliasValue: eric
2063
2064Here, the aliases sendmail-list and owner-sendmail-list will be available
2065only on etrn.sendmail.org but the postmaster alias will be available on
2066every machine in the Servers cluster (including etrn.sendmail.org).
2067
2068CAUTION: aliases are additive so that entries like these:
2069
2070	dn: sendmailMTAKey=bob, dc=sendmail, dc=org
2071	objectClass: sendmailMTA
2072	objectClass: sendmailMTAAlias
2073	objectClass: sendmailMTAAliasObject
2074	sendmailMTAAliasGrouping: aliases
2075	sendmailMTACluster: Servers
2076	sendmailMTAKey: bob
2077	sendmailMTAAliasValue: eric
2078
2079	dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
2080	objectClass: sendmailMTA
2081	objectClass: sendmailMTAAlias
2082	objectClass: sendmailMTAAliasObject
2083	sendmailMTAAliasGrouping: aliases
2084	sendmailMTAHost: etrn.sendmail.org
2085	sendmailMTAKey: bob
2086	sendmailMTAAliasValue: gshapiro
2087
2088would mean that on all of the hosts in the cluster, mail to bob would go to
2089eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
2090gshapiro.
2091
2092If you prefer not to use the default LDAP schema for your aliases, you can
2093specify the map parameters when setting ALIAS_FILE.  For example:
2094
2095	define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
2096
2097----
2098Maps
2099----
2100
2101FEATURE()'s which take an optional map definition argument (e.g., access,
2102mailertable, virtusertable, etc.) can instead take the special keyword
2103`LDAP', e.g.:
2104
2105	FEATURE(`access_db', `LDAP')
2106	FEATURE(`virtusertable', `LDAP')
2107
2108When this keyword is given, that map will use LDAP lookups consisting of
2109the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
2110with the map name, a search attribute of sendmailMTAKey, and the value
2111attribute sendmailMTAMapValue.
2112
2113The values for sendmailMTAMapName are:
2114
2115	FEATURE()		sendmailMTAMapName
2116	---------		------------------
2117	access_db		access
2118	authinfo		authinfo
2119	bitdomain		bitdomain
2120	domaintable		domain
2121	genericstable		generics
2122	mailertable		mailer
2123	uucpdomain		uucpdomain
2124	virtusertable		virtuser
2125
2126For example, FEATURE(`mailertable', `LDAP') would use the map definition:
2127
2128	Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
2129			       (sendmailMTAMapName=mailer)
2130			       (|(sendmailMTACluster=${sendmailMTACluster})
2131				 (sendmailMTAHost=$j))
2132			       (sendmailMTAKey=%0))
2133			  -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
2134
2135An example LDAP LDIF entry using this map might be:
2136
2137	dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
2138	objectClass: sendmailMTA
2139	objectClass: sendmailMTAMap
2140	sendmailMTACluster: Servers
2141	sendmailMTAMapName: mailer
2142
2143	dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2144	objectClass: sendmailMTA
2145	objectClass: sendmailMTAMap
2146	objectClass: sendmailMTAMapObject
2147	sendmailMTAMapName: mailer
2148	sendmailMTACluster: Servers
2149	sendmailMTAKey: example.com
2150	sendmailMTAMapValue: relay:[smtp.example.com]
2151
2152CAUTION: If your LDAP database contains the record above and *ALSO* a host
2153specific record such as:
2154
2155	dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2156	objectClass: sendmailMTA
2157	objectClass: sendmailMTAMap
2158	objectClass: sendmailMTAMapObject
2159	sendmailMTAMapName: mailer
2160	sendmailMTAHost: etrn.sendmail.org
2161	sendmailMTAKey: example.com
2162	sendmailMTAMapValue: relay:[mx.example.com]
2163
2164then these entries will give unexpected results.  When the lookup is done
2165on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
2166require a single match.  Since the host etrn.sendmail.org is also in the
2167Servers cluster, LDAP would return two answers for the example.com map key
2168in which case sendmail would treat this as no match at all.
2169
2170If you prefer not to use the default LDAP schema for your maps, you can
2171specify the map parameters when using the FEATURE().  For example:
2172
2173	FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
2174
2175-------
2176Classes
2177-------
2178
2179Normally, classes can be filled via files or programs.  As of 8.12, they
2180can also be filled via map lookups using a new syntax:
2181
2182	F{ClassName}mapkey@mapclass:mapspec
2183
2184mapkey is optional and if not provided the map key will be empty.  This can
2185be used with LDAP to read classes from LDAP.  Note that the lookup is only
2186done when sendmail is initially started.  Use the special value `@LDAP' to
2187use the default LDAP schema.  For example:
2188
2189	RELAY_DOMAIN_FILE(`@LDAP')
2190
2191would put all of the attribute sendmailMTAClassValue values of LDAP records
2192with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
2193'R' into class $={R}.  In other words, it is equivalent to the LDAP map
2194specification:
2195
2196	F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
2197		       (sendmailMTAClassName=R)
2198		       (|(sendmailMTACluster=${sendmailMTACluster})
2199			 (sendmailMTAHost=$j)))
2200		  -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
2201
2202NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
2203used when the binary expands the `@LDAP' token as class declarations are
2204not actually macro-expanded when read from the sendmail.cf file.
2205
2206This can be used with class related commands such as RELAY_DOMAIN_FILE(),
2207MASQUERADE_DOMAIN_FILE(), etc:
2208
2209	Command				sendmailMTAClassName
2210	-------				--------------------
2211	CANONIFY_DOMAIN_FILE()		Canonify
2212	EXPOSED_USER_FILE()		E
2213	GENERICS_DOMAIN_FILE()		G
2214	LDAPROUTE_DOMAIN_FILE()		LDAPRoute
2215	LDAPROUTE_EQUIVALENT_FILE()	LDAPRouteEquiv
2216	LOCAL_USER_FILE()		L
2217	MASQUERADE_DOMAIN_FILE()	M
2218	MASQUERADE_EXCEPTION_FILE()	N
2219	RELAY_DOMAIN_FILE()		R
2220	VIRTUSER_DOMAIN_FILE()		VirtHost
2221
2222You can also add your own as any 'F'ile class of the form:
2223
2224	F{ClassName}@LDAP
2225	  ^^^^^^^^^
2226will use "ClassName" for the sendmailMTAClassName.
2227
2228An example LDAP LDIF entry would look like:
2229
2230	dn: sendmailMTAClassName=R, dc=sendmail, dc=org
2231	objectClass: sendmailMTA
2232	objectClass: sendmailMTAClass
2233	sendmailMTACluster: Servers
2234	sendmailMTAClassName: R
2235	sendmailMTAClassValue: sendmail.org
2236	sendmailMTAClassValue: example.com
2237	sendmailMTAClassValue: 10.56.23
2238
2239CAUTION: If your LDAP database contains the record above and *ALSO* a host
2240specific record such as:
2241
2242	dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
2243	objectClass: sendmailMTA
2244	objectClass: sendmailMTAClass
2245	sendmailMTAHost: etrn.sendmail.org
2246	sendmailMTAClassName: R
2247	sendmailMTAClassValue: example.com
2248
2249the result will be similar to the aliases caution above.  When the lookup
2250is done on etrn.sendmail.org, $={R} would contain all of the entries (from
2251both the cluster match and the host match).  In other words, the effective
2252is additive.
2253
2254If you prefer not to use the default LDAP schema for your classes, you can
2255specify the map parameters when using the class command.  For example:
2256
2257	VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
2258
2259Remember, macros can not be used in a class declaration as the binary does
2260not expand them.
2261
2262
2263+--------------+
2264| LDAP ROUTING |
2265+--------------+
2266
2267FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
2268LDAP Schema for Intranet Mail Routing
2269(draft-lachman-laser-ldap-mail-routing-01).  This feature enables
2270LDAP-based rerouting of a particular address to either a different host
2271or a different address.  The LDAP lookup is first attempted on the full
2272address (e.g., user@example.com) and then on the domain portion
2273(e.g., @example.com).  Be sure to setup your domain for LDAP routing using
2274LDAPROUTE_DOMAIN(), e.g.:
2275
2276	LDAPROUTE_DOMAIN(`example.com')
2277
2278Additionally, you can specify equivalent domains for LDAP routing using
2279LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE().  'Equivalent'
2280hostnames are mapped to $M (the masqueraded hostname for the server) before
2281the LDAP query.  For example, if the mail is addressed to
2282user@host1.example.com, normally the LDAP lookup would only be done for
2283'user@host1.example.com' and '@host1.example.com'.   However, if
2284LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
2285done on 'user@example.com' and '@example.com' after attempting the
2286host1.example.com lookups.
2287
2288By default, the feature will use the schemas as specified in the draft
2289and will not reject addresses not found by the LDAP lookup.  However,
2290this behavior can be changed by giving additional arguments to the FEATURE()
2291command:
2292
2293 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
2294		 <detail>, <nodomain>, <tempfail>)
2295
2296where <mailHost> is a map definition describing how to look up an alternative
2297mail host for a particular address; <mailRoutingAddress> is a map definition
2298describing how to look up an alternative address for a particular address;
2299the <bounce> argument, if present and not the word "passthru", dictates
2300that mail should be bounced if neither a mailHost nor mailRoutingAddress
2301is found, if set to "sendertoo", the sender will be rejected if not
2302found in LDAP; and <detail> indicates what actions to take if the address
2303contains +detail information -- `strip' tries the lookup with the +detail
2304and if no matches are found, strips the +detail and tries the lookup again;
2305`preserve', does the same as `strip' but if a mailRoutingAddress match is
2306found, the +detail information is copied to the new address; the <nodomain>
2307argument, if present, will prevent the @domain lookup if the full
2308address is not found in LDAP; the <tempfail> argument, if set to
2309"tempfail", instructs the rules to give an SMTP 4XX temporary
2310error if the LDAP server gives the MTA a temporary failure, or if set to
2311"queue" (the default), the MTA will locally queue the mail.
2312
2313The default <mailHost> map definition is:
2314
2315	ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2316				 (mailLocalAddress=%0))
2317
2318The default <mailRoutingAddress> map definition is:
2319
2320	ldap -1 -T<TMPF> -v mailRoutingAddress
2321			 -k (&(objectClass=inetLocalMailRecipient)
2322			      (mailLocalAddress=%0))
2323
2324Note that neither includes the LDAP server hostname (-h server) or base DN
2325(-b o=org,c=COUNTRY), both necessary for LDAP queries.  It is presumed that
2326your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
2327these settings.  If this is not the case, the map definitions should be
2328changed as described above.  The "-T<TMPF>" is required in any user
2329specified map definition to catch temporary errors.
2330
2331The following possibilities exist as a result of an LDAP lookup on an
2332address:
2333
2334	mailHost is	mailRoutingAddress is	Results in
2335	-----------	---------------------	----------
2336	set to a	set			mail delivered to
2337	"local" host				mailRoutingAddress
2338
2339	set to a	not set			delivered to
2340	"local" host				original address
2341
2342	set to a	set			mailRoutingAddress
2343	remote host				relayed to mailHost
2344
2345	set to a	not set			original address
2346	remote host				relayed to mailHost
2347
2348	not set		set			mail delivered to
2349						mailRoutingAddress
2350
2351	not set		not set			delivered to
2352						original address *OR*
2353						bounced as unknown user
2354
2355The term "local" host above means the host specified is in class {w}.  If
2356the result would mean sending the mail to a different host, that host is
2357looked up in the mailertable before delivery.
2358
2359Note that the last case depends on whether the third argument is given
2360to the FEATURE() command.  The default is to deliver the message to the
2361original address.
2362
2363The LDAP entries should be set up with an objectClass of
2364inetLocalMailRecipient and the address be listed in a mailLocalAddress
2365attribute.  If present, there must be only one mailHost attribute and it
2366must contain a fully qualified host name as its value.  Similarly, if
2367present, there must be only one mailRoutingAddress attribute and it must
2368contain an RFC 822 compliant address.  Some example LDAP records (in LDIF
2369format):
2370
2371	dn: uid=tom, o=example.com, c=US
2372	objectClass: inetLocalMailRecipient
2373	mailLocalAddress: tom@example.com
2374	mailRoutingAddress: thomas@mailhost.example.com
2375
2376This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2377
2378	dn: uid=dick, o=example.com, c=US
2379	objectClass: inetLocalMailRecipient
2380	mailLocalAddress: dick@example.com
2381	mailHost: eng.example.com
2382
2383This would relay mail for dick@example.com to the same address but redirect
2384the mail to MX records listed for the host eng.example.com (unless the
2385mailertable overrides).
2386
2387	dn: uid=harry, o=example.com, c=US
2388	objectClass: inetLocalMailRecipient
2389	mailLocalAddress: harry@example.com
2390	mailHost: mktmail.example.com
2391	mailRoutingAddress: harry@mkt.example.com
2392
2393This would relay mail for harry@example.com to the MX records listed for
2394the host mktmail.example.com using the new address harry@mkt.example.com
2395when talking to that host.
2396
2397	dn: uid=virtual.example.com, o=example.com, c=US
2398	objectClass: inetLocalMailRecipient
2399	mailLocalAddress: @virtual.example.com
2400	mailHost: server.example.com
2401	mailRoutingAddress: virtual@example.com
2402
2403This would send all mail destined for any username @virtual.example.com to
2404the machine server.example.com's MX servers and deliver to the address
2405virtual@example.com on that relay machine.
2406
2407
2408+---------------------------------+
2409| ANTI-SPAM CONFIGURATION CONTROL |
2410+---------------------------------+
2411
2412The primary anti-spam features available in sendmail are:
2413
2414* Relaying is denied by default.
2415* Better checking on sender information.
2416* Access database.
2417* Header checks.
2418
2419Relaying (transmission of messages from a site outside your host (class
2420{w}) to another site except yours) is denied by default.  Note that this
2421changed in sendmail 8.9; previous versions allowed relaying by default.
2422If you really want to revert to the old behaviour, you will need to use
2423FEATURE(`promiscuous_relay').  You can allow certain domains to relay
2424through your server by adding their domain name or IP address to class
2425{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2426(described below).  Note that IPv6 addresses must be prefaced with "IPv6:".
2427The file consists (like any other file based class) of entries listed on
2428separate lines, e.g.,
2429
2430	sendmail.org
2431	128.32
2432	IPv6:2002:c0a8:02c7
2433	IPv6:2002:c0a8:51d2::23f4
2434	host.mydomain.com
2435	[UNIX:localhost]
2436
2437Notice: the last entry allows relaying for connections via a UNIX
2438socket to the MTA/MSP.  This might be necessary if your configuration
2439doesn't allow relaying by other means in that case, e.g., by having
2440localhost.$m in class {R} (make sure $m is not just a top level
2441domain).
2442
2443If you use
2444
2445	FEATURE(`relay_entire_domain')
2446
2447then any host in any of your local domains (that is, class {m})
2448will be relayed (that is, you will accept mail either to or from any
2449host in your domain).
2450
2451You can also allow relaying based on the MX records of the host
2452portion of an incoming recipient address by using
2453
2454	FEATURE(`relay_based_on_MX')
2455
2456For example, if your server receives a recipient of user@domain.com
2457and domain.com lists your server in its MX records, the mail will be
2458accepted for relay to domain.com.  This feature may cause problems
2459if MX lookups for the recipient domain are slow or time out.  In that
2460case, mail will be temporarily rejected.  It is usually better to
2461maintain a list of hosts/domains for which the server acts as relay.
2462Note also that this feature will stop spammers from using your host
2463to relay spam but it will not stop outsiders from using your server
2464as a relay for their site (that is, they set up an MX record pointing
2465to your mail server, and you will relay mail addressed to them
2466without any prior arrangement).  Along the same lines,
2467
2468	FEATURE(`relay_local_from')
2469
2470will allow relaying if the sender specifies a return path (i.e.
2471MAIL FROM:<user@domain>) domain which is a local domain.  This is a
2472dangerous feature as it will allow spammers to spam using your mail
2473server by simply specifying a return address of user@your.domain.com.
2474It should not be used unless absolutely necessary.
2475A slightly better solution is
2476
2477	FEATURE(`relay_mail_from')
2478
2479which allows relaying if the mail sender is listed as RELAY in the
2480access map.  If an optional argument `domain' (this is the literal
2481word `domain', not a placeholder) is given, the domain portion of
2482the mail sender is also checked to allowing relaying.  This option
2483only works together with the tag From: for the LHS of the access
2484map entries.  This feature allows spammers to abuse your mail server
2485by specifying a return address that you enabled in your access file.
2486This may be harder to figure out for spammers, but it should not
2487be used unless necessary.  Instead use SMTP AUTH or STARTTLS to
2488allow relaying for roaming users.
2489
2490
2491If source routing is used in the recipient address (e.g.,
2492RCPT TO:<user%site.com@othersite.com>), sendmail will check
2493user@site.com for relaying if othersite.com is an allowed relay host
2494in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2495or the access database if FEATURE(`access_db') is used.  To prevent
2496the address from being stripped down, use:
2497
2498	FEATURE(`loose_relay_check')
2499
2500If you think you need to use this feature, you probably do not.  This
2501should only be used for sites which have no control over the addresses
2502that they provide a gateway for.  Use this FEATURE with caution as it
2503can allow spammers to relay through your server if not setup properly.
2504
2505NOTICE: It is possible to relay mail through a system which the
2506anti-relay rules do not prevent: the case of a system that does use
2507FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial')
2508(system A) and relays local messages to a mail hub (e.g., via
2509LOCAL_RELAY or LUSER_RELAY) (system B).  If system B doesn't use the
2510same feature (nouucp / nopercenthack) at all, addresses of the form
2511<example.net!user@local.host> / <user%example.net@local.host>
2512would be relayed to <user@example.net>.
2513System A doesn't recognize `!' / `%' as an address separator and
2514therefore forwards it to the mail hub which in turns relays it
2515because it came from a trusted local host.  So if a mailserver
2516allows UUCP (bang-format) / %-hack addresses, all systems from which
2517it allows relaying should do the same or reject those addresses.
2518
2519As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2520an unresolvable domain (i.e., one that DNS, your local name service,
2521or special case rules in ruleset 3 cannot locate).  This also applies
2522to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2523IP address can't be mapped to a host name.  If you want to continue
2524to accept such domains, e.g., because you are inside a firewall that
2525has only a limited view of the Internet host name space (note that you
2526will not be able to return mail to them unless you have some "smart
2527host" forwarder), use
2528
2529	FEATURE(`accept_unresolvable_domains')
2530
2531Alternatively, you can allow specific addresses by adding them to
2532the access map, e.g.,
2533
2534	From:unresolvable.domain	OK
2535	From:[1.2.3.4]			OK
2536	From:[1.2.4]			OK
2537
2538Notice: domains which are temporarily unresolvable are (temporarily)
2539rejected with a 451 reply code.  If those domains should be accepted
2540(which is discouraged) then you can use
2541
2542	LOCAL_CONFIG
2543	C{ResOk}TEMP
2544
2545sendmail will also refuse mail if the MAIL FROM: parameter is not
2546fully qualified (i.e., contains a domain as well as a user).  If you
2547want to continue to accept such senders, use
2548
2549	FEATURE(`accept_unqualified_senders')
2550
2551Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2552i.e., unqualified addresses are accepted even without this FEATURE.  If
2553this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2554to enforce fully qualified domain names.
2555
2556An ``access'' database can be created to accept or reject mail from
2557selected domains.  For example, you may choose to reject all mail
2558originating from known spammers.  To enable such a database, use
2559
2560	FEATURE(`access_db')
2561
2562Notice: the access database is applied to the envelope addresses
2563and the connection information, not to the header.
2564
2565The FEATURE macro can accept as second parameter the key file
2566definition for the database; for example
2567
2568	FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2569
2570Notice: If a second argument is specified it must contain the option
2571`-T<TMPF>' as shown above.  The optional parameters may be
2572
2573	`skip'			enables SKIP as value part (see below).
2574	`lookupdotdomain'	another way to enable the feature of the
2575				same name (see above).
2576	`relaytofulladdress'	enable entries of the form
2577				To:user@example.com	RELAY
2578				to allow relaying to just a specific
2579				e-mail address instead of an entire domain.
2580
2581Remember, since /etc/mail/access is a database, after creating the text
2582file as described below, you must use makemap to create the database
2583map.  For example:
2584
2585	makemap hash /etc/mail/access < /etc/mail/access
2586
2587The table itself uses e-mail addresses, domain names, and network
2588numbers as keys.  Note that IPv6 addresses must be prefaced with "IPv6:".
2589For example,
2590
2591	From:spammer@aol.com			REJECT
2592	From:cyberspammer.com			REJECT
2593	Connect:cyberspammer.com		REJECT
2594	Connect:TLD				REJECT
2595	Connect:192.168.212			REJECT
2596	Connect:IPv6:2002:c0a8:02c7		RELAY
2597	Connect:IPv6:2002:c0a8:51d2::23f4	REJECT
2598
2599would refuse mail from spammer@aol.com, any user from cyberspammer.com
2600(or any host within the cyberspammer.com domain), any host in the entire
2601top level domain TLD, 192.168.212.* network, and the IPv6 address
26022002:c0a8:51d2::23f4.  It would allow relay for the IPv6 network
26032002:c0a8:02c7::/48.
2604
2605Entries in the access map should be tagged according to their type.
2606These tags are applicable:
2607
2608	Connect:	connection information (${client_addr}, ${client_name})
2609	From:		envelope sender
2610	To:		envelope recipient
2611
2612Notice: untagged entries are deprecated.
2613
2614If the required item is looked up in a map, it will be tried first
2615with the corresponding tag in front, then (as fallback to enable
2616backward compatibility) without any tag, unless the specific feature
2617requires a tag.  For example,
2618
2619	From:spammer@some.dom	REJECT
2620	To:friend.domain	RELAY
2621	Connect:friend.domain	OK
2622	Connect:from.domain	RELAY
2623	From:good@another.dom	OK
2624	From:another.dom	REJECT
2625
2626This would deny mails from spammer@some.dom but you could still
2627send mail to that address even if FEATURE(`blocklist_recipients')
2628is enabled.  Your system will allow relaying to friend.domain, but
2629not from it (unless enabled by other means).  Connections from that
2630domain will be allowed even if it ends up in one of the DNS based
2631rejection lists.  Relaying is enabled from from.domain but not to
2632it (since relaying is based on the connection information for
2633outgoing relaying, the tag Connect: must be used; for incoming
2634relaying, which is based on the recipient address, To: must be
2635used).  The last two entries allow mails from good@another.dom but
2636reject mail from all other addresses with another.dom as domain
2637part.
2638
2639
2640The value part of the map can contain:
2641
2642	OK		Accept mail even if other rules in the running
2643			ruleset would reject it, for example, if the domain
2644			name is unresolvable.  "Accept" does not mean
2645			"relay", but at most acceptance for local
2646			recipients.  That is, OK allows less than RELAY.
2647	RELAY		Accept mail addressed to the indicated domain
2648			(or address if `relaytofulladdress' is set) or
2649			received from the indicated domain for relaying
2650			through your SMTP server.  RELAY also serves as
2651			an implicit OK for the other checks.
2652	REJECT		Reject the sender or recipient with a general
2653			purpose message.
2654	DISCARD		Discard the message completely using the
2655			$#discard mailer.  If it is used in check_compat,
2656			it affects only the designated recipient, not
2657			the whole message as it does in all other cases.
2658			This should only be used if really necessary.
2659	SKIP		This can only be used for host/domain names
2660			and IP addresses/nets.  It will abort the current
2661			search for this entry without accepting or rejecting
2662			it but causing the default action.
2663	### any text	where ### is an RFC 821 compliant error code and
2664			"any text" is a message to return for the command.
2665			The entire string should be quoted to avoid
2666			surprises:
2667
2668				"### any text"
2669
2670			Otherwise sendmail formats the text as email
2671			addresses, e.g., it may remove spaces.
2672			This type is deprecated, use one of the two
2673			ERROR:  entries below instead.
2674	ERROR:### any text
2675			as above, but useful to mark error messages as such.
2676			If quotes need to be used to avoid modifications
2677			(see above), they should be placed like this:
2678
2679				ERROR:"### any text"
2680
2681	ERROR:D.S.N:### any text
2682			where D.S.N is an RFC 1893 compliant error code
2683			and the rest as above.  If quotes need to be used
2684			to avoid modifications, they should be placed
2685			like this:
2686
2687				ERROR:D.S.N:"### any text"
2688
2689	QUARANTINE:any text
2690			Quarantine the message using the given text as the
2691			quarantining reason.
2692
2693For example:
2694
2695	From:cyberspammer.com	ERROR:"550 We don't accept mail from spammers"
2696	From:okay.cyberspammer.com	OK
2697	Connect:sendmail.org		RELAY
2698	To:sendmail.org			RELAY
2699	Connect:128.32			RELAY
2700	Connect:128.32.2		SKIP
2701	Connect:IPv6:1:2:3:4:5:6:7	RELAY
2702	Connect:suspicious.example.com	QUARANTINE:Mail from suspicious host
2703	Connect:[127.0.0.3]		OK
2704	Connect:[IPv6:1:2:3:4:5:6:7:8]	OK
2705
2706would accept mail from okay.cyberspammer.com, but would reject mail
2707from all other hosts at cyberspammer.com with the indicated message.
2708It would allow relaying mail from and to any hosts in the sendmail.org
2709domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2710and from the 128.32.*.* network except for the 128.32.2.* network,
2711which shows how SKIP is useful to exempt subnets/subdomains.  The
2712last two entries are for checks against ${client_name} if the IP
2713address doesn't resolve to a hostname (or is considered as "may be
2714forged").  That is, using square brackets means these are host
2715names, not network numbers.
2716
2717Warning: if you change the RFC 821 compliant error code from the default
2718value of 550, then you should probably also change the RFC 1893 compliant
2719error code to match it.  For example, if you use
2720
2721	To:user@example.com	ERROR:450 mailbox full
2722
2723the error returned would be "450 5.0.0 mailbox full" which is wrong.
2724Use "ERROR:4.2.2:450 mailbox full" instead.
2725
2726Note, UUCP users may need to add hostname.UUCP to the access database
2727or class {R}.
2728
2729If you also use:
2730
2731	FEATURE(`relay_hosts_only')
2732
2733then the above example will allow relaying for sendmail.org, but not
2734hosts within the sendmail.org domain.  Note that this will also require
2735hosts listed in class {R} to be fully qualified host names.
2736
2737You can also use the access database to block sender addresses based on
2738the username portion of the address.  For example:
2739
2740	From:FREE.STEALTH.MAILER@	ERROR:550 Spam not accepted
2741
2742Note that you must include the @ after the username to signify that
2743this database entry is for checking only the username portion of the
2744sender address.
2745
2746If you use:
2747
2748	FEATURE(`blocklist_recipients')
2749
2750then you can add entries to the map for local users, hosts in your
2751domains, or addresses in your domain which should not receive mail:
2752
2753	To:badlocaluser@	ERROR:550 Mailbox disabled for badlocaluser
2754	To:host.my.TLD		ERROR:550 That host does not accept mail
2755	To:user@other.my.TLD	ERROR:550 Mailbox disabled for this recipient
2756
2757This would prevent a recipient of badlocaluser in any of the local
2758domains (class {w}), any user at host.my.TLD, and the single address
2759user@other.my.TLD from receiving mail.  Please note: a local username
2760must be now tagged with an @ (this is consistent with the check of
2761the sender address, and hence it is possible to distinguish between
2762hostnames and usernames).  Enabling this feature will keep you from
2763sending mails to all addresses that have an error message or REJECT
2764as value part in the access map.  Taking the example from above:
2765
2766	spammer@aol.com		REJECT
2767	cyberspammer.com	REJECT
2768
2769Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2770That's why tagged entries should be used.
2771
2772There are several DNS based blocklists which can be found by
2773querying a search engine.  These are databases of spammers
2774maintained in DNS.  To use such a database, specify
2775
2776	FEATURE(`dnsbl', `dnsbl.example.com')
2777
2778This will cause sendmail to reject mail from any site listed in the
2779DNS based blocklist.  You must select a DNS based blocklist domain
2780to check by specifying an argument to the FEATURE.  The default
2781error message is
2782
2783	Rejected: IP-ADDRESS listed at SERVER
2784
2785where IP-ADDRESS and SERVER are replaced by the appropriate
2786information.  A second argument can be used to specify a different
2787text or action.  For example,
2788
2789	FEATURE(`dnsbl', `dnsbl.example.com', `quarantine')
2790
2791would quarantine the message if the client IP address is listed
2792at `dnsbl.example.com'.
2793
2794By default, temporary lookup failures are ignored
2795and hence cause the connection not to be rejected by the DNS based
2796rejection list.  This behavior can be changed by specifying a third
2797argument, which must be either `t' or a full error message.  For
2798example:
2799
2800	FEATURE(`dnsbl', `dnsbl.example.com', `',
2801	`"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2802
2803If `t' is used, the error message is:
2804
2805	451 Temporary lookup failure of IP-ADDRESS at SERVER
2806
2807where IP-ADDRESS and SERVER are replaced by the appropriate
2808information.
2809
2810This FEATURE can be included several times to query different
2811DNS based rejection lists.
2812
2813Notice: to avoid checking your own local domains against those
2814blocklists, use the access_db feature and add:
2815
2816	Connect:10.1		OK
2817	Connect:127.0.0.1	RELAY
2818
2819to the access map, where 10.1 is your local network.  You may
2820want to use "RELAY" instead of "OK" to allow also relaying
2821instead of just disabling the DNS lookups in the blocklists.
2822
2823
2824The features described above make use of the check_relay, check_mail,
2825and check_rcpt rulesets.  Note that check_relay checks the SMTP
2826client hostname and IP address when the connection is made to your
2827server.  It does not check if a mail message is being relayed to
2828another server.  That check is done in check_rcpt.  If you wish to
2829include your own checks, you can put your checks in the rulesets
2830Local_check_relay, Local_check_mail, and Local_check_rcpt.  For
2831example if you wanted to block senders with all numeric usernames
2832(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2833regex map:
2834
2835	LOCAL_CONFIG
2836	Kallnumbers regex -a@MATCH ^[0-9]+$
2837
2838	LOCAL_RULESETS
2839	SLocal_check_mail
2840	# check address against various regex checks
2841	R$*				$: $>Parse0 $>3 $1
2842	R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $)
2843	R@MATCH				$#error $: 553 Address Error
2844
2845These rules are called with the original arguments of the corresponding
2846check_* ruleset.  If the local ruleset returns $#OK, no further checking
2847is done by the features described above and the mail is accepted.  If
2848the local ruleset resolves to a mailer (such as $#error or $#discard),
2849the appropriate action is taken.  Other results starting with $# are
2850interpreted by sendmail and may lead to unspecified behavior.  Note: do
2851NOT create a mailer with the name OK.  Return values that do not start
2852with $# are ignored, i.e., normal processing continues.
2853
2854Delay all checks
2855----------------
2856
2857By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2858will not be called when a client connects or issues a MAIL command,
2859respectively.  Instead, those rulesets will be called by the check_rcpt
2860ruleset; they will be skipped if a sender has been authenticated using
2861a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2862If check_mail returns an error then the RCPT TO command will be rejected
2863with that error.  If it returns some other result starting with $# then
2864check_relay will be skipped.  If the sender address (or a part of it) is
2865listed in the access map and it has a RHS of OK or RELAY, then check_relay
2866will be skipped.  This has an interesting side effect: if your domain is
2867my.domain and you have
2868
2869	my.domain	RELAY
2870
2871in the access map, then any e-mail with a sender address of
2872<user@my.domain> will not be rejected by check_relay even though
2873it would match the hostname or IP address.  This allows spammers
2874to get around DNS based blocklist by faking the sender address.  To
2875avoid this problem you have to use tagged entries:
2876
2877	To:my.domain		RELAY
2878	Connect:my.domain	RELAY
2879
2880if you need those entries at all (class {R} may take care of them).
2881
2882FEATURE(`delay_checks') can take an optional argument:
2883
2884	FEATURE(`delay_checks', `friend')
2885		 enables spamfriend test
2886	FEATURE(`delay_checks', `hater')
2887		 enables spamhater test
2888
2889If such an argument is given, the recipient will be looked up in the
2890access map (using the tag Spam:).  If the argument is `friend', then
2891the default behavior is to apply the other rulesets and make a SPAM
2892friend the exception.  The rulesets check_mail and check_relay will be
2893skipped only if the recipient address is found and has RHS FRIEND.  If
2894the argument is `hater', then the default behavior is to skip the rulesets
2895check_mail and check_relay and make a SPAM hater the exception.  The
2896other two rulesets will be applied only if the recipient address is
2897found and has RHS HATER.
2898
2899This allows for simple exceptions from the tests, e.g., by activating
2900the friend option and having
2901
2902	Spam:abuse@	FRIEND
2903
2904in the access map, mail to abuse@localdomain will get through (where
2905"localdomain" is any domain in class {w}).  It is also possible to
2906specify a full address or an address with +detail:
2907
2908	Spam:abuse@my.domain	FRIEND
2909	Spam:me+abuse@		FRIEND
2910	Spam:spam.domain	FRIEND
2911
2912Note: The required tag has been changed in 8.12 from To: to Spam:.
2913This change is incompatible to previous versions.  However, you can
2914(for now) simply add the new entries to the access map, the old
2915ones will be ignored.  As soon as you removed the old entries from
2916the access map, specify a third parameter (`n') to this feature and
2917the backward compatibility rules will not be in the generated .cf
2918file.
2919
2920Header Checks
2921-------------
2922
2923You can also reject mail on the basis of the contents of headers.
2924This is done by adding a ruleset call to the 'H' header definition command
2925in sendmail.cf.  For example, this can be used to check the validity of
2926a Message-ID: header:
2927
2928	LOCAL_CONFIG
2929	HMessage-Id: $>CheckMessageId
2930
2931	LOCAL_RULESETS
2932	SCheckMessageId
2933	R< $+ @ $+ >		$@ OK
2934	R$*			$#error $: 553 Header Error
2935
2936The alternative format:
2937
2938	HSubject: $>+CheckSubject
2939
2940that is, $>+ instead of $>, gives the full Subject: header including
2941comments to the ruleset (comments in parentheses () are stripped
2942by default).
2943
2944A default ruleset for headers which don't have a specific ruleset
2945defined for them can be given by:
2946
2947	H*: $>CheckHdr
2948
2949Notice:
29501. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2951That may cause problems with simple header checks due to the
2952tokenization.  It might be simpler to use a regex map and apply it
2953to $&{currHeader}.
29542. There are no default rulesets coming with this distribution of
2955sendmail.  You can write your own, can search the WWW for examples,
2956or take a look at cf/cf/knecht.mc.
29573. When using a default ruleset for headers, the name of the header
2958currently being checked can be found in the $&{hdr_name} macro.
2959
2960After all of the headers are read, the check_eoh ruleset will be called for
2961any final header-related checks.  The ruleset is called with the number of
2962headers and the size of all of the headers in bytes separated by $|.  One
2963example usage is to reject messages which do not have a Message-Id:
2964header.  However, the Message-Id: header is *NOT* a required header and is
2965not a guaranteed spam indicator.  This ruleset is an example and should
2966probably not be used in production.
2967
2968	LOCAL_CONFIG
2969	Kstorage macro
2970	HMessage-Id: $>CheckMessageId
2971
2972	LOCAL_RULESETS
2973	SCheckMessageId
2974	# Record the presence of the header
2975	R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
2976	R< $+ @ $+ >		$@ OK
2977	R$*			$#error $: 553 Header Error
2978
2979	Scheck_eoh
2980	# Check the macro
2981	R$*			$: < $&{MessageIdCheck} >
2982	# Clear the macro for the next message
2983	R$*			$: $(storage {MessageIdCheck} $) $1
2984	# Has a Message-Id: header
2985	R< $+ >			$@ OK
2986	# Allow missing Message-Id: from local mail
2987	R$*			$: < $&{client_name} >
2988	R< >			$@ OK
2989	R< $=w >		$@ OK
2990	# Otherwise, reject the mail
2991	R$*			$#error $: 553 Header Error
2992
2993
2994+--------------------+
2995| CONNECTION CONTROL |
2996+--------------------+
2997
2998The features ratecontrol and conncontrol allow to establish connection
2999limits per client IP address or net.  These features can limit the
3000rate of connections (connections per time unit) or the number of
3001incoming SMTP connections, respectively.  If enabled, appropriate
3002rulesets are called at the end of check_relay, i.e., after DNS
3003blocklists and generic access_db operations.  The features require
3004FEATURE(`access_db') to be listed earlier in the mc file.
3005
3006Note: FEATURE(`delay_checks') delays those connection control checks
3007after a recipient address has been received, hence making these
3008connection control features less useful.  To run the checks as early
3009as possible, specify the parameter `nodelay', e.g.,
3010
3011	FEATURE(`ratecontrol', `nodelay')
3012
3013In that case, FEATURE(`delay_checks') has no effect on connection
3014control (and it must be specified earlier in the mc file).
3015
3016An optional second argument `terminate' specifies whether the
3017rulesets should return the error code 421 which will cause
3018sendmail to terminate the session with that error if it is
3019returned from check_relay, i.e., not delayed as explained in
3020the previous paragraph.  Example:
3021
3022	FEATURE(`ratecontrol', `nodelay', `terminate')
3023
3024
3025+----------+
3026| STARTTLS |
3027+----------+
3028
3029In this text, cert will be used as an abbreviation for X.509 certificate,
3030DN (CN) is the distinguished (common) name of a cert, and CA is a
3031certification authority, which signs (issues) certs.
3032
3033For STARTTLS to be offered by sendmail you need to set at least
3034these variables (the file names and paths are just examples):
3035
3036	define(`confCACERT_PATH', `/etc/mail/certs/')
3037	define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
3038	define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
3039	define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
3040
3041On systems which do not have the compile flag HASURANDOM set (see
3042sendmail/README) you also must set confRAND_FILE.
3043
3044See doc/op/op.{me,ps,txt} for more information about these options,
3045especially the sections ``Certificates for STARTTLS'' and ``PRNG for
3046STARTTLS''.
3047
3048Macros related to STARTTLS are:
3049
3050${cert_issuer} holds the DN of the CA (the cert issuer).
3051${cert_subject} holds the DN of the cert (called the cert subject).
3052${cn_issuer} holds the CN of the CA (the cert issuer).
3053${cn_subject} holds the CN of the cert (called the cert subject).
3054${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
3055	TLSv1/SSLv3, SSLv3, SSLv2.
3056${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
3057	EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
3058${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
3059	used for the connection.
3060${verify} holds the result of the verification of the presented cert.
3061	Possible values are:
3062	OK	 verification succeeded.
3063	NO	 no cert presented.
3064	NOT	 no cert requested.
3065	FAIL	 cert presented but could not be verified,
3066		 e.g., the cert of the signing CA is missing.
3067	NONE	 STARTTLS has not been performed.
3068	TEMP	 temporary error occurred.
3069	PROTOCOL protocol error occurred (SMTP level).
3070	SOFTWARE STARTTLS handshake failed.
3071${server_name} the name of the server of the current outgoing SMTP
3072	connection.
3073${server_addr} the address of the server of the current outgoing SMTP
3074	connection.
3075
3076Relaying
3077--------
3078
3079SMTP STARTTLS can allow relaying for remote SMTP clients which have
3080successfully authenticated themselves.  If the verification of the cert
3081failed (${verify} != OK), relaying is subject to the usual rules.
3082Otherwise the DN of the issuer is looked up in the access map using the
3083tag CERTISSUER.  If the resulting value is RELAY, relaying is allowed.
3084If it is SUBJECT, the DN of the cert subject is looked up next in the
3085access map using the tag CERTSUBJECT.  If the value is RELAY, relaying
3086is allowed.
3087
3088To make things a bit more flexible (or complicated), the values for
3089${cert_issuer} and ${cert_subject} can be optionally modified by regular
3090expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
3091_CERT_REGEX_SUBJECT_, respectively.  To avoid problems with those macros in
3092rulesets and map lookups, they are modified as follows: each non-printable
3093character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
3094by their HEX value with a leading '+'.  For example:
3095
3096/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/emailAddress=
3097darth+cert@endmail.org
3098
3099is encoded as:
3100
3101/C=US/ST=California/O=endmail.org/OU=private/CN=
3102Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3103
3104(line breaks have been inserted for readability).
3105
3106The macros which are subject to this encoding are ${cert_subject},
3107${cert_issuer}, ${cn_subject}, and ${cn_issuer}.
3108
3109Examples:
3110
3111To allow relaying for everyone who can present a cert signed by
3112
3113/C=US/ST=California/O=endmail.org/OU=private/CN=
3114Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3115
3116simply use:
3117
3118CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3119Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org	RELAY
3120
3121To allow relaying only for a subset of machines that have a cert signed by
3122
3123/C=US/ST=California/O=endmail.org/OU=private/CN=
3124Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3125
3126use:
3127
3128CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3129Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org	SUBJECT
3130CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
3131DeathStar/emailAddress=deathstar@endmail.org		RELAY
3132
3133Note: line breaks have been inserted after "CN=" for readability,
3134each tagged entry must be one (long) line in the access map.
3135
3136Of course it is also possible to write a simple ruleset that allows
3137relaying for everyone who can present a cert that can be verified, e.g.,
3138
3139LOCAL_RULESETS
3140SLocal_check_rcpt
3141R$*	$: $&{verify}
3142ROK	$# OK
3143
3144Allowing Connections
3145--------------------
3146
3147The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
3148an SMTP connection is accepted (or should continue).
3149
3150tls_server is called when sendmail acts as client after a STARTTLS command
3151(should) have been issued.  The parameter is the value of ${verify}.
3152
3153tls_client is called when sendmail acts as server, after a STARTTLS command
3154has been issued, and from check_mail.  The parameter is the value of
3155${verify} and STARTTLS or MAIL, respectively.
3156
3157Both rulesets behave the same.  If no access map is in use, the connection
3158will be accepted unless ${verify} is SOFTWARE, in which case the connection
3159is always aborted.  For tls_server/tls_client, ${client_name}/${server_name}
3160is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
3161with the ruleset LookUpDomain.  If no entry is found, ${client_addr}
3162(${server_addr}) is looked up in the access map (same tag, ruleset
3163LookUpAddr).  If this doesn't result in an entry either, just the tag is
3164looked up in the access map (included the trailing colon).  Notice:
3165requiring that e-mail is sent to a server only encrypted, e.g., via
3166
3167TLS_Srv:secure.domain	ENCR:112
3168
3169doesn't necessarily mean that e-mail sent to that domain is encrypted.
3170If the domain has multiple MX servers, e.g.,
3171
3172secure.domain.	IN MX 10	mail.secure.domain.
3173secure.domain.	IN MX 50	mail.other.domain.
3174
3175then mail to user@secure.domain may go unencrypted to mail.other.domain.
3176tls_rcpt can be used to address this problem.
3177
3178tls_rcpt is called before a RCPT TO: command is sent.  The parameter is the
3179current recipient.  This ruleset is only defined if FEATURE(`access_db')
3180is selected.  A recipient address user@domain is looked up in the access
3181map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
3182and TLS_Rcpt:; the first match is taken.
3183
3184The result of the lookups is then used to call the ruleset TLS_connection,
3185which checks the requirement specified by the RHS in the access map against
3186the actual parameters of the current TLS connection, esp. ${verify} and
3187${cipher_bits}.  Legal RHSs in the access map are:
3188
3189VERIFY		verification must have succeeded
3190VERIFY:bits	verification must have succeeded and ${cipher_bits} must
3191		be greater than or equal bits.
3192ENCR:bits	${cipher_bits} must be greater than or equal bits.
3193
3194The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
3195or permanent error.  The default is a temporary error code unless
3196the macro TLS_PERM_ERR is set during generation of the .cf file.
3197
3198If a certain level of encryption is required, then it might also be
3199possible that this level is provided by the security layer from a SASL
3200algorithm, e.g., DIGEST-MD5.
3201
3202Furthermore, there can be a list of extensions added.  Such a list
3203starts with '+' and the items are separated by '++'.  Allowed
3204extensions are:
3205
3206CN:name		name must match ${cn_subject}
3207CN		${client_name}/${server_name} must match ${cn_subject}
3208CS:name		name must match ${cert_subject}
3209CI:name		name must match ${cert_issuer}
3210CITag:MYTag	look up MYTag:${cert_issuer} in access map; the check
3211		only succeeds if it is found with a RHS of OK.
3212
3213Example: e-mail sent to secure.example.com should only use an encrypted
3214connection.  E-mail received from hosts within the laptop.example.com domain
3215should only be accepted if they have been authenticated.  The host which
3216receives e-mail for darth@endmail.org must present a cert that uses the
3217CN smtp.endmail.org.  E-mail sent to safe.example.com must be verified,
3218have a matching CN, and must present a cert signed by a CA with one of
3219the listed DNs.
3220
3221TLS_Srv:secure.example.com	ENCR:112
3222TLS_Clt:laptop.example.com	PERM+VERIFY:112
3223TLS_Rcpt:darth@endmail.org	ENCR:112+CN:smtp.endmail.org
3224TLS_Srv:safe.example.net	VERIFY+CN++CITag:MyCA
3225MyCA:/C=US/ST=CA/O=safe/CN=example.net/		OK
3226MyCA:/C=US/ST=CA/O=secure/CN=example.net/	OK
3227
3228
3229TLS Options per Session
3230-----------------------
3231
3232By default STARTTLS is used whenever possible.  However, there are
3233MTAs with STARTTLS interoperability issues.  To be able to send to
3234(or receive from) those MTAs several features are available:
3235
32361) Various TLS options be be set per IP/domain.
32372) STARTTLS can be turned off for specific IP addresses/domains.
3238
3239About 1): the rulesets tls_srv_features and tls_clt_features can
3240be used to return a (semicolon separated) list of TLS related
3241options:
3242
3243- Options: compare {Server,Client}SSLOptions.
3244- CipherList: same as the global option.
3245- CertFile, KeyFile: {Server,Client}{Cert,Key}File
3246- Flags: see doc/op/op.me for details.
3247
3248If FEATURE(`tls_session_features') and FEATURE(`access_db') are
3249used, then default rulesets are activated which look up entries in
3250the access map with the tags TLS_Srv_features and TLS_Clt_features,
3251respectively.  For example, these entries:
3252
3253TLS_Srv_features:10.0.2.4	CipherList=MEDIUM+aRSA;
3254TLS_Clt_features:10.1.0.1	Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT
3255
3256specify a cipherlist with MEDIUM strength ciphers that use RSA
3257certificates only for the client with the IP address 10.0.2.4,
3258and turn off TLSv1.2 when connecting to the server with the IP
3259address 10.1.0.1 as well as setting a specific cipherlist.
3260If FEATURE(`tls_session_features') is not used the user can provide
3261their own rulesets which must return the appropriate data.
3262If the rulesets are not defined or do not return a value, the
3263default TLS options are not modified.
3264
3265About 2): the rulesets try_tls, srv_features, and clt_features can
3266be used together with the access map.  Entries for the access map
3267must be tagged with Try_TLS, Srv_Features, Clt_Features and refer
3268to the hostname or IP address of the connecting system (the latter
3269is not available for clt_features).  A default case can be specified
3270by using just the tag.  For example, the following entries in the
3271access map:
3272
3273	Try_TLS:broken.server	NO
3274	Srv_Features:my.domain	v
3275	Srv_Features:		V
3276	Clt_Features:broken.sts	M
3277
3278will turn off STARTTLS when sending to broken.server (or any host
3279in that domain), request a client certificate during the TLS handshake
3280only for hosts in my.domain, and disable MTA-STS for broken.sts.
3281The valid entries on the RHS for Srv_Features and Clt_Features are
3282listed in the Sendmail Installation and Operations Guide.
3283
3284
3285Received: Header
3286----------------
3287
3288The Received: header reveals whether STARTTLS has been used.  It contains an
3289extra line:
3290
3291(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
3292
3293
3294+---------------------+
3295| SMTP AUTHENTICATION |
3296+---------------------+
3297
3298The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
3299used in anti-relay rulesets to allow relaying for those users that
3300authenticated themselves.  A very simple example is:
3301
3302SLocal_check_rcpt
3303R$*		$: $&{auth_type}
3304R$+		$# OK
3305
3306which checks whether a user has successfully authenticated using
3307any available mechanism.  Depending on the setup of the Cyrus SASL
3308library, more sophisticated rulesets might be required, e.g.,
3309
3310SLocal_check_rcpt
3311R$*		$: $&{auth_type} $| $&{auth_authen}
3312RDIGEST-MD5 $| $+@$=w	$# OK
3313
3314to allow relaying for users that authenticated using DIGEST-MD5
3315and have an identity in the local domains.
3316
3317The ruleset trust_auth is used to determine whether a given AUTH=
3318parameter (that is passed to this ruleset) should be trusted.  This
3319ruleset may make use of the other ${auth_*} macros.  Only if the
3320ruleset resolves to the error mailer, the AUTH= parameter is not
3321trusted.  A user supplied ruleset Local_trust_auth can be written
3322to modify the default behavior, which only trust the AUTH=
3323parameter if it is identical to the authenticated user.
3324
3325Per default, relaying is allowed for any user who authenticated
3326via a "trusted" mechanism, i.e., one that is defined via
3327TRUST_AUTH_MECH(`list of mechanisms')
3328For example:
3329TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
3330
3331If the selected mechanism provides a security layer the number of
3332bits used for the key of the symmetric cipher is stored in the
3333macro ${auth_ssf}.
3334
3335Providing SMTP AUTH Data when sendmail acts as Client
3336-----------------------------------------------------
3337
3338If sendmail acts as client, it needs some information how to
3339authenticate against another MTA.  This information can be provided
3340by the ruleset authinfo or by the option DefaultAuthInfo.  The
3341authinfo ruleset looks up {server_name} using the tag AuthInfo: in
3342the access map.  If no entry is found, {server_addr} is looked up
3343in the same way and finally just the tag AuthInfo: to provide
3344default values.  Note: searches for domain parts or IP nets are
3345only performed if the access map is used; if the authinfo feature
3346is used then only up to three lookups are performed (two exact
3347matches, one default).
3348
3349Note: If your daemon does client authentication when sending, and
3350if it uses either PLAIN or LOGIN authentication, then you *must*
3351prevent ordinary users from seeing verbose output.  Do NOT install
3352sendmail set-user-ID.  Use PrivacyOptions to turn off verbose output
3353("goaway" works for this).
3354
3355Notice: the default configuration file causes the option DefaultAuthInfo
3356to fail since the ruleset authinfo is in the .cf file. If you really
3357want to use DefaultAuthInfo (it is deprecated) then you have to
3358remove the ruleset.
3359
3360The RHS for an AuthInfo: entry in the access map should consists of a
3361list of tokens, each of which has the form: "TDstring" (including
3362the quotes).  T is a tag which describes the item, D is a delimiter,
3363either ':' for simple text or '=' for a base64 encoded string.
3364Valid values for the tag are:
3365
3366	U	user (authorization) id
3367	I	authentication id
3368	P	password
3369	R	realm
3370	M	list of mechanisms delimited by spaces
3371
3372Example entries are:
3373
3374AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
3375AuthInfo:host.more.dom "U:user" "P=c2VjcmV0"
3376
3377User id or authentication id must exist as well as the password.  All
3378other entries have default values.  If one of user or authentication
3379id is missing, the existing value is used for the missing item.
3380If "R:" is not specified, realm defaults to $j.  The list of mechanisms
3381defaults to those specified by AuthMechanisms.
3382
3383Since this map contains sensitive information, either the access
3384map must be unreadable by everyone but root (or the trusted user)
3385or FEATURE(`authinfo') must be used which provides a separate map.
3386Notice: It is not checked whether the map is actually
3387group/world-unreadable, this is left to the user.
3388
3389
3390+--------------------------------+
3391| ADDING NEW MAILERS OR RULESETS |
3392+--------------------------------+
3393
3394Sometimes you may need to add entirely new mailers or rulesets.  They
3395should be introduced with the constructs MAILER_DEFINITIONS and
3396LOCAL_RULESETS respectively.  For example:
3397
3398	MAILER_DEFINITIONS
3399	Mmymailer, ...
3400	...
3401
3402	LOCAL_RULESETS
3403	Smyruleset
3404	...
3405
3406Local additions for the rulesets srv_features, clt_features, try_tls,
3407tls_rcpt, tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
3408LOCAL_CLT_FEATURES, LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT,
3409and LOCAL_TLS_SERVER, respectively.  For example, to add a local
3410ruleset that decides whether to try STARTTLS in a sendmail client, use:
3411
3412	LOCAL_TRY_TLS
3413	R...
3414
3415Note: you don't need to add a name for the ruleset, it is implicitly
3416defined by using the appropriate macro.
3417
3418
3419+-------------------------+
3420| ADDING NEW MAIL FILTERS |
3421+-------------------------+
3422
3423Sendmail supports mail filters to filter incoming SMTP messages according
3424to the "Sendmail Mail Filter API" documentation.  These filters can be
3425configured in your mc file using the two commands:
3426
3427	MAIL_FILTER(`name', `equates')
3428	INPUT_MAIL_FILTER(`name', `equates')
3429
3430The first command, MAIL_FILTER(), simply defines a filter with the given
3431name and equates.  For example:
3432
3433	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3434
3435This creates the equivalent sendmail.cf entry:
3436
3437	Xarchive, S=local:/var/run/archivesock, F=R
3438
3439The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
3440but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
3441of the filter such that the filter will actually be called by sendmail.
3442
3443For example, the two commands:
3444
3445	INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3446	INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3447
3448are equivalent to the three commands:
3449
3450	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3451	MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3452	define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
3453
3454In general, INPUT_MAIL_FILTER() should be used unless you need to define
3455more filters than you want to use for `confINPUT_MAIL_FILTERS'.
3456
3457Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
3458commands will clear the list created by the prior INPUT_MAIL_FILTER()
3459commands.
3460
3461
3462+-------------------------+
3463| QUEUE GROUP DEFINITIONS |
3464+-------------------------+
3465
3466In addition to the queue directory (which is the default queue group
3467called "mqueue"), sendmail can deal with multiple queue groups, which
3468are collections of queue directories with the same behaviour.  Queue
3469groups can be defined using the command:
3470
3471	QUEUE_GROUP(`name', `equates')
3472
3473For details about queue groups, please see doc/op/op.{me,ps,txt}.
3474
3475
3476+-------------------------------+
3477| NON-SMTP BASED CONFIGURATIONS |
3478+-------------------------------+
3479
3480These configuration files are designed primarily for use by
3481SMTP-based sites.  They may not be well tuned for UUCP-only or
3482UUCP-primarily nodes (the latter is defined as a small local net
3483connected to the rest of the world via UUCP).  However, there is
3484one hook to handle some special cases.
3485
3486You can define a ``smart host'' that understands a richer address syntax
3487using:
3488
3489	define(`SMART_HOST', `mailer:hostname')
3490
3491In this case, the ``mailer:'' defaults to "relay".  Any messages that
3492can't be handled using the usual UUCP rules are passed to this host.
3493
3494If you are on a local SMTP-based net that connects to the outside
3495world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
3496For example:
3497
3498	define(`SMART_HOST', `uucp-new:uunet')
3499	LOCAL_NET_CONFIG
3500	R$* < @ $* .$m. > $*	$#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
3501
3502This will cause all names that end in your domain name ($m) to be sent
3503via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3504If you have FEATURE(`nocanonify'), you may need to omit the dots after
3505the $m.  If you are running a local DNS inside your domain which is
3506not otherwise connected to the outside world, you probably want to
3507use:
3508
3509	define(`SMART_HOST', `smtp:fire.wall.com')
3510	LOCAL_NET_CONFIG
3511	R$* < @ $* . > $*	$#smtp $@ $2. $: $1 < @ $2. > $3
3512
3513That is, send directly only to things you found in your DNS lookup;
3514anything else goes through SMART_HOST.
3515
3516You may need to turn off the anti-spam rules in order to accept
3517UUCP mail with FEATURE(`promiscuous_relay') and
3518FEATURE(`accept_unresolvable_domains').
3519
3520
3521+-----------+
3522| WHO AM I? |
3523+-----------+
3524
3525Normally, the $j macro is automatically defined to be your fully
3526qualified domain name (FQDN).  Sendmail does this by getting your
3527host name using gethostname and then calling gethostbyname on the
3528result.  For example, in some environments gethostname returns
3529only the root of the host name (such as "foo"); gethostbyname is
3530supposed to return the FQDN ("foo.bar.com").  In some (fairly rare)
3531cases, gethostbyname may fail to return the FQDN.  In this case
3532you MUST define confDOMAIN_NAME to be your fully qualified domain
3533name.  This is usually done using:
3534
3535	Dmbar.com
3536	define(`confDOMAIN_NAME', `$w.$m')dnl
3537
3538
3539+-----------------------------------+
3540| ACCEPTING MAIL FOR MULTIPLE NAMES |
3541+-----------------------------------+
3542
3543If your host is known by several different names, you need to augment
3544class {w}.  This is a list of names by which your host is known, and
3545anything sent to an address using a host name in this list will be
3546treated as local mail.  You can do this in two ways:  either create the
3547file /etc/mail/local-host-names containing a list of your aliases (one per
3548line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3549``LOCAL_DOMAIN(`alias.host.name')''.  Be sure you use the fully-qualified
3550name of the host, rather than a short name.
3551
3552If you want to have different address in different domains, take
3553a look at the virtusertable feature, which is also explained at
3554http://www.sendmail.org/virtual-hosting.html
3555
3556
3557+--------------------+
3558| USING MAILERTABLES |
3559+--------------------+
3560
3561To use FEATURE(`mailertable'), you will have to create an external
3562database containing the routing information for various domains.
3563For example, a mailertable file in text format might be:
3564
3565	.my.domain		xnet:%1.my.domain
3566	uuhost1.my.domain	uucp-new:uuhost1
3567	.bitnet			smtp:relay.bit.net
3568
3569This should normally be stored in /etc/mail/mailertable.  The actual
3570database version of the mailertable is built using:
3571
3572	makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3573
3574The semantics are simple.  Any LHS entry that does not begin with
3575a dot matches the full host name indicated.  LHS entries beginning
3576with a dot match anything ending with that domain name (including
3577the leading dot) -- that is, they can be thought of as having a
3578leading ".+" regular expression pattern for a non-empty sequence of
3579characters.  Matching is done in order of most-to-least qualified
3580-- for example, even though ".my.domain" is listed first in the
3581above example, an entry of "uuhost1.my.domain" will match the second
3582entry since it is more explicit.  Note: e-mail to "user@my.domain"
3583does not match any entry in the above table.  You need to have
3584something like:
3585
3586	my.domain		esmtp:host.my.domain
3587
3588The RHS should always be a "mailer:host" pair.  The mailer is the
3589configuration name of a mailer (that is, an M line in the
3590sendmail.cf file).  The "host" will be the hostname passed to
3591that mailer.  In domain-based matches (that is, those with leading
3592dots) the "%1" may be used to interpolate the wildcarded part of
3593the host name.  For example, the first line above sends everything
3594addressed to "anything.my.domain" to that same host name, but using
3595the (presumably experimental) xnet mailer.
3596
3597In some cases you may want to temporarily turn off MX records,
3598particularly on gateways.  For example, you may want to MX
3599everything in a domain to one machine that then forwards it
3600directly.  To do this, you might use the DNS configuration:
3601
3602	*.domain.	IN	MX	0	relay.machine
3603
3604and on relay.machine use the mailertable:
3605
3606	.domain		smtp:[gateway.domain]
3607
3608The [square brackets] turn off MX records for this host only.
3609If you didn't do this, the mailertable would use the MX record
3610again, which would give you an MX loop.  Note that the use of
3611wildcard MX records is almost always a bad idea.  Please avoid
3612using them if possible.
3613
3614
3615+--------------------------------+
3616| USING USERDB TO MAP FULL NAMES |
3617+--------------------------------+
3618
3619The user database was not originally intended for mapping full names
3620to login names (e.g., Eric.Allman => eric), but some people are using
3621it that way.  (it is recommended that you set up aliases for this
3622purpose instead -- since you can specify multiple alias files, this
3623is fairly easy.)  The intent was to locate the default maildrop at
3624a site, but allow you to override this by sending to a specific host.
3625
3626If you decide to set up the user database in this fashion, it is
3627imperative that you not use FEATURE(`stickyhost') -- otherwise,
3628e-mail sent to Full.Name@local.host.name will be rejected.
3629
3630To build the internal form of the user database, use:
3631
3632	makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3633
3634As a general rule, it is an extremely bad idea to using full names
3635as e-mail addresses, since they are not in any sense unique.  For
3636example, the UNIX software-development community has at least two
3637well-known Peter Deutsches, and at one time Bell Labs had two
3638Stephen R. Bournes with offices along the same hallway.  Which one
3639will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3640The less famous of the two, or the one that was hired later?
3641
3642Finger should handle full names (and be fuzzy).  Mail should use
3643handles, and not be fuzzy.
3644
3645
3646+--------------------------------+
3647| MISCELLANEOUS SPECIAL FEATURES |
3648+--------------------------------+
3649
3650Plussed users
3651	Sometimes it is convenient to merge configuration on a
3652	centralized mail machine, for example, to forward all
3653	root mail to a mail server.  In this case it might be
3654	useful to be able to treat the root addresses as a class
3655	of addresses with subtle differences.  You can do this
3656	using plussed users.  For example, a client might include
3657	the alias:
3658
3659		root:  root+client1@server
3660
3661	On the server, this will match an alias for "root+client1".
3662	If that is not found, the alias "root+*" will be tried,
3663	then "root".
3664
3665
3666+----------------+
3667| SECURITY NOTES |
3668+----------------+
3669
3670A lot of sendmail security comes down to you.  Sendmail 8 is much
3671more careful about checking for security problems than previous
3672versions, but there are some things that you still need to watch
3673for.  In particular:
3674
3675* Make sure the aliases file is not writable except by trusted
3676  system personnel.  This includes both the text and database
3677  version.
3678
3679* Make sure that other files that sendmail reads, such as the
3680  mailertable, are only writable by trusted system personnel.
3681
3682* The queue directory should not be world writable PARTICULARLY
3683  if your system allows "file giveaways" (that is, if a non-root
3684  user can chown any file they own to any other user).
3685
3686* If your system allows file giveaways, DO NOT create a publicly
3687  writable directory for forward files.  This will allow anyone
3688  to steal anyone else's e-mail.  Instead, create a script that
3689  copies the .forward file from users' home directories once a
3690  night (if you want the non-NFS-mounted forward directory).
3691
3692* If your system allows file giveaways, you'll find that
3693  sendmail is much less trusting of :include: files -- in
3694  particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3695  /etc/shells before they will be trusted (that is, before
3696  files and programs listed in them will be honored).
3697
3698In general, file giveaways are a mistake -- if you can turn them
3699off, do so.
3700
3701
3702+--------------------------------+
3703| TWEAKING CONFIGURATION OPTIONS |
3704+--------------------------------+
3705
3706There are a large number of configuration options that don't normally
3707need to be changed.  However, if you feel you need to tweak them,
3708you can define the following M4 variables. Note that some of these
3709variables require formats that are defined in RFC 2821 or RFC 2822.
3710Before changing them you need to make sure you do not violate those
3711(and other relevant) RFCs.
3712
3713This list is shown in four columns:  the name you define, the default
3714value for that definition, the option or macro that is affected
3715(either Ox for an option or Dx for a macro), and a brief description.
3716Greater detail of the semantics can be found in the Installation
3717and Operations Guide.
3718
3719Some options are likely to be deprecated in future versions -- that is,
3720the option is only included to provide back-compatibility.  These are
3721marked with "*".
3722
3723Remember that these options are M4 variables, and hence may need to
3724be quoted.  In particular, arguments with commas will usually have to
3725be ``double quoted, like this phrase'' to avoid having the comma
3726confuse things.  This is common for alias file definitions and for
3727the read timeout.
3728
3729M4 Variable Name	Configuration	[Default] & Description
3730================	=============	=======================
3731confMAILER_NAME		$n macro	[MAILER-DAEMON] The sender name used
3732					for internally generated outgoing
3733					messages.
3734confDOMAIN_NAME		$j macro	If defined, sets $j.  This should
3735					only be done if your system cannot
3736					determine your local domain name,
3737					and then it should be set to
3738					$w.Foo.COM, where Foo.COM is your
3739					domain name.
3740confCF_VERSION		$Z macro	If defined, this is appended to the
3741					configuration version name.
3742confLDAP_CLUSTER	${sendmailMTACluster} macro
3743					If defined, this is the LDAP
3744					cluster to use for LDAP searches
3745					as described above in ``USING LDAP
3746					FOR ALIASES, MAPS, AND CLASSES''.
3747confFROM_HEADER		From:		[$?x$x <$g>$|$g$.] The format of an
3748					internally generated From: address.
3749confRECEIVED_HEADER	Received:
3750		[$?sfrom $s $.$?_($?s$|from $.$_)
3751			$.$?{auth_type}(authenticated)
3752			$.by $j ($v/$Z)$?r with $r$. id $i$?u
3753			for $u; $|;
3754			$.$b]
3755					The format of the Received: header
3756					in messages passed through this host.
3757					It is unwise to try to change this.
3758confMESSAGEID_HEADER	Message-Id:	[<$t.$i@$j>] The format of an
3759					internally generated Message-Id:
3760					header.
3761confCW_FILE		Fw class	[/etc/mail/local-host-names] Name
3762					of file used to get the local
3763					additions to class {w} (local host
3764					names).
3765confCT_FILE		Ft class	[/etc/mail/trusted-users] Name of
3766					file used to get the local additions
3767					to class {t} (trusted users).
3768confCR_FILE		FR class	[/etc/mail/relay-domains] Name of
3769					file used to get the local additions
3770					to class {R} (hosts allowed to relay).
3771confTRUSTED_USERS	Ct class	[no default] Names of users to add to
3772					the list of trusted users.  This list
3773					always includes root, uucp, and daemon.
3774					See also FEATURE(`use_ct_file').
3775confTRUSTED_USER	TrustedUser	[no default] Trusted user for file
3776					ownership and starting the daemon.
3777					Not to be confused with
3778					confTRUSTED_USERS (see above).
3779confSMTP_MAILER		-		[esmtp] The mailer name used when
3780					SMTP connectivity is required.
3781					One of "smtp", "smtp8",
3782					"esmtp", or "dsmtp".
3783confUUCP_MAILER		-		[uucp-old] The mailer to be used by
3784					default for bang-format recipient
3785					addresses.  See also discussion of
3786					class {U}, class {Y}, and class {Z}
3787					in the MAILER(`uucp') section.
3788confLOCAL_MAILER	-		[local] The mailer name used when
3789					local connectivity is required.
3790					Almost always "local".
3791confRELAY_MAILER	-		[relay] The default mailer name used
3792					for relaying any mail (e.g., to a
3793					BITNET_RELAY, a SMART_HOST, or
3794					whatever).  This can reasonably be
3795					"uucp-new" if you are on a
3796					UUCP-connected site.
3797confSEVEN_BIT_INPUT	SevenBitInput	[False] Force input to seven bits?
3798confEIGHT_BIT_HANDLING	EightBitMode	[pass8] 8-bit data handling
3799confALIAS_WAIT		AliasWait	[10m] Time to wait for alias file
3800					rebuild until you get bored and
3801					decide that the apparently pending
3802					rebuild failed.
3803confMIN_FREE_BLOCKS	MinFreeBlocks	[100] Minimum number of free blocks on
3804					queue filesystem to accept SMTP mail.
3805					(Prior to 8.7 this was minfree/maxsize,
3806					where minfree was the number of free
3807					blocks and maxsize was the maximum
3808					message size.  Use confMAX_MESSAGE_SIZE
3809					for the second value now.)
3810confMAX_MESSAGE_SIZE	MaxMessageSize	[infinite] The maximum size of messages
3811					that will be accepted (in bytes).
3812confBLANK_SUB		BlankSub	[.] Blank (space) substitution
3813					character.
3814confCON_EXPENSIVE	HoldExpensive	[False] Avoid connecting immediately
3815					to mailers marked expensive.
3816confCHECKPOINT_INTERVAL	CheckpointInterval
3817					[10] Checkpoint queue files every N
3818					recipients.
3819confDELIVERY_MODE	DeliveryMode	[background] Default delivery mode.
3820confERROR_MODE		ErrorMode	[print] Error message mode.
3821confERROR_MESSAGE	ErrorHeader	[undefined] Error message header/file.
3822confSAVE_FROM_LINES	SaveFromLine	Save extra leading From_ lines.
3823confTEMP_FILE_MODE	TempFileMode	[0600] Temporary file mode.
3824confMATCH_GECOS		MatchGECOS	[False] Match GECOS field.
3825confMAX_HOP		MaxHopCount	[25] Maximum hop count.
3826confIGNORE_DOTS*	IgnoreDots	[False; always False in -bs or -bd
3827					mode] Ignore dot as terminator for
3828					incoming messages?
3829confBIND_OPTS		ResolverOptions	[undefined] Default options for DNS
3830					resolver.
3831confMIME_FORMAT_ERRORS*	SendMimeErrors	[True] Send error messages as MIME-
3832					encapsulated messages per RFC 1344.
3833confFORWARD_PATH	ForwardPath	[$z/.forward.$w:$z/.forward]
3834					The colon-separated list of places to
3835					search for .forward files.  N.B.: see
3836					the Security Notes section.
3837confMCI_CACHE_SIZE	ConnectionCacheSize
3838					[2] Size of open connection cache.
3839confMCI_CACHE_TIMEOUT	ConnectionCacheTimeout
3840					[5m] Open connection cache timeout.
3841confHOST_STATUS_DIRECTORY HostStatusDirectory
3842					[undefined] If set, host status is kept
3843					on disk between sendmail runs in the
3844					named directory tree.  This need not be
3845					a full pathname, in which case it is
3846					interpreted relative to the queue
3847					directory.
3848confSINGLE_THREAD_DELIVERY  SingleThreadDelivery
3849					[False] If this option and the
3850					HostStatusDirectory option are both
3851					set, single thread deliveries to other
3852					hosts.  That is, don't allow any two
3853					sendmails on this host to connect
3854					simultaneously to any other single
3855					host.  This can slow down delivery in
3856					some cases, in particular since a
3857					cached but otherwise idle connection
3858					to a host will prevent other sendmails
3859					from connecting to the other host.
3860confUSE_COMPRESSED_IPV6_ADDRESSES
3861			UseCompressedIPv6Addresses
3862					[undefined] If set, use the compressed
3863					form of IPv6 addresses, such as
3864					IPV6:::1, instead of the uncompressed
3865					form, such as IPv6:0:0:0:0:0:0:0:1.
3866confUSE_ERRORS_TO*	UseErrorsTo	[False] Use the Errors-To: header to
3867					deliver error messages.  This should
3868					not be necessary because of general
3869					acceptance of the envelope/header
3870					distinction.
3871confLOG_LEVEL		LogLevel	[9] Log level.
3872confME_TOO		MeToo		[True] Include sender in group
3873					expansions.  This option is
3874					deprecated and will be removed from
3875					a future version.
3876confCHECK_ALIASES	CheckAliases	[False] Check RHS of aliases when
3877					running newaliases.  Since this does
3878					DNS lookups on every address, it can
3879					slow down the alias rebuild process
3880					considerably on large alias files.
3881confOLD_STYLE_HEADERS*	OldStyleHeaders	[True] Assume that headers without
3882					special chars are old style.
3883confPRIVACY_FLAGS	PrivacyOptions	[authwarnings] Privacy flags.
3884confCOPY_ERRORS_TO	PostmasterCopy	[undefined] Address for additional
3885					copies of all error messages.
3886confQUEUE_FACTOR	QueueFactor	[600000] Slope of queue-only function.
3887confQUEUE_FILE_MODE	QueueFileMode	[undefined] Default permissions for
3888					queue files (octal).  If not set,
3889					sendmail uses 0600 unless its real
3890					and effective uid are different in
3891					which case it uses 0644.
3892confDONT_PRUNE_ROUTES	DontPruneRoutes	[False] Don't prune down route-addr
3893					syntax addresses to the minimum
3894					possible.
3895confSAFE_QUEUE*		SuperSafe	[True] Commit all messages to disk
3896					before forking.
3897confTO_INITIAL		Timeout.initial	[5m] The timeout waiting for a response
3898					on the initial connect.
3899confTO_CONNECT		Timeout.connect	[0] The timeout waiting for an initial
3900					connect() to complete.  This can only
3901					shorten connection timeouts; the kernel
3902					silently enforces an absolute maximum
3903					(which varies depending on the system).
3904confTO_ICONNECT		Timeout.iconnect
3905					[undefined] Like Timeout.connect, but
3906					applies only to the very first attempt
3907					to connect to a host in a message.
3908					This allows a single very fast pass
3909					followed by more careful delivery
3910					attempts in the future.
3911confTO_ACONNECT		Timeout.aconnect
3912					[0] The overall timeout waiting for
3913					all connection for a single delivery
3914					attempt to succeed.  If 0, no overall
3915					limit is applied.
3916confTO_HELO		Timeout.helo	[5m] The timeout waiting for a response
3917					to a HELO or EHLO command.
3918confTO_MAIL		Timeout.mail	[10m] The timeout waiting for a
3919					response to the MAIL command.
3920confTO_RCPT		Timeout.rcpt	[1h] The timeout waiting for a response
3921					to the RCPT command.
3922confTO_DATAINIT		Timeout.datainit
3923					[5m] The timeout waiting for a 354
3924					response from the DATA command.
3925confTO_DATABLOCK	Timeout.datablock
3926					[1h] The timeout waiting for a block
3927					during DATA phase.
3928confTO_DATAFINAL	Timeout.datafinal
3929					[1h] The timeout waiting for a response
3930					to the final "." that terminates a
3931					message.
3932confTO_RSET		Timeout.rset	[5m] The timeout waiting for a response
3933					to the RSET command.
3934confTO_QUIT		Timeout.quit	[2m] The timeout waiting for a response
3935					to the QUIT command.
3936confTO_MISC		Timeout.misc	[2m] The timeout waiting for a response
3937					to other SMTP commands.
3938confTO_COMMAND		Timeout.command	[1h] In server SMTP, the timeout
3939					waiting	for a command to be issued.
3940confTO_IDENT		Timeout.ident	[5s] The timeout waiting for a
3941					response to an IDENT query.
3942confTO_FILEOPEN		Timeout.fileopen
3943					[60s] The timeout waiting for a file
3944					(e.g., :include: file) to be opened.
3945confTO_LHLO		Timeout.lhlo	[2m] The timeout waiting for a response
3946					to an LMTP LHLO command.
3947confTO_AUTH		Timeout.auth	[10m] The timeout waiting for a
3948					response in an AUTH dialogue.
3949confTO_STARTTLS		Timeout.starttls
3950					[1h] The timeout waiting for a
3951					response to an SMTP STARTTLS command.
3952confTO_CONTROL		Timeout.control
3953					[2m] The timeout for a complete
3954					control socket transaction to complete.
3955confTO_QUEUERETURN	Timeout.queuereturn
3956					[5d] The timeout before a message is
3957					returned as undeliverable.
3958confTO_QUEUERETURN_NORMAL
3959			Timeout.queuereturn.normal
3960					[undefined] As above, for normal
3961					priority messages.
3962confTO_QUEUERETURN_URGENT
3963			Timeout.queuereturn.urgent
3964					[undefined] As above, for urgent
3965					priority messages.
3966confTO_QUEUERETURN_NONURGENT
3967			Timeout.queuereturn.non-urgent
3968					[undefined] As above, for non-urgent
3969					(low) priority messages.
3970confTO_QUEUERETURN_DSN
3971			Timeout.queuereturn.dsn
3972					[undefined] As above, for delivery
3973					status notification messages.
3974confTO_QUEUEWARN	Timeout.queuewarn
3975					[4h] The timeout before a warning
3976					message is sent to the sender telling
3977					them that the message has been
3978					deferred.
3979confTO_QUEUEWARN_NORMAL	Timeout.queuewarn.normal
3980					[undefined] As above, for normal
3981					priority messages.
3982confTO_QUEUEWARN_URGENT	Timeout.queuewarn.urgent
3983					[undefined] As above, for urgent
3984					priority messages.
3985confTO_QUEUEWARN_NONURGENT
3986			Timeout.queuewarn.non-urgent
3987					[undefined] As above, for non-urgent
3988					(low) priority messages.
3989confTO_QUEUEWARN_DSN
3990			Timeout.queuewarn.dsn
3991					[undefined] As above, for delivery
3992					status notification messages.
3993confTO_HOSTSTATUS	Timeout.hoststatus
3994					[30m] How long information about host
3995					statuses will be maintained before it
3996					is considered stale and the host should
3997					be retried.  This applies both within
3998					a single queue run and to persistent
3999					information (see below).
4000confTO_RESOLVER_RETRANS	Timeout.resolver.retrans
4001					[varies] Sets the resolver's
4002					retransmission time interval (in
4003					seconds).  Sets both
4004					Timeout.resolver.retrans.first and
4005					Timeout.resolver.retrans.normal.
4006confTO_RESOLVER_RETRANS_FIRST  Timeout.resolver.retrans.first
4007					[varies] Sets the resolver's
4008					retransmission time interval (in
4009					seconds) for the first attempt to
4010					deliver a message.
4011confTO_RESOLVER_RETRANS_NORMAL  Timeout.resolver.retrans.normal
4012					[varies] Sets the resolver's
4013					retransmission time interval (in
4014					seconds) for all resolver lookups
4015					except the first delivery attempt.
4016confTO_RESOLVER_RETRY	Timeout.resolver.retry
4017					[varies] Sets the number of times
4018					to retransmit a resolver query.
4019					Sets both
4020					Timeout.resolver.retry.first and
4021					Timeout.resolver.retry.normal.
4022confTO_RESOLVER_RETRY_FIRST  Timeout.resolver.retry.first
4023					[varies] Sets the number of times
4024					to retransmit a resolver query for
4025					the first attempt to deliver a
4026					message.
4027confTO_RESOLVER_RETRY_NORMAL  Timeout.resolver.retry.normal
4028					[varies] Sets the number of times
4029					to retransmit a resolver query for
4030					all resolver lookups except the
4031					first delivery attempt.
4032confTIME_ZONE		TimeZoneSpec	[USE_SYSTEM] Time zone info -- can be
4033					USE_SYSTEM to use the system's idea,
4034					USE_TZ to use the user's TZ envariable,
4035					or something else to force that value.
4036confDEF_USER_ID		DefaultUser	[1:1] Default user id.
4037confUSERDB_SPEC		UserDatabaseSpec
4038					[undefined] User database
4039					specification.
4040confFALLBACK_MX		FallbackMXhost	[undefined] Fallback MX host.
4041confFALLBACK_SMARTHOST	FallbackSmartHost
4042					[undefined] Fallback smart host.
4043confTLS_FALLBACK_TO_CLEAR	TLSFallbacktoClear
4044					[undefined] If set, immediately try
4045					a connection again without STARTTLS
4046					after a TLS handshake failure.
4047confTRY_NULL_MX_LIST	TryNullMXList	[False] If this host is the best MX
4048					for a host and other arrangements
4049					haven't been made, try connecting
4050					to the host directly; normally this
4051					would be a config error.
4052confQUEUE_LA		QueueLA		[varies] Load average at which
4053					queue-only function kicks in.
4054					Default values is (8 * numproc)
4055					where numproc is the number of
4056					processors online (if that can be
4057					determined).
4058confREFUSE_LA		RefuseLA	[varies] Load average at which
4059					incoming SMTP connections are
4060					refused.  Default values is (12 *
4061					numproc) where numproc is the
4062					number of processors online (if
4063					that can be determined).
4064confREJECT_LOG_INTERVAL	RejectLogInterval	[3h] Log interval when
4065					refusing connections for this long.
4066confDELAY_LA		DelayLA		[0] Load average at which sendmail
4067					will sleep for one second on most
4068					SMTP commands and before accepting
4069					connections.  0 means no limit.
4070confMAX_ALIAS_RECURSION	MaxAliasRecursion
4071					[10] Maximum depth of alias recursion.
4072confMAX_DAEMON_CHILDREN	MaxDaemonChildren
4073					[undefined] The maximum number of
4074					children the daemon will permit.  After
4075					this number, connections will be
4076					rejected.  If not set or <= 0, there is
4077					no limit.
4078confMAX_HEADERS_LENGTH	MaxHeadersLength
4079					[32768] Maximum length of the sum
4080					of all headers.
4081confMAX_MIME_HEADER_LENGTH  MaxMimeHeaderLength
4082					[undefined] Maximum length of
4083					certain MIME header field values.
4084confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
4085					[undefined] The maximum number of
4086					connections permitted per second per
4087					daemon.  After this many connections
4088					are accepted, further connections
4089					will be delayed.  If not set or <= 0,
4090					there is no limit.
4091confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
4092					[60s] Define the length of the
4093					interval for which the number of
4094					incoming connections is maintained.
4095confWORK_RECIPIENT_FACTOR
4096			RecipientFactor	[30000] Cost of each recipient.
4097confSEPARATE_PROC	ForkEachJob	[False] Run all deliveries in a
4098					separate process.
4099confWORK_CLASS_FACTOR	ClassFactor	[1800] Priority multiplier for class.
4100confWORK_TIME_FACTOR	RetryFactor	[90000] Cost of each delivery attempt.
4101confQUEUE_SORT_ORDER	QueueSortOrder	[Priority] Queue sort algorithm:
4102					Priority, Host, Filename, Random,
4103					Modification, or Time.
4104confMAX_QUEUE_AGE	MaxQueueAge	[undefined] If set to a value greater
4105					than zero, entries in the queue
4106					will be retried during a queue run
4107					only if the individual retry time
4108					has been reached which is doubled
4109					for each attempt.  The maximum retry
4110					time is limited by the specified value.
4111confMIN_QUEUE_AGE	MinQueueAge	[0] The minimum amount of time a job
4112					must sit in the queue between queue
4113					runs.  This allows you to set the
4114					queue run interval low for better
4115					responsiveness without trying all
4116					jobs in each run.
4117confDEF_CHAR_SET	DefaultCharSet	[unknown-8bit] When converting
4118					unlabeled 8 bit input to MIME, the
4119					character set to use by default.
4120confSERVICE_SWITCH_FILE	ServiceSwitchFile
4121					[/etc/mail/service.switch] The file
4122					to use for the service switch on
4123					systems that do not have a
4124					system-defined switch.
4125confHOSTS_FILE		HostsFile	[/etc/hosts] The file to use when doing
4126					"file" type access of hosts names.
4127confDIAL_DELAY		DialDelay	[0s] If a connection fails, wait this
4128					long and try again.  Zero means "don't
4129					retry".  This is to allow "dial on
4130					demand" connections to have enough time
4131					to complete a connection.
4132confNO_RCPT_ACTION	NoRecipientAction
4133					[none] What to do if there are no legal
4134					recipient fields (To:, Cc: or Bcc:)
4135					in the message.  Legal values can
4136					be "none" to just leave the
4137					nonconforming message as is, "add-to"
4138					to add a To: header with all the
4139					known recipients (which may expose
4140					blind recipients), "add-apparently-to"
4141					to do the same but use Apparently-To:
4142					instead of To: (strongly discouraged
4143					in accordance with IETF standards),
4144					"add-bcc" to add an empty Bcc:
4145					header, or "add-to-undisclosed" to
4146					add the header
4147					``To: undisclosed-recipients:;''.
4148confSAFE_FILE_ENV	SafeFileEnvironment
4149					[undefined] If set, sendmail will do a
4150					chroot() into this directory before
4151					writing files.
4152confCOLON_OK_IN_ADDR	ColonOkInAddr	[True unless Configuration Level > 6]
4153					If set, colons are treated as a regular
4154					character in addresses.  If not set,
4155					they are treated as the introducer to
4156					the RFC 822 "group" syntax.  Colons are
4157					handled properly in route-addrs.  This
4158					option defaults on for V5 and lower
4159					configuration files.
4160confMAX_QUEUE_RUN_SIZE	MaxQueueRunSize	[0] If set, limit the maximum size of
4161					any given queue run to this number of
4162					entries.  Essentially, this will stop
4163					reading each queue directory after this
4164					number of entries are reached; it does
4165					_not_ pick the highest priority jobs,
4166					so this should be as large as your
4167					system can tolerate.  If not set, there
4168					is no limit.
4169confMAX_QUEUE_CHILDREN	MaxQueueChildren
4170					[undefined] Limits the maximum number
4171					of concurrent queue runners active.
4172					This is to keep system resources used
4173					within a reasonable limit.  Relates to
4174					Queue Groups and ForkEachJob.
4175confMAX_RUNNERS_PER_QUEUE	MaxRunnersPerQueue
4176					[1] Only active when MaxQueueChildren
4177					defined.  Controls the maximum number
4178					of queue runners (aka queue children)
4179					active at the same time in a work
4180					group.  See also MaxQueueChildren.
4181confDONT_EXPAND_CNAMES	DontExpandCnames
4182					[False] If set, $[ ... $] lookups that
4183					do DNS based lookups do not expand
4184					CNAME records.  This currently violates
4185					the published standards, but the IETF
4186					seems to be moving toward legalizing
4187					this.  For example, if "FTP.Foo.ORG"
4188					is a CNAME for "Cruft.Foo.ORG", then
4189					with this option set a lookup of
4190					"FTP" will return "FTP.Foo.ORG"; if
4191					clear it returns "Cruft.FOO.ORG".  N.B.
4192					you may not see any effect until your
4193					downstream neighbors stop doing CNAME
4194					lookups as well.
4195confFROM_LINE		UnixFromLine	[From $g $d] The From_ line used
4196					when sending to files or programs.
4197confSINGLE_LINE_FROM_HEADER  SingleLineFromHeader
4198					[False] From: lines that have
4199					embedded newlines are unwrapped
4200					onto one line.
4201confALLOW_BOGUS_HELO	AllowBogusHELO	[False] Allow HELO SMTP command that
4202					does not include a host name.
4203confMUST_QUOTE_CHARS	MustQuoteChars	[.'] Characters to be quoted in a full
4204					name phrase (@,;:\()[] are automatic).
4205confOPERATORS		OperatorChars	[.:%@!^/[]+] Address operator
4206					characters.
4207confSMTP_LOGIN_MSG	SmtpGreetingMessage
4208					[$j Sendmail $v/$Z; $b]
4209					The initial (spontaneous) SMTP
4210					greeting message.  The word "ESMTP"
4211					will be inserted between the first and
4212					second words to convince other
4213					sendmails to try to speak ESMTP.
4214confDONT_INIT_GROUPS	DontInitGroups	[False] If set, the initgroups(3)
4215					routine will never be invoked.  You
4216					might want to do this if you are
4217					running NIS and you have a large group
4218					map, since this call does a sequential
4219					scan of the map; in a large site this
4220					can cause your ypserv to run
4221					essentially full time.  If you set
4222					this, agents run on behalf of users
4223					will only have their primary
4224					(/etc/passwd) group permissions.
4225confUNSAFE_GROUP_WRITES	UnsafeGroupWrites
4226					[True] If set, group-writable
4227					:include: and .forward files are
4228					considered "unsafe", that is, programs
4229					and files cannot be directly referenced
4230					from such files.  World-writable files
4231					are always considered unsafe.
4232					Notice: this option is deprecated and
4233					will be removed in future versions;
4234					Set GroupWritableForwardFileSafe
4235					and GroupWritableIncludeFileSafe in
4236					DontBlameSendmail if required.
4237confCONNECT_ONLY_TO	ConnectOnlyTo	[undefined] override connection
4238					address (for testing).
4239confCONTROL_SOCKET_NAME	ControlSocketName
4240					[undefined] Control socket for daemon
4241					management.
4242confDOUBLE_BOUNCE_ADDRESS  DoubleBounceAddress
4243					[postmaster] If an error occurs when
4244					sending an error message, send that
4245					"double bounce" error message to this
4246					address.  If it expands to an empty
4247					string, double bounces are dropped.
4248confSOFT_BOUNCE		SoftBounce	[False] If set, issue temporary errors
4249					(4xy) instead of permanent errors
4250					(5xy).  This can be useful during
4251					testing of a new configuration to
4252					avoid erroneous bouncing of mails.
4253confDEAD_LETTER_DROP	DeadLetterDrop	[undefined] Filename to save bounce
4254					messages which could not be returned
4255					to the user or sent to postmaster.
4256					If not set, the queue file will
4257					be renamed.
4258confRRT_IMPLIES_DSN	RrtImpliesDsn	[False] Return-Receipt-To: header
4259					implies DSN request.
4260confRUN_AS_USER		RunAsUser	[undefined] If set, become this user
4261					when reading and delivering mail.
4262					Causes all file reads (e.g., .forward
4263					and :include: files) to be done as
4264					this user.  Also, all programs will
4265					be run as this user, and all output
4266					files will be written as this user.
4267confMAX_RCPTS_PER_MESSAGE  MaxRecipientsPerMessage
4268					[infinite] If set, allow no more than
4269					the specified number of recipients in
4270					an SMTP envelope.  Further recipients
4271					receive a 452 error code (i.e., they
4272					are deferred for the next delivery
4273					attempt).
4274confBAD_RCPT_THROTTLE	BadRcptThrottle	[infinite] If set and the specified
4275					number of recipients in a single SMTP
4276					transaction have been rejected, sleep
4277					for one second after each subsequent
4278					RCPT command in that transaction.
4279confDONT_PROBE_INTERFACES  DontProbeInterfaces
4280					[False] If set, sendmail will _not_
4281					insert the names and addresses of any
4282					local interfaces into class {w}
4283					(list of known "equivalent" addresses).
4284					If you set this, you must also include
4285					some support for these addresses (e.g.,
4286					in a mailertable entry) -- otherwise,
4287					mail to addresses in this list will
4288					bounce with a configuration error.
4289					If set to "loopback" (without
4290					quotes), sendmail will skip
4291					loopback interfaces (e.g., "lo0").
4292confPID_FILE		PidFile		[system dependent] Location of pid
4293					file.
4294confPROCESS_TITLE_PREFIX  ProcessTitlePrefix
4295					[undefined] Prefix string for the
4296					process title shown on 'ps' listings.
4297confDONT_BLAME_SENDMAIL	DontBlameSendmail
4298					[safe] Override sendmail's file
4299					safety checks.  This will definitely
4300					compromise system security and should
4301					not be used unless absolutely
4302					necessary.
4303confREJECT_MSG		-		[550 Access denied] The message
4304					given if the access database contains
4305					REJECT in the value portion.
4306confRELAY_MSG		-		[550 Relaying denied] The message
4307					given if an unauthorized relaying
4308					attempt is rejected.
4309confDF_BUFFER_SIZE	DataFileBufferSize
4310					[4096] The maximum size of a
4311					memory-buffered data (df) file
4312					before a disk-based file is used.
4313confXF_BUFFER_SIZE	XScriptFileBufferSize
4314					[4096] The maximum size of a
4315					memory-buffered transcript (xf)
4316					file before a disk-based file is
4317					used.
4318confAUTH_MECHANISMS	AuthMechanisms	[EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5
4319					CRAM-MD5] List of authentication
4320					mechanisms for AUTH (separated by
4321					spaces).  The advertised list of
4322					authentication mechanisms will be the
4323					intersection of this list and the list
4324					of available mechanisms as determined
4325					by the Cyrus SASL library.
4326confAUTH_REALM		AuthRealm	[undefined] The authentication realm
4327					that is passed to the Cyrus SASL
4328					library.  If no realm is specified,
4329					$j is used.  See KNOWNBUGS.
4330confDEF_AUTH_INFO	DefaultAuthInfo	[undefined] Name of file that contains
4331					authentication information for
4332					outgoing connections.  This file must
4333					contain the user id, the authorization
4334					id, the password (plain text), the
4335					realm to use, and the list of
4336					mechanisms to try, each on a separate
4337					line and must be readable by root (or
4338					the trusted user) only.  If no realm
4339					is specified, $j is used.  If no
4340					mechanisms are given in the file,
4341					AuthMechanisms is used.  Notice: this
4342					option is deprecated and will be
4343					removed in future versions; it doesn't
4344					work for the MSP since it can't read
4345					the file.  Use the authinfo ruleset
4346					instead.  See also the section SMTP
4347					AUTHENTICATION.
4348confAUTH_OPTIONS	AuthOptions	[undefined] If this option is 'A'
4349					then the AUTH= parameter for the
4350					MAIL FROM command is only issued
4351					when authentication succeeded.
4352					See doc/op/op.me for more options
4353					and details.
4354confAUTH_MAX_BITS	AuthMaxBits	[INT_MAX] Limit the maximum encryption
4355					strength for the security layer in
4356					SMTP AUTH (SASL).  Default is
4357					essentially unlimited.
4358confTLS_SRV_OPTIONS	TLSSrvOptions	If this option is 'V' no client
4359					verification is performed, i.e.,
4360					the server doesn't ask for a
4361					certificate.
4362confSERVER_SSL_OPTIONS	ServerSSLOptions	[undefined] SSL related
4363					options for server side.  See
4364					SSL_CTX_set_options(3) for a list.
4365confCLIENT_SSL_OPTIONS	ClientSSLOptions	[undefined] SSL related
4366					options for client side. See
4367					SSL_CTX_set_options(3) for a list.
4368confCIPHER_LIST		CipherList	[undefined] Cipher list for TLS.
4369					See ciphers(1) for possible values.
4370confLDAP_DEFAULT_SPEC	LDAPDefaultSpec	[undefined] Default map
4371					specification for LDAP maps.  The
4372					value should only contain LDAP
4373					specific settings such as "-h host
4374					-p port -d bindDN", etc.  The
4375					settings will be used for all LDAP
4376					maps unless they are specified in
4377					the individual map specification
4378					('K' command).
4379confCACERT_PATH		CACertPath	[undefined] Path to directory with
4380					certificates of CAs which must contain
4381					their hashes as filenames or links.
4382confCACERT		CACertFile	[undefined] File containing at least
4383					one CA certificate.
4384confSERVER_CERT		ServerCertFile	[undefined] File containing the
4385					cert of the server, i.e., this cert
4386					is used when sendmail acts as
4387					server.
4388confSERVER_KEY		ServerKeyFile	[undefined] File containing the
4389					private key belonging to the server
4390					cert.
4391confCLIENT_CERT		ClientCertFile	[undefined] File containing the
4392					cert of the client, i.e., this cert
4393					is used when sendmail acts as
4394					client.
4395confCLIENT_KEY		ClientKeyFile	[undefined] File containing the
4396					private key belonging to the client
4397					cert.
4398confCRL			CRLFile		[undefined] File containing certificate
4399					revocation status, useful for X.509v3
4400					authentication.
4401confCRL_PATH		CRLPath		[undefined] Directory containing
4402					hashes pointing to certificate
4403					revocation status files.
4404confDH_PARAMETERS	DHParameters	[undefined] File containing the
4405					DH parameters.
4406confDANE		DANE		[false] Enable DANE support.
4407confRAND_FILE		RandFile	[undefined] File containing random
4408					data (use prefix file:) or the
4409					name of the UNIX socket if EGD is
4410					used (use prefix egd:).  STARTTLS
4411					requires this option if the compile
4412					flag HASURANDOM is not set (see
4413					sendmail/README).
4414confCERT_FINGERPRINT_ALGORITHM	CertFingerprintAlgorithm
4415					[undefined] The fingerprint algorithm
4416					(digest) to use for the presented
4417					cert.
4418confSSL_ENGINE		SSLEngine	[undefined] Name of SSLEngine.
4419confSSL_ENGINE_PATH	SSLEnginePath	[undefined] Path to dynamic library
4420					for SSLEngine.
4421confOPENSSL_CNF				[/etc/mail/sendmail.ossl] Set the
4422					environment variable OPENSSL_CONF.
4423					An empty value disables setting it.
4424confNICE_QUEUE_RUN	NiceQueueRun	[undefined]  If set, the priority of
4425					queue runners is set the given value
4426					(nice(3)).
4427confDIRECT_SUBMISSION_MODIFIERS	DirectSubmissionModifiers
4428					[undefined] Defines {daemon_flags}
4429					for direct submissions.
4430confUSE_MSP		UseMSP		[undefined] Use as mail submission
4431					program, see sendmail/SECURITY.
4432confDELIVER_BY_MIN	DeliverByMin	[0] Minimum time for Deliver By
4433					SMTP Service Extension (RFC 2852).
4434confREQUIRES_DIR_FSYNC	RequiresDirfsync	[true] RequiresDirfsync can
4435					be used to turn off the compile time
4436					flag REQUIRES_DIR_FSYNC at runtime.
4437					See sendmail/README for details.
4438confSHARED_MEMORY_KEY	SharedMemoryKey [0] Key for shared memory.
4439confSHARED_MEMORY_KEY_FILE
4440			SharedMemoryKeyFile
4441					[undefined] File where the
4442					automatically selected key for
4443					shared memory is stored.
4444confFAST_SPLIT		FastSplit	[1] If set to a value greater than
4445					zero, the initial MX lookups on
4446					addresses is suppressed when they
4447					are sorted which may result in
4448					faster envelope splitting.  If the
4449					mail is submitted directly from the
4450					command line, then the value also
4451					limits the number of processes to
4452					deliver the envelopes.
4453confMAILBOX_DATABASE	MailboxDatabase	[pw] Type of lookup to find
4454					information about local mailboxes.
4455confDEQUOTE_OPTS	-		[empty] Additional options for the
4456					dequote map.
4457confMAX_NOOP_COMMANDS	MaxNOOPCommands	[20] Maximum number of "useless"
4458					commands before the SMTP server
4459					will slow down responding.
4460confHELO_NAME		HeloName	If defined, use as name for EHLO/HELO
4461					command (instead of $j).
4462confINPUT_MAIL_FILTERS	InputMailFilters
4463					A comma separated list of filters
4464					which determines which filters and
4465					the invocation sequence are
4466					contacted for incoming SMTP
4467					messages.  If none are set, no
4468					filters will be contacted.
4469confMILTER_LOG_LEVEL	Milter.LogLevel	[9] Log level for input mail filter
4470					actions, defaults to LogLevel.
4471confMILTER_MACROS_CONNECT	Milter.macros.connect
4472					[j, _, {daemon_name}, {if_name},
4473					{if_addr}] Macros to transmit to
4474					milters when a session connection
4475					starts.
4476confMILTER_MACROS_HELO	Milter.macros.helo
4477					[{tls_version}, {cipher},
4478					{cipher_bits}, {cert_subject},
4479					{cert_issuer}] Macros to transmit to
4480					milters after HELO/EHLO command.
4481confMILTER_MACROS_ENVFROM	Milter.macros.envfrom
4482					[i, {auth_type}, {auth_authen},
4483					{auth_ssf}, {auth_author},
4484					{mail_mailer}, {mail_host},
4485					{mail_addr}] Macros to transmit to
4486					milters after MAIL FROM command.
4487confMILTER_MACROS_ENVRCPT	Milter.macros.envrcpt
4488					[{rcpt_mailer}, {rcpt_host},
4489					{rcpt_addr}] Macros to transmit to
4490					milters after RCPT TO command.
4491confMILTER_MACROS_EOM		Milter.macros.eom
4492					[{msg_id}] Macros to transmit to
4493					milters after the terminating
4494					DATA '.' is received.
4495confMILTER_MACROS_EOH		Milter.macros.eoh
4496					Macros to transmit to milters
4497					after the end of headers.
4498confMILTER_MACROS_DATA		Milter.macros.data
4499					Macros to transmit to milters
4500					after DATA command is received.
4501
4502
4503See also the description of OSTYPE for some parameters that can be
4504tweaked (generally pathnames to mailers).
4505
4506ClientPortOptions and DaemonPortOptions are special cases since multiple
4507clients/daemons can be defined.  This can be done via
4508
4509	CLIENT_OPTIONS(`field1=value1,field2=value2,...')
4510	DAEMON_OPTIONS(`field1=value1,field2=value2,...')
4511
4512Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
4513ClientPortOptions settings) are allowed in order to give settings for each
4514protocol family (e.g., one for Family=inet and one for Family=inet6).  A
4515restriction placed on one family only affects outgoing connections on that
4516particular family.
4517
4518If DAEMON_OPTIONS is not used, then the default is
4519
4520	DAEMON_OPTIONS(`Port=smtp, Name=MTA')
4521	DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
4522
4523If you use one DAEMON_OPTIONS macro, it will alter the parameters
4524of the first of these.  The second will still be defaulted; it
4525represents a "Message Submission Agent" (MSA) as defined by RFC
45262476 (see below).  To turn off the default definition for the MSA,
4527use FEATURE(`no_default_msa') (see also FEATURES).  If you use
4528additional DAEMON_OPTIONS macros, they will add additional daemons.
4529
4530Example 1:  To change the port for the SMTP listener, while
4531still using the MSA default, use
4532	DAEMON_OPTIONS(`Port=925, Name=MTA')
4533
4534Example 2:  To change the port for the MSA daemon, while still
4535using the default SMTP port, use
4536	FEATURE(`no_default_msa')
4537	DAEMON_OPTIONS(`Name=MTA')
4538	DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
4539
4540Note that if the first of those DAEMON_OPTIONS lines were omitted, then
4541there would be no listener on the standard SMTP port.
4542
4543Example 3: To listen on both IPv4 and IPv6 interfaces, use
4544
4545	DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4546	DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4547
4548A "Message Submission Agent" still uses all of the same rulesets for
4549processing the message (and therefore still allows message rejection via
4550the check_* rulesets).  In accordance with the RFC, the MSA will ensure
4551that all domains in envelope addresses are fully qualified if the message
4552is relayed to another MTA.  It will also enforce the normal address syntax
4553rules and log error messages.  Additionally, by using the M=a modifier you
4554can require authentication before messages are accepted by the MSA.
4555Notice: Do NOT use the 'a' modifier on a public accessible MTA!  Finally,
4556the M=E modifier shown above disables ETRN as required by RFC 2476.
4557
4558Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
4559commands:
4560
4561	INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
4562	MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
4563
4564The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
4565same order they were specified by also setting confINPUT_MAIL_FILTERS.  A
4566filter can be defined without adding it to the input filter list by using
4567MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
4568Alternatively, you can reset the list of filters and their order by setting
4569confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
4570your .mc file.
4571
4572
4573+----------------------------+
4574| MESSAGE SUBMISSION PROGRAM |
4575+----------------------------+
4576
4577The purpose of the message submission program (MSP) is explained
4578in sendmail/SECURITY.  This section contains a list of caveats and
4579a few hints how for those who want to tweak the default configuration
4580for it (which is installed as submit.cf).
4581
4582Notice: do not add options/features to submit.mc unless you are
4583absolutely sure you need them.  Options you may want to change
4584include:
4585
4586- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4587  avoiding X-Authentication warnings.
4588- confTIME_ZONE to change it from the default `USE_TZ'.
4589- confDELIVERY_MODE is set to interactive in msp.m4 instead
4590  of the default background mode.
4591- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4592  to the LOCAL_RELAY instead of the default relay.
4593- confRAND_FILE if you use STARTTLS and sendmail is not compiled with
4594  the flag HASURANDOM.
4595
4596The MSP performs hostname canonicalization by default.  As also
4597explained in sendmail/SECURITY, mail may end up for various DNS
4598related reasons in the MSP queue. This problem can be minimized by
4599using
4600
4601	FEATURE(`nocanonify', `canonify_hosts')
4602	define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
4603
4604See the discussion about nocanonify for possible side effects.
4605
4606Some things are not intended to work with the MSP.  These include
4607features that influence the delivery process (e.g., mailertable,
4608aliases), or those that are only important for a SMTP server (e.g.,
4609virtusertable, DaemonPortOptions, multiple queues).  Moreover,
4610relaxing certain restrictions (RestrictQueueRun, permissions on
4611queue directory) or adding features (e.g., enabling prog/file mailer)
4612can cause security problems.
4613
4614Other things don't work well with the MSP and require tweaking or
4615workarounds.  For example, to allow for client authentication it
4616is not just sufficient to provide a client certificate and the
4617corresponding key, but it is also necessary to make the key group
4618(smmsp) readable and tell sendmail not to complain about that, i.e.,
4619
4620	define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
4621
4622If the MSP should actually use AUTH then the necessary data
4623should be placed in a map as explained in SMTP AUTHENTICATION:
4624
4625FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')
4626
4627/etc/mail/msp-authinfo should contain an entry like:
4628
4629	AuthInfo:127.0.0.1	"U:smmsp" "P:secret" "M:DIGEST-MD5"
4630
4631The file and the map created by makemap should be owned by smmsp,
4632its group should be smmsp, and it should have mode 640.  The database
4633used by the MTA for AUTH must have a corresponding entry.
4634Additionally the MTA must trust this authentication data so the AUTH=
4635part will be relayed on to the next hop.  This can be achieved by
4636adding the following to your sendmail.mc file:
4637
4638	LOCAL_RULESETS
4639	SLocal_trust_auth
4640	R$*	$: $&{auth_authen}
4641	Rsmmsp	$# OK
4642
4643Note: the authentication data can leak to local users who invoke
4644the MSP with debug options or even with -v.  For that reason either
4645an authentication mechanism that does not show the password in the
4646AUTH dialogue (e.g., DIGEST-MD5) or a different authentication
4647method like STARTTLS should be used.
4648
4649feature/msp.m4 defines almost all settings for the MSP.  Most of
4650those should not be changed at all.  Some of the features and options
4651can be overridden if really necessary.  It is a bit tricky to do
4652this, because it depends on the actual way the option is defined
4653in feature/msp.m4.  If it is directly defined (i.e., define()) then
4654the modified value must be defined after
4655
4656	FEATURE(`msp')
4657
4658If it is conditionally defined (i.e., ifdef()) then the desired
4659value must be defined before the FEATURE line in the .mc file.
4660To see how the options are defined read feature/msp.m4.
4661
4662
4663+--------------------------+
4664| FORMAT OF FILES AND MAPS |
4665+--------------------------+
4666
4667Files that define classes, i.e., F{classname}, consist of lines
4668each of which contains a single element of the class.  For example,
4669/etc/mail/local-host-names may have the following content:
4670
4671my.domain
4672another.domain
4673
4674Maps must be created using makemap(8) , e.g.,
4675
4676	makemap hash MAP < MAP
4677
4678In general, a text file from which a map is created contains lines
4679of the form
4680
4681key	value
4682
4683where 'key' and 'value' are also called LHS and RHS, respectively.
4684By default, the delimiter between LHS and RHS is a non-empty sequence
4685of white space characters.
4686
4687
4688+------------------+
4689| DIRECTORY LAYOUT |
4690+------------------+
4691
4692Within this directory are several subdirectories, to wit:
4693
4694m4		General support routines.  These are typically
4695		very important and should not be changed without
4696		very careful consideration.
4697
4698cf		The configuration files themselves.  They have
4699		".mc" suffixes, and must be run through m4 to
4700		become complete.  The resulting output should
4701		have a ".cf" suffix.
4702
4703ostype		Definitions describing a particular operating
4704		system type.  These should always be referenced
4705		using the OSTYPE macro in the .mc file.  Examples
4706		include "bsd4.3", "bsd4.4", "sunos3.5", and
4707		"sunos4.1".
4708
4709domain		Definitions describing a particular domain, referenced
4710		using the DOMAIN macro in the .mc file.  These are
4711		site dependent; for example, "CS.Berkeley.EDU.m4"
4712		describes hosts in the CS.Berkeley.EDU subdomain.
4713
4714mailer		Descriptions of mailers.  These are referenced using
4715		the MAILER macro in the .mc file.
4716
4717sh		Shell files used when building the .cf file from the
4718		.mc file in the cf subdirectory.
4719
4720feature		These hold special orthogonal features that you might
4721		want to include.  They should be referenced using
4722		the FEATURE macro.
4723
4724hack		Local hacks.  These can be referenced using the HACK
4725		macro.  They shouldn't be of more than voyeuristic
4726		interest outside the .Berkeley.EDU domain, but who knows?
4727
4728siteconfig	Site configuration -- e.g., tables of locally connected
4729		UUCP sites.
4730
4731
4732+------------------------+
4733| ADMINISTRATIVE DETAILS |
4734+------------------------+
4735
4736The following sections detail usage of certain internal parts of the
4737sendmail.cf file.  Read them carefully if you are trying to modify
4738the current model.  If you find the above descriptions adequate, these
4739should be {boring, confusing, tedious, ridiculous} (pick one or more).
4740
4741RULESETS (* means built in to sendmail)
4742
4743   0 *	Parsing
4744   1 *	Sender rewriting
4745   2 *	Recipient rewriting
4746   3 *	Canonicalization
4747   4 *	Post cleanup
4748   5 *	Local address rewrite (after aliasing)
4749  1x	mailer rules (sender qualification)
4750  2x	mailer rules (recipient qualification)
4751  3x	mailer rules (sender header qualification)
4752  4x	mailer rules (recipient header qualification)
4753  5x	mailer subroutines (general)
4754  6x	mailer subroutines (general)
4755  7x	mailer subroutines (general)
4756  8x	reserved
4757  90	Mailertable host stripping
4758  96	Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4759  97	Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4760  98	Local part of ruleset 0 (ruleset 8 in old sendmail)
4761
4762
4763MAILERS
4764
4765   0	local, prog	local and program mailers
4766   1	[e]smtp, relay	SMTP channel
4767   2	uucp-*		UNIX-to-UNIX Copy Program
4768   3	netnews		Network News delivery
4769   4	fax		Sam Leffler's HylaFAX software
4770   5	mail11		DECnet mailer
4771
4772
4773MACROS
4774
4775   A
4776   B	Bitnet Relay
4777   C	DECnet Relay
4778   D	The local domain -- usually not needed
4779   E	reserved for X.400 Relay
4780   F	FAX Relay
4781   G
4782   H	mail Hub (for mail clusters)
4783   I
4784   J
4785   K
4786   L	Luser Relay
4787   M	Masquerade (who you claim to be)
4788   N
4789   O
4790   P
4791   Q
4792   R	Relay (for unqualified names)
4793   S	Smart Host
4794   T
4795   U	my UUCP name (if you have a UUCP connection)
4796   V	UUCP Relay (class {V} hosts)
4797   W	UUCP Relay (class {W} hosts)
4798   X	UUCP Relay (class {X} hosts)
4799   Y	UUCP Relay (all other hosts)
4800   Z	Version number
4801
4802
4803CLASSES
4804
4805   A
4806   B	domains that are candidates for bestmx lookup
4807   C
4808   D
4809   E	addresses that should not seem to come from $M
4810   F	hosts this system forward for
4811   G	domains that should be looked up in genericstable
4812   H
4813   I
4814   J
4815   K
4816   L	addresses that should not be forwarded to $R
4817   M	domains that should be mapped to $M
4818   N	host/domains that should not be mapped to $M
4819   O	operators that indicate network operations (cannot be in local names)
4820   P	top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4821   Q
4822   R	domains this system is willing to relay (pass anti-spam filters)
4823   S
4824   T
4825   U	locally connected UUCP hosts
4826   V	UUCP hosts connected to relay $V
4827   W	UUCP hosts connected to relay $W
4828   X	UUCP hosts connected to relay $X
4829   Y	locally connected smart UUCP hosts
4830   Z	locally connected domain-ized UUCP hosts
4831   .	the class containing only a dot
4832   [	the class containing only a left bracket
4833
4834
4835M4 DIVERSIONS
4836
4837   1	Local host detection and resolution
4838   2	Local Ruleset 3 additions
4839   3	Local Ruleset 0 additions
4840   4	UUCP Ruleset 0 additions
4841   5	locally interpreted names (overrides $R)
4842   6	local configuration (at top of file)
4843   7	mailer definitions
4844   8	DNS based blocklists
4845   9	special local rulesets (1 and 2)
4846
4847