1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide (doc/op/op.me). 8 9To get started, you may want to look at tcpproto.mc (for TCP-only 10sites) and clientproto.mc (for clusters of clients using a single 11mail host), or the generic-*.mc files as operating system-specific 12examples. 13 14Table of Content: 15 16INTRODUCTION AND EXAMPLE 17A BRIEF INTRODUCTION TO M4 18FILE LOCATIONS 19OSTYPE 20DOMAINS 21MAILERS 22FEATURES 23HACKS 24SITE CONFIGURATION 25USING UUCP MAILERS 26TWEAKING RULESETS 27MASQUERADING AND RELAYING 28USING LDAP FOR ALIASES, MAPS, AND CLASSES 29LDAP ROUTING 30ANTI-SPAM CONFIGURATION CONTROL 31CONNECTION CONTROL 32STARTTLS 33SMTP AUTHENTICATION 34ADDING NEW MAILERS OR RULESETS 35ADDING NEW MAIL FILTERS 36QUEUE GROUP DEFINITIONS 37NON-SMTP BASED CONFIGURATIONS 38WHO AM I? 39ACCEPTING MAIL FOR MULTIPLE NAMES 40USING MAILERTABLES 41USING USERDB TO MAP FULL NAMES 42MISCELLANEOUS SPECIAL FEATURES 43SECURITY NOTES 44TWEAKING CONFIGURATION OPTIONS 45MESSAGE SUBMISSION PROGRAM 46FORMAT OF FILES AND MAPS 47DIRECTORY LAYOUT 48ADMINISTRATIVE DETAILS 49 50 51+--------------------------+ 52| INTRODUCTION AND EXAMPLE | 53+--------------------------+ 54 55Configuration files are contained in the subdirectory "cf", with a 56suffix ".mc". They must be run through "m4" to produce a ".cf" file. 57You must pre-load "cf.m4": 58 59 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 60 61Alternatively, you can simply: 62 63 cd ${CFDIR}/cf 64 ./Build config.cf 65 66where ${CFDIR} is the root of the cf directory and config.mc is the 67name of your configuration file. If you are running a version of M4 68that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 69this, but the versions distributed with 4.4BSD and derivatives do not) 70or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 71For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 72use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 73 74 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 75 76Let's examine a typical .mc file: 77 78 divert(-1) 79 # 80 # Copyright (c) 1998-2005 Proofpoint, Inc. and its suppliers. 81 # All rights reserved. 82 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 83 # Copyright (c) 1988, 1993 84 # The Regents of the University of California. All rights reserved. 85 # 86 # By using this file, you agree to the terms and conditions set 87 # forth in the LICENSE file which can be found at the top level of 88 # the sendmail distribution. 89 # 90 91 # 92 # This is a Berkeley-specific configuration file for HP-UX 9.x. 93 # It applies only to the Computer Science Division at Berkeley, 94 # and should not be used elsewhere. It is provided on the sendmail 95 # distribution as a sample only. To create your own configuration 96 # file, create an appropriate domain file in ../domain, change the 97 # `DOMAIN' macro below to reference that file, and copy the result 98 # to a name of your own choosing. 99 # 100 divert(0) 101 102The divert(-1) will delete the crud in the resulting output file. 103The copyright notice can be replaced by whatever your lawyers require; 104our lawyers require the one that is included in these files. A copyleft 105is a copyright by another name. The divert(0) restores regular output. 106 107 VERSIONID(`<SCCS or RCS version id>') 108 109VERSIONID is a macro that stuffs the version information into the 110resulting file. You could use SCCS, RCS, CVS, something else, or 111omit it completely. This is not the same as the version id included 112in SMTP greeting messages -- this is defined in m4/version.m4. 113 114 OSTYPE(`hpux9')dnl 115 116You must specify an OSTYPE to properly configure things such as the 117pathname of the help and status files, the flags needed for the local 118mailer, and other important things. If you omit it, you will get an 119error when you try to build the configuration. Look at the ostype 120directory for the list of known operating system types. 121 122 DOMAIN(`CS.Berkeley.EDU')dnl 123 124This example is specific to the Computer Science Division at Berkeley. 125You can use "DOMAIN(`generic')" to get a sufficiently bland definition 126that may well work for you, or you can create a customized domain 127definition appropriate for your environment. 128 129 MAILER(`local') 130 MAILER(`smtp') 131 132These describe the mailers used at the default CS site. The local 133mailer is always included automatically. Beware: MAILER declarations 134should only be followed by LOCAL_* sections. The general rules are 135that the order should be: 136 137 VERSIONID 138 OSTYPE 139 DOMAIN 140 FEATURE 141 local macro definitions 142 MAILER 143 LOCAL_CONFIG 144 LOCAL_RULE_* 145 LOCAL_RULESETS 146 147There are a few exceptions to this rule. Local macro definitions which 148influence a FEATURE() should be done before that feature. For example, 149a define(`PROCMAIL_MAILER_PATH', ...) should be done before 150FEATURE(`local_procmail'). 151 152******************************************************************* 153*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 154*** Berkeley-specific assumptions built in, such as the name *** 155*** of their UUCP-relay. You'll want to create your own *** 156*** domain description, and use that in place of *** 157*** domain/Berkeley.EDU.m4. *** 158******************************************************************* 159 160 161Note: 162Some rulesets, features, and options are only useful if the sendmail 163binary has been compiled with the appropriate options, e.g., the 164ruleset tls_server is only invoked if sendmail has been compiled 165with STARTTLS. This is usually obvious from the context and hence 166not further specified here. 167There are also so called "For Future Releases" (FFR) compile time 168options which might be included in a subsequent version or might 169simply be removed as they turned out not to be really useful. 170These are generally not documented but if they are, then the required 171compile time options are listed in doc/op/op.* for rulesets and 172macros, and for mc/cf specific options they are usually listed here. 173In addition to compile time options for the sendmail binary, there 174can also be FFRs for mc/cf which in general can be enabled when the 175configuration file is generated by defining them at the top of your 176.mc file: 177 178define(`_FFR_NAME_HERE', 1) 179 180 181+----------------------------+ 182| A BRIEF INTRODUCTION TO M4 | 183+----------------------------+ 184 185Sendmail uses the M4 macro processor to ``compile'' the configuration 186files. The most important thing to know is that M4 is stream-based, 187that is, it doesn't understand about lines. For this reason, in some 188places you may see the word ``dnl'', which stands for ``delete 189through newline''; essentially, it deletes all characters starting 190at the ``dnl'' up to and including the next newline character. In 191most cases sendmail uses this only to avoid lots of unnecessary 192blank lines in the output. 193 194Other important directives are define(A, B) which defines the macro 195``A'' to have value ``B''. Macros are expanded as they are read, so 196one normally quotes both values to prevent expansion. For example, 197 198 define(`SMART_HOST', `smart.foo.com') 199 200One word of warning: M4 macros are expanded even in lines that appear 201to be comments. For example, if you have 202 203 # See FEATURE(`foo') above 204 205it will not do what you expect, because the FEATURE(`foo') will be 206expanded. This also applies to 207 208 # And then define the $X macro to be the return address 209 210because ``define'' is an M4 keyword. If you want to use them, surround 211them with directed quotes, `like this'. 212 213Since m4 uses single quotes (opening "`" and closing "'") to quote 214arguments, those quotes can't be used in arguments. For example, 215it is not possible to define a rejection message containing a single 216quote. Usually there are simple workarounds by changing those 217messages; in the worst case it might be ok to change the value 218directly in the generated .cf file, which however is not advised. 219 220 221Notice: 222------- 223 224This package requires a post-V7 version of m4; if you are running the 2254.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or 226BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works. 227Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a 228Net/2 or GNU version. GNU m4 is available from 229ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version). 230EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU 231m4 on this platform. 232 233 234+----------------+ 235| FILE LOCATIONS | 236+----------------+ 237 238sendmail 8.9 has introduced a new configuration directory for sendmail 239related files, /etc/mail. The new files available for sendmail 8.9 -- 240the class {R} /etc/mail/relay-domains and the access database 241/etc/mail/access -- take advantage of this new directory. Beginning with 2428.10, all files will use this directory by default (some options may be 243set by OSTYPE() files). This new directory should help to restore 244uniformity to sendmail's file locations. 245 246Below is a table of some of the common changes: 247 248Old filename New filename 249------------ ------------ 250/etc/bitdomain /etc/mail/bitdomain 251/etc/domaintable /etc/mail/domaintable 252/etc/genericstable /etc/mail/genericstable 253/etc/uudomain /etc/mail/uudomain 254/etc/virtusertable /etc/mail/virtusertable 255/etc/userdb /etc/mail/userdb 256 257/etc/aliases /etc/mail/aliases 258/etc/sendmail/aliases /etc/mail/aliases 259/etc/ucbmail/aliases /etc/mail/aliases 260/usr/adm/sendmail/aliases /etc/mail/aliases 261/usr/lib/aliases /etc/mail/aliases 262/usr/lib/mail/aliases /etc/mail/aliases 263/usr/ucblib/aliases /etc/mail/aliases 264 265/etc/sendmail.cw /etc/mail/local-host-names 266/etc/mail/sendmail.cw /etc/mail/local-host-names 267/etc/sendmail/sendmail.cw /etc/mail/local-host-names 268 269/etc/sendmail.ct /etc/mail/trusted-users 270 271/etc/sendmail.oE /etc/mail/error-header 272 273/etc/sendmail.hf /etc/mail/helpfile 274/etc/mail/sendmail.hf /etc/mail/helpfile 275/usr/ucblib/sendmail.hf /etc/mail/helpfile 276/etc/ucbmail/sendmail.hf /etc/mail/helpfile 277/usr/lib/sendmail.hf /etc/mail/helpfile 278/usr/share/lib/sendmail.hf /etc/mail/helpfile 279/usr/share/misc/sendmail.hf /etc/mail/helpfile 280/share/misc/sendmail.hf /etc/mail/helpfile 281 282/etc/service.switch /etc/mail/service.switch 283 284/etc/sendmail.st /etc/mail/statistics 285/etc/mail/sendmail.st /etc/mail/statistics 286/etc/mailer/sendmail.st /etc/mail/statistics 287/etc/sendmail/sendmail.st /etc/mail/statistics 288/usr/lib/sendmail.st /etc/mail/statistics 289/usr/ucblib/sendmail.st /etc/mail/statistics 290 291Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR 292to create the pathnames. The default value of this variable is 293`/etc/mail/'. If you set this macro to a different value, you MUST include 294a trailing slash. 295 296Notice: all filenames used in a .mc (or .cf) file should be absolute 297(starting at the root, i.e., with '/'). Relative filenames most 298likely cause surprises during operations (unless otherwise noted). 299 300 301+--------+ 302| OSTYPE | 303+--------+ 304 305You MUST define an operating system environment, or the configuration 306file build will puke. There are several environments available; look 307at the "ostype" directory for the current list. This macro changes 308things like the location of the alias file and queue directory. Some 309of these files are identical to one another. 310 311It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 312In general, the OSTYPE macro should go immediately after any version 313information, and MAILER definitions should always go last. 314 315Operating system definitions are usually easy to write. They may define 316the following variables (everything defaults, so an ostype file may be 317empty). Unfortunately, the list of configuration-supported systems is 318not as broad as the list of source-supported systems, since many of 319the source contributors do not include corresponding ostype files. 320 321ALIAS_FILE [/etc/mail/aliases] The location of the text version 322 of the alias file(s). It can be a comma-separated 323 list of names (but be sure you quote values with 324 commas in them -- for example, use 325 define(`ALIAS_FILE', `a,b') 326 to get "a" and "b" both listed as alias files; 327 otherwise the define() primitive only sees "a"). 328HELP_FILE [/etc/mail/helpfile] The name of the file 329 containing information printed in response to 330 the SMTP HELP command. 331QUEUE_DIR [/var/spool/mqueue] The directory containing 332 queue files. To use multiple queues, supply 333 a value ending with an asterisk. For 334 example, /var/spool/mqueue/qd* will use all of the 335 directories or symbolic links to directories 336 beginning with 'qd' in /var/spool/mqueue as queue 337 directories. The names 'qf', 'df', and 'xf' are 338 reserved as specific subdirectories for the 339 corresponding queue file types as explained in 340 doc/op/op.me. See also QUEUE GROUP DEFINITIONS. 341MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing 342 queue files for the MSP (Mail Submission Program, 343 see sendmail/SECURITY). 344STATUS_FILE [/etc/mail/statistics] The file containing status 345 information. 346LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 347LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The 348 flags lsDFMAw5:/|@q are always included. 349LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 350 mail. 351LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 352 mail that you are willing to accept. 353LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of 354 messages to deliver in a single connection. Only 355 useful for LMTP local mailers. 356LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 357 that ARRIVE from an address that resolves to the 358 local mailer and which are converted to MIME will be 359 labeled with this character set. 360LOCAL_MAILER_EOL [undefined] If defined, the string to use as the 361 end of line for the local mailer. 362LOCAL_MAILER_DSN_DIAGNOSTIC_CODE 363 [X-Unix] The DSN Diagnostic-Code value for the 364 local mailer. This should be changed with care. 365LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 366LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 367 flags lsDFM are always included. 368LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 369 mail. 370LOCAL_SHELL_DIR [$z:/] The directory search path in which the 371 shell should run. 372LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer. 373USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 374 used to submit news. 375USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer. 376USENET_MAILER_ARGS [-m -h -n] The command line arguments for the 377 usenet mailer. NOTE: Some versions of inews 378 (such as those shipped with newer versions of INN) 379 use different flags. Double check the defaults 380 against the inews man page. 381USENET_MAILER_MAX [undefined] The maximum size of messages that will 382 be accepted by the usenet mailer. 383USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer. 384SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 385 flags are `mDFMuX' for all SMTP-based mailers; the 386 "esmtp" mailer adds `a'; "smtp8" adds `8'; and 387 "dsmtp" adds `%'. 388RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default 389 flags are `mDFMuX' for all SMTP-based mailers; the 390 relay mailer adds `a8'. If this is not defined, 391 then SMTP_MAILER_FLAGS is used. 392SMTP_MAILER_MAX [undefined] The maximum size of messages that will 393 be transported using the smtp, smtp8, esmtp, or dsmtp 394 mailers. 395SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of 396 messages to deliver in a single connection for the 397 smtp, smtp8, esmtp, or dsmtp mailers. 398SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 399 recipients to deliver in a single envelope for the 400 smtp, smtp8, esmtp, or dsmtp mailers. 401SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. 402 About the only reason you would want to change this 403 would be to change the default port. 404ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. 405SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. 406DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. 407RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. 408SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer. 409ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer. 410SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer. 411DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer. 412RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer. 413RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of 414 messages to deliver in a single connection for the 415 relay mailer. 416SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 417 that ARRIVE from an address that resolves to one of 418 the SMTP mailers and which are converted to MIME will 419 be labeled with this character set. 420RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 421 that ARRIVE from an address that resolves to the 422 relay mailers and which are converted to MIME will 423 be labeled with this character set. 424SMTP_MAILER_LL [990] The maximum line length for SMTP mailers 425 (except the relay mailer). 426RELAY_MAILER_LL [2040] The maximum line length for the relay mailer. 427UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 428UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 429 flags are `DFMhuU' (and `m' for uucp-new mailer, 430 minus `U' for uucp-dom mailer). 431UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 432 passed to the UUCP mailer. 433UUCP_MAILER_MAX [100000] The maximum size message accepted for 434 transmission by the UUCP mailers. 435UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 436 that ARRIVE from an address that resolves to one of 437 the UUCP mailers and which are converted to MIME will 438 be labeled with this character set. 439UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers. 440FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 441 submit FAX messages. 442FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 443 mailer. 444FAX_MAILER_MAX [100000] The maximum size message accepted for 445 transmission by FAX. 446POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 447POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq 448 are always added. 449POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 450POP_MAILER_QGRP [undefined] The queue group for the pop mailer. 451PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 452 program. This is also used by 453 FEATURE(`local_procmail'). 454PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 455 DFM are always set. This is NOT used by 456 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 457 instead. 458PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 459 the Procmail mailer. This is NOT used by 460 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 461 instead. 462PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 463 will be accepted by the procmail mailer. 464PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer. 465MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 466MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 467MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 468 mailer. 469MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer. 470PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 471 program. 472PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM 473 are always set. 474PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 475PH_MAILER_QGRP [undefined] The queue group for the ph mailer. 476CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The 477 flags lsDFMnPq are always included. 478CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 479 cyrus mail. 480CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 481 to deliver cyrus mail. 482CYRUS_MAILER_MAX [undefined] If set, the maximum size message that 483 will be accepted by the cyrus mailer. 484CYRUS_MAILER_USER [cyrus:mail] The user and group to become when 485 running the cyrus mailer. 486CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer. 487CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. 488 The flags lsDFMnP are always included. 489CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 490 to deliver cyrusbb mail. 491CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The 492 flags lsDFMnqXz are always included. 493CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of 494 messages to deliver in a single connection for the 495 cyrusv2 mailer. 496CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 497 recipients to deliver in a single connection for the 498 cyrusv2 mailer. 499CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed 500 to the cyrusv2 mailer. This can be used to 501 change the name of the Unix domain socket, or 502 to switch to delivery via TCP (e.g., `TCP $h lmtp') 503CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer. 504CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 505 that ARRIVE from an address that resolves to one the 506 Cyrus mailer and which are converted to MIME will 507 be labeled with this character set. 508confEBINDIR [/usr/libexec] The directory for executables. 509 Currently used for FEATURE(`local_lmtp') and 510 FEATURE(`smrsh'). 511QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer. 512QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver 513 qpage mail. 514QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed 515 to deliver qpage mail. 516QPAGE_MAILER_MAX [4096] If set, the maximum size message that 517 will be accepted by the qpage mailer. 518QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer. 519LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer. 520 521Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: 522MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part 523of the macro Name_MAILER_FLAGS (note: that means Name is entirely in 524upper case) and change can be: flags that should be used directly 525(thus overriding the default value), or if it starts with `+' (`-') 526then those flags are added to (removed from) the default value. 527Example: 528 529 MODIFY_MAILER_FLAGS(`LOCAL', `+e') 530 531will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are 532several smtp mailers all of which are manipulated individually. 533See the section MAILERS for the available mailer names. 534WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS 535unconditionally, i.e., without respecting any definitions in an 536OSTYPE setting. 537 538 539+---------+ 540| DOMAINS | 541+---------+ 542 543You will probably want to collect domain-dependent defines into one 544file, referenced by the DOMAIN macro. For example, the Berkeley 545domain file includes definitions for several internal distinguished 546hosts: 547 548UUCP_RELAY The host that will accept UUCP-addressed email. 549 If not defined, all UUCP sites must be directly 550 connected. 551BITNET_RELAY The host that will accept BITNET-addressed email. 552 If not defined, the .BITNET pseudo-domain won't work. 553DECNET_RELAY The host that will accept DECNET-addressed email. 554 If not defined, the .DECNET pseudo-domain and addresses 555 of the form node::user will not work. 556FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 557 The "fax" mailer overrides this value. 558LOCAL_RELAY The site that will handle unqualified names -- that 559 is, names without an @domain extension. 560 Normally MAIL_HUB is preferred for this function. 561 LOCAL_RELAY is mostly useful in conjunction with 562 FEATURE(`stickyhost') -- see the discussion of 563 stickyhost below. If not set, they are assumed to 564 belong on this machine. This allows you to have a 565 central site to store a company- or department-wide 566 alias database. This only works at small sites, 567 and only with some user agents. 568LUSER_RELAY The site that will handle lusers -- that is, apparently 569 local names that aren't local accounts or aliases. To 570 specify a local user instead of a site, set this to 571 ``local:username''. 572 573Any of these can be either ``mailer:hostname'' (in which case the 574mailer is the internal mailer name, such as ``uucp-new'' and the hostname 575is the name of the host as appropriate for that mailer) or just a 576``hostname'', in which case a default mailer type (usually ``relay'', 577a variant on SMTP) is used. WARNING: if you have a wildcard MX 578record matching your domain, you probably want to define these to 579have a trailing dot so that you won't get the mail diverted back 580to yourself. 581 582The domain file can also be used to define a domain name, if needed 583(using "DD<domain>") and set certain site-wide features. If all hosts 584at your site masquerade behind one email name, you could also use 585MASQUERADE_AS here. 586 587You do not have to define a domain -- in particular, if you are a 588single machine sitting off somewhere, it is probably more work than 589it's worth. This is just a mechanism for combining "domain dependent 590knowledge" into one place. 591 592 593+---------+ 594| MAILERS | 595+---------+ 596 597There are fewer mailers supported in this version than the previous 598version, owing mostly to a simpler world. As a general rule, put the 599MAILER definitions last in your .mc file. 600 601local The local and prog mailers. You will almost always 602 need these; the only exception is if you relay ALL 603 your mail to another site. This mailer is included 604 automatically. 605 606smtp The Simple Mail Transport Protocol mailer. This does 607 not hide hosts behind a gateway or another other 608 such hack; it assumes a world where everyone is 609 running the name server. This file actually defines 610 five mailers: "smtp" for regular (old-style) SMTP to 611 other servers, "esmtp" for extended SMTP to other 612 servers, "smtp8" to do SMTP to other servers without 613 converting 8-bit data to MIME (essentially, this is 614 your statement that you know the other end is 8-bit 615 clean even if it doesn't say so), "dsmtp" to do on 616 demand delivery, and "relay" for transmission to the 617 RELAY_HOST, LUSER_RELAY, or MAIL_HUB. 618 619uucp The UNIX-to-UNIX Copy Program mailer. Actually, this 620 defines two mailers, "uucp-old" (a.k.a. "uucp") and 621 "uucp-new" (a.k.a. "suucp"). The latter is for when you 622 know that the UUCP mailer at the other end can handle 623 multiple recipients in one transfer. If the smtp mailer 624 is included in your configuration, two other mailers 625 ("uucp-dom" and "uucp-uudom") are also defined [warning: you 626 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you 627 include the uucp mailer, sendmail looks for all names in 628 class {U} and sends them to the uucp-old mailer; all 629 names in class {Y} are sent to uucp-new; and all 630 names in class {Z} are sent to uucp-uudom. Note that 631 this is a function of what version of rmail runs on 632 the receiving end, and hence may be out of your control. 633 See the section below describing UUCP mailers in more 634 detail. 635 636usenet Usenet (network news) delivery. If this is specified, 637 an extra rule is added to ruleset 0 that forwards all 638 local email for users named ``group.usenet'' to the 639 ``inews'' program. Note that this works for all groups, 640 and may be considered a security problem. 641 642fax Facsimile transmission. This is experimental and based 643 on Sam Leffler's HylaFAX software. For more information, 644 see http://www.hylafax.org/. 645 646pop Post Office Protocol. 647 648procmail An interface to procmail (does not come with sendmail). 649 This is designed to be used in mailertables. For example, 650 a common question is "how do I forward all mail for a given 651 domain to a single person?". If you have this mailer 652 defined, you could set up a mailertable reading: 653 654 host.com procmail:/etc/procmailrcs/host.com 655 656 with the file /etc/procmailrcs/host.com reading: 657 658 :0 # forward mail for host.com 659 ! -oi -f $1 person@other.host 660 661 This would arrange for (anything)@host.com to be sent 662 to person@other.host. In a procmail script, $1 is the 663 name of the sender and $2 is the name of the recipient. 664 If you use this with FEATURE(`local_procmail'), the FEATURE 665 should be listed first. 666 667 Of course there are other ways to solve this particular 668 problem, e.g., a catch-all entry in a virtusertable. 669 670mail11 The DECnet mail11 mailer, useful only if you have the mail11 671 program from gatekeeper.dec.com:/pub/DEC/gwtools (and 672 DECnet, of course). This is for Phase IV DECnet support; 673 if you have Phase V at your site you may have additional 674 problems. 675 676phquery The phquery program. This is somewhat counterintuitively 677 referenced as the "ph" mailer internally. It can be used 678 to do CCSO name server lookups. The phquery program, which 679 this mailer uses, is distributed with the ph client. 680 681cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 682 a local cyrus user. this mailer can make use of the 683 "user+detail@local.host" syntax (see 684 FEATURE(`preserve_local_plus_detail')); it will deliver the 685 mail to the user's "detail" mailbox if the mailbox's ACL 686 permits. The cyrusbb mailer delivers to a system-wide 687 cyrus mailbox if the mailbox's ACL permits. The cyrus 688 mailer must be defined after the local mailer. 689 690cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to 691 local cyrus users via LMTP. This mailer can make use of the 692 "user+detail@local.host" syntax (see 693 FEATURE(`preserve_local_plus_detail')); it will deliver the 694 mail to the user's "detail" mailbox if the mailbox's ACL 695 permits. The cyrusv2 mailer must be defined after the 696 local mailer. 697 698qpage A mailer for QuickPage, a pager interface. See 699 http://www.qpage.org/ for further information. 700 701The local mailer accepts addresses of the form "user+detail", where 702the "+detail" is not used for mailbox matching but is available 703to certain local mail programs (in particular, see 704FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 705"eric+sww" all indicate the same user, but additional arguments <null>, 706"sendmail", and "sww" may be provided for use in sorting mail. 707 708 709+----------+ 710| FEATURES | 711+----------+ 712 713Special features can be requested using the "FEATURE" macro. For 714example, the .mc line: 715 716 FEATURE(`use_cw_file') 717 718tells sendmail that you want to have it read an /etc/mail/local-host-names 719file to get values for class {w}. A FEATURE may contain up to 9 720optional parameters -- for example: 721 722 FEATURE(`mailertable', `dbm /usr/lib/mailertable') 723 724The default database map type for the table features can be set with 725 726 define(`DATABASE_MAP_TYPE', `dbm') 727 728which would set it to use ndbm databases. The default is the Berkeley DB 729hash database format. Note that you must still declare a database map type 730if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 731if no argument is given for the FEATURE. It must be specified before any 732feature that uses a map. 733 734Also, features which can take a map definition as an argument can also take 735the special keyword `LDAP'. If that keyword is used, the map will use the 736LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND 737CLASSES'' section below. 738 739Available features are: 740 741use_cw_file Read the file /etc/mail/local-host-names file to get 742 alternate names for this host. This might be used if you 743 were on a host that MXed for a dynamic set of other hosts. 744 If the set is static, just including the line "Cw<name1> 745 <name2> ..." (where the names are fully qualified domain 746 names) is probably superior. The actual filename can be 747 overridden by redefining confCW_FILE. 748 749use_ct_file Read the file /etc/mail/trusted-users file to get the 750 names of users that will be ``trusted'', that is, able to 751 set their envelope from address using -f without generating 752 a warning message. The actual filename can be overridden 753 by redefining confCT_FILE. 754 755redirect Reject all mail addressed to "address.REDIRECT" with 756 a ``551 User has moved; please try <address>'' message. 757 If this is set, you can alias people who have left 758 to their new address with ".REDIRECT" appended. 759 760nouucp Don't route UUCP addresses. This feature takes one 761 parameter: 762 `reject': reject addresses which have "!" in the local 763 part unless it originates from a system 764 that is allowed to relay. 765 `nospecial': don't do anything special with "!". 766 Warnings: 1. See the notice in the anti-spam section. 767 2. don't remove "!" from OperatorChars if `reject' is 768 given as parameter. 769 770nopercenthack Don't treat % as routing character. This feature takes one 771 parameter: 772 `reject': reject addresses which have % in the local 773 part unless it originates from a system 774 that is allowed to relay. 775 `nospecial': don't do anything special with %. 776 Warnings: 1. See the notice in the anti-spam section. 777 2. Don't remove % from OperatorChars if `reject' is 778 given as parameter. 779 780nocanonify Don't pass addresses to $[ ... $] for canonification 781 by default, i.e., host/domain names are considered canonical, 782 except for unqualified names, which must not be used in this 783 mode (violation of the standard). It can be changed by 784 setting the DaemonPortOptions modifiers (M=). That is, 785 FEATURE(`nocanonify') will be overridden by setting the 786 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, 787 it can be emulated by setting the 'C' flag 788 (DaemonPortOptions=Modifiers=C). This would generally only 789 be used by sites that only act as mail gateways or which have 790 user agents that do full canonification themselves. You may 791 also want to use 792 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off 793 the usual resolver options that do a similar thing. 794 795 An exception list for FEATURE(`nocanonify') can be 796 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 797 i.e., a list of domains which are nevertheless passed to 798 $[ ... $] for canonification. This is useful to turn on 799 canonification for local domains, e.g., use 800 CANONIFY_DOMAIN(`my.domain my') to canonify addresses 801 which end in "my.domain" or "my". 802 Another way to require canonification in the local 803 domain is CANONIFY_DOMAIN(`$=m'). 804 805 A trailing dot is added to addresses with more than 806 one component in it such that other features which 807 expect a trailing dot (e.g., virtusertable) will 808 still work. 809 810 If `canonify_hosts' is specified as parameter, i.e., 811 FEATURE(`nocanonify', `canonify_hosts'), then 812 addresses which have only a hostname, e.g., 813 <user@host>, will be canonified (and hopefully fully 814 qualified), too. 815 816stickyhost This feature is sometimes used with LOCAL_RELAY, 817 although it can be used for a different effect with 818 MAIL_HUB. 819 820 When used without MAIL_HUB, email sent to 821 "user@local.host" are marked as "sticky" -- that 822 is, the local addresses aren't matched against UDB, 823 don't go through ruleset 5, and are not forwarded to 824 the LOCAL_RELAY (if defined). 825 826 With MAIL_HUB, mail addressed to "user@local.host" 827 is forwarded to the mail hub, with the envelope 828 address still remaining "user@local.host". 829 Without stickyhost, the envelope would be changed 830 to "user@mail_hub", in order to protect against 831 mailing loops. 832 833mailertable Include a "mailer table" which can be used to override 834 routing for particular domains (which are not in class {w}, 835 i.e. local host names). The argument of the FEATURE may be 836 the key definition. If none is specified, the definition 837 used is: 838 839 hash /etc/mail/mailertable 840 841 Keys in this database are fully qualified domain names 842 or partial domains preceded by a dot -- for example, 843 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a 844 special case of the latter, "." matches any domain not 845 covered by other keys. Values must be of the form: 846 mailer:domain 847 where "mailer" is the internal mailer name, and "domain" 848 is where to send the message. These maps are not 849 reflected into the message header. As a special case, 850 the forms: 851 local:user 852 will forward to the indicated user using the local mailer, 853 local: 854 will forward to the original user in the e-mail address 855 using the local mailer, and 856 error:code message 857 error:D.S.N:code message 858 will give an error message with the indicated SMTP reply 859 code and message, where D.S.N is an RFC 1893 compliant 860 error code. 861 862domaintable Include a "domain table" which can be used to provide 863 domain name mapping. Use of this should really be 864 limited to your own domains. It may be useful if you 865 change names (e.g., your company changes names from 866 oldname.com to newname.com). The argument of the 867 FEATURE may be the key definition. If none is specified, 868 the definition used is: 869 870 hash /etc/mail/domaintable 871 872 The key in this table is the domain name; the value is 873 the new (fully qualified) domain. Anything in the 874 domaintable is reflected into headers; that is, this 875 is done in ruleset 3. 876 877bitdomain Look up bitnet hosts in a table to try to turn them into 878 internet addresses. The table can be built using the 879 bitdomain program contributed by John Gardiner Myers. 880 The argument of the FEATURE may be the key definition; if 881 none is specified, the definition used is: 882 883 hash /etc/mail/bitdomain 884 885 Keys are the bitnet hostname; values are the corresponding 886 internet hostname. 887 888uucpdomain Similar feature for UUCP hosts. The default map definition 889 is: 890 891 hash /etc/mail/uudomain 892 893 At the moment there is no automagic tool to build this 894 database. 895 896always_add_domain 897 Include the local host domain even on locally delivered 898 mail. Normally it is not added on unqualified names. 899 However, if you use a shared message store but do not use 900 the same user name space everywhere, you may need the host 901 name on local names. An optional argument specifies 902 another domain to be added than the local. 903 904allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 905 feature will cause recipient addresses to also masquerade 906 as being from the masquerade host. Normally they get 907 the local hostname. Although this may be right for 908 ordinary users, it can break local aliases. For example, 909 if you send to "localalias", the originating sendmail will 910 find that alias and send to all members, but send the 911 message with "To: localalias@masqueradehost". Since that 912 alias likely does not exist, replies will fail. Use this 913 feature ONLY if you can guarantee that the ENTIRE 914 namespace on your masquerade host supersets all the 915 local entries. 916 917limited_masquerade 918 Normally, any hosts listed in class {w} are masqueraded. If 919 this feature is given, only the hosts listed in class {M} (see 920 below: MASQUERADE_DOMAIN) are masqueraded. This is useful 921 if you have several domains with disjoint namespaces hosted 922 on the same machine. 923 924masquerade_entire_domain 925 If masquerading is enabled (using MASQUERADE_AS) and 926 MASQUERADE_DOMAIN (see below) is set, this feature will 927 cause addresses to be rewritten such that the masquerading 928 domains are actually entire domains to be hidden. All 929 hosts within the masquerading domains will be rewritten 930 to the masquerade name (used in MASQUERADE_AS). For example, 931 if you have: 932 933 MASQUERADE_AS(`masq.com') 934 MASQUERADE_DOMAIN(`foo.org') 935 MASQUERADE_DOMAIN(`bar.com') 936 937 then *foo.org and *bar.com are converted to masq.com. Without 938 this feature, only foo.org and bar.com are masqueraded. 939 940 NOTE: only domains within your jurisdiction and 941 current hierarchy should be masqueraded using this. 942 943local_no_masquerade 944 This feature prevents the local mailer from masquerading even 945 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect 946 on addresses of mail going outside the local domain. 947 948masquerade_envelope 949 If masquerading is enabled (using MASQUERADE_AS) or the 950 genericstable is in use, this feature will cause envelope 951 addresses to also masquerade as being from the masquerade 952 host. Normally only the header addresses are masqueraded. 953 954genericstable This feature will cause unqualified addresses (i.e., without 955 a domain) and addresses with a domain listed in class {G} 956 to be looked up in a map and turned into another ("generic") 957 form, which can change both the domain name and the user name. 958 Notice: if you use an MSP (as it is default starting with 959 8.12), the MTA will only receive qualified addresses from the 960 MSP (as required by the RFCs). Hence you need to add your 961 domain to class {G}. This feature is similar to the userdb 962 functionality. The same types of addresses as for 963 masquerading are looked up, i.e., only header sender 964 addresses unless the allmasquerade and/or masquerade_envelope 965 features are given. Qualified addresses must have the domain 966 part in class {G}; entries can be added to this class by the 967 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously 968 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 969 970 The argument of FEATURE(`genericstable') may be the map 971 definition; the default map definition is: 972 973 hash /etc/mail/genericstable 974 975 The key for this table is either the full address, the domain 976 (with a leading @; the localpart is passed as first argument) 977 or the unqualified username (tried in the order mentioned); 978 the value is the new user address. If the new user address 979 does not include a domain, it will be qualified in the standard 980 manner, i.e., using $j or the masquerade name. Note that the 981 address being looked up must be fully qualified. For local 982 mail, it is necessary to use FEATURE(`always_add_domain') 983 for the addresses to be qualified. 984 The "+detail" of an address is passed as %1, so entries like 985 986 old+*@foo.org new+%1@example.com 987 gen+*@foo.org %1@example.com 988 989 and other forms are possible. 990 991generics_entire_domain 992 If the genericstable is enabled and GENERICS_DOMAIN or 993 GENERICS_DOMAIN_FILE is used, this feature will cause 994 addresses to be searched in the map if their domain 995 parts are subdomains of elements in class {G}. 996 997virtusertable A domain-specific form of aliasing, allowing multiple 998 virtual domains to be hosted on one machine. For example, 999 if the virtuser table contains: 1000 1001 info@foo.com foo-info 1002 info@bar.com bar-info 1003 joe@bar.com error:nouser 550 No such user here 1004 jax@bar.com error:5.7.0:550 Address invalid 1005 @baz.org jane@example.net 1006 1007 then mail addressed to info@foo.com will be sent to the 1008 address foo-info, mail addressed to info@bar.com will be 1009 delivered to bar-info, and mail addressed to anyone at baz.org 1010 will be sent to jane@example.net, mail to joe@bar.com will 1011 be rejected with the specified error message, and mail to 1012 jax@bar.com will also have a RFC 1893 compliant error code 1013 5.7.0. 1014 1015 The username from the original address is passed 1016 as %1 allowing: 1017 1018 @foo.org %1@example.com 1019 1020 meaning someone@foo.org will be sent to someone@example.com. 1021 Additionally, if the local part consists of "user+detail" 1022 then "detail" is passed as %2 and "+detail" is passed as %3 1023 when a match against user+* is attempted, so entries like 1024 1025 old+*@foo.org new+%2@example.com 1026 gen+*@foo.org %2@example.com 1027 +*@foo.org %1%3@example.com 1028 X++@foo.org Z%3@example.com 1029 @bar.org %1%3 1030 1031 and other forms are possible. Note: to preserve "+detail" 1032 for a default case (@domain) %1%3 must be used as RHS. 1033 There are two wildcards after "+": "+" matches only a non-empty 1034 detail, "*" matches also empty details, e.g., user+@foo.org 1035 matches +*@foo.org but not ++@foo.org. This can be used 1036 to ensure that the parameters %2 and %3 are not empty. 1037 1038 All the host names on the left hand side (foo.com, bar.com, 1039 and baz.org) must be in class {w} or class {VirtHost}. The 1040 latter can be defined by the macros VIRTUSER_DOMAIN or 1041 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1042 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or 1043 VIRTUSER_DOMAIN_FILE is used, then the entries of class 1044 {VirtHost} are added to class {R}, i.e., relaying is allowed 1045 to (and from) those domains, which by default includes also 1046 all subdomains (see relay_hosts_only). The default map 1047 definition is: 1048 1049 hash /etc/mail/virtusertable 1050 1051 A new definition can be specified as the second argument of 1052 the FEATURE macro, such as 1053 1054 FEATURE(`virtusertable', `dbm /etc/mail/virtusers') 1055 1056virtuser_entire_domain 1057 If the virtusertable is enabled and VIRTUSER_DOMAIN or 1058 VIRTUSER_DOMAIN_FILE is used, this feature will cause 1059 addresses to be searched in the map if their domain 1060 parts are subdomains of elements in class {VirtHost}. 1061 1062ldap_routing Implement LDAP-based e-mail recipient routing according to 1063 the Internet Draft draft-lachman-laser-ldap-mail-routing-01. 1064 This provides a method to re-route addresses with a 1065 domain portion in class {LDAPRoute} to either a 1066 different mail host or a different address. Hosts can 1067 be added to this class using LDAPROUTE_DOMAIN and 1068 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1069 MASQUERADE_DOMAIN_FILE, see below). 1070 1071 See the LDAP ROUTING section below for more information. 1072 1073nullclient This is a special case -- it creates a configuration file 1074 containing nothing but support for forwarding all mail to a 1075 central hub via a local SMTP-based network. The argument 1076 is the name of that hub. 1077 1078 The only other feature that should be used in conjunction 1079 with this one is FEATURE(`nocanonify'). No mailers 1080 should be defined. No aliasing or forwarding is done. 1081 1082local_lmtp Use an LMTP capable local mailer. The argument to this 1083 feature is the pathname of an LMTP capable mailer. By 1084 default, mail.local is used. This is expected to be the 1085 mail.local which came with the 8.9 distribution which is 1086 LMTP capable. The path to mail.local is set by the 1087 confEBINDIR m4 variable -- making the default 1088 LOCAL_MAILER_PATH /usr/libexec/mail.local. 1089 If a different LMTP capable mailer is used, its pathname 1090 can be specified as second parameter and the arguments 1091 passed to it (A=) as third parameter, e.g., 1092 1093 FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp') 1094 1095 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1096 i.e., without respecting any definitions in an OSTYPE setting. 1097 1098local_procmail Use procmail or another delivery agent as the local mailer. 1099 The argument to this feature is the pathname of the 1100 delivery agent, which defaults to PROCMAIL_MAILER_PATH. 1101 Note that this does NOT use PROCMAIL_MAILER_FLAGS or 1102 PROCMAIL_MAILER_ARGS for the local mailer; tweak 1103 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or 1104 specify the appropriate parameters. When procmail is used, 1105 the local mailer can make use of the 1106 "user+indicator@local.host" syntax; normally the +indicator 1107 is just tossed, but by default it is passed as the -a 1108 argument to procmail. 1109 1110 This feature can take up to three arguments: 1111 1112 1. Path to the mailer program 1113 [default: /usr/local/bin/procmail] 1114 2. Argument vector including name of the program 1115 [default: procmail -Y -a $h -d $u] 1116 3. Flags for the mailer [default: SPfhn9] 1117 1118 Empty arguments cause the defaults to be taken. 1119 Note that if you are on a system with a broken 1120 setreuid() call, you may need to add -f $f to the procmail 1121 argument vector to pass the proper sender to procmail. 1122 1123 For example, this allows it to use the maildrop mailer 1124 instead by specifying: 1125 1126 FEATURE(`local_procmail', `/usr/local/bin/maildrop', 1127 `maildrop -d $u') 1128 1129 or scanmails using: 1130 1131 FEATURE(`local_procmail', `/usr/local/bin/scanmails') 1132 1133 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1134 i.e., without respecting any definitions in an OSTYPE setting. 1135 1136bestmx_is_local Accept mail as though locally addressed for any host that 1137 lists us as the best possible MX record. This generates 1138 additional DNS traffic, but should be OK for low to 1139 medium traffic hosts. The argument may be a set of 1140 domains, which will limit the feature to only apply to 1141 these domains -- this will reduce unnecessary DNS 1142 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 1143 WILDCARD MX RECORDS!!! If you have a wildcard MX record 1144 that matches your domain, you cannot use this feature. 1145 1146smrsh Use the SendMail Restricted SHell (smrsh) provided 1147 with the distribution instead of /bin/sh for mailing 1148 to programs. This improves the ability of the local 1149 system administrator to control what gets run via 1150 e-mail. If an argument is provided it is used as the 1151 pathname to smrsh; otherwise, the path defined by 1152 confEBINDIR is used for the smrsh binary -- by default, 1153 /usr/libexec/smrsh is assumed. 1154 1155promiscuous_relay 1156 By default, the sendmail configuration files do not permit 1157 mail relaying (that is, accepting mail from outside your 1158 local host (class {w}) and sending it to another host than 1159 your local host). This option sets your site to allow 1160 mail relaying from any site to any site. In almost all 1161 cases, it is better to control relaying more carefully 1162 with the access map, class {R}, or authentication. Domains 1163 can be added to class {R} by the macros RELAY_DOMAIN or 1164 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1165 MASQUERADE_DOMAIN_FILE, see below). 1166 1167relay_entire_domain 1168 This option allows any host in your domain as defined by 1169 class {m} to use your server for relaying. Notice: make 1170 sure that your domain is not just a top level domain, 1171 e.g., com. This can happen if you give your host a name 1172 like example.com instead of host.example.com. 1173 1174relay_hosts_only 1175 By default, names that are listed as RELAY in the access 1176 db and class {R} are treated as domain names, not host names. 1177 For example, if you specify ``foo.com'', then mail to or 1178 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 1179 will all be accepted for relaying. This feature changes 1180 the behaviour to look up individual host names only. 1181 1182relay_based_on_MX 1183 Turns on the ability to allow relaying based on the MX 1184 records of the host portion of an incoming recipient; that 1185 is, if an MX record for host foo.com points to your site, 1186 you will accept and relay mail addressed to foo.com. See 1187 description below for more information before using this 1188 feature. Also, see the KNOWNBUGS entry regarding bestmx 1189 map lookups. 1190 1191 FEATURE(`relay_based_on_MX') does not necessarily allow 1192 routing of these messages which you expect to be allowed, 1193 if route address syntax (or %-hack syntax) is used. If 1194 this is a problem, add entries to the access-table or use 1195 FEATURE(`loose_relay_check'). 1196 1197relay_mail_from 1198 Allows relaying if the mail sender is listed as RELAY in 1199 the access map. If an optional argument `domain' (this 1200 is the literal word `domain', not a placeholder) is given, 1201 relaying can be allowed just based on the domain portion 1202 of the sender address. This feature should only be used if 1203 absolutely necessary as the sender address can be easily 1204 forged. Use of this feature requires the "From:" tag to 1205 be used for the key in the access map; see the discussion 1206 of tags and FEATURE(`relay_mail_from') in the section on 1207 anti-spam configuration control. 1208 1209relay_local_from 1210 Allows relaying if the domain portion of the mail sender 1211 is a local host. This should only be used if absolutely 1212 necessary as it opens a window for spammers. Specifically, 1213 they can send mail to your mail server that claims to be 1214 from your domain (either directly or via a routed address), 1215 and you will go ahead and relay it out to arbitrary hosts 1216 on the Internet. 1217 1218accept_unqualified_senders 1219 Normally, MAIL FROM: commands in the SMTP session will be 1220 refused if the connection is a network connection and the 1221 sender address does not include a domain name. If your 1222 setup sends local mail unqualified (i.e., MAIL FROM:<joe>), 1223 you will need to use this feature to accept unqualified 1224 sender addresses. Setting the DaemonPortOptions modifier 1225 'u' overrides the default behavior, i.e., unqualified 1226 addresses are accepted even without this FEATURE. 1227 If this FEATURE is not used, the DaemonPortOptions modifier 1228 'f' can be used to enforce fully qualified addresses. 1229 1230accept_unresolvable_domains 1231 Normally, MAIL FROM: commands in the SMTP session will be 1232 refused if the host part of the argument to MAIL FROM: 1233 cannot be located in the host name service (e.g., an A or 1234 MX record in DNS). If you are inside a firewall that has 1235 only a limited view of the Internet host name space, this 1236 could cause problems. In this case you probably want to 1237 use this feature to accept all domains on input, even if 1238 they are unresolvable. 1239 1240access_db Turns on the access database feature. The access db gives 1241 you the ability to allow or refuse to accept mail from 1242 specified domains for administrative reasons. Moreover, 1243 it can control the behavior of sendmail in various situations. 1244 By default, the access database specification is: 1245 1246 hash -T<TMPF> /etc/mail/access 1247 1248 See the anti-spam configuration control section for further 1249 important information about this feature. Notice: 1250 "-T<TMPF>" is meant literal, do not replace it by anything. 1251 1252blocklist_recipients 1253 Turns on the ability to block incoming mail for certain 1254 recipient usernames, hostnames, or addresses. For 1255 example, you can block incoming mail to user nobody, 1256 host foo.mydomain.com, or guest@bar.mydomain.com. 1257 These specifications are put in the access db as 1258 described in the anti-spam configuration control section 1259 later in this document. 1260 1261delay_checks The rulesets check_mail and check_relay will not be called 1262 when a client connects or issues a MAIL command, respectively. 1263 Instead, those rulesets will be called by the check_rcpt 1264 ruleset; they will be skipped under certain circumstances. 1265 See "Delay all checks" in the anti-spam configuration control 1266 section. Note: this feature is incompatible to the versions 1267 in 8.10 and 8.11. 1268 1269check_other Enable a default check_other ruleset which terminates 1270 an SMTP session when it encounters a command which matches 1271 a regular expression given as argument. If no argument 1272 is given, then the default (to match potential headers) is: 1273 ^[[:print:]]+ *: 1274 1275use_client_ptr If this feature is enabled then check_relay will override 1276 its first argument with $&{client_ptr}. This is useful for 1277 rejections based on the unverified hostname of client, 1278 which turns on the same behavior as in earlier sendmail 1279 versions when delay_checks was not in use. See doc/op/op.* 1280 about check_relay, {client_name}, and {client_ptr}. 1281 1282dnsbl Turns on rejection, discarding, or quarantining of hosts 1283 found in a DNS based list. The first argument is used as 1284 the domain in which blocked hosts are listed. A second 1285 argument can be used to change the default error message, 1286 or select one of the operations `discard' and `quarantine'. 1287 Without that second argument, the error message will be 1288 1289 Rejected: IP-ADDRESS listed at SERVER 1290 1291 where IP-ADDRESS and SERVER are replaced by the appropriate 1292 information. By default, temporary lookup failures are 1293 ignored. This behavior can be changed by specifying a 1294 third argument, which must be either `t' or a full error 1295 message. See the anti-spam configuration control section for 1296 an example. The dnsbl feature can be included several times 1297 to query different DNS based rejection lists. See also 1298 enhdnsbl for an enhanced version. 1299 1300 Set the DNSBL_MAP mc option to change the default map 1301 definition from `host'. Set the DNSBL_MAP_OPT mc option 1302 to add additional options to the map specification used. 1303 1304 Some DNS based rejection lists cause failures if asked 1305 for AAAA records. If your sendmail version is compiled 1306 with IPv6 support (NETINET6) and you experience this 1307 problem, add 1308 1309 define(`DNSBL_MAP', `dns -R A') 1310 1311 before the first use of this feature. Alternatively you 1312 can use enhdnsbl instead (see below). Moreover, this 1313 statement can be used to reduce the number of DNS retries, 1314 e.g., 1315 1316 define(`DNSBL_MAP', `dns -R A -r2') 1317 1318 See below (EDNSBL_TO) for an explanation. 1319 1320enhdnsbl Enhanced version of dnsbl (see above). Further arguments 1321 (up to 5) can be used to specify specific return values 1322 from lookups. Temporary lookup failures are ignored unless 1323 a third argument is given, which must be either `t' or a full 1324 error message. By default, any successful lookup will 1325 generate an error. Otherwise the result of the lookup is 1326 compared with the supplied argument(s), and only if a match 1327 occurs an error is generated. For example, 1328 1329 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.') 1330 1331 will reject the e-mail if the lookup returns the value 1332 ``127.0.0.2.'', or generate a 451 response if the lookup 1333 temporarily failed. The arguments can contain metasymbols 1334 as they are allowed in the LHS of rules. As the example 1335 shows, the default values are also used if an empty argument, 1336 i.e., `', is specified. This feature requires that sendmail 1337 has been compiled with the flag DNSMAP (see sendmail/README). 1338 1339 Set the EDNSBL_TO mc option to change the DNS retry count 1340 from the default value of 5, this can be very useful when 1341 a DNS server is not responding, which in turn may cause 1342 clients to time out (an entry stating 1343 1344 did not issue MAIL/EXPN/VRFY/ETRN 1345 1346 will be logged). 1347 1348ratecontrol Enable simple ruleset to do connection rate control 1349 checking. This requires entries in access_db of the form 1350 1351 ClientRate:IP.ADD.RE.SS LIMIT 1352 1353 The RHS specifies the maximum number of connections 1354 (an integer number) over the time interval defined 1355 by ConnectionRateWindowSize, where 0 means unlimited. 1356 1357 Take the following example: 1358 1359 ClientRate:10.1.2.3 4 1360 ClientRate:127.0.0.1 0 1361 ClientRate: 10 1362 1363 10.1.2.3 can only make up to 4 connections, the 1364 general limit it 10, and 127.0.0.1 can make an unlimited 1365 number of connections per ConnectionRateWindowSize. 1366 1367 See also CONNECTION CONTROL. 1368 1369conncontrol Enable a simple check of the number of incoming SMTP 1370 connections. This requires entries in access_db of the 1371 form 1372 1373 ClientConn:IP.ADD.RE.SS LIMIT 1374 1375 The RHS specifies the maximum number of open connections 1376 (an integer number). 1377 1378 Take the following example: 1379 1380 ClientConn:10.1.2.3 4 1381 ClientConn:127.0.0.1 0 1382 ClientConn: 10 1383 1384 10.1.2.3 can only have up to 4 open connections, the 1385 general limit it 10, and 127.0.0.1 does not have any 1386 explicit limit. 1387 1388 See also CONNECTION CONTROL. 1389 1390mtamark Experimental support for "Marking Mail Transfer Agents in 1391 Reverse DNS with TXT RRs" (MTAMark), see 1392 draft-stumpf-dns-mtamark-01. Optional arguments are: 1393 1394 1. Error message, default: 1395 1396 550 Rejected: $&{client_addr} not listed as MTA 1397 1398 2. Temporary lookup failures are ignored unless a second 1399 argument is given, which must be either `t' or a full 1400 error message. 1401 1402 3. Lookup prefix, default: _perm._smtp._srv. This should 1403 not be changed unless the draft changes it. 1404 1405 Example: 1406 1407 FEATURE(`mtamark', `', `t') 1408 1409lookupdotdomain Look up also .domain in the access map. This allows to 1410 match only subdomains. It does not work well with 1411 FEATURE(`relay_hosts_only'), because most lookups for 1412 subdomains are suppressed by the latter feature. 1413 1414loose_relay_check 1415 Normally, if % addressing is used for a recipient, e.g. 1416 user%site@othersite, and othersite is in class {R}, the 1417 check_rcpt ruleset will strip @othersite and recheck 1418 user@site for relaying. This feature changes that 1419 behavior. It should not be needed for most installations. 1420 1421authinfo Provide a separate map for client side authentication 1422 information. See SMTP AUTHENTICATION for details. 1423 By default, the authinfo database specification is: 1424 1425 hash /etc/mail/authinfo 1426 1427preserve_luser_host 1428 Preserve the name of the recipient host if LUSER_RELAY is 1429 used. Without this option, the domain part of the 1430 recipient address will be replaced by the host specified as 1431 LUSER_RELAY. This feature only works if the hostname is 1432 passed to the mailer (see mailer triple in op.me). Note 1433 that in the default configuration the local mailer does not 1434 receive the hostname, i.e., the mailer triple has an empty 1435 hostname. 1436 1437preserve_local_plus_detail 1438 Preserve the +detail portion of the address when passing 1439 address to local delivery agent. Disables alias and 1440 .forward +detail stripping (e.g., given user+detail, only 1441 that address will be looked up in the alias file; user+* and 1442 user will not be looked up). Only use if the local 1443 delivery agent in use supports +detail addressing. 1444 Moreover, this will most likely not work if the 'w' flag 1445 for the local mailer is set as the entire local address 1446 including +detail is passed to the user lookup function. 1447 1448compat_check Enable ruleset check_compat to look up pairs of addresses 1449 with the Compat: tag -- Compat:sender<@>recipient -- in the 1450 access map. Valid values for the RHS include 1451 DISCARD silently discard recipient 1452 TEMP: return a temporary error 1453 ERROR: return a permanent error 1454 In the last two cases, a 4xy/5xy SMTP reply code should 1455 follow the colon. 1456 1457no_default_msa Don't generate the default MSA daemon, i.e., 1458 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') 1459 To define a MSA daemon with other parameters, use this 1460 FEATURE and introduce new settings via DAEMON_OPTIONS(). 1461 1462msp Defines config file for Message Submission Program. 1463 See sendmail/SECURITY for details and cf/cf/submit.mc how 1464 to use it. An optional argument can be used to override 1465 the default of `[localhost]' to use as host to send all 1466 e-mails to. Note that MX records will be used if the 1467 specified hostname is not in square brackets (e.g., 1468 [hostname]). If `MSA' is specified as second argument then 1469 port 587 is used to contact the server. Example: 1470 1471 FEATURE(`msp', `', `MSA') 1472 1473 Some more hints about possible changes can be found below 1474 in the section MESSAGE SUBMISSION PROGRAM. 1475 1476 Note: Due to many problems, submit.mc uses 1477 1478 FEATURE(`msp', `[127.0.0.1]') 1479 1480 by default. If you have a machine with IPv6 only, 1481 change it to 1482 1483 FEATURE(`msp', `[IPv6:0:0:0:0:0:0:0:1]') 1484 1485 If you want to continue using '[localhost]', (the behavior 1486 up to 8.12.6), use 1487 1488 FEATURE(`msp') 1489 1490queuegroup A simple example how to select a queue group based 1491 on the full e-mail address or the domain of the 1492 recipient. Selection is done via entries in the 1493 access map using the tag QGRP:, for example: 1494 1495 QGRP:example.com main 1496 QGRP:friend@some.org others 1497 QGRP:my.domain local 1498 1499 where "main", "others", and "local" are names of 1500 queue groups. If an argument is specified, it is used 1501 as default queue group. 1502 1503 Note: please read the warning in doc/op/op.me about 1504 queue groups and possible queue manipulations. 1505 1506greet_pause Adds the greet_pause ruleset which enables open proxy 1507 and SMTP slamming protection. The feature can take an 1508 argument specifying the milliseconds to wait: 1509 1510 FEATURE(`greet_pause', `5000') dnl 5 seconds 1511 1512 If FEATURE(`access_db') is enabled, an access database 1513 lookup with the GreetPause tag is done using client 1514 hostname, domain, IP address, or subnet to determine the 1515 pause time: 1516 1517 GreetPause:my.domain 0 1518 GreetPause:example.com 5000 1519 GreetPause:10.1.2 2000 1520 GreetPause:127.0.0.1 0 1521 1522 When using FEATURE(`access_db'), the optional 1523 FEATURE(`greet_pause') argument becomes the default if 1524 nothing is found in the access database. A ruleset called 1525 Local_greet_pause can be used for local modifications, e.g., 1526 1527 LOCAL_RULESETS 1528 SLocal_greet_pause 1529 R$* $: $&{daemon_flags} 1530 R$* a $* $# 0 1531 1532block_bad_helo Reject messages from SMTP clients which provide a HELO/EHLO 1533 argument which is either unqualified, or is one of our own 1534 names (i.e., the server name instead of the client name). 1535 This check is performed at RCPT stage and disabled for the 1536 following cases: 1537 - authenticated sessions, 1538 - connections from IP addresses in class $={R}. 1539 Currently access_db lookups can not be used to 1540 (selectively) disable this test, moreover, 1541 1542 FEATURE(`delay_checks') 1543 1544 is required. Note, the block_bad_helo feature automatically 1545 adds the IPv6 and IPv4 localhost IP addresses to $={w} (local 1546 host names) and $={R} (relay permitted). 1547 1548require_rdns Reject mail from connecting SMTP clients without proper 1549 rDNS (reverse DNS), functional gethostbyaddr() resolution. 1550 Note: this feature will cause false positives, i.e., there 1551 are legitimate MTAs that do not have proper DNS entries. 1552 Rejecting mails from those MTAs is a local policy decision. 1553 1554 The basic policy is to reject message with a 5xx error if 1555 the IP address fails to resolve. However, if this is a 1556 temporary failure, a 4xx temporary failure is returned. 1557 If the look-up succeeds, but returns an apparently forged 1558 value, this is treated as a temporary failure with a 4xx 1559 error code. 1560 1561 EXCEPTIONS: 1562 1563 Exceptions based on access entries are discussed below. 1564 Any IP address matched using $=R (the "relay-domains" file) 1565 is excepted from the rules. Since we have explicitly 1566 allowed relaying for this host, based on IP address, we 1567 ignore the rDNS failure. 1568 1569 The philosophical assumption here is that most users do 1570 not control their rDNS. They should be able to send mail 1571 through their ISP, whether or not they have valid rDNS. 1572 The class $=R, roughly speaking, contains those IP addresses 1573 and address ranges for which we are the ISP, or are acting 1574 as if the ISP. 1575 1576 If `delay_checks' is in effect (recommended), then any 1577 sender who has authenticated is also excepted from the 1578 restrictions. This happens because the rules produced by 1579 this FEATURE() will not be applied to authenticated senders 1580 (assuming `delay_checks'). 1581 1582 ACCESS MAP ENTRIES: 1583 1584 Entries such as 1585 Connect:1.2.3.4 OK 1586 Connect:1.3 RELAY 1587 will allowlist IP address 1.2.3.4 and IP net 1.3.* 1588 so that the rDNS blocking does apply not to those IPs. 1589 1590 Entries such as 1591 Connect:1.2.3.4 REJECT 1592 will have the effect of forcing a temporary failure for 1593 that address to be treated as a permanent failure. 1594 1595badmx Reject envelope sender addresses (MAIL) whose domain part 1596 resolves to a "bad" MX record. By default these are 1597 MX records which resolve to A records that match the 1598 regular expression: 1599 1600 ^(127\.|10\.|0\.0\.0\.0) 1601 1602 This default regular expression can be overridden by 1603 specifying an argument, e.g., 1604 1605 FEATURE(`badmx', `^127\.0\.0\.1') 1606 1607 Note: this feature requires that the sendmail binary 1608 has been compiled with the options MAP_REGEX and 1609 DNSMAP. 1610 1611sts Experimental support for Strict Transport Security 1612 (MTA-STS, see RFC 8461). It sets the option 1613 StrictTransportSecurity and takes one optional 1614 argument: the socket map specification to access 1615 postfix-mta-sts-resolver (see feature/sts.m4 1616 for the default value). 1617 For more information see doc/op/op.me. 1618 1619+-------+ 1620| HACKS | 1621+-------+ 1622 1623Some things just can't be called features. To make this clear, 1624they go in the hack subdirectory and are referenced using the HACK 1625macro. These will tend to be site-dependent. The release 1626includes the Berkeley-dependent "cssubdomain" hack (that makes 1627sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 1628this is intended as a short-term aid while moving hosts into 1629subdomains. 1630 1631 1632+--------------------+ 1633| SITE CONFIGURATION | 1634+--------------------+ 1635 1636 ***************************************************** 1637 * This section is really obsolete, and is preserved * 1638 * only for back compatibility. You should plan on * 1639 * using mailertables for new installations. In * 1640 * particular, it doesn't work for the newer forms * 1641 * of UUCP mailers, such as uucp-uudom. * 1642 ***************************************************** 1643 1644Complex sites will need more local configuration information, such as 1645lists of UUCP hosts they speak with directly. This can get a bit more 1646tricky. For an example of a "complex" site, see cf/ucbvax.mc. 1647 1648The SITECONFIG macro allows you to indirectly reference site-dependent 1649configuration information stored in the siteconfig subdirectory. For 1650example, the line 1651 1652 SITECONFIG(`uucp.ucbvax', `ucbvax', `U') 1653 1654reads the file uucp.ucbvax for local connection information. The 1655second parameter is the local name (in this case just "ucbvax" since 1656it is locally connected, and hence a UUCP hostname). The third 1657parameter is the name of both a macro to store the local name (in 1658this case, {U}) and the name of the class (e.g., {U}) in which to store 1659the host information read from the file. Another SITECONFIG line reads 1660 1661 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W') 1662 1663This says that the file uucp.ucbarpa contains the list of UUCP sites 1664connected to ucbarpa.Berkeley.EDU. Class {W} will be used to 1665store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 1666is, the name of the relay to which the hosts listed in uucp.ucbarpa 1667are connected. [The machine ucbarpa is gone now, but this 1668out-of-date configuration file has been left around to demonstrate 1669how you might do this.] 1670 1671Note that the case of SITECONFIG with a third parameter of ``U'' is 1672special; the second parameter is assumed to be the UUCP name of the 1673local site, rather than the name of a remote site, and the UUCP name 1674is entered into class {w} (the list of local hostnames) as $U.UUCP. 1675 1676The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 1677more than a sequence of SITE macros describing connectivity. For 1678example: 1679 1680 SITE(`cnmat') 1681 SITE(`sgi olympus') 1682 1683The second example demonstrates that you can use two names on the 1684same line; these are usually aliases for the same host (or are at 1685least in the same company). 1686 1687The macro LOCAL_UUCP can be used to add rules into the generated 1688cf file at the place where MAILER(`uucp') inserts its rules. This 1689should only be used if really necessary. 1690 1691+--------------------+ 1692| USING UUCP MAILERS | 1693+--------------------+ 1694 1695It's hard to get UUCP mailers right because of the extremely ad hoc 1696nature of UUCP addressing. These config files are really designed 1697for domain-based addressing, even for UUCP sites. 1698 1699There are four UUCP mailers available. The choice of which one to 1700use is partly a matter of local preferences and what is running at 1701the other end of your UUCP connection. Unlike good protocols that 1702define what will go over the wire, UUCP uses the policy that you 1703should do what is right for the other end; if they change, you have 1704to change. This makes it hard to do the right thing, and discourages 1705people from updating their software. In general, if you can avoid 1706UUCP, please do. 1707 1708The major choice is whether to go for a domainized scheme or a 1709non-domainized scheme. This depends entirely on what the other 1710end will recognize. If at all possible, you should encourage the 1711other end to go to a domain-based system -- non-domainized addresses 1712don't work entirely properly. 1713 1714The four mailers are: 1715 1716 uucp-old (obsolete name: "uucp") 1717 This is the oldest, the worst (but the closest to UUCP) way of 1718 sending messages across UUCP connections. It does bangify 1719 everything and prepends $U (your UUCP name) to the sender's 1720 address (which can already be a bang path itself). It can 1721 only send to one address at a time, so it spends a lot of 1722 time copying duplicates of messages. Avoid this if at all 1723 possible. 1724 1725 uucp-new (obsolete name: "suucp") 1726 The same as above, except that it assumes that in one rmail 1727 command you can specify several recipients. It still has a 1728 lot of other problems. 1729 1730 uucp-dom 1731 This UUCP mailer keeps everything as domain addresses. 1732 Basically, it uses the SMTP mailer rewriting rules. This mailer 1733 is only included if MAILER(`smtp') is specified before 1734 MAILER(`uucp'). 1735 1736 Unfortunately, a lot of UUCP mailer transport agents require 1737 bangified addresses in the envelope, although you can use 1738 domain-based addresses in the message header. (The envelope 1739 shows up as the From_ line on UNIX mail.) So.... 1740 1741 uucp-uudom 1742 This is a cross between uucp-new (for the envelope addresses) 1743 and uucp-dom (for the header addresses). It bangifies the 1744 envelope sender (From_ line in messages) without adding the 1745 local hostname, unless there is no host name on the address 1746 at all (e.g., "wolf") or the host component is a UUCP host name 1747 instead of a domain name ("somehost!wolf" instead of 1748 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') 1749 is also specified earlier. 1750 1751Examples: 1752 1753On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following 1754summarizes the sender rewriting for various mailers. 1755 1756Mailer sender rewriting in the envelope 1757------ ------ ------------------------- 1758uucp-{old,new} wolf grasp!wolf 1759uucp-dom wolf wolf@grasp.insa-lyon.fr 1760uucp-uudom wolf grasp.insa-lyon.fr!wolf 1761 1762uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 1763uucp-dom wolf@fr.net wolf@fr.net 1764uucp-uudom wolf@fr.net fr.net!wolf 1765 1766uucp-{old,new} somehost!wolf grasp!somehost!wolf 1767uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1768uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1769 1770If you are using one of the domainized UUCP mailers, you really want 1771to convert all UUCP addresses to domain format -- otherwise, it will 1772do it for you (and probably not the way you expected). For example, 1773if you have the address foo!bar!baz (and you are not sending to foo), 1774the heuristics will add the @uucp.relay.name or @local.host.name to 1775this address. However, if you map foo to foo.host.name first, it 1776will not add the local hostname. You can do this using the uucpdomain 1777feature. 1778 1779 1780+-------------------+ 1781| TWEAKING RULESETS | 1782+-------------------+ 1783 1784For more complex configurations, you can define special rules. 1785The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1786the names. Any modifications made here are reflected in the header. 1787 1788A common use is to convert old UUCP addresses to SMTP addresses using 1789the UUCPSMTP macro. For example: 1790 1791 LOCAL_RULE_3 1792 UUCPSMTP(`decvax', `decvax.dec.com') 1793 UUCPSMTP(`research', `research.att.com') 1794 1795will cause addresses of the form "decvax!user" and "research!user" 1796to be converted to "user@decvax.dec.com" and "user@research.att.com" 1797respectively. 1798 1799This could also be used to look up hosts in a database map: 1800 1801 LOCAL_RULE_3 1802 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1803 1804This map would be defined in the LOCAL_CONFIG portion, as shown below. 1805 1806Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1807For example, new rules are needed to parse hostnames that you accept 1808via MX records. For example, you might have: 1809 1810 LOCAL_RULE_0 1811 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1812 1813You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1814pointing at this host; this rule catches the message and forwards it on 1815using UUCP. 1816 1817You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1818These rulesets are normally empty. 1819 1820A similar macro is LOCAL_CONFIG. This introduces lines added after the 1821boilerplate option setting but before rulesets. Do not declare rulesets in 1822the LOCAL_CONFIG section. It can be used to declare local database maps or 1823whatever. For example: 1824 1825 LOCAL_CONFIG 1826 Khostmap hash /etc/mail/hostmap 1827 Kyplocal nis -m hosts.byname 1828 1829 1830+---------------------------+ 1831| MASQUERADING AND RELAYING | 1832+---------------------------+ 1833 1834You can have your host masquerade as another using 1835 1836 MASQUERADE_AS(`host.domain') 1837 1838This causes mail being sent to be labeled as coming from the 1839indicated host.domain, rather than $j. One normally masquerades as 1840one of one's own subdomains (for example, it's unlikely that 1841Berkeley would choose to masquerade as an MIT site). This 1842behaviour is modified by a plethora of FEATUREs; in particular, see 1843masquerade_envelope, allmasquerade, limited_masquerade, and 1844masquerade_entire_domain. 1845 1846The masquerade name is not normally canonified, so it is important 1847that it be your One True Name, that is, fully qualified and not a 1848CNAME. However, if you use a CNAME, the receiving side may canonify 1849it for you, so don't think you can cheat CNAME mapping this way. 1850 1851Normally the only addresses that are masqueraded are those that come 1852from this host (that is, are either unqualified or in class {w}, the list 1853of local domain names). You can augment this list, which is realized 1854by class {M} using 1855 1856 MASQUERADE_DOMAIN(`otherhost.domain') 1857 1858The effect of this is that although mail to user@otherhost.domain 1859will not be delivered locally, any mail including any user@otherhost.domain 1860will, when relayed, be rewritten to have the MASQUERADE_AS address. 1861This can be a space-separated list of names. 1862 1863If these names are in a file, you can use 1864 1865 MASQUERADE_DOMAIN_FILE(`filename') 1866 1867to read the list of names from the indicated file (i.e., to add 1868elements to class {M}). 1869 1870To exempt hosts or subdomains from being masqueraded, you can use 1871 1872 MASQUERADE_EXCEPTION(`host.domain') 1873 1874This can come handy if you want to masquerade a whole domain 1875except for one (or a few) host(s). If these names are in a file, 1876you can use 1877 1878 MASQUERADE_EXCEPTION_FILE(`filename') 1879 1880Normally only header addresses are masqueraded. If you want to 1881masquerade the envelope as well, use 1882 1883 FEATURE(`masquerade_envelope') 1884 1885There are always users that need to be "exposed" -- that is, their 1886internal site name should be displayed instead of the masquerade name. 1887Root is an example (which has been "exposed" by default prior to 8.10). 1888You can add users to this list using 1889 1890 EXPOSED_USER(`usernames') 1891 1892This adds users to class {E}; you could also use 1893 1894 EXPOSED_USER_FILE(`filename') 1895 1896You can also arrange to relay all unqualified names (that is, names 1897without @host) to a relay host. For example, if you have a central 1898email server, you might relay to that host so that users don't have 1899to have .forward files or aliases. You can do this using 1900 1901 define(`LOCAL_RELAY', `mailer:hostname') 1902 1903The ``mailer:'' can be omitted, in which case the mailer defaults to 1904"relay". There are some user names that you don't want relayed, perhaps 1905because of local aliases. A common example is root, which may be 1906locally aliased. You can add entries to this list using 1907 1908 LOCAL_USER(`usernames') 1909 1910This adds users to class {L}; you could also use 1911 1912 LOCAL_USER_FILE(`filename') 1913 1914If you want all incoming mail sent to a centralized hub, as for a 1915shared /var/spool/mail scheme, use 1916 1917 define(`MAIL_HUB', `mailer:hostname') 1918 1919Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1920and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 1921be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1922Note: there is a (long standing) bug which keeps this combination from 1923working for addresses of the form user+detail. 1924Names in class {L} will be delivered locally, so you MUST have aliases or 1925.forward files for them. 1926 1927For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1928FEATURE(`stickyhost'), the following combinations of settings will have the 1929indicated effects: 1930 1931email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1932 1933LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1934mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1935 1936MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1937mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1938 1939Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1940MAIL_HUB set as above (no local aliasing) (aliasing done) 1941 1942If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 1943MAIL_HUB act identically, with MAIL_HUB taking precedence. 1944 1945If you want all outgoing mail to go to a central relay site, define 1946SMART_HOST as well. Briefly: 1947 1948 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1949 MAIL_HUB applies to names qualified with the name of the 1950 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1951 SMART_HOST applies to names qualified with other hosts or 1952 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" 1953 or "eric@[127.0.0.1]"). 1954 1955However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1956DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1957really want absolutely everything to go to a single central site you will 1958need to unset all the other relays -- or better yet, find or build a 1959minimal config file that does this. 1960 1961For duplicate suppression to work properly, the host name is best 1962specified with a terminal dot: 1963 1964 define(`MAIL_HUB', `host.domain.') 1965 note the trailing dot ---^ 1966 1967 1968+-------------------------------------------+ 1969| USING LDAP FOR ALIASES, MAPS, AND CLASSES | 1970+-------------------------------------------+ 1971 1972LDAP can be used for aliases, maps, and classes by either specifying your 1973own LDAP map specification or using the built-in default LDAP map 1974specification. The built-in default specifications all provide lookups 1975which match against either the machine's fully qualified hostname (${j}) or 1976a "cluster". The cluster allows you to share LDAP entries among a large 1977number of machines without having to enter each of the machine names into 1978each LDAP entry. To set the LDAP cluster name to use for a particular 1979machine or set of machines, set the confLDAP_CLUSTER m4 variable to a 1980unique name. For example: 1981 1982 define(`confLDAP_CLUSTER', `Servers') 1983 1984Here, the word `Servers' will be the cluster name. As an example, assume 1985that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong 1986to the Servers cluster. 1987 1988Some of the LDAP LDIF examples below show use of the Servers cluster. 1989Every entry must have either a sendmailMTAHost or sendmailMTACluster 1990attribute or it will be ignored. Be careful as mixing clusters and 1991individual host records can have surprising results (see the CAUTION 1992sections below). 1993 1994See the file cf/sendmail.schema for the actual LDAP schemas. Note that 1995this schema (and therefore the lookups and examples below) is experimental 1996at this point as it has had little public review. Therefore, it may change 1997in future versions. Feedback via sendmail-YYYY@support.sendmail.org is 1998encouraged (replace YYYY with the current year, e.g., 2005). 1999 2000------- 2001Aliases 2002------- 2003 2004The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias 2005lookups. To use the default schema, simply use: 2006 2007 define(`ALIAS_FILE', `ldap:') 2008 2009By doing so, you will use the default schema which expands to a map 2010declared as follows: 2011 2012 ldap -k (&(objectClass=sendmailMTAAliasObject) 2013 (sendmailMTAAliasGrouping=aliases) 2014 (|(sendmailMTACluster=${sendmailMTACluster}) 2015 (sendmailMTAHost=$j)) 2016 (sendmailMTAKey=%0)) 2017 -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject 2018 2019 2020NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 2021used when the binary expands the `ldap:' token as the AliasFile option is 2022not actually macro-expanded when read from the sendmail.cf file. 2023 2024Example LDAP LDIF entries might be: 2025 2026 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org 2027 objectClass: sendmailMTA 2028 objectClass: sendmailMTAAlias 2029 objectClass: sendmailMTAAliasObject 2030 sendmailMTAAliasGrouping: aliases 2031 sendmailMTAHost: etrn.sendmail.org 2032 sendmailMTAKey: sendmail-list 2033 sendmailMTAAliasValue: ca@example.org 2034 sendmailMTAAliasValue: eric 2035 sendmailMTAAliasValue: gshapiro@example.com 2036 2037 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org 2038 objectClass: sendmailMTA 2039 objectClass: sendmailMTAAlias 2040 objectClass: sendmailMTAAliasObject 2041 sendmailMTAAliasGrouping: aliases 2042 sendmailMTAHost: etrn.sendmail.org 2043 sendmailMTAKey: owner-sendmail-list 2044 sendmailMTAAliasValue: eric 2045 2046 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org 2047 objectClass: sendmailMTA 2048 objectClass: sendmailMTAAlias 2049 objectClass: sendmailMTAAliasObject 2050 sendmailMTAAliasGrouping: aliases 2051 sendmailMTACluster: Servers 2052 sendmailMTAKey: postmaster 2053 sendmailMTAAliasValue: eric 2054 2055Here, the aliases sendmail-list and owner-sendmail-list will be available 2056only on etrn.sendmail.org but the postmaster alias will be available on 2057every machine in the Servers cluster (including etrn.sendmail.org). 2058 2059CAUTION: aliases are additive so that entries like these: 2060 2061 dn: sendmailMTAKey=bob, dc=sendmail, dc=org 2062 objectClass: sendmailMTA 2063 objectClass: sendmailMTAAlias 2064 objectClass: sendmailMTAAliasObject 2065 sendmailMTAAliasGrouping: aliases 2066 sendmailMTACluster: Servers 2067 sendmailMTAKey: bob 2068 sendmailMTAAliasValue: eric 2069 2070 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org 2071 objectClass: sendmailMTA 2072 objectClass: sendmailMTAAlias 2073 objectClass: sendmailMTAAliasObject 2074 sendmailMTAAliasGrouping: aliases 2075 sendmailMTAHost: etrn.sendmail.org 2076 sendmailMTAKey: bob 2077 sendmailMTAAliasValue: gshapiro 2078 2079would mean that on all of the hosts in the cluster, mail to bob would go to 2080eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and 2081gshapiro. 2082 2083If you prefer not to use the default LDAP schema for your aliases, you can 2084specify the map parameters when setting ALIAS_FILE. For example: 2085 2086 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember') 2087 2088---- 2089Maps 2090---- 2091 2092FEATURE()'s which take an optional map definition argument (e.g., access, 2093mailertable, virtusertable, etc.) can instead take the special keyword 2094`LDAP', e.g.: 2095 2096 FEATURE(`access_db', `LDAP') 2097 FEATURE(`virtusertable', `LDAP') 2098 2099When this keyword is given, that map will use LDAP lookups consisting of 2100the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName 2101with the map name, a search attribute of sendmailMTAKey, and the value 2102attribute sendmailMTAMapValue. 2103 2104The values for sendmailMTAMapName are: 2105 2106 FEATURE() sendmailMTAMapName 2107 --------- ------------------ 2108 access_db access 2109 authinfo authinfo 2110 bitdomain bitdomain 2111 domaintable domain 2112 genericstable generics 2113 mailertable mailer 2114 uucpdomain uucpdomain 2115 virtusertable virtuser 2116 2117For example, FEATURE(`mailertable', `LDAP') would use the map definition: 2118 2119 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject) 2120 (sendmailMTAMapName=mailer) 2121 (|(sendmailMTACluster=${sendmailMTACluster}) 2122 (sendmailMTAHost=$j)) 2123 (sendmailMTAKey=%0)) 2124 -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject 2125 2126An example LDAP LDIF entry using this map might be: 2127 2128 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org 2129 objectClass: sendmailMTA 2130 objectClass: sendmailMTAMap 2131 sendmailMTACluster: Servers 2132 sendmailMTAMapName: mailer 2133 2134 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org 2135 objectClass: sendmailMTA 2136 objectClass: sendmailMTAMap 2137 objectClass: sendmailMTAMapObject 2138 sendmailMTAMapName: mailer 2139 sendmailMTACluster: Servers 2140 sendmailMTAKey: example.com 2141 sendmailMTAMapValue: relay:[smtp.example.com] 2142 2143CAUTION: If your LDAP database contains the record above and *ALSO* a host 2144specific record such as: 2145 2146 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org 2147 objectClass: sendmailMTA 2148 objectClass: sendmailMTAMap 2149 objectClass: sendmailMTAMapObject 2150 sendmailMTAMapName: mailer 2151 sendmailMTAHost: etrn.sendmail.org 2152 sendmailMTAKey: example.com 2153 sendmailMTAMapValue: relay:[mx.example.com] 2154 2155then these entries will give unexpected results. When the lookup is done 2156on etrn.sendmail.org, the effect is that there is *NO* match at all as maps 2157require a single match. Since the host etrn.sendmail.org is also in the 2158Servers cluster, LDAP would return two answers for the example.com map key 2159in which case sendmail would treat this as no match at all. 2160 2161If you prefer not to use the default LDAP schema for your maps, you can 2162specify the map parameters when using the FEATURE(). For example: 2163 2164 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value') 2165 2166------- 2167Classes 2168------- 2169 2170Normally, classes can be filled via files or programs. As of 8.12, they 2171can also be filled via map lookups using a new syntax: 2172 2173 F{ClassName}mapkey@mapclass:mapspec 2174 2175mapkey is optional and if not provided the map key will be empty. This can 2176be used with LDAP to read classes from LDAP. Note that the lookup is only 2177done when sendmail is initially started. Use the special value `@LDAP' to 2178use the default LDAP schema. For example: 2179 2180 RELAY_DOMAIN_FILE(`@LDAP') 2181 2182would put all of the attribute sendmailMTAClassValue values of LDAP records 2183with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of 2184'R' into class $={R}. In other words, it is equivalent to the LDAP map 2185specification: 2186 2187 F{R}@ldap:-k (&(objectClass=sendmailMTAClass) 2188 (sendmailMTAClassName=R) 2189 (|(sendmailMTACluster=${sendmailMTACluster}) 2190 (sendmailMTAHost=$j))) 2191 -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass 2192 2193NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 2194used when the binary expands the `@LDAP' token as class declarations are 2195not actually macro-expanded when read from the sendmail.cf file. 2196 2197This can be used with class related commands such as RELAY_DOMAIN_FILE(), 2198MASQUERADE_DOMAIN_FILE(), etc: 2199 2200 Command sendmailMTAClassName 2201 ------- -------------------- 2202 CANONIFY_DOMAIN_FILE() Canonify 2203 EXPOSED_USER_FILE() E 2204 GENERICS_DOMAIN_FILE() G 2205 LDAPROUTE_DOMAIN_FILE() LDAPRoute 2206 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv 2207 LOCAL_USER_FILE() L 2208 MASQUERADE_DOMAIN_FILE() M 2209 MASQUERADE_EXCEPTION_FILE() N 2210 RELAY_DOMAIN_FILE() R 2211 VIRTUSER_DOMAIN_FILE() VirtHost 2212 2213You can also add your own as any 'F'ile class of the form: 2214 2215 F{ClassName}@LDAP 2216 ^^^^^^^^^ 2217will use "ClassName" for the sendmailMTAClassName. 2218 2219An example LDAP LDIF entry would look like: 2220 2221 dn: sendmailMTAClassName=R, dc=sendmail, dc=org 2222 objectClass: sendmailMTA 2223 objectClass: sendmailMTAClass 2224 sendmailMTACluster: Servers 2225 sendmailMTAClassName: R 2226 sendmailMTAClassValue: sendmail.org 2227 sendmailMTAClassValue: example.com 2228 sendmailMTAClassValue: 10.56.23 2229 2230CAUTION: If your LDAP database contains the record above and *ALSO* a host 2231specific record such as: 2232 2233 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org 2234 objectClass: sendmailMTA 2235 objectClass: sendmailMTAClass 2236 sendmailMTAHost: etrn.sendmail.org 2237 sendmailMTAClassName: R 2238 sendmailMTAClassValue: example.com 2239 2240the result will be similar to the aliases caution above. When the lookup 2241is done on etrn.sendmail.org, $={R} would contain all of the entries (from 2242both the cluster match and the host match). In other words, the effective 2243is additive. 2244 2245If you prefer not to use the default LDAP schema for your classes, you can 2246specify the map parameters when using the class command. For example: 2247 2248 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host') 2249 2250Remember, macros can not be used in a class declaration as the binary does 2251not expand them. 2252 2253 2254+--------------+ 2255| LDAP ROUTING | 2256+--------------+ 2257 2258FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft 2259LDAP Schema for Intranet Mail Routing 2260(draft-lachman-laser-ldap-mail-routing-01). This feature enables 2261LDAP-based rerouting of a particular address to either a different host 2262or a different address. The LDAP lookup is first attempted on the full 2263address (e.g., user@example.com) and then on the domain portion 2264(e.g., @example.com). Be sure to setup your domain for LDAP routing using 2265LDAPROUTE_DOMAIN(), e.g.: 2266 2267 LDAPROUTE_DOMAIN(`example.com') 2268 2269Additionally, you can specify equivalent domains for LDAP routing using 2270LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent' 2271hostnames are mapped to $M (the masqueraded hostname for the server) before 2272the LDAP query. For example, if the mail is addressed to 2273user@host1.example.com, normally the LDAP lookup would only be done for 2274'user@host1.example.com' and '@host1.example.com'. However, if 2275LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be 2276done on 'user@example.com' and '@example.com' after attempting the 2277host1.example.com lookups. 2278 2279By default, the feature will use the schemas as specified in the draft 2280and will not reject addresses not found by the LDAP lookup. However, 2281this behavior can be changed by giving additional arguments to the FEATURE() 2282command: 2283 2284 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, 2285 <detail>, <nodomain>, <tempfail>) 2286 2287where <mailHost> is a map definition describing how to look up an alternative 2288mail host for a particular address; <mailRoutingAddress> is a map definition 2289describing how to look up an alternative address for a particular address; 2290the <bounce> argument, if present and not the word "passthru", dictates 2291that mail should be bounced if neither a mailHost nor mailRoutingAddress 2292is found, if set to "sendertoo", the sender will be rejected if not 2293found in LDAP; and <detail> indicates what actions to take if the address 2294contains +detail information -- `strip' tries the lookup with the +detail 2295and if no matches are found, strips the +detail and tries the lookup again; 2296`preserve', does the same as `strip' but if a mailRoutingAddress match is 2297found, the +detail information is copied to the new address; the <nodomain> 2298argument, if present, will prevent the @domain lookup if the full 2299address is not found in LDAP; the <tempfail> argument, if set to 2300"tempfail", instructs the rules to give an SMTP 4XX temporary 2301error if the LDAP server gives the MTA a temporary failure, or if set to 2302"queue" (the default), the MTA will locally queue the mail. 2303 2304The default <mailHost> map definition is: 2305 2306 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient) 2307 (mailLocalAddress=%0)) 2308 2309The default <mailRoutingAddress> map definition is: 2310 2311 ldap -1 -T<TMPF> -v mailRoutingAddress 2312 -k (&(objectClass=inetLocalMailRecipient) 2313 (mailLocalAddress=%0)) 2314 2315Note that neither includes the LDAP server hostname (-h server) or base DN 2316(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that 2317your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with 2318these settings. If this is not the case, the map definitions should be 2319changed as described above. The "-T<TMPF>" is required in any user 2320specified map definition to catch temporary errors. 2321 2322The following possibilities exist as a result of an LDAP lookup on an 2323address: 2324 2325 mailHost is mailRoutingAddress is Results in 2326 ----------- --------------------- ---------- 2327 set to a set mail delivered to 2328 "local" host mailRoutingAddress 2329 2330 set to a not set delivered to 2331 "local" host original address 2332 2333 set to a set mailRoutingAddress 2334 remote host relayed to mailHost 2335 2336 set to a not set original address 2337 remote host relayed to mailHost 2338 2339 not set set mail delivered to 2340 mailRoutingAddress 2341 2342 not set not set delivered to 2343 original address *OR* 2344 bounced as unknown user 2345 2346The term "local" host above means the host specified is in class {w}. If 2347the result would mean sending the mail to a different host, that host is 2348looked up in the mailertable before delivery. 2349 2350Note that the last case depends on whether the third argument is given 2351to the FEATURE() command. The default is to deliver the message to the 2352original address. 2353 2354The LDAP entries should be set up with an objectClass of 2355inetLocalMailRecipient and the address be listed in a mailLocalAddress 2356attribute. If present, there must be only one mailHost attribute and it 2357must contain a fully qualified host name as its value. Similarly, if 2358present, there must be only one mailRoutingAddress attribute and it must 2359contain an RFC 822 compliant address. Some example LDAP records (in LDIF 2360format): 2361 2362 dn: uid=tom, o=example.com, c=US 2363 objectClass: inetLocalMailRecipient 2364 mailLocalAddress: tom@example.com 2365 mailRoutingAddress: thomas@mailhost.example.com 2366 2367This would deliver mail for tom@example.com to thomas@mailhost.example.com. 2368 2369 dn: uid=dick, o=example.com, c=US 2370 objectClass: inetLocalMailRecipient 2371 mailLocalAddress: dick@example.com 2372 mailHost: eng.example.com 2373 2374This would relay mail for dick@example.com to the same address but redirect 2375the mail to MX records listed for the host eng.example.com (unless the 2376mailertable overrides). 2377 2378 dn: uid=harry, o=example.com, c=US 2379 objectClass: inetLocalMailRecipient 2380 mailLocalAddress: harry@example.com 2381 mailHost: mktmail.example.com 2382 mailRoutingAddress: harry@mkt.example.com 2383 2384This would relay mail for harry@example.com to the MX records listed for 2385the host mktmail.example.com using the new address harry@mkt.example.com 2386when talking to that host. 2387 2388 dn: uid=virtual.example.com, o=example.com, c=US 2389 objectClass: inetLocalMailRecipient 2390 mailLocalAddress: @virtual.example.com 2391 mailHost: server.example.com 2392 mailRoutingAddress: virtual@example.com 2393 2394This would send all mail destined for any username @virtual.example.com to 2395the machine server.example.com's MX servers and deliver to the address 2396virtual@example.com on that relay machine. 2397 2398 2399+---------------------------------+ 2400| ANTI-SPAM CONFIGURATION CONTROL | 2401+---------------------------------+ 2402 2403The primary anti-spam features available in sendmail are: 2404 2405* Relaying is denied by default. 2406* Better checking on sender information. 2407* Access database. 2408* Header checks. 2409 2410Relaying (transmission of messages from a site outside your host (class 2411{w}) to another site except yours) is denied by default. Note that this 2412changed in sendmail 8.9; previous versions allowed relaying by default. 2413If you really want to revert to the old behaviour, you will need to use 2414FEATURE(`promiscuous_relay'). You can allow certain domains to relay 2415through your server by adding their domain name or IP address to class 2416{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database 2417(described below). Note that IPv6 addresses must be prefaced with "IPv6:". 2418The file consists (like any other file based class) of entries listed on 2419separate lines, e.g., 2420 2421 sendmail.org 2422 128.32 2423 IPv6:2002:c0a8:02c7 2424 IPv6:2002:c0a8:51d2::23f4 2425 host.mydomain.com 2426 [UNIX:localhost] 2427 2428Notice: the last entry allows relaying for connections via a UNIX 2429socket to the MTA/MSP. This might be necessary if your configuration 2430doesn't allow relaying by other means in that case, e.g., by having 2431localhost.$m in class {R} (make sure $m is not just a top level 2432domain). 2433 2434If you use 2435 2436 FEATURE(`relay_entire_domain') 2437 2438then any host in any of your local domains (that is, class {m}) 2439will be relayed (that is, you will accept mail either to or from any 2440host in your domain). 2441 2442You can also allow relaying based on the MX records of the host 2443portion of an incoming recipient address by using 2444 2445 FEATURE(`relay_based_on_MX') 2446 2447For example, if your server receives a recipient of user@domain.com 2448and domain.com lists your server in its MX records, the mail will be 2449accepted for relay to domain.com. This feature may cause problems 2450if MX lookups for the recipient domain are slow or time out. In that 2451case, mail will be temporarily rejected. It is usually better to 2452maintain a list of hosts/domains for which the server acts as relay. 2453Note also that this feature will stop spammers from using your host 2454to relay spam but it will not stop outsiders from using your server 2455as a relay for their site (that is, they set up an MX record pointing 2456to your mail server, and you will relay mail addressed to them 2457without any prior arrangement). Along the same lines, 2458 2459 FEATURE(`relay_local_from') 2460 2461will allow relaying if the sender specifies a return path (i.e. 2462MAIL FROM:<user@domain>) domain which is a local domain. This is a 2463dangerous feature as it will allow spammers to spam using your mail 2464server by simply specifying a return address of user@your.domain.com. 2465It should not be used unless absolutely necessary. 2466A slightly better solution is 2467 2468 FEATURE(`relay_mail_from') 2469 2470which allows relaying if the mail sender is listed as RELAY in the 2471access map. If an optional argument `domain' (this is the literal 2472word `domain', not a placeholder) is given, the domain portion of 2473the mail sender is also checked to allowing relaying. This option 2474only works together with the tag From: for the LHS of the access 2475map entries. This feature allows spammers to abuse your mail server 2476by specifying a return address that you enabled in your access file. 2477This may be harder to figure out for spammers, but it should not 2478be used unless necessary. Instead use SMTP AUTH or STARTTLS to 2479allow relaying for roaming users. 2480 2481 2482If source routing is used in the recipient address (e.g., 2483RCPT TO:<user%site.com@othersite.com>), sendmail will check 2484user@site.com for relaying if othersite.com is an allowed relay host 2485in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, 2486or the access database if FEATURE(`access_db') is used. To prevent 2487the address from being stripped down, use: 2488 2489 FEATURE(`loose_relay_check') 2490 2491If you think you need to use this feature, you probably do not. This 2492should only be used for sites which have no control over the addresses 2493that they provide a gateway for. Use this FEATURE with caution as it 2494can allow spammers to relay through your server if not setup properly. 2495 2496NOTICE: It is possible to relay mail through a system which the 2497anti-relay rules do not prevent: the case of a system that does use 2498FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial') 2499(system A) and relays local messages to a mail hub (e.g., via 2500LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the 2501same feature (nouucp / nopercenthack) at all, addresses of the form 2502<example.net!user@local.host> / <user%example.net@local.host> 2503would be relayed to <user@example.net>. 2504System A doesn't recognize `!' / `%' as an address separator and 2505therefore forwards it to the mail hub which in turns relays it 2506because it came from a trusted local host. So if a mailserver 2507allows UUCP (bang-format) / %-hack addresses, all systems from which 2508it allows relaying should do the same or reject those addresses. 2509 2510As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 2511an unresolvable domain (i.e., one that DNS, your local name service, 2512or special case rules in ruleset 3 cannot locate). This also applies 2513to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the 2514IP address can't be mapped to a host name. If you want to continue 2515to accept such domains, e.g., because you are inside a firewall that 2516has only a limited view of the Internet host name space (note that you 2517will not be able to return mail to them unless you have some "smart 2518host" forwarder), use 2519 2520 FEATURE(`accept_unresolvable_domains') 2521 2522Alternatively, you can allow specific addresses by adding them to 2523the access map, e.g., 2524 2525 From:unresolvable.domain OK 2526 From:[1.2.3.4] OK 2527 From:[1.2.4] OK 2528 2529Notice: domains which are temporarily unresolvable are (temporarily) 2530rejected with a 451 reply code. If those domains should be accepted 2531(which is discouraged) then you can use 2532 2533 LOCAL_CONFIG 2534 C{ResOk}TEMP 2535 2536sendmail will also refuse mail if the MAIL FROM: parameter is not 2537fully qualified (i.e., contains a domain as well as a user). If you 2538want to continue to accept such senders, use 2539 2540 FEATURE(`accept_unqualified_senders') 2541 2542Setting the DaemonPortOptions modifier 'u' overrides the default behavior, 2543i.e., unqualified addresses are accepted even without this FEATURE. If 2544this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used 2545to enforce fully qualified domain names. 2546 2547An ``access'' database can be created to accept or reject mail from 2548selected domains. For example, you may choose to reject all mail 2549originating from known spammers. To enable such a database, use 2550 2551 FEATURE(`access_db') 2552 2553Notice: the access database is applied to the envelope addresses 2554and the connection information, not to the header. 2555 2556The FEATURE macro can accept as second parameter the key file 2557definition for the database; for example 2558 2559 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map') 2560 2561Notice: If a second argument is specified it must contain the option 2562`-T<TMPF>' as shown above. The optional parameters may be 2563 2564 `skip' enables SKIP as value part (see below). 2565 `lookupdotdomain' another way to enable the feature of the 2566 same name (see above). 2567 `relaytofulladdress' enable entries of the form 2568 To:user@example.com RELAY 2569 to allow relaying to just a specific 2570 e-mail address instead of an entire domain. 2571 2572Remember, since /etc/mail/access is a database, after creating the text 2573file as described below, you must use makemap to create the database 2574map. For example: 2575 2576 makemap hash /etc/mail/access < /etc/mail/access 2577 2578The table itself uses e-mail addresses, domain names, and network 2579numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:". 2580For example, 2581 2582 From:spammer@aol.com REJECT 2583 From:cyberspammer.com REJECT 2584 Connect:cyberspammer.com REJECT 2585 Connect:TLD REJECT 2586 Connect:192.168.212 REJECT 2587 Connect:IPv6:2002:c0a8:02c7 RELAY 2588 Connect:IPv6:2002:c0a8:51d2::23f4 REJECT 2589 2590would refuse mail from spammer@aol.com, any user from cyberspammer.com 2591(or any host within the cyberspammer.com domain), any host in the entire 2592top level domain TLD, 192.168.212.* network, and the IPv6 address 25932002:c0a8:51d2::23f4. It would allow relay for the IPv6 network 25942002:c0a8:02c7::/48. 2595 2596Entries in the access map should be tagged according to their type. 2597These tags are applicable: 2598 2599 Connect: connection information (${client_addr}, ${client_name}) 2600 From: envelope sender 2601 To: envelope recipient 2602 2603Notice: untagged entries are deprecated. 2604 2605If the required item is looked up in a map, it will be tried first 2606with the corresponding tag in front, then (as fallback to enable 2607backward compatibility) without any tag, unless the specific feature 2608requires a tag. For example, 2609 2610 From:spammer@some.dom REJECT 2611 To:friend.domain RELAY 2612 Connect:friend.domain OK 2613 Connect:from.domain RELAY 2614 From:good@another.dom OK 2615 From:another.dom REJECT 2616 2617This would deny mails from spammer@some.dom but you could still 2618send mail to that address even if FEATURE(`blocklist_recipients') 2619is enabled. Your system will allow relaying to friend.domain, but 2620not from it (unless enabled by other means). Connections from that 2621domain will be allowed even if it ends up in one of the DNS based 2622rejection lists. Relaying is enabled from from.domain but not to 2623it (since relaying is based on the connection information for 2624outgoing relaying, the tag Connect: must be used; for incoming 2625relaying, which is based on the recipient address, To: must be 2626used). The last two entries allow mails from good@another.dom but 2627reject mail from all other addresses with another.dom as domain 2628part. 2629 2630 2631The value part of the map can contain: 2632 2633 OK Accept mail even if other rules in the running 2634 ruleset would reject it, for example, if the domain 2635 name is unresolvable. "Accept" does not mean 2636 "relay", but at most acceptance for local 2637 recipients. That is, OK allows less than RELAY. 2638 RELAY Accept mail addressed to the indicated domain 2639 (or address if `relaytofulladdress' is set) or 2640 received from the indicated domain for relaying 2641 through your SMTP server. RELAY also serves as 2642 an implicit OK for the other checks. 2643 REJECT Reject the sender or recipient with a general 2644 purpose message. 2645 DISCARD Discard the message completely using the 2646 $#discard mailer. If it is used in check_compat, 2647 it affects only the designated recipient, not 2648 the whole message as it does in all other cases. 2649 This should only be used if really necessary. 2650 SKIP This can only be used for host/domain names 2651 and IP addresses/nets. It will abort the current 2652 search for this entry without accepting or rejecting 2653 it but causing the default action. 2654 ### any text where ### is an RFC 821 compliant error code and 2655 "any text" is a message to return for the command. 2656 The entire string should be quoted to avoid 2657 surprises: 2658 2659 "### any text" 2660 2661 Otherwise sendmail formats the text as email 2662 addresses, e.g., it may remove spaces. 2663 This type is deprecated, use one of the two 2664 ERROR: entries below instead. 2665 ERROR:### any text 2666 as above, but useful to mark error messages as such. 2667 If quotes need to be used to avoid modifications 2668 (see above), they should be placed like this: 2669 2670 ERROR:"### any text" 2671 2672 ERROR:D.S.N:### any text 2673 where D.S.N is an RFC 1893 compliant error code 2674 and the rest as above. If quotes need to be used 2675 to avoid modifications, they should be placed 2676 like this: 2677 2678 ERROR:D.S.N:"### any text" 2679 2680 QUARANTINE:any text 2681 Quarantine the message using the given text as the 2682 quarantining reason. 2683 2684For example: 2685 2686 From:cyberspammer.com ERROR:"550 We don't accept mail from spammers" 2687 From:okay.cyberspammer.com OK 2688 Connect:sendmail.org RELAY 2689 To:sendmail.org RELAY 2690 Connect:128.32 RELAY 2691 Connect:128.32.2 SKIP 2692 Connect:IPv6:1:2:3:4:5:6:7 RELAY 2693 Connect:suspicious.example.com QUARANTINE:Mail from suspicious host 2694 Connect:[127.0.0.3] OK 2695 Connect:[IPv6:1:2:3:4:5:6:7:8] OK 2696 2697would accept mail from okay.cyberspammer.com, but would reject mail 2698from all other hosts at cyberspammer.com with the indicated message. 2699It would allow relaying mail from and to any hosts in the sendmail.org 2700domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network 2701and from the 128.32.*.* network except for the 128.32.2.* network, 2702which shows how SKIP is useful to exempt subnets/subdomains. The 2703last two entries are for checks against ${client_name} if the IP 2704address doesn't resolve to a hostname (or is considered as "may be 2705forged"). That is, using square brackets means these are host 2706names, not network numbers. 2707 2708Warning: if you change the RFC 821 compliant error code from the default 2709value of 550, then you should probably also change the RFC 1893 compliant 2710error code to match it. For example, if you use 2711 2712 To:user@example.com ERROR:450 mailbox full 2713 2714the error returned would be "450 5.0.0 mailbox full" which is wrong. 2715Use "ERROR:4.2.2:450 mailbox full" instead. 2716 2717Note, UUCP users may need to add hostname.UUCP to the access database 2718or class {R}. 2719 2720If you also use: 2721 2722 FEATURE(`relay_hosts_only') 2723 2724then the above example will allow relaying for sendmail.org, but not 2725hosts within the sendmail.org domain. Note that this will also require 2726hosts listed in class {R} to be fully qualified host names. 2727 2728You can also use the access database to block sender addresses based on 2729the username portion of the address. For example: 2730 2731 From:FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted 2732 2733Note that you must include the @ after the username to signify that 2734this database entry is for checking only the username portion of the 2735sender address. 2736 2737If you use: 2738 2739 FEATURE(`blocklist_recipients') 2740 2741then you can add entries to the map for local users, hosts in your 2742domains, or addresses in your domain which should not receive mail: 2743 2744 To:badlocaluser@ ERROR:550 Mailbox disabled for badlocaluser 2745 To:host.my.TLD ERROR:550 That host does not accept mail 2746 To:user@other.my.TLD ERROR:550 Mailbox disabled for this recipient 2747 2748This would prevent a recipient of badlocaluser in any of the local 2749domains (class {w}), any user at host.my.TLD, and the single address 2750user@other.my.TLD from receiving mail. Please note: a local username 2751must be now tagged with an @ (this is consistent with the check of 2752the sender address, and hence it is possible to distinguish between 2753hostnames and usernames). Enabling this feature will keep you from 2754sending mails to all addresses that have an error message or REJECT 2755as value part in the access map. Taking the example from above: 2756 2757 spammer@aol.com REJECT 2758 cyberspammer.com REJECT 2759 2760Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 2761That's why tagged entries should be used. 2762 2763There are several DNS based blocklists which can be found by 2764querying a search engine. These are databases of spammers 2765maintained in DNS. To use such a database, specify 2766 2767 FEATURE(`dnsbl', `dnsbl.example.com') 2768 2769This will cause sendmail to reject mail from any site listed in the 2770DNS based blocklist. You must select a DNS based blocklist domain 2771to check by specifying an argument to the FEATURE. The default 2772error message is 2773 2774 Rejected: IP-ADDRESS listed at SERVER 2775 2776where IP-ADDRESS and SERVER are replaced by the appropriate 2777information. A second argument can be used to specify a different 2778text or action. For example, 2779 2780 FEATURE(`dnsbl', `dnsbl.example.com', `quarantine') 2781 2782would quarantine the message if the client IP address is listed 2783at `dnsbl.example.com'. 2784 2785By default, temporary lookup failures are ignored 2786and hence cause the connection not to be rejected by the DNS based 2787rejection list. This behavior can be changed by specifying a third 2788argument, which must be either `t' or a full error message. For 2789example: 2790 2791 FEATURE(`dnsbl', `dnsbl.example.com', `', 2792 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"') 2793 2794If `t' is used, the error message is: 2795 2796 451 Temporary lookup failure of IP-ADDRESS at SERVER 2797 2798where IP-ADDRESS and SERVER are replaced by the appropriate 2799information. 2800 2801This FEATURE can be included several times to query different 2802DNS based rejection lists. 2803 2804Notice: to avoid checking your own local domains against those 2805blocklists, use the access_db feature and add: 2806 2807 Connect:10.1 OK 2808 Connect:127.0.0.1 RELAY 2809 2810to the access map, where 10.1 is your local network. You may 2811want to use "RELAY" instead of "OK" to allow also relaying 2812instead of just disabling the DNS lookups in the blocklists. 2813 2814 2815The features described above make use of the check_relay, check_mail, 2816and check_rcpt rulesets. Note that check_relay checks the SMTP 2817client hostname and IP address when the connection is made to your 2818server. It does not check if a mail message is being relayed to 2819another server. That check is done in check_rcpt. If you wish to 2820include your own checks, you can put your checks in the rulesets 2821Local_check_relay, Local_check_mail, and Local_check_rcpt. For 2822example if you wanted to block senders with all numeric usernames 2823(i.e. 2312343@bigisp.com), you would use Local_check_mail and the 2824regex map: 2825 2826 LOCAL_CONFIG 2827 Kallnumbers regex -a@MATCH ^[0-9]+$ 2828 2829 LOCAL_RULESETS 2830 SLocal_check_mail 2831 # check address against various regex checks 2832 R$* $: $>Parse0 $>3 $1 2833 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 2834 R@MATCH $#error $: 553 Address Error 2835 2836These rules are called with the original arguments of the corresponding 2837check_* ruleset. If the local ruleset returns $#OK, no further checking 2838is done by the features described above and the mail is accepted. If 2839the local ruleset resolves to a mailer (such as $#error or $#discard), 2840the appropriate action is taken. Other results starting with $# are 2841interpreted by sendmail and may lead to unspecified behavior. Note: do 2842NOT create a mailer with the name OK. Return values that do not start 2843with $# are ignored, i.e., normal processing continues. 2844 2845Delay all checks 2846---------------- 2847 2848By using FEATURE(`delay_checks') the rulesets check_mail and check_relay 2849will not be called when a client connects or issues a MAIL command, 2850respectively. Instead, those rulesets will be called by the check_rcpt 2851ruleset; they will be skipped if a sender has been authenticated using 2852a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). 2853If check_mail returns an error then the RCPT TO command will be rejected 2854with that error. If it returns some other result starting with $# then 2855check_relay will be skipped. If the sender address (or a part of it) is 2856listed in the access map and it has a RHS of OK or RELAY, then check_relay 2857will be skipped. This has an interesting side effect: if your domain is 2858my.domain and you have 2859 2860 my.domain RELAY 2861 2862in the access map, then any e-mail with a sender address of 2863<user@my.domain> will not be rejected by check_relay even though 2864it would match the hostname or IP address. This allows spammers 2865to get around DNS based blocklist by faking the sender address. To 2866avoid this problem you have to use tagged entries: 2867 2868 To:my.domain RELAY 2869 Connect:my.domain RELAY 2870 2871if you need those entries at all (class {R} may take care of them). 2872 2873FEATURE(`delay_checks') can take an optional argument: 2874 2875 FEATURE(`delay_checks', `friend') 2876 enables spamfriend test 2877 FEATURE(`delay_checks', `hater') 2878 enables spamhater test 2879 2880If such an argument is given, the recipient will be looked up in the 2881access map (using the tag Spam:). If the argument is `friend', then 2882the default behavior is to apply the other rulesets and make a SPAM 2883friend the exception. The rulesets check_mail and check_relay will be 2884skipped only if the recipient address is found and has RHS FRIEND. If 2885the argument is `hater', then the default behavior is to skip the rulesets 2886check_mail and check_relay and make a SPAM hater the exception. The 2887other two rulesets will be applied only if the recipient address is 2888found and has RHS HATER. 2889 2890This allows for simple exceptions from the tests, e.g., by activating 2891the friend option and having 2892 2893 Spam:abuse@ FRIEND 2894 2895in the access map, mail to abuse@localdomain will get through (where 2896"localdomain" is any domain in class {w}). It is also possible to 2897specify a full address or an address with +detail: 2898 2899 Spam:abuse@my.domain FRIEND 2900 Spam:me+abuse@ FRIEND 2901 Spam:spam.domain FRIEND 2902 2903Note: The required tag has been changed in 8.12 from To: to Spam:. 2904This change is incompatible to previous versions. However, you can 2905(for now) simply add the new entries to the access map, the old 2906ones will be ignored. As soon as you removed the old entries from 2907the access map, specify a third parameter (`n') to this feature and 2908the backward compatibility rules will not be in the generated .cf 2909file. 2910 2911Header Checks 2912------------- 2913 2914You can also reject mail on the basis of the contents of headers. 2915This is done by adding a ruleset call to the 'H' header definition command 2916in sendmail.cf. For example, this can be used to check the validity of 2917a Message-ID: header: 2918 2919 LOCAL_CONFIG 2920 HMessage-Id: $>CheckMessageId 2921 2922 LOCAL_RULESETS 2923 SCheckMessageId 2924 R< $+ @ $+ > $@ OK 2925 R$* $#error $: 553 Header Error 2926 2927The alternative format: 2928 2929 HSubject: $>+CheckSubject 2930 2931that is, $>+ instead of $>, gives the full Subject: header including 2932comments to the ruleset (comments in parentheses () are stripped 2933by default). 2934 2935A default ruleset for headers which don't have a specific ruleset 2936defined for them can be given by: 2937 2938 H*: $>CheckHdr 2939 2940Notice: 29411. All rules act on tokens as explained in doc/op/op.{me,ps,txt}. 2942That may cause problems with simple header checks due to the 2943tokenization. It might be simpler to use a regex map and apply it 2944to $&{currHeader}. 29452. There are no default rulesets coming with this distribution of 2946sendmail. You can write your own, can search the WWW for examples, 2947or take a look at cf/cf/knecht.mc. 29483. When using a default ruleset for headers, the name of the header 2949currently being checked can be found in the $&{hdr_name} macro. 2950 2951After all of the headers are read, the check_eoh ruleset will be called for 2952any final header-related checks. The ruleset is called with the number of 2953headers and the size of all of the headers in bytes separated by $|. One 2954example usage is to reject messages which do not have a Message-Id: 2955header. However, the Message-Id: header is *NOT* a required header and is 2956not a guaranteed spam indicator. This ruleset is an example and should 2957probably not be used in production. 2958 2959 LOCAL_CONFIG 2960 Kstorage macro 2961 HMessage-Id: $>CheckMessageId 2962 2963 LOCAL_RULESETS 2964 SCheckMessageId 2965 # Record the presence of the header 2966 R$* $: $(storage {MessageIdCheck} $@ OK $) $1 2967 R< $+ @ $+ > $@ OK 2968 R$* $#error $: 553 Header Error 2969 2970 Scheck_eoh 2971 # Check the macro 2972 R$* $: < $&{MessageIdCheck} > 2973 # Clear the macro for the next message 2974 R$* $: $(storage {MessageIdCheck} $) $1 2975 # Has a Message-Id: header 2976 R< $+ > $@ OK 2977 # Allow missing Message-Id: from local mail 2978 R$* $: < $&{client_name} > 2979 R< > $@ OK 2980 R< $=w > $@ OK 2981 # Otherwise, reject the mail 2982 R$* $#error $: 553 Header Error 2983 2984 2985+--------------------+ 2986| CONNECTION CONTROL | 2987+--------------------+ 2988 2989The features ratecontrol and conncontrol allow to establish connection 2990limits per client IP address or net. These features can limit the 2991rate of connections (connections per time unit) or the number of 2992incoming SMTP connections, respectively. If enabled, appropriate 2993rulesets are called at the end of check_relay, i.e., after DNS 2994blocklists and generic access_db operations. The features require 2995FEATURE(`access_db') to be listed earlier in the mc file. 2996 2997Note: FEATURE(`delay_checks') delays those connection control checks 2998after a recipient address has been received, hence making these 2999connection control features less useful. To run the checks as early 3000as possible, specify the parameter `nodelay', e.g., 3001 3002 FEATURE(`ratecontrol', `nodelay') 3003 3004In that case, FEATURE(`delay_checks') has no effect on connection 3005control (and it must be specified earlier in the mc file). 3006 3007An optional second argument `terminate' specifies whether the 3008rulesets should return the error code 421 which will cause 3009sendmail to terminate the session with that error if it is 3010returned from check_relay, i.e., not delayed as explained in 3011the previous paragraph. Example: 3012 3013 FEATURE(`ratecontrol', `nodelay', `terminate') 3014 3015 3016+----------+ 3017| STARTTLS | 3018+----------+ 3019 3020In this text, cert will be used as an abbreviation for X.509 certificate, 3021DN (CN) is the distinguished (common) name of a cert, and CA is a 3022certification authority, which signs (issues) certs. 3023 3024For STARTTLS to be offered by sendmail you need to set at least 3025these variables (the file names and paths are just examples): 3026 3027 define(`confCACERT_PATH', `/etc/mail/certs/') 3028 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 3029 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 3030 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 3031 3032On systems which do not have the compile flag HASURANDOM set (see 3033sendmail/README) you also must set confRAND_FILE. 3034 3035See doc/op/op.{me,ps,txt} for more information about these options, 3036especially the sections ``Certificates for STARTTLS'' and ``PRNG for 3037STARTTLS''. 3038 3039Macros related to STARTTLS are: 3040 3041${cert_issuer} holds the DN of the CA (the cert issuer). 3042${cert_subject} holds the DN of the cert (called the cert subject). 3043${cn_issuer} holds the CN of the CA (the cert issuer). 3044${cn_subject} holds the CN of the cert (called the cert subject). 3045${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, 3046 TLSv1/SSLv3, SSLv3, SSLv2. 3047${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 3048 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. 3049${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm 3050 used for the connection. 3051${verify} holds the result of the verification of the presented cert. 3052 Possible values are: 3053 OK verification succeeded. 3054 NO no cert presented. 3055 NOT no cert requested. 3056 FAIL cert presented but could not be verified, 3057 e.g., the cert of the signing CA is missing. 3058 NONE STARTTLS has not been performed. 3059 TEMP temporary error occurred. 3060 PROTOCOL protocol error occurred (SMTP level). 3061 SOFTWARE STARTTLS handshake failed. 3062${server_name} the name of the server of the current outgoing SMTP 3063 connection. 3064${server_addr} the address of the server of the current outgoing SMTP 3065 connection. 3066 3067Relaying 3068-------- 3069 3070SMTP STARTTLS can allow relaying for remote SMTP clients which have 3071successfully authenticated themselves. If the verification of the cert 3072failed (${verify} != OK), relaying is subject to the usual rules. 3073Otherwise the DN of the issuer is looked up in the access map using the 3074tag CERTISSUER. If the resulting value is RELAY, relaying is allowed. 3075If it is SUBJECT, the DN of the cert subject is looked up next in the 3076access map using the tag CERTSUBJECT. If the value is RELAY, relaying 3077is allowed. 3078 3079To make things a bit more flexible (or complicated), the values for 3080${cert_issuer} and ${cert_subject} can be optionally modified by regular 3081expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and 3082_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in 3083rulesets and map lookups, they are modified as follows: each non-printable 3084character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced 3085by their HEX value with a leading '+'. For example: 3086 3087/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/emailAddress= 3088darth+cert@endmail.org 3089 3090is encoded as: 3091 3092/C=US/ST=California/O=endmail.org/OU=private/CN= 3093Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org 3094 3095(line breaks have been inserted for readability). 3096 3097The macros which are subject to this encoding are ${cert_subject}, 3098${cert_issuer}, ${cn_subject}, and ${cn_issuer}. 3099 3100Examples: 3101 3102To allow relaying for everyone who can present a cert signed by 3103 3104/C=US/ST=California/O=endmail.org/OU=private/CN= 3105Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org 3106 3107simply use: 3108 3109CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 3110Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org RELAY 3111 3112To allow relaying only for a subset of machines that have a cert signed by 3113 3114/C=US/ST=California/O=endmail.org/OU=private/CN= 3115Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org 3116 3117use: 3118 3119CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 3120Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org SUBJECT 3121CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= 3122DeathStar/emailAddress=deathstar@endmail.org RELAY 3123 3124Note: line breaks have been inserted after "CN=" for readability, 3125each tagged entry must be one (long) line in the access map. 3126 3127Of course it is also possible to write a simple ruleset that allows 3128relaying for everyone who can present a cert that can be verified, e.g., 3129 3130LOCAL_RULESETS 3131SLocal_check_rcpt 3132R$* $: $&{verify} 3133ROK $# OK 3134 3135Allowing Connections 3136-------------------- 3137 3138The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether 3139an SMTP connection is accepted (or should continue). 3140 3141tls_server is called when sendmail acts as client after a STARTTLS command 3142(should) have been issued. The parameter is the value of ${verify}. 3143 3144tls_client is called when sendmail acts as server, after a STARTTLS command 3145has been issued, and from check_mail. The parameter is the value of 3146${verify} and STARTTLS or MAIL, respectively. 3147 3148Both rulesets behave the same. If no access map is in use, the connection 3149will be accepted unless ${verify} is SOFTWARE, in which case the connection 3150is always aborted. For tls_server/tls_client, ${client_name}/${server_name} 3151is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done 3152with the ruleset LookUpDomain. If no entry is found, ${client_addr} 3153(${server_addr}) is looked up in the access map (same tag, ruleset 3154LookUpAddr). If this doesn't result in an entry either, just the tag is 3155looked up in the access map (included the trailing colon). Notice: 3156requiring that e-mail is sent to a server only encrypted, e.g., via 3157 3158TLS_Srv:secure.domain ENCR:112 3159 3160doesn't necessarily mean that e-mail sent to that domain is encrypted. 3161If the domain has multiple MX servers, e.g., 3162 3163secure.domain. IN MX 10 mail.secure.domain. 3164secure.domain. IN MX 50 mail.other.domain. 3165 3166then mail to user@secure.domain may go unencrypted to mail.other.domain. 3167tls_rcpt can be used to address this problem. 3168 3169tls_rcpt is called before a RCPT TO: command is sent. The parameter is the 3170current recipient. This ruleset is only defined if FEATURE(`access_db') 3171is selected. A recipient address user@domain is looked up in the access 3172map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain, 3173and TLS_Rcpt:; the first match is taken. 3174 3175The result of the lookups is then used to call the ruleset TLS_connection, 3176which checks the requirement specified by the RHS in the access map against 3177the actual parameters of the current TLS connection, esp. ${verify} and 3178${cipher_bits}. Legal RHSs in the access map are: 3179 3180VERIFY verification must have succeeded 3181VERIFY:bits verification must have succeeded and ${cipher_bits} must 3182 be greater than or equal bits. 3183ENCR:bits ${cipher_bits} must be greater than or equal bits. 3184 3185The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary 3186or permanent error. The default is a temporary error code (403 4.7.0) 3187unless the macro TLS_PERM_ERR is set during generation of the .cf file. 3188 3189If a certain level of encryption is required, then it might also be 3190possible that this level is provided by the security layer from a SASL 3191algorithm, e.g., DIGEST-MD5. 3192 3193Furthermore, there can be a list of extensions added. Such a list 3194starts with '+' and the items are separated by '++'. Allowed 3195extensions are: 3196 3197CN:name name must match ${cn_subject} 3198CN ${client_name}/${server_name} must match ${cn_subject} 3199CS:name name must match ${cert_subject} 3200CI:name name must match ${cert_issuer} 3201CITag:MYTag look up MYTag:${cert_issuer} in access map; the check 3202 only succeeds if it is found with a RHS of OK. 3203 3204Example: e-mail sent to secure.example.com should only use an encrypted 3205connection. E-mail received from hosts within the laptop.example.com domain 3206should only be accepted if they have been authenticated. The host which 3207receives e-mail for darth@endmail.org must present a cert that uses the 3208CN smtp.endmail.org. E-mail sent to safe.example.com must be verified, 3209have a matching CN, and must present a cert signed by a CA with one of 3210the listed DNs. 3211 3212TLS_Srv:secure.example.com ENCR:112 3213TLS_Clt:laptop.example.com PERM+VERIFY:112 3214TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org 3215TLS_Srv:safe.example.net VERIFY+CN++CITag:MyCA 3216MyCA:/C=US/ST=CA/O=safe/CN=example.net/ OK 3217MyCA:/C=US/ST=CA/O=secure/CN=example.net/ OK 3218 3219 3220TLS Options per Session 3221----------------------- 3222 3223By default STARTTLS is used whenever possible. However, there are 3224MTAs with STARTTLS interoperability issues. To be able to send to 3225(or receive from) those MTAs several features are available: 3226 32271) Various TLS options be be set per IP/domain. 32282) STARTTLS can be turned off for specific IP addresses/domains. 3229 3230About 1): the rulesets tls_srv_features and tls_clt_features can 3231be used to return a (semicolon separated) list of TLS related 3232options: 3233 3234- Options: compare {Server,Client}SSLOptions. 3235- CipherList: same as the global option. 3236- CertFile, KeyFile: {Server,Client}{Cert,Key}File 3237- Flags: see doc/op/op.me for details. 3238 3239If FEATURE(`tls_session_features') and FEATURE(`access_db') are 3240used, then default rulesets are activated which look up entries in 3241the access map with the tags TLS_Srv_features and TLS_Clt_features, 3242respectively. For example, these entries: 3243 3244TLS_Srv_features:10.0.2.4 CipherList=MEDIUM+aRSA; 3245TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT 3246 3247specify a cipherlist with MEDIUM strength ciphers that use RSA 3248certificates only for the client with the IP address 10.0.2.4, 3249and turn off TLSv1.2 when connecting to the server with the IP 3250address 10.1.0.1 as well as setting a specific cipherlist. 3251If FEATURE(`tls_session_features') is not used the user can provide 3252their own rulesets which must return the appropriate data. 3253If the rulesets are not defined or do not return a value, the 3254default TLS options are not modified. 3255 3256About 2): the rulesets try_tls, srv_features, and clt_features can 3257be used together with the access map. Entries for the access map 3258must be tagged with Try_TLS, Srv_Features, Clt_Features and refer 3259to the hostname or IP address of the connecting system. A default 3260case can be specified by using just the tag. For example, the 3261following entries in the access map: 3262 3263 Try_TLS:broken.server NO 3264 Srv_Features:my.domain v 3265 Srv_Features: V 3266 Clt_Features:broken.sts M 3267 3268will turn off STARTTLS when sending to broken.server (or any host 3269in that domain), request a client certificate during the TLS handshake 3270only for hosts in my.domain, and disable MTA-STS for broken.sts. 3271The valid entries on the RHS for Srv_Features and Clt_Features are 3272listed in the Sendmail Installation and Operations Guide. 3273 3274 3275Received: Header 3276---------------- 3277 3278The Received: header reveals whether STARTTLS has been used. It contains an 3279extra line: 3280 3281(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify}) 3282 3283 3284+---------------------+ 3285| SMTP AUTHENTICATION | 3286+---------------------+ 3287 3288The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be 3289used in anti-relay rulesets to allow relaying for those users that 3290authenticated themselves. A very simple example is: 3291 3292SLocal_check_rcpt 3293R$* $: $&{auth_type} 3294R$+ $# OK 3295 3296which checks whether a user has successfully authenticated using 3297any available mechanism. Depending on the setup of the Cyrus SASL 3298library, more sophisticated rulesets might be required, e.g., 3299 3300SLocal_check_rcpt 3301R$* $: $&{auth_type} $| $&{auth_authen} 3302RDIGEST-MD5 $| $+@$=w $# OK 3303 3304to allow relaying for users that authenticated using DIGEST-MD5 3305and have an identity in the local domains. 3306 3307The ruleset trust_auth is used to determine whether a given AUTH= 3308parameter (that is passed to this ruleset) should be trusted. This 3309ruleset may make use of the other ${auth_*} macros. Only if the 3310ruleset resolves to the error mailer, the AUTH= parameter is not 3311trusted. A user supplied ruleset Local_trust_auth can be written 3312to modify the default behavior, which only trust the AUTH= 3313parameter if it is identical to the authenticated user. 3314 3315Per default, relaying is allowed for any user who authenticated 3316via a "trusted" mechanism, i.e., one that is defined via 3317TRUST_AUTH_MECH(`list of mechanisms') 3318For example: 3319TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5') 3320 3321If the selected mechanism provides a security layer the number of 3322bits used for the key of the symmetric cipher is stored in the 3323macro ${auth_ssf}. 3324 3325Providing SMTP AUTH Data when sendmail acts as Client 3326----------------------------------------------------- 3327 3328If sendmail acts as client, it needs some information how to 3329authenticate against another MTA. This information can be provided 3330by the ruleset authinfo or by the option DefaultAuthInfo. The 3331authinfo ruleset looks up {server_name} using the tag AuthInfo: in 3332the access map. If no entry is found, {server_addr} is looked up 3333in the same way and finally just the tag AuthInfo: to provide 3334default values. Note: searches for domain parts or IP nets are 3335only performed if the access map is used; if the authinfo feature 3336is used then only up to three lookups are performed (two exact 3337matches, one default). 3338 3339Note: If your daemon does client authentication when sending, and 3340if it uses either PLAIN or LOGIN authentication, then you *must* 3341prevent ordinary users from seeing verbose output. Do NOT install 3342sendmail set-user-ID. Use PrivacyOptions to turn off verbose output 3343("goaway" works for this). 3344 3345Notice: the default configuration file causes the option DefaultAuthInfo 3346to fail since the ruleset authinfo is in the .cf file. If you really 3347want to use DefaultAuthInfo (it is deprecated) then you have to 3348remove the ruleset. 3349 3350The RHS for an AuthInfo: entry in the access map should consists of a 3351list of tokens, each of which has the form: "TDstring" (including 3352the quotes). T is a tag which describes the item, D is a delimiter, 3353either ':' for simple text or '=' for a base64 encoded string. 3354Valid values for the tag are: 3355 3356 U user (authorization) id 3357 I authentication id 3358 P password 3359 R realm 3360 M list of mechanisms delimited by spaces 3361 3362Example entries are: 3363 3364AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5" 3365AuthInfo:host.more.dom "U:user" "P=c2VjcmV0" 3366 3367User id or authentication id must exist as well as the password. All 3368other entries have default values. If one of user or authentication 3369id is missing, the existing value is used for the missing item. 3370If "R:" is not specified, realm defaults to $j. The list of mechanisms 3371defaults to those specified by AuthMechanisms. 3372 3373Since this map contains sensitive information, either the access 3374map must be unreadable by everyone but root (or the trusted user) 3375or FEATURE(`authinfo') must be used which provides a separate map. 3376Notice: It is not checked whether the map is actually 3377group/world-unreadable, this is left to the user. 3378 3379+--------------------------------+ 3380| ADDING NEW MAILERS OR RULESETS | 3381+--------------------------------+ 3382 3383Sometimes you may need to add entirely new mailers or rulesets. They 3384should be introduced with the constructs MAILER_DEFINITIONS and 3385LOCAL_RULESETS respectively. For example: 3386 3387 MAILER_DEFINITIONS 3388 Mmymailer, ... 3389 ... 3390 3391 LOCAL_RULESETS 3392 Smyruleset 3393 ... 3394 3395Local additions for the rulesets srv_features, clt_features, try_tls, 3396tls_rcpt, tls_client, and tls_server can be made using LOCAL_SRV_FEATURES, 3397LOCAL_CLT_FEATURES, LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, 3398and LOCAL_TLS_SERVER, respectively. For example, to add a local 3399ruleset that decides whether to try STARTTLS in a sendmail client, use: 3400 3401 LOCAL_TRY_TLS 3402 R... 3403 3404Note: you don't need to add a name for the ruleset, it is implicitly 3405defined by using the appropriate macro. 3406 3407 3408+-------------------------+ 3409| ADDING NEW MAIL FILTERS | 3410+-------------------------+ 3411 3412Sendmail supports mail filters to filter incoming SMTP messages according 3413to the "Sendmail Mail Filter API" documentation. These filters can be 3414configured in your mc file using the two commands: 3415 3416 MAIL_FILTER(`name', `equates') 3417 INPUT_MAIL_FILTER(`name', `equates') 3418 3419The first command, MAIL_FILTER(), simply defines a filter with the given 3420name and equates. For example: 3421 3422 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3423 3424This creates the equivalent sendmail.cf entry: 3425 3426 Xarchive, S=local:/var/run/archivesock, F=R 3427 3428The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER 3429but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name 3430of the filter such that the filter will actually be called by sendmail. 3431 3432For example, the two commands: 3433 3434 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3435 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3436 3437are equivalent to the three commands: 3438 3439 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3440 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3441 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') 3442 3443In general, INPUT_MAIL_FILTER() should be used unless you need to define 3444more filters than you want to use for `confINPUT_MAIL_FILTERS'. 3445 3446Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() 3447commands will clear the list created by the prior INPUT_MAIL_FILTER() 3448commands. 3449 3450 3451+-------------------------+ 3452| QUEUE GROUP DEFINITIONS | 3453+-------------------------+ 3454 3455In addition to the queue directory (which is the default queue group 3456called "mqueue"), sendmail can deal with multiple queue groups, which 3457are collections of queue directories with the same behaviour. Queue 3458groups can be defined using the command: 3459 3460 QUEUE_GROUP(`name', `equates') 3461 3462For details about queue groups, please see doc/op/op.{me,ps,txt}. 3463 3464+-------------------------------+ 3465| NON-SMTP BASED CONFIGURATIONS | 3466+-------------------------------+ 3467 3468These configuration files are designed primarily for use by 3469SMTP-based sites. They may not be well tuned for UUCP-only or 3470UUCP-primarily nodes (the latter is defined as a small local net 3471connected to the rest of the world via UUCP). However, there is 3472one hook to handle some special cases. 3473 3474You can define a ``smart host'' that understands a richer address syntax 3475using: 3476 3477 define(`SMART_HOST', `mailer:hostname') 3478 3479In this case, the ``mailer:'' defaults to "relay". Any messages that 3480can't be handled using the usual UUCP rules are passed to this host. 3481 3482If you are on a local SMTP-based net that connects to the outside 3483world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 3484For example: 3485 3486 define(`SMART_HOST', `uucp-new:uunet') 3487 LOCAL_NET_CONFIG 3488 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 3489 3490This will cause all names that end in your domain name ($m) to be sent 3491via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. 3492If you have FEATURE(`nocanonify'), you may need to omit the dots after 3493the $m. If you are running a local DNS inside your domain which is 3494not otherwise connected to the outside world, you probably want to 3495use: 3496 3497 define(`SMART_HOST', `smtp:fire.wall.com') 3498 LOCAL_NET_CONFIG 3499 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 3500 3501That is, send directly only to things you found in your DNS lookup; 3502anything else goes through SMART_HOST. 3503 3504You may need to turn off the anti-spam rules in order to accept 3505UUCP mail with FEATURE(`promiscuous_relay') and 3506FEATURE(`accept_unresolvable_domains'). 3507 3508 3509+-----------+ 3510| WHO AM I? | 3511+-----------+ 3512 3513Normally, the $j macro is automatically defined to be your fully 3514qualified domain name (FQDN). Sendmail does this by getting your 3515host name using gethostname and then calling gethostbyname on the 3516result. For example, in some environments gethostname returns 3517only the root of the host name (such as "foo"); gethostbyname is 3518supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 3519cases, gethostbyname may fail to return the FQDN. In this case 3520you MUST define confDOMAIN_NAME to be your fully qualified domain 3521name. This is usually done using: 3522 3523 Dmbar.com 3524 define(`confDOMAIN_NAME', `$w.$m')dnl 3525 3526 3527+-----------------------------------+ 3528| ACCEPTING MAIL FOR MULTIPLE NAMES | 3529+-----------------------------------+ 3530 3531If your host is known by several different names, you need to augment 3532class {w}. This is a list of names by which your host is known, and 3533anything sent to an address using a host name in this list will be 3534treated as local mail. You can do this in two ways: either create the 3535file /etc/mail/local-host-names containing a list of your aliases (one per 3536line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add 3537``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified 3538name of the host, rather than a short name. 3539 3540If you want to have different address in different domains, take 3541a look at the virtusertable feature, which is also explained at 3542http://www.sendmail.org/virtual-hosting.html 3543 3544 3545+--------------------+ 3546| USING MAILERTABLES | 3547+--------------------+ 3548 3549To use FEATURE(`mailertable'), you will have to create an external 3550database containing the routing information for various domains. 3551For example, a mailertable file in text format might be: 3552 3553 .my.domain xnet:%1.my.domain 3554 uuhost1.my.domain uucp-new:uuhost1 3555 .bitnet smtp:relay.bit.net 3556 3557This should normally be stored in /etc/mail/mailertable. The actual 3558database version of the mailertable is built using: 3559 3560 makemap hash /etc/mail/mailertable < /etc/mail/mailertable 3561 3562The semantics are simple. Any LHS entry that does not begin with 3563a dot matches the full host name indicated. LHS entries beginning 3564with a dot match anything ending with that domain name (including 3565the leading dot) -- that is, they can be thought of as having a 3566leading ".+" regular expression pattern for a non-empty sequence of 3567characters. Matching is done in order of most-to-least qualified 3568-- for example, even though ".my.domain" is listed first in the 3569above example, an entry of "uuhost1.my.domain" will match the second 3570entry since it is more explicit. Note: e-mail to "user@my.domain" 3571does not match any entry in the above table. You need to have 3572something like: 3573 3574 my.domain esmtp:host.my.domain 3575 3576The RHS should always be a "mailer:host" pair. The mailer is the 3577configuration name of a mailer (that is, an M line in the 3578sendmail.cf file). The "host" will be the hostname passed to 3579that mailer. In domain-based matches (that is, those with leading 3580dots) the "%1" may be used to interpolate the wildcarded part of 3581the host name. For example, the first line above sends everything 3582addressed to "anything.my.domain" to that same host name, but using 3583the (presumably experimental) xnet mailer. 3584 3585In some cases you may want to temporarily turn off MX records, 3586particularly on gateways. For example, you may want to MX 3587everything in a domain to one machine that then forwards it 3588directly. To do this, you might use the DNS configuration: 3589 3590 *.domain. IN MX 0 relay.machine 3591 3592and on relay.machine use the mailertable: 3593 3594 .domain smtp:[gateway.domain] 3595 3596The [square brackets] turn off MX records for this host only. 3597If you didn't do this, the mailertable would use the MX record 3598again, which would give you an MX loop. Note that the use of 3599wildcard MX records is almost always a bad idea. Please avoid 3600using them if possible. 3601 3602 3603+--------------------------------+ 3604| USING USERDB TO MAP FULL NAMES | 3605+--------------------------------+ 3606 3607The user database was not originally intended for mapping full names 3608to login names (e.g., Eric.Allman => eric), but some people are using 3609it that way. (it is recommended that you set up aliases for this 3610purpose instead -- since you can specify multiple alias files, this 3611is fairly easy.) The intent was to locate the default maildrop at 3612a site, but allow you to override this by sending to a specific host. 3613 3614If you decide to set up the user database in this fashion, it is 3615imperative that you not use FEATURE(`stickyhost') -- otherwise, 3616e-mail sent to Full.Name@local.host.name will be rejected. 3617 3618To build the internal form of the user database, use: 3619 3620 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt 3621 3622As a general rule, it is an extremely bad idea to using full names 3623as e-mail addresses, since they are not in any sense unique. For 3624example, the UNIX software-development community has at least two 3625well-known Peter Deutsches, and at one time Bell Labs had two 3626Stephen R. Bournes with offices along the same hallway. Which one 3627will be forced to suffer the indignity of being Stephen_R_Bourne_2? 3628The less famous of the two, or the one that was hired later? 3629 3630Finger should handle full names (and be fuzzy). Mail should use 3631handles, and not be fuzzy. 3632 3633 3634+--------------------------------+ 3635| MISCELLANEOUS SPECIAL FEATURES | 3636+--------------------------------+ 3637 3638Plussed users 3639 Sometimes it is convenient to merge configuration on a 3640 centralized mail machine, for example, to forward all 3641 root mail to a mail server. In this case it might be 3642 useful to be able to treat the root addresses as a class 3643 of addresses with subtle differences. You can do this 3644 using plussed users. For example, a client might include 3645 the alias: 3646 3647 root: root+client1@server 3648 3649 On the server, this will match an alias for "root+client1". 3650 If that is not found, the alias "root+*" will be tried, 3651 then "root". 3652 3653 3654+----------------+ 3655| SECURITY NOTES | 3656+----------------+ 3657 3658A lot of sendmail security comes down to you. Sendmail 8 is much 3659more careful about checking for security problems than previous 3660versions, but there are some things that you still need to watch 3661for. In particular: 3662 3663* Make sure the aliases file is not writable except by trusted 3664 system personnel. This includes both the text and database 3665 version. 3666 3667* Make sure that other files that sendmail reads, such as the 3668 mailertable, are only writable by trusted system personnel. 3669 3670* The queue directory should not be world writable PARTICULARLY 3671 if your system allows "file giveaways" (that is, if a non-root 3672 user can chown any file they own to any other user). 3673 3674* If your system allows file giveaways, DO NOT create a publicly 3675 writable directory for forward files. This will allow anyone 3676 to steal anyone else's e-mail. Instead, create a script that 3677 copies the .forward file from users' home directories once a 3678 night (if you want the non-NFS-mounted forward directory). 3679 3680* If your system allows file giveaways, you'll find that 3681 sendmail is much less trusting of :include: files -- in 3682 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 3683 /etc/shells before they will be trusted (that is, before 3684 files and programs listed in them will be honored). 3685 3686In general, file giveaways are a mistake -- if you can turn them 3687off, do so. 3688 3689 3690+--------------------------------+ 3691| TWEAKING CONFIGURATION OPTIONS | 3692+--------------------------------+ 3693 3694There are a large number of configuration options that don't normally 3695need to be changed. However, if you feel you need to tweak them, 3696you can define the following M4 variables. Note that some of these 3697variables require formats that are defined in RFC 2821 or RFC 2822. 3698Before changing them you need to make sure you do not violate those 3699(and other relevant) RFCs. 3700 3701This list is shown in four columns: the name you define, the default 3702value for that definition, the option or macro that is affected 3703(either Ox for an option or Dx for a macro), and a brief description. 3704Greater detail of the semantics can be found in the Installation 3705and Operations Guide. 3706 3707Some options are likely to be deprecated in future versions -- that is, 3708the option is only included to provide back-compatibility. These are 3709marked with "*". 3710 3711Remember that these options are M4 variables, and hence may need to 3712be quoted. In particular, arguments with commas will usually have to 3713be ``double quoted, like this phrase'' to avoid having the comma 3714confuse things. This is common for alias file definitions and for 3715the read timeout. 3716 3717M4 Variable Name Configuration [Default] & Description 3718================ ============= ======================= 3719confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 3720 for internally generated outgoing 3721 messages. 3722confDOMAIN_NAME $j macro If defined, sets $j. This should 3723 only be done if your system cannot 3724 determine your local domain name, 3725 and then it should be set to 3726 $w.Foo.COM, where Foo.COM is your 3727 domain name. 3728confCF_VERSION $Z macro If defined, this is appended to the 3729 configuration version name. 3730confLDAP_CLUSTER ${sendmailMTACluster} macro 3731 If defined, this is the LDAP 3732 cluster to use for LDAP searches 3733 as described above in ``USING LDAP 3734 FOR ALIASES, MAPS, AND CLASSES''. 3735confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 3736 internally generated From: address. 3737confRECEIVED_HEADER Received: 3738 [$?sfrom $s $.$?_($?s$|from $.$_) 3739 $.$?{auth_type}(authenticated) 3740 $.by $j ($v/$Z)$?r with $r$. id $i$?u 3741 for $u; $|; 3742 $.$b] 3743 The format of the Received: header 3744 in messages passed through this host. 3745 It is unwise to try to change this. 3746confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an 3747 internally generated Message-Id: 3748 header. 3749confCW_FILE Fw class [/etc/mail/local-host-names] Name 3750 of file used to get the local 3751 additions to class {w} (local host 3752 names). 3753confCT_FILE Ft class [/etc/mail/trusted-users] Name of 3754 file used to get the local additions 3755 to class {t} (trusted users). 3756confCR_FILE FR class [/etc/mail/relay-domains] Name of 3757 file used to get the local additions 3758 to class {R} (hosts allowed to relay). 3759confTRUSTED_USERS Ct class [no default] Names of users to add to 3760 the list of trusted users. This list 3761 always includes root, uucp, and daemon. 3762 See also FEATURE(`use_ct_file'). 3763confTRUSTED_USER TrustedUser [no default] Trusted user for file 3764 ownership and starting the daemon. 3765 Not to be confused with 3766 confTRUSTED_USERS (see above). 3767confSMTP_MAILER - [esmtp] The mailer name used when 3768 SMTP connectivity is required. 3769 One of "smtp", "smtp8", 3770 "esmtp", or "dsmtp". 3771confUUCP_MAILER - [uucp-old] The mailer to be used by 3772 default for bang-format recipient 3773 addresses. See also discussion of 3774 class {U}, class {Y}, and class {Z} 3775 in the MAILER(`uucp') section. 3776confLOCAL_MAILER - [local] The mailer name used when 3777 local connectivity is required. 3778 Almost always "local". 3779confRELAY_MAILER - [relay] The default mailer name used 3780 for relaying any mail (e.g., to a 3781 BITNET_RELAY, a SMART_HOST, or 3782 whatever). This can reasonably be 3783 "uucp-new" if you are on a 3784 UUCP-connected site. 3785confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 3786confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 3787confALIAS_WAIT AliasWait [10m] Time to wait for alias file 3788 rebuild until you get bored and 3789 decide that the apparently pending 3790 rebuild failed. 3791confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 3792 queue filesystem to accept SMTP mail. 3793 (Prior to 8.7 this was minfree/maxsize, 3794 where minfree was the number of free 3795 blocks and maxsize was the maximum 3796 message size. Use confMAX_MESSAGE_SIZE 3797 for the second value now.) 3798confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 3799 that will be accepted (in bytes). 3800confBLANK_SUB BlankSub [.] Blank (space) substitution 3801 character. 3802confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 3803 to mailers marked expensive. 3804confCHECKPOINT_INTERVAL CheckpointInterval 3805 [10] Checkpoint queue files every N 3806 recipients. 3807confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 3808confERROR_MODE ErrorMode [print] Error message mode. 3809confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 3810confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 3811confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 3812confMATCH_GECOS MatchGECOS [False] Match GECOS field. 3813confMAX_HOP MaxHopCount [25] Maximum hop count. 3814confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd 3815 mode] Ignore dot as terminator for 3816 incoming messages? 3817confBIND_OPTS ResolverOptions [undefined] Default options for DNS 3818 resolver. 3819confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 3820 encapsulated messages per RFC 1344. 3821confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 3822 The colon-separated list of places to 3823 search for .forward files. N.B.: see 3824 the Security Notes section. 3825confMCI_CACHE_SIZE ConnectionCacheSize 3826 [2] Size of open connection cache. 3827confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 3828 [5m] Open connection cache timeout. 3829confHOST_STATUS_DIRECTORY HostStatusDirectory 3830 [undefined] If set, host status is kept 3831 on disk between sendmail runs in the 3832 named directory tree. This need not be 3833 a full pathname, in which case it is 3834 interpreted relative to the queue 3835 directory. 3836confSINGLE_THREAD_DELIVERY SingleThreadDelivery 3837 [False] If this option and the 3838 HostStatusDirectory option are both 3839 set, single thread deliveries to other 3840 hosts. That is, don't allow any two 3841 sendmails on this host to connect 3842 simultaneously to any other single 3843 host. This can slow down delivery in 3844 some cases, in particular since a 3845 cached but otherwise idle connection 3846 to a host will prevent other sendmails 3847 from connecting to the other host. 3848confUSE_COMPRESSED_IPV6_ADDRESSES 3849 UseCompressedIPv6Addresses 3850 [undefined] If set, use the compressed 3851 form of IPv6 addresses, such as 3852 IPV6:::1, instead of the uncompressed 3853 form, such as IPv6:0:0:0:0:0:0:0:1. 3854confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to 3855 deliver error messages. This should 3856 not be necessary because of general 3857 acceptance of the envelope/header 3858 distinction. 3859confLOG_LEVEL LogLevel [9] Log level. 3860confME_TOO MeToo [True] Include sender in group 3861 expansions. This option is 3862 deprecated and will be removed from 3863 a future version. 3864confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 3865 running newaliases. Since this does 3866 DNS lookups on every address, it can 3867 slow down the alias rebuild process 3868 considerably on large alias files. 3869confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 3870 special chars are old style. 3871confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 3872confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 3873 copies of all error messages. 3874confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 3875confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for 3876 queue files (octal). If not set, 3877 sendmail uses 0600 unless its real 3878 and effective uid are different in 3879 which case it uses 0644. 3880confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 3881 syntax addresses to the minimum 3882 possible. 3883confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 3884 before forking. 3885confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 3886 on the initial connect. 3887confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 3888 connect() to complete. This can only 3889 shorten connection timeouts; the kernel 3890 silently enforces an absolute maximum 3891 (which varies depending on the system). 3892confTO_ICONNECT Timeout.iconnect 3893 [undefined] Like Timeout.connect, but 3894 applies only to the very first attempt 3895 to connect to a host in a message. 3896 This allows a single very fast pass 3897 followed by more careful delivery 3898 attempts in the future. 3899confTO_ACONNECT Timeout.aconnect 3900 [0] The overall timeout waiting for 3901 all connection for a single delivery 3902 attempt to succeed. If 0, no overall 3903 limit is applied. 3904confTO_HELO Timeout.helo [5m] The timeout waiting for a response 3905 to a HELO or EHLO command. 3906confTO_MAIL Timeout.mail [10m] The timeout waiting for a 3907 response to the MAIL command. 3908confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 3909 to the RCPT command. 3910confTO_DATAINIT Timeout.datainit 3911 [5m] The timeout waiting for a 354 3912 response from the DATA command. 3913confTO_DATABLOCK Timeout.datablock 3914 [1h] The timeout waiting for a block 3915 during DATA phase. 3916confTO_DATAFINAL Timeout.datafinal 3917 [1h] The timeout waiting for a response 3918 to the final "." that terminates a 3919 message. 3920confTO_RSET Timeout.rset [5m] The timeout waiting for a response 3921 to the RSET command. 3922confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 3923 to the QUIT command. 3924confTO_MISC Timeout.misc [2m] The timeout waiting for a response 3925 to other SMTP commands. 3926confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout 3927 waiting for a command to be issued. 3928confTO_IDENT Timeout.ident [5s] The timeout waiting for a 3929 response to an IDENT query. 3930confTO_FILEOPEN Timeout.fileopen 3931 [60s] The timeout waiting for a file 3932 (e.g., :include: file) to be opened. 3933confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response 3934 to an LMTP LHLO command. 3935confTO_AUTH Timeout.auth [10m] The timeout waiting for a 3936 response in an AUTH dialogue. 3937confTO_STARTTLS Timeout.starttls 3938 [1h] The timeout waiting for a 3939 response to an SMTP STARTTLS command. 3940confTO_CONTROL Timeout.control 3941 [2m] The timeout for a complete 3942 control socket transaction to complete. 3943confTO_QUEUERETURN Timeout.queuereturn 3944 [5d] The timeout before a message is 3945 returned as undeliverable. 3946confTO_QUEUERETURN_NORMAL 3947 Timeout.queuereturn.normal 3948 [undefined] As above, for normal 3949 priority messages. 3950confTO_QUEUERETURN_URGENT 3951 Timeout.queuereturn.urgent 3952 [undefined] As above, for urgent 3953 priority messages. 3954confTO_QUEUERETURN_NONURGENT 3955 Timeout.queuereturn.non-urgent 3956 [undefined] As above, for non-urgent 3957 (low) priority messages. 3958confTO_QUEUERETURN_DSN 3959 Timeout.queuereturn.dsn 3960 [undefined] As above, for delivery 3961 status notification messages. 3962confTO_QUEUEWARN Timeout.queuewarn 3963 [4h] The timeout before a warning 3964 message is sent to the sender telling 3965 them that the message has been 3966 deferred. 3967confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 3968 [undefined] As above, for normal 3969 priority messages. 3970confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 3971 [undefined] As above, for urgent 3972 priority messages. 3973confTO_QUEUEWARN_NONURGENT 3974 Timeout.queuewarn.non-urgent 3975 [undefined] As above, for non-urgent 3976 (low) priority messages. 3977confTO_QUEUEWARN_DSN 3978 Timeout.queuewarn.dsn 3979 [undefined] As above, for delivery 3980 status notification messages. 3981confTO_HOSTSTATUS Timeout.hoststatus 3982 [30m] How long information about host 3983 statuses will be maintained before it 3984 is considered stale and the host should 3985 be retried. This applies both within 3986 a single queue run and to persistent 3987 information (see below). 3988confTO_RESOLVER_RETRANS Timeout.resolver.retrans 3989 [varies] Sets the resolver's 3990 retransmission time interval (in 3991 seconds). Sets both 3992 Timeout.resolver.retrans.first and 3993 Timeout.resolver.retrans.normal. 3994confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 3995 [varies] Sets the resolver's 3996 retransmission time interval (in 3997 seconds) for the first attempt to 3998 deliver a message. 3999confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 4000 [varies] Sets the resolver's 4001 retransmission time interval (in 4002 seconds) for all resolver lookups 4003 except the first delivery attempt. 4004confTO_RESOLVER_RETRY Timeout.resolver.retry 4005 [varies] Sets the number of times 4006 to retransmit a resolver query. 4007 Sets both 4008 Timeout.resolver.retry.first and 4009 Timeout.resolver.retry.normal. 4010confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 4011 [varies] Sets the number of times 4012 to retransmit a resolver query for 4013 the first attempt to deliver a 4014 message. 4015confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 4016 [varies] Sets the number of times 4017 to retransmit a resolver query for 4018 all resolver lookups except the 4019 first delivery attempt. 4020confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 4021 USE_SYSTEM to use the system's idea, 4022 USE_TZ to use the user's TZ envariable, 4023 or something else to force that value. 4024confDEF_USER_ID DefaultUser [1:1] Default user id. 4025confUSERDB_SPEC UserDatabaseSpec 4026 [undefined] User database 4027 specification. 4028confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 4029confFALLBACK_SMARTHOST FallbackSmartHost 4030 [undefined] Fallback smart host. 4031confTLS_FALLBACK_TO_CLEAR TLSFallbacktoClear 4032 [undefined] If set, immediately try 4033 a connection again without STARTTLS 4034 after a TLS handshake failure. 4035confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX 4036 for a host and other arrangements 4037 haven't been made, try connecting 4038 to the host directly; normally this 4039 would be a config error. 4040confQUEUE_LA QueueLA [varies] Load average at which 4041 queue-only function kicks in. 4042 Default values is (8 * numproc) 4043 where numproc is the number of 4044 processors online (if that can be 4045 determined). 4046confREFUSE_LA RefuseLA [varies] Load average at which 4047 incoming SMTP connections are 4048 refused. Default values is (12 * 4049 numproc) where numproc is the 4050 number of processors online (if 4051 that can be determined). 4052confREJECT_LOG_INTERVAL RejectLogInterval [3h] Log interval when 4053 refusing connections for this long. 4054confDELAY_LA DelayLA [0] Load average at which sendmail 4055 will sleep for one second on most 4056 SMTP commands and before accepting 4057 connections. 0 means no limit. 4058confMAX_ALIAS_RECURSION MaxAliasRecursion 4059 [10] Maximum depth of alias recursion. 4060confMAX_DAEMON_CHILDREN MaxDaemonChildren 4061 [undefined] The maximum number of 4062 children the daemon will permit. After 4063 this number, connections will be 4064 rejected. If not set or <= 0, there is 4065 no limit. 4066confMAX_HEADERS_LENGTH MaxHeadersLength 4067 [32768] Maximum length of the sum 4068 of all headers. 4069confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 4070 [undefined] Maximum length of 4071 certain MIME header field values. 4072confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 4073 [undefined] The maximum number of 4074 connections permitted per second per 4075 daemon. After this many connections 4076 are accepted, further connections 4077 will be delayed. If not set or <= 0, 4078 there is no limit. 4079confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize 4080 [60s] Define the length of the 4081 interval for which the number of 4082 incoming connections is maintained. 4083confWORK_RECIPIENT_FACTOR 4084 RecipientFactor [30000] Cost of each recipient. 4085confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a 4086 separate process. 4087confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 4088confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 4089confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 4090 Priority, Host, Filename, Random, 4091 Modification, or Time. 4092confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater 4093 than zero, entries in the queue 4094 will be retried during a queue run 4095 only if the individual retry time 4096 has been reached which is doubled 4097 for each attempt. The maximum retry 4098 time is limited by the specified value. 4099confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 4100 must sit in the queue between queue 4101 runs. This allows you to set the 4102 queue run interval low for better 4103 responsiveness without trying all 4104 jobs in each run. 4105confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 4106 unlabeled 8 bit input to MIME, the 4107 character set to use by default. 4108confSERVICE_SWITCH_FILE ServiceSwitchFile 4109 [/etc/mail/service.switch] The file 4110 to use for the service switch on 4111 systems that do not have a 4112 system-defined switch. 4113confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 4114 "file" type access of hosts names. 4115confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 4116 long and try again. Zero means "don't 4117 retry". This is to allow "dial on 4118 demand" connections to have enough time 4119 to complete a connection. 4120confNO_RCPT_ACTION NoRecipientAction 4121 [none] What to do if there are no legal 4122 recipient fields (To:, Cc: or Bcc:) 4123 in the message. Legal values can 4124 be "none" to just leave the 4125 nonconforming message as is, "add-to" 4126 to add a To: header with all the 4127 known recipients (which may expose 4128 blind recipients), "add-apparently-to" 4129 to do the same but use Apparently-To: 4130 instead of To: (strongly discouraged 4131 in accordance with IETF standards), 4132 "add-bcc" to add an empty Bcc: 4133 header, or "add-to-undisclosed" to 4134 add the header 4135 ``To: undisclosed-recipients:;''. 4136confSAFE_FILE_ENV SafeFileEnvironment 4137 [undefined] If set, sendmail will do a 4138 chroot() into this directory before 4139 writing files. 4140confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 4141 If set, colons are treated as a regular 4142 character in addresses. If not set, 4143 they are treated as the introducer to 4144 the RFC 822 "group" syntax. Colons are 4145 handled properly in route-addrs. This 4146 option defaults on for V5 and lower 4147 configuration files. 4148confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 4149 any given queue run to this number of 4150 entries. Essentially, this will stop 4151 reading each queue directory after this 4152 number of entries are reached; it does 4153 _not_ pick the highest priority jobs, 4154 so this should be as large as your 4155 system can tolerate. If not set, there 4156 is no limit. 4157confMAX_QUEUE_CHILDREN MaxQueueChildren 4158 [undefined] Limits the maximum number 4159 of concurrent queue runners active. 4160 This is to keep system resources used 4161 within a reasonable limit. Relates to 4162 Queue Groups and ForkEachJob. 4163confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 4164 [1] Only active when MaxQueueChildren 4165 defined. Controls the maximum number 4166 of queue runners (aka queue children) 4167 active at the same time in a work 4168 group. See also MaxQueueChildren. 4169confDONT_EXPAND_CNAMES DontExpandCnames 4170 [False] If set, $[ ... $] lookups that 4171 do DNS based lookups do not expand 4172 CNAME records. This currently violates 4173 the published standards, but the IETF 4174 seems to be moving toward legalizing 4175 this. For example, if "FTP.Foo.ORG" 4176 is a CNAME for "Cruft.Foo.ORG", then 4177 with this option set a lookup of 4178 "FTP" will return "FTP.Foo.ORG"; if 4179 clear it returns "Cruft.FOO.ORG". N.B. 4180 you may not see any effect until your 4181 downstream neighbors stop doing CNAME 4182 lookups as well. 4183confFROM_LINE UnixFromLine [From $g $d] The From_ line used 4184 when sending to files or programs. 4185confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 4186 [False] From: lines that have 4187 embedded newlines are unwrapped 4188 onto one line. 4189confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 4190 does not include a host name. 4191confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 4192 name phrase (@,;:\()[] are automatic). 4193confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 4194 characters. 4195confSMTP_LOGIN_MSG SmtpGreetingMessage 4196 [$j Sendmail $v/$Z; $b] 4197 The initial (spontaneous) SMTP 4198 greeting message. The word "ESMTP" 4199 will be inserted between the first and 4200 second words to convince other 4201 sendmails to try to speak ESMTP. 4202confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 4203 routine will never be invoked. You 4204 might want to do this if you are 4205 running NIS and you have a large group 4206 map, since this call does a sequential 4207 scan of the map; in a large site this 4208 can cause your ypserv to run 4209 essentially full time. If you set 4210 this, agents run on behalf of users 4211 will only have their primary 4212 (/etc/passwd) group permissions. 4213confUNSAFE_GROUP_WRITES UnsafeGroupWrites 4214 [True] If set, group-writable 4215 :include: and .forward files are 4216 considered "unsafe", that is, programs 4217 and files cannot be directly referenced 4218 from such files. World-writable files 4219 are always considered unsafe. 4220 Notice: this option is deprecated and 4221 will be removed in future versions; 4222 Set GroupWritableForwardFileSafe 4223 and GroupWritableIncludeFileSafe in 4224 DontBlameSendmail if required. 4225confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection 4226 address (for testing). 4227confCONTROL_SOCKET_NAME ControlSocketName 4228 [undefined] Control socket for daemon 4229 management. 4230confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 4231 [postmaster] If an error occurs when 4232 sending an error message, send that 4233 "double bounce" error message to this 4234 address. If it expands to an empty 4235 string, double bounces are dropped. 4236confSOFT_BOUNCE SoftBounce [False] If set, issue temporary errors 4237 (4xy) instead of permanent errors 4238 (5xy). This can be useful during 4239 testing of a new configuration to 4240 avoid erroneous bouncing of mails. 4241confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce 4242 messages which could not be returned 4243 to the user or sent to postmaster. 4244 If not set, the queue file will 4245 be renamed. 4246confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header 4247 implies DSN request. 4248confRUN_AS_USER RunAsUser [undefined] If set, become this user 4249 when reading and delivering mail. 4250 Causes all file reads (e.g., .forward 4251 and :include: files) to be done as 4252 this user. Also, all programs will 4253 be run as this user, and all output 4254 files will be written as this user. 4255confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 4256 [infinite] If set, allow no more than 4257 the specified number of recipients in 4258 an SMTP envelope. Further recipients 4259 receive a 452 error code (i.e., they 4260 are deferred for the next delivery 4261 attempt). 4262confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified 4263 number of recipients in a single SMTP 4264 transaction have been rejected, sleep 4265 for one second after each subsequent 4266 RCPT command in that transaction. 4267confDONT_PROBE_INTERFACES DontProbeInterfaces 4268 [False] If set, sendmail will _not_ 4269 insert the names and addresses of any 4270 local interfaces into class {w} 4271 (list of known "equivalent" addresses). 4272 If you set this, you must also include 4273 some support for these addresses (e.g., 4274 in a mailertable entry) -- otherwise, 4275 mail to addresses in this list will 4276 bounce with a configuration error. 4277 If set to "loopback" (without 4278 quotes), sendmail will skip 4279 loopback interfaces (e.g., "lo0"). 4280confPID_FILE PidFile [system dependent] Location of pid 4281 file. 4282confPROCESS_TITLE_PREFIX ProcessTitlePrefix 4283 [undefined] Prefix string for the 4284 process title shown on 'ps' listings. 4285confDONT_BLAME_SENDMAIL DontBlameSendmail 4286 [safe] Override sendmail's file 4287 safety checks. This will definitely 4288 compromise system security and should 4289 not be used unless absolutely 4290 necessary. 4291confREJECT_MSG - [550 Access denied] The message 4292 given if the access database contains 4293 REJECT in the value portion. 4294confRELAY_MSG - [550 Relaying denied] The message 4295 given if an unauthorized relaying 4296 attempt is rejected. 4297confDF_BUFFER_SIZE DataFileBufferSize 4298 [4096] The maximum size of a 4299 memory-buffered data (df) file 4300 before a disk-based file is used. 4301confXF_BUFFER_SIZE XScriptFileBufferSize 4302 [4096] The maximum size of a 4303 memory-buffered transcript (xf) 4304 file before a disk-based file is 4305 used. 4306confAUTH_MECHANISMS AuthMechanisms [EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 4307 CRAM-MD5] List of authentication 4308 mechanisms for AUTH (separated by 4309 spaces). The advertised list of 4310 authentication mechanisms will be the 4311 intersection of this list and the list 4312 of available mechanisms as determined 4313 by the Cyrus SASL library. 4314confAUTH_REALM AuthRealm [undefined] The authentication realm 4315 that is passed to the Cyrus SASL 4316 library. If no realm is specified, 4317 $j is used. See KNOWNBUGS. 4318confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains 4319 authentication information for 4320 outgoing connections. This file must 4321 contain the user id, the authorization 4322 id, the password (plain text), the 4323 realm to use, and the list of 4324 mechanisms to try, each on a separate 4325 line and must be readable by root (or 4326 the trusted user) only. If no realm 4327 is specified, $j is used. If no 4328 mechanisms are given in the file, 4329 AuthMechanisms is used. Notice: this 4330 option is deprecated and will be 4331 removed in future versions; it doesn't 4332 work for the MSP since it can't read 4333 the file. Use the authinfo ruleset 4334 instead. See also the section SMTP 4335 AUTHENTICATION. 4336confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A' 4337 then the AUTH= parameter for the 4338 MAIL FROM command is only issued 4339 when authentication succeeded. 4340 See doc/op/op.me for more options 4341 and details. 4342confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption 4343 strength for the security layer in 4344 SMTP AUTH (SASL). Default is 4345 essentially unlimited. 4346confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 4347 verification is performed, i.e., 4348 the server doesn't ask for a 4349 certificate. 4350confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related 4351 options for server side. See 4352 SSL_CTX_set_options(3) for a list. 4353confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related 4354 options for client side. See 4355 SSL_CTX_set_options(3) for a list. 4356confCIPHER_LIST CipherList [undefined] Cipher list for TLS. 4357 See ciphers(1) for possible values. 4358confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map 4359 specification for LDAP maps. The 4360 value should only contain LDAP 4361 specific settings such as "-h host 4362 -p port -d bindDN", etc. The 4363 settings will be used for all LDAP 4364 maps unless they are specified in 4365 the individual map specification 4366 ('K' command). 4367confCACERT_PATH CACertPath [undefined] Path to directory with 4368 certificates of CAs which must contain 4369 their hashes as filenames or links. 4370confCACERT CACertFile [undefined] File containing at least 4371 one CA certificate. 4372confSERVER_CERT ServerCertFile [undefined] File containing the 4373 cert of the server, i.e., this cert 4374 is used when sendmail acts as 4375 server. 4376confSERVER_KEY ServerKeyFile [undefined] File containing the 4377 private key belonging to the server 4378 cert. 4379confCLIENT_CERT ClientCertFile [undefined] File containing the 4380 cert of the client, i.e., this cert 4381 is used when sendmail acts as 4382 client. 4383confCLIENT_KEY ClientKeyFile [undefined] File containing the 4384 private key belonging to the client 4385 cert. 4386confCRL CRLFile [undefined] File containing certificate 4387 revocation status, useful for X.509v3 4388 authentication. 4389confCRL_PATH CRLPath [undefined] Directory containing 4390 hashes pointing to certificate 4391 revocation status files. 4392confDH_PARAMETERS DHParameters [undefined] File containing the 4393 DH parameters. 4394confDANE DANE [false] Enable DANE support. 4395confRAND_FILE RandFile [undefined] File containing random 4396 data (use prefix file:) or the 4397 name of the UNIX socket if EGD is 4398 used (use prefix egd:). STARTTLS 4399 requires this option if the compile 4400 flag HASURANDOM is not set (see 4401 sendmail/README). 4402confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm 4403 [undefined] The fingerprint algorithm 4404 (digest) to use for the presented 4405 cert. 4406confSSL_ENGINE SSLEngine [undefined] Name of SSLEngine. 4407confSSL_ENGINE_PATH SSLEnginePath [undefined] Path to dynamic library 4408 for SSLEngine. 4409confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of 4410 queue runners is set the given value 4411 (nice(3)). 4412confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 4413 [undefined] Defines {daemon_flags} 4414 for direct submissions. 4415confUSE_MSP UseMSP [undefined] Use as mail submission 4416 program, see sendmail/SECURITY. 4417confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By 4418 SMTP Service Extension (RFC 2852). 4419confREQUIRES_DIR_FSYNC RequiresDirfsync [true] RequiresDirfsync can 4420 be used to turn off the compile time 4421 flag REQUIRES_DIR_FSYNC at runtime. 4422 See sendmail/README for details. 4423confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory. 4424confSHARED_MEMORY_KEY_FILE 4425 SharedMemoryKeyFile 4426 [undefined] File where the 4427 automatically selected key for 4428 shared memory is stored. 4429confFAST_SPLIT FastSplit [1] If set to a value greater than 4430 zero, the initial MX lookups on 4431 addresses is suppressed when they 4432 are sorted which may result in 4433 faster envelope splitting. If the 4434 mail is submitted directly from the 4435 command line, then the value also 4436 limits the number of processes to 4437 deliver the envelopes. 4438confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find 4439 information about local mailboxes. 4440confDEQUOTE_OPTS - [empty] Additional options for the 4441 dequote map. 4442confMAX_NOOP_COMMANDS MaxNOOPCommands [20] Maximum number of "useless" 4443 commands before the SMTP server 4444 will slow down responding. 4445confHELO_NAME HeloName If defined, use as name for EHLO/HELO 4446 command (instead of $j). 4447confINPUT_MAIL_FILTERS InputMailFilters 4448 A comma separated list of filters 4449 which determines which filters and 4450 the invocation sequence are 4451 contacted for incoming SMTP 4452 messages. If none are set, no 4453 filters will be contacted. 4454confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter 4455 actions, defaults to LogLevel. 4456confMILTER_MACROS_CONNECT Milter.macros.connect 4457 [j, _, {daemon_name}, {if_name}, 4458 {if_addr}] Macros to transmit to 4459 milters when a session connection 4460 starts. 4461confMILTER_MACROS_HELO Milter.macros.helo 4462 [{tls_version}, {cipher}, 4463 {cipher_bits}, {cert_subject}, 4464 {cert_issuer}] Macros to transmit to 4465 milters after HELO/EHLO command. 4466confMILTER_MACROS_ENVFROM Milter.macros.envfrom 4467 [i, {auth_type}, {auth_authen}, 4468 {auth_ssf}, {auth_author}, 4469 {mail_mailer}, {mail_host}, 4470 {mail_addr}] Macros to transmit to 4471 milters after MAIL FROM command. 4472confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 4473 [{rcpt_mailer}, {rcpt_host}, 4474 {rcpt_addr}] Macros to transmit to 4475 milters after RCPT TO command. 4476confMILTER_MACROS_EOM Milter.macros.eom 4477 [{msg_id}] Macros to transmit to 4478 milters after the terminating 4479 DATA '.' is received. 4480confMILTER_MACROS_EOH Milter.macros.eoh 4481 Macros to transmit to milters 4482 after the end of headers. 4483confMILTER_MACROS_DATA Milter.macros.data 4484 Macros to transmit to milters 4485 after DATA command is received. 4486 4487 4488See also the description of OSTYPE for some parameters that can be 4489tweaked (generally pathnames to mailers). 4490 4491ClientPortOptions and DaemonPortOptions are special cases since multiple 4492clients/daemons can be defined. This can be done via 4493 4494 CLIENT_OPTIONS(`field1=value1,field2=value2,...') 4495 DAEMON_OPTIONS(`field1=value1,field2=value2,...') 4496 4497Note that multiple CLIENT_OPTIONS() commands (and therefore multiple 4498ClientPortOptions settings) are allowed in order to give settings for each 4499protocol family (e.g., one for Family=inet and one for Family=inet6). A 4500restriction placed on one family only affects outgoing connections on that 4501particular family. 4502 4503If DAEMON_OPTIONS is not used, then the default is 4504 4505 DAEMON_OPTIONS(`Port=smtp, Name=MTA') 4506 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') 4507 4508If you use one DAEMON_OPTIONS macro, it will alter the parameters 4509of the first of these. The second will still be defaulted; it 4510represents a "Message Submission Agent" (MSA) as defined by RFC 45112476 (see below). To turn off the default definition for the MSA, 4512use FEATURE(`no_default_msa') (see also FEATURES). If you use 4513additional DAEMON_OPTIONS macros, they will add additional daemons. 4514 4515Example 1: To change the port for the SMTP listener, while 4516still using the MSA default, use 4517 DAEMON_OPTIONS(`Port=925, Name=MTA') 4518 4519Example 2: To change the port for the MSA daemon, while still 4520using the default SMTP port, use 4521 FEATURE(`no_default_msa') 4522 DAEMON_OPTIONS(`Name=MTA') 4523 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') 4524 4525Note that if the first of those DAEMON_OPTIONS lines were omitted, then 4526there would be no listener on the standard SMTP port. 4527 4528Example 3: To listen on both IPv4 and IPv6 interfaces, use 4529 4530 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') 4531 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') 4532 4533A "Message Submission Agent" still uses all of the same rulesets for 4534processing the message (and therefore still allows message rejection via 4535the check_* rulesets). In accordance with the RFC, the MSA will ensure 4536that all domains in envelope addresses are fully qualified if the message 4537is relayed to another MTA. It will also enforce the normal address syntax 4538rules and log error messages. Additionally, by using the M=a modifier you 4539can require authentication before messages are accepted by the MSA. 4540Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally, 4541the M=E modifier shown above disables ETRN as required by RFC 2476. 4542 4543Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() 4544commands: 4545 4546 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') 4547 MAIL_FILTER(`myfilter', `S=inet:3333@localhost') 4548 4549The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the 4550same order they were specified by also setting confINPUT_MAIL_FILTERS. A 4551filter can be defined without adding it to the input filter list by using 4552MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. 4553Alternatively, you can reset the list of filters and their order by setting 4554confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in 4555your .mc file. 4556 4557 4558+----------------------------+ 4559| MESSAGE SUBMISSION PROGRAM | 4560+----------------------------+ 4561 4562The purpose of the message submission program (MSP) is explained 4563in sendmail/SECURITY. This section contains a list of caveats and 4564a few hints how for those who want to tweak the default configuration 4565for it (which is installed as submit.cf). 4566 4567Notice: do not add options/features to submit.mc unless you are 4568absolutely sure you need them. Options you may want to change 4569include: 4570 4571- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for 4572 avoiding X-Authentication warnings. 4573- confTIME_ZONE to change it from the default `USE_TZ'. 4574- confDELIVERY_MODE is set to interactive in msp.m4 instead 4575 of the default background mode. 4576- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses 4577 to the LOCAL_RELAY instead of the default relay. 4578- confRAND_FILE if you use STARTTLS and sendmail is not compiled with 4579 the flag HASURANDOM. 4580 4581The MSP performs hostname canonicalization by default. As also 4582explained in sendmail/SECURITY, mail may end up for various DNS 4583related reasons in the MSP queue. This problem can be minimized by 4584using 4585 4586 FEATURE(`nocanonify', `canonify_hosts') 4587 define(`confDIRECT_SUBMISSION_MODIFIERS', `C') 4588 4589See the discussion about nocanonify for possible side effects. 4590 4591Some things are not intended to work with the MSP. These include 4592features that influence the delivery process (e.g., mailertable, 4593aliases), or those that are only important for a SMTP server (e.g., 4594virtusertable, DaemonPortOptions, multiple queues). Moreover, 4595relaxing certain restrictions (RestrictQueueRun, permissions on 4596queue directory) or adding features (e.g., enabling prog/file mailer) 4597can cause security problems. 4598 4599Other things don't work well with the MSP and require tweaking or 4600workarounds. For example, to allow for client authentication it 4601is not just sufficient to provide a client certificate and the 4602corresponding key, but it is also necessary to make the key group 4603(smmsp) readable and tell sendmail not to complain about that, i.e., 4604 4605 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile') 4606 4607If the MSP should actually use AUTH then the necessary data 4608should be placed in a map as explained in SMTP AUTHENTICATION: 4609 4610FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo') 4611 4612/etc/mail/msp-authinfo should contain an entry like: 4613 4614 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5" 4615 4616The file and the map created by makemap should be owned by smmsp, 4617its group should be smmsp, and it should have mode 640. The database 4618used by the MTA for AUTH must have a corresponding entry. 4619Additionally the MTA must trust this authentication data so the AUTH= 4620part will be relayed on to the next hop. This can be achieved by 4621adding the following to your sendmail.mc file: 4622 4623 LOCAL_RULESETS 4624 SLocal_trust_auth 4625 R$* $: $&{auth_authen} 4626 Rsmmsp $# OK 4627 4628Note: the authentication data can leak to local users who invoke 4629the MSP with debug options or even with -v. For that reason either 4630an authentication mechanism that does not show the password in the 4631AUTH dialogue (e.g., DIGEST-MD5) or a different authentication 4632method like STARTTLS should be used. 4633 4634feature/msp.m4 defines almost all settings for the MSP. Most of 4635those should not be changed at all. Some of the features and options 4636can be overridden if really necessary. It is a bit tricky to do 4637this, because it depends on the actual way the option is defined 4638in feature/msp.m4. If it is directly defined (i.e., define()) then 4639the modified value must be defined after 4640 4641 FEATURE(`msp') 4642 4643If it is conditionally defined (i.e., ifdef()) then the desired 4644value must be defined before the FEATURE line in the .mc file. 4645To see how the options are defined read feature/msp.m4. 4646 4647 4648+--------------------------+ 4649| FORMAT OF FILES AND MAPS | 4650+--------------------------+ 4651 4652Files that define classes, i.e., F{classname}, consist of lines 4653each of which contains a single element of the class. For example, 4654/etc/mail/local-host-names may have the following content: 4655 4656my.domain 4657another.domain 4658 4659Maps must be created using makemap(8) , e.g., 4660 4661 makemap hash MAP < MAP 4662 4663In general, a text file from which a map is created contains lines 4664of the form 4665 4666key value 4667 4668where 'key' and 'value' are also called LHS and RHS, respectively. 4669By default, the delimiter between LHS and RHS is a non-empty sequence 4670of white space characters. 4671 4672 4673+------------------+ 4674| DIRECTORY LAYOUT | 4675+------------------+ 4676 4677Within this directory are several subdirectories, to wit: 4678 4679m4 General support routines. These are typically 4680 very important and should not be changed without 4681 very careful consideration. 4682 4683cf The configuration files themselves. They have 4684 ".mc" suffixes, and must be run through m4 to 4685 become complete. The resulting output should 4686 have a ".cf" suffix. 4687 4688ostype Definitions describing a particular operating 4689 system type. These should always be referenced 4690 using the OSTYPE macro in the .mc file. Examples 4691 include "bsd4.3", "bsd4.4", "sunos3.5", and 4692 "sunos4.1". 4693 4694domain Definitions describing a particular domain, referenced 4695 using the DOMAIN macro in the .mc file. These are 4696 site dependent; for example, "CS.Berkeley.EDU.m4" 4697 describes hosts in the CS.Berkeley.EDU subdomain. 4698 4699mailer Descriptions of mailers. These are referenced using 4700 the MAILER macro in the .mc file. 4701 4702sh Shell files used when building the .cf file from the 4703 .mc file in the cf subdirectory. 4704 4705feature These hold special orthogonal features that you might 4706 want to include. They should be referenced using 4707 the FEATURE macro. 4708 4709hack Local hacks. These can be referenced using the HACK 4710 macro. They shouldn't be of more than voyeuristic 4711 interest outside the .Berkeley.EDU domain, but who knows? 4712 4713siteconfig Site configuration -- e.g., tables of locally connected 4714 UUCP sites. 4715 4716 4717+------------------------+ 4718| ADMINISTRATIVE DETAILS | 4719+------------------------+ 4720 4721The following sections detail usage of certain internal parts of the 4722sendmail.cf file. Read them carefully if you are trying to modify 4723the current model. If you find the above descriptions adequate, these 4724should be {boring, confusing, tedious, ridiculous} (pick one or more). 4725 4726RULESETS (* means built in to sendmail) 4727 4728 0 * Parsing 4729 1 * Sender rewriting 4730 2 * Recipient rewriting 4731 3 * Canonicalization 4732 4 * Post cleanup 4733 5 * Local address rewrite (after aliasing) 4734 1x mailer rules (sender qualification) 4735 2x mailer rules (recipient qualification) 4736 3x mailer rules (sender header qualification) 4737 4x mailer rules (recipient header qualification) 4738 5x mailer subroutines (general) 4739 6x mailer subroutines (general) 4740 7x mailer subroutines (general) 4741 8x reserved 4742 90 Mailertable host stripping 4743 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 4744 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 4745 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 4746 4747 4748MAILERS 4749 4750 0 local, prog local and program mailers 4751 1 [e]smtp, relay SMTP channel 4752 2 uucp-* UNIX-to-UNIX Copy Program 4753 3 netnews Network News delivery 4754 4 fax Sam Leffler's HylaFAX software 4755 5 mail11 DECnet mailer 4756 4757 4758MACROS 4759 4760 A 4761 B Bitnet Relay 4762 C DECnet Relay 4763 D The local domain -- usually not needed 4764 E reserved for X.400 Relay 4765 F FAX Relay 4766 G 4767 H mail Hub (for mail clusters) 4768 I 4769 J 4770 K 4771 L Luser Relay 4772 M Masquerade (who you claim to be) 4773 N 4774 O 4775 P 4776 Q 4777 R Relay (for unqualified names) 4778 S Smart Host 4779 T 4780 U my UUCP name (if you have a UUCP connection) 4781 V UUCP Relay (class {V} hosts) 4782 W UUCP Relay (class {W} hosts) 4783 X UUCP Relay (class {X} hosts) 4784 Y UUCP Relay (all other hosts) 4785 Z Version number 4786 4787 4788CLASSES 4789 4790 A 4791 B domains that are candidates for bestmx lookup 4792 C 4793 D 4794 E addresses that should not seem to come from $M 4795 F hosts this system forward for 4796 G domains that should be looked up in genericstable 4797 H 4798 I 4799 J 4800 K 4801 L addresses that should not be forwarded to $R 4802 M domains that should be mapped to $M 4803 N host/domains that should not be mapped to $M 4804 O operators that indicate network operations (cannot be in local names) 4805 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 4806 Q 4807 R domains this system is willing to relay (pass anti-spam filters) 4808 S 4809 T 4810 U locally connected UUCP hosts 4811 V UUCP hosts connected to relay $V 4812 W UUCP hosts connected to relay $W 4813 X UUCP hosts connected to relay $X 4814 Y locally connected smart UUCP hosts 4815 Z locally connected domain-ized UUCP hosts 4816 . the class containing only a dot 4817 [ the class containing only a left bracket 4818 4819 4820M4 DIVERSIONS 4821 4822 1 Local host detection and resolution 4823 2 Local Ruleset 3 additions 4824 3 Local Ruleset 0 additions 4825 4 UUCP Ruleset 0 additions 4826 5 locally interpreted names (overrides $R) 4827 6 local configuration (at top of file) 4828 7 mailer definitions 4829 8 DNS based blocklists 4830 9 special local rulesets (1 and 2) 4831 4832