1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide (doc/op/op.me). 8 9To get started, you may want to look at tcpproto.mc (for TCP-only 10sites) and clientproto.mc (for clusters of clients using a single 11mail host), or the generic-*.mc files as operating system-specific 12examples. 13 14Table of Content: 15 16INTRODUCTION AND EXAMPLE 17A BRIEF INTRODUCTION TO M4 18FILE LOCATIONS 19OSTYPE 20DOMAINS 21MAILERS 22FEATURES 23HACKS 24SITE CONFIGURATION 25USING UUCP MAILERS 26TWEAKING RULESETS 27MASQUERADING AND RELAYING 28USING LDAP FOR ALIASES, MAPS, AND CLASSES 29LDAP ROUTING 30ANTI-SPAM CONFIGURATION CONTROL 31STARTTLS 32SMTP AUTHENTICATION 33ADDING NEW MAILERS OR RULESETS 34ADDING NEW MAIL FILTERS 35QUEUE GROUP DEFINITIONS 36NON-SMTP BASED CONFIGURATIONS 37WHO AM I? 38ACCEPTING MAIL FOR MULTIPLE NAMES 39USING MAILERTABLES 40USING USERDB TO MAP FULL NAMES 41MISCELLANEOUS SPECIAL FEATURES 42SECURITY NOTES 43TWEAKING CONFIGURATION OPTIONS 44MESSAGE SUBMISSION PROGRAM 45FORMAT OF FILES AND MAPS 46DIRECTORY LAYOUT 47ADMINISTRATIVE DETAILS 48 49 50+--------------------------+ 51| INTRODUCTION AND EXAMPLE | 52+--------------------------+ 53 54Configuration files are contained in the subdirectory "cf", with a 55suffix ".mc". They must be run through "m4" to produce a ".cf" file. 56You must pre-load "cf.m4": 57 58 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 59 60Alternatively, you can simply: 61 62 cd ${CFDIR}/cf 63 ./Build config.cf 64 65where ${CFDIR} is the root of the cf directory and config.mc is the 66name of your configuration file. If you are running a version of M4 67that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 68this, but the versions distributed with 4.4BSD and derivatives do not) 69or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 70For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 71use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 72 73 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 74 75Let's examine a typical .mc file: 76 77 divert(-1) 78 # 79 # Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. 80 # All rights reserved. 81 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 82 # Copyright (c) 1988, 1993 83 # The Regents of the University of California. All rights reserved. 84 # 85 # By using this file, you agree to the terms and conditions set 86 # forth in the LICENSE file which can be found at the top level of 87 # the sendmail distribution. 88 # 89 90 # 91 # This is a Berkeley-specific configuration file for HP-UX 9.x. 92 # It applies only to the Computer Science Division at Berkeley, 93 # and should not be used elsewhere. It is provided on the sendmail 94 # distribution as a sample only. To create your own configuration 95 # file, create an appropriate domain file in ../domain, change the 96 # `DOMAIN' macro below to reference that file, and copy the result 97 # to a name of your own choosing. 98 # 99 divert(0) 100 101The divert(-1) will delete the crud in the resulting output file. 102The copyright notice can be replaced by whatever your lawyers require; 103our lawyers require the one that is included in these files. A copyleft 104is a copyright by another name. The divert(0) restores regular output. 105 106 VERSIONID(`<SCCS or RCS version id>') 107 108VERSIONID is a macro that stuffs the version information into the 109resulting file. You could use SCCS, RCS, CVS, something else, or 110omit it completely. This is not the same as the version id included 111in SMTP greeting messages -- this is defined in m4/version.m4. 112 113 OSTYPE(`hpux9')dnl 114 115You must specify an OSTYPE to properly configure things such as the 116pathname of the help and status files, the flags needed for the local 117mailer, and other important things. If you omit it, you will get an 118error when you try to build the configuration. Look at the ostype 119directory for the list of known operating system types. 120 121 DOMAIN(`CS.Berkeley.EDU')dnl 122 123This example is specific to the Computer Science Division at Berkeley. 124You can use "DOMAIN(`generic')" to get a sufficiently bland definition 125that may well work for you, or you can create a customized domain 126definition appropriate for your environment. 127 128 MAILER(`local') 129 MAILER(`smtp') 130 131These describe the mailers used at the default CS site. The local 132mailer is always included automatically. Beware: MAILER declarations 133should always be at the end of the configuration file. The general 134rules are that the order should be: 135 136 VERSIONID 137 OSTYPE 138 DOMAIN 139 FEATURE 140 local macro definitions 141 MAILER 142 LOCAL_CONFIG 143 LOCAL_RULE_* 144 LOCAL_RULESETS 145 146There are a few exceptions to this rule. Local macro definitions which 147influence a FEATURE() should be done before that feature. For example, 148a define(`PROCMAIL_MAILER_PATH', ...) should be done before 149FEATURE(`local_procmail'). 150 151******************************************************************* 152*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 153*** Berkeley-specific assumptions built in, such as the name *** 154*** of their UUCP-relay. You'll want to create your own *** 155*** domain description, and use that in place of *** 156*** domain/Berkeley.EDU.m4. *** 157******************************************************************* 158 159 160+----------------------------+ 161| A BRIEF INTRODUCTION TO M4 | 162+----------------------------+ 163 164Sendmail uses the M4 macro processor to ``compile'' the configuration 165files. The most important thing to know is that M4 is stream-based, 166that is, it doesn't understand about lines. For this reason, in some 167places you may see the word ``dnl'', which stands for ``delete 168through newline''; essentially, it deletes all characters starting 169at the ``dnl'' up to and including the next newline character. In 170most cases sendmail uses this only to avoid lots of unnecessary 171blank lines in the output. 172 173Other important directives are define(A, B) which defines the macro 174``A'' to have value ``B''. Macros are expanded as they are read, so 175one normally quotes both values to prevent expansion. For example, 176 177 define(`SMART_HOST', `smart.foo.com') 178 179One word of warning: M4 macros are expanded even in lines that appear 180to be comments. For example, if you have 181 182 # See FEATURE(`foo') above 183 184it will not do what you expect, because the FEATURE(`foo') will be 185expanded. This also applies to 186 187 # And then define the $X macro to be the return address 188 189because ``define'' is an M4 keyword. If you want to use them, surround 190them with directed quotes, `like this'. 191 192 193Notice: 194------- 195 196This package requires a post-V7 version of m4; if you are running the 1974.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or 198BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works. 199Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a 200Net/2 or GNU version. GNU m4 is available from 201ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version). 202EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU 203m4 on this platform. 204 205 206+----------------+ 207| FILE LOCATIONS | 208+----------------+ 209 210sendmail 8.9 has introduced a new configuration directory for sendmail 211related files, /etc/mail. The new files available for sendmail 8.9 -- 212the class {R} /etc/mail/relay-domains and the access database 213/etc/mail/access -- take advantage of this new directory. Beginning with 2148.10, all files will use this directory by default (some options may be 215set by OSTYPE() files). This new directory should help to restore 216uniformity to sendmail's file locations. 217 218Below is a table of some of the common changes: 219 220Old filename New filename 221------------ ------------ 222/etc/bitdomain /etc/mail/bitdomain 223/etc/domaintable /etc/mail/domaintable 224/etc/genericstable /etc/mail/genericstable 225/etc/uudomain /etc/mail/uudomain 226/etc/virtusertable /etc/mail/virtusertable 227/etc/userdb /etc/mail/userdb 228 229/etc/aliases /etc/mail/aliases 230/etc/sendmail/aliases /etc/mail/aliases 231/etc/ucbmail/aliases /etc/mail/aliases 232/usr/adm/sendmail/aliases /etc/mail/aliases 233/usr/lib/aliases /etc/mail/aliases 234/usr/lib/mail/aliases /etc/mail/aliases 235/usr/ucblib/aliases /etc/mail/aliases 236 237/etc/sendmail.cw /etc/mail/local-host-names 238/etc/mail/sendmail.cw /etc/mail/local-host-names 239/etc/sendmail/sendmail.cw /etc/mail/local-host-names 240 241/etc/sendmail.ct /etc/mail/trusted-users 242 243/etc/sendmail.oE /etc/mail/error-header 244 245/etc/sendmail.hf /etc/mail/helpfile 246/etc/mail/sendmail.hf /etc/mail/helpfile 247/usr/ucblib/sendmail.hf /etc/mail/helpfile 248/etc/ucbmail/sendmail.hf /etc/mail/helpfile 249/usr/lib/sendmail.hf /etc/mail/helpfile 250/usr/share/lib/sendmail.hf /etc/mail/helpfile 251/usr/share/misc/sendmail.hf /etc/mail/helpfile 252/share/misc/sendmail.hf /etc/mail/helpfile 253 254/etc/service.switch /etc/mail/service.switch 255 256/etc/sendmail.st /etc/mail/statistics 257/etc/mail/sendmail.st /etc/mail/statistics 258/etc/mailer/sendmail.st /etc/mail/statistics 259/etc/sendmail/sendmail.st /etc/mail/statistics 260/usr/lib/sendmail.st /etc/mail/statistics 261/usr/ucblib/sendmail.st /etc/mail/statistics 262 263Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR 264to create the pathnames. The default value of this variable is 265`/etc/mail/'. If you set this macro to a different value, you MUST include 266a trailing slash. 267 268Notice: all filenames used in a .mc (or .cf) file should be absolute 269(starting at the root, i.e., with '/'). Relative filenames most 270likely cause surprises during operations (unless otherwise noted). 271 272 273+--------+ 274| OSTYPE | 275+--------+ 276 277You MUST define an operating system environment, or the configuration 278file build will puke. There are several environments available; look 279at the "ostype" directory for the current list. This macro changes 280things like the location of the alias file and queue directory. Some 281of these files are identical to one another. 282 283It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 284In general, the OSTYPE macro should go immediately after any version 285information, and MAILER definitions should always go last. 286 287Operating system definitions are usually easy to write. They may define 288the following variables (everything defaults, so an ostype file may be 289empty). Unfortunately, the list of configuration-supported systems is 290not as broad as the list of source-supported systems, since many of 291the source contributors do not include corresponding ostype files. 292 293ALIAS_FILE [/etc/mail/aliases] The location of the text version 294 of the alias file(s). It can be a comma-separated 295 list of names (but be sure you quote values with 296 commas in them -- for example, use 297 define(`ALIAS_FILE', `a,b') 298 to get "a" and "b" both listed as alias files; 299 otherwise the define() primitive only sees "a"). 300HELP_FILE [/etc/mail/helpfile] The name of the file 301 containing information printed in response to 302 the SMTP HELP command. 303QUEUE_DIR [/var/spool/mqueue] The directory containing 304 queue files. To use multiple queues, supply 305 a value ending with an asterisk. For 306 example, /var/spool/mqueue/qd* will use all of the 307 directories or symbolic links to directories 308 beginning with 'qd' in /var/spool/mqueue as queue 309 directories. The names 'qf', 'df', and 'xf' are 310 reserved as specific subdirectories for the 311 corresponding queue file types as explained in 312 doc/op/op.me. See also QUEUE GROUP DEFINITIONS. 313MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing 314 queue files for the MSP (Mail Submission Program, 315 see sendmail/SECURITY). 316STATUS_FILE [/etc/mail/statistics] The file containing status 317 information. 318LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 319LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The 320 flags lsDFMAw5:/|@q are always included. 321LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 322 mail. 323LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 324 mail that you are willing to accept. 325LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of 326 messages to deliver in a single connection. Only 327 useful for LMTP local mailers. 328LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 329 that ARRIVE from an address that resolves to the 330 local mailer and which are converted to MIME will be 331 labeled with this character set. 332LOCAL_MAILER_EOL [undefined] If defined, the string to use as the 333 end of line for the local mailer. 334LOCAL_MAILER_DSN_DIAGNOSTIC_CODE 335 [X-Unix] The DSN Diagnostic-Code value for the 336 local mailer. This should be changed with care. 337LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 338LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 339 flags lsDFM are always included. 340LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 341 mail. 342LOCAL_SHELL_DIR [$z:/] The directory search path in which the 343 shell should run. 344LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer. 345USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 346 used to submit news. 347USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer. 348USENET_MAILER_ARGS [-m -h -n] The command line arguments for the 349 usenet mailer. NOTE: Some versions of inews 350 (such as those shipped with newer versions of INN) 351 use different flags. Double check the defaults 352 against the inews man page. 353USENET_MAILER_MAX [undefined] The maximum size of messages that will 354 be accepted by the usenet mailer. 355USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer. 356SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 357 flags are `mDFMuX' for all SMTP-based mailers; the 358 "esmtp" mailer adds `a'; "smtp8" adds `8'; and 359 "dsmtp" adds `%'. 360RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default 361 flags are `mDFMuX' for all SMTP-based mailers; the 362 relay mailer adds `a8'. If this is not defined, 363 then SMTP_MAILER_FLAGS is used. 364SMTP_MAILER_MAX [undefined] The maximum size of messages that will 365 be transported using the smtp, smtp8, esmtp, or dsmtp 366 mailers. 367SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of 368 messages to deliver in a single connection for the 369 smtp, smtp8, esmtp, or dsmtp mailers. 370SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 371 recipients to deliver in a single connection for the 372 smtp, smtp8, esmtp, or dsmtp mailers. 373SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. 374 About the only reason you would want to change this 375 would be to change the default port. 376ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. 377SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. 378DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. 379RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. 380SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer. 381ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer. 382SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer. 383DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer. 384RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer. 385RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of 386 messages to deliver in a single connection for the 387 relay mailer. 388SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 389 that ARRIVE from an address that resolves to one of 390 the SMTP mailers and which are converted to MIME will 391 be labeled with this character set. 392UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 393UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 394 flags are `DFMhuU' (and `m' for uucp-new mailer, 395 minus `U' for uucp-dom mailer). 396UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 397 passed to the UUCP mailer. 398UUCP_MAILER_MAX [100000] The maximum size message accepted for 399 transmission by the UUCP mailers. 400UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 401 that ARRIVE from an address that resolves to one of 402 the UUCP mailers and which are converted to MIME will 403 be labeled with this character set. 404UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers. 405FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 406 submit FAX messages. 407FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 408 mailer. 409FAX_MAILER_MAX [100000] The maximum size message accepted for 410 transmission by FAX. 411POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 412POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq 413 are always added. 414POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 415POP_MAILER_QGRP [undefined] The queue group for the pop mailer. 416PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 417 program. This is also used by 418 FEATURE(`local_procmail'). 419PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 420 DFM are always set. This is NOT used by 421 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 422 instead. 423PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 424 the Procmail mailer. This is NOT used by 425 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 426 instead. 427PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 428 will be accepted by the procmail mailer. 429PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer. 430MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 431MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 432MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 433 mailer. 434MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer. 435PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 436 program. 437PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM 438 are always set. 439PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 440PH_MAILER_QGRP [undefined] The queue group for the ph mailer. 441CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The 442 flags lsDFMnPq are always included. 443CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 444 cyrus mail. 445CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 446 to deliver cyrus mail. 447CYRUS_MAILER_MAX [undefined] If set, the maximum size message that 448 will be accepted by the cyrus mailer. 449CYRUS_MAILER_USER [cyrus:mail] The user and group to become when 450 running the cyrus mailer. 451CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer. 452CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. 453 The flags lsDFMnP are always included. 454CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 455 to deliver cyrusbb mail. 456CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The 457 flags lsDFMnqXz are always included. 458CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of 459 messages to deliver in a single connection for the 460 cyrusv2 mailer. 461CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 462 recipients to deliver in a single connection for the 463 cyrusv2 mailer. 464CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed 465 to the cyrusv2 mailer. This can be used to 466 change the name of the Unix domain socket, or 467 to switch to delivery via TCP (e.g., `TCP $h lmtp') 468CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer. 469confEBINDIR [/usr/libexec] The directory for executables. 470 Currently used for FEATURE(`local_lmtp') and 471 FEATURE(`smrsh'). 472QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer. 473QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver 474 qpage mail. 475QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed 476 to deliver qpage mail. 477QPAGE_MAILER_MAX [4096] If set, the maximum size message that 478 will be accepted by the qpage mailer. 479QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer. 480LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer. 481 482Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: 483MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of 484the macro Name_MAILER_FLAGS and change can be: flags that should 485be used directly (thus overriding the default value), or if it 486starts with `+' (`-') then those flags are added to (removed from) 487the default value. Example: 488 489 MODIFY_MAILER_FLAGS(`LOCAL', `+e') 490 491will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are 492several smtp mailers all of which are manipulated individually. 493See the section MAILERS for the available mailer names. 494WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS 495unconditionally, i.e., without respecting any definitions in an 496OSTYPE setting. 497 498 499+---------+ 500| DOMAINS | 501+---------+ 502 503You will probably want to collect domain-dependent defines into one 504file, referenced by the DOMAIN macro. For example, the Berkeley 505domain file includes definitions for several internal distinguished 506hosts: 507 508UUCP_RELAY The host that will accept UUCP-addressed email. 509 If not defined, all UUCP sites must be directly 510 connected. 511BITNET_RELAY The host that will accept BITNET-addressed email. 512 If not defined, the .BITNET pseudo-domain won't work. 513DECNET_RELAY The host that will accept DECNET-addressed email. 514 If not defined, the .DECNET pseudo-domain and addresses 515 of the form node::user will not work. 516FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 517 The "fax" mailer overrides this value. 518LOCAL_RELAY The site that will handle unqualified names -- that 519 is, names without an @domain extension. 520 Normally MAIL_HUB is preferred for this function. 521 LOCAL_RELAY is mostly useful in conjunction with 522 FEATURE(`stickyhost') -- see the discussion of 523 stickyhost below. If not set, they are assumed to 524 belong on this machine. This allows you to have a 525 central site to store a company- or department-wide 526 alias database. This only works at small sites, 527 and only with some user agents. 528LUSER_RELAY The site that will handle lusers -- that is, apparently 529 local names that aren't local accounts or aliases. To 530 specify a local user instead of a site, set this to 531 ``local:username''. 532 533Any of these can be either ``mailer:hostname'' (in which case the 534mailer is the internal mailer name, such as ``uucp-new'' and the hostname 535is the name of the host as appropriate for that mailer) or just a 536``hostname'', in which case a default mailer type (usually ``relay'', 537a variant on SMTP) is used. WARNING: if you have a wildcard MX 538record matching your domain, you probably want to define these to 539have a trailing dot so that you won't get the mail diverted back 540to yourself. 541 542The domain file can also be used to define a domain name, if needed 543(using "DD<domain>") and set certain site-wide features. If all hosts 544at your site masquerade behind one email name, you could also use 545MASQUERADE_AS here. 546 547You do not have to define a domain -- in particular, if you are a 548single machine sitting off somewhere, it is probably more work than 549it's worth. This is just a mechanism for combining "domain dependent 550knowledge" into one place. 551 552 553+---------+ 554| MAILERS | 555+---------+ 556 557There are fewer mailers supported in this version than the previous 558version, owing mostly to a simpler world. As a general rule, put the 559MAILER definitions last in your .mc file. 560 561local The local and prog mailers. You will almost always 562 need these; the only exception is if you relay ALL 563 your mail to another site. This mailer is included 564 automatically. 565 566smtp The Simple Mail Transport Protocol mailer. This does 567 not hide hosts behind a gateway or another other 568 such hack; it assumes a world where everyone is 569 running the name server. This file actually defines 570 five mailers: "smtp" for regular (old-style) SMTP to 571 other servers, "esmtp" for extended SMTP to other 572 servers, "smtp8" to do SMTP to other servers without 573 converting 8-bit data to MIME (essentially, this is 574 your statement that you know the other end is 8-bit 575 clean even if it doesn't say so), "dsmtp" to do on 576 demand delivery, and "relay" for transmission to the 577 RELAY_HOST, LUSER_RELAY, or MAIL_HUB. 578 579uucp The UNIX-to-UNIX Copy Program mailer. Actually, this 580 defines two mailers, "uucp-old" (a.k.a. "uucp") and 581 "uucp-new" (a.k.a. "suucp"). The latter is for when you 582 know that the UUCP mailer at the other end can handle 583 multiple recipients in one transfer. If the smtp mailer 584 is included in your configuration, two other mailers 585 ("uucp-dom" and "uucp-uudom") are also defined [warning: you 586 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you 587 include the uucp mailer, sendmail looks for all names in 588 class {U} and sends them to the uucp-old mailer; all 589 names in class {Y} are sent to uucp-new; and all 590 names in class {Z} are sent to uucp-uudom. Note that 591 this is a function of what version of rmail runs on 592 the receiving end, and hence may be out of your control. 593 See the section below describing UUCP mailers in more 594 detail. 595 596usenet Usenet (network news) delivery. If this is specified, 597 an extra rule is added to ruleset 0 that forwards all 598 local email for users named ``group.usenet'' to the 599 ``inews'' program. Note that this works for all groups, 600 and may be considered a security problem. 601 602fax Facsimile transmission. This is experimental and based 603 on Sam Leffler's HylaFAX software. For more information, 604 see http://www.hylafax.org/. 605 606pop Post Office Protocol. 607 608procmail An interface to procmail (does not come with sendmail). 609 This is designed to be used in mailertables. For example, 610 a common question is "how do I forward all mail for a given 611 domain to a single person?". If you have this mailer 612 defined, you could set up a mailertable reading: 613 614 host.com procmail:/etc/procmailrcs/host.com 615 616 with the file /etc/procmailrcs/host.com reading: 617 618 :0 # forward mail for host.com 619 ! -oi -f $1 person@other.host 620 621 This would arrange for (anything)@host.com to be sent 622 to person@other.host. Within the procmail script, $1 is 623 the name of the sender and $2 is the name of the recipient. 624 If you use this with FEATURE(`local_procmail'), the FEATURE 625 should be listed first. 626 627 Of course there are other ways to solve this particular 628 problem, e.g., a catch-all entry in a virtusertable. 629 630mail11 The DECnet mail11 mailer, useful only if you have the mail11 631 program from gatekeeper.dec.com:/pub/DEC/gwtools (and 632 DECnet, of course). This is for Phase IV DECnet support; 633 if you have Phase V at your site you may have additional 634 problems. 635 636phquery The phquery program. This is somewhat counterintuitively 637 referenced as the "ph" mailer internally. It can be used 638 to do CCSO name server lookups. The phquery program, which 639 this mailer uses, is distributed with the ph client. 640 641cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 642 a local cyrus user. this mailer can make use of the 643 "user+detail@local.host" syntax (see 644 FEATURE(`preserve_local_plus_detail')); it will deliver the 645 mail to the user's "detail" mailbox if the mailbox's ACL 646 permits. The cyrusbb mailer delivers to a system-wide 647 cyrus mailbox if the mailbox's ACL permits. The cyrus 648 mailer must be defined after the local mailer. 649 650cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to 651 local cyrus users via LMTP. This mailer can make use of the 652 "user+detail@local.host" syntax (see 653 FEATURE(`preserve_local_plus_detail')); it will deliver the 654 mail to the user's "detail" mailbox if the mailbox's ACL 655 permits. The cyrusv2 mailer must be defined after the 656 local mailer. 657 658qpage A mailer for QuickPage, a pager interface. See 659 http://www.qpage.org/ for further information. 660 661The local mailer accepts addresses of the form "user+detail", where 662the "+detail" is not used for mailbox matching but is available 663to certain local mail programs (in particular, see 664FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 665"eric+sww" all indicate the same user, but additional arguments <null>, 666"sendmail", and "sww" may be provided for use in sorting mail. 667 668 669+----------+ 670| FEATURES | 671+----------+ 672 673Special features can be requested using the "FEATURE" macro. For 674example, the .mc line: 675 676 FEATURE(`use_cw_file') 677 678tells sendmail that you want to have it read an /etc/mail/local-host-names 679file to get values for class {w}. A FEATURE may contain up to 9 680optional parameters -- for example: 681 682 FEATURE(`mailertable', `dbm /usr/lib/mailertable') 683 684The default database map type for the table features can be set with 685 686 define(`DATABASE_MAP_TYPE', `dbm') 687 688which would set it to use ndbm databases. The default is the Berkeley DB 689hash database format. Note that you must still declare a database map type 690if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 691if no argument is given for the FEATURE. It must be specified before any 692feature that uses a map. 693 694Also, features which can take a map definition as an argument can also take 695the special keyword `LDAP'. If that keyword is used, the map will use the 696LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND 697CLASSES'' section below. 698 699Available features are: 700 701use_cw_file Read the file /etc/mail/local-host-names file to get 702 alternate names for this host. This might be used if you 703 were on a host that MXed for a dynamic set of other hosts. 704 If the set is static, just including the line "Cw<name1> 705 <name2> ..." (where the names are fully qualified domain 706 names) is probably superior. The actual filename can be 707 overridden by redefining confCW_FILE. 708 709use_ct_file Read the file /etc/mail/trusted-users file to get the 710 names of users that will be ``trusted'', that is, able to 711 set their envelope from address using -f without generating 712 a warning message. The actual filename can be overridden 713 by redefining confCT_FILE. 714 715redirect Reject all mail addressed to "address.REDIRECT" with 716 a ``551 User has moved; please try <address>'' message. 717 If this is set, you can alias people who have left 718 to their new address with ".REDIRECT" appended. 719 720nouucp Don't route UUCP addresses. This feature takes one 721 parameter: 722 `reject': reject addresses which have "!" in the local 723 part unless it originates from a system 724 that is allowed to relay. 725 `nospecial': don't do anything special with "!". 726 Warnings: 1. See the notice in the anti-spam section. 727 2. don't remove "!" from OperatorChars if `reject' is 728 given as parameter. 729 730nocanonify Don't pass addresses to $[ ... $] for canonification 731 by default, i.e., host/domain names are considered canonical, 732 except for unqualified names, which must not be used in this 733 mode (violation of the standard). It can be changed by 734 setting the DaemonPortOptions modifiers (M=). That is, 735 FEATURE(`nocanonify') will be overridden by setting the 736 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, 737 it can be emulated by setting the 'C' flag 738 (DaemonPortOptions=Modifiers=C). This would generally only 739 be used by sites that only act as mail gateways or which have 740 user agents that do full canonification themselves. You may 741 also want to use 742 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off 743 the usual resolver options that do a similar thing. 744 745 An exception list for FEATURE(`nocanonify') can be 746 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 747 i.e., a list of domains which are nevertheless passed to 748 $[ ... $] for canonification. This is useful to turn on 749 canonification for local domains, e.g., use 750 CANONIFY_DOMAIN(`my.domain my') to canonify addresses 751 which end in "my.domain" or "my". 752 Another way to require canonification in the local 753 domain is CANONIFY_DOMAIN(`$=m'). 754 755 A trailing dot is added to addresses with more than 756 one component in it such that other features which 757 expect a trailing dot (e.g., virtusertable) will 758 still work. 759 760 If `canonify_hosts' is specified as parameter, i.e., 761 FEATURE(`nocanonify', `canonify_hosts'), then 762 addresses which have only a hostname, e.g., 763 <user@host>, will be canonified (and hopefully fully 764 qualified), too. 765 766stickyhost This feature is sometimes used with LOCAL_RELAY, 767 although it can be used for a different effect with 768 MAIL_HUB. 769 770 When used without MAIL_HUB, email sent to 771 "user@local.host" are marked as "sticky" -- that 772 is, the local addresses aren't matched against UDB, 773 don't go through ruleset 5, and are not forwarded to 774 the LOCAL_RELAY (if defined). 775 776 With MAIL_HUB, mail addressed to "user@local.host" 777 is forwarded to the mail hub, with the envelope 778 address still remaining "user@local.host". 779 Without stickyhost, the envelope would be changed 780 to "user@mail_hub", in order to protect against 781 mailing loops. 782 783mailertable Include a "mailer table" which can be used to override 784 routing for particular domains (which are not in class {w}, 785 i.e. local host names). The argument of the FEATURE may be 786 the key definition. If none is specified, the definition 787 used is: 788 789 hash /etc/mail/mailertable 790 791 Keys in this database are fully qualified domain names 792 or partial domains preceded by a dot -- for example, 793 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a 794 special case of the latter, "." matches any domain not 795 covered by other keys. Values must be of the form: 796 mailer:domain 797 where "mailer" is the internal mailer name, and "domain" 798 is where to send the message. These maps are not 799 reflected into the message header. As a special case, 800 the forms: 801 local:user 802 will forward to the indicated user using the local mailer, 803 local: 804 will forward to the original user in the e-mail address 805 using the local mailer, and 806 error:code message 807 error:D.S.N:code message 808 will give an error message with the indicated SMTP reply 809 code and message, where D.S.N is an RFC 1893 compliant 810 error code. 811 812domaintable Include a "domain table" which can be used to provide 813 domain name mapping. Use of this should really be 814 limited to your own domains. It may be useful if you 815 change names (e.g., your company changes names from 816 oldname.com to newname.com). The argument of the 817 FEATURE may be the key definition. If none is specified, 818 the definition used is: 819 820 hash /etc/mail/domaintable 821 822 The key in this table is the domain name; the value is 823 the new (fully qualified) domain. Anything in the 824 domaintable is reflected into headers; that is, this 825 is done in ruleset 3. 826 827bitdomain Look up bitnet hosts in a table to try to turn them into 828 internet addresses. The table can be built using the 829 bitdomain program contributed by John Gardiner Myers. 830 The argument of the FEATURE may be the key definition; if 831 none is specified, the definition used is: 832 833 hash /etc/mail/bitdomain 834 835 Keys are the bitnet hostname; values are the corresponding 836 internet hostname. 837 838uucpdomain Similar feature for UUCP hosts. The default map definition 839 is: 840 841 hash /etc/mail/uudomain 842 843 At the moment there is no automagic tool to build this 844 database. 845 846always_add_domain 847 Include the local host domain even on locally delivered 848 mail. Normally it is not added on unqualified names. 849 However, if you use a shared message store but do not use 850 the same user name space everywhere, you may need the host 851 name on local names. An optional argument specifies 852 another domain to be added than the local. 853 854allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 855 feature will cause recipient addresses to also masquerade 856 as being from the masquerade host. Normally they get 857 the local hostname. Although this may be right for 858 ordinary users, it can break local aliases. For example, 859 if you send to "localalias", the originating sendmail will 860 find that alias and send to all members, but send the 861 message with "To: localalias@masqueradehost". Since that 862 alias likely does not exist, replies will fail. Use this 863 feature ONLY if you can guarantee that the ENTIRE 864 namespace on your masquerade host supersets all the 865 local entries. 866 867limited_masquerade 868 Normally, any hosts listed in class {w} are masqueraded. If 869 this feature is given, only the hosts listed in class {M} (see 870 below: MASQUERADE_DOMAIN) are masqueraded. This is useful 871 if you have several domains with disjoint namespaces hosted 872 on the same machine. 873 874masquerade_entire_domain 875 If masquerading is enabled (using MASQUERADE_AS) and 876 MASQUERADE_DOMAIN (see below) is set, this feature will 877 cause addresses to be rewritten such that the masquerading 878 domains are actually entire domains to be hidden. All 879 hosts within the masquerading domains will be rewritten 880 to the masquerade name (used in MASQUERADE_AS). For example, 881 if you have: 882 883 MASQUERADE_AS(`masq.com') 884 MASQUERADE_DOMAIN(`foo.org') 885 MASQUERADE_DOMAIN(`bar.com') 886 887 then *foo.org and *bar.com are converted to masq.com. Without 888 this feature, only foo.org and bar.com are masqueraded. 889 890 NOTE: only domains within your jurisdiction and 891 current hierarchy should be masqueraded using this. 892 893local_no_masquerade 894 This feature prevents the local mailer from masquerading even 895 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect 896 on addresses of mail going outside the local domain. 897 898genericstable This feature will cause unqualified addresses (i.e., without 899 a domain) and addresses with a domain listed in class {G} 900 to be looked up in a map and turned into another ("generic") 901 form, which can change both the domain name and the user name. 902 Notice: if you use an MSP (as it is default starting with 903 8.12), the MTA will only receive qualified addresses from the 904 MSP (as required by the RFCs). Hence you need to add your 905 domain to class {G}. This feature is similar to the userdb 906 functionality. The same types of addresses as for 907 masquerading are looked up, i.e., only header sender 908 addresses unless the allmasquerade and/or masquerade_envelope 909 features are given. Qualified addresses must have the domain 910 part in class {G}; entries can be added to this class by the 911 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously 912 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 913 914 The argument of FEATURE(`genericstable') may be the map 915 definition; the default map definition is: 916 917 hash /etc/mail/genericstable 918 919 The key for this table is either the full address, the domain 920 (with a leading @; the localpart is passed as first argument) 921 or the unqualified username (tried in the order mentioned); 922 the value is the new user address. If the new user address 923 does not include a domain, it will be qualified in the standard 924 manner, i.e., using $j or the masquerade name. Note that the 925 address being looked up must be fully qualified. For local 926 mail, it is necessary to use FEATURE(`always_add_domain') 927 for the addresses to be qualified. 928 The "+detail" of an address is passed as %1, so entries like 929 930 old+*@foo.org new+%1@example.com 931 gen+*@foo.org %1@example.com 932 933 and other forms are possible. 934 935generics_entire_domain 936 If the genericstable is enabled and GENERICS_DOMAIN or 937 GENERICS_DOMAIN_FILE is used, this feature will cause 938 addresses to be searched in the map if their domain 939 parts are subdomains of elements in class {G}. 940 941virtusertable A domain-specific form of aliasing, allowing multiple 942 virtual domains to be hosted on one machine. For example, 943 if the virtuser table contained: 944 945 info@foo.com foo-info 946 info@bar.com bar-info 947 joe@bar.com error:nouser 550 No such user here 948 jax@bar.com error:5.7.0:550 Address invalid 949 @baz.org jane@example.net 950 951 then mail addressed to info@foo.com will be sent to the 952 address foo-info, mail addressed to info@bar.com will be 953 delivered to bar-info, and mail addressed to anyone at baz.org 954 will be sent to jane@example.net, mail to joe@bar.com will 955 be rejected with the specified error message, and mail to 956 jax@bar.com will also have a RFC 1893 compliant error code 957 5.7.0. 958 959 The username from the original address is passed 960 as %1 allowing: 961 962 @foo.org %1@example.com 963 964 meaning someone@foo.org will be sent to someone@example.com. 965 Additionally, if the local part consists of "user+detail" 966 then "detail" is passed as %2 and "+detail" is passed as %3 967 when a match against user+* is attempted, so entries like 968 969 old+*@foo.org new+%2@example.com 970 gen+*@foo.org %2@example.com 971 +*@foo.org %1%3@example.com 972 X++@foo.org Z%3@example.com 973 @bar.org %1%3 974 975 and other forms are possible. Note: to preserve "+detail" 976 for a default case (@domain) %1%3 must be used as RHS. 977 There are two wildcards after "+": "+" matches only a non-empty 978 detail, "*" matches also empty details, e.g., user+@foo.org 979 matches +*@foo.org but not ++@foo.org. This can be used 980 to ensure that the parameters %2 and %3 are not empty. 981 982 All the host names on the left hand side (foo.com, bar.com, 983 and baz.org) must be in class {w} or class {VirtHost}. The 984 latter can be defined by the macros VIRTUSER_DOMAIN or 985 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 986 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or 987 VIRTUSER_DOMAIN_FILE is used, then the entries of class 988 {VirtHost} are added to class {R}, i.e., relaying is allowed 989 to (and from) those domains. The default map definition is: 990 991 hash /etc/mail/virtusertable 992 993 A new definition can be specified as the second argument of 994 the FEATURE macro, such as 995 996 FEATURE(`virtusertable', `dbm /etc/mail/virtusers') 997 998virtuser_entire_domain 999 If the virtusertable is enabled and VIRTUSER_DOMAIN or 1000 VIRTUSER_DOMAIN_FILE is used, this feature will cause 1001 addresses to be searched in the map if their domain 1002 parts are subdomains of elements in class {VirtHost}. 1003 1004ldap_routing Implement LDAP-based e-mail recipient routing according to 1005 the Internet Draft draft-lachman-laser-ldap-mail-routing-01. 1006 This provides a method to re-route addresses with a 1007 domain portion in class {LDAPRoute} to either a 1008 different mail host or a different address. Hosts can 1009 be added to this class using LDAPROUTE_DOMAIN and 1010 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1011 MASQUERADE_DOMAIN_FILE, see below). 1012 1013 See the LDAP ROUTING section below for more information. 1014 1015nodns If you aren't running DNS at your site (for example, 1016 you are UUCP-only connected). It's hard to consider 1017 this a "feature", but hey, it had to go somewhere. 1018 Actually, as of 8.7 this is a no-op -- remove "dns" from 1019 the hosts service switch entry instead. 1020 1021nullclient This is a special case -- it creates a configuration file 1022 containing nothing but support for forwarding all mail to a 1023 central hub via a local SMTP-based network. The argument 1024 is the name of that hub. 1025 1026 The only other feature that should be used in conjunction 1027 with this one is FEATURE(`nocanonify'). No mailers 1028 should be defined. No aliasing or forwarding is done. 1029 1030local_lmtp Use an LMTP capable local mailer. The argument to this 1031 feature is the pathname of an LMTP capable mailer. By 1032 default, mail.local is used. This is expected to be the 1033 mail.local which came with the 8.9 distribution which is 1034 LMTP capable. The path to mail.local is set by the 1035 confEBINDIR m4 variable -- making the default 1036 LOCAL_MAILER_PATH /usr/libexec/mail.local. 1037 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1038 i.e., without respecting any definitions in an OSTYPE setting. 1039 1040local_procmail Use procmail or another delivery agent as the local mailer. 1041 The argument to this feature is the pathname of the 1042 delivery agent, which defaults to PROCMAIL_MAILER_PATH. 1043 Note that this does NOT use PROCMAIL_MAILER_FLAGS or 1044 PROCMAIL_MAILER_ARGS for the local mailer; tweak 1045 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or 1046 specify the appropriate parameters. When procmail is used, 1047 the local mailer can make use of the 1048 "user+indicator@local.host" syntax; normally the +indicator 1049 is just tossed, but by default it is passed as the -a 1050 argument to procmail. 1051 1052 This feature can take up to three arguments: 1053 1054 1. Path to the mailer program 1055 [default: /usr/local/bin/procmail] 1056 2. Argument vector including name of the program 1057 [default: procmail -Y -a $h -d $u] 1058 3. Flags for the mailer [default: SPfhn9] 1059 1060 Empty arguments cause the defaults to be taken. 1061 1062 For example, this allows it to use the maildrop 1063 (http://www.flounder.net/~mrsam/maildrop/) mailer instead 1064 by specifying: 1065 1066 FEATURE(`local_procmail', `/usr/local/bin/maildrop', 1067 `maildrop -d $u') 1068 1069 or scanmails using: 1070 1071 FEATURE(`local_procmail', `/usr/local/bin/scanmails') 1072 1073 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1074 i.e., without respecting any definitions in an OSTYPE setting. 1075 1076bestmx_is_local Accept mail as though locally addressed for any host that 1077 lists us as the best possible MX record. This generates 1078 additional DNS traffic, but should be OK for low to 1079 medium traffic hosts. The argument may be a set of 1080 domains, which will limit the feature to only apply to 1081 these domains -- this will reduce unnecessary DNS 1082 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 1083 WILDCARD MX RECORDS!!! If you have a wildcard MX record 1084 that matches your domain, you cannot use this feature. 1085 1086smrsh Use the SendMail Restricted SHell (smrsh) provided 1087 with the distribution instead of /bin/sh for mailing 1088 to programs. This improves the ability of the local 1089 system administrator to control what gets run via 1090 e-mail. If an argument is provided it is used as the 1091 pathname to smrsh; otherwise, the path defined by 1092 confEBINDIR is used for the smrsh binary -- by default, 1093 /usr/libexec/smrsh is assumed. 1094 1095promiscuous_relay 1096 By default, the sendmail configuration files do not permit 1097 mail relaying (that is, accepting mail from outside your 1098 local host (class {w}) and sending it to another host than 1099 your local host). This option sets your site to allow 1100 mail relaying from any site to any site. In almost all 1101 cases, it is better to control relaying more carefully 1102 with the access map, class {R}, or authentication. Domains 1103 can be added to class {R} by the macros RELAY_DOMAIN or 1104 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1105 MASQUERADE_DOMAIN_FILE, see below). 1106 1107relay_entire_domain 1108 This option allows any host in your domain as defined by 1109 class {m} to use your server for relaying. Notice: make 1110 sure that your domain is not just a top level domain, 1111 e.g., com. This can happen if you give your host a name 1112 like example.com instead of host.example.com. 1113 1114relay_hosts_only 1115 By default, names that are listed as RELAY in the access 1116 db and class {R} are treated as domain names, not host names. 1117 For example, if you specify ``foo.com'', then mail to or 1118 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 1119 will all be accepted for relaying. This feature changes 1120 the behaviour to lookup individual host names only. 1121 1122relay_based_on_MX 1123 Turns on the ability to allow relaying based on the MX 1124 records of the host portion of an incoming recipient; that 1125 is, if an MX record for host foo.com points to your site, 1126 you will accept and relay mail addressed to foo.com. See 1127 description below for more information before using this 1128 feature. Also, see the KNOWNBUGS entry regarding bestmx 1129 map lookups. 1130 1131 FEATURE(`relay_based_on_MX') does not necessarily allow 1132 routing of these messages which you expect to be allowed, 1133 if route address syntax (or %-hack syntax) is used. If 1134 this is a problem, add entries to the access-table or use 1135 FEATURE(`loose_relay_check'). 1136 1137relay_mail_from 1138 Allows relaying if the mail sender is listed as RELAY in 1139 the access map. If an optional argument `domain' is given, 1140 relaying can be allowed just based on the domain portion 1141 of the sender address. This feature should only be used if 1142 absolutely necessary as the sender address can be easily 1143 forged. Use of this feature requires the "From:" tag to 1144 be used for the key in the access map; see the discussion 1145 of tags and FEATURE(`relay_mail_from') in the section on 1146 anti-spam configuration control. 1147 1148relay_local_from 1149 Allows relaying if the domain portion of the mail sender 1150 is a local host. This should only be used if absolutely 1151 necessary as it opens a window for spammers. Specifically, 1152 they can send mail to your mail server that claims to be 1153 from your domain (either directly or via a routed address), 1154 and you will go ahead and relay it out to arbitrary hosts 1155 on the Internet. 1156 1157accept_unqualified_senders 1158 Normally, MAIL FROM: commands in the SMTP session will be 1159 refused if the connection is a network connection and the 1160 sender address does not include a domain name. If your 1161 setup sends local mail unqualified (i.e., MAIL FROM: <joe>), 1162 you will need to use this feature to accept unqualified 1163 sender addresses. Setting the DaemonPortOptions modifier 1164 'u' overrides the default behavior, i.e., unqualified 1165 addresses are accepted even without this FEATURE. 1166 If this FEATURE is not used, the DaemonPortOptions modifier 1167 'f' can be used to enforce fully qualified addresses. 1168 1169accept_unresolvable_domains 1170 Normally, MAIL FROM: commands in the SMTP session will be 1171 refused if the host part of the argument to MAIL FROM: 1172 cannot be located in the host name service (e.g., an A or 1173 MX record in DNS). If you are inside a firewall that has 1174 only a limited view of the Internet host name space, this 1175 could cause problems. In this case you probably want to 1176 use this feature to accept all domains on input, even if 1177 they are unresolvable. 1178 1179access_db Turns on the access database feature. The access db gives 1180 you the ability to allow or refuse to accept mail from 1181 specified domains for administrative reasons. Moreover, 1182 it can control the behavior of sendmail in various situations. 1183 By default, the access database specification is: 1184 1185 hash -T<TMPF> /etc/mail/access 1186 1187 See the anti-spam configuration control section for further 1188 important information about this feature. Notice: 1189 "-T<TMPF>" is meant literal, do not replace it by anything. 1190 1191blacklist_recipients 1192 Turns on the ability to block incoming mail for certain 1193 recipient usernames, hostnames, or addresses. For 1194 example, you can block incoming mail to user nobody, 1195 host foo.mydomain.com, or guest@bar.mydomain.com. 1196 These specifications are put in the access db as 1197 described in the anti-spam configuration control section 1198 later in this document. 1199 1200delay_checks The rulesets check_mail and check_relay will not be called 1201 when a client connects or issues a MAIL command, respectively. 1202 Instead, those rulesets will be called by the check_rcpt 1203 ruleset; they will be skipped under certain circumstances. 1204 See "Delay all checks" in the anti-spam configuration control 1205 section. Note: this feature is incompatible to the versions 1206 in 8.10 and 8.11. 1207 1208dnsbl Turns on rejection of hosts found in an DNS based rejection 1209 list. If an argument is provided it is used as the domain 1210 in which blocked hosts are listed; otherwise it defaults to 1211 blackholes.mail-abuse.org. An explanation for an DNS based 1212 rejection list can be found at http://mail-abuse.org/rbl/. 1213 A second argument can be used to change the default error 1214 message. Without that second argument, the error message 1215 will be 1216 Rejected: IP-ADDRESS listed at SERVER 1217 where IP-ADDRESS and SERVER are replaced by the appropriate 1218 information. By default, temporary lookup failures are 1219 ignored. This behavior can be changed by specifying a 1220 third argument, which must be either `t' or a full error 1221 message. See the anti-spam configuration control section for 1222 an example. The dnsbl feature can be included several times 1223 to query different DNS based rejection lists. See also 1224 enhdnsbl for an enhanced version. 1225 1226 Some DNS based rejection lists cause failures if asked 1227 for AAAA records. If your sendmail version is compiled 1228 with IPv6 support (NETINET6) and you experience this 1229 problem, add 1230 1231 define(`DNSBL_MAP', `dns -R A') 1232 1233 before the first use of this feature. Alternatively you 1234 can use enhdnsbl instead (see below). 1235 1236 NOTE: The default DNS blacklist, blackholes.mail-abuse.org, 1237 is a service offered by the Mail Abuse Prevention System 1238 (MAPS). As of July 31, 2001, MAPS is a subscription 1239 service, so using that network address won't work if you 1240 haven't subscribed. Contact MAPS to subscribe 1241 (http://mail-abuse.org/). 1242 1243enhdnsbl Enhanced version of dnsbl (see above). Further arguments 1244 (up to 5) can be used to specify specific return values 1245 from lookups. Temporary lookup failures are ignored unless 1246 a third argument is given, which must be either `t' or a full 1247 error message. By default, any successful lookup will 1248 generate an error. Otherwise the result of the lookup is 1249 compared with the supplied argument(s), and only if a match 1250 occurs an error is generated. For example, 1251 1252 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.') 1253 1254 will reject the e-mail if the lookup returns the value 1255 ``127.0.0.2.'', or generate a 451 response if the lookup 1256 temporarily failed. The arguments can contain metasymbols 1257 as they are allowed in the LHS of rules. As the example 1258 shows, the default values are also used if an empty argument, 1259 i.e., `', is specified. This feature requires that sendmail 1260 has been compiled with the flag DNSMAP (see sendmail/README). 1261 1262lookupdotdomain Look up also .domain in the access map. This allows to 1263 match only subdomains. It does not work well with 1264 FEATURE(`relay_hosts_only'), because most lookups for 1265 subdomains are suppressed by the latter feature. 1266 1267loose_relay_check 1268 Normally, if % addressing is used for a recipient, e.g. 1269 user%site@othersite, and othersite is in class {R}, the 1270 check_rcpt ruleset will strip @othersite and recheck 1271 user@site for relaying. This feature changes that 1272 behavior. It should not be needed for most installations. 1273 1274authinfo Provide a separate map for client side authentication 1275 information. See SMTP AUTHENTICATION for details. 1276 By default, the authinfo database specification is: 1277 1278 hash /etc/mail/authinfo 1279 1280preserve_luser_host 1281 Preserve the name of the recipient host if LUSER_RELAY is 1282 used. Without this option, the domain part of the 1283 recipient address will be replaced by the host specified as 1284 LUSER_RELAY. This feature only works if the hostname is 1285 passed to the mailer (see mailer triple in op.me). Note 1286 that in the default configuration the local mailer does not 1287 receive the hostname, i.e., the mailer triple has an empty 1288 hostname. 1289 1290preserve_local_plus_detail 1291 Preserve the +detail portion of the address when passing 1292 address to local delivery agent. Disables alias and 1293 .forward +detail stripping (e.g., given user+detail, only 1294 that address will be looked up in the alias file; user+* and 1295 user will not be looked up). Only use if the local 1296 delivery agent in use supports +detail addressing. 1297 1298compat_check Enable ruleset check_compat to look up pairs of addresses 1299 with the Compat: tag -- Compat:sender<@>recipient -- in the 1300 access map. Valid values for the RHS include 1301 DISCARD silently discard recipient 1302 TEMP: return a temporary error 1303 ERROR: return a permanent error 1304 In the last two cases, a 4xy/5xy SMTP reply code should 1305 follow the colon. 1306 1307no_default_msa Don't generate the default MSA daemon, i.e., 1308 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') 1309 To define a MSA daemon with other parameters, use this 1310 FEATURE and introduce new settings via DAEMON_OPTIONS(). 1311 1312msp Defines config file for Message Submission Program. 1313 See sendmail/SECURITY for details and cf/cf/submit.mc how 1314 to use it. An optional argument can be used to override 1315 the default of `[localhost]' to use as host to send all 1316 e-mails to. Note that MX records will be used if the 1317 specified hostname is not in square brackets (e.g., 1318 [hostname]). If `MSA' is specified as second argument then 1319 port 587 is used to contact the server. Example: 1320 1321 FEATURE(`msp', `', `MSA') 1322 1323 Some more hints about possible changes can be found below 1324 in the section MESSAGE SUBMISSION PROGRAM. 1325 1326 Note: if localhost doesn't resolve to the IP address 1327 of your local system (127.0.0.1 or ::1 for IPv6), 1328 then you either need to fix your hostname resolution 1329 (localhost and localhost.YOUR.DOMAIN should resolve 1330 to that address by convention) or you need to specify 1331 the IP address as argument, e.g., 1332 1333 FEATURE(`msp', `[127.0.0.1]') 1334 1335queuegroup A simple example how to select a queue group based 1336 on the full e-mail address or the domain of the 1337 recipient. Selection is done via entries in the 1338 access map using the tag QGRP:, for example: 1339 1340 QGRP:example.com main 1341 QGRP:friend@some.org others 1342 QGRP:my.domain local 1343 1344 where "main", "others", and "local" are names of 1345 queue groups. If an argument is specified, it is used 1346 as default queue group. 1347 1348 Note: please read the warning in doc/op/op.me about 1349 queue groups and possible queue manipulations. 1350 1351+-------+ 1352| HACKS | 1353+-------+ 1354 1355Some things just can't be called features. To make this clear, 1356they go in the hack subdirectory and are referenced using the HACK 1357macro. These will tend to be site-dependent. The release 1358includes the Berkeley-dependent "cssubdomain" hack (that makes 1359sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 1360this is intended as a short-term aid while moving hosts into 1361subdomains. 1362 1363 1364+--------------------+ 1365| SITE CONFIGURATION | 1366+--------------------+ 1367 1368 ***************************************************** 1369 * This section is really obsolete, and is preserved * 1370 * only for back compatibility. You should plan on * 1371 * using mailertables for new installations. In * 1372 * particular, it doesn't work for the newer forms * 1373 * of UUCP mailers, such as uucp-uudom. * 1374 ***************************************************** 1375 1376Complex sites will need more local configuration information, such as 1377lists of UUCP hosts they speak with directly. This can get a bit more 1378tricky. For an example of a "complex" site, see cf/ucbvax.mc. 1379 1380The SITECONFIG macro allows you to indirectly reference site-dependent 1381configuration information stored in the siteconfig subdirectory. For 1382example, the line 1383 1384 SITECONFIG(`uucp.ucbvax', `ucbvax', `U') 1385 1386reads the file uucp.ucbvax for local connection information. The 1387second parameter is the local name (in this case just "ucbvax" since 1388it is locally connected, and hence a UUCP hostname). The third 1389parameter is the name of both a macro to store the local name (in 1390this case, {U}) and the name of the class (e.g., {U}) in which to store 1391the host information read from the file. Another SITECONFIG line reads 1392 1393 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W') 1394 1395This says that the file uucp.ucbarpa contains the list of UUCP sites 1396connected to ucbarpa.Berkeley.EDU. Class {W} will be used to 1397store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 1398is, the name of the relay to which the hosts listed in uucp.ucbarpa 1399are connected. [The machine ucbarpa is gone now, but this 1400out-of-date configuration file has been left around to demonstrate 1401how you might do this.] 1402 1403Note that the case of SITECONFIG with a third parameter of ``U'' is 1404special; the second parameter is assumed to be the UUCP name of the 1405local site, rather than the name of a remote site, and the UUCP name 1406is entered into class {w} (the list of local hostnames) as $U.UUCP. 1407 1408The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 1409more than a sequence of SITE macros describing connectivity. For 1410example: 1411 1412 SITE(`cnmat') 1413 SITE(`sgi olympus') 1414 1415The second example demonstrates that you can use two names on the 1416same line; these are usually aliases for the same host (or are at 1417least in the same company). 1418 1419 1420+--------------------+ 1421| USING UUCP MAILERS | 1422+--------------------+ 1423 1424It's hard to get UUCP mailers right because of the extremely ad hoc 1425nature of UUCP addressing. These config files are really designed 1426for domain-based addressing, even for UUCP sites. 1427 1428There are four UUCP mailers available. The choice of which one to 1429use is partly a matter of local preferences and what is running at 1430the other end of your UUCP connection. Unlike good protocols that 1431define what will go over the wire, UUCP uses the policy that you 1432should do what is right for the other end; if they change, you have 1433to change. This makes it hard to do the right thing, and discourages 1434people from updating their software. In general, if you can avoid 1435UUCP, please do. 1436 1437The major choice is whether to go for a domainized scheme or a 1438non-domainized scheme. This depends entirely on what the other 1439end will recognize. If at all possible, you should encourage the 1440other end to go to a domain-based system -- non-domainized addresses 1441don't work entirely properly. 1442 1443The four mailers are: 1444 1445 uucp-old (obsolete name: "uucp") 1446 This is the oldest, the worst (but the closest to UUCP) way of 1447 sending messages accros UUCP connections. It does bangify 1448 everything and prepends $U (your UUCP name) to the sender's 1449 address (which can already be a bang path itself). It can 1450 only send to one address at a time, so it spends a lot of 1451 time copying duplicates of messages. Avoid this if at all 1452 possible. 1453 1454 uucp-new (obsolete name: "suucp") 1455 The same as above, except that it assumes that in one rmail 1456 command you can specify several recipients. It still has a 1457 lot of other problems. 1458 1459 uucp-dom 1460 This UUCP mailer keeps everything as domain addresses. 1461 Basically, it uses the SMTP mailer rewriting rules. This mailer 1462 is only included if MAILER(`smtp') is specified before 1463 MAILER(`uucp'). 1464 1465 Unfortunately, a lot of UUCP mailer transport agents require 1466 bangified addresses in the envelope, although you can use 1467 domain-based addresses in the message header. (The envelope 1468 shows up as the From_ line on UNIX mail.) So.... 1469 1470 uucp-uudom 1471 This is a cross between uucp-new (for the envelope addresses) 1472 and uucp-dom (for the header addresses). It bangifies the 1473 envelope sender (From_ line in messages) without adding the 1474 local hostname, unless there is no host name on the address 1475 at all (e.g., "wolf") or the host component is a UUCP host name 1476 instead of a domain name ("somehost!wolf" instead of 1477 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') 1478 is also specified earlier. 1479 1480Examples: 1481 1482On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following 1483summarizes the sender rewriting for various mailers. 1484 1485Mailer sender rewriting in the envelope 1486------ ------ ------------------------- 1487uucp-{old,new} wolf grasp!wolf 1488uucp-dom wolf wolf@grasp.insa-lyon.fr 1489uucp-uudom wolf grasp.insa-lyon.fr!wolf 1490 1491uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 1492uucp-dom wolf@fr.net wolf@fr.net 1493uucp-uudom wolf@fr.net fr.net!wolf 1494 1495uucp-{old,new} somehost!wolf grasp!somehost!wolf 1496uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1497uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1498 1499If you are using one of the domainized UUCP mailers, you really want 1500to convert all UUCP addresses to domain format -- otherwise, it will 1501do it for you (and probably not the way you expected). For example, 1502if you have the address foo!bar!baz (and you are not sending to foo), 1503the heuristics will add the @uucp.relay.name or @local.host.name to 1504this address. However, if you map foo to foo.host.name first, it 1505will not add the local hostname. You can do this using the uucpdomain 1506feature. 1507 1508 1509+-------------------+ 1510| TWEAKING RULESETS | 1511+-------------------+ 1512 1513For more complex configurations, you can define special rules. 1514The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1515the names. Any modifications made here are reflected in the header. 1516 1517A common use is to convert old UUCP addresses to SMTP addresses using 1518the UUCPSMTP macro. For example: 1519 1520 LOCAL_RULE_3 1521 UUCPSMTP(`decvax', `decvax.dec.com') 1522 UUCPSMTP(`research', `research.att.com') 1523 1524will cause addresses of the form "decvax!user" and "research!user" 1525to be converted to "user@decvax.dec.com" and "user@research.att.com" 1526respectively. 1527 1528This could also be used to look up hosts in a database map: 1529 1530 LOCAL_RULE_3 1531 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1532 1533This map would be defined in the LOCAL_CONFIG portion, as shown below. 1534 1535Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1536For example, new rules are needed to parse hostnames that you accept 1537via MX records. For example, you might have: 1538 1539 LOCAL_RULE_0 1540 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1541 1542You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1543pointing at this host; this rule catches the message and forwards it on 1544using UUCP. 1545 1546You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1547These rulesets are normally empty. 1548 1549A similar macro is LOCAL_CONFIG. This introduces lines added after the 1550boilerplate option setting but before rulesets. Do not declare rulesets in 1551the LOCAL_CONFIG section. It can be used to declare local database maps or 1552whatever. For example: 1553 1554 LOCAL_CONFIG 1555 Khostmap hash /etc/mail/hostmap 1556 Kyplocal nis -m hosts.byname 1557 1558 1559+---------------------------+ 1560| MASQUERADING AND RELAYING | 1561+---------------------------+ 1562 1563You can have your host masquerade as another using 1564 1565 MASQUERADE_AS(`host.domain') 1566 1567This causes mail being sent to be labeled as coming from the 1568indicated host.domain, rather than $j. One normally masquerades as 1569one of one's own subdomains (for example, it's unlikely that 1570Berkeley would choose to masquerade as an MIT site). This 1571behaviour is modified by a plethora of FEATUREs; in particular, see 1572masquerade_envelope, allmasquerade, limited_masquerade, and 1573masquerade_entire_domain. 1574 1575The masquerade name is not normally canonified, so it is important 1576that it be your One True Name, that is, fully qualified and not a 1577CNAME. However, if you use a CNAME, the receiving side may canonify 1578it for you, so don't think you can cheat CNAME mapping this way. 1579 1580Normally the only addresses that are masqueraded are those that come 1581from this host (that is, are either unqualified or in class {w}, the list 1582of local domain names). You can augment this list, which is realized 1583by class {M} using 1584 1585 MASQUERADE_DOMAIN(`otherhost.domain') 1586 1587The effect of this is that although mail to user@otherhost.domain 1588will not be delivered locally, any mail including any user@otherhost.domain 1589will, when relayed, be rewritten to have the MASQUERADE_AS address. 1590This can be a space-separated list of names. 1591 1592If these names are in a file, you can use 1593 1594 MASQUERADE_DOMAIN_FILE(`filename') 1595 1596to read the list of names from the indicated file (i.e., to add 1597elements to class {M}). 1598 1599To exempt hosts or subdomains from being masqueraded, you can use 1600 1601 MASQUERADE_EXCEPTION(`host.domain') 1602 1603This can come handy if you want to masquerade a whole domain 1604except for one (or a few) host(s). If these names are in a file, 1605you can use 1606 1607 MASQUERADE_EXCEPTION_FILE(`filename') 1608 1609Normally only header addresses are masqueraded. If you want to 1610masquerade the envelope as well, use 1611 1612 FEATURE(`masquerade_envelope') 1613 1614There are always users that need to be "exposed" -- that is, their 1615internal site name should be displayed instead of the masquerade name. 1616Root is an example (which has been "exposed" by default prior to 8.10). 1617You can add users to this list using 1618 1619 EXPOSED_USER(`usernames') 1620 1621This adds users to class {E}; you could also use 1622 1623 EXPOSED_USER_FILE(`filename') 1624 1625You can also arrange to relay all unqualified names (that is, names 1626without @host) to a relay host. For example, if you have a central 1627email server, you might relay to that host so that users don't have 1628to have .forward files or aliases. You can do this using 1629 1630 define(`LOCAL_RELAY', `mailer:hostname') 1631 1632The ``mailer:'' can be omitted, in which case the mailer defaults to 1633"relay". There are some user names that you don't want relayed, perhaps 1634because of local aliases. A common example is root, which may be 1635locally aliased. You can add entries to this list using 1636 1637 LOCAL_USER(`usernames') 1638 1639This adds users to class {L}; you could also use 1640 1641 LOCAL_USER_FILE(`filename') 1642 1643If you want all incoming mail sent to a centralized hub, as for a 1644shared /var/spool/mail scheme, use 1645 1646 define(`MAIL_HUB', `mailer:hostname') 1647 1648Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1649and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 1650be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1651Note: there is a (long standing) bug which keeps this combination from 1652working for addresses of the form user+detail. 1653Names in class {L} will be delivered locally, so you MUST have aliases or 1654.forward files for them. 1655 1656For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1657FEATURE(`stickyhost'), the following combinations of settings will have the 1658indicated effects: 1659 1660email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1661 1662LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1663mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1664 1665MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1666mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1667 1668Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1669MAIL_HUB set as above (no local aliasing) (aliasing done) 1670 1671If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 1672MAIL_HUB act identically, with MAIL_HUB taking precedence. 1673 1674If you want all outgoing mail to go to a central relay site, define 1675SMART_HOST as well. Briefly: 1676 1677 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1678 MAIL_HUB applies to names qualified with the name of the 1679 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1680 SMART_HOST applies to names qualified with other hosts or 1681 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" 1682 or "eric@[127.0.0.1]"). 1683 1684However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1685DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1686really want absolutely everything to go to a single central site you will 1687need to unset all the other relays -- or better yet, find or build a 1688minimal config file that does this. 1689 1690For duplicate suppression to work properly, the host name is best 1691specified with a terminal dot: 1692 1693 define(`MAIL_HUB', `host.domain.') 1694 note the trailing dot ---^ 1695 1696 1697+-------------------------------------------+ 1698| USING LDAP FOR ALIASES, MAPS, AND CLASSES | 1699+-------------------------------------------+ 1700 1701LDAP can be used for aliases, maps, and classes by either specifying your 1702own LDAP map specification or using the built-in default LDAP map 1703specification. The built-in default specifications all provide lookups 1704which match against either the machine's fully qualified hostname (${j}) or 1705a "cluster". The cluster allows you to share LDAP entries among a large 1706number of machines without having to enter each of the machine names into 1707each LDAP entry. To set the LDAP cluster name to use for a particular 1708machine or set of machines, set the confLDAP_CLUSTER m4 variable to a 1709unique name. For example: 1710 1711 define(`confLDAP_CLUSTER', `Servers') 1712 1713Here, the word `Servers' will be the cluster name. As an example, assume 1714that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong 1715to the Servers cluster. 1716 1717Some of the LDAP LDIF examples below show use of the Servers cluster. 1718Every entry must have either a sendmailMTAHost or sendmailMTACluster 1719attribute or it will be ignored. Be careful as mixing clusters and 1720individual host records can have surprising results (see the CAUTION 1721sections below). 1722 1723See the file cf/sendmail.schema for the actual LDAP schemas. Note that 1724this schema (and therefore the lookups and examples below) is experimental 1725at this point as it has had little public review. Therefore, it may change 1726in future versions. Feedback via sendmail@sendmail.org is encouraged. 1727 1728------- 1729Aliases 1730------- 1731 1732The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias 1733lookups. To use the default schema, simply use: 1734 1735 define(`ALIAS_FILE', `ldap:') 1736 1737By doing so, you will use the default schema which expands to a map 1738declared as follows: 1739 1740 ldap -k (&(objectClass=sendmailMTAAliasObject) 1741 (sendmailMTAAliasGrouping=aliases) 1742 (|(sendmailMTACluster=${sendmailMTACluster}) 1743 (sendmailMTAHost=$j)) 1744 (sendmailMTAKey=%0)) 1745 -v sendmailMTAAliasValue 1746 1747NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1748used when the binary expands the `ldap:' token as the AliasFile option is 1749not actually macro-expanded when read from the sendmail.cf file. 1750 1751Example LDAP LDIF entries might be: 1752 1753 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org 1754 objectClass: sendmailMTA 1755 objectClass: sendmailMTAAlias 1756 objectClass: sendmailMTAAliasObject 1757 sendmailMTAAliasGrouping: aliases 1758 sendmailMTAHost: etrn.sendmail.org 1759 sendmailMTAKey: sendmail-list 1760 sendmailMTAAliasValue: ca@example.org 1761 sendmailMTAAliasValue: eric 1762 sendmailMTAAliasValue: gshapiro@example.com 1763 1764 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org 1765 objectClass: sendmailMTA 1766 objectClass: sendmailMTAAlias 1767 objectClass: sendmailMTAAliasObject 1768 sendmailMTAAliasGrouping: aliases 1769 sendmailMTAHost: etrn.sendmail.org 1770 sendmailMTAKey: owner-sendmail-list 1771 sendmailMTAAliasValue: eric 1772 1773 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org 1774 objectClass: sendmailMTA 1775 objectClass: sendmailMTAAlias 1776 objectClass: sendmailMTAAliasObject 1777 sendmailMTAAliasGrouping: aliases 1778 sendmailMTACluster: Servers 1779 sendmailMTAKey: postmaster 1780 sendmailMTAAliasValue: eric 1781 1782Here, the aliases sendmail-list and owner-sendmail-list will be available 1783only on etrn.sendmail.org but the postmaster alias will be available on 1784every machine in the Servers cluster (including etrn.sendmail.org). 1785 1786CAUTION: aliases are additive so that entries like these: 1787 1788 dn: sendmailMTAKey=bob, dc=sendmail, dc=org 1789 objectClass: sendmailMTA 1790 objectClass: sendmailMTAAlias 1791 objectClass: sendmailMTAAliasObject 1792 sendmailMTAAliasGrouping: aliases 1793 sendmailMTACluster: Servers 1794 sendmailMTAKey: bob 1795 sendmailMTAAliasValue: eric 1796 1797 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org 1798 objectClass: sendmailMTA 1799 objectClass: sendmailMTAAlias 1800 objectClass: sendmailMTAAliasObject 1801 sendmailMTAAliasGrouping: aliases 1802 sendmailMTAHost: etrn.sendmail.org 1803 sendmailMTAKey: bob 1804 sendmailMTAAliasValue: gshapiro 1805 1806would mean that on all of the hosts in the cluster, mail to bob would go to 1807eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and 1808gshapiro. 1809 1810If you prefer not to use the default LDAP schema for your aliases, you can 1811specify the map parameters when setting ALIAS_FILE. For example: 1812 1813 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember') 1814 1815---- 1816Maps 1817---- 1818 1819FEATURE()'s which take an optional map definition argument (e.g., access, 1820mailertable, virtusertable, etc.) can instead take the special keyword 1821`LDAP', e.g.: 1822 1823 FEATURE(`access_db', `LDAP') 1824 FEATURE(`virtusertable', `LDAP') 1825 1826When this keyword is given, that map will use LDAP lookups consisting of 1827the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName 1828with the map name, a search attribute of sendmailMTAKey, and the value 1829attribute sendmailMTAMapValue. 1830 1831The values for sendmailMTAMapName are: 1832 1833 FEATURE() sendmailMTAMapName 1834 --------- ------------------ 1835 access_db access 1836 authinfo authinfo 1837 bitdomain bitdomain 1838 domaintable domain 1839 genericstable generics 1840 mailertable mailer 1841 uucpdomain uucpdomain 1842 virtusertable virtuser 1843 1844For example, FEATURE(`mailertable', `LDAP') would use the map definition: 1845 1846 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject) 1847 (sendmailMTAMapName=mailer) 1848 (|(sendmailMTACluster=${sendmailMTACluster}) 1849 (sendmailMTAHost=$j)) 1850 (sendmailMTAKey=%0)) 1851 -1 -v sendmailMTAMapValue 1852 1853An example LDAP LDIF entry using this map might be: 1854 1855 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org 1856 objectClass: sendmailMTA 1857 objectClass: sendmailMTAMap 1858 sendmailMTACluster: Servers 1859 sendmailMTAMapName: mailer 1860 1861 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1862 objectClass: sendmailMTA 1863 objectClass: sendmailMTAMap 1864 objectClass: sendmailMTAMapObject 1865 sendmailMTAMapName: mailer 1866 sendmailMTACluster: Servers 1867 sendmailMTAKey: example.com 1868 sendmailMTAMapValue: relay:[smtp.example.com] 1869 1870CAUTION: If your LDAP database contains the record above and *ALSO* a host 1871specific record such as: 1872 1873 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1874 objectClass: sendmailMTA 1875 objectClass: sendmailMTAMap 1876 objectClass: sendmailMTAMapObject 1877 sendmailMTAMapName: mailer 1878 sendmailMTAHost: etrn.sendmail.org 1879 sendmailMTAKey: example.com 1880 sendmailMTAMapValue: relay:[mx.example.com] 1881 1882then these entries will give unexpected results. When the lookup is done 1883on etrn.sendmail.org, the effect is that there is *NO* match at all as maps 1884require a single match. Since the host etrn.sendmail.org is also in the 1885Servers cluster, LDAP would return two answers for the example.com map key 1886in which case sendmail would treat this as no match at all. 1887 1888If you prefer not to use the default LDAP schema for your maps, you can 1889specify the map parameters when using the FEATURE(). For example: 1890 1891 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value') 1892 1893------- 1894Classes 1895------- 1896 1897Normally, classes can be filled via files or programs. As of 8.12, they 1898can also be filled via map lookups using a new syntax: 1899 1900 F{ClassName}mapkey@mapclass:mapspec 1901 1902mapkey is optional and if not provided the map key will be empty. This can 1903be used with LDAP to read classes from LDAP. Note that the lookup is only 1904done when sendmail is initially started. Use the special value `@LDAP' to 1905use the default LDAP schema. For example: 1906 1907 RELAY_DOMAIN_FILE(`@LDAP') 1908 1909would put all of the attribute sendmailMTAClassValue values of LDAP records 1910with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of 1911'R' into class $={R}. In other words, it is equivalent to the LDAP map 1912specification: 1913 1914 F{R}@ldap:-k (&(objectClass=sendmailMTAClass) 1915 (sendmailMTAClassName=R) 1916 (|(sendmailMTACluster=${sendmailMTACluster}) 1917 (sendmailMTAHost=$j))) 1918 -v sendmailMTAClassValue 1919 1920NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1921used when the binary expands the `@LDAP' token as class declarations are 1922not actually macro-expanded when read from the sendmail.cf file. 1923 1924This can be used with class related commands such as RELAY_DOMAIN_FILE(), 1925MASQUERADE_DOMAIN_FILE(), etc: 1926 1927 Command sendmailMTAClassName 1928 ------- -------------------- 1929 CANONIFY_DOMAIN_FILE() Canonify 1930 EXPOSED_USER_FILE() E 1931 GENERICS_DOMAIN_FILE() G 1932 LDAPROUTE_DOMAIN_FILE() LDAPRoute 1933 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv 1934 LOCAL_USER_FILE() L 1935 MASQUERADE_DOMAIN_FILE() M 1936 MASQUERADE_EXCEPTION_FILE() N 1937 RELAY_DOMAIN_FILE() R 1938 VIRTUSER_DOMAIN_FILE() VirtHost 1939 1940You can also add your own as any 'F'ile class of the form: 1941 1942 F{ClassName}@LDAP 1943 ^^^^^^^^^ 1944will use "ClassName" for the sendmailMTAClassName. 1945 1946An example LDAP LDIF entry would look like: 1947 1948 dn: sendmailMTAClassName=R, dc=sendmail, dc=org 1949 objectClass: sendmailMTA 1950 objectClass: sendmailMTAClass 1951 sendmailMTACluster: Servers 1952 sendmailMTAClassName: R 1953 sendmailMTAClassValue: sendmail.org 1954 sendmailMTAClassValue: example.com 1955 sendmailMTAClassValue: 10.56.23 1956 1957CAUTION: If your LDAP database contains the record above and *ALSO* a host 1958specific record such as: 1959 1960 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org 1961 objectClass: sendmailMTA 1962 objectClass: sendmailMTAClass 1963 sendmailMTAHost: etrn.sendmail.org 1964 sendmailMTAClassName: R 1965 sendmailMTAClassValue: example.com 1966 1967the result will be similar to the aliases caution above. When the lookup 1968is done on etrn.sendmail.org, $={R} would contain all of the entries (from 1969both the cluster match and the host match). In other words, the effective 1970is additive. 1971 1972If you prefer not to use the default LDAP schema for your classes, you can 1973specify the map parameters when using the class command. For example: 1974 1975 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host') 1976 1977Remember, macros can not be used in a class declaration as the binary does 1978not expand them. 1979 1980 1981+--------------+ 1982| LDAP ROUTING | 1983+--------------+ 1984 1985FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft 1986LDAP Schema for Intranet Mail Routing 1987(draft-lachman-laser-ldap-mail-routing-01). This feature enables 1988LDAP-based rerouting of a particular address to either a different host 1989or a different address. The LDAP lookup is first attempted on the full 1990address (e.g., user@example.com) and then on the domain portion 1991(e.g., @example.com). Be sure to setup your domain for LDAP routing using 1992LDAPROUTE_DOMAIN(), e.g.: 1993 1994 LDAPROUTE_DOMAIN(`example.com') 1995 1996Additionally, you can specify equivalent domains for LDAP routing using 1997LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent' 1998hostnames are mapped to $M (the masqueraded hostname for the server) before 1999the LDAP query. For example, if the mail is addressed to 2000user@host1.example.com, normally the LDAP lookup would only be done for 2001'user@host1.example.com' and '@host1.example.com'. However, if 2002LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be 2003done on 'user@example.com' and '@example.com' after attempting the 2004host1.example.com lookups. 2005 2006By default, the feature will use the schemas as specified in the draft 2007and will not reject addresses not found by the LDAP lookup. However, 2008this behavior can be changed by giving additional arguments to the FEATURE() 2009command: 2010 2011 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, <detail>) 2012 2013where <mailHost> is a map definition describing how to lookup an alternative 2014mail host for a particular address; <mailRoutingAddress> is a map definition 2015describing how to lookup an alternative address for a particular address; 2016the <bounce> argument, if present and not the word "passthru", dictates 2017that mail should be bounced if neither a mailHost nor mailRoutingAddress 2018is found; and <detail> indicates what actions to take if the address 2019contains +detail information -- `strip' tries the lookup with the +detail 2020and if no matches are found, strips the +detail and tries the lookup again; 2021`preserve', does the same as `strip' but if a mailRoutingAddress match is 2022found, the +detail information is copied to the new address. 2023 2024The default <mailHost> map definition is: 2025 2026 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient) 2027 (mailLocalAddress=%0)) 2028 2029The default <mailRoutingAddress> map definition is: 2030 2031 ldap -1 -T<TMPF> -v mailRoutingAddress 2032 -k (&(objectClass=inetLocalMailRecipient) 2033 (mailLocalAddress=%0)) 2034 2035Note that neither includes the LDAP server hostname (-h server) or base DN 2036(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that 2037your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with 2038these settings. If this is not the case, the map definitions should be 2039changed as described above. The "-T<TMPF>" is required in any user 2040specified map definition to catch temporary errors. 2041 2042The following possibilities exist as a result of an LDAP lookup on an 2043address: 2044 2045 mailHost is mailRoutingAddress is Results in 2046 ----------- --------------------- ---------- 2047 set to a set mail delivered to 2048 "local" host mailRoutingAddress 2049 2050 set to a not set delivered to 2051 "local" host original address 2052 2053 set to a set mailRoutingAddress 2054 remote host relayed to mailHost 2055 2056 set to a not set original address 2057 remote host relayed to mailHost 2058 2059 not set set mail delivered to 2060 mailRoutingAddress 2061 2062 not set not set delivered to 2063 original address *OR* 2064 bounced as unknown user 2065 2066The term "local" host above means the host specified is in class {w}. If 2067the result would mean sending the mail to a different host, that host is 2068looked up in the mailertable before delivery. 2069 2070Note that the last case depends on whether the third argument is given 2071to the FEATURE() command. The default is to deliver the message to the 2072original address. 2073 2074The LDAP entries should be set up with an objectClass of 2075inetLocalMailRecipient and the address be listed in a mailLocalAddress 2076attribute. If present, there must be only one mailHost attribute and it 2077must contain a fully qualified host name as its value. Similarly, if 2078present, there must be only one mailRoutingAddress attribute and it must 2079contain an RFC 822 compliant address. Some example LDAP records (in LDIF 2080format): 2081 2082 dn: uid=tom, o=example.com, c=US 2083 objectClass: inetLocalMailRecipient 2084 mailLocalAddress: tom@example.com 2085 mailRoutingAddress: thomas@mailhost.example.com 2086 2087This would deliver mail for tom@example.com to thomas@mailhost.example.com. 2088 2089 dn: uid=dick, o=example.com, c=US 2090 objectClass: inetLocalMailRecipient 2091 mailLocalAddress: dick@example.com 2092 mailHost: eng.example.com 2093 2094This would relay mail for dick@example.com to the same address but redirect 2095the mail to MX records listed for the host eng.example.com (unless the 2096mailertable overrides). 2097 2098 dn: uid=harry, o=example.com, c=US 2099 objectClass: inetLocalMailRecipient 2100 mailLocalAddress: harry@example.com 2101 mailHost: mktmail.example.com 2102 mailRoutingAddress: harry@mkt.example.com 2103 2104This would relay mail for harry@example.com to the MX records listed for 2105the host mktmail.example.com using the new address harry@mkt.example.com 2106when talking to that host. 2107 2108 dn: uid=virtual.example.com, o=example.com, c=US 2109 objectClass: inetLocalMailRecipient 2110 mailLocalAddress: @virtual.example.com 2111 mailHost: server.example.com 2112 mailRoutingAddress: virtual@example.com 2113 2114This would send all mail destined for any username @virtual.example.com to 2115the machine server.example.com's MX servers and deliver to the address 2116virtual@example.com on that relay machine. 2117 2118 2119+---------------------------------+ 2120| ANTI-SPAM CONFIGURATION CONTROL | 2121+---------------------------------+ 2122 2123The primary anti-spam features available in sendmail are: 2124 2125* Relaying is denied by default. 2126* Better checking on sender information. 2127* Access database. 2128* Header checks. 2129 2130Relaying (transmission of messages from a site outside your host (class 2131{w}) to another site except yours) is denied by default. Note that this 2132changed in sendmail 8.9; previous versions allowed relaying by default. 2133If you really want to revert to the old behaviour, you will need to use 2134FEATURE(`promiscuous_relay'). You can allow certain domains to relay 2135through your server by adding their domain name or IP address to class 2136{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database 2137(described below). Note that IPv6 addresses must be prefaced with "IPv6:". 2138The file consists (like any other file based class) of entries listed on 2139separate lines, e.g., 2140 2141 sendmail.org 2142 128.32 2143 IPv6:2002:c0a8:02c7 2144 IPv6:2002:c0a8:51d2::23f4 2145 host.mydomain.com 2146 [UNIX:localhost] 2147 2148Notice: the last entry allows relaying for connections via a UNIX 2149socket to the MTA/MSP. This might be necessary if your configuration 2150doesn't allow relaying by other means in that case, e.g., by having 2151localhost.$m in class {R} (make sure $m is not just a top level 2152domain). 2153 2154If you use 2155 2156 FEATURE(`relay_entire_domain') 2157 2158then any host in any of your local domains (that is, class {m}) 2159will be relayed (that is, you will accept mail either to or from any 2160host in your domain). 2161 2162You can also allow relaying based on the MX records of the host 2163portion of an incoming recipient address by using 2164 2165 FEATURE(`relay_based_on_MX') 2166 2167For example, if your server receives a recipient of user@domain.com 2168and domain.com lists your server in its MX records, the mail will be 2169accepted for relay to domain.com. This feature may cause problems 2170if MX lookups for the recipient domain are slow or time out. In that 2171case, mail will be temporarily rejected. It is usually better to 2172maintain a list of hosts/domains for which the server acts as relay. 2173Note also that this feature will stop spammers from using your host 2174to relay spam but it will not stop outsiders from using your server 2175as a relay for their site (that is, they set up an MX record pointing 2176to your mail server, and you will relay mail addressed to them 2177without any prior arrangement). Along the same lines, 2178 2179 FEATURE(`relay_local_from') 2180 2181will allow relaying if the sender specifies a return path (i.e. 2182MAIL FROM: <user@domain>) domain which is a local domain. This is a 2183dangerous feature as it will allow spammers to spam using your mail 2184server by simply specifying a return address of user@your.domain.com. 2185It should not be used unless absolutely necessary. 2186A slightly better solution is 2187 2188 FEATURE(`relay_mail_from') 2189 2190which allows relaying if the mail sender is listed as RELAY in the 2191access map. If an optional argument `domain' is given, the domain 2192portion of the mail sender is also checked to allowing relaying. 2193This option only works together with the tag From: for the LHS of 2194the access map entries (see below: Finer control...). This feature 2195allows spammers to abuse your mail server by specifying a return 2196address that you enabled in your access file. This may be harder 2197to figure out for spammers, but it should not be used unless 2198necessary. Instead use SMTP AUTH or STARTTLS to allow relaying 2199for roaming users. 2200 2201 2202If source routing is used in the recipient address (e.g., 2203RCPT TO: <user%site.com@othersite.com>), sendmail will check 2204user@site.com for relaying if othersite.com is an allowed relay host 2205in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, 2206or the access database if FEATURE(`access_db') is used. To prevent 2207the address from being stripped down, use: 2208 2209 FEATURE(`loose_relay_check') 2210 2211If you think you need to use this feature, you probably do not. This 2212should only be used for sites which have no control over the addresses 2213that they provide a gateway for. Use this FEATURE with caution as it 2214can allow spammers to relay through your server if not setup properly. 2215 2216NOTICE: It is possible to relay mail through a system which the anti-relay 2217rules do not prevent: the case of a system that does use FEATURE(`nouucp', 2218`nospecial') (system A) and relays local messages to a mail hub (e.g., via 2219LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use 2220FEATURE(`nouucp') at all, addresses of the form 2221<example.net!user@local.host> would be relayed to <user@example.net>. 2222System A doesn't recognize `!' as an address separator and therefore 2223forwards it to the mail hub which in turns relays it because it came from 2224a trusted local host. So if a mailserver allows UUCP (bang-format) 2225addresses, all systems from which it allows relaying should do the same 2226or reject those addresses. 2227 2228As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 2229an unresolvable domain (i.e., one that DNS, your local name service, 2230or special case rules in ruleset 3 cannot locate). This also applies 2231to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the 2232IP address can't be mapped to a host name. If you want to continue 2233to accept such domains, e.g., because you are inside a firewall that 2234has only a limited view of the Internet host name space (note that you 2235will not be able to return mail to them unless you have some "smart 2236host" forwarder), use 2237 2238 FEATURE(`accept_unresolvable_domains') 2239 2240Alternatively, you can allow specific addresses by adding them to 2241the access map, e.g., 2242 2243 From:unresolvable.domain OK 2244 From:[1.2.3.4] OK 2245 From:[1.2.4] OK 2246 2247Notice: domains which are temporarily unresolvable are (temporarily) 2248rejected with a 451 reply code. If those domains should be accepted 2249(which is discouraged) then you can use 2250 2251 LOCAL_CONFIG 2252 C{ResOk}TEMP 2253 2254sendmail will also refuse mail if the MAIL FROM: parameter is not 2255fully qualified (i.e., contains a domain as well as a user). If you 2256want to continue to accept such senders, use 2257 2258 FEATURE(`accept_unqualified_senders') 2259 2260Setting the DaemonPortOptions modifier 'u' overrides the default behavior, 2261i.e., unqualified addresses are accepted even without this FEATURE. If 2262this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used 2263to enforce fully qualified domain names. 2264 2265An ``access'' database can be created to accept or reject mail from 2266selected domains. For example, you may choose to reject all mail 2267originating from known spammers. To enable such a database, use 2268 2269 FEATURE(`access_db') 2270 2271Notice: the access database is applied to the envelope addresses 2272and the connection information, not to the header. 2273 2274The FEATURE macro can accept as second parameter the key file 2275definition for the database; for example 2276 2277 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map') 2278 2279Notice: If a second argument is specified it must contain the option 2280`-T<TMPF>' as shown above. The optional third and fourth parameters 2281may be `skip' or `lookupdotdomain'. The former enables SKIP as 2282value part (see below), the latter is another way to enable the 2283feature of the same name (see above). 2284 2285Remember, since /etc/mail/access is a database, after creating the text 2286file as described below, you must use makemap to create the database 2287map. For example: 2288 2289 makemap hash /etc/mail/access < /etc/mail/access 2290 2291The table itself uses e-mail addresses, domain names, and network 2292numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:". 2293For example, 2294 2295 spammer@aol.com REJECT 2296 cyberspammer.com REJECT 2297 TLD REJECT 2298 192.168.212 REJECT 2299 IPv6:2002:c0a8:02c7 RELAY 2300 IPv6:2002:c0a8:51d2::23f4 REJECT 2301 2302would refuse mail from spammer@aol.com, any user from cyberspammer.com 2303(or any host within the cyberspammer.com domain), any host in the entire 2304top level domain TLD, 192.168.212.* network, and the IPv6 address 23052002:c0a8:51d2::23f4. It would allow relay for the IPv6 network 23062002:c0a8:02c7::/48. 2307 2308The value part of the map can contain: 2309 2310 OK Accept mail even if other rules in the running 2311 ruleset would reject it, for example, if the domain 2312 name is unresolvable. "Accept" does not mean 2313 "relay", but at most acceptance for local 2314 recipients. That is, OK allows less than RELAY. 2315 RELAY Accept mail addressed to the indicated domain or 2316 received from the indicated domain for relaying 2317 through your SMTP server. RELAY also serves as 2318 an implicit OK for the other checks. 2319 REJECT Reject the sender or recipient with a general 2320 purpose message. 2321 DISCARD Discard the message completely using the 2322 $#discard mailer. If it is used in check_compat, 2323 it affects only the designated recipient, not 2324 the whole message as it does in all other cases. 2325 This should only be used if really necessary. 2326 SKIP This can only be used for host/domain names 2327 and IP addresses/nets. It will abort the current 2328 search for this entry without accepting or rejecting 2329 it but causing the default action. 2330 ### any text where ### is an RFC 821 compliant error code and 2331 "any text" is a message to return for the command. 2332 The string should be quoted to avoid surprises, 2333 e.g., sendmail may remove spaces otherwise. 2334 This type is deprecated, use one the two 2335 ERROR: entries below instead. 2336 ERROR:### any text 2337 as above, but useful to mark error messages as such. 2338 ERROR:D.S.N:### any text 2339 where D.S.N is an RFC 1893 compliant error code 2340 and the rest as above. 2341 2342For example: 2343 2344 cyberspammer.com ERROR:550 "We don't accept mail from spammers" 2345 okay.cyberspammer.com OK 2346 sendmail.org RELAY 2347 128.32 RELAY 2348 IPv6:1:2:3:4:5:6:7 RELAY 2349 [127.0.0.3] OK 2350 [IPv6:1:2:3:4:5:6:7:8] OK 2351 2352would accept mail from okay.cyberspammer.com, but would reject mail from 2353all other hosts at cyberspammer.com with the indicated message. It would 2354allow relaying mail from and to any hosts in the sendmail.org domain, and 2355allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:* 2356network. The latter two entries are for checks against ${client_name} if 2357the IP address doesn't resolve to a hostname (or is considered as "may be 2358forged"). That is, using square brackets means these are host names, 2359not network numbers. 2360 2361Warning: if you change the RFC 821 compliant error code from the default 2362value of 550, then you should probably also change the RFC 1893 compliant 2363error code to match it. For example, if you use 2364 2365 user@example.com ERROR:450 mailbox full 2366 2367the error returned would be "450 5.0.0 mailbox full" which is wrong. 2368Use "ERROR:4.2.2:450 mailbox full" instead. 2369 2370Note, UUCP users may need to add hostname.UUCP to the access database 2371or class {R}. 2372 2373If you also use: 2374 2375 FEATURE(`relay_hosts_only') 2376 2377then the above example will allow relaying for sendmail.org, but not 2378hosts within the sendmail.org domain. Note that this will also require 2379hosts listed in class {R} to be fully qualified host names. 2380 2381You can also use the access database to block sender addresses based on 2382the username portion of the address. For example: 2383 2384 FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted 2385 2386Note that you must include the @ after the username to signify that 2387this database entry is for checking only the username portion of the 2388sender address. 2389 2390If you use: 2391 2392 FEATURE(`blacklist_recipients') 2393 2394then you can add entries to the map for local users, hosts in your 2395domains, or addresses in your domain which should not receive mail: 2396 2397 badlocaluser@ ERROR:550 Mailbox disabled for this username 2398 host.mydomain.com ERROR:550 That host does not accept mail 2399 user@otherhost.mydomain.com ERROR:550 Mailbox disabled for this recipient 2400 2401This would prevent a recipient of badlocaluser@mydomain.com, any 2402user at host.mydomain.com, and the single address 2403user@otherhost.mydomain.com from receiving mail. Please note: a 2404local username must be now tagged with an @ (this is consistent 2405with the check of the sender address, and hence it is possible to 2406distinguish between hostnames and usernames). Enabling this feature 2407will keep you from sending mails to all addresses that have an 2408error message or REJECT as value part in the access map. Taking 2409the example from above: 2410 2411 spammer@aol.com REJECT 2412 cyberspammer.com REJECT 2413 2414Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 2415 2416There are several DNS based blacklists, the first of which was 2417the RBL (``Realtime Blackhole List'') run by the MAPS project, 2418see http://mail-abuse.org/. These are databases of spammers 2419maintained in DNS. To use such a database, specify 2420 2421 FEATURE(`dnsbl') 2422 2423This will cause sendmail to reject mail from any site in the original 2424Realtime Blackhole List database. This default DNS blacklist, 2425blackholes.mail-abuse.org, is a service offered by the Mail Abuse 2426Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription 2427service, so using that network address won't work if you haven't 2428subscribed. Contact MAPS to subscribe (http://mail-abuse.org/). 2429 2430You can specify an alternative RBL server to check by specifying an 2431argument to the FEATURE. The default error message is 2432 2433 Rejected: IP-ADDRESS listed at SERVER 2434 2435where IP-ADDRESS and SERVER are replaced by the appropriate 2436information. A second argument can be used to specify a different 2437text. By default, temporary lookup failures are ignored and hence 2438cause the connection not to be rejected by the DNS based rejection 2439list. This behavior can be changed by specifying a third argument, 2440which must be either `t' or a full error message. For example: 2441 2442 FEATURE(`dnsbl', `dnsbl.example.com', `', 2443 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"') 2444 2445If `t' is used, the error message is: 2446 2447 451 Temporary lookup failure of IP-ADDRESS at SERVER 2448 2449where IP-ADDRESS and SERVER are replaced by the appropriate 2450information. 2451 2452This FEATURE can be included several times to query different 2453DNS based rejection lists, e.g., the dial-up user list (see 2454http://mail-abuse.org/dul/). 2455 2456Notice: to avoid checking your own local domains against those 2457blacklists, use the access_db feature and add: 2458 2459 Connect:10.1 OK 2460 Connect:127.0.0.1 RELAY 2461 2462to the access map, where 10.1 is your local network. You may 2463want to use "RELAY" instead of "OK" to allow also relaying 2464instead of just disabling the DNS lookups in the backlists. 2465 2466 2467The features described above make use of the check_relay, check_mail, 2468and check_rcpt rulesets. If you wish to include your own checks, 2469you can put your checks in the rulesets Local_check_relay, 2470Local_check_mail, and Local_check_rcpt. For example if you wanted to 2471block senders with all numeric usernames (i.e. 2312343@bigisp.com), 2472you would use Local_check_mail and the regex map: 2473 2474 LOCAL_CONFIG 2475 Kallnumbers regex -a@MATCH ^[0-9]+$ 2476 2477 LOCAL_RULESETS 2478 SLocal_check_mail 2479 # check address against various regex checks 2480 R$* $: $>Parse0 $>3 $1 2481 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 2482 R@MATCH $#error $: 553 Header Error 2483 2484These rules are called with the original arguments of the corresponding 2485check_* ruleset. If the local ruleset returns $#OK, no further checking 2486is done by the features described above and the mail is accepted. If the 2487local ruleset resolves to a mailer (such as $#error or $#discard), the 2488appropriate action is taken. Otherwise, the results of the local 2489rewriting are ignored. 2490 2491Finer control by using tags for the LHS of the access map 2492--------------------------------------------------------- 2493 2494Read this section only if the options listed so far are not sufficient 2495for your purposes. There is now the option to tag entries in the 2496access map according to their type. Three tags are available: 2497 2498 Connect: connection information (${client_addr}, ${client_name}) 2499 From: envelope sender 2500 To: envelope recipient 2501 2502If the required item is looked up in a map, it will be tried first 2503with the corresponding tag in front, then (as fallback to enable 2504backward compatibility) without any tag, unless the specific feature 2505requires a tag. For example, 2506 2507 From:spammer@some.dom REJECT 2508 To:friend.domain RELAY 2509 Connect:friend.domain OK 2510 Connect:from.domain RELAY 2511 From:good@another.dom OK 2512 From:another.dom REJECT 2513 2514This would deny mails from spammer@some.dom but you could still 2515send mail to that address even if FEATURE(`blacklist_recipients') 2516is enabled. Your system will allow relaying to friend.domain, but 2517not from it (unless enabled by other means). Connections from that 2518domain will be allowed even if it ends up in one of the DNS based 2519rejection lists. Relaying is enabled from from.domain but not to 2520it (since relaying is based on the connection information for 2521outgoing relaying, the tag Connect: must be used; for incoming 2522relaying, which is based on the recipient address, To: must be 2523used). The last two entries allow mails from good@another.dom but 2524reject mail from all other addresses with another.dom as domain 2525part. 2526 2527Delay all checks 2528---------------- 2529 2530By using FEATURE(`delay_checks') the rulesets check_mail and check_relay 2531will not be called when a client connects or issues a MAIL command, 2532respectively. Instead, those rulesets will be called by the check_rcpt 2533ruleset; they will be skipped if a sender has been authenticated using 2534a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). 2535If check_mail returns an error then the RCPT TO command will be rejected 2536with that error. If it returns some other result starting with $# then 2537check_relay will be skipped. If the sender address (or a part of it) is 2538listed in the access map and it has a RHS of OK or RELAY, then check_relay 2539will be skipped. This has an interesting side effect: if your domain is 2540my.domain and you have 2541 2542 my.domain RELAY 2543 2544in the access map, then all e-mail with a sender address of 2545<user@my.domain> gets through, even if check_relay would reject it 2546(e.g., based on the hostname or IP address). This allows spammers 2547to get around DNS based blacklist by faking the sender address. To 2548avoid this problem you have to use tagged entries: 2549 2550 To:my.domain RELAY 2551 Connect:my.domain RELAY 2552 2553if you need those entries at all (class {R} may take care of them). 2554 2555FEATURE(`delay_checks') can take an optional argument: 2556 2557 FEATURE(`delay_checks', `friend') 2558 enables spamfriend test 2559 FEATURE(`delay_checks', `hater') 2560 enables spamhater test 2561 2562If such an argument is given, the recipient will be looked up in the 2563access map (using the tag Spam:). If the argument is `friend', then 2564the default behavior is to apply the other rulesets and make a SPAM 2565friend the exception. The rulesets check_mail and check_relay will be 2566skipped only if the recipient address is found and has RHS FRIEND. If 2567the argument is `hater', then the default behavior is to skip the rulesets 2568check_mail and check_relay and make a SPAM hater the exception. The 2569other two rulesets will be applied only if the recipient address is 2570found and has RHS HATER. 2571 2572This allows for simple exceptions from the tests, e.g., by activating 2573the friend option and having 2574 2575 Spam:abuse@ FRIEND 2576 2577in the access map, mail to abuse@localdomain will get through. It is 2578also possible to specify a full address or an address with +detail: 2579 2580 Spam:abuse@my.domain FRIEND 2581 Spam:me+abuse@ FRIEND 2582 Spam:spam.domain FRIEND 2583 2584Note: The required tag has been changed in 8.12 from To: to Spam:. 2585This change is incompatible to previous versions. However, you can 2586(for now) simply add the new entries to the access map, the old 2587ones will be ignored. As soon as you removed the old entries from 2588the access map, specify a third parameter (`n') to this feature and 2589the backward compatibility rules will not be in the generated .cf 2590file. 2591 2592Header Checks 2593------------- 2594 2595You can also reject mail on the basis of the contents of headers. 2596This is done by adding a ruleset call to the 'H' header definition command 2597in sendmail.cf. For example, this can be used to check the validity of 2598a Message-ID: header: 2599 2600 LOCAL_RULESETS 2601 HMessage-Id: $>CheckMessageId 2602 2603 SCheckMessageId 2604 R< $+ @ $+ > $@ OK 2605 R$* $#error $: 553 Header Error 2606 2607The alternative format: 2608 2609 HSubject: $>+CheckSubject 2610 2611that is, $>+ instead of $>, gives the full Subject: header including 2612comments to the ruleset (comments in parentheses () are stripped 2613by default). 2614 2615A default ruleset for headers which don't have a specific ruleset 2616defined for them can be given by: 2617 2618 H*: $>CheckHdr 2619 2620Notice: 26211. All rules act on tokens as explained in doc/op/op.{me,ps,txt}. 2622That may cause problems with simple header checks due to the 2623tokenization. It might be simpler to use a regex map and apply it 2624to $&{currHeader}. 26252. There are no default rulesets coming with this distribution of 2626sendmail. You can either write your own or you can search the 2627WWW for examples, e.g., http://www.digitalanswers.org/check_local/ 2628 2629After all of the headers are read, the check_eoh ruleset will be called for 2630any final header-related checks. The ruleset is called with the number of 2631headers and the size of all of the headers in bytes separated by $|. One 2632example usage is to reject messages which do not have a Message-Id: 2633header. However, the Message-Id: header is *NOT* a required header and is 2634not a guaranteed spam indicator. This ruleset is an example and should 2635probably not be used in production. 2636 2637 LOCAL_CONFIG 2638 Kstorage macro 2639 2640 LOCAL_RULESETS 2641 HMessage-Id: $>CheckMessageId 2642 2643 SCheckMessageId 2644 # Record the presence of the header 2645 R$* $: $(storage {MessageIdCheck} $@ OK $) $1 2646 R< $+ @ $+ > $@ OK 2647 R$* $#error $: 553 Header Error 2648 2649 Scheck_eoh 2650 # Check the macro 2651 R$* $: < $&{MessageIdCheck} > 2652 # Clear the macro for the next message 2653 R$* $: $(storage {MessageIdCheck} $) $1 2654 # Has a Message-Id: header 2655 R< $+ > $@ OK 2656 # Allow missing Message-Id: from local mail 2657 R$* $: < $&{client_name} > 2658 R< > $@ OK 2659 R< $=w > $@ OK 2660 # Otherwise, reject the mail 2661 R$* $#error $: 553 Header Error 2662 2663+----------+ 2664| STARTTLS | 2665+----------+ 2666 2667In this text, cert will be used as an abreviation for X.509 certificate, 2668DN (CN) is the distinguished (common) name of a cert, and CA is a 2669certification authority, which signs (issues) certs. 2670 2671For STARTTLS to be offered by sendmail you need to set at least 2672this variables (the file names and paths are just examples): 2673 2674 define(`confCACERT_PATH', `/etc/mail/certs/') 2675 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 2676 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 2677 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 2678 2679On systems which do not have the compile flag HASURANDOM set (see 2680sendmail/README) you also must set confRAND_FILE. 2681 2682See doc/op/op.{me,ps,txt} for more information about these options, 2683especially the sections ``Certificates for STARTTLS'' and ``PRNG for 2684STARTTLS''. 2685 2686Macros related to STARTTLS are: 2687 2688${cert_issuer} holds the DN of the CA (the cert issuer). 2689${cert_subject} holds the DN of the cert (called the cert subject). 2690${cn_issuer} holds the CN of the CA (the cert issuer). 2691${cn_subject} holds the CN of the cert (called the cert subject). 2692${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, 2693 TLSv1/SSLv3, SSLv3, SSLv2. 2694${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 2695 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. 2696${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm 2697 used for the connection. 2698${verify} holds the result of the verification of the presented cert. 2699 Possible values are: 2700 OK verification succeeded. 2701 NO no cert presented. 2702 NOT no cert requested. 2703 FAIL cert presented but could not be verified, 2704 e.g., the cert of the signing CA is missing. 2705 NONE STARTTLS has not been performed. 2706 TEMP temporary error occurred. 2707 PROTOCOL protocol error occurred (SMTP level). 2708 SOFTWARE STARTTLS handshake failed. 2709${server_name} the name of the server of the current outgoing SMTP 2710 connection. 2711${server_addr} the address of the server of the current outgoing SMTP 2712 connection. 2713 2714Relaying 2715-------- 2716 2717SMTP STARTTLS can allow relaying for senders who have successfully 2718authenticated themselves. This is done in the ruleset RelayAuth. If the 2719verification of the cert failed (${verify} != OK), relaying is subject to 2720the usual rules. Otherwise the DN of the issuer is looked up in the access 2721map using the tag CERTISSUER. If the resulting value is RELAY, relaying is 2722allowed. If it is SUBJECT, the DN of the cert subject is looked up next in 2723the access map using the tag CERTSUBJECT. If the value is RELAY, relaying 2724is allowed. 2725 2726To make things a bit more flexible (or complicated), the values for 2727${cert_issuer} and ${cert_subject} can be optionally modified by regular 2728expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and 2729_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in 2730rulesets and map lookups, they are modified as follows: each non-printable 2731character and the characters '<', '>', '(', ')', '"', '+' are replaced by 2732their HEX value with a leading '+'. For example: 2733 2734/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= 2735darth+cert@endmail.org 2736 2737is encoded as: 2738 2739/C=US/ST=California/O=endmail.org/OU=private/CN= 2740Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2741 2742(line breaks have been inserted for readability). 2743 2744Examples: 2745 2746To allow relaying for everyone who can present a cert signed by 2747 2748/C=US/ST=California/O=endmail.org/OU=private/CN= 2749Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2750 2751simply use: 2752 2753CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2754Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY 2755 2756To allow relaying only for a subset of machines that have a cert signed by 2757 2758/C=US/ST=California/O=endmail.org/OU=private/CN= 2759Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2760 2761use: 2762 2763CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2764Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT 2765CERTSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= 2766DeathStar/Email=deathstar@endmail.org RELAY 2767 2768Note: line breaks have been inserted after "CN=" for readability, 2769each tagged entry must be one (long) line in the access map. 2770 2771Of course it is also possible to write a simple ruleset that allows 2772relaying for everyone who can present a cert that can be verified, e.g., 2773 2774LOCAL_RULESETS 2775SLocal_check_rcpt 2776R$* $: $&{verify} 2777ROK $# OK 2778 2779Allowing Connections 2780-------------------- 2781 2782The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether 2783an SMTP connection is accepted (or should continue). 2784 2785tls_server is called when sendmail acts as client after a STARTTLS command 2786(should) have been issued. The parameter is the value of ${verify}. 2787 2788tls_client is called when sendmail acts as server, after a STARTTLS command 2789has been issued, and from check_mail. The parameter is the value of 2790${verify} and STARTTLS or MAIL, respectively. 2791 2792Both rulesets behave the same. If no access map is in use, the connection 2793will be accepted unless ${verify} is SOFTWARE, in which case the connection 2794is always aborted. For tls_server/tls_client, ${client_name}/${server_name} 2795is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done 2796with the ruleset LookUpDomain. If no entry is found, ${client_addr} 2797(${server_addr}) is looked up in the access map (same tag, ruleset 2798LookUpAddr). If this doesn't result in an entry either, just the tag is 2799looked up in the access map (included the trailing colon). Notice: 2800requiring that e-mail is sent to a server only encrypted, e.g., via 2801 2802TLS_Srv:secure.domain ENCR:112 2803 2804doesn't necessarily mean that e-mail sent to that domain is encrypted. 2805If the domain has multiple MX servers, e.g., 2806 2807secure.domain. IN MX 10 mail.secure.domain. 2808secure.domain. IN MX 50 mail.other.domain. 2809 2810then mail to user@secure.domain may go unencrypted to mail.other.domain. 2811tls_rcpt can be used to address this problem. 2812 2813tls_rcpt is called before a RCPT TO: command is sent. The parameter is the 2814current recipient. This ruleset is only defined if FEATURE(`access_db') 2815is selected. A recipient address user@domain is looked up in the access 2816map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain, 2817and TLS_Rcpt:; the first match is taken. 2818 2819The result of the lookups is then used to call the ruleset TLS_connection, 2820which checks the requirement specified by the RHS in the access map against 2821the actual parameters of the current TLS connection, esp. ${verify} and 2822${cipher_bits}. Legal RHSs in the access map are: 2823 2824VERIFY verification must have succeeded 2825VERIFY:bits verification must have succeeded and ${cipher_bits} must 2826 be greater than or equal bits. 2827ENCR:bits ${cipher_bits} must be greater than or equal bits. 2828 2829The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary 2830or permanent error. The default is a temporary error code (403 4.7.0) 2831unless the macro TLS_PERM_ERR is set during generation of the .cf file. 2832 2833If a certain level of encryption is required, then it might also be 2834possible that this level is provided by the security layer from a SASL 2835algorithm, e.g., DIGEST-MD5. 2836 2837Furthermore, there can be a list of extensions added. Such a list 2838starts with '+' and the items are separated by '++'. Allowed 2839extensions are: 2840 2841CN:name name must match ${cn_subject} 2842CN ${server_name} must match ${cn_subject} 2843CS:name name must match ${cert_subject} 2844CI:name name must match ${cert_issuer} 2845 2846Example: e-mail sent to secure.example.com should only use an encrypted 2847connection. E-mail received from hosts within the laptop.example.com domain 2848should only be accepted if they have been authenticated. The host which 2849receives e-mail for darth@endmail.org must present a cert that uses the 2850CN smtp.endmail.org. 2851 2852TLS_Srv:secure.example.com ENCR:112 2853TLS_Clt:laptop.example.com PERM+VERIFY:112 2854TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org 2855 2856 2857Disabling STARTTLS And Setting SMTP Server Features 2858--------------------------------------------------- 2859 2860By default STARTTLS is used whenever possible. However, there are 2861some broken MTAs that don't properly implement STARTTLS. To be able 2862to send to (or receive from) those MTAs, the ruleset try_tls 2863(srv_features) can be used that work together with the access map. 2864Entries for the access map must be tagged with Try_TLS (Srv_Features) 2865and refer to the hostname or IP address of the connecting system. 2866A default case can be specified by using just the tag. For example, 2867the following entries in the access map: 2868 2869 Try_TLS:broken.server NO 2870 Srv_Features:my.domain v 2871 Srv_Features: V 2872 2873will turn off STARTTLS when sending to broken.server (or any host 2874in that domain), and request a client certificate during the TLS 2875handshake only for hosts in my.domain. The valid entries on the RHS 2876for Srv_Features are listed in the Sendmail Installation and 2877Operations Guide. 2878 2879 2880Received: Header 2881---------------- 2882 2883The Received: header reveals whether STARTTLS has been used. It contains an 2884extra line: 2885 2886(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify}) 2887 2888 2889+---------------------+ 2890| SMTP AUTHENTICATION | 2891+---------------------+ 2892 2893The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be 2894used in anti-relay rulesets to allow relaying for those users that 2895authenticated themselves. A very simple example is: 2896 2897SLocal_check_rcpt 2898R$* $: $&{auth_type} 2899R$+ $# OK 2900 2901which checks whether a user has successfully authenticated using 2902any available mechanism. Depending on the setup of the CYRUS SASL 2903library, more sophisticated rulesets might be required, e.g., 2904 2905SLocal_check_rcpt 2906R$* $: $&{auth_type} $| $&{auth_authen} 2907RDIGEST-MD5 $| $+@$=w $# OK 2908 2909to allow relaying for users that authenticated using DIGEST-MD5 2910and have an identity in the local domains. 2911 2912The ruleset trust_auth is used to determine whether a given AUTH= 2913parameter (that is passed to this ruleset) should be trusted. This 2914ruleset may make use of the other ${auth_*} macros. Only if the 2915ruleset resolves to the error mailer, the AUTH= parameter is not 2916trusted. A user supplied ruleset Local_trust_auth can be written 2917to modify the default behavior, which only trust the AUTH= 2918parameter if it is identical to the authenticated user. 2919 2920Per default, relaying is allowed for any user who authenticated 2921via a "trusted" mechanism, i.e., one that is defined via 2922TRUST_AUTH_MECH(`list of mechanisms') 2923For example: 2924TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5') 2925 2926If the selected mechanism provides a security layer the number of 2927bits used for the key of the symmetric cipher is stored in the 2928macro ${auth_ssf}. 2929 2930If sendmail acts as client, it needs some information how to 2931authenticate against another MTA. This information can be provided 2932by the ruleset authinfo or by the option DefaultAuthInfo. The 2933authinfo ruleset looks up {server_name} using the tag AuthInfo: in 2934the access map. If no entry is found, {server_addr} is looked up 2935in the same way and finally just the tag AuthInfo: to provide 2936default values. 2937 2938Notice: the default configuration file causes the option DefaultAuthInfo 2939to fail since the ruleset authinfo is in the .cf file. If you really 2940want to use DefaultAuthInfo (it is deprecated) then you have to 2941remove the ruleset. 2942 2943The RHS for an AuthInfo: entry in the access map should consists of a 2944list of tokens, each of which has the form: "TDstring" (including 2945the quotes). T is a tag which describes the item, D is a delimiter, 2946either ':' for simple text or '=' for a base64 encoded string. 2947Valid values for the tag are: 2948 2949 U user (authorization) id 2950 I authentication id 2951 P password 2952 R realm 2953 M list of mechanisms delimited by spaces 2954 2955Example entries are: 2956 2957AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5" 2958AuthInfo:more.dom "U:user" "P=c2VjcmV0" 2959 2960User or authentication id must exist as well as the password. All 2961other entries have default values. If one of user or authentication 2962id is missing, the existing value is used for the missing item. 2963If "R:" is not specified, realm defaults to $j. The list of mechanisms 2964defaults to those specified by AuthMechanisms. 2965 2966Since this map contains sensitive information, either the access 2967map must be unreadable by everyone but root (or the trusted user) 2968or FEATURE(`authinfo') must be used which provides a separate map. 2969Notice: It is not checked whether the map is actually 2970group/world-unreadable, this is left to the user. 2971 2972+--------------------------------+ 2973| ADDING NEW MAILERS OR RULESETS | 2974+--------------------------------+ 2975 2976Sometimes you may need to add entirely new mailers or rulesets. They 2977should be introduced with the constructs MAILER_DEFINITIONS and 2978LOCAL_RULESETS respectively. For example: 2979 2980 MAILER_DEFINITIONS 2981 Mmymailer, ... 2982 ... 2983 2984 LOCAL_RULESETS 2985 Smyruleset 2986 ... 2987 2988Local additions for the rulesets srv_features, try_tls, tls_rcpt, 2989tls_client, and tls_server can be made using LOCAL_SRV_FEATURES, 2990LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER, 2991respectively. For example, to add a local ruleset that decides 2992whether to try STARTTLS in a sendmail client, use: 2993 2994 LOCAL_TRY_TLS 2995 R... 2996 2997Note: you don't need to add a name for the ruleset, it is implicitly 2998defined by using the appropriate macro. 2999 3000 3001+-------------------------+ 3002| ADDING NEW MAIL FILTERS | 3003+-------------------------+ 3004 3005Sendmail supports mail filters to filter incoming SMTP messages according 3006to the "Sendmail Mail Filter API" documentation. These filters can be 3007configured in your mc file using the two commands: 3008 3009 MAIL_FILTER(`name', `equates') 3010 INPUT_MAIL_FILTER(`name', `equates') 3011 3012The first command, MAIL_FILTER(), simply defines a filter with the given 3013name and equates. For example: 3014 3015 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3016 3017This creates the equivalent sendmail.cf entry: 3018 3019 Xarchive, S=local:/var/run/archivesock, F=R 3020 3021The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER 3022but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name 3023of the filter such that the filter will actually be called by sendmail. 3024 3025For example, the two commands: 3026 3027 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3028 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3029 3030are equivalent to the three commands: 3031 3032 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3033 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3034 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') 3035 3036In general, INPUT_MAIL_FILTER() should be used unless you need to define 3037more filters than you want to use for `confINPUT_MAIL_FILTERS'. 3038 3039Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() 3040commands will clear the list created by the prior INPUT_MAIL_FILTER() 3041commands. 3042 3043 3044+-------------------------+ 3045| QUEUE GROUP DEFINITIONS | 3046+-------------------------+ 3047 3048In addition to the queue directory (which is the default queue group 3049called "mqueue"), sendmail can deal with multiple queue groups, which 3050are collections of queue directories with the same behaviour. Queue 3051groups can be defined using the command: 3052 3053 QUEUE_GROUP(`name', `equates') 3054 3055For details about queue groups, please see doc/op/op.{me,ps,txt}. 3056 3057+-------------------------------+ 3058| NON-SMTP BASED CONFIGURATIONS | 3059+-------------------------------+ 3060 3061These configuration files are designed primarily for use by 3062SMTP-based sites. They may not be well tuned for UUCP-only or 3063UUCP-primarily nodes (the latter is defined as a small local net 3064connected to the rest of the world via UUCP). However, there is 3065one hook to handle some special cases. 3066 3067You can define a ``smart host'' that understands a richer address syntax 3068using: 3069 3070 define(`SMART_HOST', `mailer:hostname') 3071 3072In this case, the ``mailer:'' defaults to "relay". Any messages that 3073can't be handled using the usual UUCP rules are passed to this host. 3074 3075If you are on a local SMTP-based net that connects to the outside 3076world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 3077For example: 3078 3079 define(`SMART_HOST', `uucp-new:uunet') 3080 LOCAL_NET_CONFIG 3081 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 3082 3083This will cause all names that end in your domain name ($m) to be sent 3084via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. 3085If you have FEATURE(`nocanonify'), you may need to omit the dots after 3086the $m. If you are running a local DNS inside your domain which is 3087not otherwise connected to the outside world, you probably want to 3088use: 3089 3090 define(`SMART_HOST', `smtp:fire.wall.com') 3091 LOCAL_NET_CONFIG 3092 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 3093 3094That is, send directly only to things you found in your DNS lookup; 3095anything else goes through SMART_HOST. 3096 3097You may need to turn off the anti-spam rules in order to accept 3098UUCP mail with FEATURE(`promiscuous_relay') and 3099FEATURE(`accept_unresolvable_domains'). 3100 3101 3102+-----------+ 3103| WHO AM I? | 3104+-----------+ 3105 3106Normally, the $j macro is automatically defined to be your fully 3107qualified domain name (FQDN). Sendmail does this by getting your 3108host name using gethostname and then calling gethostbyname on the 3109result. For example, in some environments gethostname returns 3110only the root of the host name (such as "foo"); gethostbyname is 3111supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 3112cases, gethostbyname may fail to return the FQDN. In this case 3113you MUST define confDOMAIN_NAME to be your fully qualified domain 3114name. This is usually done using: 3115 3116 Dmbar.com 3117 define(`confDOMAIN_NAME', `$w.$m')dnl 3118 3119 3120+-----------------------------------+ 3121| ACCEPTING MAIL FOR MULTIPLE NAMES | 3122+-----------------------------------+ 3123 3124If your host is known by several different names, you need to augment 3125class {w}. This is a list of names by which your host is known, and 3126anything sent to an address using a host name in this list will be 3127treated as local mail. You can do this in two ways: either create the 3128file /etc/mail/local-host-names containing a list of your aliases (one per 3129line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add 3130``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified 3131name of the host, rather than a short name. 3132 3133If you want to have different address in different domains, take 3134a look at the virtusertable feature, which is also explained at 3135http://www.sendmail.org/virtual-hosting.html 3136 3137 3138+--------------------+ 3139| USING MAILERTABLES | 3140+--------------------+ 3141 3142To use FEATURE(`mailertable'), you will have to create an external 3143database containing the routing information for various domains. 3144For example, a mailertable file in text format might be: 3145 3146 .my.domain xnet:%1.my.domain 3147 uuhost1.my.domain uucp-new:uuhost1 3148 .bitnet smtp:relay.bit.net 3149 3150This should normally be stored in /etc/mail/mailertable. The actual 3151database version of the mailertable is built using: 3152 3153 makemap hash /etc/mail/mailertable < /etc/mail/mailertable 3154 3155The semantics are simple. Any LHS entry that does not begin with 3156a dot matches the full host name indicated. LHS entries beginning 3157with a dot match anything ending with that domain name (including 3158the leading dot) -- that is, they can be thought of as having a 3159leading ".+" regular expression pattern for a non-empty sequence of 3160characters. Matching is done in order of most-to-least qualified 3161-- for example, even though ".my.domain" is listed first in the 3162above example, an entry of "uuhost1.my.domain" will match the second 3163entry since it is more explicit. Note: e-mail to "user@my.domain" 3164does not match any entry in the above table. You need to have 3165something like: 3166 3167 my.domain esmtp:host.my.domain 3168 3169The RHS should always be a "mailer:host" pair. The mailer is the 3170configuration name of a mailer (that is, an M line in the 3171sendmail.cf file). The "host" will be the hostname passed to 3172that mailer. In domain-based matches (that is, those with leading 3173dots) the "%1" may be used to interpolate the wildcarded part of 3174the host name. For example, the first line above sends everything 3175addressed to "anything.my.domain" to that same host name, but using 3176the (presumably experimental) xnet mailer. 3177 3178In some cases you may want to temporarily turn off MX records, 3179particularly on gateways. For example, you may want to MX 3180everything in a domain to one machine that then forwards it 3181directly. To do this, you might use the DNS configuration: 3182 3183 *.domain. IN MX 0 relay.machine 3184 3185and on relay.machine use the mailertable: 3186 3187 .domain smtp:[gateway.domain] 3188 3189The [square brackets] turn off MX records for this host only. 3190If you didn't do this, the mailertable would use the MX record 3191again, which would give you an MX loop. 3192 3193 3194+--------------------------------+ 3195| USING USERDB TO MAP FULL NAMES | 3196+--------------------------------+ 3197 3198The user database was not originally intended for mapping full names 3199to login names (e.g., Eric.Allman => eric), but some people are using 3200it that way. (it is recommended that you set up aliases for this 3201purpose instead -- since you can specify multiple alias files, this 3202is fairly easy.) The intent was to locate the default maildrop at 3203a site, but allow you to override this by sending to a specific host. 3204 3205If you decide to set up the user database in this fashion, it is 3206imperative that you not use FEATURE(`stickyhost') -- otherwise, 3207e-mail sent to Full.Name@local.host.name will be rejected. 3208 3209To build the internal form of the user database, use: 3210 3211 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt 3212 3213As a general rule, it is an extremely bad idea to using full names 3214as e-mail addresses, since they are not in any sense unique. For 3215example, the UNIX software-development community has at least two 3216well-known Peter Deutsches, and at one time Bell Labs had two 3217Stephen R. Bournes with offices along the same hallway. Which one 3218will be forced to suffer the indignity of being Stephen_R_Bourne_2? 3219The less famous of the two, or the one that was hired later? 3220 3221Finger should handle full names (and be fuzzy). Mail should use 3222handles, and not be fuzzy. 3223 3224 3225+--------------------------------+ 3226| MISCELLANEOUS SPECIAL FEATURES | 3227+--------------------------------+ 3228 3229Plussed users 3230 Sometimes it is convenient to merge configuration on a 3231 centralized mail machine, for example, to forward all 3232 root mail to a mail server. In this case it might be 3233 useful to be able to treat the root addresses as a class 3234 of addresses with subtle differences. You can do this 3235 using plussed users. For example, a client might include 3236 the alias: 3237 3238 root: root+client1@server 3239 3240 On the server, this will match an alias for "root+client1". 3241 If that is not found, the alias "root+*" will be tried, 3242 then "root". 3243 3244 3245+----------------+ 3246| SECURITY NOTES | 3247+----------------+ 3248 3249A lot of sendmail security comes down to you. Sendmail 8 is much 3250more careful about checking for security problems than previous 3251versions, but there are some things that you still need to watch 3252for. In particular: 3253 3254* Make sure the aliases file is not writable except by trusted 3255 system personnel. This includes both the text and database 3256 version. 3257 3258* Make sure that other files that sendmail reads, such as the 3259 mailertable, are only writable by trusted system personnel. 3260 3261* The queue directory should not be world writable PARTICULARLY 3262 if your system allows "file giveaways" (that is, if a non-root 3263 user can chown any file they own to any other user). 3264 3265* If your system allows file giveaways, DO NOT create a publically 3266 writable directory for forward files. This will allow anyone 3267 to steal anyone else's e-mail. Instead, create a script that 3268 copies the .forward file from users' home directories once a 3269 night (if you want the non-NFS-mounted forward directory). 3270 3271* If your system allows file giveaways, you'll find that 3272 sendmail is much less trusting of :include: files -- in 3273 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 3274 /etc/shells before they will be trusted (that is, before 3275 files and programs listed in them will be honored). 3276 3277In general, file giveaways are a mistake -- if you can turn them 3278off, do so. 3279 3280 3281+--------------------------------+ 3282| TWEAKING CONFIGURATION OPTIONS | 3283+--------------------------------+ 3284 3285There are a large number of configuration options that don't normally 3286need to be changed. However, if you feel you need to tweak them, you 3287can define the following M4 variables. This list is shown in four 3288columns: the name you define, the default value for that definition, 3289the option or macro that is affected (either Ox for an option or Dx 3290for a macro), and a brief description. Greater detail of the semantics 3291can be found in the Installation and Operations Guide. 3292 3293Some options are likely to be deprecated in future versions -- that is, 3294the option is only included to provide back-compatibility. These are 3295marked with "*". 3296 3297Remember that these options are M4 variables, and hence may need to 3298be quoted. In particular, arguments with commas will usually have to 3299be ``double quoted, like this phrase'' to avoid having the comma 3300confuse things. This is common for alias file definitions and for 3301the read timeout. 3302 3303M4 Variable Name Configuration Description & [Default] 3304================ ============= ======================= 3305confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 3306 for internally generated outgoing 3307 messages. 3308confDOMAIN_NAME $j macro If defined, sets $j. This should 3309 only be done if your system cannot 3310 determine your local domain name, 3311 and then it should be set to 3312 $w.Foo.COM, where Foo.COM is your 3313 domain name. 3314confCF_VERSION $Z macro If defined, this is appended to the 3315 configuration version name. 3316confLDAP_CLUSTER ${sendmailMTACluster} macro 3317 If defined, this is the LDAP 3318 cluster to use for LDAP searches 3319 as described above in ``USING LDAP 3320 FOR ALIASES, MAPS, AND CLASSES''. 3321confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 3322 internally generated From: address. 3323confRECEIVED_HEADER Received: 3324 [$?sfrom $s $.$?_($?s$|from $.$_) 3325 $.$?{auth_type}(authenticated) 3326 $.by $j ($v/$Z)$?r with $r$. id $i$?u 3327 for $u; $|; 3328 $.$b] 3329 The format of the Received: header 3330 in messages passed through this host. 3331 It is unwise to try to change this. 3332confCW_FILE Fw class [/etc/mail/local-host-names] Name 3333 of file used to get the local 3334 additions to class {w} (local host 3335 names). 3336confCT_FILE Ft class [/etc/mail/trusted-users] Name of 3337 file used to get the local additions 3338 to class {t} (trusted users). 3339confCR_FILE FR class [/etc/mail/relay-domains] Name of 3340 file used to get the local additions 3341 to class {R} (hosts allowed to relay). 3342confTRUSTED_USERS Ct class [no default] Names of users to add to 3343 the list of trusted users. This list 3344 always includes root, uucp, and daemon. 3345 See also FEATURE(`use_ct_file'). 3346confTRUSTED_USER TrustedUser [no default] Trusted user for file 3347 ownership and starting the daemon. 3348 Not to be confused with 3349 confTRUSTED_USERS (see above). 3350confSMTP_MAILER - [esmtp] The mailer name used when 3351 SMTP connectivity is required. 3352 One of "smtp", "smtp8", 3353 "esmtp", or "dsmtp". 3354confUUCP_MAILER - [uucp-old] The mailer to be used by 3355 default for bang-format recipient 3356 addresses. See also discussion of 3357 class {U}, class {Y}, and class {Z} 3358 in the MAILER(`uucp') section. 3359confLOCAL_MAILER - [local] The mailer name used when 3360 local connectivity is required. 3361 Almost always "local". 3362confRELAY_MAILER - [relay] The default mailer name used 3363 for relaying any mail (e.g., to a 3364 BITNET_RELAY, a SMART_HOST, or 3365 whatever). This can reasonably be 3366 "uucp-new" if you are on a 3367 UUCP-connected site. 3368confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 3369confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 3370confALIAS_WAIT AliasWait [10m] Time to wait for alias file 3371 rebuild until you get bored and 3372 decide that the apparently pending 3373 rebuild failed. 3374confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 3375 queue filesystem to accept SMTP mail. 3376 (Prior to 8.7 this was minfree/maxsize, 3377 where minfree was the number of free 3378 blocks and maxsize was the maximum 3379 message size. Use confMAX_MESSAGE_SIZE 3380 for the second value now.) 3381confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 3382 that will be accepted (in bytes). 3383confBLANK_SUB BlankSub [.] Blank (space) substitution 3384 character. 3385confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 3386 to mailers marked expensive. 3387confCHECKPOINT_INTERVAL CheckpointInterval 3388 [10] Checkpoint queue files every N 3389 recipients. 3390confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 3391confERROR_MODE ErrorMode [print] Error message mode. 3392confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 3393confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 3394confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 3395confMATCH_GECOS MatchGECOS [False] Match GECOS field. 3396confMAX_HOP MaxHopCount [25] Maximum hop count. 3397confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd 3398 mode] Ignore dot as terminator for 3399 incoming messages? 3400confBIND_OPTS ResolverOptions [undefined] Default options for DNS 3401 resolver. 3402confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 3403 encapsulated messages per RFC 1344. 3404confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 3405 The colon-separated list of places to 3406 search for .forward files. N.B.: see 3407 the Security Notes section. 3408confMCI_CACHE_SIZE ConnectionCacheSize 3409 [2] Size of open connection cache. 3410confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 3411 [5m] Open connection cache timeout. 3412confHOST_STATUS_DIRECTORY HostStatusDirectory 3413 [undefined] If set, host status is kept 3414 on disk between sendmail runs in the 3415 named directory tree. This need not be 3416 a full pathname, in which case it is 3417 interpreted relative to the queue 3418 directory. 3419confSINGLE_THREAD_DELIVERY SingleThreadDelivery 3420 [False] If this option and the 3421 HostStatusDirectory option are both 3422 set, single thread deliveries to other 3423 hosts. That is, don't allow any two 3424 sendmails on this host to connect 3425 simultaneously to any other single 3426 host. This can slow down delivery in 3427 some cases, in particular since a 3428 cached but otherwise idle connection 3429 to a host will prevent other sendmails 3430 from connecting to the other host. 3431confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to 3432 deliver error messages. This should 3433 not be necessary because of general 3434 acceptance of the envelope/header 3435 distinction. 3436confLOG_LEVEL LogLevel [9] Log level. 3437confME_TOO MeToo [True] Include sender in group 3438 expansions. This option is 3439 deprecated and will be removed from 3440 a future version. 3441confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 3442 running newaliases. Since this does 3443 DNS lookups on every address, it can 3444 slow down the alias rebuild process 3445 considerably on large alias files. 3446confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 3447 special chars are old style. 3448confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 3449confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 3450 copies of all error messages. 3451confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 3452confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for 3453 queue files (octal). If not set, 3454 sendmail uses 0600 unless its real 3455 and effective uid are different in 3456 which case it uses 0644. 3457confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 3458 syntax addresses to the minimum 3459 possible. 3460confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 3461 before forking. 3462confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 3463 on the initial connect. 3464confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 3465 connect() to complete. This can only 3466 shorten connection timeouts; the kernel 3467 silently enforces an absolute maximum 3468 (which varies depending on the system). 3469confTO_ICONNECT Timeout.iconnect 3470 [undefined] Like Timeout.connect, but 3471 applies only to the very first attempt 3472 to connect to a host in a message. 3473 This allows a single very fast pass 3474 followed by more careful delivery 3475 attempts in the future. 3476confTO_ACONNECT Timeout.aconnect 3477 [0] The overall timeout waiting for 3478 all connection for a single delivery 3479 attempt to succeed. If 0, no overall 3480 limit is applied. 3481confTO_HELO Timeout.helo [5m] The timeout waiting for a response 3482 to a HELO or EHLO command. 3483confTO_MAIL Timeout.mail [10m] The timeout waiting for a 3484 response to the MAIL command. 3485confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 3486 to the RCPT command. 3487confTO_DATAINIT Timeout.datainit 3488 [5m] The timeout waiting for a 354 3489 response from the DATA command. 3490confTO_DATABLOCK Timeout.datablock 3491 [1h] The timeout waiting for a block 3492 during DATA phase. 3493confTO_DATAFINAL Timeout.datafinal 3494 [1h] The timeout waiting for a response 3495 to the final "." that terminates a 3496 message. 3497confTO_RSET Timeout.rset [5m] The timeout waiting for a response 3498 to the RSET command. 3499confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 3500 to the QUIT command. 3501confTO_MISC Timeout.misc [2m] The timeout waiting for a response 3502 to other SMTP commands. 3503confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout 3504 waiting for a command to be issued. 3505confTO_IDENT Timeout.ident [5s] The timeout waiting for a 3506 response to an IDENT query. 3507confTO_FILEOPEN Timeout.fileopen 3508 [60s] The timeout waiting for a file 3509 (e.g., :include: file) to be opened. 3510confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response 3511 to an LMTP LHLO command. 3512confTO_AUTH Timeout.auth [10m] The timeout waiting for a 3513 response in an AUTH dialogue. 3514confTO_STARTTLS Timeout.starttls 3515 [1h] The timeout waiting for a 3516 response to an SMTP STARTTLS command. 3517confTO_CONTROL Timeout.control 3518 [2m] The timeout for a complete 3519 control socket transaction to complete. 3520confTO_QUEUERETURN Timeout.queuereturn 3521 [5d] The timeout before a message is 3522 returned as undeliverable. 3523confTO_QUEUERETURN_NORMAL 3524 Timeout.queuereturn.normal 3525 [undefined] As above, for normal 3526 priority messages. 3527confTO_QUEUERETURN_URGENT 3528 Timeout.queuereturn.urgent 3529 [undefined] As above, for urgent 3530 priority messages. 3531confTO_QUEUERETURN_NONURGENT 3532 Timeout.queuereturn.non-urgent 3533 [undefined] As above, for non-urgent 3534 (low) priority messages. 3535confTO_QUEUEWARN Timeout.queuewarn 3536 [4h] The timeout before a warning 3537 message is sent to the sender telling 3538 them that the message has been 3539 deferred. 3540confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 3541 [undefined] As above, for normal 3542 priority messages. 3543confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 3544 [undefined] As above, for urgent 3545 priority messages. 3546confTO_QUEUEWARN_NONURGENT 3547 Timeout.queuewarn.non-urgent 3548 [undefined] As above, for non-urgent 3549 (low) priority messages. 3550confTO_HOSTSTATUS Timeout.hoststatus 3551 [30m] How long information about host 3552 statuses will be maintained before it 3553 is considered stale and the host should 3554 be retried. This applies both within 3555 a single queue run and to persistent 3556 information (see below). 3557confTO_RESOLVER_RETRANS Timeout.resolver.retrans 3558 [varies] Sets the resolver's 3559 retransmission time interval (in 3560 seconds). Sets both 3561 Timeout.resolver.retrans.first and 3562 Timeout.resolver.retrans.normal. 3563confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 3564 [varies] Sets the resolver's 3565 retransmission time interval (in 3566 seconds) for the first attempt to 3567 deliver a message. 3568confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 3569 [varies] Sets the resolver's 3570 retransmission time interval (in 3571 seconds) for all resolver lookups 3572 except the first delivery attempt. 3573confTO_RESOLVER_RETRY Timeout.resolver.retry 3574 [varies] Sets the number of times 3575 to retransmit a resolver query. 3576 Sets both 3577 Timeout.resolver.retry.first and 3578 Timeout.resolver.retry.normal. 3579confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 3580 [varies] Sets the number of times 3581 to retransmit a resolver query for 3582 the first attempt to deliver a 3583 message. 3584confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 3585 [varies] Sets the number of times 3586 to retransmit a resolver query for 3587 all resolver lookups except the 3588 first delivery attempt. 3589confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 3590 USE_SYSTEM to use the system's idea, 3591 USE_TZ to use the user's TZ envariable, 3592 or something else to force that value. 3593confDEF_USER_ID DefaultUser [1:1] Default user id. 3594confUSERDB_SPEC UserDatabaseSpec 3595 [undefined] User database 3596 specification. 3597confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 3598confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX 3599 for a host and other arrangements 3600 haven't been made, try connecting 3601 to the host directly; normally this 3602 would be a config error. 3603confQUEUE_LA QueueLA [varies] Load average at which 3604 queue-only function kicks in. 3605 Default values is (8 * numproc) 3606 where numproc is the number of 3607 processors online (if that can be 3608 determined). 3609confREFUSE_LA RefuseLA [varies] Load average at which 3610 incoming SMTP connections are 3611 refused. Default values is (12 * 3612 numproc) where numproc is the 3613 number of processors online (if 3614 that can be determined). 3615confDELAY_LA DelayLA [0] Load average at which sendmail 3616 will sleep for one second on most 3617 SMTP commands and before accepting 3618 connections. 0 means no limit. 3619confMAX_ALIAS_RECURSION MaxAliasRecursion 3620 [10] Maximum depth of alias recursion. 3621confMAX_DAEMON_CHILDREN MaxDaemonChildren 3622 [undefined] The maximum number of 3623 children the daemon will permit. After 3624 this number, connections will be 3625 rejected. If not set or <= 0, there is 3626 no limit. 3627confMAX_HEADERS_LENGTH MaxHeadersLength 3628 [32768] Maximum length of the sum 3629 of all headers. 3630confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 3631 [undefined] Maximum length of 3632 certain MIME header field values. 3633confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 3634 [undefined] The maximum number of 3635 connections permitted per second per 3636 daemon. After this many connections 3637 are accepted, further connections 3638 will be delayed. If not set or <= 0, 3639 there is no limit. 3640confWORK_RECIPIENT_FACTOR 3641 RecipientFactor [30000] Cost of each recipient. 3642confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a 3643 separate process. 3644confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 3645confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 3646confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 3647 Priority, Host, Filename, Random, 3648 Modification, or Time. 3649confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 3650 must sit in the queue between queue 3651 runs. This allows you to set the 3652 queue run interval low for better 3653 responsiveness without trying all 3654 jobs in each run. 3655confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 3656 unlabeled 8 bit input to MIME, the 3657 character set to use by default. 3658confSERVICE_SWITCH_FILE ServiceSwitchFile 3659 [/etc/mail/service.switch] The file 3660 to use for the service switch on 3661 systems that do not have a 3662 system-defined switch. 3663confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 3664 "file" type access of hosts names. 3665confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 3666 long and try again. Zero means "don't 3667 retry". This is to allow "dial on 3668 demand" connections to have enough time 3669 to complete a connection. 3670confNO_RCPT_ACTION NoRecipientAction 3671 [none] What to do if there are no legal 3672 recipient fields (To:, Cc: or Bcc:) 3673 in the message. Legal values can 3674 be "none" to just leave the 3675 nonconforming message as is, "add-to" 3676 to add a To: header with all the 3677 known recipients (which may expose 3678 blind recipients), "add-apparently-to" 3679 to do the same but use Apparently-To: 3680 instead of To: (strongly discouraged 3681 in accordance with IETF standards), 3682 "add-bcc" to add an empty Bcc: 3683 header, or "add-to-undisclosed" to 3684 add the header 3685 ``To: undisclosed-recipients:;''. 3686confSAFE_FILE_ENV SafeFileEnvironment 3687 [undefined] If set, sendmail will do a 3688 chroot() into this directory before 3689 writing files. 3690confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 3691 If set, colons are treated as a regular 3692 character in addresses. If not set, 3693 they are treated as the introducer to 3694 the RFC 822 "group" syntax. Colons are 3695 handled properly in route-addrs. This 3696 option defaults on for V5 and lower 3697 configuration files. 3698confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 3699 any given queue run to this number of 3700 entries. Essentially, this will stop 3701 reading each queue directory after this 3702 number of entries are reached; it does 3703 _not_ pick the highest priority jobs, 3704 so this should be as large as your 3705 system can tolerate. If not set, there 3706 is no limit. 3707confMAX_QUEUE_CHILDREN MaxQueueChildren 3708 [undefined] Limits the maximum number 3709 of concurrent queue runners active. 3710 This is to keep system resources used 3711 within a reasonable limit. Relates to 3712 Queue Groups and ForkAllJobs. 3713confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 3714 [1] Only active when MaxQueueChildren 3715 defined. Controls the maximum number 3716 of queue runners (aka queue children) 3717 active at the same time in a work 3718 group. See also MaxQueueChildren. 3719confDONT_EXPAND_CNAMES DontExpandCnames 3720 [False] If set, $[ ... $] lookups that 3721 do DNS based lookups do not expand 3722 CNAME records. This currently violates 3723 the published standards, but the IETF 3724 seems to be moving toward legalizing 3725 this. For example, if "FTP.Foo.ORG" 3726 is a CNAME for "Cruft.Foo.ORG", then 3727 with this option set a lookup of 3728 "FTP" will return "FTP.Foo.ORG"; if 3729 clear it returns "Cruft.FOO.ORG". N.B. 3730 you may not see any effect until your 3731 downstream neighbors stop doing CNAME 3732 lookups as well. 3733confFROM_LINE UnixFromLine [From $g $d] The From_ line used 3734 when sending to files or programs. 3735confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 3736 [False] From: lines that have 3737 embedded newlines are unwrapped 3738 onto one line. 3739confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 3740 does not include a host name. 3741confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 3742 name phrase (@,;:\()[] are automatic). 3743confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 3744 characters. 3745confSMTP_LOGIN_MSG SmtpGreetingMessage 3746 [$j Sendmail $v/$Z; $b] 3747 The initial (spontaneous) SMTP 3748 greeting message. The word "ESMTP" 3749 will be inserted between the first and 3750 second words to convince other 3751 sendmails to try to speak ESMTP. 3752confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 3753 routine will never be invoked. You 3754 might want to do this if you are 3755 running NIS and you have a large group 3756 map, since this call does a sequential 3757 scan of the map; in a large site this 3758 can cause your ypserv to run 3759 essentially full time. If you set 3760 this, agents run on behalf of users 3761 will only have their primary 3762 (/etc/passwd) group permissions. 3763confUNSAFE_GROUP_WRITES UnsafeGroupWrites 3764 [False] If set, group-writable 3765 :include: and .forward files are 3766 considered "unsafe", that is, programs 3767 and files cannot be directly referenced 3768 from such files. World-writable files 3769 are always considered unsafe. 3770confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection 3771 address (for testing). 3772confCONTROL_SOCKET_NAME ControlSocketName 3773 [undefined] Control socket for daemon 3774 management. 3775confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 3776 [postmaster] If an error occurs when 3777 sending an error message, send that 3778 "double bounce" error message to this 3779 address. If it expands to an empty 3780 string, double bounces are dropped. 3781confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce 3782 messages which could not be returned 3783 to the user or sent to postmaster. 3784 If not set, the queue file will 3785 be renamed. 3786confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header 3787 implies DSN request. 3788confRUN_AS_USER RunAsUser [undefined] If set, become this user 3789 when reading and delivering mail. 3790 Causes all file reads (e.g., .forward 3791 and :include: files) to be done as 3792 this user. Also, all programs will 3793 be run as this user, and all output 3794 files will be written as this user. 3795 Intended for use only on firewalls 3796 where users do not have accounts. 3797confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 3798 [infinite] If set, allow no more than 3799 the specified number of recipients in 3800 an SMTP envelope. Further recipients 3801 receive a 452 error code (i.e., they 3802 are deferred for the next delivery 3803 attempt). 3804confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and more than the 3805 specified number of recipients in an 3806 envelope are rejected, sleep for one 3807 second after each rejected RCPT 3808 command. 3809confDONT_PROBE_INTERFACES DontProbeInterfaces 3810 [False] If set, sendmail will _not_ 3811 insert the names and addresses of any 3812 local interfaces into class {w} 3813 (list of known "equivalent" addresses). 3814 If you set this, you must also include 3815 some support for these addresses (e.g., 3816 in a mailertable entry) -- otherwise, 3817 mail to addresses in this list will 3818 bounce with a configuration error. 3819 If set to "loopback" (without 3820 quotes), sendmail will skip 3821 loopback interfaces (e.g., "lo0"). 3822confPID_FILE PidFile [system dependent] Location of pid 3823 file. 3824confPROCESS_TITLE_PREFIX ProcessTitlePrefix 3825 [undefined] Prefix string for the 3826 process title shown on 'ps' listings. 3827confDONT_BLAME_SENDMAIL DontBlameSendmail 3828 [safe] Override sendmail's file 3829 safety checks. This will definitely 3830 compromise system security and should 3831 not be used unless absolutely 3832 necessary. 3833confREJECT_MSG - [550 Access denied] The message 3834 given if the access database contains 3835 REJECT in the value portion. 3836confRELAY_MSG - [550 Relaying denied] The message 3837 given if an unauthorized relaying 3838 attempt is rejected. 3839confDF_BUFFER_SIZE DataFileBufferSize 3840 [4096] The maximum size of a 3841 memory-buffered data (df) file 3842 before a disk-based file is used. 3843confXF_BUFFER_SIZE XScriptFileBufferSize 3844 [4096] The maximum size of a 3845 memory-buffered transcript (xf) 3846 file before a disk-based file is 3847 used. 3848confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5 3849 CRAM-MD5] List of authentication 3850 mechanisms for AUTH (separated by 3851 spaces). The advertised list of 3852 authentication mechanisms will be the 3853 intersection of this list and the list 3854 of available mechanisms as determined 3855 by the CYRUS SASL library. 3856confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains 3857 authentication information for 3858 outgoing connections. This file must 3859 contain the user id, the authorization 3860 id, the password (plain text), the 3861 realm to use, and the list of 3862 mechanisms to try, each on a separate 3863 line and must be readable by root (or 3864 the trusted user) only. If no realm 3865 is specified, $j is used. If no 3866 mechanisms are given in the file, 3867 AuthMechanisms is used. Notice: this 3868 option is deprecated and will be 3869 removed in future versions; it doesn't 3870 work for the MSP since it can't read 3871 the file. Use the authinfo ruleset 3872 instead. See also the section SMTP 3873 AUTHENTICATION. 3874confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A' 3875 then the AUTH= parameter for the 3876 MAIL FROM command is only issued 3877 when authentication succeeded. 3878 Other values (which should be listed 3879 one after the other without any 3880 intervening characters except for 3881 space or comma) are a, c, d, f, p, 3882 and y. See doc/op/op.me for 3883 details. 3884confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption 3885 strength for the security layer in 3886 SMTP AUTH (SASL). Default is 3887 essentially unlimited. 3888confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 3889 verification is performed, i.e., 3890 the server doesn't ask for a 3891 certificate. 3892confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map 3893 specification for LDAP maps. The 3894 value should only contain LDAP 3895 specific settings such as "-h host 3896 -p port -d bindDN", etc. The 3897 settings will be used for all LDAP 3898 maps unless they are specified in 3899 the individual map specification 3900 ('K' command). 3901confCACERT_PATH CACERTPath [undefined] Path to directory 3902 with certs of CAs. 3903confCACERT CACERTFile [undefined] File containing one CA 3904 cert. 3905confSERVER_CERT ServerCertFile [undefined] File containing the 3906 cert of the server, i.e., this cert 3907 is used when sendmail acts as 3908 server. 3909confSERVER_KEY ServerKeyFile [undefined] File containing the 3910 private key belonging to the server 3911 cert. 3912confCLIENT_CERT ClientCertFile [undefined] File containing the 3913 cert of the client, i.e., this cert 3914 is used when sendmail acts as 3915 client. 3916confCLIENT_KEY ClientKeyFile [undefined] File containing the 3917 private key belonging to the client 3918 cert. 3919confDH_PARAMETERS DHParameters [undefined] File containing the 3920 DH parameters. 3921confRAND_FILE RandFile [undefined] File containing random 3922 data (use prefix file:) or the 3923 name of the UNIX socket if EGD is 3924 used (use prefix egd:). STARTTLS 3925 requires this option if the compile 3926 flag HASURANDOM is not set (see 3927 sendmail/README). 3928confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of 3929 queue runners is set the given value 3930 (nice(3)). 3931confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 3932 [undefined] Defines {daemon_flags} 3933 for direct submissions. 3934confUSE_MSP UseMSP [false] Use as mail submission 3935 program, see sendmail/SECURITY. 3936confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By 3937 SMTP Service Extension (RFC 2852). 3938confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory. 3939confFAST_SPLIT FastSplit [1] If set to a value greater than 3940 zero, the initial MX lookups on 3941 addresses is suppressed when they 3942 are sorted which may result in 3943 faster envelope splitting. If the 3944 mail is submitted directly from the 3945 command line, then the value also 3946 limits the number of processes to 3947 deliver the envelopes. 3948confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find 3949 information about local mailboxes. 3950confDEQUOTE_OPTS - [empty] Additional options for the 3951 dequote map. 3952confINPUT_MAIL_FILTERS InputMailFilters 3953 A comma separated list of filters 3954 which determines which filters and 3955 the invocation sequence are 3956 contacted for incoming SMTP 3957 messages. If none are set, no 3958 filters will be contacted. 3959confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter 3960 actions, defaults to LogLevel. 3961confMILTER_MACROS_CONNECT Milter.macros.connect 3962 [empty] Macros to transmit to milters 3963 when a session connection starts. 3964confMILTER_MACROS_HELO Milter.macros.helo 3965 [empty] Macros to transmit to milters 3966 after HELO command. 3967confMILTER_MACROS_ENVFROM Milter.macros.envfrom 3968 [empty] Macros to transmit to milters 3969 after MAIL FROM command. 3970confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 3971 [empty] Macros to transmit to milters 3972 after RCPT TO command. 3973 3974 3975See also the description of OSTYPE for some parameters that can be 3976tweaked (generally pathnames to mailers). 3977 3978ClientPortOptions and DaemonPortOptions are special cases since multiple 3979clients/daemons can be defined. This can be done via 3980 3981 CLIENT_OPTIONS(`field1=value1,field2=value2,...') 3982 DAEMON_OPTIONS(`field1=value1,field2=value2,...') 3983 3984Note that multiple CLIENT_OPTIONS() commands (and therefore multiple 3985ClientPortOptions settings) are allowed in order to give settings for each 3986protocol family (e.g., one for Family=inet and one for Family=inet6). A 3987restriction placed on one family only affects outgoing connections on that 3988particular family. 3989 3990If DAEMON_OPTIONS is not used, then the default is 3991 3992 DAEMON_OPTIONS(`Port=smtp, Name=MTA') 3993 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') 3994 3995If you use one DAEMON_OPTIONS macro, it will alter the parameters 3996of the first of these. The second will still be defaulted; it 3997represents a "Message Submission Agent" (MSA) as defined by RFC 39982476 (see below). To turn off the default definition for the MSA, 3999use FEATURE(`no_default_msa') (see also FEATURES). If you use 4000additional DAEMON_OPTIONS macros, they will add additional daemons. 4001 4002Example 1: To change the port for the SMTP listener, while 4003still using the MSA default, use 4004 DAEMON_OPTIONS(`Port=925, Name=MTA') 4005 4006Example 2: To change the port for the MSA daemon, while still 4007using the default SMTP port, use 4008 FEATURE(`no_default_msa') 4009 DAEMON_OPTIONS(`Name=MTA') 4010 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') 4011 4012Note that if the first of those DAEMON_OPTIONS lines were omitted, then 4013there would be no listener on the standard SMTP port. 4014 4015Example 3: To listen on both IPv4 and IPv6 interfaces, use 4016 4017 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') 4018 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') 4019 4020A "Message Submission Agent" still uses all of the same rulesets for 4021processing the message (and therefore still allows message rejection via 4022the check_* rulesets). In accordance with the RFC, the MSA will ensure 4023that all domains in the envelope are fully qualified if the message is 4024relayed to another MTA. It will also enforce the normal address syntax 4025rules and log error messages. Additionally, by using the M=a modifier 4026you can require authentication before messages are accepted by the MSA. 4027Notice: Do NOT use the 'a' modifier on a public accessible MTA! 4028Finally, the M=E modifier shown above disables ETRN as required by RFC 40292476. 4030 4031Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() 4032commands: 4033 4034 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') 4035 MAIL_FILTER(`myfilter', `S=inet:3333@localhost') 4036 4037The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the 4038same order they were specified by also setting confINPUT_MAIL_FILTERS. A 4039filter can be defined without adding it to the input filter list by using 4040MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. 4041Alternatively, you can reset the list of filters and their order by setting 4042confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in 4043your .mc file. 4044 4045 4046+----------------------------+ 4047| MESSAGE SUBMISSION PROGRAM | 4048+----------------------------+ 4049 4050The purpose of the message submission program (MSP) is explained 4051in sendmail/SECURITY. This section contains a list of caveats and 4052a few hints how for those who want to tweak the default configuration 4053for it (which is installed as submit.cf). 4054 4055Notice: do not add options/features to submit.mc unless you are 4056absolutely sure you need them. Options you may want to change 4057include: 4058 4059- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for 4060 avoiding X-Authentication warnings. 4061- confTIME_ZONE to change it from the default `USE_TZ'. 4062- confDELIVERY_MODE is set to interactive in msp.m4 instead 4063 of the default background mode. 4064- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses 4065 to the LOCAL_RELAY instead of the default relay. 4066- confRAND_FILE if you use STARTTLS and sendmail is not compiled with 4067 the flag HASURANDOM. 4068 4069The MSP performs hostname canonicalization by default. As also 4070explained in sendmail/SECURITY, mail may end up for various DNS 4071related reasons in the MSP queue. This problem can be minimized by 4072using 4073 4074 FEATURE(`nocanonify', `canonify_hosts') 4075 define(`confDIRECT_SUBMISSION_MODIFIERS', `C') 4076 4077See the discussion about nocanonify for possible side effects. 4078 4079Some things are not intended to work with the MSP. These include 4080features that influence the delivery process (e.g., mailertable, 4081aliases), or those that are only important for a SMTP server (e.g., 4082virtusertable, DaemonPortOptions, multiple queues). Moreover, 4083relaxing certain restrictions (RestrictQueueRun, permissions on 4084queue directory) or adding features (e.g., enabling prog/file mailer) 4085can cause security problems. 4086 4087Other things don't work well with the MSP and require tweaking or 4088workarounds. For example, to allow for client authentication it 4089is not just sufficient to provide a client certificate and the 4090corresponding key, but it is also necessary to make the key group 4091(smmsp) readable and tell sendmail not to complain about that, i.e., 4092 4093 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile') 4094 4095If the MSP should actually use AUTH then the necessary data 4096should be placed in a map as explained in SMTP AUTHENTICATION: 4097 4098FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo') 4099 4100/etc/mail/msp-authinfo should contain an entry like: 4101 4102 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5" 4103 4104The file and the map created by makemap should be owned by smmsp, 4105its group should be smmsp, and it should have mode 640. The database 4106used by the MTA for AUTH must have a corresponding entry. 4107Additionally the MTA must trust this authentication data so the AUTH= 4108part will be relayed on to the next hop. This can be achieved by 4109adding the following to your sendmail.mc file: 4110 4111 LOCAL_RULESETS 4112 SLocal_trust_auth 4113 R$* $: $&{auth_authen} 4114 Rsmmsp $# OK 4115 4116feature/msp.m4 defines almost all settings for the MSP. Most of 4117those should not be changed at all. Some of the features and options 4118can be overridden if really necessary. It is a bit tricky to do 4119this, because it depends on the actual way the option is defined 4120in feature/msp.m4. If it is directly defined (i.e., define()) then 4121the modified value must be defined after 4122 4123 FEATURE(`msp') 4124 4125If it is conditionally defined (i.e., ifdef()) then the desired 4126value must be defined before the FEATURE line in the .mc file. 4127To see how the options are defined read feature/msp.m4. 4128 4129 4130+--------------------------+ 4131| FORMAT OF FILES AND MAPS | 4132+--------------------------+ 4133 4134Files that define classes, i.e., F{classname}, consist of lines 4135each of which contains a single element of the class. For example, 4136/etc/mail/local-host-names may have the following content: 4137 4138my.domain 4139another.domain 4140 4141Maps must be created using makemap(8) , e.g., 4142 4143 makemap hash MAP < MAP 4144 4145In general, a text file from which a map is created contains lines 4146of the form 4147 4148key value 4149 4150where 'key' and 'value' are also called LHS and RHS, respectively. 4151By default, the delimiter between LHS and RHS is a non-empty sequence 4152of white space characters. 4153 4154 4155+------------------+ 4156| DIRECTORY LAYOUT | 4157+------------------+ 4158 4159Within this directory are several subdirectories, to wit: 4160 4161m4 General support routines. These are typically 4162 very important and should not be changed without 4163 very careful consideration. 4164 4165cf The configuration files themselves. They have 4166 ".mc" suffixes, and must be run through m4 to 4167 become complete. The resulting output should 4168 have a ".cf" suffix. 4169 4170ostype Definitions describing a particular operating 4171 system type. These should always be referenced 4172 using the OSTYPE macro in the .mc file. Examples 4173 include "bsd4.3", "bsd4.4", "sunos3.5", and 4174 "sunos4.1". 4175 4176domain Definitions describing a particular domain, referenced 4177 using the DOMAIN macro in the .mc file. These are 4178 site dependent; for example, "CS.Berkeley.EDU.m4" 4179 describes hosts in the CS.Berkeley.EDU subdomain. 4180 4181mailer Descriptions of mailers. These are referenced using 4182 the MAILER macro in the .mc file. 4183 4184sh Shell files used when building the .cf file from the 4185 .mc file in the cf subdirectory. 4186 4187feature These hold special orthogonal features that you might 4188 want to include. They should be referenced using 4189 the FEATURE macro. 4190 4191hack Local hacks. These can be referenced using the HACK 4192 macro. They shouldn't be of more than voyeuristic 4193 interest outside the .Berkeley.EDU domain, but who knows? 4194 4195siteconfig Site configuration -- e.g., tables of locally connected 4196 UUCP sites. 4197 4198 4199+------------------------+ 4200| ADMINISTRATIVE DETAILS | 4201+------------------------+ 4202 4203The following sections detail usage of certain internal parts of the 4204sendmail.cf file. Read them carefully if you are trying to modify 4205the current model. If you find the above descriptions adequate, these 4206should be {boring, confusing, tedious, ridiculous} (pick one or more). 4207 4208RULESETS (* means built in to sendmail) 4209 4210 0 * Parsing 4211 1 * Sender rewriting 4212 2 * Recipient rewriting 4213 3 * Canonicalization 4214 4 * Post cleanup 4215 5 * Local address rewrite (after aliasing) 4216 1x mailer rules (sender qualification) 4217 2x mailer rules (recipient qualification) 4218 3x mailer rules (sender header qualification) 4219 4x mailer rules (recipient header qualification) 4220 5x mailer subroutines (general) 4221 6x mailer subroutines (general) 4222 7x mailer subroutines (general) 4223 8x reserved 4224 90 Mailertable host stripping 4225 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 4226 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 4227 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 4228 4229 4230MAILERS 4231 4232 0 local, prog local and program mailers 4233 1 [e]smtp, relay SMTP channel 4234 2 uucp-* UNIX-to-UNIX Copy Program 4235 3 netnews Network News delivery 4236 4 fax Sam Leffler's HylaFAX software 4237 5 mail11 DECnet mailer 4238 4239 4240MACROS 4241 4242 A 4243 B Bitnet Relay 4244 C DECnet Relay 4245 D The local domain -- usually not needed 4246 E reserved for X.400 Relay 4247 F FAX Relay 4248 G 4249 H mail Hub (for mail clusters) 4250 I 4251 J 4252 K 4253 L Luser Relay 4254 M Masquerade (who you claim to be) 4255 N 4256 O 4257 P 4258 Q 4259 R Relay (for unqualified names) 4260 S Smart Host 4261 T 4262 U my UUCP name (if you have a UUCP connection) 4263 V UUCP Relay (class {V} hosts) 4264 W UUCP Relay (class {W} hosts) 4265 X UUCP Relay (class {X} hosts) 4266 Y UUCP Relay (all other hosts) 4267 Z Version number 4268 4269 4270CLASSES 4271 4272 A 4273 B domains that are candidates for bestmx lookup 4274 C 4275 D 4276 E addresses that should not seem to come from $M 4277 F hosts this system forward for 4278 G domains that should be looked up in genericstable 4279 H 4280 I 4281 J 4282 K 4283 L addresses that should not be forwarded to $R 4284 M domains that should be mapped to $M 4285 N host/domains that should not be mapped to $M 4286 O operators that indicate network operations (cannot be in local names) 4287 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 4288 Q 4289 R domains this system is willing to relay (pass anti-spam filters) 4290 S 4291 T 4292 U locally connected UUCP hosts 4293 V UUCP hosts connected to relay $V 4294 W UUCP hosts connected to relay $W 4295 X UUCP hosts connected to relay $X 4296 Y locally connected smart UUCP hosts 4297 Z locally connected domain-ized UUCP hosts 4298 . the class containing only a dot 4299 [ the class containing only a left bracket 4300 4301 4302M4 DIVERSIONS 4303 4304 1 Local host detection and resolution 4305 2 Local Ruleset 3 additions 4306 3 Local Ruleset 0 additions 4307 4 UUCP Ruleset 0 additions 4308 5 locally interpreted names (overrides $R) 4309 6 local configuration (at top of file) 4310 7 mailer definitions 4311 8 DNS based blacklists 4312 9 special local rulesets (1 and 2) 4313 4314$Revision: 8.623.2.1 $, Last updated $Date: 2002/08/07 23:14:56 $ 4315