1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide (doc/op/op.me). 8 9To get started, you may want to look at tcpproto.mc (for TCP-only 10sites) and clientproto.mc (for clusters of clients using a single 11mail host), or the generic-*.mc files as operating system-specific 12examples. 13 14Table of Content: 15 16INTRODUCTION AND EXAMPLE 17A BRIEF INTRODUCTION TO M4 18FILE LOCATIONS 19OSTYPE 20DOMAINS 21MAILERS 22FEATURES 23HACKS 24SITE CONFIGURATION 25USING UUCP MAILERS 26TWEAKING RULESETS 27MASQUERADING AND RELAYING 28USING LDAP FOR ALIASES, MAPS, AND CLASSES 29LDAP ROUTING 30ANTI-SPAM CONFIGURATION CONTROL 31STARTTLS 32SMTP AUTHENTICATION 33ADDING NEW MAILERS OR RULESETS 34ADDING NEW MAIL FILTERS 35QUEUE GROUP DEFINITIONS 36NON-SMTP BASED CONFIGURATIONS 37WHO AM I? 38ACCEPTING MAIL FOR MULTIPLE NAMES 39USING MAILERTABLES 40USING USERDB TO MAP FULL NAMES 41MISCELLANEOUS SPECIAL FEATURES 42SECURITY NOTES 43TWEAKING CONFIGURATION OPTIONS 44MESSAGE SUBMISSION PROGRAM 45FORMAT OF FILES AND MAPS 46DIRECTORY LAYOUT 47ADMINISTRATIVE DETAILS 48 49 50+--------------------------+ 51| INTRODUCTION AND EXAMPLE | 52+--------------------------+ 53 54Configuration files are contained in the subdirectory "cf", with a 55suffix ".mc". They must be run through "m4" to produce a ".cf" file. 56You must pre-load "cf.m4": 57 58 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 59 60Alternatively, you can simply: 61 62 cd ${CFDIR}/cf 63 ./Build config.cf 64 65where ${CFDIR} is the root of the cf directory and config.mc is the 66name of your configuration file. If you are running a version of M4 67that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 68this, but the versions distributed with 4.4BSD and derivatives do not) 69or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 70For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 71use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 72 73 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 74 75Let's examine a typical .mc file: 76 77 divert(-1) 78 # 79 # Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. 80 # All rights reserved. 81 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 82 # Copyright (c) 1988, 1993 83 # The Regents of the University of California. All rights reserved. 84 # 85 # By using this file, you agree to the terms and conditions set 86 # forth in the LICENSE file which can be found at the top level of 87 # the sendmail distribution. 88 # 89 90 # 91 # This is a Berkeley-specific configuration file for HP-UX 9.x. 92 # It applies only to the Computer Science Division at Berkeley, 93 # and should not be used elsewhere. It is provided on the sendmail 94 # distribution as a sample only. To create your own configuration 95 # file, create an appropriate domain file in ../domain, change the 96 # `DOMAIN' macro below to reference that file, and copy the result 97 # to a name of your own choosing. 98 # 99 divert(0) 100 101The divert(-1) will delete the crud in the resulting output file. 102The copyright notice can be replaced by whatever your lawyers require; 103our lawyers require the one that is included in these files. A copyleft 104is a copyright by another name. The divert(0) restores regular output. 105 106 VERSIONID(`<SCCS or RCS version id>') 107 108VERSIONID is a macro that stuffs the version information into the 109resulting file. You could use SCCS, RCS, CVS, something else, or 110omit it completely. This is not the same as the version id included 111in SMTP greeting messages -- this is defined in m4/version.m4. 112 113 OSTYPE(`hpux9')dnl 114 115You must specify an OSTYPE to properly configure things such as the 116pathname of the help and status files, the flags needed for the local 117mailer, and other important things. If you omit it, you will get an 118error when you try to build the configuration. Look at the ostype 119directory for the list of known operating system types. 120 121 DOMAIN(`CS.Berkeley.EDU')dnl 122 123This example is specific to the Computer Science Division at Berkeley. 124You can use "DOMAIN(`generic')" to get a sufficiently bland definition 125that may well work for you, or you can create a customized domain 126definition appropriate for your environment. 127 128 MAILER(`local') 129 MAILER(`smtp') 130 131These describe the mailers used at the default CS site. The local 132mailer is always included automatically. Beware: MAILER declarations 133should always be at the end of the configuration file. The general 134rules are that the order should be: 135 136 VERSIONID 137 OSTYPE 138 DOMAIN 139 FEATURE 140 local macro definitions 141 MAILER 142 LOCAL_CONFIG 143 LOCAL_RULE_* 144 LOCAL_RULESETS 145 146There are a few exceptions to this rule. Local macro definitions which 147influence a FEATURE() should be done before that feature. For example, 148a define(`PROCMAIL_MAILER_PATH', ...) should be done before 149FEATURE(`local_procmail'). 150 151******************************************************************* 152*** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** 153*** Berkeley-specific assumptions built in, such as the name *** 154*** of their UUCP-relay. You'll want to create your own *** 155*** domain description, and use that in place of *** 156*** domain/Berkeley.EDU.m4. *** 157******************************************************************* 158 159 160+----------------------------+ 161| A BRIEF INTRODUCTION TO M4 | 162+----------------------------+ 163 164Sendmail uses the M4 macro processor to ``compile'' the configuration 165files. The most important thing to know is that M4 is stream-based, 166that is, it doesn't understand about lines. For this reason, in some 167places you may see the word ``dnl'', which stands for ``delete 168through newline''; essentially, it deletes all characters starting 169at the ``dnl'' up to and including the next newline character. In 170most cases sendmail uses this only to avoid lots of unnecessary 171blank lines in the output. 172 173Other important directives are define(A, B) which defines the macro 174``A'' to have value ``B''. Macros are expanded as they are read, so 175one normally quotes both values to prevent expansion. For example, 176 177 define(`SMART_HOST', `smart.foo.com') 178 179One word of warning: M4 macros are expanded even in lines that appear 180to be comments. For example, if you have 181 182 # See FEATURE(`foo') above 183 184it will not do what you expect, because the FEATURE(`foo') will be 185expanded. This also applies to 186 187 # And then define the $X macro to be the return address 188 189because ``define'' is an M4 keyword. If you want to use them, surround 190them with directed quotes, `like this'. 191 192 193Notice: 194------- 195 196This package requires a post-V7 version of m4; if you are running the 1974.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or 198BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works. 199Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a 200Net/2 or GNU version. GNU m4 is available from 201ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version). 202EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU 203m4 on this platform. 204 205 206+----------------+ 207| FILE LOCATIONS | 208+----------------+ 209 210sendmail 8.9 has introduced a new configuration directory for sendmail 211related files, /etc/mail. The new files available for sendmail 8.9 -- 212the class {R} /etc/mail/relay-domains and the access database 213/etc/mail/access -- take advantage of this new directory. Beginning with 2148.10, all files will use this directory by default (some options may be 215set by OSTYPE() files). This new directory should help to restore 216uniformity to sendmail's file locations. 217 218Below is a table of some of the common changes: 219 220Old filename New filename 221------------ ------------ 222/etc/bitdomain /etc/mail/bitdomain 223/etc/domaintable /etc/mail/domaintable 224/etc/genericstable /etc/mail/genericstable 225/etc/uudomain /etc/mail/uudomain 226/etc/virtusertable /etc/mail/virtusertable 227/etc/userdb /etc/mail/userdb 228 229/etc/aliases /etc/mail/aliases 230/etc/sendmail/aliases /etc/mail/aliases 231/etc/ucbmail/aliases /etc/mail/aliases 232/usr/adm/sendmail/aliases /etc/mail/aliases 233/usr/lib/aliases /etc/mail/aliases 234/usr/lib/mail/aliases /etc/mail/aliases 235/usr/ucblib/aliases /etc/mail/aliases 236 237/etc/sendmail.cw /etc/mail/local-host-names 238/etc/mail/sendmail.cw /etc/mail/local-host-names 239/etc/sendmail/sendmail.cw /etc/mail/local-host-names 240 241/etc/sendmail.ct /etc/mail/trusted-users 242 243/etc/sendmail.oE /etc/mail/error-header 244 245/etc/sendmail.hf /etc/mail/helpfile 246/etc/mail/sendmail.hf /etc/mail/helpfile 247/usr/ucblib/sendmail.hf /etc/mail/helpfile 248/etc/ucbmail/sendmail.hf /etc/mail/helpfile 249/usr/lib/sendmail.hf /etc/mail/helpfile 250/usr/share/lib/sendmail.hf /etc/mail/helpfile 251/usr/share/misc/sendmail.hf /etc/mail/helpfile 252/share/misc/sendmail.hf /etc/mail/helpfile 253 254/etc/service.switch /etc/mail/service.switch 255 256/etc/sendmail.st /etc/mail/statistics 257/etc/mail/sendmail.st /etc/mail/statistics 258/etc/mailer/sendmail.st /etc/mail/statistics 259/etc/sendmail/sendmail.st /etc/mail/statistics 260/usr/lib/sendmail.st /etc/mail/statistics 261/usr/ucblib/sendmail.st /etc/mail/statistics 262 263Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR 264to create the pathnames. The default value of this variable is 265`/etc/mail/'. If you set this macro to a different value, you MUST include 266a trailing slash. 267 268Notice: all filenames used in a .mc (or .cf) file should be absolute 269(starting at the root, i.e., with '/'). Relative filenames most 270likely cause surprises during operations (unless otherwise noted). 271 272 273+--------+ 274| OSTYPE | 275+--------+ 276 277You MUST define an operating system environment, or the configuration 278file build will puke. There are several environments available; look 279at the "ostype" directory for the current list. This macro changes 280things like the location of the alias file and queue directory. Some 281of these files are identical to one another. 282 283It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 284In general, the OSTYPE macro should go immediately after any version 285information, and MAILER definitions should always go last. 286 287Operating system definitions are usually easy to write. They may define 288the following variables (everything defaults, so an ostype file may be 289empty). Unfortunately, the list of configuration-supported systems is 290not as broad as the list of source-supported systems, since many of 291the source contributors do not include corresponding ostype files. 292 293ALIAS_FILE [/etc/mail/aliases] The location of the text version 294 of the alias file(s). It can be a comma-separated 295 list of names (but be sure you quote values with 296 commas in them -- for example, use 297 define(`ALIAS_FILE', `a,b') 298 to get "a" and "b" both listed as alias files; 299 otherwise the define() primitive only sees "a"). 300HELP_FILE [/etc/mail/helpfile] The name of the file 301 containing information printed in response to 302 the SMTP HELP command. 303QUEUE_DIR [/var/spool/mqueue] The directory containing 304 queue files. To use multiple queues, supply 305 a value ending with an asterisk. For 306 example, /var/spool/mqueue/qd* will use all of the 307 directories or symbolic links to directories 308 beginning with 'qd' in /var/spool/mqueue as queue 309 directories. The names 'qf', 'df', and 'xf' are 310 reserved as specific subdirectories for the 311 corresponding queue file types as explained in 312 doc/op/op.me. See also QUEUE GROUP DEFINITIONS. 313MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing 314 queue files for the MSP (Mail Submission Program, 315 see sendmail/SECURITY). 316STATUS_FILE [/etc/mail/statistics] The file containing status 317 information. 318LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 319LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The 320 flags lsDFMAw5:/|@q are always included. 321LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 322 mail. 323LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 324 mail that you are willing to accept. 325LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of 326 messages to deliver in a single connection. Only 327 useful for LMTP local mailers. 328LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 329 that ARRIVE from an address that resolves to the 330 local mailer and which are converted to MIME will be 331 labeled with this character set. 332LOCAL_MAILER_EOL [undefined] If defined, the string to use as the 333 end of line for the local mailer. 334LOCAL_MAILER_DSN_DIAGNOSTIC_CODE 335 [X-Unix] The DSN Diagnostic-Code value for the 336 local mailer. This should be changed with care. 337LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 338LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 339 flags lsDFM are always included. 340LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 341 mail. 342LOCAL_SHELL_DIR [$z:/] The directory search path in which the 343 shell should run. 344LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer. 345USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program 346 used to submit news. 347USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer. 348USENET_MAILER_ARGS [-m -h -n] The command line arguments for the 349 usenet mailer. NOTE: Some versions of inews 350 (such as those shipped with newer versions of INN) 351 use different flags. Double check the defaults 352 against the inews man page. 353USENET_MAILER_MAX [100000] The maximum size of messages that will 354 be accepted by the usenet mailer. 355USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer. 356SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 357 flags are `mDFMuX' for all SMTP-based mailers; the 358 "esmtp" mailer adds `a'; "smtp8" adds `8'; and 359 "dsmtp" adds `%'. 360RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default 361 flags are `mDFMuX' for all SMTP-based mailers; the 362 relay mailer adds `a8'. If this is not defined, 363 then SMTP_MAILER_FLAGS is used. 364SMTP_MAILER_MAX [undefined] The maximum size of messages that will 365 be transported using the smtp, smtp8, esmtp, or dsmtp 366 mailers. 367SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of 368 messages to deliver in a single connection for the 369 smtp, smtp8, esmtp, or dsmtp mailers. 370SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 371 recipients to deliver in a single connection for the 372 smtp, smtp8, esmtp, or dsmtp mailers. 373SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. 374 About the only reason you would want to change this 375 would be to change the default port. 376ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. 377SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. 378DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. 379RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. 380SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer. 381ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer. 382SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer. 383DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer. 384RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer. 385RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of 386 messages to deliver in a single connection for the 387 relay mailer. 388SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 389 that ARRIVE from an address that resolves to one of 390 the SMTP mailers and which are converted to MIME will 391 be labeled with this character set. 392UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 393UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 394 flags are `DFMhuU' (and `m' for uucp-new mailer, 395 minus `U' for uucp-dom mailer). 396UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 397 passed to the UUCP mailer. 398UUCP_MAILER_MAX [100000] The maximum size message accepted for 399 transmission by the UUCP mailers. 400UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 401 that ARRIVE from an address that resolves to one of 402 the UUCP mailers and which are converted to MIME will 403 be labeled with this character set. 404UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers. 405FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to 406 submit FAX messages. 407FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX 408 mailer. 409FAX_MAILER_MAX [100000] The maximum size message accepted for 410 transmission by FAX. 411POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. 412POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq 413 are always added. 414POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. 415POP_MAILER_QGRP [undefined] The queue group for the pop mailer. 416PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 417 program. This is also used by 418 FEATURE(`local_procmail'). 419PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 420 DFM are always set. This is NOT used by 421 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 422 instead. 423PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 424 the Procmail mailer. This is NOT used by 425 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 426 instead. 427PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 428 will be accepted by the procmail mailer. 429PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer. 430MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. 431MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. 432MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 433 mailer. 434MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer. 435PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery 436 program. 437PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM 438 are always set. 439PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. 440PH_MAILER_QGRP [undefined] The queue group for the ph mailer. 441CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The 442 flags lsDFMnPq are always included. 443CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver 444 cyrus mail. 445CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed 446 to deliver cyrus mail. 447CYRUS_MAILER_MAX [undefined] If set, the maximum size message that 448 will be accepted by the cyrus mailer. 449CYRUS_MAILER_USER [cyrus:mail] The user and group to become when 450 running the cyrus mailer. 451CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer. 452CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. 453 The flags lsDFMnP are always included. 454CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed 455 to deliver cyrusbb mail. 456confEBINDIR [/usr/libexec] The directory for executables. 457 Currently used for FEATURE(`local_lmtp') and 458 FEATURE(`smrsh'). 459QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer. 460QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver 461 qpage mail. 462QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed 463 to deliver qpage mail. 464QPAGE_MAILER_MAX [4096] If set, the maximum size message that 465 will be accepted by the qpage mailer. 466QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer. 467LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer. 468 469Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: 470MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of 471the macro Name_MAILER_FLAGS and change can be: flags that should 472be used directly (thus overriding the default value), or if it 473starts with `+' (`-') then those flags are added to (removed from) 474the default value. Example: 475 476 MODIFY_MAILER_FLAGS(`LOCAL', `+e') 477 478will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are 479several smtp mailers all of which are manipulated individually. 480See the section MAILERS for the available mailer names. 481WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS 482unconditionally, i.e., without respecting any definitions in an 483OSTYPE setting. 484 485 486+---------+ 487| DOMAINS | 488+---------+ 489 490You will probably want to collect domain-dependent defines into one 491file, referenced by the DOMAIN macro. For example, the Berkeley 492domain file includes definitions for several internal distinguished 493hosts: 494 495UUCP_RELAY The host that will accept UUCP-addressed email. 496 If not defined, all UUCP sites must be directly 497 connected. 498BITNET_RELAY The host that will accept BITNET-addressed email. 499 If not defined, the .BITNET pseudo-domain won't work. 500DECNET_RELAY The host that will accept DECNET-addressed email. 501 If not defined, the .DECNET pseudo-domain and addresses 502 of the form node::user will not work. 503FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 504 The "fax" mailer overrides this value. 505LOCAL_RELAY The site that will handle unqualified names -- that 506 is, names without an @domain extension. 507 Normally MAIL_HUB is preferred for this function. 508 LOCAL_RELAY is mostly useful in conjunction with 509 FEATURE(`stickyhost') -- see the discussion of 510 stickyhost below. If not set, they are assumed to 511 belong on this machine. This allows you to have a 512 central site to store a company- or department-wide 513 alias database. This only works at small sites, 514 and only with some user agents. 515LUSER_RELAY The site that will handle lusers -- that is, apparently 516 local names that aren't local accounts or aliases. To 517 specify a local user instead of a site, set this to 518 ``local:username''. 519 520Any of these can be either ``mailer:hostname'' (in which case the 521mailer is the internal mailer name, such as ``uucp-new'' and the hostname 522is the name of the host as appropriate for that mailer) or just a 523``hostname'', in which case a default mailer type (usually ``relay'', 524a variant on SMTP) is used. WARNING: if you have a wildcard MX 525record matching your domain, you probably want to define these to 526have a trailing dot so that you won't get the mail diverted back 527to yourself. 528 529The domain file can also be used to define a domain name, if needed 530(using "DD<domain>") and set certain site-wide features. If all hosts 531at your site masquerade behind one email name, you could also use 532MASQUERADE_AS here. 533 534You do not have to define a domain -- in particular, if you are a 535single machine sitting off somewhere, it is probably more work than 536it's worth. This is just a mechanism for combining "domain dependent 537knowledge" into one place. 538 539 540+---------+ 541| MAILERS | 542+---------+ 543 544There are fewer mailers supported in this version than the previous 545version, owing mostly to a simpler world. As a general rule, put the 546MAILER definitions last in your .mc file. 547 548local The local and prog mailers. You will almost always 549 need these; the only exception is if you relay ALL 550 your mail to another site. This mailer is included 551 automatically. 552 553smtp The Simple Mail Transport Protocol mailer. This does 554 not hide hosts behind a gateway or another other 555 such hack; it assumes a world where everyone is 556 running the name server. This file actually defines 557 five mailers: "smtp" for regular (old-style) SMTP to 558 other servers, "esmtp" for extended SMTP to other 559 servers, "smtp8" to do SMTP to other servers without 560 converting 8-bit data to MIME (essentially, this is 561 your statement that you know the other end is 8-bit 562 clean even if it doesn't say so), "dsmtp" to do on 563 demand delivery, and "relay" for transmission to the 564 RELAY_HOST, LUSER_RELAY, or MAIL_HUB. 565 566uucp The UNIX-to-UNIX Copy Program mailer. Actually, this 567 defines two mailers, "uucp-old" (a.k.a. "uucp") and 568 "uucp-new" (a.k.a. "suucp"). The latter is for when you 569 know that the UUCP mailer at the other end can handle 570 multiple recipients in one transfer. If the smtp mailer 571 is included in your configuration, two other mailers 572 ("uucp-dom" and "uucp-uudom") are also defined [warning: you 573 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you 574 include the uucp mailer, sendmail looks for all names in 575 class {U} and sends them to the uucp-old mailer; all 576 names in class {Y} are sent to uucp-new; and all 577 names in class {Z} are sent to uucp-uudom. Note that 578 this is a function of what version of rmail runs on 579 the receiving end, and hence may be out of your control. 580 See the section below describing UUCP mailers in more 581 detail. 582 583usenet Usenet (network news) delivery. If this is specified, 584 an extra rule is added to ruleset 0 that forwards all 585 local email for users named ``group.usenet'' to the 586 ``inews'' program. Note that this works for all groups, 587 and may be considered a security problem. 588 589fax Facsimile transmission. This is experimental and based 590 on Sam Leffler's HylaFAX software. For more information, 591 see http://www.hylafax.org/. 592 593pop Post Office Protocol. 594 595procmail An interface to procmail (does not come with sendmail). 596 This is designed to be used in mailertables. For example, 597 a common question is "how do I forward all mail for a given 598 domain to a single person?". If you have this mailer 599 defined, you could set up a mailertable reading: 600 601 host.com procmail:/etc/procmailrcs/host.com 602 603 with the file /etc/procmailrcs/host.com reading: 604 605 :0 # forward mail for host.com 606 ! -oi -f $1 person@other.host 607 608 This would arrange for (anything)@host.com to be sent 609 to person@other.host. Within the procmail script, $1 is 610 the name of the sender and $2 is the name of the recipient. 611 If you use this with FEATURE(`local_procmail'), the FEATURE 612 should be listed first. 613 614 Of course there are other ways to solve this particular 615 problem, e.g., a catch-all entry in a virtusertable. 616 617mail11 The DECnet mail11 mailer, useful only if you have the mail11 618 program from gatekeeper.dec.com:/pub/DEC/gwtools (and 619 DECnet, of course). This is for Phase IV DECnet support; 620 if you have Phase V at your site you may have additional 621 problems. 622 623phquery The phquery program. This is somewhat counterintuitively 624 referenced as the "ph" mailer internally. It can be used 625 to do CCSO name server lookups. The phquery program, which 626 this mailer uses, is distributed with the ph client. 627 628cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to 629 a local cyrus user. this mailer can make use of the 630 "user+detail@local.host" syntax (see 631 FEATURE(`preserve_local_plus_detail')); it will deliver the 632 mail to the user's "detail" mailbox if the mailbox's ACL 633 permits. The cyrusbb mailer delivers to a system-wide 634 cyrus mailbox if the mailbox's ACL permits. The cyrus 635 mailer must be defined after the local mailer. 636 637qpage A mailer for QuickPage, a pager interface. See 638 http://www.qpage.org/ for further information. 639 640The local mailer accepts addresses of the form "user+detail", where 641the "+detail" is not used for mailbox matching but is available 642to certain local mail programs (in particular, see 643FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 644"eric+sww" all indicate the same user, but additional arguments <null>, 645"sendmail", and "sww" may be provided for use in sorting mail. 646 647 648+----------+ 649| FEATURES | 650+----------+ 651 652Special features can be requested using the "FEATURE" macro. For 653example, the .mc line: 654 655 FEATURE(`use_cw_file') 656 657tells sendmail that you want to have it read an /etc/mail/local-host-names 658file to get values for class {w}. A FEATURE may contain up to 9 659optional parameters -- for example: 660 661 FEATURE(`mailertable', `dbm /usr/lib/mailertable') 662 663The default database map type for the table features can be set with 664 665 define(`DATABASE_MAP_TYPE', `dbm') 666 667which would set it to use ndbm databases. The default is the Berkeley DB 668hash database format. Note that you must still declare a database map type 669if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 670if no argument is given for the FEATURE. It must be specified before any 671feature that uses a map. 672 673Also, features which can take a map definition as an argument can also take 674the special keyword `LDAP'. If that keyword is used, the map will use the 675LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND 676CLASSES'' section below. 677 678Available features are: 679 680use_cw_file Read the file /etc/mail/local-host-names file to get 681 alternate names for this host. This might be used if you 682 were on a host that MXed for a dynamic set of other hosts. 683 If the set is static, just including the line "Cw<name1> 684 <name2> ..." (where the names are fully qualified domain 685 names) is probably superior. The actual filename can be 686 overridden by redefining confCW_FILE. 687 688use_ct_file Read the file /etc/mail/trusted-users file to get the 689 names of users that will be ``trusted'', that is, able to 690 set their envelope from address using -f without generating 691 a warning message. The actual filename can be overridden 692 by redefining confCT_FILE. 693 694redirect Reject all mail addressed to "address.REDIRECT" with 695 a ``551 User has moved; please try <address>'' message. 696 If this is set, you can alias people who have left 697 to their new address with ".REDIRECT" appended. 698 699nouucp Don't route UUCP addresses. This feature takes one 700 parameter: 701 `reject': reject addresses which have "!" in the local 702 part unless it originates from a system 703 that is allowed to relay. 704 `nospecial': don't do anything special with "!". 705 Warnings: 1. See the notice in the anti-spam section. 706 2. don't remove "!" from OperatorChars if `reject' is 707 given as parameter. 708 709nocanonify Don't pass addresses to $[ ... $] for canonification 710 by default, i.e., host/domain names are considered canonical, 711 except for unqualified names, which must not be used in this 712 mode (violation of the standard). It can be changed by 713 setting the DaemonPortOptions modifiers (M=). That is, 714 FEATURE(`nocanonify') will be overridden by setting the 715 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, 716 it can be emulated by setting the 'C' flag 717 (DaemonPortOptions=Modifiers=C). This would generally only 718 be used by sites that only act as mail gateways or which have 719 user agents that do full canonification themselves. You may 720 also want to use 721 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off 722 the usual resolver options that do a similar thing. 723 724 An exception list for FEATURE(`nocanonify') can be 725 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 726 i.e., a list of domains which are nevertheless passed to 727 $[ ... $] for canonification. This is useful to turn on 728 canonification for local domains, e.g., use 729 CANONIFY_DOMAIN(`my.domain my') to canonify addresses 730 which end in "my.domain" or "my". 731 Another way to require canonification in the local 732 domain is CANONIFY_DOMAIN(`$=m'). 733 734 A trailing dot is added to addresses with more than 735 one component in it such that other features which 736 expect a trailing dot (e.g., virtusertable) will 737 still work. 738 739 If `canonify_hosts' is specified as parameter, i.e., 740 FEATURE(`nocanonify', `canonify_hosts'), then 741 addresses which have only a hostname, e.g., 742 <user@host>, will be canonified (and hopefully fully 743 qualified), too. 744 745stickyhost This feature is sometimes used with LOCAL_RELAY, 746 although it can be used for a different effect with 747 MAIL_HUB. 748 749 When used without MAIL_HUB, email sent to 750 "user@local.host" are marked as "sticky" -- that 751 is, the local addresses aren't matched against UDB, 752 don't go through ruleset 5, and are not forwarded to 753 the LOCAL_RELAY (if defined). 754 755 With MAIL_HUB, mail addressed to "user@local.host" 756 is forwarded to the mail hub, with the envelope 757 address still remaining "user@local.host". 758 Without stickyhost, the envelope would be changed 759 to "user@mail_hub", in order to protect against 760 mailing loops. 761 762mailertable Include a "mailer table" which can be used to override 763 routing for particular domains (which are not in class {w}, 764 i.e. local host names). The argument of the FEATURE may be 765 the key definition. If none is specified, the definition 766 used is: 767 768 hash /etc/mail/mailertable 769 770 Keys in this database are fully qualified domain names 771 or partial domains preceded by a dot -- for example, 772 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a 773 special case of the latter, "." matches any domain not 774 covered by other keys. Values must be of the form: 775 mailer:domain 776 where "mailer" is the internal mailer name, and "domain" 777 is where to send the message. These maps are not 778 reflected into the message header. As a special case, 779 the forms: 780 local:user 781 will forward to the indicated user using the local mailer, 782 local: 783 will forward to the original user in the e-mail address 784 using the local mailer, and 785 error:code message 786 error:D.S.N:code message 787 will give an error message with the indicated SMTP reply 788 code and message, where D.S.N is an RFC 1893 compliant 789 error code. 790 791domaintable Include a "domain table" which can be used to provide 792 domain name mapping. Use of this should really be 793 limited to your own domains. It may be useful if you 794 change names (e.g., your company changes names from 795 oldname.com to newname.com). The argument of the 796 FEATURE may be the key definition. If none is specified, 797 the definition used is: 798 799 hash /etc/mail/domaintable 800 801 The key in this table is the domain name; the value is 802 the new (fully qualified) domain. Anything in the 803 domaintable is reflected into headers; that is, this 804 is done in ruleset 3. 805 806bitdomain Look up bitnet hosts in a table to try to turn them into 807 internet addresses. The table can be built using the 808 bitdomain program contributed by John Gardiner Myers. 809 The argument of the FEATURE may be the key definition; if 810 none is specified, the definition used is: 811 812 hash /etc/mail/bitdomain 813 814 Keys are the bitnet hostname; values are the corresponding 815 internet hostname. 816 817uucpdomain Similar feature for UUCP hosts. The default map definition 818 is: 819 820 hash /etc/mail/uudomain 821 822 At the moment there is no automagic tool to build this 823 database. 824 825always_add_domain 826 Include the local host domain even on locally delivered 827 mail. Normally it is not added on unqualified names. 828 However, if you use a shared message store but do not use 829 the same user name space everywhere, you may need the host 830 name on local names. An optional argument specifies 831 another domain to be added than the local. 832 833allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 834 feature will cause recipient addresses to also masquerade 835 as being from the masquerade host. Normally they get 836 the local hostname. Although this may be right for 837 ordinary users, it can break local aliases. For example, 838 if you send to "localalias", the originating sendmail will 839 find that alias and send to all members, but send the 840 message with "To: localalias@masqueradehost". Since that 841 alias likely does not exist, replies will fail. Use this 842 feature ONLY if you can guarantee that the ENTIRE 843 namespace on your masquerade host supersets all the 844 local entries. 845 846limited_masquerade 847 Normally, any hosts listed in class {w} are masqueraded. If 848 this feature is given, only the hosts listed in class {M} (see 849 below: MASQUERADE_DOMAIN) are masqueraded. This is useful 850 if you have several domains with disjoint namespaces hosted 851 on the same machine. 852 853masquerade_entire_domain 854 If masquerading is enabled (using MASQUERADE_AS) and 855 MASQUERADE_DOMAIN (see below) is set, this feature will 856 cause addresses to be rewritten such that the masquerading 857 domains are actually entire domains to be hidden. All 858 hosts within the masquerading domains will be rewritten 859 to the masquerade name (used in MASQUERADE_AS). For example, 860 if you have: 861 862 MASQUERADE_AS(`masq.com') 863 MASQUERADE_DOMAIN(`foo.org') 864 MASQUERADE_DOMAIN(`bar.com') 865 866 then *foo.org and *bar.com are converted to masq.com. Without 867 this feature, only foo.org and bar.com are masqueraded. 868 869 NOTE: only domains within your jurisdiction and 870 current hierarchy should be masqueraded using this. 871 872local_no_masquerade 873 This feature prevents the local mailer from masquerading even 874 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect 875 on addresses of mail going outside the local domain. 876 877genericstable This feature will cause unqualified addresses (i.e., without 878 a domain) and addresses with a domain listed in class {G} 879 to be looked up in a map and turned into another ("generic") 880 form, which can change both the domain name and the user name. 881 Notice: if you use an MSP (as it is default starting with 882 8.12), the MTA will only receive qualified addresses from the 883 MSP (as required by the RFCs). Hence you need to add your 884 domain to class {G}. This feature is similar to the userdb 885 functionality. The same types of addresses as for 886 masquerading are looked up, i.e., only header sender 887 addresses unless the allmasquerade and/or masquerade_envelope 888 features are given. Qualified addresses must have the domain 889 part in class {G}; entries can be added to this class by the 890 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously 891 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 892 893 The argument of FEATURE(`genericstable') may be the map 894 definition; the default map definition is: 895 896 hash /etc/mail/genericstable 897 898 The key for this table is either the full address, the domain 899 (with a leading @; the localpart is passed as first argument) 900 or the unqualified username (tried in the order mentioned); 901 the value is the new user address. If the new user address 902 does not include a domain, it will be qualified in the standard 903 manner, i.e., using $j or the masquerade name. Note that the 904 address being looked up must be fully qualified. For local 905 mail, it is necessary to use FEATURE(`always_add_domain') 906 for the addresses to be qualified. 907 The "+detail" of an address is passed as %1, so entries like 908 909 old+*@foo.org new+%1@example.com 910 gen+*@foo.org %1@example.com 911 912 and other forms are possible. 913 914generics_entire_domain 915 If the genericstable is enabled and GENERICS_DOMAIN or 916 GENERICS_DOMAIN_FILE is used, this feature will cause 917 addresses to be searched in the map if their domain 918 parts are subdomains of elements in class {G}. 919 920virtusertable A domain-specific form of aliasing, allowing multiple 921 virtual domains to be hosted on one machine. For example, 922 if the virtuser table contained: 923 924 info@foo.com foo-info 925 info@bar.com bar-info 926 joe@bar.com error:nouser 550 No such user here 927 jax@bar.com error:5.7.0:550 Address invalid 928 @baz.org jane@example.net 929 930 then mail addressed to info@foo.com will be sent to the 931 address foo-info, mail addressed to info@bar.com will be 932 delivered to bar-info, and mail addressed to anyone at baz.org 933 will be sent to jane@example.net, mail to joe@bar.com will 934 be rejected with the specified error message, and mail to 935 jax@bar.com will also have a RFC 1893 compliant error code 936 5.7.0. 937 938 The username from the original address is passed 939 as %1 allowing: 940 941 @foo.org %1@example.com 942 943 meaning someone@foo.org will be sent to someone@example.com. 944 Additionally, if the local part consists of "user+detail" 945 then "detail" is passed as %2 and "+detail" is passed as %3 946 when a match against user+* is attempted, so entries like 947 948 old+*@foo.org new+%2@example.com 949 gen+*@foo.org %2@example.com 950 +*@foo.org %1%3@example.com 951 X++@foo.org Z%3@example.com 952 @bar.org %1%3 953 954 and other forms are possible. Note: to preserve "+detail" 955 for a default case (@domain) %1%3 must be used as RHS. 956 There are two wildcards after "+": "+" matches only a non-empty 957 detail, "*" matches also empty details, e.g., user+@foo.org 958 matches +*@foo.org but not ++@foo.org. This can be used 959 to ensure that the parameters %2 and %3 are not empty. 960 961 All the host names on the left hand side (foo.com, bar.com, 962 and baz.org) must be in class {w} or class {VirtHost}. The 963 latter can be defined by the macros VIRTUSER_DOMAIN or 964 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 965 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or 966 VIRTUSER_DOMAIN_FILE is used, then the entries of class 967 {VirtHost} are added to class {R}, i.e., relaying is allowed 968 to (and from) those domains. The default map definition is: 969 970 hash /etc/mail/virtusertable 971 972 A new definition can be specified as the second argument of 973 the FEATURE macro, such as 974 975 FEATURE(`virtusertable', `dbm /etc/mail/virtusers') 976 977virtuser_entire_domain 978 If the virtusertable is enabled and VIRTUSER_DOMAIN or 979 VIRTUSER_DOMAIN_FILE is used, this feature will cause 980 addresses to be searched in the map if their domain 981 parts are subdomains of elements in class {VirtHost}. 982 983ldap_routing Implement LDAP-based e-mail recipient routing according to 984 the Internet Draft draft-lachman-laser-ldap-mail-routing-01. 985 This provides a method to re-route addresses with a 986 domain portion in class {LDAPRoute} to either a 987 different mail host or a different address. Hosts can 988 be added to this class using LDAPROUTE_DOMAIN and 989 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 990 MASQUERADE_DOMAIN_FILE, see below). 991 992 See the LDAP ROUTING section below for more information. 993 994nodns If you aren't running DNS at your site (for example, 995 you are UUCP-only connected). It's hard to consider 996 this a "feature", but hey, it had to go somewhere. 997 Actually, as of 8.7 this is a no-op -- remove "dns" from 998 the hosts service switch entry instead. 999 1000nullclient This is a special case -- it creates a configuration file 1001 containing nothing but support for forwarding all mail to a 1002 central hub via a local SMTP-based network. The argument 1003 is the name of that hub. 1004 1005 The only other feature that should be used in conjunction 1006 with this one is FEATURE(`nocanonify'). No mailers 1007 should be defined. No aliasing or forwarding is done. 1008 1009local_lmtp Use an LMTP capable local mailer. The argument to this 1010 feature is the pathname of an LMTP capable mailer. By 1011 default, mail.local is used. This is expected to be the 1012 mail.local which came with the 8.9 distribution which is 1013 LMTP capable. The path to mail.local is set by the 1014 confEBINDIR m4 variable -- making the default 1015 LOCAL_MAILER_PATH /usr/libexec/mail.local. 1016 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1017 i.e., without respecting any definitions in an OSTYPE setting. 1018 1019local_procmail Use procmail or another delivery agent as the local mailer. 1020 The argument to this feature is the pathname of the 1021 delivery agent, which defaults to PROCMAIL_MAILER_PATH. 1022 Note that this does NOT use PROCMAIL_MAILER_FLAGS or 1023 PROCMAIL_MAILER_ARGS for the local mailer; tweak 1024 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or 1025 specify the appropriate parameters. When procmail is used, 1026 the local mailer can make use of the 1027 "user+indicator@local.host" syntax; normally the +indicator 1028 is just tossed, but by default it is passed as the -a 1029 argument to procmail. 1030 1031 This feature can take up to three arguments: 1032 1033 1. Path to the mailer program 1034 [default: /usr/local/bin/procmail] 1035 2. Argument vector including name of the program 1036 [default: procmail -Y -a $h -d $u] 1037 3. Flags for the mailer [default: SPfhn9] 1038 1039 Empty arguments cause the defaults to be taken. 1040 1041 For example, this allows it to use the maildrop 1042 (http://www.flounder.net/~mrsam/maildrop/) mailer instead 1043 by specifying: 1044 1045 FEATURE(`local_procmail', `/usr/local/bin/maildrop', 1046 `maildrop -d $u') 1047 1048 or scanmails using: 1049 1050 FEATURE(`local_procmail', `/usr/local/bin/scanmails') 1051 1052 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 1053 i.e., without respecting any definitions in an OSTYPE setting. 1054 1055bestmx_is_local Accept mail as though locally addressed for any host that 1056 lists us as the best possible MX record. This generates 1057 additional DNS traffic, but should be OK for low to 1058 medium traffic hosts. The argument may be a set of 1059 domains, which will limit the feature to only apply to 1060 these domains -- this will reduce unnecessary DNS 1061 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 1062 WILDCARD MX RECORDS!!! If you have a wildcard MX record 1063 that matches your domain, you cannot use this feature. 1064 1065smrsh Use the SendMail Restricted SHell (smrsh) provided 1066 with the distribution instead of /bin/sh for mailing 1067 to programs. This improves the ability of the local 1068 system administrator to control what gets run via 1069 e-mail. If an argument is provided it is used as the 1070 pathname to smrsh; otherwise, the path defined by 1071 confEBINDIR is used for the smrsh binary -- by default, 1072 /usr/libexec/smrsh is assumed. 1073 1074promiscuous_relay 1075 By default, the sendmail configuration files do not permit 1076 mail relaying (that is, accepting mail from outside your 1077 local host (class {w}) and sending it to another host than 1078 your local host). This option sets your site to allow 1079 mail relaying from any site to any site. In almost all 1080 cases, it is better to control relaying more carefully 1081 with the access map, class {R}, or authentication. Domains 1082 can be added to class {R} by the macros RELAY_DOMAIN or 1083 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 1084 MASQUERADE_DOMAIN_FILE, see below). 1085 1086relay_entire_domain 1087 By default, only hosts listed as RELAY in the access db 1088 will be allowed to relay. This option also allows any 1089 host in your domain as defined by class {m}. 1090 Notice: make sure that your domain is not just a top level 1091 domain, e.g., com. This can happen if you give your 1092 host a name like example.com instead of host.example.com. 1093 1094relay_hosts_only 1095 By default, names that are listed as RELAY in the access 1096 db and class {R} are domain names, not host names. 1097 For example, if you specify ``foo.com'', then mail to or 1098 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 1099 will all be accepted for relaying. This feature changes 1100 the behaviour to lookup individual host names only. 1101 1102relay_based_on_MX 1103 Turns on the ability to allow relaying based on the MX 1104 records of the host portion of an incoming recipient; that 1105 is, if an MX record for host foo.com points to your site, 1106 you will accept and relay mail addressed to foo.com. See 1107 description below for more information before using this 1108 feature. Also, see the KNOWNBUGS entry regarding bestmx 1109 map lookups. 1110 1111 FEATURE(`relay_based_on_MX') does not necessarily allow 1112 routing of these messages which you expect to be allowed, 1113 if route address syntax (or %-hack syntax) is used. If 1114 this is a problem, add entries to the access-table or use 1115 FEATURE(`loose_relay_check'). 1116 1117relay_mail_from 1118 Allows relaying if the mail sender is listed as RELAY in 1119 the access map. If an optional argument `domain' is given, 1120 relaying can be allowed just based on the domain portion 1121 of the sender address. This feature should only be used if 1122 absolutely necessary as the sender address can be easily 1123 forged. Use of this feature requires the "From:" tag be 1124 prepended to the key in the access map; see the discussion 1125 of tags and FEATURE(`relay_mail_from') in the section on 1126 anti-spam configuration control. 1127 1128relay_local_from 1129 Allows relaying if the domain portion of the mail sender 1130 is a local host. This should only be used if absolutely 1131 necessary as it opens a window for spammers. Specifically, 1132 they can send mail to your mail server that claims to be 1133 from your domain (either directly or via a routed address), 1134 and you will go ahead and relay it out to arbitrary hosts 1135 on the Internet. 1136 1137accept_unqualified_senders 1138 Normally, MAIL FROM: commands in the SMTP session will be 1139 refused if the connection is a network connection and the 1140 sender address does not include a domain name. If your 1141 setup sends local mail unqualified (i.e., MAIL FROM: <joe>), 1142 you will need to use this feature to accept unqualified 1143 sender addresses. Setting the DaemonPortOptions modifier 1144 'u' overrides the default behavior, i.e., unqualified 1145 addresses are accepted even without this FEATURE. 1146 If this FEATURE is not used, the DaemonPortOptions modifier 1147 'f' can be used to enforce fully qualified addresses. 1148 1149accept_unresolvable_domains 1150 Normally, MAIL FROM: commands in the SMTP session will be 1151 refused if the host part of the argument to MAIL FROM: 1152 cannot be located in the host name service (e.g., an A or 1153 MX record in DNS). If you are inside a firewall that has 1154 only a limited view of the Internet host name space, this 1155 could cause problems. In this case you probably want to 1156 use this feature to accept all domains on input, even if 1157 they are unresolvable. 1158 1159access_db Turns on the access database feature. The access db gives 1160 you the ability to allow or refuse to accept mail from 1161 specified domains for administrative reasons. Moreover, 1162 it can control the behavior of sendmail in various situations. 1163 By default, the access database specification is: 1164 1165 hash -T<TMPF> /etc/mail/access 1166 1167 See the anti-spam configuration control section for further 1168 important information about this feature. Notice: 1169 "-T<TMPF>" is meant literal, do not replace it by anything. 1170 1171blacklist_recipients 1172 Turns on the ability to block incoming mail for certain 1173 recipient usernames, hostnames, or addresses. For 1174 example, you can block incoming mail to user nobody, 1175 host foo.mydomain.com, or guest@bar.mydomain.com. 1176 These specifications are put in the access db as 1177 described in the anti-spam configuration control section 1178 later in this document. 1179 1180delay_checks The rulesets check_mail and check_relay will not be called 1181 when a client connects or issues a MAIL command, respectively. 1182 Instead, those rulesets will be called by the check_rcpt 1183 ruleset; they will be skipped under certain circumstances. 1184 See "Delay all checks" in the anti-spam configuration control 1185 section. Note: this feature is incompatible to the versions 1186 in 8.10 and 8.11. 1187 1188dnsbl Turns on rejection of hosts found in an DNS based rejection 1189 list. If an argument is provided it is used as the domain 1190 in which blocked hosts are listed; otherwise it defaults to 1191 blackholes.mail-abuse.org. An explanation for an DNS based 1192 rejection list can be found at http://mail-abuse.org/rbl/. 1193 A second argument can be used to change the default error 1194 message. Without that second argument, the error message 1195 will be 1196 Mail from IP-ADDRESS refused by blackhole site SERVER 1197 where IP-ADDRESS and SERVER are replaced by the appropriate 1198 information. By default, temporary lookup failures are 1199 ignored. This behavior can be changed by specifying a 1200 third argument, which must be either `t' or a full error 1201 message. See the anti-spam configuration control section for 1202 an example. The dnsbl feature can be included several times 1203 to query different DNS based rejection lists. See also 1204 enhdnsbl for an enhanced version. 1205 1206 NOTE: The default DNS blacklist, blackholes.mail-abuse.org, 1207 is a service offered by the Mail Abuse Prevention System 1208 (MAPS). As of July 31, 2001, MAPS is a subscription 1209 service, so using that network address won't work if you 1210 haven't subscribed. Contact MAPS to subscribe 1211 (http://mail-abuse.org/). 1212 1213enhdnsbl Enhanced version of dnsbl (see above). Further arguments 1214 (up to 5) can be used to specify specific return values 1215 from lookups. Temporary lookup failures are ignored unless 1216 a third argument is given, which must be either `t' or a full 1217 error message. By default, any successful lookup will 1218 generate an error. Otherwise the result of the lookup is 1219 compared with the supplied argument(s), and only if a match 1220 occurs an error is generated. For example, 1221 1222 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.') 1223 1224 will reject the e-mail if the lookup returns the value 1225 ``127.0.0.2.'', or generate a 451 response if the lookup 1226 temporarily failed. The arguments can contain metasymbols 1227 as they are allowed in the LHS of rules. As the example 1228 shows, the default values are also used if an empty argument, 1229 i.e., `', is specified. This feature requires that sendmail 1230 has been compiled with the flag DNSMAP (see sendmail/README). 1231 1232lookupdotdomain Look up also .domain in the access map. This allows to 1233 match only subdomains. It does not work well with 1234 FEATURE(`relay_hosts_only'), because most lookups for 1235 subdomains are suppressed by the latter feature. 1236 1237loose_relay_check 1238 Normally, if % addressing is used for a recipient, e.g. 1239 user%site@othersite, and othersite is in class {R}, the 1240 check_rcpt ruleset will strip @othersite and recheck 1241 user@site for relaying. This feature changes that 1242 behavior. It should not be needed for most installations. 1243 1244authinfo Provide a separate map for client side authentication 1245 information. See SMTP AUTHENTICATION for details. 1246 By default, the authinfo database specification is: 1247 1248 hash /etc/mail/authinfo 1249 1250preserve_luser_host 1251 Preserve the name of the recipient host if LUSER_RELAY is 1252 used. Without this option, the domain part of the 1253 recipient address will be replaced by the host specified as 1254 LUSER_RELAY. This feature only works if the hostname is 1255 passed to the mailer (see mailer triple in op.me). Note 1256 that in the default configuration the local mailer does not 1257 receive the hostname, i.e., the mailer triple has an empty 1258 hostname. 1259 1260preserve_local_plus_detail 1261 Preserve the +detail portion of the address when passing 1262 address to local delivery agent. Disables alias and 1263 .forward +detail stripping (e.g., given user+detail, only 1264 that address will be looked up in the alias file; user+* and 1265 user will not be looked up). Only use if the local 1266 delivery agent in use supports +detail addressing. 1267 1268compat_check Enable ruleset check_compat to look up pairs of addresses 1269 with the Compat: tag -- Compat:sender<@>recipient -- in the 1270 access map. Valid values for the RHS include 1271 DISCARD silently discard recipient 1272 TEMP: return a temporary error 1273 ERROR: return a permanent error 1274 In the last two cases, a 4xy/5xy SMTP reply code should 1275 follow the colon. 1276 1277no_default_msa Don't generate the default MSA daemon, i.e., 1278 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') 1279 To define a MSA daemon with other parameters, use this 1280 FEATURE and introduce new settings via DAEMON_OPTIONS(). 1281 1282msp Defines config file for Message Submission Program. 1283 See sendmail/SECURITY for details and cf/cf/submit.mc how 1284 to use it. An optional argument can be used to override 1285 the default of `[localhost]' to use as host to send all 1286 e-mails to. Note that MX records will be used if the 1287 specified hostname is not in square brackets (e.g., 1288 [hostname]). If `MSA' is specified as second argument then 1289 port 587 is used to contact the server. Example: 1290 1291 FEATURE(`msp', `', `MSA') 1292 1293 Some more hints about possible changes can be found below 1294 in the section MESSAGE SUBMISSION PROGRAM. 1295 1296queuegroup A simple example how to select a queue group based 1297 on the full e-mail address or the domain of the 1298 recipient. Selection is done via entries in the 1299 access map using the tag QGRP:, for example: 1300 1301 QGRP:example.com main 1302 QGRP:friend@some.org others 1303 QGRP:my.domain local 1304 1305 where "main", "others", and "local" are names of 1306 queue groups. If an argument is specified, it is used 1307 as default queue group. 1308 1309 Note: please read the warning in doc/op/op.me about 1310 queue groups and possible queue manipulations. 1311 1312+-------+ 1313| HACKS | 1314+-------+ 1315 1316Some things just can't be called features. To make this clear, 1317they go in the hack subdirectory and are referenced using the HACK 1318macro. These will tend to be site-dependent. The release 1319includes the Berkeley-dependent "cssubdomain" hack (that makes 1320sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; 1321this is intended as a short-term aid while moving hosts into 1322subdomains. 1323 1324 1325+--------------------+ 1326| SITE CONFIGURATION | 1327+--------------------+ 1328 1329 ***************************************************** 1330 * This section is really obsolete, and is preserved * 1331 * only for back compatibility. You should plan on * 1332 * using mailertables for new installations. In * 1333 * particular, it doesn't work for the newer forms * 1334 * of UUCP mailers, such as uucp-uudom. * 1335 ***************************************************** 1336 1337Complex sites will need more local configuration information, such as 1338lists of UUCP hosts they speak with directly. This can get a bit more 1339tricky. For an example of a "complex" site, see cf/ucbvax.mc. 1340 1341The SITECONFIG macro allows you to indirectly reference site-dependent 1342configuration information stored in the siteconfig subdirectory. For 1343example, the line 1344 1345 SITECONFIG(`uucp.ucbvax', `ucbvax', `U') 1346 1347reads the file uucp.ucbvax for local connection information. The 1348second parameter is the local name (in this case just "ucbvax" since 1349it is locally connected, and hence a UUCP hostname). The third 1350parameter is the name of both a macro to store the local name (in 1351this case, {U}) and the name of the class (e.g., {U}) in which to store 1352the host information read from the file. Another SITECONFIG line reads 1353 1354 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W') 1355 1356This says that the file uucp.ucbarpa contains the list of UUCP sites 1357connected to ucbarpa.Berkeley.EDU. Class {W} will be used to 1358store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that 1359is, the name of the relay to which the hosts listed in uucp.ucbarpa 1360are connected. [The machine ucbarpa is gone now, but this 1361out-of-date configuration file has been left around to demonstrate 1362how you might do this.] 1363 1364Note that the case of SITECONFIG with a third parameter of ``U'' is 1365special; the second parameter is assumed to be the UUCP name of the 1366local site, rather than the name of a remote site, and the UUCP name 1367is entered into class {w} (the list of local hostnames) as $U.UUCP. 1368 1369The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing 1370more than a sequence of SITE macros describing connectivity. For 1371example: 1372 1373 SITE(`cnmat') 1374 SITE(`sgi olympus') 1375 1376The second example demonstrates that you can use two names on the 1377same line; these are usually aliases for the same host (or are at 1378least in the same company). 1379 1380 1381+--------------------+ 1382| USING UUCP MAILERS | 1383+--------------------+ 1384 1385It's hard to get UUCP mailers right because of the extremely ad hoc 1386nature of UUCP addressing. These config files are really designed 1387for domain-based addressing, even for UUCP sites. 1388 1389There are four UUCP mailers available. The choice of which one to 1390use is partly a matter of local preferences and what is running at 1391the other end of your UUCP connection. Unlike good protocols that 1392define what will go over the wire, UUCP uses the policy that you 1393should do what is right for the other end; if they change, you have 1394to change. This makes it hard to do the right thing, and discourages 1395people from updating their software. In general, if you can avoid 1396UUCP, please do. 1397 1398The major choice is whether to go for a domainized scheme or a 1399non-domainized scheme. This depends entirely on what the other 1400end will recognize. If at all possible, you should encourage the 1401other end to go to a domain-based system -- non-domainized addresses 1402don't work entirely properly. 1403 1404The four mailers are: 1405 1406 uucp-old (obsolete name: "uucp") 1407 This is the oldest, the worst (but the closest to UUCP) way of 1408 sending messages accros UUCP connections. It does bangify 1409 everything and prepends $U (your UUCP name) to the sender's 1410 address (which can already be a bang path itself). It can 1411 only send to one address at a time, so it spends a lot of 1412 time copying duplicates of messages. Avoid this if at all 1413 possible. 1414 1415 uucp-new (obsolete name: "suucp") 1416 The same as above, except that it assumes that in one rmail 1417 command you can specify several recipients. It still has a 1418 lot of other problems. 1419 1420 uucp-dom 1421 This UUCP mailer keeps everything as domain addresses. 1422 Basically, it uses the SMTP mailer rewriting rules. This mailer 1423 is only included if MAILER(`smtp') is specified before 1424 MAILER(`uucp'). 1425 1426 Unfortunately, a lot of UUCP mailer transport agents require 1427 bangified addresses in the envelope, although you can use 1428 domain-based addresses in the message header. (The envelope 1429 shows up as the From_ line on UNIX mail.) So.... 1430 1431 uucp-uudom 1432 This is a cross between uucp-new (for the envelope addresses) 1433 and uucp-dom (for the header addresses). It bangifies the 1434 envelope sender (From_ line in messages) without adding the 1435 local hostname, unless there is no host name on the address 1436 at all (e.g., "wolf") or the host component is a UUCP host name 1437 instead of a domain name ("somehost!wolf" instead of 1438 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') 1439 is also specified earlier. 1440 1441Examples: 1442 1443On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following 1444summarizes the sender rewriting for various mailers. 1445 1446Mailer sender rewriting in the envelope 1447------ ------ ------------------------- 1448uucp-{old,new} wolf grasp!wolf 1449uucp-dom wolf wolf@grasp.insa-lyon.fr 1450uucp-uudom wolf grasp.insa-lyon.fr!wolf 1451 1452uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 1453uucp-dom wolf@fr.net wolf@fr.net 1454uucp-uudom wolf@fr.net fr.net!wolf 1455 1456uucp-{old,new} somehost!wolf grasp!somehost!wolf 1457uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1458uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1459 1460If you are using one of the domainized UUCP mailers, you really want 1461to convert all UUCP addresses to domain format -- otherwise, it will 1462do it for you (and probably not the way you expected). For example, 1463if you have the address foo!bar!baz (and you are not sending to foo), 1464the heuristics will add the @uucp.relay.name or @local.host.name to 1465this address. However, if you map foo to foo.host.name first, it 1466will not add the local hostname. You can do this using the uucpdomain 1467feature. 1468 1469 1470+-------------------+ 1471| TWEAKING RULESETS | 1472+-------------------+ 1473 1474For more complex configurations, you can define special rules. 1475The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1476the names. Any modifications made here are reflected in the header. 1477 1478A common use is to convert old UUCP addresses to SMTP addresses using 1479the UUCPSMTP macro. For example: 1480 1481 LOCAL_RULE_3 1482 UUCPSMTP(`decvax', `decvax.dec.com') 1483 UUCPSMTP(`research', `research.att.com') 1484 1485will cause addresses of the form "decvax!user" and "research!user" 1486to be converted to "user@decvax.dec.com" and "user@research.att.com" 1487respectively. 1488 1489This could also be used to look up hosts in a database map: 1490 1491 LOCAL_RULE_3 1492 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1493 1494This map would be defined in the LOCAL_CONFIG portion, as shown below. 1495 1496Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1497For example, new rules are needed to parse hostnames that you accept 1498via MX records. For example, you might have: 1499 1500 LOCAL_RULE_0 1501 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1502 1503You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1504pointing at this host; this rule catches the message and forwards it on 1505using UUCP. 1506 1507You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1508These rulesets are normally empty. 1509 1510A similar macro is LOCAL_CONFIG. This introduces lines added after the 1511boilerplate option setting but before rulesets. Do not declare rulesets in 1512the LOCAL_CONFIG section. It can be used to declare local database maps or 1513whatever. For example: 1514 1515 LOCAL_CONFIG 1516 Khostmap hash /etc/mail/hostmap 1517 Kyplocal nis -m hosts.byname 1518 1519 1520+---------------------------+ 1521| MASQUERADING AND RELAYING | 1522+---------------------------+ 1523 1524You can have your host masquerade as another using 1525 1526 MASQUERADE_AS(`host.domain') 1527 1528This causes mail being sent to be labeled as coming from the 1529indicated host.domain, rather than $j. One normally masquerades as 1530one of one's own subdomains (for example, it's unlikely that 1531Berkeley would choose to masquerade as an MIT site). This 1532behaviour is modified by a plethora of FEATUREs; in particular, see 1533masquerade_envelope, allmasquerade, limited_masquerade, and 1534masquerade_entire_domain. 1535 1536The masquerade name is not normally canonified, so it is important 1537that it be your One True Name, that is, fully qualified and not a 1538CNAME. However, if you use a CNAME, the receiving side may canonify 1539it for you, so don't think you can cheat CNAME mapping this way. 1540 1541Normally the only addresses that are masqueraded are those that come 1542from this host (that is, are either unqualified or in class {w}, the list 1543of local domain names). You can augment this list, which is realized 1544by class {M} using 1545 1546 MASQUERADE_DOMAIN(`otherhost.domain') 1547 1548The effect of this is that although mail to user@otherhost.domain 1549will not be delivered locally, any mail including any user@otherhost.domain 1550will, when relayed, be rewritten to have the MASQUERADE_AS address. 1551This can be a space-separated list of names. 1552 1553If these names are in a file, you can use 1554 1555 MASQUERADE_DOMAIN_FILE(`filename') 1556 1557to read the list of names from the indicated file (i.e., to add 1558elements to class {M}). 1559 1560To exempt hosts or subdomains from being masqueraded, you can use 1561 1562 MASQUERADE_EXCEPTION(`host.domain') 1563 1564This can come handy if you want to masquerade a whole domain 1565except for one (or a few) host(s). If these names are in a file, 1566you can use 1567 1568 MASQUERADE_EXCEPTION_FILE(`filename') 1569 1570Normally only header addresses are masqueraded. If you want to 1571masquerade the envelope as well, use 1572 1573 FEATURE(`masquerade_envelope') 1574 1575There are always users that need to be "exposed" -- that is, their 1576internal site name should be displayed instead of the masquerade name. 1577Root is an example (which has been "exposed" by default prior to 8.10). 1578You can add users to this list using 1579 1580 EXPOSED_USER(`usernames') 1581 1582This adds users to class {E}; you could also use 1583 1584 EXPOSED_USER_FILE(`filename') 1585 1586You can also arrange to relay all unqualified names (that is, names 1587without @host) to a relay host. For example, if you have a central 1588email server, you might relay to that host so that users don't have 1589to have .forward files or aliases. You can do this using 1590 1591 define(`LOCAL_RELAY', `mailer:hostname') 1592 1593The ``mailer:'' can be omitted, in which case the mailer defaults to 1594"relay". There are some user names that you don't want relayed, perhaps 1595because of local aliases. A common example is root, which may be 1596locally aliased. You can add entries to this list using 1597 1598 LOCAL_USER(`usernames') 1599 1600This adds users to class {L}; you could also use 1601 1602 LOCAL_USER_FILE(`filename') 1603 1604If you want all incoming mail sent to a centralized hub, as for a 1605shared /var/spool/mail scheme, use 1606 1607 define(`MAIL_HUB', `mailer:hostname') 1608 1609Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1610and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 1611be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1612Note: there is a (long standing) bug which keeps this combination from 1613working for addresses of the form user+detail. 1614Names in class {L} will be delivered locally, so you MUST have aliases or 1615.forward files for them. 1616 1617For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1618FEATURE(`stickyhost'), the following combinations of settings will have the 1619indicated effects: 1620 1621email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1622 1623LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1624mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1625 1626MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1627mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1628 1629Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1630MAIL_HUB set as above (no local aliasing) (aliasing done) 1631 1632If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 1633MAIL_HUB act identically, with MAIL_HUB taking precedence. 1634 1635If you want all outgoing mail to go to a central relay site, define 1636SMART_HOST as well. Briefly: 1637 1638 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1639 MAIL_HUB applies to names qualified with the name of the 1640 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1641 SMART_HOST applies to names qualified with other hosts or 1642 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" 1643 or "eric@[127.0.0.1]"). 1644 1645However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1646DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1647really want absolutely everything to go to a single central site you will 1648need to unset all the other relays -- or better yet, find or build a 1649minimal config file that does this. 1650 1651For duplicate suppression to work properly, the host name is best 1652specified with a terminal dot: 1653 1654 define(`MAIL_HUB', `host.domain.') 1655 note the trailing dot ---^ 1656 1657 1658+-------------------------------------------+ 1659| USING LDAP FOR ALIASES, MAPS, AND CLASSES | 1660+-------------------------------------------+ 1661 1662LDAP can be used for aliases, maps, and classes by either specifying your 1663own LDAP map specification or using the built-in default LDAP map 1664specification. The built-in default specifications all provide lookups 1665which match against either the machine's fully qualified hostname (${j}) or 1666a "cluster". The cluster allows you to share LDAP entries among a large 1667number of machines without having to enter each of the machine names into 1668each LDAP entry. To set the LDAP cluster name to use for a particular 1669machine or set of machines, set the confLDAP_CLUSTER m4 variable to a 1670unique name. For example: 1671 1672 define(`confLDAP_CLUSTER', `Servers') 1673 1674Here, the word `Servers' will be the cluster name. As an example, assume 1675that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong 1676to the Servers cluster. 1677 1678Some of the LDAP LDIF examples below show use of the Servers cluster. 1679Every entry must have either a sendmailMTAHost or sendmailMTACluster 1680attribute or it will be ignored. Be careful as mixing clusters and 1681individual host records can have surprising results (see the CAUTION 1682sections below). 1683 1684See the file cf/sendmail.schema for the actual LDAP schemas. Note that 1685this schema (and therefore the lookups and examples below) is experimental 1686at this point as it has had little public review. Therefore, it may change 1687in future versions. Feedback via sendmail@sendmail.org is encouraged. 1688 1689------- 1690Aliases 1691------- 1692 1693The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias 1694lookups. To use the default schema, simply use: 1695 1696 define(`ALIAS_FILE', `ldap:') 1697 1698By doing so, you will use the default schema which expands to a map 1699declared as follows: 1700 1701 ldap -k (&(objectClass=sendmailMTAAliasObject) 1702 (sendmailMTAAliasGrouping=aliases) 1703 (|(sendmailMTACluster=${sendmailMTACluster}) 1704 (sendmailMTAHost=$j)) 1705 (sendmailMTAKey=%0)) 1706 -v sendmailMTAAliasValue 1707 1708NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1709used when the binary expands the `ldap:' token as the AliasFile option is 1710not actually macro-expanded when read from the sendmail.cf file. 1711 1712Example LDAP LDIF entries might be: 1713 1714 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org 1715 objectClass: sendmailMTA 1716 objectClass: sendmailMTAAlias 1717 objectClass: sendmailMTAAliasObject 1718 sendmailMTAAliasGrouping: aliases 1719 sendmailMTAHost: etrn.sendmail.org 1720 sendmailMTAKey: sendmail-list 1721 sendmailMTAAliasValue: ca@example.org 1722 sendmailMTAAliasValue: eric 1723 sendmailMTAAliasValue: gshapiro@example.com 1724 1725 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org 1726 objectClass: sendmailMTA 1727 objectClass: sendmailMTAAlias 1728 objectClass: sendmailMTAAliasObject 1729 sendmailMTAAliasGrouping: aliases 1730 sendmailMTAHost: etrn.sendmail.org 1731 sendmailMTAKey: owner-sendmail-list 1732 sendmailMTAAliasValue: eric 1733 1734 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org 1735 objectClass: sendmailMTA 1736 objectClass: sendmailMTAAlias 1737 objectClass: sendmailMTAAliasObject 1738 sendmailMTAAliasGrouping: aliases 1739 sendmailMTACluster: Servers 1740 sendmailMTAKey: postmaster 1741 sendmailMTAAliasValue: eric 1742 1743Here, the aliases sendmail-list and owner-sendmail-list will be available 1744only on etrn.sendmail.org but the postmaster alias will be available on 1745every machine in the Servers cluster (including etrn.sendmail.org). 1746 1747CAUTION: aliases are additive so that entries like these: 1748 1749 dn: sendmailMTAKey=bob, dc=sendmail, dc=org 1750 objectClass: sendmailMTA 1751 objectClass: sendmailMTAAlias 1752 objectClass: sendmailMTAAliasObject 1753 sendmailMTAAliasGrouping: aliases 1754 sendmailMTACluster: Servers 1755 sendmailMTAKey: bob 1756 sendmailMTAAliasValue: eric 1757 1758 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org 1759 objectClass: sendmailMTA 1760 objectClass: sendmailMTAAlias 1761 objectClass: sendmailMTAAliasObject 1762 sendmailMTAAliasGrouping: aliases 1763 sendmailMTAHost: etrn.sendmail.org 1764 sendmailMTAKey: bob 1765 sendmailMTAAliasValue: gshapiro 1766 1767would mean that on all of the hosts in the cluster, mail to bob would go to 1768eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and 1769gshapiro. 1770 1771If you prefer not to use the default LDAP schema for your aliases, you can 1772specify the map parameters when setting ALIAS_FILE. For example: 1773 1774 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember') 1775 1776---- 1777Maps 1778---- 1779 1780FEATURE()'s which take an optional map definition argument (e.g., access, 1781mailertable, virtusertable, etc.) can instead take the special keyword 1782`LDAP', e.g.: 1783 1784 FEATURE(`access_db', `LDAP') 1785 FEATURE(`virtusertable', `LDAP') 1786 1787When this keyword is given, that map will use LDAP lookups consisting of 1788the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName 1789with the map name, a search attribute of sendmailMTAKey, and the value 1790attribute sendmailMTAMapValue. 1791 1792The values for sendmailMTAMapName are: 1793 1794 FEATURE() sendmailMTAMapName 1795 --------- ------------------ 1796 access_db access 1797 authinfo authinfo 1798 bitdomain bitdomain 1799 domaintable domain 1800 genericstable generics 1801 mailertable mailer 1802 uucpdomain uucpdomain 1803 virtusertable virtuser 1804 1805For example, FEATURE(`mailertable', `LDAP') would use the map definition: 1806 1807 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject) 1808 (sendmailMTAMapName=mailer) 1809 (|(sendmailMTACluster=${sendmailMTACluster}) 1810 (sendmailMTAHost=$j)) 1811 (sendmailMTAKey=%0)) 1812 -1 -v sendmailMTAMapValue 1813 1814An example LDAP LDIF entry using this map might be: 1815 1816 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org 1817 objectClass: sendmailMTA 1818 objectClass: sendmailMTAMap 1819 sendmailMTACluster: Servers 1820 sendmailMTAMapName: mailer 1821 1822 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1823 objectClass: sendmailMTA 1824 objectClass: sendmailMTAMap 1825 objectClass: sendmailMTAMapObject 1826 sendmailMTAMapName: mailer 1827 sendmailMTACluster: Servers 1828 sendmailMTAKey: example.com 1829 sendmailMTAMapValue: relay:[smtp.example.com] 1830 1831CAUTION: If your LDAP database contains the record above and *ALSO* a host 1832specific record such as: 1833 1834 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1835 objectClass: sendmailMTA 1836 objectClass: sendmailMTAMap 1837 objectClass: sendmailMTAMapObject 1838 sendmailMTAMapName: mailer 1839 sendmailMTAHost: etrn.sendmail.org 1840 sendmailMTAKey: example.com 1841 sendmailMTAMapValue: relay:[mx.example.com] 1842 1843then these entries will give unexpected results. When the lookup is done 1844on etrn.sendmail.org, the effect is that there is *NO* match at all as maps 1845require a single match. Since the host etrn.sendmail.org is also in the 1846Servers cluster, LDAP would return two answers for the example.com map key 1847in which case sendmail would treat this as no match at all. 1848 1849If you prefer not to use the default LDAP schema for your maps, you can 1850specify the map parameters when using the FEATURE(). For example: 1851 1852 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value') 1853 1854------- 1855Classes 1856------- 1857 1858Normally, classes can be filled via files or programs. As of 8.12, they 1859can also be filled via map lookups using a new syntax: 1860 1861 F{ClassName}mapkey@mapclass:mapspec 1862 1863mapkey is optional and if not provided the map key will be empty. This can 1864be used with LDAP to read classes from LDAP. Note that the lookup is only 1865done when sendmail is initially started. Use the special value `@LDAP' to 1866use the default LDAP schema. For example: 1867 1868 RELAY_DOMAIN_FILE(`@LDAP') 1869 1870would put all of the attribute sendmailMTAClassValue values of LDAP records 1871with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of 1872'R' into class $={R}. In other words, it is equivalent to the LDAP map 1873specification: 1874 1875 F{R}@ldap:-k (&(objectClass=sendmailMTAClass) 1876 (sendmailMTAClassName=R) 1877 (|(sendmailMTACluster=${sendmailMTACluster}) 1878 (sendmailMTAHost=$j))) 1879 -v sendmailMTAClassValue 1880 1881NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1882used when the binary expands the `@LDAP' token as class declarations are 1883not actually macro-expanded when read from the sendmail.cf file. 1884 1885This can be used with class related commands such as RELAY_DOMAIN_FILE(), 1886MASQUERADE_DOMAIN_FILE(), etc: 1887 1888 Command sendmailMTAClassName 1889 ------- -------------------- 1890 CANONIFY_DOMAIN_FILE() Canonify 1891 EXPOSED_USER_FILE() E 1892 GENERICS_DOMAIN_FILE() G 1893 LDAPROUTE_DOMAIN_FILE() LDAPRoute 1894 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv 1895 LOCAL_USER_FILE() L 1896 MASQUERADE_DOMAIN_FILE() M 1897 MASQUERADE_EXCEPTION_FILE() N 1898 RELAY_DOMAIN_FILE() R 1899 VIRTUSER_DOMAIN_FILE() VirtHost 1900 1901You can also add your own as any 'F'ile class of the form: 1902 1903 F{ClassName}@LDAP 1904 ^^^^^^^^^ 1905will use "ClassName" for the sendmailMTAClassName. 1906 1907An example LDAP LDIF entry would look like: 1908 1909 dn: sendmailMTAClassName=R, dc=sendmail, dc=org 1910 objectClass: sendmailMTA 1911 objectClass: sendmailMTAClass 1912 sendmailMTACluster: Servers 1913 sendmailMTAClassName: R 1914 sendmailMTAClassValue: sendmail.org 1915 sendmailMTAClassValue: example.com 1916 sendmailMTAClassValue: 10.56.23 1917 1918CAUTION: If your LDAP database contains the record above and *ALSO* a host 1919specific record such as: 1920 1921 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org 1922 objectClass: sendmailMTA 1923 objectClass: sendmailMTAClass 1924 sendmailMTAHost: etrn.sendmail.org 1925 sendmailMTAClassName: R 1926 sendmailMTAClassValue: example.com 1927 1928the result will be similar to the aliases caution above. When the lookup 1929is done on etrn.sendmail.org, $={R} would contain all of the entries (from 1930both the cluster match and the host match). In other words, the effective 1931is additive. 1932 1933If you prefer not to use the default LDAP schema for your classes, you can 1934specify the map parameters when using the class command. For example: 1935 1936 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host') 1937 1938Remember, macros can not be used in a class declaration as the binary does 1939not expand them. 1940 1941 1942+--------------+ 1943| LDAP ROUTING | 1944+--------------+ 1945 1946FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft 1947LDAP Schema for Intranet Mail Routing 1948(draft-lachman-laser-ldap-mail-routing-01). This feature enables 1949LDAP-based rerouting of a particular address to either a different host 1950or a different address. The LDAP lookup is first attempted on the full 1951address (e.g., user@example.com) and then on the domain portion 1952(e.g., @example.com). Be sure to setup your domain for LDAP routing using 1953LDAPROUTE_DOMAIN(), e.g.: 1954 1955 LDAPROUTE_DOMAIN(`example.com') 1956 1957Additionally, you can specify equivalent domains for LDAP routing using 1958LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent' 1959hostnames are mapped to $M (the masqueraded hostname for the server) before 1960the LDAP query. For example, if the mail is addressed to 1961user@host1.example.com, normally the LDAP lookup would only be done for 1962'user@host1.example.com' and '@host1.example.com'. However, if 1963LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be 1964done on 'user@example.com' and '@example.com' after attempting the 1965host1.example.com lookups. 1966 1967By default, the feature will use the schemas as specified in the draft 1968and will not reject addresses not found by the LDAP lookup. However, 1969this behavior can be changed by giving additional arguments to the FEATURE() 1970command: 1971 1972 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, <detail>) 1973 1974where <mailHost> is a map definition describing how to lookup an alternative 1975mail host for a particular address; <mailRoutingAddress> is a map definition 1976describing how to lookup an alternative address for a particular address; 1977the <bounce> argument, if present and not the word "passthru", dictates 1978that mail should be bounced if neither a mailHost nor mailRoutingAddress 1979is found; and <detail> indicates what actions to take if the address 1980contains +detail information -- `strip' tries the lookup with the +detail 1981and if no matches are found, strips the +detail and tries the lookup again; 1982`preserve', does the same as `strip' but if a mailRoutingAddress match is 1983found, the +detail information is copied to the new address. 1984 1985The default <mailHost> map definition is: 1986 1987 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient) 1988 (mailLocalAddress=%0)) 1989 1990The default <mailRoutingAddress> map definition is: 1991 1992 ldap -1 -T<TMPF> -v mailRoutingAddress 1993 -k (&(objectClass=inetLocalMailRecipient) 1994 (mailLocalAddress=%0)) 1995 1996Note that neither includes the LDAP server hostname (-h server) or base DN 1997(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that 1998your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with 1999these settings. If this is not the case, the map definitions should be 2000changed as described above. The "-T<TMPF>" is required in any user 2001specified map definition to catch temporary errors. 2002 2003The following possibilities exist as a result of an LDAP lookup on an 2004address: 2005 2006 mailHost is mailRoutingAddress is Results in 2007 ----------- --------------------- ---------- 2008 set to a set mail delivered to 2009 "local" host mailRoutingAddress 2010 2011 set to a not set delivered to 2012 "local" host original address 2013 2014 set to a set mailRoutingAddress 2015 remote host relayed to mailHost 2016 2017 set to a not set original address 2018 remote host relayed to mailHost 2019 2020 not set set mail delivered to 2021 mailRoutingAddress 2022 2023 not set not set delivered to 2024 original address *OR* 2025 bounced as unknown user 2026 2027The term "local" host above means the host specified is in class {w}. If 2028the result would mean sending the mail to a different host, that host is 2029looked up in the mailertable before delivery. 2030 2031Note that the last case depends on whether the third argument is given 2032to the FEATURE() command. The default is to deliver the message to the 2033original address. 2034 2035The LDAP entries should be set up with an objectClass of 2036inetLocalMailRecipient and the address be listed in a mailLocalAddress 2037attribute. If present, there must be only one mailHost attribute and it 2038must contain a fully qualified host name as its value. Similarly, if 2039present, there must be only one mailRoutingAddress attribute and it must 2040contain an RFC 822 compliant address. Some example LDAP records (in LDIF 2041format): 2042 2043 dn: uid=tom, o=example.com, c=US 2044 objectClass: inetLocalMailRecipient 2045 mailLocalAddress: tom@example.com 2046 mailRoutingAddress: thomas@mailhost.example.com 2047 2048This would deliver mail for tom@example.com to thomas@mailhost.example.com. 2049 2050 dn: uid=dick, o=example.com, c=US 2051 objectClass: inetLocalMailRecipient 2052 mailLocalAddress: dick@example.com 2053 mailHost: eng.example.com 2054 2055This would relay mail for dick@example.com to the same address but redirect 2056the mail to MX records listed for the host eng.example.com (unless the 2057mailertable overrides). 2058 2059 dn: uid=harry, o=example.com, c=US 2060 objectClass: inetLocalMailRecipient 2061 mailLocalAddress: harry@example.com 2062 mailHost: mktmail.example.com 2063 mailRoutingAddress: harry@mkt.example.com 2064 2065This would relay mail for harry@example.com to the MX records listed for 2066the host mktmail.example.com using the new address harry@mkt.example.com 2067when talking to that host. 2068 2069 dn: uid=virtual.example.com, o=example.com, c=US 2070 objectClass: inetLocalMailRecipient 2071 mailLocalAddress: @virtual.example.com 2072 mailHost: server.example.com 2073 mailRoutingAddress: virtual@example.com 2074 2075This would send all mail destined for any username @virtual.example.com to 2076the machine server.example.com's MX servers and deliver to the address 2077virtual@example.com on that relay machine. 2078 2079 2080+---------------------------------+ 2081| ANTI-SPAM CONFIGURATION CONTROL | 2082+---------------------------------+ 2083 2084The primary anti-spam features available in sendmail are: 2085 2086* Relaying is denied by default. 2087* Better checking on sender information. 2088* Access database. 2089* Header checks. 2090 2091Relaying (transmission of messages from a site outside your host (class 2092{w}) to another site except yours) is denied by default. Note that this 2093changed in sendmail 8.9; previous versions allowed relaying by default. 2094If you really want to revert to the old behaviour, you will need to use 2095FEATURE(`promiscuous_relay'). You can allow certain domains to relay 2096through your server by adding their domain name or IP address to class 2097{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database 2098(described below). Note that IPv6 addresses must be prefaced with "IPv6:". 2099The file consists (like any other file based class) of entries listed on 2100separate lines, e.g., 2101 2102 sendmail.org 2103 128.32 2104 IPv6:2002:c0a8:02c7 2105 IPv6:2002:c0a8:51d2::23f4 2106 host.mydomain.com 2107 [UNIX:localhost] 2108 2109Notice: the last entry allows relaying for connections via a UNIX 2110socket to the MTA/MSP. This might be necessary if your configuration 2111doesn't allow relaying by other means in that case, e.g., by having 2112localhost.$m in class {R} (make sure $m is not just a top level 2113domain). 2114 2115If you use 2116 2117 FEATURE(`relay_entire_domain') 2118 2119then any host in any of your local domains (that is, class {m}) 2120will be relayed (that is, you will accept mail either to or from any 2121host in your domain). 2122 2123You can also allow relaying based on the MX records of the host 2124portion of an incoming recipient address by using 2125 2126 FEATURE(`relay_based_on_MX') 2127 2128For example, if your server receives a recipient of user@domain.com 2129and domain.com lists your server in its MX records, the mail will be 2130accepted for relay to domain.com. This feature may cause problems 2131if MX lookups for the recipient domain are slow or time out. In that 2132case, mail will be temporarily rejected. It is usually better to 2133maintain a list of hosts/domains for which the server acts as relay. 2134Note also that this feature will stop spammers from using your host 2135to relay spam but it will not stop outsiders from using your server 2136as a relay for their site (that is, they set up an MX record pointing 2137to your mail server, and you will relay mail addressed to them 2138without any prior arrangement). Along the same lines, 2139 2140 FEATURE(`relay_local_from') 2141 2142will allow relaying if the sender specifies a return path (i.e. 2143MAIL FROM: <user@domain>) domain which is a local domain. This is a 2144dangerous feature as it will allow spammers to spam using your mail 2145server by simply specifying a return address of user@your.domain.com. 2146It should not be used unless absolutely necessary. 2147A slightly better solution is 2148 2149 FEATURE(`relay_mail_from') 2150 2151which allows relaying if the mail sender is listed as RELAY in the 2152access map. If an optional argument `domain' is given, the domain 2153portion of the mail sender is also checked to allowing relaying. 2154This option only works together with the tag From: for the LHS of 2155the access map entries (see below: Finer control...). This feature 2156allows spammers to abuse your mail server by specifying a return 2157address that you enabled in your access file. This may be harder 2158to figure out for spammers, but it should not be used unless 2159necessary. Instead use SMTP AUTH or STARTTLS to allow relaying 2160for roaming users. 2161 2162 2163If source routing is used in the recipient address (e.g., 2164RCPT TO: <user%site.com@othersite.com>), sendmail will check 2165user@site.com for relaying if othersite.com is an allowed relay host 2166in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, 2167or the access database if FEATURE(`access_db') is used. To prevent 2168the address from being stripped down, use: 2169 2170 FEATURE(`loose_relay_check') 2171 2172If you think you need to use this feature, you probably do not. This 2173should only be used for sites which have no control over the addresses 2174that they provide a gateway for. Use this FEATURE with caution as it 2175can allow spammers to relay through your server if not setup properly. 2176 2177NOTICE: It is possible to relay mail through a system which the anti-relay 2178rules do not prevent: the case of a system that does use FEATURE(`nouucp', 2179`nospecial') (system A) and relays local messages to a mail hub (e.g., via 2180LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use 2181FEATURE(`nouucp') at all, addresses of the form 2182<example.net!user@local.host> would be relayed to <user@example.net>. 2183System A doesn't recognize `!' as an address separator and therefore 2184forwards it to the mail hub which in turns relays it because it came from 2185a trusted local host. So if a mailserver allows UUCP (bang-format) 2186addresses, all systems from which it allows relaying should do the same 2187or reject those addresses. 2188 2189As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 2190an unresolvable domain (i.e., one that DNS, your local name service, 2191or special case rules in ruleset 3 cannot locate). This also applies 2192to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the 2193IP address can't be mapped to a host name. If you want to continue 2194to accept such domains, e.g., because you are inside a firewall that 2195has only a limited view of the Internet host name space (note that you 2196will not be able to return mail to them unless you have some "smart 2197host" forwarder), use 2198 2199 FEATURE(`accept_unresolvable_domains') 2200 2201Alternatively, you can allow specific addresses by adding them to 2202the access map, e.g., 2203 2204 From:unresolvable.domain OK 2205 From:[1.2.3.4] OK 2206 From:[1.2.4] OK 2207 2208Notice: domains which are temporarily unresolvable are (temporarily) 2209rejected with a 451 reply code. If those domains should be accepted 2210(which is discouraged) then you can use 2211 2212 LOCAL_CONFIG 2213 C{ResOk}TEMP 2214 2215sendmail will also refuse mail if the MAIL FROM: parameter is not 2216fully qualified (i.e., contains a domain as well as a user). If you 2217want to continue to accept such senders, use 2218 2219 FEATURE(`accept_unqualified_senders') 2220 2221Setting the DaemonPortOptions modifier 'u' overrides the default behavior, 2222i.e., unqualified addresses are accepted even without this FEATURE. If 2223this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used 2224to enforce fully qualified domain names. 2225 2226An ``access'' database can be created to accept or reject mail from 2227selected domains. For example, you may choose to reject all mail 2228originating from known spammers. To enable such a database, use 2229 2230 FEATURE(`access_db') 2231 2232Notice: the access database is applied to the envelope addresses 2233and the connection information, not to the header. 2234 2235The FEATURE macro can accept as second parameter the key file 2236definition for the database; for example 2237 2238 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map') 2239 2240Notice: If a second argument is specified it must contain the option 2241`-T<TMPF>' as shown above. The optional third and fourth parameters 2242may be `skip' or `lookupdotdomain'. The former enables SKIP as 2243value part (see below), the latter is another way to enable the 2244feature of the same name (see above). 2245 2246Remember, since /etc/mail/access is a database, after creating the text 2247file as described below, you must use makemap to create the database 2248map. For example: 2249 2250 makemap hash /etc/mail/access < /etc/mail/access 2251 2252The table itself uses e-mail addresses, domain names, and network 2253numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:". 2254For example, 2255 2256 spammer@aol.com REJECT 2257 cyberspammer.com REJECT 2258 TLD REJECT 2259 192.168.212 REJECT 2260 IPv6:2002:c0a8:02c7 RELAY 2261 IPv6:2002:c0a8:51d2::23f4 REJECT 2262 2263would refuse mail from spammer@aol.com, any user from cyberspammer.com 2264(or any host within the cyberspammer.com domain), any host in the entire 2265top level domain TLD, 192.168.212.* network, and the IPv6 address 22662002:c0a8:51d2::23f4. It would allow relay for the IPv6 network 22672002:c0a8:02c7::/48. 2268 2269The value part of the map can contain: 2270 2271 OK Accept mail even if other rules in the running 2272 ruleset would reject it, for example, if the domain 2273 name is unresolvable. "Accept" does not mean 2274 "relay", but at most acceptance for local 2275 recipients. That is, OK allows less than RELAY. 2276 RELAY Accept mail addressed to the indicated domain or 2277 received from the indicated domain for relaying 2278 through your SMTP server. RELAY also serves as 2279 an implicit OK for the other checks. 2280 REJECT Reject the sender or recipient with a general 2281 purpose message. 2282 DISCARD Discard the message completely using the 2283 $#discard mailer. If it is used in check_compat, 2284 it affects only the designated recipient, not 2285 the whole message as it does in all other cases. 2286 This should only be used if really necessary. 2287 SKIP This can only be used for host/domain names 2288 and IP addresses/nets. It will abort the current 2289 search for this entry without accepting or rejecting 2290 it but causing the default action. 2291 ### any text where ### is an RFC 821 compliant error code and 2292 "any text" is a message to return for the command. 2293 The string should be quoted to avoid surprises, 2294 e.g., sendmail may remove spaces otherwise. 2295 This type is deprecated, use one the two 2296 ERROR: entries below instead. 2297 ERROR:### any text 2298 as above, but useful to mark error messages as such. 2299 ERROR:D.S.N:### any text 2300 where D.S.N is an RFC 1893 compliant error code 2301 and the rest as above. 2302 2303For example: 2304 2305 cyberspammer.com ERROR:550 "We don't accept mail from spammers" 2306 okay.cyberspammer.com OK 2307 sendmail.org RELAY 2308 128.32 RELAY 2309 IPv6:1:2:3:4:5:6:7 RELAY 2310 [127.0.0.3] OK 2311 [IPv6:1:2:3:4:5:6:7:8] OK 2312 2313would accept mail from okay.cyberspammer.com, but would reject mail from 2314all other hosts at cyberspammer.com with the indicated message. It would 2315allow relaying mail from and to any hosts in the sendmail.org domain, and 2316allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:* 2317network. The latter two entries are for checks against ${client_name} if 2318the IP address doesn't resolve to a hostname (or is considered as "may be 2319forged"). That is, using square brackets means these are host names, 2320not network numbers. 2321 2322Warning: if you change the RFC 821 compliant error code from the default 2323value of 550, then you should probably also change the RFC 1893 compliant 2324error code to match it. For example, if you use 2325 2326 user@example.com ERROR:450 mailbox full 2327 2328the error returned would be "450 5.0.0 mailbox full" which is wrong. 2329Use "ERROR:4.2.2:450 mailbox full" instead. 2330 2331Note, UUCP users may need to add hostname.UUCP to the access database 2332or class {R}. 2333 2334If you also use: 2335 2336 FEATURE(`relay_hosts_only') 2337 2338then the above example will allow relaying for sendmail.org, but not 2339hosts within the sendmail.org domain. Note that this will also require 2340hosts listed in class {R} to be fully qualified host names. 2341 2342You can also use the access database to block sender addresses based on 2343the username portion of the address. For example: 2344 2345 FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted 2346 2347Note that you must include the @ after the username to signify that 2348this database entry is for checking only the username portion of the 2349sender address. 2350 2351If you use: 2352 2353 FEATURE(`blacklist_recipients') 2354 2355then you can add entries to the map for local users, hosts in your 2356domains, or addresses in your domain which should not receive mail: 2357 2358 badlocaluser@ ERROR:550 Mailbox disabled for this username 2359 host.mydomain.com ERROR:550 That host does not accept mail 2360 user@otherhost.mydomain.com ERROR:550 Mailbox disabled for this recipient 2361 2362This would prevent a recipient of badlocaluser@mydomain.com, any 2363user at host.mydomain.com, and the single address 2364user@otherhost.mydomain.com from receiving mail. Please note: a 2365local username must be now tagged with an @ (this is consistent 2366with the check of the sender address, and hence it is possible to 2367distinguish between hostnames and usernames). Enabling this feature 2368will keep you from sending mails to all addresses that have an 2369error message or REJECT as value part in the access map. Taking 2370the example from above: 2371 2372 spammer@aol.com REJECT 2373 cyberspammer.com REJECT 2374 2375Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 2376 2377There are several DNS based blacklists, the first of which was 2378the RBL (``Realtime Blackhole List'') run by the MAPS project, 2379see http://mail-abuse.org/. These are databases of spammers 2380maintained in DNS. To use such a database, specify 2381 2382 FEATURE(`dnsbl') 2383 2384This will cause sendmail to reject mail from any site in the original 2385Realtime Blackhole List database. This default DNS blacklist, 2386blackholes.mail-abuse.org, is a service offered by the Mail Abuse 2387Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription 2388service, so using that network address won't work if you haven't 2389subscribed. Contact MAPS to subscribe (http://mail-abuse.org/). 2390 2391You can specify an alternative RBL server to check by specifying an 2392argument to the FEATURE. The default error message is 2393 2394 Mail from IP-ADDRESS refused by blackhole site SERVER 2395 2396where IP-ADDRESS and SERVER are replaced by the appropriate 2397information. A second argument can be used to specify a different 2398text. By default, temporary lookup failures are ignored and hence 2399cause the connection not to be rejected by the DNS based rejection 2400list. This behavior can be changed by specifying a third argument, 2401which must be either `t' or a full error message. For example: 2402 2403 FEATURE(`dnsbl', `dnsbl.example.com', `', 2404 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"') 2405 2406If `t' is used, the error message is: 2407 2408 451 Temporary lookup failure of IP-ADDRESS at SERVER 2409 2410where IP-ADDRESS and SERVER are replaced by the appropriate 2411information. 2412 2413This FEATURE can be included several times to query different 2414DNS based rejection lists, e.g., the dial-up user list (see 2415http://mail-abuse.org/dul/). 2416 2417Notice: to avoid checking your own local domains against those 2418blacklists, use the access_db feature and add: 2419 2420 Connect:10.1 OK 2421 Connect:127.0.0.1 RELAY 2422 2423to the access map, where 10.1 is your local network. You may 2424want to use "RELAY" instead of "OK" to allow also relaying 2425instead of just disabling the DNS lookups in the backlists. 2426 2427 2428The features described above make use of the check_relay, check_mail, 2429and check_rcpt rulesets. If you wish to include your own checks, 2430you can put your checks in the rulesets Local_check_relay, 2431Local_check_mail, and Local_check_rcpt. For example if you wanted to 2432block senders with all numeric usernames (i.e. 2312343@bigisp.com), 2433you would use Local_check_mail and the regex map: 2434 2435 LOCAL_CONFIG 2436 Kallnumbers regex -a@MATCH ^[0-9]+$ 2437 2438 LOCAL_RULESETS 2439 SLocal_check_mail 2440 # check address against various regex checks 2441 R$* $: $>Parse0 $>3 $1 2442 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 2443 R@MATCH $#error $: 553 Header Error 2444 2445These rules are called with the original arguments of the corresponding 2446check_* ruleset. If the local ruleset returns $#OK, no further checking 2447is done by the features described above and the mail is accepted. If the 2448local ruleset resolves to a mailer (such as $#error or $#discard), the 2449appropriate action is taken. Otherwise, the results of the local 2450rewriting are ignored. 2451 2452Finer control by using tags for the LHS of the access map 2453--------------------------------------------------------- 2454 2455Read this section only if the options listed so far are not sufficient 2456for your purposes. There is now the option to tag entries in the 2457access map according to their type. Three tags are available: 2458 2459 Connect: connection information (${client_addr}, ${client_name}) 2460 From: envelope sender 2461 To: envelope recipient 2462 2463If the required item is looked up in a map, it will be tried first 2464with the corresponding tag in front, then (as fallback to enable 2465backward compatibility) without any tag, unless the specific feature 2466requires a tag. For example, 2467 2468 From:spammer@some.dom REJECT 2469 To:friend.domain RELAY 2470 Connect:friend.domain OK 2471 Connect:from.domain RELAY 2472 From:good@another.dom OK 2473 From:another.dom REJECT 2474 2475This would deny mails from spammer@some.dom but you could still 2476send mail to that address even if FEATURE(`blacklist_recipients') 2477is enabled. Your system will allow relaying to friend.domain, but 2478not from it (unless enabled by other means). Connections from that 2479domain will be allowed even if it ends up in one of the DNS based 2480rejection lists. Relaying is enabled from from.domain but not to 2481it (since relaying is based on the connection information for 2482outgoing relaying, the tag Connect: must be used; for incoming 2483relaying, which is based on the recipient address, To: must be 2484used). The last two entries allow mails from good@another.dom but 2485reject mail from all other addresses with another.dom as domain 2486part. 2487 2488Delay all checks 2489---------------- 2490 2491By using FEATURE(`delay_checks') the rulesets check_mail and check_relay 2492will not be called when a client connects or issues a MAIL command, 2493respectively. Instead, those rulesets will be called by the check_rcpt 2494ruleset; they will be skipped if a sender has been authenticated using 2495a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). 2496If check_mail returns an error then the RCPT TO command will be rejected 2497with that error. If it returns some other result starting with $# then 2498check_relay will be skipped. If the sender address (or a part of it) is 2499listed in the access map and it has a RHS of OK or RELAY, then check_relay 2500will be skipped. This has an interesting side effect: if your domain is 2501my.domain and you have 2502 2503 my.domain RELAY 2504 2505in the access map, then all e-mail with a sender address of 2506<user@my.domain> gets through, even if check_relay would reject it 2507(e.g., based on the hostname or IP address). This allows spammers 2508to get around DNS based blacklist by faking the sender address. To 2509avoid this problem you have to use tagged entries: 2510 2511 To:my.domain RELAY 2512 Connect:my.domain RELAY 2513 2514if you need those entries at all (class {R} may take care of them). 2515 2516FEATURE(`delay_checks') can take an optional argument: 2517 2518 FEATURE(`delay_checks', `friend') 2519 enables spamfriend test 2520 FEATURE(`delay_checks', `hater') 2521 enables spamhater test 2522 2523If such an argument is given, the recipient will be looked up in the 2524access map (using the tag Spam:). If the argument is `friend', then 2525the default behavior is to apply the other rulesets and make a SPAM 2526friend the exception. The rulesets check_mail and check_relay will be 2527skipped only if the recipient address is found and has RHS FRIEND. If 2528the argument is `hater', then the default behavior is to skip the rulesets 2529check_mail and check_relay and make a SPAM hater the exception. The 2530other two rulesets will be applied only if the recipient address is 2531found and has RHS HATER. 2532 2533This allows for simple exceptions from the tests, e.g., by activating 2534the friend option and having 2535 2536 Spam:abuse@ FRIEND 2537 2538in the access map, mail to abuse@localdomain will get through. It is 2539also possible to specify a full address or an address with +detail: 2540 2541 Spam:abuse@my.domain FRIEND 2542 Spam:me+abuse@ FRIEND 2543 Spam:spam.domain FRIEND 2544 2545Note: The required tag has been changed in 8.12 from To: to Spam:. 2546This change is incompatible to previous versions. However, you can 2547(for now) simply add the new entries to the access map, the old 2548ones will be ignored. As soon as you removed the old entries from 2549the access map, specify a third parameter (`n') to this feature and 2550the backward compatibility rules will not be in the generated .cf 2551file. 2552 2553Header Checks 2554------------- 2555 2556You can also reject mail on the basis of the contents of headers. 2557This is done by adding a ruleset call to the 'H' header definition command 2558in sendmail.cf. For example, this can be used to check the validity of 2559a Message-ID: header: 2560 2561 LOCAL_RULESETS 2562 HMessage-Id: $>CheckMessageId 2563 2564 SCheckMessageId 2565 R< $+ @ $+ > $@ OK 2566 R$* $#error $: 553 Header Error 2567 2568The alternative format: 2569 2570 HSubject: $>+CheckSubject 2571 2572that is, $>+ instead of $>, gives the full Subject: header including 2573comments to the ruleset (comments in parentheses () are stripped 2574by default). 2575 2576A default ruleset for headers which don't have a specific ruleset 2577defined for them can be given by: 2578 2579 H*: $>CheckHdr 2580 2581Notice: 25821. All rules act on tokens as explained in doc/op/op.{me,ps,txt}. 2583That may cause problems with simple header checks due to the 2584tokenization. It might be simpler to use a regex map and apply it 2585to $&{currHeader}. 25862. There are no default rulesets coming with this distribution of 2587sendmail. You can either write your own or you can search the 2588WWW for examples, e.g., http://www.digitalanswers.org/check_local/ 2589 2590After all of the headers are read, the check_eoh ruleset will be called for 2591any final header-related checks. The ruleset is called with the number of 2592headers and the size of all of the headers in bytes separated by $|. One 2593example usage is to reject messages which do not have a Message-Id: 2594header. However, the Message-Id: header is *NOT* a required header and is 2595not a guaranteed spam indicator. This ruleset is an example and should 2596probably not be used in production. 2597 2598 LOCAL_CONFIG 2599 Kstorage macro 2600 2601 LOCAL_RULESETS 2602 HMessage-Id: $>CheckMessageId 2603 2604 SCheckMessageId 2605 # Record the presence of the header 2606 R$* $: $(storage {MessageIdCheck} $@ OK $) $1 2607 R< $+ @ $+ > $@ OK 2608 R$* $#error $: 553 Header Error 2609 2610 Scheck_eoh 2611 # Check the macro 2612 R$* $: < $&{MessageIdCheck} > 2613 # Clear the macro for the next message 2614 R$* $: $(storage {MessageIdCheck} $) $1 2615 # Has a Message-Id: header 2616 R< $+ > $@ OK 2617 # Allow missing Message-Id: from local mail 2618 R$* $: < $&{client_name} > 2619 R< > $@ OK 2620 R< $=w > $@ OK 2621 # Otherwise, reject the mail 2622 R$* $#error $: 553 Header Error 2623 2624+----------+ 2625| STARTTLS | 2626+----------+ 2627 2628In this text, cert will be used as an abreviation for X.509 certificate, 2629DN (CN) is the distinguished (common) name of a cert, and CA is a 2630certification authority, which signs (issues) certs. 2631 2632For STARTTLS to be offered by sendmail you need to set at least 2633this variables (the file names and paths are just examples): 2634 2635 define(`confCACERT_PATH', `/etc/mail/certs/') 2636 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 2637 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 2638 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 2639 2640On systems which do not have the compile flag HASURANDOM set (see 2641sendmail/README) you also must set confRAND_FILE. 2642 2643See doc/op/op.{me,ps,txt} for more information about these options, 2644especially the sections ``Certificates for STARTTLS'' and ``PRNG for 2645STARTTLS''. 2646 2647Macros related to STARTTLS are: 2648 2649${cert_issuer} holds the DN of the CA (the cert issuer). 2650${cert_subject} holds the DN of the cert (called the cert subject). 2651${cn_issuer} holds the CN of the CA (the cert issuer). 2652${cn_subject} holds the CN of the cert (called the cert subject). 2653${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, 2654 TLSv1/SSLv3, SSLv3, SSLv2. 2655${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 2656 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. 2657${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm 2658 used for the connection. 2659${verify} holds the result of the verification of the presented cert. 2660 Possible values are: 2661 OK verification succeeded. 2662 NO no cert presented. 2663 NOT no cert requested. 2664 FAIL cert presented but could not be verified, 2665 e.g., the cert of the signing CA is missing. 2666 NONE STARTTLS has not been performed. 2667 TEMP temporary error occurred. 2668 PROTOCOL protocol error occurred (SMTP level). 2669 SOFTWARE STARTTLS handshake failed. 2670${server_name} the name of the server of the current outgoing SMTP 2671 connection. 2672${server_addr} the address of the server of the current outgoing SMTP 2673 connection. 2674 2675Relaying 2676-------- 2677 2678SMTP STARTTLS can allow relaying for senders who have successfully 2679authenticated themselves. This is done in the ruleset RelayAuth. If the 2680verification of the cert failed (${verify} != OK), relaying is subject to 2681the usual rules. Otherwise the DN of the issuer is looked up in the access 2682map using the tag CERTISSUER. If the resulting value is RELAY, relaying is 2683allowed. If it is SUBJECT, the DN of the cert subject is looked up next in 2684the access map using the tag CERTSUBJECT. If the value is RELAY, relaying 2685is allowed. 2686 2687To make things a bit more flexible (or complicated), the values for 2688${cert_issuer} and ${cert_subject} can be optionally modified by regular 2689expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and 2690_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in 2691rulesets and map lookups, they are modified as follows: each non-printable 2692character and the characters '<', '>', '(', ')', '"', '+' are replaced by 2693their HEX value with a leading '+'. For example: 2694 2695/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= 2696darth+cert@endmail.org 2697 2698is encoded as: 2699 2700/C=US/ST=California/O=endmail.org/OU=private/CN= 2701Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2702 2703(line breaks have been inserted for readability). 2704 2705Examples: 2706 2707To allow relaying for everyone who can present a cert signed by 2708 2709/C=US/ST=California/O=endmail.org/OU=private/CN= 2710Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2711 2712simply use: 2713 2714CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2715Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY 2716 2717To allow relaying only for a subset of machines that have a cert signed by 2718 2719/C=US/ST=California/O=endmail.org/OU=private/CN= 2720Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2721 2722use: 2723 2724CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2725Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT 2726CERTSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= 2727DeathStar/Email=deathstar@endmail.org RELAY 2728 2729Note: line breaks have been inserted after "CN=" for readability, 2730each tagged entry must be one (long) line in the access map. 2731 2732Of course it is also possible to write a simple ruleset that allows 2733relaying for everyone who can present a cert that can be verified, e.g., 2734 2735LOCAL_RULESETS 2736SLocal_check_rcpt 2737R$* $: $&{verify} 2738ROK $# OK 2739 2740Allowing Connections 2741-------------------- 2742 2743The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether 2744an SMTP connection is accepted (or should continue). 2745 2746tls_server is called when sendmail acts as client after a STARTTLS command 2747(should) have been issued. The parameter is the value of ${verify}. 2748 2749tls_client is called when sendmail acts as server, after a STARTTLS command 2750has been issued, and from check_mail. The parameter is the value of 2751${verify} and STARTTLS or MAIL, respectively. 2752 2753Both rulesets behave the same. If no access map is in use, the connection 2754will be accepted unless ${verify} is SOFTWARE, in which case the connection 2755is always aborted. For tls_server/tls_client, ${client_name}/${server_name} 2756is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done 2757with the ruleset LookUpDomain. If no entry is found, ${client_addr} 2758(${server_addr}) is looked up in the access map (same tag, ruleset 2759LookUpAddr). If this doesn't result in an entry either, just the tag is 2760looked up in the access map (included the trailing colon). Notice: 2761requiring that e-mail is sent to a server only encrypted, e.g., via 2762 2763TLS_Srv:secure.domain ENCR:112 2764 2765doesn't necessarily mean that e-mail sent to that domain is encrypted. 2766If the domain has multiple MX servers, e.g., 2767 2768secure.domain. IN MX 10 mail.secure.domain. 2769secure.domain. IN MX 50 mail.other.domain. 2770 2771then mail to user@secure.domain may go unencrypted to mail.other.domain. 2772tls_rcpt can be used to address this problem. 2773 2774tls_rcpt is called before a RCPT TO: command is sent. The parameter is the 2775current recipient. This ruleset is only defined if FEATURE(`access_db') 2776is selected. A recipient address user@domain is looked up in the access 2777map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain, 2778and TLS_Rcpt:; the first match is taken. 2779 2780The result of the lookups is then used to call the ruleset TLS_connection, 2781which checks the requirement specified by the RHS in the access map against 2782the actual parameters of the current TLS connection, esp. ${verify} and 2783${cipher_bits}. Legal RHSs in the access map are: 2784 2785VERIFY verification must have succeeded 2786VERIFY:bits verification must have succeeded and ${cipher_bits} must 2787 be greater than or equal bits. 2788ENCR:bits ${cipher_bits} must be greater than or equal bits. 2789 2790The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary 2791or permanent error. The default is a temporary error code (403 4.7.0) 2792unless the macro TLS_PERM_ERR is set during generation of the .cf file. 2793 2794If a certain level of encryption is required, then it might also be 2795possible that this level is provided by the security layer from a SASL 2796algorithm, e.g., DIGEST-MD5. 2797 2798Furthermore, there can be a list of extensions added. Such a list 2799starts with '+' and the items are separated by '++'. Allowed 2800extensions are: 2801 2802CN:name name must match ${cn_subject} 2803CN ${server_name} must match ${cn_subject} 2804CS:name name must match ${cert_subject} 2805CI:name name must match ${cert_issuer} 2806 2807Example: e-mail sent to secure.example.com should only use an encrypted 2808connection. E-mail received from hosts within the laptop.example.com domain 2809should only be accepted if they have been authenticated. The host which 2810receives e-mail for darth@endmail.org must present a cert that uses the 2811CN smtp.endmail.org. 2812 2813TLS_Srv:secure.example.com ENCR:112 2814TLS_Clt:laptop.example.com PERM+VERIFY:112 2815TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org 2816 2817 2818Disabling STARTTLS And Setting SMTP Server Features 2819--------------------------------------------------- 2820 2821By default STARTTLS is used whenever possible. However, there are 2822some broken MTAs that don't properly implement STARTTLS. To be able 2823to send to (or receive from) those MTAs, the ruleset try_tls 2824(srv_features) can be used that work together with the access map. 2825Entries for the access map must be tagged with Try_TLS (Srv_Features) 2826and refer to the hostname or IP address of the connecting system. 2827A default case can be specified by using just the tag. For example, 2828the following entries in the access map: 2829 2830 Try_TLS:broken.server NO 2831 Srv_Features:my.domain v 2832 Srv_Features: V 2833 2834will turn off STARTTLS when sending to broken.server (or any host 2835in that domain), and request a client certificate during the TLS 2836handshake only for hosts in my.domain. The valid entries on the RHS 2837for Srv_Features are listed in the Sendmail Installation and 2838Operations Guide. 2839 2840 2841Received: Header 2842---------------- 2843 2844The Received: header reveals whether STARTTLS has been used. It contains an 2845extra line: 2846 2847(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify}) 2848 2849 2850+---------------------+ 2851| SMTP AUTHENTICATION | 2852+---------------------+ 2853 2854The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be 2855used in anti-relay rulesets to allow relaying for those users that 2856authenticated themselves. A very simple example is: 2857 2858SLocal_check_rcpt 2859R$* $: $&{auth_type} 2860R$+ $# OK 2861 2862which checks whether a user has successfully authenticated using 2863any available mechanism. Depending on the setup of the CYRUS SASL 2864library, more sophisticated rulesets might be required, e.g., 2865 2866SLocal_check_rcpt 2867R$* $: $&{auth_type} $| $&{auth_authen} 2868RDIGEST-MD5 $| $+@$=w $# OK 2869 2870to allow relaying for users that authenticated using DIGEST-MD5 2871and have an identity in the local domains. 2872 2873The ruleset trust_auth is used to determine whether a given AUTH= 2874parameter (that is passed to this ruleset) should be trusted. This 2875ruleset may make use of the other ${auth_*} macros. Only if the 2876ruleset resolves to the error mailer, the AUTH= parameter is not 2877trusted. A user supplied ruleset Local_trust_auth can be written 2878to modify the default behavior, which only trust the AUTH= 2879parameter if it is identical to the authenticated user. 2880 2881Per default, relaying is allowed for any user who authenticated 2882via a "trusted" mechanism, i.e., one that is defined via 2883TRUST_AUTH_MECH(`list of mechanisms') 2884For example: 2885TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5') 2886 2887If the selected mechanism provides a security layer the number of 2888bits used for the key of the symmetric cipher is stored in the 2889macro ${auth_ssf}. 2890 2891If sendmail acts as client, it needs some information how to 2892authenticate against another MTA. This information can be provided 2893by the ruleset authinfo or by the option DefaultAuthInfo. The 2894authinfo ruleset looks up {server_name} using the tag AuthInfo: in 2895the access map. If no entry is found, {server_addr} is looked up 2896in the same way and finally just the tag AuthInfo: to provide 2897default values. 2898 2899Notice: the default configuration file causes the option DefaultAuthInfo 2900to fail since the ruleset authinfo is in the .cf file. If you really 2901want to use DefaultAuthInfo (it is deprecated) then you have to 2902remove the ruleset. 2903 2904The RHS for an AuthInfo: entry in the access map should consists of a 2905list of tokens, each of which has the form: "TDstring" (including 2906the quotes). T is a tag which describes the item, D is a delimiter, 2907either ':' for simple text or '=' for a base64 encoded string. 2908Valid values for the tag are: 2909 2910 U user (authorization) id 2911 I authentication id 2912 P password 2913 R realm 2914 M list of mechanisms delimited by spaces 2915 2916Example entries are: 2917 2918AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5" 2919AuthInfo:more.dom "U:user" "P=c2VjcmV0" 2920 2921User or authentication id must exist as well as the password. All 2922other entries have default values. If one of user or authentication 2923id is missing, the existing value is used for the missing item. 2924If "R:" is not specified, realm defaults to $j. The list of mechanisms 2925defaults to those specified by AuthMechanisms. 2926 2927Since this map contains sensitive information, either the access 2928map must be unreadable by everyone but root (or the trusted user) 2929or FEATURE(`authinfo') must be used which provides a separate map. 2930Notice: It is not checked whether the map is actually 2931group/world-unreadable, this is left to the user. 2932 2933+--------------------------------+ 2934| ADDING NEW MAILERS OR RULESETS | 2935+--------------------------------+ 2936 2937Sometimes you may need to add entirely new mailers or rulesets. They 2938should be introduced with the constructs MAILER_DEFINITIONS and 2939LOCAL_RULESETS respectively. For example: 2940 2941 MAILER_DEFINITIONS 2942 Mmymailer, ... 2943 ... 2944 2945 LOCAL_RULESETS 2946 Smyruleset 2947 ... 2948 2949Local additions for the rulesets srv_features, try_tls, tls_rcpt, 2950tls_client, and tls_server can be made using LOCAL_SRV_FEATURES, 2951LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER, 2952respectively. For example, to add a local ruleset that decides 2953whether to try STARTTLS in a sendmail client, use: 2954 2955 LOCAL_TRY_TLS 2956 R... 2957 2958Note: you don't need to add a name for the ruleset, it is implicitly 2959defined by using the appropriate macro. 2960 2961 2962+-------------------------+ 2963| ADDING NEW MAIL FILTERS | 2964+-------------------------+ 2965 2966Sendmail supports mail filters to filter incoming SMTP messages according 2967to the "Sendmail Mail Filter API" documentation. These filters can be 2968configured in your mc file using the two commands: 2969 2970 MAIL_FILTER(`name', `equates') 2971 INPUT_MAIL_FILTER(`name', `equates') 2972 2973The first command, MAIL_FILTER(), simply defines a filter with the given 2974name and equates. For example: 2975 2976 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 2977 2978This creates the equivalent sendmail.cf entry: 2979 2980 Xarchive, S=local:/var/run/archivesock, F=R 2981 2982The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER 2983but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name 2984of the filter such that the filter will actually be called by sendmail. 2985 2986For example, the two commands: 2987 2988 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 2989 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 2990 2991are equivalent to the three commands: 2992 2993 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 2994 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 2995 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') 2996 2997In general, INPUT_MAIL_FILTER() should be used unless you need to define 2998more filters than you want to use for `confINPUT_MAIL_FILTERS'. 2999 3000Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() 3001commands will clear the list created by the prior INPUT_MAIL_FILTER() 3002commands. 3003 3004 3005+-------------------------+ 3006| QUEUE GROUP DEFINITIONS | 3007+-------------------------+ 3008 3009In addition to the queue directory (which is the default queue group 3010called "mqueue"), sendmail can deal with multiple queue groups, which 3011are collections of queue directories with the same behaviour. Queue 3012groups can be defined using the command: 3013 3014 QUEUE_GROUP(`name', `equates') 3015 3016For details about queue groups, please see doc/op/op.{me,ps,txt}. 3017 3018+-------------------------------+ 3019| NON-SMTP BASED CONFIGURATIONS | 3020+-------------------------------+ 3021 3022These configuration files are designed primarily for use by 3023SMTP-based sites. They may not be well tuned for UUCP-only or 3024UUCP-primarily nodes (the latter is defined as a small local net 3025connected to the rest of the world via UUCP). However, there is 3026one hook to handle some special cases. 3027 3028You can define a ``smart host'' that understands a richer address syntax 3029using: 3030 3031 define(`SMART_HOST', `mailer:hostname') 3032 3033In this case, the ``mailer:'' defaults to "relay". Any messages that 3034can't be handled using the usual UUCP rules are passed to this host. 3035 3036If you are on a local SMTP-based net that connects to the outside 3037world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 3038For example: 3039 3040 define(`SMART_HOST', `uucp-new:uunet') 3041 LOCAL_NET_CONFIG 3042 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 3043 3044This will cause all names that end in your domain name ($m) to be sent 3045via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. 3046If you have FEATURE(`nocanonify'), you may need to omit the dots after 3047the $m. If you are running a local DNS inside your domain which is 3048not otherwise connected to the outside world, you probably want to 3049use: 3050 3051 define(`SMART_HOST', `smtp:fire.wall.com') 3052 LOCAL_NET_CONFIG 3053 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 3054 3055That is, send directly only to things you found in your DNS lookup; 3056anything else goes through SMART_HOST. 3057 3058You may need to turn off the anti-spam rules in order to accept 3059UUCP mail with FEATURE(`promiscuous_relay') and 3060FEATURE(`accept_unresolvable_domains'). 3061 3062 3063+-----------+ 3064| WHO AM I? | 3065+-----------+ 3066 3067Normally, the $j macro is automatically defined to be your fully 3068qualified domain name (FQDN). Sendmail does this by getting your 3069host name using gethostname and then calling gethostbyname on the 3070result. For example, in some environments gethostname returns 3071only the root of the host name (such as "foo"); gethostbyname is 3072supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 3073cases, gethostbyname may fail to return the FQDN. In this case 3074you MUST define confDOMAIN_NAME to be your fully qualified domain 3075name. This is usually done using: 3076 3077 Dmbar.com 3078 define(`confDOMAIN_NAME', `$w.$m')dnl 3079 3080 3081+-----------------------------------+ 3082| ACCEPTING MAIL FOR MULTIPLE NAMES | 3083+-----------------------------------+ 3084 3085If your host is known by several different names, you need to augment 3086class {w}. This is a list of names by which your host is known, and 3087anything sent to an address using a host name in this list will be 3088treated as local mail. You can do this in two ways: either create the 3089file /etc/mail/local-host-names containing a list of your aliases (one per 3090line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add 3091``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified 3092name of the host, rather than a short name. 3093 3094If you want to have different address in different domains, take 3095a look at the virtusertable feature, which is also explained at 3096http://www.sendmail.org/virtual-hosting.html 3097 3098 3099+--------------------+ 3100| USING MAILERTABLES | 3101+--------------------+ 3102 3103To use FEATURE(`mailertable'), you will have to create an external 3104database containing the routing information for various domains. 3105For example, a mailertable file in text format might be: 3106 3107 .my.domain xnet:%1.my.domain 3108 uuhost1.my.domain uucp-new:uuhost1 3109 .bitnet smtp:relay.bit.net 3110 3111This should normally be stored in /etc/mail/mailertable. The actual 3112database version of the mailertable is built using: 3113 3114 makemap hash /etc/mail/mailertable < /etc/mail/mailertable 3115 3116The semantics are simple. Any LHS entry that does not begin with 3117a dot matches the full host name indicated. LHS entries beginning 3118with a dot match anything ending with that domain name (including 3119the leading dot) -- that is, they can be thought of as having a 3120leading ".+" regular expression pattern for a non-empty sequence of 3121characters. Matching is done in order of most-to-least qualified 3122-- for example, even though ".my.domain" is listed first in the 3123above example, an entry of "uuhost1.my.domain" will match the second 3124entry since it is more explicit. Note: e-mail to "user@my.domain" 3125does not match any entry in the above table. You need to have 3126something like: 3127 3128 my.domain esmtp:host.my.domain 3129 3130The RHS should always be a "mailer:host" pair. The mailer is the 3131configuration name of a mailer (that is, an M line in the 3132sendmail.cf file). The "host" will be the hostname passed to 3133that mailer. In domain-based matches (that is, those with leading 3134dots) the "%1" may be used to interpolate the wildcarded part of 3135the host name. For example, the first line above sends everything 3136addressed to "anything.my.domain" to that same host name, but using 3137the (presumably experimental) xnet mailer. 3138 3139In some cases you may want to temporarily turn off MX records, 3140particularly on gateways. For example, you may want to MX 3141everything in a domain to one machine that then forwards it 3142directly. To do this, you might use the DNS configuration: 3143 3144 *.domain. IN MX 0 relay.machine 3145 3146and on relay.machine use the mailertable: 3147 3148 .domain smtp:[gateway.domain] 3149 3150The [square brackets] turn off MX records for this host only. 3151If you didn't do this, the mailertable would use the MX record 3152again, which would give you an MX loop. 3153 3154 3155+--------------------------------+ 3156| USING USERDB TO MAP FULL NAMES | 3157+--------------------------------+ 3158 3159The user database was not originally intended for mapping full names 3160to login names (e.g., Eric.Allman => eric), but some people are using 3161it that way. (it is recommended that you set up aliases for this 3162purpose instead -- since you can specify multiple alias files, this 3163is fairly easy.) The intent was to locate the default maildrop at 3164a site, but allow you to override this by sending to a specific host. 3165 3166If you decide to set up the user database in this fashion, it is 3167imperative that you not use FEATURE(`stickyhost') -- otherwise, 3168e-mail sent to Full.Name@local.host.name will be rejected. 3169 3170To build the internal form of the user database, use: 3171 3172 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt 3173 3174As a general rule, it is an extremely bad idea to using full names 3175as e-mail addresses, since they are not in any sense unique. For 3176example, the UNIX software-development community has at least two 3177well-known Peter Deutsches, and at one time Bell Labs had two 3178Stephen R. Bournes with offices along the same hallway. Which one 3179will be forced to suffer the indignity of being Stephen_R_Bourne_2? 3180The less famous of the two, or the one that was hired later? 3181 3182Finger should handle full names (and be fuzzy). Mail should use 3183handles, and not be fuzzy. 3184 3185 3186+--------------------------------+ 3187| MISCELLANEOUS SPECIAL FEATURES | 3188+--------------------------------+ 3189 3190Plussed users 3191 Sometimes it is convenient to merge configuration on a 3192 centralized mail machine, for example, to forward all 3193 root mail to a mail server. In this case it might be 3194 useful to be able to treat the root addresses as a class 3195 of addresses with subtle differences. You can do this 3196 using plussed users. For example, a client might include 3197 the alias: 3198 3199 root: root+client1@server 3200 3201 On the server, this will match an alias for "root+client1". 3202 If that is not found, the alias "root+*" will be tried, 3203 then "root". 3204 3205 3206+----------------+ 3207| SECURITY NOTES | 3208+----------------+ 3209 3210A lot of sendmail security comes down to you. Sendmail 8 is much 3211more careful about checking for security problems than previous 3212versions, but there are some things that you still need to watch 3213for. In particular: 3214 3215* Make sure the aliases file isn't writable except by trusted 3216 system personnel. This includes both the text and database 3217 version. 3218 3219* Make sure that other files that sendmail reads, such as the 3220 mailertable, are only writable by trusted system personnel. 3221 3222* The queue directory should not be world writable PARTICULARLY 3223 if your system allows "file giveaways" (that is, if a non-root 3224 user can chown any file they own to any other user). 3225 3226* If your system allows file giveaways, DO NOT create a publically 3227 writable directory for forward files. This will allow anyone 3228 to steal anyone else's e-mail. Instead, create a script that 3229 copies the .forward file from users' home directories once a 3230 night (if you want the non-NFS-mounted forward directory). 3231 3232* If your system allows file giveaways, you'll find that 3233 sendmail is much less trusting of :include: files -- in 3234 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 3235 /etc/shells before they will be trusted (that is, before 3236 files and programs listed in them will be honored). 3237 3238In general, file giveaways are a mistake -- if you can turn them 3239off, do so. 3240 3241 3242+--------------------------------+ 3243| TWEAKING CONFIGURATION OPTIONS | 3244+--------------------------------+ 3245 3246There are a large number of configuration options that don't normally 3247need to be changed. However, if you feel you need to tweak them, you 3248can define the following M4 variables. This list is shown in four 3249columns: the name you define, the default value for that definition, 3250the option or macro that is affected (either Ox for an option or Dx 3251for a macro), and a brief description. Greater detail of the semantics 3252can be found in the Installation and Operations Guide. 3253 3254Some options are likely to be deprecated in future versions -- that is, 3255the option is only included to provide back-compatibility. These are 3256marked with "*". 3257 3258Remember that these options are M4 variables, and hence may need to 3259be quoted. In particular, arguments with commas will usually have to 3260be ``double quoted, like this phrase'' to avoid having the comma 3261confuse things. This is common for alias file definitions and for 3262the read timeout. 3263 3264M4 Variable Name Configuration Description & [Default] 3265================ ============= ======================= 3266confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 3267 for internally generated outgoing 3268 messages. 3269confDOMAIN_NAME $j macro If defined, sets $j. This should 3270 only be done if your system cannot 3271 determine your local domain name, 3272 and then it should be set to 3273 $w.Foo.COM, where Foo.COM is your 3274 domain name. 3275confCF_VERSION $Z macro If defined, this is appended to the 3276 configuration version name. 3277confLDAP_CLUSTER ${sendmailMTACluster} macro 3278 If defined, this is the LDAP 3279 cluster to use for LDAP searches 3280 as described above in ``USING LDAP 3281 FOR ALIASES, MAPS, AND CLASSES''. 3282confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 3283 internally generated From: address. 3284confRECEIVED_HEADER Received: 3285 [$?sfrom $s $.$?_($?s$|from $.$_) 3286 $.$?{auth_type}(authenticated) 3287 $.by $j ($v/$Z)$?r with $r$. id $i$?u 3288 for $u; $|; 3289 $.$b] 3290 The format of the Received: header 3291 in messages passed through this host. 3292 It is unwise to try to change this. 3293confCW_FILE Fw class [/etc/mail/local-host-names] Name 3294 of file used to get the local 3295 additions to class {w} (local host 3296 names). 3297confCT_FILE Ft class [/etc/mail/trusted-users] Name of 3298 file used to get the local additions 3299 to class {t} (trusted users). 3300confCR_FILE FR class [/etc/mail/relay-domains] Name of 3301 file used to get the local additions 3302 to class {R} (hosts allowed to relay). 3303confTRUSTED_USERS Ct class [no default] Names of users to add to 3304 the list of trusted users. This list 3305 always includes root, uucp, and daemon. 3306 See also FEATURE(`use_ct_file'). 3307confTRUSTED_USER TrustedUser [no default] Trusted user for file 3308 ownership and starting the daemon. 3309 Not to be confused with 3310 confTRUSTED_USERS (see above). 3311confSMTP_MAILER - [esmtp] The mailer name used when 3312 SMTP connectivity is required. 3313 One of "smtp", "smtp8", 3314 "esmtp", or "dsmtp". 3315confUUCP_MAILER - [uucp-old] The mailer to be used by 3316 default for bang-format recipient 3317 addresses. See also discussion of 3318 class {U}, class {Y}, and class {Z} 3319 in the MAILER(`uucp') section. 3320confLOCAL_MAILER - [local] The mailer name used when 3321 local connectivity is required. 3322 Almost always "local". 3323confRELAY_MAILER - [relay] The default mailer name used 3324 for relaying any mail (e.g., to a 3325 BITNET_RELAY, a SMART_HOST, or 3326 whatever). This can reasonably be 3327 "uucp-new" if you are on a 3328 UUCP-connected site. 3329confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 3330confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 3331confALIAS_WAIT AliasWait [10m] Time to wait for alias file 3332 rebuild until you get bored and 3333 decide that the apparently pending 3334 rebuild failed. 3335confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 3336 queue filesystem to accept SMTP mail. 3337 (Prior to 8.7 this was minfree/maxsize, 3338 where minfree was the number of free 3339 blocks and maxsize was the maximum 3340 message size. Use confMAX_MESSAGE_SIZE 3341 for the second value now.) 3342confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 3343 that will be accepted (in bytes). 3344confBLANK_SUB BlankSub [.] Blank (space) substitution 3345 character. 3346confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 3347 to mailers marked expensive. 3348confCHECKPOINT_INTERVAL CheckpointInterval 3349 [10] Checkpoint queue files every N 3350 recipients. 3351confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 3352confERROR_MODE ErrorMode [print] Error message mode. 3353confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 3354confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 3355confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 3356confMATCH_GECOS MatchGECOS [False] Match GECOS field. 3357confMAX_HOP MaxHopCount [25] Maximum hop count. 3358confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd 3359 mode] Ignore dot as terminator for 3360 incoming messages? 3361confBIND_OPTS ResolverOptions [undefined] Default options for DNS 3362 resolver. 3363confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 3364 encapsulated messages per RFC 1344. 3365confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 3366 The colon-separated list of places to 3367 search for .forward files. N.B.: see 3368 the Security Notes section. 3369confMCI_CACHE_SIZE ConnectionCacheSize 3370 [2] Size of open connection cache. 3371confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 3372 [5m] Open connection cache timeout. 3373confHOST_STATUS_DIRECTORY HostStatusDirectory 3374 [undefined] If set, host status is kept 3375 on disk between sendmail runs in the 3376 named directory tree. This need not be 3377 a full pathname, in which case it is 3378 interpreted relative to the queue 3379 directory. 3380confSINGLE_THREAD_DELIVERY SingleThreadDelivery 3381 [False] If this option and the 3382 HostStatusDirectory option are both 3383 set, single thread deliveries to other 3384 hosts. That is, don't allow any two 3385 sendmails on this host to connect 3386 simultaneously to any other single 3387 host. This can slow down delivery in 3388 some cases, in particular since a 3389 cached but otherwise idle connection 3390 to a host will prevent other sendmails 3391 from connecting to the other host. 3392confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to 3393 deliver error messages. This should 3394 not be necessary because of general 3395 acceptance of the envelope/header 3396 distinction. 3397confLOG_LEVEL LogLevel [9] Log level. 3398confME_TOO MeToo [True] Include sender in group 3399 expansions. This option is 3400 deprecated and will be removed from 3401 a future version. 3402confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 3403 running newaliases. Since this does 3404 DNS lookups on every address, it can 3405 slow down the alias rebuild process 3406 considerably on large alias files. 3407confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 3408 special chars are old style. 3409confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 3410confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 3411 copies of all error messages. 3412confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 3413confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for 3414 queue files (octal). If not set, 3415 sendmail uses 0600 unless its real 3416 and effective uid are different in 3417 which case it uses 0644. 3418confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 3419 syntax addresses to the minimum 3420 possible. 3421confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 3422 before forking. 3423confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 3424 on the initial connect. 3425confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 3426 connect() to complete. This can only 3427 shorten connection timeouts; the kernel 3428 silently enforces an absolute maximum 3429 (which varies depending on the system). 3430confTO_ICONNECT Timeout.iconnect 3431 [undefined] Like Timeout.connect, but 3432 applies only to the very first attempt 3433 to connect to a host in a message. 3434 This allows a single very fast pass 3435 followed by more careful delivery 3436 attempts in the future. 3437confTO_ACONNECT Timeout.aconnect 3438 [0] The overall timeout waiting for 3439 all connection for a single delivery 3440 attempt to succeed. If 0, no overall 3441 limit is applied. 3442confTO_HELO Timeout.helo [5m] The timeout waiting for a response 3443 to a HELO or EHLO command. 3444confTO_MAIL Timeout.mail [10m] The timeout waiting for a 3445 response to the MAIL command. 3446confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 3447 to the RCPT command. 3448confTO_DATAINIT Timeout.datainit 3449 [5m] The timeout waiting for a 354 3450 response from the DATA command. 3451confTO_DATABLOCK Timeout.datablock 3452 [1h] The timeout waiting for a block 3453 during DATA phase. 3454confTO_DATAFINAL Timeout.datafinal 3455 [1h] The timeout waiting for a response 3456 to the final "." that terminates a 3457 message. 3458confTO_RSET Timeout.rset [5m] The timeout waiting for a response 3459 to the RSET command. 3460confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 3461 to the QUIT command. 3462confTO_MISC Timeout.misc [2m] The timeout waiting for a response 3463 to other SMTP commands. 3464confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout 3465 waiting for a command to be issued. 3466confTO_IDENT Timeout.ident [5s] The timeout waiting for a 3467 response to an IDENT query. 3468confTO_FILEOPEN Timeout.fileopen 3469 [60s] The timeout waiting for a file 3470 (e.g., :include: file) to be opened. 3471confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response 3472 to an LMTP LHLO command. 3473confTO_AUTH Timeout.auth [10m] The timeout waiting for a 3474 response in an AUTH dialogue. 3475confTO_STARTTLS Timeout.starttls 3476 [1h] The timeout waiting for a 3477 response to an SMTP STARTTLS command. 3478confTO_CONTROL Timeout.control 3479 [2m] The timeout for a complete 3480 control socket transaction to complete. 3481confTO_QUEUERETURN Timeout.queuereturn 3482 [5d] The timeout before a message is 3483 returned as undeliverable. 3484confTO_QUEUERETURN_NORMAL 3485 Timeout.queuereturn.normal 3486 [undefined] As above, for normal 3487 priority messages. 3488confTO_QUEUERETURN_URGENT 3489 Timeout.queuereturn.urgent 3490 [undefined] As above, for urgent 3491 priority messages. 3492confTO_QUEUERETURN_NONURGENT 3493 Timeout.queuereturn.non-urgent 3494 [undefined] As above, for non-urgent 3495 (low) priority messages. 3496confTO_QUEUEWARN Timeout.queuewarn 3497 [4h] The timeout before a warning 3498 message is sent to the sender telling 3499 them that the message has been 3500 deferred. 3501confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 3502 [undefined] As above, for normal 3503 priority messages. 3504confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 3505 [undefined] As above, for urgent 3506 priority messages. 3507confTO_QUEUEWARN_NONURGENT 3508 Timeout.queuewarn.non-urgent 3509 [undefined] As above, for non-urgent 3510 (low) priority messages. 3511confTO_HOSTSTATUS Timeout.hoststatus 3512 [30m] How long information about host 3513 statuses will be maintained before it 3514 is considered stale and the host should 3515 be retried. This applies both within 3516 a single queue run and to persistent 3517 information (see below). 3518confTO_RESOLVER_RETRANS Timeout.resolver.retrans 3519 [varies] Sets the resolver's 3520 retransmition time interval (in 3521 seconds). Sets both 3522 Timeout.resolver.retrans.first and 3523 Timeout.resolver.retrans.normal. 3524confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 3525 [varies] Sets the resolver's 3526 retransmition time interval (in 3527 seconds) for the first attempt to 3528 deliver a message. 3529confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 3530 [varies] Sets the resolver's 3531 retransmition time interval (in 3532 seconds) for all resolver lookups 3533 except the first delivery attempt. 3534confTO_RESOLVER_RETRY Timeout.resolver.retry 3535 [varies] Sets the number of times 3536 to retransmit a resolver query. 3537 Sets both 3538 Timeout.resolver.retry.first and 3539 Timeout.resolver.retry.normal. 3540confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 3541 [varies] Sets the number of times 3542 to retransmit a resolver query for 3543 the first attempt to deliver a 3544 message. 3545confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 3546 [varies] Sets the number of times 3547 to retransmit a resolver query for 3548 all resolver lookups except the 3549 first delivery attempt. 3550confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 3551 USE_SYSTEM to use the system's idea, 3552 USE_TZ to use the user's TZ envariable, 3553 or something else to force that value. 3554confDEF_USER_ID DefaultUser [1:1] Default user id. 3555confUSERDB_SPEC UserDatabaseSpec 3556 [undefined] User database 3557 specification. 3558confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 3559confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX 3560 for a host and other arrangements 3561 haven't been made, try connecting 3562 to the host directly; normally this 3563 would be a config error. 3564confQUEUE_LA QueueLA [varies] Load average at which 3565 queue-only function kicks in. 3566 Default values is (8 * numproc) 3567 where numproc is the number of 3568 processors online (if that can be 3569 determined). 3570confREFUSE_LA RefuseLA [varies] Load average at which 3571 incoming SMTP connections are 3572 refused. Default values is (12 * 3573 numproc) where numproc is the 3574 number of processors online (if 3575 that can be determined). 3576confDELAY_LA DelayLA [0] Load average at which sendmail 3577 will sleep for one second on most 3578 SMTP commands and before accepting 3579 connections. 0 means no limit. 3580confMAX_ALIAS_RECURSION MaxAliasRecursion 3581 [10] Maximum depth of alias recursion. 3582confMAX_DAEMON_CHILDREN MaxDaemonChildren 3583 [undefined] The maximum number of 3584 children the daemon will permit. After 3585 this number, connections will be 3586 rejected. If not set or <= 0, there is 3587 no limit. 3588confMAX_HEADERS_LENGTH MaxHeadersLength 3589 [32768] Maximum length of the sum 3590 of all headers. 3591confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 3592 [undefined] Maximum length of 3593 certain MIME header field values. 3594confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 3595 [undefined] The maximum number of 3596 connections permitted per second per 3597 daemon. After this many connections 3598 are accepted, further connections 3599 will be delayed. If not set or <= 0, 3600 there is no limit. 3601confWORK_RECIPIENT_FACTOR 3602 RecipientFactor [30000] Cost of each recipient. 3603confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a 3604 separate process. 3605confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 3606confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 3607confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 3608 Priority, Host, Filename, Random, 3609 Modification, or Time. 3610confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 3611 must sit in the queue between queue 3612 runs. This allows you to set the 3613 queue run interval low for better 3614 responsiveness without trying all 3615 jobs in each run. 3616confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 3617 unlabeled 8 bit input to MIME, the 3618 character set to use by default. 3619confSERVICE_SWITCH_FILE ServiceSwitchFile 3620 [/etc/mail/service.switch] The file 3621 to use for the service switch on 3622 systems that do not have a 3623 system-defined switch. 3624confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 3625 "file" type access of hosts names. 3626confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 3627 long and try again. Zero means "don't 3628 retry". This is to allow "dial on 3629 demand" connections to have enough time 3630 to complete a connection. 3631confNO_RCPT_ACTION NoRecipientAction 3632 [none] What to do if there are no legal 3633 recipient fields (To:, Cc: or Bcc:) 3634 in the message. Legal values can 3635 be "none" to just leave the 3636 nonconforming message as is, "add-to" 3637 to add a To: header with all the 3638 known recipients (which may expose 3639 blind recipients), "add-apparently-to" 3640 to do the same but use Apparently-To: 3641 instead of To: (strongly discouraged 3642 in accordance with IETF standards), 3643 "add-bcc" to add an empty Bcc: 3644 header, or "add-to-undisclosed" to 3645 add the header 3646 ``To: undisclosed-recipients:;''. 3647confSAFE_FILE_ENV SafeFileEnvironment 3648 [undefined] If set, sendmail will do a 3649 chroot() into this directory before 3650 writing files. 3651confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 3652 If set, colons are treated as a regular 3653 character in addresses. If not set, 3654 they are treated as the introducer to 3655 the RFC 822 "group" syntax. Colons are 3656 handled properly in route-addrs. This 3657 option defaults on for V5 and lower 3658 configuration files. 3659confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 3660 any given queue run to this number of 3661 entries. Essentially, this will stop 3662 reading each queue directory after this 3663 number of entries are reached; it does 3664 _not_ pick the highest priority jobs, 3665 so this should be as large as your 3666 system can tolerate. If not set, there 3667 is no limit. 3668confMAX_QUEUE_CHILDREN MaxQueueChildren 3669 [undefined] Limits the maximum number 3670 of concurrent queue runners active. 3671 This is to keep system resources used 3672 within a reasonable limit. Relates to 3673 Queue Groups and ForkAllJobs. 3674confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 3675 [1] Only active when MaxQueueChildren 3676 defined. Controls the maximum number 3677 of queue runners (aka queue children) 3678 active at the same time in a work 3679 group. See also MaxQueueChildren. 3680confDONT_EXPAND_CNAMES DontExpandCnames 3681 [False] If set, $[ ... $] lookups that 3682 do DNS based lookups do not expand 3683 CNAME records. This currently violates 3684 the published standards, but the IETF 3685 seems to be moving toward legalizing 3686 this. For example, if "FTP.Foo.ORG" 3687 is a CNAME for "Cruft.Foo.ORG", then 3688 with this option set a lookup of 3689 "FTP" will return "FTP.Foo.ORG"; if 3690 clear it returns "Cruft.FOO.ORG". N.B. 3691 you may not see any effect until your 3692 downstream neighbors stop doing CNAME 3693 lookups as well. 3694confFROM_LINE UnixFromLine [From $g $d] The From_ line used 3695 when sending to files or programs. 3696confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 3697 [False] From: lines that have 3698 embedded newlines are unwrapped 3699 onto one line. 3700confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 3701 does not include a host name. 3702confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 3703 name phrase (@,;:\()[] are automatic). 3704confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 3705 characters. 3706confSMTP_LOGIN_MSG SmtpGreetingMessage 3707 [$j Sendmail $v/$Z; $b] 3708 The initial (spontaneous) SMTP 3709 greeting message. The word "ESMTP" 3710 will be inserted between the first and 3711 second words to convince other 3712 sendmails to try to speak ESMTP. 3713confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 3714 routine will never be invoked. You 3715 might want to do this if you are 3716 running NIS and you have a large group 3717 map, since this call does a sequential 3718 scan of the map; in a large site this 3719 can cause your ypserv to run 3720 essentially full time. If you set 3721 this, agents run on behalf of users 3722 will only have their primary 3723 (/etc/passwd) group permissions. 3724confUNSAFE_GROUP_WRITES UnsafeGroupWrites 3725 [False] If set, group-writable 3726 :include: and .forward files are 3727 considered "unsafe", that is, programs 3728 and files cannot be directly referenced 3729 from such files. World-writable files 3730 are always considered unsafe. 3731confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection 3732 address (for testing). 3733confCONTROL_SOCKET_NAME ControlSocketName 3734 [undefined] Control socket for daemon 3735 management. 3736confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 3737 [postmaster] If an error occurs when 3738 sending an error message, send that 3739 "double bounce" error message to this 3740 address. If it expands to an empty 3741 string, double bounces are dropped. 3742confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce 3743 messages which could not be returned 3744 to the user or sent to postmaster. 3745 If not set, the queue file will 3746 be renamed. 3747confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header 3748 implies DSN request. 3749confRUN_AS_USER RunAsUser [undefined] If set, become this user 3750 when reading and delivering mail. 3751 Causes all file reads (e.g., .forward 3752 and :include: files) to be done as 3753 this user. Also, all programs will 3754 be run as this user, and all output 3755 files will be written as this user. 3756 Intended for use only on firewalls 3757 where users do not have accounts. 3758confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 3759 [infinite] If set, allow no more than 3760 the specified number of recipients in 3761 an SMTP envelope. Further recipients 3762 receive a 452 error code (i.e., they 3763 are deferred for the next delivery 3764 attempt). 3765confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and more than the 3766 specified number of recipients in an 3767 envelope are rejected, sleep for one 3768 second after each rejected RCPT 3769 command. 3770confDONT_PROBE_INTERFACES DontProbeInterfaces 3771 [False] If set, sendmail will _not_ 3772 insert the names and addresses of any 3773 local interfaces into class {w} 3774 (list of known "equivalent" addresses). 3775 If you set this, you must also include 3776 some support for these addresses (e.g., 3777 in a mailertable entry) -- otherwise, 3778 mail to addresses in this list will 3779 bounce with a configuration error. 3780 If set to "loopback" (without 3781 quotes), sendmail will skip 3782 loopback interfaces (e.g., "lo0"). 3783confPID_FILE PidFile [system dependent] Location of pid 3784 file. 3785confPROCESS_TITLE_PREFIX ProcessTitlePrefix 3786 [undefined] Prefix string for the 3787 process title shown on 'ps' listings. 3788confDONT_BLAME_SENDMAIL DontBlameSendmail 3789 [safe] Override sendmail's file 3790 safety checks. This will definitely 3791 compromise system security and should 3792 not be used unless absolutely 3793 necessary. 3794confREJECT_MSG - [550 Access denied] The message 3795 given if the access database contains 3796 REJECT in the value portion. 3797confRELAY_MSG - [550 Relaying denied] The message 3798 given if an unauthorized relaying 3799 attempt is rejected. 3800confDF_BUFFER_SIZE DataFileBufferSize 3801 [4096] The maximum size of a 3802 memory-buffered data (df) file 3803 before a disk-based file is used. 3804confXF_BUFFER_SIZE XScriptFileBufferSize 3805 [4096] The maximum size of a 3806 memory-buffered transcript (xf) 3807 file before a disk-based file is 3808 used. 3809confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5 3810 CRAM-MD5] List of authentication 3811 mechanisms for AUTH (separated by 3812 spaces). The advertised list of 3813 authentication mechanisms will be the 3814 intersection of this list and the list 3815 of available mechanisms as determined 3816 by the CYRUS SASL library. 3817confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains 3818 authentication information for 3819 outgoing connections. This file must 3820 contain the user id, the authorization 3821 id, the password (plain text), the 3822 realm to use, and the list of 3823 mechanisms to try, each on a separate 3824 line and must be readable by root (or 3825 the trusted user) only. If no realm 3826 is specified, $j is used. If no 3827 mechanisms are given in the file, 3828 AuthMechanisms is used. Notice: this 3829 option is deprecated and will be 3830 removed in future versions; it doesn't 3831 work for the MSP since it can't read 3832 the file. Use the authinfo ruleset 3833 instead. See also the section SMTP 3834 AUTHENTICATION. 3835confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A' 3836 then the AUTH= parameter for the 3837 MAIL FROM command is only issued 3838 when authentication succeeded. 3839 Other values (which should be listed 3840 one after the other without any 3841 intervening characters except for 3842 space or comma) are a, c, d, f, p, 3843 and y. See doc/op/op.me for 3844 details. 3845confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption 3846 strength for the security layer in 3847 SMTP AUTH (SASL). Default is 3848 essentially unlimited. 3849confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 3850 verification is performed, i.e., 3851 the server doesn't ask for a 3852 certificate. 3853confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map 3854 specification for LDAP maps. The 3855 value should only contain LDAP 3856 specific settings such as "-h host 3857 -p port -d bindDN", etc. The 3858 settings will be used for all LDAP 3859 maps unless they are specified in 3860 the individual map specification 3861 ('K' command). 3862confCACERT_PATH CACERTPath [undefined] Path to directory 3863 with certs of CAs. 3864confCACERT CACERTFile [undefined] File containing one CA 3865 cert. 3866confSERVER_CERT ServerCertFile [undefined] File containing the 3867 cert of the server, i.e., this cert 3868 is used when sendmail acts as 3869 server. 3870confSERVER_KEY ServerKeyFile [undefined] File containing the 3871 private key belonging to the server 3872 cert. 3873confCLIENT_CERT ClientCertFile [undefined] File containing the 3874 cert of the client, i.e., this cert 3875 is used when sendmail acts as 3876 client. 3877confCLIENT_KEY ClientKeyFile [undefined] File containing the 3878 private key belonging to the client 3879 cert. 3880confDH_PARAMETERS DHParameters [undefined] File containing the 3881 DH parameters. 3882confRAND_FILE RandFile [undefined] File containing random 3883 data (use prefix file:) or the 3884 name of the UNIX socket if EGD is 3885 used (use prefix egd:). STARTTLS 3886 requires this option if the compile 3887 flag HASURANDOM is not set (see 3888 sendmail/README). 3889confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of 3890 queue runners is set the given value 3891 (nice(3)). 3892confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 3893 [undefined] Defines {daemon_flags} 3894 for direct submissions. 3895confUSE_MSP UseMSP [false] Use as mail submission 3896 program, see sendmail/SECURITY. 3897confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By 3898 SMTP Service Extension (RFC 2852). 3899confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory. 3900confFAST_SPLIT FastSplit [1] If set to a value greater than 3901 zero, the initial MX lookups on 3902 addresses is suppressed when they 3903 are sorted which may result in 3904 faster envelope splitting. If the 3905 mail is submitted directly from the 3906 command line, then the value also 3907 limits the number of processes to 3908 deliver the envelopes. 3909confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find 3910 information about local mailboxes. 3911confDEQUOTE_OPTS - [empty] Additional options for the 3912 dequote map. 3913confINPUT_MAIL_FILTERS InputMailFilters 3914 A comma separated list of filters 3915 which determines which filters and 3916 the invocation sequence are 3917 contacted for incoming SMTP 3918 messages. If none are set, no 3919 filters will be contacted. 3920confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter 3921 actions, defaults to LogLevel. 3922confMILTER_MACROS_CONNECT Milter.macros.connect 3923 [empty] Macros to transmit to milters 3924 when a session connection starts. 3925confMILTER_MACROS_HELO Milter.macros.helo 3926 [empty] Macros to transmit to milters 3927 after HELO command. 3928confMILTER_MACROS_ENVFROM Milter.macros.envfrom 3929 [empty] Macros to transmit to milters 3930 after MAIL FROM command. 3931confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 3932 [empty] Macros to transmit to milters 3933 after RCPT TO command. 3934 3935 3936See also the description of OSTYPE for some parameters that can be 3937tweaked (generally pathnames to mailers). 3938 3939ClientPortOptions and DaemonPortOptions are special cases since multiple 3940clients/daemons can be defined. This can be done via 3941 3942 CLIENT_OPTIONS(`field1=value1,field2=value2,...') 3943 DAEMON_OPTIONS(`field1=value1,field2=value2,...') 3944 3945Note that multiple CLIENT_OPTIONS() commands (and therefore multiple 3946ClientPortOptions settings) are allowed in order to give settings for each 3947protocol family (e.g., one for Family=inet and one for Family=inet6). A 3948restriction placed on one family only affects outgoing connections on that 3949particular family. 3950 3951If DAEMON_OPTIONS is not used, then the default is 3952 3953 DAEMON_OPTIONS(`Port=smtp, Name=MTA') 3954 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') 3955 3956If you use one DAEMON_OPTIONS macro, it will alter the parameters 3957of the first of these. The second will still be defaulted; it 3958represents a "Message Submission Agent" (MSA) as defined by RFC 39592476 (see below). To turn off the default definition for the MSA, 3960use FEATURE(`no_default_msa') (see also FEATURES). If you use 3961additional DAEMON_OPTIONS macros, they will add additional daemons. 3962 3963Example 1: To change the port for the SMTP listener, while 3964still using the MSA default, use 3965 DAEMON_OPTIONS(`Port=925, Name=MTA') 3966 3967Example 2: To change the port for the MSA daemon, while still 3968using the default SMTP port, use 3969 FEATURE(`no_default_msa') 3970 DAEMON_OPTIONS(`Name=MTA') 3971 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') 3972 3973Note that if the first of those DAEMON_OPTIONS lines were omitted, then 3974there would be no listener on the standard SMTP port. 3975 3976Example 3: To listen on both IPv4 and IPv6 interfaces, use 3977 3978 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') 3979 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') 3980 3981A "Message Submission Agent" still uses all of the same rulesets for 3982processing the message (and therefore still allows message rejection via 3983the check_* rulesets). In accordance with the RFC, the MSA will ensure 3984that all domains in the envelope are fully qualified if the message is 3985relayed to another MTA. It will also enforce the normal address syntax 3986rules and log error messages. Additionally, by using the M=a modifier 3987you can require authentication before messages are accepted by the MSA. 3988Notice: Do NOT use the 'a' modifier on a public accessible MTA! 3989Finally, the M=E modifier shown above disables ETRN as required by RFC 39902476. 3991 3992Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() 3993commands: 3994 3995 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') 3996 MAIL_FILTER(`myfilter', `S=inet:3333@localhost') 3997 3998The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the 3999same order they were specified by also setting confINPUT_MAIL_FILTERS. A 4000filter can be defined without adding it to the input filter list by using 4001MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. 4002Alternatively, you can reset the list of filters and their order by setting 4003confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in 4004your .mc file. 4005 4006 4007+----------------------------+ 4008| MESSAGE SUBMISSION PROGRAM | 4009+----------------------------+ 4010 4011The purpose of the message submission program (MSP) is explained 4012in sendmail/SECURITY. This section contains a list of caveats and 4013a few hints how for those who want to tweak the default configuration 4014for it (which is installed as submit.cf). 4015 4016Notice: do not add options/features to submit.mc unless you are 4017absolutely sure you need them. Options you may want to change 4018include: 4019 4020- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for 4021 avoiding X-Authorization warnings. 4022- confTIME_ZONE to change it from the default `USE_TZ'. 4023- confDELIVERY_MODE is set to interactive in msp.m4 instead 4024 of the default background mode. 4025 4026Some things are not intended to work with the MSP. These include 4027features that influence the delivery process (e.g., mailertable, 4028aliases), or those that are only important for a SMTP server (e.g., 4029virtusertable, DaemonPortOptions, multiple queues). Moreover, 4030relaxing certain restrictions (RestrictQueueRun, permissions on 4031queue directory) or adding features (e.g., enabling prog/file mailer) 4032can cause security problems. 4033 4034Other things don't work well with the MSP and require tweaking or 4035workarounds. For example, to allow for client authentication it 4036is not just sufficient to provide a client certificate and the 4037corresponding key, but it is also necessary to make the key group 4038(smmsp) readable and tell sendmail not to complain about that, i.e., 4039 4040 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile') 4041 4042If the MSP should actually use AUTH then the necessary data 4043should be placed in a map as explained in SMTP AUTHENTICATION: 4044 4045FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo') 4046 4047/etc/mail/msp-authinfo should contain an entry like: 4048 4049 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5" 4050 4051The file and the map created by makemap should be owned by smmsp, 4052its group should be smmsp, and it should have mode 640. The database 4053used by the MTA for AUTH must have a corresponding entry. 4054Additionally the MTA must trust this authentication data so the AUTH= 4055part will be relayed on to the next hop. This can be achieved by 4056adding the following to your sendmail.mc file: 4057 4058 LOCAL_RULESETS 4059 SLocal_trust_auth 4060 R$* $: $&{auth_authen} 4061 Rsmmsp $# OK 4062 4063feature/msp.m4 defines almost all settings for the MSP. Most of 4064those should not be changed at all. Some of the features and options 4065can be overridden if really necessary. It is a bit tricky to do 4066this, because it depends on the actual way the option is defined 4067in feature/msp.m4. If it is directly defined (i.e., define()) then 4068the modified value must be defined after 4069 4070 FEATURE(`msp') 4071 4072If it is conditionally defined (i.e., ifdef()) then the desired 4073value must be defined before the FEATURE line in the .mc file. 4074To see how the options are defined read feature/msp.m4. 4075 4076 4077+--------------------------+ 4078| FORMAT OF FILES AND MAPS | 4079+--------------------------+ 4080 4081Files that define classes, i.e., F{classname}, consist of lines 4082each of which contains a single element of the class. For example, 4083/etc/mail/local-host-names may have the following content: 4084 4085my.domain 4086another.domain 4087 4088Maps must be created using makemap(8) , e.g., 4089 4090 makemap hash MAP < MAP 4091 4092In general, a text file from which a map is created contains lines 4093of the form 4094 4095key value 4096 4097where 'key' and 'value' are also called LHS and RHS, respectively. 4098By default, the delimiter between LHS and RHS is a non-empty sequence 4099of white space characters. 4100 4101 4102+------------------+ 4103| DIRECTORY LAYOUT | 4104+------------------+ 4105 4106Within this directory are several subdirectories, to wit: 4107 4108m4 General support routines. These are typically 4109 very important and should not be changed without 4110 very careful consideration. 4111 4112cf The configuration files themselves. They have 4113 ".mc" suffixes, and must be run through m4 to 4114 become complete. The resulting output should 4115 have a ".cf" suffix. 4116 4117ostype Definitions describing a particular operating 4118 system type. These should always be referenced 4119 using the OSTYPE macro in the .mc file. Examples 4120 include "bsd4.3", "bsd4.4", "sunos3.5", and 4121 "sunos4.1". 4122 4123domain Definitions describing a particular domain, referenced 4124 using the DOMAIN macro in the .mc file. These are 4125 site dependent; for example, "CS.Berkeley.EDU.m4" 4126 describes hosts in the CS.Berkeley.EDU subdomain. 4127 4128mailer Descriptions of mailers. These are referenced using 4129 the MAILER macro in the .mc file. 4130 4131sh Shell files used when building the .cf file from the 4132 .mc file in the cf subdirectory. 4133 4134feature These hold special orthogonal features that you might 4135 want to include. They should be referenced using 4136 the FEATURE macro. 4137 4138hack Local hacks. These can be referenced using the HACK 4139 macro. They shouldn't be of more than voyeuristic 4140 interest outside the .Berkeley.EDU domain, but who knows? 4141 4142siteconfig Site configuration -- e.g., tables of locally connected 4143 UUCP sites. 4144 4145 4146+------------------------+ 4147| ADMINISTRATIVE DETAILS | 4148+------------------------+ 4149 4150The following sections detail usage of certain internal parts of the 4151sendmail.cf file. Read them carefully if you are trying to modify 4152the current model. If you find the above descriptions adequate, these 4153should be {boring, confusing, tedious, ridiculous} (pick one or more). 4154 4155RULESETS (* means built in to sendmail) 4156 4157 0 * Parsing 4158 1 * Sender rewriting 4159 2 * Recipient rewriting 4160 3 * Canonicalization 4161 4 * Post cleanup 4162 5 * Local address rewrite (after aliasing) 4163 1x mailer rules (sender qualification) 4164 2x mailer rules (recipient qualification) 4165 3x mailer rules (sender header qualification) 4166 4x mailer rules (recipient header qualification) 4167 5x mailer subroutines (general) 4168 6x mailer subroutines (general) 4169 7x mailer subroutines (general) 4170 8x reserved 4171 90 Mailertable host stripping 4172 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 4173 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 4174 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 4175 4176 4177MAILERS 4178 4179 0 local, prog local and program mailers 4180 1 [e]smtp, relay SMTP channel 4181 2 uucp-* UNIX-to-UNIX Copy Program 4182 3 netnews Network News delivery 4183 4 fax Sam Leffler's HylaFAX software 4184 5 mail11 DECnet mailer 4185 4186 4187MACROS 4188 4189 A 4190 B Bitnet Relay 4191 C DECnet Relay 4192 D The local domain -- usually not needed 4193 E reserved for X.400 Relay 4194 F FAX Relay 4195 G 4196 H mail Hub (for mail clusters) 4197 I 4198 J 4199 K 4200 L Luser Relay 4201 M Masquerade (who you claim to be) 4202 N 4203 O 4204 P 4205 Q 4206 R Relay (for unqualified names) 4207 S Smart Host 4208 T 4209 U my UUCP name (if you have a UUCP connection) 4210 V UUCP Relay (class {V} hosts) 4211 W UUCP Relay (class {W} hosts) 4212 X UUCP Relay (class {X} hosts) 4213 Y UUCP Relay (all other hosts) 4214 Z Version number 4215 4216 4217CLASSES 4218 4219 A 4220 B domains that are candidates for bestmx lookup 4221 C 4222 D 4223 E addresses that should not seem to come from $M 4224 F hosts this system forward for 4225 G domains that should be looked up in genericstable 4226 H 4227 I 4228 J 4229 K 4230 L addresses that should not be forwarded to $R 4231 M domains that should be mapped to $M 4232 N host/domains that should not be mapped to $M 4233 O operators that indicate network operations (cannot be in local names) 4234 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 4235 Q 4236 R domains this system is willing to relay (pass anti-spam filters) 4237 S 4238 T 4239 U locally connected UUCP hosts 4240 V UUCP hosts connected to relay $V 4241 W UUCP hosts connected to relay $W 4242 X UUCP hosts connected to relay $X 4243 Y locally connected smart UUCP hosts 4244 Z locally connected domain-ized UUCP hosts 4245 . the class containing only a dot 4246 [ the class containing only a left bracket 4247 4248 4249M4 DIVERSIONS 4250 4251 1 Local host detection and resolution 4252 2 Local Ruleset 3 additions 4253 3 Local Ruleset 0 additions 4254 4 UUCP Ruleset 0 additions 4255 5 locally interpreted names (overrides $R) 4256 6 local configuration (at top of file) 4257 7 mailer definitions 4258 8 DNS based blacklists 4259 9 special local rulesets (1 and 2) 4260 4261$Revision: 8.612 $, Last updated $Date: 2002/04/03 17:12:52 $ 4262