xref: /freebsd/contrib/sendmail/cf/README (revision 95697f42122df6dea657de82f5d96f9a36e03560)
1
2		SENDMAIL CONFIGURATION FILES
3
4This document describes the sendmail configuration files.  It
5explains how to create a sendmail.cf file for use with sendmail.
6It also describes how to set options for sendmail which are explained
7in the Sendmail Installation and Operation guide (doc/op/op.me).
8
9To get started, you may want to look at tcpproto.mc (for TCP-only
10sites) and clientproto.mc (for clusters of clients using a single
11mail host), or the generic-*.mc files as operating system-specific
12examples.
13
14Table of Content:
15
16INTRODUCTION AND EXAMPLE
17A BRIEF INTRODUCTION TO M4
18FILE LOCATIONS
19OSTYPE
20DOMAINS
21MAILERS
22FEATURES
23HACKS
24SITE CONFIGURATION
25USING UUCP MAILERS
26TWEAKING RULESETS
27MASQUERADING AND RELAYING
28USING LDAP FOR ALIASES, MAPS, AND CLASSES
29LDAP ROUTING
30ANTI-SPAM CONFIGURATION CONTROL
31CONNECTION CONTROL
32STARTTLS
33SMTP AUTHENTICATION
34ADDING NEW MAILERS OR RULESETS
35ADDING NEW MAIL FILTERS
36QUEUE GROUP DEFINITIONS
37NON-SMTP BASED CONFIGURATIONS
38WHO AM I?
39ACCEPTING MAIL FOR MULTIPLE NAMES
40USING MAILERTABLES
41USING USERDB TO MAP FULL NAMES
42MISCELLANEOUS SPECIAL FEATURES
43SECURITY NOTES
44TWEAKING CONFIGURATION OPTIONS
45MESSAGE SUBMISSION PROGRAM
46FORMAT OF FILES AND MAPS
47DIRECTORY LAYOUT
48ADMINISTRATIVE DETAILS
49
50
51+--------------------------+
52| INTRODUCTION AND EXAMPLE |
53+--------------------------+
54
55Configuration files are contained in the subdirectory "cf", with a
56suffix ".mc".  They must be run through "m4" to produce a ".cf" file.
57You must pre-load "cf.m4":
58
59	m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
60
61Alternatively, you can simply:
62
63	cd ${CFDIR}/cf
64	./Build config.cf
65
66where ${CFDIR} is the root of the cf directory and config.mc is the
67name of your configuration file.  If you are running a version of M4
68that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
69this, but the versions distributed with 4.4BSD and derivatives do not)
70or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
71For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
72use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash!  For example:
73
74	m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
75
76Let's examine a typical .mc file:
77
78	divert(-1)
79	#
80	# Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
81	#	All rights reserved.
82	# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
83	# Copyright (c) 1988, 1993
84	#	The Regents of the University of California.  All rights reserved.
85	#
86	# By using this file, you agree to the terms and conditions set
87	# forth in the LICENSE file which can be found at the top level of
88	# the sendmail distribution.
89	#
90
91	#
92	#  This is a Berkeley-specific configuration file for HP-UX 9.x.
93	#  It applies only to the Computer Science Division at Berkeley,
94	#  and should not be used elsewhere.   It is provided on the sendmail
95	#  distribution as a sample only.  To create your own configuration
96	#  file, create an appropriate domain file in ../domain, change the
97	#  `DOMAIN' macro below to reference that file, and copy the result
98	#  to a name of your own choosing.
99	#
100	divert(0)
101
102The divert(-1) will delete the crud in the resulting output file.
103The copyright notice can be replaced by whatever your lawyers require;
104our lawyers require the one that is included in these files.  A copyleft
105is a copyright by another name.  The divert(0) restores regular output.
106
107	VERSIONID(`<SCCS or RCS version id>')
108
109VERSIONID is a macro that stuffs the version information into the
110resulting file.  You could use SCCS, RCS, CVS, something else, or
111omit it completely.  This is not the same as the version id included
112in SMTP greeting messages -- this is defined in m4/version.m4.
113
114	OSTYPE(`hpux9')dnl
115
116You must specify an OSTYPE to properly configure things such as the
117pathname of the help and status files, the flags needed for the local
118mailer, and other important things.  If you omit it, you will get an
119error when you try to build the configuration.  Look at the ostype
120directory for the list of known operating system types.
121
122	DOMAIN(`CS.Berkeley.EDU')dnl
123
124This example is specific to the Computer Science Division at Berkeley.
125You can use "DOMAIN(`generic')" to get a sufficiently bland definition
126that may well work for you, or you can create a customized domain
127definition appropriate for your environment.
128
129	MAILER(`local')
130	MAILER(`smtp')
131
132These describe the mailers used at the default CS site.  The local
133mailer is always included automatically.  Beware: MAILER declarations
134should only be followed by LOCAL_* sections.  The general rules are
135that the order should be:
136
137	VERSIONID
138	OSTYPE
139	DOMAIN
140	FEATURE
141	local macro definitions
142	MAILER
143	LOCAL_CONFIG
144	LOCAL_RULE_*
145	LOCAL_RULESETS
146
147There are a few exceptions to this rule.  Local macro definitions which
148influence a FEATURE() should be done before that feature.  For example,
149a define(`PROCMAIL_MAILER_PATH', ...) should be done before
150FEATURE(`local_procmail').
151
152*******************************************************************
153***  BE SURE YOU CUSTOMIZE THESE FILES!  They have some		***
154***  Berkeley-specific assumptions built in, such as the name	***
155***  of their UUCP-relay.  You'll want to create your own	***
156***  domain description, and use that in place of		***
157***  domain/Berkeley.EDU.m4.					***
158*******************************************************************
159
160
161+----------------------------+
162| A BRIEF INTRODUCTION TO M4 |
163+----------------------------+
164
165Sendmail uses the M4 macro processor to ``compile'' the configuration
166files.  The most important thing to know is that M4 is stream-based,
167that is, it doesn't understand about lines.  For this reason, in some
168places you may see the word ``dnl'', which stands for ``delete
169through newline''; essentially, it deletes all characters starting
170at the ``dnl'' up to and including the next newline character.  In
171most cases sendmail uses this only to avoid lots of unnecessary
172blank lines in the output.
173
174Other important directives are define(A, B) which defines the macro
175``A'' to have value ``B''.  Macros are expanded as they are read, so
176one normally quotes both values to prevent expansion.  For example,
177
178	define(`SMART_HOST', `smart.foo.com')
179
180One word of warning:  M4 macros are expanded even in lines that appear
181to be comments.  For example, if you have
182
183	# See FEATURE(`foo') above
184
185it will not do what you expect, because the FEATURE(`foo') will be
186expanded.  This also applies to
187
188	# And then define the $X macro to be the return address
189
190because ``define'' is an M4 keyword.  If you want to use them, surround
191them with directed quotes, `like this'.
192
193Since m4 uses single quotes (opening "`" and closing "'") to quote
194arguments, those quotes can't be used in arguments.  For example,
195it is not possible to define a rejection message containing a single
196quote. Usually there are simple workarounds by changing those
197messages; in the worst case it might be ok to change the value
198directly in the generated .cf file, which however is not advised.
199
200
201Notice:
202-------
203
204This package requires a post-V7 version of m4; if you are running the
2054.2bsd, SysV.2, or 7th Edition version.  SunOS's /usr/5bin/m4 or
206BSD-Net/2's m4 both work.  GNU m4 version 1.1 or later also works.
207Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a
208Net/2 or GNU version.  GNU m4 is available from
209ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version).
210EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine).  Use GNU
211m4 on this platform.
212
213
214+----------------+
215| FILE LOCATIONS |
216+----------------+
217
218sendmail 8.9 has introduced a new configuration directory for sendmail
219related files, /etc/mail.  The new files available for sendmail 8.9 --
220the class {R} /etc/mail/relay-domains and the access database
221/etc/mail/access -- take advantage of this new directory.  Beginning with
2228.10, all files will use this directory by default (some options may be
223set by OSTYPE() files).  This new directory should help to restore
224uniformity to sendmail's file locations.
225
226Below is a table of some of the common changes:
227
228Old filename			New filename
229------------			------------
230/etc/bitdomain			/etc/mail/bitdomain
231/etc/domaintable		/etc/mail/domaintable
232/etc/genericstable		/etc/mail/genericstable
233/etc/uudomain			/etc/mail/uudomain
234/etc/virtusertable		/etc/mail/virtusertable
235/etc/userdb			/etc/mail/userdb
236
237/etc/aliases			/etc/mail/aliases
238/etc/sendmail/aliases		/etc/mail/aliases
239/etc/ucbmail/aliases		/etc/mail/aliases
240/usr/adm/sendmail/aliases	/etc/mail/aliases
241/usr/lib/aliases		/etc/mail/aliases
242/usr/lib/mail/aliases		/etc/mail/aliases
243/usr/ucblib/aliases		/etc/mail/aliases
244
245/etc/sendmail.cw		/etc/mail/local-host-names
246/etc/mail/sendmail.cw		/etc/mail/local-host-names
247/etc/sendmail/sendmail.cw	/etc/mail/local-host-names
248
249/etc/sendmail.ct		/etc/mail/trusted-users
250
251/etc/sendmail.oE		/etc/mail/error-header
252
253/etc/sendmail.hf		/etc/mail/helpfile
254/etc/mail/sendmail.hf		/etc/mail/helpfile
255/usr/ucblib/sendmail.hf		/etc/mail/helpfile
256/etc/ucbmail/sendmail.hf	/etc/mail/helpfile
257/usr/lib/sendmail.hf		/etc/mail/helpfile
258/usr/share/lib/sendmail.hf	/etc/mail/helpfile
259/usr/share/misc/sendmail.hf	/etc/mail/helpfile
260/share/misc/sendmail.hf		/etc/mail/helpfile
261
262/etc/service.switch		/etc/mail/service.switch
263
264/etc/sendmail.st		/etc/mail/statistics
265/etc/mail/sendmail.st		/etc/mail/statistics
266/etc/mailer/sendmail.st		/etc/mail/statistics
267/etc/sendmail/sendmail.st	/etc/mail/statistics
268/usr/lib/sendmail.st		/etc/mail/statistics
269/usr/ucblib/sendmail.st		/etc/mail/statistics
270
271Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
272to create the pathnames.  The default value of this variable is
273`/etc/mail/'.  If you set this macro to a different value, you MUST include
274a trailing slash.
275
276Notice: all filenames used in a .mc (or .cf) file should be absolute
277(starting at the root, i.e., with '/').  Relative filenames most
278likely cause surprises during operations (unless otherwise noted).
279
280
281+--------+
282| OSTYPE |
283+--------+
284
285You MUST define an operating system environment, or the configuration
286file build will puke.  There are several environments available; look
287at the "ostype" directory for the current list.  This macro changes
288things like the location of the alias file and queue directory.  Some
289of these files are identical to one another.
290
291It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
292In general, the OSTYPE macro should go immediately after any version
293information, and MAILER definitions should always go last.
294
295Operating system definitions are usually easy to write.  They may define
296the following variables (everything defaults, so an ostype file may be
297empty).  Unfortunately, the list of configuration-supported systems is
298not as broad as the list of source-supported systems, since many of
299the source contributors do not include corresponding ostype files.
300
301ALIAS_FILE		[/etc/mail/aliases] The location of the text version
302			of the alias file(s).  It can be a comma-separated
303			list of names (but be sure you quote values with
304			commas in them -- for example, use
305				define(`ALIAS_FILE', `a,b')
306			to get "a" and "b" both listed as alias files;
307			otherwise the define() primitive only sees "a").
308HELP_FILE		[/etc/mail/helpfile] The name of the file
309			containing information printed in response to
310			the SMTP HELP command.
311QUEUE_DIR		[/var/spool/mqueue] The directory containing
312			queue files.  To use multiple queues, supply
313			a value ending with an asterisk.  For
314			example, /var/spool/mqueue/qd* will use all of the
315			directories or symbolic links to directories
316			beginning with 'qd' in /var/spool/mqueue as queue
317			directories.  The names 'qf', 'df', and 'xf' are
318			reserved as specific subdirectories for the
319			corresponding queue file types as explained in
320			doc/op/op.me.  See also QUEUE GROUP DEFINITIONS.
321MSP_QUEUE_DIR		[/var/spool/clientmqueue] The directory containing
322			queue files for the MSP (Mail Submission Program,
323			see sendmail/SECURITY).
324STATUS_FILE		[/etc/mail/statistics] The file containing status
325			information.
326LOCAL_MAILER_PATH	[/bin/mail] The program used to deliver local mail.
327LOCAL_MAILER_FLAGS	[Prmn9] The flags used by the local mailer.  The
328			flags lsDFMAw5:/|@q are always included.
329LOCAL_MAILER_ARGS	[mail -d $u] The arguments passed to deliver local
330			mail.
331LOCAL_MAILER_MAX	[undefined] If defined, the maximum size of local
332			mail that you are willing to accept.
333LOCAL_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
334			messages to deliver in a single connection.  Only
335			useful for LMTP local mailers.
336LOCAL_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
337			that ARRIVE from an address that resolves to the
338			local mailer and which are converted to MIME will be
339			labeled with this character set.
340LOCAL_MAILER_EOL	[undefined] If defined, the string to use as the
341			end of line for the local mailer.
342LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
343			[X-Unix] The DSN Diagnostic-Code value for the
344			local mailer.  This should be changed with care.
345LOCAL_SHELL_PATH	[/bin/sh] The shell used to deliver piped email.
346LOCAL_SHELL_FLAGS	[eu9] The flags used by the shell mailer.  The
347			flags lsDFM are always included.
348LOCAL_SHELL_ARGS	[sh -c $u] The arguments passed to deliver "prog"
349			mail.
350LOCAL_SHELL_DIR		[$z:/] The directory search path in which the
351			shell should run.
352LOCAL_MAILER_QGRP	[undefined] The queue group for the local mailer.
353USENET_MAILER_PATH	[/usr/lib/news/inews] The name of the program
354			used to submit news.
355USENET_MAILER_FLAGS	[rsDFMmn] The mailer flags for the usenet mailer.
356USENET_MAILER_ARGS	[-m -h -n] The command line arguments for the
357			usenet mailer.  NOTE: Some versions of inews
358			(such as those shipped with newer versions of INN)
359			use different flags.  Double check the defaults
360			against the inews man page.
361USENET_MAILER_MAX	[undefined] The maximum size of messages that will
362			be accepted by the usenet mailer.
363USENET_MAILER_QGRP	[undefined] The queue group for the usenet mailer.
364SMTP_MAILER_FLAGS	[undefined] Flags added to SMTP mailer.  Default
365			flags are `mDFMuX' for all SMTP-based mailers; the
366			"esmtp" mailer adds `a'; "smtp8" adds `8'; and
367			"dsmtp" adds `%'.
368RELAY_MAILER_FLAGS	[undefined] Flags added to the relay mailer.  Default
369			flags are `mDFMuX' for all SMTP-based mailers; the
370			relay mailer adds `a8'.  If this is not defined,
371			then SMTP_MAILER_FLAGS is used.
372SMTP_MAILER_MAX		[undefined] The maximum size of messages that will
373			be transported using the smtp, smtp8, esmtp, or dsmtp
374			mailers.
375SMTP_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
376			messages to deliver in a single connection for the
377			smtp, smtp8, esmtp, or dsmtp mailers.
378SMTP_MAILER_MAXRCPTS	[undefined] If defined, the maximum number of
379			recipients to deliver in a single connection for the
380			smtp, smtp8, esmtp, or dsmtp mailers.
381SMTP_MAILER_ARGS	[TCP $h] The arguments passed to the smtp mailer.
382			About the only reason you would want to change this
383			would be to change the default port.
384ESMTP_MAILER_ARGS	[TCP $h] The arguments passed to the esmtp mailer.
385SMTP8_MAILER_ARGS	[TCP $h] The arguments passed to the smtp8 mailer.
386DSMTP_MAILER_ARGS	[TCP $h] The arguments passed to the dsmtp mailer.
387RELAY_MAILER_ARGS	[TCP $h] The arguments passed to the relay mailer.
388SMTP_MAILER_QGRP	[undefined] The queue group for the smtp mailer.
389ESMTP_MAILER_QGRP	[undefined] The queue group for the esmtp mailer.
390SMTP8_MAILER_QGRP	[undefined] The queue group for the smtp8 mailer.
391DSMTP_MAILER_QGRP	[undefined] The queue group for the dsmtp mailer.
392RELAY_MAILER_QGRP	[undefined] The queue group for the relay mailer.
393RELAY_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
394			messages to deliver in a single connection for the
395			relay mailer.
396SMTP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
397			that ARRIVE from an address that resolves to one of
398			the SMTP mailers and which are converted to MIME will
399			be labeled with this character set.
400SMTP_MAILER_LL		[990] The maximum line length for SMTP mailers
401			(except the relay mailer).
402RELAY_MAILER_LL		[2040] The maximum line length for the relay mailer.
403UUCP_MAILER_PATH	[/usr/bin/uux] The program used to send UUCP mail.
404UUCP_MAILER_FLAGS	[undefined] Flags added to UUCP mailer.  Default
405			flags are `DFMhuU' (and `m' for uucp-new mailer,
406			minus `U' for uucp-dom mailer).
407UUCP_MAILER_ARGS	[uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
408			passed to the UUCP mailer.
409UUCP_MAILER_MAX		[100000] The maximum size message accepted for
410			transmission by the UUCP mailers.
411UUCP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
412			that ARRIVE from an address that resolves to one of
413			the UUCP mailers and which are converted to MIME will
414			be labeled with this character set.
415UUCP_MAILER_QGRP	[undefined] The queue group for the UUCP mailers.
416FAX_MAILER_PATH		[/usr/local/lib/fax/mailfax] The program used to
417			submit FAX messages.
418FAX_MAILER_ARGS		[mailfax $u $h $f] The arguments passed to the FAX
419			mailer.
420FAX_MAILER_MAX		[100000] The maximum size message accepted for
421			transmission by FAX.
422POP_MAILER_PATH		[/usr/lib/mh/spop] The pathname of the POP mailer.
423POP_MAILER_FLAGS	[Penu] Flags added to POP mailer.  Flags lsDFMq
424			are always added.
425POP_MAILER_ARGS		[pop $u] The arguments passed to the POP mailer.
426POP_MAILER_QGRP		[undefined] The queue group for the pop mailer.
427PROCMAIL_MAILER_PATH	[/usr/local/bin/procmail] The path to the procmail
428			program.  This is also used by
429			FEATURE(`local_procmail').
430PROCMAIL_MAILER_FLAGS	[SPhnu9] Flags added to Procmail mailer.  Flags
431			DFM are always set.  This is NOT used by
432			FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
433			instead.
434PROCMAIL_MAILER_ARGS	[procmail -Y -m $h $f $u] The arguments passed to
435			the Procmail mailer.  This is NOT used by
436			FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
437			instead.
438PROCMAIL_MAILER_MAX	[undefined] If set, the maximum size message that
439			will be accepted by the procmail mailer.
440PROCMAIL_MAILER_QGRP	[undefined] The queue group for the procmail mailer.
441MAIL11_MAILER_PATH	[/usr/etc/mail11] The path to the mail11 mailer.
442MAIL11_MAILER_FLAGS	[nsFx] Flags for the mail11 mailer.
443MAIL11_MAILER_ARGS	[mail11 $g $x $h $u] Arguments passed to the mail11
444			mailer.
445MAIL11_MAILER_QGRP	[undefined] The queue group for the mail11 mailer.
446PH_MAILER_PATH		[/usr/local/etc/phquery] The path to the phquery
447			program.
448PH_MAILER_FLAGS		[ehmu] Flags for the phquery mailer.  Flags nrDFM
449			are always set.
450PH_MAILER_ARGS		[phquery -- $u] -- arguments to the phquery mailer.
451PH_MAILER_QGRP		[undefined] The queue group for the ph mailer.
452CYRUS_MAILER_FLAGS	[Ah5@/:|] The flags used by the cyrus mailer.  The
453			flags lsDFMnPq are always included.
454CYRUS_MAILER_PATH	[/usr/cyrus/bin/deliver] The program used to deliver
455			cyrus mail.
456CYRUS_MAILER_ARGS	[deliver -e -m $h -- $u] The arguments passed
457			to deliver cyrus mail.
458CYRUS_MAILER_MAX	[undefined] If set, the maximum size message that
459			will be accepted by the cyrus mailer.
460CYRUS_MAILER_USER	[cyrus:mail] The user and group to become when
461			running the cyrus mailer.
462CYRUS_MAILER_QGRP	[undefined] The queue group for the cyrus mailer.
463CYRUS_BB_MAILER_FLAGS	[u] The flags used by the cyrusbb mailer.
464			The flags lsDFMnP are always included.
465CYRUS_BB_MAILER_ARGS	[deliver -e -m $u] The arguments passed
466			to deliver cyrusbb mail.
467CYRUSV2_MAILER_FLAGS	[A@/:|m] The flags used by the cyrusv2 mailer.  The
468			flags lsDFMnqXz are always included.
469CYRUSV2_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
470			messages to deliver in a single connection for the
471			cyrusv2 mailer.
472CYRUSV2_MAILER_MAXRCPTS	[undefined] If defined, the maximum number of
473			recipients to deliver in a single connection for the
474			cyrusv2 mailer.
475CYRUSV2_MAILER_ARGS	[FILE /var/imap/socket/lmtp] The arguments passed
476			to the cyrusv2 mailer.  This can be used to
477			change the name of the Unix domain socket, or
478			to switch to delivery via TCP (e.g., `TCP $h lmtp')
479CYRUSV2_MAILER_QGRP	[undefined] The queue group for the cyrusv2 mailer.
480CYRUSV2_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
481			that ARRIVE from an address that resolves to one the
482			Cyrus mailer and which are converted to MIME will
483			be labeled with this character set.
484confEBINDIR		[/usr/libexec] The directory for executables.
485			Currently used for FEATURE(`local_lmtp') and
486			FEATURE(`smrsh').
487QPAGE_MAILER_FLAGS	[mDFMs] The flags used by the qpage mailer.
488QPAGE_MAILER_PATH	[/usr/local/bin/qpage] The program used to deliver
489			qpage mail.
490QPAGE_MAILER_ARGS	[qpage -l0 -m -P$u] The arguments passed
491			to deliver qpage mail.
492QPAGE_MAILER_MAX	[4096] If set, the maximum size message that
493			will be accepted by the qpage mailer.
494QPAGE_MAILER_QGRP	[undefined] The queue group for the qpage mailer.
495LOCAL_PROG_QGRP		[undefined] The queue group for the prog mailer.
496
497Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
498MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
499of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
500upper case) and change can be: flags that should be used directly
501(thus overriding the default value), or if it starts with `+' (`-')
502then those flags are added to (removed from) the default value.
503Example:
504
505	MODIFY_MAILER_FLAGS(`LOCAL', `+e')
506
507will add the flag `e' to LOCAL_MAILER_FLAGS.  Notice: there are
508several smtp mailers all of which are manipulated individually.
509See the section MAILERS for the available mailer names.
510WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
511unconditionally, i.e., without respecting any definitions in an
512OSTYPE setting.
513
514
515+---------+
516| DOMAINS |
517+---------+
518
519You will probably want to collect domain-dependent defines into one
520file, referenced by the DOMAIN macro.  For example, the Berkeley
521domain file includes definitions for several internal distinguished
522hosts:
523
524UUCP_RELAY	The host that will accept UUCP-addressed email.
525		If not defined, all UUCP sites must be directly
526		connected.
527BITNET_RELAY	The host that will accept BITNET-addressed email.
528		If not defined, the .BITNET pseudo-domain won't work.
529DECNET_RELAY	The host that will accept DECNET-addressed email.
530		If not defined, the .DECNET pseudo-domain and addresses
531		of the form node::user will not work.
532FAX_RELAY	The host that will accept mail to the .FAX pseudo-domain.
533		The "fax" mailer overrides this value.
534LOCAL_RELAY	The site that will handle unqualified names -- that
535		is, names without an @domain extension.
536		Normally MAIL_HUB is preferred for this function.
537		LOCAL_RELAY is mostly useful in conjunction with
538		FEATURE(`stickyhost') -- see the discussion of
539		stickyhost below.  If not set, they are assumed to
540		belong on this machine.  This allows you to have a
541		central site to store a company- or department-wide
542		alias database.  This only works at small sites,
543		and only with some user agents.
544LUSER_RELAY	The site that will handle lusers -- that is, apparently
545		local names that aren't local accounts or aliases.  To
546		specify a local user instead of a site, set this to
547		``local:username''.
548
549Any of these can be either ``mailer:hostname'' (in which case the
550mailer is the internal mailer name, such as ``uucp-new'' and the hostname
551is the name of the host as appropriate for that mailer) or just a
552``hostname'', in which case a default mailer type (usually ``relay'',
553a variant on SMTP) is used.  WARNING: if you have a wildcard MX
554record matching your domain, you probably want to define these to
555have a trailing dot so that you won't get the mail diverted back
556to yourself.
557
558The domain file can also be used to define a domain name, if needed
559(using "DD<domain>") and set certain site-wide features.  If all hosts
560at your site masquerade behind one email name, you could also use
561MASQUERADE_AS here.
562
563You do not have to define a domain -- in particular, if you are a
564single machine sitting off somewhere, it is probably more work than
565it's worth.  This is just a mechanism for combining "domain dependent
566knowledge" into one place.
567
568
569+---------+
570| MAILERS |
571+---------+
572
573There are fewer mailers supported in this version than the previous
574version, owing mostly to a simpler world.  As a general rule, put the
575MAILER definitions last in your .mc file.
576
577local		The local and prog mailers.  You will almost always
578		need these; the only exception is if you relay ALL
579		your mail to another site.  This mailer is included
580		automatically.
581
582smtp		The Simple Mail Transport Protocol mailer.  This does
583		not hide hosts behind a gateway or another other
584		such hack; it assumes a world where everyone is
585		running the name server.  This file actually defines
586		five mailers: "smtp" for regular (old-style) SMTP to
587		other servers, "esmtp" for extended SMTP to other
588		servers, "smtp8" to do SMTP to other servers without
589		converting 8-bit data to MIME (essentially, this is
590		your statement that you know the other end is 8-bit
591		clean even if it doesn't say so), "dsmtp" to do on
592		demand delivery, and "relay" for transmission to the
593		RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
594
595uucp		The UNIX-to-UNIX Copy Program mailer.  Actually, this
596		defines two mailers, "uucp-old" (a.k.a. "uucp") and
597		"uucp-new" (a.k.a. "suucp").  The latter is for when you
598		know that the UUCP mailer at the other end can handle
599		multiple recipients in one transfer.  If the smtp mailer
600		is included in your configuration, two other mailers
601		("uucp-dom" and "uucp-uudom") are also defined [warning: you
602		MUST specify MAILER(`smtp') before MAILER(`uucp')].  When you
603		include the uucp mailer, sendmail looks for all names in
604		class {U} and sends them to the uucp-old mailer; all
605		names in class {Y} are sent to uucp-new; and all
606		names in class {Z} are sent to uucp-uudom.  Note that
607		this is a function of what version of rmail runs on
608		the receiving end, and hence may be out of your control.
609		See the section below describing UUCP mailers in more
610		detail.
611
612usenet		Usenet (network news) delivery.  If this is specified,
613		an extra rule is added to ruleset 0 that forwards all
614		local email for users named ``group.usenet'' to the
615		``inews'' program.  Note that this works for all groups,
616		and may be considered a security problem.
617
618fax		Facsimile transmission.  This is experimental and based
619		on Sam Leffler's HylaFAX software.  For more information,
620		see http://www.hylafax.org/.
621
622pop		Post Office Protocol.
623
624procmail	An interface to procmail (does not come with sendmail).
625		This is designed to be used in mailertables.  For example,
626		a common question is "how do I forward all mail for a given
627		domain to a single person?".  If you have this mailer
628		defined, you could set up a mailertable reading:
629
630			host.com	procmail:/etc/procmailrcs/host.com
631
632		with the file /etc/procmailrcs/host.com reading:
633
634			:0	# forward mail for host.com
635			! -oi -f $1 person@other.host
636
637		This would arrange for (anything)@host.com to be sent
638		to person@other.host.  In a procmail script, $1 is the
639		name of the sender and $2 is the name of the recipient.
640		If you use this with FEATURE(`local_procmail'), the FEATURE
641		should be listed first.
642
643		Of course there are other ways to solve this particular
644		problem, e.g., a catch-all entry in a virtusertable.
645
646mail11		The DECnet mail11 mailer, useful only if you have the mail11
647		program from gatekeeper.dec.com:/pub/DEC/gwtools (and
648		DECnet, of course).  This is for Phase IV DECnet support;
649		if you have Phase V at your site you may have additional
650		problems.
651
652phquery		The phquery program.  This is somewhat counterintuitively
653		referenced as the "ph" mailer internally.  It can be used
654		to do CCSO name server lookups.  The phquery program, which
655		this mailer uses, is distributed with the ph client.
656
657cyrus		The cyrus and cyrusbb mailers.  The cyrus mailer delivers to
658		a local cyrus user.  this mailer can make use of the
659		"user+detail@local.host" syntax (see
660		FEATURE(`preserve_local_plus_detail')); it will deliver the
661		mail to the user's "detail" mailbox if the mailbox's ACL
662		permits.  The cyrusbb mailer delivers to a system-wide
663		cyrus mailbox if the mailbox's ACL permits.  The cyrus
664		mailer must be defined after the local mailer.
665
666cyrusv2		The mailer for Cyrus v2.x.  The cyrusv2 mailer delivers to
667		local cyrus users via LMTP.  This mailer can make use of the
668		"user+detail@local.host" syntax (see
669		FEATURE(`preserve_local_plus_detail')); it will deliver the
670		mail to the user's "detail" mailbox if the mailbox's ACL
671		permits.  The cyrusv2 mailer must be defined after the
672		local mailer.
673
674qpage		A mailer for QuickPage, a pager interface.  See
675		http://www.qpage.org/ for further information.
676
677The local mailer accepts addresses of the form "user+detail", where
678the "+detail" is not used for mailbox matching but is available
679to certain local mail programs (in particular, see
680FEATURE(`local_procmail')).  For example, "eric", "eric+sendmail", and
681"eric+sww" all indicate the same user, but additional arguments <null>,
682"sendmail", and "sww" may be provided for use in sorting mail.
683
684
685+----------+
686| FEATURES |
687+----------+
688
689Special features can be requested using the "FEATURE" macro.  For
690example, the .mc line:
691
692	FEATURE(`use_cw_file')
693
694tells sendmail that you want to have it read an /etc/mail/local-host-names
695file to get values for class {w}.  A FEATURE may contain up to 9
696optional parameters -- for example:
697
698	FEATURE(`mailertable', `dbm /usr/lib/mailertable')
699
700The default database map type for the table features can be set with
701
702	define(`DATABASE_MAP_TYPE', `dbm')
703
704which would set it to use ndbm databases.  The default is the Berkeley DB
705hash database format.  Note that you must still declare a database map type
706if you specify an argument to a FEATURE.  DATABASE_MAP_TYPE is only used
707if no argument is given for the FEATURE.  It must be specified before any
708feature that uses a map.
709
710Also, features which can take a map definition as an argument can also take
711the special keyword `LDAP'.  If that keyword is used, the map will use the
712LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
713CLASSES'' section below.
714
715Available features are:
716
717use_cw_file	Read the file /etc/mail/local-host-names file to get
718		alternate names for this host.  This might be used if you
719		were on a host that MXed for a dynamic set of other hosts.
720		If the set is static, just including the line "Cw<name1>
721		<name2> ..." (where the names are fully qualified domain
722		names) is probably superior.  The actual filename can be
723		overridden by redefining confCW_FILE.
724
725use_ct_file	Read the file /etc/mail/trusted-users file to get the
726		names of users that will be ``trusted'', that is, able to
727		set their envelope from address using -f without generating
728		a warning message.  The actual filename can be overridden
729		by redefining confCT_FILE.
730
731redirect	Reject all mail addressed to "address.REDIRECT" with
732		a ``551 User has moved; please try <address>'' message.
733		If this is set, you can alias people who have left
734		to their new address with ".REDIRECT" appended.
735
736nouucp		Don't route UUCP addresses.  This feature takes one
737		parameter:
738		`reject': reject addresses which have "!" in the local
739			part unless it originates from a system
740			that is allowed to relay.
741		`nospecial': don't do anything special with "!".
742		Warnings: 1. See the notice in the anti-spam section.
743		2. don't remove "!" from OperatorChars if `reject' is
744		given as parameter.
745
746nocanonify	Don't pass addresses to $[ ... $] for canonification
747		by default, i.e., host/domain names are considered canonical,
748		except for unqualified names, which must not be used in this
749		mode (violation of the standard).  It can be changed by
750		setting the DaemonPortOptions modifiers (M=).  That is,
751		FEATURE(`nocanonify') will be overridden by setting the
752		'c' flag.  Conversely, if FEATURE(`nocanonify') is not used,
753		it can be emulated by setting the 'C' flag
754		(DaemonPortOptions=Modifiers=C).  This would generally only
755		be used by sites that only act as mail gateways or which have
756		user agents that do full canonification themselves.  You may
757		also want to use
758		"define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
759		the usual resolver options that do a similar thing.
760
761		An exception list for FEATURE(`nocanonify') can be
762		specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
763		i.e., a list of domains which are nevertheless passed to
764		$[ ... $] for canonification.  This is useful to turn on
765		canonification for local domains, e.g., use
766		CANONIFY_DOMAIN(`my.domain my') to canonify addresses
767		which end in "my.domain" or "my".
768		Another way to require canonification in the local
769		domain is CANONIFY_DOMAIN(`$=m').
770
771		A trailing dot is added to addresses with more than
772		one component in it such that other features which
773		expect a trailing dot (e.g., virtusertable) will
774		still work.
775
776		If `canonify_hosts' is specified as parameter, i.e.,
777		FEATURE(`nocanonify', `canonify_hosts'), then
778		addresses which have only a hostname, e.g.,
779		<user@host>, will be canonified (and hopefully fully
780		qualified), too.
781
782stickyhost	This feature is sometimes used with LOCAL_RELAY,
783		although it can be used for a different effect with
784		MAIL_HUB.
785
786		When used without MAIL_HUB, email sent to
787		"user@local.host" are marked as "sticky" -- that
788		is, the local addresses aren't matched against UDB,
789		don't go through ruleset 5, and are not forwarded to
790		the LOCAL_RELAY (if defined).
791
792		With MAIL_HUB, mail addressed to "user@local.host"
793		is forwarded to the mail hub, with the envelope
794		address still remaining "user@local.host".
795		Without stickyhost, the envelope would be changed
796		to "user@mail_hub", in order to protect against
797		mailing loops.
798
799mailertable	Include a "mailer table" which can be used to override
800		routing for particular domains (which are not in class {w},
801		i.e.  local host names).  The argument of the FEATURE may be
802		the key definition.  If none is specified, the definition
803		used is:
804
805			hash /etc/mail/mailertable
806
807		Keys in this database are fully qualified domain names
808		or partial domains preceded by a dot -- for example,
809		"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".  As a
810		special case of the latter, "." matches any domain not
811		covered by other keys.  Values must be of the form:
812			mailer:domain
813		where "mailer" is the internal mailer name, and "domain"
814		is where to send the message.  These maps are not
815		reflected into the message header.  As a special case,
816		the forms:
817			local:user
818		will forward to the indicated user using the local mailer,
819			local:
820		will forward to the original user in the e-mail address
821		using the local mailer, and
822			error:code message
823			error:D.S.N:code message
824		will give an error message with the indicated SMTP reply
825		code and message, where D.S.N is an RFC 1893 compliant
826		error code.
827
828domaintable	Include a "domain table" which can be used to provide
829		domain name mapping.  Use of this should really be
830		limited to your own domains.  It may be useful if you
831		change names (e.g., your company changes names from
832		oldname.com to newname.com).  The argument of the
833		FEATURE may be the key definition.  If none is specified,
834		the definition used is:
835
836			hash /etc/mail/domaintable
837
838		The key in this table is the domain name; the value is
839		the new (fully qualified) domain.  Anything in the
840		domaintable is reflected into headers; that is, this
841		is done in ruleset 3.
842
843bitdomain	Look up bitnet hosts in a table to try to turn them into
844		internet addresses.  The table can be built using the
845		bitdomain program contributed by John Gardiner Myers.
846		The argument of the FEATURE may be the key definition; if
847		none is specified, the definition used is:
848
849			hash /etc/mail/bitdomain
850
851		Keys are the bitnet hostname; values are the corresponding
852		internet hostname.
853
854uucpdomain	Similar feature for UUCP hosts.  The default map definition
855		is:
856
857			hash /etc/mail/uudomain
858
859		At the moment there is no automagic tool to build this
860		database.
861
862always_add_domain
863		Include the local host domain even on locally delivered
864		mail.  Normally it is not added on unqualified names.
865		However, if you use a shared message store but do not use
866		the same user name space everywhere, you may need the host
867		name on local names.  An optional argument specifies
868		another domain to be added than the local.
869
870allmasquerade	If masquerading is enabled (using MASQUERADE_AS), this
871		feature will cause recipient addresses to also masquerade
872		as being from the masquerade host.  Normally they get
873		the local hostname.  Although this may be right for
874		ordinary users, it can break local aliases.  For example,
875		if you send to "localalias", the originating sendmail will
876		find that alias and send to all members, but send the
877		message with "To: localalias@masqueradehost".  Since that
878		alias likely does not exist, replies will fail.  Use this
879		feature ONLY if you can guarantee that the ENTIRE
880		namespace on your masquerade host supersets all the
881		local entries.
882
883limited_masquerade
884		Normally, any hosts listed in class {w} are masqueraded.  If
885		this feature is given, only the hosts listed in class {M} (see
886		below:  MASQUERADE_DOMAIN) are masqueraded.  This is useful
887		if you have several domains with disjoint namespaces hosted
888		on the same machine.
889
890masquerade_entire_domain
891		If masquerading is enabled (using MASQUERADE_AS) and
892		MASQUERADE_DOMAIN (see below) is set, this feature will
893		cause addresses to be rewritten such that the masquerading
894		domains are actually entire domains to be hidden.  All
895		hosts within the masquerading domains will be rewritten
896		to the masquerade name (used in MASQUERADE_AS).  For example,
897		if you have:
898
899			MASQUERADE_AS(`masq.com')
900			MASQUERADE_DOMAIN(`foo.org')
901			MASQUERADE_DOMAIN(`bar.com')
902
903		then *foo.org and *bar.com are converted to masq.com.  Without
904		this feature, only foo.org and bar.com are masqueraded.
905
906		    NOTE: only domains within your jurisdiction and
907		    current hierarchy should be masqueraded using this.
908
909local_no_masquerade
910		This feature prevents the local mailer from masquerading even
911		if MASQUERADE_AS is used.  MASQUERADE_AS will only have effect
912		on addresses of mail going outside the local domain.
913
914masquerade_envelope
915		If masquerading is enabled (using MASQUERADE_AS) or the
916		genericstable is in use, this feature will cause envelope
917		addresses to also masquerade as being from the masquerade
918		host.  Normally only the header addresses are masqueraded.
919
920genericstable	This feature will cause unqualified addresses (i.e., without
921		a domain) and addresses with a domain listed in class {G}
922		to be looked up in a map and turned into another ("generic")
923		form, which can change both the domain name and the user name.
924		Notice: if you use an MSP (as it is default starting with
925		8.12), the MTA will only receive qualified addresses from the
926		MSP (as required by the RFCs).  Hence you need to add your
927		domain to class {G}.  This feature is similar to the userdb
928		functionality.  The same types of addresses as for
929		masquerading are looked up, i.e., only header sender
930		addresses unless the allmasquerade and/or masquerade_envelope
931		features are given.  Qualified addresses must have the domain
932		part in class {G}; entries can be added to this class by the
933		macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
934		to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
935
936		The argument of FEATURE(`genericstable') may be the map
937		definition; the default map definition is:
938
939			hash /etc/mail/genericstable
940
941		The key for this table is either the full address, the domain
942		(with a leading @; the localpart is passed as first argument)
943		or the unqualified username (tried in the order mentioned);
944		the value is the new user address.  If the new user address
945		does not include a domain, it will be qualified in the standard
946		manner, i.e., using $j or the masquerade name.  Note that the
947		address being looked up must be fully qualified.  For local
948		mail, it is necessary to use FEATURE(`always_add_domain')
949		for the addresses to be qualified.
950		The "+detail" of an address is passed as %1, so entries like
951
952			old+*@foo.org	new+%1@example.com
953			gen+*@foo.org	%1@example.com
954
955		and other forms are possible.
956
957generics_entire_domain
958		If the genericstable is enabled and GENERICS_DOMAIN or
959		GENERICS_DOMAIN_FILE is used, this feature will cause
960		addresses to be searched in the map if their domain
961		parts are subdomains of elements in class {G}.
962
963virtusertable	A domain-specific form of aliasing, allowing multiple
964		virtual domains to be hosted on one machine.  For example,
965		if the virtuser table contains:
966
967			info@foo.com	foo-info
968			info@bar.com	bar-info
969			joe@bar.com	error:nouser 550 No such user here
970			jax@bar.com	error:5.7.0:550 Address invalid
971			@baz.org	jane@example.net
972
973		then mail addressed to info@foo.com will be sent to the
974		address foo-info, mail addressed to info@bar.com will be
975		delivered to bar-info, and mail addressed to anyone at baz.org
976		will be sent to jane@example.net, mail to joe@bar.com will
977		be rejected with the specified error message, and mail to
978		jax@bar.com will also have a RFC 1893 compliant error code
979		5.7.0.
980
981		The username from the original address is passed
982		as %1 allowing:
983
984			@foo.org	%1@example.com
985
986		meaning someone@foo.org will be sent to someone@example.com.
987		Additionally, if the local part consists of "user+detail"
988		then "detail" is passed as %2 and "+detail" is passed as %3
989		when a match against user+* is attempted, so entries like
990
991			old+*@foo.org	new+%2@example.com
992			gen+*@foo.org	%2@example.com
993			+*@foo.org	%1%3@example.com
994			X++@foo.org	Z%3@example.com
995			@bar.org	%1%3
996
997		and other forms are possible.  Note: to preserve "+detail"
998		for a default case (@domain) %1%3 must be used as RHS.
999		There are two wildcards after "+": "+" matches only a non-empty
1000		detail, "*" matches also empty details, e.g., user+@foo.org
1001		matches +*@foo.org but not ++@foo.org.  This can be used
1002		to ensure that the parameters %2 and %3 are not empty.
1003
1004		All the host names on the left hand side (foo.com, bar.com,
1005		and baz.org) must be in class {w} or class {VirtHost}.  The
1006		latter can be defined by the macros VIRTUSER_DOMAIN or
1007		VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1008		MASQUERADE_DOMAIN_FILE, see below).  If VIRTUSER_DOMAIN or
1009		VIRTUSER_DOMAIN_FILE is used, then the entries of class
1010		{VirtHost} are added to class {R}, i.e., relaying is allowed
1011		to (and from) those domains, which by default includes also
1012		all subdomains (see relay_hosts_only).  The default map
1013		definition is:
1014
1015			hash /etc/mail/virtusertable
1016
1017		A new definition can be specified as the second argument of
1018		the FEATURE macro, such as
1019
1020			FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
1021
1022virtuser_entire_domain
1023		If the virtusertable is enabled and VIRTUSER_DOMAIN or
1024		VIRTUSER_DOMAIN_FILE is used, this feature will cause
1025		addresses to be searched in the map if their domain
1026		parts are subdomains of elements in class {VirtHost}.
1027
1028ldap_routing	Implement LDAP-based e-mail recipient routing according to
1029		the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
1030		This provides a method to re-route addresses with a
1031		domain portion in class {LDAPRoute} to either a
1032		different mail host or a different address.  Hosts can
1033		be added to this class using LDAPROUTE_DOMAIN and
1034		LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1035		MASQUERADE_DOMAIN_FILE, see below).
1036
1037		See the LDAP ROUTING section below for more information.
1038
1039nullclient	This is a special case -- it creates a configuration file
1040		containing nothing but support for forwarding all mail to a
1041		central hub via a local SMTP-based network.  The argument
1042		is the name of that hub.
1043
1044		The only other feature that should be used in conjunction
1045		with this one is FEATURE(`nocanonify').  No mailers
1046		should be defined.  No aliasing or forwarding is done.
1047
1048local_lmtp	Use an LMTP capable local mailer.  The argument to this
1049		feature is the pathname of an LMTP capable mailer.  By
1050		default, mail.local is used.  This is expected to be the
1051		mail.local which came with the 8.9 distribution which is
1052		LMTP capable.  The path to mail.local is set by the
1053		confEBINDIR m4 variable -- making the default
1054		LOCAL_MAILER_PATH /usr/libexec/mail.local.
1055		If a different LMTP capable mailer is used, its pathname
1056		can be specified as second parameter and the arguments
1057		passed to it (A=) as third parameter, e.g.,
1058
1059			FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
1060
1061		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1062		i.e., without respecting any definitions in an OSTYPE setting.
1063
1064local_procmail	Use procmail or another delivery agent as the local mailer.
1065		The argument to this feature is the pathname of the
1066		delivery agent, which defaults to PROCMAIL_MAILER_PATH.
1067		Note that this does NOT use PROCMAIL_MAILER_FLAGS or
1068		PROCMAIL_MAILER_ARGS for the local mailer; tweak
1069		LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
1070		specify the appropriate parameters.  When procmail is used,
1071		the local mailer can make use of the
1072		"user+indicator@local.host" syntax; normally the +indicator
1073		is just tossed, but by default it is passed as the -a
1074		argument to procmail.
1075
1076		This feature can take up to three arguments:
1077
1078		1. Path to the mailer program
1079		   [default: /usr/local/bin/procmail]
1080		2. Argument vector including name of the program
1081		   [default: procmail -Y -a $h -d $u]
1082		3. Flags for the mailer [default: SPfhn9]
1083
1084		Empty arguments cause the defaults to be taken.
1085		Note that if you are on a system with a broken
1086		setreuid() call, you may need to add -f $f to the procmail
1087		argument vector to pass the proper sender to procmail.
1088
1089		For example, this allows it to use the maildrop
1090		(http://www.flounder.net/~mrsam/maildrop/) mailer instead
1091		by specifying:
1092
1093		FEATURE(`local_procmail', `/usr/local/bin/maildrop',
1094		 `maildrop -d $u')
1095
1096		or scanmails using:
1097
1098		FEATURE(`local_procmail', `/usr/local/bin/scanmails')
1099
1100		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1101		i.e.,  without respecting any definitions in an OSTYPE setting.
1102
1103bestmx_is_local	Accept mail as though locally addressed for any host that
1104		lists us as the best possible MX record.  This generates
1105		additional DNS traffic, but should be OK for low to
1106		medium traffic hosts.  The argument may be a set of
1107		domains, which will limit the feature to only apply to
1108		these domains -- this will reduce unnecessary DNS
1109		traffic.  THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
1110		WILDCARD MX RECORDS!!!  If you have a wildcard MX record
1111		that matches your domain, you cannot use this feature.
1112
1113smrsh		Use the SendMail Restricted SHell (smrsh) provided
1114		with the distribution instead of /bin/sh for mailing
1115		to programs.  This improves the ability of the local
1116		system administrator to control what gets run via
1117		e-mail.  If an argument is provided it is used as the
1118		pathname to smrsh; otherwise, the path defined by
1119		confEBINDIR is used for the smrsh binary -- by default,
1120		/usr/libexec/smrsh is assumed.
1121
1122promiscuous_relay
1123		By default, the sendmail configuration files do not permit
1124		mail relaying (that is, accepting mail from outside your
1125		local host (class {w}) and sending it to another host than
1126		your local host).  This option sets your site to allow
1127		mail relaying from any site to any site.  In almost all
1128		cases, it is better to control relaying more carefully
1129		with the access map, class {R}, or authentication.  Domains
1130		can be added to class {R} by the macros RELAY_DOMAIN or
1131		RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1132		MASQUERADE_DOMAIN_FILE, see below).
1133
1134relay_entire_domain
1135		This option allows any host in your domain as defined by
1136		class {m} to use your server for relaying.  Notice: make
1137		sure that your domain is not just a top level domain,
1138		e.g., com.  This can happen if you give your host a name
1139		like example.com instead of host.example.com.
1140
1141relay_hosts_only
1142		By default, names that are listed as RELAY in the access
1143		db and class {R} are treated as domain names, not host names.
1144		For example, if you specify ``foo.com'', then mail to or
1145		from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1146		will all be accepted for relaying.  This feature changes
1147		the behaviour to lookup individual host names only.
1148
1149relay_based_on_MX
1150		Turns on the ability to allow relaying based on the MX
1151		records of the host portion of an incoming recipient; that
1152		is, if an MX record for host foo.com points to your site,
1153		you will accept and relay mail addressed to foo.com.  See
1154		description below for more information before using this
1155		feature.  Also, see the KNOWNBUGS entry regarding bestmx
1156		map lookups.
1157
1158		FEATURE(`relay_based_on_MX') does not necessarily allow
1159		routing of these messages which you expect to be allowed,
1160		if route address syntax (or %-hack syntax) is used.  If
1161		this is a problem, add entries to the access-table or use
1162		FEATURE(`loose_relay_check').
1163
1164relay_mail_from
1165		Allows relaying if the mail sender is listed as RELAY in
1166		the access map.  If an optional argument `domain' (this
1167		is the literal word `domain', not a placeholder) is given,
1168		relaying can be allowed just based on the domain portion
1169		of the sender address.  This feature should only be used if
1170		absolutely necessary as the sender address can be easily
1171		forged.  Use of this feature requires the "From:" tag to
1172		be used for the key in the access map; see the discussion
1173		of tags and FEATURE(`relay_mail_from') in the section on
1174		anti-spam configuration control.
1175
1176relay_local_from
1177		Allows relaying if the domain portion of the mail sender
1178		is a local host.  This should only be used if absolutely
1179		necessary as it opens a window for spammers.  Specifically,
1180		they can send mail to your mail server that claims to be
1181		from your domain (either directly or via a routed address),
1182		and you will go ahead and relay it out to arbitrary hosts
1183		on the Internet.
1184
1185accept_unqualified_senders
1186		Normally, MAIL FROM: commands in the SMTP session will be
1187		refused if the connection is a network connection and the
1188		sender address does not include a domain name.  If your
1189		setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1190		you will need to use this feature to accept unqualified
1191		sender addresses.  Setting the DaemonPortOptions modifier
1192		'u' overrides the default behavior, i.e., unqualified
1193		addresses are accepted even without this FEATURE.
1194		If this FEATURE is not used, the DaemonPortOptions modifier
1195		'f' can be used to enforce fully qualified addresses.
1196
1197accept_unresolvable_domains
1198		Normally, MAIL FROM: commands in the SMTP session will be
1199		refused if the host part of the argument to MAIL FROM:
1200		cannot be located in the host name service (e.g., an A or
1201		MX record in DNS).  If you are inside a firewall that has
1202		only a limited view of the Internet host name space, this
1203		could cause problems.  In this case you probably want to
1204		use this feature to accept all domains on input, even if
1205		they are unresolvable.
1206
1207access_db	Turns on the access database feature.  The access db gives
1208		you the ability to allow or refuse to accept mail from
1209		specified domains for administrative reasons.  Moreover,
1210		it can control the behavior of sendmail in various situations.
1211		By default, the access database specification is:
1212
1213			hash -T<TMPF> /etc/mail/access
1214
1215		See the anti-spam configuration control section for further
1216		important information about this feature.  Notice:
1217		"-T<TMPF>" is meant literal, do not replace it by anything.
1218
1219blacklist_recipients
1220		Turns on the ability to block incoming mail for certain
1221		recipient usernames, hostnames, or addresses.  For
1222		example, you can block incoming mail to user nobody,
1223		host foo.mydomain.com, or guest@bar.mydomain.com.
1224		These specifications are put in the access db as
1225		described in the anti-spam configuration control section
1226		later in this document.
1227
1228delay_checks	The rulesets check_mail and check_relay will not be called
1229		when a client connects or issues a MAIL command, respectively.
1230		Instead, those rulesets will be called by the check_rcpt
1231		ruleset; they will be skipped under certain circumstances.
1232		See "Delay all checks" in the anti-spam configuration control
1233		section.  Note: this feature is incompatible to the versions
1234		in 8.10 and 8.11.
1235
1236use_client_ptr	If this feature is enabled then check_relay will override
1237		its first argument with $&{client_ptr}.  This is useful for
1238		rejections based on the unverified hostname of client,
1239		which turns on the same behavior as in earlier sendmail
1240		versions when delay_checks was not in use.  See doc/op/op.*
1241		about check_relay, {client_name}, and {client_ptr}.
1242
1243dnsbl		Turns on rejection, discarding, or quarantining of hosts
1244		found in a DNS based list.  The first argument is used as
1245		the domain in which blocked hosts are listed.  A second
1246		argument can be used to change the default error message,
1247		or select one of the operations `discard' and `quarantine'.
1248		Without that second argument, the error message will be
1249
1250			Rejected: IP-ADDRESS listed at SERVER
1251
1252		where IP-ADDRESS and SERVER are replaced by the appropriate
1253		information.  By default, temporary lookup failures are
1254		ignored.  This behavior can be changed by specifying a
1255		third argument, which must be either `t' or a full error
1256		message.  See the anti-spam configuration control section for
1257		an example.  The dnsbl feature can be included several times
1258		to query different DNS based rejection lists.  See also
1259		enhdnsbl for an enhanced version.
1260
1261		Set the DNSBL_MAP mc option to change the default map
1262		definition from `host'.  Set the DNSBL_MAP_OPT mc option
1263		to add additional options to the map specification used.
1264
1265		Some DNS based rejection lists cause failures if asked
1266		for AAAA records. If your sendmail version is compiled
1267		with IPv6 support (NETINET6) and you experience this
1268		problem, add
1269
1270			define(`DNSBL_MAP', `dns -R A')
1271
1272		before the first use of this feature.  Alternatively you
1273		can use enhdnsbl instead (see below).  Moreover, this
1274		statement can be used to reduce the number of DNS retries,
1275		e.g.,
1276
1277			define(`DNSBL_MAP', `dns -R A -r2')
1278
1279		See below (EDNSBL_TO) for an explanation.
1280
1281enhdnsbl	Enhanced version of dnsbl (see above).  Further arguments
1282		(up to 5) can be used to specify specific return values
1283		from lookups.  Temporary lookup failures are ignored unless
1284		a third argument is given, which must be either `t' or a full
1285		error message.  By default, any successful lookup will
1286		generate an error.  Otherwise the result of the lookup is
1287		compared with the supplied argument(s), and only if a match
1288		occurs an error is generated.  For example,
1289
1290		FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
1291
1292		will reject the e-mail if the lookup returns the value
1293		``127.0.0.2.'', or generate a 451 response if the lookup
1294		temporarily failed.  The arguments can contain metasymbols
1295		as they are allowed in the LHS of rules.  As the example
1296		shows, the default values are also used if an empty argument,
1297		i.e., `', is specified.  This feature requires that sendmail
1298		has been compiled with the flag DNSMAP (see sendmail/README).
1299
1300		Set the EDNSBL_TO mc option to change the DNS retry count
1301		from the default value of 5, this can be very useful when
1302		a DNS server is not responding, which in turn may cause
1303		clients to time out (an entry stating
1304
1305			did not issue MAIL/EXPN/VRFY/ETRN
1306
1307		will be logged).
1308
1309ratecontrol	Enable simple ruleset to do connection rate control
1310		checking.  This requires entries in access_db of the form
1311
1312			ClientRate:IP.ADD.RE.SS		LIMIT
1313
1314		The RHS specifies the maximum number of connections
1315		(an integer number) over the time interval defined
1316		by ConnectionRateWindowSize, where 0 means unlimited.
1317
1318		Take the following example:
1319
1320			ClientRate:10.1.2.3		4
1321			ClientRate:127.0.0.1		0
1322			ClientRate:			10
1323
1324		10.1.2.3 can only make up to 4 connections, the
1325		general limit it 10, and 127.0.0.1 can make an unlimited
1326		number of connections per ConnectionRateWindowSize.
1327
1328		See also CONNECTION CONTROL.
1329
1330conncontrol	Enable a simple check of the number of incoming SMTP
1331		connections.  This requires entries in access_db of the
1332		form
1333
1334			ClientConn:IP.ADD.RE.SS		LIMIT
1335
1336		The RHS specifies the maximum number of open connections
1337		(an integer number).
1338
1339		Take the following example:
1340
1341			ClientConn:10.1.2.3		4
1342			ClientConn:127.0.0.1		0
1343			ClientConn:			10
1344
1345		10.1.2.3 can only have up to 4 open connections, the
1346		general limit it 10, and 127.0.0.1 does not have any
1347		explicit limit.
1348
1349		See also CONNECTION CONTROL.
1350
1351mtamark		Experimental support for "Marking Mail Transfer Agents in
1352		Reverse DNS with TXT RRs" (MTAMark), see
1353		draft-stumpf-dns-mtamark-01.  Optional arguments are:
1354
1355		1. Error message, default:
1356
1357			550 Rejected: $&{client_addr} not listed as MTA
1358
1359		2. Temporary lookup failures are ignored unless a second
1360		argument is given, which must be either `t' or a full
1361		error message.
1362
1363		3. Lookup prefix, default: _perm._smtp._srv.  This should
1364		not be changed unless the draft changes it.
1365
1366		Example:
1367
1368			FEATURE(`mtamark', `', `t')
1369
1370lookupdotdomain	Look up also .domain in the access map.  This allows to
1371		match only subdomains.  It does not work well with
1372		FEATURE(`relay_hosts_only'), because most lookups for
1373		subdomains are suppressed by the latter feature.
1374
1375loose_relay_check
1376		Normally, if % addressing is used for a recipient, e.g.
1377		user%site@othersite, and othersite is in class {R}, the
1378		check_rcpt ruleset will strip @othersite and recheck
1379		user@site for relaying.  This feature changes that
1380		behavior.  It should not be needed for most installations.
1381
1382authinfo	Provide a separate map for client side authentication
1383		information.  See SMTP AUTHENTICATION for details.
1384		By default, the authinfo database specification is:
1385
1386			hash /etc/mail/authinfo
1387
1388preserve_luser_host
1389		Preserve the name of the recipient host if LUSER_RELAY is
1390		used.  Without this option, the domain part of the
1391		recipient address will be replaced by the host specified as
1392		LUSER_RELAY.  This feature only works if the hostname is
1393		passed to the mailer (see mailer triple in op.me).  Note
1394		that in the default configuration the local mailer does not
1395		receive the hostname, i.e., the mailer triple has an empty
1396		hostname.
1397
1398preserve_local_plus_detail
1399		Preserve the +detail portion of the address when passing
1400		address to local delivery agent.  Disables alias and
1401		.forward +detail stripping (e.g., given user+detail, only
1402		that address will be looked up in the alias file; user+* and
1403		user will not be looked up).  Only use if the local
1404		delivery agent in use supports +detail addressing.
1405
1406compat_check	Enable ruleset check_compat to look up pairs of addresses
1407		with the Compat: tag --	Compat:sender<@>recipient -- in the
1408		access map.  Valid values for the RHS include
1409			DISCARD	silently discard recipient
1410			TEMP:	return a temporary error
1411			ERROR:	return a permanent error
1412		In the last two cases, a 4xy/5xy SMTP reply code should
1413		follow the colon.
1414
1415no_default_msa	Don't generate the default MSA daemon, i.e.,
1416		DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1417		To define a MSA daemon with other parameters, use this
1418		FEATURE and introduce new settings via DAEMON_OPTIONS().
1419
1420msp		Defines config file for Message Submission Program.
1421		See sendmail/SECURITY for details and cf/cf/submit.mc how
1422		to use it.  An optional argument can be used to override
1423		the default of `[localhost]' to use as host to send all
1424		e-mails to.  Note that MX records will be used if the
1425		specified hostname is not in square brackets (e.g.,
1426		[hostname]).  If `MSA' is specified as second argument then
1427		port 587 is used to contact the server.  Example:
1428
1429			FEATURE(`msp', `', `MSA')
1430
1431		Some more hints about possible changes can be found below
1432		in the section MESSAGE SUBMISSION PROGRAM.
1433
1434		Note: Due to many problems, submit.mc uses
1435
1436			FEATURE(`msp', `[127.0.0.1]')
1437
1438		by default.  If you have a machine with IPv6 only,
1439		change it to
1440
1441			FEATURE(`msp', `[IPv6:::1]')
1442
1443		If you want to continue using '[localhost]', (the behavior
1444		up to 8.12.6), use
1445
1446			FEATURE(`msp')
1447
1448queuegroup	A simple example how to select a queue group based
1449		on the full e-mail address or the domain of the
1450		recipient.  Selection is done via entries in the
1451		access map using the tag QGRP:, for example:
1452
1453			QGRP:example.com	main
1454			QGRP:friend@some.org	others
1455			QGRP:my.domain		local
1456
1457		where "main", "others", and "local" are names of
1458		queue groups.  If an argument is specified, it is used
1459		as default queue group.
1460
1461		Note: please read the warning in doc/op/op.me about
1462		queue groups and possible queue manipulations.
1463
1464greet_pause	Adds the greet_pause ruleset which enables open proxy
1465		and SMTP slamming protection.  The feature can take an
1466		argument specifying the milliseconds to wait:
1467
1468			FEATURE(`greet_pause', `5000')  dnl 5 seconds
1469
1470		If FEATURE(`access_db') is enabled, an access database
1471		lookup with the GreetPause tag is done using client
1472		hostname, domain, IP address, or subnet to determine the
1473		pause time:
1474
1475			GreetPause:my.domain	0
1476			GreetPause:example.com	5000
1477			GreetPause:10.1.2	2000
1478			GreetPause:127.0.0.1	0
1479
1480		When using FEATURE(`access_db'), the optional
1481		FEATURE(`greet_pause') argument becomes the default if
1482		nothing is found in the access database.  A ruleset called
1483		Local_greet_pause can be used for local modifications, e.g.,
1484
1485			LOCAL_RULESETS
1486			SLocal_greet_pause
1487			R$*		$: $&{daemon_flags}
1488			R$* a $*	$# 0
1489
1490block_bad_helo	Reject messages from SMTP clients which provide a HELO/EHLO
1491		argument which is either unqualified, or is one of our own
1492		names (i.e., the server name instead of the client name).
1493		This check is performed at RCPT stage and disabled for the
1494		following cases:
1495		- authenticated sessions,
1496		- connections from IP addresses in class $={R}.
1497		Currently access_db lookups can not be used to
1498		(selectively) disable this test, moreover,
1499		FEATURE(`delay_checks')
1500		is required.
1501
1502require_rdns	Reject mail from connecting SMTP clients without proper
1503		rDNS (reverse DNS), functional gethostbyaddr() resolution.
1504		Note: this feature will cause false positives, i.e., there
1505		are legitimate MTAs that do not have proper DNS entries.
1506		Rejecting mails from those MTAs is a local policy decision.
1507
1508		The basic policy is to reject message with a 5xx error if
1509		the IP address fails to resolve.  However, if this is a
1510		temporary failure, a 4xx temporary failure is returned.
1511		If the look-up succeeds, but returns an apparently forged
1512		value, this is treated as a temporary failure with a 4xx
1513		error code.
1514
1515		EXCEPTIONS:
1516
1517		Exceptions based on access entries are discussed below.
1518		Any IP address matched using $=R (the "relay-domains" file)
1519		is excepted from the rules.  Since we have explicitly
1520		allowed relaying for this host, based on IP address, we
1521		ignore the rDNS failure.
1522
1523		The philosophical assumption here is that most users do
1524		not control their rDNS.  They should be able to send mail
1525		through their ISP, whether or not they have valid rDNS.
1526		The class $=R, roughly speaking, contains those IP addresses
1527		and address ranges for which we are the ISP, or are acting
1528		as if the ISP.
1529
1530		If `delay_checks' is in effect (recommended), then any
1531		sender who has authenticated is also excepted from the
1532		restrictions.  This happens because the rules produced by
1533		this FEATURE() will not be applied to authenticated senders
1534		(assuming `delay_checks').
1535
1536		ACCESS MAP ENTRIES:
1537
1538		Entries such as
1539			Connect:1.2.3.4		OK
1540			Connect:1.2		RELAY
1541		will whitelist IP address 1.2.3.4, so that the rDNS
1542		blocking does apply to that IP address
1543
1544		Entries such as
1545			Connect:1.2.3.4		REJECT
1546		will have the effect of forcing a temporary failure for
1547		that address to be treated as a permanent failure.
1548
1549badmx		Reject envelope sender addresses (MAIL) whose domain part
1550		resolves to a "bad" MX record.  By default these are
1551		MX records which resolve to A records that match the
1552		regular expression:
1553
1554		^(127\.|10\.|0\.0\.0\.0)
1555
1556		This default regular expression can be overridden by
1557		specifying an argument, e.g.,
1558
1559		FEATURE(`badmx', `^127\.0\.0\.1')
1560
1561		Note: this feature requires that the sendmail binary
1562		has been compiled with the options MAP_REGEX and
1563		DNSMAP.
1564
1565+-------+
1566| HACKS |
1567+-------+
1568
1569Some things just can't be called features.  To make this clear,
1570they go in the hack subdirectory and are referenced using the HACK
1571macro.  These will tend to be site-dependent.  The release
1572includes the Berkeley-dependent "cssubdomain" hack (that makes
1573sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
1574this is intended as a short-term aid while moving hosts into
1575subdomains.
1576
1577
1578+--------------------+
1579| SITE CONFIGURATION |
1580+--------------------+
1581
1582    *****************************************************
1583    * This section is really obsolete, and is preserved	*
1584    * only for back compatibility.  You should plan on	*
1585    * using mailertables for new installations.  In	*
1586    * particular, it doesn't work for the newer forms	*
1587    * of UUCP mailers, such as uucp-uudom.		*
1588    *****************************************************
1589
1590Complex sites will need more local configuration information, such as
1591lists of UUCP hosts they speak with directly.  This can get a bit more
1592tricky.  For an example of a "complex" site, see cf/ucbvax.mc.
1593
1594The SITECONFIG macro allows you to indirectly reference site-dependent
1595configuration information stored in the siteconfig subdirectory.  For
1596example, the line
1597
1598	SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
1599
1600reads the file uucp.ucbvax for local connection information.  The
1601second parameter is the local name (in this case just "ucbvax" since
1602it is locally connected, and hence a UUCP hostname).  The third
1603parameter is the name of both a macro to store the local name (in
1604this case, {U}) and the name of the class (e.g., {U}) in which to store
1605the host information read from the file.  Another SITECONFIG line reads
1606
1607	SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
1608
1609This says that the file uucp.ucbarpa contains the list of UUCP sites
1610connected to ucbarpa.Berkeley.EDU.  Class {W} will be used to
1611store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
1612is, the name of the relay to which the hosts listed in uucp.ucbarpa
1613are connected.  [The machine ucbarpa is gone now, but this
1614out-of-date configuration file has been left around to demonstrate
1615how you might do this.]
1616
1617Note that the case of SITECONFIG with a third parameter of ``U'' is
1618special; the second parameter is assumed to be the UUCP name of the
1619local site, rather than the name of a remote site, and the UUCP name
1620is entered into class {w} (the list of local hostnames) as $U.UUCP.
1621
1622The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
1623more than a sequence of SITE macros describing connectivity.  For
1624example:
1625
1626	SITE(`cnmat')
1627	SITE(`sgi olympus')
1628
1629The second example demonstrates that you can use two names on the
1630same line; these are usually aliases for the same host (or are at
1631least in the same company).
1632
1633The macro LOCAL_UUCP can be used to add rules into the generated
1634cf file at the place where MAILER(`uucp') inserts its rules.  This
1635should only be used if really necessary.
1636
1637+--------------------+
1638| USING UUCP MAILERS |
1639+--------------------+
1640
1641It's hard to get UUCP mailers right because of the extremely ad hoc
1642nature of UUCP addressing.  These config files are really designed
1643for domain-based addressing, even for UUCP sites.
1644
1645There are four UUCP mailers available.  The choice of which one to
1646use is partly a matter of local preferences and what is running at
1647the other end of your UUCP connection.  Unlike good protocols that
1648define what will go over the wire, UUCP uses the policy that you
1649should do what is right for the other end; if they change, you have
1650to change.  This makes it hard to do the right thing, and discourages
1651people from updating their software.  In general, if you can avoid
1652UUCP, please do.
1653
1654The major choice is whether to go for a domainized scheme or a
1655non-domainized scheme.  This depends entirely on what the other
1656end will recognize.  If at all possible, you should encourage the
1657other end to go to a domain-based system -- non-domainized addresses
1658don't work entirely properly.
1659
1660The four mailers are:
1661
1662    uucp-old (obsolete name: "uucp")
1663	This is the oldest, the worst (but the closest to UUCP) way of
1664	sending messages across UUCP connections.  It does bangify
1665	everything and prepends $U (your UUCP name) to the sender's
1666	address (which can already be a bang path itself).  It can
1667	only send to one address at a time, so it spends a lot of
1668	time copying duplicates of messages.  Avoid this if at all
1669	possible.
1670
1671    uucp-new (obsolete name: "suucp")
1672	The same as above, except that it assumes that in one rmail
1673	command you can specify several recipients.  It still has a
1674	lot of other problems.
1675
1676    uucp-dom
1677	This UUCP mailer keeps everything as domain addresses.
1678	Basically, it uses the SMTP mailer rewriting rules.  This mailer
1679	is only included if MAILER(`smtp') is specified before
1680	MAILER(`uucp').
1681
1682	Unfortunately, a lot of UUCP mailer transport agents require
1683	bangified addresses in the envelope, although you can use
1684	domain-based addresses in the message header.  (The envelope
1685	shows up as the From_ line on UNIX mail.)  So....
1686
1687    uucp-uudom
1688	This is a cross between uucp-new (for the envelope addresses)
1689	and uucp-dom (for the header addresses).  It bangifies the
1690	envelope sender (From_ line in messages) without adding the
1691	local hostname, unless there is no host name on the address
1692	at all (e.g., "wolf") or the host component is a UUCP host name
1693	instead of a domain name ("somehost!wolf" instead of
1694	"some.dom.ain!wolf").  This is also included only if MAILER(`smtp')
1695	is also specified earlier.
1696
1697Examples:
1698
1699On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1700summarizes the sender rewriting for various mailers.
1701
1702Mailer		sender		rewriting in the envelope
1703------		------		-------------------------
1704uucp-{old,new}	wolf		grasp!wolf
1705uucp-dom	wolf		wolf@grasp.insa-lyon.fr
1706uucp-uudom	wolf		grasp.insa-lyon.fr!wolf
1707
1708uucp-{old,new}	wolf@fr.net	grasp!fr.net!wolf
1709uucp-dom	wolf@fr.net	wolf@fr.net
1710uucp-uudom	wolf@fr.net	fr.net!wolf
1711
1712uucp-{old,new}	somehost!wolf	grasp!somehost!wolf
1713uucp-dom	somehost!wolf	somehost!wolf@grasp.insa-lyon.fr
1714uucp-uudom	somehost!wolf	grasp.insa-lyon.fr!somehost!wolf
1715
1716If you are using one of the domainized UUCP mailers, you really want
1717to convert all UUCP addresses to domain format -- otherwise, it will
1718do it for you (and probably not the way you expected).  For example,
1719if you have the address foo!bar!baz (and you are not sending to foo),
1720the heuristics will add the @uucp.relay.name or @local.host.name to
1721this address.  However, if you map foo to foo.host.name first, it
1722will not add the local hostname.  You can do this using the uucpdomain
1723feature.
1724
1725
1726+-------------------+
1727| TWEAKING RULESETS |
1728+-------------------+
1729
1730For more complex configurations, you can define special rules.
1731The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1732the names.  Any modifications made here are reflected in the header.
1733
1734A common use is to convert old UUCP addresses to SMTP addresses using
1735the UUCPSMTP macro.  For example:
1736
1737	LOCAL_RULE_3
1738	UUCPSMTP(`decvax',	`decvax.dec.com')
1739	UUCPSMTP(`research',	`research.att.com')
1740
1741will cause addresses of the form "decvax!user" and "research!user"
1742to be converted to "user@decvax.dec.com" and "user@research.att.com"
1743respectively.
1744
1745This could also be used to look up hosts in a database map:
1746
1747	LOCAL_RULE_3
1748	R$* < @ $+ > $*		$: $1 < @ $(hostmap $2 $) > $3
1749
1750This map would be defined in the LOCAL_CONFIG portion, as shown below.
1751
1752Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1753For example, new rules are needed to parse hostnames that you accept
1754via MX records.  For example, you might have:
1755
1756	LOCAL_RULE_0
1757	R$+ <@ host.dom.ain.>	$#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1758
1759You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1760pointing at this host; this rule catches the message and forwards it on
1761using UUCP.
1762
1763You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1764These rulesets are normally empty.
1765
1766A similar macro is LOCAL_CONFIG.  This introduces lines added after the
1767boilerplate option setting but before rulesets.  Do not declare rulesets in
1768the LOCAL_CONFIG section.  It can be used to declare local database maps or
1769whatever.  For example:
1770
1771	LOCAL_CONFIG
1772	Khostmap hash /etc/mail/hostmap
1773	Kyplocal nis -m hosts.byname
1774
1775
1776+---------------------------+
1777| MASQUERADING AND RELAYING |
1778+---------------------------+
1779
1780You can have your host masquerade as another using
1781
1782	MASQUERADE_AS(`host.domain')
1783
1784This causes mail being sent to be labeled as coming from the
1785indicated host.domain, rather than $j.  One normally masquerades as
1786one of one's own subdomains (for example, it's unlikely that
1787Berkeley would choose to masquerade as an MIT site).  This
1788behaviour is modified by a plethora of FEATUREs; in particular, see
1789masquerade_envelope, allmasquerade, limited_masquerade, and
1790masquerade_entire_domain.
1791
1792The masquerade name is not normally canonified, so it is important
1793that it be your One True Name, that is, fully qualified and not a
1794CNAME.  However, if you use a CNAME, the receiving side may canonify
1795it for you, so don't think you can cheat CNAME mapping this way.
1796
1797Normally the only addresses that are masqueraded are those that come
1798from this host (that is, are either unqualified or in class {w}, the list
1799of local domain names).  You can augment this list, which is realized
1800by class {M} using
1801
1802	MASQUERADE_DOMAIN(`otherhost.domain')
1803
1804The effect of this is that although mail to user@otherhost.domain
1805will not be delivered locally, any mail including any user@otherhost.domain
1806will, when relayed, be rewritten to have the MASQUERADE_AS address.
1807This can be a space-separated list of names.
1808
1809If these names are in a file, you can use
1810
1811	MASQUERADE_DOMAIN_FILE(`filename')
1812
1813to read the list of names from the indicated file (i.e., to add
1814elements to class {M}).
1815
1816To exempt hosts or subdomains from being masqueraded, you can use
1817
1818	MASQUERADE_EXCEPTION(`host.domain')
1819
1820This can come handy if you want to masquerade a whole domain
1821except for one (or a few) host(s).  If these names are in a file,
1822you can use
1823
1824	MASQUERADE_EXCEPTION_FILE(`filename')
1825
1826Normally only header addresses are masqueraded.  If you want to
1827masquerade the envelope as well, use
1828
1829	FEATURE(`masquerade_envelope')
1830
1831There are always users that need to be "exposed" -- that is, their
1832internal site name should be displayed instead of the masquerade name.
1833Root is an example (which has been "exposed" by default prior to 8.10).
1834You can add users to this list using
1835
1836	EXPOSED_USER(`usernames')
1837
1838This adds users to class {E}; you could also use
1839
1840	EXPOSED_USER_FILE(`filename')
1841
1842You can also arrange to relay all unqualified names (that is, names
1843without @host) to a relay host.  For example, if you have a central
1844email server, you might relay to that host so that users don't have
1845to have .forward files or aliases.  You can do this using
1846
1847	define(`LOCAL_RELAY', `mailer:hostname')
1848
1849The ``mailer:'' can be omitted, in which case the mailer defaults to
1850"relay".  There are some user names that you don't want relayed, perhaps
1851because of local aliases.  A common example is root, which may be
1852locally aliased.  You can add entries to this list using
1853
1854	LOCAL_USER(`usernames')
1855
1856This adds users to class {L}; you could also use
1857
1858	LOCAL_USER_FILE(`filename')
1859
1860If you want all incoming mail sent to a centralized hub, as for a
1861shared /var/spool/mail scheme, use
1862
1863	define(`MAIL_HUB', `mailer:hostname')
1864
1865Again, ``mailer:'' defaults to "relay".  If you define both LOCAL_RELAY
1866and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1867be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1868Note: there is a (long standing) bug which keeps this combination from
1869working for addresses of the form user+detail.
1870Names in class {L} will be delivered locally, so you MUST have aliases or
1871.forward files for them.
1872
1873For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1874FEATURE(`stickyhost'), the following combinations of settings will have the
1875indicated effects:
1876
1877email sent to....	eric			  eric@mastodon.CS.Berkeley.EDU
1878
1879LOCAL_RELAY set to	mail.CS.Berkeley.EDU	  (delivered locally)
1880mail.CS.Berkeley.EDU	  (no local aliasing)	    (aliasing done)
1881
1882MAIL_HUB set to		mammoth.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1883mammoth.CS.Berkeley.EDU	  (aliasing done)	    (aliasing done)
1884
1885Both LOCAL_RELAY and	mail.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1886MAIL_HUB set as above	  (no local aliasing)	    (aliasing done)
1887
1888If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1889MAIL_HUB act identically, with MAIL_HUB taking precedence.
1890
1891If you want all outgoing mail to go to a central relay site, define
1892SMART_HOST as well.  Briefly:
1893
1894	LOCAL_RELAY applies to unqualified names (e.g., "eric").
1895	MAIL_HUB applies to names qualified with the name of the
1896		local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1897	SMART_HOST applies to names qualified with other hosts or
1898		bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1899		or "eric@[127.0.0.1]").
1900
1901However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1902DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1903really want absolutely everything to go to a single central site you will
1904need to unset all the other relays -- or better yet, find or build a
1905minimal config file that does this.
1906
1907For duplicate suppression to work properly, the host name is best
1908specified with a terminal dot:
1909
1910	define(`MAIL_HUB', `host.domain.')
1911	      note the trailing dot ---^
1912
1913
1914+-------------------------------------------+
1915| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1916+-------------------------------------------+
1917
1918LDAP can be used for aliases, maps, and classes by either specifying your
1919own LDAP map specification or using the built-in default LDAP map
1920specification.  The built-in default specifications all provide lookups
1921which match against either the machine's fully qualified hostname (${j}) or
1922a "cluster".  The cluster allows you to share LDAP entries among a large
1923number of machines without having to enter each of the machine names into
1924each LDAP entry.  To set the LDAP cluster name to use for a particular
1925machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1926unique name.  For example:
1927
1928	define(`confLDAP_CLUSTER', `Servers')
1929
1930Here, the word `Servers' will be the cluster name.  As an example, assume
1931that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1932to the Servers cluster.
1933
1934Some of the LDAP LDIF examples below show use of the Servers cluster.
1935Every entry must have either a sendmailMTAHost or sendmailMTACluster
1936attribute or it will be ignored.  Be careful as mixing clusters and
1937individual host records can have surprising results (see the CAUTION
1938sections below).
1939
1940See the file cf/sendmail.schema for the actual LDAP schemas.  Note that
1941this schema (and therefore the lookups and examples below) is experimental
1942at this point as it has had little public review.  Therefore, it may change
1943in future versions.  Feedback via sendmail-YYYY@support.sendmail.org is
1944encouraged (replace YYYY with the current year, e.g., 2005).
1945
1946-------
1947Aliases
1948-------
1949
1950The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
1951lookups.  To use the default schema, simply use:
1952
1953	define(`ALIAS_FILE', `ldap:')
1954
1955By doing so, you will use the default schema which expands to a map
1956declared as follows:
1957
1958	ldap -k (&(objectClass=sendmailMTAAliasObject)
1959		  (sendmailMTAAliasGrouping=aliases)
1960		  (|(sendmailMTACluster=${sendmailMTACluster})
1961		    (sendmailMTAHost=$j))
1962		  (sendmailMTAKey=%0))
1963	     -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
1964
1965
1966NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1967used when the binary expands the `ldap:' token as the AliasFile option is
1968not actually macro-expanded when read from the sendmail.cf file.
1969
1970Example LDAP LDIF entries might be:
1971
1972	dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
1973	objectClass: sendmailMTA
1974	objectClass: sendmailMTAAlias
1975	objectClass: sendmailMTAAliasObject
1976	sendmailMTAAliasGrouping: aliases
1977	sendmailMTAHost: etrn.sendmail.org
1978	sendmailMTAKey: sendmail-list
1979	sendmailMTAAliasValue: ca@example.org
1980	sendmailMTAAliasValue: eric
1981	sendmailMTAAliasValue: gshapiro@example.com
1982
1983	dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
1984	objectClass: sendmailMTA
1985	objectClass: sendmailMTAAlias
1986	objectClass: sendmailMTAAliasObject
1987	sendmailMTAAliasGrouping: aliases
1988	sendmailMTAHost: etrn.sendmail.org
1989	sendmailMTAKey: owner-sendmail-list
1990	sendmailMTAAliasValue: eric
1991
1992	dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
1993	objectClass: sendmailMTA
1994	objectClass: sendmailMTAAlias
1995	objectClass: sendmailMTAAliasObject
1996	sendmailMTAAliasGrouping: aliases
1997	sendmailMTACluster: Servers
1998	sendmailMTAKey: postmaster
1999	sendmailMTAAliasValue: eric
2000
2001Here, the aliases sendmail-list and owner-sendmail-list will be available
2002only on etrn.sendmail.org but the postmaster alias will be available on
2003every machine in the Servers cluster (including etrn.sendmail.org).
2004
2005CAUTION: aliases are additive so that entries like these:
2006
2007	dn: sendmailMTAKey=bob, dc=sendmail, dc=org
2008	objectClass: sendmailMTA
2009	objectClass: sendmailMTAAlias
2010	objectClass: sendmailMTAAliasObject
2011	sendmailMTAAliasGrouping: aliases
2012	sendmailMTACluster: Servers
2013	sendmailMTAKey: bob
2014	sendmailMTAAliasValue: eric
2015
2016	dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
2017	objectClass: sendmailMTA
2018	objectClass: sendmailMTAAlias
2019	objectClass: sendmailMTAAliasObject
2020	sendmailMTAAliasGrouping: aliases
2021	sendmailMTAHost: etrn.sendmail.org
2022	sendmailMTAKey: bob
2023	sendmailMTAAliasValue: gshapiro
2024
2025would mean that on all of the hosts in the cluster, mail to bob would go to
2026eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
2027gshapiro.
2028
2029If you prefer not to use the default LDAP schema for your aliases, you can
2030specify the map parameters when setting ALIAS_FILE.  For example:
2031
2032	define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
2033
2034----
2035Maps
2036----
2037
2038FEATURE()'s which take an optional map definition argument (e.g., access,
2039mailertable, virtusertable, etc.) can instead take the special keyword
2040`LDAP', e.g.:
2041
2042	FEATURE(`access_db', `LDAP')
2043	FEATURE(`virtusertable', `LDAP')
2044
2045When this keyword is given, that map will use LDAP lookups consisting of
2046the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
2047with the map name, a search attribute of sendmailMTAKey, and the value
2048attribute sendmailMTAMapValue.
2049
2050The values for sendmailMTAMapName are:
2051
2052	FEATURE()		sendmailMTAMapName
2053	---------		------------------
2054	access_db		access
2055	authinfo		authinfo
2056	bitdomain		bitdomain
2057	domaintable		domain
2058	genericstable		generics
2059	mailertable		mailer
2060	uucpdomain		uucpdomain
2061	virtusertable		virtuser
2062
2063For example, FEATURE(`mailertable', `LDAP') would use the map definition:
2064
2065	Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
2066			       (sendmailMTAMapName=mailer)
2067			       (|(sendmailMTACluster=${sendmailMTACluster})
2068				 (sendmailMTAHost=$j))
2069			       (sendmailMTAKey=%0))
2070			  -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
2071
2072An example LDAP LDIF entry using this map might be:
2073
2074	dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
2075	objectClass: sendmailMTA
2076	objectClass: sendmailMTAMap
2077	sendmailMTACluster: Servers
2078	sendmailMTAMapName: mailer
2079
2080	dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2081	objectClass: sendmailMTA
2082	objectClass: sendmailMTAMap
2083	objectClass: sendmailMTAMapObject
2084	sendmailMTAMapName: mailer
2085	sendmailMTACluster: Servers
2086	sendmailMTAKey: example.com
2087	sendmailMTAMapValue: relay:[smtp.example.com]
2088
2089CAUTION: If your LDAP database contains the record above and *ALSO* a host
2090specific record such as:
2091
2092	dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2093	objectClass: sendmailMTA
2094	objectClass: sendmailMTAMap
2095	objectClass: sendmailMTAMapObject
2096	sendmailMTAMapName: mailer
2097	sendmailMTAHost: etrn.sendmail.org
2098	sendmailMTAKey: example.com
2099	sendmailMTAMapValue: relay:[mx.example.com]
2100
2101then these entries will give unexpected results.  When the lookup is done
2102on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
2103require a single match.  Since the host etrn.sendmail.org is also in the
2104Servers cluster, LDAP would return two answers for the example.com map key
2105in which case sendmail would treat this as no match at all.
2106
2107If you prefer not to use the default LDAP schema for your maps, you can
2108specify the map parameters when using the FEATURE().  For example:
2109
2110	FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
2111
2112-------
2113Classes
2114-------
2115
2116Normally, classes can be filled via files or programs.  As of 8.12, they
2117can also be filled via map lookups using a new syntax:
2118
2119	F{ClassName}mapkey@mapclass:mapspec
2120
2121mapkey is optional and if not provided the map key will be empty.  This can
2122be used with LDAP to read classes from LDAP.  Note that the lookup is only
2123done when sendmail is initially started.  Use the special value `@LDAP' to
2124use the default LDAP schema.  For example:
2125
2126	RELAY_DOMAIN_FILE(`@LDAP')
2127
2128would put all of the attribute sendmailMTAClassValue values of LDAP records
2129with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
2130'R' into class $={R}.  In other words, it is equivalent to the LDAP map
2131specification:
2132
2133	F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
2134		       (sendmailMTAClassName=R)
2135		       (|(sendmailMTACluster=${sendmailMTACluster})
2136			 (sendmailMTAHost=$j)))
2137		  -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
2138
2139NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
2140used when the binary expands the `@LDAP' token as class declarations are
2141not actually macro-expanded when read from the sendmail.cf file.
2142
2143This can be used with class related commands such as RELAY_DOMAIN_FILE(),
2144MASQUERADE_DOMAIN_FILE(), etc:
2145
2146	Command				sendmailMTAClassName
2147	-------				--------------------
2148	CANONIFY_DOMAIN_FILE()		Canonify
2149	EXPOSED_USER_FILE()		E
2150	GENERICS_DOMAIN_FILE()		G
2151	LDAPROUTE_DOMAIN_FILE()		LDAPRoute
2152	LDAPROUTE_EQUIVALENT_FILE()	LDAPRouteEquiv
2153	LOCAL_USER_FILE()		L
2154	MASQUERADE_DOMAIN_FILE()	M
2155	MASQUERADE_EXCEPTION_FILE()	N
2156	RELAY_DOMAIN_FILE()		R
2157	VIRTUSER_DOMAIN_FILE()		VirtHost
2158
2159You can also add your own as any 'F'ile class of the form:
2160
2161	F{ClassName}@LDAP
2162	  ^^^^^^^^^
2163will use "ClassName" for the sendmailMTAClassName.
2164
2165An example LDAP LDIF entry would look like:
2166
2167	dn: sendmailMTAClassName=R, dc=sendmail, dc=org
2168	objectClass: sendmailMTA
2169	objectClass: sendmailMTAClass
2170	sendmailMTACluster: Servers
2171	sendmailMTAClassName: R
2172	sendmailMTAClassValue: sendmail.org
2173	sendmailMTAClassValue: example.com
2174	sendmailMTAClassValue: 10.56.23
2175
2176CAUTION: If your LDAP database contains the record above and *ALSO* a host
2177specific record such as:
2178
2179	dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
2180	objectClass: sendmailMTA
2181	objectClass: sendmailMTAClass
2182	sendmailMTAHost: etrn.sendmail.org
2183	sendmailMTAClassName: R
2184	sendmailMTAClassValue: example.com
2185
2186the result will be similar to the aliases caution above.  When the lookup
2187is done on etrn.sendmail.org, $={R} would contain all of the entries (from
2188both the cluster match and the host match).  In other words, the effective
2189is additive.
2190
2191If you prefer not to use the default LDAP schema for your classes, you can
2192specify the map parameters when using the class command.  For example:
2193
2194	VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
2195
2196Remember, macros can not be used in a class declaration as the binary does
2197not expand them.
2198
2199
2200+--------------+
2201| LDAP ROUTING |
2202+--------------+
2203
2204FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
2205LDAP Schema for Intranet Mail Routing
2206(draft-lachman-laser-ldap-mail-routing-01).  This feature enables
2207LDAP-based rerouting of a particular address to either a different host
2208or a different address.  The LDAP lookup is first attempted on the full
2209address (e.g., user@example.com) and then on the domain portion
2210(e.g., @example.com).  Be sure to setup your domain for LDAP routing using
2211LDAPROUTE_DOMAIN(), e.g.:
2212
2213	LDAPROUTE_DOMAIN(`example.com')
2214
2215Additionally, you can specify equivalent domains for LDAP routing using
2216LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE().  'Equivalent'
2217hostnames are mapped to $M (the masqueraded hostname for the server) before
2218the LDAP query.  For example, if the mail is addressed to
2219user@host1.example.com, normally the LDAP lookup would only be done for
2220'user@host1.example.com' and '@host1.example.com'.   However, if
2221LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
2222done on 'user@example.com' and '@example.com' after attempting the
2223host1.example.com lookups.
2224
2225By default, the feature will use the schemas as specified in the draft
2226and will not reject addresses not found by the LDAP lookup.  However,
2227this behavior can be changed by giving additional arguments to the FEATURE()
2228command:
2229
2230 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
2231		 <detail>, <nodomain>, <tempfail>)
2232
2233where <mailHost> is a map definition describing how to lookup an alternative
2234mail host for a particular address; <mailRoutingAddress> is a map definition
2235describing how to lookup an alternative address for a particular address;
2236the <bounce> argument, if present and not the word "passthru", dictates
2237that mail should be bounced if neither a mailHost nor mailRoutingAddress
2238is found, if set to "sendertoo", the sender will be rejected if not
2239found in LDAP; and <detail> indicates what actions to take if the address
2240contains +detail information -- `strip' tries the lookup with the +detail
2241and if no matches are found, strips the +detail and tries the lookup again;
2242`preserve', does the same as `strip' but if a mailRoutingAddress match is
2243found, the +detail information is copied to the new address; the <nodomain>
2244argument, if present, will prevent the @domain lookup if the full
2245address is not found in LDAP; the <tempfail> argument, if set to
2246"tempfail", instructs the rules to give an SMTP 4XX temporary
2247error if the LDAP server gives the MTA a temporary failure, or if set to
2248"queue" (the default), the MTA will locally queue the mail.
2249
2250The default <mailHost> map definition is:
2251
2252	ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2253				 (mailLocalAddress=%0))
2254
2255The default <mailRoutingAddress> map definition is:
2256
2257	ldap -1 -T<TMPF> -v mailRoutingAddress
2258			 -k (&(objectClass=inetLocalMailRecipient)
2259			      (mailLocalAddress=%0))
2260
2261Note that neither includes the LDAP server hostname (-h server) or base DN
2262(-b o=org,c=COUNTRY), both necessary for LDAP queries.  It is presumed that
2263your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
2264these settings.  If this is not the case, the map definitions should be
2265changed as described above.  The "-T<TMPF>" is required in any user
2266specified map definition to catch temporary errors.
2267
2268The following possibilities exist as a result of an LDAP lookup on an
2269address:
2270
2271	mailHost is	mailRoutingAddress is	Results in
2272	-----------	---------------------	----------
2273	set to a	set			mail delivered to
2274	"local" host				mailRoutingAddress
2275
2276	set to a	not set			delivered to
2277	"local" host				original address
2278
2279	set to a	set			mailRoutingAddress
2280	remote host				relayed to mailHost
2281
2282	set to a	not set			original address
2283	remote host				relayed to mailHost
2284
2285	not set		set			mail delivered to
2286						mailRoutingAddress
2287
2288	not set		not set			delivered to
2289						original address *OR*
2290						bounced as unknown user
2291
2292The term "local" host above means the host specified is in class {w}.  If
2293the result would mean sending the mail to a different host, that host is
2294looked up in the mailertable before delivery.
2295
2296Note that the last case depends on whether the third argument is given
2297to the FEATURE() command.  The default is to deliver the message to the
2298original address.
2299
2300The LDAP entries should be set up with an objectClass of
2301inetLocalMailRecipient and the address be listed in a mailLocalAddress
2302attribute.  If present, there must be only one mailHost attribute and it
2303must contain a fully qualified host name as its value.  Similarly, if
2304present, there must be only one mailRoutingAddress attribute and it must
2305contain an RFC 822 compliant address.  Some example LDAP records (in LDIF
2306format):
2307
2308	dn: uid=tom, o=example.com, c=US
2309	objectClass: inetLocalMailRecipient
2310	mailLocalAddress: tom@example.com
2311	mailRoutingAddress: thomas@mailhost.example.com
2312
2313This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2314
2315	dn: uid=dick, o=example.com, c=US
2316	objectClass: inetLocalMailRecipient
2317	mailLocalAddress: dick@example.com
2318	mailHost: eng.example.com
2319
2320This would relay mail for dick@example.com to the same address but redirect
2321the mail to MX records listed for the host eng.example.com (unless the
2322mailertable overrides).
2323
2324	dn: uid=harry, o=example.com, c=US
2325	objectClass: inetLocalMailRecipient
2326	mailLocalAddress: harry@example.com
2327	mailHost: mktmail.example.com
2328	mailRoutingAddress: harry@mkt.example.com
2329
2330This would relay mail for harry@example.com to the MX records listed for
2331the host mktmail.example.com using the new address harry@mkt.example.com
2332when talking to that host.
2333
2334	dn: uid=virtual.example.com, o=example.com, c=US
2335	objectClass: inetLocalMailRecipient
2336	mailLocalAddress: @virtual.example.com
2337	mailHost: server.example.com
2338	mailRoutingAddress: virtual@example.com
2339
2340This would send all mail destined for any username @virtual.example.com to
2341the machine server.example.com's MX servers and deliver to the address
2342virtual@example.com on that relay machine.
2343
2344
2345+---------------------------------+
2346| ANTI-SPAM CONFIGURATION CONTROL |
2347+---------------------------------+
2348
2349The primary anti-spam features available in sendmail are:
2350
2351* Relaying is denied by default.
2352* Better checking on sender information.
2353* Access database.
2354* Header checks.
2355
2356Relaying (transmission of messages from a site outside your host (class
2357{w}) to another site except yours) is denied by default.  Note that this
2358changed in sendmail 8.9; previous versions allowed relaying by default.
2359If you really want to revert to the old behaviour, you will need to use
2360FEATURE(`promiscuous_relay').  You can allow certain domains to relay
2361through your server by adding their domain name or IP address to class
2362{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2363(described below).  Note that IPv6 addresses must be prefaced with "IPv6:".
2364The file consists (like any other file based class) of entries listed on
2365separate lines, e.g.,
2366
2367	sendmail.org
2368	128.32
2369	IPv6:2002:c0a8:02c7
2370	IPv6:2002:c0a8:51d2::23f4
2371	host.mydomain.com
2372	[UNIX:localhost]
2373
2374Notice: the last entry allows relaying for connections via a UNIX
2375socket to the MTA/MSP.  This might be necessary if your configuration
2376doesn't allow relaying by other means in that case, e.g., by having
2377localhost.$m in class {R} (make sure $m is not just a top level
2378domain).
2379
2380If you use
2381
2382	FEATURE(`relay_entire_domain')
2383
2384then any host in any of your local domains (that is, class {m})
2385will be relayed (that is, you will accept mail either to or from any
2386host in your domain).
2387
2388You can also allow relaying based on the MX records of the host
2389portion of an incoming recipient address by using
2390
2391	FEATURE(`relay_based_on_MX')
2392
2393For example, if your server receives a recipient of user@domain.com
2394and domain.com lists your server in its MX records, the mail will be
2395accepted for relay to domain.com.  This feature may cause problems
2396if MX lookups for the recipient domain are slow or time out.  In that
2397case, mail will be temporarily rejected.  It is usually better to
2398maintain a list of hosts/domains for which the server acts as relay.
2399Note also that this feature will stop spammers from using your host
2400to relay spam but it will not stop outsiders from using your server
2401as a relay for their site (that is, they set up an MX record pointing
2402to your mail server, and you will relay mail addressed to them
2403without any prior arrangement).  Along the same lines,
2404
2405	FEATURE(`relay_local_from')
2406
2407will allow relaying if the sender specifies a return path (i.e.
2408MAIL FROM:<user@domain>) domain which is a local domain.  This is a
2409dangerous feature as it will allow spammers to spam using your mail
2410server by simply specifying a return address of user@your.domain.com.
2411It should not be used unless absolutely necessary.
2412A slightly better solution is
2413
2414	FEATURE(`relay_mail_from')
2415
2416which allows relaying if the mail sender is listed as RELAY in the
2417access map.  If an optional argument `domain' (this is the literal
2418word `domain', not a placeholder) is given, the domain portion of
2419the mail sender is also checked to allowing relaying.  This option
2420only works together with the tag From: for the LHS of the access
2421map entries.  This feature allows spammers to abuse your mail server
2422by specifying a return address that you enabled in your access file.
2423This may be harder to figure out for spammers, but it should not
2424be used unless necessary.  Instead use SMTP AUTH or STARTTLS to
2425allow relaying for roaming users.
2426
2427
2428If source routing is used in the recipient address (e.g.,
2429RCPT TO:<user%site.com@othersite.com>), sendmail will check
2430user@site.com for relaying if othersite.com is an allowed relay host
2431in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2432or the access database if FEATURE(`access_db') is used.  To prevent
2433the address from being stripped down, use:
2434
2435	FEATURE(`loose_relay_check')
2436
2437If you think you need to use this feature, you probably do not.  This
2438should only be used for sites which have no control over the addresses
2439that they provide a gateway for.  Use this FEATURE with caution as it
2440can allow spammers to relay through your server if not setup properly.
2441
2442NOTICE: It is possible to relay mail through a system which the anti-relay
2443rules do not prevent: the case of a system that does use FEATURE(`nouucp',
2444`nospecial') (system A) and relays local messages to a mail hub (e.g., via
2445LOCAL_RELAY or LUSER_RELAY) (system B).  If system B doesn't use
2446FEATURE(`nouucp') at all, addresses of the form
2447<example.net!user@local.host> would be relayed to <user@example.net>.
2448System A doesn't recognize `!' as an address separator and therefore
2449forwards it to the mail hub which in turns relays it because it came from
2450a trusted local host.  So if a mailserver allows UUCP (bang-format)
2451addresses, all systems from which it allows relaying should do the same
2452or reject those addresses.
2453
2454As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2455an unresolvable domain (i.e., one that DNS, your local name service,
2456or special case rules in ruleset 3 cannot locate).  This also applies
2457to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2458IP address can't be mapped to a host name.  If you want to continue
2459to accept such domains, e.g., because you are inside a firewall that
2460has only a limited view of the Internet host name space (note that you
2461will not be able to return mail to them unless you have some "smart
2462host" forwarder), use
2463
2464	FEATURE(`accept_unresolvable_domains')
2465
2466Alternatively, you can allow specific addresses by adding them to
2467the access map, e.g.,
2468
2469	From:unresolvable.domain	OK
2470	From:[1.2.3.4]			OK
2471	From:[1.2.4]			OK
2472
2473Notice: domains which are temporarily unresolvable are (temporarily)
2474rejected with a 451 reply code.  If those domains should be accepted
2475(which is discouraged) then you can use
2476
2477	LOCAL_CONFIG
2478	C{ResOk}TEMP
2479
2480sendmail will also refuse mail if the MAIL FROM: parameter is not
2481fully qualified (i.e., contains a domain as well as a user).  If you
2482want to continue to accept such senders, use
2483
2484	FEATURE(`accept_unqualified_senders')
2485
2486Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2487i.e., unqualified addresses are accepted even without this FEATURE.  If
2488this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2489to enforce fully qualified domain names.
2490
2491An ``access'' database can be created to accept or reject mail from
2492selected domains.  For example, you may choose to reject all mail
2493originating from known spammers.  To enable such a database, use
2494
2495	FEATURE(`access_db')
2496
2497Notice: the access database is applied to the envelope addresses
2498and the connection information, not to the header.
2499
2500The FEATURE macro can accept as second parameter the key file
2501definition for the database; for example
2502
2503	FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2504
2505Notice: If a second argument is specified it must contain the option
2506`-T<TMPF>' as shown above.  The optional parameters may be
2507
2508	`skip'			enables SKIP as value part (see below).
2509	`lookupdotdomain'	another way to enable the feature of the
2510				same name (see above).
2511	`relaytofulladdress'	enable entries of the form
2512				To:user@example.com	RELAY
2513				to allow relaying to just a specific
2514				e-mail address instead of an entire domain.
2515
2516Remember, since /etc/mail/access is a database, after creating the text
2517file as described below, you must use makemap to create the database
2518map.  For example:
2519
2520	makemap hash /etc/mail/access < /etc/mail/access
2521
2522The table itself uses e-mail addresses, domain names, and network
2523numbers as keys.  Note that IPv6 addresses must be prefaced with "IPv6:".
2524For example,
2525
2526	From:spammer@aol.com			REJECT
2527	From:cyberspammer.com			REJECT
2528	Connect:cyberspammer.com		REJECT
2529	Connect:TLD				REJECT
2530	Connect:192.168.212			REJECT
2531	Connect:IPv6:2002:c0a8:02c7		RELAY
2532	Connect:IPv6:2002:c0a8:51d2::23f4	REJECT
2533
2534would refuse mail from spammer@aol.com, any user from cyberspammer.com
2535(or any host within the cyberspammer.com domain), any host in the entire
2536top level domain TLD, 192.168.212.* network, and the IPv6 address
25372002:c0a8:51d2::23f4.  It would allow relay for the IPv6 network
25382002:c0a8:02c7::/48.
2539
2540Entries in the access map should be tagged according to their type.
2541Three tags are available:
2542
2543	Connect:	connection information (${client_addr}, ${client_name})
2544	From:		envelope sender
2545	To:		envelope recipient
2546
2547Notice: untagged entries are deprecated.
2548
2549If the required item is looked up in a map, it will be tried first
2550with the corresponding tag in front, then (as fallback to enable
2551backward compatibility) without any tag, unless the specific feature
2552requires a tag.  For example,
2553
2554	From:spammer@some.dom	REJECT
2555	To:friend.domain	RELAY
2556	Connect:friend.domain	OK
2557	Connect:from.domain	RELAY
2558	From:good@another.dom	OK
2559	From:another.dom	REJECT
2560
2561This would deny mails from spammer@some.dom but you could still
2562send mail to that address even if FEATURE(`blacklist_recipients')
2563is enabled.  Your system will allow relaying to friend.domain, but
2564not from it (unless enabled by other means).  Connections from that
2565domain will be allowed even if it ends up in one of the DNS based
2566rejection lists.  Relaying is enabled from from.domain but not to
2567it (since relaying is based on the connection information for
2568outgoing relaying, the tag Connect: must be used; for incoming
2569relaying, which is based on the recipient address, To: must be
2570used).  The last two entries allow mails from good@another.dom but
2571reject mail from all other addresses with another.dom as domain
2572part.
2573
2574
2575The value part of the map can contain:
2576
2577	OK		Accept mail even if other rules in the running
2578			ruleset would reject it, for example, if the domain
2579			name is unresolvable.  "Accept" does not mean
2580			"relay", but at most acceptance for local
2581			recipients.  That is, OK allows less than RELAY.
2582	RELAY		Accept mail addressed to the indicated domain
2583			(or address if `relaytofulladdress' is set) or
2584			received from the indicated domain for relaying
2585			through your SMTP server.  RELAY also serves as
2586			an implicit OK for the other checks.
2587	REJECT		Reject the sender or recipient with a general
2588			purpose message.
2589	DISCARD		Discard the message completely using the
2590			$#discard mailer.  If it is used in check_compat,
2591			it affects only the designated recipient, not
2592			the whole message as it does in all other cases.
2593			This should only be used if really necessary.
2594	SKIP		This can only be used for host/domain names
2595			and IP addresses/nets.  It will abort the current
2596			search for this entry without accepting or rejecting
2597			it but causing the default action.
2598	### any text	where ### is an RFC 821 compliant error code and
2599			"any text" is a message to return for the command.
2600			The entire string should be quoted to avoid
2601			surprises:
2602
2603				"### any text"
2604
2605			Otherwise sendmail formats the text as email
2606			addresses, e.g., it may remove spaces.
2607			This type is deprecated, use one of the two
2608			ERROR:  entries below instead.
2609	ERROR:### any text
2610			as above, but useful to mark error messages as such.
2611			If quotes need to be used to avoid modifications
2612			(see above), they should be placed like this:
2613
2614				ERROR:"### any text"
2615
2616	ERROR:D.S.N:### any text
2617			where D.S.N is an RFC 1893 compliant error code
2618			and the rest as above.  If quotes need to be used
2619			to avoid modifications, they should be placed
2620			like this:
2621
2622				ERROR:D.S.N:"### any text"
2623
2624	QUARANTINE:any text
2625			Quarantine the message using the given text as the
2626			quarantining reason.
2627
2628For example:
2629
2630	From:cyberspammer.com	ERROR:"550 We don't accept mail from spammers"
2631	From:okay.cyberspammer.com	OK
2632	Connect:sendmail.org		RELAY
2633	To:sendmail.org			RELAY
2634	Connect:128.32			RELAY
2635	Connect:128.32.2		SKIP
2636	Connect:IPv6:1:2:3:4:5:6:7	RELAY
2637	Connect:suspicious.example.com	QUARANTINE:Mail from suspicious host
2638	Connect:[127.0.0.3]		OK
2639	Connect:[IPv6:1:2:3:4:5:6:7:8]	OK
2640
2641would accept mail from okay.cyberspammer.com, but would reject mail
2642from all other hosts at cyberspammer.com with the indicated message.
2643It would allow relaying mail from and to any hosts in the sendmail.org
2644domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2645and from the 128.32.*.* network except for the 128.32.2.* network,
2646which shows how SKIP is useful to exempt subnets/subdomains.  The
2647last two entries are for checks against ${client_name} if the IP
2648address doesn't resolve to a hostname (or is considered as "may be
2649forged").  That is, using square brackets means these are host
2650names, not network numbers.
2651
2652Warning: if you change the RFC 821 compliant error code from the default
2653value of 550, then you should probably also change the RFC 1893 compliant
2654error code to match it.  For example, if you use
2655
2656	To:user@example.com	ERROR:450 mailbox full
2657
2658the error returned would be "450 5.0.0 mailbox full" which is wrong.
2659Use "ERROR:4.2.2:450 mailbox full" instead.
2660
2661Note, UUCP users may need to add hostname.UUCP to the access database
2662or class {R}.
2663
2664If you also use:
2665
2666	FEATURE(`relay_hosts_only')
2667
2668then the above example will allow relaying for sendmail.org, but not
2669hosts within the sendmail.org domain.  Note that this will also require
2670hosts listed in class {R} to be fully qualified host names.
2671
2672You can also use the access database to block sender addresses based on
2673the username portion of the address.  For example:
2674
2675	From:FREE.STEALTH.MAILER@	ERROR:550 Spam not accepted
2676
2677Note that you must include the @ after the username to signify that
2678this database entry is for checking only the username portion of the
2679sender address.
2680
2681If you use:
2682
2683	FEATURE(`blacklist_recipients')
2684
2685then you can add entries to the map for local users, hosts in your
2686domains, or addresses in your domain which should not receive mail:
2687
2688	To:badlocaluser@	ERROR:550 Mailbox disabled for badlocaluser
2689	To:host.my.TLD		ERROR:550 That host does not accept mail
2690	To:user@other.my.TLD	ERROR:550 Mailbox disabled for this recipient
2691
2692This would prevent a recipient of badlocaluser in any of the local
2693domains (class {w}), any user at host.my.TLD, and the single address
2694user@other.my.TLD from receiving mail.  Please note: a local username
2695must be now tagged with an @ (this is consistent with the check of
2696the sender address, and hence it is possible to distinguish between
2697hostnames and usernames).  Enabling this feature will keep you from
2698sending mails to all addresses that have an error message or REJECT
2699as value part in the access map.  Taking the example from above:
2700
2701	spammer@aol.com		REJECT
2702	cyberspammer.com	REJECT
2703
2704Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2705That's why tagged entries should be used.
2706
2707There are several DNS based blacklists which can be found by
2708querying a search engine.  These are databases of spammers
2709maintained in DNS.  To use such a database, specify
2710
2711	FEATURE(`dnsbl', `dnsbl.example.com')
2712
2713This will cause sendmail to reject mail from any site listed in the
2714DNS based blacklist.  You must select a DNS based blacklist domain
2715to check by specifying an argument to the FEATURE.  The default
2716error message is
2717
2718	Rejected: IP-ADDRESS listed at SERVER
2719
2720where IP-ADDRESS and SERVER are replaced by the appropriate
2721information.  A second argument can be used to specify a different
2722text or action.  For example,
2723
2724	FEATURE(`dnsbl', `dnsbl.example.com', `quarantine')
2725
2726would quarantine the message if the client IP address is listed
2727at `dnsbl.example.com'.
2728
2729By default, temporary lookup failures are ignored
2730and hence cause the connection not to be rejected by the DNS based
2731rejection list.  This behavior can be changed by specifying a third
2732argument, which must be either `t' or a full error message.  For
2733example:
2734
2735	FEATURE(`dnsbl', `dnsbl.example.com', `',
2736	`"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2737
2738If `t' is used, the error message is:
2739
2740	451 Temporary lookup failure of IP-ADDRESS at SERVER
2741
2742where IP-ADDRESS and SERVER are replaced by the appropriate
2743information.
2744
2745This FEATURE can be included several times to query different
2746DNS based rejection lists.
2747
2748Notice: to avoid checking your own local domains against those
2749blacklists, use the access_db feature and add:
2750
2751	Connect:10.1		OK
2752	Connect:127.0.0.1	RELAY
2753
2754to the access map, where 10.1 is your local network.  You may
2755want to use "RELAY" instead of "OK" to allow also relaying
2756instead of just disabling the DNS lookups in the blacklists.
2757
2758
2759The features described above make use of the check_relay, check_mail,
2760and check_rcpt rulesets.  Note that check_relay checks the SMTP
2761client hostname and IP address when the connection is made to your
2762server.  It does not check if a mail message is being relayed to
2763another server.  That check is done in check_rcpt.  If you wish to
2764include your own checks, you can put your checks in the rulesets
2765Local_check_relay, Local_check_mail, and Local_check_rcpt.  For
2766example if you wanted to block senders with all numeric usernames
2767(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2768regex map:
2769
2770	LOCAL_CONFIG
2771	Kallnumbers regex -a@MATCH ^[0-9]+$
2772
2773	LOCAL_RULESETS
2774	SLocal_check_mail
2775	# check address against various regex checks
2776	R$*				$: $>Parse0 $>3 $1
2777	R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $)
2778	R@MATCH				$#error $: 553 Header Error
2779
2780These rules are called with the original arguments of the corresponding
2781check_* ruleset.  If the local ruleset returns $#OK, no further checking
2782is done by the features described above and the mail is accepted.  If
2783the local ruleset resolves to a mailer (such as $#error or $#discard),
2784the appropriate action is taken.  Other results starting with $# are
2785interpreted by sendmail and may lead to unspecified behavior.  Note: do
2786NOT create a mailer with the name OK.  Return values that do not start
2787with $# are ignored, i.e., normal processing continues.
2788
2789Delay all checks
2790----------------
2791
2792By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2793will not be called when a client connects or issues a MAIL command,
2794respectively.  Instead, those rulesets will be called by the check_rcpt
2795ruleset; they will be skipped if a sender has been authenticated using
2796a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2797If check_mail returns an error then the RCPT TO command will be rejected
2798with that error.  If it returns some other result starting with $# then
2799check_relay will be skipped.  If the sender address (or a part of it) is
2800listed in the access map and it has a RHS of OK or RELAY, then check_relay
2801will be skipped.  This has an interesting side effect: if your domain is
2802my.domain and you have
2803
2804	my.domain	RELAY
2805
2806in the access map, then any e-mail with a sender address of
2807<user@my.domain> will not be rejected by check_relay even though
2808it would match the hostname or IP address.  This allows spammers
2809to get around DNS based blacklist by faking the sender address.  To
2810avoid this problem you have to use tagged entries:
2811
2812	To:my.domain		RELAY
2813	Connect:my.domain	RELAY
2814
2815if you need those entries at all (class {R} may take care of them).
2816
2817FEATURE(`delay_checks') can take an optional argument:
2818
2819	FEATURE(`delay_checks', `friend')
2820		 enables spamfriend test
2821	FEATURE(`delay_checks', `hater')
2822		 enables spamhater test
2823
2824If such an argument is given, the recipient will be looked up in the
2825access map (using the tag Spam:).  If the argument is `friend', then
2826the default behavior is to apply the other rulesets and make a SPAM
2827friend the exception.  The rulesets check_mail and check_relay will be
2828skipped only if the recipient address is found and has RHS FRIEND.  If
2829the argument is `hater', then the default behavior is to skip the rulesets
2830check_mail and check_relay and make a SPAM hater the exception.  The
2831other two rulesets will be applied only if the recipient address is
2832found and has RHS HATER.
2833
2834This allows for simple exceptions from the tests, e.g., by activating
2835the friend option and having
2836
2837	Spam:abuse@	FRIEND
2838
2839in the access map, mail to abuse@localdomain will get through (where
2840"localdomain" is any domain in class {w}).  It is also possible to
2841specify a full address or an address with +detail:
2842
2843	Spam:abuse@my.domain	FRIEND
2844	Spam:me+abuse@		FRIEND
2845	Spam:spam.domain	FRIEND
2846
2847Note: The required tag has been changed in 8.12 from To: to Spam:.
2848This change is incompatible to previous versions.  However, you can
2849(for now) simply add the new entries to the access map, the old
2850ones will be ignored.  As soon as you removed the old entries from
2851the access map, specify a third parameter (`n') to this feature and
2852the backward compatibility rules will not be in the generated .cf
2853file.
2854
2855Header Checks
2856-------------
2857
2858You can also reject mail on the basis of the contents of headers.
2859This is done by adding a ruleset call to the 'H' header definition command
2860in sendmail.cf.  For example, this can be used to check the validity of
2861a Message-ID: header:
2862
2863	LOCAL_CONFIG
2864	HMessage-Id: $>CheckMessageId
2865
2866	LOCAL_RULESETS
2867	SCheckMessageId
2868	R< $+ @ $+ >		$@ OK
2869	R$*			$#error $: 553 Header Error
2870
2871The alternative format:
2872
2873	HSubject: $>+CheckSubject
2874
2875that is, $>+ instead of $>, gives the full Subject: header including
2876comments to the ruleset (comments in parentheses () are stripped
2877by default).
2878
2879A default ruleset for headers which don't have a specific ruleset
2880defined for them can be given by:
2881
2882	H*: $>CheckHdr
2883
2884Notice:
28851. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2886That may cause problems with simple header checks due to the
2887tokenization.  It might be simpler to use a regex map and apply it
2888to $&{currHeader}.
28892. There are no default rulesets coming with this distribution of
2890sendmail.  You can write your own, can search the WWW for examples,
2891or take a look at cf/cf/knecht.mc.
28923. When using a default ruleset for headers, the name of the header
2893currently being checked can be found in the $&{hdr_name} macro.
2894
2895After all of the headers are read, the check_eoh ruleset will be called for
2896any final header-related checks.  The ruleset is called with the number of
2897headers and the size of all of the headers in bytes separated by $|.  One
2898example usage is to reject messages which do not have a Message-Id:
2899header.  However, the Message-Id: header is *NOT* a required header and is
2900not a guaranteed spam indicator.  This ruleset is an example and should
2901probably not be used in production.
2902
2903	LOCAL_CONFIG
2904	Kstorage macro
2905	HMessage-Id: $>CheckMessageId
2906
2907	LOCAL_RULESETS
2908	SCheckMessageId
2909	# Record the presence of the header
2910	R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
2911	R< $+ @ $+ >		$@ OK
2912	R$*			$#error $: 553 Header Error
2913
2914	Scheck_eoh
2915	# Check the macro
2916	R$*			$: < $&{MessageIdCheck} >
2917	# Clear the macro for the next message
2918	R$*			$: $(storage {MessageIdCheck} $) $1
2919	# Has a Message-Id: header
2920	R< $+ >			$@ OK
2921	# Allow missing Message-Id: from local mail
2922	R$*			$: < $&{client_name} >
2923	R< >			$@ OK
2924	R< $=w >		$@ OK
2925	# Otherwise, reject the mail
2926	R$*			$#error $: 553 Header Error
2927
2928
2929+--------------------+
2930| CONNECTION CONTROL |
2931+--------------------+
2932
2933The features ratecontrol and conncontrol allow to establish connection
2934limits per client IP address or net.  These features can limit the
2935rate of connections (connections per time unit) or the number of
2936incoming SMTP connections, respectively.  If enabled, appropriate
2937rulesets are called at the end of check_relay, i.e., after DNS
2938blacklists and generic access_db operations.  The features require
2939FEATURE(`access_db') to be listed earlier in the mc file.
2940
2941Note: FEATURE(`delay_checks') delays those connection control checks
2942after a recipient address has been received, hence making these
2943connection control features less useful.  To run the checks as early
2944as possible, specify the parameter `nodelay', e.g.,
2945
2946	FEATURE(`ratecontrol', `nodelay')
2947
2948In that case, FEATURE(`delay_checks') has no effect on connection
2949control (and it must be specified earlier in the mc file).
2950
2951An optional second argument `terminate' specifies whether the
2952rulesets should return the error code 421 which will cause
2953sendmail to terminate the session with that error if it is
2954returned from check_relay, i.e., not delayed as explained in
2955the previous paragraph.  Example:
2956
2957	FEATURE(`ratecontrol', `nodelay', `terminate')
2958
2959
2960+----------+
2961| STARTTLS |
2962+----------+
2963
2964In this text, cert will be used as an abbreviation for X.509 certificate,
2965DN (CN) is the distinguished (common) name of a cert, and CA is a
2966certification authority, which signs (issues) certs.
2967
2968For STARTTLS to be offered by sendmail you need to set at least
2969these variables (the file names and paths are just examples):
2970
2971	define(`confCACERT_PATH', `/etc/mail/certs/')
2972	define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
2973	define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
2974	define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
2975
2976On systems which do not have the compile flag HASURANDOM set (see
2977sendmail/README) you also must set confRAND_FILE.
2978
2979See doc/op/op.{me,ps,txt} for more information about these options,
2980especially the sections ``Certificates for STARTTLS'' and ``PRNG for
2981STARTTLS''.
2982
2983Macros related to STARTTLS are:
2984
2985${cert_issuer} holds the DN of the CA (the cert issuer).
2986${cert_subject} holds the DN of the cert (called the cert subject).
2987${cn_issuer} holds the CN of the CA (the cert issuer).
2988${cn_subject} holds the CN of the cert (called the cert subject).
2989${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
2990	TLSv1/SSLv3, SSLv3, SSLv2.
2991${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
2992	EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
2993${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
2994	used for the connection.
2995${verify} holds the result of the verification of the presented cert.
2996	Possible values are:
2997	OK	 verification succeeded.
2998	NO	 no cert presented.
2999	NOT	 no cert requested.
3000	FAIL	 cert presented but could not be verified,
3001		 e.g., the cert of the signing CA is missing.
3002	NONE	 STARTTLS has not been performed.
3003	TEMP	 temporary error occurred.
3004	PROTOCOL protocol error occurred (SMTP level).
3005	SOFTWARE STARTTLS handshake failed.
3006${server_name} the name of the server of the current outgoing SMTP
3007	connection.
3008${server_addr} the address of the server of the current outgoing SMTP
3009	connection.
3010
3011Relaying
3012--------
3013
3014SMTP STARTTLS can allow relaying for remote SMTP clients which have
3015successfully authenticated themselves.  If the verification of the cert
3016failed (${verify} != OK), relaying is subject to the usual rules.
3017Otherwise the DN of the issuer is looked up in the access map using the
3018tag CERTISSUER.  If the resulting value is RELAY, relaying is allowed.
3019If it is SUBJECT, the DN of the cert subject is looked up next in the
3020access map using the tag CERTSUBJECT.  If the value is RELAY, relaying
3021is allowed.
3022
3023To make things a bit more flexible (or complicated), the values for
3024${cert_issuer} and ${cert_subject} can be optionally modified by regular
3025expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
3026_CERT_REGEX_SUBJECT_, respectively.  To avoid problems with those macros in
3027rulesets and map lookups, they are modified as follows: each non-printable
3028character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
3029by their HEX value with a leading '+'.  For example:
3030
3031/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
3032darth+cert@endmail.org
3033
3034is encoded as:
3035
3036/C=US/ST=California/O=endmail.org/OU=private/CN=
3037Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
3038
3039(line breaks have been inserted for readability).
3040
3041The  macros  which are subject to this encoding are ${cert_subject},
3042${cert_issuer},  ${cn_subject},  and ${cn_issuer}.
3043
3044Examples:
3045
3046To allow relaying for everyone who can present a cert signed by
3047
3048/C=US/ST=California/O=endmail.org/OU=private/CN=
3049Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
3050
3051simply use:
3052
3053CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3054Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	RELAY
3055
3056To allow relaying only for a subset of machines that have a cert signed by
3057
3058/C=US/ST=California/O=endmail.org/OU=private/CN=
3059Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
3060
3061use:
3062
3063CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3064Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	SUBJECT
3065CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
3066DeathStar/Email=deathstar@endmail.org		RELAY
3067
3068Notes:
3069- line breaks have been inserted after "CN=" for readability,
3070  each tagged entry must be one (long) line in the access map.
3071- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
3072  is replaced by "emailAddress=".
3073
3074Of course it is also possible to write a simple ruleset that allows
3075relaying for everyone who can present a cert that can be verified, e.g.,
3076
3077LOCAL_RULESETS
3078SLocal_check_rcpt
3079R$*	$: $&{verify}
3080ROK	$# OK
3081
3082Allowing Connections
3083--------------------
3084
3085The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
3086an SMTP connection is accepted (or should continue).
3087
3088tls_server is called when sendmail acts as client after a STARTTLS command
3089(should) have been issued.  The parameter is the value of ${verify}.
3090
3091tls_client is called when sendmail acts as server, after a STARTTLS command
3092has been issued, and from check_mail.  The parameter is the value of
3093${verify} and STARTTLS or MAIL, respectively.
3094
3095Both rulesets behave the same.  If no access map is in use, the connection
3096will be accepted unless ${verify} is SOFTWARE, in which case the connection
3097is always aborted.  For tls_server/tls_client, ${client_name}/${server_name}
3098is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
3099with the ruleset LookUpDomain.  If no entry is found, ${client_addr}
3100(${server_addr}) is looked up in the access map (same tag, ruleset
3101LookUpAddr).  If this doesn't result in an entry either, just the tag is
3102looked up in the access map (included the trailing colon).  Notice:
3103requiring that e-mail is sent to a server only encrypted, e.g., via
3104
3105TLS_Srv:secure.domain	ENCR:112
3106
3107doesn't necessarily mean that e-mail sent to that domain is encrypted.
3108If the domain has multiple MX servers, e.g.,
3109
3110secure.domain.	IN MX 10	mail.secure.domain.
3111secure.domain.	IN MX 50	mail.other.domain.
3112
3113then mail to user@secure.domain may go unencrypted to mail.other.domain.
3114tls_rcpt can be used to address this problem.
3115
3116tls_rcpt is called before a RCPT TO: command is sent.  The parameter is the
3117current recipient.  This ruleset is only defined if FEATURE(`access_db')
3118is selected.  A recipient address user@domain is looked up in the access
3119map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
3120and TLS_Rcpt:; the first match is taken.
3121
3122The result of the lookups is then used to call the ruleset TLS_connection,
3123which checks the requirement specified by the RHS in the access map against
3124the actual parameters of the current TLS connection, esp. ${verify} and
3125${cipher_bits}.  Legal RHSs in the access map are:
3126
3127VERIFY		verification must have succeeded
3128VERIFY:bits	verification must have succeeded and ${cipher_bits} must
3129		be greater than or equal bits.
3130ENCR:bits	${cipher_bits} must be greater than or equal bits.
3131
3132The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
3133or permanent error.  The default is a temporary error code (403 4.7.0)
3134unless the macro TLS_PERM_ERR is set during generation of the .cf file.
3135
3136If a certain level of encryption is required, then it might also be
3137possible that this level is provided by the security layer from a SASL
3138algorithm, e.g., DIGEST-MD5.
3139
3140Furthermore, there can be a list of extensions added.  Such a list
3141starts with '+' and the items are separated by '++'.  Allowed
3142extensions are:
3143
3144CN:name		name must match ${cn_subject}
3145CN		${client_name}/${server_name} must match ${cn_subject}
3146CS:name		name must match ${cert_subject}
3147CI:name		name must match ${cert_issuer}
3148
3149Example: e-mail sent to secure.example.com should only use an encrypted
3150connection.  E-mail received from hosts within the laptop.example.com domain
3151should only be accepted if they have been authenticated.  The host which
3152receives e-mail for darth@endmail.org must present a cert that uses the
3153CN smtp.endmail.org.
3154
3155TLS_Srv:secure.example.com      ENCR:112
3156TLS_Clt:laptop.example.com      PERM+VERIFY:112
3157TLS_Rcpt:darth@endmail.org	ENCR:112+CN:smtp.endmail.org
3158
3159
3160Disabling STARTTLS And Setting SMTP Server Features
3161---------------------------------------------------
3162
3163By default STARTTLS is used whenever possible.  However, there are
3164some broken MTAs that don't properly implement STARTTLS.  To be able
3165to send to (or receive from) those MTAs, the ruleset try_tls
3166(srv_features) can be used that work together with the access map.
3167Entries for the access map must be tagged with Try_TLS (Srv_Features)
3168and refer to the hostname or IP address of the connecting system.
3169A default case can be specified by using just the tag.  For example,
3170the following entries in the access map:
3171
3172	Try_TLS:broken.server	NO
3173	Srv_Features:my.domain	v
3174	Srv_Features:		V
3175
3176will turn off STARTTLS when sending to broken.server (or any host
3177in that domain), and request a client certificate during the TLS
3178handshake only for hosts in my.domain.  The valid entries on the RHS
3179for Srv_Features are listed in the Sendmail Installation and
3180Operations Guide.
3181
3182
3183Received: Header
3184----------------
3185
3186The Received: header reveals whether STARTTLS has been used.  It contains an
3187extra line:
3188
3189(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
3190
3191
3192+---------------------+
3193| SMTP AUTHENTICATION |
3194+---------------------+
3195
3196The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
3197used in anti-relay rulesets to allow relaying for those users that
3198authenticated themselves.  A very simple example is:
3199
3200SLocal_check_rcpt
3201R$*		$: $&{auth_type}
3202R$+		$# OK
3203
3204which checks whether a user has successfully authenticated using
3205any available mechanism.  Depending on the setup of the Cyrus SASL
3206library, more sophisticated rulesets might be required, e.g.,
3207
3208SLocal_check_rcpt
3209R$*		$: $&{auth_type} $| $&{auth_authen}
3210RDIGEST-MD5 $| $+@$=w	$# OK
3211
3212to allow relaying for users that authenticated using DIGEST-MD5
3213and have an identity in the local domains.
3214
3215The ruleset trust_auth is used to determine whether a given AUTH=
3216parameter (that is passed to this ruleset) should be trusted.  This
3217ruleset may make use of the other ${auth_*} macros.  Only if the
3218ruleset resolves to the error mailer, the AUTH= parameter is not
3219trusted.  A user supplied ruleset Local_trust_auth can be written
3220to modify the default behavior, which only trust the AUTH=
3221parameter if it is identical to the authenticated user.
3222
3223Per default, relaying is allowed for any user who authenticated
3224via a "trusted" mechanism, i.e., one that is defined via
3225TRUST_AUTH_MECH(`list of mechanisms')
3226For example:
3227TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
3228
3229If the selected mechanism provides a security layer the number of
3230bits used for the key of the symmetric cipher is stored in the
3231macro ${auth_ssf}.
3232
3233Providing SMTP AUTH Data when sendmail acts as Client
3234-----------------------------------------------------
3235
3236If sendmail acts as client, it needs some information how to
3237authenticate against another MTA.  This information can be provided
3238by the ruleset authinfo or by the option DefaultAuthInfo.  The
3239authinfo ruleset looks up {server_name} using the tag AuthInfo: in
3240the access map.  If no entry is found, {server_addr} is looked up
3241in the same way and finally just the tag AuthInfo: to provide
3242default values.  Note: searches for domain parts or IP nets are
3243only performed if the access map is used; if the authinfo feature
3244is used then only up to three lookups are performed (two exact
3245matches, one default).
3246
3247Note: If your daemon does client authentication when sending, and
3248if it uses either PLAIN or LOGIN authentication, then you *must*
3249prevent ordinary users from seeing verbose output.  Do NOT install
3250sendmail set-user-ID.  Use PrivacyOptions to turn off verbose output
3251("goaway" works for this).
3252
3253Notice: the default configuration file causes the option DefaultAuthInfo
3254to fail since the ruleset authinfo is in the .cf file. If you really
3255want to use DefaultAuthInfo (it is deprecated) then you have to
3256remove the ruleset.
3257
3258The RHS for an AuthInfo: entry in the access map should consists of a
3259list of tokens, each of which has the form: "TDstring" (including
3260the quotes).  T is a tag which describes the item, D is a delimiter,
3261either ':' for simple text or '=' for a base64 encoded string.
3262Valid values for the tag are:
3263
3264	U	user (authorization) id
3265	I	authentication id
3266	P	password
3267	R	realm
3268	M	list of mechanisms delimited by spaces
3269
3270Example entries are:
3271
3272AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
3273AuthInfo:host.more.dom "U:user" "P=c2VjcmV0"
3274
3275User id or authentication id must exist as well as the password.  All
3276other entries have default values.  If one of user or authentication
3277id is missing, the existing value is used for the missing item.
3278If "R:" is not specified, realm defaults to $j.  The list of mechanisms
3279defaults to those specified by AuthMechanisms.
3280
3281Since this map contains sensitive information, either the access
3282map must be unreadable by everyone but root (or the trusted user)
3283or FEATURE(`authinfo') must be used which provides a separate map.
3284Notice: It is not checked whether the map is actually
3285group/world-unreadable, this is left to the user.
3286
3287+--------------------------------+
3288| ADDING NEW MAILERS OR RULESETS |
3289+--------------------------------+
3290
3291Sometimes you may need to add entirely new mailers or rulesets.  They
3292should be introduced with the constructs MAILER_DEFINITIONS and
3293LOCAL_RULESETS respectively.  For example:
3294
3295	MAILER_DEFINITIONS
3296	Mmymailer, ...
3297	...
3298
3299	LOCAL_RULESETS
3300	Smyruleset
3301	...
3302
3303Local additions for the rulesets srv_features, try_tls, tls_rcpt,
3304tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
3305LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
3306respectively.  For example, to add a local ruleset that decides
3307whether to try STARTTLS in a sendmail client, use:
3308
3309	LOCAL_TRY_TLS
3310	R...
3311
3312Note: you don't need to add a name for the ruleset, it is implicitly
3313defined by using the appropriate macro.
3314
3315
3316+-------------------------+
3317| ADDING NEW MAIL FILTERS |
3318+-------------------------+
3319
3320Sendmail supports mail filters to filter incoming SMTP messages according
3321to the "Sendmail Mail Filter API" documentation.  These filters can be
3322configured in your mc file using the two commands:
3323
3324	MAIL_FILTER(`name', `equates')
3325	INPUT_MAIL_FILTER(`name', `equates')
3326
3327The first command, MAIL_FILTER(), simply defines a filter with the given
3328name and equates.  For example:
3329
3330	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3331
3332This creates the equivalent sendmail.cf entry:
3333
3334	Xarchive, S=local:/var/run/archivesock, F=R
3335
3336The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
3337but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
3338of the filter such that the filter will actually be called by sendmail.
3339
3340For example, the two commands:
3341
3342	INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3343	INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3344
3345are equivalent to the three commands:
3346
3347	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3348	MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3349	define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
3350
3351In general, INPUT_MAIL_FILTER() should be used unless you need to define
3352more filters than you want to use for `confINPUT_MAIL_FILTERS'.
3353
3354Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
3355commands will clear the list created by the prior INPUT_MAIL_FILTER()
3356commands.
3357
3358
3359+-------------------------+
3360| QUEUE GROUP DEFINITIONS |
3361+-------------------------+
3362
3363In addition to the queue directory (which is the default queue group
3364called "mqueue"), sendmail can deal with multiple queue groups, which
3365are collections of queue directories with the same behaviour.  Queue
3366groups can be defined using the command:
3367
3368	QUEUE_GROUP(`name', `equates')
3369
3370For details about queue groups, please see doc/op/op.{me,ps,txt}.
3371
3372+-------------------------------+
3373| NON-SMTP BASED CONFIGURATIONS |
3374+-------------------------------+
3375
3376These configuration files are designed primarily for use by
3377SMTP-based sites.  They may not be well tuned for UUCP-only or
3378UUCP-primarily nodes (the latter is defined as a small local net
3379connected to the rest of the world via UUCP).  However, there is
3380one hook to handle some special cases.
3381
3382You can define a ``smart host'' that understands a richer address syntax
3383using:
3384
3385	define(`SMART_HOST', `mailer:hostname')
3386
3387In this case, the ``mailer:'' defaults to "relay".  Any messages that
3388can't be handled using the usual UUCP rules are passed to this host.
3389
3390If you are on a local SMTP-based net that connects to the outside
3391world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
3392For example:
3393
3394	define(`SMART_HOST', `uucp-new:uunet')
3395	LOCAL_NET_CONFIG
3396	R$* < @ $* .$m. > $*	$#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
3397
3398This will cause all names that end in your domain name ($m) to be sent
3399via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3400If you have FEATURE(`nocanonify'), you may need to omit the dots after
3401the $m.  If you are running a local DNS inside your domain which is
3402not otherwise connected to the outside world, you probably want to
3403use:
3404
3405	define(`SMART_HOST', `smtp:fire.wall.com')
3406	LOCAL_NET_CONFIG
3407	R$* < @ $* . > $*	$#smtp $@ $2. $: $1 < @ $2. > $3
3408
3409That is, send directly only to things you found in your DNS lookup;
3410anything else goes through SMART_HOST.
3411
3412You may need to turn off the anti-spam rules in order to accept
3413UUCP mail with FEATURE(`promiscuous_relay') and
3414FEATURE(`accept_unresolvable_domains').
3415
3416
3417+-----------+
3418| WHO AM I? |
3419+-----------+
3420
3421Normally, the $j macro is automatically defined to be your fully
3422qualified domain name (FQDN).  Sendmail does this by getting your
3423host name using gethostname and then calling gethostbyname on the
3424result.  For example, in some environments gethostname returns
3425only the root of the host name (such as "foo"); gethostbyname is
3426supposed to return the FQDN ("foo.bar.com").  In some (fairly rare)
3427cases, gethostbyname may fail to return the FQDN.  In this case
3428you MUST define confDOMAIN_NAME to be your fully qualified domain
3429name.  This is usually done using:
3430
3431	Dmbar.com
3432	define(`confDOMAIN_NAME', `$w.$m')dnl
3433
3434
3435+-----------------------------------+
3436| ACCEPTING MAIL FOR MULTIPLE NAMES |
3437+-----------------------------------+
3438
3439If your host is known by several different names, you need to augment
3440class {w}.  This is a list of names by which your host is known, and
3441anything sent to an address using a host name in this list will be
3442treated as local mail.  You can do this in two ways:  either create the
3443file /etc/mail/local-host-names containing a list of your aliases (one per
3444line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3445``LOCAL_DOMAIN(`alias.host.name')''.  Be sure you use the fully-qualified
3446name of the host, rather than a short name.
3447
3448If you want to have different address in different domains, take
3449a look at the virtusertable feature, which is also explained at
3450http://www.sendmail.org/virtual-hosting.html
3451
3452
3453+--------------------+
3454| USING MAILERTABLES |
3455+--------------------+
3456
3457To use FEATURE(`mailertable'), you will have to create an external
3458database containing the routing information for various domains.
3459For example, a mailertable file in text format might be:
3460
3461	.my.domain		xnet:%1.my.domain
3462	uuhost1.my.domain	uucp-new:uuhost1
3463	.bitnet			smtp:relay.bit.net
3464
3465This should normally be stored in /etc/mail/mailertable.  The actual
3466database version of the mailertable is built using:
3467
3468	makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3469
3470The semantics are simple.  Any LHS entry that does not begin with
3471a dot matches the full host name indicated.  LHS entries beginning
3472with a dot match anything ending with that domain name (including
3473the leading dot) -- that is, they can be thought of as having a
3474leading ".+" regular expression pattern for a non-empty sequence of
3475characters.  Matching is done in order of most-to-least qualified
3476-- for example, even though ".my.domain" is listed first in the
3477above example, an entry of "uuhost1.my.domain" will match the second
3478entry since it is more explicit.  Note: e-mail to "user@my.domain"
3479does not match any entry in the above table.  You need to have
3480something like:
3481
3482	my.domain		esmtp:host.my.domain
3483
3484The RHS should always be a "mailer:host" pair.  The mailer is the
3485configuration name of a mailer (that is, an M line in the
3486sendmail.cf file).  The "host" will be the hostname passed to
3487that mailer.  In domain-based matches (that is, those with leading
3488dots) the "%1" may be used to interpolate the wildcarded part of
3489the host name.  For example, the first line above sends everything
3490addressed to "anything.my.domain" to that same host name, but using
3491the (presumably experimental) xnet mailer.
3492
3493In some cases you may want to temporarily turn off MX records,
3494particularly on gateways.  For example, you may want to MX
3495everything in a domain to one machine that then forwards it
3496directly.  To do this, you might use the DNS configuration:
3497
3498	*.domain.	IN	MX	0	relay.machine
3499
3500and on relay.machine use the mailertable:
3501
3502	.domain		smtp:[gateway.domain]
3503
3504The [square brackets] turn off MX records for this host only.
3505If you didn't do this, the mailertable would use the MX record
3506again, which would give you an MX loop.  Note that the use of
3507wildcard MX records is almost always a bad idea.  Please avoid
3508using them if possible.
3509
3510
3511+--------------------------------+
3512| USING USERDB TO MAP FULL NAMES |
3513+--------------------------------+
3514
3515The user database was not originally intended for mapping full names
3516to login names (e.g., Eric.Allman => eric), but some people are using
3517it that way.  (it is recommended that you set up aliases for this
3518purpose instead -- since you can specify multiple alias files, this
3519is fairly easy.)  The intent was to locate the default maildrop at
3520a site, but allow you to override this by sending to a specific host.
3521
3522If you decide to set up the user database in this fashion, it is
3523imperative that you not use FEATURE(`stickyhost') -- otherwise,
3524e-mail sent to Full.Name@local.host.name will be rejected.
3525
3526To build the internal form of the user database, use:
3527
3528	makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3529
3530As a general rule, it is an extremely bad idea to using full names
3531as e-mail addresses, since they are not in any sense unique.  For
3532example, the UNIX software-development community has at least two
3533well-known Peter Deutsches, and at one time Bell Labs had two
3534Stephen R. Bournes with offices along the same hallway.  Which one
3535will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3536The less famous of the two, or the one that was hired later?
3537
3538Finger should handle full names (and be fuzzy).  Mail should use
3539handles, and not be fuzzy.
3540
3541
3542+--------------------------------+
3543| MISCELLANEOUS SPECIAL FEATURES |
3544+--------------------------------+
3545
3546Plussed users
3547	Sometimes it is convenient to merge configuration on a
3548	centralized mail machine, for example, to forward all
3549	root mail to a mail server.  In this case it might be
3550	useful to be able to treat the root addresses as a class
3551	of addresses with subtle differences.  You can do this
3552	using plussed users.  For example, a client might include
3553	the alias:
3554
3555		root:  root+client1@server
3556
3557	On the server, this will match an alias for "root+client1".
3558	If that is not found, the alias "root+*" will be tried,
3559	then "root".
3560
3561
3562+----------------+
3563| SECURITY NOTES |
3564+----------------+
3565
3566A lot of sendmail security comes down to you.  Sendmail 8 is much
3567more careful about checking for security problems than previous
3568versions, but there are some things that you still need to watch
3569for.  In particular:
3570
3571* Make sure the aliases file is not writable except by trusted
3572  system personnel.  This includes both the text and database
3573  version.
3574
3575* Make sure that other files that sendmail reads, such as the
3576  mailertable, are only writable by trusted system personnel.
3577
3578* The queue directory should not be world writable PARTICULARLY
3579  if your system allows "file giveaways" (that is, if a non-root
3580  user can chown any file they own to any other user).
3581
3582* If your system allows file giveaways, DO NOT create a publically
3583  writable directory for forward files.  This will allow anyone
3584  to steal anyone else's e-mail.  Instead, create a script that
3585  copies the .forward file from users' home directories once a
3586  night (if you want the non-NFS-mounted forward directory).
3587
3588* If your system allows file giveaways, you'll find that
3589  sendmail is much less trusting of :include: files -- in
3590  particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3591  /etc/shells before they will be trusted (that is, before
3592  files and programs listed in them will be honored).
3593
3594In general, file giveaways are a mistake -- if you can turn them
3595off, do so.
3596
3597
3598+--------------------------------+
3599| TWEAKING CONFIGURATION OPTIONS |
3600+--------------------------------+
3601
3602There are a large number of configuration options that don't normally
3603need to be changed.  However, if you feel you need to tweak them,
3604you can define the following M4 variables. Note that some of these
3605variables require formats that are defined in RFC 2821 or RFC 2822.
3606Before changing them you need to make sure you do not violate those
3607(and other relevant) RFCs.
3608
3609This list is shown in four columns:  the name you define, the default
3610value for that definition, the option or macro that is affected
3611(either Ox for an option or Dx for a macro), and a brief description.
3612Greater detail of the semantics can be found in the Installation
3613and Operations Guide.
3614
3615Some options are likely to be deprecated in future versions -- that is,
3616the option is only included to provide back-compatibility.  These are
3617marked with "*".
3618
3619Remember that these options are M4 variables, and hence may need to
3620be quoted.  In particular, arguments with commas will usually have to
3621be ``double quoted, like this phrase'' to avoid having the comma
3622confuse things.  This is common for alias file definitions and for
3623the read timeout.
3624
3625M4 Variable Name	Configuration	[Default] & Description
3626================	=============	=======================
3627confMAILER_NAME		$n macro	[MAILER-DAEMON] The sender name used
3628					for internally generated outgoing
3629					messages.
3630confDOMAIN_NAME		$j macro	If defined, sets $j.  This should
3631					only be done if your system cannot
3632					determine your local domain name,
3633					and then it should be set to
3634					$w.Foo.COM, where Foo.COM is your
3635					domain name.
3636confCF_VERSION		$Z macro	If defined, this is appended to the
3637					configuration version name.
3638confLDAP_CLUSTER	${sendmailMTACluster} macro
3639					If defined, this is the LDAP
3640					cluster to use for LDAP searches
3641					as described above in ``USING LDAP
3642					FOR ALIASES, MAPS, AND CLASSES''.
3643confFROM_HEADER		From:		[$?x$x <$g>$|$g$.] The format of an
3644					internally generated From: address.
3645confRECEIVED_HEADER	Received:
3646		[$?sfrom $s $.$?_($?s$|from $.$_)
3647			$.$?{auth_type}(authenticated)
3648			$.by $j ($v/$Z)$?r with $r$. id $i$?u
3649			for $u; $|;
3650			$.$b]
3651					The format of the Received: header
3652					in messages passed through this host.
3653					It is unwise to try to change this.
3654confMESSAGEID_HEADER	Message-Id:	[<$t.$i@$j>] The format of an
3655					internally generated Message-Id:
3656					header.
3657confCW_FILE		Fw class	[/etc/mail/local-host-names] Name
3658					of file used to get the local
3659					additions to class {w} (local host
3660					names).
3661confCT_FILE		Ft class	[/etc/mail/trusted-users] Name of
3662					file used to get the local additions
3663					to class {t} (trusted users).
3664confCR_FILE		FR class	[/etc/mail/relay-domains] Name of
3665					file used to get the local additions
3666					to class {R} (hosts allowed to relay).
3667confTRUSTED_USERS	Ct class	[no default] Names of users to add to
3668					the list of trusted users.  This list
3669					always includes root, uucp, and daemon.
3670					See also FEATURE(`use_ct_file').
3671confTRUSTED_USER	TrustedUser	[no default] Trusted user for file
3672					ownership and starting the daemon.
3673					Not to be confused with
3674					confTRUSTED_USERS (see above).
3675confSMTP_MAILER		-		[esmtp] The mailer name used when
3676					SMTP connectivity is required.
3677					One of "smtp", "smtp8",
3678					"esmtp", or "dsmtp".
3679confUUCP_MAILER		-		[uucp-old] The mailer to be used by
3680					default for bang-format recipient
3681					addresses.  See also discussion of
3682					class {U}, class {Y}, and class {Z}
3683					in the MAILER(`uucp') section.
3684confLOCAL_MAILER	-		[local] The mailer name used when
3685					local connectivity is required.
3686					Almost always "local".
3687confRELAY_MAILER	-		[relay] The default mailer name used
3688					for relaying any mail (e.g., to a
3689					BITNET_RELAY, a SMART_HOST, or
3690					whatever).  This can reasonably be
3691					"uucp-new" if you are on a
3692					UUCP-connected site.
3693confSEVEN_BIT_INPUT	SevenBitInput	[False] Force input to seven bits?
3694confEIGHT_BIT_HANDLING	EightBitMode	[pass8] 8-bit data handling
3695confALIAS_WAIT		AliasWait	[10m] Time to wait for alias file
3696					rebuild until you get bored and
3697					decide that the apparently pending
3698					rebuild failed.
3699confMIN_FREE_BLOCKS	MinFreeBlocks	[100] Minimum number of free blocks on
3700					queue filesystem to accept SMTP mail.
3701					(Prior to 8.7 this was minfree/maxsize,
3702					where minfree was the number of free
3703					blocks and maxsize was the maximum
3704					message size.  Use confMAX_MESSAGE_SIZE
3705					for the second value now.)
3706confMAX_MESSAGE_SIZE	MaxMessageSize	[infinite] The maximum size of messages
3707					that will be accepted (in bytes).
3708confBLANK_SUB		BlankSub	[.] Blank (space) substitution
3709					character.
3710confCON_EXPENSIVE	HoldExpensive	[False] Avoid connecting immediately
3711					to mailers marked expensive.
3712confCHECKPOINT_INTERVAL	CheckpointInterval
3713					[10] Checkpoint queue files every N
3714					recipients.
3715confDELIVERY_MODE	DeliveryMode	[background] Default delivery mode.
3716confERROR_MODE		ErrorMode	[print] Error message mode.
3717confERROR_MESSAGE	ErrorHeader	[undefined] Error message header/file.
3718confSAVE_FROM_LINES	SaveFromLine	Save extra leading From_ lines.
3719confTEMP_FILE_MODE	TempFileMode	[0600] Temporary file mode.
3720confMATCH_GECOS		MatchGECOS	[False] Match GECOS field.
3721confMAX_HOP		MaxHopCount	[25] Maximum hop count.
3722confIGNORE_DOTS*	IgnoreDots	[False; always False in -bs or -bd
3723					mode] Ignore dot as terminator for
3724					incoming messages?
3725confBIND_OPTS		ResolverOptions	[undefined] Default options for DNS
3726					resolver.
3727confMIME_FORMAT_ERRORS*	SendMimeErrors	[True] Send error messages as MIME-
3728					encapsulated messages per RFC 1344.
3729confFORWARD_PATH	ForwardPath	[$z/.forward.$w:$z/.forward]
3730					The colon-separated list of places to
3731					search for .forward files.  N.B.: see
3732					the Security Notes section.
3733confMCI_CACHE_SIZE	ConnectionCacheSize
3734					[2] Size of open connection cache.
3735confMCI_CACHE_TIMEOUT	ConnectionCacheTimeout
3736					[5m] Open connection cache timeout.
3737confHOST_STATUS_DIRECTORY HostStatusDirectory
3738					[undefined] If set, host status is kept
3739					on disk between sendmail runs in the
3740					named directory tree.  This need not be
3741					a full pathname, in which case it is
3742					interpreted relative to the queue
3743					directory.
3744confSINGLE_THREAD_DELIVERY  SingleThreadDelivery
3745					[False] If this option and the
3746					HostStatusDirectory option are both
3747					set, single thread deliveries to other
3748					hosts.  That is, don't allow any two
3749					sendmails on this host to connect
3750					simultaneously to any other single
3751					host.  This can slow down delivery in
3752					some cases, in particular since a
3753					cached but otherwise idle connection
3754					to a host will prevent other sendmails
3755					from connecting to the other host.
3756confUSE_ERRORS_TO*	UseErrorsTo	[False] Use the Errors-To: header to
3757					deliver error messages.  This should
3758					not be necessary because of general
3759					acceptance of the envelope/header
3760					distinction.
3761confLOG_LEVEL		LogLevel	[9] Log level.
3762confME_TOO		MeToo		[True] Include sender in group
3763					expansions.  This option is
3764					deprecated and will be removed from
3765					a future version.
3766confCHECK_ALIASES	CheckAliases	[False] Check RHS of aliases when
3767					running newaliases.  Since this does
3768					DNS lookups on every address, it can
3769					slow down the alias rebuild process
3770					considerably on large alias files.
3771confOLD_STYLE_HEADERS*	OldStyleHeaders	[True] Assume that headers without
3772					special chars are old style.
3773confPRIVACY_FLAGS	PrivacyOptions	[authwarnings] Privacy flags.
3774confCOPY_ERRORS_TO	PostmasterCopy	[undefined] Address for additional
3775					copies of all error messages.
3776confQUEUE_FACTOR	QueueFactor	[600000] Slope of queue-only function.
3777confQUEUE_FILE_MODE	QueueFileMode	[undefined] Default permissions for
3778					queue files (octal).  If not set,
3779					sendmail uses 0600 unless its real
3780					and effective uid are different in
3781					which case it uses 0644.
3782confDONT_PRUNE_ROUTES	DontPruneRoutes	[False] Don't prune down route-addr
3783					syntax addresses to the minimum
3784					possible.
3785confSAFE_QUEUE*		SuperSafe	[True] Commit all messages to disk
3786					before forking.
3787confTO_INITIAL		Timeout.initial	[5m] The timeout waiting for a response
3788					on the initial connect.
3789confTO_CONNECT		Timeout.connect	[0] The timeout waiting for an initial
3790					connect() to complete.  This can only
3791					shorten connection timeouts; the kernel
3792					silently enforces an absolute maximum
3793					(which varies depending on the system).
3794confTO_ICONNECT		Timeout.iconnect
3795					[undefined] Like Timeout.connect, but
3796					applies only to the very first attempt
3797					to connect to a host in a message.
3798					This allows a single very fast pass
3799					followed by more careful delivery
3800					attempts in the future.
3801confTO_ACONNECT		Timeout.aconnect
3802					[0] The overall timeout waiting for
3803					all connection for a single delivery
3804					attempt to succeed.  If 0, no overall
3805					limit is applied.
3806confTO_HELO		Timeout.helo	[5m] The timeout waiting for a response
3807					to a HELO or EHLO command.
3808confTO_MAIL		Timeout.mail	[10m] The timeout waiting for a
3809					response to the MAIL command.
3810confTO_RCPT		Timeout.rcpt	[1h] The timeout waiting for a response
3811					to the RCPT command.
3812confTO_DATAINIT		Timeout.datainit
3813					[5m] The timeout waiting for a 354
3814					response from the DATA command.
3815confTO_DATABLOCK	Timeout.datablock
3816					[1h] The timeout waiting for a block
3817					during DATA phase.
3818confTO_DATAFINAL	Timeout.datafinal
3819					[1h] The timeout waiting for a response
3820					to the final "." that terminates a
3821					message.
3822confTO_RSET		Timeout.rset	[5m] The timeout waiting for a response
3823					to the RSET command.
3824confTO_QUIT		Timeout.quit	[2m] The timeout waiting for a response
3825					to the QUIT command.
3826confTO_MISC		Timeout.misc	[2m] The timeout waiting for a response
3827					to other SMTP commands.
3828confTO_COMMAND		Timeout.command	[1h] In server SMTP, the timeout
3829					waiting	for a command to be issued.
3830confTO_IDENT		Timeout.ident	[5s] The timeout waiting for a
3831					response to an IDENT query.
3832confTO_FILEOPEN		Timeout.fileopen
3833					[60s] The timeout waiting for a file
3834					(e.g., :include: file) to be opened.
3835confTO_LHLO		Timeout.lhlo	[2m] The timeout waiting for a response
3836					to an LMTP LHLO command.
3837confTO_AUTH		Timeout.auth	[10m] The timeout waiting for a
3838					response in an AUTH dialogue.
3839confTO_STARTTLS		Timeout.starttls
3840					[1h] The timeout waiting for a
3841					response to an SMTP STARTTLS command.
3842confTO_CONTROL		Timeout.control
3843					[2m] The timeout for a complete
3844					control socket transaction to complete.
3845confTO_QUEUERETURN	Timeout.queuereturn
3846					[5d] The timeout before a message is
3847					returned as undeliverable.
3848confTO_QUEUERETURN_NORMAL
3849			Timeout.queuereturn.normal
3850					[undefined] As above, for normal
3851					priority messages.
3852confTO_QUEUERETURN_URGENT
3853			Timeout.queuereturn.urgent
3854					[undefined] As above, for urgent
3855					priority messages.
3856confTO_QUEUERETURN_NONURGENT
3857			Timeout.queuereturn.non-urgent
3858					[undefined] As above, for non-urgent
3859					(low) priority messages.
3860confTO_QUEUERETURN_DSN
3861			Timeout.queuereturn.dsn
3862					[undefined] As above, for delivery
3863					status notification messages.
3864confTO_QUEUEWARN	Timeout.queuewarn
3865					[4h] The timeout before a warning
3866					message is sent to the sender telling
3867					them that the message has been
3868					deferred.
3869confTO_QUEUEWARN_NORMAL	Timeout.queuewarn.normal
3870					[undefined] As above, for normal
3871					priority messages.
3872confTO_QUEUEWARN_URGENT	Timeout.queuewarn.urgent
3873					[undefined] As above, for urgent
3874					priority messages.
3875confTO_QUEUEWARN_NONURGENT
3876			Timeout.queuewarn.non-urgent
3877					[undefined] As above, for non-urgent
3878					(low) priority messages.
3879confTO_QUEUEWARN_DSN
3880			Timeout.queuewarn.dsn
3881					[undefined] As above, for delivery
3882					status notification messages.
3883confTO_HOSTSTATUS	Timeout.hoststatus
3884					[30m] How long information about host
3885					statuses will be maintained before it
3886					is considered stale and the host should
3887					be retried.  This applies both within
3888					a single queue run and to persistent
3889					information (see below).
3890confTO_RESOLVER_RETRANS	Timeout.resolver.retrans
3891					[varies] Sets the resolver's
3892					retransmission time interval (in
3893					seconds).  Sets both
3894					Timeout.resolver.retrans.first and
3895					Timeout.resolver.retrans.normal.
3896confTO_RESOLVER_RETRANS_FIRST  Timeout.resolver.retrans.first
3897					[varies] Sets the resolver's
3898					retransmission time interval (in
3899					seconds) for the first attempt to
3900					deliver a message.
3901confTO_RESOLVER_RETRANS_NORMAL  Timeout.resolver.retrans.normal
3902					[varies] Sets the resolver's
3903					retransmission time interval (in
3904					seconds) for all resolver lookups
3905					except the first delivery attempt.
3906confTO_RESOLVER_RETRY	Timeout.resolver.retry
3907					[varies] Sets the number of times
3908					to retransmit a resolver query.
3909					Sets both
3910					Timeout.resolver.retry.first and
3911					Timeout.resolver.retry.normal.
3912confTO_RESOLVER_RETRY_FIRST  Timeout.resolver.retry.first
3913					[varies] Sets the number of times
3914					to retransmit a resolver query for
3915					the first attempt to deliver a
3916					message.
3917confTO_RESOLVER_RETRY_NORMAL  Timeout.resolver.retry.normal
3918					[varies] Sets the number of times
3919					to retransmit a resolver query for
3920					all resolver lookups except the
3921					first delivery attempt.
3922confTIME_ZONE		TimeZoneSpec	[USE_SYSTEM] Time zone info -- can be
3923					USE_SYSTEM to use the system's idea,
3924					USE_TZ to use the user's TZ envariable,
3925					or something else to force that value.
3926confDEF_USER_ID		DefaultUser	[1:1] Default user id.
3927confUSERDB_SPEC		UserDatabaseSpec
3928					[undefined] User database
3929					specification.
3930confFALLBACK_MX		FallbackMXhost	[undefined] Fallback MX host.
3931confFALLBACK_SMARTHOST	FallbackSmartHost
3932					[undefined] Fallback smart host.
3933confTRY_NULL_MX_LIST	TryNullMXList	[False] If this host is the best MX
3934					for a host and other arrangements
3935					haven't been made, try connecting
3936					to the host directly; normally this
3937					would be a config error.
3938confQUEUE_LA		QueueLA		[varies] Load average at which
3939					queue-only function kicks in.
3940					Default values is (8 * numproc)
3941					where numproc is the number of
3942					processors online (if that can be
3943					determined).
3944confREFUSE_LA		RefuseLA	[varies] Load average at which
3945					incoming SMTP connections are
3946					refused.  Default values is (12 *
3947					numproc) where numproc is the
3948					number of processors online (if
3949					that can be determined).
3950confREJECT_LOG_INTERVAL	RejectLogInterval	[3h] Log interval when
3951					refusing connections for this long.
3952confDELAY_LA		DelayLA		[0] Load average at which sendmail
3953					will sleep for one second on most
3954					SMTP commands and before accepting
3955					connections.  0 means no limit.
3956confMAX_ALIAS_RECURSION	MaxAliasRecursion
3957					[10] Maximum depth of alias recursion.
3958confMAX_DAEMON_CHILDREN	MaxDaemonChildren
3959					[undefined] The maximum number of
3960					children the daemon will permit.  After
3961					this number, connections will be
3962					rejected.  If not set or <= 0, there is
3963					no limit.
3964confMAX_HEADERS_LENGTH	MaxHeadersLength
3965					[32768] Maximum length of the sum
3966					of all headers.
3967confMAX_MIME_HEADER_LENGTH  MaxMimeHeaderLength
3968					[undefined] Maximum length of
3969					certain MIME header field values.
3970confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
3971					[undefined] The maximum number of
3972					connections permitted per second per
3973					daemon.  After this many connections
3974					are accepted, further connections
3975					will be delayed.  If not set or <= 0,
3976					there is no limit.
3977confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
3978					[60s] Define the length of the
3979					interval for which the number of
3980					incoming connections is maintained.
3981confWORK_RECIPIENT_FACTOR
3982			RecipientFactor	[30000] Cost of each recipient.
3983confSEPARATE_PROC	ForkEachJob	[False] Run all deliveries in a
3984					separate process.
3985confWORK_CLASS_FACTOR	ClassFactor	[1800] Priority multiplier for class.
3986confWORK_TIME_FACTOR	RetryFactor	[90000] Cost of each delivery attempt.
3987confQUEUE_SORT_ORDER	QueueSortOrder	[Priority] Queue sort algorithm:
3988					Priority, Host, Filename, Random,
3989					Modification, or Time.
3990confMIN_QUEUE_AGE	MinQueueAge	[0] The minimum amount of time a job
3991					must sit in the queue between queue
3992					runs.  This allows you to set the
3993					queue run interval low for better
3994					responsiveness without trying all
3995					jobs in each run.
3996confDEF_CHAR_SET	DefaultCharSet	[unknown-8bit] When converting
3997					unlabeled 8 bit input to MIME, the
3998					character set to use by default.
3999confSERVICE_SWITCH_FILE	ServiceSwitchFile
4000					[/etc/mail/service.switch] The file
4001					to use for the service switch on
4002					systems that do not have a
4003					system-defined switch.
4004confHOSTS_FILE		HostsFile	[/etc/hosts] The file to use when doing
4005					"file" type access of hosts names.
4006confDIAL_DELAY		DialDelay	[0s] If a connection fails, wait this
4007					long and try again.  Zero means "don't
4008					retry".  This is to allow "dial on
4009					demand" connections to have enough time
4010					to complete a connection.
4011confNO_RCPT_ACTION	NoRecipientAction
4012					[none] What to do if there are no legal
4013					recipient fields (To:, Cc: or Bcc:)
4014					in the message.  Legal values can
4015					be "none" to just leave the
4016					nonconforming message as is, "add-to"
4017					to add a To: header with all the
4018					known recipients (which may expose
4019					blind recipients), "add-apparently-to"
4020					to do the same but use Apparently-To:
4021					instead of To: (strongly discouraged
4022					in accordance with IETF standards),
4023					"add-bcc" to add an empty Bcc:
4024					header, or "add-to-undisclosed" to
4025					add the header
4026					``To: undisclosed-recipients:;''.
4027confSAFE_FILE_ENV	SafeFileEnvironment
4028					[undefined] If set, sendmail will do a
4029					chroot() into this directory before
4030					writing files.
4031confCOLON_OK_IN_ADDR	ColonOkInAddr	[True unless Configuration Level > 6]
4032					If set, colons are treated as a regular
4033					character in addresses.  If not set,
4034					they are treated as the introducer to
4035					the RFC 822 "group" syntax.  Colons are
4036					handled properly in route-addrs.  This
4037					option defaults on for V5 and lower
4038					configuration files.
4039confMAX_QUEUE_RUN_SIZE	MaxQueueRunSize	[0] If set, limit the maximum size of
4040					any given queue run to this number of
4041					entries.  Essentially, this will stop
4042					reading each queue directory after this
4043					number of entries are reached; it does
4044					_not_ pick the highest priority jobs,
4045					so this should be as large as your
4046					system can tolerate.  If not set, there
4047					is no limit.
4048confMAX_QUEUE_CHILDREN	MaxQueueChildren
4049					[undefined] Limits the maximum number
4050					of concurrent queue runners active.
4051					This is to keep system resources used
4052					within a reasonable limit.  Relates to
4053					Queue Groups and ForkEachJob.
4054confMAX_RUNNERS_PER_QUEUE	MaxRunnersPerQueue
4055					[1] Only active when MaxQueueChildren
4056					defined.  Controls the maximum number
4057					of queue runners (aka queue children)
4058					active at the same time in a work
4059					group.  See also MaxQueueChildren.
4060confDONT_EXPAND_CNAMES	DontExpandCnames
4061					[False] If set, $[ ... $] lookups that
4062					do DNS based lookups do not expand
4063					CNAME records.  This currently violates
4064					the published standards, but the IETF
4065					seems to be moving toward legalizing
4066					this.  For example, if "FTP.Foo.ORG"
4067					is a CNAME for "Cruft.Foo.ORG", then
4068					with this option set a lookup of
4069					"FTP" will return "FTP.Foo.ORG"; if
4070					clear it returns "Cruft.FOO.ORG".  N.B.
4071					you may not see any effect until your
4072					downstream neighbors stop doing CNAME
4073					lookups as well.
4074confFROM_LINE		UnixFromLine	[From $g $d] The From_ line used
4075					when sending to files or programs.
4076confSINGLE_LINE_FROM_HEADER  SingleLineFromHeader
4077					[False] From: lines that have
4078					embedded newlines are unwrapped
4079					onto one line.
4080confALLOW_BOGUS_HELO	AllowBogusHELO	[False] Allow HELO SMTP command that
4081					does not include a host name.
4082confMUST_QUOTE_CHARS	MustQuoteChars	[.'] Characters to be quoted in a full
4083					name phrase (@,;:\()[] are automatic).
4084confOPERATORS		OperatorChars	[.:%@!^/[]+] Address operator
4085					characters.
4086confSMTP_LOGIN_MSG	SmtpGreetingMessage
4087					[$j Sendmail $v/$Z; $b]
4088					The initial (spontaneous) SMTP
4089					greeting message.  The word "ESMTP"
4090					will be inserted between the first and
4091					second words to convince other
4092					sendmails to try to speak ESMTP.
4093confDONT_INIT_GROUPS	DontInitGroups	[False] If set, the initgroups(3)
4094					routine will never be invoked.  You
4095					might want to do this if you are
4096					running NIS and you have a large group
4097					map, since this call does a sequential
4098					scan of the map; in a large site this
4099					can cause your ypserv to run
4100					essentially full time.  If you set
4101					this, agents run on behalf of users
4102					will only have their primary
4103					(/etc/passwd) group permissions.
4104confUNSAFE_GROUP_WRITES	UnsafeGroupWrites
4105					[True] If set, group-writable
4106					:include: and .forward files are
4107					considered "unsafe", that is, programs
4108					and files cannot be directly referenced
4109					from such files.  World-writable files
4110					are always considered unsafe.
4111					Notice: this option is deprecated and
4112					will be removed in future versions;
4113					Set GroupWritableForwardFileSafe
4114					and GroupWritableIncludeFileSafe in
4115					DontBlameSendmail if required.
4116confCONNECT_ONLY_TO	ConnectOnlyTo	[undefined] override connection
4117					address (for testing).
4118confCONTROL_SOCKET_NAME	ControlSocketName
4119					[undefined] Control socket for daemon
4120					management.
4121confDOUBLE_BOUNCE_ADDRESS  DoubleBounceAddress
4122					[postmaster] If an error occurs when
4123					sending an error message, send that
4124					"double bounce" error message to this
4125					address.  If it expands to an empty
4126					string, double bounces are dropped.
4127confSOFT_BOUNCE		SoftBounce	[False] If set, issue temporary errors
4128					(4xy) instead of permanent errors
4129					(5xy).  This can be useful during
4130					testing of a new configuration to
4131					avoid erroneous bouncing of mails.
4132confDEAD_LETTER_DROP	DeadLetterDrop	[undefined] Filename to save bounce
4133					messages which could not be returned
4134					to the user or sent to postmaster.
4135					If not set, the queue file will
4136					be renamed.
4137confRRT_IMPLIES_DSN	RrtImpliesDsn	[False] Return-Receipt-To: header
4138					implies DSN request.
4139confRUN_AS_USER		RunAsUser	[undefined] If set, become this user
4140					when reading and delivering mail.
4141					Causes all file reads (e.g., .forward
4142					and :include: files) to be done as
4143					this user.  Also, all programs will
4144					be run as this user, and all output
4145					files will be written as this user.
4146confMAX_RCPTS_PER_MESSAGE  MaxRecipientsPerMessage
4147					[infinite] If set, allow no more than
4148					the specified number of recipients in
4149					an SMTP envelope.  Further recipients
4150					receive a 452 error code (i.e., they
4151					are deferred for the next delivery
4152					attempt).
4153confBAD_RCPT_THROTTLE	BadRcptThrottle	[infinite] If set and the specified
4154					number of recipients in a single SMTP
4155					transaction have been rejected, sleep
4156					for one second after each subsequent
4157					RCPT command in that transaction.
4158confDONT_PROBE_INTERFACES  DontProbeInterfaces
4159					[False] If set, sendmail will _not_
4160					insert the names and addresses of any
4161					local interfaces into class {w}
4162					(list of known "equivalent" addresses).
4163					If you set this, you must also include
4164					some support for these addresses (e.g.,
4165					in a mailertable entry) -- otherwise,
4166					mail to addresses in this list will
4167					bounce with a configuration error.
4168					If set to "loopback" (without
4169					quotes), sendmail will skip
4170					loopback interfaces (e.g., "lo0").
4171confPID_FILE		PidFile		[system dependent] Location of pid
4172					file.
4173confPROCESS_TITLE_PREFIX  ProcessTitlePrefix
4174					[undefined] Prefix string for the
4175					process title shown on 'ps' listings.
4176confDONT_BLAME_SENDMAIL	DontBlameSendmail
4177					[safe] Override sendmail's file
4178					safety checks.  This will definitely
4179					compromise system security and should
4180					not be used unless absolutely
4181					necessary.
4182confREJECT_MSG		-		[550 Access denied] The message
4183					given if the access database contains
4184					REJECT in the value portion.
4185confRELAY_MSG		-		[550 Relaying denied] The message
4186					given if an unauthorized relaying
4187					attempt is rejected.
4188confDF_BUFFER_SIZE	DataFileBufferSize
4189					[4096] The maximum size of a
4190					memory-buffered data (df) file
4191					before a disk-based file is used.
4192confXF_BUFFER_SIZE	XScriptFileBufferSize
4193					[4096] The maximum size of a
4194					memory-buffered transcript (xf)
4195					file before a disk-based file is
4196					used.
4197confAUTH_MECHANISMS	AuthMechanisms	[GSSAPI KERBEROS_V4 DIGEST-MD5
4198					CRAM-MD5] List of authentication
4199					mechanisms for AUTH (separated by
4200					spaces).  The advertised list of
4201					authentication mechanisms will be the
4202					intersection of this list and the list
4203					of available mechanisms as determined
4204					by the Cyrus SASL library.
4205confAUTH_REALM		AuthRealm	[undefined] The authentication realm
4206					that is passed to the Cyrus SASL
4207					library.  If no realm is specified,
4208					$j is used.
4209confDEF_AUTH_INFO	DefaultAuthInfo	[undefined] Name of file that contains
4210					authentication information for
4211					outgoing connections.  This file must
4212					contain the user id, the authorization
4213					id, the password (plain text), the
4214					realm to use, and the list of
4215					mechanisms to try, each on a separate
4216					line and must be readable by root (or
4217					the trusted user) only.  If no realm
4218					is specified, $j is used.  If no
4219					mechanisms are given in the file,
4220					AuthMechanisms is used.  Notice: this
4221					option is deprecated and will be
4222					removed in future versions; it doesn't
4223					work for the MSP since it can't read
4224					the file.  Use the authinfo ruleset
4225					instead.  See also the section SMTP
4226					AUTHENTICATION.
4227confAUTH_OPTIONS	AuthOptions	[undefined] If this option is 'A'
4228					then the AUTH= parameter for the
4229					MAIL FROM command is only issued
4230					when authentication succeeded.
4231					See doc/op/op.me for more options
4232					and details.
4233confAUTH_MAX_BITS	AuthMaxBits	[INT_MAX] Limit the maximum encryption
4234					strength for the security layer in
4235					SMTP AUTH (SASL).  Default is
4236					essentially unlimited.
4237confTLS_SRV_OPTIONS	TLSSrvOptions	If this option is 'V' no client
4238					verification is performed, i.e.,
4239					the server doesn't ask for a
4240					certificate.
4241confLDAP_DEFAULT_SPEC	LDAPDefaultSpec	[undefined] Default map
4242					specification for LDAP maps.  The
4243					value should only contain LDAP
4244					specific settings such as "-h host
4245					-p port -d bindDN", etc.  The
4246					settings will be used for all LDAP
4247					maps unless they are specified in
4248					the individual map specification
4249					('K' command).
4250confCACERT_PATH		CACertPath	[undefined] Path to directory
4251					with certs of CAs.
4252confCACERT		CACertFile	[undefined] File containing one CA
4253					cert.
4254confSERVER_CERT		ServerCertFile	[undefined] File containing the
4255					cert of the server, i.e., this cert
4256					is used when sendmail acts as
4257					server.
4258confSERVER_KEY		ServerKeyFile	[undefined] File containing the
4259					private key belonging to the server
4260					cert.
4261confCLIENT_CERT		ClientCertFile	[undefined] File containing the
4262					cert of the client, i.e., this cert
4263					is used when sendmail acts as
4264					client.
4265confCLIENT_KEY		ClientKeyFile	[undefined] File containing the
4266					private key belonging to the client
4267					cert.
4268confCRL			CRLFile		[undefined] File containing certificate
4269					revocation status, useful for X.509v3
4270					authentication. Note that CRL requires
4271					at least OpenSSL version 0.9.7.
4272confDH_PARAMETERS	DHParameters	[undefined] File containing the
4273					DH parameters.
4274confRAND_FILE		RandFile	[undefined] File containing random
4275					data (use prefix file:) or the
4276					name of the UNIX socket if EGD is
4277					used (use prefix egd:).  STARTTLS
4278					requires this option if the compile
4279					flag HASURANDOM is not set (see
4280					sendmail/README).
4281confNICE_QUEUE_RUN	NiceQueueRun	[undefined]  If set, the priority of
4282					queue runners is set the given value
4283					(nice(3)).
4284confDIRECT_SUBMISSION_MODIFIERS	DirectSubmissionModifiers
4285					[undefined] Defines {daemon_flags}
4286					for direct submissions.
4287confUSE_MSP		UseMSP		[undefined] Use as mail submission
4288					program, see sendmail/SECURITY.
4289confDELIVER_BY_MIN	DeliverByMin	[0] Minimum time for Deliver By
4290					SMTP Service Extension (RFC 2852).
4291confREQUIRES_DIR_FSYNC	RequiresDirfsync	[true] RequiresDirfsync can
4292					be used to turn off the compile time
4293					flag REQUIRES_DIR_FSYNC at runtime.
4294					See sendmail/README for details.
4295confSHARED_MEMORY_KEY	SharedMemoryKey [0] Key for shared memory.
4296confSHARED_MEMORY_KEY_FILE
4297			SharedMemoryKeyFile
4298					[undefined] File where the
4299					automatically selected key for
4300					shared memory is stored.
4301confFAST_SPLIT		FastSplit	[1] If set to a value greater than
4302					zero, the initial MX lookups on
4303					addresses is suppressed when they
4304					are sorted which may result in
4305					faster envelope splitting.  If the
4306					mail is submitted directly from the
4307					command line, then the value also
4308					limits the number of processes to
4309					deliver the envelopes.
4310confMAILBOX_DATABASE	MailboxDatabase	[pw] Type of lookup to find
4311					information about local mailboxes.
4312confDEQUOTE_OPTS	-		[empty] Additional options for the
4313					dequote map.
4314confMAX_NOOP_COMMANDS	MaxNOOPCommands	[20] Maximum number of "useless"
4315					commands before the SMTP server
4316					will slow down responding.
4317confHELO_NAME		HeloName	If defined, use as name for EHLO/HELO
4318					command (instead of $j).
4319confINPUT_MAIL_FILTERS	InputMailFilters
4320					A comma separated list of filters
4321					which determines which filters and
4322					the invocation sequence are
4323					contacted for incoming SMTP
4324					messages.  If none are set, no
4325					filters will be contacted.
4326confMILTER_LOG_LEVEL	Milter.LogLevel	[9] Log level for input mail filter
4327					actions, defaults to LogLevel.
4328confMILTER_MACROS_CONNECT	Milter.macros.connect
4329					[j, _, {daemon_name}, {if_name},
4330					{if_addr}] Macros to transmit to
4331					milters when a session connection
4332					starts.
4333confMILTER_MACROS_HELO	Milter.macros.helo
4334					[{tls_version}, {cipher},
4335					{cipher_bits}, {cert_subject},
4336					{cert_issuer}] Macros to transmit to
4337					milters after HELO/EHLO command.
4338confMILTER_MACROS_ENVFROM	Milter.macros.envfrom
4339					[i, {auth_type}, {auth_authen},
4340					{auth_ssf}, {auth_author},
4341					{mail_mailer}, {mail_host},
4342					{mail_addr}] Macros to transmit to
4343					milters after MAIL FROM command.
4344confMILTER_MACROS_ENVRCPT	Milter.macros.envrcpt
4345					[{rcpt_mailer}, {rcpt_host},
4346					{rcpt_addr}] Macros to transmit to
4347					milters after RCPT TO command.
4348confMILTER_MACROS_EOM		Milter.macros.eom
4349					[{msg_id}] Macros to transmit to
4350					milters after the terminating
4351					DATA '.' is received.
4352confMILTER_MACROS_EOH		Milter.macros.eoh
4353					Macros to transmit to milters
4354					after the end of headers.
4355confMILTER_MACROS_DATA		Milter.macros.data
4356					Macros to transmit to milters
4357					after DATA command is received.
4358
4359
4360See also the description of OSTYPE for some parameters that can be
4361tweaked (generally pathnames to mailers).
4362
4363ClientPortOptions and DaemonPortOptions are special cases since multiple
4364clients/daemons can be defined.  This can be done via
4365
4366	CLIENT_OPTIONS(`field1=value1,field2=value2,...')
4367	DAEMON_OPTIONS(`field1=value1,field2=value2,...')
4368
4369Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
4370ClientPortOptions settings) are allowed in order to give settings for each
4371protocol family (e.g., one for Family=inet and one for Family=inet6).  A
4372restriction placed on one family only affects outgoing connections on that
4373particular family.
4374
4375If DAEMON_OPTIONS is not used, then the default is
4376
4377	DAEMON_OPTIONS(`Port=smtp, Name=MTA')
4378	DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
4379
4380If you use one DAEMON_OPTIONS macro, it will alter the parameters
4381of the first of these.  The second will still be defaulted; it
4382represents a "Message Submission Agent" (MSA) as defined by RFC
43832476 (see below).  To turn off the default definition for the MSA,
4384use FEATURE(`no_default_msa') (see also FEATURES).  If you use
4385additional DAEMON_OPTIONS macros, they will add additional daemons.
4386
4387Example 1:  To change the port for the SMTP listener, while
4388still using the MSA default, use
4389	DAEMON_OPTIONS(`Port=925, Name=MTA')
4390
4391Example 2:  To change the port for the MSA daemon, while still
4392using the default SMTP port, use
4393	FEATURE(`no_default_msa')
4394	DAEMON_OPTIONS(`Name=MTA')
4395	DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
4396
4397Note that if the first of those DAEMON_OPTIONS lines were omitted, then
4398there would be no listener on the standard SMTP port.
4399
4400Example 3: To listen on both IPv4 and IPv6 interfaces, use
4401
4402	DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4403	DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4404
4405A "Message Submission Agent" still uses all of the same rulesets for
4406processing the message (and therefore still allows message rejection via
4407the check_* rulesets).  In accordance with the RFC, the MSA will ensure
4408that all domains in envelope addresses are fully qualified if the message
4409is relayed to another MTA.  It will also enforce the normal address syntax
4410rules and log error messages.  Additionally, by using the M=a modifier you
4411can require authentication before messages are accepted by the MSA.
4412Notice: Do NOT use the 'a' modifier on a public accessible MTA!  Finally,
4413the M=E modifier shown above disables ETRN as required by RFC 2476.
4414
4415Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
4416commands:
4417
4418	INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
4419	MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
4420
4421The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
4422same order they were specified by also setting confINPUT_MAIL_FILTERS.  A
4423filter can be defined without adding it to the input filter list by using
4424MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
4425Alternatively, you can reset the list of filters and their order by setting
4426confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
4427your .mc file.
4428
4429
4430+----------------------------+
4431| MESSAGE SUBMISSION PROGRAM |
4432+----------------------------+
4433
4434The purpose of the message submission program (MSP) is explained
4435in sendmail/SECURITY.  This section contains a list of caveats and
4436a few hints how for those who want to tweak the default configuration
4437for it (which is installed as submit.cf).
4438
4439Notice: do not add options/features to submit.mc unless you are
4440absolutely sure you need them.  Options you may want to change
4441include:
4442
4443- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4444  avoiding X-Authentication warnings.
4445- confTIME_ZONE to change it from the default `USE_TZ'.
4446- confDELIVERY_MODE is set to interactive in msp.m4 instead
4447  of the default background mode.
4448- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4449  to the LOCAL_RELAY instead of the default relay.
4450- confRAND_FILE if you use STARTTLS and sendmail is not compiled with
4451  the flag HASURANDOM.
4452
4453The MSP performs hostname canonicalization by default.  As also
4454explained in sendmail/SECURITY, mail may end up for various DNS
4455related reasons in the MSP queue. This problem can be minimized by
4456using
4457
4458	FEATURE(`nocanonify', `canonify_hosts')
4459	define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
4460
4461See the discussion about nocanonify for possible side effects.
4462
4463Some things are not intended to work with the MSP.  These include
4464features that influence the delivery process (e.g., mailertable,
4465aliases), or those that are only important for a SMTP server (e.g.,
4466virtusertable, DaemonPortOptions, multiple queues).  Moreover,
4467relaxing certain restrictions (RestrictQueueRun, permissions on
4468queue directory) or adding features (e.g., enabling prog/file mailer)
4469can cause security problems.
4470
4471Other things don't work well with the MSP and require tweaking or
4472workarounds.  For example, to allow for client authentication it
4473is not just sufficient to provide a client certificate and the
4474corresponding key, but it is also necessary to make the key group
4475(smmsp) readable and tell sendmail not to complain about that, i.e.,
4476
4477	define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
4478
4479If the MSP should actually use AUTH then the necessary data
4480should be placed in a map as explained in SMTP AUTHENTICATION:
4481
4482FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')
4483
4484/etc/mail/msp-authinfo should contain an entry like:
4485
4486	AuthInfo:127.0.0.1	"U:smmsp" "P:secret" "M:DIGEST-MD5"
4487
4488The file and the map created by makemap should be owned by smmsp,
4489its group should be smmsp, and it should have mode 640.  The database
4490used by the MTA for AUTH must have a corresponding entry.
4491Additionally the MTA must trust this authentication data so the AUTH=
4492part will be relayed on to the next hop.  This can be achieved by
4493adding the following to your sendmail.mc file:
4494
4495	LOCAL_RULESETS
4496	SLocal_trust_auth
4497	R$*	$: $&{auth_authen}
4498	Rsmmsp	$# OK
4499
4500Note: the authentication data can leak to local users who invoke
4501the MSP with debug options or even with -v.  For that reason either
4502an authentication mechanism that does not show the password in the
4503AUTH dialogue (e.g., DIGEST-MD5) or a different authentication
4504method like STARTTLS should be used.
4505
4506feature/msp.m4 defines almost all settings for the MSP.  Most of
4507those should not be changed at all.  Some of the features and options
4508can be overridden if really necessary.  It is a bit tricky to do
4509this, because it depends on the actual way the option is defined
4510in feature/msp.m4.  If it is directly defined (i.e., define()) then
4511the modified value must be defined after
4512
4513	FEATURE(`msp')
4514
4515If it is conditionally defined (i.e., ifdef()) then the desired
4516value must be defined before the FEATURE line in the .mc file.
4517To see how the options are defined read feature/msp.m4.
4518
4519
4520+--------------------------+
4521| FORMAT OF FILES AND MAPS |
4522+--------------------------+
4523
4524Files that define classes, i.e., F{classname}, consist of lines
4525each of which contains a single element of the class.  For example,
4526/etc/mail/local-host-names may have the following content:
4527
4528my.domain
4529another.domain
4530
4531Maps must be created using makemap(8) , e.g.,
4532
4533	makemap hash MAP < MAP
4534
4535In general, a text file from which a map is created contains lines
4536of the form
4537
4538key	value
4539
4540where 'key' and 'value' are also called LHS and RHS, respectively.
4541By default, the delimiter between LHS and RHS is a non-empty sequence
4542of white space characters.
4543
4544
4545+------------------+
4546| DIRECTORY LAYOUT |
4547+------------------+
4548
4549Within this directory are several subdirectories, to wit:
4550
4551m4		General support routines.  These are typically
4552		very important and should not be changed without
4553		very careful consideration.
4554
4555cf		The configuration files themselves.  They have
4556		".mc" suffixes, and must be run through m4 to
4557		become complete.  The resulting output should
4558		have a ".cf" suffix.
4559
4560ostype		Definitions describing a particular operating
4561		system type.  These should always be referenced
4562		using the OSTYPE macro in the .mc file.  Examples
4563		include "bsd4.3", "bsd4.4", "sunos3.5", and
4564		"sunos4.1".
4565
4566domain		Definitions describing a particular domain, referenced
4567		using the DOMAIN macro in the .mc file.  These are
4568		site dependent; for example, "CS.Berkeley.EDU.m4"
4569		describes hosts in the CS.Berkeley.EDU subdomain.
4570
4571mailer		Descriptions of mailers.  These are referenced using
4572		the MAILER macro in the .mc file.
4573
4574sh		Shell files used when building the .cf file from the
4575		.mc file in the cf subdirectory.
4576
4577feature		These hold special orthogonal features that you might
4578		want to include.  They should be referenced using
4579		the FEATURE macro.
4580
4581hack		Local hacks.  These can be referenced using the HACK
4582		macro.  They shouldn't be of more than voyeuristic
4583		interest outside the .Berkeley.EDU domain, but who knows?
4584
4585siteconfig	Site configuration -- e.g., tables of locally connected
4586		UUCP sites.
4587
4588
4589+------------------------+
4590| ADMINISTRATIVE DETAILS |
4591+------------------------+
4592
4593The following sections detail usage of certain internal parts of the
4594sendmail.cf file.  Read them carefully if you are trying to modify
4595the current model.  If you find the above descriptions adequate, these
4596should be {boring, confusing, tedious, ridiculous} (pick one or more).
4597
4598RULESETS (* means built in to sendmail)
4599
4600   0 *	Parsing
4601   1 *	Sender rewriting
4602   2 *	Recipient rewriting
4603   3 *	Canonicalization
4604   4 *	Post cleanup
4605   5 *	Local address rewrite (after aliasing)
4606  1x	mailer rules (sender qualification)
4607  2x	mailer rules (recipient qualification)
4608  3x	mailer rules (sender header qualification)
4609  4x	mailer rules (recipient header qualification)
4610  5x	mailer subroutines (general)
4611  6x	mailer subroutines (general)
4612  7x	mailer subroutines (general)
4613  8x	reserved
4614  90	Mailertable host stripping
4615  96	Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4616  97	Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4617  98	Local part of ruleset 0 (ruleset 8 in old sendmail)
4618
4619
4620MAILERS
4621
4622   0	local, prog	local and program mailers
4623   1	[e]smtp, relay	SMTP channel
4624   2	uucp-*		UNIX-to-UNIX Copy Program
4625   3	netnews		Network News delivery
4626   4	fax		Sam Leffler's HylaFAX software
4627   5	mail11		DECnet mailer
4628
4629
4630MACROS
4631
4632   A
4633   B	Bitnet Relay
4634   C	DECnet Relay
4635   D	The local domain -- usually not needed
4636   E	reserved for X.400 Relay
4637   F	FAX Relay
4638   G
4639   H	mail Hub (for mail clusters)
4640   I
4641   J
4642   K
4643   L	Luser Relay
4644   M	Masquerade (who you claim to be)
4645   N
4646   O
4647   P
4648   Q
4649   R	Relay (for unqualified names)
4650   S	Smart Host
4651   T
4652   U	my UUCP name (if you have a UUCP connection)
4653   V	UUCP Relay (class {V} hosts)
4654   W	UUCP Relay (class {W} hosts)
4655   X	UUCP Relay (class {X} hosts)
4656   Y	UUCP Relay (all other hosts)
4657   Z	Version number
4658
4659
4660CLASSES
4661
4662   A
4663   B	domains that are candidates for bestmx lookup
4664   C
4665   D
4666   E	addresses that should not seem to come from $M
4667   F	hosts this system forward for
4668   G	domains that should be looked up in genericstable
4669   H
4670   I
4671   J
4672   K
4673   L	addresses that should not be forwarded to $R
4674   M	domains that should be mapped to $M
4675   N	host/domains that should not be mapped to $M
4676   O	operators that indicate network operations (cannot be in local names)
4677   P	top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4678   Q
4679   R	domains this system is willing to relay (pass anti-spam filters)
4680   S
4681   T
4682   U	locally connected UUCP hosts
4683   V	UUCP hosts connected to relay $V
4684   W	UUCP hosts connected to relay $W
4685   X	UUCP hosts connected to relay $X
4686   Y	locally connected smart UUCP hosts
4687   Z	locally connected domain-ized UUCP hosts
4688   .	the class containing only a dot
4689   [	the class containing only a left bracket
4690
4691
4692M4 DIVERSIONS
4693
4694   1	Local host detection and resolution
4695   2	Local Ruleset 3 additions
4696   3	Local Ruleset 0 additions
4697   4	UUCP Ruleset 0 additions
4698   5	locally interpreted names (overrides $R)
4699   6	local configuration (at top of file)
4700   7	mailer definitions
4701   8	DNS based blacklists
4702   9	special local rulesets (1 and 2)
4703
4704$Revision: 8.727 $, Last updated $Date: 2009/05/07 23:46:17 $
4705