xref: /freebsd/contrib/sendmail/cf/README (revision a03411e84728e9b267056fd31c7d1d9d1dc1b01e)
1
2		SENDMAIL CONFIGURATION FILES
3
4This document describes the sendmail configuration files.  It
5explains how to create a sendmail.cf file for use with sendmail.
6It also describes how to set options for sendmail which are explained
7in the Sendmail Installation and Operation guide (doc/op/op.me).
8
9To get started, you may want to look at tcpproto.mc (for TCP-only
10sites) and clientproto.mc (for clusters of clients using a single
11mail host), or the generic-*.mc files as operating system-specific
12examples.
13
14Table of Content:
15
16INTRODUCTION AND EXAMPLE
17A BRIEF INTRODUCTION TO M4
18FILE LOCATIONS
19OSTYPE
20DOMAINS
21MAILERS
22FEATURES
23HACKS
24SITE CONFIGURATION
25USING UUCP MAILERS
26TWEAKING RULESETS
27MASQUERADING AND RELAYING
28USING LDAP FOR ALIASES, MAPS, AND CLASSES
29LDAP ROUTING
30ANTI-SPAM CONFIGURATION CONTROL
31CONNECTION CONTROL
32STARTTLS
33SMTP AUTHENTICATION
34ADDING NEW MAILERS OR RULESETS
35ADDING NEW MAIL FILTERS
36QUEUE GROUP DEFINITIONS
37NON-SMTP BASED CONFIGURATIONS
38WHO AM I?
39ACCEPTING MAIL FOR MULTIPLE NAMES
40USING MAILERTABLES
41USING USERDB TO MAP FULL NAMES
42MISCELLANEOUS SPECIAL FEATURES
43SECURITY NOTES
44TWEAKING CONFIGURATION OPTIONS
45MESSAGE SUBMISSION PROGRAM
46FORMAT OF FILES AND MAPS
47DIRECTORY LAYOUT
48ADMINISTRATIVE DETAILS
49
50
51+--------------------------+
52| INTRODUCTION AND EXAMPLE |
53+--------------------------+
54
55Configuration files are contained in the subdirectory "cf", with a
56suffix ".mc".  They must be run through "m4" to produce a ".cf" file.
57You must pre-load "cf.m4":
58
59	m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
60
61Alternatively, you can simply:
62
63	cd ${CFDIR}/cf
64	./Build config.cf
65
66where ${CFDIR} is the root of the cf directory and config.mc is the
67name of your configuration file.  If you are running a version of M4
68that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
69this, but the versions distributed with 4.4BSD and derivatives do not)
70or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
71For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
72use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash!  For example:
73
74	m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
75
76Let's examine a typical .mc file:
77
78	divert(-1)
79	#
80	# Copyright (c) 1998-2005 Proofpoint, Inc. and its suppliers.
81	#	All rights reserved.
82	# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
83	# Copyright (c) 1988, 1993
84	#	The Regents of the University of California.  All rights reserved.
85	#
86	# By using this file, you agree to the terms and conditions set
87	# forth in the LICENSE file which can be found at the top level of
88	# the sendmail distribution.
89	#
90
91	#
92	#  This is a Berkeley-specific configuration file for HP-UX 9.x.
93	#  It applies only to the Computer Science Division at Berkeley,
94	#  and should not be used elsewhere.   It is provided on the sendmail
95	#  distribution as a sample only.  To create your own configuration
96	#  file, create an appropriate domain file in ../domain, change the
97	#  `DOMAIN' macro below to reference that file, and copy the result
98	#  to a name of your own choosing.
99	#
100	divert(0)
101
102The divert(-1) will delete the crud in the resulting output file.
103The copyright notice can be replaced by whatever your lawyers require;
104our lawyers require the one that is included in these files.  A copyleft
105is a copyright by another name.  The divert(0) restores regular output.
106
107	VERSIONID(`<SCCS or RCS version id>')
108
109VERSIONID is a macro that stuffs the version information into the
110resulting file.  You could use SCCS, RCS, CVS, something else, or
111omit it completely.  This is not the same as the version id included
112in SMTP greeting messages -- this is defined in m4/version.m4.
113
114	OSTYPE(`hpux9')dnl
115
116You must specify an OSTYPE to properly configure things such as the
117pathname of the help and status files, the flags needed for the local
118mailer, and other important things.  If you omit it, you will get an
119error when you try to build the configuration.  Look at the ostype
120directory for the list of known operating system types.
121
122	DOMAIN(`CS.Berkeley.EDU')dnl
123
124This example is specific to the Computer Science Division at Berkeley.
125You can use "DOMAIN(`generic')" to get a sufficiently bland definition
126that may well work for you, or you can create a customized domain
127definition appropriate for your environment.
128
129	MAILER(`local')
130	MAILER(`smtp')
131
132These describe the mailers used at the default CS site.  The local
133mailer is always included automatically.  Beware: MAILER declarations
134should only be followed by LOCAL_* sections.  The general rules are
135that the order should be:
136
137	VERSIONID
138	OSTYPE
139	DOMAIN
140	FEATURE
141	local macro definitions
142	MAILER
143	LOCAL_CONFIG
144	LOCAL_RULE_*
145	LOCAL_RULESETS
146
147There are a few exceptions to this rule.  Local macro definitions which
148influence a FEATURE() should be done before that feature.  For example,
149a define(`PROCMAIL_MAILER_PATH', ...) should be done before
150FEATURE(`local_procmail').
151
152*******************************************************************
153***  BE SURE YOU CUSTOMIZE THESE FILES!  They have some		***
154***  Berkeley-specific assumptions built in, such as the name	***
155***  of their UUCP-relay.  You'll want to create your own	***
156***  domain description, and use that in place of		***
157***  domain/Berkeley.EDU.m4.					***
158*******************************************************************
159
160
161Note:
162Some rulesets, features, and options are only useful if the sendmail
163binary has been compiled with the appropriate options, e.g., the
164ruleset tls_server is only invoked if sendmail has been compiled
165with STARTTLS. This is usually obvious from the context and hence
166not further specified here.
167There are also so called "For Future Releases" (FFR) compile time
168options which might be included in a subsequent version or might
169simply be removed as they turned out not to be really useful.
170These are generally not documented but if they are, then the required
171compile time options are listed in doc/op/op.* for rulesets and
172macros, and for mc/cf specific options they are usually listed here.
173In addition to compile time options for the sendmail binary, there
174can also be FFRs for mc/cf which in general can be enabled when the
175configuration file is generated by defining them at the top of your
176.mc file:
177
178define(`_FFR_NAME_HERE', 1)
179
180
181+----------------------------+
182| A BRIEF INTRODUCTION TO M4 |
183+----------------------------+
184
185Sendmail uses the M4 macro processor to ``compile'' the configuration
186files.  The most important thing to know is that M4 is stream-based,
187that is, it doesn't understand about lines.  For this reason, in some
188places you may see the word ``dnl'', which stands for ``delete
189through newline''; essentially, it deletes all characters starting
190at the ``dnl'' up to and including the next newline character.  In
191most cases sendmail uses this only to avoid lots of unnecessary
192blank lines in the output.
193
194Other important directives are define(A, B) which defines the macro
195``A'' to have value ``B''.  Macros are expanded as they are read, so
196one normally quotes both values to prevent expansion.  For example,
197
198	define(`SMART_HOST', `smart.foo.com')
199
200One word of warning:  M4 macros are expanded even in lines that appear
201to be comments.  For example, if you have
202
203	# See FEATURE(`foo') above
204
205it will not do what you expect, because the FEATURE(`foo') will be
206expanded.  This also applies to
207
208	# And then define the $X macro to be the return address
209
210because ``define'' is an M4 keyword.  If you want to use them, surround
211them with directed quotes, `like this'.
212
213Since m4 uses single quotes (opening "`" and closing "'") to quote
214arguments, those quotes can't be used in arguments.  For example,
215it is not possible to define a rejection message containing a single
216quote. Usually there are simple workarounds by changing those
217messages; in the worst case it might be ok to change the value
218directly in the generated .cf file, which however is not advised.
219
220
221Notice:
222-------
223
224This package requires a post-V7 version of m4; if you are running the
2254.2bsd, SysV.2, or 7th Edition version.  SunOS's /usr/5bin/m4 or
226BSD-Net/2's m4 both work.  GNU m4 version 1.1 or later also works.
227Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a
228Net/2 or GNU version.  GNU m4 is available from
229ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version).
230EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine).  Use GNU
231m4 on this platform.
232
233
234+----------------+
235| FILE LOCATIONS |
236+----------------+
237
238sendmail 8.9 has introduced a new configuration directory for sendmail
239related files, /etc/mail.  The new files available for sendmail 8.9 --
240the class {R} /etc/mail/relay-domains and the access database
241/etc/mail/access -- take advantage of this new directory.  Beginning with
2428.10, all files will use this directory by default (some options may be
243set by OSTYPE() files).  This new directory should help to restore
244uniformity to sendmail's file locations.
245
246Below is a table of some of the common changes:
247
248Old filename			New filename
249------------			------------
250/etc/bitdomain			/etc/mail/bitdomain
251/etc/domaintable		/etc/mail/domaintable
252/etc/genericstable		/etc/mail/genericstable
253/etc/uudomain			/etc/mail/uudomain
254/etc/virtusertable		/etc/mail/virtusertable
255/etc/userdb			/etc/mail/userdb
256
257/etc/aliases			/etc/mail/aliases
258/etc/sendmail/aliases		/etc/mail/aliases
259/etc/ucbmail/aliases		/etc/mail/aliases
260/usr/adm/sendmail/aliases	/etc/mail/aliases
261/usr/lib/aliases		/etc/mail/aliases
262/usr/lib/mail/aliases		/etc/mail/aliases
263/usr/ucblib/aliases		/etc/mail/aliases
264
265/etc/sendmail.cw		/etc/mail/local-host-names
266/etc/mail/sendmail.cw		/etc/mail/local-host-names
267/etc/sendmail/sendmail.cw	/etc/mail/local-host-names
268
269/etc/sendmail.ct		/etc/mail/trusted-users
270
271/etc/sendmail.oE		/etc/mail/error-header
272
273/etc/sendmail.hf		/etc/mail/helpfile
274/etc/mail/sendmail.hf		/etc/mail/helpfile
275/usr/ucblib/sendmail.hf		/etc/mail/helpfile
276/etc/ucbmail/sendmail.hf	/etc/mail/helpfile
277/usr/lib/sendmail.hf		/etc/mail/helpfile
278/usr/share/lib/sendmail.hf	/etc/mail/helpfile
279/usr/share/misc/sendmail.hf	/etc/mail/helpfile
280/share/misc/sendmail.hf		/etc/mail/helpfile
281
282/etc/service.switch		/etc/mail/service.switch
283
284/etc/sendmail.st		/etc/mail/statistics
285/etc/mail/sendmail.st		/etc/mail/statistics
286/etc/mailer/sendmail.st		/etc/mail/statistics
287/etc/sendmail/sendmail.st	/etc/mail/statistics
288/usr/lib/sendmail.st		/etc/mail/statistics
289/usr/ucblib/sendmail.st		/etc/mail/statistics
290
291Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
292to create the pathnames.  The default value of this variable is
293`/etc/mail/'.  If you set this macro to a different value, you MUST include
294a trailing slash.
295
296Notice: all filenames used in a .mc (or .cf) file should be absolute
297(starting at the root, i.e., with '/').  Relative filenames most
298likely cause surprises during operations (unless otherwise noted).
299
300
301+--------+
302| OSTYPE |
303+--------+
304
305You MUST define an operating system environment, or the configuration
306file build will puke.  There are several environments available; look
307at the "ostype" directory for the current list.  This macro changes
308things like the location of the alias file and queue directory.  Some
309of these files are identical to one another.
310
311It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
312In general, the OSTYPE macro should go immediately after any version
313information, and MAILER definitions should always go last.
314
315Operating system definitions are usually easy to write.  They may define
316the following variables (everything defaults, so an ostype file may be
317empty).  Unfortunately, the list of configuration-supported systems is
318not as broad as the list of source-supported systems, since many of
319the source contributors do not include corresponding ostype files.
320
321ALIAS_FILE		[/etc/mail/aliases] The location of the text version
322			of the alias file(s).  It can be a comma-separated
323			list of names (but be sure you quote values with
324			commas in them -- for example, use
325				define(`ALIAS_FILE', `a,b')
326			to get "a" and "b" both listed as alias files;
327			otherwise the define() primitive only sees "a").
328HELP_FILE		[/etc/mail/helpfile] The name of the file
329			containing information printed in response to
330			the SMTP HELP command.
331QUEUE_DIR		[/var/spool/mqueue] The directory containing
332			queue files.  To use multiple queues, supply
333			a value ending with an asterisk.  For
334			example, /var/spool/mqueue/qd* will use all of the
335			directories or symbolic links to directories
336			beginning with 'qd' in /var/spool/mqueue as queue
337			directories.  The names 'qf', 'df', and 'xf' are
338			reserved as specific subdirectories for the
339			corresponding queue file types as explained in
340			doc/op/op.me.  See also QUEUE GROUP DEFINITIONS.
341MSP_QUEUE_DIR		[/var/spool/clientmqueue] The directory containing
342			queue files for the MSP (Mail Submission Program,
343			see sendmail/SECURITY).
344STATUS_FILE		[/etc/mail/statistics] The file containing status
345			information.
346LOCAL_MAILER_PATH	[/bin/mail] The program used to deliver local mail.
347LOCAL_MAILER_FLAGS	[Prmn9] The flags used by the local mailer.  The
348			flags lsDFMAw5:/|@q are always included.
349LOCAL_MAILER_ARGS	[mail -d $u] The arguments passed to deliver local
350			mail.
351LOCAL_MAILER_MAX	[undefined] If defined, the maximum size of local
352			mail that you are willing to accept.
353LOCAL_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
354			messages to deliver in a single connection.  Only
355			useful for LMTP local mailers.
356LOCAL_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
357			that ARRIVE from an address that resolves to the
358			local mailer and which are converted to MIME will be
359			labeled with this character set.
360LOCAL_MAILER_EOL	[undefined] If defined, the string to use as the
361			end of line for the local mailer.
362LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
363			[X-Unix] The DSN Diagnostic-Code value for the
364			local mailer.  This should be changed with care.
365LOCAL_SHELL_PATH	[/bin/sh] The shell used to deliver piped email.
366LOCAL_SHELL_FLAGS	[eu9] The flags used by the shell mailer.  The
367			flags lsDFM are always included.
368LOCAL_SHELL_ARGS	[sh -c $u] The arguments passed to deliver "prog"
369			mail.
370LOCAL_SHELL_DIR		[$z:/] The directory search path in which the
371			shell should run.
372LOCAL_MAILER_QGRP	[undefined] The queue group for the local mailer.
373USENET_MAILER_PATH	[/usr/lib/news/inews] The name of the program
374			used to submit news.
375USENET_MAILER_FLAGS	[rsDFMmn] The mailer flags for the usenet mailer.
376USENET_MAILER_ARGS	[-m -h -n] The command line arguments for the
377			usenet mailer.  NOTE: Some versions of inews
378			(such as those shipped with newer versions of INN)
379			use different flags.  Double check the defaults
380			against the inews man page.
381USENET_MAILER_MAX	[undefined] The maximum size of messages that will
382			be accepted by the usenet mailer.
383USENET_MAILER_QGRP	[undefined] The queue group for the usenet mailer.
384SMTP_MAILER_FLAGS	[undefined] Flags added to SMTP mailer.  Default
385			flags are `mDFMuX' for all SMTP-based mailers; the
386			"esmtp" mailer adds `a'; "smtp8" adds `8'; and
387			"dsmtp" adds `%'.
388RELAY_MAILER_FLAGS	[undefined] Flags added to the relay mailer.  Default
389			flags are `mDFMuX' for all SMTP-based mailers; the
390			relay mailer adds `a8'.  If this is not defined,
391			then SMTP_MAILER_FLAGS is used.
392SMTP_MAILER_MAX		[undefined] The maximum size of messages that will
393			be transported using the smtp, smtp8, esmtp, or dsmtp
394			mailers.
395SMTP_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
396			messages to deliver in a single connection for the
397			smtp, smtp8, esmtp, or dsmtp mailers.
398SMTP_MAILER_MAXRCPTS	[undefined] If defined, the maximum number of
399			recipients to deliver in a single envelope for the
400			smtp, smtp8, esmtp, or dsmtp mailers.
401SMTP_MAILER_ARGS	[TCP $h] The arguments passed to the smtp mailer.
402			About the only reason you would want to change this
403			would be to change the default port.
404ESMTP_MAILER_ARGS	[TCP $h] The arguments passed to the esmtp mailer.
405SMTP8_MAILER_ARGS	[TCP $h] The arguments passed to the smtp8 mailer.
406DSMTP_MAILER_ARGS	[TCP $h] The arguments passed to the dsmtp mailer.
407RELAY_MAILER_ARGS	[TCP $h] The arguments passed to the relay mailer.
408SMTP_MAILER_QGRP	[undefined] The queue group for the smtp mailer.
409ESMTP_MAILER_QGRP	[undefined] The queue group for the esmtp mailer.
410SMTP8_MAILER_QGRP	[undefined] The queue group for the smtp8 mailer.
411DSMTP_MAILER_QGRP	[undefined] The queue group for the dsmtp mailer.
412RELAY_MAILER_QGRP	[undefined] The queue group for the relay mailer.
413RELAY_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
414			messages to deliver in a single connection for the
415			relay mailer.
416SMTP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
417			that ARRIVE from an address that resolves to one of
418			the SMTP mailers and which are converted to MIME will
419			be labeled with this character set.
420RELAY_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
421			that ARRIVE from an address that resolves to the
422			relay mailers and which are converted to MIME will
423			be labeled with this character set.
424SMTP_MAILER_LL		[990] The maximum line length for SMTP mailers
425			(except the relay mailer).
426RELAY_MAILER_LL		[2040] The maximum line length for the relay mailer.
427UUCP_MAILER_PATH	[/usr/bin/uux] The program used to send UUCP mail.
428UUCP_MAILER_FLAGS	[undefined] Flags added to UUCP mailer.  Default
429			flags are `DFMhuU' (and `m' for uucp-new mailer,
430			minus `U' for uucp-dom mailer).
431UUCP_MAILER_ARGS	[uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
432			passed to the UUCP mailer.
433UUCP_MAILER_MAX		[100000] The maximum size message accepted for
434			transmission by the UUCP mailers.
435UUCP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
436			that ARRIVE from an address that resolves to one of
437			the UUCP mailers and which are converted to MIME will
438			be labeled with this character set.
439UUCP_MAILER_QGRP	[undefined] The queue group for the UUCP mailers.
440FAX_MAILER_PATH		[/usr/local/lib/fax/mailfax] The program used to
441			submit FAX messages.
442FAX_MAILER_ARGS		[mailfax $u $h $f] The arguments passed to the FAX
443			mailer.
444FAX_MAILER_MAX		[100000] The maximum size message accepted for
445			transmission by FAX.
446POP_MAILER_PATH		[/usr/lib/mh/spop] The pathname of the POP mailer.
447POP_MAILER_FLAGS	[Penu] Flags added to POP mailer.  Flags lsDFMq
448			are always added.
449POP_MAILER_ARGS		[pop $u] The arguments passed to the POP mailer.
450POP_MAILER_QGRP		[undefined] The queue group for the pop mailer.
451PROCMAIL_MAILER_PATH	[/usr/local/bin/procmail] The path to the procmail
452			program.  This is also used by
453			FEATURE(`local_procmail').
454PROCMAIL_MAILER_FLAGS	[SPhnu9] Flags added to Procmail mailer.  Flags
455			DFM are always set.  This is NOT used by
456			FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
457			instead.
458PROCMAIL_MAILER_ARGS	[procmail -Y -m $h $f $u] The arguments passed to
459			the Procmail mailer.  This is NOT used by
460			FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
461			instead.
462PROCMAIL_MAILER_MAX	[undefined] If set, the maximum size message that
463			will be accepted by the procmail mailer.
464PROCMAIL_MAILER_QGRP	[undefined] The queue group for the procmail mailer.
465MAIL11_MAILER_PATH	[/usr/etc/mail11] The path to the mail11 mailer.
466MAIL11_MAILER_FLAGS	[nsFx] Flags for the mail11 mailer.
467MAIL11_MAILER_ARGS	[mail11 $g $x $h $u] Arguments passed to the mail11
468			mailer.
469MAIL11_MAILER_QGRP	[undefined] The queue group for the mail11 mailer.
470PH_MAILER_PATH		[/usr/local/etc/phquery] The path to the phquery
471			program.
472PH_MAILER_FLAGS		[ehmu] Flags for the phquery mailer.  Flags nrDFM
473			are always set.
474PH_MAILER_ARGS		[phquery -- $u] -- arguments to the phquery mailer.
475PH_MAILER_QGRP		[undefined] The queue group for the ph mailer.
476CYRUS_MAILER_FLAGS	[Ah5@/:|] The flags used by the cyrus mailer.  The
477			flags lsDFMnPq are always included.
478CYRUS_MAILER_PATH	[/usr/cyrus/bin/deliver] The program used to deliver
479			cyrus mail.
480CYRUS_MAILER_ARGS	[deliver -e -m $h -- $u] The arguments passed
481			to deliver cyrus mail.
482CYRUS_MAILER_MAX	[undefined] If set, the maximum size message that
483			will be accepted by the cyrus mailer.
484CYRUS_MAILER_USER	[cyrus:mail] The user and group to become when
485			running the cyrus mailer.
486CYRUS_MAILER_QGRP	[undefined] The queue group for the cyrus mailer.
487CYRUS_BB_MAILER_FLAGS	[u] The flags used by the cyrusbb mailer.
488			The flags lsDFMnP are always included.
489CYRUS_BB_MAILER_ARGS	[deliver -e -m $u] The arguments passed
490			to deliver cyrusbb mail.
491CYRUSV2_MAILER_FLAGS	[A@/:|m] The flags used by the cyrusv2 mailer.  The
492			flags lsDFMnqXz are always included.
493CYRUSV2_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
494			messages to deliver in a single connection for the
495			cyrusv2 mailer.
496CYRUSV2_MAILER_MAXRCPTS	[undefined] If defined, the maximum number of
497			recipients to deliver in a single connection for the
498			cyrusv2 mailer.
499CYRUSV2_MAILER_ARGS	[FILE /var/imap/socket/lmtp] The arguments passed
500			to the cyrusv2 mailer.  This can be used to
501			change the name of the Unix domain socket, or
502			to switch to delivery via TCP (e.g., `TCP $h lmtp')
503CYRUSV2_MAILER_QGRP	[undefined] The queue group for the cyrusv2 mailer.
504CYRUSV2_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
505			that ARRIVE from an address that resolves to one the
506			Cyrus mailer and which are converted to MIME will
507			be labeled with this character set.
508confEBINDIR		[/usr/libexec] The directory for executables.
509			Currently used for FEATURE(`local_lmtp') and
510			FEATURE(`smrsh').
511QPAGE_MAILER_FLAGS	[mDFMs] The flags used by the qpage mailer.
512QPAGE_MAILER_PATH	[/usr/local/bin/qpage] The program used to deliver
513			qpage mail.
514QPAGE_MAILER_ARGS	[qpage -l0 -m -P$u] The arguments passed
515			to deliver qpage mail.
516QPAGE_MAILER_MAX	[4096] If set, the maximum size message that
517			will be accepted by the qpage mailer.
518QPAGE_MAILER_QGRP	[undefined] The queue group for the qpage mailer.
519LOCAL_PROG_QGRP		[undefined] The queue group for the prog mailer.
520
521Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
522MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
523of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
524upper case) and change can be: flags that should be used directly
525(thus overriding the default value), or if it starts with `+' (`-')
526then those flags are added to (removed from) the default value.
527Example:
528
529	MODIFY_MAILER_FLAGS(`LOCAL', `+e')
530
531will add the flag `e' to LOCAL_MAILER_FLAGS.  Notice: there are
532several smtp mailers all of which are manipulated individually.
533See the section MAILERS for the available mailer names.
534WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
535unconditionally, i.e., without respecting any definitions in an
536OSTYPE setting.
537
538
539+---------+
540| DOMAINS |
541+---------+
542
543You will probably want to collect domain-dependent defines into one
544file, referenced by the DOMAIN macro.  For example, the Berkeley
545domain file includes definitions for several internal distinguished
546hosts:
547
548UUCP_RELAY	The host that will accept UUCP-addressed email.
549		If not defined, all UUCP sites must be directly
550		connected.
551BITNET_RELAY	The host that will accept BITNET-addressed email.
552		If not defined, the .BITNET pseudo-domain won't work.
553DECNET_RELAY	The host that will accept DECNET-addressed email.
554		If not defined, the .DECNET pseudo-domain and addresses
555		of the form node::user will not work.
556FAX_RELAY	The host that will accept mail to the .FAX pseudo-domain.
557		The "fax" mailer overrides this value.
558LOCAL_RELAY	The site that will handle unqualified names -- that
559		is, names without an @domain extension.
560		Normally MAIL_HUB is preferred for this function.
561		LOCAL_RELAY is mostly useful in conjunction with
562		FEATURE(`stickyhost') -- see the discussion of
563		stickyhost below.  If not set, they are assumed to
564		belong on this machine.  This allows you to have a
565		central site to store a company- or department-wide
566		alias database.  This only works at small sites,
567		and only with some user agents.
568LUSER_RELAY	The site that will handle lusers -- that is, apparently
569		local names that aren't local accounts or aliases.  To
570		specify a local user instead of a site, set this to
571		``local:username''.
572
573Any of these can be either ``mailer:hostname'' (in which case the
574mailer is the internal mailer name, such as ``uucp-new'' and the hostname
575is the name of the host as appropriate for that mailer) or just a
576``hostname'', in which case a default mailer type (usually ``relay'',
577a variant on SMTP) is used.  WARNING: if you have a wildcard MX
578record matching your domain, you probably want to define these to
579have a trailing dot so that you won't get the mail diverted back
580to yourself.
581
582The domain file can also be used to define a domain name, if needed
583(using "DD<domain>") and set certain site-wide features.  If all hosts
584at your site masquerade behind one email name, you could also use
585MASQUERADE_AS here.
586
587You do not have to define a domain -- in particular, if you are a
588single machine sitting off somewhere, it is probably more work than
589it's worth.  This is just a mechanism for combining "domain dependent
590knowledge" into one place.
591
592
593+---------+
594| MAILERS |
595+---------+
596
597There are fewer mailers supported in this version than the previous
598version, owing mostly to a simpler world.  As a general rule, put the
599MAILER definitions last in your .mc file.
600
601local		The local and prog mailers.  You will almost always
602		need these; the only exception is if you relay ALL
603		your mail to another site.  This mailer is included
604		automatically.
605
606smtp		The Simple Mail Transport Protocol mailer.  This does
607		not hide hosts behind a gateway or another other
608		such hack; it assumes a world where everyone is
609		running the name server.  This file actually defines
610		five mailers: "smtp" for regular (old-style) SMTP to
611		other servers, "esmtp" for extended SMTP to other
612		servers, "smtp8" to do SMTP to other servers without
613		converting 8-bit data to MIME (essentially, this is
614		your statement that you know the other end is 8-bit
615		clean even if it doesn't say so), "dsmtp" to do on
616		demand delivery, and "relay" for transmission to the
617		RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
618
619uucp		The UNIX-to-UNIX Copy Program mailer.  Actually, this
620		defines two mailers, "uucp-old" (a.k.a. "uucp") and
621		"uucp-new" (a.k.a. "suucp").  The latter is for when you
622		know that the UUCP mailer at the other end can handle
623		multiple recipients in one transfer.  If the smtp mailer
624		is included in your configuration, two other mailers
625		("uucp-dom" and "uucp-uudom") are also defined [warning: you
626		MUST specify MAILER(`smtp') before MAILER(`uucp')].  When you
627		include the uucp mailer, sendmail looks for all names in
628		class {U} and sends them to the uucp-old mailer; all
629		names in class {Y} are sent to uucp-new; and all
630		names in class {Z} are sent to uucp-uudom.  Note that
631		this is a function of what version of rmail runs on
632		the receiving end, and hence may be out of your control.
633		See the section below describing UUCP mailers in more
634		detail.
635
636usenet		Usenet (network news) delivery.  If this is specified,
637		an extra rule is added to ruleset 0 that forwards all
638		local email for users named ``group.usenet'' to the
639		``inews'' program.  Note that this works for all groups,
640		and may be considered a security problem.
641
642fax		Facsimile transmission.  This is experimental and based
643		on Sam Leffler's HylaFAX software.  For more information,
644		see http://www.hylafax.org/.
645
646pop		Post Office Protocol.
647
648procmail	An interface to procmail (does not come with sendmail).
649		This is designed to be used in mailertables.  For example,
650		a common question is "how do I forward all mail for a given
651		domain to a single person?".  If you have this mailer
652		defined, you could set up a mailertable reading:
653
654			host.com	procmail:/etc/procmailrcs/host.com
655
656		with the file /etc/procmailrcs/host.com reading:
657
658			:0	# forward mail for host.com
659			! -oi -f $1 person@other.host
660
661		This would arrange for (anything)@host.com to be sent
662		to person@other.host.  In a procmail script, $1 is the
663		name of the sender and $2 is the name of the recipient.
664		If you use this with FEATURE(`local_procmail'), the FEATURE
665		should be listed first.
666
667		Of course there are other ways to solve this particular
668		problem, e.g., a catch-all entry in a virtusertable.
669
670mail11		The DECnet mail11 mailer, useful only if you have the mail11
671		program from gatekeeper.dec.com:/pub/DEC/gwtools (and
672		DECnet, of course).  This is for Phase IV DECnet support;
673		if you have Phase V at your site you may have additional
674		problems.
675
676phquery		The phquery program.  This is somewhat counterintuitively
677		referenced as the "ph" mailer internally.  It can be used
678		to do CCSO name server lookups.  The phquery program, which
679		this mailer uses, is distributed with the ph client.
680
681cyrus		The cyrus and cyrusbb mailers.  The cyrus mailer delivers to
682		a local cyrus user.  this mailer can make use of the
683		"user+detail@local.host" syntax (see
684		FEATURE(`preserve_local_plus_detail')); it will deliver the
685		mail to the user's "detail" mailbox if the mailbox's ACL
686		permits.  The cyrusbb mailer delivers to a system-wide
687		cyrus mailbox if the mailbox's ACL permits.  The cyrus
688		mailer must be defined after the local mailer.
689
690cyrusv2		The mailer for Cyrus v2.x.  The cyrusv2 mailer delivers to
691		local cyrus users via LMTP.  This mailer can make use of the
692		"user+detail@local.host" syntax (see
693		FEATURE(`preserve_local_plus_detail')); it will deliver the
694		mail to the user's "detail" mailbox if the mailbox's ACL
695		permits.  The cyrusv2 mailer must be defined after the
696		local mailer.
697
698qpage		A mailer for QuickPage, a pager interface.  See
699		http://www.qpage.org/ for further information.
700
701The local mailer accepts addresses of the form "user+detail", where
702the "+detail" is not used for mailbox matching but is available
703to certain local mail programs (in particular, see
704FEATURE(`local_procmail')).  For example, "eric", "eric+sendmail", and
705"eric+sww" all indicate the same user, but additional arguments <null>,
706"sendmail", and "sww" may be provided for use in sorting mail.
707
708
709+----------+
710| FEATURES |
711+----------+
712
713Special features can be requested using the "FEATURE" macro.  For
714example, the .mc line:
715
716	FEATURE(`use_cw_file')
717
718tells sendmail that you want to have it read an /etc/mail/local-host-names
719file to get values for class {w}.  A FEATURE may contain up to 9
720optional parameters -- for example:
721
722	FEATURE(`mailertable', `dbm /usr/lib/mailertable')
723
724The default database map type for the table features can be set with
725
726	define(`DATABASE_MAP_TYPE', `dbm')
727
728which would set it to use ndbm databases.  The default is the Berkeley DB
729hash database format.  Note that you must still declare a database map type
730if you specify an argument to a FEATURE.  DATABASE_MAP_TYPE is only used
731if no argument is given for the FEATURE.  It must be specified before any
732feature that uses a map.
733
734Also, features which can take a map definition as an argument can also take
735the special keyword `LDAP'.  If that keyword is used, the map will use the
736LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
737CLASSES'' section below.
738
739Available features are:
740
741use_cw_file	Read the file /etc/mail/local-host-names file to get
742		alternate names for this host.  This might be used if you
743		were on a host that MXed for a dynamic set of other hosts.
744		If the set is static, just including the line "Cw<name1>
745		<name2> ..." (where the names are fully qualified domain
746		names) is probably superior.  The actual filename can be
747		overridden by redefining confCW_FILE.
748
749use_ct_file	Read the file /etc/mail/trusted-users file to get the
750		names of users that will be ``trusted'', that is, able to
751		set their envelope from address using -f without generating
752		a warning message.  The actual filename can be overridden
753		by redefining confCT_FILE.
754
755redirect	Reject all mail addressed to "address.REDIRECT" with
756		a ``551 User has moved; please try <address>'' message.
757		If this is set, you can alias people who have left
758		to their new address with ".REDIRECT" appended.
759
760nouucp		Don't route UUCP addresses.  This feature takes one
761		parameter:
762		`reject': reject addresses which have "!" in the local
763			part unless it originates from a system
764			that is allowed to relay.
765		`nospecial': don't do anything special with "!".
766		Warnings: 1. See the notice in the anti-spam section.
767		2. don't remove "!" from OperatorChars if `reject' is
768		given as parameter.
769
770nopercenthack	Don't treat % as routing character.  This feature takes one
771		parameter:
772		`reject': reject addresses which have % in the local
773			part unless it originates from a system
774			that is allowed to relay.
775		`nospecial': don't do anything special with %.
776		Warnings: 1. See the notice in the anti-spam section.
777		2. Don't remove % from OperatorChars if `reject' is
778		given as parameter.
779
780nocanonify	Don't pass addresses to $[ ... $] for canonification
781		by default, i.e., host/domain names are considered canonical,
782		except for unqualified names, which must not be used in this
783		mode (violation of the standard).  It can be changed by
784		setting the DaemonPortOptions modifiers (M=).  That is,
785		FEATURE(`nocanonify') will be overridden by setting the
786		'c' flag.  Conversely, if FEATURE(`nocanonify') is not used,
787		it can be emulated by setting the 'C' flag
788		(DaemonPortOptions=Modifiers=C).  This would generally only
789		be used by sites that only act as mail gateways or which have
790		user agents that do full canonification themselves.  You may
791		also want to use
792		"define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
793		the usual resolver options that do a similar thing.
794
795		An exception list for FEATURE(`nocanonify') can be
796		specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
797		i.e., a list of domains which are nevertheless passed to
798		$[ ... $] for canonification.  This is useful to turn on
799		canonification for local domains, e.g., use
800		CANONIFY_DOMAIN(`my.domain my') to canonify addresses
801		which end in "my.domain" or "my".
802		Another way to require canonification in the local
803		domain is CANONIFY_DOMAIN(`$=m').
804
805		A trailing dot is added to addresses with more than
806		one component in it such that other features which
807		expect a trailing dot (e.g., virtusertable) will
808		still work.
809
810		If `canonify_hosts' is specified as parameter, i.e.,
811		FEATURE(`nocanonify', `canonify_hosts'), then
812		addresses which have only a hostname, e.g.,
813		<user@host>, will be canonified (and hopefully fully
814		qualified), too.
815
816stickyhost	This feature is sometimes used with LOCAL_RELAY,
817		although it can be used for a different effect with
818		MAIL_HUB.
819
820		When used without MAIL_HUB, email sent to
821		"user@local.host" are marked as "sticky" -- that
822		is, the local addresses aren't matched against UDB,
823		don't go through ruleset 5, and are not forwarded to
824		the LOCAL_RELAY (if defined).
825
826		With MAIL_HUB, mail addressed to "user@local.host"
827		is forwarded to the mail hub, with the envelope
828		address still remaining "user@local.host".
829		Without stickyhost, the envelope would be changed
830		to "user@mail_hub", in order to protect against
831		mailing loops.
832
833mailertable	Include a "mailer table" which can be used to override
834		routing for particular domains (which are not in class {w},
835		i.e.  local host names).  The argument of the FEATURE may be
836		the key definition.  If none is specified, the definition
837		used is:
838
839			hash /etc/mail/mailertable
840
841		Keys in this database are fully qualified domain names
842		or partial domains preceded by a dot -- for example,
843		"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".  As a
844		special case of the latter, "." matches any domain not
845		covered by other keys.  Values must be of the form:
846			mailer:domain
847		where "mailer" is the internal mailer name, and "domain"
848		is where to send the message.  These maps are not
849		reflected into the message header.  As a special case,
850		the forms:
851			local:user
852		will forward to the indicated user using the local mailer,
853			local:
854		will forward to the original user in the e-mail address
855		using the local mailer, and
856			error:code message
857			error:D.S.N:code message
858		will give an error message with the indicated SMTP reply
859		code and message, where D.S.N is an RFC 1893 compliant
860		error code.
861
862domaintable	Include a "domain table" which can be used to provide
863		domain name mapping.  Use of this should really be
864		limited to your own domains.  It may be useful if you
865		change names (e.g., your company changes names from
866		oldname.com to newname.com).  The argument of the
867		FEATURE may be the key definition.  If none is specified,
868		the definition used is:
869
870			hash /etc/mail/domaintable
871
872		The key in this table is the domain name; the value is
873		the new (fully qualified) domain.  Anything in the
874		domaintable is reflected into headers; that is, this
875		is done in ruleset 3.
876
877bitdomain	Look up bitnet hosts in a table to try to turn them into
878		internet addresses.  The table can be built using the
879		bitdomain program contributed by John Gardiner Myers.
880		The argument of the FEATURE may be the key definition; if
881		none is specified, the definition used is:
882
883			hash /etc/mail/bitdomain
884
885		Keys are the bitnet hostname; values are the corresponding
886		internet hostname.
887
888uucpdomain	Similar feature for UUCP hosts.  The default map definition
889		is:
890
891			hash /etc/mail/uudomain
892
893		At the moment there is no automagic tool to build this
894		database.
895
896always_add_domain
897		Include the local host domain even on locally delivered
898		mail.  Normally it is not added on unqualified names.
899		However, if you use a shared message store but do not use
900		the same user name space everywhere, you may need the host
901		name on local names.  An optional argument specifies
902		another domain to be added than the local.
903
904allmasquerade	If masquerading is enabled (using MASQUERADE_AS), this
905		feature will cause recipient addresses to also masquerade
906		as being from the masquerade host.  Normally they get
907		the local hostname.  Although this may be right for
908		ordinary users, it can break local aliases.  For example,
909		if you send to "localalias", the originating sendmail will
910		find that alias and send to all members, but send the
911		message with "To: localalias@masqueradehost".  Since that
912		alias likely does not exist, replies will fail.  Use this
913		feature ONLY if you can guarantee that the ENTIRE
914		namespace on your masquerade host supersets all the
915		local entries.
916
917limited_masquerade
918		Normally, any hosts listed in class {w} are masqueraded.  If
919		this feature is given, only the hosts listed in class {M} (see
920		below:  MASQUERADE_DOMAIN) are masqueraded.  This is useful
921		if you have several domains with disjoint namespaces hosted
922		on the same machine.
923
924masquerade_entire_domain
925		If masquerading is enabled (using MASQUERADE_AS) and
926		MASQUERADE_DOMAIN (see below) is set, this feature will
927		cause addresses to be rewritten such that the masquerading
928		domains are actually entire domains to be hidden.  All
929		hosts within the masquerading domains will be rewritten
930		to the masquerade name (used in MASQUERADE_AS).  For example,
931		if you have:
932
933			MASQUERADE_AS(`masq.com')
934			MASQUERADE_DOMAIN(`foo.org')
935			MASQUERADE_DOMAIN(`bar.com')
936
937		then *foo.org and *bar.com are converted to masq.com.  Without
938		this feature, only foo.org and bar.com are masqueraded.
939
940		    NOTE: only domains within your jurisdiction and
941		    current hierarchy should be masqueraded using this.
942
943local_no_masquerade
944		This feature prevents the local mailer from masquerading even
945		if MASQUERADE_AS is used.  MASQUERADE_AS will only have effect
946		on addresses of mail going outside the local domain.
947
948masquerade_envelope
949		If masquerading is enabled (using MASQUERADE_AS) or the
950		genericstable is in use, this feature will cause envelope
951		addresses to also masquerade as being from the masquerade
952		host.  Normally only the header addresses are masqueraded.
953
954genericstable	This feature will cause unqualified addresses (i.e., without
955		a domain) and addresses with a domain listed in class {G}
956		to be looked up in a map and turned into another ("generic")
957		form, which can change both the domain name and the user name.
958		Notice: if you use an MSP (as it is default starting with
959		8.12), the MTA will only receive qualified addresses from the
960		MSP (as required by the RFCs).  Hence you need to add your
961		domain to class {G}.  This feature is similar to the userdb
962		functionality.  The same types of addresses as for
963		masquerading are looked up, i.e., only header sender
964		addresses unless the allmasquerade and/or masquerade_envelope
965		features are given.  Qualified addresses must have the domain
966		part in class {G}; entries can be added to this class by the
967		macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
968		to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
969
970		The argument of FEATURE(`genericstable') may be the map
971		definition; the default map definition is:
972
973			hash /etc/mail/genericstable
974
975		The key for this table is either the full address, the domain
976		(with a leading @; the localpart is passed as first argument)
977		or the unqualified username (tried in the order mentioned);
978		the value is the new user address.  If the new user address
979		does not include a domain, it will be qualified in the standard
980		manner, i.e., using $j or the masquerade name.  Note that the
981		address being looked up must be fully qualified.  For local
982		mail, it is necessary to use FEATURE(`always_add_domain')
983		for the addresses to be qualified.
984		The "+detail" of an address is passed as %1, so entries like
985
986			old+*@foo.org	new+%1@example.com
987			gen+*@foo.org	%1@example.com
988
989		and other forms are possible.
990
991generics_entire_domain
992		If the genericstable is enabled and GENERICS_DOMAIN or
993		GENERICS_DOMAIN_FILE is used, this feature will cause
994		addresses to be searched in the map if their domain
995		parts are subdomains of elements in class {G}.
996
997virtusertable	A domain-specific form of aliasing, allowing multiple
998		virtual domains to be hosted on one machine.  For example,
999		if the virtuser table contains:
1000
1001			info@foo.com	foo-info
1002			info@bar.com	bar-info
1003			joe@bar.com	error:nouser 550 No such user here
1004			jax@bar.com	error:5.7.0:550 Address invalid
1005			@baz.org	jane@example.net
1006
1007		then mail addressed to info@foo.com will be sent to the
1008		address foo-info, mail addressed to info@bar.com will be
1009		delivered to bar-info, and mail addressed to anyone at baz.org
1010		will be sent to jane@example.net, mail to joe@bar.com will
1011		be rejected with the specified error message, and mail to
1012		jax@bar.com will also have a RFC 1893 compliant error code
1013		5.7.0.
1014
1015		The username from the original address is passed
1016		as %1 allowing:
1017
1018			@foo.org	%1@example.com
1019
1020		meaning someone@foo.org will be sent to someone@example.com.
1021		Additionally, if the local part consists of "user+detail"
1022		then "detail" is passed as %2 and "+detail" is passed as %3
1023		when a match against user+* is attempted, so entries like
1024
1025			old+*@foo.org	new+%2@example.com
1026			gen+*@foo.org	%2@example.com
1027			+*@foo.org	%1%3@example.com
1028			X++@foo.org	Z%3@example.com
1029			@bar.org	%1%3
1030
1031		and other forms are possible.  Note: to preserve "+detail"
1032		for a default case (@domain) %1%3 must be used as RHS.
1033		There are two wildcards after "+": "+" matches only a non-empty
1034		detail, "*" matches also empty details, e.g., user+@foo.org
1035		matches +*@foo.org but not ++@foo.org.  This can be used
1036		to ensure that the parameters %2 and %3 are not empty.
1037
1038		All the host names on the left hand side (foo.com, bar.com,
1039		and baz.org) must be in class {w} or class {VirtHost}.  The
1040		latter can be defined by the macros VIRTUSER_DOMAIN or
1041		VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1042		MASQUERADE_DOMAIN_FILE, see below).  If VIRTUSER_DOMAIN or
1043		VIRTUSER_DOMAIN_FILE is used, then the entries of class
1044		{VirtHost} are added to class {R}, i.e., relaying is allowed
1045		to (and from) those domains, which by default includes also
1046		all subdomains (see relay_hosts_only).  The default map
1047		definition is:
1048
1049			hash /etc/mail/virtusertable
1050
1051		A new definition can be specified as the second argument of
1052		the FEATURE macro, such as
1053
1054			FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
1055
1056virtuser_entire_domain
1057		If the virtusertable is enabled and VIRTUSER_DOMAIN or
1058		VIRTUSER_DOMAIN_FILE is used, this feature will cause
1059		addresses to be searched in the map if their domain
1060		parts are subdomains of elements in class {VirtHost}.
1061
1062ldap_routing	Implement LDAP-based e-mail recipient routing according to
1063		the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
1064		This provides a method to re-route addresses with a
1065		domain portion in class {LDAPRoute} to either a
1066		different mail host or a different address.  Hosts can
1067		be added to this class using LDAPROUTE_DOMAIN and
1068		LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1069		MASQUERADE_DOMAIN_FILE, see below).
1070
1071		See the LDAP ROUTING section below for more information.
1072
1073nullclient	This is a special case -- it creates a configuration file
1074		containing nothing but support for forwarding all mail to a
1075		central hub via a local SMTP-based network.  The argument
1076		is the name of that hub.
1077
1078		The only other feature that should be used in conjunction
1079		with this one is FEATURE(`nocanonify').  No mailers
1080		should be defined.  No aliasing or forwarding is done.
1081
1082local_lmtp	Use an LMTP capable local mailer.  The argument to this
1083		feature is the pathname of an LMTP capable mailer.  By
1084		default, mail.local is used.  This is expected to be the
1085		mail.local which came with the 8.9 distribution which is
1086		LMTP capable.  The path to mail.local is set by the
1087		confEBINDIR m4 variable -- making the default
1088		LOCAL_MAILER_PATH /usr/libexec/mail.local.
1089		If a different LMTP capable mailer is used, its pathname
1090		can be specified as second parameter and the arguments
1091		passed to it (A=) as third parameter, e.g.,
1092
1093			FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
1094
1095		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1096		i.e., without respecting any definitions in an OSTYPE setting.
1097
1098local_procmail	Use procmail or another delivery agent as the local mailer.
1099		The argument to this feature is the pathname of the
1100		delivery agent, which defaults to PROCMAIL_MAILER_PATH.
1101		Note that this does NOT use PROCMAIL_MAILER_FLAGS or
1102		PROCMAIL_MAILER_ARGS for the local mailer; tweak
1103		LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
1104		specify the appropriate parameters.  When procmail is used,
1105		the local mailer can make use of the
1106		"user+indicator@local.host" syntax; normally the +indicator
1107		is just tossed, but by default it is passed as the -a
1108		argument to procmail.
1109
1110		This feature can take up to three arguments:
1111
1112		1. Path to the mailer program
1113		   [default: /usr/local/bin/procmail]
1114		2. Argument vector including name of the program
1115		   [default: procmail -Y -a $h -d $u]
1116		3. Flags for the mailer [default: SPfhn9]
1117
1118		Empty arguments cause the defaults to be taken.
1119		Note that if you are on a system with a broken
1120		setreuid() call, you may need to add -f $f to the procmail
1121		argument vector to pass the proper sender to procmail.
1122
1123		For example, this allows it to use the maildrop mailer
1124		instead by specifying:
1125
1126		FEATURE(`local_procmail', `/usr/local/bin/maildrop',
1127		 `maildrop -d $u')
1128
1129		or scanmails using:
1130
1131		FEATURE(`local_procmail', `/usr/local/bin/scanmails')
1132
1133		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1134		i.e., without respecting any definitions in an OSTYPE setting.
1135
1136bestmx_is_local	Accept mail as though locally addressed for any host that
1137		lists us as the best possible MX record.  This generates
1138		additional DNS traffic, but should be OK for low to
1139		medium traffic hosts.  The argument may be a set of
1140		domains, which will limit the feature to only apply to
1141		these domains -- this will reduce unnecessary DNS
1142		traffic.  THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
1143		WILDCARD MX RECORDS!!!  If you have a wildcard MX record
1144		that matches your domain, you cannot use this feature.
1145
1146smrsh		Use the SendMail Restricted SHell (smrsh) provided
1147		with the distribution instead of /bin/sh for mailing
1148		to programs.  This improves the ability of the local
1149		system administrator to control what gets run via
1150		e-mail.  If an argument is provided it is used as the
1151		pathname to smrsh; otherwise, the path defined by
1152		confEBINDIR is used for the smrsh binary -- by default,
1153		/usr/libexec/smrsh is assumed.
1154
1155promiscuous_relay
1156		By default, the sendmail configuration files do not permit
1157		mail relaying (that is, accepting mail from outside your
1158		local host (class {w}) and sending it to another host than
1159		your local host).  This option sets your site to allow
1160		mail relaying from any site to any site.  In almost all
1161		cases, it is better to control relaying more carefully
1162		with the access map, class {R}, or authentication.  Domains
1163		can be added to class {R} by the macros RELAY_DOMAIN or
1164		RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1165		MASQUERADE_DOMAIN_FILE, see below).
1166
1167relay_entire_domain
1168		This option allows any host in your domain as defined by
1169		class {m} to use your server for relaying.  Notice: make
1170		sure that your domain is not just a top level domain,
1171		e.g., com.  This can happen if you give your host a name
1172		like example.com instead of host.example.com.
1173
1174relay_hosts_only
1175		By default, names that are listed as RELAY in the access
1176		db and class {R} are treated as domain names, not host names.
1177		For example, if you specify ``foo.com'', then mail to or
1178		from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1179		will all be accepted for relaying.  This feature changes
1180		the behaviour to look up individual host names only.
1181
1182relay_based_on_MX
1183		Turns on the ability to allow relaying based on the MX
1184		records of the host portion of an incoming recipient; that
1185		is, if an MX record for host foo.com points to your site,
1186		you will accept and relay mail addressed to foo.com.  See
1187		description below for more information before using this
1188		feature.  Also, see the KNOWNBUGS entry regarding bestmx
1189		map lookups.
1190
1191		FEATURE(`relay_based_on_MX') does not necessarily allow
1192		routing of these messages which you expect to be allowed,
1193		if route address syntax (or %-hack syntax) is used.  If
1194		this is a problem, add entries to the access-table or use
1195		FEATURE(`loose_relay_check').
1196
1197relay_mail_from
1198		Allows relaying if the mail sender is listed as RELAY in
1199		the access map.  If an optional argument `domain' (this
1200		is the literal word `domain', not a placeholder) is given,
1201		relaying can be allowed just based on the domain portion
1202		of the sender address.  This feature should only be used if
1203		absolutely necessary as the sender address can be easily
1204		forged.  Use of this feature requires the "From:" tag to
1205		be used for the key in the access map; see the discussion
1206		of tags and FEATURE(`relay_mail_from') in the section on
1207		anti-spam configuration control.
1208
1209relay_local_from
1210		Allows relaying if the domain portion of the mail sender
1211		is a local host.  This should only be used if absolutely
1212		necessary as it opens a window for spammers.  Specifically,
1213		they can send mail to your mail server that claims to be
1214		from your domain (either directly or via a routed address),
1215		and you will go ahead and relay it out to arbitrary hosts
1216		on the Internet.
1217
1218accept_unqualified_senders
1219		Normally, MAIL FROM: commands in the SMTP session will be
1220		refused if the connection is a network connection and the
1221		sender address does not include a domain name.  If your
1222		setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1223		you will need to use this feature to accept unqualified
1224		sender addresses.  Setting the DaemonPortOptions modifier
1225		'u' overrides the default behavior, i.e., unqualified
1226		addresses are accepted even without this FEATURE.
1227		If this FEATURE is not used, the DaemonPortOptions modifier
1228		'f' can be used to enforce fully qualified addresses.
1229
1230accept_unresolvable_domains
1231		Normally, MAIL FROM: commands in the SMTP session will be
1232		refused if the host part of the argument to MAIL FROM:
1233		cannot be located in the host name service (e.g., an A or
1234		MX record in DNS).  If you are inside a firewall that has
1235		only a limited view of the Internet host name space, this
1236		could cause problems.  In this case you probably want to
1237		use this feature to accept all domains on input, even if
1238		they are unresolvable.
1239
1240access_db	Turns on the access database feature.  The access db gives
1241		you the ability to allow or refuse to accept mail from
1242		specified domains for administrative reasons.  Moreover,
1243		it can control the behavior of sendmail in various situations.
1244		By default, the access database specification is:
1245
1246			hash -T<TMPF> /etc/mail/access
1247
1248		See the anti-spam configuration control section for further
1249		important information about this feature.  Notice:
1250		"-T<TMPF>" is meant literal, do not replace it by anything.
1251
1252blocklist_recipients
1253		Turns on the ability to block incoming mail for certain
1254		recipient usernames, hostnames, or addresses.  For
1255		example, you can block incoming mail to user nobody,
1256		host foo.mydomain.com, or guest@bar.mydomain.com.
1257		These specifications are put in the access db as
1258		described in the anti-spam configuration control section
1259		later in this document.
1260
1261delay_checks	The rulesets check_mail and check_relay will not be called
1262		when a client connects or issues a MAIL command, respectively.
1263		Instead, those rulesets will be called by the check_rcpt
1264		ruleset; they will be skipped under certain circumstances.
1265		See "Delay all checks" in the anti-spam configuration control
1266		section.  Note: this feature is incompatible to the versions
1267		in 8.10 and 8.11.
1268
1269check_other	Enable a default check_other ruleset which terminates
1270		an SMTP session when it encounters a command which matches
1271		a regular expression given as argument. If no argument
1272		is given, then the default (to match potential headers) is:
1273			^[[:print:]]+ *:
1274
1275use_client_ptr	If this feature is enabled then check_relay will override
1276		its first argument with $&{client_ptr}.  This is useful for
1277		rejections based on the unverified hostname of client,
1278		which turns on the same behavior as in earlier sendmail
1279		versions when delay_checks was not in use.  See doc/op/op.*
1280		about check_relay, {client_name}, and {client_ptr}.
1281
1282dnsbl		Turns on rejection, discarding, or quarantining of hosts
1283		found in a DNS based list.  The first argument is used as
1284		the domain in which blocked hosts are listed.  A second
1285		argument can be used to change the default error message,
1286		or select one of the operations `discard' and `quarantine'.
1287		Without that second argument, the error message will be
1288
1289			Rejected: IP-ADDRESS listed at SERVER
1290
1291		where IP-ADDRESS and SERVER are replaced by the appropriate
1292		information.  By default, temporary lookup failures are
1293		ignored.  This behavior can be changed by specifying a
1294		third argument, which must be either `t' or a full error
1295		message.  See the anti-spam configuration control section for
1296		an example.  The dnsbl feature can be included several times
1297		to query different DNS based rejection lists.  See also
1298		enhdnsbl for an enhanced version.
1299
1300		Set the DNSBL_MAP mc option to change the default map
1301		definition from `host'.  Set the DNSBL_MAP_OPT mc option
1302		to add additional options to the map specification used.
1303
1304		Some DNS based rejection lists cause failures if asked
1305		for AAAA records. If your sendmail version is compiled
1306		with IPv6 support (NETINET6) and you experience this
1307		problem, add
1308
1309			define(`DNSBL_MAP', `dns -R A')
1310
1311		before the first use of this feature.  Alternatively you
1312		can use enhdnsbl instead (see below).  Moreover, this
1313		statement can be used to reduce the number of DNS retries,
1314		e.g.,
1315
1316			define(`DNSBL_MAP', `dns -R A -r2')
1317
1318		See below (EDNSBL_TO) for an explanation.
1319
1320enhdnsbl	Enhanced version of dnsbl (see above).  Further arguments
1321		(up to 5) can be used to specify specific return values
1322		from lookups.  Temporary lookup failures are ignored unless
1323		a third argument is given, which must be either `t' or a full
1324		error message.  By default, any successful lookup will
1325		generate an error.  Otherwise the result of the lookup is
1326		compared with the supplied argument(s), and only if a match
1327		occurs an error is generated.  For example,
1328
1329		FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
1330
1331		will reject the e-mail if the lookup returns the value
1332		``127.0.0.2.'', or generate a 451 response if the lookup
1333		temporarily failed.  The arguments can contain metasymbols
1334		as they are allowed in the LHS of rules.  As the example
1335		shows, the default values are also used if an empty argument,
1336		i.e., `', is specified.  This feature requires that sendmail
1337		has been compiled with the flag DNSMAP (see sendmail/README).
1338
1339		Set the EDNSBL_TO mc option to change the DNS retry count
1340		from the default value of 5, this can be very useful when
1341		a DNS server is not responding, which in turn may cause
1342		clients to time out (an entry stating
1343
1344			did not issue MAIL/EXPN/VRFY/ETRN
1345
1346		will be logged).
1347
1348ratecontrol	Enable simple ruleset to do connection rate control
1349		checking.  This requires entries in access_db of the form
1350
1351			ClientRate:IP.ADD.RE.SS		LIMIT
1352
1353		The RHS specifies the maximum number of connections
1354		(an integer number) over the time interval defined
1355		by ConnectionRateWindowSize, where 0 means unlimited.
1356
1357		Take the following example:
1358
1359			ClientRate:10.1.2.3		4
1360			ClientRate:127.0.0.1		0
1361			ClientRate:			10
1362
1363		10.1.2.3 can only make up to 4 connections, the
1364		general limit it 10, and 127.0.0.1 can make an unlimited
1365		number of connections per ConnectionRateWindowSize.
1366
1367		See also CONNECTION CONTROL.
1368
1369conncontrol	Enable a simple check of the number of incoming SMTP
1370		connections.  This requires entries in access_db of the
1371		form
1372
1373			ClientConn:IP.ADD.RE.SS		LIMIT
1374
1375		The RHS specifies the maximum number of open connections
1376		(an integer number).
1377
1378		Take the following example:
1379
1380			ClientConn:10.1.2.3		4
1381			ClientConn:127.0.0.1		0
1382			ClientConn:			10
1383
1384		10.1.2.3 can only have up to 4 open connections, the
1385		general limit it 10, and 127.0.0.1 does not have any
1386		explicit limit.
1387
1388		See also CONNECTION CONTROL.
1389
1390mtamark		Experimental support for "Marking Mail Transfer Agents in
1391		Reverse DNS with TXT RRs" (MTAMark), see
1392		draft-stumpf-dns-mtamark-01.  Optional arguments are:
1393
1394		1. Error message, default:
1395
1396			550 Rejected: $&{client_addr} not listed as MTA
1397
1398		2. Temporary lookup failures are ignored unless a second
1399		argument is given, which must be either `t' or a full
1400		error message.
1401
1402		3. Lookup prefix, default: _perm._smtp._srv.  This should
1403		not be changed unless the draft changes it.
1404
1405		Example:
1406
1407			FEATURE(`mtamark', `', `t')
1408
1409lookupdotdomain	Look up also .domain in the access map.  This allows to
1410		match only subdomains.  It does not work well with
1411		FEATURE(`relay_hosts_only'), because most lookups for
1412		subdomains are suppressed by the latter feature.
1413
1414loose_relay_check
1415		Normally, if % addressing is used for a recipient, e.g.
1416		user%site@othersite, and othersite is in class {R}, the
1417		check_rcpt ruleset will strip @othersite and recheck
1418		user@site for relaying.  This feature changes that
1419		behavior.  It should not be needed for most installations.
1420
1421authinfo	Provide a separate map for client side authentication
1422		information.  See SMTP AUTHENTICATION for details.
1423		By default, the authinfo database specification is:
1424
1425			hash /etc/mail/authinfo
1426
1427preserve_luser_host
1428		Preserve the name of the recipient host if LUSER_RELAY is
1429		used.  Without this option, the domain part of the
1430		recipient address will be replaced by the host specified as
1431		LUSER_RELAY.  This feature only works if the hostname is
1432		passed to the mailer (see mailer triple in op.me).  Note
1433		that in the default configuration the local mailer does not
1434		receive the hostname, i.e., the mailer triple has an empty
1435		hostname.
1436
1437preserve_local_plus_detail
1438		Preserve the +detail portion of the address when passing
1439		address to local delivery agent.  Disables alias and
1440		.forward +detail stripping (e.g., given user+detail, only
1441		that address will be looked up in the alias file; user+* and
1442		user will not be looked up).  Only use if the local
1443		delivery agent in use supports +detail addressing.
1444		Moreover, this will most likely not work if the 'w' flag
1445		for the local mailer is set as the entire local address
1446		including +detail is passed to the user lookup function.
1447
1448compat_check	Enable ruleset check_compat to look up pairs of addresses
1449		with the Compat: tag --	Compat:sender<@>recipient -- in the
1450		access map.  Valid values for the RHS include
1451			DISCARD	silently discard recipient
1452			TEMP:	return a temporary error
1453			ERROR:	return a permanent error
1454		In the last two cases, a 4xy/5xy SMTP reply code should
1455		follow the colon.
1456
1457no_default_msa	Don't generate the default MSA daemon, i.e.,
1458		DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1459		To define a MSA daemon with other parameters, use this
1460		FEATURE and introduce new settings via DAEMON_OPTIONS().
1461
1462msp		Defines config file for Message Submission Program.
1463		See sendmail/SECURITY for details and cf/cf/submit.mc how
1464		to use it.  An optional argument can be used to override
1465		the default of `[localhost]' to use as host to send all
1466		e-mails to.  Note that MX records will be used if the
1467		specified hostname is not in square brackets (e.g.,
1468		[hostname]).  If `MSA' is specified as second argument then
1469		port 587 is used to contact the server.  Example:
1470
1471			FEATURE(`msp', `', `MSA')
1472
1473		Some more hints about possible changes can be found below
1474		in the section MESSAGE SUBMISSION PROGRAM.
1475
1476		Note: Due to many problems, submit.mc uses
1477
1478			FEATURE(`msp', `[127.0.0.1]')
1479
1480		by default.  If you have a machine with IPv6 only,
1481		change it to
1482
1483			FEATURE(`msp', `[IPv6:0:0:0:0:0:0:0:1]')
1484
1485		If you want to continue using '[localhost]', (the behavior
1486		up to 8.12.6), use
1487
1488			FEATURE(`msp')
1489
1490queuegroup	A simple example how to select a queue group based
1491		on the full e-mail address or the domain of the
1492		recipient.  Selection is done via entries in the
1493		access map using the tag QGRP:, for example:
1494
1495			QGRP:example.com	main
1496			QGRP:friend@some.org	others
1497			QGRP:my.domain		local
1498
1499		where "main", "others", and "local" are names of
1500		queue groups.  If an argument is specified, it is used
1501		as default queue group.
1502
1503		Note: please read the warning in doc/op/op.me about
1504		queue groups and possible queue manipulations.
1505
1506greet_pause	Adds the greet_pause ruleset which enables open proxy
1507		and SMTP slamming protection.  The feature can take an
1508		argument specifying the milliseconds to wait:
1509
1510			FEATURE(`greet_pause', `5000')  dnl 5 seconds
1511
1512		If FEATURE(`access_db') is enabled, an access database
1513		lookup with the GreetPause tag is done using client
1514		hostname, domain, IP address, or subnet to determine the
1515		pause time:
1516
1517			GreetPause:my.domain	0
1518			GreetPause:example.com	5000
1519			GreetPause:10.1.2	2000
1520			GreetPause:127.0.0.1	0
1521
1522		When using FEATURE(`access_db'), the optional
1523		FEATURE(`greet_pause') argument becomes the default if
1524		nothing is found in the access database.  A ruleset called
1525		Local_greet_pause can be used for local modifications, e.g.,
1526
1527			LOCAL_RULESETS
1528			SLocal_greet_pause
1529			R$*		$: $&{daemon_flags}
1530			R$* a $*	$# 0
1531
1532block_bad_helo	Reject messages from SMTP clients which provide a HELO/EHLO
1533		argument which is either unqualified, or is one of our own
1534		names (i.e., the server name instead of the client name).
1535		This check is performed at RCPT stage and disabled for the
1536		following cases:
1537		- authenticated sessions,
1538		- connections from IP addresses in class $={R}.
1539		Currently access_db lookups can not be used to
1540		(selectively) disable this test, moreover,
1541
1542		FEATURE(`delay_checks')
1543
1544		is required.  Note, the block_bad_helo feature automatically
1545		adds the IPv6 and IPv4 localhost IP addresses to $={w} (local
1546		host names) and $={R} (relay permitted).
1547
1548require_rdns	Reject mail from connecting SMTP clients without proper
1549		rDNS (reverse DNS), functional gethostbyaddr() resolution.
1550		Note: this feature will cause false positives, i.e., there
1551		are legitimate MTAs that do not have proper DNS entries.
1552		Rejecting mails from those MTAs is a local policy decision.
1553
1554		The basic policy is to reject message with a 5xx error if
1555		the IP address fails to resolve.  However, if this is a
1556		temporary failure, a 4xx temporary failure is returned.
1557		If the look-up succeeds, but returns an apparently forged
1558		value, this is treated as a temporary failure with a 4xx
1559		error code.
1560
1561		EXCEPTIONS:
1562
1563		Exceptions based on access entries are discussed below.
1564		Any IP address matched using $=R (the "relay-domains" file)
1565		is excepted from the rules.  Since we have explicitly
1566		allowed relaying for this host, based on IP address, we
1567		ignore the rDNS failure.
1568
1569		The philosophical assumption here is that most users do
1570		not control their rDNS.  They should be able to send mail
1571		through their ISP, whether or not they have valid rDNS.
1572		The class $=R, roughly speaking, contains those IP addresses
1573		and address ranges for which we are the ISP, or are acting
1574		as if the ISP.
1575
1576		If `delay_checks' is in effect (recommended), then any
1577		sender who has authenticated is also excepted from the
1578		restrictions.  This happens because the rules produced by
1579		this FEATURE() will not be applied to authenticated senders
1580		(assuming `delay_checks').
1581
1582		ACCESS MAP ENTRIES:
1583
1584		Entries such as
1585			Connect:1.2.3.4		OK
1586			Connect:1.3		RELAY
1587		will allowlist IP address 1.2.3.4 and IP net 1.3.*
1588		so that the rDNS blocking does apply not to those IPs.
1589
1590		Entries such as
1591			Connect:1.2.3.4		REJECT
1592		will have the effect of forcing a temporary failure for
1593		that address to be treated as a permanent failure.
1594
1595badmx		Reject envelope sender addresses (MAIL) whose domain part
1596		resolves to a "bad" MX record.  By default these are
1597		MX records which resolve to A records that match the
1598		regular expression:
1599
1600		^(127\.|10\.|0\.0\.0\.0)
1601
1602		This default regular expression can be overridden by
1603		specifying an argument, e.g.,
1604
1605		FEATURE(`badmx', `^127\.0\.0\.1')
1606
1607		Note: this feature requires that the sendmail binary
1608		has been compiled with the options MAP_REGEX and
1609		DNSMAP.
1610
1611sts		Experimental support for Strict Transport Security
1612		(MTA-STS, see RFC 8461).  It sets the option
1613		StrictTransportSecurity and takes one optional
1614		argument: the socket map specification to access
1615		postfix-mta-sts-resolver (see feature/sts.m4
1616		for the default value).
1617		For more information see doc/op/op.me.
1618
1619+-------+
1620| HACKS |
1621+-------+
1622
1623Some things just can't be called features.  To make this clear,
1624they go in the hack subdirectory and are referenced using the HACK
1625macro.  These will tend to be site-dependent.  The release
1626includes the Berkeley-dependent "cssubdomain" hack (that makes
1627sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
1628this is intended as a short-term aid while moving hosts into
1629subdomains.
1630
1631
1632+--------------------+
1633| SITE CONFIGURATION |
1634+--------------------+
1635
1636    *****************************************************
1637    * This section is really obsolete, and is preserved	*
1638    * only for back compatibility.  You should plan on	*
1639    * using mailertables for new installations.  In	*
1640    * particular, it doesn't work for the newer forms	*
1641    * of UUCP mailers, such as uucp-uudom.		*
1642    *****************************************************
1643
1644Complex sites will need more local configuration information, such as
1645lists of UUCP hosts they speak with directly.  This can get a bit more
1646tricky.  For an example of a "complex" site, see cf/ucbvax.mc.
1647
1648The SITECONFIG macro allows you to indirectly reference site-dependent
1649configuration information stored in the siteconfig subdirectory.  For
1650example, the line
1651
1652	SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
1653
1654reads the file uucp.ucbvax for local connection information.  The
1655second parameter is the local name (in this case just "ucbvax" since
1656it is locally connected, and hence a UUCP hostname).  The third
1657parameter is the name of both a macro to store the local name (in
1658this case, {U}) and the name of the class (e.g., {U}) in which to store
1659the host information read from the file.  Another SITECONFIG line reads
1660
1661	SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
1662
1663This says that the file uucp.ucbarpa contains the list of UUCP sites
1664connected to ucbarpa.Berkeley.EDU.  Class {W} will be used to
1665store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
1666is, the name of the relay to which the hosts listed in uucp.ucbarpa
1667are connected.  [The machine ucbarpa is gone now, but this
1668out-of-date configuration file has been left around to demonstrate
1669how you might do this.]
1670
1671Note that the case of SITECONFIG with a third parameter of ``U'' is
1672special; the second parameter is assumed to be the UUCP name of the
1673local site, rather than the name of a remote site, and the UUCP name
1674is entered into class {w} (the list of local hostnames) as $U.UUCP.
1675
1676The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
1677more than a sequence of SITE macros describing connectivity.  For
1678example:
1679
1680	SITE(`cnmat')
1681	SITE(`sgi olympus')
1682
1683The second example demonstrates that you can use two names on the
1684same line; these are usually aliases for the same host (or are at
1685least in the same company).
1686
1687The macro LOCAL_UUCP can be used to add rules into the generated
1688cf file at the place where MAILER(`uucp') inserts its rules.  This
1689should only be used if really necessary.
1690
1691+--------------------+
1692| USING UUCP MAILERS |
1693+--------------------+
1694
1695It's hard to get UUCP mailers right because of the extremely ad hoc
1696nature of UUCP addressing.  These config files are really designed
1697for domain-based addressing, even for UUCP sites.
1698
1699There are four UUCP mailers available.  The choice of which one to
1700use is partly a matter of local preferences and what is running at
1701the other end of your UUCP connection.  Unlike good protocols that
1702define what will go over the wire, UUCP uses the policy that you
1703should do what is right for the other end; if they change, you have
1704to change.  This makes it hard to do the right thing, and discourages
1705people from updating their software.  In general, if you can avoid
1706UUCP, please do.
1707
1708The major choice is whether to go for a domainized scheme or a
1709non-domainized scheme.  This depends entirely on what the other
1710end will recognize.  If at all possible, you should encourage the
1711other end to go to a domain-based system -- non-domainized addresses
1712don't work entirely properly.
1713
1714The four mailers are:
1715
1716    uucp-old (obsolete name: "uucp")
1717	This is the oldest, the worst (but the closest to UUCP) way of
1718	sending messages across UUCP connections.  It does bangify
1719	everything and prepends $U (your UUCP name) to the sender's
1720	address (which can already be a bang path itself).  It can
1721	only send to one address at a time, so it spends a lot of
1722	time copying duplicates of messages.  Avoid this if at all
1723	possible.
1724
1725    uucp-new (obsolete name: "suucp")
1726	The same as above, except that it assumes that in one rmail
1727	command you can specify several recipients.  It still has a
1728	lot of other problems.
1729
1730    uucp-dom
1731	This UUCP mailer keeps everything as domain addresses.
1732	Basically, it uses the SMTP mailer rewriting rules.  This mailer
1733	is only included if MAILER(`smtp') is specified before
1734	MAILER(`uucp').
1735
1736	Unfortunately, a lot of UUCP mailer transport agents require
1737	bangified addresses in the envelope, although you can use
1738	domain-based addresses in the message header.  (The envelope
1739	shows up as the From_ line on UNIX mail.)  So....
1740
1741    uucp-uudom
1742	This is a cross between uucp-new (for the envelope addresses)
1743	and uucp-dom (for the header addresses).  It bangifies the
1744	envelope sender (From_ line in messages) without adding the
1745	local hostname, unless there is no host name on the address
1746	at all (e.g., "wolf") or the host component is a UUCP host name
1747	instead of a domain name ("somehost!wolf" instead of
1748	"some.dom.ain!wolf").  This is also included only if MAILER(`smtp')
1749	is also specified earlier.
1750
1751Examples:
1752
1753On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1754summarizes the sender rewriting for various mailers.
1755
1756Mailer		sender		rewriting in the envelope
1757------		------		-------------------------
1758uucp-{old,new}	wolf		grasp!wolf
1759uucp-dom	wolf		wolf@grasp.insa-lyon.fr
1760uucp-uudom	wolf		grasp.insa-lyon.fr!wolf
1761
1762uucp-{old,new}	wolf@fr.net	grasp!fr.net!wolf
1763uucp-dom	wolf@fr.net	wolf@fr.net
1764uucp-uudom	wolf@fr.net	fr.net!wolf
1765
1766uucp-{old,new}	somehost!wolf	grasp!somehost!wolf
1767uucp-dom	somehost!wolf	somehost!wolf@grasp.insa-lyon.fr
1768uucp-uudom	somehost!wolf	grasp.insa-lyon.fr!somehost!wolf
1769
1770If you are using one of the domainized UUCP mailers, you really want
1771to convert all UUCP addresses to domain format -- otherwise, it will
1772do it for you (and probably not the way you expected).  For example,
1773if you have the address foo!bar!baz (and you are not sending to foo),
1774the heuristics will add the @uucp.relay.name or @local.host.name to
1775this address.  However, if you map foo to foo.host.name first, it
1776will not add the local hostname.  You can do this using the uucpdomain
1777feature.
1778
1779
1780+-------------------+
1781| TWEAKING RULESETS |
1782+-------------------+
1783
1784For more complex configurations, you can define special rules.
1785The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1786the names.  Any modifications made here are reflected in the header.
1787
1788A common use is to convert old UUCP addresses to SMTP addresses using
1789the UUCPSMTP macro.  For example:
1790
1791	LOCAL_RULE_3
1792	UUCPSMTP(`decvax',	`decvax.dec.com')
1793	UUCPSMTP(`research',	`research.att.com')
1794
1795will cause addresses of the form "decvax!user" and "research!user"
1796to be converted to "user@decvax.dec.com" and "user@research.att.com"
1797respectively.
1798
1799This could also be used to look up hosts in a database map:
1800
1801	LOCAL_RULE_3
1802	R$* < @ $+ > $*		$: $1 < @ $(hostmap $2 $) > $3
1803
1804This map would be defined in the LOCAL_CONFIG portion, as shown below.
1805
1806Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1807For example, new rules are needed to parse hostnames that you accept
1808via MX records.  For example, you might have:
1809
1810	LOCAL_RULE_0
1811	R$+ <@ host.dom.ain.>	$#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1812
1813You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1814pointing at this host; this rule catches the message and forwards it on
1815using UUCP.
1816
1817You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1818These rulesets are normally empty.
1819
1820A similar macro is LOCAL_CONFIG.  This introduces lines added after the
1821boilerplate option setting but before rulesets.  Do not declare rulesets in
1822the LOCAL_CONFIG section.  It can be used to declare local database maps or
1823whatever.  For example:
1824
1825	LOCAL_CONFIG
1826	Khostmap hash /etc/mail/hostmap
1827	Kyplocal nis -m hosts.byname
1828
1829
1830+---------------------------+
1831| MASQUERADING AND RELAYING |
1832+---------------------------+
1833
1834You can have your host masquerade as another using
1835
1836	MASQUERADE_AS(`host.domain')
1837
1838This causes mail being sent to be labeled as coming from the
1839indicated host.domain, rather than $j.  One normally masquerades as
1840one of one's own subdomains (for example, it's unlikely that
1841Berkeley would choose to masquerade as an MIT site).  This
1842behaviour is modified by a plethora of FEATUREs; in particular, see
1843masquerade_envelope, allmasquerade, limited_masquerade, and
1844masquerade_entire_domain.
1845
1846The masquerade name is not normally canonified, so it is important
1847that it be your One True Name, that is, fully qualified and not a
1848CNAME.  However, if you use a CNAME, the receiving side may canonify
1849it for you, so don't think you can cheat CNAME mapping this way.
1850
1851Normally the only addresses that are masqueraded are those that come
1852from this host (that is, are either unqualified or in class {w}, the list
1853of local domain names).  You can augment this list, which is realized
1854by class {M} using
1855
1856	MASQUERADE_DOMAIN(`otherhost.domain')
1857
1858The effect of this is that although mail to user@otherhost.domain
1859will not be delivered locally, any mail including any user@otherhost.domain
1860will, when relayed, be rewritten to have the MASQUERADE_AS address.
1861This can be a space-separated list of names.
1862
1863If these names are in a file, you can use
1864
1865	MASQUERADE_DOMAIN_FILE(`filename')
1866
1867to read the list of names from the indicated file (i.e., to add
1868elements to class {M}).
1869
1870To exempt hosts or subdomains from being masqueraded, you can use
1871
1872	MASQUERADE_EXCEPTION(`host.domain')
1873
1874This can come handy if you want to masquerade a whole domain
1875except for one (or a few) host(s).  If these names are in a file,
1876you can use
1877
1878	MASQUERADE_EXCEPTION_FILE(`filename')
1879
1880Normally only header addresses are masqueraded.  If you want to
1881masquerade the envelope as well, use
1882
1883	FEATURE(`masquerade_envelope')
1884
1885There are always users that need to be "exposed" -- that is, their
1886internal site name should be displayed instead of the masquerade name.
1887Root is an example (which has been "exposed" by default prior to 8.10).
1888You can add users to this list using
1889
1890	EXPOSED_USER(`usernames')
1891
1892This adds users to class {E}; you could also use
1893
1894	EXPOSED_USER_FILE(`filename')
1895
1896You can also arrange to relay all unqualified names (that is, names
1897without @host) to a relay host.  For example, if you have a central
1898email server, you might relay to that host so that users don't have
1899to have .forward files or aliases.  You can do this using
1900
1901	define(`LOCAL_RELAY', `mailer:hostname')
1902
1903The ``mailer:'' can be omitted, in which case the mailer defaults to
1904"relay".  There are some user names that you don't want relayed, perhaps
1905because of local aliases.  A common example is root, which may be
1906locally aliased.  You can add entries to this list using
1907
1908	LOCAL_USER(`usernames')
1909
1910This adds users to class {L}; you could also use
1911
1912	LOCAL_USER_FILE(`filename')
1913
1914If you want all incoming mail sent to a centralized hub, as for a
1915shared /var/spool/mail scheme, use
1916
1917	define(`MAIL_HUB', `mailer:hostname')
1918
1919Again, ``mailer:'' defaults to "relay".  If you define both LOCAL_RELAY
1920and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1921be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1922Note: there is a (long standing) bug which keeps this combination from
1923working for addresses of the form user+detail.
1924Names in class {L} will be delivered locally, so you MUST have aliases or
1925.forward files for them.
1926
1927For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1928FEATURE(`stickyhost'), the following combinations of settings will have the
1929indicated effects:
1930
1931email sent to....	eric			  eric@mastodon.CS.Berkeley.EDU
1932
1933LOCAL_RELAY set to	mail.CS.Berkeley.EDU	  (delivered locally)
1934mail.CS.Berkeley.EDU	  (no local aliasing)	    (aliasing done)
1935
1936MAIL_HUB set to		mammoth.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1937mammoth.CS.Berkeley.EDU	  (aliasing done)	    (aliasing done)
1938
1939Both LOCAL_RELAY and	mail.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1940MAIL_HUB set as above	  (no local aliasing)	    (aliasing done)
1941
1942If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1943MAIL_HUB act identically, with MAIL_HUB taking precedence.
1944
1945If you want all outgoing mail to go to a central relay site, define
1946SMART_HOST as well.  Briefly:
1947
1948	LOCAL_RELAY applies to unqualified names (e.g., "eric").
1949	MAIL_HUB applies to names qualified with the name of the
1950		local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1951	SMART_HOST applies to names qualified with other hosts or
1952		bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1953		or "eric@[127.0.0.1]").
1954
1955However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1956DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1957really want absolutely everything to go to a single central site you will
1958need to unset all the other relays -- or better yet, find or build a
1959minimal config file that does this.
1960
1961For duplicate suppression to work properly, the host name is best
1962specified with a terminal dot:
1963
1964	define(`MAIL_HUB', `host.domain.')
1965	      note the trailing dot ---^
1966
1967
1968+-------------------------------------------+
1969| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1970+-------------------------------------------+
1971
1972LDAP can be used for aliases, maps, and classes by either specifying your
1973own LDAP map specification or using the built-in default LDAP map
1974specification.  The built-in default specifications all provide lookups
1975which match against either the machine's fully qualified hostname (${j}) or
1976a "cluster".  The cluster allows you to share LDAP entries among a large
1977number of machines without having to enter each of the machine names into
1978each LDAP entry.  To set the LDAP cluster name to use for a particular
1979machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1980unique name.  For example:
1981
1982	define(`confLDAP_CLUSTER', `Servers')
1983
1984Here, the word `Servers' will be the cluster name.  As an example, assume
1985that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1986to the Servers cluster.
1987
1988Some of the LDAP LDIF examples below show use of the Servers cluster.
1989Every entry must have either a sendmailMTAHost or sendmailMTACluster
1990attribute or it will be ignored.  Be careful as mixing clusters and
1991individual host records can have surprising results (see the CAUTION
1992sections below).
1993
1994See the file cf/sendmail.schema for the actual LDAP schemas.  Note that
1995this schema (and therefore the lookups and examples below) is experimental
1996at this point as it has had little public review.  Therefore, it may change
1997in future versions.  Feedback via sendmail-YYYY@support.sendmail.org is
1998encouraged (replace YYYY with the current year, e.g., 2005).
1999
2000-------
2001Aliases
2002-------
2003
2004The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
2005lookups.  To use the default schema, simply use:
2006
2007	define(`ALIAS_FILE', `ldap:')
2008
2009By doing so, you will use the default schema which expands to a map
2010declared as follows:
2011
2012	ldap -k (&(objectClass=sendmailMTAAliasObject)
2013		  (sendmailMTAAliasGrouping=aliases)
2014		  (|(sendmailMTACluster=${sendmailMTACluster})
2015		    (sendmailMTAHost=$j))
2016		  (sendmailMTAKey=%0))
2017	     -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
2018
2019
2020NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
2021used when the binary expands the `ldap:' token as the AliasFile option is
2022not actually macro-expanded when read from the sendmail.cf file.
2023
2024Example LDAP LDIF entries might be:
2025
2026	dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
2027	objectClass: sendmailMTA
2028	objectClass: sendmailMTAAlias
2029	objectClass: sendmailMTAAliasObject
2030	sendmailMTAAliasGrouping: aliases
2031	sendmailMTAHost: etrn.sendmail.org
2032	sendmailMTAKey: sendmail-list
2033	sendmailMTAAliasValue: ca@example.org
2034	sendmailMTAAliasValue: eric
2035	sendmailMTAAliasValue: gshapiro@example.com
2036
2037	dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
2038	objectClass: sendmailMTA
2039	objectClass: sendmailMTAAlias
2040	objectClass: sendmailMTAAliasObject
2041	sendmailMTAAliasGrouping: aliases
2042	sendmailMTAHost: etrn.sendmail.org
2043	sendmailMTAKey: owner-sendmail-list
2044	sendmailMTAAliasValue: eric
2045
2046	dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
2047	objectClass: sendmailMTA
2048	objectClass: sendmailMTAAlias
2049	objectClass: sendmailMTAAliasObject
2050	sendmailMTAAliasGrouping: aliases
2051	sendmailMTACluster: Servers
2052	sendmailMTAKey: postmaster
2053	sendmailMTAAliasValue: eric
2054
2055Here, the aliases sendmail-list and owner-sendmail-list will be available
2056only on etrn.sendmail.org but the postmaster alias will be available on
2057every machine in the Servers cluster (including etrn.sendmail.org).
2058
2059CAUTION: aliases are additive so that entries like these:
2060
2061	dn: sendmailMTAKey=bob, dc=sendmail, dc=org
2062	objectClass: sendmailMTA
2063	objectClass: sendmailMTAAlias
2064	objectClass: sendmailMTAAliasObject
2065	sendmailMTAAliasGrouping: aliases
2066	sendmailMTACluster: Servers
2067	sendmailMTAKey: bob
2068	sendmailMTAAliasValue: eric
2069
2070	dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
2071	objectClass: sendmailMTA
2072	objectClass: sendmailMTAAlias
2073	objectClass: sendmailMTAAliasObject
2074	sendmailMTAAliasGrouping: aliases
2075	sendmailMTAHost: etrn.sendmail.org
2076	sendmailMTAKey: bob
2077	sendmailMTAAliasValue: gshapiro
2078
2079would mean that on all of the hosts in the cluster, mail to bob would go to
2080eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
2081gshapiro.
2082
2083If you prefer not to use the default LDAP schema for your aliases, you can
2084specify the map parameters when setting ALIAS_FILE.  For example:
2085
2086	define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
2087
2088----
2089Maps
2090----
2091
2092FEATURE()'s which take an optional map definition argument (e.g., access,
2093mailertable, virtusertable, etc.) can instead take the special keyword
2094`LDAP', e.g.:
2095
2096	FEATURE(`access_db', `LDAP')
2097	FEATURE(`virtusertable', `LDAP')
2098
2099When this keyword is given, that map will use LDAP lookups consisting of
2100the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
2101with the map name, a search attribute of sendmailMTAKey, and the value
2102attribute sendmailMTAMapValue.
2103
2104The values for sendmailMTAMapName are:
2105
2106	FEATURE()		sendmailMTAMapName
2107	---------		------------------
2108	access_db		access
2109	authinfo		authinfo
2110	bitdomain		bitdomain
2111	domaintable		domain
2112	genericstable		generics
2113	mailertable		mailer
2114	uucpdomain		uucpdomain
2115	virtusertable		virtuser
2116
2117For example, FEATURE(`mailertable', `LDAP') would use the map definition:
2118
2119	Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
2120			       (sendmailMTAMapName=mailer)
2121			       (|(sendmailMTACluster=${sendmailMTACluster})
2122				 (sendmailMTAHost=$j))
2123			       (sendmailMTAKey=%0))
2124			  -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
2125
2126An example LDAP LDIF entry using this map might be:
2127
2128	dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
2129	objectClass: sendmailMTA
2130	objectClass: sendmailMTAMap
2131	sendmailMTACluster: Servers
2132	sendmailMTAMapName: mailer
2133
2134	dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2135	objectClass: sendmailMTA
2136	objectClass: sendmailMTAMap
2137	objectClass: sendmailMTAMapObject
2138	sendmailMTAMapName: mailer
2139	sendmailMTACluster: Servers
2140	sendmailMTAKey: example.com
2141	sendmailMTAMapValue: relay:[smtp.example.com]
2142
2143CAUTION: If your LDAP database contains the record above and *ALSO* a host
2144specific record such as:
2145
2146	dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2147	objectClass: sendmailMTA
2148	objectClass: sendmailMTAMap
2149	objectClass: sendmailMTAMapObject
2150	sendmailMTAMapName: mailer
2151	sendmailMTAHost: etrn.sendmail.org
2152	sendmailMTAKey: example.com
2153	sendmailMTAMapValue: relay:[mx.example.com]
2154
2155then these entries will give unexpected results.  When the lookup is done
2156on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
2157require a single match.  Since the host etrn.sendmail.org is also in the
2158Servers cluster, LDAP would return two answers for the example.com map key
2159in which case sendmail would treat this as no match at all.
2160
2161If you prefer not to use the default LDAP schema for your maps, you can
2162specify the map parameters when using the FEATURE().  For example:
2163
2164	FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
2165
2166-------
2167Classes
2168-------
2169
2170Normally, classes can be filled via files or programs.  As of 8.12, they
2171can also be filled via map lookups using a new syntax:
2172
2173	F{ClassName}mapkey@mapclass:mapspec
2174
2175mapkey is optional and if not provided the map key will be empty.  This can
2176be used with LDAP to read classes from LDAP.  Note that the lookup is only
2177done when sendmail is initially started.  Use the special value `@LDAP' to
2178use the default LDAP schema.  For example:
2179
2180	RELAY_DOMAIN_FILE(`@LDAP')
2181
2182would put all of the attribute sendmailMTAClassValue values of LDAP records
2183with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
2184'R' into class $={R}.  In other words, it is equivalent to the LDAP map
2185specification:
2186
2187	F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
2188		       (sendmailMTAClassName=R)
2189		       (|(sendmailMTACluster=${sendmailMTACluster})
2190			 (sendmailMTAHost=$j)))
2191		  -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
2192
2193NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
2194used when the binary expands the `@LDAP' token as class declarations are
2195not actually macro-expanded when read from the sendmail.cf file.
2196
2197This can be used with class related commands such as RELAY_DOMAIN_FILE(),
2198MASQUERADE_DOMAIN_FILE(), etc:
2199
2200	Command				sendmailMTAClassName
2201	-------				--------------------
2202	CANONIFY_DOMAIN_FILE()		Canonify
2203	EXPOSED_USER_FILE()		E
2204	GENERICS_DOMAIN_FILE()		G
2205	LDAPROUTE_DOMAIN_FILE()		LDAPRoute
2206	LDAPROUTE_EQUIVALENT_FILE()	LDAPRouteEquiv
2207	LOCAL_USER_FILE()		L
2208	MASQUERADE_DOMAIN_FILE()	M
2209	MASQUERADE_EXCEPTION_FILE()	N
2210	RELAY_DOMAIN_FILE()		R
2211	VIRTUSER_DOMAIN_FILE()		VirtHost
2212
2213You can also add your own as any 'F'ile class of the form:
2214
2215	F{ClassName}@LDAP
2216	  ^^^^^^^^^
2217will use "ClassName" for the sendmailMTAClassName.
2218
2219An example LDAP LDIF entry would look like:
2220
2221	dn: sendmailMTAClassName=R, dc=sendmail, dc=org
2222	objectClass: sendmailMTA
2223	objectClass: sendmailMTAClass
2224	sendmailMTACluster: Servers
2225	sendmailMTAClassName: R
2226	sendmailMTAClassValue: sendmail.org
2227	sendmailMTAClassValue: example.com
2228	sendmailMTAClassValue: 10.56.23
2229
2230CAUTION: If your LDAP database contains the record above and *ALSO* a host
2231specific record such as:
2232
2233	dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
2234	objectClass: sendmailMTA
2235	objectClass: sendmailMTAClass
2236	sendmailMTAHost: etrn.sendmail.org
2237	sendmailMTAClassName: R
2238	sendmailMTAClassValue: example.com
2239
2240the result will be similar to the aliases caution above.  When the lookup
2241is done on etrn.sendmail.org, $={R} would contain all of the entries (from
2242both the cluster match and the host match).  In other words, the effective
2243is additive.
2244
2245If you prefer not to use the default LDAP schema for your classes, you can
2246specify the map parameters when using the class command.  For example:
2247
2248	VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
2249
2250Remember, macros can not be used in a class declaration as the binary does
2251not expand them.
2252
2253
2254+--------------+
2255| LDAP ROUTING |
2256+--------------+
2257
2258FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
2259LDAP Schema for Intranet Mail Routing
2260(draft-lachman-laser-ldap-mail-routing-01).  This feature enables
2261LDAP-based rerouting of a particular address to either a different host
2262or a different address.  The LDAP lookup is first attempted on the full
2263address (e.g., user@example.com) and then on the domain portion
2264(e.g., @example.com).  Be sure to setup your domain for LDAP routing using
2265LDAPROUTE_DOMAIN(), e.g.:
2266
2267	LDAPROUTE_DOMAIN(`example.com')
2268
2269Additionally, you can specify equivalent domains for LDAP routing using
2270LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE().  'Equivalent'
2271hostnames are mapped to $M (the masqueraded hostname for the server) before
2272the LDAP query.  For example, if the mail is addressed to
2273user@host1.example.com, normally the LDAP lookup would only be done for
2274'user@host1.example.com' and '@host1.example.com'.   However, if
2275LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
2276done on 'user@example.com' and '@example.com' after attempting the
2277host1.example.com lookups.
2278
2279By default, the feature will use the schemas as specified in the draft
2280and will not reject addresses not found by the LDAP lookup.  However,
2281this behavior can be changed by giving additional arguments to the FEATURE()
2282command:
2283
2284 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
2285		 <detail>, <nodomain>, <tempfail>)
2286
2287where <mailHost> is a map definition describing how to look up an alternative
2288mail host for a particular address; <mailRoutingAddress> is a map definition
2289describing how to look up an alternative address for a particular address;
2290the <bounce> argument, if present and not the word "passthru", dictates
2291that mail should be bounced if neither a mailHost nor mailRoutingAddress
2292is found, if set to "sendertoo", the sender will be rejected if not
2293found in LDAP; and <detail> indicates what actions to take if the address
2294contains +detail information -- `strip' tries the lookup with the +detail
2295and if no matches are found, strips the +detail and tries the lookup again;
2296`preserve', does the same as `strip' but if a mailRoutingAddress match is
2297found, the +detail information is copied to the new address; the <nodomain>
2298argument, if present, will prevent the @domain lookup if the full
2299address is not found in LDAP; the <tempfail> argument, if set to
2300"tempfail", instructs the rules to give an SMTP 4XX temporary
2301error if the LDAP server gives the MTA a temporary failure, or if set to
2302"queue" (the default), the MTA will locally queue the mail.
2303
2304The default <mailHost> map definition is:
2305
2306	ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2307				 (mailLocalAddress=%0))
2308
2309The default <mailRoutingAddress> map definition is:
2310
2311	ldap -1 -T<TMPF> -v mailRoutingAddress
2312			 -k (&(objectClass=inetLocalMailRecipient)
2313			      (mailLocalAddress=%0))
2314
2315Note that neither includes the LDAP server hostname (-h server) or base DN
2316(-b o=org,c=COUNTRY), both necessary for LDAP queries.  It is presumed that
2317your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
2318these settings.  If this is not the case, the map definitions should be
2319changed as described above.  The "-T<TMPF>" is required in any user
2320specified map definition to catch temporary errors.
2321
2322The following possibilities exist as a result of an LDAP lookup on an
2323address:
2324
2325	mailHost is	mailRoutingAddress is	Results in
2326	-----------	---------------------	----------
2327	set to a	set			mail delivered to
2328	"local" host				mailRoutingAddress
2329
2330	set to a	not set			delivered to
2331	"local" host				original address
2332
2333	set to a	set			mailRoutingAddress
2334	remote host				relayed to mailHost
2335
2336	set to a	not set			original address
2337	remote host				relayed to mailHost
2338
2339	not set		set			mail delivered to
2340						mailRoutingAddress
2341
2342	not set		not set			delivered to
2343						original address *OR*
2344						bounced as unknown user
2345
2346The term "local" host above means the host specified is in class {w}.  If
2347the result would mean sending the mail to a different host, that host is
2348looked up in the mailertable before delivery.
2349
2350Note that the last case depends on whether the third argument is given
2351to the FEATURE() command.  The default is to deliver the message to the
2352original address.
2353
2354The LDAP entries should be set up with an objectClass of
2355inetLocalMailRecipient and the address be listed in a mailLocalAddress
2356attribute.  If present, there must be only one mailHost attribute and it
2357must contain a fully qualified host name as its value.  Similarly, if
2358present, there must be only one mailRoutingAddress attribute and it must
2359contain an RFC 822 compliant address.  Some example LDAP records (in LDIF
2360format):
2361
2362	dn: uid=tom, o=example.com, c=US
2363	objectClass: inetLocalMailRecipient
2364	mailLocalAddress: tom@example.com
2365	mailRoutingAddress: thomas@mailhost.example.com
2366
2367This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2368
2369	dn: uid=dick, o=example.com, c=US
2370	objectClass: inetLocalMailRecipient
2371	mailLocalAddress: dick@example.com
2372	mailHost: eng.example.com
2373
2374This would relay mail for dick@example.com to the same address but redirect
2375the mail to MX records listed for the host eng.example.com (unless the
2376mailertable overrides).
2377
2378	dn: uid=harry, o=example.com, c=US
2379	objectClass: inetLocalMailRecipient
2380	mailLocalAddress: harry@example.com
2381	mailHost: mktmail.example.com
2382	mailRoutingAddress: harry@mkt.example.com
2383
2384This would relay mail for harry@example.com to the MX records listed for
2385the host mktmail.example.com using the new address harry@mkt.example.com
2386when talking to that host.
2387
2388	dn: uid=virtual.example.com, o=example.com, c=US
2389	objectClass: inetLocalMailRecipient
2390	mailLocalAddress: @virtual.example.com
2391	mailHost: server.example.com
2392	mailRoutingAddress: virtual@example.com
2393
2394This would send all mail destined for any username @virtual.example.com to
2395the machine server.example.com's MX servers and deliver to the address
2396virtual@example.com on that relay machine.
2397
2398
2399+---------------------------------+
2400| ANTI-SPAM CONFIGURATION CONTROL |
2401+---------------------------------+
2402
2403The primary anti-spam features available in sendmail are:
2404
2405* Relaying is denied by default.
2406* Better checking on sender information.
2407* Access database.
2408* Header checks.
2409
2410Relaying (transmission of messages from a site outside your host (class
2411{w}) to another site except yours) is denied by default.  Note that this
2412changed in sendmail 8.9; previous versions allowed relaying by default.
2413If you really want to revert to the old behaviour, you will need to use
2414FEATURE(`promiscuous_relay').  You can allow certain domains to relay
2415through your server by adding their domain name or IP address to class
2416{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2417(described below).  Note that IPv6 addresses must be prefaced with "IPv6:".
2418The file consists (like any other file based class) of entries listed on
2419separate lines, e.g.,
2420
2421	sendmail.org
2422	128.32
2423	IPv6:2002:c0a8:02c7
2424	IPv6:2002:c0a8:51d2::23f4
2425	host.mydomain.com
2426	[UNIX:localhost]
2427
2428Notice: the last entry allows relaying for connections via a UNIX
2429socket to the MTA/MSP.  This might be necessary if your configuration
2430doesn't allow relaying by other means in that case, e.g., by having
2431localhost.$m in class {R} (make sure $m is not just a top level
2432domain).
2433
2434If you use
2435
2436	FEATURE(`relay_entire_domain')
2437
2438then any host in any of your local domains (that is, class {m})
2439will be relayed (that is, you will accept mail either to or from any
2440host in your domain).
2441
2442You can also allow relaying based on the MX records of the host
2443portion of an incoming recipient address by using
2444
2445	FEATURE(`relay_based_on_MX')
2446
2447For example, if your server receives a recipient of user@domain.com
2448and domain.com lists your server in its MX records, the mail will be
2449accepted for relay to domain.com.  This feature may cause problems
2450if MX lookups for the recipient domain are slow or time out.  In that
2451case, mail will be temporarily rejected.  It is usually better to
2452maintain a list of hosts/domains for which the server acts as relay.
2453Note also that this feature will stop spammers from using your host
2454to relay spam but it will not stop outsiders from using your server
2455as a relay for their site (that is, they set up an MX record pointing
2456to your mail server, and you will relay mail addressed to them
2457without any prior arrangement).  Along the same lines,
2458
2459	FEATURE(`relay_local_from')
2460
2461will allow relaying if the sender specifies a return path (i.e.
2462MAIL FROM:<user@domain>) domain which is a local domain.  This is a
2463dangerous feature as it will allow spammers to spam using your mail
2464server by simply specifying a return address of user@your.domain.com.
2465It should not be used unless absolutely necessary.
2466A slightly better solution is
2467
2468	FEATURE(`relay_mail_from')
2469
2470which allows relaying if the mail sender is listed as RELAY in the
2471access map.  If an optional argument `domain' (this is the literal
2472word `domain', not a placeholder) is given, the domain portion of
2473the mail sender is also checked to allowing relaying.  This option
2474only works together with the tag From: for the LHS of the access
2475map entries.  This feature allows spammers to abuse your mail server
2476by specifying a return address that you enabled in your access file.
2477This may be harder to figure out for spammers, but it should not
2478be used unless necessary.  Instead use SMTP AUTH or STARTTLS to
2479allow relaying for roaming users.
2480
2481
2482If source routing is used in the recipient address (e.g.,
2483RCPT TO:<user%site.com@othersite.com>), sendmail will check
2484user@site.com for relaying if othersite.com is an allowed relay host
2485in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2486or the access database if FEATURE(`access_db') is used.  To prevent
2487the address from being stripped down, use:
2488
2489	FEATURE(`loose_relay_check')
2490
2491If you think you need to use this feature, you probably do not.  This
2492should only be used for sites which have no control over the addresses
2493that they provide a gateway for.  Use this FEATURE with caution as it
2494can allow spammers to relay through your server if not setup properly.
2495
2496NOTICE: It is possible to relay mail through a system which the
2497anti-relay rules do not prevent: the case of a system that does use
2498FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial')
2499(system A) and relays local messages to a mail hub (e.g., via
2500LOCAL_RELAY or LUSER_RELAY) (system B).  If system B doesn't use the
2501same feature (nouucp / nopercenthack) at all, addresses of the form
2502<example.net!user@local.host> / <user%example.net@local.host>
2503would be relayed to <user@example.net>.
2504System A doesn't recognize `!' / `%' as an address separator and
2505therefore forwards it to the mail hub which in turns relays it
2506because it came from a trusted local host.  So if a mailserver
2507allows UUCP (bang-format) / %-hack addresses, all systems from which
2508it allows relaying should do the same or reject those addresses.
2509
2510As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2511an unresolvable domain (i.e., one that DNS, your local name service,
2512or special case rules in ruleset 3 cannot locate).  This also applies
2513to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2514IP address can't be mapped to a host name.  If you want to continue
2515to accept such domains, e.g., because you are inside a firewall that
2516has only a limited view of the Internet host name space (note that you
2517will not be able to return mail to them unless you have some "smart
2518host" forwarder), use
2519
2520	FEATURE(`accept_unresolvable_domains')
2521
2522Alternatively, you can allow specific addresses by adding them to
2523the access map, e.g.,
2524
2525	From:unresolvable.domain	OK
2526	From:[1.2.3.4]			OK
2527	From:[1.2.4]			OK
2528
2529Notice: domains which are temporarily unresolvable are (temporarily)
2530rejected with a 451 reply code.  If those domains should be accepted
2531(which is discouraged) then you can use
2532
2533	LOCAL_CONFIG
2534	C{ResOk}TEMP
2535
2536sendmail will also refuse mail if the MAIL FROM: parameter is not
2537fully qualified (i.e., contains a domain as well as a user).  If you
2538want to continue to accept such senders, use
2539
2540	FEATURE(`accept_unqualified_senders')
2541
2542Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2543i.e., unqualified addresses are accepted even without this FEATURE.  If
2544this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2545to enforce fully qualified domain names.
2546
2547An ``access'' database can be created to accept or reject mail from
2548selected domains.  For example, you may choose to reject all mail
2549originating from known spammers.  To enable such a database, use
2550
2551	FEATURE(`access_db')
2552
2553Notice: the access database is applied to the envelope addresses
2554and the connection information, not to the header.
2555
2556The FEATURE macro can accept as second parameter the key file
2557definition for the database; for example
2558
2559	FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2560
2561Notice: If a second argument is specified it must contain the option
2562`-T<TMPF>' as shown above.  The optional parameters may be
2563
2564	`skip'			enables SKIP as value part (see below).
2565	`lookupdotdomain'	another way to enable the feature of the
2566				same name (see above).
2567	`relaytofulladdress'	enable entries of the form
2568				To:user@example.com	RELAY
2569				to allow relaying to just a specific
2570				e-mail address instead of an entire domain.
2571
2572Remember, since /etc/mail/access is a database, after creating the text
2573file as described below, you must use makemap to create the database
2574map.  For example:
2575
2576	makemap hash /etc/mail/access < /etc/mail/access
2577
2578The table itself uses e-mail addresses, domain names, and network
2579numbers as keys.  Note that IPv6 addresses must be prefaced with "IPv6:".
2580For example,
2581
2582	From:spammer@aol.com			REJECT
2583	From:cyberspammer.com			REJECT
2584	Connect:cyberspammer.com		REJECT
2585	Connect:TLD				REJECT
2586	Connect:192.168.212			REJECT
2587	Connect:IPv6:2002:c0a8:02c7		RELAY
2588	Connect:IPv6:2002:c0a8:51d2::23f4	REJECT
2589
2590would refuse mail from spammer@aol.com, any user from cyberspammer.com
2591(or any host within the cyberspammer.com domain), any host in the entire
2592top level domain TLD, 192.168.212.* network, and the IPv6 address
25932002:c0a8:51d2::23f4.  It would allow relay for the IPv6 network
25942002:c0a8:02c7::/48.
2595
2596Entries in the access map should be tagged according to their type.
2597These tags are applicable:
2598
2599	Connect:	connection information (${client_addr}, ${client_name})
2600	From:		envelope sender
2601	To:		envelope recipient
2602
2603Notice: untagged entries are deprecated.
2604
2605If the required item is looked up in a map, it will be tried first
2606with the corresponding tag in front, then (as fallback to enable
2607backward compatibility) without any tag, unless the specific feature
2608requires a tag.  For example,
2609
2610	From:spammer@some.dom	REJECT
2611	To:friend.domain	RELAY
2612	Connect:friend.domain	OK
2613	Connect:from.domain	RELAY
2614	From:good@another.dom	OK
2615	From:another.dom	REJECT
2616
2617This would deny mails from spammer@some.dom but you could still
2618send mail to that address even if FEATURE(`blocklist_recipients')
2619is enabled.  Your system will allow relaying to friend.domain, but
2620not from it (unless enabled by other means).  Connections from that
2621domain will be allowed even if it ends up in one of the DNS based
2622rejection lists.  Relaying is enabled from from.domain but not to
2623it (since relaying is based on the connection information for
2624outgoing relaying, the tag Connect: must be used; for incoming
2625relaying, which is based on the recipient address, To: must be
2626used).  The last two entries allow mails from good@another.dom but
2627reject mail from all other addresses with another.dom as domain
2628part.
2629
2630
2631The value part of the map can contain:
2632
2633	OK		Accept mail even if other rules in the running
2634			ruleset would reject it, for example, if the domain
2635			name is unresolvable.  "Accept" does not mean
2636			"relay", but at most acceptance for local
2637			recipients.  That is, OK allows less than RELAY.
2638	RELAY		Accept mail addressed to the indicated domain
2639			(or address if `relaytofulladdress' is set) or
2640			received from the indicated domain for relaying
2641			through your SMTP server.  RELAY also serves as
2642			an implicit OK for the other checks.
2643	REJECT		Reject the sender or recipient with a general
2644			purpose message.
2645	DISCARD		Discard the message completely using the
2646			$#discard mailer.  If it is used in check_compat,
2647			it affects only the designated recipient, not
2648			the whole message as it does in all other cases.
2649			This should only be used if really necessary.
2650	SKIP		This can only be used for host/domain names
2651			and IP addresses/nets.  It will abort the current
2652			search for this entry without accepting or rejecting
2653			it but causing the default action.
2654	### any text	where ### is an RFC 821 compliant error code and
2655			"any text" is a message to return for the command.
2656			The entire string should be quoted to avoid
2657			surprises:
2658
2659				"### any text"
2660
2661			Otherwise sendmail formats the text as email
2662			addresses, e.g., it may remove spaces.
2663			This type is deprecated, use one of the two
2664			ERROR:  entries below instead.
2665	ERROR:### any text
2666			as above, but useful to mark error messages as such.
2667			If quotes need to be used to avoid modifications
2668			(see above), they should be placed like this:
2669
2670				ERROR:"### any text"
2671
2672	ERROR:D.S.N:### any text
2673			where D.S.N is an RFC 1893 compliant error code
2674			and the rest as above.  If quotes need to be used
2675			to avoid modifications, they should be placed
2676			like this:
2677
2678				ERROR:D.S.N:"### any text"
2679
2680	QUARANTINE:any text
2681			Quarantine the message using the given text as the
2682			quarantining reason.
2683
2684For example:
2685
2686	From:cyberspammer.com	ERROR:"550 We don't accept mail from spammers"
2687	From:okay.cyberspammer.com	OK
2688	Connect:sendmail.org		RELAY
2689	To:sendmail.org			RELAY
2690	Connect:128.32			RELAY
2691	Connect:128.32.2		SKIP
2692	Connect:IPv6:1:2:3:4:5:6:7	RELAY
2693	Connect:suspicious.example.com	QUARANTINE:Mail from suspicious host
2694	Connect:[127.0.0.3]		OK
2695	Connect:[IPv6:1:2:3:4:5:6:7:8]	OK
2696
2697would accept mail from okay.cyberspammer.com, but would reject mail
2698from all other hosts at cyberspammer.com with the indicated message.
2699It would allow relaying mail from and to any hosts in the sendmail.org
2700domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2701and from the 128.32.*.* network except for the 128.32.2.* network,
2702which shows how SKIP is useful to exempt subnets/subdomains.  The
2703last two entries are for checks against ${client_name} if the IP
2704address doesn't resolve to a hostname (or is considered as "may be
2705forged").  That is, using square brackets means these are host
2706names, not network numbers.
2707
2708Warning: if you change the RFC 821 compliant error code from the default
2709value of 550, then you should probably also change the RFC 1893 compliant
2710error code to match it.  For example, if you use
2711
2712	To:user@example.com	ERROR:450 mailbox full
2713
2714the error returned would be "450 5.0.0 mailbox full" which is wrong.
2715Use "ERROR:4.2.2:450 mailbox full" instead.
2716
2717Note, UUCP users may need to add hostname.UUCP to the access database
2718or class {R}.
2719
2720If you also use:
2721
2722	FEATURE(`relay_hosts_only')
2723
2724then the above example will allow relaying for sendmail.org, but not
2725hosts within the sendmail.org domain.  Note that this will also require
2726hosts listed in class {R} to be fully qualified host names.
2727
2728You can also use the access database to block sender addresses based on
2729the username portion of the address.  For example:
2730
2731	From:FREE.STEALTH.MAILER@	ERROR:550 Spam not accepted
2732
2733Note that you must include the @ after the username to signify that
2734this database entry is for checking only the username portion of the
2735sender address.
2736
2737If you use:
2738
2739	FEATURE(`blocklist_recipients')
2740
2741then you can add entries to the map for local users, hosts in your
2742domains, or addresses in your domain which should not receive mail:
2743
2744	To:badlocaluser@	ERROR:550 Mailbox disabled for badlocaluser
2745	To:host.my.TLD		ERROR:550 That host does not accept mail
2746	To:user@other.my.TLD	ERROR:550 Mailbox disabled for this recipient
2747
2748This would prevent a recipient of badlocaluser in any of the local
2749domains (class {w}), any user at host.my.TLD, and the single address
2750user@other.my.TLD from receiving mail.  Please note: a local username
2751must be now tagged with an @ (this is consistent with the check of
2752the sender address, and hence it is possible to distinguish between
2753hostnames and usernames).  Enabling this feature will keep you from
2754sending mails to all addresses that have an error message or REJECT
2755as value part in the access map.  Taking the example from above:
2756
2757	spammer@aol.com		REJECT
2758	cyberspammer.com	REJECT
2759
2760Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2761That's why tagged entries should be used.
2762
2763There are several DNS based blocklists which can be found by
2764querying a search engine.  These are databases of spammers
2765maintained in DNS.  To use such a database, specify
2766
2767	FEATURE(`dnsbl', `dnsbl.example.com')
2768
2769This will cause sendmail to reject mail from any site listed in the
2770DNS based blocklist.  You must select a DNS based blocklist domain
2771to check by specifying an argument to the FEATURE.  The default
2772error message is
2773
2774	Rejected: IP-ADDRESS listed at SERVER
2775
2776where IP-ADDRESS and SERVER are replaced by the appropriate
2777information.  A second argument can be used to specify a different
2778text or action.  For example,
2779
2780	FEATURE(`dnsbl', `dnsbl.example.com', `quarantine')
2781
2782would quarantine the message if the client IP address is listed
2783at `dnsbl.example.com'.
2784
2785By default, temporary lookup failures are ignored
2786and hence cause the connection not to be rejected by the DNS based
2787rejection list.  This behavior can be changed by specifying a third
2788argument, which must be either `t' or a full error message.  For
2789example:
2790
2791	FEATURE(`dnsbl', `dnsbl.example.com', `',
2792	`"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2793
2794If `t' is used, the error message is:
2795
2796	451 Temporary lookup failure of IP-ADDRESS at SERVER
2797
2798where IP-ADDRESS and SERVER are replaced by the appropriate
2799information.
2800
2801This FEATURE can be included several times to query different
2802DNS based rejection lists.
2803
2804Notice: to avoid checking your own local domains against those
2805blocklists, use the access_db feature and add:
2806
2807	Connect:10.1		OK
2808	Connect:127.0.0.1	RELAY
2809
2810to the access map, where 10.1 is your local network.  You may
2811want to use "RELAY" instead of "OK" to allow also relaying
2812instead of just disabling the DNS lookups in the blocklists.
2813
2814
2815The features described above make use of the check_relay, check_mail,
2816and check_rcpt rulesets.  Note that check_relay checks the SMTP
2817client hostname and IP address when the connection is made to your
2818server.  It does not check if a mail message is being relayed to
2819another server.  That check is done in check_rcpt.  If you wish to
2820include your own checks, you can put your checks in the rulesets
2821Local_check_relay, Local_check_mail, and Local_check_rcpt.  For
2822example if you wanted to block senders with all numeric usernames
2823(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2824regex map:
2825
2826	LOCAL_CONFIG
2827	Kallnumbers regex -a@MATCH ^[0-9]+$
2828
2829	LOCAL_RULESETS
2830	SLocal_check_mail
2831	# check address against various regex checks
2832	R$*				$: $>Parse0 $>3 $1
2833	R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $)
2834	R@MATCH				$#error $: 553 Address Error
2835
2836These rules are called with the original arguments of the corresponding
2837check_* ruleset.  If the local ruleset returns $#OK, no further checking
2838is done by the features described above and the mail is accepted.  If
2839the local ruleset resolves to a mailer (such as $#error or $#discard),
2840the appropriate action is taken.  Other results starting with $# are
2841interpreted by sendmail and may lead to unspecified behavior.  Note: do
2842NOT create a mailer with the name OK.  Return values that do not start
2843with $# are ignored, i.e., normal processing continues.
2844
2845Delay all checks
2846----------------
2847
2848By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2849will not be called when a client connects or issues a MAIL command,
2850respectively.  Instead, those rulesets will be called by the check_rcpt
2851ruleset; they will be skipped if a sender has been authenticated using
2852a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2853If check_mail returns an error then the RCPT TO command will be rejected
2854with that error.  If it returns some other result starting with $# then
2855check_relay will be skipped.  If the sender address (or a part of it) is
2856listed in the access map and it has a RHS of OK or RELAY, then check_relay
2857will be skipped.  This has an interesting side effect: if your domain is
2858my.domain and you have
2859
2860	my.domain	RELAY
2861
2862in the access map, then any e-mail with a sender address of
2863<user@my.domain> will not be rejected by check_relay even though
2864it would match the hostname or IP address.  This allows spammers
2865to get around DNS based blocklist by faking the sender address.  To
2866avoid this problem you have to use tagged entries:
2867
2868	To:my.domain		RELAY
2869	Connect:my.domain	RELAY
2870
2871if you need those entries at all (class {R} may take care of them).
2872
2873FEATURE(`delay_checks') can take an optional argument:
2874
2875	FEATURE(`delay_checks', `friend')
2876		 enables spamfriend test
2877	FEATURE(`delay_checks', `hater')
2878		 enables spamhater test
2879
2880If such an argument is given, the recipient will be looked up in the
2881access map (using the tag Spam:).  If the argument is `friend', then
2882the default behavior is to apply the other rulesets and make a SPAM
2883friend the exception.  The rulesets check_mail and check_relay will be
2884skipped only if the recipient address is found and has RHS FRIEND.  If
2885the argument is `hater', then the default behavior is to skip the rulesets
2886check_mail and check_relay and make a SPAM hater the exception.  The
2887other two rulesets will be applied only if the recipient address is
2888found and has RHS HATER.
2889
2890This allows for simple exceptions from the tests, e.g., by activating
2891the friend option and having
2892
2893	Spam:abuse@	FRIEND
2894
2895in the access map, mail to abuse@localdomain will get through (where
2896"localdomain" is any domain in class {w}).  It is also possible to
2897specify a full address or an address with +detail:
2898
2899	Spam:abuse@my.domain	FRIEND
2900	Spam:me+abuse@		FRIEND
2901	Spam:spam.domain	FRIEND
2902
2903Note: The required tag has been changed in 8.12 from To: to Spam:.
2904This change is incompatible to previous versions.  However, you can
2905(for now) simply add the new entries to the access map, the old
2906ones will be ignored.  As soon as you removed the old entries from
2907the access map, specify a third parameter (`n') to this feature and
2908the backward compatibility rules will not be in the generated .cf
2909file.
2910
2911Header Checks
2912-------------
2913
2914You can also reject mail on the basis of the contents of headers.
2915This is done by adding a ruleset call to the 'H' header definition command
2916in sendmail.cf.  For example, this can be used to check the validity of
2917a Message-ID: header:
2918
2919	LOCAL_CONFIG
2920	HMessage-Id: $>CheckMessageId
2921
2922	LOCAL_RULESETS
2923	SCheckMessageId
2924	R< $+ @ $+ >		$@ OK
2925	R$*			$#error $: 553 Header Error
2926
2927The alternative format:
2928
2929	HSubject: $>+CheckSubject
2930
2931that is, $>+ instead of $>, gives the full Subject: header including
2932comments to the ruleset (comments in parentheses () are stripped
2933by default).
2934
2935A default ruleset for headers which don't have a specific ruleset
2936defined for them can be given by:
2937
2938	H*: $>CheckHdr
2939
2940Notice:
29411. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2942That may cause problems with simple header checks due to the
2943tokenization.  It might be simpler to use a regex map and apply it
2944to $&{currHeader}.
29452. There are no default rulesets coming with this distribution of
2946sendmail.  You can write your own, can search the WWW for examples,
2947or take a look at cf/cf/knecht.mc.
29483. When using a default ruleset for headers, the name of the header
2949currently being checked can be found in the $&{hdr_name} macro.
2950
2951After all of the headers are read, the check_eoh ruleset will be called for
2952any final header-related checks.  The ruleset is called with the number of
2953headers and the size of all of the headers in bytes separated by $|.  One
2954example usage is to reject messages which do not have a Message-Id:
2955header.  However, the Message-Id: header is *NOT* a required header and is
2956not a guaranteed spam indicator.  This ruleset is an example and should
2957probably not be used in production.
2958
2959	LOCAL_CONFIG
2960	Kstorage macro
2961	HMessage-Id: $>CheckMessageId
2962
2963	LOCAL_RULESETS
2964	SCheckMessageId
2965	# Record the presence of the header
2966	R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
2967	R< $+ @ $+ >		$@ OK
2968	R$*			$#error $: 553 Header Error
2969
2970	Scheck_eoh
2971	# Check the macro
2972	R$*			$: < $&{MessageIdCheck} >
2973	# Clear the macro for the next message
2974	R$*			$: $(storage {MessageIdCheck} $) $1
2975	# Has a Message-Id: header
2976	R< $+ >			$@ OK
2977	# Allow missing Message-Id: from local mail
2978	R$*			$: < $&{client_name} >
2979	R< >			$@ OK
2980	R< $=w >		$@ OK
2981	# Otherwise, reject the mail
2982	R$*			$#error $: 553 Header Error
2983
2984
2985+--------------------+
2986| CONNECTION CONTROL |
2987+--------------------+
2988
2989The features ratecontrol and conncontrol allow to establish connection
2990limits per client IP address or net.  These features can limit the
2991rate of connections (connections per time unit) or the number of
2992incoming SMTP connections, respectively.  If enabled, appropriate
2993rulesets are called at the end of check_relay, i.e., after DNS
2994blocklists and generic access_db operations.  The features require
2995FEATURE(`access_db') to be listed earlier in the mc file.
2996
2997Note: FEATURE(`delay_checks') delays those connection control checks
2998after a recipient address has been received, hence making these
2999connection control features less useful.  To run the checks as early
3000as possible, specify the parameter `nodelay', e.g.,
3001
3002	FEATURE(`ratecontrol', `nodelay')
3003
3004In that case, FEATURE(`delay_checks') has no effect on connection
3005control (and it must be specified earlier in the mc file).
3006
3007An optional second argument `terminate' specifies whether the
3008rulesets should return the error code 421 which will cause
3009sendmail to terminate the session with that error if it is
3010returned from check_relay, i.e., not delayed as explained in
3011the previous paragraph.  Example:
3012
3013	FEATURE(`ratecontrol', `nodelay', `terminate')
3014
3015
3016+----------+
3017| STARTTLS |
3018+----------+
3019
3020In this text, cert will be used as an abbreviation for X.509 certificate,
3021DN (CN) is the distinguished (common) name of a cert, and CA is a
3022certification authority, which signs (issues) certs.
3023
3024For STARTTLS to be offered by sendmail you need to set at least
3025these variables (the file names and paths are just examples):
3026
3027	define(`confCACERT_PATH', `/etc/mail/certs/')
3028	define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
3029	define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
3030	define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
3031
3032On systems which do not have the compile flag HASURANDOM set (see
3033sendmail/README) you also must set confRAND_FILE.
3034
3035See doc/op/op.{me,ps,txt} for more information about these options,
3036especially the sections ``Certificates for STARTTLS'' and ``PRNG for
3037STARTTLS''.
3038
3039Macros related to STARTTLS are:
3040
3041${cert_issuer} holds the DN of the CA (the cert issuer).
3042${cert_subject} holds the DN of the cert (called the cert subject).
3043${cn_issuer} holds the CN of the CA (the cert issuer).
3044${cn_subject} holds the CN of the cert (called the cert subject).
3045${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
3046	TLSv1/SSLv3, SSLv3, SSLv2.
3047${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
3048	EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
3049${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
3050	used for the connection.
3051${verify} holds the result of the verification of the presented cert.
3052	Possible values are:
3053	OK	 verification succeeded.
3054	NO	 no cert presented.
3055	NOT	 no cert requested.
3056	FAIL	 cert presented but could not be verified,
3057		 e.g., the cert of the signing CA is missing.
3058	NONE	 STARTTLS has not been performed.
3059	TEMP	 temporary error occurred.
3060	PROTOCOL protocol error occurred (SMTP level).
3061	SOFTWARE STARTTLS handshake failed.
3062${server_name} the name of the server of the current outgoing SMTP
3063	connection.
3064${server_addr} the address of the server of the current outgoing SMTP
3065	connection.
3066
3067Relaying
3068--------
3069
3070SMTP STARTTLS can allow relaying for remote SMTP clients which have
3071successfully authenticated themselves.  If the verification of the cert
3072failed (${verify} != OK), relaying is subject to the usual rules.
3073Otherwise the DN of the issuer is looked up in the access map using the
3074tag CERTISSUER.  If the resulting value is RELAY, relaying is allowed.
3075If it is SUBJECT, the DN of the cert subject is looked up next in the
3076access map using the tag CERTSUBJECT.  If the value is RELAY, relaying
3077is allowed.
3078
3079To make things a bit more flexible (or complicated), the values for
3080${cert_issuer} and ${cert_subject} can be optionally modified by regular
3081expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
3082_CERT_REGEX_SUBJECT_, respectively.  To avoid problems with those macros in
3083rulesets and map lookups, they are modified as follows: each non-printable
3084character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
3085by their HEX value with a leading '+'.  For example:
3086
3087/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/emailAddress=
3088darth+cert@endmail.org
3089
3090is encoded as:
3091
3092/C=US/ST=California/O=endmail.org/OU=private/CN=
3093Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3094
3095(line breaks have been inserted for readability).
3096
3097The macros which are subject to this encoding are ${cert_subject},
3098${cert_issuer}, ${cn_subject}, and ${cn_issuer}.
3099
3100Examples:
3101
3102To allow relaying for everyone who can present a cert signed by
3103
3104/C=US/ST=California/O=endmail.org/OU=private/CN=
3105Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3106
3107simply use:
3108
3109CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3110Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org	RELAY
3111
3112To allow relaying only for a subset of machines that have a cert signed by
3113
3114/C=US/ST=California/O=endmail.org/OU=private/CN=
3115Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3116
3117use:
3118
3119CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3120Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org	SUBJECT
3121CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
3122DeathStar/emailAddress=deathstar@endmail.org		RELAY
3123
3124Note: line breaks have been inserted after "CN=" for readability,
3125each tagged entry must be one (long) line in the access map.
3126
3127Of course it is also possible to write a simple ruleset that allows
3128relaying for everyone who can present a cert that can be verified, e.g.,
3129
3130LOCAL_RULESETS
3131SLocal_check_rcpt
3132R$*	$: $&{verify}
3133ROK	$# OK
3134
3135Allowing Connections
3136--------------------
3137
3138The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
3139an SMTP connection is accepted (or should continue).
3140
3141tls_server is called when sendmail acts as client after a STARTTLS command
3142(should) have been issued.  The parameter is the value of ${verify}.
3143
3144tls_client is called when sendmail acts as server, after a STARTTLS command
3145has been issued, and from check_mail.  The parameter is the value of
3146${verify} and STARTTLS or MAIL, respectively.
3147
3148Both rulesets behave the same.  If no access map is in use, the connection
3149will be accepted unless ${verify} is SOFTWARE, in which case the connection
3150is always aborted.  For tls_server/tls_client, ${client_name}/${server_name}
3151is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
3152with the ruleset LookUpDomain.  If no entry is found, ${client_addr}
3153(${server_addr}) is looked up in the access map (same tag, ruleset
3154LookUpAddr).  If this doesn't result in an entry either, just the tag is
3155looked up in the access map (included the trailing colon).  Notice:
3156requiring that e-mail is sent to a server only encrypted, e.g., via
3157
3158TLS_Srv:secure.domain	ENCR:112
3159
3160doesn't necessarily mean that e-mail sent to that domain is encrypted.
3161If the domain has multiple MX servers, e.g.,
3162
3163secure.domain.	IN MX 10	mail.secure.domain.
3164secure.domain.	IN MX 50	mail.other.domain.
3165
3166then mail to user@secure.domain may go unencrypted to mail.other.domain.
3167tls_rcpt can be used to address this problem.
3168
3169tls_rcpt is called before a RCPT TO: command is sent.  The parameter is the
3170current recipient.  This ruleset is only defined if FEATURE(`access_db')
3171is selected.  A recipient address user@domain is looked up in the access
3172map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
3173and TLS_Rcpt:; the first match is taken.
3174
3175The result of the lookups is then used to call the ruleset TLS_connection,
3176which checks the requirement specified by the RHS in the access map against
3177the actual parameters of the current TLS connection, esp. ${verify} and
3178${cipher_bits}.  Legal RHSs in the access map are:
3179
3180VERIFY		verification must have succeeded
3181VERIFY:bits	verification must have succeeded and ${cipher_bits} must
3182		be greater than or equal bits.
3183ENCR:bits	${cipher_bits} must be greater than or equal bits.
3184
3185The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
3186or permanent error.  The default is a temporary error code (403 4.7.0)
3187unless the macro TLS_PERM_ERR is set during generation of the .cf file.
3188
3189If a certain level of encryption is required, then it might also be
3190possible that this level is provided by the security layer from a SASL
3191algorithm, e.g., DIGEST-MD5.
3192
3193Furthermore, there can be a list of extensions added.  Such a list
3194starts with '+' and the items are separated by '++'.  Allowed
3195extensions are:
3196
3197CN:name		name must match ${cn_subject}
3198CN		${client_name}/${server_name} must match ${cn_subject}
3199CS:name		name must match ${cert_subject}
3200CI:name		name must match ${cert_issuer}
3201CITag:MYTag	look up MYTag:${cert_issuer} in access map; the check
3202		only succeeds if it is found with a RHS of OK.
3203
3204Example: e-mail sent to secure.example.com should only use an encrypted
3205connection.  E-mail received from hosts within the laptop.example.com domain
3206should only be accepted if they have been authenticated.  The host which
3207receives e-mail for darth@endmail.org must present a cert that uses the
3208CN smtp.endmail.org.  E-mail sent to safe.example.com must be verified,
3209have a matching CN, and must present a cert signed by a CA with one of
3210the listed DNs.
3211
3212TLS_Srv:secure.example.com	ENCR:112
3213TLS_Clt:laptop.example.com	PERM+VERIFY:112
3214TLS_Rcpt:darth@endmail.org	ENCR:112+CN:smtp.endmail.org
3215TLS_Srv:safe.example.net	VERIFY+CN++CITag:MyCA
3216MyCA:/C=US/ST=CA/O=safe/CN=example.net/		OK
3217MyCA:/C=US/ST=CA/O=secure/CN=example.net/	OK
3218
3219
3220TLS Options per Session
3221-----------------------
3222
3223By default STARTTLS is used whenever possible.  However, there are
3224MTAs with STARTTLS interoperability issues.  To be able to send to
3225(or receive from) those MTAs several features are available:
3226
32271) Various TLS options be be set per IP/domain.
32282) STARTTLS can be turned off for specific IP addresses/domains.
3229
3230About 1): the rulesets tls_srv_features and tls_clt_features can
3231be used to return a (semicolon separated) list of TLS related
3232options:
3233
3234- Options: compare {Server,Client}SSLOptions.
3235- CipherList: same as the global option.
3236- CertFile, KeyFile: {Server,Client}{Cert,Key}File
3237- Flags: see doc/op/op.me for details.
3238
3239If FEATURE(`tls_session_features') and FEATURE(`access_db') are
3240used, then default rulesets are activated which look up entries in
3241the access map with the tags TLS_Srv_features and TLS_Clt_features,
3242respectively.  For example, these entries:
3243
3244TLS_Srv_features:10.0.2.4	CipherList=MEDIUM+aRSA;
3245TLS_Clt_features:10.1.0.1	Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT
3246
3247specify a cipherlist with MEDIUM strength ciphers that use RSA
3248certificates only for the client with the IP address 10.0.2.4,
3249and turn off TLSv1.2 when connecting to the server with the IP
3250address 10.1.0.1 as well as setting a specific cipherlist.
3251If FEATURE(`tls_session_features') is not used the user can provide
3252their own rulesets which must return the appropriate data.
3253If the rulesets are not defined or do not return a value, the
3254default TLS options are not modified.
3255
3256About 2): the rulesets try_tls, srv_features, and clt_features can
3257be used together with the access map.  Entries for the access map
3258must be tagged with Try_TLS, Srv_Features, Clt_Features and refer
3259to the hostname or IP address of the connecting system.  A default
3260case can be specified by using just the tag.  For example, the
3261following entries in the access map:
3262
3263	Try_TLS:broken.server	NO
3264	Srv_Features:my.domain	v
3265	Srv_Features:		V
3266	Clt_Features:broken.sts	M
3267
3268will turn off STARTTLS when sending to broken.server (or any host
3269in that domain), request a client certificate during the TLS handshake
3270only for hosts in my.domain, and disable MTA-STS for broken.sts.
3271The valid entries on the RHS for Srv_Features and Clt_Features are
3272listed in the Sendmail Installation and Operations Guide.
3273
3274
3275Received: Header
3276----------------
3277
3278The Received: header reveals whether STARTTLS has been used.  It contains an
3279extra line:
3280
3281(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
3282
3283
3284+---------------------+
3285| SMTP AUTHENTICATION |
3286+---------------------+
3287
3288The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
3289used in anti-relay rulesets to allow relaying for those users that
3290authenticated themselves.  A very simple example is:
3291
3292SLocal_check_rcpt
3293R$*		$: $&{auth_type}
3294R$+		$# OK
3295
3296which checks whether a user has successfully authenticated using
3297any available mechanism.  Depending on the setup of the Cyrus SASL
3298library, more sophisticated rulesets might be required, e.g.,
3299
3300SLocal_check_rcpt
3301R$*		$: $&{auth_type} $| $&{auth_authen}
3302RDIGEST-MD5 $| $+@$=w	$# OK
3303
3304to allow relaying for users that authenticated using DIGEST-MD5
3305and have an identity in the local domains.
3306
3307The ruleset trust_auth is used to determine whether a given AUTH=
3308parameter (that is passed to this ruleset) should be trusted.  This
3309ruleset may make use of the other ${auth_*} macros.  Only if the
3310ruleset resolves to the error mailer, the AUTH= parameter is not
3311trusted.  A user supplied ruleset Local_trust_auth can be written
3312to modify the default behavior, which only trust the AUTH=
3313parameter if it is identical to the authenticated user.
3314
3315Per default, relaying is allowed for any user who authenticated
3316via a "trusted" mechanism, i.e., one that is defined via
3317TRUST_AUTH_MECH(`list of mechanisms')
3318For example:
3319TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
3320
3321If the selected mechanism provides a security layer the number of
3322bits used for the key of the symmetric cipher is stored in the
3323macro ${auth_ssf}.
3324
3325Providing SMTP AUTH Data when sendmail acts as Client
3326-----------------------------------------------------
3327
3328If sendmail acts as client, it needs some information how to
3329authenticate against another MTA.  This information can be provided
3330by the ruleset authinfo or by the option DefaultAuthInfo.  The
3331authinfo ruleset looks up {server_name} using the tag AuthInfo: in
3332the access map.  If no entry is found, {server_addr} is looked up
3333in the same way and finally just the tag AuthInfo: to provide
3334default values.  Note: searches for domain parts or IP nets are
3335only performed if the access map is used; if the authinfo feature
3336is used then only up to three lookups are performed (two exact
3337matches, one default).
3338
3339Note: If your daemon does client authentication when sending, and
3340if it uses either PLAIN or LOGIN authentication, then you *must*
3341prevent ordinary users from seeing verbose output.  Do NOT install
3342sendmail set-user-ID.  Use PrivacyOptions to turn off verbose output
3343("goaway" works for this).
3344
3345Notice: the default configuration file causes the option DefaultAuthInfo
3346to fail since the ruleset authinfo is in the .cf file. If you really
3347want to use DefaultAuthInfo (it is deprecated) then you have to
3348remove the ruleset.
3349
3350The RHS for an AuthInfo: entry in the access map should consists of a
3351list of tokens, each of which has the form: "TDstring" (including
3352the quotes).  T is a tag which describes the item, D is a delimiter,
3353either ':' for simple text or '=' for a base64 encoded string.
3354Valid values for the tag are:
3355
3356	U	user (authorization) id
3357	I	authentication id
3358	P	password
3359	R	realm
3360	M	list of mechanisms delimited by spaces
3361
3362Example entries are:
3363
3364AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
3365AuthInfo:host.more.dom "U:user" "P=c2VjcmV0"
3366
3367User id or authentication id must exist as well as the password.  All
3368other entries have default values.  If one of user or authentication
3369id is missing, the existing value is used for the missing item.
3370If "R:" is not specified, realm defaults to $j.  The list of mechanisms
3371defaults to those specified by AuthMechanisms.
3372
3373Since this map contains sensitive information, either the access
3374map must be unreadable by everyone but root (or the trusted user)
3375or FEATURE(`authinfo') must be used which provides a separate map.
3376Notice: It is not checked whether the map is actually
3377group/world-unreadable, this is left to the user.
3378
3379+--------------------------------+
3380| ADDING NEW MAILERS OR RULESETS |
3381+--------------------------------+
3382
3383Sometimes you may need to add entirely new mailers or rulesets.  They
3384should be introduced with the constructs MAILER_DEFINITIONS and
3385LOCAL_RULESETS respectively.  For example:
3386
3387	MAILER_DEFINITIONS
3388	Mmymailer, ...
3389	...
3390
3391	LOCAL_RULESETS
3392	Smyruleset
3393	...
3394
3395Local additions for the rulesets srv_features, clt_features, try_tls,
3396tls_rcpt, tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
3397LOCAL_CLT_FEATURES, LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT,
3398and LOCAL_TLS_SERVER, respectively.  For example, to add a local
3399ruleset that decides whether to try STARTTLS in a sendmail client, use:
3400
3401	LOCAL_TRY_TLS
3402	R...
3403
3404Note: you don't need to add a name for the ruleset, it is implicitly
3405defined by using the appropriate macro.
3406
3407
3408+-------------------------+
3409| ADDING NEW MAIL FILTERS |
3410+-------------------------+
3411
3412Sendmail supports mail filters to filter incoming SMTP messages according
3413to the "Sendmail Mail Filter API" documentation.  These filters can be
3414configured in your mc file using the two commands:
3415
3416	MAIL_FILTER(`name', `equates')
3417	INPUT_MAIL_FILTER(`name', `equates')
3418
3419The first command, MAIL_FILTER(), simply defines a filter with the given
3420name and equates.  For example:
3421
3422	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3423
3424This creates the equivalent sendmail.cf entry:
3425
3426	Xarchive, S=local:/var/run/archivesock, F=R
3427
3428The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
3429but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
3430of the filter such that the filter will actually be called by sendmail.
3431
3432For example, the two commands:
3433
3434	INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3435	INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3436
3437are equivalent to the three commands:
3438
3439	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3440	MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3441	define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
3442
3443In general, INPUT_MAIL_FILTER() should be used unless you need to define
3444more filters than you want to use for `confINPUT_MAIL_FILTERS'.
3445
3446Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
3447commands will clear the list created by the prior INPUT_MAIL_FILTER()
3448commands.
3449
3450
3451+-------------------------+
3452| QUEUE GROUP DEFINITIONS |
3453+-------------------------+
3454
3455In addition to the queue directory (which is the default queue group
3456called "mqueue"), sendmail can deal with multiple queue groups, which
3457are collections of queue directories with the same behaviour.  Queue
3458groups can be defined using the command:
3459
3460	QUEUE_GROUP(`name', `equates')
3461
3462For details about queue groups, please see doc/op/op.{me,ps,txt}.
3463
3464+-------------------------------+
3465| NON-SMTP BASED CONFIGURATIONS |
3466+-------------------------------+
3467
3468These configuration files are designed primarily for use by
3469SMTP-based sites.  They may not be well tuned for UUCP-only or
3470UUCP-primarily nodes (the latter is defined as a small local net
3471connected to the rest of the world via UUCP).  However, there is
3472one hook to handle some special cases.
3473
3474You can define a ``smart host'' that understands a richer address syntax
3475using:
3476
3477	define(`SMART_HOST', `mailer:hostname')
3478
3479In this case, the ``mailer:'' defaults to "relay".  Any messages that
3480can't be handled using the usual UUCP rules are passed to this host.
3481
3482If you are on a local SMTP-based net that connects to the outside
3483world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
3484For example:
3485
3486	define(`SMART_HOST', `uucp-new:uunet')
3487	LOCAL_NET_CONFIG
3488	R$* < @ $* .$m. > $*	$#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
3489
3490This will cause all names that end in your domain name ($m) to be sent
3491via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3492If you have FEATURE(`nocanonify'), you may need to omit the dots after
3493the $m.  If you are running a local DNS inside your domain which is
3494not otherwise connected to the outside world, you probably want to
3495use:
3496
3497	define(`SMART_HOST', `smtp:fire.wall.com')
3498	LOCAL_NET_CONFIG
3499	R$* < @ $* . > $*	$#smtp $@ $2. $: $1 < @ $2. > $3
3500
3501That is, send directly only to things you found in your DNS lookup;
3502anything else goes through SMART_HOST.
3503
3504You may need to turn off the anti-spam rules in order to accept
3505UUCP mail with FEATURE(`promiscuous_relay') and
3506FEATURE(`accept_unresolvable_domains').
3507
3508
3509+-----------+
3510| WHO AM I? |
3511+-----------+
3512
3513Normally, the $j macro is automatically defined to be your fully
3514qualified domain name (FQDN).  Sendmail does this by getting your
3515host name using gethostname and then calling gethostbyname on the
3516result.  For example, in some environments gethostname returns
3517only the root of the host name (such as "foo"); gethostbyname is
3518supposed to return the FQDN ("foo.bar.com").  In some (fairly rare)
3519cases, gethostbyname may fail to return the FQDN.  In this case
3520you MUST define confDOMAIN_NAME to be your fully qualified domain
3521name.  This is usually done using:
3522
3523	Dmbar.com
3524	define(`confDOMAIN_NAME', `$w.$m')dnl
3525
3526
3527+-----------------------------------+
3528| ACCEPTING MAIL FOR MULTIPLE NAMES |
3529+-----------------------------------+
3530
3531If your host is known by several different names, you need to augment
3532class {w}.  This is a list of names by which your host is known, and
3533anything sent to an address using a host name in this list will be
3534treated as local mail.  You can do this in two ways:  either create the
3535file /etc/mail/local-host-names containing a list of your aliases (one per
3536line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3537``LOCAL_DOMAIN(`alias.host.name')''.  Be sure you use the fully-qualified
3538name of the host, rather than a short name.
3539
3540If you want to have different address in different domains, take
3541a look at the virtusertable feature, which is also explained at
3542http://www.sendmail.org/virtual-hosting.html
3543
3544
3545+--------------------+
3546| USING MAILERTABLES |
3547+--------------------+
3548
3549To use FEATURE(`mailertable'), you will have to create an external
3550database containing the routing information for various domains.
3551For example, a mailertable file in text format might be:
3552
3553	.my.domain		xnet:%1.my.domain
3554	uuhost1.my.domain	uucp-new:uuhost1
3555	.bitnet			smtp:relay.bit.net
3556
3557This should normally be stored in /etc/mail/mailertable.  The actual
3558database version of the mailertable is built using:
3559
3560	makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3561
3562The semantics are simple.  Any LHS entry that does not begin with
3563a dot matches the full host name indicated.  LHS entries beginning
3564with a dot match anything ending with that domain name (including
3565the leading dot) -- that is, they can be thought of as having a
3566leading ".+" regular expression pattern for a non-empty sequence of
3567characters.  Matching is done in order of most-to-least qualified
3568-- for example, even though ".my.domain" is listed first in the
3569above example, an entry of "uuhost1.my.domain" will match the second
3570entry since it is more explicit.  Note: e-mail to "user@my.domain"
3571does not match any entry in the above table.  You need to have
3572something like:
3573
3574	my.domain		esmtp:host.my.domain
3575
3576The RHS should always be a "mailer:host" pair.  The mailer is the
3577configuration name of a mailer (that is, an M line in the
3578sendmail.cf file).  The "host" will be the hostname passed to
3579that mailer.  In domain-based matches (that is, those with leading
3580dots) the "%1" may be used to interpolate the wildcarded part of
3581the host name.  For example, the first line above sends everything
3582addressed to "anything.my.domain" to that same host name, but using
3583the (presumably experimental) xnet mailer.
3584
3585In some cases you may want to temporarily turn off MX records,
3586particularly on gateways.  For example, you may want to MX
3587everything in a domain to one machine that then forwards it
3588directly.  To do this, you might use the DNS configuration:
3589
3590	*.domain.	IN	MX	0	relay.machine
3591
3592and on relay.machine use the mailertable:
3593
3594	.domain		smtp:[gateway.domain]
3595
3596The [square brackets] turn off MX records for this host only.
3597If you didn't do this, the mailertable would use the MX record
3598again, which would give you an MX loop.  Note that the use of
3599wildcard MX records is almost always a bad idea.  Please avoid
3600using them if possible.
3601
3602
3603+--------------------------------+
3604| USING USERDB TO MAP FULL NAMES |
3605+--------------------------------+
3606
3607The user database was not originally intended for mapping full names
3608to login names (e.g., Eric.Allman => eric), but some people are using
3609it that way.  (it is recommended that you set up aliases for this
3610purpose instead -- since you can specify multiple alias files, this
3611is fairly easy.)  The intent was to locate the default maildrop at
3612a site, but allow you to override this by sending to a specific host.
3613
3614If you decide to set up the user database in this fashion, it is
3615imperative that you not use FEATURE(`stickyhost') -- otherwise,
3616e-mail sent to Full.Name@local.host.name will be rejected.
3617
3618To build the internal form of the user database, use:
3619
3620	makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3621
3622As a general rule, it is an extremely bad idea to using full names
3623as e-mail addresses, since they are not in any sense unique.  For
3624example, the UNIX software-development community has at least two
3625well-known Peter Deutsches, and at one time Bell Labs had two
3626Stephen R. Bournes with offices along the same hallway.  Which one
3627will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3628The less famous of the two, or the one that was hired later?
3629
3630Finger should handle full names (and be fuzzy).  Mail should use
3631handles, and not be fuzzy.
3632
3633
3634+--------------------------------+
3635| MISCELLANEOUS SPECIAL FEATURES |
3636+--------------------------------+
3637
3638Plussed users
3639	Sometimes it is convenient to merge configuration on a
3640	centralized mail machine, for example, to forward all
3641	root mail to a mail server.  In this case it might be
3642	useful to be able to treat the root addresses as a class
3643	of addresses with subtle differences.  You can do this
3644	using plussed users.  For example, a client might include
3645	the alias:
3646
3647		root:  root+client1@server
3648
3649	On the server, this will match an alias for "root+client1".
3650	If that is not found, the alias "root+*" will be tried,
3651	then "root".
3652
3653
3654+----------------+
3655| SECURITY NOTES |
3656+----------------+
3657
3658A lot of sendmail security comes down to you.  Sendmail 8 is much
3659more careful about checking for security problems than previous
3660versions, but there are some things that you still need to watch
3661for.  In particular:
3662
3663* Make sure the aliases file is not writable except by trusted
3664  system personnel.  This includes both the text and database
3665  version.
3666
3667* Make sure that other files that sendmail reads, such as the
3668  mailertable, are only writable by trusted system personnel.
3669
3670* The queue directory should not be world writable PARTICULARLY
3671  if your system allows "file giveaways" (that is, if a non-root
3672  user can chown any file they own to any other user).
3673
3674* If your system allows file giveaways, DO NOT create a publicly
3675  writable directory for forward files.  This will allow anyone
3676  to steal anyone else's e-mail.  Instead, create a script that
3677  copies the .forward file from users' home directories once a
3678  night (if you want the non-NFS-mounted forward directory).
3679
3680* If your system allows file giveaways, you'll find that
3681  sendmail is much less trusting of :include: files -- in
3682  particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3683  /etc/shells before they will be trusted (that is, before
3684  files and programs listed in them will be honored).
3685
3686In general, file giveaways are a mistake -- if you can turn them
3687off, do so.
3688
3689
3690+--------------------------------+
3691| TWEAKING CONFIGURATION OPTIONS |
3692+--------------------------------+
3693
3694There are a large number of configuration options that don't normally
3695need to be changed.  However, if you feel you need to tweak them,
3696you can define the following M4 variables. Note that some of these
3697variables require formats that are defined in RFC 2821 or RFC 2822.
3698Before changing them you need to make sure you do not violate those
3699(and other relevant) RFCs.
3700
3701This list is shown in four columns:  the name you define, the default
3702value for that definition, the option or macro that is affected
3703(either Ox for an option or Dx for a macro), and a brief description.
3704Greater detail of the semantics can be found in the Installation
3705and Operations Guide.
3706
3707Some options are likely to be deprecated in future versions -- that is,
3708the option is only included to provide back-compatibility.  These are
3709marked with "*".
3710
3711Remember that these options are M4 variables, and hence may need to
3712be quoted.  In particular, arguments with commas will usually have to
3713be ``double quoted, like this phrase'' to avoid having the comma
3714confuse things.  This is common for alias file definitions and for
3715the read timeout.
3716
3717M4 Variable Name	Configuration	[Default] & Description
3718================	=============	=======================
3719confMAILER_NAME		$n macro	[MAILER-DAEMON] The sender name used
3720					for internally generated outgoing
3721					messages.
3722confDOMAIN_NAME		$j macro	If defined, sets $j.  This should
3723					only be done if your system cannot
3724					determine your local domain name,
3725					and then it should be set to
3726					$w.Foo.COM, where Foo.COM is your
3727					domain name.
3728confCF_VERSION		$Z macro	If defined, this is appended to the
3729					configuration version name.
3730confLDAP_CLUSTER	${sendmailMTACluster} macro
3731					If defined, this is the LDAP
3732					cluster to use for LDAP searches
3733					as described above in ``USING LDAP
3734					FOR ALIASES, MAPS, AND CLASSES''.
3735confFROM_HEADER		From:		[$?x$x <$g>$|$g$.] The format of an
3736					internally generated From: address.
3737confRECEIVED_HEADER	Received:
3738		[$?sfrom $s $.$?_($?s$|from $.$_)
3739			$.$?{auth_type}(authenticated)
3740			$.by $j ($v/$Z)$?r with $r$. id $i$?u
3741			for $u; $|;
3742			$.$b]
3743					The format of the Received: header
3744					in messages passed through this host.
3745					It is unwise to try to change this.
3746confMESSAGEID_HEADER	Message-Id:	[<$t.$i@$j>] The format of an
3747					internally generated Message-Id:
3748					header.
3749confCW_FILE		Fw class	[/etc/mail/local-host-names] Name
3750					of file used to get the local
3751					additions to class {w} (local host
3752					names).
3753confCT_FILE		Ft class	[/etc/mail/trusted-users] Name of
3754					file used to get the local additions
3755					to class {t} (trusted users).
3756confCR_FILE		FR class	[/etc/mail/relay-domains] Name of
3757					file used to get the local additions
3758					to class {R} (hosts allowed to relay).
3759confTRUSTED_USERS	Ct class	[no default] Names of users to add to
3760					the list of trusted users.  This list
3761					always includes root, uucp, and daemon.
3762					See also FEATURE(`use_ct_file').
3763confTRUSTED_USER	TrustedUser	[no default] Trusted user for file
3764					ownership and starting the daemon.
3765					Not to be confused with
3766					confTRUSTED_USERS (see above).
3767confSMTP_MAILER		-		[esmtp] The mailer name used when
3768					SMTP connectivity is required.
3769					One of "smtp", "smtp8",
3770					"esmtp", or "dsmtp".
3771confUUCP_MAILER		-		[uucp-old] The mailer to be used by
3772					default for bang-format recipient
3773					addresses.  See also discussion of
3774					class {U}, class {Y}, and class {Z}
3775					in the MAILER(`uucp') section.
3776confLOCAL_MAILER	-		[local] The mailer name used when
3777					local connectivity is required.
3778					Almost always "local".
3779confRELAY_MAILER	-		[relay] The default mailer name used
3780					for relaying any mail (e.g., to a
3781					BITNET_RELAY, a SMART_HOST, or
3782					whatever).  This can reasonably be
3783					"uucp-new" if you are on a
3784					UUCP-connected site.
3785confSEVEN_BIT_INPUT	SevenBitInput	[False] Force input to seven bits?
3786confEIGHT_BIT_HANDLING	EightBitMode	[pass8] 8-bit data handling
3787confALIAS_WAIT		AliasWait	[10m] Time to wait for alias file
3788					rebuild until you get bored and
3789					decide that the apparently pending
3790					rebuild failed.
3791confMIN_FREE_BLOCKS	MinFreeBlocks	[100] Minimum number of free blocks on
3792					queue filesystem to accept SMTP mail.
3793					(Prior to 8.7 this was minfree/maxsize,
3794					where minfree was the number of free
3795					blocks and maxsize was the maximum
3796					message size.  Use confMAX_MESSAGE_SIZE
3797					for the second value now.)
3798confMAX_MESSAGE_SIZE	MaxMessageSize	[infinite] The maximum size of messages
3799					that will be accepted (in bytes).
3800confBLANK_SUB		BlankSub	[.] Blank (space) substitution
3801					character.
3802confCON_EXPENSIVE	HoldExpensive	[False] Avoid connecting immediately
3803					to mailers marked expensive.
3804confCHECKPOINT_INTERVAL	CheckpointInterval
3805					[10] Checkpoint queue files every N
3806					recipients.
3807confDELIVERY_MODE	DeliveryMode	[background] Default delivery mode.
3808confERROR_MODE		ErrorMode	[print] Error message mode.
3809confERROR_MESSAGE	ErrorHeader	[undefined] Error message header/file.
3810confSAVE_FROM_LINES	SaveFromLine	Save extra leading From_ lines.
3811confTEMP_FILE_MODE	TempFileMode	[0600] Temporary file mode.
3812confMATCH_GECOS		MatchGECOS	[False] Match GECOS field.
3813confMAX_HOP		MaxHopCount	[25] Maximum hop count.
3814confIGNORE_DOTS*	IgnoreDots	[False; always False in -bs or -bd
3815					mode] Ignore dot as terminator for
3816					incoming messages?
3817confBIND_OPTS		ResolverOptions	[undefined] Default options for DNS
3818					resolver.
3819confMIME_FORMAT_ERRORS*	SendMimeErrors	[True] Send error messages as MIME-
3820					encapsulated messages per RFC 1344.
3821confFORWARD_PATH	ForwardPath	[$z/.forward.$w:$z/.forward]
3822					The colon-separated list of places to
3823					search for .forward files.  N.B.: see
3824					the Security Notes section.
3825confMCI_CACHE_SIZE	ConnectionCacheSize
3826					[2] Size of open connection cache.
3827confMCI_CACHE_TIMEOUT	ConnectionCacheTimeout
3828					[5m] Open connection cache timeout.
3829confHOST_STATUS_DIRECTORY HostStatusDirectory
3830					[undefined] If set, host status is kept
3831					on disk between sendmail runs in the
3832					named directory tree.  This need not be
3833					a full pathname, in which case it is
3834					interpreted relative to the queue
3835					directory.
3836confSINGLE_THREAD_DELIVERY  SingleThreadDelivery
3837					[False] If this option and the
3838					HostStatusDirectory option are both
3839					set, single thread deliveries to other
3840					hosts.  That is, don't allow any two
3841					sendmails on this host to connect
3842					simultaneously to any other single
3843					host.  This can slow down delivery in
3844					some cases, in particular since a
3845					cached but otherwise idle connection
3846					to a host will prevent other sendmails
3847					from connecting to the other host.
3848confUSE_COMPRESSED_IPV6_ADDRESSES
3849			UseCompressedIPv6Addresses
3850					[undefined] If set, use the compressed
3851					form of IPv6 addresses, such as
3852					IPV6:::1, instead of the uncompressed
3853					form, such as IPv6:0:0:0:0:0:0:0:1.
3854confUSE_ERRORS_TO*	UseErrorsTo	[False] Use the Errors-To: header to
3855					deliver error messages.  This should
3856					not be necessary because of general
3857					acceptance of the envelope/header
3858					distinction.
3859confLOG_LEVEL		LogLevel	[9] Log level.
3860confME_TOO		MeToo		[True] Include sender in group
3861					expansions.  This option is
3862					deprecated and will be removed from
3863					a future version.
3864confCHECK_ALIASES	CheckAliases	[False] Check RHS of aliases when
3865					running newaliases.  Since this does
3866					DNS lookups on every address, it can
3867					slow down the alias rebuild process
3868					considerably on large alias files.
3869confOLD_STYLE_HEADERS*	OldStyleHeaders	[True] Assume that headers without
3870					special chars are old style.
3871confPRIVACY_FLAGS	PrivacyOptions	[authwarnings] Privacy flags.
3872confCOPY_ERRORS_TO	PostmasterCopy	[undefined] Address for additional
3873					copies of all error messages.
3874confQUEUE_FACTOR	QueueFactor	[600000] Slope of queue-only function.
3875confQUEUE_FILE_MODE	QueueFileMode	[undefined] Default permissions for
3876					queue files (octal).  If not set,
3877					sendmail uses 0600 unless its real
3878					and effective uid are different in
3879					which case it uses 0644.
3880confDONT_PRUNE_ROUTES	DontPruneRoutes	[False] Don't prune down route-addr
3881					syntax addresses to the minimum
3882					possible.
3883confSAFE_QUEUE*		SuperSafe	[True] Commit all messages to disk
3884					before forking.
3885confTO_INITIAL		Timeout.initial	[5m] The timeout waiting for a response
3886					on the initial connect.
3887confTO_CONNECT		Timeout.connect	[0] The timeout waiting for an initial
3888					connect() to complete.  This can only
3889					shorten connection timeouts; the kernel
3890					silently enforces an absolute maximum
3891					(which varies depending on the system).
3892confTO_ICONNECT		Timeout.iconnect
3893					[undefined] Like Timeout.connect, but
3894					applies only to the very first attempt
3895					to connect to a host in a message.
3896					This allows a single very fast pass
3897					followed by more careful delivery
3898					attempts in the future.
3899confTO_ACONNECT		Timeout.aconnect
3900					[0] The overall timeout waiting for
3901					all connection for a single delivery
3902					attempt to succeed.  If 0, no overall
3903					limit is applied.
3904confTO_HELO		Timeout.helo	[5m] The timeout waiting for a response
3905					to a HELO or EHLO command.
3906confTO_MAIL		Timeout.mail	[10m] The timeout waiting for a
3907					response to the MAIL command.
3908confTO_RCPT		Timeout.rcpt	[1h] The timeout waiting for a response
3909					to the RCPT command.
3910confTO_DATAINIT		Timeout.datainit
3911					[5m] The timeout waiting for a 354
3912					response from the DATA command.
3913confTO_DATABLOCK	Timeout.datablock
3914					[1h] The timeout waiting for a block
3915					during DATA phase.
3916confTO_DATAFINAL	Timeout.datafinal
3917					[1h] The timeout waiting for a response
3918					to the final "." that terminates a
3919					message.
3920confTO_RSET		Timeout.rset	[5m] The timeout waiting for a response
3921					to the RSET command.
3922confTO_QUIT		Timeout.quit	[2m] The timeout waiting for a response
3923					to the QUIT command.
3924confTO_MISC		Timeout.misc	[2m] The timeout waiting for a response
3925					to other SMTP commands.
3926confTO_COMMAND		Timeout.command	[1h] In server SMTP, the timeout
3927					waiting	for a command to be issued.
3928confTO_IDENT		Timeout.ident	[5s] The timeout waiting for a
3929					response to an IDENT query.
3930confTO_FILEOPEN		Timeout.fileopen
3931					[60s] The timeout waiting for a file
3932					(e.g., :include: file) to be opened.
3933confTO_LHLO		Timeout.lhlo	[2m] The timeout waiting for a response
3934					to an LMTP LHLO command.
3935confTO_AUTH		Timeout.auth	[10m] The timeout waiting for a
3936					response in an AUTH dialogue.
3937confTO_STARTTLS		Timeout.starttls
3938					[1h] The timeout waiting for a
3939					response to an SMTP STARTTLS command.
3940confTO_CONTROL		Timeout.control
3941					[2m] The timeout for a complete
3942					control socket transaction to complete.
3943confTO_QUEUERETURN	Timeout.queuereturn
3944					[5d] The timeout before a message is
3945					returned as undeliverable.
3946confTO_QUEUERETURN_NORMAL
3947			Timeout.queuereturn.normal
3948					[undefined] As above, for normal
3949					priority messages.
3950confTO_QUEUERETURN_URGENT
3951			Timeout.queuereturn.urgent
3952					[undefined] As above, for urgent
3953					priority messages.
3954confTO_QUEUERETURN_NONURGENT
3955			Timeout.queuereturn.non-urgent
3956					[undefined] As above, for non-urgent
3957					(low) priority messages.
3958confTO_QUEUERETURN_DSN
3959			Timeout.queuereturn.dsn
3960					[undefined] As above, for delivery
3961					status notification messages.
3962confTO_QUEUEWARN	Timeout.queuewarn
3963					[4h] The timeout before a warning
3964					message is sent to the sender telling
3965					them that the message has been
3966					deferred.
3967confTO_QUEUEWARN_NORMAL	Timeout.queuewarn.normal
3968					[undefined] As above, for normal
3969					priority messages.
3970confTO_QUEUEWARN_URGENT	Timeout.queuewarn.urgent
3971					[undefined] As above, for urgent
3972					priority messages.
3973confTO_QUEUEWARN_NONURGENT
3974			Timeout.queuewarn.non-urgent
3975					[undefined] As above, for non-urgent
3976					(low) priority messages.
3977confTO_QUEUEWARN_DSN
3978			Timeout.queuewarn.dsn
3979					[undefined] As above, for delivery
3980					status notification messages.
3981confTO_HOSTSTATUS	Timeout.hoststatus
3982					[30m] How long information about host
3983					statuses will be maintained before it
3984					is considered stale and the host should
3985					be retried.  This applies both within
3986					a single queue run and to persistent
3987					information (see below).
3988confTO_RESOLVER_RETRANS	Timeout.resolver.retrans
3989					[varies] Sets the resolver's
3990					retransmission time interval (in
3991					seconds).  Sets both
3992					Timeout.resolver.retrans.first and
3993					Timeout.resolver.retrans.normal.
3994confTO_RESOLVER_RETRANS_FIRST  Timeout.resolver.retrans.first
3995					[varies] Sets the resolver's
3996					retransmission time interval (in
3997					seconds) for the first attempt to
3998					deliver a message.
3999confTO_RESOLVER_RETRANS_NORMAL  Timeout.resolver.retrans.normal
4000					[varies] Sets the resolver's
4001					retransmission time interval (in
4002					seconds) for all resolver lookups
4003					except the first delivery attempt.
4004confTO_RESOLVER_RETRY	Timeout.resolver.retry
4005					[varies] Sets the number of times
4006					to retransmit a resolver query.
4007					Sets both
4008					Timeout.resolver.retry.first and
4009					Timeout.resolver.retry.normal.
4010confTO_RESOLVER_RETRY_FIRST  Timeout.resolver.retry.first
4011					[varies] Sets the number of times
4012					to retransmit a resolver query for
4013					the first attempt to deliver a
4014					message.
4015confTO_RESOLVER_RETRY_NORMAL  Timeout.resolver.retry.normal
4016					[varies] Sets the number of times
4017					to retransmit a resolver query for
4018					all resolver lookups except the
4019					first delivery attempt.
4020confTIME_ZONE		TimeZoneSpec	[USE_SYSTEM] Time zone info -- can be
4021					USE_SYSTEM to use the system's idea,
4022					USE_TZ to use the user's TZ envariable,
4023					or something else to force that value.
4024confDEF_USER_ID		DefaultUser	[1:1] Default user id.
4025confUSERDB_SPEC		UserDatabaseSpec
4026					[undefined] User database
4027					specification.
4028confFALLBACK_MX		FallbackMXhost	[undefined] Fallback MX host.
4029confFALLBACK_SMARTHOST	FallbackSmartHost
4030					[undefined] Fallback smart host.
4031confTLS_FALLBACK_TO_CLEAR	TLSFallbacktoClear
4032					[undefined] If set, immediately try
4033					a connection again without STARTTLS
4034					after a TLS handshake failure.
4035confTRY_NULL_MX_LIST	TryNullMXList	[False] If this host is the best MX
4036					for a host and other arrangements
4037					haven't been made, try connecting
4038					to the host directly; normally this
4039					would be a config error.
4040confQUEUE_LA		QueueLA		[varies] Load average at which
4041					queue-only function kicks in.
4042					Default values is (8 * numproc)
4043					where numproc is the number of
4044					processors online (if that can be
4045					determined).
4046confREFUSE_LA		RefuseLA	[varies] Load average at which
4047					incoming SMTP connections are
4048					refused.  Default values is (12 *
4049					numproc) where numproc is the
4050					number of processors online (if
4051					that can be determined).
4052confREJECT_LOG_INTERVAL	RejectLogInterval	[3h] Log interval when
4053					refusing connections for this long.
4054confDELAY_LA		DelayLA		[0] Load average at which sendmail
4055					will sleep for one second on most
4056					SMTP commands and before accepting
4057					connections.  0 means no limit.
4058confMAX_ALIAS_RECURSION	MaxAliasRecursion
4059					[10] Maximum depth of alias recursion.
4060confMAX_DAEMON_CHILDREN	MaxDaemonChildren
4061					[undefined] The maximum number of
4062					children the daemon will permit.  After
4063					this number, connections will be
4064					rejected.  If not set or <= 0, there is
4065					no limit.
4066confMAX_HEADERS_LENGTH	MaxHeadersLength
4067					[32768] Maximum length of the sum
4068					of all headers.
4069confMAX_MIME_HEADER_LENGTH  MaxMimeHeaderLength
4070					[undefined] Maximum length of
4071					certain MIME header field values.
4072confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
4073					[undefined] The maximum number of
4074					connections permitted per second per
4075					daemon.  After this many connections
4076					are accepted, further connections
4077					will be delayed.  If not set or <= 0,
4078					there is no limit.
4079confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
4080					[60s] Define the length of the
4081					interval for which the number of
4082					incoming connections is maintained.
4083confWORK_RECIPIENT_FACTOR
4084			RecipientFactor	[30000] Cost of each recipient.
4085confSEPARATE_PROC	ForkEachJob	[False] Run all deliveries in a
4086					separate process.
4087confWORK_CLASS_FACTOR	ClassFactor	[1800] Priority multiplier for class.
4088confWORK_TIME_FACTOR	RetryFactor	[90000] Cost of each delivery attempt.
4089confQUEUE_SORT_ORDER	QueueSortOrder	[Priority] Queue sort algorithm:
4090					Priority, Host, Filename, Random,
4091					Modification, or Time.
4092confMAX_QUEUE_AGE	MaxQueueAge	[undefined] If set to a value greater
4093					than zero, entries in the queue
4094					will be retried during a queue run
4095					only if the individual retry time
4096					has been reached which is doubled
4097					for each attempt.  The maximum retry
4098					time is limited by the specified value.
4099confMIN_QUEUE_AGE	MinQueueAge	[0] The minimum amount of time a job
4100					must sit in the queue between queue
4101					runs.  This allows you to set the
4102					queue run interval low for better
4103					responsiveness without trying all
4104					jobs in each run.
4105confDEF_CHAR_SET	DefaultCharSet	[unknown-8bit] When converting
4106					unlabeled 8 bit input to MIME, the
4107					character set to use by default.
4108confSERVICE_SWITCH_FILE	ServiceSwitchFile
4109					[/etc/mail/service.switch] The file
4110					to use for the service switch on
4111					systems that do not have a
4112					system-defined switch.
4113confHOSTS_FILE		HostsFile	[/etc/hosts] The file to use when doing
4114					"file" type access of hosts names.
4115confDIAL_DELAY		DialDelay	[0s] If a connection fails, wait this
4116					long and try again.  Zero means "don't
4117					retry".  This is to allow "dial on
4118					demand" connections to have enough time
4119					to complete a connection.
4120confNO_RCPT_ACTION	NoRecipientAction
4121					[none] What to do if there are no legal
4122					recipient fields (To:, Cc: or Bcc:)
4123					in the message.  Legal values can
4124					be "none" to just leave the
4125					nonconforming message as is, "add-to"
4126					to add a To: header with all the
4127					known recipients (which may expose
4128					blind recipients), "add-apparently-to"
4129					to do the same but use Apparently-To:
4130					instead of To: (strongly discouraged
4131					in accordance with IETF standards),
4132					"add-bcc" to add an empty Bcc:
4133					header, or "add-to-undisclosed" to
4134					add the header
4135					``To: undisclosed-recipients:;''.
4136confSAFE_FILE_ENV	SafeFileEnvironment
4137					[undefined] If set, sendmail will do a
4138					chroot() into this directory before
4139					writing files.
4140confCOLON_OK_IN_ADDR	ColonOkInAddr	[True unless Configuration Level > 6]
4141					If set, colons are treated as a regular
4142					character in addresses.  If not set,
4143					they are treated as the introducer to
4144					the RFC 822 "group" syntax.  Colons are
4145					handled properly in route-addrs.  This
4146					option defaults on for V5 and lower
4147					configuration files.
4148confMAX_QUEUE_RUN_SIZE	MaxQueueRunSize	[0] If set, limit the maximum size of
4149					any given queue run to this number of
4150					entries.  Essentially, this will stop
4151					reading each queue directory after this
4152					number of entries are reached; it does
4153					_not_ pick the highest priority jobs,
4154					so this should be as large as your
4155					system can tolerate.  If not set, there
4156					is no limit.
4157confMAX_QUEUE_CHILDREN	MaxQueueChildren
4158					[undefined] Limits the maximum number
4159					of concurrent queue runners active.
4160					This is to keep system resources used
4161					within a reasonable limit.  Relates to
4162					Queue Groups and ForkEachJob.
4163confMAX_RUNNERS_PER_QUEUE	MaxRunnersPerQueue
4164					[1] Only active when MaxQueueChildren
4165					defined.  Controls the maximum number
4166					of queue runners (aka queue children)
4167					active at the same time in a work
4168					group.  See also MaxQueueChildren.
4169confDONT_EXPAND_CNAMES	DontExpandCnames
4170					[False] If set, $[ ... $] lookups that
4171					do DNS based lookups do not expand
4172					CNAME records.  This currently violates
4173					the published standards, but the IETF
4174					seems to be moving toward legalizing
4175					this.  For example, if "FTP.Foo.ORG"
4176					is a CNAME for "Cruft.Foo.ORG", then
4177					with this option set a lookup of
4178					"FTP" will return "FTP.Foo.ORG"; if
4179					clear it returns "Cruft.FOO.ORG".  N.B.
4180					you may not see any effect until your
4181					downstream neighbors stop doing CNAME
4182					lookups as well.
4183confFROM_LINE		UnixFromLine	[From $g $d] The From_ line used
4184					when sending to files or programs.
4185confSINGLE_LINE_FROM_HEADER  SingleLineFromHeader
4186					[False] From: lines that have
4187					embedded newlines are unwrapped
4188					onto one line.
4189confALLOW_BOGUS_HELO	AllowBogusHELO	[False] Allow HELO SMTP command that
4190					does not include a host name.
4191confMUST_QUOTE_CHARS	MustQuoteChars	[.'] Characters to be quoted in a full
4192					name phrase (@,;:\()[] are automatic).
4193confOPERATORS		OperatorChars	[.:%@!^/[]+] Address operator
4194					characters.
4195confSMTP_LOGIN_MSG	SmtpGreetingMessage
4196					[$j Sendmail $v/$Z; $b]
4197					The initial (spontaneous) SMTP
4198					greeting message.  The word "ESMTP"
4199					will be inserted between the first and
4200					second words to convince other
4201					sendmails to try to speak ESMTP.
4202confDONT_INIT_GROUPS	DontInitGroups	[False] If set, the initgroups(3)
4203					routine will never be invoked.  You
4204					might want to do this if you are
4205					running NIS and you have a large group
4206					map, since this call does a sequential
4207					scan of the map; in a large site this
4208					can cause your ypserv to run
4209					essentially full time.  If you set
4210					this, agents run on behalf of users
4211					will only have their primary
4212					(/etc/passwd) group permissions.
4213confUNSAFE_GROUP_WRITES	UnsafeGroupWrites
4214					[True] If set, group-writable
4215					:include: and .forward files are
4216					considered "unsafe", that is, programs
4217					and files cannot be directly referenced
4218					from such files.  World-writable files
4219					are always considered unsafe.
4220					Notice: this option is deprecated and
4221					will be removed in future versions;
4222					Set GroupWritableForwardFileSafe
4223					and GroupWritableIncludeFileSafe in
4224					DontBlameSendmail if required.
4225confCONNECT_ONLY_TO	ConnectOnlyTo	[undefined] override connection
4226					address (for testing).
4227confCONTROL_SOCKET_NAME	ControlSocketName
4228					[undefined] Control socket for daemon
4229					management.
4230confDOUBLE_BOUNCE_ADDRESS  DoubleBounceAddress
4231					[postmaster] If an error occurs when
4232					sending an error message, send that
4233					"double bounce" error message to this
4234					address.  If it expands to an empty
4235					string, double bounces are dropped.
4236confSOFT_BOUNCE		SoftBounce	[False] If set, issue temporary errors
4237					(4xy) instead of permanent errors
4238					(5xy).  This can be useful during
4239					testing of a new configuration to
4240					avoid erroneous bouncing of mails.
4241confDEAD_LETTER_DROP	DeadLetterDrop	[undefined] Filename to save bounce
4242					messages which could not be returned
4243					to the user or sent to postmaster.
4244					If not set, the queue file will
4245					be renamed.
4246confRRT_IMPLIES_DSN	RrtImpliesDsn	[False] Return-Receipt-To: header
4247					implies DSN request.
4248confRUN_AS_USER		RunAsUser	[undefined] If set, become this user
4249					when reading and delivering mail.
4250					Causes all file reads (e.g., .forward
4251					and :include: files) to be done as
4252					this user.  Also, all programs will
4253					be run as this user, and all output
4254					files will be written as this user.
4255confMAX_RCPTS_PER_MESSAGE  MaxRecipientsPerMessage
4256					[infinite] If set, allow no more than
4257					the specified number of recipients in
4258					an SMTP envelope.  Further recipients
4259					receive a 452 error code (i.e., they
4260					are deferred for the next delivery
4261					attempt).
4262confBAD_RCPT_THROTTLE	BadRcptThrottle	[infinite] If set and the specified
4263					number of recipients in a single SMTP
4264					transaction have been rejected, sleep
4265					for one second after each subsequent
4266					RCPT command in that transaction.
4267confDONT_PROBE_INTERFACES  DontProbeInterfaces
4268					[False] If set, sendmail will _not_
4269					insert the names and addresses of any
4270					local interfaces into class {w}
4271					(list of known "equivalent" addresses).
4272					If you set this, you must also include
4273					some support for these addresses (e.g.,
4274					in a mailertable entry) -- otherwise,
4275					mail to addresses in this list will
4276					bounce with a configuration error.
4277					If set to "loopback" (without
4278					quotes), sendmail will skip
4279					loopback interfaces (e.g., "lo0").
4280confPID_FILE		PidFile		[system dependent] Location of pid
4281					file.
4282confPROCESS_TITLE_PREFIX  ProcessTitlePrefix
4283					[undefined] Prefix string for the
4284					process title shown on 'ps' listings.
4285confDONT_BLAME_SENDMAIL	DontBlameSendmail
4286					[safe] Override sendmail's file
4287					safety checks.  This will definitely
4288					compromise system security and should
4289					not be used unless absolutely
4290					necessary.
4291confREJECT_MSG		-		[550 Access denied] The message
4292					given if the access database contains
4293					REJECT in the value portion.
4294confRELAY_MSG		-		[550 Relaying denied] The message
4295					given if an unauthorized relaying
4296					attempt is rejected.
4297confDF_BUFFER_SIZE	DataFileBufferSize
4298					[4096] The maximum size of a
4299					memory-buffered data (df) file
4300					before a disk-based file is used.
4301confXF_BUFFER_SIZE	XScriptFileBufferSize
4302					[4096] The maximum size of a
4303					memory-buffered transcript (xf)
4304					file before a disk-based file is
4305					used.
4306confAUTH_MECHANISMS	AuthMechanisms	[EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5
4307					CRAM-MD5] List of authentication
4308					mechanisms for AUTH (separated by
4309					spaces).  The advertised list of
4310					authentication mechanisms will be the
4311					intersection of this list and the list
4312					of available mechanisms as determined
4313					by the Cyrus SASL library.
4314confAUTH_REALM		AuthRealm	[undefined] The authentication realm
4315					that is passed to the Cyrus SASL
4316					library.  If no realm is specified,
4317					$j is used.  See KNOWNBUGS.
4318confDEF_AUTH_INFO	DefaultAuthInfo	[undefined] Name of file that contains
4319					authentication information for
4320					outgoing connections.  This file must
4321					contain the user id, the authorization
4322					id, the password (plain text), the
4323					realm to use, and the list of
4324					mechanisms to try, each on a separate
4325					line and must be readable by root (or
4326					the trusted user) only.  If no realm
4327					is specified, $j is used.  If no
4328					mechanisms are given in the file,
4329					AuthMechanisms is used.  Notice: this
4330					option is deprecated and will be
4331					removed in future versions; it doesn't
4332					work for the MSP since it can't read
4333					the file.  Use the authinfo ruleset
4334					instead.  See also the section SMTP
4335					AUTHENTICATION.
4336confAUTH_OPTIONS	AuthOptions	[undefined] If this option is 'A'
4337					then the AUTH= parameter for the
4338					MAIL FROM command is only issued
4339					when authentication succeeded.
4340					See doc/op/op.me for more options
4341					and details.
4342confAUTH_MAX_BITS	AuthMaxBits	[INT_MAX] Limit the maximum encryption
4343					strength for the security layer in
4344					SMTP AUTH (SASL).  Default is
4345					essentially unlimited.
4346confTLS_SRV_OPTIONS	TLSSrvOptions	If this option is 'V' no client
4347					verification is performed, i.e.,
4348					the server doesn't ask for a
4349					certificate.
4350confSERVER_SSL_OPTIONS	ServerSSLOptions	[undefined] SSL related
4351					options for server side.  See
4352					SSL_CTX_set_options(3) for a list.
4353confCLIENT_SSL_OPTIONS	ClientSSLOptions	[undefined] SSL related
4354					options for client side. See
4355					SSL_CTX_set_options(3) for a list.
4356confCIPHER_LIST		CipherList	[undefined] Cipher list for TLS.
4357					See ciphers(1) for possible values.
4358confLDAP_DEFAULT_SPEC	LDAPDefaultSpec	[undefined] Default map
4359					specification for LDAP maps.  The
4360					value should only contain LDAP
4361					specific settings such as "-h host
4362					-p port -d bindDN", etc.  The
4363					settings will be used for all LDAP
4364					maps unless they are specified in
4365					the individual map specification
4366					('K' command).
4367confCACERT_PATH		CACertPath	[undefined] Path to directory with
4368					certificates of CAs which must contain
4369					their hashes as filenames or links.
4370confCACERT		CACertFile	[undefined] File containing at least
4371					one CA certificate.
4372confSERVER_CERT		ServerCertFile	[undefined] File containing the
4373					cert of the server, i.e., this cert
4374					is used when sendmail acts as
4375					server.
4376confSERVER_KEY		ServerKeyFile	[undefined] File containing the
4377					private key belonging to the server
4378					cert.
4379confCLIENT_CERT		ClientCertFile	[undefined] File containing the
4380					cert of the client, i.e., this cert
4381					is used when sendmail acts as
4382					client.
4383confCLIENT_KEY		ClientKeyFile	[undefined] File containing the
4384					private key belonging to the client
4385					cert.
4386confCRL			CRLFile		[undefined] File containing certificate
4387					revocation status, useful for X.509v3
4388					authentication.
4389confCRL_PATH		CRLPath		[undefined] Directory containing
4390					hashes pointing to certificate
4391					revocation status files.
4392confDH_PARAMETERS	DHParameters	[undefined] File containing the
4393					DH parameters.
4394confDANE		DANE		[false] Enable DANE support.
4395confRAND_FILE		RandFile	[undefined] File containing random
4396					data (use prefix file:) or the
4397					name of the UNIX socket if EGD is
4398					used (use prefix egd:).  STARTTLS
4399					requires this option if the compile
4400					flag HASURANDOM is not set (see
4401					sendmail/README).
4402confCERT_FINGERPRINT_ALGORITHM	CertFingerprintAlgorithm
4403					[undefined] The fingerprint algorithm
4404					(digest) to use for the presented
4405					cert.
4406confSSL_ENGINE		SSLEngine	[undefined] Name of SSLEngine.
4407confSSL_ENGINE_PATH	SSLEnginePath	[undefined] Path to dynamic library
4408					for SSLEngine.
4409confNICE_QUEUE_RUN	NiceQueueRun	[undefined]  If set, the priority of
4410					queue runners is set the given value
4411					(nice(3)).
4412confDIRECT_SUBMISSION_MODIFIERS	DirectSubmissionModifiers
4413					[undefined] Defines {daemon_flags}
4414					for direct submissions.
4415confUSE_MSP		UseMSP		[undefined] Use as mail submission
4416					program, see sendmail/SECURITY.
4417confDELIVER_BY_MIN	DeliverByMin	[0] Minimum time for Deliver By
4418					SMTP Service Extension (RFC 2852).
4419confREQUIRES_DIR_FSYNC	RequiresDirfsync	[true] RequiresDirfsync can
4420					be used to turn off the compile time
4421					flag REQUIRES_DIR_FSYNC at runtime.
4422					See sendmail/README for details.
4423confSHARED_MEMORY_KEY	SharedMemoryKey [0] Key for shared memory.
4424confSHARED_MEMORY_KEY_FILE
4425			SharedMemoryKeyFile
4426					[undefined] File where the
4427					automatically selected key for
4428					shared memory is stored.
4429confFAST_SPLIT		FastSplit	[1] If set to a value greater than
4430					zero, the initial MX lookups on
4431					addresses is suppressed when they
4432					are sorted which may result in
4433					faster envelope splitting.  If the
4434					mail is submitted directly from the
4435					command line, then the value also
4436					limits the number of processes to
4437					deliver the envelopes.
4438confMAILBOX_DATABASE	MailboxDatabase	[pw] Type of lookup to find
4439					information about local mailboxes.
4440confDEQUOTE_OPTS	-		[empty] Additional options for the
4441					dequote map.
4442confMAX_NOOP_COMMANDS	MaxNOOPCommands	[20] Maximum number of "useless"
4443					commands before the SMTP server
4444					will slow down responding.
4445confHELO_NAME		HeloName	If defined, use as name for EHLO/HELO
4446					command (instead of $j).
4447confINPUT_MAIL_FILTERS	InputMailFilters
4448					A comma separated list of filters
4449					which determines which filters and
4450					the invocation sequence are
4451					contacted for incoming SMTP
4452					messages.  If none are set, no
4453					filters will be contacted.
4454confMILTER_LOG_LEVEL	Milter.LogLevel	[9] Log level for input mail filter
4455					actions, defaults to LogLevel.
4456confMILTER_MACROS_CONNECT	Milter.macros.connect
4457					[j, _, {daemon_name}, {if_name},
4458					{if_addr}] Macros to transmit to
4459					milters when a session connection
4460					starts.
4461confMILTER_MACROS_HELO	Milter.macros.helo
4462					[{tls_version}, {cipher},
4463					{cipher_bits}, {cert_subject},
4464					{cert_issuer}] Macros to transmit to
4465					milters after HELO/EHLO command.
4466confMILTER_MACROS_ENVFROM	Milter.macros.envfrom
4467					[i, {auth_type}, {auth_authen},
4468					{auth_ssf}, {auth_author},
4469					{mail_mailer}, {mail_host},
4470					{mail_addr}] Macros to transmit to
4471					milters after MAIL FROM command.
4472confMILTER_MACROS_ENVRCPT	Milter.macros.envrcpt
4473					[{rcpt_mailer}, {rcpt_host},
4474					{rcpt_addr}] Macros to transmit to
4475					milters after RCPT TO command.
4476confMILTER_MACROS_EOM		Milter.macros.eom
4477					[{msg_id}] Macros to transmit to
4478					milters after the terminating
4479					DATA '.' is received.
4480confMILTER_MACROS_EOH		Milter.macros.eoh
4481					Macros to transmit to milters
4482					after the end of headers.
4483confMILTER_MACROS_DATA		Milter.macros.data
4484					Macros to transmit to milters
4485					after DATA command is received.
4486
4487
4488See also the description of OSTYPE for some parameters that can be
4489tweaked (generally pathnames to mailers).
4490
4491ClientPortOptions and DaemonPortOptions are special cases since multiple
4492clients/daemons can be defined.  This can be done via
4493
4494	CLIENT_OPTIONS(`field1=value1,field2=value2,...')
4495	DAEMON_OPTIONS(`field1=value1,field2=value2,...')
4496
4497Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
4498ClientPortOptions settings) are allowed in order to give settings for each
4499protocol family (e.g., one for Family=inet and one for Family=inet6).  A
4500restriction placed on one family only affects outgoing connections on that
4501particular family.
4502
4503If DAEMON_OPTIONS is not used, then the default is
4504
4505	DAEMON_OPTIONS(`Port=smtp, Name=MTA')
4506	DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
4507
4508If you use one DAEMON_OPTIONS macro, it will alter the parameters
4509of the first of these.  The second will still be defaulted; it
4510represents a "Message Submission Agent" (MSA) as defined by RFC
45112476 (see below).  To turn off the default definition for the MSA,
4512use FEATURE(`no_default_msa') (see also FEATURES).  If you use
4513additional DAEMON_OPTIONS macros, they will add additional daemons.
4514
4515Example 1:  To change the port for the SMTP listener, while
4516still using the MSA default, use
4517	DAEMON_OPTIONS(`Port=925, Name=MTA')
4518
4519Example 2:  To change the port for the MSA daemon, while still
4520using the default SMTP port, use
4521	FEATURE(`no_default_msa')
4522	DAEMON_OPTIONS(`Name=MTA')
4523	DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
4524
4525Note that if the first of those DAEMON_OPTIONS lines were omitted, then
4526there would be no listener on the standard SMTP port.
4527
4528Example 3: To listen on both IPv4 and IPv6 interfaces, use
4529
4530	DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4531	DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4532
4533A "Message Submission Agent" still uses all of the same rulesets for
4534processing the message (and therefore still allows message rejection via
4535the check_* rulesets).  In accordance with the RFC, the MSA will ensure
4536that all domains in envelope addresses are fully qualified if the message
4537is relayed to another MTA.  It will also enforce the normal address syntax
4538rules and log error messages.  Additionally, by using the M=a modifier you
4539can require authentication before messages are accepted by the MSA.
4540Notice: Do NOT use the 'a' modifier on a public accessible MTA!  Finally,
4541the M=E modifier shown above disables ETRN as required by RFC 2476.
4542
4543Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
4544commands:
4545
4546	INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
4547	MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
4548
4549The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
4550same order they were specified by also setting confINPUT_MAIL_FILTERS.  A
4551filter can be defined without adding it to the input filter list by using
4552MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
4553Alternatively, you can reset the list of filters and their order by setting
4554confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
4555your .mc file.
4556
4557
4558+----------------------------+
4559| MESSAGE SUBMISSION PROGRAM |
4560+----------------------------+
4561
4562The purpose of the message submission program (MSP) is explained
4563in sendmail/SECURITY.  This section contains a list of caveats and
4564a few hints how for those who want to tweak the default configuration
4565for it (which is installed as submit.cf).
4566
4567Notice: do not add options/features to submit.mc unless you are
4568absolutely sure you need them.  Options you may want to change
4569include:
4570
4571- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4572  avoiding X-Authentication warnings.
4573- confTIME_ZONE to change it from the default `USE_TZ'.
4574- confDELIVERY_MODE is set to interactive in msp.m4 instead
4575  of the default background mode.
4576- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4577  to the LOCAL_RELAY instead of the default relay.
4578- confRAND_FILE if you use STARTTLS and sendmail is not compiled with
4579  the flag HASURANDOM.
4580
4581The MSP performs hostname canonicalization by default.  As also
4582explained in sendmail/SECURITY, mail may end up for various DNS
4583related reasons in the MSP queue. This problem can be minimized by
4584using
4585
4586	FEATURE(`nocanonify', `canonify_hosts')
4587	define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
4588
4589See the discussion about nocanonify for possible side effects.
4590
4591Some things are not intended to work with the MSP.  These include
4592features that influence the delivery process (e.g., mailertable,
4593aliases), or those that are only important for a SMTP server (e.g.,
4594virtusertable, DaemonPortOptions, multiple queues).  Moreover,
4595relaxing certain restrictions (RestrictQueueRun, permissions on
4596queue directory) or adding features (e.g., enabling prog/file mailer)
4597can cause security problems.
4598
4599Other things don't work well with the MSP and require tweaking or
4600workarounds.  For example, to allow for client authentication it
4601is not just sufficient to provide a client certificate and the
4602corresponding key, but it is also necessary to make the key group
4603(smmsp) readable and tell sendmail not to complain about that, i.e.,
4604
4605	define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
4606
4607If the MSP should actually use AUTH then the necessary data
4608should be placed in a map as explained in SMTP AUTHENTICATION:
4609
4610FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')
4611
4612/etc/mail/msp-authinfo should contain an entry like:
4613
4614	AuthInfo:127.0.0.1	"U:smmsp" "P:secret" "M:DIGEST-MD5"
4615
4616The file and the map created by makemap should be owned by smmsp,
4617its group should be smmsp, and it should have mode 640.  The database
4618used by the MTA for AUTH must have a corresponding entry.
4619Additionally the MTA must trust this authentication data so the AUTH=
4620part will be relayed on to the next hop.  This can be achieved by
4621adding the following to your sendmail.mc file:
4622
4623	LOCAL_RULESETS
4624	SLocal_trust_auth
4625	R$*	$: $&{auth_authen}
4626	Rsmmsp	$# OK
4627
4628Note: the authentication data can leak to local users who invoke
4629the MSP with debug options or even with -v.  For that reason either
4630an authentication mechanism that does not show the password in the
4631AUTH dialogue (e.g., DIGEST-MD5) or a different authentication
4632method like STARTTLS should be used.
4633
4634feature/msp.m4 defines almost all settings for the MSP.  Most of
4635those should not be changed at all.  Some of the features and options
4636can be overridden if really necessary.  It is a bit tricky to do
4637this, because it depends on the actual way the option is defined
4638in feature/msp.m4.  If it is directly defined (i.e., define()) then
4639the modified value must be defined after
4640
4641	FEATURE(`msp')
4642
4643If it is conditionally defined (i.e., ifdef()) then the desired
4644value must be defined before the FEATURE line in the .mc file.
4645To see how the options are defined read feature/msp.m4.
4646
4647
4648+--------------------------+
4649| FORMAT OF FILES AND MAPS |
4650+--------------------------+
4651
4652Files that define classes, i.e., F{classname}, consist of lines
4653each of which contains a single element of the class.  For example,
4654/etc/mail/local-host-names may have the following content:
4655
4656my.domain
4657another.domain
4658
4659Maps must be created using makemap(8) , e.g.,
4660
4661	makemap hash MAP < MAP
4662
4663In general, a text file from which a map is created contains lines
4664of the form
4665
4666key	value
4667
4668where 'key' and 'value' are also called LHS and RHS, respectively.
4669By default, the delimiter between LHS and RHS is a non-empty sequence
4670of white space characters.
4671
4672
4673+------------------+
4674| DIRECTORY LAYOUT |
4675+------------------+
4676
4677Within this directory are several subdirectories, to wit:
4678
4679m4		General support routines.  These are typically
4680		very important and should not be changed without
4681		very careful consideration.
4682
4683cf		The configuration files themselves.  They have
4684		".mc" suffixes, and must be run through m4 to
4685		become complete.  The resulting output should
4686		have a ".cf" suffix.
4687
4688ostype		Definitions describing a particular operating
4689		system type.  These should always be referenced
4690		using the OSTYPE macro in the .mc file.  Examples
4691		include "bsd4.3", "bsd4.4", "sunos3.5", and
4692		"sunos4.1".
4693
4694domain		Definitions describing a particular domain, referenced
4695		using the DOMAIN macro in the .mc file.  These are
4696		site dependent; for example, "CS.Berkeley.EDU.m4"
4697		describes hosts in the CS.Berkeley.EDU subdomain.
4698
4699mailer		Descriptions of mailers.  These are referenced using
4700		the MAILER macro in the .mc file.
4701
4702sh		Shell files used when building the .cf file from the
4703		.mc file in the cf subdirectory.
4704
4705feature		These hold special orthogonal features that you might
4706		want to include.  They should be referenced using
4707		the FEATURE macro.
4708
4709hack		Local hacks.  These can be referenced using the HACK
4710		macro.  They shouldn't be of more than voyeuristic
4711		interest outside the .Berkeley.EDU domain, but who knows?
4712
4713siteconfig	Site configuration -- e.g., tables of locally connected
4714		UUCP sites.
4715
4716
4717+------------------------+
4718| ADMINISTRATIVE DETAILS |
4719+------------------------+
4720
4721The following sections detail usage of certain internal parts of the
4722sendmail.cf file.  Read them carefully if you are trying to modify
4723the current model.  If you find the above descriptions adequate, these
4724should be {boring, confusing, tedious, ridiculous} (pick one or more).
4725
4726RULESETS (* means built in to sendmail)
4727
4728   0 *	Parsing
4729   1 *	Sender rewriting
4730   2 *	Recipient rewriting
4731   3 *	Canonicalization
4732   4 *	Post cleanup
4733   5 *	Local address rewrite (after aliasing)
4734  1x	mailer rules (sender qualification)
4735  2x	mailer rules (recipient qualification)
4736  3x	mailer rules (sender header qualification)
4737  4x	mailer rules (recipient header qualification)
4738  5x	mailer subroutines (general)
4739  6x	mailer subroutines (general)
4740  7x	mailer subroutines (general)
4741  8x	reserved
4742  90	Mailertable host stripping
4743  96	Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4744  97	Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4745  98	Local part of ruleset 0 (ruleset 8 in old sendmail)
4746
4747
4748MAILERS
4749
4750   0	local, prog	local and program mailers
4751   1	[e]smtp, relay	SMTP channel
4752   2	uucp-*		UNIX-to-UNIX Copy Program
4753   3	netnews		Network News delivery
4754   4	fax		Sam Leffler's HylaFAX software
4755   5	mail11		DECnet mailer
4756
4757
4758MACROS
4759
4760   A
4761   B	Bitnet Relay
4762   C	DECnet Relay
4763   D	The local domain -- usually not needed
4764   E	reserved for X.400 Relay
4765   F	FAX Relay
4766   G
4767   H	mail Hub (for mail clusters)
4768   I
4769   J
4770   K
4771   L	Luser Relay
4772   M	Masquerade (who you claim to be)
4773   N
4774   O
4775   P
4776   Q
4777   R	Relay (for unqualified names)
4778   S	Smart Host
4779   T
4780   U	my UUCP name (if you have a UUCP connection)
4781   V	UUCP Relay (class {V} hosts)
4782   W	UUCP Relay (class {W} hosts)
4783   X	UUCP Relay (class {X} hosts)
4784   Y	UUCP Relay (all other hosts)
4785   Z	Version number
4786
4787
4788CLASSES
4789
4790   A
4791   B	domains that are candidates for bestmx lookup
4792   C
4793   D
4794   E	addresses that should not seem to come from $M
4795   F	hosts this system forward for
4796   G	domains that should be looked up in genericstable
4797   H
4798   I
4799   J
4800   K
4801   L	addresses that should not be forwarded to $R
4802   M	domains that should be mapped to $M
4803   N	host/domains that should not be mapped to $M
4804   O	operators that indicate network operations (cannot be in local names)
4805   P	top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4806   Q
4807   R	domains this system is willing to relay (pass anti-spam filters)
4808   S
4809   T
4810   U	locally connected UUCP hosts
4811   V	UUCP hosts connected to relay $V
4812   W	UUCP hosts connected to relay $W
4813   X	UUCP hosts connected to relay $X
4814   Y	locally connected smart UUCP hosts
4815   Z	locally connected domain-ized UUCP hosts
4816   .	the class containing only a dot
4817   [	the class containing only a left bracket
4818
4819
4820M4 DIVERSIONS
4821
4822   1	Local host detection and resolution
4823   2	Local Ruleset 3 additions
4824   3	Local Ruleset 0 additions
4825   4	UUCP Ruleset 0 additions
4826   5	locally interpreted names (overrides $R)
4827   6	local configuration (at top of file)
4828   7	mailer definitions
4829   8	DNS based blocklists
4830   9	special local rulesets (1 and 2)
4831
4832