xref: /illumos-gate/usr/src/cmd/sendmail/cf/README (revision 275c9da86e89f8abf71135cf63d9fc23671b2e60)
1
2		SENDMAIL CONFIGURATION FILES
3
4This document describes the sendmail configuration files.  It
5explains how to create a sendmail.cf file for use with sendmail.
6It also describes how to set options for sendmail which are explained
7in the Sendmail Installation and Operation guide, which can be found
8on-line at http://www.sendmail.org/%7Eca/email/doc8.12/op.html .
9Recall this URL throughout this document when references to
10doc/op/op.* are made.
11
12Table of Content:
13
14INTRODUCTION AND EXAMPLE
15A BRIEF INTRODUCTION TO M4
16FILE LOCATIONS
17OSTYPE
18DOMAINS
19MAILERS
20FEATURES
21HACKS
22SITE CONFIGURATION
23USING UUCP MAILERS
24TWEAKING RULESETS
25MASQUERADING AND RELAYING
26USING LDAP FOR ALIASES, MAPS, AND CLASSES
27LDAP ROUTING
28ANTI-SPAM CONFIGURATION CONTROL
29CONNECTION CONTROL
30STARTTLS
31ADDING NEW MAILERS OR RULESETS
32ADDING NEW MAIL FILTERS
33QUEUE GROUP DEFINITIONS
34NON-SMTP BASED CONFIGURATIONS
35WHO AM I?
36ACCEPTING MAIL FOR MULTIPLE NAMES
37USING MAILERTABLES
38USING USERDB TO MAP FULL NAMES
39MISCELLANEOUS SPECIAL FEATURES
40SECURITY NOTES
41TWEAKING CONFIGURATION OPTIONS
42MESSAGE SUBMISSION PROGRAM
43FORMAT OF FILES AND MAPS
44DIRECTORY LAYOUT
45ADMINISTRATIVE DETAILS
46
47
48+--------------------------+
49| INTRODUCTION AND EXAMPLE |
50+--------------------------+
51
52Configuration files are contained in the subdirectory "cf", with a
53suffix ".mc".  They must be run through "m4" to produce a ".cf" file.
54You must pre-load "cf.m4":
55
56	m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
57
58Alternatively, you can simply:
59
60	cd ${CFDIR}/cf
61	/usr/ccs/bin/make config.cf
62
63where ${CFDIR} is the root of the cf directory and config.mc is the
64name of your configuration file.  If you are running a version of M4
65that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
66this, but the versions distributed with 4.4BSD and derivatives do not)
67or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
68For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
69use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash!  For example:
70
71	m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
72
73Let's examine a typical .mc file:
74
75	divert(-1)
76	#
77	# Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
78	#	All rights reserved.
79	# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
80	# Copyright (c) 1988, 1993
81	#	The Regents of the University of California.  All rights reserved.
82	#
83	# By using this file, you agree to the terms and conditions set
84	# forth in the LICENSE file which can be found at the top level of
85	# the sendmail distribution.
86	#
87
88	#
89	#  This is a Berkeley-specific configuration file for HP-UX 9.x.
90	#  It applies only to the Computer Science Division at Berkeley,
91	#  and should not be used elsewhere.   It is provided on the sendmail
92	#  distribution as a sample only.  To create your own configuration
93	#  file, create an appropriate domain file in ../domain, change the
94	#  `DOMAIN' macro below to reference that file, and copy the result
95	#  to a name of your own choosing.
96	#
97	divert(0)
98
99The divert(-1) will delete the crud in the resulting output file.
100The copyright notice can be replaced by whatever your lawyers require;
101our lawyers require the one that is included in these files.  A copyleft
102is a copyright by another name.  The divert(0) restores regular output.
103
104	VERSIONID(`<SCCS or RCS version id>')
105
106VERSIONID is a macro that stuffs the version information into the
107resulting file.  You could use SCCS, RCS, CVS, something else, or
108omit it completely.  This is not the same as the version id included
109in SMTP greeting messages -- this is defined in m4/version.m4.
110
111	OSTYPE(`hpux9')dnl
112
113You must specify an OSTYPE to properly configure things such as the
114pathname of the help and status files, the flags needed for the local
115mailer, and other important things.  If you omit it, you will get an
116error when you try to build the configuration.  Look at the ostype
117directory for the list of known operating system types.
118
119	DOMAIN(`CS.Berkeley.EDU')dnl
120
121This example is specific to the Computer Science Division at Berkeley.
122You can use "DOMAIN(`generic')" to get a sufficiently bland definition
123that may well work for you, or you can create a customized domain
124definition appropriate for your environment.
125
126	MAILER(`local')
127	MAILER(`smtp')
128
129These describe the mailers used at the default CS site.  The local
130mailer is always included automatically.  Beware: MAILER declarations
131should only be followed by LOCAL_* sections.  The general rules are
132that the order should be:
133
134	VERSIONID
135	OSTYPE
136	DOMAIN
137	FEATURE
138	local macro definitions
139	MAILER
140	LOCAL_CONFIG
141	LOCAL_RULE_*
142	LOCAL_RULESETS
143
144There are a few exceptions to this rule.  Local macro definitions which
145influence a FEATURE() should be done before that feature.  For example,
146a define(`PROCMAIL_MAILER_PATH', ...) should be done before
147FEATURE(`local_procmail').
148
149
150+----------------------------+
151| A BRIEF INTRODUCTION TO M4 |
152+----------------------------+
153
154Sendmail uses the M4 macro processor to ``compile'' the configuration
155files.  The most important thing to know is that M4 is stream-based,
156that is, it doesn't understand about lines.  For this reason, in some
157places you may see the word ``dnl'', which stands for ``delete
158through newline''; essentially, it deletes all characters starting
159at the ``dnl'' up to and including the next newline character.  In
160most cases sendmail uses this only to avoid lots of unnecessary
161blank lines in the output.
162
163Other important directives are define(A, B) which defines the macro
164``A'' to have value ``B''.  Macros are expanded as they are read, so
165one normally quotes both values to prevent expansion.  For example,
166
167	define(`SMART_HOST', `smart.foo.com')
168
169One word of warning:  M4 macros are expanded even in lines that appear
170to be comments.  For example, if you have
171
172	# See FEATURE(`foo') above
173
174it will not do what you expect, because the FEATURE(`foo') will be
175expanded.  This also applies to
176
177	# And then define the $X macro to be the return address
178
179because ``define'' is an M4 keyword.  If you want to use them, surround
180them with directed quotes, `like this'.
181
182Since m4 uses single quotes (opening "`" and closing "'") to quote
183arguments, those quotes can't be used in arguments.  For example,
184it is not possible to define a rejection message containing a single
185quote. Usually there are simple workarounds by changing those
186messages; in the worst case it might be ok to change the value
187directly in the generated .cf file, which however is not advised.
188
189+----------------+
190| FILE LOCATIONS |
191+----------------+
192
193sendmail 8.9 has introduced a new configuration directory for sendmail
194related files, /etc/mail.  The new files available for sendmail 8.9 --
195the class {R} /etc/mail/relay-domains and the access database
196/etc/mail/access -- take advantage of this new directory.  Beginning with
1978.10, all files will use this directory by default (some options may be
198set by OSTYPE() files).  This new directory should help to restore
199uniformity to sendmail's file locations.
200
201Below is a table of some of the common changes:
202
203Old filename			New filename
204------------			------------
205/etc/bitdomain			/etc/mail/bitdomain
206/etc/domaintable		/etc/mail/domaintable
207/etc/genericstable		/etc/mail/genericstable
208/etc/uudomain			/etc/mail/uudomain
209/etc/virtusertable		/etc/mail/virtusertable
210/etc/userdb			/etc/mail/userdb
211
212/etc/aliases			/etc/mail/aliases
213/etc/sendmail/aliases		/etc/mail/aliases
214/etc/ucbmail/aliases		/etc/mail/aliases
215/usr/adm/sendmail/aliases	/etc/mail/aliases
216/usr/lib/aliases		/etc/mail/aliases
217/usr/lib/mail/aliases		/etc/mail/aliases
218/usr/ucblib/aliases		/etc/mail/aliases
219
220/etc/sendmail.cw		/etc/mail/local-host-names
221/etc/mail/sendmail.cw		/etc/mail/local-host-names
222/etc/sendmail/sendmail.cw	/etc/mail/local-host-names
223
224/etc/sendmail.ct		/etc/mail/trusted-users
225
226/etc/sendmail.oE		/etc/mail/error-header
227
228/etc/sendmail.hf		/etc/mail/helpfile
229/etc/mail/sendmail.hf		/etc/mail/helpfile
230/usr/ucblib/sendmail.hf		/etc/mail/helpfile
231/etc/ucbmail/sendmail.hf	/etc/mail/helpfile
232/usr/lib/sendmail.hf		/etc/mail/helpfile
233/usr/share/lib/sendmail.hf	/etc/mail/helpfile
234/usr/share/misc/sendmail.hf	/etc/mail/helpfile
235/share/misc/sendmail.hf		/etc/mail/helpfile
236
237/etc/service.switch		/etc/mail/service.switch
238
239/etc/sendmail.st		/etc/mail/statistics
240/etc/mail/sendmail.st		/etc/mail/statistics
241/etc/mailer/sendmail.st		/etc/mail/statistics
242/etc/sendmail/sendmail.st	/etc/mail/statistics
243/usr/lib/sendmail.st		/etc/mail/statistics
244/usr/ucblib/sendmail.st		/etc/mail/statistics
245
246Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
247to create the pathnames.  The default value of this variable is
248`/etc/mail/'.  If you set this macro to a different value, you MUST include
249a trailing slash.
250
251Notice: all filenames used in a .mc (or .cf) file should be absolute
252(starting at the root, i.e., with '/').  Relative filenames most
253likely cause surprises during operations (unless otherwise noted).
254
255
256+--------+
257| OSTYPE |
258+--------+
259
260You MUST define an operating system environment, or the configuration
261file build will puke.  There are several environments available; look
262at the "ostype" directory for the current list.  This macro changes
263things like the location of the alias file and queue directory.  Some
264of these files are identical to one another.
265
266It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
267In general, the OSTYPE macro should go immediately after any version
268information, and MAILER definitions should always go last.
269
270Operating system definitions are usually easy to write.  They may define
271the following variables (everything defaults, so an ostype file may be
272empty).  Unfortunately, the list of configuration-supported systems is
273not as broad as the list of source-supported systems, since many of
274the source contributors do not include corresponding ostype files.
275
276ALIAS_FILE		[/etc/mail/aliases] The location of the text version
277			of the alias file(s).  It can be a comma-separated
278			list of names (but be sure you quote values with
279			commas in them -- for example, use
280				define(`ALIAS_FILE', `a,b')
281			to get "a" and "b" both listed as alias files;
282			otherwise the define() primitive only sees "a").
283HELP_FILE		[/etc/mail/helpfile] The name of the file
284			containing information printed in response to
285			the SMTP HELP command.
286QUEUE_DIR		[/var/spool/mqueue] The directory containing
287			queue files.  To use multiple queues, supply
288			a value ending with an asterisk.  For
289			example, /var/spool/mqueue/qd* will use all of the
290			directories or symbolic links to directories
291			beginning with 'qd' in /var/spool/mqueue as queue
292			directories.  The names 'qf', 'df', and 'xf' are
293			reserved as specific subdirectories for the
294			corresponding queue file types as explained in
295			doc/op/op.me.  See also QUEUE GROUP DEFINITIONS.
296MSP_QUEUE_DIR		[/var/spool/clientmqueue] The directory containing
297			queue files for the MSP (Mail Submission Program).
298STATUS_FILE		[/etc/mail/statistics] The file containing status
299			information.
300LOCAL_MAILER_PATH	[/bin/mail] The program used to deliver local mail.
301LOCAL_MAILER_FLAGS	[Prmn9] The flags used by the local mailer.  The
302			flags lsDFMAw5:/|@q are always included.
303LOCAL_MAILER_ARGS	[mail -d $u] The arguments passed to deliver local
304			mail.
305LOCAL_MAILER_MAX	[undefined] If defined, the maximum size of local
306			mail that you are willing to accept.
307LOCAL_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
308			messages to deliver in a single connection.  Only
309			useful for LMTP local mailers.
310LOCAL_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
311			that ARRIVE from an address that resolves to the
312			local mailer and which are converted to MIME will be
313			labeled with this character set.
314LOCAL_MAILER_EOL	[undefined] If defined, the string to use as the
315			end of line for the local mailer.
316LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
317			[X-Unix] The DSN Diagnostic-Code value for the
318			local mailer.  This should be changed with care.
319LOCAL_SHELL_PATH	[/bin/sh] The shell used to deliver piped email.
320LOCAL_SHELL_FLAGS	[eu9] The flags used by the shell mailer.  The
321			flags lsDFM are always included.
322LOCAL_SHELL_ARGS	[sh -c $u] The arguments passed to deliver "prog"
323			mail.
324LOCAL_SHELL_DIR		[$z:/] The directory search path in which the
325			shell should run.
326LOCAL_MAILER_QGRP	[undefined] The queue group for the local mailer.
327SMTP_MAILER_FLAGS	[undefined] Flags added to SMTP mailer.  Default
328			flags are `mDFMuX' for all SMTP-based mailers; the
329			"esmtp" mailer adds `a'; "smtp8" adds `8'; and
330			"dsmtp" adds `%'.
331RELAY_MAILER_FLAGS	[undefined] Flags added to the relay mailer.  Default
332			flags are `mDFMuX' for all SMTP-based mailers; the
333			relay mailer adds `a8'.  If this is not defined,
334			then SMTP_MAILER_FLAGS is used.
335SMTP_MAILER_MAX		[undefined] The maximum size of messages that will
336			be transported using the smtp, smtp8, esmtp, or dsmtp
337			mailers.
338SMTP_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
339			messages to deliver in a single connection for the
340			smtp, smtp8, esmtp, or dsmtp mailers.
341SMTP_MAILER_MAXRCPTS	[undefined] If defined, the maximum number of
342			recipients to deliver in a single connection for the
343			smtp, smtp8, esmtp, or dsmtp mailers.
344SMTP_MAILER_ARGS	[TCP $h] The arguments passed to the smtp mailer.
345			About the only reason you would want to change this
346			would be to change the default port.
347ESMTP_MAILER_ARGS	[TCP $h] The arguments passed to the esmtp mailer.
348SMTP8_MAILER_ARGS	[TCP $h] The arguments passed to the smtp8 mailer.
349DSMTP_MAILER_ARGS	[TCP $h] The arguments passed to the dsmtp mailer.
350RELAY_MAILER_ARGS	[TCP $h] The arguments passed to the relay mailer.
351SMTP_MAILER_QGRP	[undefined] The queue group for the smtp mailer.
352ESMTP_MAILER_QGRP	[undefined] The queue group for the esmtp mailer.
353SMTP8_MAILER_QGRP	[undefined] The queue group for the smtp8 mailer.
354DSMTP_MAILER_QGRP	[undefined] The queue group for the dsmtp mailer.
355RELAY_MAILER_QGRP	[undefined] The queue group for the relay mailer.
356RELAY_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
357			messages to deliver in a single connection for the
358			relay mailer.
359SMTP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
360			that ARRIVE from an address that resolves to one of
361			the SMTP mailers and which are converted to MIME will
362			be labeled with this character set.
363SMTP_MAILER_LL		[990] The maximum line length for SMTP mailers
364			(except the relay mailer).
365RELAY_MAILER_LL		[2040] The maximum line length for the relay mailer.
366UUCP_MAILER_PATH	[/usr/bin/uux] The program used to send UUCP mail.
367UUCP_MAILER_FLAGS	[undefined] Flags added to UUCP mailer.  Default
368			flags are `DFMhuU' (and `m' for uucp-new mailer,
369			minus `U' for uucp-dom mailer).
370UUCP_MAILER_ARGS	[uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
371			passed to the UUCP mailer.
372UUCP_MAILER_MAX		[100000] The maximum size message accepted for
373			transmission by the UUCP mailers.
374UUCP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
375			that ARRIVE from an address that resolves to one of
376			the UUCP mailers and which are converted to MIME will
377			be labeled with this character set.
378UUCP_MAILER_QGRP	[undefined] The queue group for the UUCP mailers.
379PROCMAIL_MAILER_PATH	[/usr/local/bin/procmail] The path to the procmail
380			program.  This is also used by
381			FEATURE(`local_procmail').
382PROCMAIL_MAILER_FLAGS	[SPhnu9] Flags added to Procmail mailer.  Flags
383			DFM are always set.  This is NOT used by
384			FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
385			instead.
386PROCMAIL_MAILER_ARGS	[procmail -Y -m $h $f $u] The arguments passed to
387			the Procmail mailer.  This is NOT used by
388			FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
389			instead.
390PROCMAIL_MAILER_MAX	[undefined] If set, the maximum size message that
391			will be accepted by the procmail mailer.
392PROCMAIL_MAILER_QGRP	[undefined] The queue group for the procmail mailer.
393confEBINDIR		[/usr/libexec] The directory for executables.
394			Currently used for FEATURE(`local_lmtp') and
395			FEATURE(`smrsh').
396LOCAL_PROG_QGRP		[undefined] The queue group for the prog mailer.
397
398Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
399MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
400of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
401upper case) and change can be: flags that should be used directly
402(thus overriding the default value), or if it starts with `+' (`-')
403then those flags are added to (removed from) the default value.
404Example:
405
406	MODIFY_MAILER_FLAGS(`LOCAL', `+e')
407
408will add the flag `e' to LOCAL_MAILER_FLAGS.  Notice: there are
409several smtp mailers all of which are manipulated individually.
410See the section MAILERS for the available mailer names.
411WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
412unconditionally, i.e., without respecting any definitions in an
413OSTYPE setting.
414
415
416+---------+
417| DOMAINS |
418+---------+
419
420You will probably want to collect domain-dependent defines into one
421file, referenced by the DOMAIN macro.  For example, the Berkeley
422domain file includes definitions for several internal distinguished
423hosts:
424
425UUCP_RELAY	The host that will accept UUCP-addressed email.
426		If not defined, all UUCP sites must be directly
427		connected.
428BITNET_RELAY	The host that will accept BITNET-addressed email.
429		If not defined, the .BITNET pseudo-domain won't work.
430DECNET_RELAY	The host that will accept DECNET-addressed email.
431		If not defined, the .DECNET pseudo-domain and addresses
432		of the form node::user will not work.
433FAX_RELAY	The host that will accept mail to the .FAX pseudo-domain.
434		The "fax" mailer overrides this value.
435LOCAL_RELAY	The site that will handle unqualified names -- that
436		is, names without an @domain extension.
437		Normally MAIL_HUB is preferred for this function.
438		LOCAL_RELAY is mostly useful in conjunction with
439		FEATURE(`stickyhost') -- see the discussion of
440		stickyhost below.  If not set, they are assumed to
441		belong on this machine.  This allows you to have a
442		central site to store a company- or department-wide
443		alias database.  This only works at small sites,
444		and only with some user agents.
445LUSER_RELAY	The site that will handle lusers -- that is, apparently
446		local names that aren't local accounts or aliases.  To
447		specify a local user instead of a site, set this to
448		``local:username''.
449
450Any of these can be either ``mailer:hostname'' (in which case the
451mailer is the internal mailer name, such as ``uucp-new'' and the hostname
452is the name of the host as appropriate for that mailer) or just a
453``hostname'', in which case a default mailer type (usually ``relay'',
454a variant on SMTP) is used.  WARNING: if you have a wildcard MX
455record matching your domain, you probably want to define these to
456have a trailing dot so that you won't get the mail diverted back
457to yourself.
458
459The domain file can also be used to define a domain name, if needed
460(using "DD<domain>") and set certain site-wide features.  If all hosts
461at your site masquerade behind one email name, you could also use
462MASQUERADE_AS here.
463
464You do not have to define a domain -- in particular, if you are a
465single machine sitting off somewhere, it is probably more work than
466it's worth.  This is just a mechanism for combining "domain dependent
467knowledge" into one place.
468
469
470+---------+
471| MAILERS |
472+---------+
473
474There are fewer mailers supported in this version than the previous
475version, owing mostly to a simpler world.  As a general rule, put the
476MAILER definitions last in your .mc file.
477
478local		The local and prog mailers.  You will almost always
479		need these; the only exception is if you relay ALL
480		your mail to another site.  This mailer is included
481		automatically.
482
483smtp		The Simple Mail Transport Protocol mailer.  This does
484		not hide hosts behind a gateway or another other
485		such hack; it assumes a world where everyone is
486		running the name server.  This file actually defines
487		five mailers: "smtp" for regular (old-style) SMTP to
488		other servers, "esmtp" for extended SMTP to other
489		servers, "smtp8" to do SMTP to other servers without
490		converting 8-bit data to MIME (essentially, this is
491		your statement that you know the other end is 8-bit
492		clean even if it doesn't say so), "dsmtp" to do on
493		demand delivery, and "relay" for transmission to the
494		RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
495
496uucp		The UNIX-to-UNIX Copy Program mailer.  Actually, this
497		defines two mailers, "uucp-old" (a.k.a. "uucp") and
498		"uucp-new" (a.k.a. "suucp").  The latter is for when you
499		know that the UUCP mailer at the other end can handle
500		multiple recipients in one transfer.  If the smtp mailer
501		is included in your configuration, two other mailers
502		("uucp-dom" and "uucp-uudom") are also defined [warning: you
503		MUST specify MAILER(`smtp') before MAILER(`uucp')].  When you
504		include the uucp mailer, sendmail looks for all names in
505		class {U} and sends them to the uucp-old mailer; all
506		names in class {Y} are sent to uucp-new; and all
507		names in class {Z} are sent to uucp-uudom.  Note that
508		this is a function of what version of rmail runs on
509		the receiving end, and hence may be out of your control.
510		See the section below describing UUCP mailers in more
511		detail.
512
513procmail	An interface to procmail (does not come with sendmail).
514		This is designed to be used in mailertables.  For example,
515		a common question is "how do I forward all mail for a given
516		domain to a single person?".  If you have this mailer
517		defined, you could set up a mailertable reading:
518
519			host.com	procmail:/etc/procmailrcs/host.com
520
521		with the file /etc/procmailrcs/host.com reading:
522
523			:0	# forward mail for host.com
524			! -oi -f $1 person@other.host
525
526		This would arrange for (anything)@host.com to be sent
527		to person@other.host.  In a procmail script, $1 is the
528		name of the sender and $2 is the name of the recipient.
529		If you use this with FEATURE(`local_procmail'), the FEATURE
530		should be listed first.
531
532		Of course there are other ways to solve this particular
533		problem, e.g., a catch-all entry in a virtusertable.
534
535The local mailer accepts addresses of the form "user+detail", where
536the "+detail" is not used for mailbox matching but is available
537to certain local mail programs (in particular, see
538FEATURE(`local_procmail')).  For example, "eric", "eric+sendmail", and
539"eric+sww" all indicate the same user, but additional arguments <null>,
540"sendmail", and "sww" may be provided for use in sorting mail.
541
542
543+----------+
544| FEATURES |
545+----------+
546
547Special features can be requested using the "FEATURE" macro.  For
548example, the .mc line:
549
550	FEATURE(`use_cw_file')
551
552tells sendmail that you want to have it read an /etc/mail/local-host-names
553file to get values for class {w}.  A FEATURE may contain up to 9
554optional parameters -- for example:
555
556	FEATURE(`mailertable', `dbm /usr/lib/mailertable')
557
558The default database map type for the table features can be set with
559
560	define(`DATABASE_MAP_TYPE', `dbm')
561
562which would set it to use ndbm databases.  The default is the Berkeley DB
563hash database format.  Note that you must still declare a database map type
564if you specify an argument to a FEATURE.  DATABASE_MAP_TYPE is only used
565if no argument is given for the FEATURE.  It must be specified before any
566feature that uses a map.
567
568Also, features which can take a map definition as an argument can also take
569the special keyword `LDAP'.  If that keyword is used, the map will use the
570LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
571CLASSES'' section below.
572
573Available features are:
574
575use_cw_file	Read the file /etc/mail/local-host-names file to get
576		alternate names for this host.  This might be used if you
577		were on a host that MXed for a dynamic set of other hosts.
578		If the set is static, just including the line "Cw<name1>
579		<name2> ..." (where the names are fully qualified domain
580		names) is probably superior.  The actual filename can be
581		overridden by redefining confCW_FILE.
582
583use_ct_file	Read the file /etc/mail/trusted-users file to get the
584		names of users that will be ``trusted'', that is, able to
585		set their envelope from address using -f without generating
586		a warning message.  The actual filename can be overridden
587		by redefining confCT_FILE.
588
589redirect	Reject all mail addressed to "address.REDIRECT" with
590		a ``551 User has moved; please try <address>'' message.
591		If this is set, you can alias people who have left
592		to their new address with ".REDIRECT" appended.
593
594nouucp		Don't route UUCP addresses.  This feature takes one
595		parameter:
596		`reject': reject addresses which have "!" in the local
597			part unless it originates from a system
598			that is allowed to relay.
599		`nospecial': don't do anything special with "!".
600		Warnings: 1. See the notice in the anti-spam section.
601		2. don't remove "!" from OperatorChars if `reject' is
602		given as parameter.
603
604nocanonify	Don't pass addresses to $[ ... $] for canonification
605		by default, i.e., host/domain names are considered canonical,
606		except for unqualified names, which must not be used in this
607		mode (violation of the standard).  It can be changed by
608		setting the DaemonPortOptions modifiers (M=).  That is,
609		FEATURE(`nocanonify') will be overridden by setting the
610		'c' flag.  Conversely, if FEATURE(`nocanonify') is not used,
611		it can be emulated by setting the 'C' flag
612		(DaemonPortOptions=Modifiers=C).  This would generally only
613		be used by sites that only act as mail gateways or which have
614		user agents that do full canonification themselves.  You may
615		also want to use
616		"define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
617		the usual resolver options that do a similar thing.
618
619		An exception list for FEATURE(`nocanonify') can be
620		specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
621		i.e., a list of domains which are nevertheless passed to
622		$[ ... $] for canonification.  This is useful to turn on
623		canonification for local domains, e.g., use
624		CANONIFY_DOMAIN(`my.domain my') to canonify addresses
625		which end in "my.domain" or "my".
626		Another way to require canonification in the local
627		domain is CANONIFY_DOMAIN(`$=m').
628
629		A trailing dot is added to addresses with more than
630		one component in it such that other features which
631		expect a trailing dot (e.g., virtusertable) will
632		still work.
633
634		If `canonify_hosts' is specified as parameter, i.e.,
635		FEATURE(`nocanonify', `canonify_hosts'), then
636		addresses which have only a hostname, e.g.,
637		<user@host>, will be canonified (and hopefully fully
638		qualified), too.
639
640stickyhost	This feature is sometimes used with LOCAL_RELAY,
641		although it can be used for a different effect with
642		MAIL_HUB.
643
644		When used without MAIL_HUB, email sent to
645		"user@local.host" are marked as "sticky" -- that
646		is, the local addresses aren't matched against UDB,
647		don't go through ruleset 5, and are not forwarded to
648		the LOCAL_RELAY (if defined).
649
650		With MAIL_HUB, mail addressed to "user@local.host"
651		is forwarded to the mail hub, with the envelope
652		address still remaining "user@local.host".
653		Without stickyhost, the envelope would be changed
654		to "user@mail_hub", in order to protect against
655		mailing loops.
656
657mailertable	Include a "mailer table" which can be used to override
658		routing for particular domains (which are not in class {w},
659		i.e.  local host names).  The argument of the FEATURE may be
660		the key definition.  If none is specified, the definition
661		used is:
662
663			hash /etc/mail/mailertable
664
665		Keys in this database are fully qualified domain names
666		or partial domains preceded by a dot -- for example,
667		"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".  As a
668		special case of the latter, "." matches any domain not
669		covered by other keys.  Values must be of the form:
670			mailer:domain
671		where "mailer" is the internal mailer name, and "domain"
672		is where to send the message.  These maps are not
673		reflected into the message header.  As a special case,
674		the forms:
675			local:user
676		will forward to the indicated user using the local mailer,
677			local:
678		will forward to the original user in the e-mail address
679		using the local mailer, and
680			error:code message
681			error:D.S.N:code message
682		will give an error message with the indicated SMTP reply
683		code and message, where D.S.N is an RFC 1893 compliant
684		error code.
685
686domaintable	Include a "domain table" which can be used to provide
687		domain name mapping.  Use of this should really be
688		limited to your own domains.  It may be useful if you
689		change names (e.g., your company changes names from
690		oldname.com to newname.com).  The argument of the
691		FEATURE may be the key definition.  If none is specified,
692		the definition used is:
693
694			hash /etc/mail/domaintable
695
696		The key in this table is the domain name; the value is
697		the new (fully qualified) domain.  Anything in the
698		domaintable is reflected into headers; that is, this
699		is done in ruleset 3.
700
701bitdomain	Look up bitnet hosts in a table to try to turn them into
702		internet addresses.  The table can be built using the
703		bitdomain program contributed by John Gardiner Myers.
704		The argument of the FEATURE may be the key definition; if
705		none is specified, the definition used is:
706
707			hash /etc/mail/bitdomain
708
709		Keys are the bitnet hostname; values are the corresponding
710		internet hostname.
711
712uucpdomain	Similar feature for UUCP hosts.  The default map definition
713		is:
714
715			hash /etc/mail/uudomain
716
717		At the moment there is no automagic tool to build this
718		database.
719
720always_add_domain
721		Include the local host domain even on locally delivered
722		mail.  Normally it is not added on unqualified names.
723		However, if you use a shared message store but do not use
724		the same user name space everywhere, you may need the host
725		name on local names.  An optional argument specifies
726		another domain to be added than the local.
727
728allmasquerade	If masquerading is enabled (using MASQUERADE_AS), this
729		feature will cause recipient addresses to also masquerade
730		as being from the masquerade host.  Normally they get
731		the local hostname.  Although this may be right for
732		ordinary users, it can break local aliases.  For example,
733		if you send to "localalias", the originating sendmail will
734		find that alias and send to all members, but send the
735		message with "To: localalias@masqueradehost".  Since that
736		alias likely does not exist, replies will fail.  Use this
737		feature ONLY if you can guarantee that the ENTIRE
738		namespace on your masquerade host supersets all the
739		local entries.
740
741limited_masquerade
742		Normally, any hosts listed in class {w} are masqueraded.  If
743		this feature is given, only the hosts listed in class {M} (see
744		below:  MASQUERADE_DOMAIN) are masqueraded.  This is useful
745		if you have several domains with disjoint namespaces hosted
746		on the same machine.
747
748masquerade_entire_domain
749		If masquerading is enabled (using MASQUERADE_AS) and
750		MASQUERADE_DOMAIN (see below) is set, this feature will
751		cause addresses to be rewritten such that the masquerading
752		domains are actually entire domains to be hidden.  All
753		hosts within the masquerading domains will be rewritten
754		to the masquerade name (used in MASQUERADE_AS).  For example,
755		if you have:
756
757			MASQUERADE_AS(`masq.com')
758			MASQUERADE_DOMAIN(`foo.org')
759			MASQUERADE_DOMAIN(`bar.com')
760
761		then *foo.org and *bar.com are converted to masq.com.  Without
762		this feature, only foo.org and bar.com are masqueraded.
763
764		    NOTE: only domains within your jurisdiction and
765		    current hierarchy should be masqueraded using this.
766
767local_no_masquerade
768		This feature prevents the local mailer from masquerading even
769		if MASQUERADE_AS is used.  MASQUERADE_AS will only have effect
770		on addresses of mail going outside the local domain.
771
772masquerade_envelope
773		If masquerading is enabled (using MASQUERADE_AS) or the
774		genericstable is in use, this feature will cause envelope
775		addresses to also masquerade as being from the masquerade
776		host.  Normally only the header addresses are masqueraded.
777
778genericstable	This feature will cause unqualified addresses (i.e., without
779		a domain) and addresses with a domain listed in class {G}
780		to be looked up in a map and turned into another ("generic")
781		form, which can change both the domain name and the user name.
782		Notice: if you use an MSP (as it is default starting with
783		8.12), the MTA will only receive qualified addresses from the
784		MSP (as required by the RFCs).  Hence you need to add your
785		domain to class {G}.  This feature is similar to the userdb
786		functionality.  The same types of addresses as for
787		masquerading are looked up, i.e., only header sender
788		addresses unless the allmasquerade and/or masquerade_envelope
789		features are given.  Qualified addresses must have the domain
790		part in class {G}; entries can be added to this class by the
791		macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
792		to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
793
794		The argument of FEATURE(`genericstable') may be the map
795		definition; the default map definition is:
796
797			hash /etc/mail/genericstable
798
799		The key for this table is either the full address, the domain
800		(with a leading @; the localpart is passed as first argument)
801		or the unqualified username (tried in the order mentioned);
802		the value is the new user address.  If the new user address
803		does not include a domain, it will be qualified in the standard
804		manner, i.e., using $j or the masquerade name.  Note that the
805		address being looked up must be fully qualified.  For local
806		mail, it is necessary to use FEATURE(`always_add_domain')
807		for the addresses to be qualified.
808		The "+detail" of an address is passed as %1, so entries like
809
810			old+*@foo.org	new+%1@example.com
811			gen+*@foo.org	%1@example.com
812
813		and other forms are possible.
814
815generics_entire_domain
816		If the genericstable is enabled and GENERICS_DOMAIN or
817		GENERICS_DOMAIN_FILE is used, this feature will cause
818		addresses to be searched in the map if their domain
819		parts are subdomains of elements in class {G}.
820
821virtusertable	A domain-specific form of aliasing, allowing multiple
822		virtual domains to be hosted on one machine.  For example,
823		if the virtuser table contains:
824
825			info@foo.com	foo-info
826			info@bar.com	bar-info
827			joe@bar.com	error:nouser 550 No such user here
828			jax@bar.com	error:5.7.0:550 Address invalid
829			@baz.org	jane@example.net
830
831		then mail addressed to info@foo.com will be sent to the
832		address foo-info, mail addressed to info@bar.com will be
833		delivered to bar-info, and mail addressed to anyone at baz.org
834		will be sent to jane@example.net, mail to joe@bar.com will
835		be rejected with the specified error message, and mail to
836		jax@bar.com will also have a RFC 1893 compliant error code
837		5.7.0.
838
839		The username from the original address is passed
840		as %1 allowing:
841
842			@foo.org	%1@example.com
843
844		meaning someone@foo.org will be sent to someone@example.com.
845		Additionally, if the local part consists of "user+detail"
846		then "detail" is passed as %2 and "+detail" is passed as %3
847		when a match against user+* is attempted, so entries like
848
849			old+*@foo.org	new+%2@example.com
850			gen+*@foo.org	%2@example.com
851			+*@foo.org	%1%3@example.com
852			X++@foo.org	Z%3@example.com
853			@bar.org	%1%3
854
855		and other forms are possible.  Note: to preserve "+detail"
856		for a default case (@domain) %1%3 must be used as RHS.
857		There are two wildcards after "+": "+" matches only a non-empty
858		detail, "*" matches also empty details, e.g., user+@foo.org
859		matches +*@foo.org but not ++@foo.org.  This can be used
860		to ensure that the parameters %2 and %3 are not empty.
861
862		All the host names on the left hand side (foo.com, bar.com,
863		and baz.org) must be in class {w} or class {VirtHost}.  The
864		latter can be defined by the macros VIRTUSER_DOMAIN or
865		VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
866		MASQUERADE_DOMAIN_FILE, see below).  If VIRTUSER_DOMAIN or
867		VIRTUSER_DOMAIN_FILE is used, then the entries of class
868		{VirtHost} are added to class {R}, i.e., relaying is allowed
869		to (and from) those domains.  The default map definition is:
870
871			hash /etc/mail/virtusertable
872
873		A new definition can be specified as the second argument of
874		the FEATURE macro, such as
875
876			FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
877
878virtuser_entire_domain
879		If the virtusertable is enabled and VIRTUSER_DOMAIN or
880		VIRTUSER_DOMAIN_FILE is used, this feature will cause
881		addresses to be searched in the map if their domain
882		parts are subdomains of elements in class {VirtHost}.
883
884ldap_routing	Implement LDAP-based e-mail recipient routing according to
885		the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
886		This provides a method to re-route addresses with a
887		domain portion in class {LDAPRoute} to either a
888		different mail host or a different address.  Hosts can
889		be added to this class using LDAPROUTE_DOMAIN and
890		LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
891		MASQUERADE_DOMAIN_FILE, see below).
892
893		See the LDAP ROUTING section below for more information.
894
895nullclient	This is a special case -- it creates a configuration file
896		containing nothing but support for forwarding all mail to a
897		central hub via a local SMTP-based network.  The argument
898		is the name of that hub.
899
900		The only other feature that should be used in conjunction
901		with this one is FEATURE(`nocanonify').  No mailers
902		should be defined.  No aliasing or forwarding is done.
903
904local_lmtp	Use an LMTP capable local mailer.  The argument to this
905		feature is the pathname of an LMTP capable mailer.  By
906		default, mail.local is used.  This is expected to be the
907		mail.local which came with the 8.9 distribution which is
908		LMTP capable.  The path to mail.local is set by the
909		confEBINDIR m4 variable -- making the default
910		LOCAL_MAILER_PATH /usr/libexec/mail.local.
911		If a different LMTP capable mailer is used, its pathname
912		can be specified as second parameter and the arguments
913		passed to it (A=) as third parameter, e.g.,
914
915			FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
916
917		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
918		i.e., without respecting any definitions in an OSTYPE setting.
919
920local_procmail	Use procmail or another delivery agent as the local mailer.
921		The argument to this feature is the pathname of the
922		delivery agent, which defaults to PROCMAIL_MAILER_PATH.
923		Note that this does NOT use PROCMAIL_MAILER_FLAGS or
924		PROCMAIL_MAILER_ARGS for the local mailer; tweak
925		LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
926		specify the appropriate parameters.  When procmail is used,
927		the local mailer can make use of the
928		"user+indicator@local.host" syntax; normally the +indicator
929		is just tossed, but by default it is passed as the -a
930		argument to procmail.
931
932		This feature can take up to three arguments:
933
934		1. Path to the mailer program
935		   [default: /usr/local/bin/procmail]
936		2. Argument vector including name of the program
937		   [default: procmail -Y -a $h -d $u]
938		3. Flags for the mailer [default: SPfhn9]
939
940		Empty arguments cause the defaults to be taken.
941		Note that if you are on a system with a broken
942		setreuid() call, you may need to add -f $f to the procmail
943		argument vector to pass the proper sender to procmail.
944
945		For example, this allows it to use the maildrop
946		(http://www.flounder.net/~mrsam/maildrop/) mailer instead
947		by specifying:
948
949		FEATURE(`local_procmail', `/usr/local/bin/maildrop',
950		 `maildrop -d $u')
951
952		or scanmails using:
953
954		FEATURE(`local_procmail', `/usr/local/bin/scanmails')
955
956		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
957		i.e.,  without respecting any definitions in an OSTYPE setting.
958
959bestmx_is_local	Accept mail as though locally addressed for any host that
960		lists us as the best possible MX record.  This generates
961		additional DNS traffic, but should be OK for low to
962		medium traffic hosts.  The argument may be a set of
963		domains, which will limit the feature to only apply to
964		these domains -- this will reduce unnecessary DNS
965		traffic.  THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
966		WILDCARD MX RECORDS!!!  If you have a wildcard MX record
967		that matches your domain, you cannot use this feature.
968
969smrsh		Use the SendMail Restricted SHell (smrsh) provided
970		with the distribution instead of /bin/sh for mailing
971		to programs.  This improves the ability of the local
972		system administrator to control what gets run via
973		e-mail.  If an argument is provided it is used as the
974		pathname to smrsh; otherwise, the path defined by
975		confEBINDIR is used for the smrsh binary -- by default,
976		/usr/libexec/smrsh is assumed.
977
978promiscuous_relay
979		By default, the sendmail configuration files do not permit
980		mail relaying (that is, accepting mail from outside your
981		local host (class {w}) and sending it to another host than
982		your local host).  This option sets your site to allow
983		mail relaying from any site to any site.  In almost all
984		cases, it is better to control relaying more carefully
985		with the access map, class {R}, or authentication.  Domains
986		can be added to class {R} by the macros RELAY_DOMAIN or
987		RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
988		MASQUERADE_DOMAIN_FILE, see below).
989
990relay_entire_domain
991		This option allows any host in your domain as defined by
992		class {m} to use your server for relaying.  Notice: make
993		sure that your domain is not just a top level domain,
994		e.g., com.  This can happen if you give your host a name
995		like example.com instead of host.example.com.
996
997relay_hosts_only
998		By default, names that are listed as RELAY in the access
999		db and class {R} are treated as domain names, not host names.
1000		For example, if you specify ``foo.com'', then mail to or
1001		from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1002		will all be accepted for relaying.  This feature changes
1003		the behaviour to lookup individual host names only.
1004
1005relay_based_on_MX
1006		Turns on the ability to allow relaying based on the MX
1007		records of the host portion of an incoming recipient; that
1008		is, if an MX record for host foo.com points to your site,
1009		you will accept and relay mail addressed to foo.com.  See
1010		description below for more information before using this
1011		feature.  Also, see the KNOWNBUGS entry regarding bestmx
1012		map lookups.
1013
1014		FEATURE(`relay_based_on_MX') does not necessarily allow
1015		routing of these messages which you expect to be allowed,
1016		if route address syntax (or %-hack syntax) is used.  If
1017		this is a problem, add entries to the access-table or use
1018		FEATURE(`loose_relay_check').
1019
1020relay_mail_from
1021		Allows relaying if the mail sender is listed as RELAY in
1022		the access map.  If an optional argument `domain' (this
1023		is the literal word `domain', not a placeholder) is given,
1024		relaying can be allowed just based on the domain portion
1025		of the sender address.  This feature should only be used if
1026		absolutely necessary as the sender address can be easily
1027		forged.  Use of this feature requires the "From:" tag to
1028		be used for the key in the access map; see the discussion
1029		of tags and FEATURE(`relay_mail_from') in the section on
1030		anti-spam configuration control.
1031
1032relay_local_from
1033		Allows relaying if the domain portion of the mail sender
1034		is a local host.  This should only be used if absolutely
1035		necessary as it opens a window for spammers.  Specifically,
1036		they can send mail to your mail server that claims to be
1037		from your domain (either directly or via a routed address),
1038		and you will go ahead and relay it out to arbitrary hosts
1039		on the Internet.
1040
1041accept_unqualified_senders
1042		Normally, MAIL FROM: commands in the SMTP session will be
1043		refused if the connection is a network connection and the
1044		sender address does not include a domain name.  If your
1045		setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1046		you will need to use this feature to accept unqualified
1047		sender addresses.  Setting the DaemonPortOptions modifier
1048		'u' overrides the default behavior, i.e., unqualified
1049		addresses are accepted even without this FEATURE.
1050		If this FEATURE is not used, the DaemonPortOptions modifier
1051		'f' can be used to enforce fully qualified addresses.
1052
1053accept_unresolvable_domains
1054		Normally, MAIL FROM: commands in the SMTP session will be
1055		refused if the host part of the argument to MAIL FROM:
1056		cannot be located in the host name service (e.g., an A or
1057		MX record in DNS).  If you are inside a firewall that has
1058		only a limited view of the Internet host name space, this
1059		could cause problems.  In this case you probably want to
1060		use this feature to accept all domains on input, even if
1061		they are unresolvable.
1062
1063access_db	Turns on the access database feature.  The access db gives
1064		you the ability to allow or refuse to accept mail from
1065		specified domains for administrative reasons.  Moreover,
1066		it can control the behavior of sendmail in various situations.
1067		By default, the access database specification is:
1068
1069			hash -T<TMPF> /etc/mail/access
1070
1071		See the anti-spam configuration control section for further
1072		important information about this feature.  Notice:
1073		"-T<TMPF>" is meant literal, do not replace it by anything.
1074
1075blacklist_recipients
1076		Turns on the ability to block incoming mail for certain
1077		recipient usernames, hostnames, or addresses.  For
1078		example, you can block incoming mail to user nobody,
1079		host foo.mydomain.com, or guest@bar.mydomain.com.
1080		These specifications are put in the access db as
1081		described in the anti-spam configuration control section
1082		later in this document.
1083
1084delay_checks	The rulesets check_mail and check_relay will not be called
1085		when a client connects or issues a MAIL command, respectively.
1086		Instead, those rulesets will be called by the check_rcpt
1087		ruleset; they will be skipped under certain circumstances.
1088		See "Delay all checks" in the anti-spam configuration control
1089		section.  Note: this feature is incompatible to the versions
1090		in 8.10 and 8.11.
1091
1092use_client_ptr	If this feature is enabled then check_relay will override
1093		its first argument with $&{client_ptr}.  This is useful for
1094		rejections based on the unverified hostname of client,
1095		which turns on the same behavior as in earlier sendmail
1096		versions when delay_checks was not in use.  See doc/op/op.*
1097		about check_relay, {client_name}, and {client_ptr}.
1098
1099dnsbl		Turns on rejection, discarding, or quarantining of hosts
1100		found in a DNS based list.  The first argument is used as
1101		the domain in which blocked hosts are listed.  A second
1102		argument can be used to change the default error message,
1103		or select one of the operations `discard' and `quarantine'.
1104		Without that second argument, the error message will be
1105
1106			Rejected: IP-ADDRESS listed at SERVER
1107
1108		where IP-ADDRESS and SERVER are replaced by the appropriate
1109		information.  By default, temporary lookup failures are
1110		ignored.  This behavior can be changed by specifying a
1111		third argument, which must be either `t' or a full error
1112		message.  See the anti-spam configuration control section for
1113		an example.  The dnsbl feature can be included several times
1114		to query different DNS based rejection lists.  See also
1115		enhdnsbl for an enhanced version.
1116
1117		Set the DNSBL_MAP mc option to change the default map
1118		definition from `host'.  Set the DNSBL_MAP_OPT mc option
1119		to add additional options to the map specification used.
1120
1121		Some DNS based rejection lists cause failures if asked
1122		for AAAA records. If your sendmail version is compiled
1123		with IPv6 support (NETINET6) and you experience this
1124		problem, add
1125
1126			define(`DNSBL_MAP', `dns -R A')
1127
1128		before the first use of this feature.  Alternatively you
1129		can use enhdnsbl instead (see below).  Moreover, this
1130		statement can be used to reduce the number of DNS retries,
1131		e.g.,
1132
1133			define(`DNSBL_MAP', `dns -R A -r2')
1134
1135		See below (EDNSBL_TO) for an explanation.
1136
1137enhdnsbl	Enhanced version of dnsbl (see above).  Further arguments
1138		(up to 5) can be used to specify specific return values
1139		from lookups.  Temporary lookup failures are ignored unless
1140		a third argument is given, which must be either `t' or a full
1141		error message.  By default, any successful lookup will
1142		generate an error.  Otherwise the result of the lookup is
1143		compared with the supplied argument(s), and only if a match
1144		occurs an error is generated.  For example,
1145
1146		FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
1147
1148		will reject the e-mail if the lookup returns the value
1149		``127.0.0.2.'', or generate a 451 response if the lookup
1150		temporarily failed.  The arguments can contain metasymbols
1151		as they are allowed in the LHS of rules.  As the example
1152		shows, the default values are also used if an empty argument,
1153		i.e., `', is specified.  This feature requires that sendmail
1154		has been compiled with the flag DNSMAP (see sendmail/README).
1155
1156		Set the EDNSBL_TO mc option to change the DNS retry count
1157		from the default value of 5, this can be very useful when
1158		a DNS server is not responding, which in turn may cause
1159		clients to time out (an entry stating
1160
1161			did not issue MAIL/EXPN/VRFY/ETRN
1162
1163		will be logged).
1164
1165ratecontrol	Enable simple ruleset to do connection rate control
1166		checking.  This requires entries in access_db of the form
1167
1168			ClientRate:IP.ADD.RE.SS		LIMIT
1169
1170		The RHS specifies the maximum number of connections
1171		(an integer number) over the time interval defined
1172		by ConnectionRateWindowSize, where 0 means unlimited.
1173
1174		Take the following example:
1175
1176			ClientRate:10.1.2.3		4
1177			ClientRate:127.0.0.1		0
1178			ClientRate:			10
1179
1180		10.1.2.3 can only make up to 4 connections, the
1181		general limit it 10, and 127.0.0.1 can make an unlimited
1182		number of connections per ConnectionRateWindowSize.
1183
1184		See also CONNECTION CONTROL.
1185
1186conncontrol	Enable a simple check of the number of incoming SMTP
1187		connections.  This requires entries in access_db of the
1188		form
1189
1190			ClientConn:IP.ADD.RE.SS		LIMIT
1191
1192		The RHS specifies the maximum number of open connections
1193		(an integer number).
1194
1195		Take the following example:
1196
1197			ClientConn:10.1.2.3		4
1198			ClientConn:127.0.0.1		0
1199			ClientConn:			10
1200
1201		10.1.2.3 can only have up to 4 open connections, the
1202		general limit it 10, and 127.0.0.1 does not have any
1203		explicit limit.
1204
1205		See also CONNECTION CONTROL.
1206
1207mtamark		Experimental support for "Marking Mail Transfer Agents in
1208		Reverse DNS with TXT RRs" (MTAMark), see
1209		draft-stumpf-dns-mtamark-01.  Optional arguments are:
1210
1211		1. Error message, default:
1212
1213			550 Rejected: $&{client_addr} not listed as MTA
1214
1215		2. Temporary lookup failures are ignored unless a second
1216		argument is given, which must be either `t' or a full
1217		error message.
1218
1219		3. Lookup prefix, default: _perm._smtp._srv.  This should
1220		not be changed unless the draft changes it.
1221
1222		Example:
1223
1224			FEATURE(`mtamark', `', `t')
1225
1226lookupdotdomain	Look up also .domain in the access map.  This allows to
1227		match only subdomains.  It does not work well with
1228		FEATURE(`relay_hosts_only'), because most lookups for
1229		subdomains are suppressed by the latter feature.
1230
1231loose_relay_check
1232		Normally, if % addressing is used for a recipient, e.g.
1233		user%site@othersite, and othersite is in class {R}, the
1234		check_rcpt ruleset will strip @othersite and recheck
1235		user@site for relaying.  This feature changes that
1236		behavior.  It should not be needed for most installations.
1237
1238preserve_luser_host
1239		Preserve the name of the recipient host if LUSER_RELAY is
1240		used.  Without this option, the domain part of the
1241		recipient address will be replaced by the host specified as
1242		LUSER_RELAY.  This feature only works if the hostname is
1243		passed to the mailer (see mailer triple in op.me).  Note
1244		that in the default configuration the local mailer does not
1245		receive the hostname, i.e., the mailer triple has an empty
1246		hostname.
1247
1248preserve_local_plus_detail
1249		Preserve the +detail portion of the address when passing
1250		address to local delivery agent.  Disables alias and
1251		.forward +detail stripping (e.g., given user+detail, only
1252		that address will be looked up in the alias file; user+* and
1253		user will not be looked up).  Only use if the local
1254		delivery agent in use supports +detail addressing.
1255
1256compat_check	Enable ruleset check_compat to look up pairs of addresses
1257		with the Compat: tag --	Compat:sender<@>recipient -- in the
1258		access map.  Valid values for the RHS include
1259			DISCARD	silently discard recipient
1260			TEMP:	return a temporary error
1261			ERROR:	return a permanent error
1262		In the last two cases, a 4xy/5xy SMTP reply code should
1263		follow the colon.
1264
1265no_default_msa	Don't generate the default MSA daemon, i.e.,
1266		DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1267		To define a MSA daemon with other parameters, use this
1268		FEATURE and introduce new settings via DAEMON_OPTIONS().
1269
1270msp		Defines config file for Message Submission Program.
1271		See cf/submit.mc for how
1272		to use it.  An optional argument can be used to override
1273		the default of `[localhost]' to use as host to send all
1274		e-mails to.  Note that MX records will be used if the
1275		specified hostname is not in square brackets (e.g.,
1276		[hostname]).  If `MSA' is specified as second argument then
1277		port 587 is used to contact the server.  Example:
1278
1279			FEATURE(`msp', `', `MSA')
1280
1281		Some more hints about possible changes can be found below
1282		in the section MESSAGE SUBMISSION PROGRAM.
1283
1284		Note: Due to many problems, submit.mc uses
1285
1286			FEATURE(`msp', `[127.0.0.1]')
1287
1288		by default.  If you have a machine with IPv6 only,
1289		change it to
1290
1291			FEATURE(`msp', `[IPv6:::1]')
1292
1293		If you want to continue using '[localhost]', (the behavior
1294		up to 8.12.6), use
1295
1296			FEATURE(`msp')
1297
1298queuegroup	A simple example how to select a queue group based
1299		on the full e-mail address or the domain of the
1300		recipient.  Selection is done via entries in the
1301		access map using the tag QGRP:, for example:
1302
1303			QGRP:example.com	main
1304			QGRP:friend@some.org	others
1305			QGRP:my.domain		local
1306
1307		where "main", "others", and "local" are names of
1308		queue groups.  If an argument is specified, it is used
1309		as default queue group.
1310
1311		Note: please read the warning in doc/op/op.me about
1312		queue groups and possible queue manipulations.
1313
1314greet_pause	Adds the greet_pause ruleset which enables open proxy
1315		and SMTP slamming protection.  The feature can take an
1316		argument specifying the milliseconds to wait:
1317
1318			FEATURE(`greet_pause', `5000')  dnl 5 seconds
1319
1320		If FEATURE(`access_db') is enabled, an access database
1321		lookup with the GreetPause tag is done using client
1322		hostname, domain, IP address, or subnet to determine the
1323		pause time:
1324
1325			GreetPause:my.domain	0
1326			GreetPause:example.com	5000
1327			GreetPause:10.1.2	2000
1328			GreetPause:127.0.0.1	0
1329
1330		When using FEATURE(`access_db'), the optional
1331		FEATURE(`greet_pause') argument becomes the default if
1332		nothing is found in the access database.  A ruleset called
1333		Local_greet_pause can be used for local modifications, e.g.,
1334
1335			LOCAL_RULESETS
1336			SLocal_greet_pause
1337			R$*		$: $&{daemon_flags}
1338			R$* a $*	$# 0
1339
1340block_bad_helo	Reject messages from SMTP clients which provide a HELO/EHLO
1341		argument which is either unqualified, or is one of our own
1342		names (i.e., the server name instead of the client name).
1343		This check is performed at RCPT stage and disabled for the
1344		following cases:
1345		- authenticated sessions,
1346		- connections from IP addresses in class $={R}.
1347		Currently access_db lookups can not be used to
1348		(selectively) disable this test, moreover,
1349		FEATURE(`delay_checks')
1350		is required.
1351
1352require_rdns	Reject mail from connecting SMTP clients without proper
1353		rDNS (reverse DNS), functional gethostbyaddr() resolution.
1354		Note: this feature will cause false positives, i.e., there
1355		are legitimate MTAs that do not have proper DNS entries.
1356		Rejecting mails from those MTAs is a local policy decision.
1357
1358		The basic policy is to reject message with a 5xx error if
1359		the IP address fails to resolve.  However, if this is a
1360		temporary failure, a 4xx temporary failure is returned.
1361		If the look-up succeeds, but returns an apparently forged
1362		value, this is treated as a temporary failure with a 4xx
1363		error code.
1364
1365		EXCEPTIONS:
1366
1367		Exceptions based on access entries are discussed below.
1368		Any IP address matched using $=R (the "relay-domains" file)
1369		is excepted from the rules.  Since we have explicitly
1370		allowed relaying for this host, based on IP address, we
1371		ignore the rDNS failure.
1372
1373		The philosophical assumption here is that most users do
1374		not control their rDNS.  They should be able to send mail
1375		through their ISP, whether or not they have valid rDNS.
1376		The class $=R, roughly speaking, contains those IP addresses
1377		and address ranges for which we are the ISP, or are acting
1378		as if the ISP.
1379
1380		If `delay_checks' is in effect (recommended), then any
1381		sender who has authenticated is also excepted from the
1382		restrictions.  This happens because the rules produced by
1383		this FEATURE() will not be applied to authenticated senders
1384		(assuming `delay_checks').
1385
1386		ACCESS MAP ENTRIES:
1387
1388		Entries such as
1389			Connect:1.2.3.4		OK
1390			Connect:1.2		RELAY
1391		will whitelist IP address 1.2.3.4, so that the rDNS
1392		blocking does apply to that IP address
1393
1394		Entries such as
1395			Connect:1.2.3.4		REJECT
1396		will have the effect of forcing a temporary failure for
1397		that address to be treated as a permanent failure.
1398
1399badmx		Reject envelope sender addresses (MAIL) whose domain part
1400		resolves to a "bad" MX record.  By default these are
1401		MX records which resolve to A records that match the
1402		regular expression:
1403
1404		^(127\.|10\.|0\.0\.0\.0)
1405
1406		This default regular expression can be overridden by
1407		specifying an argument, e.g.,
1408
1409		FEATURE(`badmx', `^127\.0\.0\.1')
1410
1411		Note: this feature requires that the sendmail binary
1412		has been compiled with the options MAP_REGEX and
1413		DNSMAP.
1414
1415+--------------------+
1416| USING UUCP MAILERS |
1417+--------------------+
1418
1419It's hard to get UUCP mailers right because of the extremely ad hoc
1420nature of UUCP addressing.  These config files are really designed
1421for domain-based addressing, even for UUCP sites.
1422
1423There are four UUCP mailers available.  The choice of which one to
1424use is partly a matter of local preferences and what is running at
1425the other end of your UUCP connection.  Unlike good protocols that
1426define what will go over the wire, UUCP uses the policy that you
1427should do what is right for the other end; if they change, you have
1428to change.  This makes it hard to do the right thing, and discourages
1429people from updating their software.  In general, if you can avoid
1430UUCP, please do.
1431
1432The major choice is whether to go for a domainized scheme or a
1433non-domainized scheme.  This depends entirely on what the other
1434end will recognize.  If at all possible, you should encourage the
1435other end to go to a domain-based system -- non-domainized addresses
1436don't work entirely properly.
1437
1438The four mailers are:
1439
1440    uucp-old (obsolete name: "uucp")
1441	This is the oldest, the worst (but the closest to UUCP) way of
1442	sending messages across UUCP connections.  It does bangify
1443	everything and prepends $U (your UUCP name) to the sender's
1444	address (which can already be a bang path itself).  It can
1445	only send to one address at a time, so it spends a lot of
1446	time copying duplicates of messages.  Avoid this if at all
1447	possible.
1448
1449    uucp-new (obsolete name: "suucp")
1450	The same as above, except that it assumes that in one rmail
1451	command you can specify several recipients.  It still has a
1452	lot of other problems.
1453
1454    uucp-dom
1455	This UUCP mailer keeps everything as domain addresses.
1456	Basically, it uses the SMTP mailer rewriting rules.  This mailer
1457	is only included if MAILER(`smtp') is specified before
1458	MAILER(`uucp').
1459
1460	Unfortunately, a lot of UUCP mailer transport agents require
1461	bangified addresses in the envelope, although you can use
1462	domain-based addresses in the message header.  (The envelope
1463	shows up as the From_ line on UNIX mail.)  So....
1464
1465    uucp-uudom
1466	This is a cross between uucp-new (for the envelope addresses)
1467	and uucp-dom (for the header addresses).  It bangifies the
1468	envelope sender (From_ line in messages) without adding the
1469	local hostname, unless there is no host name on the address
1470	at all (e.g., "wolf") or the host component is a UUCP host name
1471	instead of a domain name ("somehost!wolf" instead of
1472	"some.dom.ain!wolf").  This is also included only if MAILER(`smtp')
1473	is also specified earlier.
1474
1475Examples:
1476
1477On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1478summarizes the sender rewriting for various mailers.
1479
1480Mailer		sender		rewriting in the envelope
1481------		------		-------------------------
1482uucp-{old,new}	wolf		grasp!wolf
1483uucp-dom	wolf		wolf@grasp.insa-lyon.fr
1484uucp-uudom	wolf		grasp.insa-lyon.fr!wolf
1485
1486uucp-{old,new}	wolf@fr.net	grasp!fr.net!wolf
1487uucp-dom	wolf@fr.net	wolf@fr.net
1488uucp-uudom	wolf@fr.net	fr.net!wolf
1489
1490uucp-{old,new}	somehost!wolf	grasp!somehost!wolf
1491uucp-dom	somehost!wolf	somehost!wolf@grasp.insa-lyon.fr
1492uucp-uudom	somehost!wolf	grasp.insa-lyon.fr!somehost!wolf
1493
1494If you are using one of the domainized UUCP mailers, you really want
1495to convert all UUCP addresses to domain format -- otherwise, it will
1496do it for you (and probably not the way you expected).  For example,
1497if you have the address foo!bar!baz (and you are not sending to foo),
1498the heuristics will add the @uucp.relay.name or @local.host.name to
1499this address.  However, if you map foo to foo.host.name first, it
1500will not add the local hostname.  You can do this using the uucpdomain
1501feature.
1502
1503
1504+-------------------+
1505| TWEAKING RULESETS |
1506+-------------------+
1507
1508For more complex configurations, you can define special rules.
1509The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1510the names.  Any modifications made here are reflected in the header.
1511
1512A common use is to convert old UUCP addresses to SMTP addresses using
1513the UUCPSMTP macro.  For example:
1514
1515	LOCAL_RULE_3
1516	UUCPSMTP(`decvax',	`decvax.dec.com')
1517	UUCPSMTP(`research',	`research.att.com')
1518
1519will cause addresses of the form "decvax!user" and "research!user"
1520to be converted to "user@decvax.dec.com" and "user@research.att.com"
1521respectively.
1522
1523This could also be used to look up hosts in a database map:
1524
1525	LOCAL_RULE_3
1526	R$* < @ $+ > $*		$: $1 < @ $(hostmap $2 $) > $3
1527
1528This map would be defined in the LOCAL_CONFIG portion, as shown below.
1529
1530Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1531For example, new rules are needed to parse hostnames that you accept
1532via MX records.  For example, you might have:
1533
1534	LOCAL_RULE_0
1535	R$+ <@ host.dom.ain.>	$#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1536
1537You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1538pointing at this host; this rule catches the message and forwards it on
1539using UUCP.
1540
1541You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1542These rulesets are normally empty.
1543
1544A similar macro is LOCAL_CONFIG.  This introduces lines added after the
1545boilerplate option setting but before rulesets.  Do not declare rulesets in
1546the LOCAL_CONFIG section.  It can be used to declare local database maps or
1547whatever.  For example:
1548
1549	LOCAL_CONFIG
1550	Khostmap hash /etc/mail/hostmap
1551	Kyplocal nis -m hosts.byname
1552
1553
1554+---------------------------+
1555| MASQUERADING AND RELAYING |
1556+---------------------------+
1557
1558You can have your host masquerade as another using
1559
1560	MASQUERADE_AS(`host.domain')
1561
1562This causes mail being sent to be labeled as coming from the
1563indicated host.domain, rather than $j.  One normally masquerades as
1564one of one's own subdomains (for example, it's unlikely that
1565Berkeley would choose to masquerade as an MIT site).  This
1566behaviour is modified by a plethora of FEATUREs; in particular, see
1567masquerade_envelope, allmasquerade, limited_masquerade, and
1568masquerade_entire_domain.
1569
1570The masquerade name is not normally canonified, so it is important
1571that it be your One True Name, that is, fully qualified and not a
1572CNAME.  However, if you use a CNAME, the receiving side may canonify
1573it for you, so don't think you can cheat CNAME mapping this way.
1574
1575Normally the only addresses that are masqueraded are those that come
1576from this host (that is, are either unqualified or in class {w}, the list
1577of local domain names).  You can augment this list, which is realized
1578by class {M} using
1579
1580	MASQUERADE_DOMAIN(`otherhost.domain')
1581
1582The effect of this is that although mail to user@otherhost.domain
1583will not be delivered locally, any mail including any user@otherhost.domain
1584will, when relayed, be rewritten to have the MASQUERADE_AS address.
1585This can be a space-separated list of names.
1586
1587If these names are in a file, you can use
1588
1589	MASQUERADE_DOMAIN_FILE(`filename')
1590
1591to read the list of names from the indicated file (i.e., to add
1592elements to class {M}).
1593
1594To exempt hosts or subdomains from being masqueraded, you can use
1595
1596	MASQUERADE_EXCEPTION(`host.domain')
1597
1598This can come handy if you want to masquerade a whole domain
1599except for one (or a few) host(s).  If these names are in a file,
1600you can use
1601
1602	MASQUERADE_EXCEPTION_FILE(`filename')
1603
1604Normally only header addresses are masqueraded.  If you want to
1605masquerade the envelope as well, use
1606
1607	FEATURE(`masquerade_envelope')
1608
1609There are always users that need to be "exposed" -- that is, their
1610internal site name should be displayed instead of the masquerade name.
1611Root is an example (which has been "exposed" by default prior to 8.10).
1612You can add users to this list using
1613
1614	EXPOSED_USER(`usernames')
1615
1616This adds users to class {E}; you could also use
1617
1618	EXPOSED_USER_FILE(`filename')
1619
1620You can also arrange to relay all unqualified names (that is, names
1621without @host) to a relay host.  For example, if you have a central
1622email server, you might relay to that host so that users don't have
1623to have .forward files or aliases.  You can do this using
1624
1625	define(`LOCAL_RELAY', `mailer:hostname')
1626
1627The ``mailer:'' can be omitted, in which case the mailer defaults to
1628"relay".  There are some user names that you don't want relayed, perhaps
1629because of local aliases.  A common example is root, which may be
1630locally aliased.  You can add entries to this list using
1631
1632	LOCAL_USER(`usernames')
1633
1634This adds users to class {L}; you could also use
1635
1636	LOCAL_USER_FILE(`filename')
1637
1638If you want all incoming mail sent to a centralized hub, as for a
1639shared /var/spool/mail scheme, use
1640
1641	define(`MAIL_HUB', `mailer:hostname')
1642
1643Again, ``mailer:'' defaults to "relay".  If you define both LOCAL_RELAY
1644and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1645be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1646Note: there is a (long standing) bug which keeps this combination from
1647working for addresses of the form user+detail.
1648Names in class {L} will be delivered locally, so you MUST have aliases or
1649.forward files for them.
1650
1651For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1652FEATURE(`stickyhost'), the following combinations of settings will have the
1653indicated effects:
1654
1655email sent to....	eric			  eric@mastodon.CS.Berkeley.EDU
1656
1657LOCAL_RELAY set to	mail.CS.Berkeley.EDU	  (delivered locally)
1658mail.CS.Berkeley.EDU	  (no local aliasing)	    (aliasing done)
1659
1660MAIL_HUB set to		mammoth.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1661mammoth.CS.Berkeley.EDU	  (aliasing done)	    (aliasing done)
1662
1663Both LOCAL_RELAY and	mail.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1664MAIL_HUB set as above	  (no local aliasing)	    (aliasing done)
1665
1666If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1667MAIL_HUB act identically, with MAIL_HUB taking precedence.
1668
1669If you want all outgoing mail to go to a central relay site, define
1670SMART_HOST as well.  Briefly:
1671
1672	LOCAL_RELAY applies to unqualified names (e.g., "eric").
1673	MAIL_HUB applies to names qualified with the name of the
1674		local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1675	SMART_HOST applies to names qualified with other hosts or
1676		bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1677		or "eric@[127.0.0.1]").
1678
1679However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1680DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1681really want absolutely everything to go to a single central site you will
1682need to unset all the other relays -- or better yet, find or build a
1683minimal config file that does this.
1684
1685For duplicate suppression to work properly, the host name is best
1686specified with a terminal dot:
1687
1688	define(`MAIL_HUB', `host.domain.')
1689	      note the trailing dot ---^
1690
1691
1692+-------------------------------------------+
1693| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1694+-------------------------------------------+
1695
1696LDAP can be used for aliases, maps, and classes by either specifying your
1697own LDAP map specification or using the built-in default LDAP map
1698specification.  The built-in default specifications all provide lookups
1699which match against either the machine's fully qualified hostname (${j}) or
1700a "cluster".  The cluster allows you to share LDAP entries among a large
1701number of machines without having to enter each of the machine names into
1702each LDAP entry.  To set the LDAP cluster name to use for a particular
1703machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1704unique name.  For example:
1705
1706	define(`confLDAP_CLUSTER', `Servers')
1707
1708Here, the word `Servers' will be the cluster name.  As an example, assume
1709that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1710to the Servers cluster.
1711
1712Some of the LDAP LDIF examples below show use of the Servers cluster.
1713Every entry must have either a sendmailMTAHost or sendmailMTACluster
1714attribute or it will be ignored.  Be careful as mixing clusters and
1715individual host records can have surprising results (see the CAUTION
1716sections below).
1717
1718See the file cf/sendmail.schema for the actual LDAP schemas.  Note that
1719this schema (and therefore the lookups and examples below) is experimental
1720at this point as it has had little public review.  Therefore, it may change
1721in future versions.  Feedback via sendmail-YYYY@support.sendmail.org is
1722encouraged (replace YYYY with the current year, e.g., 2005).
1723
1724-------
1725Aliases
1726-------
1727
1728The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
1729lookups.  To use the default schema, simply use:
1730
1731	define(`ALIAS_FILE', `ldap:')
1732
1733By doing so, you will use the default schema which expands to a map
1734declared as follows:
1735
1736	ldap -k (&(objectClass=sendmailMTAAliasObject)
1737		  (sendmailMTAAliasGrouping=aliases)
1738		  (|(sendmailMTACluster=${sendmailMTACluster})
1739		    (sendmailMTAHost=$j))
1740		  (sendmailMTAKey=%0))
1741	     -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
1742
1743
1744NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1745used when the binary expands the `ldap:' token as the AliasFile option is
1746not actually macro-expanded when read from the sendmail.cf file.
1747
1748Example LDAP LDIF entries might be:
1749
1750	dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
1751	objectClass: sendmailMTA
1752	objectClass: sendmailMTAAlias
1753	objectClass: sendmailMTAAliasObject
1754	sendmailMTAAliasGrouping: aliases
1755	sendmailMTAHost: etrn.sendmail.org
1756	sendmailMTAKey: sendmail-list
1757	sendmailMTAAliasValue: ca@example.org
1758	sendmailMTAAliasValue: eric
1759	sendmailMTAAliasValue: gshapiro@example.com
1760
1761	dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
1762	objectClass: sendmailMTA
1763	objectClass: sendmailMTAAlias
1764	objectClass: sendmailMTAAliasObject
1765	sendmailMTAAliasGrouping: aliases
1766	sendmailMTAHost: etrn.sendmail.org
1767	sendmailMTAKey: owner-sendmail-list
1768	sendmailMTAAliasValue: eric
1769
1770	dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
1771	objectClass: sendmailMTA
1772	objectClass: sendmailMTAAlias
1773	objectClass: sendmailMTAAliasObject
1774	sendmailMTAAliasGrouping: aliases
1775	sendmailMTACluster: Servers
1776	sendmailMTAKey: postmaster
1777	sendmailMTAAliasValue: eric
1778
1779Here, the aliases sendmail-list and owner-sendmail-list will be available
1780only on etrn.sendmail.org but the postmaster alias will be available on
1781every machine in the Servers cluster (including etrn.sendmail.org).
1782
1783CAUTION: aliases are additive so that entries like these:
1784
1785	dn: sendmailMTAKey=bob, dc=sendmail, dc=org
1786	objectClass: sendmailMTA
1787	objectClass: sendmailMTAAlias
1788	objectClass: sendmailMTAAliasObject
1789	sendmailMTAAliasGrouping: aliases
1790	sendmailMTACluster: Servers
1791	sendmailMTAKey: bob
1792	sendmailMTAAliasValue: eric
1793
1794	dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
1795	objectClass: sendmailMTA
1796	objectClass: sendmailMTAAlias
1797	objectClass: sendmailMTAAliasObject
1798	sendmailMTAAliasGrouping: aliases
1799	sendmailMTAHost: etrn.sendmail.org
1800	sendmailMTAKey: bob
1801	sendmailMTAAliasValue: gshapiro
1802
1803would mean that on all of the hosts in the cluster, mail to bob would go to
1804eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
1805gshapiro.
1806
1807If you prefer not to use the default LDAP schema for your aliases, you can
1808specify the map parameters when setting ALIAS_FILE.  For example:
1809
1810	define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
1811
1812----
1813Maps
1814----
1815
1816FEATURE()'s which take an optional map definition argument (e.g., access,
1817mailertable, virtusertable, etc.) can instead take the special keyword
1818`LDAP', e.g.:
1819
1820	FEATURE(`access_db', `LDAP')
1821	FEATURE(`virtusertable', `LDAP')
1822
1823When this keyword is given, that map will use LDAP lookups consisting of
1824the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
1825with the map name, a search attribute of sendmailMTAKey, and the value
1826attribute sendmailMTAMapValue.
1827
1828The values for sendmailMTAMapName are:
1829
1830	FEATURE()		sendmailMTAMapName
1831	---------		------------------
1832	access_db		access
1833	authinfo		authinfo
1834	bitdomain		bitdomain
1835	domaintable		domain
1836	genericstable		generics
1837	mailertable		mailer
1838	uucpdomain		uucpdomain
1839	virtusertable		virtuser
1840
1841For example, FEATURE(`mailertable', `LDAP') would use the map definition:
1842
1843	Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
1844			       (sendmailMTAMapName=mailer)
1845			       (|(sendmailMTACluster=${sendmailMTACluster})
1846				 (sendmailMTAHost=$j))
1847			       (sendmailMTAKey=%0))
1848			  -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
1849
1850An example LDAP LDIF entry using this map might be:
1851
1852	dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
1853	objectClass: sendmailMTA
1854	objectClass: sendmailMTAMap
1855	sendmailMTACluster: Servers
1856	sendmailMTAMapName: mailer
1857
1858	dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1859	objectClass: sendmailMTA
1860	objectClass: sendmailMTAMap
1861	objectClass: sendmailMTAMapObject
1862	sendmailMTAMapName: mailer
1863	sendmailMTACluster: Servers
1864	sendmailMTAKey: example.com
1865	sendmailMTAMapValue: relay:[smtp.example.com]
1866
1867CAUTION: If your LDAP database contains the record above and *ALSO* a host
1868specific record such as:
1869
1870	dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1871	objectClass: sendmailMTA
1872	objectClass: sendmailMTAMap
1873	objectClass: sendmailMTAMapObject
1874	sendmailMTAMapName: mailer
1875	sendmailMTAHost: etrn.sendmail.org
1876	sendmailMTAKey: example.com
1877	sendmailMTAMapValue: relay:[mx.example.com]
1878
1879then these entries will give unexpected results.  When the lookup is done
1880on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
1881require a single match.  Since the host etrn.sendmail.org is also in the
1882Servers cluster, LDAP would return two answers for the example.com map key
1883in which case sendmail would treat this as no match at all.
1884
1885If you prefer not to use the default LDAP schema for your maps, you can
1886specify the map parameters when using the FEATURE().  For example:
1887
1888	FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
1889
1890-------
1891Classes
1892-------
1893
1894Normally, classes can be filled via files or programs.  As of 8.12, they
1895can also be filled via map lookups using a new syntax:
1896
1897	F{ClassName}mapkey@mapclass:mapspec
1898
1899mapkey is optional and if not provided the map key will be empty.  This can
1900be used with LDAP to read classes from LDAP.  Note that the lookup is only
1901done when sendmail is initially started.  Use the special value `@LDAP' to
1902use the default LDAP schema.  For example:
1903
1904	RELAY_DOMAIN_FILE(`@LDAP')
1905
1906would put all of the attribute sendmailMTAClassValue values of LDAP records
1907with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
1908'R' into class $={R}.  In other words, it is equivalent to the LDAP map
1909specification:
1910
1911	F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
1912		       (sendmailMTAClassName=R)
1913		       (|(sendmailMTACluster=${sendmailMTACluster})
1914			 (sendmailMTAHost=$j)))
1915		  -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
1916
1917NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1918used when the binary expands the `@LDAP' token as class declarations are
1919not actually macro-expanded when read from the sendmail.cf file.
1920
1921This can be used with class related commands such as RELAY_DOMAIN_FILE(),
1922MASQUERADE_DOMAIN_FILE(), etc:
1923
1924	Command				sendmailMTAClassName
1925	-------				--------------------
1926	CANONIFY_DOMAIN_FILE()		Canonify
1927	EXPOSED_USER_FILE()		E
1928	GENERICS_DOMAIN_FILE()		G
1929	LDAPROUTE_DOMAIN_FILE()		LDAPRoute
1930	LDAPROUTE_EQUIVALENT_FILE()	LDAPRouteEquiv
1931	LOCAL_USER_FILE()		L
1932	MASQUERADE_DOMAIN_FILE()	M
1933	MASQUERADE_EXCEPTION_FILE()	N
1934	RELAY_DOMAIN_FILE()		R
1935	VIRTUSER_DOMAIN_FILE()		VirtHost
1936
1937You can also add your own as any 'F'ile class of the form:
1938
1939	F{ClassName}@LDAP
1940	  ^^^^^^^^^
1941will use "ClassName" for the sendmailMTAClassName.
1942
1943An example LDAP LDIF entry would look like:
1944
1945	dn: sendmailMTAClassName=R, dc=sendmail, dc=org
1946	objectClass: sendmailMTA
1947	objectClass: sendmailMTAClass
1948	sendmailMTACluster: Servers
1949	sendmailMTAClassName: R
1950	sendmailMTAClassValue: sendmail.org
1951	sendmailMTAClassValue: example.com
1952	sendmailMTAClassValue: 10.56.23
1953
1954CAUTION: If your LDAP database contains the record above and *ALSO* a host
1955specific record such as:
1956
1957	dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
1958	objectClass: sendmailMTA
1959	objectClass: sendmailMTAClass
1960	sendmailMTAHost: etrn.sendmail.org
1961	sendmailMTAClassName: R
1962	sendmailMTAClassValue: example.com
1963
1964the result will be similar to the aliases caution above.  When the lookup
1965is done on etrn.sendmail.org, $={R} would contain all of the entries (from
1966both the cluster match and the host match).  In other words, the effective
1967is additive.
1968
1969If you prefer not to use the default LDAP schema for your classes, you can
1970specify the map parameters when using the class command.  For example:
1971
1972	VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
1973
1974Remember, macros can not be used in a class declaration as the binary does
1975not expand them.
1976
1977
1978+--------------+
1979| LDAP ROUTING |
1980+--------------+
1981
1982FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
1983LDAP Schema for Intranet Mail Routing
1984(draft-lachman-laser-ldap-mail-routing-01).  This feature enables
1985LDAP-based rerouting of a particular address to either a different host
1986or a different address.  The LDAP lookup is first attempted on the full
1987address (e.g., user@example.com) and then on the domain portion
1988(e.g., @example.com).  Be sure to setup your domain for LDAP routing using
1989LDAPROUTE_DOMAIN(), e.g.:
1990
1991	LDAPROUTE_DOMAIN(`example.com')
1992
1993Additionally, you can specify equivalent domains for LDAP routing using
1994LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE().  'Equivalent'
1995hostnames are mapped to $M (the masqueraded hostname for the server) before
1996the LDAP query.  For example, if the mail is addressed to
1997user@host1.example.com, normally the LDAP lookup would only be done for
1998'user@host1.example.com' and '@host1.example.com'.   However, if
1999LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
2000done on 'user@example.com' and '@example.com' after attempting the
2001host1.example.com lookups.
2002
2003By default, the feature will use the schemas as specified in the draft
2004and will not reject addresses not found by the LDAP lookup.  However,
2005this behavior can be changed by giving additional arguments to the FEATURE()
2006command:
2007
2008 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
2009		 <detail>, <nodomain>, <tempfail>)
2010
2011where <mailHost> is a map definition describing how to lookup an alternative
2012mail host for a particular address; <mailRoutingAddress> is a map definition
2013describing how to lookup an alternative address for a particular address;
2014the <bounce> argument, if present and not the word "passthru", dictates
2015that mail should be bounced if neither a mailHost nor mailRoutingAddress
2016is found, if set to "sendertoo", the sender will be rejected if not
2017found in LDAP; and <detail> indicates what actions to take if the address
2018contains +detail information -- `strip' tries the lookup with the +detail
2019and if no matches are found, strips the +detail and tries the lookup again;
2020`preserve', does the same as `strip' but if a mailRoutingAddress match is
2021found, the +detail information is copied to the new address; the <nodomain>
2022argument, if present, will prevent the @domain lookup if the full
2023address is not found in LDAP; the <tempfail> argument, if set to
2024"tempfail", instructs the rules to give an SMTP 4XX temporary
2025error if the LDAP server gives the MTA a temporary failure, or if set to
2026"queue" (the default), the MTA will locally queue the mail.
2027
2028The default <mailHost> map definition is:
2029
2030	ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2031				 (mailLocalAddress=%0))
2032
2033The default <mailRoutingAddress> map definition is:
2034
2035	ldap -1 -T<TMPF> -v mailRoutingAddress
2036			 -k (&(objectClass=inetLocalMailRecipient)
2037			      (mailLocalAddress=%0))
2038
2039Note that neither includes the LDAP server hostname (-h server) or base DN
2040(-b o=org,c=COUNTRY), both necessary for LDAP queries.  It is presumed that
2041your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
2042these settings.  If this is not the case, the map definitions should be
2043changed as described above.  The "-T<TMPF>" is required in any user
2044specified map definition to catch temporary errors.
2045
2046The following possibilities exist as a result of an LDAP lookup on an
2047address:
2048
2049	mailHost is	mailRoutingAddress is	Results in
2050	-----------	---------------------	----------
2051	set to a	set			mail delivered to
2052	"local" host				mailRoutingAddress
2053
2054	set to a	not set			delivered to
2055	"local" host				original address
2056
2057	set to a	set			mailRoutingAddress
2058	remote host				relayed to mailHost
2059
2060	set to a	not set			original address
2061	remote host				relayed to mailHost
2062
2063	not set		set			mail delivered to
2064						mailRoutingAddress
2065
2066	not set		not set			delivered to
2067						original address *OR*
2068						bounced as unknown user
2069
2070The term "local" host above means the host specified is in class {w}.  If
2071the result would mean sending the mail to a different host, that host is
2072looked up in the mailertable before delivery.
2073
2074Note that the last case depends on whether the third argument is given
2075to the FEATURE() command.  The default is to deliver the message to the
2076original address.
2077
2078The LDAP entries should be set up with an objectClass of
2079inetLocalMailRecipient and the address be listed in a mailLocalAddress
2080attribute.  If present, there must be only one mailHost attribute and it
2081must contain a fully qualified host name as its value.  Similarly, if
2082present, there must be only one mailRoutingAddress attribute and it must
2083contain an RFC 822 compliant address.  Some example LDAP records (in LDIF
2084format):
2085
2086	dn: uid=tom, o=example.com, c=US
2087	objectClass: inetLocalMailRecipient
2088	mailLocalAddress: tom@example.com
2089	mailRoutingAddress: thomas@mailhost.example.com
2090
2091This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2092
2093	dn: uid=dick, o=example.com, c=US
2094	objectClass: inetLocalMailRecipient
2095	mailLocalAddress: dick@example.com
2096	mailHost: eng.example.com
2097
2098This would relay mail for dick@example.com to the same address but redirect
2099the mail to MX records listed for the host eng.example.com (unless the
2100mailertable overrides).
2101
2102	dn: uid=harry, o=example.com, c=US
2103	objectClass: inetLocalMailRecipient
2104	mailLocalAddress: harry@example.com
2105	mailHost: mktmail.example.com
2106	mailRoutingAddress: harry@mkt.example.com
2107
2108This would relay mail for harry@example.com to the MX records listed for
2109the host mktmail.example.com using the new address harry@mkt.example.com
2110when talking to that host.
2111
2112	dn: uid=virtual.example.com, o=example.com, c=US
2113	objectClass: inetLocalMailRecipient
2114	mailLocalAddress: @virtual.example.com
2115	mailHost: server.example.com
2116	mailRoutingAddress: virtual@example.com
2117
2118This would send all mail destined for any username @virtual.example.com to
2119the machine server.example.com's MX servers and deliver to the address
2120virtual@example.com on that relay machine.
2121
2122
2123+---------------------------------+
2124| ANTI-SPAM CONFIGURATION CONTROL |
2125+---------------------------------+
2126
2127The primary anti-spam features available in sendmail are:
2128
2129* Relaying is denied by default.
2130* Better checking on sender information.
2131* Access database.
2132* Header checks.
2133
2134Relaying (transmission of messages from a site outside your host (class
2135{w}) to another site except yours) is denied by default.  Note that this
2136changed in sendmail 8.9; previous versions allowed relaying by default.
2137If you really want to revert to the old behaviour, you will need to use
2138FEATURE(`promiscuous_relay').  You can allow certain domains to relay
2139through your server by adding their domain name or IP address to class
2140{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2141(described below).  Note that IPv6 addresses must be prefaced with "IPv6:".
2142The file consists (like any other file based class) of entries listed on
2143separate lines, e.g.,
2144
2145	sendmail.org
2146	128.32
2147	IPv6:2002:c0a8:02c7
2148	IPv6:2002:c0a8:51d2::23f4
2149	host.mydomain.com
2150	[UNIX:localhost]
2151
2152Notice: the last entry allows relaying for connections via a UNIX
2153socket to the MTA/MSP.  This might be necessary if your configuration
2154doesn't allow relaying by other means in that case, e.g., by having
2155localhost.$m in class {R} (make sure $m is not just a top level
2156domain).
2157
2158If you use
2159
2160	FEATURE(`relay_entire_domain')
2161
2162then any host in any of your local domains (that is, class {m})
2163will be relayed (that is, you will accept mail either to or from any
2164host in your domain).
2165
2166You can also allow relaying based on the MX records of the host
2167portion of an incoming recipient address by using
2168
2169	FEATURE(`relay_based_on_MX')
2170
2171For example, if your server receives a recipient of user@domain.com
2172and domain.com lists your server in its MX records, the mail will be
2173accepted for relay to domain.com.  This feature may cause problems
2174if MX lookups for the recipient domain are slow or time out.  In that
2175case, mail will be temporarily rejected.  It is usually better to
2176maintain a list of hosts/domains for which the server acts as relay.
2177Note also that this feature will stop spammers from using your host
2178to relay spam but it will not stop outsiders from using your server
2179as a relay for their site (that is, they set up an MX record pointing
2180to your mail server, and you will relay mail addressed to them
2181without any prior arrangement).  Along the same lines,
2182
2183	FEATURE(`relay_local_from')
2184
2185will allow relaying if the sender specifies a return path (i.e.
2186MAIL FROM:<user@domain>) domain which is a local domain.  This is a
2187dangerous feature as it will allow spammers to spam using your mail
2188server by simply specifying a return address of user@your.domain.com.
2189It should not be used unless absolutely necessary.
2190A slightly better solution is
2191
2192	FEATURE(`relay_mail_from')
2193
2194which allows relaying if the mail sender is listed as RELAY in the
2195access map.  If an optional argument `domain' (this is the literal
2196word `domain', not a placeholder) is given, the domain portion of
2197the mail sender is also checked to allowing relaying.  This option
2198only works together with the tag From: for the LHS of the access
2199map entries.  This feature allows spammers to abuse your mail server
2200by specifying a return address that you enabled in your access file.
2201This may be harder to figure out for spammers, but it should not
2202be used unless necessary.  Instead use STARTTLS to
2203allow relaying for roaming users.
2204
2205
2206If source routing is used in the recipient address (e.g.,
2207RCPT TO:<user%site.com@othersite.com>), sendmail will check
2208user@site.com for relaying if othersite.com is an allowed relay host
2209in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2210or the access database if FEATURE(`access_db') is used.  To prevent
2211the address from being stripped down, use:
2212
2213	FEATURE(`loose_relay_check')
2214
2215If you think you need to use this feature, you probably do not.  This
2216should only be used for sites which have no control over the addresses
2217that they provide a gateway for.  Use this FEATURE with caution as it
2218can allow spammers to relay through your server if not setup properly.
2219
2220NOTICE: It is possible to relay mail through a system which the anti-relay
2221rules do not prevent: the case of a system that does use FEATURE(`nouucp',
2222`nospecial') (system A) and relays local messages to a mail hub (e.g., via
2223LOCAL_RELAY or LUSER_RELAY) (system B).  If system B doesn't use
2224FEATURE(`nouucp') at all, addresses of the form
2225<example.net!user@local.host> would be relayed to <user@example.net>.
2226System A doesn't recognize `!' as an address separator and therefore
2227forwards it to the mail hub which in turns relays it because it came from
2228a trusted local host.  So if a mailserver allows UUCP (bang-format)
2229addresses, all systems from which it allows relaying should do the same
2230or reject those addresses.
2231
2232As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2233an unresolvable domain (i.e., one that DNS, your local name service,
2234or special case rules in ruleset 3 cannot locate).  This also applies
2235to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2236IP address can't be mapped to a host name.  If you want to continue
2237to accept such domains, e.g., because you are inside a firewall that
2238has only a limited view of the Internet host name space (note that you
2239will not be able to return mail to them unless you have some "smart
2240host" forwarder), use
2241
2242	FEATURE(`accept_unresolvable_domains')
2243
2244Alternatively, you can allow specific addresses by adding them to
2245the access map, e.g.,
2246
2247	From:unresolvable.domain	OK
2248	From:[1.2.3.4]			OK
2249	From:[1.2.4]			OK
2250
2251Notice: domains which are temporarily unresolvable are (temporarily)
2252rejected with a 451 reply code.  If those domains should be accepted
2253(which is discouraged) then you can use
2254
2255	LOCAL_CONFIG
2256	C{ResOk}TEMP
2257
2258sendmail will also refuse mail if the MAIL FROM: parameter is not
2259fully qualified (i.e., contains a domain as well as a user).  If you
2260want to continue to accept such senders, use
2261
2262	FEATURE(`accept_unqualified_senders')
2263
2264Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2265i.e., unqualified addresses are accepted even without this FEATURE.  If
2266this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2267to enforce fully qualified domain names.
2268
2269An ``access'' database can be created to accept or reject mail from
2270selected domains.  For example, you may choose to reject all mail
2271originating from known spammers.  To enable such a database, use
2272
2273	FEATURE(`access_db')
2274
2275Notice: the access database is applied to the envelope addresses
2276and the connection information, not to the header.
2277
2278The FEATURE macro can accept as second parameter the key file
2279definition for the database; for example
2280
2281	FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2282
2283Notice: If a second argument is specified it must contain the option
2284`-T<TMPF>' as shown above.  The optional parameters may be
2285
2286	`skip'			enables SKIP as value part (see below).
2287	`lookupdotdomain'	another way to enable the feature of the
2288				same name (see above).
2289	`relaytofulladdress'	enable entries of the form
2290				To:user@example.com	RELAY
2291				to allow relaying to just a specific
2292				e-mail address instead of an entire domain.
2293
2294Remember, since /etc/mail/access is a database, after creating the text
2295file as described below, you must use makemap to create the database
2296map.  For example:
2297
2298	makemap hash /etc/mail/access < /etc/mail/access
2299
2300The table itself uses e-mail addresses, domain names, and network
2301numbers as keys.  Note that IPv6 addresses must be prefaced with "IPv6:".
2302For example,
2303
2304	From:spammer@aol.com			REJECT
2305	From:cyberspammer.com			REJECT
2306	Connect:cyberspammer.com		REJECT
2307	Connect:TLD				REJECT
2308	Connect:192.168.212			REJECT
2309	Connect:IPv6:2002:c0a8:02c7		RELAY
2310	Connect:IPv6:2002:c0a8:51d2::23f4	REJECT
2311
2312would refuse mail from spammer@aol.com, any user from cyberspammer.com
2313(or any host within the cyberspammer.com domain), any host in the entire
2314top level domain TLD, 192.168.212.* network, and the IPv6 address
23152002:c0a8:51d2::23f4.  It would allow relay for the IPv6 network
23162002:c0a8:02c7::/48.
2317
2318Entries in the access map should be tagged according to their type.
2319Three tags are available:
2320
2321	Connect:	connection information (${client_addr}, ${client_name})
2322	From:		envelope sender
2323	To:		envelope recipient
2324
2325Notice: untagged entries are deprecated.
2326
2327If the required item is looked up in a map, it will be tried first
2328with the corresponding tag in front, then (as fallback to enable
2329backward compatibility) without any tag, unless the specific feature
2330requires a tag.  For example,
2331
2332	From:spammer@some.dom	REJECT
2333	To:friend.domain	RELAY
2334	Connect:friend.domain	OK
2335	Connect:from.domain	RELAY
2336	From:good@another.dom	OK
2337	From:another.dom	REJECT
2338
2339This would deny mails from spammer@some.dom but you could still
2340send mail to that address even if FEATURE(`blacklist_recipients')
2341is enabled.  Your system will allow relaying to friend.domain, but
2342not from it (unless enabled by other means).  Connections from that
2343domain will be allowed even if it ends up in one of the DNS based
2344rejection lists.  Relaying is enabled from from.domain but not to
2345it (since relaying is based on the connection information for
2346outgoing relaying, the tag Connect: must be used; for incoming
2347relaying, which is based on the recipient address, To: must be
2348used).  The last two entries allow mails from good@another.dom but
2349reject mail from all other addresses with another.dom as domain
2350part.
2351
2352
2353The value part of the map can contain:
2354
2355	OK		Accept mail even if other rules in the running
2356			ruleset would reject it, for example, if the domain
2357			name is unresolvable.  "Accept" does not mean
2358			"relay", but at most acceptance for local
2359			recipients.  That is, OK allows less than RELAY.
2360	RELAY		Accept mail addressed to the indicated domain
2361			(or address if `relaytofulladdress' is set) or
2362			received from the indicated domain for relaying
2363			through your SMTP server.  RELAY also serves as
2364			an implicit OK for the other checks.
2365	REJECT		Reject the sender or recipient with a general
2366			purpose message.
2367	DISCARD		Discard the message completely using the
2368			$#discard mailer.  If it is used in check_compat,
2369			it affects only the designated recipient, not
2370			the whole message as it does in all other cases.
2371			This should only be used if really necessary.
2372	SKIP		This can only be used for host/domain names
2373			and IP addresses/nets.  It will abort the current
2374			search for this entry without accepting or rejecting
2375			it but causing the default action.
2376	### any text	where ### is an RFC 821 compliant error code and
2377			"any text" is a message to return for the command.
2378			The entire string should be quoted to avoid
2379			surprises:
2380
2381				"### any text"
2382
2383			Otherwise sendmail formats the text as email
2384			addresses, e.g., it may remove spaces.
2385			This type is deprecated, use one of the two
2386			ERROR:  entries below instead.
2387	ERROR:### any text
2388			as above, but useful to mark error messages as such.
2389			If quotes need to be used to avoid modifications
2390			(see above), they should be placed like this:
2391
2392				ERROR:"### any text"
2393
2394	ERROR:D.S.N:### any text
2395			where D.S.N is an RFC 1893 compliant error code
2396			and the rest as above.  If quotes need to be used
2397			to avoid modifications, they should be placed
2398			like this:
2399
2400				ERROR:D.S.N:"### any text"
2401
2402	QUARANTINE:any text
2403			Quarantine the message using the given text as the
2404			quarantining reason.
2405
2406For example:
2407
2408	From:cyberspammer.com	ERROR:"550 We don't accept mail from spammers"
2409	From:okay.cyberspammer.com	OK
2410	Connect:sendmail.org		RELAY
2411	To:sendmail.org			RELAY
2412	Connect:128.32			RELAY
2413	Connect:128.32.2		SKIP
2414	Connect:IPv6:1:2:3:4:5:6:7	RELAY
2415	Connect:suspicious.example.com	QUARANTINE:Mail from suspicious host
2416	Connect:[127.0.0.3]		OK
2417	Connect:[IPv6:1:2:3:4:5:6:7:8]	OK
2418
2419would accept mail from okay.cyberspammer.com, but would reject mail
2420from all other hosts at cyberspammer.com with the indicated message.
2421It would allow relaying mail from and to any hosts in the sendmail.org
2422domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2423and from the 128.32.*.* network except for the 128.32.2.* network,
2424which shows how SKIP is useful to exempt subnets/subdomains.  The
2425last two entries are for checks against ${client_name} if the IP
2426address doesn't resolve to a hostname (or is considered as "may be
2427forged").  That is, using square brackets means these are host
2428names, not network numbers.
2429
2430Warning: if you change the RFC 821 compliant error code from the default
2431value of 550, then you should probably also change the RFC 1893 compliant
2432error code to match it.  For example, if you use
2433
2434	To:user@example.com	ERROR:450 mailbox full
2435
2436the error returned would be "450 5.0.0 mailbox full" which is wrong.
2437Use "ERROR:4.2.2:450 mailbox full" instead.
2438
2439Note, UUCP users may need to add hostname.UUCP to the access database
2440or class {R}.
2441
2442If you also use:
2443
2444	FEATURE(`relay_hosts_only')
2445
2446then the above example will allow relaying for sendmail.org, but not
2447hosts within the sendmail.org domain.  Note that this will also require
2448hosts listed in class {R} to be fully qualified host names.
2449
2450You can also use the access database to block sender addresses based on
2451the username portion of the address.  For example:
2452
2453	From:FREE.STEALTH.MAILER@	ERROR:550 Spam not accepted
2454
2455Note that you must include the @ after the username to signify that
2456this database entry is for checking only the username portion of the
2457sender address.
2458
2459If you use:
2460
2461	FEATURE(`blacklist_recipients')
2462
2463then you can add entries to the map for local users, hosts in your
2464domains, or addresses in your domain which should not receive mail:
2465
2466	To:badlocaluser@	ERROR:550 Mailbox disabled for badlocaluser
2467	To:host.my.TLD		ERROR:550 That host does not accept mail
2468	To:user@other.my.TLD	ERROR:550 Mailbox disabled for this recipient
2469
2470This would prevent a recipient of badlocaluser in any of the local
2471domains (class {w}), any user at host.my.TLD, and the single address
2472user@other.my.TLD from receiving mail.  Please note: a local username
2473must be now tagged with an @ (this is consistent with the check of
2474the sender address, and hence it is possible to distinguish between
2475hostnames and usernames).  Enabling this feature will keep you from
2476sending mails to all addresses that have an error message or REJECT
2477as value part in the access map.  Taking the example from above:
2478
2479	spammer@aol.com		REJECT
2480	cyberspammer.com	REJECT
2481
2482Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2483That's why tagged entries should be used.
2484
2485There are several DNS based blacklists which can be found by
2486querying a search engine.  These are databases of spammers
2487maintained in DNS.  To use such a database, specify
2488
2489	FEATURE(`dnsbl', `dnsbl.example.com')
2490
2491This will cause sendmail to reject mail from any site listed in the
2492DNS based blacklist.  You must select a DNS based blacklist domain
2493to check by specifying an argument to the FEATURE.  The default
2494error message is
2495
2496	Rejected: IP-ADDRESS listed at SERVER
2497
2498where IP-ADDRESS and SERVER are replaced by the appropriate
2499information.  A second argument can be used to specify a different
2500text or action.  For example,
2501
2502	FEATURE(`dnsbl', `dnsbl.example.com', `quarantine')
2503
2504would quarantine the message if the client IP address is listed
2505at `dnsbl.example.com'.
2506
2507By default, temporary lookup failures are ignored
2508and hence cause the connection not to be rejected by the DNS based
2509rejection list.  This behavior can be changed by specifying a third
2510argument, which must be either `t' or a full error message.  For
2511example:
2512
2513	FEATURE(`dnsbl', `dnsbl.example.com', `',
2514	`"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2515
2516If `t' is used, the error message is:
2517
2518	451 Temporary lookup failure of IP-ADDRESS at SERVER
2519
2520where IP-ADDRESS and SERVER are replaced by the appropriate
2521information.
2522
2523This FEATURE can be included several times to query different
2524DNS based rejection lists.
2525
2526Notice: to avoid checking your own local domains against those
2527blacklists, use the access_db feature and add:
2528
2529	Connect:10.1		OK
2530	Connect:127.0.0.1	RELAY
2531
2532to the access map, where 10.1 is your local network.  You may
2533want to use "RELAY" instead of "OK" to allow also relaying
2534instead of just disabling the DNS lookups in the blacklists.
2535
2536
2537The features described above make use of the check_relay, check_mail,
2538and check_rcpt rulesets.  Note that check_relay checks the SMTP
2539client hostname and IP address when the connection is made to your
2540server.  It does not check if a mail message is being relayed to
2541another server.  That check is done in check_rcpt.  If you wish to
2542include your own checks, you can put your checks in the rulesets
2543Local_check_relay, Local_check_mail, and Local_check_rcpt.  For
2544example if you wanted to block senders with all numeric usernames
2545(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2546regex map:
2547
2548	LOCAL_CONFIG
2549	Kallnumbers regex -a@MATCH ^[0-9]+$
2550
2551	LOCAL_RULESETS
2552	SLocal_check_mail
2553	# check address against various regex checks
2554	R$*				$: $>Parse0 $>3 $1
2555	R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $)
2556	R@MATCH				$#error $: 553 Header Error
2557
2558These rules are called with the original arguments of the corresponding
2559check_* ruleset.  If the local ruleset returns $#OK, no further checking
2560is done by the features described above and the mail is accepted.  If
2561the local ruleset resolves to a mailer (such as $#error or $#discard),
2562the appropriate action is taken.  Other results starting with $# are
2563interpreted by sendmail and may lead to unspecified behavior.  Note: do
2564NOT create a mailer with the name OK.  Return values that do not start
2565with $# are ignored, i.e., normal processing continues.
2566
2567Delay all checks
2568----------------
2569
2570By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2571will not be called when a client connects or issues a MAIL command,
2572respectively.  Instead, those rulesets will be called by the check_rcpt
2573ruleset; they will be skipped if a sender has been authenticated using
2574a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2575If check_mail returns an error then the RCPT TO command will be rejected
2576with that error.  If it returns some other result starting with $# then
2577check_relay will be skipped.  If the sender address (or a part of it) is
2578listed in the access map and it has a RHS of OK or RELAY, then check_relay
2579will be skipped.  This has an interesting side effect: if your domain is
2580my.domain and you have
2581
2582	my.domain	RELAY
2583
2584in the access map, then any e-mail with a sender address of
2585<user@my.domain> will not be rejected by check_relay even though
2586it would match the hostname or IP address.  This allows spammers
2587to get around DNS based blacklist by faking the sender address.  To
2588avoid this problem you have to use tagged entries:
2589
2590	To:my.domain		RELAY
2591	Connect:my.domain	RELAY
2592
2593if you need those entries at all (class {R} may take care of them).
2594
2595FEATURE(`delay_checks') can take an optional argument:
2596
2597	FEATURE(`delay_checks', `friend')
2598		 enables spamfriend test
2599	FEATURE(`delay_checks', `hater')
2600		 enables spamhater test
2601
2602If such an argument is given, the recipient will be looked up in the
2603access map (using the tag Spam:).  If the argument is `friend', then
2604the default behavior is to apply the other rulesets and make a SPAM
2605friend the exception.  The rulesets check_mail and check_relay will be
2606skipped only if the recipient address is found and has RHS FRIEND.  If
2607the argument is `hater', then the default behavior is to skip the rulesets
2608check_mail and check_relay and make a SPAM hater the exception.  The
2609other two rulesets will be applied only if the recipient address is
2610found and has RHS HATER.
2611
2612This allows for simple exceptions from the tests, e.g., by activating
2613the friend option and having
2614
2615	Spam:abuse@	FRIEND
2616
2617in the access map, mail to abuse@localdomain will get through (where
2618"localdomain" is any domain in class {w}).  It is also possible to
2619specify a full address or an address with +detail:
2620
2621	Spam:abuse@my.domain	FRIEND
2622	Spam:me+abuse@		FRIEND
2623	Spam:spam.domain	FRIEND
2624
2625Note: The required tag has been changed in 8.12 from To: to Spam:.
2626This change is incompatible to previous versions.  However, you can
2627(for now) simply add the new entries to the access map, the old
2628ones will be ignored.  As soon as you removed the old entries from
2629the access map, specify a third parameter (`n') to this feature and
2630the backward compatibility rules will not be in the generated .cf
2631file.
2632
2633Header Checks
2634-------------
2635
2636You can also reject mail on the basis of the contents of headers.
2637This is done by adding a ruleset call to the 'H' header definition command
2638in sendmail.cf.  For example, this can be used to check the validity of
2639a Message-ID: header:
2640
2641	LOCAL_CONFIG
2642	HMessage-Id: $>CheckMessageId
2643
2644	LOCAL_RULESETS
2645	SCheckMessageId
2646	R< $+ @ $+ >		$@ OK
2647	R$*			$#error $: 553 Header Error
2648
2649The alternative format:
2650
2651	HSubject: $>+CheckSubject
2652
2653that is, $>+ instead of $>, gives the full Subject: header including
2654comments to the ruleset (comments in parentheses () are stripped
2655by default).
2656
2657A default ruleset for headers which don't have a specific ruleset
2658defined for them can be given by:
2659
2660	H*: $>CheckHdr
2661
2662Notice:
26631. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2664That may cause problems with simple header checks due to the
2665tokenization.  It might be simpler to use a regex map and apply it
2666to $&{currHeader}.
26672. There are no default rulesets coming with this distribution of
2668sendmail.  You can write your own or search the WWW for examples.
26693. When using a default ruleset for headers, the name of the header
2670currently being checked can be found in the $&{hdr_name} macro.
2671
2672After all of the headers are read, the check_eoh ruleset will be called for
2673any final header-related checks.  The ruleset is called with the number of
2674headers and the size of all of the headers in bytes separated by $|.  One
2675example usage is to reject messages which do not have a Message-Id:
2676header.  However, the Message-Id: header is *NOT* a required header and is
2677not a guaranteed spam indicator.  This ruleset is an example and should
2678probably not be used in production.
2679
2680	LOCAL_CONFIG
2681	Kstorage macro
2682	HMessage-Id: $>CheckMessageId
2683
2684	LOCAL_RULESETS
2685	SCheckMessageId
2686	# Record the presence of the header
2687	R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
2688	R< $+ @ $+ >		$@ OK
2689	R$*			$#error $: 553 Header Error
2690
2691	Scheck_eoh
2692	# Check the macro
2693	R$*			$: < $&{MessageIdCheck} >
2694	# Clear the macro for the next message
2695	R$*			$: $(storage {MessageIdCheck} $) $1
2696	# Has a Message-Id: header
2697	R< $+ >			$@ OK
2698	# Allow missing Message-Id: from local mail
2699	R$*			$: < $&{client_name} >
2700	R< >			$@ OK
2701	R< $=w >		$@ OK
2702	# Otherwise, reject the mail
2703	R$*			$#error $: 553 Header Error
2704
2705
2706+--------------------+
2707| CONNECTION CONTROL |
2708+--------------------+
2709
2710The features ratecontrol and conncontrol allow to establish connection
2711limits per client IP address or net.  These features can limit the
2712rate of connections (connections per time unit) or the number of
2713incoming SMTP connections, respectively.  If enabled, appropriate
2714rulesets are called at the end of check_relay, i.e., after DNS
2715blacklists and generic access_db operations.  The features require
2716FEATURE(`access_db') to be listed earlier in the mc file.
2717
2718Note: FEATURE(`delay_checks') delays those connection control checks
2719after a recipient address has been received, hence making these
2720connection control features less useful.  To run the checks as early
2721as possible, specify the parameter `nodelay', e.g.,
2722
2723	FEATURE(`ratecontrol', `nodelay')
2724
2725In that case, FEATURE(`delay_checks') has no effect on connection
2726control (and it must be specified earlier in the mc file).
2727
2728An optional second argument `terminate' specifies whether the
2729rulesets should return the error code 421 which will cause
2730sendmail to terminate the session with that error if it is
2731returned from check_relay, i.e., not delayed as explained in
2732the previous paragraph.  Example:
2733
2734	FEATURE(`ratecontrol', `nodelay', `terminate')
2735
2736
2737+----------+
2738| STARTTLS |
2739+----------+
2740
2741In this text, cert will be used as an abbreviation for X.509 certificate,
2742DN (CN) is the distinguished (common) name of a cert, and CA is a
2743certification authority, which signs (issues) certs.
2744
2745For STARTTLS to be offered by sendmail you need to set at least
2746these variables (the file names and paths are just examples):
2747
2748	define(`confCACERT_PATH', `/etc/mail/certs/')
2749	define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
2750	define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
2751	define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
2752
2753On systems which do not have the compile flag HASURANDOM set (see
2754sendmail/README) you also must set confRAND_FILE.
2755
2756See doc/op/op.{me,ps,txt} for more information about these options,
2757especially the sections ``Certificates for STARTTLS'' and ``PRNG for
2758STARTTLS''.
2759
2760Macros related to STARTTLS are:
2761
2762${cert_issuer} holds the DN of the CA (the cert issuer).
2763${cert_subject} holds the DN of the cert (called the cert subject).
2764${cn_issuer} holds the CN of the CA (the cert issuer).
2765${cn_subject} holds the CN of the cert (called the cert subject).
2766${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
2767	TLSv1/SSLv3, SSLv3, SSLv2.
2768${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
2769	EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
2770${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
2771	used for the connection.
2772${verify} holds the result of the verification of the presented cert.
2773	Possible values are:
2774	OK	 verification succeeded.
2775	NO	 no cert presented.
2776	NOT	 no cert requested.
2777	FAIL	 cert presented but could not be verified,
2778		 e.g., the cert of the signing CA is missing.
2779	NONE	 STARTTLS has not been performed.
2780	TEMP	 temporary error occurred.
2781	PROTOCOL protocol error occurred (SMTP level).
2782	SOFTWARE STARTTLS handshake failed.
2783${server_name} the name of the server of the current outgoing SMTP
2784	connection.
2785${server_addr} the address of the server of the current outgoing SMTP
2786	connection.
2787
2788Relaying
2789--------
2790
2791SMTP STARTTLS can allow relaying for remote SMTP clients which have
2792successfully authenticated themselves.  If the verification of the cert
2793failed (${verify} != OK), relaying is subject to the usual rules.
2794Otherwise the DN of the issuer is looked up in the access map using the
2795tag CERTISSUER.  If the resulting value is RELAY, relaying is allowed.
2796If it is SUBJECT, the DN of the cert subject is looked up next in the
2797access map using the tag CERTSUBJECT.  If the value is RELAY, relaying
2798is allowed.
2799
2800To make things a bit more flexible (or complicated), the values for
2801${cert_issuer} and ${cert_subject} can be optionally modified by regular
2802expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
2803_CERT_REGEX_SUBJECT_, respectively.  To avoid problems with those macros in
2804rulesets and map lookups, they are modified as follows: each non-printable
2805character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
2806by their HEX value with a leading '+'.  For example:
2807
2808/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
2809darth+cert@endmail.org
2810
2811is encoded as:
2812
2813/C=US/ST=California/O=endmail.org/OU=private/CN=
2814Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2815
2816(line breaks have been inserted for readability).
2817
2818The  macros  which are subject to this encoding are ${cert_subject},
2819${cert_issuer},  ${cn_subject},  and ${cn_issuer}.
2820
2821Examples:
2822
2823To allow relaying for everyone who can present a cert signed by
2824
2825/C=US/ST=California/O=endmail.org/OU=private/CN=
2826Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2827
2828simply use:
2829
2830CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2831Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	RELAY
2832
2833To allow relaying only for a subset of machines that have a cert signed by
2834
2835/C=US/ST=California/O=endmail.org/OU=private/CN=
2836Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2837
2838use:
2839
2840CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2841Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	SUBJECT
2842CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
2843DeathStar/Email=deathstar@endmail.org		RELAY
2844
2845Notes:
2846- line breaks have been inserted after "CN=" for readability,
2847  each tagged entry must be one (long) line in the access map.
2848- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
2849  is replaced by "emailAddress=".
2850
2851Of course it is also possible to write a simple ruleset that allows
2852relaying for everyone who can present a cert that can be verified, e.g.,
2853
2854LOCAL_RULESETS
2855SLocal_check_rcpt
2856R$*	$: $&{verify}
2857ROK	$# OK
2858
2859Allowing Connections
2860--------------------
2861
2862The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
2863an SMTP connection is accepted (or should continue).
2864
2865tls_server is called when sendmail acts as client after a STARTTLS command
2866(should) have been issued.  The parameter is the value of ${verify}.
2867
2868tls_client is called when sendmail acts as server, after a STARTTLS command
2869has been issued, and from check_mail.  The parameter is the value of
2870${verify} and STARTTLS or MAIL, respectively.
2871
2872Both rulesets behave the same.  If no access map is in use, the connection
2873will be accepted unless ${verify} is SOFTWARE, in which case the connection
2874is always aborted.  For tls_server/tls_client, ${client_name}/${server_name}
2875is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
2876with the ruleset LookUpDomain.  If no entry is found, ${client_addr}
2877(${server_addr}) is looked up in the access map (same tag, ruleset
2878LookUpAddr).  If this doesn't result in an entry either, just the tag is
2879looked up in the access map (included the trailing colon).  Notice:
2880requiring that e-mail is sent to a server only encrypted, e.g., via
2881
2882TLS_Srv:secure.domain	ENCR:112
2883
2884doesn't necessarily mean that e-mail sent to that domain is encrypted.
2885If the domain has multiple MX servers, e.g.,
2886
2887secure.domain.	IN MX 10	mail.secure.domain.
2888secure.domain.	IN MX 50	mail.other.domain.
2889
2890then mail to user@secure.domain may go unencrypted to mail.other.domain.
2891tls_rcpt can be used to address this problem.
2892
2893tls_rcpt is called before a RCPT TO: command is sent.  The parameter is the
2894current recipient.  This ruleset is only defined if FEATURE(`access_db')
2895is selected.  A recipient address user@domain is looked up in the access
2896map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
2897and TLS_Rcpt:; the first match is taken.
2898
2899The result of the lookups is then used to call the ruleset TLS_connection,
2900which checks the requirement specified by the RHS in the access map against
2901the actual parameters of the current TLS connection, esp. ${verify} and
2902${cipher_bits}.  Legal RHSs in the access map are:
2903
2904VERIFY		verification must have succeeded
2905VERIFY:bits	verification must have succeeded and ${cipher_bits} must
2906		be greater than or equal bits.
2907ENCR:bits	${cipher_bits} must be greater than or equal bits.
2908
2909The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
2910or permanent error.  The default is a temporary error code (403 4.7.0)
2911unless the macro TLS_PERM_ERR is set during generation of the .cf file.
2912
2913If a certain level of encryption is required, then it might also be
2914possible that this level is provided by the security layer from a SASL
2915algorithm, e.g., DIGEST-MD5.
2916
2917Furthermore, there can be a list of extensions added.  Such a list
2918starts with '+' and the items are separated by '++'.  Allowed
2919extensions are:
2920
2921CN:name		name must match ${cn_subject}
2922CN		${server_name} must match ${cn_subject}
2923CS:name		name must match ${cert_subject}
2924CI:name		name must match ${cert_issuer}
2925
2926Example: e-mail sent to secure.example.com should only use an encrypted
2927connection.  E-mail received from hosts within the laptop.example.com domain
2928should only be accepted if they have been authenticated.  The host which
2929receives e-mail for darth@endmail.org must present a cert that uses the
2930CN smtp.endmail.org.
2931
2932TLS_Srv:secure.example.com      ENCR:112
2933TLS_Clt:laptop.example.com      PERM+VERIFY:112
2934TLS_Rcpt:darth@endmail.org	ENCR:112+CN:smtp.endmail.org
2935
2936
2937Disabling STARTTLS And Setting SMTP Server Features
2938---------------------------------------------------
2939
2940By default STARTTLS is used whenever possible.  However, there are
2941some broken MTAs that don't properly implement STARTTLS.  To be able
2942to send to (or receive from) those MTAs, the ruleset try_tls
2943(srv_features) can be used that work together with the access map.
2944Entries for the access map must be tagged with Try_TLS (Srv_Features)
2945and refer to the hostname or IP address of the connecting system.
2946A default case can be specified by using just the tag.  For example,
2947the following entries in the access map:
2948
2949	Try_TLS:broken.server	NO
2950	Srv_Features:my.domain	v
2951	Srv_Features:		V
2952
2953will turn off STARTTLS when sending to broken.server (or any host
2954in that domain), and request a client certificate during the TLS
2955handshake only for hosts in my.domain.  The valid entries on the RHS
2956for Srv_Features are listed in the Sendmail Installation and
2957Operations Guide.
2958
2959
2960Received: Header
2961----------------
2962
2963The Received: header reveals whether STARTTLS has been used.  It contains an
2964extra line:
2965
2966(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
2967
2968
2969+--------------------------------+
2970| ADDING NEW MAILERS OR RULESETS |
2971+--------------------------------+
2972
2973Sometimes you may need to add entirely new mailers or rulesets.  They
2974should be introduced with the constructs MAILER_DEFINITIONS and
2975LOCAL_RULESETS respectively.  For example:
2976
2977	MAILER_DEFINITIONS
2978	Mmymailer, ...
2979	...
2980
2981	LOCAL_RULESETS
2982	Smyruleset
2983	...
2984
2985Local additions for the rulesets srv_features, try_tls, tls_rcpt,
2986tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
2987LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
2988respectively.  For example, to add a local ruleset that decides
2989whether to try STARTTLS in a sendmail client, use:
2990
2991	LOCAL_TRY_TLS
2992	R...
2993
2994Note: you don't need to add a name for the ruleset, it is implicitly
2995defined by using the appropriate macro.
2996
2997
2998+-------------------------+
2999| ADDING NEW MAIL FILTERS |
3000+-------------------------+
3001
3002Sendmail supports mail filters to filter incoming SMTP messages according
3003to the "Sendmail Mail Filter API" documentation.  These filters can be
3004configured in your mc file using the two commands:
3005
3006	MAIL_FILTER(`name', `equates')
3007	INPUT_MAIL_FILTER(`name', `equates')
3008
3009The first command, MAIL_FILTER(), simply defines a filter with the given
3010name and equates.  For example:
3011
3012	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3013
3014This creates the equivalent sendmail.cf entry:
3015
3016	Xarchive, S=local:/var/run/archivesock, F=R
3017
3018The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
3019but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
3020of the filter such that the filter will actually be called by sendmail.
3021
3022For example, the two commands:
3023
3024	INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3025	INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3026
3027are equivalent to the three commands:
3028
3029	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3030	MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3031	define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
3032
3033In general, INPUT_MAIL_FILTER() should be used unless you need to define
3034more filters than you want to use for `confINPUT_MAIL_FILTERS'.
3035
3036Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
3037commands will clear the list created by the prior INPUT_MAIL_FILTER()
3038commands.
3039
3040
3041+-------------------------+
3042| QUEUE GROUP DEFINITIONS |
3043+-------------------------+
3044
3045In addition to the queue directory (which is the default queue group
3046called "mqueue"), sendmail can deal with multiple queue groups, which
3047are collections of queue directories with the same behaviour.  Queue
3048groups can be defined using the command:
3049
3050	QUEUE_GROUP(`name', `equates')
3051
3052For details about queue groups, please see doc/op/op.{me,ps,txt}.
3053
3054+-------------------------------+
3055| NON-SMTP BASED CONFIGURATIONS |
3056+-------------------------------+
3057
3058These configuration files are designed primarily for use by
3059SMTP-based sites.  They may not be well tuned for UUCP-only or
3060UUCP-primarily nodes (the latter is defined as a small local net
3061connected to the rest of the world via UUCP).  However, there is
3062one hook to handle some special cases.
3063
3064You can define a ``smart host'' that understands a richer address syntax
3065using:
3066
3067	define(`SMART_HOST', `mailer:hostname')
3068
3069In this case, the ``mailer:'' defaults to "relay".  Any messages that
3070can't be handled using the usual UUCP rules are passed to this host.
3071
3072If you are on a local SMTP-based net that connects to the outside
3073world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
3074For example:
3075
3076	define(`SMART_HOST', `uucp-new:uunet')
3077	LOCAL_NET_CONFIG
3078	R$* < @ $* .$m. > $*	$#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
3079
3080This will cause all names that end in your domain name ($m) to be sent
3081via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3082If you have FEATURE(`nocanonify'), you may need to omit the dots after
3083the $m.  If you are running a local DNS inside your domain which is
3084not otherwise connected to the outside world, you probably want to
3085use:
3086
3087	define(`SMART_HOST', `smtp:fire.wall.com')
3088	LOCAL_NET_CONFIG
3089	R$* < @ $* . > $*	$#smtp $@ $2. $: $1 < @ $2. > $3
3090
3091That is, send directly only to things you found in your DNS lookup;
3092anything else goes through SMART_HOST.
3093
3094You may need to turn off the anti-spam rules in order to accept
3095UUCP mail with FEATURE(`promiscuous_relay') and
3096FEATURE(`accept_unresolvable_domains').
3097
3098
3099+-----------+
3100| WHO AM I? |
3101+-----------+
3102
3103Normally, the $j macro is automatically defined to be your fully
3104qualified domain name (FQDN).  Sendmail does this by getting your
3105host name using gethostname and then calling gethostbyname on the
3106result.  For example, in some environments gethostname returns
3107only the root of the host name (such as "foo"); gethostbyname is
3108supposed to return the FQDN ("foo.bar.com").  In some (fairly rare)
3109cases, gethostbyname may fail to return the FQDN.  In this case
3110you MUST define confDOMAIN_NAME to be your fully qualified domain
3111name.  This is usually done using:
3112
3113	Dmbar.com
3114	define(`confDOMAIN_NAME', `$w.$m')dnl
3115
3116
3117+-----------------------------------+
3118| ACCEPTING MAIL FOR MULTIPLE NAMES |
3119+-----------------------------------+
3120
3121If your host is known by several different names, you need to augment
3122class {w}.  This is a list of names by which your host is known, and
3123anything sent to an address using a host name in this list will be
3124treated as local mail.  You can do this in two ways:  either create the
3125file /etc/mail/local-host-names containing a list of your aliases (one per
3126line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3127``LOCAL_DOMAIN(`alias.host.name')''.  Be sure you use the fully-qualified
3128name of the host, rather than a short name.
3129
3130If you want to have different address in different domains, take
3131a look at the virtusertable feature, which is also explained at
3132http://www.sendmail.org/virtual-hosting.html
3133
3134
3135+--------------------+
3136| USING MAILERTABLES |
3137+--------------------+
3138
3139To use FEATURE(`mailertable'), you will have to create an external
3140database containing the routing information for various domains.
3141For example, a mailertable file in text format might be:
3142
3143	.my.domain		xnet:%1.my.domain
3144	uuhost1.my.domain	uucp-new:uuhost1
3145	.bitnet			smtp:relay.bit.net
3146
3147This should normally be stored in /etc/mail/mailertable.  The actual
3148database version of the mailertable is built using:
3149
3150	makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3151
3152The semantics are simple.  Any LHS entry that does not begin with
3153a dot matches the full host name indicated.  LHS entries beginning
3154with a dot match anything ending with that domain name (including
3155the leading dot) -- that is, they can be thought of as having a
3156leading ".+" regular expression pattern for a non-empty sequence of
3157characters.  Matching is done in order of most-to-least qualified
3158-- for example, even though ".my.domain" is listed first in the
3159above example, an entry of "uuhost1.my.domain" will match the second
3160entry since it is more explicit.  Note: e-mail to "user@my.domain"
3161does not match any entry in the above table.  You need to have
3162something like:
3163
3164	my.domain		esmtp:host.my.domain
3165
3166The RHS should always be a "mailer:host" pair.  The mailer is the
3167configuration name of a mailer (that is, an M line in the
3168sendmail.cf file).  The "host" will be the hostname passed to
3169that mailer.  In domain-based matches (that is, those with leading
3170dots) the "%1" may be used to interpolate the wildcarded part of
3171the host name.  For example, the first line above sends everything
3172addressed to "anything.my.domain" to that same host name, but using
3173the (presumably experimental) xnet mailer.
3174
3175In some cases you may want to temporarily turn off MX records,
3176particularly on gateways.  For example, you may want to MX
3177everything in a domain to one machine that then forwards it
3178directly.  To do this, you might use the DNS configuration:
3179
3180	*.domain.	IN	MX	0	relay.machine
3181
3182and on relay.machine use the mailertable:
3183
3184	.domain		smtp:[gateway.domain]
3185
3186The [square brackets] turn off MX records for this host only.
3187If you didn't do this, the mailertable would use the MX record
3188again, which would give you an MX loop.  Note that the use of
3189wildcard MX records is almost always a bad idea.  Please avoid
3190using them if possible.
3191
3192
3193+--------------------------------+
3194| USING USERDB TO MAP FULL NAMES |
3195+--------------------------------+
3196
3197The user database was not originally intended for mapping full names
3198to login names (e.g., Eric.Allman => eric), but some people are using
3199it that way.  (it is recommended that you set up aliases for this
3200purpose instead -- since you can specify multiple alias files, this
3201is fairly easy.)  The intent was to locate the default maildrop at
3202a site, but allow you to override this by sending to a specific host.
3203
3204If you decide to set up the user database in this fashion, it is
3205imperative that you not use FEATURE(`stickyhost') -- otherwise,
3206e-mail sent to Full.Name@local.host.name will be rejected.
3207
3208To build the internal form of the user database, use:
3209
3210	makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3211
3212As a general rule, it is an extremely bad idea to using full names
3213as e-mail addresses, since they are not in any sense unique.  For
3214example, the UNIX software-development community has at least two
3215well-known Peter Deutsches, and at one time Bell Labs had two
3216Stephen R. Bournes with offices along the same hallway.  Which one
3217will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3218The less famous of the two, or the one that was hired later?
3219
3220Finger should handle full names (and be fuzzy).  Mail should use
3221handles, and not be fuzzy.
3222
3223
3224+--------------------------------+
3225| MISCELLANEOUS SPECIAL FEATURES |
3226+--------------------------------+
3227
3228Plussed users
3229	Sometimes it is convenient to merge configuration on a
3230	centralized mail machine, for example, to forward all
3231	root mail to a mail server.  In this case it might be
3232	useful to be able to treat the root addresses as a class
3233	of addresses with subtle differences.  You can do this
3234	using plussed users.  For example, a client might include
3235	the alias:
3236
3237		root:  root+client1@server
3238
3239	On the server, this will match an alias for "root+client1".
3240	If that is not found, the alias "root+*" will be tried,
3241	then "root".
3242
3243
3244+----------------+
3245| SECURITY NOTES |
3246+----------------+
3247
3248A lot of sendmail security comes down to you.  Sendmail 8 is much
3249more careful about checking for security problems than previous
3250versions, but there are some things that you still need to watch
3251for.  In particular:
3252
3253* Make sure the aliases file is not writable except by trusted
3254  system personnel.  This includes both the text and database
3255  version.
3256
3257* Make sure that other files that sendmail reads, such as the
3258  mailertable, are only writable by trusted system personnel.
3259
3260* The queue directory should not be world writable PARTICULARLY
3261  if your system allows "file giveaways" (that is, if a non-root
3262  user can chown any file they own to any other user).
3263
3264* If your system allows file giveaways, DO NOT create a publically
3265  writable directory for forward files.  This will allow anyone
3266  to steal anyone else's e-mail.  Instead, create a script that
3267  copies the .forward file from users' home directories once a
3268  night (if you want the non-NFS-mounted forward directory).
3269
3270* If your system allows file giveaways, you'll find that
3271  sendmail is much less trusting of :include: files -- in
3272  particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3273  /etc/shells before they will be trusted (that is, before
3274  files and programs listed in them will be honored).
3275
3276In general, file giveaways are a mistake -- if you can turn them
3277off, do so.
3278
3279
3280+--------------------------------+
3281| TWEAKING CONFIGURATION OPTIONS |
3282+--------------------------------+
3283
3284There are a large number of configuration options that don't normally
3285need to be changed.  However, if you feel you need to tweak them,
3286you can define the following M4 variables. Note that some of these
3287variables require formats that are defined in RFC 2821 or RFC 2822.
3288Before changing them you need to make sure you do not violate those
3289(and other relevant) RFCs.
3290
3291This list is shown in four columns:  the name you define, the default
3292value for that definition, the option or macro that is affected
3293(either Ox for an option or Dx for a macro), and a brief description.
3294
3295Some options are likely to be deprecated in future versions -- that is,
3296the option is only included to provide back-compatibility.  These are
3297marked with "*".
3298
3299Remember that these options are M4 variables, and hence may need to
3300be quoted.  In particular, arguments with commas will usually have to
3301be ``double quoted, like this phrase'' to avoid having the comma
3302confuse things.  This is common for alias file definitions and for
3303the read timeout.
3304
3305M4 Variable Name	Configuration	[Default] & Description
3306================	=============	=======================
3307confMAILER_NAME		$n macro	[MAILER-DAEMON] The sender name used
3308					for internally generated outgoing
3309					messages.
3310confDOMAIN_NAME		$j macro	If defined, sets $j.  This should
3311					only be done if your system cannot
3312					determine your local domain name,
3313					and then it should be set to
3314					$w.Foo.COM, where Foo.COM is your
3315					domain name.
3316confCF_VERSION		$Z macro	If defined, this is appended to the
3317					configuration version name.
3318confLDAP_CLUSTER	${sendmailMTACluster} macro
3319					If defined, this is the LDAP
3320					cluster to use for LDAP searches
3321					as described above in ``USING LDAP
3322					FOR ALIASES, MAPS, AND CLASSES''.
3323confFROM_HEADER		From:		[$?x$x <$g>$|$g$.] The format of an
3324					internally generated From: address.
3325confRECEIVED_HEADER	Received:
3326		[$?sfrom $s $.$?_($?s$|from $.$_)
3327			$.$?{auth_type}(authenticated)
3328			$.by $j ($v/$Z)$?r with $r$. id $i$?u
3329			for $u; $|;
3330			$.$b]
3331					The format of the Received: header
3332					in messages passed through this host.
3333					It is unwise to try to change this.
3334confMESSAGEID_HEADER	Message-Id:	[<$t.$i@$j>] The format of an
3335					internally generated Message-Id:
3336					header.
3337confCW_FILE		Fw class	[/etc/mail/local-host-names] Name
3338					of file used to get the local
3339					additions to class {w} (local host
3340					names).
3341confCT_FILE		Ft class	[/etc/mail/trusted-users] Name of
3342					file used to get the local additions
3343					to class {t} (trusted users).
3344confCR_FILE		FR class	[/etc/mail/relay-domains] Name of
3345					file used to get the local additions
3346					to class {R} (hosts allowed to relay).
3347confTRUSTED_USERS	Ct class	[no default] Names of users to add to
3348					the list of trusted users.  This list
3349					always includes root, uucp, and daemon.
3350					See also FEATURE(`use_ct_file').
3351confTRUSTED_USER	TrustedUser	[no default] Trusted user for file
3352					ownership and starting the daemon.
3353					Not to be confused with
3354					confTRUSTED_USERS (see above).
3355confSMTP_MAILER		-		[esmtp] The mailer name used when
3356					SMTP connectivity is required.
3357					One of "smtp", "smtp8",
3358					"esmtp", or "dsmtp".
3359confUUCP_MAILER		-		[uucp-old] The mailer to be used by
3360					default for bang-format recipient
3361					addresses.  See also discussion of
3362					class {U}, class {Y}, and class {Z}
3363					in the MAILER(`uucp') section.
3364confLOCAL_MAILER	-		[local] The mailer name used when
3365					local connectivity is required.
3366					Almost always "local".
3367confRELAY_MAILER	-		[relay] The default mailer name used
3368					for relaying any mail (e.g., to a
3369					BITNET_RELAY, a SMART_HOST, or
3370					whatever).  This can reasonably be
3371					"uucp-new" if you are on a
3372					UUCP-connected site.
3373confSEVEN_BIT_INPUT	SevenBitInput	[False] Force input to seven bits?
3374confEIGHT_BIT_HANDLING	EightBitMode	[pass8] 8-bit data handling
3375confALIAS_WAIT		AliasWait	[10m] Time to wait for alias file
3376					rebuild until you get bored and
3377					decide that the apparently pending
3378					rebuild failed.
3379confMIN_FREE_BLOCKS	MinFreeBlocks	[100] Minimum number of free blocks on
3380					queue filesystem to accept SMTP mail.
3381					(Prior to 8.7 this was minfree/maxsize,
3382					where minfree was the number of free
3383					blocks and maxsize was the maximum
3384					message size.  Use confMAX_MESSAGE_SIZE
3385					for the second value now.)
3386confMAX_MESSAGE_SIZE	MaxMessageSize	[infinite] The maximum size of messages
3387					that will be accepted (in bytes).
3388confBLANK_SUB		BlankSub	[.] Blank (space) substitution
3389					character.
3390confCON_EXPENSIVE	HoldExpensive	[False] Avoid connecting immediately
3391					to mailers marked expensive.
3392confCHECKPOINT_INTERVAL	CheckpointInterval
3393					[10] Checkpoint queue files every N
3394					recipients.
3395confDELIVERY_MODE	DeliveryMode	[background] Default delivery mode.
3396confERROR_MODE		ErrorMode	[print] Error message mode.
3397confERROR_MESSAGE	ErrorHeader	[undefined] Error message header/file.
3398confSAVE_FROM_LINES	SaveFromLine	Save extra leading From_ lines.
3399confTEMP_FILE_MODE	TempFileMode	[0600] Temporary file mode.
3400confMATCH_GECOS		MatchGECOS	[False] Match GECOS field.
3401confMAX_HOP		MaxHopCount	[25] Maximum hop count.
3402confIGNORE_DOTS*	IgnoreDots	[False; always False in -bs or -bd
3403					mode] Ignore dot as terminator for
3404					incoming messages?
3405confBIND_OPTS		ResolverOptions	[undefined] Default options for DNS
3406					resolver.
3407confMIME_FORMAT_ERRORS*	SendMimeErrors	[True] Send error messages as MIME-
3408					encapsulated messages per RFC 1344.
3409confFORWARD_PATH	ForwardPath	[$z/.forward.$w:$z/.forward]
3410					The colon-separated list of places to
3411					search for .forward files.  N.B.: see
3412					the Security Notes section.
3413confMCI_CACHE_SIZE	ConnectionCacheSize
3414					[2] Size of open connection cache.
3415confMCI_CACHE_TIMEOUT	ConnectionCacheTimeout
3416					[5m] Open connection cache timeout.
3417confHOST_STATUS_DIRECTORY HostStatusDirectory
3418					[undefined] If set, host status is kept
3419					on disk between sendmail runs in the
3420					named directory tree.  This need not be
3421					a full pathname, in which case it is
3422					interpreted relative to the queue
3423					directory.
3424confSINGLE_THREAD_DELIVERY  SingleThreadDelivery
3425					[False] If this option and the
3426					HostStatusDirectory option are both
3427					set, single thread deliveries to other
3428					hosts.  That is, don't allow any two
3429					sendmails on this host to connect
3430					simultaneously to any other single
3431					host.  This can slow down delivery in
3432					some cases, in particular since a
3433					cached but otherwise idle connection
3434					to a host will prevent other sendmails
3435					from connecting to the other host.
3436confUSE_ERRORS_TO*	UseErrorsTo	[False] Use the Errors-To: header to
3437					deliver error messages.  This should
3438					not be necessary because of general
3439					acceptance of the envelope/header
3440					distinction.
3441confLOG_LEVEL		LogLevel	[9] Log level.
3442confME_TOO		MeToo		[True] Include sender in group
3443					expansions.  This option is
3444					deprecated and will be removed from
3445					a future version.
3446confCHECK_ALIASES	CheckAliases	[False] Check RHS of aliases when
3447					running newaliases.  Since this does
3448					DNS lookups on every address, it can
3449					slow down the alias rebuild process
3450					considerably on large alias files.
3451confOLD_STYLE_HEADERS*	OldStyleHeaders	[True] Assume that headers without
3452					special chars are old style.
3453confPRIVACY_FLAGS	PrivacyOptions	[authwarnings] Privacy flags.
3454confCOPY_ERRORS_TO	PostmasterCopy	[undefined] Address for additional
3455					copies of all error messages.
3456confQUEUE_FACTOR	QueueFactor	[600000] Slope of queue-only function.
3457confQUEUE_FILE_MODE	QueueFileMode	[undefined] Default permissions for
3458					queue files (octal).  If not set,
3459					sendmail uses 0600 unless its real
3460					and effective uid are different in
3461					which case it uses 0644.
3462confDONT_PRUNE_ROUTES	DontPruneRoutes	[False] Don't prune down route-addr
3463					syntax addresses to the minimum
3464					possible.
3465confSAFE_QUEUE*		SuperSafe	[True] Commit all messages to disk
3466					before forking.
3467confTO_INITIAL		Timeout.initial	[5m] The timeout waiting for a response
3468					on the initial connect.
3469confTO_CONNECT		Timeout.connect	[0] The timeout waiting for an initial
3470					connect() to complete.  This can only
3471					shorten connection timeouts; the kernel
3472					silently enforces an absolute maximum
3473					(which varies depending on the system).
3474confTO_ICONNECT		Timeout.iconnect
3475					[undefined] Like Timeout.connect, but
3476					applies only to the very first attempt
3477					to connect to a host in a message.
3478					This allows a single very fast pass
3479					followed by more careful delivery
3480					attempts in the future.
3481confTO_ACONNECT		Timeout.aconnect
3482					[0] The overall timeout waiting for
3483					all connection for a single delivery
3484					attempt to succeed.  If 0, no overall
3485					limit is applied.
3486confTO_HELO		Timeout.helo	[5m] The timeout waiting for a response
3487					to a HELO or EHLO command.
3488confTO_MAIL		Timeout.mail	[10m] The timeout waiting for a
3489					response to the MAIL command.
3490confTO_RCPT		Timeout.rcpt	[1h] The timeout waiting for a response
3491					to the RCPT command.
3492confTO_DATAINIT		Timeout.datainit
3493					[5m] The timeout waiting for a 354
3494					response from the DATA command.
3495confTO_DATABLOCK	Timeout.datablock
3496					[1h] The timeout waiting for a block
3497					during DATA phase.
3498confTO_DATAFINAL	Timeout.datafinal
3499					[1h] The timeout waiting for a response
3500					to the final "." that terminates a
3501					message.
3502confTO_RSET		Timeout.rset	[5m] The timeout waiting for a response
3503					to the RSET command.
3504confTO_QUIT		Timeout.quit	[2m] The timeout waiting for a response
3505					to the QUIT command.
3506confTO_MISC		Timeout.misc	[2m] The timeout waiting for a response
3507					to other SMTP commands.
3508confTO_COMMAND		Timeout.command	[1h] In server SMTP, the timeout
3509					waiting	for a command to be issued.
3510confTO_IDENT		Timeout.ident	[5s] The timeout waiting for a
3511					response to an IDENT query.
3512confTO_FILEOPEN		Timeout.fileopen
3513					[60s] The timeout waiting for a file
3514					(e.g., :include: file) to be opened.
3515confTO_LHLO		Timeout.lhlo	[2m] The timeout waiting for a response
3516					to an LMTP LHLO command.
3517confTO_STARTTLS		Timeout.starttls
3518					[1h] The timeout waiting for a
3519					response to an SMTP STARTTLS command.
3520confTO_CONTROL		Timeout.control
3521					[2m] The timeout for a complete
3522					control socket transaction to complete.
3523confTO_QUEUERETURN	Timeout.queuereturn
3524					[5d] The timeout before a message is
3525					returned as undeliverable.
3526confTO_QUEUERETURN_NORMAL
3527			Timeout.queuereturn.normal
3528					[undefined] As above, for normal
3529					priority messages.
3530confTO_QUEUERETURN_URGENT
3531			Timeout.queuereturn.urgent
3532					[undefined] As above, for urgent
3533					priority messages.
3534confTO_QUEUERETURN_NONURGENT
3535			Timeout.queuereturn.non-urgent
3536					[undefined] As above, for non-urgent
3537					(low) priority messages.
3538confTO_QUEUERETURN_DSN
3539			Timeout.queuereturn.dsn
3540					[undefined] As above, for delivery
3541					status notification messages.
3542confTO_QUEUEWARN	Timeout.queuewarn
3543					[4h] The timeout before a warning
3544					message is sent to the sender telling
3545					them that the message has been
3546					deferred.
3547confTO_QUEUEWARN_NORMAL	Timeout.queuewarn.normal
3548					[undefined] As above, for normal
3549					priority messages.
3550confTO_QUEUEWARN_URGENT	Timeout.queuewarn.urgent
3551					[undefined] As above, for urgent
3552					priority messages.
3553confTO_QUEUEWARN_NONURGENT
3554			Timeout.queuewarn.non-urgent
3555					[undefined] As above, for non-urgent
3556					(low) priority messages.
3557confTO_QUEUEWARN_DSN
3558			Timeout.queuewarn.dsn
3559					[undefined] As above, for delivery
3560					status notification messages.
3561confTO_HOSTSTATUS	Timeout.hoststatus
3562					[30m] How long information about host
3563					statuses will be maintained before it
3564					is considered stale and the host should
3565					be retried.  This applies both within
3566					a single queue run and to persistent
3567					information (see below).
3568confTO_RESOLVER_RETRANS	Timeout.resolver.retrans
3569					[varies] Sets the resolver's
3570					retransmission time interval (in
3571					seconds).  Sets both
3572					Timeout.resolver.retrans.first and
3573					Timeout.resolver.retrans.normal.
3574confTO_RESOLVER_RETRANS_FIRST  Timeout.resolver.retrans.first
3575					[varies] Sets the resolver's
3576					retransmission time interval (in
3577					seconds) for the first attempt to
3578					deliver a message.
3579confTO_RESOLVER_RETRANS_NORMAL  Timeout.resolver.retrans.normal
3580					[varies] Sets the resolver's
3581					retransmission time interval (in
3582					seconds) for all resolver lookups
3583					except the first delivery attempt.
3584confTO_RESOLVER_RETRY	Timeout.resolver.retry
3585					[varies] Sets the number of times
3586					to retransmit a resolver query.
3587					Sets both
3588					Timeout.resolver.retry.first and
3589					Timeout.resolver.retry.normal.
3590confTO_RESOLVER_RETRY_FIRST  Timeout.resolver.retry.first
3591					[varies] Sets the number of times
3592					to retransmit a resolver query for
3593					the first attempt to deliver a
3594					message.
3595confTO_RESOLVER_RETRY_NORMAL  Timeout.resolver.retry.normal
3596					[varies] Sets the number of times
3597					to retransmit a resolver query for
3598					all resolver lookups except the
3599					first delivery attempt.
3600confTIME_ZONE		TimeZoneSpec	[USE_SYSTEM] Time zone info -- can be
3601					USE_SYSTEM to use the system's idea,
3602					USE_TZ to use the user's TZ envariable,
3603					or something else to force that value.
3604confDEF_USER_ID		DefaultUser	[1:1] Default user id.
3605confUSERDB_SPEC		UserDatabaseSpec
3606					[undefined] User database
3607					specification.
3608confFALLBACK_MX		FallbackMXhost	[undefined] Fallback MX host.
3609confFALLBACK_SMARTHOST	FallbackSmartHost
3610					[undefined] Fallback smart host.
3611confTRY_NULL_MX_LIST	TryNullMXList	[False] If this host is the best MX
3612					for a host and other arrangements
3613					haven't been made, try connecting
3614					to the host directly; normally this
3615					would be a config error.
3616confQUEUE_LA		QueueLA		[varies] Load average at which
3617					queue-only function kicks in.
3618					Default values is (8 * numproc)
3619					where numproc is the number of
3620					processors online (if that can be
3621					determined).
3622confREFUSE_LA		RefuseLA	[varies] Load average at which
3623					incoming SMTP connections are
3624					refused.  Default values is (12 *
3625					numproc) where numproc is the
3626					number of processors online (if
3627					that can be determined).
3628confREJECT_LOG_INTERVAL	RejectLogInterval	[3h] Log interval when
3629					refusing connections for this long.
3630confDELAY_LA		DelayLA		[0] Load average at which sendmail
3631					will sleep for one second on most
3632					SMTP commands and before accepting
3633					connections.  0 means no limit.
3634confMAX_ALIAS_RECURSION	MaxAliasRecursion
3635					[10] Maximum depth of alias recursion.
3636confMAX_DAEMON_CHILDREN	MaxDaemonChildren
3637					[undefined] The maximum number of
3638					children the daemon will permit.  After
3639					this number, connections will be
3640					rejected.  If not set or <= 0, there is
3641					no limit.
3642confMAX_HEADERS_LENGTH	MaxHeadersLength
3643					[32768] Maximum length of the sum
3644					of all headers.
3645confMAX_MIME_HEADER_LENGTH  MaxMimeHeaderLength
3646					[undefined] Maximum length of
3647					certain MIME header field values.
3648confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
3649					[undefined] The maximum number of
3650					connections permitted per second per
3651					daemon.  After this many connections
3652					are accepted, further connections
3653					will be delayed.  If not set or <= 0,
3654					there is no limit.
3655confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
3656					[60s] Define the length of the
3657					interval for which the number of
3658					incoming connections is maintained.
3659confWORK_RECIPIENT_FACTOR
3660			RecipientFactor	[30000] Cost of each recipient.
3661confSEPARATE_PROC	ForkEachJob	[False] Run all deliveries in a
3662					separate process.
3663confWORK_CLASS_FACTOR	ClassFactor	[1800] Priority multiplier for class.
3664confWORK_TIME_FACTOR	RetryFactor	[90000] Cost of each delivery attempt.
3665confQUEUE_SORT_ORDER	QueueSortOrder	[Priority] Queue sort algorithm:
3666					Priority, Host, Filename, Random,
3667					Modification, or Time.
3668confMIN_QUEUE_AGE	MinQueueAge	[0] The minimum amount of time a job
3669					must sit in the queue between queue
3670					runs.  This allows you to set the
3671					queue run interval low for better
3672					responsiveness without trying all
3673					jobs in each run.
3674confDEF_CHAR_SET	DefaultCharSet	[unknown-8bit] When converting
3675					unlabeled 8 bit input to MIME, the
3676					character set to use by default.
3677confSERVICE_SWITCH_FILE	ServiceSwitchFile
3678					[/etc/mail/service.switch] The file
3679					to use for the service switch on
3680					systems that do not have a
3681					system-defined switch.
3682confHOSTS_FILE		HostsFile	[/etc/hosts] The file to use when doing
3683					"file" type access of hosts names.
3684confDIAL_DELAY		DialDelay	[0s] If a connection fails, wait this
3685					long and try again.  Zero means "don't
3686					retry".  This is to allow "dial on
3687					demand" connections to have enough time
3688					to complete a connection.
3689confNO_RCPT_ACTION	NoRecipientAction
3690					[none] What to do if there are no legal
3691					recipient fields (To:, Cc: or Bcc:)
3692					in the message.  Legal values can
3693					be "none" to just leave the
3694					nonconforming message as is, "add-to"
3695					to add a To: header with all the
3696					known recipients (which may expose
3697					blind recipients), "add-apparently-to"
3698					to do the same but use Apparently-To:
3699					instead of To: (strongly discouraged
3700					in accordance with IETF standards),
3701					"add-bcc" to add an empty Bcc:
3702					header, or "add-to-undisclosed" to
3703					add the header
3704					``To: undisclosed-recipients:;''.
3705confSAFE_FILE_ENV	SafeFileEnvironment
3706					[undefined] If set, sendmail will do a
3707					chroot() into this directory before
3708					writing files.
3709confCOLON_OK_IN_ADDR	ColonOkInAddr	[True unless Configuration Level > 6]
3710					If set, colons are treated as a regular
3711					character in addresses.  If not set,
3712					they are treated as the introducer to
3713					the RFC 822 "group" syntax.  Colons are
3714					handled properly in route-addrs.  This
3715					option defaults on for V5 and lower
3716					configuration files.
3717confMAX_QUEUE_RUN_SIZE	MaxQueueRunSize	[0] If set, limit the maximum size of
3718					any given queue run to this number of
3719					entries.  Essentially, this will stop
3720					reading each queue directory after this
3721					number of entries are reached; it does
3722					_not_ pick the highest priority jobs,
3723					so this should be as large as your
3724					system can tolerate.  If not set, there
3725					is no limit.
3726confMAX_QUEUE_CHILDREN	MaxQueueChildren
3727					[undefined] Limits the maximum number
3728					of concurrent queue runners active.
3729					This is to keep system resources used
3730					within a reasonable limit.  Relates to
3731					Queue Groups and ForkEachJob.
3732confMAX_RUNNERS_PER_QUEUE	MaxRunnersPerQueue
3733					[1] Only active when MaxQueueChildren
3734					defined.  Controls the maximum number
3735					of queue runners (aka queue children)
3736					active at the same time in a work
3737					group.  See also MaxQueueChildren.
3738confDONT_EXPAND_CNAMES	DontExpandCnames
3739					[False] If set, $[ ... $] lookups that
3740					do DNS based lookups do not expand
3741					CNAME records.  This currently violates
3742					the published standards, but the IETF
3743					seems to be moving toward legalizing
3744					this.  For example, if "FTP.Foo.ORG"
3745					is a CNAME for "Cruft.Foo.ORG", then
3746					with this option set a lookup of
3747					"FTP" will return "FTP.Foo.ORG"; if
3748					clear it returns "Cruft.FOO.ORG".  N.B.
3749					you may not see any effect until your
3750					downstream neighbors stop doing CNAME
3751					lookups as well.
3752confFROM_LINE		UnixFromLine	[From $g $d] The From_ line used
3753					when sending to files or programs.
3754confSINGLE_LINE_FROM_HEADER  SingleLineFromHeader
3755					[False] From: lines that have
3756					embedded newlines are unwrapped
3757					onto one line.
3758confALLOW_BOGUS_HELO	AllowBogusHELO	[False] Allow HELO SMTP command that
3759					does not include a host name.
3760confMUST_QUOTE_CHARS	MustQuoteChars	[.'] Characters to be quoted in a full
3761					name phrase (@,;:\()[] are automatic).
3762confOPERATORS		OperatorChars	[.:%@!^/[]+] Address operator
3763					characters.
3764confSMTP_LOGIN_MSG	SmtpGreetingMessage
3765					[$j Sendmail $v/$Z; $b]
3766					The initial (spontaneous) SMTP
3767					greeting message.  The word "ESMTP"
3768					will be inserted between the first and
3769					second words to convince other
3770					sendmails to try to speak ESMTP.
3771confDONT_INIT_GROUPS	DontInitGroups	[False] If set, the initgroups(3)
3772					routine will never be invoked.  You
3773					might want to do this if you are
3774					running NIS and you have a large group
3775					map, since this call does a sequential
3776					scan of the map; in a large site this
3777					can cause your ypserv to run
3778					essentially full time.  If you set
3779					this, agents run on behalf of users
3780					will only have their primary
3781					(/etc/passwd) group permissions.
3782confUNSAFE_GROUP_WRITES	UnsafeGroupWrites
3783					[True] If set, group-writable
3784					:include: and .forward files are
3785					considered "unsafe", that is, programs
3786					and files cannot be directly referenced
3787					from such files.  World-writable files
3788					are always considered unsafe.
3789					Notice: this option is deprecated and
3790					will be removed in future versions;
3791					Set GroupWritableForwardFileSafe
3792					and GroupWritableIncludeFileSafe in
3793					DontBlameSendmail if required.
3794confCONNECT_ONLY_TO	ConnectOnlyTo	[undefined] override connection
3795					address (for testing).
3796confCONTROL_SOCKET_NAME	ControlSocketName
3797					[undefined] Control socket for daemon
3798					management.
3799confDOUBLE_BOUNCE_ADDRESS  DoubleBounceAddress
3800					[postmaster] If an error occurs when
3801					sending an error message, send that
3802					"double bounce" error message to this
3803					address.  If it expands to an empty
3804					string, double bounces are dropped.
3805confSOFT_BOUNCE		SoftBounce	[False] If set, issue temporary errors
3806					(4xy) instead of permanent errors
3807					(5xy).  This can be useful during
3808					testing of a new configuration to
3809					avoid erroneous bouncing of mails.
3810confDEAD_LETTER_DROP	DeadLetterDrop	[undefined] Filename to save bounce
3811					messages which could not be returned
3812					to the user or sent to postmaster.
3813					If not set, the queue file will
3814					be renamed.
3815confRRT_IMPLIES_DSN	RrtImpliesDsn	[False] Return-Receipt-To: header
3816					implies DSN request.
3817confRUN_AS_USER		RunAsUser	[undefined] If set, become this user
3818					when reading and delivering mail.
3819					Causes all file reads (e.g., .forward
3820					and :include: files) to be done as
3821					this user.  Also, all programs will
3822					be run as this user, and all output
3823					files will be written as this user.
3824confMAX_RCPTS_PER_MESSAGE  MaxRecipientsPerMessage
3825					[infinite] If set, allow no more than
3826					the specified number of recipients in
3827					an SMTP envelope.  Further recipients
3828					receive a 452 error code (i.e., they
3829					are deferred for the next delivery
3830					attempt).
3831confBAD_RCPT_THROTTLE	BadRcptThrottle	[infinite] If set and the specified
3832					number of recipients in a single SMTP
3833					transaction have been rejected, sleep
3834					for one second after each subsequent
3835					RCPT command in that transaction.
3836confDONT_PROBE_INTERFACES  DontProbeInterfaces
3837					[False] If set, sendmail will _not_
3838					insert the names and addresses of any
3839					local interfaces into class {w}
3840					(list of known "equivalent" addresses).
3841					If you set this, you must also include
3842					some support for these addresses (e.g.,
3843					in a mailertable entry) -- otherwise,
3844					mail to addresses in this list will
3845					bounce with a configuration error.
3846					If set to "loopback" (without
3847					quotes), sendmail will skip
3848					loopback interfaces (e.g., "lo0").
3849confPID_FILE		PidFile		[system dependent] Location of pid
3850					file.
3851confPROCESS_TITLE_PREFIX  ProcessTitlePrefix
3852					[undefined] Prefix string for the
3853					process title shown on 'ps' listings.
3854confDONT_BLAME_SENDMAIL	DontBlameSendmail
3855					[safe] Override sendmail's file
3856					safety checks.  This will definitely
3857					compromise system security and should
3858					not be used unless absolutely
3859					necessary.
3860confREJECT_MSG		-		[550 Access denied] The message
3861					given if the access database contains
3862					REJECT in the value portion.
3863confRELAY_MSG		-		[550 Relaying denied] The message
3864					given if an unauthorized relaying
3865					attempt is rejected.
3866confDF_BUFFER_SIZE	DataFileBufferSize
3867					[4096] The maximum size of a
3868					memory-buffered data (df) file
3869					before a disk-based file is used.
3870confXF_BUFFER_SIZE	XScriptFileBufferSize
3871					[4096] The maximum size of a
3872					memory-buffered transcript (xf)
3873					file before a disk-based file is
3874					used.
3875confTLS_SRV_OPTIONS	TLSSrvOptions	If this option is 'V' no client
3876					verification is performed, i.e.,
3877					the server doesn't ask for a
3878					certificate.
3879confLDAP_DEFAULT_SPEC	LDAPDefaultSpec	[undefined] Default map
3880					specification for LDAP maps.  The
3881					value should only contain LDAP
3882					specific settings such as "-h host
3883					-p port -d bindDN", etc.  The
3884					settings will be used for all LDAP
3885					maps unless they are specified in
3886					the individual map specification
3887					('K' command).
3888confCACERT_PATH		CACertPath	[undefined] Path to directory
3889					with certs of CAs.
3890confCACERT		CACertFile	[undefined] File containing one CA
3891					cert.
3892confSERVER_CERT		ServerCertFile	[undefined] File containing the
3893					cert of the server, i.e., this cert
3894					is used when sendmail acts as
3895					server.
3896confSERVER_KEY		ServerKeyFile	[undefined] File containing the
3897					private key belonging to the server
3898					cert.
3899confCLIENT_CERT		ClientCertFile	[undefined] File containing the
3900					cert of the client, i.e., this cert
3901					is used when sendmail acts as
3902					client.
3903confCLIENT_KEY		ClientKeyFile	[undefined] File containing the
3904					private key belonging to the client
3905					cert.
3906confCRL			CRLFile		[undefined] File containing certificate
3907					revocation status, useful for X.509v3
3908					authentication. Note that CRL requires
3909					at least OpenSSL version 0.9.7.
3910confDH_PARAMETERS	DHParameters	[undefined] File containing the
3911					DH parameters.
3912confRAND_FILE		RandFile	[undefined] File containing random
3913					data (use prefix file:) or the
3914					name of the UNIX socket if EGD is
3915					used (use prefix egd:).  STARTTLS
3916					requires this option if the compile
3917					flag HASURANDOM is not set (see
3918					sendmail/README).
3919confNICE_QUEUE_RUN	NiceQueueRun	[undefined]  If set, the priority of
3920					queue runners is set the given value
3921					(nice(3)).
3922confDIRECT_SUBMISSION_MODIFIERS	DirectSubmissionModifiers
3923					[undefined] Defines {daemon_flags}
3924					for direct submissions.
3925confUSE_MSP		UseMSP		[undefined] Use as mail submission
3926					program.
3927confDELIVER_BY_MIN	DeliverByMin	[0] Minimum time for Deliver By
3928					SMTP Service Extension (RFC 2852).
3929confREQUIRES_DIR_FSYNC	RequiresDirfsync	[true] RequiresDirfsync can
3930					be used to turn off the compile time
3931					flag REQUIRES_DIR_FSYNC at runtime.
3932					See sendmail/README for details.
3933confSHARED_MEMORY_KEY	SharedMemoryKey [0] Key for shared memory.
3934confSHARED_MEMORY_KEY_FILE
3935			SharedMemoryKeyFile
3936					[undefined] File where the
3937					automatically selected key for
3938					shared memory is stored.
3939confFAST_SPLIT		FastSplit	[1] If set to a value greater than
3940					zero, the initial MX lookups on
3941					addresses is suppressed when they
3942					are sorted which may result in
3943					faster envelope splitting.  If the
3944					mail is submitted directly from the
3945					command line, then the value also
3946					limits the number of processes to
3947					deliver the envelopes.
3948confMAILBOX_DATABASE	MailboxDatabase	[pw] Type of lookup to find
3949					information about local mailboxes.
3950confDEQUOTE_OPTS	-		[empty] Additional options for the
3951					dequote map.
3952confMAX_NOOP_COMMANDS	MaxNOOPCommands	[20] Maximum number of "useless"
3953					commands before the SMTP server
3954					will slow down responding.
3955confHELO_NAME		HeloName	If defined, use as name for EHLO/HELO
3956					command (instead of $j).
3957confINPUT_MAIL_FILTERS	InputMailFilters
3958					A comma separated list of filters
3959					which determines which filters and
3960					the invocation sequence are
3961					contacted for incoming SMTP
3962					messages.  If none are set, no
3963					filters will be contacted.
3964confMILTER_LOG_LEVEL	Milter.LogLevel	[9] Log level for input mail filter
3965					actions, defaults to LogLevel.
3966confMILTER_MACROS_CONNECT	Milter.macros.connect
3967					[j, _, {daemon_name}, {if_name},
3968					{if_addr}] Macros to transmit to
3969					milters when a session connection
3970					starts.
3971confMILTER_MACROS_HELO	Milter.macros.helo
3972					[{tls_version}, {cipher},
3973					{cipher_bits}, {cert_subject},
3974					{cert_issuer}] Macros to transmit to
3975					milters after HELO/EHLO command.
3976confMILTER_MACROS_ENVFROM	Milter.macros.envfrom
3977					[i, {auth_type}, {auth_authen},
3978					{auth_ssf}, {auth_author},
3979					{mail_mailer}, {mail_host},
3980					{mail_addr}] Macros to transmit to
3981					milters after MAIL FROM command.
3982confMILTER_MACROS_ENVRCPT	Milter.macros.envrcpt
3983					[{rcpt_mailer}, {rcpt_host},
3984					{rcpt_addr}] Macros to transmit to
3985					milters after RCPT TO command.
3986confMILTER_MACROS_EOM		Milter.macros.eom
3987					[{msg_id}] Macros to transmit to
3988					milters after the terminating
3989					DATA '.' is received.
3990confMILTER_MACROS_EOH		Milter.macros.eoh
3991					Macros to transmit to milters
3992					after the end of headers.
3993confMILTER_MACROS_DATA		Milter.macros.data
3994					Macros to transmit to milters
3995					after DATA command is received.
3996
3997
3998See also the description of OSTYPE for some parameters that can be
3999tweaked (generally pathnames to mailers).
4000
4001ClientPortOptions and DaemonPortOptions are special cases since multiple
4002clients/daemons can be defined.  This can be done via
4003
4004	CLIENT_OPTIONS(`field1=value1,field2=value2,...')
4005	DAEMON_OPTIONS(`field1=value1,field2=value2,...')
4006
4007Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
4008ClientPortOptions settings) are allowed in order to give settings for each
4009protocol family (e.g., one for Family=inet and one for Family=inet6).  A
4010restriction placed on one family only affects outgoing connections on that
4011particular family.
4012
4013If DAEMON_OPTIONS is not used, then the default is
4014
4015	DAEMON_OPTIONS(`Port=smtp, Name=MTA')
4016	DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
4017
4018If you use one DAEMON_OPTIONS macro, it will alter the parameters
4019of the first of these.  The second will still be defaulted; it
4020represents a "Message Submission Agent" (MSA) as defined by RFC
40212476 (see below).  To turn off the default definition for the MSA,
4022use FEATURE(`no_default_msa') (see also FEATURES).  If you use
4023additional DAEMON_OPTIONS macros, they will add additional daemons.
4024
4025Example 1:  To change the port for the SMTP listener, while
4026still using the MSA default, use
4027	DAEMON_OPTIONS(`Port=925, Name=MTA')
4028
4029Example 2:  To change the port for the MSA daemon, while still
4030using the default SMTP port, use
4031	FEATURE(`no_default_msa')
4032	DAEMON_OPTIONS(`Name=MTA')
4033	DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
4034
4035Note that if the first of those DAEMON_OPTIONS lines were omitted, then
4036there would be no listener on the standard SMTP port.
4037
4038Example 3: To listen on both IPv4 and IPv6 interfaces, use
4039
4040	DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4041	DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4042
4043A "Message Submission Agent" still uses all of the same rulesets for
4044processing the message (and therefore still allows message rejection via
4045the check_* rulesets).  In accordance with the RFC, the MSA will ensure
4046that all domains in envelope addresses are fully qualified if the message
4047is relayed to another MTA.  It will also enforce the normal address syntax
4048rules and log error messages.  Additionally, by using the M=a modifier you
4049can require authentication before messages are accepted by the MSA.
4050Notice: Do NOT use the 'a' modifier on a public accessible MTA!  Finally,
4051the M=E modifier shown above disables ETRN as required by RFC 2476.
4052
4053Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
4054commands:
4055
4056	INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
4057	MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
4058
4059The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
4060same order they were specified by also setting confINPUT_MAIL_FILTERS.  A
4061filter can be defined without adding it to the input filter list by using
4062MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
4063Alternatively, you can reset the list of filters and their order by setting
4064confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
4065your .mc file.
4066
4067
4068+----------------------------+
4069| MESSAGE SUBMISSION PROGRAM |
4070+----------------------------+
4071
4072This section contains a list of caveats and
4073a few hints how for those who want to tweak the default configuration
4074for it (which is installed as submit.cf).
4075
4076Notice: do not add options/features to submit.mc unless you are
4077absolutely sure you need them.  Options you may want to change
4078include:
4079
4080- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4081  avoiding X-Authentication warnings.
4082- confTIME_ZONE to change it from the default `USE_TZ'.
4083- confDELIVERY_MODE is set to interactive in msp.m4 instead
4084  of the default background mode.
4085- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4086  to the LOCAL_RELAY instead of the default relay.
4087
4088The MSP performs hostname canonicalization by default.  Mail may end
4089up for various DNS related reasons in the MSP queue.  This problem
4090can be minimized by using
4091
4092	FEATURE(`nocanonify', `canonify_hosts')
4093	define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
4094
4095See the discussion about nocanonify for possible side effects.
4096
4097Some things are not intended to work with the MSP.  These include
4098features that influence the delivery process (e.g., mailertable,
4099aliases), or those that are only important for a SMTP server (e.g.,
4100virtusertable, DaemonPortOptions, multiple queues).  Moreover,
4101relaxing certain restrictions (RestrictQueueRun, permissions on
4102queue directory) or adding features (e.g., enabling prog/file mailer)
4103can cause security problems.
4104
4105Other things don't work well with the MSP and require tweaking or
4106workarounds.
4107
4108The file and the map created by makemap should be owned by smmsp,
4109its group should be smmsp, and it should have mode 640.
4110
4111feature/msp.m4 defines almost all settings for the MSP.  Most of
4112those should not be changed at all.  Some of the features and options
4113can be overridden if really necessary.  It is a bit tricky to do
4114this, because it depends on the actual way the option is defined
4115in feature/msp.m4.  If it is directly defined (i.e., define()) then
4116the modified value must be defined after
4117
4118	FEATURE(`msp')
4119
4120If it is conditionally defined (i.e., ifdef()) then the desired
4121value must be defined before the FEATURE line in the .mc file.
4122To see how the options are defined read feature/msp.m4.
4123
4124
4125+--------------------------+
4126| FORMAT OF FILES AND MAPS |
4127+--------------------------+
4128
4129Files that define classes, i.e., F{classname}, consist of lines
4130each of which contains a single element of the class.  For example,
4131/etc/mail/local-host-names may have the following content:
4132
4133my.domain
4134another.domain
4135
4136Maps must be created using makemap(8) , e.g.,
4137
4138	makemap hash MAP < MAP
4139
4140In general, a text file from which a map is created contains lines
4141of the form
4142
4143key	value
4144
4145where 'key' and 'value' are also called LHS and RHS, respectively.
4146By default, the delimiter between LHS and RHS is a non-empty sequence
4147of white space characters.
4148
4149
4150+------------------+
4151| DIRECTORY LAYOUT |
4152+------------------+
4153
4154Within this directory are several subdirectories, to wit:
4155
4156m4		General support routines.  These are typically
4157		very important and should not be changed without
4158		very careful consideration.
4159
4160cf		The configuration files themselves.  They have
4161		".mc" suffixes, and must be run through m4 to
4162		become complete.  The resulting output should
4163		have a ".cf" suffix.
4164
4165ostype		Definitions describing a particular operating
4166		system type.  These should always be referenced
4167		using the OSTYPE macro in the .mc file.  Examples
4168		include "bsd4.3", "bsd4.4", "sunos3.5", and
4169		"sunos4.1".
4170
4171domain		Definitions describing a particular domain, referenced
4172		using the DOMAIN macro in the .mc file.  These are
4173		site dependent; for example, "CS.Berkeley.EDU.m4"
4174		describes hosts in the CS.Berkeley.EDU subdomain.
4175
4176mailer		Descriptions of mailers.  These are referenced using
4177		the MAILER macro in the .mc file.
4178
4179sh		Shell files used when building the .cf file from the
4180		.mc file in the cf subdirectory.
4181
4182feature		These hold special orthogonal features that you might
4183		want to include.  They should be referenced using
4184		the FEATURE macro.
4185
4186hack		Local hacks.  These can be referenced using the HACK
4187		macro.  They shouldn't be of more than voyeuristic
4188		interest outside the .Berkeley.EDU domain, but who knows?
4189
4190siteconfig	Site configuration -- e.g., tables of locally connected
4191		UUCP sites.
4192
4193
4194+------------------------+
4195| ADMINISTRATIVE DETAILS |
4196+------------------------+
4197
4198The following sections detail usage of certain internal parts of the
4199sendmail.cf file.  Read them carefully if you are trying to modify
4200the current model.  If you find the above descriptions adequate, these
4201should be {boring, confusing, tedious, ridiculous} (pick one or more).
4202
4203RULESETS (* means built in to sendmail)
4204
4205   0 *	Parsing
4206   1 *	Sender rewriting
4207   2 *	Recipient rewriting
4208   3 *	Canonicalization
4209   4 *	Post cleanup
4210   5 *	Local address rewrite (after aliasing)
4211  1x	mailer rules (sender qualification)
4212  2x	mailer rules (recipient qualification)
4213  3x	mailer rules (sender header qualification)
4214  4x	mailer rules (recipient header qualification)
4215  5x	mailer subroutines (general)
4216  6x	mailer subroutines (general)
4217  7x	mailer subroutines (general)
4218  8x	reserved
4219  90	Mailertable host stripping
4220  96	Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4221  97	Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4222  98	Local part of ruleset 0 (ruleset 8 in old sendmail)
4223
4224
4225MAILERS
4226
4227   0	local, prog	local and program mailers
4228   1	[e]smtp, relay	SMTP channel
4229   2	uucp-*		UNIX-to-UNIX Copy Program
4230   3	netnews		Network News delivery
4231   4	fax		Sam Leffler's HylaFAX software
4232   5	mail11		DECnet mailer
4233
4234
4235MACROS
4236
4237   A
4238   B	Bitnet Relay
4239   C	DECnet Relay
4240   D	The local domain -- usually not needed
4241   E	reserved for X.400 Relay
4242   F	FAX Relay
4243   G
4244   H	mail Hub (for mail clusters)
4245   I
4246   J
4247   K
4248   L	Luser Relay
4249   M	Masquerade (who you claim to be)
4250   N
4251   O
4252   P
4253   Q
4254   R	Relay (for unqualified names)
4255   S	Smart Host
4256   T
4257   U	my UUCP name (if you have a UUCP connection)
4258   V	UUCP Relay (class {V} hosts)
4259   W	UUCP Relay (class {W} hosts)
4260   X	UUCP Relay (class {X} hosts)
4261   Y	UUCP Relay (all other hosts)
4262   Z	Version number
4263
4264
4265CLASSES
4266
4267   A
4268   B	domains that are candidates for bestmx lookup
4269   C
4270   D
4271   E	addresses that should not seem to come from $M
4272   F	hosts this system forward for
4273   G	domains that should be looked up in genericstable
4274   H
4275   I
4276   J
4277   K
4278   L	addresses that should not be forwarded to $R
4279   M	domains that should be mapped to $M
4280   N	host/domains that should not be mapped to $M
4281   O	operators that indicate network operations (cannot be in local names)
4282   P	top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4283   Q
4284   R	domains this system is willing to relay (pass anti-spam filters)
4285   S
4286   T
4287   U	locally connected UUCP hosts
4288   V	UUCP hosts connected to relay $V
4289   W	UUCP hosts connected to relay $W
4290   X	UUCP hosts connected to relay $X
4291   Y	locally connected smart UUCP hosts
4292   Z	locally connected domain-ized UUCP hosts
4293   .	the class containing only a dot
4294   [	the class containing only a left bracket
4295
4296
4297M4 DIVERSIONS
4298
4299   1	Local host detection and resolution
4300   2	Local Ruleset 3 additions
4301   3	Local Ruleset 0 additions
4302   4	UUCP Ruleset 0 additions
4303   5	locally interpreted names (overrides $R)
4304   6	local configuration (at top of file)
4305   7	mailer definitions
4306   8	DNS based blacklists
4307   9	special local rulesets (1 and 2)
4308
4309$Revision: 8.722 $, Last updated $Date: 2007/04/03 21:26:58 $
4310ident	"%Z%%M%	%I%	%E% SMI"
4311