xref: /illumos-gate/usr/src/cmd/sendmail/cf/README (revision d6bb6a8465e557cb946ef49d56ed3202f6218652)
1
2		SENDMAIL CONFIGURATION FILES
3
4This document describes the sendmail configuration files.  It
5explains how to create a sendmail.cf file for use with sendmail.
6It also describes how to set options for sendmail which are explained
7in the Sendmail Installation and Operation guide, which can be found
8on-line at http://www.sendmail.org/%7Eca/email/doc8.12/op.html .
9Recall this URL throughout this document when references to
10doc/op/op.* are made.
11
12Table of Content:
13
14INTRODUCTION AND EXAMPLE
15A BRIEF INTRODUCTION TO M4
16FILE LOCATIONS
17OSTYPE
18DOMAINS
19MAILERS
20FEATURES
21HACKS
22SITE CONFIGURATION
23USING UUCP MAILERS
24TWEAKING RULESETS
25MASQUERADING AND RELAYING
26USING LDAP FOR ALIASES, MAPS, AND CLASSES
27LDAP ROUTING
28ANTI-SPAM CONFIGURATION CONTROL
29CONNECTION CONTROL
30STARTTLS
31ADDING NEW MAILERS OR RULESETS
32ADDING NEW MAIL FILTERS
33QUEUE GROUP DEFINITIONS
34NON-SMTP BASED CONFIGURATIONS
35WHO AM I?
36ACCEPTING MAIL FOR MULTIPLE NAMES
37USING MAILERTABLES
38USING USERDB TO MAP FULL NAMES
39MISCELLANEOUS SPECIAL FEATURES
40SECURITY NOTES
41TWEAKING CONFIGURATION OPTIONS
42MESSAGE SUBMISSION PROGRAM
43FORMAT OF FILES AND MAPS
44DIRECTORY LAYOUT
45ADMINISTRATIVE DETAILS
46
47
48+--------------------------+
49| INTRODUCTION AND EXAMPLE |
50+--------------------------+
51
52Configuration files are contained in the subdirectory "cf", with a
53suffix ".mc".  They must be run through "m4" to produce a ".cf" file.
54You must pre-load "cf.m4":
55
56	m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
57
58Alternatively, you can simply:
59
60	cd ${CFDIR}/cf
61	/usr/ccs/bin/make config.cf
62
63where ${CFDIR} is the root of the cf directory and config.mc is the
64name of your configuration file.  If you are running a version of M4
65that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
66this, but the versions distributed with 4.4BSD and derivatives do not)
67or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
68For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
69use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash!  For example:
70
71	m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
72
73Let's examine a typical .mc file:
74
75	divert(-1)
76	#
77	# Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
78	#	All rights reserved.
79	# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
80	# Copyright (c) 1988, 1993
81	#	The Regents of the University of California.  All rights reserved.
82	#
83	# By using this file, you agree to the terms and conditions set
84	# forth in the LICENSE file which can be found at the top level of
85	# the sendmail distribution.
86	#
87
88	#
89	#  This is a Berkeley-specific configuration file for HP-UX 9.x.
90	#  It applies only to the Computer Science Division at Berkeley,
91	#  and should not be used elsewhere.   It is provided on the sendmail
92	#  distribution as a sample only.  To create your own configuration
93	#  file, create an appropriate domain file in ../domain, change the
94	#  `DOMAIN' macro below to reference that file, and copy the result
95	#  to a name of your own choosing.
96	#
97	divert(0)
98
99The divert(-1) will delete the crud in the resulting output file.
100The copyright notice can be replaced by whatever your lawyers require;
101our lawyers require the one that is included in these files.  A copyleft
102is a copyright by another name.  The divert(0) restores regular output.
103
104	VERSIONID(`<SCCS or RCS version id>')
105
106VERSIONID is a macro that stuffs the version information into the
107resulting file.  You could use SCCS, RCS, CVS, something else, or
108omit it completely.  This is not the same as the version id included
109in SMTP greeting messages -- this is defined in m4/version.m4.
110
111	OSTYPE(`hpux9')dnl
112
113You must specify an OSTYPE to properly configure things such as the
114pathname of the help and status files, the flags needed for the local
115mailer, and other important things.  If you omit it, you will get an
116error when you try to build the configuration.  Look at the ostype
117directory for the list of known operating system types.
118
119	DOMAIN(`CS.Berkeley.EDU')dnl
120
121This example is specific to the Computer Science Division at Berkeley.
122You can use "DOMAIN(`generic')" to get a sufficiently bland definition
123that may well work for you, or you can create a customized domain
124definition appropriate for your environment.
125
126	MAILER(`local')
127	MAILER(`smtp')
128
129These describe the mailers used at the default CS site.  The local
130mailer is always included automatically.  Beware: MAILER declarations
131should only be followed by LOCAL_* sections.  The general rules are
132that the order should be:
133
134	VERSIONID
135	OSTYPE
136	DOMAIN
137	FEATURE
138	local macro definitions
139	MAILER
140	LOCAL_CONFIG
141	LOCAL_RULE_*
142	LOCAL_RULESETS
143
144There are a few exceptions to this rule.  Local macro definitions which
145influence a FEATURE() should be done before that feature.  For example,
146a define(`PROCMAIL_MAILER_PATH', ...) should be done before
147FEATURE(`local_procmail').
148
149
150+----------------------------+
151| A BRIEF INTRODUCTION TO M4 |
152+----------------------------+
153
154Sendmail uses the M4 macro processor to ``compile'' the configuration
155files.  The most important thing to know is that M4 is stream-based,
156that is, it doesn't understand about lines.  For this reason, in some
157places you may see the word ``dnl'', which stands for ``delete
158through newline''; essentially, it deletes all characters starting
159at the ``dnl'' up to and including the next newline character.  In
160most cases sendmail uses this only to avoid lots of unnecessary
161blank lines in the output.
162
163Other important directives are define(A, B) which defines the macro
164``A'' to have value ``B''.  Macros are expanded as they are read, so
165one normally quotes both values to prevent expansion.  For example,
166
167	define(`SMART_HOST', `smart.foo.com')
168
169One word of warning:  M4 macros are expanded even in lines that appear
170to be comments.  For example, if you have
171
172	# See FEATURE(`foo') above
173
174it will not do what you expect, because the FEATURE(`foo') will be
175expanded.  This also applies to
176
177	# And then define the $X macro to be the return address
178
179because ``define'' is an M4 keyword.  If you want to use them, surround
180them with directed quotes, `like this'.
181
182Since m4 uses single quotes (opening "`" and closing "'") to quote
183arguments, those quotes can't be used in arguments.  For example,
184it is not possible to define a rejection message containing a single
185quote. Usually there are simple workarounds by changing those
186messages; in the worst case it might be ok to change the value
187directly in the generated .cf file, which however is not advised.
188
189+----------------+
190| FILE LOCATIONS |
191+----------------+
192
193sendmail 8.9 has introduced a new configuration directory for sendmail
194related files, /etc/mail.  The new files available for sendmail 8.9 --
195the class {R} /etc/mail/relay-domains and the access database
196/etc/mail/access -- take advantage of this new directory.  Beginning with
1978.10, all files will use this directory by default (some options may be
198set by OSTYPE() files).  This new directory should help to restore
199uniformity to sendmail's file locations.
200
201Below is a table of some of the common changes:
202
203Old filename			New filename
204------------			------------
205/etc/bitdomain			/etc/mail/bitdomain
206/etc/domaintable		/etc/mail/domaintable
207/etc/genericstable		/etc/mail/genericstable
208/etc/uudomain			/etc/mail/uudomain
209/etc/virtusertable		/etc/mail/virtusertable
210/etc/userdb			/etc/mail/userdb
211
212/etc/aliases			/etc/mail/aliases
213/etc/sendmail/aliases		/etc/mail/aliases
214/etc/ucbmail/aliases		/etc/mail/aliases
215/usr/adm/sendmail/aliases	/etc/mail/aliases
216/usr/lib/aliases		/etc/mail/aliases
217/usr/lib/mail/aliases		/etc/mail/aliases
218/usr/ucblib/aliases		/etc/mail/aliases
219
220/etc/sendmail.cw		/etc/mail/local-host-names
221/etc/mail/sendmail.cw		/etc/mail/local-host-names
222/etc/sendmail/sendmail.cw	/etc/mail/local-host-names
223
224/etc/sendmail.ct		/etc/mail/trusted-users
225
226/etc/sendmail.oE		/etc/mail/error-header
227
228/etc/sendmail.hf		/etc/mail/helpfile
229/etc/mail/sendmail.hf		/etc/mail/helpfile
230/usr/ucblib/sendmail.hf		/etc/mail/helpfile
231/etc/ucbmail/sendmail.hf	/etc/mail/helpfile
232/usr/lib/sendmail.hf		/etc/mail/helpfile
233/usr/share/lib/sendmail.hf	/etc/mail/helpfile
234/usr/share/misc/sendmail.hf	/etc/mail/helpfile
235/share/misc/sendmail.hf		/etc/mail/helpfile
236
237/etc/service.switch		/etc/mail/service.switch
238
239/etc/sendmail.st		/etc/mail/statistics
240/etc/mail/sendmail.st		/etc/mail/statistics
241/etc/mailer/sendmail.st		/etc/mail/statistics
242/etc/sendmail/sendmail.st	/etc/mail/statistics
243/usr/lib/sendmail.st		/etc/mail/statistics
244/usr/ucblib/sendmail.st		/etc/mail/statistics
245
246Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
247to create the pathnames.  The default value of this variable is
248`/etc/mail/'.  If you set this macro to a different value, you MUST include
249a trailing slash.
250
251Notice: all filenames used in a .mc (or .cf) file should be absolute
252(starting at the root, i.e., with '/').  Relative filenames most
253likely cause surprises during operations (unless otherwise noted).
254
255
256+--------+
257| OSTYPE |
258+--------+
259
260You MUST define an operating system environment, or the configuration
261file build will puke.  There are several environments available; look
262at the "ostype" directory for the current list.  This macro changes
263things like the location of the alias file and queue directory.  Some
264of these files are identical to one another.
265
266It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
267In general, the OSTYPE macro should go immediately after any version
268information, and MAILER definitions should always go last.
269
270Operating system definitions are usually easy to write.  They may define
271the following variables (everything defaults, so an ostype file may be
272empty).  Unfortunately, the list of configuration-supported systems is
273not as broad as the list of source-supported systems, since many of
274the source contributors do not include corresponding ostype files.
275
276ALIAS_FILE		[/etc/mail/aliases] The location of the text version
277			of the alias file(s).  It can be a comma-separated
278			list of names (but be sure you quote values with
279			commas in them -- for example, use
280				define(`ALIAS_FILE', `a,b')
281			to get "a" and "b" both listed as alias files;
282			otherwise the define() primitive only sees "a").
283HELP_FILE		[/etc/mail/helpfile] The name of the file
284			containing information printed in response to
285			the SMTP HELP command.
286QUEUE_DIR		[/var/spool/mqueue] The directory containing
287			queue files.  To use multiple queues, supply
288			a value ending with an asterisk.  For
289			example, /var/spool/mqueue/qd* will use all of the
290			directories or symbolic links to directories
291			beginning with 'qd' in /var/spool/mqueue as queue
292			directories.  The names 'qf', 'df', and 'xf' are
293			reserved as specific subdirectories for the
294			corresponding queue file types as explained in
295			doc/op/op.me.  See also QUEUE GROUP DEFINITIONS.
296MSP_QUEUE_DIR		[/var/spool/clientmqueue] The directory containing
297			queue files for the MSP (Mail Submission Program).
298STATUS_FILE		[/etc/mail/statistics] The file containing status
299			information.
300LOCAL_MAILER_PATH	[/bin/mail] The program used to deliver local mail.
301LOCAL_MAILER_FLAGS	[Prmn9] The flags used by the local mailer.  The
302			flags lsDFMAw5:/|@q are always included.
303LOCAL_MAILER_ARGS	[mail -d $u] The arguments passed to deliver local
304			mail.
305LOCAL_MAILER_MAX	[undefined] If defined, the maximum size of local
306			mail that you are willing to accept.
307LOCAL_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
308			messages to deliver in a single connection.  Only
309			useful for LMTP local mailers.
310LOCAL_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
311			that ARRIVE from an address that resolves to the
312			local mailer and which are converted to MIME will be
313			labeled with this character set.
314LOCAL_MAILER_EOL	[undefined] If defined, the string to use as the
315			end of line for the local mailer.
316LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
317			[X-Unix] The DSN Diagnostic-Code value for the
318			local mailer.  This should be changed with care.
319LOCAL_SHELL_PATH	[/bin/sh] The shell used to deliver piped email.
320LOCAL_SHELL_FLAGS	[eu9] The flags used by the shell mailer.  The
321			flags lsDFM are always included.
322LOCAL_SHELL_ARGS	[sh -c $u] The arguments passed to deliver "prog"
323			mail.
324LOCAL_SHELL_DIR		[$z:/] The directory search path in which the
325			shell should run.
326LOCAL_MAILER_QGRP	[undefined] The queue group for the local mailer.
327SMTP_MAILER_FLAGS	[undefined] Flags added to SMTP mailer.  Default
328			flags are `mDFMuX' for all SMTP-based mailers; the
329			"esmtp" mailer adds `a'; "smtp8" adds `8'; and
330			"dsmtp" adds `%'.
331RELAY_MAILER_FLAGS	[undefined] Flags added to the relay mailer.  Default
332			flags are `mDFMuX' for all SMTP-based mailers; the
333			relay mailer adds `a8'.  If this is not defined,
334			then SMTP_MAILER_FLAGS is used.
335SMTP_MAILER_MAX		[undefined] The maximum size of messages that will
336			be transported using the smtp, smtp8, esmtp, or dsmtp
337			mailers.
338SMTP_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
339			messages to deliver in a single connection for the
340			smtp, smtp8, esmtp, or dsmtp mailers.
341SMTP_MAILER_MAXRCPTS	[undefined] If defined, the maximum number of
342			recipients to deliver in a single connection for the
343			smtp, smtp8, esmtp, or dsmtp mailers.
344SMTP_MAILER_ARGS	[TCP $h] The arguments passed to the smtp mailer.
345			About the only reason you would want to change this
346			would be to change the default port.
347ESMTP_MAILER_ARGS	[TCP $h] The arguments passed to the esmtp mailer.
348SMTP8_MAILER_ARGS	[TCP $h] The arguments passed to the smtp8 mailer.
349DSMTP_MAILER_ARGS	[TCP $h] The arguments passed to the dsmtp mailer.
350RELAY_MAILER_ARGS	[TCP $h] The arguments passed to the relay mailer.
351SMTP_MAILER_QGRP	[undefined] The queue group for the smtp mailer.
352ESMTP_MAILER_QGRP	[undefined] The queue group for the esmtp mailer.
353SMTP8_MAILER_QGRP	[undefined] The queue group for the smtp8 mailer.
354DSMTP_MAILER_QGRP	[undefined] The queue group for the dsmtp mailer.
355RELAY_MAILER_QGRP	[undefined] The queue group for the relay mailer.
356RELAY_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
357			messages to deliver in a single connection for the
358			relay mailer.
359SMTP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
360			that ARRIVE from an address that resolves to one of
361			the SMTP mailers and which are converted to MIME will
362			be labeled with this character set.
363UUCP_MAILER_PATH	[/usr/bin/uux] The program used to send UUCP mail.
364UUCP_MAILER_FLAGS	[undefined] Flags added to UUCP mailer.  Default
365			flags are `DFMhuU' (and `m' for uucp-new mailer,
366			minus `U' for uucp-dom mailer).
367UUCP_MAILER_ARGS	[uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
368			passed to the UUCP mailer.
369UUCP_MAILER_MAX		[100000] The maximum size message accepted for
370			transmission by the UUCP mailers.
371UUCP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
372			that ARRIVE from an address that resolves to one of
373			the UUCP mailers and which are converted to MIME will
374			be labeled with this character set.
375UUCP_MAILER_QGRP	[undefined] The queue group for the UUCP mailers.
376PROCMAIL_MAILER_PATH	[/usr/local/bin/procmail] The path to the procmail
377			program.  This is also used by
378			FEATURE(`local_procmail').
379PROCMAIL_MAILER_FLAGS	[SPhnu9] Flags added to Procmail mailer.  Flags
380			DFM are always set.  This is NOT used by
381			FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
382			instead.
383PROCMAIL_MAILER_ARGS	[procmail -Y -m $h $f $u] The arguments passed to
384			the Procmail mailer.  This is NOT used by
385			FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
386			instead.
387PROCMAIL_MAILER_MAX	[undefined] If set, the maximum size message that
388			will be accepted by the procmail mailer.
389PROCMAIL_MAILER_QGRP	[undefined] The queue group for the procmail mailer.
390confEBINDIR		[/usr/libexec] The directory for executables.
391			Currently used for FEATURE(`local_lmtp') and
392			FEATURE(`smrsh').
393LOCAL_PROG_QGRP		[undefined] The queue group for the prog mailer.
394
395Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
396MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
397of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
398upper case) and change can be: flags that should be used directly
399(thus overriding the default value), or if it starts with `+' (`-')
400then those flags are added to (removed from) the default value.
401Example:
402
403	MODIFY_MAILER_FLAGS(`LOCAL', `+e')
404
405will add the flag `e' to LOCAL_MAILER_FLAGS.  Notice: there are
406several smtp mailers all of which are manipulated individually.
407See the section MAILERS for the available mailer names.
408WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
409unconditionally, i.e., without respecting any definitions in an
410OSTYPE setting.
411
412
413+---------+
414| DOMAINS |
415+---------+
416
417You will probably want to collect domain-dependent defines into one
418file, referenced by the DOMAIN macro.  For example, the Berkeley
419domain file includes definitions for several internal distinguished
420hosts:
421
422UUCP_RELAY	The host that will accept UUCP-addressed email.
423		If not defined, all UUCP sites must be directly
424		connected.
425BITNET_RELAY	The host that will accept BITNET-addressed email.
426		If not defined, the .BITNET pseudo-domain won't work.
427DECNET_RELAY	The host that will accept DECNET-addressed email.
428		If not defined, the .DECNET pseudo-domain and addresses
429		of the form node::user will not work.
430FAX_RELAY	The host that will accept mail to the .FAX pseudo-domain.
431		The "fax" mailer overrides this value.
432LOCAL_RELAY	The site that will handle unqualified names -- that
433		is, names without an @domain extension.
434		Normally MAIL_HUB is preferred for this function.
435		LOCAL_RELAY is mostly useful in conjunction with
436		FEATURE(`stickyhost') -- see the discussion of
437		stickyhost below.  If not set, they are assumed to
438		belong on this machine.  This allows you to have a
439		central site to store a company- or department-wide
440		alias database.  This only works at small sites,
441		and only with some user agents.
442LUSER_RELAY	The site that will handle lusers -- that is, apparently
443		local names that aren't local accounts or aliases.  To
444		specify a local user instead of a site, set this to
445		``local:username''.
446
447Any of these can be either ``mailer:hostname'' (in which case the
448mailer is the internal mailer name, such as ``uucp-new'' and the hostname
449is the name of the host as appropriate for that mailer) or just a
450``hostname'', in which case a default mailer type (usually ``relay'',
451a variant on SMTP) is used.  WARNING: if you have a wildcard MX
452record matching your domain, you probably want to define these to
453have a trailing dot so that you won't get the mail diverted back
454to yourself.
455
456The domain file can also be used to define a domain name, if needed
457(using "DD<domain>") and set certain site-wide features.  If all hosts
458at your site masquerade behind one email name, you could also use
459MASQUERADE_AS here.
460
461You do not have to define a domain -- in particular, if you are a
462single machine sitting off somewhere, it is probably more work than
463it's worth.  This is just a mechanism for combining "domain dependent
464knowledge" into one place.
465
466
467+---------+
468| MAILERS |
469+---------+
470
471There are fewer mailers supported in this version than the previous
472version, owing mostly to a simpler world.  As a general rule, put the
473MAILER definitions last in your .mc file.
474
475local		The local and prog mailers.  You will almost always
476		need these; the only exception is if you relay ALL
477		your mail to another site.  This mailer is included
478		automatically.
479
480smtp		The Simple Mail Transport Protocol mailer.  This does
481		not hide hosts behind a gateway or another other
482		such hack; it assumes a world where everyone is
483		running the name server.  This file actually defines
484		five mailers: "smtp" for regular (old-style) SMTP to
485		other servers, "esmtp" for extended SMTP to other
486		servers, "smtp8" to do SMTP to other servers without
487		converting 8-bit data to MIME (essentially, this is
488		your statement that you know the other end is 8-bit
489		clean even if it doesn't say so), "dsmtp" to do on
490		demand delivery, and "relay" for transmission to the
491		RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
492
493uucp		The UNIX-to-UNIX Copy Program mailer.  Actually, this
494		defines two mailers, "uucp-old" (a.k.a. "uucp") and
495		"uucp-new" (a.k.a. "suucp").  The latter is for when you
496		know that the UUCP mailer at the other end can handle
497		multiple recipients in one transfer.  If the smtp mailer
498		is included in your configuration, two other mailers
499		("uucp-dom" and "uucp-uudom") are also defined [warning: you
500		MUST specify MAILER(`smtp') before MAILER(`uucp')].  When you
501		include the uucp mailer, sendmail looks for all names in
502		class {U} and sends them to the uucp-old mailer; all
503		names in class {Y} are sent to uucp-new; and all
504		names in class {Z} are sent to uucp-uudom.  Note that
505		this is a function of what version of rmail runs on
506		the receiving end, and hence may be out of your control.
507		See the section below describing UUCP mailers in more
508		detail.
509
510procmail	An interface to procmail (does not come with sendmail).
511		This is designed to be used in mailertables.  For example,
512		a common question is "how do I forward all mail for a given
513		domain to a single person?".  If you have this mailer
514		defined, you could set up a mailertable reading:
515
516			host.com	procmail:/etc/procmailrcs/host.com
517
518		with the file /etc/procmailrcs/host.com reading:
519
520			:0	# forward mail for host.com
521			! -oi -f $1 person@other.host
522
523		This would arrange for (anything)@host.com to be sent
524		to person@other.host.  In a procmail script, $1 is the
525		name of the sender and $2 is the name of the recipient.
526		If you use this with FEATURE(`local_procmail'), the FEATURE
527		should be listed first.
528
529		Of course there are other ways to solve this particular
530		problem, e.g., a catch-all entry in a virtusertable.
531
532The local mailer accepts addresses of the form "user+detail", where
533the "+detail" is not used for mailbox matching but is available
534to certain local mail programs (in particular, see
535FEATURE(`local_procmail')).  For example, "eric", "eric+sendmail", and
536"eric+sww" all indicate the same user, but additional arguments <null>,
537"sendmail", and "sww" may be provided for use in sorting mail.
538
539
540+----------+
541| FEATURES |
542+----------+
543
544Special features can be requested using the "FEATURE" macro.  For
545example, the .mc line:
546
547	FEATURE(`use_cw_file')
548
549tells sendmail that you want to have it read an /etc/mail/local-host-names
550file to get values for class {w}.  A FEATURE may contain up to 9
551optional parameters -- for example:
552
553	FEATURE(`mailertable', `dbm /usr/lib/mailertable')
554
555The default database map type for the table features can be set with
556
557	define(`DATABASE_MAP_TYPE', `dbm')
558
559which would set it to use ndbm databases.  The default is the Berkeley DB
560hash database format.  Note that you must still declare a database map type
561if you specify an argument to a FEATURE.  DATABASE_MAP_TYPE is only used
562if no argument is given for the FEATURE.  It must be specified before any
563feature that uses a map.
564
565Also, features which can take a map definition as an argument can also take
566the special keyword `LDAP'.  If that keyword is used, the map will use the
567LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
568CLASSES'' section below.
569
570Available features are:
571
572use_cw_file	Read the file /etc/mail/local-host-names file to get
573		alternate names for this host.  This might be used if you
574		were on a host that MXed for a dynamic set of other hosts.
575		If the set is static, just including the line "Cw<name1>
576		<name2> ..." (where the names are fully qualified domain
577		names) is probably superior.  The actual filename can be
578		overridden by redefining confCW_FILE.
579
580use_ct_file	Read the file /etc/mail/trusted-users file to get the
581		names of users that will be ``trusted'', that is, able to
582		set their envelope from address using -f without generating
583		a warning message.  The actual filename can be overridden
584		by redefining confCT_FILE.
585
586redirect	Reject all mail addressed to "address.REDIRECT" with
587		a ``551 User has moved; please try <address>'' message.
588		If this is set, you can alias people who have left
589		to their new address with ".REDIRECT" appended.
590
591nouucp		Don't route UUCP addresses.  This feature takes one
592		parameter:
593		`reject': reject addresses which have "!" in the local
594			part unless it originates from a system
595			that is allowed to relay.
596		`nospecial': don't do anything special with "!".
597		Warnings: 1. See the notice in the anti-spam section.
598		2. don't remove "!" from OperatorChars if `reject' is
599		given as parameter.
600
601nocanonify	Don't pass addresses to $[ ... $] for canonification
602		by default, i.e., host/domain names are considered canonical,
603		except for unqualified names, which must not be used in this
604		mode (violation of the standard).  It can be changed by
605		setting the DaemonPortOptions modifiers (M=).  That is,
606		FEATURE(`nocanonify') will be overridden by setting the
607		'c' flag.  Conversely, if FEATURE(`nocanonify') is not used,
608		it can be emulated by setting the 'C' flag
609		(DaemonPortOptions=Modifiers=C).  This would generally only
610		be used by sites that only act as mail gateways or which have
611		user agents that do full canonification themselves.  You may
612		also want to use
613		"define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
614		the usual resolver options that do a similar thing.
615
616		An exception list for FEATURE(`nocanonify') can be
617		specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
618		i.e., a list of domains which are nevertheless passed to
619		$[ ... $] for canonification.  This is useful to turn on
620		canonification for local domains, e.g., use
621		CANONIFY_DOMAIN(`my.domain my') to canonify addresses
622		which end in "my.domain" or "my".
623		Another way to require canonification in the local
624		domain is CANONIFY_DOMAIN(`$=m').
625
626		A trailing dot is added to addresses with more than
627		one component in it such that other features which
628		expect a trailing dot (e.g., virtusertable) will
629		still work.
630
631		If `canonify_hosts' is specified as parameter, i.e.,
632		FEATURE(`nocanonify', `canonify_hosts'), then
633		addresses which have only a hostname, e.g.,
634		<user@host>, will be canonified (and hopefully fully
635		qualified), too.
636
637stickyhost	This feature is sometimes used with LOCAL_RELAY,
638		although it can be used for a different effect with
639		MAIL_HUB.
640
641		When used without MAIL_HUB, email sent to
642		"user@local.host" are marked as "sticky" -- that
643		is, the local addresses aren't matched against UDB,
644		don't go through ruleset 5, and are not forwarded to
645		the LOCAL_RELAY (if defined).
646
647		With MAIL_HUB, mail addressed to "user@local.host"
648		is forwarded to the mail hub, with the envelope
649		address still remaining "user@local.host".
650		Without stickyhost, the envelope would be changed
651		to "user@mail_hub", in order to protect against
652		mailing loops.
653
654mailertable	Include a "mailer table" which can be used to override
655		routing for particular domains (which are not in class {w},
656		i.e.  local host names).  The argument of the FEATURE may be
657		the key definition.  If none is specified, the definition
658		used is:
659
660			hash /etc/mail/mailertable
661
662		Keys in this database are fully qualified domain names
663		or partial domains preceded by a dot -- for example,
664		"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".  As a
665		special case of the latter, "." matches any domain not
666		covered by other keys.  Values must be of the form:
667			mailer:domain
668		where "mailer" is the internal mailer name, and "domain"
669		is where to send the message.  These maps are not
670		reflected into the message header.  As a special case,
671		the forms:
672			local:user
673		will forward to the indicated user using the local mailer,
674			local:
675		will forward to the original user in the e-mail address
676		using the local mailer, and
677			error:code message
678			error:D.S.N:code message
679		will give an error message with the indicated SMTP reply
680		code and message, where D.S.N is an RFC 1893 compliant
681		error code.
682
683domaintable	Include a "domain table" which can be used to provide
684		domain name mapping.  Use of this should really be
685		limited to your own domains.  It may be useful if you
686		change names (e.g., your company changes names from
687		oldname.com to newname.com).  The argument of the
688		FEATURE may be the key definition.  If none is specified,
689		the definition used is:
690
691			hash /etc/mail/domaintable
692
693		The key in this table is the domain name; the value is
694		the new (fully qualified) domain.  Anything in the
695		domaintable is reflected into headers; that is, this
696		is done in ruleset 3.
697
698bitdomain	Look up bitnet hosts in a table to try to turn them into
699		internet addresses.  The table can be built using the
700		bitdomain program contributed by John Gardiner Myers.
701		The argument of the FEATURE may be the key definition; if
702		none is specified, the definition used is:
703
704			hash /etc/mail/bitdomain
705
706		Keys are the bitnet hostname; values are the corresponding
707		internet hostname.
708
709uucpdomain	Similar feature for UUCP hosts.  The default map definition
710		is:
711
712			hash /etc/mail/uudomain
713
714		At the moment there is no automagic tool to build this
715		database.
716
717always_add_domain
718		Include the local host domain even on locally delivered
719		mail.  Normally it is not added on unqualified names.
720		However, if you use a shared message store but do not use
721		the same user name space everywhere, you may need the host
722		name on local names.  An optional argument specifies
723		another domain to be added than the local.
724
725allmasquerade	If masquerading is enabled (using MASQUERADE_AS), this
726		feature will cause recipient addresses to also masquerade
727		as being from the masquerade host.  Normally they get
728		the local hostname.  Although this may be right for
729		ordinary users, it can break local aliases.  For example,
730		if you send to "localalias", the originating sendmail will
731		find that alias and send to all members, but send the
732		message with "To: localalias@masqueradehost".  Since that
733		alias likely does not exist, replies will fail.  Use this
734		feature ONLY if you can guarantee that the ENTIRE
735		namespace on your masquerade host supersets all the
736		local entries.
737
738limited_masquerade
739		Normally, any hosts listed in class {w} are masqueraded.  If
740		this feature is given, only the hosts listed in class {M} (see
741		below:  MASQUERADE_DOMAIN) are masqueraded.  This is useful
742		if you have several domains with disjoint namespaces hosted
743		on the same machine.
744
745masquerade_entire_domain
746		If masquerading is enabled (using MASQUERADE_AS) and
747		MASQUERADE_DOMAIN (see below) is set, this feature will
748		cause addresses to be rewritten such that the masquerading
749		domains are actually entire domains to be hidden.  All
750		hosts within the masquerading domains will be rewritten
751		to the masquerade name (used in MASQUERADE_AS).  For example,
752		if you have:
753
754			MASQUERADE_AS(`masq.com')
755			MASQUERADE_DOMAIN(`foo.org')
756			MASQUERADE_DOMAIN(`bar.com')
757
758		then *foo.org and *bar.com are converted to masq.com.  Without
759		this feature, only foo.org and bar.com are masqueraded.
760
761		    NOTE: only domains within your jurisdiction and
762		    current hierarchy should be masqueraded using this.
763
764local_no_masquerade
765		This feature prevents the local mailer from masquerading even
766		if MASQUERADE_AS is used.  MASQUERADE_AS will only have effect
767		on addresses of mail going outside the local domain.
768
769masquerade_envelope
770		If masquerading is enabled (using MASQUERADE_AS) or the
771		genericstable is in use, this feature will cause envelope
772		addresses to also masquerade as being from the masquerade
773		host.  Normally only the header addresses are masqueraded.
774
775genericstable	This feature will cause unqualified addresses (i.e., without
776		a domain) and addresses with a domain listed in class {G}
777		to be looked up in a map and turned into another ("generic")
778		form, which can change both the domain name and the user name.
779		Notice: if you use an MSP (as it is default starting with
780		8.12), the MTA will only receive qualified addresses from the
781		MSP (as required by the RFCs).  Hence you need to add your
782		domain to class {G}.  This feature is similar to the userdb
783		functionality.  The same types of addresses as for
784		masquerading are looked up, i.e., only header sender
785		addresses unless the allmasquerade and/or masquerade_envelope
786		features are given.  Qualified addresses must have the domain
787		part in class {G}; entries can be added to this class by the
788		macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
789		to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
790
791		The argument of FEATURE(`genericstable') may be the map
792		definition; the default map definition is:
793
794			hash /etc/mail/genericstable
795
796		The key for this table is either the full address, the domain
797		(with a leading @; the localpart is passed as first argument)
798		or the unqualified username (tried in the order mentioned);
799		the value is the new user address.  If the new user address
800		does not include a domain, it will be qualified in the standard
801		manner, i.e., using $j or the masquerade name.  Note that the
802		address being looked up must be fully qualified.  For local
803		mail, it is necessary to use FEATURE(`always_add_domain')
804		for the addresses to be qualified.
805		The "+detail" of an address is passed as %1, so entries like
806
807			old+*@foo.org	new+%1@example.com
808			gen+*@foo.org	%1@example.com
809
810		and other forms are possible.
811
812generics_entire_domain
813		If the genericstable is enabled and GENERICS_DOMAIN or
814		GENERICS_DOMAIN_FILE is used, this feature will cause
815		addresses to be searched in the map if their domain
816		parts are subdomains of elements in class {G}.
817
818virtusertable	A domain-specific form of aliasing, allowing multiple
819		virtual domains to be hosted on one machine.  For example,
820		if the virtuser table contains:
821
822			info@foo.com	foo-info
823			info@bar.com	bar-info
824			joe@bar.com	error:nouser 550 No such user here
825			jax@bar.com	error:5.7.0:550 Address invalid
826			@baz.org	jane@example.net
827
828		then mail addressed to info@foo.com will be sent to the
829		address foo-info, mail addressed to info@bar.com will be
830		delivered to bar-info, and mail addressed to anyone at baz.org
831		will be sent to jane@example.net, mail to joe@bar.com will
832		be rejected with the specified error message, and mail to
833		jax@bar.com will also have a RFC 1893 compliant error code
834		5.7.0.
835
836		The username from the original address is passed
837		as %1 allowing:
838
839			@foo.org	%1@example.com
840
841		meaning someone@foo.org will be sent to someone@example.com.
842		Additionally, if the local part consists of "user+detail"
843		then "detail" is passed as %2 and "+detail" is passed as %3
844		when a match against user+* is attempted, so entries like
845
846			old+*@foo.org	new+%2@example.com
847			gen+*@foo.org	%2@example.com
848			+*@foo.org	%1%3@example.com
849			X++@foo.org	Z%3@example.com
850			@bar.org	%1%3
851
852		and other forms are possible.  Note: to preserve "+detail"
853		for a default case (@domain) %1%3 must be used as RHS.
854		There are two wildcards after "+": "+" matches only a non-empty
855		detail, "*" matches also empty details, e.g., user+@foo.org
856		matches +*@foo.org but not ++@foo.org.  This can be used
857		to ensure that the parameters %2 and %3 are not empty.
858
859		All the host names on the left hand side (foo.com, bar.com,
860		and baz.org) must be in class {w} or class {VirtHost}.  The
861		latter can be defined by the macros VIRTUSER_DOMAIN or
862		VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
863		MASQUERADE_DOMAIN_FILE, see below).  If VIRTUSER_DOMAIN or
864		VIRTUSER_DOMAIN_FILE is used, then the entries of class
865		{VirtHost} are added to class {R}, i.e., relaying is allowed
866		to (and from) those domains.  The default map definition is:
867
868			hash /etc/mail/virtusertable
869
870		A new definition can be specified as the second argument of
871		the FEATURE macro, such as
872
873			FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
874
875virtuser_entire_domain
876		If the virtusertable is enabled and VIRTUSER_DOMAIN or
877		VIRTUSER_DOMAIN_FILE is used, this feature will cause
878		addresses to be searched in the map if their domain
879		parts are subdomains of elements in class {VirtHost}.
880
881ldap_routing	Implement LDAP-based e-mail recipient routing according to
882		the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
883		This provides a method to re-route addresses with a
884		domain portion in class {LDAPRoute} to either a
885		different mail host or a different address.  Hosts can
886		be added to this class using LDAPROUTE_DOMAIN and
887		LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
888		MASQUERADE_DOMAIN_FILE, see below).
889
890		See the LDAP ROUTING section below for more information.
891
892nodns		If you aren't running DNS at your site (for example,
893		you are UUCP-only connected).  It's hard to consider
894		this a "feature", but hey, it had to go somewhere.
895		Actually, as of 8.7 this is a no-op -- remove "dns" from
896		the hosts service switch entry instead.
897
898nullclient	This is a special case -- it creates a configuration file
899		containing nothing but support for forwarding all mail to a
900		central hub via a local SMTP-based network.  The argument
901		is the name of that hub.
902
903		The only other feature that should be used in conjunction
904		with this one is FEATURE(`nocanonify').  No mailers
905		should be defined.  No aliasing or forwarding is done.
906
907local_lmtp	Use an LMTP capable local mailer.  The argument to this
908		feature is the pathname of an LMTP capable mailer.  By
909		default, mail.local is used.  This is expected to be the
910		mail.local which came with the 8.9 distribution which is
911		LMTP capable.  The path to mail.local is set by the
912		confEBINDIR m4 variable -- making the default
913		LOCAL_MAILER_PATH /usr/libexec/mail.local.
914		If a different LMTP capable mailer is used, its pathname
915		can be specified as second parameter and the arguments
916		passed to it (A=) as third parameter, e.g.,
917
918			FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
919
920		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
921		i.e., without respecting any definitions in an OSTYPE setting.
922
923local_procmail	Use procmail or another delivery agent as the local mailer.
924		The argument to this feature is the pathname of the
925		delivery agent, which defaults to PROCMAIL_MAILER_PATH.
926		Note that this does NOT use PROCMAIL_MAILER_FLAGS or
927		PROCMAIL_MAILER_ARGS for the local mailer; tweak
928		LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
929		specify the appropriate parameters.  When procmail is used,
930		the local mailer can make use of the
931		"user+indicator@local.host" syntax; normally the +indicator
932		is just tossed, but by default it is passed as the -a
933		argument to procmail.
934
935		This feature can take up to three arguments:
936
937		1. Path to the mailer program
938		   [default: /usr/local/bin/procmail]
939		2. Argument vector including name of the program
940		   [default: procmail -Y -a $h -d $u]
941		3. Flags for the mailer [default: SPfhn9]
942
943		Empty arguments cause the defaults to be taken.
944		Note that if you are on a system with a broken
945		setreuid() call, you may need to add -f $f to the procmail
946		argument vector to pass the proper sender to procmail.
947
948		For example, this allows it to use the maildrop
949		(http://www.flounder.net/~mrsam/maildrop/) mailer instead
950		by specifying:
951
952		FEATURE(`local_procmail', `/usr/local/bin/maildrop',
953		 `maildrop -d $u')
954
955		or scanmails using:
956
957		FEATURE(`local_procmail', `/usr/local/bin/scanmails')
958
959		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
960		i.e.,  without respecting any definitions in an OSTYPE setting.
961
962bestmx_is_local	Accept mail as though locally addressed for any host that
963		lists us as the best possible MX record.  This generates
964		additional DNS traffic, but should be OK for low to
965		medium traffic hosts.  The argument may be a set of
966		domains, which will limit the feature to only apply to
967		these domains -- this will reduce unnecessary DNS
968		traffic.  THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
969		WILDCARD MX RECORDS!!!  If you have a wildcard MX record
970		that matches your domain, you cannot use this feature.
971
972smrsh		Use the SendMail Restricted SHell (smrsh) provided
973		with the distribution instead of /bin/sh for mailing
974		to programs.  This improves the ability of the local
975		system administrator to control what gets run via
976		e-mail.  If an argument is provided it is used as the
977		pathname to smrsh; otherwise, the path defined by
978		confEBINDIR is used for the smrsh binary -- by default,
979		/usr/libexec/smrsh is assumed.
980
981promiscuous_relay
982		By default, the sendmail configuration files do not permit
983		mail relaying (that is, accepting mail from outside your
984		local host (class {w}) and sending it to another host than
985		your local host).  This option sets your site to allow
986		mail relaying from any site to any site.  In almost all
987		cases, it is better to control relaying more carefully
988		with the access map, class {R}, or authentication.  Domains
989		can be added to class {R} by the macros RELAY_DOMAIN or
990		RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
991		MASQUERADE_DOMAIN_FILE, see below).
992
993relay_entire_domain
994		This option allows any host in your domain as defined by
995		class {m} to use your server for relaying.  Notice: make
996		sure that your domain is not just a top level domain,
997		e.g., com.  This can happen if you give your host a name
998		like example.com instead of host.example.com.
999
1000relay_hosts_only
1001		By default, names that are listed as RELAY in the access
1002		db and class {R} are treated as domain names, not host names.
1003		For example, if you specify ``foo.com'', then mail to or
1004		from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1005		will all be accepted for relaying.  This feature changes
1006		the behaviour to lookup individual host names only.
1007
1008relay_based_on_MX
1009		Turns on the ability to allow relaying based on the MX
1010		records of the host portion of an incoming recipient; that
1011		is, if an MX record for host foo.com points to your site,
1012		you will accept and relay mail addressed to foo.com.  See
1013		description below for more information before using this
1014		feature.  Also, see the KNOWNBUGS entry regarding bestmx
1015		map lookups.
1016
1017		FEATURE(`relay_based_on_MX') does not necessarily allow
1018		routing of these messages which you expect to be allowed,
1019		if route address syntax (or %-hack syntax) is used.  If
1020		this is a problem, add entries to the access-table or use
1021		FEATURE(`loose_relay_check').
1022
1023relay_mail_from
1024		Allows relaying if the mail sender is listed as RELAY in
1025		the access map.  If an optional argument `domain' (this
1026		is the literal word `domain', not a placeholder) is given,
1027		relaying can be allowed just based on the domain portion
1028		of the sender address.  This feature should only be used if
1029		absolutely necessary as the sender address can be easily
1030		forged.  Use of this feature requires the "From:" tag to
1031		be used for the key in the access map; see the discussion
1032		of tags and FEATURE(`relay_mail_from') in the section on
1033		anti-spam configuration control.
1034
1035relay_local_from
1036		Allows relaying if the domain portion of the mail sender
1037		is a local host.  This should only be used if absolutely
1038		necessary as it opens a window for spammers.  Specifically,
1039		they can send mail to your mail server that claims to be
1040		from your domain (either directly or via a routed address),
1041		and you will go ahead and relay it out to arbitrary hosts
1042		on the Internet.
1043
1044accept_unqualified_senders
1045		Normally, MAIL FROM: commands in the SMTP session will be
1046		refused if the connection is a network connection and the
1047		sender address does not include a domain name.  If your
1048		setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1049		you will need to use this feature to accept unqualified
1050		sender addresses.  Setting the DaemonPortOptions modifier
1051		'u' overrides the default behavior, i.e., unqualified
1052		addresses are accepted even without this FEATURE.
1053		If this FEATURE is not used, the DaemonPortOptions modifier
1054		'f' can be used to enforce fully qualified addresses.
1055
1056accept_unresolvable_domains
1057		Normally, MAIL FROM: commands in the SMTP session will be
1058		refused if the host part of the argument to MAIL FROM:
1059		cannot be located in the host name service (e.g., an A or
1060		MX record in DNS).  If you are inside a firewall that has
1061		only a limited view of the Internet host name space, this
1062		could cause problems.  In this case you probably want to
1063		use this feature to accept all domains on input, even if
1064		they are unresolvable.
1065
1066access_db	Turns on the access database feature.  The access db gives
1067		you the ability to allow or refuse to accept mail from
1068		specified domains for administrative reasons.  Moreover,
1069		it can control the behavior of sendmail in various situations.
1070		By default, the access database specification is:
1071
1072			hash -T<TMPF> /etc/mail/access
1073
1074		See the anti-spam configuration control section for further
1075		important information about this feature.  Notice:
1076		"-T<TMPF>" is meant literal, do not replace it by anything.
1077
1078blacklist_recipients
1079		Turns on the ability to block incoming mail for certain
1080		recipient usernames, hostnames, or addresses.  For
1081		example, you can block incoming mail to user nobody,
1082		host foo.mydomain.com, or guest@bar.mydomain.com.
1083		These specifications are put in the access db as
1084		described in the anti-spam configuration control section
1085		later in this document.
1086
1087delay_checks	The rulesets check_mail and check_relay will not be called
1088		when a client connects or issues a MAIL command, respectively.
1089		Instead, those rulesets will be called by the check_rcpt
1090		ruleset; they will be skipped under certain circumstances.
1091		See "Delay all checks" in the anti-spam configuration control
1092		section.  Note: this feature is incompatible to the versions
1093		in 8.10 and 8.11.
1094
1095use_client_ptr	If this feature is enabled then check_relay will override
1096		its first argument with $&{client_ptr}.  This is useful for
1097		rejections based on the unverified hostname of client,
1098		which turns on the same behavior as in earlier sendmail
1099		versions when delay_checks was not in use.  See doc/op/op.*
1100		about check_relay, {client_name}, and {client_ptr}.
1101
1102dnsbl		Turns on rejection of hosts found in an DNS based rejection
1103		list.  If an argument is provided it is used as the domain
1104		in which blocked hosts are listed; otherwise it defaults to
1105		blackholes.mail-abuse.org.  An explanation for an DNS based
1106		rejection list can be found at http://mail-abuse.org/rbl/.
1107		A second argument can be used to change the default error
1108		message.  Without that second argument, the error message
1109		will be
1110			Rejected: IP-ADDRESS listed at SERVER
1111		where IP-ADDRESS and SERVER are replaced by the appropriate
1112		information.  By default, temporary lookup failures are
1113		ignored.  This behavior can be changed by specifying a
1114		third argument, which must be either `t' or a full error
1115		message.  See the anti-spam configuration control section for
1116		an example.  The dnsbl feature can be included several times
1117		to query different DNS based rejection lists.  See also
1118		enhdnsbl for an enhanced version.
1119
1120		Set the DNSBL_MAP mc option to change the default map
1121		definition from `host'.  Set the DNSBL_MAP_OPT mc option
1122		to add additional options to the map specification used.
1123
1124		Some DNS based rejection lists cause failures if asked
1125		for AAAA records. If your sendmail version is compiled
1126		with IPv6 support (NETINET6) and you experience this
1127		problem, add
1128
1129			define(`DNSBL_MAP', `dns -R A')
1130
1131		before the first use of this feature.  Alternatively you
1132		can use enhdnsbl instead (see below).  Moreover, this
1133		statement can be used to reduce the number of DNS retries,
1134		e.g.,
1135
1136			define(`DNSBL_MAP', `dns -R A -r2')
1137
1138		See below (EDNSBL_TO) for an explanation.
1139
1140		NOTE: The default DNS blacklist, blackholes.mail-abuse.org,
1141		is a service offered by the Mail Abuse Prevention System
1142		(MAPS).  As of July 31, 2001, MAPS is a subscription
1143		service, so using that network address won't work if you
1144		haven't subscribed.  Contact MAPS to subscribe
1145		(http://mail-abuse.org/).
1146
1147enhdnsbl	Enhanced version of dnsbl (see above).  Further arguments
1148		(up to 5) can be used to specify specific return values
1149		from lookups.  Temporary lookup failures are ignored unless
1150		a third argument is given, which must be either `t' or a full
1151		error message.  By default, any successful lookup will
1152		generate an error.  Otherwise the result of the lookup is
1153		compared with the supplied argument(s), and only if a match
1154		occurs an error is generated.  For example,
1155
1156		FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
1157
1158		will reject the e-mail if the lookup returns the value
1159		``127.0.0.2.'', or generate a 451 response if the lookup
1160		temporarily failed.  The arguments can contain metasymbols
1161		as they are allowed in the LHS of rules.  As the example
1162		shows, the default values are also used if an empty argument,
1163		i.e., `', is specified.  This feature requires that sendmail
1164		has been compiled with the flag DNSMAP (see sendmail/README).
1165
1166		Set the EDNSBL_TO mc option to change the DNS retry count
1167		from the default value of 5, this can be very useful when
1168		a DNS server is not responding, which in turn may cause
1169		clients to time out (an entry stating
1170
1171			did not issue MAIL/EXPN/VRFY/ETRN
1172
1173		will be logged).
1174
1175ratecontrol	Enable simple ruleset to do connection rate control
1176		checking.  This requires entries in access_db of the form
1177
1178			ClientRate:IP.ADD.RE.SS		LIMIT
1179
1180		The RHS specifies the maximum number of connections
1181		(an integer number) over the time interval defined
1182		by ConnectionRateWindowSize, where 0 means unlimited.
1183
1184		Take the following example:
1185
1186			ClientRate:10.1.2.3		4
1187			ClientRate:127.0.0.1		0
1188			ClientRate:			10
1189
1190		10.1.2.3 can only make up to 4 connections, the
1191		general limit it 10, and 127.0.0.1 can make an unlimited
1192		number of connections per ConnectionRateWindowSize.
1193
1194		See also CONNECTION CONTROL.
1195
1196conncontrol	Enable a simple check of the number of incoming SMTP
1197		connections.  This requires entries in access_db of the
1198		form
1199
1200			ClientConn:IP.ADD.RE.SS		LIMIT
1201
1202		The RHS specifies the maximum number of open connections
1203		(an integer number).
1204
1205		Take the following example:
1206
1207			ClientConn:10.1.2.3		4
1208			ClientConn:127.0.0.1		0
1209			ClientConn:			10
1210
1211		10.1.2.3 can only have up to 4 open connections, the
1212		general limit it 10, and 127.0.0.1 does not have any
1213		explicit limit.
1214
1215		See also CONNECTION CONTROL.
1216
1217mtamark		Experimental support for "Marking Mail Transfer Agents in
1218		Reverse DNS with TXT RRs" (MTAMark), see
1219		draft-stumpf-dns-mtamark-01.  Optional arguments are:
1220
1221		1. Error message, default:
1222
1223			550 Rejected: $&{client_addr} not listed as MTA
1224
1225		2. Temporary lookup failures are ignored unless a second
1226		argument is given, which must be either `t' or a full
1227		error message.
1228
1229		3. Lookup prefix, default: _perm._smtp._srv.  This should
1230		not be changed unless the draft changes it.
1231
1232		Example:
1233
1234			FEATURE(`mtamark', `', `t')
1235
1236lookupdotdomain	Look up also .domain in the access map.  This allows to
1237		match only subdomains.  It does not work well with
1238		FEATURE(`relay_hosts_only'), because most lookups for
1239		subdomains are suppressed by the latter feature.
1240
1241loose_relay_check
1242		Normally, if % addressing is used for a recipient, e.g.
1243		user%site@othersite, and othersite is in class {R}, the
1244		check_rcpt ruleset will strip @othersite and recheck
1245		user@site for relaying.  This feature changes that
1246		behavior.  It should not be needed for most installations.
1247
1248preserve_luser_host
1249		Preserve the name of the recipient host if LUSER_RELAY is
1250		used.  Without this option, the domain part of the
1251		recipient address will be replaced by the host specified as
1252		LUSER_RELAY.  This feature only works if the hostname is
1253		passed to the mailer (see mailer triple in op.me).  Note
1254		that in the default configuration the local mailer does not
1255		receive the hostname, i.e., the mailer triple has an empty
1256		hostname.
1257
1258preserve_local_plus_detail
1259		Preserve the +detail portion of the address when passing
1260		address to local delivery agent.  Disables alias and
1261		.forward +detail stripping (e.g., given user+detail, only
1262		that address will be looked up in the alias file; user+* and
1263		user will not be looked up).  Only use if the local
1264		delivery agent in use supports +detail addressing.
1265
1266compat_check	Enable ruleset check_compat to look up pairs of addresses
1267		with the Compat: tag --	Compat:sender<@>recipient -- in the
1268		access map.  Valid values for the RHS include
1269			DISCARD	silently discard recipient
1270			TEMP:	return a temporary error
1271			ERROR:	return a permanent error
1272		In the last two cases, a 4xy/5xy SMTP reply code should
1273		follow the colon.
1274
1275no_default_msa	Don't generate the default MSA daemon, i.e.,
1276		DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1277		To define a MSA daemon with other parameters, use this
1278		FEATURE and introduce new settings via DAEMON_OPTIONS().
1279
1280msp		Defines config file for Message Submission Program.
1281		See cf/submit.mc for how
1282		to use it.  An optional argument can be used to override
1283		the default of `[localhost]' to use as host to send all
1284		e-mails to.  Note that MX records will be used if the
1285		specified hostname is not in square brackets (e.g.,
1286		[hostname]).  If `MSA' is specified as second argument then
1287		port 587 is used to contact the server.  Example:
1288
1289			FEATURE(`msp', `', `MSA')
1290
1291		Some more hints about possible changes can be found below
1292		in the section MESSAGE SUBMISSION PROGRAM.
1293
1294		Note: Due to many problems, submit.mc uses
1295
1296			FEATURE(`msp', `[127.0.0.1]')
1297
1298		by default.  If you have a machine with IPv6 only,
1299		change it to
1300
1301			FEATURE(`msp', `[IPv6:::1]')
1302
1303		If you want to continue using '[localhost]', (the behavior
1304		up to 8.12.6), use
1305
1306			FEATURE(`msp')
1307
1308queuegroup	A simple example how to select a queue group based
1309		on the full e-mail address or the domain of the
1310		recipient.  Selection is done via entries in the
1311		access map using the tag QGRP:, for example:
1312
1313			QGRP:example.com	main
1314			QGRP:friend@some.org	others
1315			QGRP:my.domain		local
1316
1317		where "main", "others", and "local" are names of
1318		queue groups.  If an argument is specified, it is used
1319		as default queue group.
1320
1321		Note: please read the warning in doc/op/op.me about
1322		queue groups and possible queue manipulations.
1323
1324greet_pause	Adds the greet_pause ruleset which enables open proxy
1325		and SMTP slamming protection.  The feature can take an
1326		argument specifying the milliseconds to wait:
1327
1328			FEATURE(`greet_pause', `5000')  dnl 5 seconds
1329
1330		If FEATURE(`access_db') is enabled, an access database
1331		lookup with the GreetPause tag is done using client
1332		hostname, domain, IP address, or subnet to determine the
1333		pause time:
1334
1335			GreetPause:my.domain	0
1336			GreetPause:example.com	5000
1337			GreetPause:10.1.2	2000
1338			GreetPause:127.0.0.1	0
1339
1340		When using FEATURE(`access_db'), the optional
1341		FEATURE(`greet_pause') argument becomes the default if
1342		nothing is found in the access database.  A ruleset called
1343		Local_greet_pause can be used for local modifications, e.g.,
1344
1345			LOCAL_RULESETS
1346			SLocal_greet_pause
1347			R$*		$: $&{daemon_flags}
1348			R$* a $*	$# 0
1349
1350+--------------------+
1351| USING UUCP MAILERS |
1352+--------------------+
1353
1354It's hard to get UUCP mailers right because of the extremely ad hoc
1355nature of UUCP addressing.  These config files are really designed
1356for domain-based addressing, even for UUCP sites.
1357
1358There are four UUCP mailers available.  The choice of which one to
1359use is partly a matter of local preferences and what is running at
1360the other end of your UUCP connection.  Unlike good protocols that
1361define what will go over the wire, UUCP uses the policy that you
1362should do what is right for the other end; if they change, you have
1363to change.  This makes it hard to do the right thing, and discourages
1364people from updating their software.  In general, if you can avoid
1365UUCP, please do.
1366
1367The major choice is whether to go for a domainized scheme or a
1368non-domainized scheme.  This depends entirely on what the other
1369end will recognize.  If at all possible, you should encourage the
1370other end to go to a domain-based system -- non-domainized addresses
1371don't work entirely properly.
1372
1373The four mailers are:
1374
1375    uucp-old (obsolete name: "uucp")
1376	This is the oldest, the worst (but the closest to UUCP) way of
1377	sending messages across UUCP connections.  It does bangify
1378	everything and prepends $U (your UUCP name) to the sender's
1379	address (which can already be a bang path itself).  It can
1380	only send to one address at a time, so it spends a lot of
1381	time copying duplicates of messages.  Avoid this if at all
1382	possible.
1383
1384    uucp-new (obsolete name: "suucp")
1385	The same as above, except that it assumes that in one rmail
1386	command you can specify several recipients.  It still has a
1387	lot of other problems.
1388
1389    uucp-dom
1390	This UUCP mailer keeps everything as domain addresses.
1391	Basically, it uses the SMTP mailer rewriting rules.  This mailer
1392	is only included if MAILER(`smtp') is specified before
1393	MAILER(`uucp').
1394
1395	Unfortunately, a lot of UUCP mailer transport agents require
1396	bangified addresses in the envelope, although you can use
1397	domain-based addresses in the message header.  (The envelope
1398	shows up as the From_ line on UNIX mail.)  So....
1399
1400    uucp-uudom
1401	This is a cross between uucp-new (for the envelope addresses)
1402	and uucp-dom (for the header addresses).  It bangifies the
1403	envelope sender (From_ line in messages) without adding the
1404	local hostname, unless there is no host name on the address
1405	at all (e.g., "wolf") or the host component is a UUCP host name
1406	instead of a domain name ("somehost!wolf" instead of
1407	"some.dom.ain!wolf").  This is also included only if MAILER(`smtp')
1408	is also specified earlier.
1409
1410Examples:
1411
1412On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1413summarizes the sender rewriting for various mailers.
1414
1415Mailer		sender		rewriting in the envelope
1416------		------		-------------------------
1417uucp-{old,new}	wolf		grasp!wolf
1418uucp-dom	wolf		wolf@grasp.insa-lyon.fr
1419uucp-uudom	wolf		grasp.insa-lyon.fr!wolf
1420
1421uucp-{old,new}	wolf@fr.net	grasp!fr.net!wolf
1422uucp-dom	wolf@fr.net	wolf@fr.net
1423uucp-uudom	wolf@fr.net	fr.net!wolf
1424
1425uucp-{old,new}	somehost!wolf	grasp!somehost!wolf
1426uucp-dom	somehost!wolf	somehost!wolf@grasp.insa-lyon.fr
1427uucp-uudom	somehost!wolf	grasp.insa-lyon.fr!somehost!wolf
1428
1429If you are using one of the domainized UUCP mailers, you really want
1430to convert all UUCP addresses to domain format -- otherwise, it will
1431do it for you (and probably not the way you expected).  For example,
1432if you have the address foo!bar!baz (and you are not sending to foo),
1433the heuristics will add the @uucp.relay.name or @local.host.name to
1434this address.  However, if you map foo to foo.host.name first, it
1435will not add the local hostname.  You can do this using the uucpdomain
1436feature.
1437
1438
1439+-------------------+
1440| TWEAKING RULESETS |
1441+-------------------+
1442
1443For more complex configurations, you can define special rules.
1444The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1445the names.  Any modifications made here are reflected in the header.
1446
1447A common use is to convert old UUCP addresses to SMTP addresses using
1448the UUCPSMTP macro.  For example:
1449
1450	LOCAL_RULE_3
1451	UUCPSMTP(`decvax',	`decvax.dec.com')
1452	UUCPSMTP(`research',	`research.att.com')
1453
1454will cause addresses of the form "decvax!user" and "research!user"
1455to be converted to "user@decvax.dec.com" and "user@research.att.com"
1456respectively.
1457
1458This could also be used to look up hosts in a database map:
1459
1460	LOCAL_RULE_3
1461	R$* < @ $+ > $*		$: $1 < @ $(hostmap $2 $) > $3
1462
1463This map would be defined in the LOCAL_CONFIG portion, as shown below.
1464
1465Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1466For example, new rules are needed to parse hostnames that you accept
1467via MX records.  For example, you might have:
1468
1469	LOCAL_RULE_0
1470	R$+ <@ host.dom.ain.>	$#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1471
1472You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1473pointing at this host; this rule catches the message and forwards it on
1474using UUCP.
1475
1476You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1477These rulesets are normally empty.
1478
1479A similar macro is LOCAL_CONFIG.  This introduces lines added after the
1480boilerplate option setting but before rulesets.  Do not declare rulesets in
1481the LOCAL_CONFIG section.  It can be used to declare local database maps or
1482whatever.  For example:
1483
1484	LOCAL_CONFIG
1485	Khostmap hash /etc/mail/hostmap
1486	Kyplocal nis -m hosts.byname
1487
1488
1489+---------------------------+
1490| MASQUERADING AND RELAYING |
1491+---------------------------+
1492
1493You can have your host masquerade as another using
1494
1495	MASQUERADE_AS(`host.domain')
1496
1497This causes mail being sent to be labeled as coming from the
1498indicated host.domain, rather than $j.  One normally masquerades as
1499one of one's own subdomains (for example, it's unlikely that
1500Berkeley would choose to masquerade as an MIT site).  This
1501behaviour is modified by a plethora of FEATUREs; in particular, see
1502masquerade_envelope, allmasquerade, limited_masquerade, and
1503masquerade_entire_domain.
1504
1505The masquerade name is not normally canonified, so it is important
1506that it be your One True Name, that is, fully qualified and not a
1507CNAME.  However, if you use a CNAME, the receiving side may canonify
1508it for you, so don't think you can cheat CNAME mapping this way.
1509
1510Normally the only addresses that are masqueraded are those that come
1511from this host (that is, are either unqualified or in class {w}, the list
1512of local domain names).  You can augment this list, which is realized
1513by class {M} using
1514
1515	MASQUERADE_DOMAIN(`otherhost.domain')
1516
1517The effect of this is that although mail to user@otherhost.domain
1518will not be delivered locally, any mail including any user@otherhost.domain
1519will, when relayed, be rewritten to have the MASQUERADE_AS address.
1520This can be a space-separated list of names.
1521
1522If these names are in a file, you can use
1523
1524	MASQUERADE_DOMAIN_FILE(`filename')
1525
1526to read the list of names from the indicated file (i.e., to add
1527elements to class {M}).
1528
1529To exempt hosts or subdomains from being masqueraded, you can use
1530
1531	MASQUERADE_EXCEPTION(`host.domain')
1532
1533This can come handy if you want to masquerade a whole domain
1534except for one (or a few) host(s).  If these names are in a file,
1535you can use
1536
1537	MASQUERADE_EXCEPTION_FILE(`filename')
1538
1539Normally only header addresses are masqueraded.  If you want to
1540masquerade the envelope as well, use
1541
1542	FEATURE(`masquerade_envelope')
1543
1544There are always users that need to be "exposed" -- that is, their
1545internal site name should be displayed instead of the masquerade name.
1546Root is an example (which has been "exposed" by default prior to 8.10).
1547You can add users to this list using
1548
1549	EXPOSED_USER(`usernames')
1550
1551This adds users to class {E}; you could also use
1552
1553	EXPOSED_USER_FILE(`filename')
1554
1555You can also arrange to relay all unqualified names (that is, names
1556without @host) to a relay host.  For example, if you have a central
1557email server, you might relay to that host so that users don't have
1558to have .forward files or aliases.  You can do this using
1559
1560	define(`LOCAL_RELAY', `mailer:hostname')
1561
1562The ``mailer:'' can be omitted, in which case the mailer defaults to
1563"relay".  There are some user names that you don't want relayed, perhaps
1564because of local aliases.  A common example is root, which may be
1565locally aliased.  You can add entries to this list using
1566
1567	LOCAL_USER(`usernames')
1568
1569This adds users to class {L}; you could also use
1570
1571	LOCAL_USER_FILE(`filename')
1572
1573If you want all incoming mail sent to a centralized hub, as for a
1574shared /var/spool/mail scheme, use
1575
1576	define(`MAIL_HUB', `mailer:hostname')
1577
1578Again, ``mailer:'' defaults to "relay".  If you define both LOCAL_RELAY
1579and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1580be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1581Note: there is a (long standing) bug which keeps this combination from
1582working for addresses of the form user+detail.
1583Names in class {L} will be delivered locally, so you MUST have aliases or
1584.forward files for them.
1585
1586For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1587FEATURE(`stickyhost'), the following combinations of settings will have the
1588indicated effects:
1589
1590email sent to....	eric			  eric@mastodon.CS.Berkeley.EDU
1591
1592LOCAL_RELAY set to	mail.CS.Berkeley.EDU	  (delivered locally)
1593mail.CS.Berkeley.EDU	  (no local aliasing)	    (aliasing done)
1594
1595MAIL_HUB set to		mammoth.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1596mammoth.CS.Berkeley.EDU	  (aliasing done)	    (aliasing done)
1597
1598Both LOCAL_RELAY and	mail.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1599MAIL_HUB set as above	  (no local aliasing)	    (aliasing done)
1600
1601If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1602MAIL_HUB act identically, with MAIL_HUB taking precedence.
1603
1604If you want all outgoing mail to go to a central relay site, define
1605SMART_HOST as well.  Briefly:
1606
1607	LOCAL_RELAY applies to unqualified names (e.g., "eric").
1608	MAIL_HUB applies to names qualified with the name of the
1609		local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1610	SMART_HOST applies to names qualified with other hosts or
1611		bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1612		or "eric@[127.0.0.1]").
1613
1614However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1615DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1616really want absolutely everything to go to a single central site you will
1617need to unset all the other relays -- or better yet, find or build a
1618minimal config file that does this.
1619
1620For duplicate suppression to work properly, the host name is best
1621specified with a terminal dot:
1622
1623	define(`MAIL_HUB', `host.domain.')
1624	      note the trailing dot ---^
1625
1626
1627+-------------------------------------------+
1628| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1629+-------------------------------------------+
1630
1631LDAP can be used for aliases, maps, and classes by either specifying your
1632own LDAP map specification or using the built-in default LDAP map
1633specification.  The built-in default specifications all provide lookups
1634which match against either the machine's fully qualified hostname (${j}) or
1635a "cluster".  The cluster allows you to share LDAP entries among a large
1636number of machines without having to enter each of the machine names into
1637each LDAP entry.  To set the LDAP cluster name to use for a particular
1638machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1639unique name.  For example:
1640
1641	define(`confLDAP_CLUSTER', `Servers')
1642
1643Here, the word `Servers' will be the cluster name.  As an example, assume
1644that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1645to the Servers cluster.
1646
1647Some of the LDAP LDIF examples below show use of the Servers cluster.
1648Every entry must have either a sendmailMTAHost or sendmailMTACluster
1649attribute or it will be ignored.  Be careful as mixing clusters and
1650individual host records can have surprising results (see the CAUTION
1651sections below).
1652
1653See the file cf/sendmail.schema for the actual LDAP schemas.  Note that
1654this schema (and therefore the lookups and examples below) is experimental
1655at this point as it has had little public review.  Therefore, it may change
1656in future versions.  Feedback via sendmail-YYYY@support.sendmail.org is
1657encouraged (replace YYYY with the current year, e.g., 2005).
1658
1659-------
1660Aliases
1661-------
1662
1663The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
1664lookups.  To use the default schema, simply use:
1665
1666	define(`ALIAS_FILE', `ldap:')
1667
1668By doing so, you will use the default schema which expands to a map
1669declared as follows:
1670
1671	ldap -k (&(objectClass=sendmailMTAAliasObject)
1672		  (sendmailMTAAliasGrouping=aliases)
1673		  (|(sendmailMTACluster=${sendmailMTACluster})
1674		    (sendmailMTAHost=$j))
1675		  (sendmailMTAKey=%0))
1676	     -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
1677
1678
1679NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1680used when the binary expands the `ldap:' token as the AliasFile option is
1681not actually macro-expanded when read from the sendmail.cf file.
1682
1683Example LDAP LDIF entries might be:
1684
1685	dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
1686	objectClass: sendmailMTA
1687	objectClass: sendmailMTAAlias
1688	objectClass: sendmailMTAAliasObject
1689	sendmailMTAAliasGrouping: aliases
1690	sendmailMTAHost: etrn.sendmail.org
1691	sendmailMTAKey: sendmail-list
1692	sendmailMTAAliasValue: ca@example.org
1693	sendmailMTAAliasValue: eric
1694	sendmailMTAAliasValue: gshapiro@example.com
1695
1696	dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
1697	objectClass: sendmailMTA
1698	objectClass: sendmailMTAAlias
1699	objectClass: sendmailMTAAliasObject
1700	sendmailMTAAliasGrouping: aliases
1701	sendmailMTAHost: etrn.sendmail.org
1702	sendmailMTAKey: owner-sendmail-list
1703	sendmailMTAAliasValue: eric
1704
1705	dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
1706	objectClass: sendmailMTA
1707	objectClass: sendmailMTAAlias
1708	objectClass: sendmailMTAAliasObject
1709	sendmailMTAAliasGrouping: aliases
1710	sendmailMTACluster: Servers
1711	sendmailMTAKey: postmaster
1712	sendmailMTAAliasValue: eric
1713
1714Here, the aliases sendmail-list and owner-sendmail-list will be available
1715only on etrn.sendmail.org but the postmaster alias will be available on
1716every machine in the Servers cluster (including etrn.sendmail.org).
1717
1718CAUTION: aliases are additive so that entries like these:
1719
1720	dn: sendmailMTAKey=bob, dc=sendmail, dc=org
1721	objectClass: sendmailMTA
1722	objectClass: sendmailMTAAlias
1723	objectClass: sendmailMTAAliasObject
1724	sendmailMTAAliasGrouping: aliases
1725	sendmailMTACluster: Servers
1726	sendmailMTAKey: bob
1727	sendmailMTAAliasValue: eric
1728
1729	dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
1730	objectClass: sendmailMTA
1731	objectClass: sendmailMTAAlias
1732	objectClass: sendmailMTAAliasObject
1733	sendmailMTAAliasGrouping: aliases
1734	sendmailMTAHost: etrn.sendmail.org
1735	sendmailMTAKey: bob
1736	sendmailMTAAliasValue: gshapiro
1737
1738would mean that on all of the hosts in the cluster, mail to bob would go to
1739eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
1740gshapiro.
1741
1742If you prefer not to use the default LDAP schema for your aliases, you can
1743specify the map parameters when setting ALIAS_FILE.  For example:
1744
1745	define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
1746
1747----
1748Maps
1749----
1750
1751FEATURE()'s which take an optional map definition argument (e.g., access,
1752mailertable, virtusertable, etc.) can instead take the special keyword
1753`LDAP', e.g.:
1754
1755	FEATURE(`access_db', `LDAP')
1756	FEATURE(`virtusertable', `LDAP')
1757
1758When this keyword is given, that map will use LDAP lookups consisting of
1759the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
1760with the map name, a search attribute of sendmailMTAKey, and the value
1761attribute sendmailMTAMapValue.
1762
1763The values for sendmailMTAMapName are:
1764
1765	FEATURE()		sendmailMTAMapName
1766	---------		------------------
1767	access_db		access
1768	authinfo		authinfo
1769	bitdomain		bitdomain
1770	domaintable		domain
1771	genericstable		generics
1772	mailertable		mailer
1773	uucpdomain		uucpdomain
1774	virtusertable		virtuser
1775
1776For example, FEATURE(`mailertable', `LDAP') would use the map definition:
1777
1778	Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
1779			       (sendmailMTAMapName=mailer)
1780			       (|(sendmailMTACluster=${sendmailMTACluster})
1781				 (sendmailMTAHost=$j))
1782			       (sendmailMTAKey=%0))
1783			  -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
1784
1785An example LDAP LDIF entry using this map might be:
1786
1787	dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
1788	objectClass: sendmailMTA
1789	objectClass: sendmailMTAMap
1790	sendmailMTACluster: Servers
1791	sendmailMTAMapName: mailer
1792
1793	dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1794	objectClass: sendmailMTA
1795	objectClass: sendmailMTAMap
1796	objectClass: sendmailMTAMapObject
1797	sendmailMTAMapName: mailer
1798	sendmailMTACluster: Servers
1799	sendmailMTAKey: example.com
1800	sendmailMTAMapValue: relay:[smtp.example.com]
1801
1802CAUTION: If your LDAP database contains the record above and *ALSO* a host
1803specific record such as:
1804
1805	dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1806	objectClass: sendmailMTA
1807	objectClass: sendmailMTAMap
1808	objectClass: sendmailMTAMapObject
1809	sendmailMTAMapName: mailer
1810	sendmailMTAHost: etrn.sendmail.org
1811	sendmailMTAKey: example.com
1812	sendmailMTAMapValue: relay:[mx.example.com]
1813
1814then these entries will give unexpected results.  When the lookup is done
1815on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
1816require a single match.  Since the host etrn.sendmail.org is also in the
1817Servers cluster, LDAP would return two answers for the example.com map key
1818in which case sendmail would treat this as no match at all.
1819
1820If you prefer not to use the default LDAP schema for your maps, you can
1821specify the map parameters when using the FEATURE().  For example:
1822
1823	FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
1824
1825-------
1826Classes
1827-------
1828
1829Normally, classes can be filled via files or programs.  As of 8.12, they
1830can also be filled via map lookups using a new syntax:
1831
1832	F{ClassName}mapkey@mapclass:mapspec
1833
1834mapkey is optional and if not provided the map key will be empty.  This can
1835be used with LDAP to read classes from LDAP.  Note that the lookup is only
1836done when sendmail is initially started.  Use the special value `@LDAP' to
1837use the default LDAP schema.  For example:
1838
1839	RELAY_DOMAIN_FILE(`@LDAP')
1840
1841would put all of the attribute sendmailMTAClassValue values of LDAP records
1842with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
1843'R' into class $={R}.  In other words, it is equivalent to the LDAP map
1844specification:
1845
1846	F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
1847		       (sendmailMTAClassName=R)
1848		       (|(sendmailMTACluster=${sendmailMTACluster})
1849			 (sendmailMTAHost=$j)))
1850		  -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
1851
1852NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1853used when the binary expands the `@LDAP' token as class declarations are
1854not actually macro-expanded when read from the sendmail.cf file.
1855
1856This can be used with class related commands such as RELAY_DOMAIN_FILE(),
1857MASQUERADE_DOMAIN_FILE(), etc:
1858
1859	Command				sendmailMTAClassName
1860	-------				--------------------
1861	CANONIFY_DOMAIN_FILE()		Canonify
1862	EXPOSED_USER_FILE()		E
1863	GENERICS_DOMAIN_FILE()		G
1864	LDAPROUTE_DOMAIN_FILE()		LDAPRoute
1865	LDAPROUTE_EQUIVALENT_FILE()	LDAPRouteEquiv
1866	LOCAL_USER_FILE()		L
1867	MASQUERADE_DOMAIN_FILE()	M
1868	MASQUERADE_EXCEPTION_FILE()	N
1869	RELAY_DOMAIN_FILE()		R
1870	VIRTUSER_DOMAIN_FILE()		VirtHost
1871
1872You can also add your own as any 'F'ile class of the form:
1873
1874	F{ClassName}@LDAP
1875	  ^^^^^^^^^
1876will use "ClassName" for the sendmailMTAClassName.
1877
1878An example LDAP LDIF entry would look like:
1879
1880	dn: sendmailMTAClassName=R, dc=sendmail, dc=org
1881	objectClass: sendmailMTA
1882	objectClass: sendmailMTAClass
1883	sendmailMTACluster: Servers
1884	sendmailMTAClassName: R
1885	sendmailMTAClassValue: sendmail.org
1886	sendmailMTAClassValue: example.com
1887	sendmailMTAClassValue: 10.56.23
1888
1889CAUTION: If your LDAP database contains the record above and *ALSO* a host
1890specific record such as:
1891
1892	dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
1893	objectClass: sendmailMTA
1894	objectClass: sendmailMTAClass
1895	sendmailMTAHost: etrn.sendmail.org
1896	sendmailMTAClassName: R
1897	sendmailMTAClassValue: example.com
1898
1899the result will be similar to the aliases caution above.  When the lookup
1900is done on etrn.sendmail.org, $={R} would contain all of the entries (from
1901both the cluster match and the host match).  In other words, the effective
1902is additive.
1903
1904If you prefer not to use the default LDAP schema for your classes, you can
1905specify the map parameters when using the class command.  For example:
1906
1907	VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
1908
1909Remember, macros can not be used in a class declaration as the binary does
1910not expand them.
1911
1912
1913+--------------+
1914| LDAP ROUTING |
1915+--------------+
1916
1917FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
1918LDAP Schema for Intranet Mail Routing
1919(draft-lachman-laser-ldap-mail-routing-01).  This feature enables
1920LDAP-based rerouting of a particular address to either a different host
1921or a different address.  The LDAP lookup is first attempted on the full
1922address (e.g., user@example.com) and then on the domain portion
1923(e.g., @example.com).  Be sure to setup your domain for LDAP routing using
1924LDAPROUTE_DOMAIN(), e.g.:
1925
1926	LDAPROUTE_DOMAIN(`example.com')
1927
1928Additionally, you can specify equivalent domains for LDAP routing using
1929LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE().  'Equivalent'
1930hostnames are mapped to $M (the masqueraded hostname for the server) before
1931the LDAP query.  For example, if the mail is addressed to
1932user@host1.example.com, normally the LDAP lookup would only be done for
1933'user@host1.example.com' and '@host1.example.com'.   However, if
1934LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
1935done on 'user@example.com' and '@example.com' after attempting the
1936host1.example.com lookups.
1937
1938By default, the feature will use the schemas as specified in the draft
1939and will not reject addresses not found by the LDAP lookup.  However,
1940this behavior can be changed by giving additional arguments to the FEATURE()
1941command:
1942
1943 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
1944		 <detail>, <nodomain>, <tempfail>)
1945
1946where <mailHost> is a map definition describing how to lookup an alternative
1947mail host for a particular address; <mailRoutingAddress> is a map definition
1948describing how to lookup an alternative address for a particular address;
1949the <bounce> argument, if present and not the word "passthru", dictates
1950that mail should be bounced if neither a mailHost nor mailRoutingAddress
1951is found, if set to "sendertoo", the sender will be rejected if not
1952found in LDAP; and <detail> indicates what actions to take if the address
1953contains +detail information -- `strip' tries the lookup with the +detail
1954and if no matches are found, strips the +detail and tries the lookup again;
1955`preserve', does the same as `strip' but if a mailRoutingAddress match is
1956found, the +detail information is copied to the new address; the <nodomain>
1957argument, if present, will prevent the @domain lookup if the full
1958address is not found in LDAP; the <tempfail> argument, if set to
1959"tempfail", instructs the rules to give an SMTP 4XX temporary
1960error if the LDAP server gives the MTA a temporary failure, or if set to
1961"queue" (the default), the MTA will locally queue the mail.
1962
1963The default <mailHost> map definition is:
1964
1965	ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
1966				 (mailLocalAddress=%0))
1967
1968The default <mailRoutingAddress> map definition is:
1969
1970	ldap -1 -T<TMPF> -v mailRoutingAddress
1971			 -k (&(objectClass=inetLocalMailRecipient)
1972			      (mailLocalAddress=%0))
1973
1974Note that neither includes the LDAP server hostname (-h server) or base DN
1975(-b o=org,c=COUNTRY), both necessary for LDAP queries.  It is presumed that
1976your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
1977these settings.  If this is not the case, the map definitions should be
1978changed as described above.  The "-T<TMPF>" is required in any user
1979specified map definition to catch temporary errors.
1980
1981The following possibilities exist as a result of an LDAP lookup on an
1982address:
1983
1984	mailHost is	mailRoutingAddress is	Results in
1985	-----------	---------------------	----------
1986	set to a	set			mail delivered to
1987	"local" host				mailRoutingAddress
1988
1989	set to a	not set			delivered to
1990	"local" host				original address
1991
1992	set to a	set			mailRoutingAddress
1993	remote host				relayed to mailHost
1994
1995	set to a	not set			original address
1996	remote host				relayed to mailHost
1997
1998	not set		set			mail delivered to
1999						mailRoutingAddress
2000
2001	not set		not set			delivered to
2002						original address *OR*
2003						bounced as unknown user
2004
2005The term "local" host above means the host specified is in class {w}.  If
2006the result would mean sending the mail to a different host, that host is
2007looked up in the mailertable before delivery.
2008
2009Note that the last case depends on whether the third argument is given
2010to the FEATURE() command.  The default is to deliver the message to the
2011original address.
2012
2013The LDAP entries should be set up with an objectClass of
2014inetLocalMailRecipient and the address be listed in a mailLocalAddress
2015attribute.  If present, there must be only one mailHost attribute and it
2016must contain a fully qualified host name as its value.  Similarly, if
2017present, there must be only one mailRoutingAddress attribute and it must
2018contain an RFC 822 compliant address.  Some example LDAP records (in LDIF
2019format):
2020
2021	dn: uid=tom, o=example.com, c=US
2022	objectClass: inetLocalMailRecipient
2023	mailLocalAddress: tom@example.com
2024	mailRoutingAddress: thomas@mailhost.example.com
2025
2026This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2027
2028	dn: uid=dick, o=example.com, c=US
2029	objectClass: inetLocalMailRecipient
2030	mailLocalAddress: dick@example.com
2031	mailHost: eng.example.com
2032
2033This would relay mail for dick@example.com to the same address but redirect
2034the mail to MX records listed for the host eng.example.com (unless the
2035mailertable overrides).
2036
2037	dn: uid=harry, o=example.com, c=US
2038	objectClass: inetLocalMailRecipient
2039	mailLocalAddress: harry@example.com
2040	mailHost: mktmail.example.com
2041	mailRoutingAddress: harry@mkt.example.com
2042
2043This would relay mail for harry@example.com to the MX records listed for
2044the host mktmail.example.com using the new address harry@mkt.example.com
2045when talking to that host.
2046
2047	dn: uid=virtual.example.com, o=example.com, c=US
2048	objectClass: inetLocalMailRecipient
2049	mailLocalAddress: @virtual.example.com
2050	mailHost: server.example.com
2051	mailRoutingAddress: virtual@example.com
2052
2053This would send all mail destined for any username @virtual.example.com to
2054the machine server.example.com's MX servers and deliver to the address
2055virtual@example.com on that relay machine.
2056
2057
2058+---------------------------------+
2059| ANTI-SPAM CONFIGURATION CONTROL |
2060+---------------------------------+
2061
2062The primary anti-spam features available in sendmail are:
2063
2064* Relaying is denied by default.
2065* Better checking on sender information.
2066* Access database.
2067* Header checks.
2068
2069Relaying (transmission of messages from a site outside your host (class
2070{w}) to another site except yours) is denied by default.  Note that this
2071changed in sendmail 8.9; previous versions allowed relaying by default.
2072If you really want to revert to the old behaviour, you will need to use
2073FEATURE(`promiscuous_relay').  You can allow certain domains to relay
2074through your server by adding their domain name or IP address to class
2075{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2076(described below).  Note that IPv6 addresses must be prefaced with "IPv6:".
2077The file consists (like any other file based class) of entries listed on
2078separate lines, e.g.,
2079
2080	sendmail.org
2081	128.32
2082	IPv6:2002:c0a8:02c7
2083	IPv6:2002:c0a8:51d2::23f4
2084	host.mydomain.com
2085	[UNIX:localhost]
2086
2087Notice: the last entry allows relaying for connections via a UNIX
2088socket to the MTA/MSP.  This might be necessary if your configuration
2089doesn't allow relaying by other means in that case, e.g., by having
2090localhost.$m in class {R} (make sure $m is not just a top level
2091domain).
2092
2093If you use
2094
2095	FEATURE(`relay_entire_domain')
2096
2097then any host in any of your local domains (that is, class {m})
2098will be relayed (that is, you will accept mail either to or from any
2099host in your domain).
2100
2101You can also allow relaying based on the MX records of the host
2102portion of an incoming recipient address by using
2103
2104	FEATURE(`relay_based_on_MX')
2105
2106For example, if your server receives a recipient of user@domain.com
2107and domain.com lists your server in its MX records, the mail will be
2108accepted for relay to domain.com.  This feature may cause problems
2109if MX lookups for the recipient domain are slow or time out.  In that
2110case, mail will be temporarily rejected.  It is usually better to
2111maintain a list of hosts/domains for which the server acts as relay.
2112Note also that this feature will stop spammers from using your host
2113to relay spam but it will not stop outsiders from using your server
2114as a relay for their site (that is, they set up an MX record pointing
2115to your mail server, and you will relay mail addressed to them
2116without any prior arrangement).  Along the same lines,
2117
2118	FEATURE(`relay_local_from')
2119
2120will allow relaying if the sender specifies a return path (i.e.
2121MAIL FROM:<user@domain>) domain which is a local domain.  This is a
2122dangerous feature as it will allow spammers to spam using your mail
2123server by simply specifying a return address of user@your.domain.com.
2124It should not be used unless absolutely necessary.
2125A slightly better solution is
2126
2127	FEATURE(`relay_mail_from')
2128
2129which allows relaying if the mail sender is listed as RELAY in the
2130access map.  If an optional argument `domain' (this is the literal
2131word `domain', not a placeholder) is given, the domain portion of
2132the mail sender is also checked to allowing relaying.  This option
2133only works together with the tag From: for the LHS of the access
2134map entries.  This feature allows spammers to abuse your mail server
2135by specifying a return address that you enabled in your access file.
2136This may be harder to figure out for spammers, but it should not
2137be used unless necessary.  Instead use STARTTLS to
2138allow relaying for roaming users.
2139
2140
2141If source routing is used in the recipient address (e.g.,
2142RCPT TO:<user%site.com@othersite.com>), sendmail will check
2143user@site.com for relaying if othersite.com is an allowed relay host
2144in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2145or the access database if FEATURE(`access_db') is used.  To prevent
2146the address from being stripped down, use:
2147
2148	FEATURE(`loose_relay_check')
2149
2150If you think you need to use this feature, you probably do not.  This
2151should only be used for sites which have no control over the addresses
2152that they provide a gateway for.  Use this FEATURE with caution as it
2153can allow spammers to relay through your server if not setup properly.
2154
2155NOTICE: It is possible to relay mail through a system which the anti-relay
2156rules do not prevent: the case of a system that does use FEATURE(`nouucp',
2157`nospecial') (system A) and relays local messages to a mail hub (e.g., via
2158LOCAL_RELAY or LUSER_RELAY) (system B).  If system B doesn't use
2159FEATURE(`nouucp') at all, addresses of the form
2160<example.net!user@local.host> would be relayed to <user@example.net>.
2161System A doesn't recognize `!' as an address separator and therefore
2162forwards it to the mail hub which in turns relays it because it came from
2163a trusted local host.  So if a mailserver allows UUCP (bang-format)
2164addresses, all systems from which it allows relaying should do the same
2165or reject those addresses.
2166
2167As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2168an unresolvable domain (i.e., one that DNS, your local name service,
2169or special case rules in ruleset 3 cannot locate).  This also applies
2170to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2171IP address can't be mapped to a host name.  If you want to continue
2172to accept such domains, e.g., because you are inside a firewall that
2173has only a limited view of the Internet host name space (note that you
2174will not be able to return mail to them unless you have some "smart
2175host" forwarder), use
2176
2177	FEATURE(`accept_unresolvable_domains')
2178
2179Alternatively, you can allow specific addresses by adding them to
2180the access map, e.g.,
2181
2182	From:unresolvable.domain	OK
2183	From:[1.2.3.4]			OK
2184	From:[1.2.4]			OK
2185
2186Notice: domains which are temporarily unresolvable are (temporarily)
2187rejected with a 451 reply code.  If those domains should be accepted
2188(which is discouraged) then you can use
2189
2190	LOCAL_CONFIG
2191	C{ResOk}TEMP
2192
2193sendmail will also refuse mail if the MAIL FROM: parameter is not
2194fully qualified (i.e., contains a domain as well as a user).  If you
2195want to continue to accept such senders, use
2196
2197	FEATURE(`accept_unqualified_senders')
2198
2199Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2200i.e., unqualified addresses are accepted even without this FEATURE.  If
2201this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2202to enforce fully qualified domain names.
2203
2204An ``access'' database can be created to accept or reject mail from
2205selected domains.  For example, you may choose to reject all mail
2206originating from known spammers.  To enable such a database, use
2207
2208	FEATURE(`access_db')
2209
2210Notice: the access database is applied to the envelope addresses
2211and the connection information, not to the header.
2212
2213The FEATURE macro can accept as second parameter the key file
2214definition for the database; for example
2215
2216	FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2217
2218Notice: If a second argument is specified it must contain the option
2219`-T<TMPF>' as shown above.  The optional third and fourth parameters
2220may be `skip' or `lookupdotdomain'.  The former enables SKIP as
2221value part (see below), the latter is another way to enable the
2222feature of the same name (see above).
2223
2224Remember, since /etc/mail/access is a database, after creating the text
2225file as described below, you must use makemap to create the database
2226map.  For example:
2227
2228	makemap hash /etc/mail/access < /etc/mail/access
2229
2230The table itself uses e-mail addresses, domain names, and network
2231numbers as keys.  Note that IPv6 addresses must be prefaced with "IPv6:".
2232For example,
2233
2234	From:spammer@aol.com			REJECT
2235	From:cyberspammer.com			REJECT
2236	Connect:cyberspammer.com		REJECT
2237	Connect:TLD				REJECT
2238	Connect:192.168.212			REJECT
2239	Connect:IPv6:2002:c0a8:02c7		RELAY
2240	Connect:IPv6:2002:c0a8:51d2::23f4	REJECT
2241
2242would refuse mail from spammer@aol.com, any user from cyberspammer.com
2243(or any host within the cyberspammer.com domain), any host in the entire
2244top level domain TLD, 192.168.212.* network, and the IPv6 address
22452002:c0a8:51d2::23f4.  It would allow relay for the IPv6 network
22462002:c0a8:02c7::/48.
2247
2248Entries in the access map should be tagged according to their type.
2249Three tags are available:
2250
2251	Connect:	connection information (${client_addr}, ${client_name})
2252	From:		envelope sender
2253	To:		envelope recipient
2254
2255Notice: untagged entries are deprecated.
2256
2257If the required item is looked up in a map, it will be tried first
2258with the corresponding tag in front, then (as fallback to enable
2259backward compatibility) without any tag, unless the specific feature
2260requires a tag.  For example,
2261
2262	From:spammer@some.dom	REJECT
2263	To:friend.domain	RELAY
2264	Connect:friend.domain	OK
2265	Connect:from.domain	RELAY
2266	From:good@another.dom	OK
2267	From:another.dom	REJECT
2268
2269This would deny mails from spammer@some.dom but you could still
2270send mail to that address even if FEATURE(`blacklist_recipients')
2271is enabled.  Your system will allow relaying to friend.domain, but
2272not from it (unless enabled by other means).  Connections from that
2273domain will be allowed even if it ends up in one of the DNS based
2274rejection lists.  Relaying is enabled from from.domain but not to
2275it (since relaying is based on the connection information for
2276outgoing relaying, the tag Connect: must be used; for incoming
2277relaying, which is based on the recipient address, To: must be
2278used).  The last two entries allow mails from good@another.dom but
2279reject mail from all other addresses with another.dom as domain
2280part.
2281
2282
2283The value part of the map can contain:
2284
2285	OK		Accept mail even if other rules in the running
2286			ruleset would reject it, for example, if the domain
2287			name is unresolvable.  "Accept" does not mean
2288			"relay", but at most acceptance for local
2289			recipients.  That is, OK allows less than RELAY.
2290	RELAY		Accept mail addressed to the indicated domain or
2291			received from the indicated domain for relaying
2292			through your SMTP server.  RELAY also serves as
2293			an implicit OK for the other checks.
2294	REJECT		Reject the sender or recipient with a general
2295			purpose message.
2296	DISCARD		Discard the message completely using the
2297			$#discard mailer.  If it is used in check_compat,
2298			it affects only the designated recipient, not
2299			the whole message as it does in all other cases.
2300			This should only be used if really necessary.
2301	SKIP		This can only be used for host/domain names
2302			and IP addresses/nets.  It will abort the current
2303			search for this entry without accepting or rejecting
2304			it but causing the default action.
2305	### any text	where ### is an RFC 821 compliant error code and
2306			"any text" is a message to return for the command.
2307			The entire string should be quoted to avoid
2308			surprises:
2309
2310				"### any text"
2311
2312			Otherwise sendmail formats the text as email
2313			addresses, e.g., it may remove spaces.
2314			This type is deprecated, use one of the two
2315			ERROR:  entries below instead.
2316	ERROR:### any text
2317			as above, but useful to mark error messages as such.
2318			If quotes need to be used to avoid modifications
2319			(see above), they should be placed like this:
2320
2321				ERROR:"### any text"
2322
2323	ERROR:D.S.N:### any text
2324			where D.S.N is an RFC 1893 compliant error code
2325			and the rest as above.  If quotes need to be used
2326			to avoid modifications, they should be placed
2327			like this:
2328
2329				ERROR:D.S.N:"### any text"
2330
2331	QUARANTINE:any text
2332			Quarantine the message using the given text as the
2333			quarantining reason.
2334
2335For example:
2336
2337	From:cyberspammer.com	ERROR:"550 We don't accept mail from spammers"
2338	From:okay.cyberspammer.com	OK
2339	Connect:sendmail.org		RELAY
2340	To:sendmail.org			RELAY
2341	Connect:128.32			RELAY
2342	Connect:128.32.2		SKIP
2343	Connect:IPv6:1:2:3:4:5:6:7	RELAY
2344	Connect:suspicious.example.com	QUARANTINE:Mail from suspicious host
2345	Connect:[127.0.0.3]		OK
2346	Connect:[IPv6:1:2:3:4:5:6:7:8]	OK
2347
2348would accept mail from okay.cyberspammer.com, but would reject mail
2349from all other hosts at cyberspammer.com with the indicated message.
2350It would allow relaying mail from and to any hosts in the sendmail.org
2351domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2352and from the 128.32.*.* network except for the 128.32.2.* network,
2353which shows how SKIP is useful to exempt subnets/subdomains.  The
2354last two entries are for checks against ${client_name} if the IP
2355address doesn't resolve to a hostname (or is considered as "may be
2356forged").  That is, using square brackets means these are host
2357names, not network numbers.
2358
2359Warning: if you change the RFC 821 compliant error code from the default
2360value of 550, then you should probably also change the RFC 1893 compliant
2361error code to match it.  For example, if you use
2362
2363	To:user@example.com	ERROR:450 mailbox full
2364
2365the error returned would be "450 5.0.0 mailbox full" which is wrong.
2366Use "ERROR:4.2.2:450 mailbox full" instead.
2367
2368Note, UUCP users may need to add hostname.UUCP to the access database
2369or class {R}.
2370
2371If you also use:
2372
2373	FEATURE(`relay_hosts_only')
2374
2375then the above example will allow relaying for sendmail.org, but not
2376hosts within the sendmail.org domain.  Note that this will also require
2377hosts listed in class {R} to be fully qualified host names.
2378
2379You can also use the access database to block sender addresses based on
2380the username portion of the address.  For example:
2381
2382	From:FREE.STEALTH.MAILER@	ERROR:550 Spam not accepted
2383
2384Note that you must include the @ after the username to signify that
2385this database entry is for checking only the username portion of the
2386sender address.
2387
2388If you use:
2389
2390	FEATURE(`blacklist_recipients')
2391
2392then you can add entries to the map for local users, hosts in your
2393domains, or addresses in your domain which should not receive mail:
2394
2395	To:badlocaluser@	ERROR:550 Mailbox disabled for badlocaluser
2396	To:host.my.TLD		ERROR:550 That host does not accept mail
2397	To:user@other.my.TLD	ERROR:550 Mailbox disabled for this recipient
2398
2399This would prevent a recipient of badlocaluser in any of the local
2400domains (class {w}), any user at host.my.TLD, and the single address
2401user@other.my.TLD from receiving mail.  Please note: a local username
2402must be now tagged with an @ (this is consistent with the check of
2403the sender address, and hence it is possible to distinguish between
2404hostnames and usernames).  Enabling this feature will keep you from
2405sending mails to all addresses that have an error message or REJECT
2406as value part in the access map.  Taking the example from above:
2407
2408	spammer@aol.com		REJECT
2409	cyberspammer.com	REJECT
2410
2411Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2412That's why tagged entries should be used.
2413
2414There are several DNS based blacklists, the first of which was
2415the RBL (``Realtime Blackhole List'') run by the MAPS project,
2416see http://mail-abuse.org/.  These are databases of spammers
2417maintained in DNS.  To use such a database, specify
2418
2419	FEATURE(`dnsbl')
2420
2421This will cause sendmail to reject mail from any site in the original
2422Realtime Blackhole List database.  This default DNS blacklist,
2423blackholes.mail-abuse.org, is a service offered by the Mail Abuse
2424Prevention System (MAPS).  As of July 31, 2001, MAPS is a subscription
2425service, so using that network address won't work if you haven't
2426subscribed.  Contact MAPS to subscribe (http://mail-abuse.org/).
2427
2428You can specify an alternative RBL server to check by specifying an
2429argument to the FEATURE.  The default error message is
2430
2431	Rejected: IP-ADDRESS listed at SERVER
2432
2433where IP-ADDRESS and SERVER are replaced by the appropriate
2434information.  A second argument can be used to specify a different
2435text.  By default, temporary lookup failures are ignored and hence
2436cause the connection not to be rejected by the DNS based rejection
2437list.  This behavior can be changed by specifying a third argument,
2438which must be either `t' or a full error message.  For example:
2439
2440	FEATURE(`dnsbl', `dnsbl.example.com', `',
2441	`"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2442
2443If `t' is used, the error message is:
2444
2445	451 Temporary lookup failure of IP-ADDRESS at SERVER
2446
2447where IP-ADDRESS and SERVER are replaced by the appropriate
2448information.
2449
2450This FEATURE can be included several times to query different
2451DNS based rejection lists, e.g., the dial-up user list (see
2452http://mail-abuse.org/dul/).
2453
2454Notice: to avoid checking your own local domains against those
2455blacklists, use the access_db feature and add:
2456
2457	Connect:10.1		OK
2458	Connect:127.0.0.1	RELAY
2459
2460to the access map, where 10.1 is your local network.  You may
2461want to use "RELAY" instead of "OK" to allow also relaying
2462instead of just disabling the DNS lookups in the blacklists.
2463
2464
2465The features described above make use of the check_relay, check_mail,
2466and check_rcpt rulesets.  Note that check_relay checks the SMTP
2467client hostname and IP address when the connection is made to your
2468server.  It does not check if a mail message is being relayed to
2469another server.  That check is done in check_rcpt.  If you wish to
2470include your own checks, you can put your checks in the rulesets
2471Local_check_relay, Local_check_mail, and Local_check_rcpt.  For
2472example if you wanted to block senders with all numeric usernames
2473(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2474regex map:
2475
2476	LOCAL_CONFIG
2477	Kallnumbers regex -a@MATCH ^[0-9]+$
2478
2479	LOCAL_RULESETS
2480	SLocal_check_mail
2481	# check address against various regex checks
2482	R$*				$: $>Parse0 $>3 $1
2483	R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $)
2484	R@MATCH				$#error $: 553 Header Error
2485
2486These rules are called with the original arguments of the corresponding
2487check_* ruleset.  If the local ruleset returns $#OK, no further checking
2488is done by the features described above and the mail is accepted.  If
2489the local ruleset resolves to a mailer (such as $#error or $#discard),
2490the appropriate action is taken.  Other results starting with $# are
2491interpreted by sendmail and may lead to unspecified behavior.  Note: do
2492NOT create a mailer with the name OK.  Return values that do not start
2493with $# are ignored, i.e., normal processing continues.
2494
2495Delay all checks
2496----------------
2497
2498By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2499will not be called when a client connects or issues a MAIL command,
2500respectively.  Instead, those rulesets will be called by the check_rcpt
2501ruleset; they will be skipped if a sender has been authenticated using
2502a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2503If check_mail returns an error then the RCPT TO command will be rejected
2504with that error.  If it returns some other result starting with $# then
2505check_relay will be skipped.  If the sender address (or a part of it) is
2506listed in the access map and it has a RHS of OK or RELAY, then check_relay
2507will be skipped.  This has an interesting side effect: if your domain is
2508my.domain and you have
2509
2510	my.domain	RELAY
2511
2512in the access map, then any e-mail with a sender address of
2513<user@my.domain> will not be rejected by check_relay even though
2514it would match the hostname or IP address.  This allows spammers
2515to get around DNS based blacklist by faking the sender address.  To
2516avoid this problem you have to use tagged entries:
2517
2518	To:my.domain		RELAY
2519	Connect:my.domain	RELAY
2520
2521if you need those entries at all (class {R} may take care of them).
2522
2523FEATURE(`delay_checks') can take an optional argument:
2524
2525	FEATURE(`delay_checks', `friend')
2526		 enables spamfriend test
2527	FEATURE(`delay_checks', `hater')
2528		 enables spamhater test
2529
2530If such an argument is given, the recipient will be looked up in the
2531access map (using the tag Spam:).  If the argument is `friend', then
2532the default behavior is to apply the other rulesets and make a SPAM
2533friend the exception.  The rulesets check_mail and check_relay will be
2534skipped only if the recipient address is found and has RHS FRIEND.  If
2535the argument is `hater', then the default behavior is to skip the rulesets
2536check_mail and check_relay and make a SPAM hater the exception.  The
2537other two rulesets will be applied only if the recipient address is
2538found and has RHS HATER.
2539
2540This allows for simple exceptions from the tests, e.g., by activating
2541the friend option and having
2542
2543	Spam:abuse@	FRIEND
2544
2545in the access map, mail to abuse@localdomain will get through (where
2546"localdomain" is any domain in class {w}).  It is also possible to
2547specify a full address or an address with +detail:
2548
2549	Spam:abuse@my.domain	FRIEND
2550	Spam:me+abuse@		FRIEND
2551	Spam:spam.domain	FRIEND
2552
2553Note: The required tag has been changed in 8.12 from To: to Spam:.
2554This change is incompatible to previous versions.  However, you can
2555(for now) simply add the new entries to the access map, the old
2556ones will be ignored.  As soon as you removed the old entries from
2557the access map, specify a third parameter (`n') to this feature and
2558the backward compatibility rules will not be in the generated .cf
2559file.
2560
2561Header Checks
2562-------------
2563
2564You can also reject mail on the basis of the contents of headers.
2565This is done by adding a ruleset call to the 'H' header definition command
2566in sendmail.cf.  For example, this can be used to check the validity of
2567a Message-ID: header:
2568
2569	LOCAL_CONFIG
2570	HMessage-Id: $>CheckMessageId
2571
2572	LOCAL_RULESETS
2573	SCheckMessageId
2574	R< $+ @ $+ >		$@ OK
2575	R$*			$#error $: 553 Header Error
2576
2577The alternative format:
2578
2579	HSubject: $>+CheckSubject
2580
2581that is, $>+ instead of $>, gives the full Subject: header including
2582comments to the ruleset (comments in parentheses () are stripped
2583by default).
2584
2585A default ruleset for headers which don't have a specific ruleset
2586defined for them can be given by:
2587
2588	H*: $>CheckHdr
2589
2590Notice:
25911. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2592That may cause problems with simple header checks due to the
2593tokenization.  It might be simpler to use a regex map and apply it
2594to $&{currHeader}.
25952. There are no default rulesets coming with this distribution of
2596sendmail.  You can write your own or search the WWW for examples.
25973. When using a default ruleset for headers, the name of the header
2598currently being checked can be found in the $&{hdr_name} macro.
2599
2600After all of the headers are read, the check_eoh ruleset will be called for
2601any final header-related checks.  The ruleset is called with the number of
2602headers and the size of all of the headers in bytes separated by $|.  One
2603example usage is to reject messages which do not have a Message-Id:
2604header.  However, the Message-Id: header is *NOT* a required header and is
2605not a guaranteed spam indicator.  This ruleset is an example and should
2606probably not be used in production.
2607
2608	LOCAL_CONFIG
2609	Kstorage macro
2610	HMessage-Id: $>CheckMessageId
2611
2612	LOCAL_RULESETS
2613	SCheckMessageId
2614	# Record the presence of the header
2615	R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
2616	R< $+ @ $+ >		$@ OK
2617	R$*			$#error $: 553 Header Error
2618
2619	Scheck_eoh
2620	# Check the macro
2621	R$*			$: < $&{MessageIdCheck} >
2622	# Clear the macro for the next message
2623	R$*			$: $(storage {MessageIdCheck} $) $1
2624	# Has a Message-Id: header
2625	R< $+ >			$@ OK
2626	# Allow missing Message-Id: from local mail
2627	R$*			$: < $&{client_name} >
2628	R< >			$@ OK
2629	R< $=w >		$@ OK
2630	# Otherwise, reject the mail
2631	R$*			$#error $: 553 Header Error
2632
2633
2634+--------------------+
2635| CONNECTION CONTROL |
2636+--------------------+
2637
2638The features ratecontrol and conncontrol allow to establish connection
2639limits per client IP address or net.  These features can limit the
2640rate of connections (connections per time unit) or the number of
2641incoming SMTP connections, respectively.  If enabled, appropriate
2642rulesets are called at the end of check_relay, i.e., after DNS
2643blacklists and generic access_db operations.  The features require
2644FEATURE(`access_db') to be listed earlier in the mc file.
2645
2646Note: FEATURE(`delay_checks') delays those connection control checks
2647after a recipient address has been received, hence making these
2648connection control features less useful.  To run the checks as early
2649as possible, specify the parameter `nodelay', e.g.,
2650
2651	FEATURE(`ratecontrol', `nodelay')
2652
2653In that case, FEATURE(`delay_checks') has no effect on connection
2654control (and it must be specified earlier in the mc file).
2655
2656An optional second argument `terminate' specifies whether the
2657rulesets should return the error code 421 which will cause
2658sendmail to terminate the session with that error if it is
2659returned from check_relay, i.e., not delayed as explained in
2660the previous paragraph.  Example:
2661
2662	FEATURE(`ratecontrol', `nodelay', `terminate')
2663
2664
2665+----------+
2666| STARTTLS |
2667+----------+
2668
2669In this text, cert will be used as an abbreviation for X.509 certificate,
2670DN (CN) is the distinguished (common) name of a cert, and CA is a
2671certification authority, which signs (issues) certs.
2672
2673For STARTTLS to be offered by sendmail you need to set at least
2674these variables (the file names and paths are just examples):
2675
2676	define(`confCACERT_PATH', `/etc/mail/certs/')
2677	define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
2678	define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
2679	define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
2680
2681On systems which do not have the compile flag HASURANDOM set (see
2682sendmail/README) you also must set confRAND_FILE.
2683
2684See doc/op/op.{me,ps,txt} for more information about these options,
2685especially the sections ``Certificates for STARTTLS'' and ``PRNG for
2686STARTTLS''.
2687
2688Macros related to STARTTLS are:
2689
2690${cert_issuer} holds the DN of the CA (the cert issuer).
2691${cert_subject} holds the DN of the cert (called the cert subject).
2692${cn_issuer} holds the CN of the CA (the cert issuer).
2693${cn_subject} holds the CN of the cert (called the cert subject).
2694${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
2695	TLSv1/SSLv3, SSLv3, SSLv2.
2696${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
2697	EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
2698${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
2699	used for the connection.
2700${verify} holds the result of the verification of the presented cert.
2701	Possible values are:
2702	OK	 verification succeeded.
2703	NO	 no cert presented.
2704	NOT	 no cert requested.
2705	FAIL	 cert presented but could not be verified,
2706		 e.g., the cert of the signing CA is missing.
2707	NONE	 STARTTLS has not been performed.
2708	TEMP	 temporary error occurred.
2709	PROTOCOL protocol error occurred (SMTP level).
2710	SOFTWARE STARTTLS handshake failed.
2711${server_name} the name of the server of the current outgoing SMTP
2712	connection.
2713${server_addr} the address of the server of the current outgoing SMTP
2714	connection.
2715
2716Relaying
2717--------
2718
2719SMTP STARTTLS can allow relaying for remote SMTP clients which have
2720successfully authenticated themselves.  If the verification of the cert
2721failed (${verify} != OK), relaying is subject to the usual rules.
2722Otherwise the DN of the issuer is looked up in the access map using the
2723tag CERTISSUER.  If the resulting value is RELAY, relaying is allowed.
2724If it is SUBJECT, the DN of the cert subject is looked up next in the
2725access map using the tag CERTSUBJECT.  If the value is RELAY, relaying
2726is allowed.
2727
2728To make things a bit more flexible (or complicated), the values for
2729${cert_issuer} and ${cert_subject} can be optionally modified by regular
2730expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
2731_CERT_REGEX_SUBJECT_, respectively.  To avoid problems with those macros in
2732rulesets and map lookups, they are modified as follows: each non-printable
2733character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
2734by their HEX value with a leading '+'.  For example:
2735
2736/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
2737darth+cert@endmail.org
2738
2739is encoded as:
2740
2741/C=US/ST=California/O=endmail.org/OU=private/CN=
2742Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2743
2744(line breaks have been inserted for readability).
2745
2746The  macros  which are subject to this encoding are ${cert_subject},
2747${cert_issuer},  ${cn_subject},  and ${cn_issuer}.
2748
2749Examples:
2750
2751To allow relaying for everyone who can present a cert signed by
2752
2753/C=US/ST=California/O=endmail.org/OU=private/CN=
2754Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2755
2756simply use:
2757
2758CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2759Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	RELAY
2760
2761To allow relaying only for a subset of machines that have a cert signed by
2762
2763/C=US/ST=California/O=endmail.org/OU=private/CN=
2764Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2765
2766use:
2767
2768CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2769Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	SUBJECT
2770CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
2771DeathStar/Email=deathstar@endmail.org		RELAY
2772
2773Notes:
2774- line breaks have been inserted after "CN=" for readability,
2775  each tagged entry must be one (long) line in the access map.
2776- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
2777  is replaced by "emailAddress=".
2778
2779Of course it is also possible to write a simple ruleset that allows
2780relaying for everyone who can present a cert that can be verified, e.g.,
2781
2782LOCAL_RULESETS
2783SLocal_check_rcpt
2784R$*	$: $&{verify}
2785ROK	$# OK
2786
2787Allowing Connections
2788--------------------
2789
2790The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
2791an SMTP connection is accepted (or should continue).
2792
2793tls_server is called when sendmail acts as client after a STARTTLS command
2794(should) have been issued.  The parameter is the value of ${verify}.
2795
2796tls_client is called when sendmail acts as server, after a STARTTLS command
2797has been issued, and from check_mail.  The parameter is the value of
2798${verify} and STARTTLS or MAIL, respectively.
2799
2800Both rulesets behave the same.  If no access map is in use, the connection
2801will be accepted unless ${verify} is SOFTWARE, in which case the connection
2802is always aborted.  For tls_server/tls_client, ${client_name}/${server_name}
2803is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
2804with the ruleset LookUpDomain.  If no entry is found, ${client_addr}
2805(${server_addr}) is looked up in the access map (same tag, ruleset
2806LookUpAddr).  If this doesn't result in an entry either, just the tag is
2807looked up in the access map (included the trailing colon).  Notice:
2808requiring that e-mail is sent to a server only encrypted, e.g., via
2809
2810TLS_Srv:secure.domain	ENCR:112
2811
2812doesn't necessarily mean that e-mail sent to that domain is encrypted.
2813If the domain has multiple MX servers, e.g.,
2814
2815secure.domain.	IN MX 10	mail.secure.domain.
2816secure.domain.	IN MX 50	mail.other.domain.
2817
2818then mail to user@secure.domain may go unencrypted to mail.other.domain.
2819tls_rcpt can be used to address this problem.
2820
2821tls_rcpt is called before a RCPT TO: command is sent.  The parameter is the
2822current recipient.  This ruleset is only defined if FEATURE(`access_db')
2823is selected.  A recipient address user@domain is looked up in the access
2824map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
2825and TLS_Rcpt:; the first match is taken.
2826
2827The result of the lookups is then used to call the ruleset TLS_connection,
2828which checks the requirement specified by the RHS in the access map against
2829the actual parameters of the current TLS connection, esp. ${verify} and
2830${cipher_bits}.  Legal RHSs in the access map are:
2831
2832VERIFY		verification must have succeeded
2833VERIFY:bits	verification must have succeeded and ${cipher_bits} must
2834		be greater than or equal bits.
2835ENCR:bits	${cipher_bits} must be greater than or equal bits.
2836
2837The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
2838or permanent error.  The default is a temporary error code (403 4.7.0)
2839unless the macro TLS_PERM_ERR is set during generation of the .cf file.
2840
2841If a certain level of encryption is required, then it might also be
2842possible that this level is provided by the security layer from a SASL
2843algorithm, e.g., DIGEST-MD5.
2844
2845Furthermore, there can be a list of extensions added.  Such a list
2846starts with '+' and the items are separated by '++'.  Allowed
2847extensions are:
2848
2849CN:name		name must match ${cn_subject}
2850CN		${server_name} must match ${cn_subject}
2851CS:name		name must match ${cert_subject}
2852CI:name		name must match ${cert_issuer}
2853
2854Example: e-mail sent to secure.example.com should only use an encrypted
2855connection.  E-mail received from hosts within the laptop.example.com domain
2856should only be accepted if they have been authenticated.  The host which
2857receives e-mail for darth@endmail.org must present a cert that uses the
2858CN smtp.endmail.org.
2859
2860TLS_Srv:secure.example.com      ENCR:112
2861TLS_Clt:laptop.example.com      PERM+VERIFY:112
2862TLS_Rcpt:darth@endmail.org	ENCR:112+CN:smtp.endmail.org
2863
2864
2865Disabling STARTTLS And Setting SMTP Server Features
2866---------------------------------------------------
2867
2868By default STARTTLS is used whenever possible.  However, there are
2869some broken MTAs that don't properly implement STARTTLS.  To be able
2870to send to (or receive from) those MTAs, the ruleset try_tls
2871(srv_features) can be used that work together with the access map.
2872Entries for the access map must be tagged with Try_TLS (Srv_Features)
2873and refer to the hostname or IP address of the connecting system.
2874A default case can be specified by using just the tag.  For example,
2875the following entries in the access map:
2876
2877	Try_TLS:broken.server	NO
2878	Srv_Features:my.domain	v
2879	Srv_Features:		V
2880
2881will turn off STARTTLS when sending to broken.server (or any host
2882in that domain), and request a client certificate during the TLS
2883handshake only for hosts in my.domain.  The valid entries on the RHS
2884for Srv_Features are listed in the Sendmail Installation and
2885Operations Guide.
2886
2887
2888Received: Header
2889----------------
2890
2891The Received: header reveals whether STARTTLS has been used.  It contains an
2892extra line:
2893
2894(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
2895
2896
2897+--------------------------------+
2898| ADDING NEW MAILERS OR RULESETS |
2899+--------------------------------+
2900
2901Sometimes you may need to add entirely new mailers or rulesets.  They
2902should be introduced with the constructs MAILER_DEFINITIONS and
2903LOCAL_RULESETS respectively.  For example:
2904
2905	MAILER_DEFINITIONS
2906	Mmymailer, ...
2907	...
2908
2909	LOCAL_RULESETS
2910	Smyruleset
2911	...
2912
2913Local additions for the rulesets srv_features, try_tls, tls_rcpt,
2914tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
2915LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
2916respectively.  For example, to add a local ruleset that decides
2917whether to try STARTTLS in a sendmail client, use:
2918
2919	LOCAL_TRY_TLS
2920	R...
2921
2922Note: you don't need to add a name for the ruleset, it is implicitly
2923defined by using the appropriate macro.
2924
2925
2926+-------------------------+
2927| ADDING NEW MAIL FILTERS |
2928+-------------------------+
2929
2930Sendmail supports mail filters to filter incoming SMTP messages according
2931to the "Sendmail Mail Filter API" documentation.  These filters can be
2932configured in your mc file using the two commands:
2933
2934	MAIL_FILTER(`name', `equates')
2935	INPUT_MAIL_FILTER(`name', `equates')
2936
2937The first command, MAIL_FILTER(), simply defines a filter with the given
2938name and equates.  For example:
2939
2940	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2941
2942This creates the equivalent sendmail.cf entry:
2943
2944	Xarchive, S=local:/var/run/archivesock, F=R
2945
2946The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
2947but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
2948of the filter such that the filter will actually be called by sendmail.
2949
2950For example, the two commands:
2951
2952	INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2953	INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2954
2955are equivalent to the three commands:
2956
2957	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2958	MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2959	define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
2960
2961In general, INPUT_MAIL_FILTER() should be used unless you need to define
2962more filters than you want to use for `confINPUT_MAIL_FILTERS'.
2963
2964Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
2965commands will clear the list created by the prior INPUT_MAIL_FILTER()
2966commands.
2967
2968
2969+-------------------------+
2970| QUEUE GROUP DEFINITIONS |
2971+-------------------------+
2972
2973In addition to the queue directory (which is the default queue group
2974called "mqueue"), sendmail can deal with multiple queue groups, which
2975are collections of queue directories with the same behaviour.  Queue
2976groups can be defined using the command:
2977
2978	QUEUE_GROUP(`name', `equates')
2979
2980For details about queue groups, please see doc/op/op.{me,ps,txt}.
2981
2982+-------------------------------+
2983| NON-SMTP BASED CONFIGURATIONS |
2984+-------------------------------+
2985
2986These configuration files are designed primarily for use by
2987SMTP-based sites.  They may not be well tuned for UUCP-only or
2988UUCP-primarily nodes (the latter is defined as a small local net
2989connected to the rest of the world via UUCP).  However, there is
2990one hook to handle some special cases.
2991
2992You can define a ``smart host'' that understands a richer address syntax
2993using:
2994
2995	define(`SMART_HOST', `mailer:hostname')
2996
2997In this case, the ``mailer:'' defaults to "relay".  Any messages that
2998can't be handled using the usual UUCP rules are passed to this host.
2999
3000If you are on a local SMTP-based net that connects to the outside
3001world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
3002For example:
3003
3004	define(`SMART_HOST', `uucp-new:uunet')
3005	LOCAL_NET_CONFIG
3006	R$* < @ $* .$m. > $*	$#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
3007
3008This will cause all names that end in your domain name ($m) to be sent
3009via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3010If you have FEATURE(`nocanonify'), you may need to omit the dots after
3011the $m.  If you are running a local DNS inside your domain which is
3012not otherwise connected to the outside world, you probably want to
3013use:
3014
3015	define(`SMART_HOST', `smtp:fire.wall.com')
3016	LOCAL_NET_CONFIG
3017	R$* < @ $* . > $*	$#smtp $@ $2. $: $1 < @ $2. > $3
3018
3019That is, send directly only to things you found in your DNS lookup;
3020anything else goes through SMART_HOST.
3021
3022You may need to turn off the anti-spam rules in order to accept
3023UUCP mail with FEATURE(`promiscuous_relay') and
3024FEATURE(`accept_unresolvable_domains').
3025
3026
3027+-----------+
3028| WHO AM I? |
3029+-----------+
3030
3031Normally, the $j macro is automatically defined to be your fully
3032qualified domain name (FQDN).  Sendmail does this by getting your
3033host name using gethostname and then calling gethostbyname on the
3034result.  For example, in some environments gethostname returns
3035only the root of the host name (such as "foo"); gethostbyname is
3036supposed to return the FQDN ("foo.bar.com").  In some (fairly rare)
3037cases, gethostbyname may fail to return the FQDN.  In this case
3038you MUST define confDOMAIN_NAME to be your fully qualified domain
3039name.  This is usually done using:
3040
3041	Dmbar.com
3042	define(`confDOMAIN_NAME', `$w.$m')dnl
3043
3044
3045+-----------------------------------+
3046| ACCEPTING MAIL FOR MULTIPLE NAMES |
3047+-----------------------------------+
3048
3049If your host is known by several different names, you need to augment
3050class {w}.  This is a list of names by which your host is known, and
3051anything sent to an address using a host name in this list will be
3052treated as local mail.  You can do this in two ways:  either create the
3053file /etc/mail/local-host-names containing a list of your aliases (one per
3054line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3055``LOCAL_DOMAIN(`alias.host.name')''.  Be sure you use the fully-qualified
3056name of the host, rather than a short name.
3057
3058If you want to have different address in different domains, take
3059a look at the virtusertable feature, which is also explained at
3060http://www.sendmail.org/virtual-hosting.html
3061
3062
3063+--------------------+
3064| USING MAILERTABLES |
3065+--------------------+
3066
3067To use FEATURE(`mailertable'), you will have to create an external
3068database containing the routing information for various domains.
3069For example, a mailertable file in text format might be:
3070
3071	.my.domain		xnet:%1.my.domain
3072	uuhost1.my.domain	uucp-new:uuhost1
3073	.bitnet			smtp:relay.bit.net
3074
3075This should normally be stored in /etc/mail/mailertable.  The actual
3076database version of the mailertable is built using:
3077
3078	makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3079
3080The semantics are simple.  Any LHS entry that does not begin with
3081a dot matches the full host name indicated.  LHS entries beginning
3082with a dot match anything ending with that domain name (including
3083the leading dot) -- that is, they can be thought of as having a
3084leading ".+" regular expression pattern for a non-empty sequence of
3085characters.  Matching is done in order of most-to-least qualified
3086-- for example, even though ".my.domain" is listed first in the
3087above example, an entry of "uuhost1.my.domain" will match the second
3088entry since it is more explicit.  Note: e-mail to "user@my.domain"
3089does not match any entry in the above table.  You need to have
3090something like:
3091
3092	my.domain		esmtp:host.my.domain
3093
3094The RHS should always be a "mailer:host" pair.  The mailer is the
3095configuration name of a mailer (that is, an M line in the
3096sendmail.cf file).  The "host" will be the hostname passed to
3097that mailer.  In domain-based matches (that is, those with leading
3098dots) the "%1" may be used to interpolate the wildcarded part of
3099the host name.  For example, the first line above sends everything
3100addressed to "anything.my.domain" to that same host name, but using
3101the (presumably experimental) xnet mailer.
3102
3103In some cases you may want to temporarily turn off MX records,
3104particularly on gateways.  For example, you may want to MX
3105everything in a domain to one machine that then forwards it
3106directly.  To do this, you might use the DNS configuration:
3107
3108	*.domain.	IN	MX	0	relay.machine
3109
3110and on relay.machine use the mailertable:
3111
3112	.domain		smtp:[gateway.domain]
3113
3114The [square brackets] turn off MX records for this host only.
3115If you didn't do this, the mailertable would use the MX record
3116again, which would give you an MX loop.  Note that the use of
3117wildcard MX records is almost always a bad idea.  Please avoid
3118using them if possible.
3119
3120
3121+--------------------------------+
3122| USING USERDB TO MAP FULL NAMES |
3123+--------------------------------+
3124
3125The user database was not originally intended for mapping full names
3126to login names (e.g., Eric.Allman => eric), but some people are using
3127it that way.  (it is recommended that you set up aliases for this
3128purpose instead -- since you can specify multiple alias files, this
3129is fairly easy.)  The intent was to locate the default maildrop at
3130a site, but allow you to override this by sending to a specific host.
3131
3132If you decide to set up the user database in this fashion, it is
3133imperative that you not use FEATURE(`stickyhost') -- otherwise,
3134e-mail sent to Full.Name@local.host.name will be rejected.
3135
3136To build the internal form of the user database, use:
3137
3138	makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3139
3140As a general rule, it is an extremely bad idea to using full names
3141as e-mail addresses, since they are not in any sense unique.  For
3142example, the UNIX software-development community has at least two
3143well-known Peter Deutsches, and at one time Bell Labs had two
3144Stephen R. Bournes with offices along the same hallway.  Which one
3145will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3146The less famous of the two, or the one that was hired later?
3147
3148Finger should handle full names (and be fuzzy).  Mail should use
3149handles, and not be fuzzy.
3150
3151
3152+--------------------------------+
3153| MISCELLANEOUS SPECIAL FEATURES |
3154+--------------------------------+
3155
3156Plussed users
3157	Sometimes it is convenient to merge configuration on a
3158	centralized mail machine, for example, to forward all
3159	root mail to a mail server.  In this case it might be
3160	useful to be able to treat the root addresses as a class
3161	of addresses with subtle differences.  You can do this
3162	using plussed users.  For example, a client might include
3163	the alias:
3164
3165		root:  root+client1@server
3166
3167	On the server, this will match an alias for "root+client1".
3168	If that is not found, the alias "root+*" will be tried,
3169	then "root".
3170
3171
3172+----------------+
3173| SECURITY NOTES |
3174+----------------+
3175
3176A lot of sendmail security comes down to you.  Sendmail 8 is much
3177more careful about checking for security problems than previous
3178versions, but there are some things that you still need to watch
3179for.  In particular:
3180
3181* Make sure the aliases file is not writable except by trusted
3182  system personnel.  This includes both the text and database
3183  version.
3184
3185* Make sure that other files that sendmail reads, such as the
3186  mailertable, are only writable by trusted system personnel.
3187
3188* The queue directory should not be world writable PARTICULARLY
3189  if your system allows "file giveaways" (that is, if a non-root
3190  user can chown any file they own to any other user).
3191
3192* If your system allows file giveaways, DO NOT create a publically
3193  writable directory for forward files.  This will allow anyone
3194  to steal anyone else's e-mail.  Instead, create a script that
3195  copies the .forward file from users' home directories once a
3196  night (if you want the non-NFS-mounted forward directory).
3197
3198* If your system allows file giveaways, you'll find that
3199  sendmail is much less trusting of :include: files -- in
3200  particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3201  /etc/shells before they will be trusted (that is, before
3202  files and programs listed in them will be honored).
3203
3204In general, file giveaways are a mistake -- if you can turn them
3205off, do so.
3206
3207
3208+--------------------------------+
3209| TWEAKING CONFIGURATION OPTIONS |
3210+--------------------------------+
3211
3212There are a large number of configuration options that don't normally
3213need to be changed.  However, if you feel you need to tweak them,
3214you can define the following M4 variables. Note that some of these
3215variables require formats that are defined in RFC 2821 or RFC 2822.
3216Before changing them you need to make sure you do not violate those
3217(and other relevant) RFCs.
3218
3219This list is shown in four columns:  the name you define, the default
3220value for that definition, the option or macro that is affected
3221(either Ox for an option or Dx for a macro), and a brief description.
3222
3223Some options are likely to be deprecated in future versions -- that is,
3224the option is only included to provide back-compatibility.  These are
3225marked with "*".
3226
3227Remember that these options are M4 variables, and hence may need to
3228be quoted.  In particular, arguments with commas will usually have to
3229be ``double quoted, like this phrase'' to avoid having the comma
3230confuse things.  This is common for alias file definitions and for
3231the read timeout.
3232
3233M4 Variable Name	Configuration	[Default] & Description
3234================	=============	=======================
3235confMAILER_NAME		$n macro	[MAILER-DAEMON] The sender name used
3236					for internally generated outgoing
3237					messages.
3238confDOMAIN_NAME		$j macro	If defined, sets $j.  This should
3239					only be done if your system cannot
3240					determine your local domain name,
3241					and then it should be set to
3242					$w.Foo.COM, where Foo.COM is your
3243					domain name.
3244confCF_VERSION		$Z macro	If defined, this is appended to the
3245					configuration version name.
3246confLDAP_CLUSTER	${sendmailMTACluster} macro
3247					If defined, this is the LDAP
3248					cluster to use for LDAP searches
3249					as described above in ``USING LDAP
3250					FOR ALIASES, MAPS, AND CLASSES''.
3251confFROM_HEADER		From:		[$?x$x <$g>$|$g$.] The format of an
3252					internally generated From: address.
3253confRECEIVED_HEADER	Received:
3254		[$?sfrom $s $.$?_($?s$|from $.$_)
3255			$.$?{auth_type}(authenticated)
3256			$.by $j ($v/$Z)$?r with $r$. id $i$?u
3257			for $u; $|;
3258			$.$b]
3259					The format of the Received: header
3260					in messages passed through this host.
3261					It is unwise to try to change this.
3262confMESSAGEID_HEADER	Message-Id:	[<$t.$i@$j>] The format of an
3263					internally generated Message-Id:
3264					header.
3265confCW_FILE		Fw class	[/etc/mail/local-host-names] Name
3266					of file used to get the local
3267					additions to class {w} (local host
3268					names).
3269confCT_FILE		Ft class	[/etc/mail/trusted-users] Name of
3270					file used to get the local additions
3271					to class {t} (trusted users).
3272confCR_FILE		FR class	[/etc/mail/relay-domains] Name of
3273					file used to get the local additions
3274					to class {R} (hosts allowed to relay).
3275confTRUSTED_USERS	Ct class	[no default] Names of users to add to
3276					the list of trusted users.  This list
3277					always includes root, uucp, and daemon.
3278					See also FEATURE(`use_ct_file').
3279confTRUSTED_USER	TrustedUser	[no default] Trusted user for file
3280					ownership and starting the daemon.
3281					Not to be confused with
3282					confTRUSTED_USERS (see above).
3283confSMTP_MAILER		-		[esmtp] The mailer name used when
3284					SMTP connectivity is required.
3285					One of "smtp", "smtp8",
3286					"esmtp", or "dsmtp".
3287confUUCP_MAILER		-		[uucp-old] The mailer to be used by
3288					default for bang-format recipient
3289					addresses.  See also discussion of
3290					class {U}, class {Y}, and class {Z}
3291					in the MAILER(`uucp') section.
3292confLOCAL_MAILER	-		[local] The mailer name used when
3293					local connectivity is required.
3294					Almost always "local".
3295confRELAY_MAILER	-		[relay] The default mailer name used
3296					for relaying any mail (e.g., to a
3297					BITNET_RELAY, a SMART_HOST, or
3298					whatever).  This can reasonably be
3299					"uucp-new" if you are on a
3300					UUCP-connected site.
3301confSEVEN_BIT_INPUT	SevenBitInput	[False] Force input to seven bits?
3302confEIGHT_BIT_HANDLING	EightBitMode	[pass8] 8-bit data handling
3303confALIAS_WAIT		AliasWait	[10m] Time to wait for alias file
3304					rebuild until you get bored and
3305					decide that the apparently pending
3306					rebuild failed.
3307confMIN_FREE_BLOCKS	MinFreeBlocks	[100] Minimum number of free blocks on
3308					queue filesystem to accept SMTP mail.
3309					(Prior to 8.7 this was minfree/maxsize,
3310					where minfree was the number of free
3311					blocks and maxsize was the maximum
3312					message size.  Use confMAX_MESSAGE_SIZE
3313					for the second value now.)
3314confMAX_MESSAGE_SIZE	MaxMessageSize	[infinite] The maximum size of messages
3315					that will be accepted (in bytes).
3316confBLANK_SUB		BlankSub	[.] Blank (space) substitution
3317					character.
3318confCON_EXPENSIVE	HoldExpensive	[False] Avoid connecting immediately
3319					to mailers marked expensive.
3320confCHECKPOINT_INTERVAL	CheckpointInterval
3321					[10] Checkpoint queue files every N
3322					recipients.
3323confDELIVERY_MODE	DeliveryMode	[background] Default delivery mode.
3324confERROR_MODE		ErrorMode	[print] Error message mode.
3325confERROR_MESSAGE	ErrorHeader	[undefined] Error message header/file.
3326confSAVE_FROM_LINES	SaveFromLine	Save extra leading From_ lines.
3327confTEMP_FILE_MODE	TempFileMode	[0600] Temporary file mode.
3328confMATCH_GECOS		MatchGECOS	[False] Match GECOS field.
3329confMAX_HOP		MaxHopCount	[25] Maximum hop count.
3330confIGNORE_DOTS*	IgnoreDots	[False; always False in -bs or -bd
3331					mode] Ignore dot as terminator for
3332					incoming messages?
3333confBIND_OPTS		ResolverOptions	[undefined] Default options for DNS
3334					resolver.
3335confMIME_FORMAT_ERRORS*	SendMimeErrors	[True] Send error messages as MIME-
3336					encapsulated messages per RFC 1344.
3337confFORWARD_PATH	ForwardPath	[$z/.forward.$w:$z/.forward]
3338					The colon-separated list of places to
3339					search for .forward files.  N.B.: see
3340					the Security Notes section.
3341confMCI_CACHE_SIZE	ConnectionCacheSize
3342					[2] Size of open connection cache.
3343confMCI_CACHE_TIMEOUT	ConnectionCacheTimeout
3344					[5m] Open connection cache timeout.
3345confHOST_STATUS_DIRECTORY HostStatusDirectory
3346					[undefined] If set, host status is kept
3347					on disk between sendmail runs in the
3348					named directory tree.  This need not be
3349					a full pathname, in which case it is
3350					interpreted relative to the queue
3351					directory.
3352confSINGLE_THREAD_DELIVERY  SingleThreadDelivery
3353					[False] If this option and the
3354					HostStatusDirectory option are both
3355					set, single thread deliveries to other
3356					hosts.  That is, don't allow any two
3357					sendmails on this host to connect
3358					simultaneously to any other single
3359					host.  This can slow down delivery in
3360					some cases, in particular since a
3361					cached but otherwise idle connection
3362					to a host will prevent other sendmails
3363					from connecting to the other host.
3364confUSE_ERRORS_TO*	UseErrorsTo	[False] Use the Errors-To: header to
3365					deliver error messages.  This should
3366					not be necessary because of general
3367					acceptance of the envelope/header
3368					distinction.
3369confLOG_LEVEL		LogLevel	[9] Log level.
3370confME_TOO		MeToo		[True] Include sender in group
3371					expansions.  This option is
3372					deprecated and will be removed from
3373					a future version.
3374confCHECK_ALIASES	CheckAliases	[False] Check RHS of aliases when
3375					running newaliases.  Since this does
3376					DNS lookups on every address, it can
3377					slow down the alias rebuild process
3378					considerably on large alias files.
3379confOLD_STYLE_HEADERS*	OldStyleHeaders	[True] Assume that headers without
3380					special chars are old style.
3381confPRIVACY_FLAGS	PrivacyOptions	[authwarnings] Privacy flags.
3382confCOPY_ERRORS_TO	PostmasterCopy	[undefined] Address for additional
3383					copies of all error messages.
3384confQUEUE_FACTOR	QueueFactor	[600000] Slope of queue-only function.
3385confQUEUE_FILE_MODE	QueueFileMode	[undefined] Default permissions for
3386					queue files (octal).  If not set,
3387					sendmail uses 0600 unless its real
3388					and effective uid are different in
3389					which case it uses 0644.
3390confDONT_PRUNE_ROUTES	DontPruneRoutes	[False] Don't prune down route-addr
3391					syntax addresses to the minimum
3392					possible.
3393confSAFE_QUEUE*		SuperSafe	[True] Commit all messages to disk
3394					before forking.
3395confTO_INITIAL		Timeout.initial	[5m] The timeout waiting for a response
3396					on the initial connect.
3397confTO_CONNECT		Timeout.connect	[0] The timeout waiting for an initial
3398					connect() to complete.  This can only
3399					shorten connection timeouts; the kernel
3400					silently enforces an absolute maximum
3401					(which varies depending on the system).
3402confTO_ICONNECT		Timeout.iconnect
3403					[undefined] Like Timeout.connect, but
3404					applies only to the very first attempt
3405					to connect to a host in a message.
3406					This allows a single very fast pass
3407					followed by more careful delivery
3408					attempts in the future.
3409confTO_ACONNECT		Timeout.aconnect
3410					[0] The overall timeout waiting for
3411					all connection for a single delivery
3412					attempt to succeed.  If 0, no overall
3413					limit is applied.
3414confTO_HELO		Timeout.helo	[5m] The timeout waiting for a response
3415					to a HELO or EHLO command.
3416confTO_MAIL		Timeout.mail	[10m] The timeout waiting for a
3417					response to the MAIL command.
3418confTO_RCPT		Timeout.rcpt	[1h] The timeout waiting for a response
3419					to the RCPT command.
3420confTO_DATAINIT		Timeout.datainit
3421					[5m] The timeout waiting for a 354
3422					response from the DATA command.
3423confTO_DATABLOCK	Timeout.datablock
3424					[1h] The timeout waiting for a block
3425					during DATA phase.
3426confTO_DATAFINAL	Timeout.datafinal
3427					[1h] The timeout waiting for a response
3428					to the final "." that terminates a
3429					message.
3430confTO_RSET		Timeout.rset	[5m] The timeout waiting for a response
3431					to the RSET command.
3432confTO_QUIT		Timeout.quit	[2m] The timeout waiting for a response
3433					to the QUIT command.
3434confTO_MISC		Timeout.misc	[2m] The timeout waiting for a response
3435					to other SMTP commands.
3436confTO_COMMAND		Timeout.command	[1h] In server SMTP, the timeout
3437					waiting	for a command to be issued.
3438confTO_IDENT		Timeout.ident	[5s] The timeout waiting for a
3439					response to an IDENT query.
3440confTO_FILEOPEN		Timeout.fileopen
3441					[60s] The timeout waiting for a file
3442					(e.g., :include: file) to be opened.
3443confTO_LHLO		Timeout.lhlo	[2m] The timeout waiting for a response
3444					to an LMTP LHLO command.
3445confTO_STARTTLS		Timeout.starttls
3446					[1h] The timeout waiting for a
3447					response to an SMTP STARTTLS command.
3448confTO_CONTROL		Timeout.control
3449					[2m] The timeout for a complete
3450					control socket transaction to complete.
3451confTO_QUEUERETURN	Timeout.queuereturn
3452					[5d] The timeout before a message is
3453					returned as undeliverable.
3454confTO_QUEUERETURN_NORMAL
3455			Timeout.queuereturn.normal
3456					[undefined] As above, for normal
3457					priority messages.
3458confTO_QUEUERETURN_URGENT
3459			Timeout.queuereturn.urgent
3460					[undefined] As above, for urgent
3461					priority messages.
3462confTO_QUEUERETURN_NONURGENT
3463			Timeout.queuereturn.non-urgent
3464					[undefined] As above, for non-urgent
3465					(low) priority messages.
3466confTO_QUEUERETURN_DSN
3467			Timeout.queuereturn.dsn
3468					[undefined] As above, for delivery
3469					status notification messages.
3470confTO_QUEUEWARN	Timeout.queuewarn
3471					[4h] The timeout before a warning
3472					message is sent to the sender telling
3473					them that the message has been
3474					deferred.
3475confTO_QUEUEWARN_NORMAL	Timeout.queuewarn.normal
3476					[undefined] As above, for normal
3477					priority messages.
3478confTO_QUEUEWARN_URGENT	Timeout.queuewarn.urgent
3479					[undefined] As above, for urgent
3480					priority messages.
3481confTO_QUEUEWARN_NONURGENT
3482			Timeout.queuewarn.non-urgent
3483					[undefined] As above, for non-urgent
3484					(low) priority messages.
3485confTO_QUEUEWARN_DSN
3486			Timeout.queuewarn.dsn
3487					[undefined] As above, for delivery
3488					status notification messages.
3489confTO_HOSTSTATUS	Timeout.hoststatus
3490					[30m] How long information about host
3491					statuses will be maintained before it
3492					is considered stale and the host should
3493					be retried.  This applies both within
3494					a single queue run and to persistent
3495					information (see below).
3496confTO_RESOLVER_RETRANS	Timeout.resolver.retrans
3497					[varies] Sets the resolver's
3498					retransmission time interval (in
3499					seconds).  Sets both
3500					Timeout.resolver.retrans.first and
3501					Timeout.resolver.retrans.normal.
3502confTO_RESOLVER_RETRANS_FIRST  Timeout.resolver.retrans.first
3503					[varies] Sets the resolver's
3504					retransmission time interval (in
3505					seconds) for the first attempt to
3506					deliver a message.
3507confTO_RESOLVER_RETRANS_NORMAL  Timeout.resolver.retrans.normal
3508					[varies] Sets the resolver's
3509					retransmission time interval (in
3510					seconds) for all resolver lookups
3511					except the first delivery attempt.
3512confTO_RESOLVER_RETRY	Timeout.resolver.retry
3513					[varies] Sets the number of times
3514					to retransmit a resolver query.
3515					Sets both
3516					Timeout.resolver.retry.first and
3517					Timeout.resolver.retry.normal.
3518confTO_RESOLVER_RETRY_FIRST  Timeout.resolver.retry.first
3519					[varies] Sets the number of times
3520					to retransmit a resolver query for
3521					the first attempt to deliver a
3522					message.
3523confTO_RESOLVER_RETRY_NORMAL  Timeout.resolver.retry.normal
3524					[varies] Sets the number of times
3525					to retransmit a resolver query for
3526					all resolver lookups except the
3527					first delivery attempt.
3528confTIME_ZONE		TimeZoneSpec	[USE_SYSTEM] Time zone info -- can be
3529					USE_SYSTEM to use the system's idea,
3530					USE_TZ to use the user's TZ envariable,
3531					or something else to force that value.
3532confDEF_USER_ID		DefaultUser	[1:1] Default user id.
3533confUSERDB_SPEC		UserDatabaseSpec
3534					[undefined] User database
3535					specification.
3536confFALLBACK_MX		FallbackMXhost	[undefined] Fallback MX host.
3537confFALLBACK_SMARTHOST	FallbackSmartHost
3538					[undefined] Fallback smart host.
3539confTRY_NULL_MX_LIST	TryNullMXList	[False] If this host is the best MX
3540					for a host and other arrangements
3541					haven't been made, try connecting
3542					to the host directly; normally this
3543					would be a config error.
3544confQUEUE_LA		QueueLA		[varies] Load average at which
3545					queue-only function kicks in.
3546					Default values is (8 * numproc)
3547					where numproc is the number of
3548					processors online (if that can be
3549					determined).
3550confREFUSE_LA		RefuseLA	[varies] Load average at which
3551					incoming SMTP connections are
3552					refused.  Default values is (12 *
3553					numproc) where numproc is the
3554					number of processors online (if
3555					that can be determined).
3556confREJECT_LOG_INTERVAL	RejectLogInterval	[3h] Log interval when
3557					refusing connections for this long.
3558confDELAY_LA		DelayLA		[0] Load average at which sendmail
3559					will sleep for one second on most
3560					SMTP commands and before accepting
3561					connections.  0 means no limit.
3562confMAX_ALIAS_RECURSION	MaxAliasRecursion
3563					[10] Maximum depth of alias recursion.
3564confMAX_DAEMON_CHILDREN	MaxDaemonChildren
3565					[undefined] The maximum number of
3566					children the daemon will permit.  After
3567					this number, connections will be
3568					rejected.  If not set or <= 0, there is
3569					no limit.
3570confMAX_HEADERS_LENGTH	MaxHeadersLength
3571					[32768] Maximum length of the sum
3572					of all headers.
3573confMAX_MIME_HEADER_LENGTH  MaxMimeHeaderLength
3574					[undefined] Maximum length of
3575					certain MIME header field values.
3576confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
3577					[undefined] The maximum number of
3578					connections permitted per second per
3579					daemon.  After this many connections
3580					are accepted, further connections
3581					will be delayed.  If not set or <= 0,
3582					there is no limit.
3583confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
3584					[60s] Define the length of the
3585					interval for which the number of
3586					incoming connections is maintained.
3587confWORK_RECIPIENT_FACTOR
3588			RecipientFactor	[30000] Cost of each recipient.
3589confSEPARATE_PROC	ForkEachJob	[False] Run all deliveries in a
3590					separate process.
3591confWORK_CLASS_FACTOR	ClassFactor	[1800] Priority multiplier for class.
3592confWORK_TIME_FACTOR	RetryFactor	[90000] Cost of each delivery attempt.
3593confQUEUE_SORT_ORDER	QueueSortOrder	[Priority] Queue sort algorithm:
3594					Priority, Host, Filename, Random,
3595					Modification, or Time.
3596confMIN_QUEUE_AGE	MinQueueAge	[0] The minimum amount of time a job
3597					must sit in the queue between queue
3598					runs.  This allows you to set the
3599					queue run interval low for better
3600					responsiveness without trying all
3601					jobs in each run.
3602confDEF_CHAR_SET	DefaultCharSet	[unknown-8bit] When converting
3603					unlabeled 8 bit input to MIME, the
3604					character set to use by default.
3605confSERVICE_SWITCH_FILE	ServiceSwitchFile
3606					[/etc/mail/service.switch] The file
3607					to use for the service switch on
3608					systems that do not have a
3609					system-defined switch.
3610confHOSTS_FILE		HostsFile	[/etc/hosts] The file to use when doing
3611					"file" type access of hosts names.
3612confDIAL_DELAY		DialDelay	[0s] If a connection fails, wait this
3613					long and try again.  Zero means "don't
3614					retry".  This is to allow "dial on
3615					demand" connections to have enough time
3616					to complete a connection.
3617confNO_RCPT_ACTION	NoRecipientAction
3618					[none] What to do if there are no legal
3619					recipient fields (To:, Cc: or Bcc:)
3620					in the message.  Legal values can
3621					be "none" to just leave the
3622					nonconforming message as is, "add-to"
3623					to add a To: header with all the
3624					known recipients (which may expose
3625					blind recipients), "add-apparently-to"
3626					to do the same but use Apparently-To:
3627					instead of To: (strongly discouraged
3628					in accordance with IETF standards),
3629					"add-bcc" to add an empty Bcc:
3630					header, or "add-to-undisclosed" to
3631					add the header
3632					``To: undisclosed-recipients:;''.
3633confSAFE_FILE_ENV	SafeFileEnvironment
3634					[undefined] If set, sendmail will do a
3635					chroot() into this directory before
3636					writing files.
3637confCOLON_OK_IN_ADDR	ColonOkInAddr	[True unless Configuration Level > 6]
3638					If set, colons are treated as a regular
3639					character in addresses.  If not set,
3640					they are treated as the introducer to
3641					the RFC 822 "group" syntax.  Colons are
3642					handled properly in route-addrs.  This
3643					option defaults on for V5 and lower
3644					configuration files.
3645confMAX_QUEUE_RUN_SIZE	MaxQueueRunSize	[0] If set, limit the maximum size of
3646					any given queue run to this number of
3647					entries.  Essentially, this will stop
3648					reading each queue directory after this
3649					number of entries are reached; it does
3650					_not_ pick the highest priority jobs,
3651					so this should be as large as your
3652					system can tolerate.  If not set, there
3653					is no limit.
3654confMAX_QUEUE_CHILDREN	MaxQueueChildren
3655					[undefined] Limits the maximum number
3656					of concurrent queue runners active.
3657					This is to keep system resources used
3658					within a reasonable limit.  Relates to
3659					Queue Groups and ForkEachJob.
3660confMAX_RUNNERS_PER_QUEUE	MaxRunnersPerQueue
3661					[1] Only active when MaxQueueChildren
3662					defined.  Controls the maximum number
3663					of queue runners (aka queue children)
3664					active at the same time in a work
3665					group.  See also MaxQueueChildren.
3666confDONT_EXPAND_CNAMES	DontExpandCnames
3667					[False] If set, $[ ... $] lookups that
3668					do DNS based lookups do not expand
3669					CNAME records.  This currently violates
3670					the published standards, but the IETF
3671					seems to be moving toward legalizing
3672					this.  For example, if "FTP.Foo.ORG"
3673					is a CNAME for "Cruft.Foo.ORG", then
3674					with this option set a lookup of
3675					"FTP" will return "FTP.Foo.ORG"; if
3676					clear it returns "Cruft.FOO.ORG".  N.B.
3677					you may not see any effect until your
3678					downstream neighbors stop doing CNAME
3679					lookups as well.
3680confFROM_LINE		UnixFromLine	[From $g $d] The From_ line used
3681					when sending to files or programs.
3682confSINGLE_LINE_FROM_HEADER  SingleLineFromHeader
3683					[False] From: lines that have
3684					embedded newlines are unwrapped
3685					onto one line.
3686confALLOW_BOGUS_HELO	AllowBogusHELO	[False] Allow HELO SMTP command that
3687					does not include a host name.
3688confMUST_QUOTE_CHARS	MustQuoteChars	[.'] Characters to be quoted in a full
3689					name phrase (@,;:\()[] are automatic).
3690confOPERATORS		OperatorChars	[.:%@!^/[]+] Address operator
3691					characters.
3692confSMTP_LOGIN_MSG	SmtpGreetingMessage
3693					[$j Sendmail $v/$Z; $b]
3694					The initial (spontaneous) SMTP
3695					greeting message.  The word "ESMTP"
3696					will be inserted between the first and
3697					second words to convince other
3698					sendmails to try to speak ESMTP.
3699confDONT_INIT_GROUPS	DontInitGroups	[False] If set, the initgroups(3)
3700					routine will never be invoked.  You
3701					might want to do this if you are
3702					running NIS and you have a large group
3703					map, since this call does a sequential
3704					scan of the map; in a large site this
3705					can cause your ypserv to run
3706					essentially full time.  If you set
3707					this, agents run on behalf of users
3708					will only have their primary
3709					(/etc/passwd) group permissions.
3710confUNSAFE_GROUP_WRITES	UnsafeGroupWrites
3711					[True] If set, group-writable
3712					:include: and .forward files are
3713					considered "unsafe", that is, programs
3714					and files cannot be directly referenced
3715					from such files.  World-writable files
3716					are always considered unsafe.
3717					Notice: this option is deprecated and
3718					will be removed in future versions;
3719					Set GroupWritableForwardFileSafe
3720					and GroupWritableIncludeFileSafe in
3721					DontBlameSendmail if required.
3722confCONNECT_ONLY_TO	ConnectOnlyTo	[undefined] override connection
3723					address (for testing).
3724confCONTROL_SOCKET_NAME	ControlSocketName
3725					[undefined] Control socket for daemon
3726					management.
3727confDOUBLE_BOUNCE_ADDRESS  DoubleBounceAddress
3728					[postmaster] If an error occurs when
3729					sending an error message, send that
3730					"double bounce" error message to this
3731					address.  If it expands to an empty
3732					string, double bounces are dropped.
3733confDEAD_LETTER_DROP	DeadLetterDrop	[undefined] Filename to save bounce
3734					messages which could not be returned
3735					to the user or sent to postmaster.
3736					If not set, the queue file will
3737					be renamed.
3738confRRT_IMPLIES_DSN	RrtImpliesDsn	[False] Return-Receipt-To: header
3739					implies DSN request.
3740confRUN_AS_USER		RunAsUser	[undefined] If set, become this user
3741					when reading and delivering mail.
3742					Causes all file reads (e.g., .forward
3743					and :include: files) to be done as
3744					this user.  Also, all programs will
3745					be run as this user, and all output
3746					files will be written as this user.
3747confMAX_RCPTS_PER_MESSAGE  MaxRecipientsPerMessage
3748					[infinite] If set, allow no more than
3749					the specified number of recipients in
3750					an SMTP envelope.  Further recipients
3751					receive a 452 error code (i.e., they
3752					are deferred for the next delivery
3753					attempt).
3754confBAD_RCPT_THROTTLE	BadRcptThrottle	[infinite] If set and the specified
3755					number of recipients in a single SMTP
3756					transaction have been rejected, sleep
3757					for one second after each subsequent
3758					RCPT command in that transaction.
3759confDONT_PROBE_INTERFACES  DontProbeInterfaces
3760					[False] If set, sendmail will _not_
3761					insert the names and addresses of any
3762					local interfaces into class {w}
3763					(list of known "equivalent" addresses).
3764					If you set this, you must also include
3765					some support for these addresses (e.g.,
3766					in a mailertable entry) -- otherwise,
3767					mail to addresses in this list will
3768					bounce with a configuration error.
3769					If set to "loopback" (without
3770					quotes), sendmail will skip
3771					loopback interfaces (e.g., "lo0").
3772confPID_FILE		PidFile		[system dependent] Location of pid
3773					file.
3774confPROCESS_TITLE_PREFIX  ProcessTitlePrefix
3775					[undefined] Prefix string for the
3776					process title shown on 'ps' listings.
3777confDONT_BLAME_SENDMAIL	DontBlameSendmail
3778					[safe] Override sendmail's file
3779					safety checks.  This will definitely
3780					compromise system security and should
3781					not be used unless absolutely
3782					necessary.
3783confREJECT_MSG		-		[550 Access denied] The message
3784					given if the access database contains
3785					REJECT in the value portion.
3786confRELAY_MSG		-		[550 Relaying denied] The message
3787					given if an unauthorized relaying
3788					attempt is rejected.
3789confDF_BUFFER_SIZE	DataFileBufferSize
3790					[4096] The maximum size of a
3791					memory-buffered data (df) file
3792					before a disk-based file is used.
3793confXF_BUFFER_SIZE	XScriptFileBufferSize
3794					[4096] The maximum size of a
3795					memory-buffered transcript (xf)
3796					file before a disk-based file is
3797					used.
3798confTLS_SRV_OPTIONS	TLSSrvOptions	If this option is 'V' no client
3799					verification is performed, i.e.,
3800					the server doesn't ask for a
3801					certificate.
3802confLDAP_DEFAULT_SPEC	LDAPDefaultSpec	[undefined] Default map
3803					specification for LDAP maps.  The
3804					value should only contain LDAP
3805					specific settings such as "-h host
3806					-p port -d bindDN", etc.  The
3807					settings will be used for all LDAP
3808					maps unless they are specified in
3809					the individual map specification
3810					('K' command).
3811confCACERT_PATH		CACertPath	[undefined] Path to directory
3812					with certs of CAs.
3813confCACERT		CACertFile	[undefined] File containing one CA
3814					cert.
3815confSERVER_CERT		ServerCertFile	[undefined] File containing the
3816					cert of the server, i.e., this cert
3817					is used when sendmail acts as
3818					server.
3819confSERVER_KEY		ServerKeyFile	[undefined] File containing the
3820					private key belonging to the server
3821					cert.
3822confCLIENT_CERT		ClientCertFile	[undefined] File containing the
3823					cert of the client, i.e., this cert
3824					is used when sendmail acts as
3825					client.
3826confCLIENT_KEY		ClientKeyFile	[undefined] File containing the
3827					private key belonging to the client
3828					cert.
3829confCRL			CRLFile		[undefined] File containing certificate
3830					revocation status, useful for X.509v3
3831					authentication. Note that CRL requires
3832					at least OpenSSL version 0.9.7.
3833confDH_PARAMETERS	DHParameters	[undefined] File containing the
3834					DH parameters.
3835confRAND_FILE		RandFile	[undefined] File containing random
3836					data (use prefix file:) or the
3837					name of the UNIX socket if EGD is
3838					used (use prefix egd:).  STARTTLS
3839					requires this option if the compile
3840					flag HASURANDOM is not set (see
3841					sendmail/README).
3842confNICE_QUEUE_RUN	NiceQueueRun	[undefined]  If set, the priority of
3843					queue runners is set the given value
3844					(nice(3)).
3845confDIRECT_SUBMISSION_MODIFIERS	DirectSubmissionModifiers
3846					[undefined] Defines {daemon_flags}
3847					for direct submissions.
3848confUSE_MSP		UseMSP		[undefined] Use as mail submission
3849					program.
3850confDELIVER_BY_MIN	DeliverByMin	[0] Minimum time for Deliver By
3851					SMTP Service Extension (RFC 2852).
3852confREQUIRES_DIR_FSYNC	RequiresDirfsync	[true] RequiresDirfsync can
3853					be used to turn off the compile time
3854					flag REQUIRES_DIR_FSYNC at runtime.
3855					See sendmail/README for details.
3856confSHARED_MEMORY_KEY	SharedMemoryKey [0] Key for shared memory.
3857confFAST_SPLIT		FastSplit	[1] If set to a value greater than
3858					zero, the initial MX lookups on
3859					addresses is suppressed when they
3860					are sorted which may result in
3861					faster envelope splitting.  If the
3862					mail is submitted directly from the
3863					command line, then the value also
3864					limits the number of processes to
3865					deliver the envelopes.
3866confMAILBOX_DATABASE	MailboxDatabase	[pw] Type of lookup to find
3867					information about local mailboxes.
3868confDEQUOTE_OPTS	-		[empty] Additional options for the
3869					dequote map.
3870confINPUT_MAIL_FILTERS	InputMailFilters
3871					A comma separated list of filters
3872					which determines which filters and
3873					the invocation sequence are
3874					contacted for incoming SMTP
3875					messages.  If none are set, no
3876					filters will be contacted.
3877confMILTER_LOG_LEVEL	Milter.LogLevel	[9] Log level for input mail filter
3878					actions, defaults to LogLevel.
3879confMILTER_MACROS_CONNECT	Milter.macros.connect
3880					[j, _, {daemon_name}, {if_name},
3881					{if_addr}] Macros to transmit to
3882					milters when a session connection
3883					starts.
3884confMILTER_MACROS_HELO	Milter.macros.helo
3885					[{tls_version}, {cipher},
3886					{cipher_bits}, {cert_subject},
3887					{cert_issuer}] Macros to transmit to
3888					milters after HELO/EHLO command.
3889confMILTER_MACROS_ENVFROM	Milter.macros.envfrom
3890					[i, {auth_type}, {auth_authen},
3891					{auth_ssf}, {auth_author},
3892					{mail_mailer}, {mail_host},
3893					{mail_addr}] Macros to transmit to
3894					milters after MAIL FROM command.
3895confMILTER_MACROS_ENVRCPT	Milter.macros.envrcpt
3896					[{rcpt_mailer}, {rcpt_host},
3897					{rcpt_addr}] Macros to transmit to
3898					milters after RCPT TO command.
3899confMILTER_MACROS_EOM		Milter.macros.eom
3900					[{msg_id}] Macros to transmit to
3901					milters after DATA command.
3902
3903
3904See also the description of OSTYPE for some parameters that can be
3905tweaked (generally pathnames to mailers).
3906
3907ClientPortOptions and DaemonPortOptions are special cases since multiple
3908clients/daemons can be defined.  This can be done via
3909
3910	CLIENT_OPTIONS(`field1=value1,field2=value2,...')
3911	DAEMON_OPTIONS(`field1=value1,field2=value2,...')
3912
3913Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
3914ClientPortOptions settings) are allowed in order to give settings for each
3915protocol family (e.g., one for Family=inet and one for Family=inet6).  A
3916restriction placed on one family only affects outgoing connections on that
3917particular family.
3918
3919If DAEMON_OPTIONS is not used, then the default is
3920
3921	DAEMON_OPTIONS(`Port=smtp, Name=MTA')
3922	DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
3923
3924If you use one DAEMON_OPTIONS macro, it will alter the parameters
3925of the first of these.  The second will still be defaulted; it
3926represents a "Message Submission Agent" (MSA) as defined by RFC
39272476 (see below).  To turn off the default definition for the MSA,
3928use FEATURE(`no_default_msa') (see also FEATURES).  If you use
3929additional DAEMON_OPTIONS macros, they will add additional daemons.
3930
3931Example 1:  To change the port for the SMTP listener, while
3932still using the MSA default, use
3933	DAEMON_OPTIONS(`Port=925, Name=MTA')
3934
3935Example 2:  To change the port for the MSA daemon, while still
3936using the default SMTP port, use
3937	FEATURE(`no_default_msa')
3938	DAEMON_OPTIONS(`Name=MTA')
3939	DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
3940
3941Note that if the first of those DAEMON_OPTIONS lines were omitted, then
3942there would be no listener on the standard SMTP port.
3943
3944Example 3: To listen on both IPv4 and IPv6 interfaces, use
3945
3946	DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
3947	DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
3948
3949A "Message Submission Agent" still uses all of the same rulesets for
3950processing the message (and therefore still allows message rejection via
3951the check_* rulesets).  In accordance with the RFC, the MSA will ensure
3952that all domains in envelope addresses are fully qualified if the message
3953is relayed to another MTA.  It will also enforce the normal address syntax
3954rules and log error messages.  Additionally, by using the M=a modifier you
3955can require authentication before messages are accepted by the MSA.
3956Notice: Do NOT use the 'a' modifier on a public accessible MTA!  Finally,
3957the M=E modifier shown above disables ETRN as required by RFC 2476.
3958
3959Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
3960commands:
3961
3962	INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
3963	MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
3964
3965The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
3966same order they were specified by also setting confINPUT_MAIL_FILTERS.  A
3967filter can be defined without adding it to the input filter list by using
3968MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
3969Alternatively, you can reset the list of filters and their order by setting
3970confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
3971your .mc file.
3972
3973
3974+----------------------------+
3975| MESSAGE SUBMISSION PROGRAM |
3976+----------------------------+
3977
3978This section contains a list of caveats and
3979a few hints how for those who want to tweak the default configuration
3980for it (which is installed as submit.cf).
3981
3982Notice: do not add options/features to submit.mc unless you are
3983absolutely sure you need them.  Options you may want to change
3984include:
3985
3986- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
3987  avoiding X-Authentication warnings.
3988- confTIME_ZONE to change it from the default `USE_TZ'.
3989- confDELIVERY_MODE is set to interactive in msp.m4 instead
3990  of the default background mode.
3991- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
3992  to the LOCAL_RELAY instead of the default relay.
3993
3994The MSP performs hostname canonicalization by default.  Mail may end
3995up for various DNS related reasons in the MSP queue.  This problem
3996can be minimized by using
3997
3998	FEATURE(`nocanonify', `canonify_hosts')
3999	define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
4000
4001See the discussion about nocanonify for possible side effects.
4002
4003Some things are not intended to work with the MSP.  These include
4004features that influence the delivery process (e.g., mailertable,
4005aliases), or those that are only important for a SMTP server (e.g.,
4006virtusertable, DaemonPortOptions, multiple queues).  Moreover,
4007relaxing certain restrictions (RestrictQueueRun, permissions on
4008queue directory) or adding features (e.g., enabling prog/file mailer)
4009can cause security problems.
4010
4011Other things don't work well with the MSP and require tweaking or
4012workarounds.
4013
4014The file and the map created by makemap should be owned by smmsp,
4015its group should be smmsp, and it should have mode 640.
4016
4017feature/msp.m4 defines almost all settings for the MSP.  Most of
4018those should not be changed at all.  Some of the features and options
4019can be overridden if really necessary.  It is a bit tricky to do
4020this, because it depends on the actual way the option is defined
4021in feature/msp.m4.  If it is directly defined (i.e., define()) then
4022the modified value must be defined after
4023
4024	FEATURE(`msp')
4025
4026If it is conditionally defined (i.e., ifdef()) then the desired
4027value must be defined before the FEATURE line in the .mc file.
4028To see how the options are defined read feature/msp.m4.
4029
4030
4031+--------------------------+
4032| FORMAT OF FILES AND MAPS |
4033+--------------------------+
4034
4035Files that define classes, i.e., F{classname}, consist of lines
4036each of which contains a single element of the class.  For example,
4037/etc/mail/local-host-names may have the following content:
4038
4039my.domain
4040another.domain
4041
4042Maps must be created using makemap(8) , e.g.,
4043
4044	makemap hash MAP < MAP
4045
4046In general, a text file from which a map is created contains lines
4047of the form
4048
4049key	value
4050
4051where 'key' and 'value' are also called LHS and RHS, respectively.
4052By default, the delimiter between LHS and RHS is a non-empty sequence
4053of white space characters.
4054
4055
4056+------------------+
4057| DIRECTORY LAYOUT |
4058+------------------+
4059
4060Within this directory are several subdirectories, to wit:
4061
4062m4		General support routines.  These are typically
4063		very important and should not be changed without
4064		very careful consideration.
4065
4066cf		The configuration files themselves.  They have
4067		".mc" suffixes, and must be run through m4 to
4068		become complete.  The resulting output should
4069		have a ".cf" suffix.
4070
4071ostype		Definitions describing a particular operating
4072		system type.  These should always be referenced
4073		using the OSTYPE macro in the .mc file.  Examples
4074		include "bsd4.3", "bsd4.4", "sunos3.5", and
4075		"sunos4.1".
4076
4077domain		Definitions describing a particular domain, referenced
4078		using the DOMAIN macro in the .mc file.  These are
4079		site dependent; for example, "CS.Berkeley.EDU.m4"
4080		describes hosts in the CS.Berkeley.EDU subdomain.
4081
4082mailer		Descriptions of mailers.  These are referenced using
4083		the MAILER macro in the .mc file.
4084
4085sh		Shell files used when building the .cf file from the
4086		.mc file in the cf subdirectory.
4087
4088feature		These hold special orthogonal features that you might
4089		want to include.  They should be referenced using
4090		the FEATURE macro.
4091
4092hack		Local hacks.  These can be referenced using the HACK
4093		macro.  They shouldn't be of more than voyeuristic
4094		interest outside the .Berkeley.EDU domain, but who knows?
4095
4096siteconfig	Site configuration -- e.g., tables of locally connected
4097		UUCP sites.
4098
4099
4100+------------------------+
4101| ADMINISTRATIVE DETAILS |
4102+------------------------+
4103
4104The following sections detail usage of certain internal parts of the
4105sendmail.cf file.  Read them carefully if you are trying to modify
4106the current model.  If you find the above descriptions adequate, these
4107should be {boring, confusing, tedious, ridiculous} (pick one or more).
4108
4109RULESETS (* means built in to sendmail)
4110
4111   0 *	Parsing
4112   1 *	Sender rewriting
4113   2 *	Recipient rewriting
4114   3 *	Canonicalization
4115   4 *	Post cleanup
4116   5 *	Local address rewrite (after aliasing)
4117  1x	mailer rules (sender qualification)
4118  2x	mailer rules (recipient qualification)
4119  3x	mailer rules (sender header qualification)
4120  4x	mailer rules (recipient header qualification)
4121  5x	mailer subroutines (general)
4122  6x	mailer subroutines (general)
4123  7x	mailer subroutines (general)
4124  8x	reserved
4125  90	Mailertable host stripping
4126  96	Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4127  97	Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4128  98	Local part of ruleset 0 (ruleset 8 in old sendmail)
4129
4130
4131MAILERS
4132
4133   0	local, prog	local and program mailers
4134   1	[e]smtp, relay	SMTP channel
4135   2	uucp-*		UNIX-to-UNIX Copy Program
4136   3	netnews		Network News delivery
4137   4	fax		Sam Leffler's HylaFAX software
4138   5	mail11		DECnet mailer
4139
4140
4141MACROS
4142
4143   A
4144   B	Bitnet Relay
4145   C	DECnet Relay
4146   D	The local domain -- usually not needed
4147   E	reserved for X.400 Relay
4148   F	FAX Relay
4149   G
4150   H	mail Hub (for mail clusters)
4151   I
4152   J
4153   K
4154   L	Luser Relay
4155   M	Masquerade (who you claim to be)
4156   N
4157   O
4158   P
4159   Q
4160   R	Relay (for unqualified names)
4161   S	Smart Host
4162   T
4163   U	my UUCP name (if you have a UUCP connection)
4164   V	UUCP Relay (class {V} hosts)
4165   W	UUCP Relay (class {W} hosts)
4166   X	UUCP Relay (class {X} hosts)
4167   Y	UUCP Relay (all other hosts)
4168   Z	Version number
4169
4170
4171CLASSES
4172
4173   A
4174   B	domains that are candidates for bestmx lookup
4175   C
4176   D
4177   E	addresses that should not seem to come from $M
4178   F	hosts this system forward for
4179   G	domains that should be looked up in genericstable
4180   H
4181   I
4182   J
4183   K
4184   L	addresses that should not be forwarded to $R
4185   M	domains that should be mapped to $M
4186   N	host/domains that should not be mapped to $M
4187   O	operators that indicate network operations (cannot be in local names)
4188   P	top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4189   Q
4190   R	domains this system is willing to relay (pass anti-spam filters)
4191   S
4192   T
4193   U	locally connected UUCP hosts
4194   V	UUCP hosts connected to relay $V
4195   W	UUCP hosts connected to relay $W
4196   X	UUCP hosts connected to relay $X
4197   Y	locally connected smart UUCP hosts
4198   Z	locally connected domain-ized UUCP hosts
4199   .	the class containing only a dot
4200   [	the class containing only a left bracket
4201
4202
4203M4 DIVERSIONS
4204
4205   1	Local host detection and resolution
4206   2	Local Ruleset 3 additions
4207   3	Local Ruleset 0 additions
4208   4	UUCP Ruleset 0 additions
4209   5	locally interpreted names (overrides $R)
4210   6	local configuration (at top of file)
4211   7	mailer definitions
4212   8	DNS based blacklists
4213   9	special local rulesets (1 and 2)
4214
4215$Revision: 8.703 $, Last updated $Date: 2006/01/25 03:23:52 $
4216ident	"%Z%%M%	%I%	%E% SMI"
4217