1
2 SENDMAIL CONFIGURATION FILES
3
4This document describes the sendmail configuration files. It
5explains how to create a sendmail.cf file for use with sendmail.
6It also describes how to set options for sendmail which are explained
7in the Sendmail Installation and Operation guide, which can be found
8on-line at http://www.sendmail.org/%7Eca/email/doc8.12/op.html .
9Recall this URL throughout this document when references to
10doc/op/op.* are made.
11
12Table of Content:
13
14INTRODUCTION AND EXAMPLE
15A BRIEF INTRODUCTION TO M4
16FILE LOCATIONS
17OSTYPE
18DOMAINS
19MAILERS
20FEATURES
21HACKS
22SITE CONFIGURATION
23USING UUCP MAILERS
24TWEAKING RULESETS
25MASQUERADING AND RELAYING
26USING LDAP FOR ALIASES, MAPS, AND CLASSES
27LDAP ROUTING
28ANTI-SPAM CONFIGURATION CONTROL
29CONNECTION CONTROL
30STARTTLS
31ADDING NEW MAILERS OR RULESETS
32ADDING NEW MAIL FILTERS
33QUEUE GROUP DEFINITIONS
34NON-SMTP BASED CONFIGURATIONS
35WHO AM I?
36ACCEPTING MAIL FOR MULTIPLE NAMES
37USING MAILERTABLES
38USING USERDB TO MAP FULL NAMES
39MISCELLANEOUS SPECIAL FEATURES
40SECURITY NOTES
41TWEAKING CONFIGURATION OPTIONS
42MESSAGE SUBMISSION PROGRAM
43FORMAT OF FILES AND MAPS
44DIRECTORY LAYOUT
45ADMINISTRATIVE DETAILS
46
47
48+--------------------------+
49| INTRODUCTION AND EXAMPLE |
50+--------------------------+
51
52Configuration files are contained in the subdirectory "cf", with a
53suffix ".mc". They must be run through "m4" to produce a ".cf" file.
54You must pre-load "cf.m4":
55
56 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
57
58Alternatively, you can simply:
59
60 cd ${CFDIR}/cf
61 /usr/ccs/bin/make config.cf
62
63where ${CFDIR} is the root of the cf directory and config.mc is the
64name of your configuration file. If you are running a version of M4
65that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
66this, but the versions distributed with 4.4BSD and derivatives do not)
67or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
68For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
69use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example:
70
71 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
72
73Let's examine a typical .mc file:
74
75 divert(-1)
76 #
77 # Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
78 # All rights reserved.
79 # Copyright (c) 1983 Eric P. Allman. All rights reserved.
80 # Copyright (c) 1988, 1993
81 # The Regents of the University of California. All rights reserved.
82 #
83 # By using this file, you agree to the terms and conditions set
84 # forth in the LICENSE file which can be found at the top level of
85 # the sendmail distribution.
86 #
87
88 #
89 # This is a Berkeley-specific configuration file for HP-UX 9.x.
90 # It applies only to the Computer Science Division at Berkeley,
91 # and should not be used elsewhere. It is provided on the sendmail
92 # distribution as a sample only. To create your own configuration
93 # file, create an appropriate domain file in ../domain, change the
94 # `DOMAIN' macro below to reference that file, and copy the result
95 # to a name of your own choosing.
96 #
97 divert(0)
98
99The divert(-1) will delete the crud in the resulting output file.
100The copyright notice can be replaced by whatever your lawyers require;
101our lawyers require the one that is included in these files. A copyleft
102is a copyright by another name. The divert(0) restores regular output.
103
104 VERSIONID(`<SCCS or RCS version id>')
105
106VERSIONID is a macro that stuffs the version information into the
107resulting file. You could use SCCS, RCS, CVS, something else, or
108omit it completely. This is not the same as the version id included
109in SMTP greeting messages -- this is defined in m4/version.m4.
110
111 OSTYPE(`hpux9')dnl
112
113You must specify an OSTYPE to properly configure things such as the
114pathname of the help and status files, the flags needed for the local
115mailer, and other important things. If you omit it, you will get an
116error when you try to build the configuration. Look at the ostype
117directory for the list of known operating system types.
118
119 DOMAIN(`CS.Berkeley.EDU')dnl
120
121This example is specific to the Computer Science Division at Berkeley.
122You can use "DOMAIN(`generic')" to get a sufficiently bland definition
123that may well work for you, or you can create a customized domain
124definition appropriate for your environment.
125
126 MAILER(`local')
127 MAILER(`smtp')
128
129These describe the mailers used at the default CS site. The local
130mailer is always included automatically. Beware: MAILER declarations
131should only be followed by LOCAL_* sections. The general rules are
132that the order should be:
133
134 VERSIONID
135 OSTYPE
136 DOMAIN
137 FEATURE
138 local macro definitions
139 MAILER
140 LOCAL_CONFIG
141 LOCAL_RULE_*
142 LOCAL_RULESETS
143
144There are a few exceptions to this rule. Local macro definitions which
145influence a FEATURE() should be done before that feature. For example,
146a define(`PROCMAIL_MAILER_PATH', ...) should be done before
147FEATURE(`local_procmail').
148
149
150+----------------------------+
151| A BRIEF INTRODUCTION TO M4 |
152+----------------------------+
153
154Sendmail uses the M4 macro processor to ``compile'' the configuration
155files. The most important thing to know is that M4 is stream-based,
156that is, it doesn't understand about lines. For this reason, in some
157places you may see the word ``dnl'', which stands for ``delete
158through newline''; essentially, it deletes all characters starting
159at the ``dnl'' up to and including the next newline character. In
160most cases sendmail uses this only to avoid lots of unnecessary
161blank lines in the output.
162
163Other important directives are define(A, B) which defines the macro
164``A'' to have value ``B''. Macros are expanded as they are read, so
165one normally quotes both values to prevent expansion. For example,
166
167 define(`SMART_HOST', `smart.foo.com')
168
169One word of warning: M4 macros are expanded even in lines that appear
170to be comments. For example, if you have
171
172 # See FEATURE(`foo') above
173
174it will not do what you expect, because the FEATURE(`foo') will be
175expanded. This also applies to
176
177 # And then define the $X macro to be the return address
178
179because ``define'' is an M4 keyword. If you want to use them, surround
180them with directed quotes, `like this'.
181
182Since m4 uses single quotes (opening "`" and closing "'") to quote
183arguments, those quotes can't be used in arguments. For example,
184it is not possible to define a rejection message containing a single
185quote. Usually there are simple workarounds by changing those
186messages; in the worst case it might be ok to change the value
187directly in the generated .cf file, which however is not advised.
188
189+----------------+
190| FILE LOCATIONS |
191+----------------+
192
193sendmail 8.9 has introduced a new configuration directory for sendmail
194related files, /etc/mail. The new files available for sendmail 8.9 --
195the class {R} /etc/mail/relay-domains and the access database
196/etc/mail/access -- take advantage of this new directory. Beginning with
1978.10, all files will use this directory by default (some options may be
198set by OSTYPE() files). This new directory should help to restore
199uniformity to sendmail's file locations.
200
201Below is a table of some of the common changes:
202
203Old filename New filename
204------------ ------------
205/etc/bitdomain /etc/mail/bitdomain
206/etc/domaintable /etc/mail/domaintable
207/etc/genericstable /etc/mail/genericstable
208/etc/uudomain /etc/mail/uudomain
209/etc/virtusertable /etc/mail/virtusertable
210/etc/userdb /etc/mail/userdb
211
212/etc/aliases /etc/mail/aliases
213/etc/sendmail/aliases /etc/mail/aliases
214/etc/ucbmail/aliases /etc/mail/aliases
215/usr/adm/sendmail/aliases /etc/mail/aliases
216/usr/lib/aliases /etc/mail/aliases
217/usr/lib/mail/aliases /etc/mail/aliases
218/usr/ucblib/aliases /etc/mail/aliases
219
220/etc/sendmail.cw /etc/mail/local-host-names
221/etc/mail/sendmail.cw /etc/mail/local-host-names
222/etc/sendmail/sendmail.cw /etc/mail/local-host-names
223
224/etc/sendmail.ct /etc/mail/trusted-users
225
226/etc/sendmail.oE /etc/mail/error-header
227
228/etc/sendmail.hf /etc/mail/helpfile
229/etc/mail/sendmail.hf /etc/mail/helpfile
230/usr/ucblib/sendmail.hf /etc/mail/helpfile
231/etc/ucbmail/sendmail.hf /etc/mail/helpfile
232/usr/lib/sendmail.hf /etc/mail/helpfile
233/usr/share/lib/sendmail.hf /etc/mail/helpfile
234/usr/share/misc/sendmail.hf /etc/mail/helpfile
235/share/misc/sendmail.hf /etc/mail/helpfile
236
237/etc/service.switch /etc/mail/service.switch
238
239/etc/sendmail.st /etc/mail/statistics
240/etc/mail/sendmail.st /etc/mail/statistics
241/etc/mailer/sendmail.st /etc/mail/statistics
242/etc/sendmail/sendmail.st /etc/mail/statistics
243/usr/lib/sendmail.st /etc/mail/statistics
244/usr/ucblib/sendmail.st /etc/mail/statistics
245
246Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
247to create the pathnames. The default value of this variable is
248`/etc/mail/'. If you set this macro to a different value, you MUST include
249a trailing slash.
250
251Notice: all filenames used in a .mc (or .cf) file should be absolute
252(starting at the root, i.e., with '/'). Relative filenames most
253likely cause surprises during operations (unless otherwise noted).
254
255
256+--------+
257| OSTYPE |
258+--------+
259
260You MUST define an operating system environment, or the configuration
261file build will puke. There are several environments available; look
262at the "ostype" directory for the current list. This macro changes
263things like the location of the alias file and queue directory. Some
264of these files are identical to one another.
265
266It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
267In general, the OSTYPE macro should go immediately after any version
268information, and MAILER definitions should always go last.
269
270Operating system definitions are usually easy to write. They may define
271the following variables (everything defaults, so an ostype file may be
272empty). Unfortunately, the list of configuration-supported systems is
273not as broad as the list of source-supported systems, since many of
274the source contributors do not include corresponding ostype files.
275
276ALIAS_FILE [/etc/mail/aliases] The location of the text version
277 of the alias file(s). It can be a comma-separated
278 list of names (but be sure you quote values with
279 commas in them -- for example, use
280 define(`ALIAS_FILE', `a,b')
281 to get "a" and "b" both listed as alias files;
282 otherwise the define() primitive only sees "a").
283HELP_FILE [/etc/mail/helpfile] The name of the file
284 containing information printed in response to
285 the SMTP HELP command.
286QUEUE_DIR [/var/spool/mqueue] The directory containing
287 queue files. To use multiple queues, supply
288 a value ending with an asterisk. For
289 example, /var/spool/mqueue/qd* will use all of the
290 directories or symbolic links to directories
291 beginning with 'qd' in /var/spool/mqueue as queue
292 directories. The names 'qf', 'df', and 'xf' are
293 reserved as specific subdirectories for the
294 corresponding queue file types as explained in
295 doc/op/op.me. See also QUEUE GROUP DEFINITIONS.
296MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing
297 queue files for the MSP (Mail Submission Program).
298STATUS_FILE [/etc/mail/statistics] The file containing status
299 information.
300LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail.
301LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The
302 flags lsDFMAw5:/|@q are always included.
303LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local
304 mail.
305LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local
306 mail that you are willing to accept.
307LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of
308 messages to deliver in a single connection. Only
309 useful for LMTP local mailers.
310LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
311 that ARRIVE from an address that resolves to the
312 local mailer and which are converted to MIME will be
313 labeled with this character set.
314LOCAL_MAILER_EOL [undefined] If defined, the string to use as the
315 end of line for the local mailer.
316LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
317 [X-Unix] The DSN Diagnostic-Code value for the
318 local mailer. This should be changed with care.
319LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email.
320LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The
321 flags lsDFM are always included.
322LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
323 mail.
324LOCAL_SHELL_DIR [$z:/] The directory search path in which the
325 shell should run.
326LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer.
327SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default
328 flags are `mDFMuX' for all SMTP-based mailers; the
329 "esmtp" mailer adds `a'; "smtp8" adds `8'; and
330 "dsmtp" adds `%'.
331RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default
332 flags are `mDFMuX' for all SMTP-based mailers; the
333 relay mailer adds `a8'. If this is not defined,
334 then SMTP_MAILER_FLAGS is used.
335SMTP_MAILER_MAX [undefined] The maximum size of messages that will
336 be transported using the smtp, smtp8, esmtp, or dsmtp
337 mailers.
338SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of
339 messages to deliver in a single connection for the
340 smtp, smtp8, esmtp, or dsmtp mailers.
341SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
342 recipients to deliver in a single connection for the
343 smtp, smtp8, esmtp, or dsmtp mailers.
344SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer.
345 About the only reason you would want to change this
346 would be to change the default port.
347ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer.
348SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer.
349DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer.
350RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer.
351SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer.
352ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer.
353SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer.
354DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer.
355RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer.
356RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of
357 messages to deliver in a single connection for the
358 relay mailer.
359SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
360 that ARRIVE from an address that resolves to one of
361 the SMTP mailers and which are converted to MIME will
362 be labeled with this character set.
363SMTP_MAILER_LL [990] The maximum line length for SMTP mailers
364 (except the relay mailer).
365RELAY_MAILER_LL [2040] The maximum line length for the relay mailer.
366UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail.
367UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default
368 flags are `DFMhuU' (and `m' for uucp-new mailer,
369 minus `U' for uucp-dom mailer).
370UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
371 passed to the UUCP mailer.
372UUCP_MAILER_MAX [100000] The maximum size message accepted for
373 transmission by the UUCP mailers.
374UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
375 that ARRIVE from an address that resolves to one of
376 the UUCP mailers and which are converted to MIME will
377 be labeled with this character set.
378UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers.
379PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail
380 program. This is also used by
381 FEATURE(`local_procmail').
382PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags
383 DFM are always set. This is NOT used by
384 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
385 instead.
386PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
387 the Procmail mailer. This is NOT used by
388 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
389 instead.
390PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that
391 will be accepted by the procmail mailer.
392PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer.
393confEBINDIR [/usr/libexec] The directory for executables.
394 Currently used for FEATURE(`local_lmtp') and
395 FEATURE(`smrsh').
396LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer.
397
398Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
399MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
400of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
401upper case) and change can be: flags that should be used directly
402(thus overriding the default value), or if it starts with `+' (`-')
403then those flags are added to (removed from) the default value.
404Example:
405
406 MODIFY_MAILER_FLAGS(`LOCAL', `+e')
407
408will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are
409several smtp mailers all of which are manipulated individually.
410See the section MAILERS for the available mailer names.
411WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
412unconditionally, i.e., without respecting any definitions in an
413OSTYPE setting.
414
415
416+---------+
417| DOMAINS |
418+---------+
419
420You will probably want to collect domain-dependent defines into one
421file, referenced by the DOMAIN macro. For example, the Berkeley
422domain file includes definitions for several internal distinguished
423hosts:
424
425UUCP_RELAY The host that will accept UUCP-addressed email.
426 If not defined, all UUCP sites must be directly
427 connected.
428BITNET_RELAY The host that will accept BITNET-addressed email.
429 If not defined, the .BITNET pseudo-domain won't work.
430DECNET_RELAY The host that will accept DECNET-addressed email.
431 If not defined, the .DECNET pseudo-domain and addresses
432 of the form node::user will not work.
433FAX_RELAY The host that will accept mail to the .FAX pseudo-domain.
434 The "fax" mailer overrides this value.
435LOCAL_RELAY The site that will handle unqualified names -- that
436 is, names without an @domain extension.
437 Normally MAIL_HUB is preferred for this function.
438 LOCAL_RELAY is mostly useful in conjunction with
439 FEATURE(`stickyhost') -- see the discussion of
440 stickyhost below. If not set, they are assumed to
441 belong on this machine. This allows you to have a
442 central site to store a company- or department-wide
443 alias database. This only works at small sites,
444 and only with some user agents.
445LUSER_RELAY The site that will handle lusers -- that is, apparently
446 local names that aren't local accounts or aliases. To
447 specify a local user instead of a site, set this to
448 ``local:username''.
449
450Any of these can be either ``mailer:hostname'' (in which case the
451mailer is the internal mailer name, such as ``uucp-new'' and the hostname
452is the name of the host as appropriate for that mailer) or just a
453``hostname'', in which case a default mailer type (usually ``relay'',
454a variant on SMTP) is used. WARNING: if you have a wildcard MX
455record matching your domain, you probably want to define these to
456have a trailing dot so that you won't get the mail diverted back
457to yourself.
458
459The domain file can also be used to define a domain name, if needed
460(using "DD<domain>") and set certain site-wide features. If all hosts
461at your site masquerade behind one email name, you could also use
462MASQUERADE_AS here.
463
464You do not have to define a domain -- in particular, if you are a
465single machine sitting off somewhere, it is probably more work than
466it's worth. This is just a mechanism for combining "domain dependent
467knowledge" into one place.
468
469
470+---------+
471| MAILERS |
472+---------+
473
474There are fewer mailers supported in this version than the previous
475version, owing mostly to a simpler world. As a general rule, put the
476MAILER definitions last in your .mc file.
477
478local The local and prog mailers. You will almost always
479 need these; the only exception is if you relay ALL
480 your mail to another site. This mailer is included
481 automatically.
482
483smtp The Simple Mail Transport Protocol mailer. This does
484 not hide hosts behind a gateway or another other
485 such hack; it assumes a world where everyone is
486 running the name server. This file actually defines
487 five mailers: "smtp" for regular (old-style) SMTP to
488 other servers, "esmtp" for extended SMTP to other
489 servers, "smtp8" to do SMTP to other servers without
490 converting 8-bit data to MIME (essentially, this is
491 your statement that you know the other end is 8-bit
492 clean even if it doesn't say so), "dsmtp" to do on
493 demand delivery, and "relay" for transmission to the
494 RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
495
496uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
497 defines two mailers, "uucp-old" (a.k.a. "uucp") and
498 "uucp-new" (a.k.a. "suucp"). The latter is for when you
499 know that the UUCP mailer at the other end can handle
500 multiple recipients in one transfer. If the smtp mailer
501 is included in your configuration, two other mailers
502 ("uucp-dom" and "uucp-uudom") are also defined [warning: you
503 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you
504 include the uucp mailer, sendmail looks for all names in
505 class {U} and sends them to the uucp-old mailer; all
506 names in class {Y} are sent to uucp-new; and all
507 names in class {Z} are sent to uucp-uudom. Note that
508 this is a function of what version of rmail runs on
509 the receiving end, and hence may be out of your control.
510 See the section below describing UUCP mailers in more
511 detail.
512
513procmail An interface to procmail (does not come with sendmail).
514 This is designed to be used in mailertables. For example,
515 a common question is "how do I forward all mail for a given
516 domain to a single person?". If you have this mailer
517 defined, you could set up a mailertable reading:
518
519 host.com procmail:/etc/procmailrcs/host.com
520
521 with the file /etc/procmailrcs/host.com reading:
522
523 :0 # forward mail for host.com
524 ! -oi -f $1 person@other.host
525
526 This would arrange for (anything)@host.com to be sent
527 to person@other.host. In a procmail script, $1 is the
528 name of the sender and $2 is the name of the recipient.
529 If you use this with FEATURE(`local_procmail'), the FEATURE
530 should be listed first.
531
532 Of course there are other ways to solve this particular
533 problem, e.g., a catch-all entry in a virtusertable.
534
535The local mailer accepts addresses of the form "user+detail", where
536the "+detail" is not used for mailbox matching but is available
537to certain local mail programs (in particular, see
538FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and
539"eric+sww" all indicate the same user, but additional arguments <null>,
540"sendmail", and "sww" may be provided for use in sorting mail.
541
542
543+----------+
544| FEATURES |
545+----------+
546
547Special features can be requested using the "FEATURE" macro. For
548example, the .mc line:
549
550 FEATURE(`use_cw_file')
551
552tells sendmail that you want to have it read an /etc/mail/local-host-names
553file to get values for class {w}. A FEATURE may contain up to 9
554optional parameters -- for example:
555
556 FEATURE(`mailertable', `dbm /usr/lib/mailertable')
557
558The default database map type for the table features can be set with
559
560 define(`DATABASE_MAP_TYPE', `dbm')
561
562which would set it to use ndbm databases. The default is the Berkeley DB
563hash database format. Note that you must still declare a database map type
564if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
565if no argument is given for the FEATURE. It must be specified before any
566feature that uses a map.
567
568Also, features which can take a map definition as an argument can also take
569the special keyword `LDAP'. If that keyword is used, the map will use the
570LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
571CLASSES'' section below.
572
573Available features are:
574
575use_cw_file Read the file /etc/mail/local-host-names file to get
576 alternate names for this host. This might be used if you
577 were on a host that MXed for a dynamic set of other hosts.
578 If the set is static, just including the line "Cw<name1>
579 <name2> ..." (where the names are fully qualified domain
580 names) is probably superior. The actual filename can be
581 overridden by redefining confCW_FILE.
582
583use_ct_file Read the file /etc/mail/trusted-users file to get the
584 names of users that will be ``trusted'', that is, able to
585 set their envelope from address using -f without generating
586 a warning message. The actual filename can be overridden
587 by redefining confCT_FILE.
588
589redirect Reject all mail addressed to "address.REDIRECT" with
590 a ``551 User has moved; please try <address>'' message.
591 If this is set, you can alias people who have left
592 to their new address with ".REDIRECT" appended.
593
594nouucp Don't route UUCP addresses. This feature takes one
595 parameter:
596 `reject': reject addresses which have "!" in the local
597 part unless it originates from a system
598 that is allowed to relay.
599 `nospecial': don't do anything special with "!".
600 Warnings: 1. See the notice in the anti-spam section.
601 2. don't remove "!" from OperatorChars if `reject' is
602 given as parameter.
603
604nocanonify Don't pass addresses to $[ ... $] for canonification
605 by default, i.e., host/domain names are considered canonical,
606 except for unqualified names, which must not be used in this
607 mode (violation of the standard). It can be changed by
608 setting the DaemonPortOptions modifiers (M=). That is,
609 FEATURE(`nocanonify') will be overridden by setting the
610 'c' flag. Conversely, if FEATURE(`nocanonify') is not used,
611 it can be emulated by setting the 'C' flag
612 (DaemonPortOptions=Modifiers=C). This would generally only
613 be used by sites that only act as mail gateways or which have
614 user agents that do full canonification themselves. You may
615 also want to use
616 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
617 the usual resolver options that do a similar thing.
618
619 An exception list for FEATURE(`nocanonify') can be
620 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
621 i.e., a list of domains which are nevertheless passed to
622 $[ ... $] for canonification. This is useful to turn on
623 canonification for local domains, e.g., use
624 CANONIFY_DOMAIN(`my.domain my') to canonify addresses
625 which end in "my.domain" or "my".
626 Another way to require canonification in the local
627 domain is CANONIFY_DOMAIN(`$=m').
628
629 A trailing dot is added to addresses with more than
630 one component in it such that other features which
631 expect a trailing dot (e.g., virtusertable) will
632 still work.
633
634 If `canonify_hosts' is specified as parameter, i.e.,
635 FEATURE(`nocanonify', `canonify_hosts'), then
636 addresses which have only a hostname, e.g.,
637 <user@host>, will be canonified (and hopefully fully
638 qualified), too.
639
640stickyhost This feature is sometimes used with LOCAL_RELAY,
641 although it can be used for a different effect with
642 MAIL_HUB.
643
644 When used without MAIL_HUB, email sent to
645 "user@local.host" are marked as "sticky" -- that
646 is, the local addresses aren't matched against UDB,
647 don't go through ruleset 5, and are not forwarded to
648 the LOCAL_RELAY (if defined).
649
650 With MAIL_HUB, mail addressed to "user@local.host"
651 is forwarded to the mail hub, with the envelope
652 address still remaining "user@local.host".
653 Without stickyhost, the envelope would be changed
654 to "user@mail_hub", in order to protect against
655 mailing loops.
656
657mailertable Include a "mailer table" which can be used to override
658 routing for particular domains (which are not in class {w},
659 i.e. local host names). The argument of the FEATURE may be
660 the key definition. If none is specified, the definition
661 used is:
662
663 hash /etc/mail/mailertable
664
665 Keys in this database are fully qualified domain names
666 or partial domains preceded by a dot -- for example,
667 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a
668 special case of the latter, "." matches any domain not
669 covered by other keys. Values must be of the form:
670 mailer:domain
671 where "mailer" is the internal mailer name, and "domain"
672 is where to send the message. These maps are not
673 reflected into the message header. As a special case,
674 the forms:
675 local:user
676 will forward to the indicated user using the local mailer,
677 local:
678 will forward to the original user in the e-mail address
679 using the local mailer, and
680 error:code message
681 error:D.S.N:code message
682 will give an error message with the indicated SMTP reply
683 code and message, where D.S.N is an RFC 1893 compliant
684 error code.
685
686domaintable Include a "domain table" which can be used to provide
687 domain name mapping. Use of this should really be
688 limited to your own domains. It may be useful if you
689 change names (e.g., your company changes names from
690 oldname.com to newname.com). The argument of the
691 FEATURE may be the key definition. If none is specified,
692 the definition used is:
693
694 hash /etc/mail/domaintable
695
696 The key in this table is the domain name; the value is
697 the new (fully qualified) domain. Anything in the
698 domaintable is reflected into headers; that is, this
699 is done in ruleset 3.
700
701bitdomain Look up bitnet hosts in a table to try to turn them into
702 internet addresses. The table can be built using the
703 bitdomain program contributed by John Gardiner Myers.
704 The argument of the FEATURE may be the key definition; if
705 none is specified, the definition used is:
706
707 hash /etc/mail/bitdomain
708
709 Keys are the bitnet hostname; values are the corresponding
710 internet hostname.
711
712uucpdomain Similar feature for UUCP hosts. The default map definition
713 is:
714
715 hash /etc/mail/uudomain
716
717 At the moment there is no automagic tool to build this
718 database.
719
720always_add_domain
721 Include the local host domain even on locally delivered
722 mail. Normally it is not added on unqualified names.
723 However, if you use a shared message store but do not use
724 the same user name space everywhere, you may need the host
725 name on local names. An optional argument specifies
726 another domain to be added than the local.
727
728allmasquerade If masquerading is enabled (using MASQUERADE_AS), this
729 feature will cause recipient addresses to also masquerade
730 as being from the masquerade host. Normally they get
731 the local hostname. Although this may be right for
732 ordinary users, it can break local aliases. For example,
733 if you send to "localalias", the originating sendmail will
734 find that alias and send to all members, but send the
735 message with "To: localalias@masqueradehost". Since that
736 alias likely does not exist, replies will fail. Use this
737 feature ONLY if you can guarantee that the ENTIRE
738 namespace on your masquerade host supersets all the
739 local entries.
740
741limited_masquerade
742 Normally, any hosts listed in class {w} are masqueraded. If
743 this feature is given, only the hosts listed in class {M} (see
744 below: MASQUERADE_DOMAIN) are masqueraded. This is useful
745 if you have several domains with disjoint namespaces hosted
746 on the same machine.
747
748masquerade_entire_domain
749 If masquerading is enabled (using MASQUERADE_AS) and
750 MASQUERADE_DOMAIN (see below) is set, this feature will
751 cause addresses to be rewritten such that the masquerading
752 domains are actually entire domains to be hidden. All
753 hosts within the masquerading domains will be rewritten
754 to the masquerade name (used in MASQUERADE_AS). For example,
755 if you have:
756
757 MASQUERADE_AS(`masq.com')
758 MASQUERADE_DOMAIN(`foo.org')
759 MASQUERADE_DOMAIN(`bar.com')
760
761 then *foo.org and *bar.com are converted to masq.com. Without
762 this feature, only foo.org and bar.com are masqueraded.
763
764 NOTE: only domains within your jurisdiction and
765 current hierarchy should be masqueraded using this.
766
767local_no_masquerade
768 This feature prevents the local mailer from masquerading even
769 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect
770 on addresses of mail going outside the local domain.
771
772masquerade_envelope
773 If masquerading is enabled (using MASQUERADE_AS) or the
774 genericstable is in use, this feature will cause envelope
775 addresses to also masquerade as being from the masquerade
776 host. Normally only the header addresses are masqueraded.
777
778genericstable This feature will cause unqualified addresses (i.e., without
779 a domain) and addresses with a domain listed in class {G}
780 to be looked up in a map and turned into another ("generic")
781 form, which can change both the domain name and the user name.
782 Notice: if you use an MSP (as it is default starting with
783 8.12), the MTA will only receive qualified addresses from the
784 MSP (as required by the RFCs). Hence you need to add your
785 domain to class {G}. This feature is similar to the userdb
786 functionality. The same types of addresses as for
787 masquerading are looked up, i.e., only header sender
788 addresses unless the allmasquerade and/or masquerade_envelope
789 features are given. Qualified addresses must have the domain
790 part in class {G}; entries can be added to this class by the
791 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
792 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
793
794 The argument of FEATURE(`genericstable') may be the map
795 definition; the default map definition is:
796
797 hash /etc/mail/genericstable
798
799 The key for this table is either the full address, the domain
800 (with a leading @; the localpart is passed as first argument)
801 or the unqualified username (tried in the order mentioned);
802 the value is the new user address. If the new user address
803 does not include a domain, it will be qualified in the standard
804 manner, i.e., using $j or the masquerade name. Note that the
805 address being looked up must be fully qualified. For local
806 mail, it is necessary to use FEATURE(`always_add_domain')
807 for the addresses to be qualified.
808 The "+detail" of an address is passed as %1, so entries like
809
810 old+*@foo.org new+%1@example.com
811 gen+*@foo.org %1@example.com
812
813 and other forms are possible.
814
815generics_entire_domain
816 If the genericstable is enabled and GENERICS_DOMAIN or
817 GENERICS_DOMAIN_FILE is used, this feature will cause
818 addresses to be searched in the map if their domain
819 parts are subdomains of elements in class {G}.
820
821virtusertable A domain-specific form of aliasing, allowing multiple
822 virtual domains to be hosted on one machine. For example,
823 if the virtuser table contains:
824
825 info@foo.com foo-info
826 info@bar.com bar-info
827 joe@bar.com error:nouser 550 No such user here
828 jax@bar.com error:5.7.0:550 Address invalid
829 @baz.org jane@example.net
830
831 then mail addressed to info@foo.com will be sent to the
832 address foo-info, mail addressed to info@bar.com will be
833 delivered to bar-info, and mail addressed to anyone at baz.org
834 will be sent to jane@example.net, mail to joe@bar.com will
835 be rejected with the specified error message, and mail to
836 jax@bar.com will also have a RFC 1893 compliant error code
837 5.7.0.
838
839 The username from the original address is passed
840 as %1 allowing:
841
842 @foo.org %1@example.com
843
844 meaning someone@foo.org will be sent to someone@example.com.
845 Additionally, if the local part consists of "user+detail"
846 then "detail" is passed as %2 and "+detail" is passed as %3
847 when a match against user+* is attempted, so entries like
848
849 old+*@foo.org new+%2@example.com
850 gen+*@foo.org %2@example.com
851 +*@foo.org %1%3@example.com
852 X++@foo.org Z%3@example.com
853 @bar.org %1%3
854
855 and other forms are possible. Note: to preserve "+detail"
856 for a default case (@domain) %1%3 must be used as RHS.
857 There are two wildcards after "+": "+" matches only a non-empty
858 detail, "*" matches also empty details, e.g., user+@foo.org
859 matches +*@foo.org but not ++@foo.org. This can be used
860 to ensure that the parameters %2 and %3 are not empty.
861
862 All the host names on the left hand side (foo.com, bar.com,
863 and baz.org) must be in class {w} or class {VirtHost}. The
864 latter can be defined by the macros VIRTUSER_DOMAIN or
865 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
866 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
867 VIRTUSER_DOMAIN_FILE is used, then the entries of class
868 {VirtHost} are added to class {R}, i.e., relaying is allowed
869 to (and from) those domains, which by default includes also
870 all subdomains (see relay_hosts_only). The default map
871 definition is:
872
873 hash /etc/mail/virtusertable
874
875 A new definition can be specified as the second argument of
876 the FEATURE macro, such as
877
878 FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
879
880virtuser_entire_domain
881 If the virtusertable is enabled and VIRTUSER_DOMAIN or
882 VIRTUSER_DOMAIN_FILE is used, this feature will cause
883 addresses to be searched in the map if their domain
884 parts are subdomains of elements in class {VirtHost}.
885
886ldap_routing Implement LDAP-based e-mail recipient routing according to
887 the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
888 This provides a method to re-route addresses with a
889 domain portion in class {LDAPRoute} to either a
890 different mail host or a different address. Hosts can
891 be added to this class using LDAPROUTE_DOMAIN and
892 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
893 MASQUERADE_DOMAIN_FILE, see below).
894
895 See the LDAP ROUTING section below for more information.
896
897nullclient This is a special case -- it creates a configuration file
898 containing nothing but support for forwarding all mail to a
899 central hub via a local SMTP-based network. The argument
900 is the name of that hub.
901
902 The only other feature that should be used in conjunction
903 with this one is FEATURE(`nocanonify'). No mailers
904 should be defined. No aliasing or forwarding is done.
905
906local_lmtp Use an LMTP capable local mailer. The argument to this
907 feature is the pathname of an LMTP capable mailer. By
908 default, mail.local is used. This is expected to be the
909 mail.local which came with the 8.9 distribution which is
910 LMTP capable. The path to mail.local is set by the
911 confEBINDIR m4 variable -- making the default
912 LOCAL_MAILER_PATH /usr/libexec/mail.local.
913 If a different LMTP capable mailer is used, its pathname
914 can be specified as second parameter and the arguments
915 passed to it (A=) as third parameter, e.g.,
916
917 FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
918
919 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
920 i.e., without respecting any definitions in an OSTYPE setting.
921
922local_procmail Use procmail or another delivery agent as the local mailer.
923 The argument to this feature is the pathname of the
924 delivery agent, which defaults to PROCMAIL_MAILER_PATH.
925 Note that this does NOT use PROCMAIL_MAILER_FLAGS or
926 PROCMAIL_MAILER_ARGS for the local mailer; tweak
927 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
928 specify the appropriate parameters. When procmail is used,
929 the local mailer can make use of the
930 "user+indicator@local.host" syntax; normally the +indicator
931 is just tossed, but by default it is passed as the -a
932 argument to procmail.
933
934 This feature can take up to three arguments:
935
936 1. Path to the mailer program
937 [default: /usr/local/bin/procmail]
938 2. Argument vector including name of the program
939 [default: procmail -Y -a $h -d $u]
940 3. Flags for the mailer [default: SPfhn9]
941
942 Empty arguments cause the defaults to be taken.
943 Note that if you are on a system with a broken
944 setreuid() call, you may need to add -f $f to the procmail
945 argument vector to pass the proper sender to procmail.
946
947 For example, this allows it to use the maildrop
948 (http://www.flounder.net/~mrsam/maildrop/) mailer instead
949 by specifying:
950
951 FEATURE(`local_procmail', `/usr/local/bin/maildrop',
952 `maildrop -d $u')
953
954 or scanmails using:
955
956 FEATURE(`local_procmail', `/usr/local/bin/scanmails')
957
958 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
959 i.e., without respecting any definitions in an OSTYPE setting.
960
961bestmx_is_local Accept mail as though locally addressed for any host that
962 lists us as the best possible MX record. This generates
963 additional DNS traffic, but should be OK for low to
964 medium traffic hosts. The argument may be a set of
965 domains, which will limit the feature to only apply to
966 these domains -- this will reduce unnecessary DNS
967 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
968 WILDCARD MX RECORDS!!! If you have a wildcard MX record
969 that matches your domain, you cannot use this feature.
970
971smrsh Use the SendMail Restricted SHell (smrsh) provided
972 with the distribution instead of /bin/sh for mailing
973 to programs. This improves the ability of the local
974 system administrator to control what gets run via
975 e-mail. If an argument is provided it is used as the
976 pathname to smrsh; otherwise, the path defined by
977 confEBINDIR is used for the smrsh binary -- by default,
978 /usr/libexec/smrsh is assumed.
979
980promiscuous_relay
981 By default, the sendmail configuration files do not permit
982 mail relaying (that is, accepting mail from outside your
983 local host (class {w}) and sending it to another host than
984 your local host). This option sets your site to allow
985 mail relaying from any site to any site. In almost all
986 cases, it is better to control relaying more carefully
987 with the access map, class {R}, or authentication. Domains
988 can be added to class {R} by the macros RELAY_DOMAIN or
989 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
990 MASQUERADE_DOMAIN_FILE, see below).
991
992relay_entire_domain
993 This option allows any host in your domain as defined by
994 class {m} to use your server for relaying. Notice: make
995 sure that your domain is not just a top level domain,
996 e.g., com. This can happen if you give your host a name
997 like example.com instead of host.example.com.
998
999relay_hosts_only
1000 By default, names that are listed as RELAY in the access
1001 db and class {R} are treated as domain names, not host names.
1002 For example, if you specify ``foo.com'', then mail to or
1003 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1004 will all be accepted for relaying. This feature changes
1005 the behaviour to lookup individual host names only.
1006
1007relay_based_on_MX
1008 Turns on the ability to allow relaying based on the MX
1009 records of the host portion of an incoming recipient; that
1010 is, if an MX record for host foo.com points to your site,
1011 you will accept and relay mail addressed to foo.com. See
1012 description below for more information before using this
1013 feature. Also, see the KNOWNBUGS entry regarding bestmx
1014 map lookups.
1015
1016 FEATURE(`relay_based_on_MX') does not necessarily allow
1017 routing of these messages which you expect to be allowed,
1018 if route address syntax (or %-hack syntax) is used. If
1019 this is a problem, add entries to the access-table or use
1020 FEATURE(`loose_relay_check').
1021
1022relay_mail_from
1023 Allows relaying if the mail sender is listed as RELAY in
1024 the access map. If an optional argument `domain' (this
1025 is the literal word `domain', not a placeholder) is given,
1026 relaying can be allowed just based on the domain portion
1027 of the sender address. This feature should only be used if
1028 absolutely necessary as the sender address can be easily
1029 forged. Use of this feature requires the "From:" tag to
1030 be used for the key in the access map; see the discussion
1031 of tags and FEATURE(`relay_mail_from') in the section on
1032 anti-spam configuration control.
1033
1034relay_local_from
1035 Allows relaying if the domain portion of the mail sender
1036 is a local host. This should only be used if absolutely
1037 necessary as it opens a window for spammers. Specifically,
1038 they can send mail to your mail server that claims to be
1039 from your domain (either directly or via a routed address),
1040 and you will go ahead and relay it out to arbitrary hosts
1041 on the Internet.
1042
1043accept_unqualified_senders
1044 Normally, MAIL FROM: commands in the SMTP session will be
1045 refused if the connection is a network connection and the
1046 sender address does not include a domain name. If your
1047 setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1048 you will need to use this feature to accept unqualified
1049 sender addresses. Setting the DaemonPortOptions modifier
1050 'u' overrides the default behavior, i.e., unqualified
1051 addresses are accepted even without this FEATURE.
1052 If this FEATURE is not used, the DaemonPortOptions modifier
1053 'f' can be used to enforce fully qualified addresses.
1054
1055accept_unresolvable_domains
1056 Normally, MAIL FROM: commands in the SMTP session will be
1057 refused if the host part of the argument to MAIL FROM:
1058 cannot be located in the host name service (e.g., an A or
1059 MX record in DNS). If you are inside a firewall that has
1060 only a limited view of the Internet host name space, this
1061 could cause problems. In this case you probably want to
1062 use this feature to accept all domains on input, even if
1063 they are unresolvable.
1064
1065access_db Turns on the access database feature. The access db gives
1066 you the ability to allow or refuse to accept mail from
1067 specified domains for administrative reasons. Moreover,
1068 it can control the behavior of sendmail in various situations.
1069 By default, the access database specification is:
1070
1071 hash -T<TMPF> /etc/mail/access
1072
1073 See the anti-spam configuration control section for further
1074 important information about this feature. Notice:
1075 "-T<TMPF>" is meant literal, do not replace it by anything.
1076
1077blacklist_recipients
1078 Turns on the ability to block incoming mail for certain
1079 recipient usernames, hostnames, or addresses. For
1080 example, you can block incoming mail to user nobody,
1081 host foo.mydomain.com, or guest@bar.mydomain.com.
1082 These specifications are put in the access db as
1083 described in the anti-spam configuration control section
1084 later in this document.
1085
1086delay_checks The rulesets check_mail and check_relay will not be called
1087 when a client connects or issues a MAIL command, respectively.
1088 Instead, those rulesets will be called by the check_rcpt
1089 ruleset; they will be skipped under certain circumstances.
1090 See "Delay all checks" in the anti-spam configuration control
1091 section. Note: this feature is incompatible to the versions
1092 in 8.10 and 8.11.
1093
1094use_client_ptr If this feature is enabled then check_relay will override
1095 its first argument with $&{client_ptr}. This is useful for
1096 rejections based on the unverified hostname of client,
1097 which turns on the same behavior as in earlier sendmail
1098 versions when delay_checks was not in use. See doc/op/op.*
1099 about check_relay, {client_name}, and {client_ptr}.
1100
1101dnsbl Turns on rejection, discarding, or quarantining of hosts
1102 found in a DNS based list. The first argument is used as
1103 the domain in which blocked hosts are listed. A second
1104 argument can be used to change the default error message,
1105 or select one of the operations `discard' and `quarantine'.
1106 Without that second argument, the error message will be
1107
1108 Rejected: IP-ADDRESS listed at SERVER
1109
1110 where IP-ADDRESS and SERVER are replaced by the appropriate
1111 information. By default, temporary lookup failures are
1112 ignored. This behavior can be changed by specifying a
1113 third argument, which must be either `t' or a full error
1114 message. See the anti-spam configuration control section for
1115 an example. The dnsbl feature can be included several times
1116 to query different DNS based rejection lists. See also
1117 enhdnsbl for an enhanced version.
1118
1119 Set the DNSBL_MAP mc option to change the default map
1120 definition from `host'. Set the DNSBL_MAP_OPT mc option
1121 to add additional options to the map specification used.
1122
1123 Some DNS based rejection lists cause failures if asked
1124 for AAAA records. If your sendmail version is compiled
1125 with IPv6 support (NETINET6) and you experience this
1126 problem, add
1127
1128 define(`DNSBL_MAP', `dns -R A')
1129
1130 before the first use of this feature. Alternatively you
1131 can use enhdnsbl instead (see below). Moreover, this
1132 statement can be used to reduce the number of DNS retries,
1133 e.g.,
1134
1135 define(`DNSBL_MAP', `dns -R A -r2')
1136
1137 See below (EDNSBL_TO) for an explanation.
1138
1139enhdnsbl Enhanced version of dnsbl (see above). Further arguments
1140 (up to 5) can be used to specify specific return values
1141 from lookups. Temporary lookup failures are ignored unless
1142 a third argument is given, which must be either `t' or a full
1143 error message. By default, any successful lookup will
1144 generate an error. Otherwise the result of the lookup is
1145 compared with the supplied argument(s), and only if a match
1146 occurs an error is generated. For example,
1147
1148 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
1149
1150 will reject the e-mail if the lookup returns the value
1151 ``127.0.0.2.'', or generate a 451 response if the lookup
1152 temporarily failed. The arguments can contain metasymbols
1153 as they are allowed in the LHS of rules. As the example
1154 shows, the default values are also used if an empty argument,
1155 i.e., `', is specified. This feature requires that sendmail
1156 has been compiled with the flag DNSMAP (see sendmail/README).
1157
1158 Set the EDNSBL_TO mc option to change the DNS retry count
1159 from the default value of 5, this can be very useful when
1160 a DNS server is not responding, which in turn may cause
1161 clients to time out (an entry stating
1162
1163 did not issue MAIL/EXPN/VRFY/ETRN
1164
1165 will be logged).
1166
1167ratecontrol Enable simple ruleset to do connection rate control
1168 checking. This requires entries in access_db of the form
1169
1170 ClientRate:IP.ADD.RE.SS LIMIT
1171
1172 The RHS specifies the maximum number of connections
1173 (an integer number) over the time interval defined
1174 by ConnectionRateWindowSize, where 0 means unlimited.
1175
1176 Take the following example:
1177
1178 ClientRate:10.1.2.3 4
1179 ClientRate:127.0.0.1 0
1180 ClientRate: 10
1181
1182 10.1.2.3 can only make up to 4 connections, the
1183 general limit it 10, and 127.0.0.1 can make an unlimited
1184 number of connections per ConnectionRateWindowSize.
1185
1186 See also CONNECTION CONTROL.
1187
1188conncontrol Enable a simple check of the number of incoming SMTP
1189 connections. This requires entries in access_db of the
1190 form
1191
1192 ClientConn:IP.ADD.RE.SS LIMIT
1193
1194 The RHS specifies the maximum number of open connections
1195 (an integer number).
1196
1197 Take the following example:
1198
1199 ClientConn:10.1.2.3 4
1200 ClientConn:127.0.0.1 0
1201 ClientConn: 10
1202
1203 10.1.2.3 can only have up to 4 open connections, the
1204 general limit it 10, and 127.0.0.1 does not have any
1205 explicit limit.
1206
1207 See also CONNECTION CONTROL.
1208
1209mtamark Experimental support for "Marking Mail Transfer Agents in
1210 Reverse DNS with TXT RRs" (MTAMark), see
1211 draft-stumpf-dns-mtamark-01. Optional arguments are:
1212
1213 1. Error message, default:
1214
1215 550 Rejected: $&{client_addr} not listed as MTA
1216
1217 2. Temporary lookup failures are ignored unless a second
1218 argument is given, which must be either `t' or a full
1219 error message.
1220
1221 3. Lookup prefix, default: _perm._smtp._srv. This should
1222 not be changed unless the draft changes it.
1223
1224 Example:
1225
1226 FEATURE(`mtamark', `', `t')
1227
1228lookupdotdomain Look up also .domain in the access map. This allows to
1229 match only subdomains. It does not work well with
1230 FEATURE(`relay_hosts_only'), because most lookups for
1231 subdomains are suppressed by the latter feature.
1232
1233loose_relay_check
1234 Normally, if % addressing is used for a recipient, e.g.
1235 user%site@othersite, and othersite is in class {R}, the
1236 check_rcpt ruleset will strip @othersite and recheck
1237 user@site for relaying. This feature changes that
1238 behavior. It should not be needed for most installations.
1239
1240preserve_luser_host
1241 Preserve the name of the recipient host if LUSER_RELAY is
1242 used. Without this option, the domain part of the
1243 recipient address will be replaced by the host specified as
1244 LUSER_RELAY. This feature only works if the hostname is
1245 passed to the mailer (see mailer triple in op.me). Note
1246 that in the default configuration the local mailer does not
1247 receive the hostname, i.e., the mailer triple has an empty
1248 hostname.
1249
1250preserve_local_plus_detail
1251 Preserve the +detail portion of the address when passing
1252 address to local delivery agent. Disables alias and
1253 .forward +detail stripping (e.g., given user+detail, only
1254 that address will be looked up in the alias file; user+* and
1255 user will not be looked up). Only use if the local
1256 delivery agent in use supports +detail addressing.
1257
1258compat_check Enable ruleset check_compat to look up pairs of addresses
1259 with the Compat: tag -- Compat:sender<@>recipient -- in the
1260 access map. Valid values for the RHS include
1261 DISCARD silently discard recipient
1262 TEMP: return a temporary error
1263 ERROR: return a permanent error
1264 In the last two cases, a 4xy/5xy SMTP reply code should
1265 follow the colon.
1266
1267no_default_msa Don't generate the default MSA daemon, i.e.,
1268 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1269 To define a MSA daemon with other parameters, use this
1270 FEATURE and introduce new settings via DAEMON_OPTIONS().
1271
1272msp Defines config file for Message Submission Program.
1273 See cf/submit.mc for how
1274 to use it. An optional argument can be used to override
1275 the default of `[localhost]' to use as host to send all
1276 e-mails to. Note that MX records will be used if the
1277 specified hostname is not in square brackets (e.g.,
1278 [hostname]). If `MSA' is specified as second argument then
1279 port 587 is used to contact the server. Example:
1280
1281 FEATURE(`msp', `', `MSA')
1282
1283 Some more hints about possible changes can be found below
1284 in the section MESSAGE SUBMISSION PROGRAM.
1285
1286 Note: Due to many problems, submit.mc uses
1287
1288 FEATURE(`msp', `[127.0.0.1]')
1289
1290 by default. If you have a machine with IPv6 only,
1291 change it to
1292
1293 FEATURE(`msp', `[IPv6:::1]')
1294
1295 If you want to continue using '[localhost]', (the behavior
1296 up to 8.12.6), use
1297
1298 FEATURE(`msp')
1299
1300queuegroup A simple example how to select a queue group based
1301 on the full e-mail address or the domain of the
1302 recipient. Selection is done via entries in the
1303 access map using the tag QGRP:, for example:
1304
1305 QGRP:example.com main
1306 QGRP:friend@some.org others
1307 QGRP:my.domain local
1308
1309 where "main", "others", and "local" are names of
1310 queue groups. If an argument is specified, it is used
1311 as default queue group.
1312
1313 Note: please read the warning in doc/op/op.me about
1314 queue groups and possible queue manipulations.
1315
1316greet_pause Adds the greet_pause ruleset which enables open proxy
1317 and SMTP slamming protection. The feature can take an
1318 argument specifying the milliseconds to wait:
1319
1320 FEATURE(`greet_pause', `5000') dnl 5 seconds
1321
1322 If FEATURE(`access_db') is enabled, an access database
1323 lookup with the GreetPause tag is done using client
1324 hostname, domain, IP address, or subnet to determine the
1325 pause time:
1326
1327 GreetPause:my.domain 0
1328 GreetPause:example.com 5000
1329 GreetPause:10.1.2 2000
1330 GreetPause:127.0.0.1 0
1331
1332 When using FEATURE(`access_db'), the optional
1333 FEATURE(`greet_pause') argument becomes the default if
1334 nothing is found in the access database. A ruleset called
1335 Local_greet_pause can be used for local modifications, e.g.,
1336
1337 LOCAL_RULESETS
1338 SLocal_greet_pause
1339 R$* $: $&{daemon_flags}
1340 R$* a $* $# 0
1341
1342block_bad_helo Reject messages from SMTP clients which provide a HELO/EHLO
1343 argument which is either unqualified, or is one of our own
1344 names (i.e., the server name instead of the client name).
1345 This check is performed at RCPT stage and disabled for the
1346 following cases:
1347 - authenticated sessions,
1348 - connections from IP addresses in class $={R}.
1349 Currently access_db lookups can not be used to
1350 (selectively) disable this test, moreover,
1351 FEATURE(`delay_checks')
1352 is required.
1353
1354require_rdns Reject mail from connecting SMTP clients without proper
1355 rDNS (reverse DNS), functional gethostbyaddr() resolution.
1356 Note: this feature will cause false positives, i.e., there
1357 are legitimate MTAs that do not have proper DNS entries.
1358 Rejecting mails from those MTAs is a local policy decision.
1359
1360 The basic policy is to reject message with a 5xx error if
1361 the IP address fails to resolve. However, if this is a
1362 temporary failure, a 4xx temporary failure is returned.
1363 If the look-up succeeds, but returns an apparently forged
1364 value, this is treated as a temporary failure with a 4xx
1365 error code.
1366
1367 EXCEPTIONS:
1368
1369 Exceptions based on access entries are discussed below.
1370 Any IP address matched using $=R (the "relay-domains" file)
1371 is excepted from the rules. Since we have explicitly
1372 allowed relaying for this host, based on IP address, we
1373 ignore the rDNS failure.
1374
1375 The philosophical assumption here is that most users do
1376 not control their rDNS. They should be able to send mail
1377 through their ISP, whether or not they have valid rDNS.
1378 The class $=R, roughly speaking, contains those IP addresses
1379 and address ranges for which we are the ISP, or are acting
1380 as if the ISP.
1381
1382 If `delay_checks' is in effect (recommended), then any
1383 sender who has authenticated is also excepted from the
1384 restrictions. This happens because the rules produced by
1385 this FEATURE() will not be applied to authenticated senders
1386 (assuming `delay_checks').
1387
1388 ACCESS MAP ENTRIES:
1389
1390 Entries such as
1391 Connect:1.2.3.4 OK
1392 Connect:1.2 RELAY
1393 will whitelist IP address 1.2.3.4, so that the rDNS
1394 blocking does apply to that IP address
1395
1396 Entries such as
1397 Connect:1.2.3.4 REJECT
1398 will have the effect of forcing a temporary failure for
1399 that address to be treated as a permanent failure.
1400
1401badmx Reject envelope sender addresses (MAIL) whose domain part
1402 resolves to a "bad" MX record. By default these are
1403 MX records which resolve to A records that match the
1404 regular expression:
1405
1406 ^(127\.|10\.|0\.0\.0\.0)
1407
1408 This default regular expression can be overridden by
1409 specifying an argument, e.g.,
1410
1411 FEATURE(`badmx', `^127\.0\.0\.1')
1412
1413 Note: this feature requires that the sendmail binary
1414 has been compiled with the options MAP_REGEX and
1415 DNSMAP.
1416
1417+--------------------+
1418| USING UUCP MAILERS |
1419+--------------------+
1420
1421It's hard to get UUCP mailers right because of the extremely ad hoc
1422nature of UUCP addressing. These config files are really designed
1423for domain-based addressing, even for UUCP sites.
1424
1425There are four UUCP mailers available. The choice of which one to
1426use is partly a matter of local preferences and what is running at
1427the other end of your UUCP connection. Unlike good protocols that
1428define what will go over the wire, UUCP uses the policy that you
1429should do what is right for the other end; if they change, you have
1430to change. This makes it hard to do the right thing, and discourages
1431people from updating their software. In general, if you can avoid
1432UUCP, please do.
1433
1434The major choice is whether to go for a domainized scheme or a
1435non-domainized scheme. This depends entirely on what the other
1436end will recognize. If at all possible, you should encourage the
1437other end to go to a domain-based system -- non-domainized addresses
1438don't work entirely properly.
1439
1440The four mailers are:
1441
1442 uucp-old (obsolete name: "uucp")
1443 This is the oldest, the worst (but the closest to UUCP) way of
1444 sending messages across UUCP connections. It does bangify
1445 everything and prepends $U (your UUCP name) to the sender's
1446 address (which can already be a bang path itself). It can
1447 only send to one address at a time, so it spends a lot of
1448 time copying duplicates of messages. Avoid this if at all
1449 possible.
1450
1451 uucp-new (obsolete name: "suucp")
1452 The same as above, except that it assumes that in one rmail
1453 command you can specify several recipients. It still has a
1454 lot of other problems.
1455
1456 uucp-dom
1457 This UUCP mailer keeps everything as domain addresses.
1458 Basically, it uses the SMTP mailer rewriting rules. This mailer
1459 is only included if MAILER(`smtp') is specified before
1460 MAILER(`uucp').
1461
1462 Unfortunately, a lot of UUCP mailer transport agents require
1463 bangified addresses in the envelope, although you can use
1464 domain-based addresses in the message header. (The envelope
1465 shows up as the From_ line on UNIX mail.) So....
1466
1467 uucp-uudom
1468 This is a cross between uucp-new (for the envelope addresses)
1469 and uucp-dom (for the header addresses). It bangifies the
1470 envelope sender (From_ line in messages) without adding the
1471 local hostname, unless there is no host name on the address
1472 at all (e.g., "wolf") or the host component is a UUCP host name
1473 instead of a domain name ("somehost!wolf" instead of
1474 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
1475 is also specified earlier.
1476
1477Examples:
1478
1479On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1480summarizes the sender rewriting for various mailers.
1481
1482Mailer sender rewriting in the envelope
1483------ ------ -------------------------
1484uucp-{old,new} wolf grasp!wolf
1485uucp-dom wolf wolf@grasp.insa-lyon.fr
1486uucp-uudom wolf grasp.insa-lyon.fr!wolf
1487
1488uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
1489uucp-dom wolf@fr.net wolf@fr.net
1490uucp-uudom wolf@fr.net fr.net!wolf
1491
1492uucp-{old,new} somehost!wolf grasp!somehost!wolf
1493uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
1494uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
1495
1496If you are using one of the domainized UUCP mailers, you really want
1497to convert all UUCP addresses to domain format -- otherwise, it will
1498do it for you (and probably not the way you expected). For example,
1499if you have the address foo!bar!baz (and you are not sending to foo),
1500the heuristics will add the @uucp.relay.name or @local.host.name to
1501this address. However, if you map foo to foo.host.name first, it
1502will not add the local hostname. You can do this using the uucpdomain
1503feature.
1504
1505
1506+-------------------+
1507| TWEAKING RULESETS |
1508+-------------------+
1509
1510For more complex configurations, you can define special rules.
1511The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1512the names. Any modifications made here are reflected in the header.
1513
1514A common use is to convert old UUCP addresses to SMTP addresses using
1515the UUCPSMTP macro. For example:
1516
1517 LOCAL_RULE_3
1518 UUCPSMTP(`decvax', `decvax.dec.com')
1519 UUCPSMTP(`research', `research.att.com')
1520
1521will cause addresses of the form "decvax!user" and "research!user"
1522to be converted to "user@decvax.dec.com" and "user@research.att.com"
1523respectively.
1524
1525This could also be used to look up hosts in a database map:
1526
1527 LOCAL_RULE_3
1528 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3
1529
1530This map would be defined in the LOCAL_CONFIG portion, as shown below.
1531
1532Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1533For example, new rules are needed to parse hostnames that you accept
1534via MX records. For example, you might have:
1535
1536 LOCAL_RULE_0
1537 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1538
1539You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1540pointing at this host; this rule catches the message and forwards it on
1541using UUCP.
1542
1543You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1544These rulesets are normally empty.
1545
1546A similar macro is LOCAL_CONFIG. This introduces lines added after the
1547boilerplate option setting but before rulesets. Do not declare rulesets in
1548the LOCAL_CONFIG section. It can be used to declare local database maps or
1549whatever. For example:
1550
1551 LOCAL_CONFIG
1552 Khostmap hash /etc/mail/hostmap
1553 Kyplocal nis -m hosts.byname
1554
1555
1556+---------------------------+
1557| MASQUERADING AND RELAYING |
1558+---------------------------+
1559
1560You can have your host masquerade as another using
1561
1562 MASQUERADE_AS(`host.domain')
1563
1564This causes mail being sent to be labeled as coming from the
1565indicated host.domain, rather than $j. One normally masquerades as
1566one of one's own subdomains (for example, it's unlikely that
1567Berkeley would choose to masquerade as an MIT site). This
1568behaviour is modified by a plethora of FEATUREs; in particular, see
1569masquerade_envelope, allmasquerade, limited_masquerade, and
1570masquerade_entire_domain.
1571
1572The masquerade name is not normally canonified, so it is important
1573that it be your One True Name, that is, fully qualified and not a
1574CNAME. However, if you use a CNAME, the receiving side may canonify
1575it for you, so don't think you can cheat CNAME mapping this way.
1576
1577Normally the only addresses that are masqueraded are those that come
1578from this host (that is, are either unqualified or in class {w}, the list
1579of local domain names). You can augment this list, which is realized
1580by class {M} using
1581
1582 MASQUERADE_DOMAIN(`otherhost.domain')
1583
1584The effect of this is that although mail to user@otherhost.domain
1585will not be delivered locally, any mail including any user@otherhost.domain
1586will, when relayed, be rewritten to have the MASQUERADE_AS address.
1587This can be a space-separated list of names.
1588
1589If these names are in a file, you can use
1590
1591 MASQUERADE_DOMAIN_FILE(`filename')
1592
1593to read the list of names from the indicated file (i.e., to add
1594elements to class {M}).
1595
1596To exempt hosts or subdomains from being masqueraded, you can use
1597
1598 MASQUERADE_EXCEPTION(`host.domain')
1599
1600This can come handy if you want to masquerade a whole domain
1601except for one (or a few) host(s). If these names are in a file,
1602you can use
1603
1604 MASQUERADE_EXCEPTION_FILE(`filename')
1605
1606Normally only header addresses are masqueraded. If you want to
1607masquerade the envelope as well, use
1608
1609 FEATURE(`masquerade_envelope')
1610
1611There are always users that need to be "exposed" -- that is, their
1612internal site name should be displayed instead of the masquerade name.
1613Root is an example (which has been "exposed" by default prior to 8.10).
1614You can add users to this list using
1615
1616 EXPOSED_USER(`usernames')
1617
1618This adds users to class {E}; you could also use
1619
1620 EXPOSED_USER_FILE(`filename')
1621
1622You can also arrange to relay all unqualified names (that is, names
1623without @host) to a relay host. For example, if you have a central
1624email server, you might relay to that host so that users don't have
1625to have .forward files or aliases. You can do this using
1626
1627 define(`LOCAL_RELAY', `mailer:hostname')
1628
1629The ``mailer:'' can be omitted, in which case the mailer defaults to
1630"relay". There are some user names that you don't want relayed, perhaps
1631because of local aliases. A common example is root, which may be
1632locally aliased. You can add entries to this list using
1633
1634 LOCAL_USER(`usernames')
1635
1636This adds users to class {L}; you could also use
1637
1638 LOCAL_USER_FILE(`filename')
1639
1640If you want all incoming mail sent to a centralized hub, as for a
1641shared /var/spool/mail scheme, use
1642
1643 define(`MAIL_HUB', `mailer:hostname')
1644
1645Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY
1646and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1647be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1648Note: there is a (long standing) bug which keeps this combination from
1649working for addresses of the form user+detail.
1650Names in class {L} will be delivered locally, so you MUST have aliases or
1651.forward files for them.
1652
1653For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1654FEATURE(`stickyhost'), the following combinations of settings will have the
1655indicated effects:
1656
1657email sent to.... eric eric@mastodon.CS.Berkeley.EDU
1658
1659LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally)
1660mail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
1661
1662MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1663mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done)
1664
1665Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1666MAIL_HUB set as above (no local aliasing) (aliasing done)
1667
1668If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1669MAIL_HUB act identically, with MAIL_HUB taking precedence.
1670
1671If you want all outgoing mail to go to a central relay site, define
1672SMART_HOST as well. Briefly:
1673
1674 LOCAL_RELAY applies to unqualified names (e.g., "eric").
1675 MAIL_HUB applies to names qualified with the name of the
1676 local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1677 SMART_HOST applies to names qualified with other hosts or
1678 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1679 or "eric@[127.0.0.1]").
1680
1681However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1682DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1683really want absolutely everything to go to a single central site you will
1684need to unset all the other relays -- or better yet, find or build a
1685minimal config file that does this.
1686
1687For duplicate suppression to work properly, the host name is best
1688specified with a terminal dot:
1689
1690 define(`MAIL_HUB', `host.domain.')
1691 note the trailing dot ---^
1692
1693
1694+-------------------------------------------+
1695| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1696+-------------------------------------------+
1697
1698LDAP can be used for aliases, maps, and classes by either specifying your
1699own LDAP map specification or using the built-in default LDAP map
1700specification. The built-in default specifications all provide lookups
1701which match against either the machine's fully qualified hostname (${j}) or
1702a "cluster". The cluster allows you to share LDAP entries among a large
1703number of machines without having to enter each of the machine names into
1704each LDAP entry. To set the LDAP cluster name to use for a particular
1705machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1706unique name. For example:
1707
1708 define(`confLDAP_CLUSTER', `Servers')
1709
1710Here, the word `Servers' will be the cluster name. As an example, assume
1711that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1712to the Servers cluster.
1713
1714Some of the LDAP LDIF examples below show use of the Servers cluster.
1715Every entry must have either a sendmailMTAHost or sendmailMTACluster
1716attribute or it will be ignored. Be careful as mixing clusters and
1717individual host records can have surprising results (see the CAUTION
1718sections below).
1719
1720See the file cf/sendmail.schema for the actual LDAP schemas. Note that
1721this schema (and therefore the lookups and examples below) is experimental
1722at this point as it has had little public review. Therefore, it may change
1723in future versions. Feedback via sendmail-YYYY@support.sendmail.org is
1724encouraged (replace YYYY with the current year, e.g., 2005).
1725
1726-------
1727Aliases
1728-------
1729
1730The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
1731lookups. To use the default schema, simply use:
1732
1733 define(`ALIAS_FILE', `ldap:')
1734
1735By doing so, you will use the default schema which expands to a map
1736declared as follows:
1737
1738 ldap -k (&(objectClass=sendmailMTAAliasObject)
1739 (sendmailMTAAliasGrouping=aliases)
1740 (|(sendmailMTACluster=${sendmailMTACluster})
1741 (sendmailMTAHost=$j))
1742 (sendmailMTAKey=%0))
1743 -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
1744
1745
1746NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1747used when the binary expands the `ldap:' token as the AliasFile option is
1748not actually macro-expanded when read from the sendmail.cf file.
1749
1750Example LDAP LDIF entries might be:
1751
1752 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
1753 objectClass: sendmailMTA
1754 objectClass: sendmailMTAAlias
1755 objectClass: sendmailMTAAliasObject
1756 sendmailMTAAliasGrouping: aliases
1757 sendmailMTAHost: etrn.sendmail.org
1758 sendmailMTAKey: sendmail-list
1759 sendmailMTAAliasValue: ca@example.org
1760 sendmailMTAAliasValue: eric
1761 sendmailMTAAliasValue: gshapiro@example.com
1762
1763 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
1764 objectClass: sendmailMTA
1765 objectClass: sendmailMTAAlias
1766 objectClass: sendmailMTAAliasObject
1767 sendmailMTAAliasGrouping: aliases
1768 sendmailMTAHost: etrn.sendmail.org
1769 sendmailMTAKey: owner-sendmail-list
1770 sendmailMTAAliasValue: eric
1771
1772 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
1773 objectClass: sendmailMTA
1774 objectClass: sendmailMTAAlias
1775 objectClass: sendmailMTAAliasObject
1776 sendmailMTAAliasGrouping: aliases
1777 sendmailMTACluster: Servers
1778 sendmailMTAKey: postmaster
1779 sendmailMTAAliasValue: eric
1780
1781Here, the aliases sendmail-list and owner-sendmail-list will be available
1782only on etrn.sendmail.org but the postmaster alias will be available on
1783every machine in the Servers cluster (including etrn.sendmail.org).
1784
1785CAUTION: aliases are additive so that entries like these:
1786
1787 dn: sendmailMTAKey=bob, dc=sendmail, dc=org
1788 objectClass: sendmailMTA
1789 objectClass: sendmailMTAAlias
1790 objectClass: sendmailMTAAliasObject
1791 sendmailMTAAliasGrouping: aliases
1792 sendmailMTACluster: Servers
1793 sendmailMTAKey: bob
1794 sendmailMTAAliasValue: eric
1795
1796 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
1797 objectClass: sendmailMTA
1798 objectClass: sendmailMTAAlias
1799 objectClass: sendmailMTAAliasObject
1800 sendmailMTAAliasGrouping: aliases
1801 sendmailMTAHost: etrn.sendmail.org
1802 sendmailMTAKey: bob
1803 sendmailMTAAliasValue: gshapiro
1804
1805would mean that on all of the hosts in the cluster, mail to bob would go to
1806eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
1807gshapiro.
1808
1809If you prefer not to use the default LDAP schema for your aliases, you can
1810specify the map parameters when setting ALIAS_FILE. For example:
1811
1812 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
1813
1814----
1815Maps
1816----
1817
1818FEATURE()'s which take an optional map definition argument (e.g., access,
1819mailertable, virtusertable, etc.) can instead take the special keyword
1820`LDAP', e.g.:
1821
1822 FEATURE(`access_db', `LDAP')
1823 FEATURE(`virtusertable', `LDAP')
1824
1825When this keyword is given, that map will use LDAP lookups consisting of
1826the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
1827with the map name, a search attribute of sendmailMTAKey, and the value
1828attribute sendmailMTAMapValue.
1829
1830The values for sendmailMTAMapName are:
1831
1832 FEATURE() sendmailMTAMapName
1833 --------- ------------------
1834 access_db access
1835 authinfo authinfo
1836 bitdomain bitdomain
1837 domaintable domain
1838 genericstable generics
1839 mailertable mailer
1840 uucpdomain uucpdomain
1841 virtusertable virtuser
1842
1843For example, FEATURE(`mailertable', `LDAP') would use the map definition:
1844
1845 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
1846 (sendmailMTAMapName=mailer)
1847 (|(sendmailMTACluster=${sendmailMTACluster})
1848 (sendmailMTAHost=$j))
1849 (sendmailMTAKey=%0))
1850 -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
1851
1852An example LDAP LDIF entry using this map might be:
1853
1854 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
1855 objectClass: sendmailMTA
1856 objectClass: sendmailMTAMap
1857 sendmailMTACluster: Servers
1858 sendmailMTAMapName: mailer
1859
1860 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1861 objectClass: sendmailMTA
1862 objectClass: sendmailMTAMap
1863 objectClass: sendmailMTAMapObject
1864 sendmailMTAMapName: mailer
1865 sendmailMTACluster: Servers
1866 sendmailMTAKey: example.com
1867 sendmailMTAMapValue: relay:[smtp.example.com]
1868
1869CAUTION: If your LDAP database contains the record above and *ALSO* a host
1870specific record such as:
1871
1872 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1873 objectClass: sendmailMTA
1874 objectClass: sendmailMTAMap
1875 objectClass: sendmailMTAMapObject
1876 sendmailMTAMapName: mailer
1877 sendmailMTAHost: etrn.sendmail.org
1878 sendmailMTAKey: example.com
1879 sendmailMTAMapValue: relay:[mx.example.com]
1880
1881then these entries will give unexpected results. When the lookup is done
1882on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
1883require a single match. Since the host etrn.sendmail.org is also in the
1884Servers cluster, LDAP would return two answers for the example.com map key
1885in which case sendmail would treat this as no match at all.
1886
1887If you prefer not to use the default LDAP schema for your maps, you can
1888specify the map parameters when using the FEATURE(). For example:
1889
1890 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
1891
1892-------
1893Classes
1894-------
1895
1896Normally, classes can be filled via files or programs. As of 8.12, they
1897can also be filled via map lookups using a new syntax:
1898
1899 F{ClassName}mapkey@mapclass:mapspec
1900
1901mapkey is optional and if not provided the map key will be empty. This can
1902be used with LDAP to read classes from LDAP. Note that the lookup is only
1903done when sendmail is initially started. Use the special value `@LDAP' to
1904use the default LDAP schema. For example:
1905
1906 RELAY_DOMAIN_FILE(`@LDAP')
1907
1908would put all of the attribute sendmailMTAClassValue values of LDAP records
1909with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
1910'R' into class $={R}. In other words, it is equivalent to the LDAP map
1911specification:
1912
1913 F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
1914 (sendmailMTAClassName=R)
1915 (|(sendmailMTACluster=${sendmailMTACluster})
1916 (sendmailMTAHost=$j)))
1917 -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
1918
1919NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1920used when the binary expands the `@LDAP' token as class declarations are
1921not actually macro-expanded when read from the sendmail.cf file.
1922
1923This can be used with class related commands such as RELAY_DOMAIN_FILE(),
1924MASQUERADE_DOMAIN_FILE(), etc:
1925
1926 Command sendmailMTAClassName
1927 ------- --------------------
1928 CANONIFY_DOMAIN_FILE() Canonify
1929 EXPOSED_USER_FILE() E
1930 GENERICS_DOMAIN_FILE() G
1931 LDAPROUTE_DOMAIN_FILE() LDAPRoute
1932 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv
1933 LOCAL_USER_FILE() L
1934 MASQUERADE_DOMAIN_FILE() M
1935 MASQUERADE_EXCEPTION_FILE() N
1936 RELAY_DOMAIN_FILE() R
1937 VIRTUSER_DOMAIN_FILE() VirtHost
1938
1939You can also add your own as any 'F'ile class of the form:
1940
1941 F{ClassName}@LDAP
1942 ^^^^^^^^^
1943will use "ClassName" for the sendmailMTAClassName.
1944
1945An example LDAP LDIF entry would look like:
1946
1947 dn: sendmailMTAClassName=R, dc=sendmail, dc=org
1948 objectClass: sendmailMTA
1949 objectClass: sendmailMTAClass
1950 sendmailMTACluster: Servers
1951 sendmailMTAClassName: R
1952 sendmailMTAClassValue: sendmail.org
1953 sendmailMTAClassValue: example.com
1954 sendmailMTAClassValue: 10.56.23
1955
1956CAUTION: If your LDAP database contains the record above and *ALSO* a host
1957specific record such as:
1958
1959 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
1960 objectClass: sendmailMTA
1961 objectClass: sendmailMTAClass
1962 sendmailMTAHost: etrn.sendmail.org
1963 sendmailMTAClassName: R
1964 sendmailMTAClassValue: example.com
1965
1966the result will be similar to the aliases caution above. When the lookup
1967is done on etrn.sendmail.org, $={R} would contain all of the entries (from
1968both the cluster match and the host match). In other words, the effective
1969is additive.
1970
1971If you prefer not to use the default LDAP schema for your classes, you can
1972specify the map parameters when using the class command. For example:
1973
1974 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
1975
1976Remember, macros can not be used in a class declaration as the binary does
1977not expand them.
1978
1979
1980+--------------+
1981| LDAP ROUTING |
1982+--------------+
1983
1984FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
1985LDAP Schema for Intranet Mail Routing
1986(draft-lachman-laser-ldap-mail-routing-01). This feature enables
1987LDAP-based rerouting of a particular address to either a different host
1988or a different address. The LDAP lookup is first attempted on the full
1989address (e.g., user@example.com) and then on the domain portion
1990(e.g., @example.com). Be sure to setup your domain for LDAP routing using
1991LDAPROUTE_DOMAIN(), e.g.:
1992
1993 LDAPROUTE_DOMAIN(`example.com')
1994
1995Additionally, you can specify equivalent domains for LDAP routing using
1996LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent'
1997hostnames are mapped to $M (the masqueraded hostname for the server) before
1998the LDAP query. For example, if the mail is addressed to
1999user@host1.example.com, normally the LDAP lookup would only be done for
2000'user@host1.example.com' and '@host1.example.com'. However, if
2001LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
2002done on 'user@example.com' and '@example.com' after attempting the
2003host1.example.com lookups.
2004
2005By default, the feature will use the schemas as specified in the draft
2006and will not reject addresses not found by the LDAP lookup. However,
2007this behavior can be changed by giving additional arguments to the FEATURE()
2008command:
2009
2010 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
2011 <detail>, <nodomain>, <tempfail>)
2012
2013where <mailHost> is a map definition describing how to lookup an alternative
2014mail host for a particular address; <mailRoutingAddress> is a map definition
2015describing how to lookup an alternative address for a particular address;
2016the <bounce> argument, if present and not the word "passthru", dictates
2017that mail should be bounced if neither a mailHost nor mailRoutingAddress
2018is found, if set to "sendertoo", the sender will be rejected if not
2019found in LDAP; and <detail> indicates what actions to take if the address
2020contains +detail information -- `strip' tries the lookup with the +detail
2021and if no matches are found, strips the +detail and tries the lookup again;
2022`preserve', does the same as `strip' but if a mailRoutingAddress match is
2023found, the +detail information is copied to the new address; the <nodomain>
2024argument, if present, will prevent the @domain lookup if the full
2025address is not found in LDAP; the <tempfail> argument, if set to
2026"tempfail", instructs the rules to give an SMTP 4XX temporary
2027error if the LDAP server gives the MTA a temporary failure, or if set to
2028"queue" (the default), the MTA will locally queue the mail.
2029
2030The default <mailHost> map definition is:
2031
2032 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2033 (mailLocalAddress=%0))
2034
2035The default <mailRoutingAddress> map definition is:
2036
2037 ldap -1 -T<TMPF> -v mailRoutingAddress
2038 -k (&(objectClass=inetLocalMailRecipient)
2039 (mailLocalAddress=%0))
2040
2041Note that neither includes the LDAP server hostname (-h server) or base DN
2042(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
2043your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
2044these settings. If this is not the case, the map definitions should be
2045changed as described above. The "-T<TMPF>" is required in any user
2046specified map definition to catch temporary errors.
2047
2048The following possibilities exist as a result of an LDAP lookup on an
2049address:
2050
2051 mailHost is mailRoutingAddress is Results in
2052 ----------- --------------------- ----------
2053 set to a set mail delivered to
2054 "local" host mailRoutingAddress
2055
2056 set to a not set delivered to
2057 "local" host original address
2058
2059 set to a set mailRoutingAddress
2060 remote host relayed to mailHost
2061
2062 set to a not set original address
2063 remote host relayed to mailHost
2064
2065 not set set mail delivered to
2066 mailRoutingAddress
2067
2068 not set not set delivered to
2069 original address *OR*
2070 bounced as unknown user
2071
2072The term "local" host above means the host specified is in class {w}. If
2073the result would mean sending the mail to a different host, that host is
2074looked up in the mailertable before delivery.
2075
2076Note that the last case depends on whether the third argument is given
2077to the FEATURE() command. The default is to deliver the message to the
2078original address.
2079
2080The LDAP entries should be set up with an objectClass of
2081inetLocalMailRecipient and the address be listed in a mailLocalAddress
2082attribute. If present, there must be only one mailHost attribute and it
2083must contain a fully qualified host name as its value. Similarly, if
2084present, there must be only one mailRoutingAddress attribute and it must
2085contain an RFC 822 compliant address. Some example LDAP records (in LDIF
2086format):
2087
2088 dn: uid=tom, o=example.com, c=US
2089 objectClass: inetLocalMailRecipient
2090 mailLocalAddress: tom@example.com
2091 mailRoutingAddress: thomas@mailhost.example.com
2092
2093This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2094
2095 dn: uid=dick, o=example.com, c=US
2096 objectClass: inetLocalMailRecipient
2097 mailLocalAddress: dick@example.com
2098 mailHost: eng.example.com
2099
2100This would relay mail for dick@example.com to the same address but redirect
2101the mail to MX records listed for the host eng.example.com (unless the
2102mailertable overrides).
2103
2104 dn: uid=harry, o=example.com, c=US
2105 objectClass: inetLocalMailRecipient
2106 mailLocalAddress: harry@example.com
2107 mailHost: mktmail.example.com
2108 mailRoutingAddress: harry@mkt.example.com
2109
2110This would relay mail for harry@example.com to the MX records listed for
2111the host mktmail.example.com using the new address harry@mkt.example.com
2112when talking to that host.
2113
2114 dn: uid=virtual.example.com, o=example.com, c=US
2115 objectClass: inetLocalMailRecipient
2116 mailLocalAddress: @virtual.example.com
2117 mailHost: server.example.com
2118 mailRoutingAddress: virtual@example.com
2119
2120This would send all mail destined for any username @virtual.example.com to
2121the machine server.example.com's MX servers and deliver to the address
2122virtual@example.com on that relay machine.
2123
2124
2125+---------------------------------+
2126| ANTI-SPAM CONFIGURATION CONTROL |
2127+---------------------------------+
2128
2129The primary anti-spam features available in sendmail are:
2130
2131* Relaying is denied by default.
2132* Better checking on sender information.
2133* Access database.
2134* Header checks.
2135
2136Relaying (transmission of messages from a site outside your host (class
2137{w}) to another site except yours) is denied by default. Note that this
2138changed in sendmail 8.9; previous versions allowed relaying by default.
2139If you really want to revert to the old behaviour, you will need to use
2140FEATURE(`promiscuous_relay'). You can allow certain domains to relay
2141through your server by adding their domain name or IP address to class
2142{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2143(described below). Note that IPv6 addresses must be prefaced with "IPv6:".
2144The file consists (like any other file based class) of entries listed on
2145separate lines, e.g.,
2146
2147 sendmail.org
2148 128.32
2149 IPv6:2002:c0a8:02c7
2150 IPv6:2002:c0a8:51d2::23f4
2151 host.mydomain.com
2152 [UNIX:localhost]
2153
2154Notice: the last entry allows relaying for connections via a UNIX
2155socket to the MTA/MSP. This might be necessary if your configuration
2156doesn't allow relaying by other means in that case, e.g., by having
2157localhost.$m in class {R} (make sure $m is not just a top level
2158domain).
2159
2160If you use
2161
2162 FEATURE(`relay_entire_domain')
2163
2164then any host in any of your local domains (that is, class {m})
2165will be relayed (that is, you will accept mail either to or from any
2166host in your domain).
2167
2168You can also allow relaying based on the MX records of the host
2169portion of an incoming recipient address by using
2170
2171 FEATURE(`relay_based_on_MX')
2172
2173For example, if your server receives a recipient of user@domain.com
2174and domain.com lists your server in its MX records, the mail will be
2175accepted for relay to domain.com. This feature may cause problems
2176if MX lookups for the recipient domain are slow or time out. In that
2177case, mail will be temporarily rejected. It is usually better to
2178maintain a list of hosts/domains for which the server acts as relay.
2179Note also that this feature will stop spammers from using your host
2180to relay spam but it will not stop outsiders from using your server
2181as a relay for their site (that is, they set up an MX record pointing
2182to your mail server, and you will relay mail addressed to them
2183without any prior arrangement). Along the same lines,
2184
2185 FEATURE(`relay_local_from')
2186
2187will allow relaying if the sender specifies a return path (i.e.
2188MAIL FROM:<user@domain>) domain which is a local domain. This is a
2189dangerous feature as it will allow spammers to spam using your mail
2190server by simply specifying a return address of user@your.domain.com.
2191It should not be used unless absolutely necessary.
2192A slightly better solution is
2193
2194 FEATURE(`relay_mail_from')
2195
2196which allows relaying if the mail sender is listed as RELAY in the
2197access map. If an optional argument `domain' (this is the literal
2198word `domain', not a placeholder) is given, the domain portion of
2199the mail sender is also checked to allowing relaying. This option
2200only works together with the tag From: for the LHS of the access
2201map entries. This feature allows spammers to abuse your mail server
2202by specifying a return address that you enabled in your access file.
2203This may be harder to figure out for spammers, but it should not
2204be used unless necessary. Instead use STARTTLS to
2205allow relaying for roaming users.
2206
2207
2208If source routing is used in the recipient address (e.g.,
2209RCPT TO:<user%site.com@othersite.com>), sendmail will check
2210user@site.com for relaying if othersite.com is an allowed relay host
2211in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2212or the access database if FEATURE(`access_db') is used. To prevent
2213the address from being stripped down, use:
2214
2215 FEATURE(`loose_relay_check')
2216
2217If you think you need to use this feature, you probably do not. This
2218should only be used for sites which have no control over the addresses
2219that they provide a gateway for. Use this FEATURE with caution as it
2220can allow spammers to relay through your server if not setup properly.
2221
2222NOTICE: It is possible to relay mail through a system which the anti-relay
2223rules do not prevent: the case of a system that does use FEATURE(`nouucp',
2224`nospecial') (system A) and relays local messages to a mail hub (e.g., via
2225LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use
2226FEATURE(`nouucp') at all, addresses of the form
2227<example.net!user@local.host> would be relayed to <user@example.net>.
2228System A doesn't recognize `!' as an address separator and therefore
2229forwards it to the mail hub which in turns relays it because it came from
2230a trusted local host. So if a mailserver allows UUCP (bang-format)
2231addresses, all systems from which it allows relaying should do the same
2232or reject those addresses.
2233
2234As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2235an unresolvable domain (i.e., one that DNS, your local name service,
2236or special case rules in ruleset 3 cannot locate). This also applies
2237to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2238IP address can't be mapped to a host name. If you want to continue
2239to accept such domains, e.g., because you are inside a firewall that
2240has only a limited view of the Internet host name space (note that you
2241will not be able to return mail to them unless you have some "smart
2242host" forwarder), use
2243
2244 FEATURE(`accept_unresolvable_domains')
2245
2246Alternatively, you can allow specific addresses by adding them to
2247the access map, e.g.,
2248
2249 From:unresolvable.domain OK
2250 From:[1.2.3.4] OK
2251 From:[1.2.4] OK
2252
2253Notice: domains which are temporarily unresolvable are (temporarily)
2254rejected with a 451 reply code. If those domains should be accepted
2255(which is discouraged) then you can use
2256
2257 LOCAL_CONFIG
2258 C{ResOk}TEMP
2259
2260sendmail will also refuse mail if the MAIL FROM: parameter is not
2261fully qualified (i.e., contains a domain as well as a user). If you
2262want to continue to accept such senders, use
2263
2264 FEATURE(`accept_unqualified_senders')
2265
2266Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2267i.e., unqualified addresses are accepted even without this FEATURE. If
2268this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2269to enforce fully qualified domain names.
2270
2271An ``access'' database can be created to accept or reject mail from
2272selected domains. For example, you may choose to reject all mail
2273originating from known spammers. To enable such a database, use
2274
2275 FEATURE(`access_db')
2276
2277Notice: the access database is applied to the envelope addresses
2278and the connection information, not to the header.
2279
2280The FEATURE macro can accept as second parameter the key file
2281definition for the database; for example
2282
2283 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2284
2285Notice: If a second argument is specified it must contain the option
2286`-T<TMPF>' as shown above. The optional parameters may be
2287
2288 `skip' enables SKIP as value part (see below).
2289 `lookupdotdomain' another way to enable the feature of the
2290 same name (see above).
2291 `relaytofulladdress' enable entries of the form
2292 To:user@example.com RELAY
2293 to allow relaying to just a specific
2294 e-mail address instead of an entire domain.
2295
2296Remember, since /etc/mail/access is a database, after creating the text
2297file as described below, you must use makemap to create the database
2298map. For example:
2299
2300 makemap hash /etc/mail/access < /etc/mail/access
2301
2302The table itself uses e-mail addresses, domain names, and network
2303numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:".
2304For example,
2305
2306 From:spammer@aol.com REJECT
2307 From:cyberspammer.com REJECT
2308 Connect:cyberspammer.com REJECT
2309 Connect:TLD REJECT
2310 Connect:192.168.212 REJECT
2311 Connect:IPv6:2002:c0a8:02c7 RELAY
2312 Connect:IPv6:2002:c0a8:51d2::23f4 REJECT
2313
2314would refuse mail from spammer@aol.com, any user from cyberspammer.com
2315(or any host within the cyberspammer.com domain), any host in the entire
2316top level domain TLD, 192.168.212.* network, and the IPv6 address
23172002:c0a8:51d2::23f4. It would allow relay for the IPv6 network
23182002:c0a8:02c7::/48.
2319
2320Entries in the access map should be tagged according to their type.
2321Three tags are available:
2322
2323 Connect: connection information (${client_addr}, ${client_name})
2324 From: envelope sender
2325 To: envelope recipient
2326
2327Notice: untagged entries are deprecated.
2328
2329If the required item is looked up in a map, it will be tried first
2330with the corresponding tag in front, then (as fallback to enable
2331backward compatibility) without any tag, unless the specific feature
2332requires a tag. For example,
2333
2334 From:spammer@some.dom REJECT
2335 To:friend.domain RELAY
2336 Connect:friend.domain OK
2337 Connect:from.domain RELAY
2338 From:good@another.dom OK
2339 From:another.dom REJECT
2340
2341This would deny mails from spammer@some.dom but you could still
2342send mail to that address even if FEATURE(`blacklist_recipients')
2343is enabled. Your system will allow relaying to friend.domain, but
2344not from it (unless enabled by other means). Connections from that
2345domain will be allowed even if it ends up in one of the DNS based
2346rejection lists. Relaying is enabled from from.domain but not to
2347it (since relaying is based on the connection information for
2348outgoing relaying, the tag Connect: must be used; for incoming
2349relaying, which is based on the recipient address, To: must be
2350used). The last two entries allow mails from good@another.dom but
2351reject mail from all other addresses with another.dom as domain
2352part.
2353
2354
2355The value part of the map can contain:
2356
2357 OK Accept mail even if other rules in the running
2358 ruleset would reject it, for example, if the domain
2359 name is unresolvable. "Accept" does not mean
2360 "relay", but at most acceptance for local
2361 recipients. That is, OK allows less than RELAY.
2362 RELAY Accept mail addressed to the indicated domain
2363 (or address if `relaytofulladdress' is set) or
2364 received from the indicated domain for relaying
2365 through your SMTP server. RELAY also serves as
2366 an implicit OK for the other checks.
2367 REJECT Reject the sender or recipient with a general
2368 purpose message.
2369 DISCARD Discard the message completely using the
2370 $#discard mailer. If it is used in check_compat,
2371 it affects only the designated recipient, not
2372 the whole message as it does in all other cases.
2373 This should only be used if really necessary.
2374 SKIP This can only be used for host/domain names
2375 and IP addresses/nets. It will abort the current
2376 search for this entry without accepting or rejecting
2377 it but causing the default action.
2378 ### any text where ### is an RFC 821 compliant error code and
2379 "any text" is a message to return for the command.
2380 The entire string should be quoted to avoid
2381 surprises:
2382
2383 "### any text"
2384
2385 Otherwise sendmail formats the text as email
2386 addresses, e.g., it may remove spaces.
2387 This type is deprecated, use one of the two
2388 ERROR: entries below instead.
2389 ERROR:### any text
2390 as above, but useful to mark error messages as such.
2391 If quotes need to be used to avoid modifications
2392 (see above), they should be placed like this:
2393
2394 ERROR:"### any text"
2395
2396 ERROR:D.S.N:### any text
2397 where D.S.N is an RFC 1893 compliant error code
2398 and the rest as above. If quotes need to be used
2399 to avoid modifications, they should be placed
2400 like this:
2401
2402 ERROR:D.S.N:"### any text"
2403
2404 QUARANTINE:any text
2405 Quarantine the message using the given text as the
2406 quarantining reason.
2407
2408For example:
2409
2410 From:cyberspammer.com ERROR:"550 We don't accept mail from spammers"
2411 From:okay.cyberspammer.com OK
2412 Connect:sendmail.org RELAY
2413 To:sendmail.org RELAY
2414 Connect:128.32 RELAY
2415 Connect:128.32.2 SKIP
2416 Connect:IPv6:1:2:3:4:5:6:7 RELAY
2417 Connect:suspicious.example.com QUARANTINE:Mail from suspicious host
2418 Connect:[127.0.0.3] OK
2419 Connect:[IPv6:1:2:3:4:5:6:7:8] OK
2420
2421would accept mail from okay.cyberspammer.com, but would reject mail
2422from all other hosts at cyberspammer.com with the indicated message.
2423It would allow relaying mail from and to any hosts in the sendmail.org
2424domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2425and from the 128.32.*.* network except for the 128.32.2.* network,
2426which shows how SKIP is useful to exempt subnets/subdomains. The
2427last two entries are for checks against ${client_name} if the IP
2428address doesn't resolve to a hostname (or is considered as "may be
2429forged"). That is, using square brackets means these are host
2430names, not network numbers.
2431
2432Warning: if you change the RFC 821 compliant error code from the default
2433value of 550, then you should probably also change the RFC 1893 compliant
2434error code to match it. For example, if you use
2435
2436 To:user@example.com ERROR:450 mailbox full
2437
2438the error returned would be "450 5.0.0 mailbox full" which is wrong.
2439Use "ERROR:4.2.2:450 mailbox full" instead.
2440
2441Note, UUCP users may need to add hostname.UUCP to the access database
2442or class {R}.
2443
2444If you also use:
2445
2446 FEATURE(`relay_hosts_only')
2447
2448then the above example will allow relaying for sendmail.org, but not
2449hosts within the sendmail.org domain. Note that this will also require
2450hosts listed in class {R} to be fully qualified host names.
2451
2452You can also use the access database to block sender addresses based on
2453the username portion of the address. For example:
2454
2455 From:FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted
2456
2457Note that you must include the @ after the username to signify that
2458this database entry is for checking only the username portion of the
2459sender address.
2460
2461If you use:
2462
2463 FEATURE(`blacklist_recipients')
2464
2465then you can add entries to the map for local users, hosts in your
2466domains, or addresses in your domain which should not receive mail:
2467
2468 To:badlocaluser@ ERROR:550 Mailbox disabled for badlocaluser
2469 To:host.my.TLD ERROR:550 That host does not accept mail
2470 To:user@other.my.TLD ERROR:550 Mailbox disabled for this recipient
2471
2472This would prevent a recipient of badlocaluser in any of the local
2473domains (class {w}), any user at host.my.TLD, and the single address
2474user@other.my.TLD from receiving mail. Please note: a local username
2475must be now tagged with an @ (this is consistent with the check of
2476the sender address, and hence it is possible to distinguish between
2477hostnames and usernames). Enabling this feature will keep you from
2478sending mails to all addresses that have an error message or REJECT
2479as value part in the access map. Taking the example from above:
2480
2481 spammer@aol.com REJECT
2482 cyberspammer.com REJECT
2483
2484Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2485That's why tagged entries should be used.
2486
2487There are several DNS based blacklists which can be found by
2488querying a search engine. These are databases of spammers
2489maintained in DNS. To use such a database, specify
2490
2491 FEATURE(`dnsbl', `dnsbl.example.com')
2492
2493This will cause sendmail to reject mail from any site listed in the
2494DNS based blacklist. You must select a DNS based blacklist domain
2495to check by specifying an argument to the FEATURE. The default
2496error message is
2497
2498 Rejected: IP-ADDRESS listed at SERVER
2499
2500where IP-ADDRESS and SERVER are replaced by the appropriate
2501information. A second argument can be used to specify a different
2502text or action. For example,
2503
2504 FEATURE(`dnsbl', `dnsbl.example.com', `quarantine')
2505
2506would quarantine the message if the client IP address is listed
2507at `dnsbl.example.com'.
2508
2509By default, temporary lookup failures are ignored
2510and hence cause the connection not to be rejected by the DNS based
2511rejection list. This behavior can be changed by specifying a third
2512argument, which must be either `t' or a full error message. For
2513example:
2514
2515 FEATURE(`dnsbl', `dnsbl.example.com', `',
2516 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2517
2518If `t' is used, the error message is:
2519
2520 451 Temporary lookup failure of IP-ADDRESS at SERVER
2521
2522where IP-ADDRESS and SERVER are replaced by the appropriate
2523information.
2524
2525This FEATURE can be included several times to query different
2526DNS based rejection lists.
2527
2528Notice: to avoid checking your own local domains against those
2529blacklists, use the access_db feature and add:
2530
2531 Connect:10.1 OK
2532 Connect:127.0.0.1 RELAY
2533
2534to the access map, where 10.1 is your local network. You may
2535want to use "RELAY" instead of "OK" to allow also relaying
2536instead of just disabling the DNS lookups in the blacklists.
2537
2538
2539The features described above make use of the check_relay, check_mail,
2540and check_rcpt rulesets. Note that check_relay checks the SMTP
2541client hostname and IP address when the connection is made to your
2542server. It does not check if a mail message is being relayed to
2543another server. That check is done in check_rcpt. If you wish to
2544include your own checks, you can put your checks in the rulesets
2545Local_check_relay, Local_check_mail, and Local_check_rcpt. For
2546example if you wanted to block senders with all numeric usernames
2547(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2548regex map:
2549
2550 LOCAL_CONFIG
2551 Kallnumbers regex -a@MATCH ^[0-9]+$
2552
2553 LOCAL_RULESETS
2554 SLocal_check_mail
2555 # check address against various regex checks
2556 R$* $: $>Parse0 $>3 $1
2557 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $)
2558 R@MATCH $#error $: 553 Header Error
2559
2560These rules are called with the original arguments of the corresponding
2561check_* ruleset. If the local ruleset returns $#OK, no further checking
2562is done by the features described above and the mail is accepted. If
2563the local ruleset resolves to a mailer (such as $#error or $#discard),
2564the appropriate action is taken. Other results starting with $# are
2565interpreted by sendmail and may lead to unspecified behavior. Note: do
2566NOT create a mailer with the name OK. Return values that do not start
2567with $# are ignored, i.e., normal processing continues.
2568
2569Delay all checks
2570----------------
2571
2572By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2573will not be called when a client connects or issues a MAIL command,
2574respectively. Instead, those rulesets will be called by the check_rcpt
2575ruleset; they will be skipped if a sender has been authenticated using
2576a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2577If check_mail returns an error then the RCPT TO command will be rejected
2578with that error. If it returns some other result starting with $# then
2579check_relay will be skipped. If the sender address (or a part of it) is
2580listed in the access map and it has a RHS of OK or RELAY, then check_relay
2581will be skipped. This has an interesting side effect: if your domain is
2582my.domain and you have
2583
2584 my.domain RELAY
2585
2586in the access map, then any e-mail with a sender address of
2587<user@my.domain> will not be rejected by check_relay even though
2588it would match the hostname or IP address. This allows spammers
2589to get around DNS based blacklist by faking the sender address. To
2590avoid this problem you have to use tagged entries:
2591
2592 To:my.domain RELAY
2593 Connect:my.domain RELAY
2594
2595if you need those entries at all (class {R} may take care of them).
2596
2597FEATURE(`delay_checks') can take an optional argument:
2598
2599 FEATURE(`delay_checks', `friend')
2600 enables spamfriend test
2601 FEATURE(`delay_checks', `hater')
2602 enables spamhater test
2603
2604If such an argument is given, the recipient will be looked up in the
2605access map (using the tag Spam:). If the argument is `friend', then
2606the default behavior is to apply the other rulesets and make a SPAM
2607friend the exception. The rulesets check_mail and check_relay will be
2608skipped only if the recipient address is found and has RHS FRIEND. If
2609the argument is `hater', then the default behavior is to skip the rulesets
2610check_mail and check_relay and make a SPAM hater the exception. The
2611other two rulesets will be applied only if the recipient address is
2612found and has RHS HATER.
2613
2614This allows for simple exceptions from the tests, e.g., by activating
2615the friend option and having
2616
2617 Spam:abuse@ FRIEND
2618
2619in the access map, mail to abuse@localdomain will get through (where
2620"localdomain" is any domain in class {w}). It is also possible to
2621specify a full address or an address with +detail:
2622
2623 Spam:abuse@my.domain FRIEND
2624 Spam:me+abuse@ FRIEND
2625 Spam:spam.domain FRIEND
2626
2627Note: The required tag has been changed in 8.12 from To: to Spam:.
2628This change is incompatible to previous versions. However, you can
2629(for now) simply add the new entries to the access map, the old
2630ones will be ignored. As soon as you removed the old entries from
2631the access map, specify a third parameter (`n') to this feature and
2632the backward compatibility rules will not be in the generated .cf
2633file.
2634
2635Header Checks
2636-------------
2637
2638You can also reject mail on the basis of the contents of headers.
2639This is done by adding a ruleset call to the 'H' header definition command
2640in sendmail.cf. For example, this can be used to check the validity of
2641a Message-ID: header:
2642
2643 LOCAL_CONFIG
2644 HMessage-Id: $>CheckMessageId
2645
2646 LOCAL_RULESETS
2647 SCheckMessageId
2648 R< $+ @ $+ > $@ OK
2649 R$* $#error $: 553 Header Error
2650
2651The alternative format:
2652
2653 HSubject: $>+CheckSubject
2654
2655that is, $>+ instead of $>, gives the full Subject: header including
2656comments to the ruleset (comments in parentheses () are stripped
2657by default).
2658
2659A default ruleset for headers which don't have a specific ruleset
2660defined for them can be given by:
2661
2662 H*: $>CheckHdr
2663
2664Notice:
26651. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2666That may cause problems with simple header checks due to the
2667tokenization. It might be simpler to use a regex map and apply it
2668to $&{currHeader}.
26692. There are no default rulesets coming with this distribution of
2670sendmail. You can write your own or search the WWW for examples.
26713. When using a default ruleset for headers, the name of the header
2672currently being checked can be found in the $&{hdr_name} macro.
2673
2674After all of the headers are read, the check_eoh ruleset will be called for
2675any final header-related checks. The ruleset is called with the number of
2676headers and the size of all of the headers in bytes separated by $|. One
2677example usage is to reject messages which do not have a Message-Id:
2678header. However, the Message-Id: header is *NOT* a required header and is
2679not a guaranteed spam indicator. This ruleset is an example and should
2680probably not be used in production.
2681
2682 LOCAL_CONFIG
2683 Kstorage macro
2684 HMessage-Id: $>CheckMessageId
2685
2686 LOCAL_RULESETS
2687 SCheckMessageId
2688 # Record the presence of the header
2689 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
2690 R< $+ @ $+ > $@ OK
2691 R$* $#error $: 553 Header Error
2692
2693 Scheck_eoh
2694 # Check the macro
2695 R$* $: < $&{MessageIdCheck} >
2696 # Clear the macro for the next message
2697 R$* $: $(storage {MessageIdCheck} $) $1
2698 # Has a Message-Id: header
2699 R< $+ > $@ OK
2700 # Allow missing Message-Id: from local mail
2701 R$* $: < $&{client_name} >
2702 R< > $@ OK
2703 R< $=w > $@ OK
2704 # Otherwise, reject the mail
2705 R$* $#error $: 553 Header Error
2706
2707
2708+--------------------+
2709| CONNECTION CONTROL |
2710+--------------------+
2711
2712The features ratecontrol and conncontrol allow to establish connection
2713limits per client IP address or net. These features can limit the
2714rate of connections (connections per time unit) or the number of
2715incoming SMTP connections, respectively. If enabled, appropriate
2716rulesets are called at the end of check_relay, i.e., after DNS
2717blacklists and generic access_db operations. The features require
2718FEATURE(`access_db') to be listed earlier in the mc file.
2719
2720Note: FEATURE(`delay_checks') delays those connection control checks
2721after a recipient address has been received, hence making these
2722connection control features less useful. To run the checks as early
2723as possible, specify the parameter `nodelay', e.g.,
2724
2725 FEATURE(`ratecontrol', `nodelay')
2726
2727In that case, FEATURE(`delay_checks') has no effect on connection
2728control (and it must be specified earlier in the mc file).
2729
2730An optional second argument `terminate' specifies whether the
2731rulesets should return the error code 421 which will cause
2732sendmail to terminate the session with that error if it is
2733returned from check_relay, i.e., not delayed as explained in
2734the previous paragraph. Example:
2735
2736 FEATURE(`ratecontrol', `nodelay', `terminate')
2737
2738
2739+----------+
2740| STARTTLS |
2741+----------+
2742
2743In this text, cert will be used as an abbreviation for X.509 certificate,
2744DN (CN) is the distinguished (common) name of a cert, and CA is a
2745certification authority, which signs (issues) certs.
2746
2747For STARTTLS to be offered by sendmail you need to set at least
2748these variables (the file names and paths are just examples):
2749
2750 define(`confCACERT_PATH', `/etc/mail/certs/')
2751 define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
2752 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
2753 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
2754
2755On systems which do not have the compile flag HASURANDOM set (see
2756sendmail/README) you also must set confRAND_FILE.
2757
2758See doc/op/op.{me,ps,txt} for more information about these options,
2759especially the sections ``Certificates for STARTTLS'' and ``PRNG for
2760STARTTLS''.
2761
2762Macros related to STARTTLS are:
2763
2764${cert_issuer} holds the DN of the CA (the cert issuer).
2765${cert_subject} holds the DN of the cert (called the cert subject).
2766${cn_issuer} holds the CN of the CA (the cert issuer).
2767${cn_subject} holds the CN of the cert (called the cert subject).
2768${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
2769 TLSv1/SSLv3, SSLv3, SSLv2.
2770${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
2771 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
2772${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
2773 used for the connection.
2774${verify} holds the result of the verification of the presented cert.
2775 Possible values are:
2776 OK verification succeeded.
2777 NO no cert presented.
2778 NOT no cert requested.
2779 FAIL cert presented but could not be verified,
2780 e.g., the cert of the signing CA is missing.
2781 NONE STARTTLS has not been performed.
2782 TEMP temporary error occurred.
2783 PROTOCOL protocol error occurred (SMTP level).
2784 SOFTWARE STARTTLS handshake failed.
2785${server_name} the name of the server of the current outgoing SMTP
2786 connection.
2787${server_addr} the address of the server of the current outgoing SMTP
2788 connection.
2789
2790Relaying
2791--------
2792
2793SMTP STARTTLS can allow relaying for remote SMTP clients which have
2794successfully authenticated themselves. If the verification of the cert
2795failed (${verify} != OK), relaying is subject to the usual rules.
2796Otherwise the DN of the issuer is looked up in the access map using the
2797tag CERTISSUER. If the resulting value is RELAY, relaying is allowed.
2798If it is SUBJECT, the DN of the cert subject is looked up next in the
2799access map using the tag CERTSUBJECT. If the value is RELAY, relaying
2800is allowed.
2801
2802To make things a bit more flexible (or complicated), the values for
2803${cert_issuer} and ${cert_subject} can be optionally modified by regular
2804expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
2805_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
2806rulesets and map lookups, they are modified as follows: each non-printable
2807character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
2808by their HEX value with a leading '+'. For example:
2809
2810/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
2811darth+cert@endmail.org
2812
2813is encoded as:
2814
2815/C=US/ST=California/O=endmail.org/OU=private/CN=
2816Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2817
2818(line breaks have been inserted for readability).
2819
2820The macros which are subject to this encoding are ${cert_subject},
2821${cert_issuer}, ${cn_subject}, and ${cn_issuer}.
2822
2823Examples:
2824
2825To allow relaying for everyone who can present a cert signed by
2826
2827/C=US/ST=California/O=endmail.org/OU=private/CN=
2828Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2829
2830simply use:
2831
2832CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2833Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY
2834
2835To allow relaying only for a subset of machines that have a cert signed by
2836
2837/C=US/ST=California/O=endmail.org/OU=private/CN=
2838Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2839
2840use:
2841
2842CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2843Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT
2844CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
2845DeathStar/Email=deathstar@endmail.org RELAY
2846
2847Notes:
2848- line breaks have been inserted after "CN=" for readability,
2849 each tagged entry must be one (long) line in the access map.
2850- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
2851 is replaced by "emailAddress=".
2852
2853Of course it is also possible to write a simple ruleset that allows
2854relaying for everyone who can present a cert that can be verified, e.g.,
2855
2856LOCAL_RULESETS
2857SLocal_check_rcpt
2858R$* $: $&{verify}
2859ROK $# OK
2860
2861Allowing Connections
2862--------------------
2863
2864The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
2865an SMTP connection is accepted (or should continue).
2866
2867tls_server is called when sendmail acts as client after a STARTTLS command
2868(should) have been issued. The parameter is the value of ${verify}.
2869
2870tls_client is called when sendmail acts as server, after a STARTTLS command
2871has been issued, and from check_mail. The parameter is the value of
2872${verify} and STARTTLS or MAIL, respectively.
2873
2874Both rulesets behave the same. If no access map is in use, the connection
2875will be accepted unless ${verify} is SOFTWARE, in which case the connection
2876is always aborted. For tls_server/tls_client, ${client_name}/${server_name}
2877is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
2878with the ruleset LookUpDomain. If no entry is found, ${client_addr}
2879(${server_addr}) is looked up in the access map (same tag, ruleset
2880LookUpAddr). If this doesn't result in an entry either, just the tag is
2881looked up in the access map (included the trailing colon). Notice:
2882requiring that e-mail is sent to a server only encrypted, e.g., via
2883
2884TLS_Srv:secure.domain ENCR:112
2885
2886doesn't necessarily mean that e-mail sent to that domain is encrypted.
2887If the domain has multiple MX servers, e.g.,
2888
2889secure.domain. IN MX 10 mail.secure.domain.
2890secure.domain. IN MX 50 mail.other.domain.
2891
2892then mail to user@secure.domain may go unencrypted to mail.other.domain.
2893tls_rcpt can be used to address this problem.
2894
2895tls_rcpt is called before a RCPT TO: command is sent. The parameter is the
2896current recipient. This ruleset is only defined if FEATURE(`access_db')
2897is selected. A recipient address user@domain is looked up in the access
2898map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
2899and TLS_Rcpt:; the first match is taken.
2900
2901The result of the lookups is then used to call the ruleset TLS_connection,
2902which checks the requirement specified by the RHS in the access map against
2903the actual parameters of the current TLS connection, esp. ${verify} and
2904${cipher_bits}. Legal RHSs in the access map are:
2905
2906VERIFY verification must have succeeded
2907VERIFY:bits verification must have succeeded and ${cipher_bits} must
2908 be greater than or equal bits.
2909ENCR:bits ${cipher_bits} must be greater than or equal bits.
2910
2911The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
2912or permanent error. The default is a temporary error code (403 4.7.0)
2913unless the macro TLS_PERM_ERR is set during generation of the .cf file.
2914
2915If a certain level of encryption is required, then it might also be
2916possible that this level is provided by the security layer from a SASL
2917algorithm, e.g., DIGEST-MD5.
2918
2919Furthermore, there can be a list of extensions added. Such a list
2920starts with '+' and the items are separated by '++'. Allowed
2921extensions are:
2922
2923CN:name name must match ${cn_subject}
2924CN ${client_name}/${server_name} must match ${cn_subject}
2925CS:name name must match ${cert_subject}
2926CI:name name must match ${cert_issuer}
2927
2928Example: e-mail sent to secure.example.com should only use an encrypted
2929connection. E-mail received from hosts within the laptop.example.com domain
2930should only be accepted if they have been authenticated. The host which
2931receives e-mail for darth@endmail.org must present a cert that uses the
2932CN smtp.endmail.org.
2933
2934TLS_Srv:secure.example.com ENCR:112
2935TLS_Clt:laptop.example.com PERM+VERIFY:112
2936TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
2937
2938
2939Disabling STARTTLS And Setting SMTP Server Features
2940---------------------------------------------------
2941
2942By default STARTTLS is used whenever possible. However, there are
2943some broken MTAs that don't properly implement STARTTLS. To be able
2944to send to (or receive from) those MTAs, the ruleset try_tls
2945(srv_features) can be used that work together with the access map.
2946Entries for the access map must be tagged with Try_TLS (Srv_Features)
2947and refer to the hostname or IP address of the connecting system.
2948A default case can be specified by using just the tag. For example,
2949the following entries in the access map:
2950
2951 Try_TLS:broken.server NO
2952 Srv_Features:my.domain v
2953 Srv_Features: V
2954
2955will turn off STARTTLS when sending to broken.server (or any host
2956in that domain), and request a client certificate during the TLS
2957handshake only for hosts in my.domain. The valid entries on the RHS
2958for Srv_Features are listed in the Sendmail Installation and
2959Operations Guide.
2960
2961
2962Received: Header
2963----------------
2964
2965The Received: header reveals whether STARTTLS has been used. It contains an
2966extra line:
2967
2968(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
2969
2970
2971+--------------------------------+
2972| ADDING NEW MAILERS OR RULESETS |
2973+--------------------------------+
2974
2975Sometimes you may need to add entirely new mailers or rulesets. They
2976should be introduced with the constructs MAILER_DEFINITIONS and
2977LOCAL_RULESETS respectively. For example:
2978
2979 MAILER_DEFINITIONS
2980 Mmymailer, ...
2981 ...
2982
2983 LOCAL_RULESETS
2984 Smyruleset
2985 ...
2986
2987Local additions for the rulesets srv_features, try_tls, tls_rcpt,
2988tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
2989LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
2990respectively. For example, to add a local ruleset that decides
2991whether to try STARTTLS in a sendmail client, use:
2992
2993 LOCAL_TRY_TLS
2994 R...
2995
2996Note: you don't need to add a name for the ruleset, it is implicitly
2997defined by using the appropriate macro.
2998
2999
3000+-------------------------+
3001| ADDING NEW MAIL FILTERS |
3002+-------------------------+
3003
3004Sendmail supports mail filters to filter incoming SMTP messages according
3005to the "Sendmail Mail Filter API" documentation. These filters can be
3006configured in your mc file using the two commands:
3007
3008 MAIL_FILTER(`name', `equates')
3009 INPUT_MAIL_FILTER(`name', `equates')
3010
3011The first command, MAIL_FILTER(), simply defines a filter with the given
3012name and equates. For example:
3013
3014 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3015
3016This creates the equivalent sendmail.cf entry:
3017
3018 Xarchive, S=local:/var/run/archivesock, F=R
3019
3020The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
3021but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
3022of the filter such that the filter will actually be called by sendmail.
3023
3024For example, the two commands:
3025
3026 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3027 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3028
3029are equivalent to the three commands:
3030
3031 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3032 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3033 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
3034
3035In general, INPUT_MAIL_FILTER() should be used unless you need to define
3036more filters than you want to use for `confINPUT_MAIL_FILTERS'.
3037
3038Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
3039commands will clear the list created by the prior INPUT_MAIL_FILTER()
3040commands.
3041
3042
3043+-------------------------+
3044| QUEUE GROUP DEFINITIONS |
3045+-------------------------+
3046
3047In addition to the queue directory (which is the default queue group
3048called "mqueue"), sendmail can deal with multiple queue groups, which
3049are collections of queue directories with the same behaviour. Queue
3050groups can be defined using the command:
3051
3052 QUEUE_GROUP(`name', `equates')
3053
3054For details about queue groups, please see doc/op/op.{me,ps,txt}.
3055
3056+-------------------------------+
3057| NON-SMTP BASED CONFIGURATIONS |
3058+-------------------------------+
3059
3060These configuration files are designed primarily for use by
3061SMTP-based sites. They may not be well tuned for UUCP-only or
3062UUCP-primarily nodes (the latter is defined as a small local net
3063connected to the rest of the world via UUCP). However, there is
3064one hook to handle some special cases.
3065
3066You can define a ``smart host'' that understands a richer address syntax
3067using:
3068
3069 define(`SMART_HOST', `mailer:hostname')
3070
3071In this case, the ``mailer:'' defaults to "relay". Any messages that
3072can't be handled using the usual UUCP rules are passed to this host.
3073
3074If you are on a local SMTP-based net that connects to the outside
3075world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
3076For example:
3077
3078 define(`SMART_HOST', `uucp-new:uunet')
3079 LOCAL_NET_CONFIG
3080 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
3081
3082This will cause all names that end in your domain name ($m) to be sent
3083via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3084If you have FEATURE(`nocanonify'), you may need to omit the dots after
3085the $m. If you are running a local DNS inside your domain which is
3086not otherwise connected to the outside world, you probably want to
3087use:
3088
3089 define(`SMART_HOST', `smtp:fire.wall.com')
3090 LOCAL_NET_CONFIG
3091 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3
3092
3093That is, send directly only to things you found in your DNS lookup;
3094anything else goes through SMART_HOST.
3095
3096You may need to turn off the anti-spam rules in order to accept
3097UUCP mail with FEATURE(`promiscuous_relay') and
3098FEATURE(`accept_unresolvable_domains').
3099
3100
3101+-----------+
3102| WHO AM I? |
3103+-----------+
3104
3105Normally, the $j macro is automatically defined to be your fully
3106qualified domain name (FQDN). Sendmail does this by getting your
3107host name using gethostname and then calling gethostbyname on the
3108result. For example, in some environments gethostname returns
3109only the root of the host name (such as "foo"); gethostbyname is
3110supposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
3111cases, gethostbyname may fail to return the FQDN. In this case
3112you MUST define confDOMAIN_NAME to be your fully qualified domain
3113name. This is usually done using:
3114
3115 Dmbar.com
3116 define(`confDOMAIN_NAME', `$w.$m')dnl
3117
3118
3119+-----------------------------------+
3120| ACCEPTING MAIL FOR MULTIPLE NAMES |
3121+-----------------------------------+
3122
3123If your host is known by several different names, you need to augment
3124class {w}. This is a list of names by which your host is known, and
3125anything sent to an address using a host name in this list will be
3126treated as local mail. You can do this in two ways: either create the
3127file /etc/mail/local-host-names containing a list of your aliases (one per
3128line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3129``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
3130name of the host, rather than a short name.
3131
3132If you want to have different address in different domains, take
3133a look at the virtusertable feature, which is also explained at
3134http://www.sendmail.org/virtual-hosting.html
3135
3136
3137+--------------------+
3138| USING MAILERTABLES |
3139+--------------------+
3140
3141To use FEATURE(`mailertable'), you will have to create an external
3142database containing the routing information for various domains.
3143For example, a mailertable file in text format might be:
3144
3145 .my.domain xnet:%1.my.domain
3146 uuhost1.my.domain uucp-new:uuhost1
3147 .bitnet smtp:relay.bit.net
3148
3149This should normally be stored in /etc/mail/mailertable. The actual
3150database version of the mailertable is built using:
3151
3152 makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3153
3154The semantics are simple. Any LHS entry that does not begin with
3155a dot matches the full host name indicated. LHS entries beginning
3156with a dot match anything ending with that domain name (including
3157the leading dot) -- that is, they can be thought of as having a
3158leading ".+" regular expression pattern for a non-empty sequence of
3159characters. Matching is done in order of most-to-least qualified
3160-- for example, even though ".my.domain" is listed first in the
3161above example, an entry of "uuhost1.my.domain" will match the second
3162entry since it is more explicit. Note: e-mail to "user@my.domain"
3163does not match any entry in the above table. You need to have
3164something like:
3165
3166 my.domain esmtp:host.my.domain
3167
3168The RHS should always be a "mailer:host" pair. The mailer is the
3169configuration name of a mailer (that is, an M line in the
3170sendmail.cf file). The "host" will be the hostname passed to
3171that mailer. In domain-based matches (that is, those with leading
3172dots) the "%1" may be used to interpolate the wildcarded part of
3173the host name. For example, the first line above sends everything
3174addressed to "anything.my.domain" to that same host name, but using
3175the (presumably experimental) xnet mailer.
3176
3177In some cases you may want to temporarily turn off MX records,
3178particularly on gateways. For example, you may want to MX
3179everything in a domain to one machine that then forwards it
3180directly. To do this, you might use the DNS configuration:
3181
3182 *.domain. IN MX 0 relay.machine
3183
3184and on relay.machine use the mailertable:
3185
3186 .domain smtp:[gateway.domain]
3187
3188The [square brackets] turn off MX records for this host only.
3189If you didn't do this, the mailertable would use the MX record
3190again, which would give you an MX loop. Note that the use of
3191wildcard MX records is almost always a bad idea. Please avoid
3192using them if possible.
3193
3194
3195+--------------------------------+
3196| USING USERDB TO MAP FULL NAMES |
3197+--------------------------------+
3198
3199The user database was not originally intended for mapping full names
3200to login names (e.g., Eric.Allman => eric), but some people are using
3201it that way. (it is recommended that you set up aliases for this
3202purpose instead -- since you can specify multiple alias files, this
3203is fairly easy.) The intent was to locate the default maildrop at
3204a site, but allow you to override this by sending to a specific host.
3205
3206If you decide to set up the user database in this fashion, it is
3207imperative that you not use FEATURE(`stickyhost') -- otherwise,
3208e-mail sent to Full.Name@local.host.name will be rejected.
3209
3210To build the internal form of the user database, use:
3211
3212 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3213
3214As a general rule, it is an extremely bad idea to using full names
3215as e-mail addresses, since they are not in any sense unique. For
3216example, the UNIX software-development community has at least two
3217well-known Peter Deutsches, and at one time Bell Labs had two
3218Stephen R. Bournes with offices along the same hallway. Which one
3219will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3220The less famous of the two, or the one that was hired later?
3221
3222Finger should handle full names (and be fuzzy). Mail should use
3223handles, and not be fuzzy.
3224
3225
3226+--------------------------------+
3227| MISCELLANEOUS SPECIAL FEATURES |
3228+--------------------------------+
3229
3230Plussed users
3231 Sometimes it is convenient to merge configuration on a
3232 centralized mail machine, for example, to forward all
3233 root mail to a mail server. In this case it might be
3234 useful to be able to treat the root addresses as a class
3235 of addresses with subtle differences. You can do this
3236 using plussed users. For example, a client might include
3237 the alias:
3238
3239 root: root+client1@server
3240
3241 On the server, this will match an alias for "root+client1".
3242 If that is not found, the alias "root+*" will be tried,
3243 then "root".
3244
3245
3246+----------------+
3247| SECURITY NOTES |
3248+----------------+
3249
3250A lot of sendmail security comes down to you. Sendmail 8 is much
3251more careful about checking for security problems than previous
3252versions, but there are some things that you still need to watch
3253for. In particular:
3254
3255* Make sure the aliases file is not writable except by trusted
3256 system personnel. This includes both the text and database
3257 version.
3258
3259* Make sure that other files that sendmail reads, such as the
3260 mailertable, are only writable by trusted system personnel.
3261
3262* The queue directory should not be world writable PARTICULARLY
3263 if your system allows "file giveaways" (that is, if a non-root
3264 user can chown any file they own to any other user).
3265
3266* If your system allows file giveaways, DO NOT create a publically
3267 writable directory for forward files. This will allow anyone
3268 to steal anyone else's e-mail. Instead, create a script that
3269 copies the .forward file from users' home directories once a
3270 night (if you want the non-NFS-mounted forward directory).
3271
3272* If your system allows file giveaways, you'll find that
3273 sendmail is much less trusting of :include: files -- in
3274 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3275 /etc/shells before they will be trusted (that is, before
3276 files and programs listed in them will be honored).
3277
3278In general, file giveaways are a mistake -- if you can turn them
3279off, do so.
3280
3281
3282+--------------------------------+
3283| TWEAKING CONFIGURATION OPTIONS |
3284+--------------------------------+
3285
3286There are a large number of configuration options that don't normally
3287need to be changed. However, if you feel you need to tweak them,
3288you can define the following M4 variables. Note that some of these
3289variables require formats that are defined in RFC 2821 or RFC 2822.
3290Before changing them you need to make sure you do not violate those
3291(and other relevant) RFCs.
3292
3293This list is shown in four columns: the name you define, the default
3294value for that definition, the option or macro that is affected
3295(either Ox for an option or Dx for a macro), and a brief description.
3296
3297Some options are likely to be deprecated in future versions -- that is,
3298the option is only included to provide back-compatibility. These are
3299marked with "*".
3300
3301Remember that these options are M4 variables, and hence may need to
3302be quoted. In particular, arguments with commas will usually have to
3303be ``double quoted, like this phrase'' to avoid having the comma
3304confuse things. This is common for alias file definitions and for
3305the read timeout.
3306
3307M4 Variable Name Configuration [Default] & Description
3308================ ============= =======================
3309confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
3310 for internally generated outgoing
3311 messages.
3312confDOMAIN_NAME $j macro If defined, sets $j. This should
3313 only be done if your system cannot
3314 determine your local domain name,
3315 and then it should be set to
3316 $w.Foo.COM, where Foo.COM is your
3317 domain name.
3318confCF_VERSION $Z macro If defined, this is appended to the
3319 configuration version name.
3320confLDAP_CLUSTER ${sendmailMTACluster} macro
3321 If defined, this is the LDAP
3322 cluster to use for LDAP searches
3323 as described above in ``USING LDAP
3324 FOR ALIASES, MAPS, AND CLASSES''.
3325confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
3326 internally generated From: address.
3327confRECEIVED_HEADER Received:
3328 [$?sfrom $s $.$?_($?s$|from $.$_)
3329 $.$?{auth_type}(authenticated)
3330 $.by $j ($v/$Z)$?r with $r$. id $i$?u
3331 for $u; $|;
3332 $.$b]
3333 The format of the Received: header
3334 in messages passed through this host.
3335 It is unwise to try to change this.
3336confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an
3337 internally generated Message-Id:
3338 header.
3339confCW_FILE Fw class [/etc/mail/local-host-names] Name
3340 of file used to get the local
3341 additions to class {w} (local host
3342 names).
3343confCT_FILE Ft class [/etc/mail/trusted-users] Name of
3344 file used to get the local additions
3345 to class {t} (trusted users).
3346confCR_FILE FR class [/etc/mail/relay-domains] Name of
3347 file used to get the local additions
3348 to class {R} (hosts allowed to relay).
3349confTRUSTED_USERS Ct class [no default] Names of users to add to
3350 the list of trusted users. This list
3351 always includes root, uucp, and daemon.
3352 See also FEATURE(`use_ct_file').
3353confTRUSTED_USER TrustedUser [no default] Trusted user for file
3354 ownership and starting the daemon.
3355 Not to be confused with
3356 confTRUSTED_USERS (see above).
3357confSMTP_MAILER - [esmtp] The mailer name used when
3358 SMTP connectivity is required.
3359 One of "smtp", "smtp8",
3360 "esmtp", or "dsmtp".
3361confUUCP_MAILER - [uucp-old] The mailer to be used by
3362 default for bang-format recipient
3363 addresses. See also discussion of
3364 class {U}, class {Y}, and class {Z}
3365 in the MAILER(`uucp') section.
3366confLOCAL_MAILER - [local] The mailer name used when
3367 local connectivity is required.
3368 Almost always "local".
3369confRELAY_MAILER - [relay] The default mailer name used
3370 for relaying any mail (e.g., to a
3371 BITNET_RELAY, a SMART_HOST, or
3372 whatever). This can reasonably be
3373 "uucp-new" if you are on a
3374 UUCP-connected site.
3375confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits?
3376confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
3377confALIAS_WAIT AliasWait [10m] Time to wait for alias file
3378 rebuild until you get bored and
3379 decide that the apparently pending
3380 rebuild failed.
3381confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on
3382 queue filesystem to accept SMTP mail.
3383 (Prior to 8.7 this was minfree/maxsize,
3384 where minfree was the number of free
3385 blocks and maxsize was the maximum
3386 message size. Use confMAX_MESSAGE_SIZE
3387 for the second value now.)
3388confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages
3389 that will be accepted (in bytes).
3390confBLANK_SUB BlankSub [.] Blank (space) substitution
3391 character.
3392confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately
3393 to mailers marked expensive.
3394confCHECKPOINT_INTERVAL CheckpointInterval
3395 [10] Checkpoint queue files every N
3396 recipients.
3397confDELIVERY_MODE DeliveryMode [background] Default delivery mode.
3398confERROR_MODE ErrorMode [print] Error message mode.
3399confERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
3400confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines.
3401confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode.
3402confMATCH_GECOS MatchGECOS [False] Match GECOS field.
3403confMAX_HOP MaxHopCount [25] Maximum hop count.
3404confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
3405 mode] Ignore dot as terminator for
3406 incoming messages?
3407confBIND_OPTS ResolverOptions [undefined] Default options for DNS
3408 resolver.
3409confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
3410 encapsulated messages per RFC 1344.
3411confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward]
3412 The colon-separated list of places to
3413 search for .forward files. N.B.: see
3414 the Security Notes section.
3415confMCI_CACHE_SIZE ConnectionCacheSize
3416 [2] Size of open connection cache.
3417confMCI_CACHE_TIMEOUT ConnectionCacheTimeout
3418 [5m] Open connection cache timeout.
3419confHOST_STATUS_DIRECTORY HostStatusDirectory
3420 [undefined] If set, host status is kept
3421 on disk between sendmail runs in the
3422 named directory tree. This need not be
3423 a full pathname, in which case it is
3424 interpreted relative to the queue
3425 directory.
3426confSINGLE_THREAD_DELIVERY SingleThreadDelivery
3427 [False] If this option and the
3428 HostStatusDirectory option are both
3429 set, single thread deliveries to other
3430 hosts. That is, don't allow any two
3431 sendmails on this host to connect
3432 simultaneously to any other single
3433 host. This can slow down delivery in
3434 some cases, in particular since a
3435 cached but otherwise idle connection
3436 to a host will prevent other sendmails
3437 from connecting to the other host.
3438confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
3439 deliver error messages. This should
3440 not be necessary because of general
3441 acceptance of the envelope/header
3442 distinction.
3443confLOG_LEVEL LogLevel [9] Log level.
3444confME_TOO MeToo [True] Include sender in group
3445 expansions. This option is
3446 deprecated and will be removed from
3447 a future version.
3448confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when
3449 running newaliases. Since this does
3450 DNS lookups on every address, it can
3451 slow down the alias rebuild process
3452 considerably on large alias files.
3453confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without
3454 special chars are old style.
3455confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags.
3456confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
3457 copies of all error messages.
3458confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
3459confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for
3460 queue files (octal). If not set,
3461 sendmail uses 0600 unless its real
3462 and effective uid are different in
3463 which case it uses 0644.
3464confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
3465 syntax addresses to the minimum
3466 possible.
3467confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk
3468 before forking.
3469confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
3470 on the initial connect.
3471confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial
3472 connect() to complete. This can only
3473 shorten connection timeouts; the kernel
3474 silently enforces an absolute maximum
3475 (which varies depending on the system).
3476confTO_ICONNECT Timeout.iconnect
3477 [undefined] Like Timeout.connect, but
3478 applies only to the very first attempt
3479 to connect to a host in a message.
3480 This allows a single very fast pass
3481 followed by more careful delivery
3482 attempts in the future.
3483confTO_ACONNECT Timeout.aconnect
3484 [0] The overall timeout waiting for
3485 all connection for a single delivery
3486 attempt to succeed. If 0, no overall
3487 limit is applied.
3488confTO_HELO Timeout.helo [5m] The timeout waiting for a response
3489 to a HELO or EHLO command.
3490confTO_MAIL Timeout.mail [10m] The timeout waiting for a
3491 response to the MAIL command.
3492confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response
3493 to the RCPT command.
3494confTO_DATAINIT Timeout.datainit
3495 [5m] The timeout waiting for a 354
3496 response from the DATA command.
3497confTO_DATABLOCK Timeout.datablock
3498 [1h] The timeout waiting for a block
3499 during DATA phase.
3500confTO_DATAFINAL Timeout.datafinal
3501 [1h] The timeout waiting for a response
3502 to the final "." that terminates a
3503 message.
3504confTO_RSET Timeout.rset [5m] The timeout waiting for a response
3505 to the RSET command.
3506confTO_QUIT Timeout.quit [2m] The timeout waiting for a response
3507 to the QUIT command.
3508confTO_MISC Timeout.misc [2m] The timeout waiting for a response
3509 to other SMTP commands.
3510confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout
3511 waiting for a command to be issued.
3512confTO_IDENT Timeout.ident [5s] The timeout waiting for a
3513 response to an IDENT query.
3514confTO_FILEOPEN Timeout.fileopen
3515 [60s] The timeout waiting for a file
3516 (e.g., :include: file) to be opened.
3517confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response
3518 to an LMTP LHLO command.
3519confTO_STARTTLS Timeout.starttls
3520 [1h] The timeout waiting for a
3521 response to an SMTP STARTTLS command.
3522confTO_CONTROL Timeout.control
3523 [2m] The timeout for a complete
3524 control socket transaction to complete.
3525confTO_QUEUERETURN Timeout.queuereturn
3526 [5d] The timeout before a message is
3527 returned as undeliverable.
3528confTO_QUEUERETURN_NORMAL
3529 Timeout.queuereturn.normal
3530 [undefined] As above, for normal
3531 priority messages.
3532confTO_QUEUERETURN_URGENT
3533 Timeout.queuereturn.urgent
3534 [undefined] As above, for urgent
3535 priority messages.
3536confTO_QUEUERETURN_NONURGENT
3537 Timeout.queuereturn.non-urgent
3538 [undefined] As above, for non-urgent
3539 (low) priority messages.
3540confTO_QUEUERETURN_DSN
3541 Timeout.queuereturn.dsn
3542 [undefined] As above, for delivery
3543 status notification messages.
3544confTO_QUEUEWARN Timeout.queuewarn
3545 [4h] The timeout before a warning
3546 message is sent to the sender telling
3547 them that the message has been
3548 deferred.
3549confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal
3550 [undefined] As above, for normal
3551 priority messages.
3552confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent
3553 [undefined] As above, for urgent
3554 priority messages.
3555confTO_QUEUEWARN_NONURGENT
3556 Timeout.queuewarn.non-urgent
3557 [undefined] As above, for non-urgent
3558 (low) priority messages.
3559confTO_QUEUEWARN_DSN
3560 Timeout.queuewarn.dsn
3561 [undefined] As above, for delivery
3562 status notification messages.
3563confTO_HOSTSTATUS Timeout.hoststatus
3564 [30m] How long information about host
3565 statuses will be maintained before it
3566 is considered stale and the host should
3567 be retried. This applies both within
3568 a single queue run and to persistent
3569 information (see below).
3570confTO_RESOLVER_RETRANS Timeout.resolver.retrans
3571 [varies] Sets the resolver's
3572 retransmission time interval (in
3573 seconds). Sets both
3574 Timeout.resolver.retrans.first and
3575 Timeout.resolver.retrans.normal.
3576confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
3577 [varies] Sets the resolver's
3578 retransmission time interval (in
3579 seconds) for the first attempt to
3580 deliver a message.
3581confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
3582 [varies] Sets the resolver's
3583 retransmission time interval (in
3584 seconds) for all resolver lookups
3585 except the first delivery attempt.
3586confTO_RESOLVER_RETRY Timeout.resolver.retry
3587 [varies] Sets the number of times
3588 to retransmit a resolver query.
3589 Sets both
3590 Timeout.resolver.retry.first and
3591 Timeout.resolver.retry.normal.
3592confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
3593 [varies] Sets the number of times
3594 to retransmit a resolver query for
3595 the first attempt to deliver a
3596 message.
3597confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
3598 [varies] Sets the number of times
3599 to retransmit a resolver query for
3600 all resolver lookups except the
3601 first delivery attempt.
3602confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
3603 USE_SYSTEM to use the system's idea,
3604 USE_TZ to use the user's TZ envariable,
3605 or something else to force that value.
3606confDEF_USER_ID DefaultUser [1:1] Default user id.
3607confUSERDB_SPEC UserDatabaseSpec
3608 [undefined] User database
3609 specification.
3610confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
3611confFALLBACK_SMARTHOST FallbackSmartHost
3612 [undefined] Fallback smart host.
3613confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
3614 for a host and other arrangements
3615 haven't been made, try connecting
3616 to the host directly; normally this
3617 would be a config error.
3618confQUEUE_LA QueueLA [varies] Load average at which
3619 queue-only function kicks in.
3620 Default values is (8 * numproc)
3621 where numproc is the number of
3622 processors online (if that can be
3623 determined).
3624confREFUSE_LA RefuseLA [varies] Load average at which
3625 incoming SMTP connections are
3626 refused. Default values is (12 *
3627 numproc) where numproc is the
3628 number of processors online (if
3629 that can be determined).
3630confREJECT_LOG_INTERVAL RejectLogInterval [3h] Log interval when
3631 refusing connections for this long.
3632confDELAY_LA DelayLA [0] Load average at which sendmail
3633 will sleep for one second on most
3634 SMTP commands and before accepting
3635 connections. 0 means no limit.
3636confMAX_ALIAS_RECURSION MaxAliasRecursion
3637 [10] Maximum depth of alias recursion.
3638confMAX_DAEMON_CHILDREN MaxDaemonChildren
3639 [undefined] The maximum number of
3640 children the daemon will permit. After
3641 this number, connections will be
3642 rejected. If not set or <= 0, there is
3643 no limit.
3644confMAX_HEADERS_LENGTH MaxHeadersLength
3645 [32768] Maximum length of the sum
3646 of all headers.
3647confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
3648 [undefined] Maximum length of
3649 certain MIME header field values.
3650confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
3651 [undefined] The maximum number of
3652 connections permitted per second per
3653 daemon. After this many connections
3654 are accepted, further connections
3655 will be delayed. If not set or <= 0,
3656 there is no limit.
3657confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
3658 [60s] Define the length of the
3659 interval for which the number of
3660 incoming connections is maintained.
3661confWORK_RECIPIENT_FACTOR
3662 RecipientFactor [30000] Cost of each recipient.
3663confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a
3664 separate process.
3665confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class.
3666confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
3667confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
3668 Priority, Host, Filename, Random,
3669 Modification, or Time.
3670confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
3671 must sit in the queue between queue
3672 runs. This allows you to set the
3673 queue run interval low for better
3674 responsiveness without trying all
3675 jobs in each run.
3676confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
3677 unlabeled 8 bit input to MIME, the
3678 character set to use by default.
3679confSERVICE_SWITCH_FILE ServiceSwitchFile
3680 [/etc/mail/service.switch] The file
3681 to use for the service switch on
3682 systems that do not have a
3683 system-defined switch.
3684confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing
3685 "file" type access of hosts names.
3686confDIAL_DELAY DialDelay [0s] If a connection fails, wait this
3687 long and try again. Zero means "don't
3688 retry". This is to allow "dial on
3689 demand" connections to have enough time
3690 to complete a connection.
3691confNO_RCPT_ACTION NoRecipientAction
3692 [none] What to do if there are no legal
3693 recipient fields (To:, Cc: or Bcc:)
3694 in the message. Legal values can
3695 be "none" to just leave the
3696 nonconforming message as is, "add-to"
3697 to add a To: header with all the
3698 known recipients (which may expose
3699 blind recipients), "add-apparently-to"
3700 to do the same but use Apparently-To:
3701 instead of To: (strongly discouraged
3702 in accordance with IETF standards),
3703 "add-bcc" to add an empty Bcc:
3704 header, or "add-to-undisclosed" to
3705 add the header
3706 ``To: undisclosed-recipients:;''.
3707confSAFE_FILE_ENV SafeFileEnvironment
3708 [undefined] If set, sendmail will do a
3709 chroot() into this directory before
3710 writing files.
3711confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6]
3712 If set, colons are treated as a regular
3713 character in addresses. If not set,
3714 they are treated as the introducer to
3715 the RFC 822 "group" syntax. Colons are
3716 handled properly in route-addrs. This
3717 option defaults on for V5 and lower
3718 configuration files.
3719confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
3720 any given queue run to this number of
3721 entries. Essentially, this will stop
3722 reading each queue directory after this
3723 number of entries are reached; it does
3724 _not_ pick the highest priority jobs,
3725 so this should be as large as your
3726 system can tolerate. If not set, there
3727 is no limit.
3728confMAX_QUEUE_CHILDREN MaxQueueChildren
3729 [undefined] Limits the maximum number
3730 of concurrent queue runners active.
3731 This is to keep system resources used
3732 within a reasonable limit. Relates to
3733 Queue Groups and ForkEachJob.
3734confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
3735 [1] Only active when MaxQueueChildren
3736 defined. Controls the maximum number
3737 of queue runners (aka queue children)
3738 active at the same time in a work
3739 group. See also MaxQueueChildren.
3740confDONT_EXPAND_CNAMES DontExpandCnames
3741 [False] If set, $[ ... $] lookups that
3742 do DNS based lookups do not expand
3743 CNAME records. This currently violates
3744 the published standards, but the IETF
3745 seems to be moving toward legalizing
3746 this. For example, if "FTP.Foo.ORG"
3747 is a CNAME for "Cruft.Foo.ORG", then
3748 with this option set a lookup of
3749 "FTP" will return "FTP.Foo.ORG"; if
3750 clear it returns "Cruft.FOO.ORG". N.B.
3751 you may not see any effect until your
3752 downstream neighbors stop doing CNAME
3753 lookups as well.
3754confFROM_LINE UnixFromLine [From $g $d] The From_ line used
3755 when sending to files or programs.
3756confSINGLE_LINE_FROM_HEADER SingleLineFromHeader
3757 [False] From: lines that have
3758 embedded newlines are unwrapped
3759 onto one line.
3760confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that
3761 does not include a host name.
3762confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full
3763 name phrase (@,;:\()[] are automatic).
3764confOPERATORS OperatorChars [.:%@!^/[]+] Address operator
3765 characters.
3766confSMTP_LOGIN_MSG SmtpGreetingMessage
3767 [$j Sendmail $v/$Z; $b]
3768 The initial (spontaneous) SMTP
3769 greeting message. The word "ESMTP"
3770 will be inserted between the first and
3771 second words to convince other
3772 sendmails to try to speak ESMTP.
3773confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3)
3774 routine will never be invoked. You
3775 might want to do this if you are
3776 running NIS and you have a large group
3777 map, since this call does a sequential
3778 scan of the map; in a large site this
3779 can cause your ypserv to run
3780 essentially full time. If you set
3781 this, agents run on behalf of users
3782 will only have their primary
3783 (/etc/passwd) group permissions.
3784confUNSAFE_GROUP_WRITES UnsafeGroupWrites
3785 [True] If set, group-writable
3786 :include: and .forward files are
3787 considered "unsafe", that is, programs
3788 and files cannot be directly referenced
3789 from such files. World-writable files
3790 are always considered unsafe.
3791 Notice: this option is deprecated and
3792 will be removed in future versions;
3793 Set GroupWritableForwardFileSafe
3794 and GroupWritableIncludeFileSafe in
3795 DontBlameSendmail if required.
3796confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection
3797 address (for testing).
3798confCONTROL_SOCKET_NAME ControlSocketName
3799 [undefined] Control socket for daemon
3800 management.
3801confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress
3802 [postmaster] If an error occurs when
3803 sending an error message, send that
3804 "double bounce" error message to this
3805 address. If it expands to an empty
3806 string, double bounces are dropped.
3807confSOFT_BOUNCE SoftBounce [False] If set, issue temporary errors
3808 (4xy) instead of permanent errors
3809 (5xy). This can be useful during
3810 testing of a new configuration to
3811 avoid erroneous bouncing of mails.
3812confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce
3813 messages which could not be returned
3814 to the user or sent to postmaster.
3815 If not set, the queue file will
3816 be renamed.
3817confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header
3818 implies DSN request.
3819confRUN_AS_USER RunAsUser [undefined] If set, become this user
3820 when reading and delivering mail.
3821 Causes all file reads (e.g., .forward
3822 and :include: files) to be done as
3823 this user. Also, all programs will
3824 be run as this user, and all output
3825 files will be written as this user.
3826confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
3827 [infinite] If set, allow no more than
3828 the specified number of recipients in
3829 an SMTP envelope. Further recipients
3830 receive a 452 error code (i.e., they
3831 are deferred for the next delivery
3832 attempt).
3833confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified
3834 number of recipients in a single SMTP
3835 transaction have been rejected, sleep
3836 for one second after each subsequent
3837 RCPT command in that transaction.
3838confDONT_PROBE_INTERFACES DontProbeInterfaces
3839 [False] If set, sendmail will _not_
3840 insert the names and addresses of any
3841 local interfaces into class {w}
3842 (list of known "equivalent" addresses).
3843 If you set this, you must also include
3844 some support for these addresses (e.g.,
3845 in a mailertable entry) -- otherwise,
3846 mail to addresses in this list will
3847 bounce with a configuration error.
3848 If set to "loopback" (without
3849 quotes), sendmail will skip
3850 loopback interfaces (e.g., "lo0").
3851confPID_FILE PidFile [system dependent] Location of pid
3852 file.
3853confPROCESS_TITLE_PREFIX ProcessTitlePrefix
3854 [undefined] Prefix string for the
3855 process title shown on 'ps' listings.
3856confDONT_BLAME_SENDMAIL DontBlameSendmail
3857 [safe] Override sendmail's file
3858 safety checks. This will definitely
3859 compromise system security and should
3860 not be used unless absolutely
3861 necessary.
3862confREJECT_MSG - [550 Access denied] The message
3863 given if the access database contains
3864 REJECT in the value portion.
3865confRELAY_MSG - [550 Relaying denied] The message
3866 given if an unauthorized relaying
3867 attempt is rejected.
3868confDF_BUFFER_SIZE DataFileBufferSize
3869 [4096] The maximum size of a
3870 memory-buffered data (df) file
3871 before a disk-based file is used.
3872confXF_BUFFER_SIZE XScriptFileBufferSize
3873 [4096] The maximum size of a
3874 memory-buffered transcript (xf)
3875 file before a disk-based file is
3876 used.
3877confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client
3878 verification is performed, i.e.,
3879 the server doesn't ask for a
3880 certificate.
3881confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
3882 specification for LDAP maps. The
3883 value should only contain LDAP
3884 specific settings such as "-h host
3885 -p port -d bindDN", etc. The
3886 settings will be used for all LDAP
3887 maps unless they are specified in
3888 the individual map specification
3889 ('K' command).
3890confCACERT_PATH CACertPath [undefined] Path to directory
3891 with certs of CAs.
3892confCACERT CACertFile [undefined] File containing one CA
3893 cert.
3894confSERVER_CERT ServerCertFile [undefined] File containing the
3895 cert of the server, i.e., this cert
3896 is used when sendmail acts as
3897 server.
3898confSERVER_KEY ServerKeyFile [undefined] File containing the
3899 private key belonging to the server
3900 cert.
3901confCLIENT_CERT ClientCertFile [undefined] File containing the
3902 cert of the client, i.e., this cert
3903 is used when sendmail acts as
3904 client.
3905confCLIENT_KEY ClientKeyFile [undefined] File containing the
3906 private key belonging to the client
3907 cert.
3908confCRL CRLFile [undefined] File containing certificate
3909 revocation status, useful for X.509v3
3910 authentication. Note that CRL requires
3911 at least OpenSSL version 0.9.7.
3912confDH_PARAMETERS DHParameters [undefined] File containing the
3913 DH parameters.
3914confRAND_FILE RandFile [undefined] File containing random
3915 data (use prefix file:) or the
3916 name of the UNIX socket if EGD is
3917 used (use prefix egd:). STARTTLS
3918 requires this option if the compile
3919 flag HASURANDOM is not set (see
3920 sendmail/README).
3921confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
3922 queue runners is set the given value
3923 (nice(3)).
3924confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
3925 [undefined] Defines {daemon_flags}
3926 for direct submissions.
3927confUSE_MSP UseMSP [undefined] Use as mail submission
3928 program.
3929confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By
3930 SMTP Service Extension (RFC 2852).
3931confREQUIRES_DIR_FSYNC RequiresDirfsync [true] RequiresDirfsync can
3932 be used to turn off the compile time
3933 flag REQUIRES_DIR_FSYNC at runtime.
3934 See sendmail/README for details.
3935confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory.
3936confSHARED_MEMORY_KEY_FILE
3937 SharedMemoryKeyFile
3938 [undefined] File where the
3939 automatically selected key for
3940 shared memory is stored.
3941confFAST_SPLIT FastSplit [1] If set to a value greater than
3942 zero, the initial MX lookups on
3943 addresses is suppressed when they
3944 are sorted which may result in
3945 faster envelope splitting. If the
3946 mail is submitted directly from the
3947 command line, then the value also
3948 limits the number of processes to
3949 deliver the envelopes.
3950confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find
3951 information about local mailboxes.
3952confDEQUOTE_OPTS - [empty] Additional options for the
3953 dequote map.
3954confMAX_NOOP_COMMANDS MaxNOOPCommands [20] Maximum number of "useless"
3955 commands before the SMTP server
3956 will slow down responding.
3957confHELO_NAME HeloName If defined, use as name for EHLO/HELO
3958 command (instead of $j).
3959confINPUT_MAIL_FILTERS InputMailFilters
3960 A comma separated list of filters
3961 which determines which filters and
3962 the invocation sequence are
3963 contacted for incoming SMTP
3964 messages. If none are set, no
3965 filters will be contacted.
3966confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter
3967 actions, defaults to LogLevel.
3968confMILTER_MACROS_CONNECT Milter.macros.connect
3969 [j, _, {daemon_name}, {if_name},
3970 {if_addr}] Macros to transmit to
3971 milters when a session connection
3972 starts.
3973confMILTER_MACROS_HELO Milter.macros.helo
3974 [{tls_version}, {cipher},
3975 {cipher_bits}, {cert_subject},
3976 {cert_issuer}] Macros to transmit to
3977 milters after HELO/EHLO command.
3978confMILTER_MACROS_ENVFROM Milter.macros.envfrom
3979 [i, {auth_type}, {auth_authen},
3980 {auth_ssf}, {auth_author},
3981 {mail_mailer}, {mail_host},
3982 {mail_addr}] Macros to transmit to
3983 milters after MAIL FROM command.
3984confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
3985 [{rcpt_mailer}, {rcpt_host},
3986 {rcpt_addr}] Macros to transmit to
3987 milters after RCPT TO command.
3988confMILTER_MACROS_EOM Milter.macros.eom
3989 [{msg_id}] Macros to transmit to
3990 milters after the terminating
3991 DATA '.' is received.
3992confMILTER_MACROS_EOH Milter.macros.eoh
3993 Macros to transmit to milters
3994 after the end of headers.
3995confMILTER_MACROS_DATA Milter.macros.data
3996 Macros to transmit to milters
3997 after DATA command is received.
3998
3999
4000See also the description of OSTYPE for some parameters that can be
4001tweaked (generally pathnames to mailers).
4002
4003ClientPortOptions and DaemonPortOptions are special cases since multiple
4004clients/daemons can be defined. This can be done via
4005
4006 CLIENT_OPTIONS(`field1=value1,field2=value2,...')
4007 DAEMON_OPTIONS(`field1=value1,field2=value2,...')
4008
4009Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
4010ClientPortOptions settings) are allowed in order to give settings for each
4011protocol family (e.g., one for Family=inet and one for Family=inet6). A
4012restriction placed on one family only affects outgoing connections on that
4013particular family.
4014
4015If DAEMON_OPTIONS is not used, then the default is
4016
4017 DAEMON_OPTIONS(`Port=smtp, Name=MTA')
4018 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
4019
4020If you use one DAEMON_OPTIONS macro, it will alter the parameters
4021of the first of these. The second will still be defaulted; it
4022represents a "Message Submission Agent" (MSA) as defined by RFC
40232476 (see below). To turn off the default definition for the MSA,
4024use FEATURE(`no_default_msa') (see also FEATURES). If you use
4025additional DAEMON_OPTIONS macros, they will add additional daemons.
4026
4027Example 1: To change the port for the SMTP listener, while
4028still using the MSA default, use
4029 DAEMON_OPTIONS(`Port=925, Name=MTA')
4030
4031Example 2: To change the port for the MSA daemon, while still
4032using the default SMTP port, use
4033 FEATURE(`no_default_msa')
4034 DAEMON_OPTIONS(`Name=MTA')
4035 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
4036
4037Note that if the first of those DAEMON_OPTIONS lines were omitted, then
4038there would be no listener on the standard SMTP port.
4039
4040Example 3: To listen on both IPv4 and IPv6 interfaces, use
4041
4042 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4043 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4044
4045A "Message Submission Agent" still uses all of the same rulesets for
4046processing the message (and therefore still allows message rejection via
4047the check_* rulesets). In accordance with the RFC, the MSA will ensure
4048that all domains in envelope addresses are fully qualified if the message
4049is relayed to another MTA. It will also enforce the normal address syntax
4050rules and log error messages. Additionally, by using the M=a modifier you
4051can require authentication before messages are accepted by the MSA.
4052Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally,
4053the M=E modifier shown above disables ETRN as required by RFC 2476.
4054
4055Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
4056commands:
4057
4058 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
4059 MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
4060
4061The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
4062same order they were specified by also setting confINPUT_MAIL_FILTERS. A
4063filter can be defined without adding it to the input filter list by using
4064MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
4065Alternatively, you can reset the list of filters and their order by setting
4066confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
4067your .mc file.
4068
4069
4070+----------------------------+
4071| MESSAGE SUBMISSION PROGRAM |
4072+----------------------------+
4073
4074This section contains a list of caveats and
4075a few hints how for those who want to tweak the default configuration
4076for it (which is installed as submit.cf).
4077
4078Notice: do not add options/features to submit.mc unless you are
4079absolutely sure you need them. Options you may want to change
4080include:
4081
4082- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4083 avoiding X-Authentication warnings.
4084- confTIME_ZONE to change it from the default `USE_TZ'.
4085- confDELIVERY_MODE is set to interactive in msp.m4 instead
4086 of the default background mode.
4087- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4088 to the LOCAL_RELAY instead of the default relay.
4089
4090The MSP performs hostname canonicalization by default. Mail may end
4091up for various DNS related reasons in the MSP queue. This problem
4092can be minimized by using
4093
4094 FEATURE(`nocanonify', `canonify_hosts')
4095 define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
4096
4097See the discussion about nocanonify for possible side effects.
4098
4099Some things are not intended to work with the MSP. These include
4100features that influence the delivery process (e.g., mailertable,
4101aliases), or those that are only important for a SMTP server (e.g.,
4102virtusertable, DaemonPortOptions, multiple queues). Moreover,
4103relaxing certain restrictions (RestrictQueueRun, permissions on
4104queue directory) or adding features (e.g., enabling prog/file mailer)
4105can cause security problems.
4106
4107Other things don't work well with the MSP and require tweaking or
4108workarounds.
4109
4110The file and the map created by makemap should be owned by smmsp,
4111its group should be smmsp, and it should have mode 640.
4112
4113feature/msp.m4 defines almost all settings for the MSP. Most of
4114those should not be changed at all. Some of the features and options
4115can be overridden if really necessary. It is a bit tricky to do
4116this, because it depends on the actual way the option is defined
4117in feature/msp.m4. If it is directly defined (i.e., define()) then
4118the modified value must be defined after
4119
4120 FEATURE(`msp')
4121
4122If it is conditionally defined (i.e., ifdef()) then the desired
4123value must be defined before the FEATURE line in the .mc file.
4124To see how the options are defined read feature/msp.m4.
4125
4126
4127+--------------------------+
4128| FORMAT OF FILES AND MAPS |
4129+--------------------------+
4130
4131Files that define classes, i.e., F{classname}, consist of lines
4132each of which contains a single element of the class. For example,
4133/etc/mail/local-host-names may have the following content:
4134
4135my.domain
4136another.domain
4137
4138Maps must be created using makemap(8) , e.g.,
4139
4140 makemap hash MAP < MAP
4141
4142In general, a text file from which a map is created contains lines
4143of the form
4144
4145key value
4146
4147where 'key' and 'value' are also called LHS and RHS, respectively.
4148By default, the delimiter between LHS and RHS is a non-empty sequence
4149of white space characters.
4150
4151
4152+------------------+
4153| DIRECTORY LAYOUT |
4154+------------------+
4155
4156Within this directory are several subdirectories, to wit:
4157
4158m4 General support routines. These are typically
4159 very important and should not be changed without
4160 very careful consideration.
4161
4162cf The configuration files themselves. They have
4163 ".mc" suffixes, and must be run through m4 to
4164 become complete. The resulting output should
4165 have a ".cf" suffix.
4166
4167ostype Definitions describing a particular operating
4168 system type. These should always be referenced
4169 using the OSTYPE macro in the .mc file. Examples
4170 include "bsd4.3", "bsd4.4", "sunos3.5", and
4171 "sunos4.1".
4172
4173domain Definitions describing a particular domain, referenced
4174 using the DOMAIN macro in the .mc file. These are
4175 site dependent; for example, "CS.Berkeley.EDU.m4"
4176 describes hosts in the CS.Berkeley.EDU subdomain.
4177
4178mailer Descriptions of mailers. These are referenced using
4179 the MAILER macro in the .mc file.
4180
4181sh Shell files used when building the .cf file from the
4182 .mc file in the cf subdirectory.
4183
4184feature These hold special orthogonal features that you might
4185 want to include. They should be referenced using
4186 the FEATURE macro.
4187
4188hack Local hacks. These can be referenced using the HACK
4189 macro. They shouldn't be of more than voyeuristic
4190 interest outside the .Berkeley.EDU domain, but who knows?
4191
4192siteconfig Site configuration -- e.g., tables of locally connected
4193 UUCP sites.
4194
4195
4196+------------------------+
4197| ADMINISTRATIVE DETAILS |
4198+------------------------+
4199
4200The following sections detail usage of certain internal parts of the
4201sendmail.cf file. Read them carefully if you are trying to modify
4202the current model. If you find the above descriptions adequate, these
4203should be {boring, confusing, tedious, ridiculous} (pick one or more).
4204
4205RULESETS (* means built in to sendmail)
4206
4207 0 * Parsing
4208 1 * Sender rewriting
4209 2 * Recipient rewriting
4210 3 * Canonicalization
4211 4 * Post cleanup
4212 5 * Local address rewrite (after aliasing)
4213 1x mailer rules (sender qualification)
4214 2x mailer rules (recipient qualification)
4215 3x mailer rules (sender header qualification)
4216 4x mailer rules (recipient header qualification)
4217 5x mailer subroutines (general)
4218 6x mailer subroutines (general)
4219 7x mailer subroutines (general)
4220 8x reserved
4221 90 Mailertable host stripping
4222 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4223 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4224 98 Local part of ruleset 0 (ruleset 8 in old sendmail)
4225
4226
4227MAILERS
4228
4229 0 local, prog local and program mailers
4230 1 [e]smtp, relay SMTP channel
4231 2 uucp-* UNIX-to-UNIX Copy Program
4232 3 netnews Network News delivery
4233 4 fax Sam Leffler's HylaFAX software
4234 5 mail11 DECnet mailer
4235
4236
4237MACROS
4238
4239 A
4240 B Bitnet Relay
4241 C DECnet Relay
4242 D The local domain -- usually not needed
4243 E reserved for X.400 Relay
4244 F FAX Relay
4245 G
4246 H mail Hub (for mail clusters)
4247 I
4248 J
4249 K
4250 L Luser Relay
4251 M Masquerade (who you claim to be)
4252 N
4253 O
4254 P
4255 Q
4256 R Relay (for unqualified names)
4257 S Smart Host
4258 T
4259 U my UUCP name (if you have a UUCP connection)
4260 V UUCP Relay (class {V} hosts)
4261 W UUCP Relay (class {W} hosts)
4262 X UUCP Relay (class {X} hosts)
4263 Y UUCP Relay (all other hosts)
4264 Z Version number
4265
4266
4267CLASSES
4268
4269 A
4270 B domains that are candidates for bestmx lookup
4271 C
4272 D
4273 E addresses that should not seem to come from $M
4274 F hosts this system forward for
4275 G domains that should be looked up in genericstable
4276 H
4277 I
4278 J
4279 K
4280 L addresses that should not be forwarded to $R
4281 M domains that should be mapped to $M
4282 N host/domains that should not be mapped to $M
4283 O operators that indicate network operations (cannot be in local names)
4284 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4285 Q
4286 R domains this system is willing to relay (pass anti-spam filters)
4287 S
4288 T
4289 U locally connected UUCP hosts
4290 V UUCP hosts connected to relay $V
4291 W UUCP hosts connected to relay $W
4292 X UUCP hosts connected to relay $X
4293 Y locally connected smart UUCP hosts
4294 Z locally connected domain-ized UUCP hosts
4295 . the class containing only a dot
4296 [ the class containing only a left bracket
4297
4298
4299M4 DIVERSIONS
4300
4301 1 Local host detection and resolution
4302 2 Local Ruleset 3 additions
4303 3 Local Ruleset 0 additions
4304 4 UUCP Ruleset 0 additions
4305 5 locally interpreted names (overrides $R)
4306 6 local configuration (at top of file)
4307 7 mailer definitions
4308 8 DNS based blacklists
4309 9 special local rulesets (1 and 2)
4310
4311$Revision: 8.727 $, Last updated $Date: 2009/05/07 23:46:17 $
4312