xref: /titanic_41/usr/src/cmd/sendmail/cf/README (revision e9af4bc0b1cc30cea75d6ad4aa2fde97d985e9be)
1
2		SENDMAIL CONFIGURATION FILES
3
4This document describes the sendmail configuration files.  It
5explains how to create a sendmail.cf file for use with sendmail.
6It also describes how to set options for sendmail which are explained
7in the Sendmail Installation and Operation guide, which can be found
8on-line at http://www.sendmail.org/%7Eca/email/doc8.12/op.html .
9Recall this URL throughout this document when references to
10doc/op/op.* are made.
11
12Table of Content:
13
14INTRODUCTION AND EXAMPLE
15A BRIEF INTRODUCTION TO M4
16FILE LOCATIONS
17OSTYPE
18DOMAINS
19MAILERS
20FEATURES
21HACKS
22SITE CONFIGURATION
23USING UUCP MAILERS
24TWEAKING RULESETS
25MASQUERADING AND RELAYING
26USING LDAP FOR ALIASES, MAPS, AND CLASSES
27LDAP ROUTING
28ANTI-SPAM CONFIGURATION CONTROL
29CONNECTION CONTROL
30STARTTLS
31ADDING NEW MAILERS OR RULESETS
32ADDING NEW MAIL FILTERS
33QUEUE GROUP DEFINITIONS
34NON-SMTP BASED CONFIGURATIONS
35WHO AM I?
36ACCEPTING MAIL FOR MULTIPLE NAMES
37USING MAILERTABLES
38USING USERDB TO MAP FULL NAMES
39MISCELLANEOUS SPECIAL FEATURES
40SECURITY NOTES
41TWEAKING CONFIGURATION OPTIONS
42MESSAGE SUBMISSION PROGRAM
43FORMAT OF FILES AND MAPS
44DIRECTORY LAYOUT
45ADMINISTRATIVE DETAILS
46
47
48+--------------------------+
49| INTRODUCTION AND EXAMPLE |
50+--------------------------+
51
52Configuration files are contained in the subdirectory "cf", with a
53suffix ".mc".  They must be run through "m4" to produce a ".cf" file.
54You must pre-load "cf.m4":
55
56	m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
57
58Alternatively, you can simply:
59
60	cd ${CFDIR}/cf
61	/usr/ccs/bin/make config.cf
62
63where ${CFDIR} is the root of the cf directory and config.mc is the
64name of your configuration file.  If you are running a version of M4
65that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
66this, but the versions distributed with 4.4BSD and derivatives do not)
67or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
68For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
69use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash!  For example:
70
71	m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
72
73Let's examine a typical .mc file:
74
75	divert(-1)
76	#
77	# Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
78	#	All rights reserved.
79	# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
80	# Copyright (c) 1988, 1993
81	#	The Regents of the University of California.  All rights reserved.
82	#
83	# By using this file, you agree to the terms and conditions set
84	# forth in the LICENSE file which can be found at the top level of
85	# the sendmail distribution.
86	#
87
88	#
89	#  This is a Berkeley-specific configuration file for HP-UX 9.x.
90	#  It applies only to the Computer Science Division at Berkeley,
91	#  and should not be used elsewhere.   It is provided on the sendmail
92	#  distribution as a sample only.  To create your own configuration
93	#  file, create an appropriate domain file in ../domain, change the
94	#  `DOMAIN' macro below to reference that file, and copy the result
95	#  to a name of your own choosing.
96	#
97	divert(0)
98
99The divert(-1) will delete the crud in the resulting output file.
100The copyright notice can be replaced by whatever your lawyers require;
101our lawyers require the one that is included in these files.  A copyleft
102is a copyright by another name.  The divert(0) restores regular output.
103
104	VERSIONID(`<SCCS or RCS version id>')
105
106VERSIONID is a macro that stuffs the version information into the
107resulting file.  You could use SCCS, RCS, CVS, something else, or
108omit it completely.  This is not the same as the version id included
109in SMTP greeting messages -- this is defined in m4/version.m4.
110
111	OSTYPE(`hpux9')dnl
112
113You must specify an OSTYPE to properly configure things such as the
114pathname of the help and status files, the flags needed for the local
115mailer, and other important things.  If you omit it, you will get an
116error when you try to build the configuration.  Look at the ostype
117directory for the list of known operating system types.
118
119	DOMAIN(`CS.Berkeley.EDU')dnl
120
121This example is specific to the Computer Science Division at Berkeley.
122You can use "DOMAIN(`generic')" to get a sufficiently bland definition
123that may well work for you, or you can create a customized domain
124definition appropriate for your environment.
125
126	MAILER(`local')
127	MAILER(`smtp')
128
129These describe the mailers used at the default CS site.  The local
130mailer is always included automatically.  Beware: MAILER declarations
131should only be followed by LOCAL_* sections.  The general rules are
132that the order should be:
133
134	VERSIONID
135	OSTYPE
136	DOMAIN
137	FEATURE
138	local macro definitions
139	MAILER
140	LOCAL_CONFIG
141	LOCAL_RULE_*
142	LOCAL_RULESETS
143
144There are a few exceptions to this rule.  Local macro definitions which
145influence a FEATURE() should be done before that feature.  For example,
146a define(`PROCMAIL_MAILER_PATH', ...) should be done before
147FEATURE(`local_procmail').
148
149
150+----------------------------+
151| A BRIEF INTRODUCTION TO M4 |
152+----------------------------+
153
154Sendmail uses the M4 macro processor to ``compile'' the configuration
155files.  The most important thing to know is that M4 is stream-based,
156that is, it doesn't understand about lines.  For this reason, in some
157places you may see the word ``dnl'', which stands for ``delete
158through newline''; essentially, it deletes all characters starting
159at the ``dnl'' up to and including the next newline character.  In
160most cases sendmail uses this only to avoid lots of unnecessary
161blank lines in the output.
162
163Other important directives are define(A, B) which defines the macro
164``A'' to have value ``B''.  Macros are expanded as they are read, so
165one normally quotes both values to prevent expansion.  For example,
166
167	define(`SMART_HOST', `smart.foo.com')
168
169One word of warning:  M4 macros are expanded even in lines that appear
170to be comments.  For example, if you have
171
172	# See FEATURE(`foo') above
173
174it will not do what you expect, because the FEATURE(`foo') will be
175expanded.  This also applies to
176
177	# And then define the $X macro to be the return address
178
179because ``define'' is an M4 keyword.  If you want to use them, surround
180them with directed quotes, `like this'.
181
182Since m4 uses single quotes (opening "`" and closing "'") to quote
183arguments, those quotes can't be used in arguments.  For example,
184it is not possible to define a rejection message containing a single
185quote. Usually there are simple workarounds by changing those
186messages; in the worst case it might be ok to change the value
187directly in the generated .cf file, which however is not advised.
188
189+----------------+
190| FILE LOCATIONS |
191+----------------+
192
193sendmail 8.9 has introduced a new configuration directory for sendmail
194related files, /etc/mail.  The new files available for sendmail 8.9 --
195the class {R} /etc/mail/relay-domains and the access database
196/etc/mail/access -- take advantage of this new directory.  Beginning with
1978.10, all files will use this directory by default (some options may be
198set by OSTYPE() files).  This new directory should help to restore
199uniformity to sendmail's file locations.
200
201Below is a table of some of the common changes:
202
203Old filename			New filename
204------------			------------
205/etc/bitdomain			/etc/mail/bitdomain
206/etc/domaintable		/etc/mail/domaintable
207/etc/genericstable		/etc/mail/genericstable
208/etc/uudomain			/etc/mail/uudomain
209/etc/virtusertable		/etc/mail/virtusertable
210/etc/userdb			/etc/mail/userdb
211
212/etc/aliases			/etc/mail/aliases
213/etc/sendmail/aliases		/etc/mail/aliases
214/etc/ucbmail/aliases		/etc/mail/aliases
215/usr/adm/sendmail/aliases	/etc/mail/aliases
216/usr/lib/aliases		/etc/mail/aliases
217/usr/lib/mail/aliases		/etc/mail/aliases
218/usr/ucblib/aliases		/etc/mail/aliases
219
220/etc/sendmail.cw		/etc/mail/local-host-names
221/etc/mail/sendmail.cw		/etc/mail/local-host-names
222/etc/sendmail/sendmail.cw	/etc/mail/local-host-names
223
224/etc/sendmail.ct		/etc/mail/trusted-users
225
226/etc/sendmail.oE		/etc/mail/error-header
227
228/etc/sendmail.hf		/etc/mail/helpfile
229/etc/mail/sendmail.hf		/etc/mail/helpfile
230/usr/ucblib/sendmail.hf		/etc/mail/helpfile
231/etc/ucbmail/sendmail.hf	/etc/mail/helpfile
232/usr/lib/sendmail.hf		/etc/mail/helpfile
233/usr/share/lib/sendmail.hf	/etc/mail/helpfile
234/usr/share/misc/sendmail.hf	/etc/mail/helpfile
235/share/misc/sendmail.hf		/etc/mail/helpfile
236
237/etc/service.switch		/etc/mail/service.switch
238
239/etc/sendmail.st		/etc/mail/statistics
240/etc/mail/sendmail.st		/etc/mail/statistics
241/etc/mailer/sendmail.st		/etc/mail/statistics
242/etc/sendmail/sendmail.st	/etc/mail/statistics
243/usr/lib/sendmail.st		/etc/mail/statistics
244/usr/ucblib/sendmail.st		/etc/mail/statistics
245
246Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
247to create the pathnames.  The default value of this variable is
248`/etc/mail/'.  If you set this macro to a different value, you MUST include
249a trailing slash.
250
251Notice: all filenames used in a .mc (or .cf) file should be absolute
252(starting at the root, i.e., with '/').  Relative filenames most
253likely cause surprises during operations (unless otherwise noted).
254
255
256+--------+
257| OSTYPE |
258+--------+
259
260You MUST define an operating system environment, or the configuration
261file build will puke.  There are several environments available; look
262at the "ostype" directory for the current list.  This macro changes
263things like the location of the alias file and queue directory.  Some
264of these files are identical to one another.
265
266It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
267In general, the OSTYPE macro should go immediately after any version
268information, and MAILER definitions should always go last.
269
270Operating system definitions are usually easy to write.  They may define
271the following variables (everything defaults, so an ostype file may be
272empty).  Unfortunately, the list of configuration-supported systems is
273not as broad as the list of source-supported systems, since many of
274the source contributors do not include corresponding ostype files.
275
276ALIAS_FILE		[/etc/mail/aliases] The location of the text version
277			of the alias file(s).  It can be a comma-separated
278			list of names (but be sure you quote values with
279			commas in them -- for example, use
280				define(`ALIAS_FILE', `a,b')
281			to get "a" and "b" both listed as alias files;
282			otherwise the define() primitive only sees "a").
283HELP_FILE		[/etc/mail/helpfile] The name of the file
284			containing information printed in response to
285			the SMTP HELP command.
286QUEUE_DIR		[/var/spool/mqueue] The directory containing
287			queue files.  To use multiple queues, supply
288			a value ending with an asterisk.  For
289			example, /var/spool/mqueue/qd* will use all of the
290			directories or symbolic links to directories
291			beginning with 'qd' in /var/spool/mqueue as queue
292			directories.  The names 'qf', 'df', and 'xf' are
293			reserved as specific subdirectories for the
294			corresponding queue file types as explained in
295			doc/op/op.me.  See also QUEUE GROUP DEFINITIONS.
296MSP_QUEUE_DIR		[/var/spool/clientmqueue] The directory containing
297			queue files for the MSP (Mail Submission Program).
298STATUS_FILE		[/etc/mail/statistics] The file containing status
299			information.
300LOCAL_MAILER_PATH	[/bin/mail] The program used to deliver local mail.
301LOCAL_MAILER_FLAGS	[Prmn9] The flags used by the local mailer.  The
302			flags lsDFMAw5:/|@q are always included.
303LOCAL_MAILER_ARGS	[mail -d $u] The arguments passed to deliver local
304			mail.
305LOCAL_MAILER_MAX	[undefined] If defined, the maximum size of local
306			mail that you are willing to accept.
307LOCAL_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
308			messages to deliver in a single connection.  Only
309			useful for LMTP local mailers.
310LOCAL_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
311			that ARRIVE from an address that resolves to the
312			local mailer and which are converted to MIME will be
313			labeled with this character set.
314LOCAL_MAILER_EOL	[undefined] If defined, the string to use as the
315			end of line for the local mailer.
316LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
317			[X-Unix] The DSN Diagnostic-Code value for the
318			local mailer.  This should be changed with care.
319LOCAL_SHELL_PATH	[/bin/sh] The shell used to deliver piped email.
320LOCAL_SHELL_FLAGS	[eu9] The flags used by the shell mailer.  The
321			flags lsDFM are always included.
322LOCAL_SHELL_ARGS	[sh -c $u] The arguments passed to deliver "prog"
323			mail.
324LOCAL_SHELL_DIR		[$z:/] The directory search path in which the
325			shell should run.
326LOCAL_MAILER_QGRP	[undefined] The queue group for the local mailer.
327SMTP_MAILER_FLAGS	[undefined] Flags added to SMTP mailer.  Default
328			flags are `mDFMuX' for all SMTP-based mailers; the
329			"esmtp" mailer adds `a'; "smtp8" adds `8'; and
330			"dsmtp" adds `%'.
331RELAY_MAILER_FLAGS	[undefined] Flags added to the relay mailer.  Default
332			flags are `mDFMuX' for all SMTP-based mailers; the
333			relay mailer adds `a8'.  If this is not defined,
334			then SMTP_MAILER_FLAGS is used.
335SMTP_MAILER_MAX		[undefined] The maximum size of messages that will
336			be transported using the smtp, smtp8, esmtp, or dsmtp
337			mailers.
338SMTP_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
339			messages to deliver in a single connection for the
340			smtp, smtp8, esmtp, or dsmtp mailers.
341SMTP_MAILER_MAXRCPTS	[undefined] If defined, the maximum number of
342			recipients to deliver in a single connection for the
343			smtp, smtp8, esmtp, or dsmtp mailers.
344SMTP_MAILER_ARGS	[TCP $h] The arguments passed to the smtp mailer.
345			About the only reason you would want to change this
346			would be to change the default port.
347ESMTP_MAILER_ARGS	[TCP $h] The arguments passed to the esmtp mailer.
348SMTP8_MAILER_ARGS	[TCP $h] The arguments passed to the smtp8 mailer.
349DSMTP_MAILER_ARGS	[TCP $h] The arguments passed to the dsmtp mailer.
350RELAY_MAILER_ARGS	[TCP $h] The arguments passed to the relay mailer.
351SMTP_MAILER_QGRP	[undefined] The queue group for the smtp mailer.
352ESMTP_MAILER_QGRP	[undefined] The queue group for the esmtp mailer.
353SMTP8_MAILER_QGRP	[undefined] The queue group for the smtp8 mailer.
354DSMTP_MAILER_QGRP	[undefined] The queue group for the dsmtp mailer.
355RELAY_MAILER_QGRP	[undefined] The queue group for the relay mailer.
356RELAY_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
357			messages to deliver in a single connection for the
358			relay mailer.
359SMTP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
360			that ARRIVE from an address that resolves to one of
361			the SMTP mailers and which are converted to MIME will
362			be labeled with this character set.
363SMTP_MAILER_LL		[990] The maximum line length for SMTP mailers
364			(except the relay mailer).
365RELAY_MAILER_LL		[2040] The maximum line length for the relay mailer.
366UUCP_MAILER_PATH	[/usr/bin/uux] The program used to send UUCP mail.
367UUCP_MAILER_FLAGS	[undefined] Flags added to UUCP mailer.  Default
368			flags are `DFMhuU' (and `m' for uucp-new mailer,
369			minus `U' for uucp-dom mailer).
370UUCP_MAILER_ARGS	[uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
371			passed to the UUCP mailer.
372UUCP_MAILER_MAX		[100000] The maximum size message accepted for
373			transmission by the UUCP mailers.
374UUCP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
375			that ARRIVE from an address that resolves to one of
376			the UUCP mailers and which are converted to MIME will
377			be labeled with this character set.
378UUCP_MAILER_QGRP	[undefined] The queue group for the UUCP mailers.
379PROCMAIL_MAILER_PATH	[/usr/local/bin/procmail] The path to the procmail
380			program.  This is also used by
381			FEATURE(`local_procmail').
382PROCMAIL_MAILER_FLAGS	[SPhnu9] Flags added to Procmail mailer.  Flags
383			DFM are always set.  This is NOT used by
384			FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
385			instead.
386PROCMAIL_MAILER_ARGS	[procmail -Y -m $h $f $u] The arguments passed to
387			the Procmail mailer.  This is NOT used by
388			FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
389			instead.
390PROCMAIL_MAILER_MAX	[undefined] If set, the maximum size message that
391			will be accepted by the procmail mailer.
392PROCMAIL_MAILER_QGRP	[undefined] The queue group for the procmail mailer.
393confEBINDIR		[/usr/libexec] The directory for executables.
394			Currently used for FEATURE(`local_lmtp') and
395			FEATURE(`smrsh').
396LOCAL_PROG_QGRP		[undefined] The queue group for the prog mailer.
397
398Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
399MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
400of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
401upper case) and change can be: flags that should be used directly
402(thus overriding the default value), or if it starts with `+' (`-')
403then those flags are added to (removed from) the default value.
404Example:
405
406	MODIFY_MAILER_FLAGS(`LOCAL', `+e')
407
408will add the flag `e' to LOCAL_MAILER_FLAGS.  Notice: there are
409several smtp mailers all of which are manipulated individually.
410See the section MAILERS for the available mailer names.
411WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
412unconditionally, i.e., without respecting any definitions in an
413OSTYPE setting.
414
415
416+---------+
417| DOMAINS |
418+---------+
419
420You will probably want to collect domain-dependent defines into one
421file, referenced by the DOMAIN macro.  For example, the Berkeley
422domain file includes definitions for several internal distinguished
423hosts:
424
425UUCP_RELAY	The host that will accept UUCP-addressed email.
426		If not defined, all UUCP sites must be directly
427		connected.
428BITNET_RELAY	The host that will accept BITNET-addressed email.
429		If not defined, the .BITNET pseudo-domain won't work.
430DECNET_RELAY	The host that will accept DECNET-addressed email.
431		If not defined, the .DECNET pseudo-domain and addresses
432		of the form node::user will not work.
433FAX_RELAY	The host that will accept mail to the .FAX pseudo-domain.
434		The "fax" mailer overrides this value.
435LOCAL_RELAY	The site that will handle unqualified names -- that
436		is, names without an @domain extension.
437		Normally MAIL_HUB is preferred for this function.
438		LOCAL_RELAY is mostly useful in conjunction with
439		FEATURE(`stickyhost') -- see the discussion of
440		stickyhost below.  If not set, they are assumed to
441		belong on this machine.  This allows you to have a
442		central site to store a company- or department-wide
443		alias database.  This only works at small sites,
444		and only with some user agents.
445LUSER_RELAY	The site that will handle lusers -- that is, apparently
446		local names that aren't local accounts or aliases.  To
447		specify a local user instead of a site, set this to
448		``local:username''.
449
450Any of these can be either ``mailer:hostname'' (in which case the
451mailer is the internal mailer name, such as ``uucp-new'' and the hostname
452is the name of the host as appropriate for that mailer) or just a
453``hostname'', in which case a default mailer type (usually ``relay'',
454a variant on SMTP) is used.  WARNING: if you have a wildcard MX
455record matching your domain, you probably want to define these to
456have a trailing dot so that you won't get the mail diverted back
457to yourself.
458
459The domain file can also be used to define a domain name, if needed
460(using "DD<domain>") and set certain site-wide features.  If all hosts
461at your site masquerade behind one email name, you could also use
462MASQUERADE_AS here.
463
464You do not have to define a domain -- in particular, if you are a
465single machine sitting off somewhere, it is probably more work than
466it's worth.  This is just a mechanism for combining "domain dependent
467knowledge" into one place.
468
469
470+---------+
471| MAILERS |
472+---------+
473
474There are fewer mailers supported in this version than the previous
475version, owing mostly to a simpler world.  As a general rule, put the
476MAILER definitions last in your .mc file.
477
478local		The local and prog mailers.  You will almost always
479		need these; the only exception is if you relay ALL
480		your mail to another site.  This mailer is included
481		automatically.
482
483smtp		The Simple Mail Transport Protocol mailer.  This does
484		not hide hosts behind a gateway or another other
485		such hack; it assumes a world where everyone is
486		running the name server.  This file actually defines
487		five mailers: "smtp" for regular (old-style) SMTP to
488		other servers, "esmtp" for extended SMTP to other
489		servers, "smtp8" to do SMTP to other servers without
490		converting 8-bit data to MIME (essentially, this is
491		your statement that you know the other end is 8-bit
492		clean even if it doesn't say so), "dsmtp" to do on
493		demand delivery, and "relay" for transmission to the
494		RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
495
496uucp		The UNIX-to-UNIX Copy Program mailer.  Actually, this
497		defines two mailers, "uucp-old" (a.k.a. "uucp") and
498		"uucp-new" (a.k.a. "suucp").  The latter is for when you
499		know that the UUCP mailer at the other end can handle
500		multiple recipients in one transfer.  If the smtp mailer
501		is included in your configuration, two other mailers
502		("uucp-dom" and "uucp-uudom") are also defined [warning: you
503		MUST specify MAILER(`smtp') before MAILER(`uucp')].  When you
504		include the uucp mailer, sendmail looks for all names in
505		class {U} and sends them to the uucp-old mailer; all
506		names in class {Y} are sent to uucp-new; and all
507		names in class {Z} are sent to uucp-uudom.  Note that
508		this is a function of what version of rmail runs on
509		the receiving end, and hence may be out of your control.
510		See the section below describing UUCP mailers in more
511		detail.
512
513procmail	An interface to procmail (does not come with sendmail).
514		This is designed to be used in mailertables.  For example,
515		a common question is "how do I forward all mail for a given
516		domain to a single person?".  If you have this mailer
517		defined, you could set up a mailertable reading:
518
519			host.com	procmail:/etc/procmailrcs/host.com
520
521		with the file /etc/procmailrcs/host.com reading:
522
523			:0	# forward mail for host.com
524			! -oi -f $1 person@other.host
525
526		This would arrange for (anything)@host.com to be sent
527		to person@other.host.  In a procmail script, $1 is the
528		name of the sender and $2 is the name of the recipient.
529		If you use this with FEATURE(`local_procmail'), the FEATURE
530		should be listed first.
531
532		Of course there are other ways to solve this particular
533		problem, e.g., a catch-all entry in a virtusertable.
534
535The local mailer accepts addresses of the form "user+detail", where
536the "+detail" is not used for mailbox matching but is available
537to certain local mail programs (in particular, see
538FEATURE(`local_procmail')).  For example, "eric", "eric+sendmail", and
539"eric+sww" all indicate the same user, but additional arguments <null>,
540"sendmail", and "sww" may be provided for use in sorting mail.
541
542
543+----------+
544| FEATURES |
545+----------+
546
547Special features can be requested using the "FEATURE" macro.  For
548example, the .mc line:
549
550	FEATURE(`use_cw_file')
551
552tells sendmail that you want to have it read an /etc/mail/local-host-names
553file to get values for class {w}.  A FEATURE may contain up to 9
554optional parameters -- for example:
555
556	FEATURE(`mailertable', `dbm /usr/lib/mailertable')
557
558The default database map type for the table features can be set with
559
560	define(`DATABASE_MAP_TYPE', `dbm')
561
562which would set it to use ndbm databases.  The default is the Berkeley DB
563hash database format.  Note that you must still declare a database map type
564if you specify an argument to a FEATURE.  DATABASE_MAP_TYPE is only used
565if no argument is given for the FEATURE.  It must be specified before any
566feature that uses a map.
567
568Also, features which can take a map definition as an argument can also take
569the special keyword `LDAP'.  If that keyword is used, the map will use the
570LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
571CLASSES'' section below.
572
573Available features are:
574
575use_cw_file	Read the file /etc/mail/local-host-names file to get
576		alternate names for this host.  This might be used if you
577		were on a host that MXed for a dynamic set of other hosts.
578		If the set is static, just including the line "Cw<name1>
579		<name2> ..." (where the names are fully qualified domain
580		names) is probably superior.  The actual filename can be
581		overridden by redefining confCW_FILE.
582
583use_ct_file	Read the file /etc/mail/trusted-users file to get the
584		names of users that will be ``trusted'', that is, able to
585		set their envelope from address using -f without generating
586		a warning message.  The actual filename can be overridden
587		by redefining confCT_FILE.
588
589redirect	Reject all mail addressed to "address.REDIRECT" with
590		a ``551 User has moved; please try <address>'' message.
591		If this is set, you can alias people who have left
592		to their new address with ".REDIRECT" appended.
593
594nouucp		Don't route UUCP addresses.  This feature takes one
595		parameter:
596		`reject': reject addresses which have "!" in the local
597			part unless it originates from a system
598			that is allowed to relay.
599		`nospecial': don't do anything special with "!".
600		Warnings: 1. See the notice in the anti-spam section.
601		2. don't remove "!" from OperatorChars if `reject' is
602		given as parameter.
603
604nocanonify	Don't pass addresses to $[ ... $] for canonification
605		by default, i.e., host/domain names are considered canonical,
606		except for unqualified names, which must not be used in this
607		mode (violation of the standard).  It can be changed by
608		setting the DaemonPortOptions modifiers (M=).  That is,
609		FEATURE(`nocanonify') will be overridden by setting the
610		'c' flag.  Conversely, if FEATURE(`nocanonify') is not used,
611		it can be emulated by setting the 'C' flag
612		(DaemonPortOptions=Modifiers=C).  This would generally only
613		be used by sites that only act as mail gateways or which have
614		user agents that do full canonification themselves.  You may
615		also want to use
616		"define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
617		the usual resolver options that do a similar thing.
618
619		An exception list for FEATURE(`nocanonify') can be
620		specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
621		i.e., a list of domains which are nevertheless passed to
622		$[ ... $] for canonification.  This is useful to turn on
623		canonification for local domains, e.g., use
624		CANONIFY_DOMAIN(`my.domain my') to canonify addresses
625		which end in "my.domain" or "my".
626		Another way to require canonification in the local
627		domain is CANONIFY_DOMAIN(`$=m').
628
629		A trailing dot is added to addresses with more than
630		one component in it such that other features which
631		expect a trailing dot (e.g., virtusertable) will
632		still work.
633
634		If `canonify_hosts' is specified as parameter, i.e.,
635		FEATURE(`nocanonify', `canonify_hosts'), then
636		addresses which have only a hostname, e.g.,
637		<user@host>, will be canonified (and hopefully fully
638		qualified), too.
639
640stickyhost	This feature is sometimes used with LOCAL_RELAY,
641		although it can be used for a different effect with
642		MAIL_HUB.
643
644		When used without MAIL_HUB, email sent to
645		"user@local.host" are marked as "sticky" -- that
646		is, the local addresses aren't matched against UDB,
647		don't go through ruleset 5, and are not forwarded to
648		the LOCAL_RELAY (if defined).
649
650		With MAIL_HUB, mail addressed to "user@local.host"
651		is forwarded to the mail hub, with the envelope
652		address still remaining "user@local.host".
653		Without stickyhost, the envelope would be changed
654		to "user@mail_hub", in order to protect against
655		mailing loops.
656
657mailertable	Include a "mailer table" which can be used to override
658		routing for particular domains (which are not in class {w},
659		i.e.  local host names).  The argument of the FEATURE may be
660		the key definition.  If none is specified, the definition
661		used is:
662
663			hash /etc/mail/mailertable
664
665		Keys in this database are fully qualified domain names
666		or partial domains preceded by a dot -- for example,
667		"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".  As a
668		special case of the latter, "." matches any domain not
669		covered by other keys.  Values must be of the form:
670			mailer:domain
671		where "mailer" is the internal mailer name, and "domain"
672		is where to send the message.  These maps are not
673		reflected into the message header.  As a special case,
674		the forms:
675			local:user
676		will forward to the indicated user using the local mailer,
677			local:
678		will forward to the original user in the e-mail address
679		using the local mailer, and
680			error:code message
681			error:D.S.N:code message
682		will give an error message with the indicated SMTP reply
683		code and message, where D.S.N is an RFC 1893 compliant
684		error code.
685
686domaintable	Include a "domain table" which can be used to provide
687		domain name mapping.  Use of this should really be
688		limited to your own domains.  It may be useful if you
689		change names (e.g., your company changes names from
690		oldname.com to newname.com).  The argument of the
691		FEATURE may be the key definition.  If none is specified,
692		the definition used is:
693
694			hash /etc/mail/domaintable
695
696		The key in this table is the domain name; the value is
697		the new (fully qualified) domain.  Anything in the
698		domaintable is reflected into headers; that is, this
699		is done in ruleset 3.
700
701bitdomain	Look up bitnet hosts in a table to try to turn them into
702		internet addresses.  The table can be built using the
703		bitdomain program contributed by John Gardiner Myers.
704		The argument of the FEATURE may be the key definition; if
705		none is specified, the definition used is:
706
707			hash /etc/mail/bitdomain
708
709		Keys are the bitnet hostname; values are the corresponding
710		internet hostname.
711
712uucpdomain	Similar feature for UUCP hosts.  The default map definition
713		is:
714
715			hash /etc/mail/uudomain
716
717		At the moment there is no automagic tool to build this
718		database.
719
720always_add_domain
721		Include the local host domain even on locally delivered
722		mail.  Normally it is not added on unqualified names.
723		However, if you use a shared message store but do not use
724		the same user name space everywhere, you may need the host
725		name on local names.  An optional argument specifies
726		another domain to be added than the local.
727
728allmasquerade	If masquerading is enabled (using MASQUERADE_AS), this
729		feature will cause recipient addresses to also masquerade
730		as being from the masquerade host.  Normally they get
731		the local hostname.  Although this may be right for
732		ordinary users, it can break local aliases.  For example,
733		if you send to "localalias", the originating sendmail will
734		find that alias and send to all members, but send the
735		message with "To: localalias@masqueradehost".  Since that
736		alias likely does not exist, replies will fail.  Use this
737		feature ONLY if you can guarantee that the ENTIRE
738		namespace on your masquerade host supersets all the
739		local entries.
740
741limited_masquerade
742		Normally, any hosts listed in class {w} are masqueraded.  If
743		this feature is given, only the hosts listed in class {M} (see
744		below:  MASQUERADE_DOMAIN) are masqueraded.  This is useful
745		if you have several domains with disjoint namespaces hosted
746		on the same machine.
747
748masquerade_entire_domain
749		If masquerading is enabled (using MASQUERADE_AS) and
750		MASQUERADE_DOMAIN (see below) is set, this feature will
751		cause addresses to be rewritten such that the masquerading
752		domains are actually entire domains to be hidden.  All
753		hosts within the masquerading domains will be rewritten
754		to the masquerade name (used in MASQUERADE_AS).  For example,
755		if you have:
756
757			MASQUERADE_AS(`masq.com')
758			MASQUERADE_DOMAIN(`foo.org')
759			MASQUERADE_DOMAIN(`bar.com')
760
761		then *foo.org and *bar.com are converted to masq.com.  Without
762		this feature, only foo.org and bar.com are masqueraded.
763
764		    NOTE: only domains within your jurisdiction and
765		    current hierarchy should be masqueraded using this.
766
767local_no_masquerade
768		This feature prevents the local mailer from masquerading even
769		if MASQUERADE_AS is used.  MASQUERADE_AS will only have effect
770		on addresses of mail going outside the local domain.
771
772masquerade_envelope
773		If masquerading is enabled (using MASQUERADE_AS) or the
774		genericstable is in use, this feature will cause envelope
775		addresses to also masquerade as being from the masquerade
776		host.  Normally only the header addresses are masqueraded.
777
778genericstable	This feature will cause unqualified addresses (i.e., without
779		a domain) and addresses with a domain listed in class {G}
780		to be looked up in a map and turned into another ("generic")
781		form, which can change both the domain name and the user name.
782		Notice: if you use an MSP (as it is default starting with
783		8.12), the MTA will only receive qualified addresses from the
784		MSP (as required by the RFCs).  Hence you need to add your
785		domain to class {G}.  This feature is similar to the userdb
786		functionality.  The same types of addresses as for
787		masquerading are looked up, i.e., only header sender
788		addresses unless the allmasquerade and/or masquerade_envelope
789		features are given.  Qualified addresses must have the domain
790		part in class {G}; entries can be added to this class by the
791		macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
792		to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
793
794		The argument of FEATURE(`genericstable') may be the map
795		definition; the default map definition is:
796
797			hash /etc/mail/genericstable
798
799		The key for this table is either the full address, the domain
800		(with a leading @; the localpart is passed as first argument)
801		or the unqualified username (tried in the order mentioned);
802		the value is the new user address.  If the new user address
803		does not include a domain, it will be qualified in the standard
804		manner, i.e., using $j or the masquerade name.  Note that the
805		address being looked up must be fully qualified.  For local
806		mail, it is necessary to use FEATURE(`always_add_domain')
807		for the addresses to be qualified.
808		The "+detail" of an address is passed as %1, so entries like
809
810			old+*@foo.org	new+%1@example.com
811			gen+*@foo.org	%1@example.com
812
813		and other forms are possible.
814
815generics_entire_domain
816		If the genericstable is enabled and GENERICS_DOMAIN or
817		GENERICS_DOMAIN_FILE is used, this feature will cause
818		addresses to be searched in the map if their domain
819		parts are subdomains of elements in class {G}.
820
821virtusertable	A domain-specific form of aliasing, allowing multiple
822		virtual domains to be hosted on one machine.  For example,
823		if the virtuser table contains:
824
825			info@foo.com	foo-info
826			info@bar.com	bar-info
827			joe@bar.com	error:nouser 550 No such user here
828			jax@bar.com	error:5.7.0:550 Address invalid
829			@baz.org	jane@example.net
830
831		then mail addressed to info@foo.com will be sent to the
832		address foo-info, mail addressed to info@bar.com will be
833		delivered to bar-info, and mail addressed to anyone at baz.org
834		will be sent to jane@example.net, mail to joe@bar.com will
835		be rejected with the specified error message, and mail to
836		jax@bar.com will also have a RFC 1893 compliant error code
837		5.7.0.
838
839		The username from the original address is passed
840		as %1 allowing:
841
842			@foo.org	%1@example.com
843
844		meaning someone@foo.org will be sent to someone@example.com.
845		Additionally, if the local part consists of "user+detail"
846		then "detail" is passed as %2 and "+detail" is passed as %3
847		when a match against user+* is attempted, so entries like
848
849			old+*@foo.org	new+%2@example.com
850			gen+*@foo.org	%2@example.com
851			+*@foo.org	%1%3@example.com
852			X++@foo.org	Z%3@example.com
853			@bar.org	%1%3
854
855		and other forms are possible.  Note: to preserve "+detail"
856		for a default case (@domain) %1%3 must be used as RHS.
857		There are two wildcards after "+": "+" matches only a non-empty
858		detail, "*" matches also empty details, e.g., user+@foo.org
859		matches +*@foo.org but not ++@foo.org.  This can be used
860		to ensure that the parameters %2 and %3 are not empty.
861
862		All the host names on the left hand side (foo.com, bar.com,
863		and baz.org) must be in class {w} or class {VirtHost}.  The
864		latter can be defined by the macros VIRTUSER_DOMAIN or
865		VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
866		MASQUERADE_DOMAIN_FILE, see below).  If VIRTUSER_DOMAIN or
867		VIRTUSER_DOMAIN_FILE is used, then the entries of class
868		{VirtHost} are added to class {R}, i.e., relaying is allowed
869		to (and from) those domains, which by default includes also
870		all subdomains (see relay_hosts_only).  The default map
871		definition is:
872
873			hash /etc/mail/virtusertable
874
875		A new definition can be specified as the second argument of
876		the FEATURE macro, such as
877
878			FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
879
880virtuser_entire_domain
881		If the virtusertable is enabled and VIRTUSER_DOMAIN or
882		VIRTUSER_DOMAIN_FILE is used, this feature will cause
883		addresses to be searched in the map if their domain
884		parts are subdomains of elements in class {VirtHost}.
885
886ldap_routing	Implement LDAP-based e-mail recipient routing according to
887		the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
888		This provides a method to re-route addresses with a
889		domain portion in class {LDAPRoute} to either a
890		different mail host or a different address.  Hosts can
891		be added to this class using LDAPROUTE_DOMAIN and
892		LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
893		MASQUERADE_DOMAIN_FILE, see below).
894
895		See the LDAP ROUTING section below for more information.
896
897nullclient	This is a special case -- it creates a configuration file
898		containing nothing but support for forwarding all mail to a
899		central hub via a local SMTP-based network.  The argument
900		is the name of that hub.
901
902		The only other feature that should be used in conjunction
903		with this one is FEATURE(`nocanonify').  No mailers
904		should be defined.  No aliasing or forwarding is done.
905
906local_lmtp	Use an LMTP capable local mailer.  The argument to this
907		feature is the pathname of an LMTP capable mailer.  By
908		default, mail.local is used.  This is expected to be the
909		mail.local which came with the 8.9 distribution which is
910		LMTP capable.  The path to mail.local is set by the
911		confEBINDIR m4 variable -- making the default
912		LOCAL_MAILER_PATH /usr/libexec/mail.local.
913		If a different LMTP capable mailer is used, its pathname
914		can be specified as second parameter and the arguments
915		passed to it (A=) as third parameter, e.g.,
916
917			FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
918
919		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
920		i.e., without respecting any definitions in an OSTYPE setting.
921
922local_procmail	Use procmail or another delivery agent as the local mailer.
923		The argument to this feature is the pathname of the
924		delivery agent, which defaults to PROCMAIL_MAILER_PATH.
925		Note that this does NOT use PROCMAIL_MAILER_FLAGS or
926		PROCMAIL_MAILER_ARGS for the local mailer; tweak
927		LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
928		specify the appropriate parameters.  When procmail is used,
929		the local mailer can make use of the
930		"user+indicator@local.host" syntax; normally the +indicator
931		is just tossed, but by default it is passed as the -a
932		argument to procmail.
933
934		This feature can take up to three arguments:
935
936		1. Path to the mailer program
937		   [default: /usr/local/bin/procmail]
938		2. Argument vector including name of the program
939		   [default: procmail -Y -a $h -d $u]
940		3. Flags for the mailer [default: SPfhn9]
941
942		Empty arguments cause the defaults to be taken.
943		Note that if you are on a system with a broken
944		setreuid() call, you may need to add -f $f to the procmail
945		argument vector to pass the proper sender to procmail.
946
947		For example, this allows it to use the maildrop
948		(http://www.flounder.net/~mrsam/maildrop/) mailer instead
949		by specifying:
950
951		FEATURE(`local_procmail', `/usr/local/bin/maildrop',
952		 `maildrop -d $u')
953
954		or scanmails using:
955
956		FEATURE(`local_procmail', `/usr/local/bin/scanmails')
957
958		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
959		i.e.,  without respecting any definitions in an OSTYPE setting.
960
961bestmx_is_local	Accept mail as though locally addressed for any host that
962		lists us as the best possible MX record.  This generates
963		additional DNS traffic, but should be OK for low to
964		medium traffic hosts.  The argument may be a set of
965		domains, which will limit the feature to only apply to
966		these domains -- this will reduce unnecessary DNS
967		traffic.  THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
968		WILDCARD MX RECORDS!!!  If you have a wildcard MX record
969		that matches your domain, you cannot use this feature.
970
971smrsh		Use the SendMail Restricted SHell (smrsh) provided
972		with the distribution instead of /bin/sh for mailing
973		to programs.  This improves the ability of the local
974		system administrator to control what gets run via
975		e-mail.  If an argument is provided it is used as the
976		pathname to smrsh; otherwise, the path defined by
977		confEBINDIR is used for the smrsh binary -- by default,
978		/usr/libexec/smrsh is assumed.
979
980promiscuous_relay
981		By default, the sendmail configuration files do not permit
982		mail relaying (that is, accepting mail from outside your
983		local host (class {w}) and sending it to another host than
984		your local host).  This option sets your site to allow
985		mail relaying from any site to any site.  In almost all
986		cases, it is better to control relaying more carefully
987		with the access map, class {R}, or authentication.  Domains
988		can be added to class {R} by the macros RELAY_DOMAIN or
989		RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
990		MASQUERADE_DOMAIN_FILE, see below).
991
992relay_entire_domain
993		This option allows any host in your domain as defined by
994		class {m} to use your server for relaying.  Notice: make
995		sure that your domain is not just a top level domain,
996		e.g., com.  This can happen if you give your host a name
997		like example.com instead of host.example.com.
998
999relay_hosts_only
1000		By default, names that are listed as RELAY in the access
1001		db and class {R} are treated as domain names, not host names.
1002		For example, if you specify ``foo.com'', then mail to or
1003		from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1004		will all be accepted for relaying.  This feature changes
1005		the behaviour to lookup individual host names only.
1006
1007relay_based_on_MX
1008		Turns on the ability to allow relaying based on the MX
1009		records of the host portion of an incoming recipient; that
1010		is, if an MX record for host foo.com points to your site,
1011		you will accept and relay mail addressed to foo.com.  See
1012		description below for more information before using this
1013		feature.  Also, see the KNOWNBUGS entry regarding bestmx
1014		map lookups.
1015
1016		FEATURE(`relay_based_on_MX') does not necessarily allow
1017		routing of these messages which you expect to be allowed,
1018		if route address syntax (or %-hack syntax) is used.  If
1019		this is a problem, add entries to the access-table or use
1020		FEATURE(`loose_relay_check').
1021
1022relay_mail_from
1023		Allows relaying if the mail sender is listed as RELAY in
1024		the access map.  If an optional argument `domain' (this
1025		is the literal word `domain', not a placeholder) is given,
1026		relaying can be allowed just based on the domain portion
1027		of the sender address.  This feature should only be used if
1028		absolutely necessary as the sender address can be easily
1029		forged.  Use of this feature requires the "From:" tag to
1030		be used for the key in the access map; see the discussion
1031		of tags and FEATURE(`relay_mail_from') in the section on
1032		anti-spam configuration control.
1033
1034relay_local_from
1035		Allows relaying if the domain portion of the mail sender
1036		is a local host.  This should only be used if absolutely
1037		necessary as it opens a window for spammers.  Specifically,
1038		they can send mail to your mail server that claims to be
1039		from your domain (either directly or via a routed address),
1040		and you will go ahead and relay it out to arbitrary hosts
1041		on the Internet.
1042
1043accept_unqualified_senders
1044		Normally, MAIL FROM: commands in the SMTP session will be
1045		refused if the connection is a network connection and the
1046		sender address does not include a domain name.  If your
1047		setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1048		you will need to use this feature to accept unqualified
1049		sender addresses.  Setting the DaemonPortOptions modifier
1050		'u' overrides the default behavior, i.e., unqualified
1051		addresses are accepted even without this FEATURE.
1052		If this FEATURE is not used, the DaemonPortOptions modifier
1053		'f' can be used to enforce fully qualified addresses.
1054
1055accept_unresolvable_domains
1056		Normally, MAIL FROM: commands in the SMTP session will be
1057		refused if the host part of the argument to MAIL FROM:
1058		cannot be located in the host name service (e.g., an A or
1059		MX record in DNS).  If you are inside a firewall that has
1060		only a limited view of the Internet host name space, this
1061		could cause problems.  In this case you probably want to
1062		use this feature to accept all domains on input, even if
1063		they are unresolvable.
1064
1065access_db	Turns on the access database feature.  The access db gives
1066		you the ability to allow or refuse to accept mail from
1067		specified domains for administrative reasons.  Moreover,
1068		it can control the behavior of sendmail in various situations.
1069		By default, the access database specification is:
1070
1071			hash -T<TMPF> /etc/mail/access
1072
1073		See the anti-spam configuration control section for further
1074		important information about this feature.  Notice:
1075		"-T<TMPF>" is meant literal, do not replace it by anything.
1076
1077blacklist_recipients
1078		Turns on the ability to block incoming mail for certain
1079		recipient usernames, hostnames, or addresses.  For
1080		example, you can block incoming mail to user nobody,
1081		host foo.mydomain.com, or guest@bar.mydomain.com.
1082		These specifications are put in the access db as
1083		described in the anti-spam configuration control section
1084		later in this document.
1085
1086delay_checks	The rulesets check_mail and check_relay will not be called
1087		when a client connects or issues a MAIL command, respectively.
1088		Instead, those rulesets will be called by the check_rcpt
1089		ruleset; they will be skipped under certain circumstances.
1090		See "Delay all checks" in the anti-spam configuration control
1091		section.  Note: this feature is incompatible to the versions
1092		in 8.10 and 8.11.
1093
1094use_client_ptr	If this feature is enabled then check_relay will override
1095		its first argument with $&{client_ptr}.  This is useful for
1096		rejections based on the unverified hostname of client,
1097		which turns on the same behavior as in earlier sendmail
1098		versions when delay_checks was not in use.  See doc/op/op.*
1099		about check_relay, {client_name}, and {client_ptr}.
1100
1101dnsbl		Turns on rejection, discarding, or quarantining of hosts
1102		found in a DNS based list.  The first argument is used as
1103		the domain in which blocked hosts are listed.  A second
1104		argument can be used to change the default error message,
1105		or select one of the operations `discard' and `quarantine'.
1106		Without that second argument, the error message will be
1107
1108			Rejected: IP-ADDRESS listed at SERVER
1109
1110		where IP-ADDRESS and SERVER are replaced by the appropriate
1111		information.  By default, temporary lookup failures are
1112		ignored.  This behavior can be changed by specifying a
1113		third argument, which must be either `t' or a full error
1114		message.  See the anti-spam configuration control section for
1115		an example.  The dnsbl feature can be included several times
1116		to query different DNS based rejection lists.  See also
1117		enhdnsbl for an enhanced version.
1118
1119		Set the DNSBL_MAP mc option to change the default map
1120		definition from `host'.  Set the DNSBL_MAP_OPT mc option
1121		to add additional options to the map specification used.
1122
1123		Some DNS based rejection lists cause failures if asked
1124		for AAAA records. If your sendmail version is compiled
1125		with IPv6 support (NETINET6) and you experience this
1126		problem, add
1127
1128			define(`DNSBL_MAP', `dns -R A')
1129
1130		before the first use of this feature.  Alternatively you
1131		can use enhdnsbl instead (see below).  Moreover, this
1132		statement can be used to reduce the number of DNS retries,
1133		e.g.,
1134
1135			define(`DNSBL_MAP', `dns -R A -r2')
1136
1137		See below (EDNSBL_TO) for an explanation.
1138
1139enhdnsbl	Enhanced version of dnsbl (see above).  Further arguments
1140		(up to 5) can be used to specify specific return values
1141		from lookups.  Temporary lookup failures are ignored unless
1142		a third argument is given, which must be either `t' or a full
1143		error message.  By default, any successful lookup will
1144		generate an error.  Otherwise the result of the lookup is
1145		compared with the supplied argument(s), and only if a match
1146		occurs an error is generated.  For example,
1147
1148		FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
1149
1150		will reject the e-mail if the lookup returns the value
1151		``127.0.0.2.'', or generate a 451 response if the lookup
1152		temporarily failed.  The arguments can contain metasymbols
1153		as they are allowed in the LHS of rules.  As the example
1154		shows, the default values are also used if an empty argument,
1155		i.e., `', is specified.  This feature requires that sendmail
1156		has been compiled with the flag DNSMAP (see sendmail/README).
1157
1158		Set the EDNSBL_TO mc option to change the DNS retry count
1159		from the default value of 5, this can be very useful when
1160		a DNS server is not responding, which in turn may cause
1161		clients to time out (an entry stating
1162
1163			did not issue MAIL/EXPN/VRFY/ETRN
1164
1165		will be logged).
1166
1167ratecontrol	Enable simple ruleset to do connection rate control
1168		checking.  This requires entries in access_db of the form
1169
1170			ClientRate:IP.ADD.RE.SS		LIMIT
1171
1172		The RHS specifies the maximum number of connections
1173		(an integer number) over the time interval defined
1174		by ConnectionRateWindowSize, where 0 means unlimited.
1175
1176		Take the following example:
1177
1178			ClientRate:10.1.2.3		4
1179			ClientRate:127.0.0.1		0
1180			ClientRate:			10
1181
1182		10.1.2.3 can only make up to 4 connections, the
1183		general limit it 10, and 127.0.0.1 can make an unlimited
1184		number of connections per ConnectionRateWindowSize.
1185
1186		See also CONNECTION CONTROL.
1187
1188conncontrol	Enable a simple check of the number of incoming SMTP
1189		connections.  This requires entries in access_db of the
1190		form
1191
1192			ClientConn:IP.ADD.RE.SS		LIMIT
1193
1194		The RHS specifies the maximum number of open connections
1195		(an integer number).
1196
1197		Take the following example:
1198
1199			ClientConn:10.1.2.3		4
1200			ClientConn:127.0.0.1		0
1201			ClientConn:			10
1202
1203		10.1.2.3 can only have up to 4 open connections, the
1204		general limit it 10, and 127.0.0.1 does not have any
1205		explicit limit.
1206
1207		See also CONNECTION CONTROL.
1208
1209mtamark		Experimental support for "Marking Mail Transfer Agents in
1210		Reverse DNS with TXT RRs" (MTAMark), see
1211		draft-stumpf-dns-mtamark-01.  Optional arguments are:
1212
1213		1. Error message, default:
1214
1215			550 Rejected: $&{client_addr} not listed as MTA
1216
1217		2. Temporary lookup failures are ignored unless a second
1218		argument is given, which must be either `t' or a full
1219		error message.
1220
1221		3. Lookup prefix, default: _perm._smtp._srv.  This should
1222		not be changed unless the draft changes it.
1223
1224		Example:
1225
1226			FEATURE(`mtamark', `', `t')
1227
1228lookupdotdomain	Look up also .domain in the access map.  This allows to
1229		match only subdomains.  It does not work well with
1230		FEATURE(`relay_hosts_only'), because most lookups for
1231		subdomains are suppressed by the latter feature.
1232
1233loose_relay_check
1234		Normally, if % addressing is used for a recipient, e.g.
1235		user%site@othersite, and othersite is in class {R}, the
1236		check_rcpt ruleset will strip @othersite and recheck
1237		user@site for relaying.  This feature changes that
1238		behavior.  It should not be needed for most installations.
1239
1240preserve_luser_host
1241		Preserve the name of the recipient host if LUSER_RELAY is
1242		used.  Without this option, the domain part of the
1243		recipient address will be replaced by the host specified as
1244		LUSER_RELAY.  This feature only works if the hostname is
1245		passed to the mailer (see mailer triple in op.me).  Note
1246		that in the default configuration the local mailer does not
1247		receive the hostname, i.e., the mailer triple has an empty
1248		hostname.
1249
1250preserve_local_plus_detail
1251		Preserve the +detail portion of the address when passing
1252		address to local delivery agent.  Disables alias and
1253		.forward +detail stripping (e.g., given user+detail, only
1254		that address will be looked up in the alias file; user+* and
1255		user will not be looked up).  Only use if the local
1256		delivery agent in use supports +detail addressing.
1257
1258compat_check	Enable ruleset check_compat to look up pairs of addresses
1259		with the Compat: tag --	Compat:sender<@>recipient -- in the
1260		access map.  Valid values for the RHS include
1261			DISCARD	silently discard recipient
1262			TEMP:	return a temporary error
1263			ERROR:	return a permanent error
1264		In the last two cases, a 4xy/5xy SMTP reply code should
1265		follow the colon.
1266
1267no_default_msa	Don't generate the default MSA daemon, i.e.,
1268		DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1269		To define a MSA daemon with other parameters, use this
1270		FEATURE and introduce new settings via DAEMON_OPTIONS().
1271
1272msp		Defines config file for Message Submission Program.
1273		See cf/submit.mc for how
1274		to use it.  An optional argument can be used to override
1275		the default of `[localhost]' to use as host to send all
1276		e-mails to.  Note that MX records will be used if the
1277		specified hostname is not in square brackets (e.g.,
1278		[hostname]).  If `MSA' is specified as second argument then
1279		port 587 is used to contact the server.  Example:
1280
1281			FEATURE(`msp', `', `MSA')
1282
1283		Some more hints about possible changes can be found below
1284		in the section MESSAGE SUBMISSION PROGRAM.
1285
1286		Note: Due to many problems, submit.mc uses
1287
1288			FEATURE(`msp', `[127.0.0.1]')
1289
1290		by default.  If you have a machine with IPv6 only,
1291		change it to
1292
1293			FEATURE(`msp', `[IPv6:::1]')
1294
1295		If you want to continue using '[localhost]', (the behavior
1296		up to 8.12.6), use
1297
1298			FEATURE(`msp')
1299
1300queuegroup	A simple example how to select a queue group based
1301		on the full e-mail address or the domain of the
1302		recipient.  Selection is done via entries in the
1303		access map using the tag QGRP:, for example:
1304
1305			QGRP:example.com	main
1306			QGRP:friend@some.org	others
1307			QGRP:my.domain		local
1308
1309		where "main", "others", and "local" are names of
1310		queue groups.  If an argument is specified, it is used
1311		as default queue group.
1312
1313		Note: please read the warning in doc/op/op.me about
1314		queue groups and possible queue manipulations.
1315
1316greet_pause	Adds the greet_pause ruleset which enables open proxy
1317		and SMTP slamming protection.  The feature can take an
1318		argument specifying the milliseconds to wait:
1319
1320			FEATURE(`greet_pause', `5000')  dnl 5 seconds
1321
1322		If FEATURE(`access_db') is enabled, an access database
1323		lookup with the GreetPause tag is done using client
1324		hostname, domain, IP address, or subnet to determine the
1325		pause time:
1326
1327			GreetPause:my.domain	0
1328			GreetPause:example.com	5000
1329			GreetPause:10.1.2	2000
1330			GreetPause:127.0.0.1	0
1331
1332		When using FEATURE(`access_db'), the optional
1333		FEATURE(`greet_pause') argument becomes the default if
1334		nothing is found in the access database.  A ruleset called
1335		Local_greet_pause can be used for local modifications, e.g.,
1336
1337			LOCAL_RULESETS
1338			SLocal_greet_pause
1339			R$*		$: $&{daemon_flags}
1340			R$* a $*	$# 0
1341
1342block_bad_helo	Reject messages from SMTP clients which provide a HELO/EHLO
1343		argument which is either unqualified, or is one of our own
1344		names (i.e., the server name instead of the client name).
1345		This check is performed at RCPT stage and disabled for the
1346		following cases:
1347		- authenticated sessions,
1348		- connections from IP addresses in class $={R}.
1349		Currently access_db lookups can not be used to
1350		(selectively) disable this test, moreover,
1351		FEATURE(`delay_checks')
1352		is required.
1353
1354require_rdns	Reject mail from connecting SMTP clients without proper
1355		rDNS (reverse DNS), functional gethostbyaddr() resolution.
1356		Note: this feature will cause false positives, i.e., there
1357		are legitimate MTAs that do not have proper DNS entries.
1358		Rejecting mails from those MTAs is a local policy decision.
1359
1360		The basic policy is to reject message with a 5xx error if
1361		the IP address fails to resolve.  However, if this is a
1362		temporary failure, a 4xx temporary failure is returned.
1363		If the look-up succeeds, but returns an apparently forged
1364		value, this is treated as a temporary failure with a 4xx
1365		error code.
1366
1367		EXCEPTIONS:
1368
1369		Exceptions based on access entries are discussed below.
1370		Any IP address matched using $=R (the "relay-domains" file)
1371		is excepted from the rules.  Since we have explicitly
1372		allowed relaying for this host, based on IP address, we
1373		ignore the rDNS failure.
1374
1375		The philosophical assumption here is that most users do
1376		not control their rDNS.  They should be able to send mail
1377		through their ISP, whether or not they have valid rDNS.
1378		The class $=R, roughly speaking, contains those IP addresses
1379		and address ranges for which we are the ISP, or are acting
1380		as if the ISP.
1381
1382		If `delay_checks' is in effect (recommended), then any
1383		sender who has authenticated is also excepted from the
1384		restrictions.  This happens because the rules produced by
1385		this FEATURE() will not be applied to authenticated senders
1386		(assuming `delay_checks').
1387
1388		ACCESS MAP ENTRIES:
1389
1390		Entries such as
1391			Connect:1.2.3.4		OK
1392			Connect:1.2		RELAY
1393		will whitelist IP address 1.2.3.4, so that the rDNS
1394		blocking does apply to that IP address
1395
1396		Entries such as
1397			Connect:1.2.3.4		REJECT
1398		will have the effect of forcing a temporary failure for
1399		that address to be treated as a permanent failure.
1400
1401badmx		Reject envelope sender addresses (MAIL) whose domain part
1402		resolves to a "bad" MX record.  By default these are
1403		MX records which resolve to A records that match the
1404		regular expression:
1405
1406		^(127\.|10\.|0\.0\.0\.0)
1407
1408		This default regular expression can be overridden by
1409		specifying an argument, e.g.,
1410
1411		FEATURE(`badmx', `^127\.0\.0\.1')
1412
1413		Note: this feature requires that the sendmail binary
1414		has been compiled with the options MAP_REGEX and
1415		DNSMAP.
1416
1417+--------------------+
1418| USING UUCP MAILERS |
1419+--------------------+
1420
1421It's hard to get UUCP mailers right because of the extremely ad hoc
1422nature of UUCP addressing.  These config files are really designed
1423for domain-based addressing, even for UUCP sites.
1424
1425There are four UUCP mailers available.  The choice of which one to
1426use is partly a matter of local preferences and what is running at
1427the other end of your UUCP connection.  Unlike good protocols that
1428define what will go over the wire, UUCP uses the policy that you
1429should do what is right for the other end; if they change, you have
1430to change.  This makes it hard to do the right thing, and discourages
1431people from updating their software.  In general, if you can avoid
1432UUCP, please do.
1433
1434The major choice is whether to go for a domainized scheme or a
1435non-domainized scheme.  This depends entirely on what the other
1436end will recognize.  If at all possible, you should encourage the
1437other end to go to a domain-based system -- non-domainized addresses
1438don't work entirely properly.
1439
1440The four mailers are:
1441
1442    uucp-old (obsolete name: "uucp")
1443	This is the oldest, the worst (but the closest to UUCP) way of
1444	sending messages across UUCP connections.  It does bangify
1445	everything and prepends $U (your UUCP name) to the sender's
1446	address (which can already be a bang path itself).  It can
1447	only send to one address at a time, so it spends a lot of
1448	time copying duplicates of messages.  Avoid this if at all
1449	possible.
1450
1451    uucp-new (obsolete name: "suucp")
1452	The same as above, except that it assumes that in one rmail
1453	command you can specify several recipients.  It still has a
1454	lot of other problems.
1455
1456    uucp-dom
1457	This UUCP mailer keeps everything as domain addresses.
1458	Basically, it uses the SMTP mailer rewriting rules.  This mailer
1459	is only included if MAILER(`smtp') is specified before
1460	MAILER(`uucp').
1461
1462	Unfortunately, a lot of UUCP mailer transport agents require
1463	bangified addresses in the envelope, although you can use
1464	domain-based addresses in the message header.  (The envelope
1465	shows up as the From_ line on UNIX mail.)  So....
1466
1467    uucp-uudom
1468	This is a cross between uucp-new (for the envelope addresses)
1469	and uucp-dom (for the header addresses).  It bangifies the
1470	envelope sender (From_ line in messages) without adding the
1471	local hostname, unless there is no host name on the address
1472	at all (e.g., "wolf") or the host component is a UUCP host name
1473	instead of a domain name ("somehost!wolf" instead of
1474	"some.dom.ain!wolf").  This is also included only if MAILER(`smtp')
1475	is also specified earlier.
1476
1477Examples:
1478
1479On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1480summarizes the sender rewriting for various mailers.
1481
1482Mailer		sender		rewriting in the envelope
1483------		------		-------------------------
1484uucp-{old,new}	wolf		grasp!wolf
1485uucp-dom	wolf		wolf@grasp.insa-lyon.fr
1486uucp-uudom	wolf		grasp.insa-lyon.fr!wolf
1487
1488uucp-{old,new}	wolf@fr.net	grasp!fr.net!wolf
1489uucp-dom	wolf@fr.net	wolf@fr.net
1490uucp-uudom	wolf@fr.net	fr.net!wolf
1491
1492uucp-{old,new}	somehost!wolf	grasp!somehost!wolf
1493uucp-dom	somehost!wolf	somehost!wolf@grasp.insa-lyon.fr
1494uucp-uudom	somehost!wolf	grasp.insa-lyon.fr!somehost!wolf
1495
1496If you are using one of the domainized UUCP mailers, you really want
1497to convert all UUCP addresses to domain format -- otherwise, it will
1498do it for you (and probably not the way you expected).  For example,
1499if you have the address foo!bar!baz (and you are not sending to foo),
1500the heuristics will add the @uucp.relay.name or @local.host.name to
1501this address.  However, if you map foo to foo.host.name first, it
1502will not add the local hostname.  You can do this using the uucpdomain
1503feature.
1504
1505
1506+-------------------+
1507| TWEAKING RULESETS |
1508+-------------------+
1509
1510For more complex configurations, you can define special rules.
1511The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1512the names.  Any modifications made here are reflected in the header.
1513
1514A common use is to convert old UUCP addresses to SMTP addresses using
1515the UUCPSMTP macro.  For example:
1516
1517	LOCAL_RULE_3
1518	UUCPSMTP(`decvax',	`decvax.dec.com')
1519	UUCPSMTP(`research',	`research.att.com')
1520
1521will cause addresses of the form "decvax!user" and "research!user"
1522to be converted to "user@decvax.dec.com" and "user@research.att.com"
1523respectively.
1524
1525This could also be used to look up hosts in a database map:
1526
1527	LOCAL_RULE_3
1528	R$* < @ $+ > $*		$: $1 < @ $(hostmap $2 $) > $3
1529
1530This map would be defined in the LOCAL_CONFIG portion, as shown below.
1531
1532Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1533For example, new rules are needed to parse hostnames that you accept
1534via MX records.  For example, you might have:
1535
1536	LOCAL_RULE_0
1537	R$+ <@ host.dom.ain.>	$#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1538
1539You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1540pointing at this host; this rule catches the message and forwards it on
1541using UUCP.
1542
1543You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1544These rulesets are normally empty.
1545
1546A similar macro is LOCAL_CONFIG.  This introduces lines added after the
1547boilerplate option setting but before rulesets.  Do not declare rulesets in
1548the LOCAL_CONFIG section.  It can be used to declare local database maps or
1549whatever.  For example:
1550
1551	LOCAL_CONFIG
1552	Khostmap hash /etc/mail/hostmap
1553	Kyplocal nis -m hosts.byname
1554
1555
1556+---------------------------+
1557| MASQUERADING AND RELAYING |
1558+---------------------------+
1559
1560You can have your host masquerade as another using
1561
1562	MASQUERADE_AS(`host.domain')
1563
1564This causes mail being sent to be labeled as coming from the
1565indicated host.domain, rather than $j.  One normally masquerades as
1566one of one's own subdomains (for example, it's unlikely that
1567Berkeley would choose to masquerade as an MIT site).  This
1568behaviour is modified by a plethora of FEATUREs; in particular, see
1569masquerade_envelope, allmasquerade, limited_masquerade, and
1570masquerade_entire_domain.
1571
1572The masquerade name is not normally canonified, so it is important
1573that it be your One True Name, that is, fully qualified and not a
1574CNAME.  However, if you use a CNAME, the receiving side may canonify
1575it for you, so don't think you can cheat CNAME mapping this way.
1576
1577Normally the only addresses that are masqueraded are those that come
1578from this host (that is, are either unqualified or in class {w}, the list
1579of local domain names).  You can augment this list, which is realized
1580by class {M} using
1581
1582	MASQUERADE_DOMAIN(`otherhost.domain')
1583
1584The effect of this is that although mail to user@otherhost.domain
1585will not be delivered locally, any mail including any user@otherhost.domain
1586will, when relayed, be rewritten to have the MASQUERADE_AS address.
1587This can be a space-separated list of names.
1588
1589If these names are in a file, you can use
1590
1591	MASQUERADE_DOMAIN_FILE(`filename')
1592
1593to read the list of names from the indicated file (i.e., to add
1594elements to class {M}).
1595
1596To exempt hosts or subdomains from being masqueraded, you can use
1597
1598	MASQUERADE_EXCEPTION(`host.domain')
1599
1600This can come handy if you want to masquerade a whole domain
1601except for one (or a few) host(s).  If these names are in a file,
1602you can use
1603
1604	MASQUERADE_EXCEPTION_FILE(`filename')
1605
1606Normally only header addresses are masqueraded.  If you want to
1607masquerade the envelope as well, use
1608
1609	FEATURE(`masquerade_envelope')
1610
1611There are always users that need to be "exposed" -- that is, their
1612internal site name should be displayed instead of the masquerade name.
1613Root is an example (which has been "exposed" by default prior to 8.10).
1614You can add users to this list using
1615
1616	EXPOSED_USER(`usernames')
1617
1618This adds users to class {E}; you could also use
1619
1620	EXPOSED_USER_FILE(`filename')
1621
1622You can also arrange to relay all unqualified names (that is, names
1623without @host) to a relay host.  For example, if you have a central
1624email server, you might relay to that host so that users don't have
1625to have .forward files or aliases.  You can do this using
1626
1627	define(`LOCAL_RELAY', `mailer:hostname')
1628
1629The ``mailer:'' can be omitted, in which case the mailer defaults to
1630"relay".  There are some user names that you don't want relayed, perhaps
1631because of local aliases.  A common example is root, which may be
1632locally aliased.  You can add entries to this list using
1633
1634	LOCAL_USER(`usernames')
1635
1636This adds users to class {L}; you could also use
1637
1638	LOCAL_USER_FILE(`filename')
1639
1640If you want all incoming mail sent to a centralized hub, as for a
1641shared /var/spool/mail scheme, use
1642
1643	define(`MAIL_HUB', `mailer:hostname')
1644
1645Again, ``mailer:'' defaults to "relay".  If you define both LOCAL_RELAY
1646and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1647be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1648Note: there is a (long standing) bug which keeps this combination from
1649working for addresses of the form user+detail.
1650Names in class {L} will be delivered locally, so you MUST have aliases or
1651.forward files for them.
1652
1653For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1654FEATURE(`stickyhost'), the following combinations of settings will have the
1655indicated effects:
1656
1657email sent to....	eric			  eric@mastodon.CS.Berkeley.EDU
1658
1659LOCAL_RELAY set to	mail.CS.Berkeley.EDU	  (delivered locally)
1660mail.CS.Berkeley.EDU	  (no local aliasing)	    (aliasing done)
1661
1662MAIL_HUB set to		mammoth.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1663mammoth.CS.Berkeley.EDU	  (aliasing done)	    (aliasing done)
1664
1665Both LOCAL_RELAY and	mail.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1666MAIL_HUB set as above	  (no local aliasing)	    (aliasing done)
1667
1668If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1669MAIL_HUB act identically, with MAIL_HUB taking precedence.
1670
1671If you want all outgoing mail to go to a central relay site, define
1672SMART_HOST as well.  Briefly:
1673
1674	LOCAL_RELAY applies to unqualified names (e.g., "eric").
1675	MAIL_HUB applies to names qualified with the name of the
1676		local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1677	SMART_HOST applies to names qualified with other hosts or
1678		bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1679		or "eric@[127.0.0.1]").
1680
1681However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1682DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1683really want absolutely everything to go to a single central site you will
1684need to unset all the other relays -- or better yet, find or build a
1685minimal config file that does this.
1686
1687For duplicate suppression to work properly, the host name is best
1688specified with a terminal dot:
1689
1690	define(`MAIL_HUB', `host.domain.')
1691	      note the trailing dot ---^
1692
1693
1694+-------------------------------------------+
1695| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1696+-------------------------------------------+
1697
1698LDAP can be used for aliases, maps, and classes by either specifying your
1699own LDAP map specification or using the built-in default LDAP map
1700specification.  The built-in default specifications all provide lookups
1701which match against either the machine's fully qualified hostname (${j}) or
1702a "cluster".  The cluster allows you to share LDAP entries among a large
1703number of machines without having to enter each of the machine names into
1704each LDAP entry.  To set the LDAP cluster name to use for a particular
1705machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1706unique name.  For example:
1707
1708	define(`confLDAP_CLUSTER', `Servers')
1709
1710Here, the word `Servers' will be the cluster name.  As an example, assume
1711that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1712to the Servers cluster.
1713
1714Some of the LDAP LDIF examples below show use of the Servers cluster.
1715Every entry must have either a sendmailMTAHost or sendmailMTACluster
1716attribute or it will be ignored.  Be careful as mixing clusters and
1717individual host records can have surprising results (see the CAUTION
1718sections below).
1719
1720See the file cf/sendmail.schema for the actual LDAP schemas.  Note that
1721this schema (and therefore the lookups and examples below) is experimental
1722at this point as it has had little public review.  Therefore, it may change
1723in future versions.  Feedback via sendmail-YYYY@support.sendmail.org is
1724encouraged (replace YYYY with the current year, e.g., 2005).
1725
1726-------
1727Aliases
1728-------
1729
1730The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
1731lookups.  To use the default schema, simply use:
1732
1733	define(`ALIAS_FILE', `ldap:')
1734
1735By doing so, you will use the default schema which expands to a map
1736declared as follows:
1737
1738	ldap -k (&(objectClass=sendmailMTAAliasObject)
1739		  (sendmailMTAAliasGrouping=aliases)
1740		  (|(sendmailMTACluster=${sendmailMTACluster})
1741		    (sendmailMTAHost=$j))
1742		  (sendmailMTAKey=%0))
1743	     -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
1744
1745
1746NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1747used when the binary expands the `ldap:' token as the AliasFile option is
1748not actually macro-expanded when read from the sendmail.cf file.
1749
1750Example LDAP LDIF entries might be:
1751
1752	dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
1753	objectClass: sendmailMTA
1754	objectClass: sendmailMTAAlias
1755	objectClass: sendmailMTAAliasObject
1756	sendmailMTAAliasGrouping: aliases
1757	sendmailMTAHost: etrn.sendmail.org
1758	sendmailMTAKey: sendmail-list
1759	sendmailMTAAliasValue: ca@example.org
1760	sendmailMTAAliasValue: eric
1761	sendmailMTAAliasValue: gshapiro@example.com
1762
1763	dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
1764	objectClass: sendmailMTA
1765	objectClass: sendmailMTAAlias
1766	objectClass: sendmailMTAAliasObject
1767	sendmailMTAAliasGrouping: aliases
1768	sendmailMTAHost: etrn.sendmail.org
1769	sendmailMTAKey: owner-sendmail-list
1770	sendmailMTAAliasValue: eric
1771
1772	dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
1773	objectClass: sendmailMTA
1774	objectClass: sendmailMTAAlias
1775	objectClass: sendmailMTAAliasObject
1776	sendmailMTAAliasGrouping: aliases
1777	sendmailMTACluster: Servers
1778	sendmailMTAKey: postmaster
1779	sendmailMTAAliasValue: eric
1780
1781Here, the aliases sendmail-list and owner-sendmail-list will be available
1782only on etrn.sendmail.org but the postmaster alias will be available on
1783every machine in the Servers cluster (including etrn.sendmail.org).
1784
1785CAUTION: aliases are additive so that entries like these:
1786
1787	dn: sendmailMTAKey=bob, dc=sendmail, dc=org
1788	objectClass: sendmailMTA
1789	objectClass: sendmailMTAAlias
1790	objectClass: sendmailMTAAliasObject
1791	sendmailMTAAliasGrouping: aliases
1792	sendmailMTACluster: Servers
1793	sendmailMTAKey: bob
1794	sendmailMTAAliasValue: eric
1795
1796	dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
1797	objectClass: sendmailMTA
1798	objectClass: sendmailMTAAlias
1799	objectClass: sendmailMTAAliasObject
1800	sendmailMTAAliasGrouping: aliases
1801	sendmailMTAHost: etrn.sendmail.org
1802	sendmailMTAKey: bob
1803	sendmailMTAAliasValue: gshapiro
1804
1805would mean that on all of the hosts in the cluster, mail to bob would go to
1806eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
1807gshapiro.
1808
1809If you prefer not to use the default LDAP schema for your aliases, you can
1810specify the map parameters when setting ALIAS_FILE.  For example:
1811
1812	define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
1813
1814----
1815Maps
1816----
1817
1818FEATURE()'s which take an optional map definition argument (e.g., access,
1819mailertable, virtusertable, etc.) can instead take the special keyword
1820`LDAP', e.g.:
1821
1822	FEATURE(`access_db', `LDAP')
1823	FEATURE(`virtusertable', `LDAP')
1824
1825When this keyword is given, that map will use LDAP lookups consisting of
1826the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
1827with the map name, a search attribute of sendmailMTAKey, and the value
1828attribute sendmailMTAMapValue.
1829
1830The values for sendmailMTAMapName are:
1831
1832	FEATURE()		sendmailMTAMapName
1833	---------		------------------
1834	access_db		access
1835	authinfo		authinfo
1836	bitdomain		bitdomain
1837	domaintable		domain
1838	genericstable		generics
1839	mailertable		mailer
1840	uucpdomain		uucpdomain
1841	virtusertable		virtuser
1842
1843For example, FEATURE(`mailertable', `LDAP') would use the map definition:
1844
1845	Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
1846			       (sendmailMTAMapName=mailer)
1847			       (|(sendmailMTACluster=${sendmailMTACluster})
1848				 (sendmailMTAHost=$j))
1849			       (sendmailMTAKey=%0))
1850			  -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
1851
1852An example LDAP LDIF entry using this map might be:
1853
1854	dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
1855	objectClass: sendmailMTA
1856	objectClass: sendmailMTAMap
1857	sendmailMTACluster: Servers
1858	sendmailMTAMapName: mailer
1859
1860	dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1861	objectClass: sendmailMTA
1862	objectClass: sendmailMTAMap
1863	objectClass: sendmailMTAMapObject
1864	sendmailMTAMapName: mailer
1865	sendmailMTACluster: Servers
1866	sendmailMTAKey: example.com
1867	sendmailMTAMapValue: relay:[smtp.example.com]
1868
1869CAUTION: If your LDAP database contains the record above and *ALSO* a host
1870specific record such as:
1871
1872	dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1873	objectClass: sendmailMTA
1874	objectClass: sendmailMTAMap
1875	objectClass: sendmailMTAMapObject
1876	sendmailMTAMapName: mailer
1877	sendmailMTAHost: etrn.sendmail.org
1878	sendmailMTAKey: example.com
1879	sendmailMTAMapValue: relay:[mx.example.com]
1880
1881then these entries will give unexpected results.  When the lookup is done
1882on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
1883require a single match.  Since the host etrn.sendmail.org is also in the
1884Servers cluster, LDAP would return two answers for the example.com map key
1885in which case sendmail would treat this as no match at all.
1886
1887If you prefer not to use the default LDAP schema for your maps, you can
1888specify the map parameters when using the FEATURE().  For example:
1889
1890	FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
1891
1892-------
1893Classes
1894-------
1895
1896Normally, classes can be filled via files or programs.  As of 8.12, they
1897can also be filled via map lookups using a new syntax:
1898
1899	F{ClassName}mapkey@mapclass:mapspec
1900
1901mapkey is optional and if not provided the map key will be empty.  This can
1902be used with LDAP to read classes from LDAP.  Note that the lookup is only
1903done when sendmail is initially started.  Use the special value `@LDAP' to
1904use the default LDAP schema.  For example:
1905
1906	RELAY_DOMAIN_FILE(`@LDAP')
1907
1908would put all of the attribute sendmailMTAClassValue values of LDAP records
1909with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
1910'R' into class $={R}.  In other words, it is equivalent to the LDAP map
1911specification:
1912
1913	F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
1914		       (sendmailMTAClassName=R)
1915		       (|(sendmailMTACluster=${sendmailMTACluster})
1916			 (sendmailMTAHost=$j)))
1917		  -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
1918
1919NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1920used when the binary expands the `@LDAP' token as class declarations are
1921not actually macro-expanded when read from the sendmail.cf file.
1922
1923This can be used with class related commands such as RELAY_DOMAIN_FILE(),
1924MASQUERADE_DOMAIN_FILE(), etc:
1925
1926	Command				sendmailMTAClassName
1927	-------				--------------------
1928	CANONIFY_DOMAIN_FILE()		Canonify
1929	EXPOSED_USER_FILE()		E
1930	GENERICS_DOMAIN_FILE()		G
1931	LDAPROUTE_DOMAIN_FILE()		LDAPRoute
1932	LDAPROUTE_EQUIVALENT_FILE()	LDAPRouteEquiv
1933	LOCAL_USER_FILE()		L
1934	MASQUERADE_DOMAIN_FILE()	M
1935	MASQUERADE_EXCEPTION_FILE()	N
1936	RELAY_DOMAIN_FILE()		R
1937	VIRTUSER_DOMAIN_FILE()		VirtHost
1938
1939You can also add your own as any 'F'ile class of the form:
1940
1941	F{ClassName}@LDAP
1942	  ^^^^^^^^^
1943will use "ClassName" for the sendmailMTAClassName.
1944
1945An example LDAP LDIF entry would look like:
1946
1947	dn: sendmailMTAClassName=R, dc=sendmail, dc=org
1948	objectClass: sendmailMTA
1949	objectClass: sendmailMTAClass
1950	sendmailMTACluster: Servers
1951	sendmailMTAClassName: R
1952	sendmailMTAClassValue: sendmail.org
1953	sendmailMTAClassValue: example.com
1954	sendmailMTAClassValue: 10.56.23
1955
1956CAUTION: If your LDAP database contains the record above and *ALSO* a host
1957specific record such as:
1958
1959	dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
1960	objectClass: sendmailMTA
1961	objectClass: sendmailMTAClass
1962	sendmailMTAHost: etrn.sendmail.org
1963	sendmailMTAClassName: R
1964	sendmailMTAClassValue: example.com
1965
1966the result will be similar to the aliases caution above.  When the lookup
1967is done on etrn.sendmail.org, $={R} would contain all of the entries (from
1968both the cluster match and the host match).  In other words, the effective
1969is additive.
1970
1971If you prefer not to use the default LDAP schema for your classes, you can
1972specify the map parameters when using the class command.  For example:
1973
1974	VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
1975
1976Remember, macros can not be used in a class declaration as the binary does
1977not expand them.
1978
1979
1980+--------------+
1981| LDAP ROUTING |
1982+--------------+
1983
1984FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
1985LDAP Schema for Intranet Mail Routing
1986(draft-lachman-laser-ldap-mail-routing-01).  This feature enables
1987LDAP-based rerouting of a particular address to either a different host
1988or a different address.  The LDAP lookup is first attempted on the full
1989address (e.g., user@example.com) and then on the domain portion
1990(e.g., @example.com).  Be sure to setup your domain for LDAP routing using
1991LDAPROUTE_DOMAIN(), e.g.:
1992
1993	LDAPROUTE_DOMAIN(`example.com')
1994
1995Additionally, you can specify equivalent domains for LDAP routing using
1996LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE().  'Equivalent'
1997hostnames are mapped to $M (the masqueraded hostname for the server) before
1998the LDAP query.  For example, if the mail is addressed to
1999user@host1.example.com, normally the LDAP lookup would only be done for
2000'user@host1.example.com' and '@host1.example.com'.   However, if
2001LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
2002done on 'user@example.com' and '@example.com' after attempting the
2003host1.example.com lookups.
2004
2005By default, the feature will use the schemas as specified in the draft
2006and will not reject addresses not found by the LDAP lookup.  However,
2007this behavior can be changed by giving additional arguments to the FEATURE()
2008command:
2009
2010 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
2011		 <detail>, <nodomain>, <tempfail>)
2012
2013where <mailHost> is a map definition describing how to lookup an alternative
2014mail host for a particular address; <mailRoutingAddress> is a map definition
2015describing how to lookup an alternative address for a particular address;
2016the <bounce> argument, if present and not the word "passthru", dictates
2017that mail should be bounced if neither a mailHost nor mailRoutingAddress
2018is found, if set to "sendertoo", the sender will be rejected if not
2019found in LDAP; and <detail> indicates what actions to take if the address
2020contains +detail information -- `strip' tries the lookup with the +detail
2021and if no matches are found, strips the +detail and tries the lookup again;
2022`preserve', does the same as `strip' but if a mailRoutingAddress match is
2023found, the +detail information is copied to the new address; the <nodomain>
2024argument, if present, will prevent the @domain lookup if the full
2025address is not found in LDAP; the <tempfail> argument, if set to
2026"tempfail", instructs the rules to give an SMTP 4XX temporary
2027error if the LDAP server gives the MTA a temporary failure, or if set to
2028"queue" (the default), the MTA will locally queue the mail.
2029
2030The default <mailHost> map definition is:
2031
2032	ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2033				 (mailLocalAddress=%0))
2034
2035The default <mailRoutingAddress> map definition is:
2036
2037	ldap -1 -T<TMPF> -v mailRoutingAddress
2038			 -k (&(objectClass=inetLocalMailRecipient)
2039			      (mailLocalAddress=%0))
2040
2041Note that neither includes the LDAP server hostname (-h server) or base DN
2042(-b o=org,c=COUNTRY), both necessary for LDAP queries.  It is presumed that
2043your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
2044these settings.  If this is not the case, the map definitions should be
2045changed as described above.  The "-T<TMPF>" is required in any user
2046specified map definition to catch temporary errors.
2047
2048The following possibilities exist as a result of an LDAP lookup on an
2049address:
2050
2051	mailHost is	mailRoutingAddress is	Results in
2052	-----------	---------------------	----------
2053	set to a	set			mail delivered to
2054	"local" host				mailRoutingAddress
2055
2056	set to a	not set			delivered to
2057	"local" host				original address
2058
2059	set to a	set			mailRoutingAddress
2060	remote host				relayed to mailHost
2061
2062	set to a	not set			original address
2063	remote host				relayed to mailHost
2064
2065	not set		set			mail delivered to
2066						mailRoutingAddress
2067
2068	not set		not set			delivered to
2069						original address *OR*
2070						bounced as unknown user
2071
2072The term "local" host above means the host specified is in class {w}.  If
2073the result would mean sending the mail to a different host, that host is
2074looked up in the mailertable before delivery.
2075
2076Note that the last case depends on whether the third argument is given
2077to the FEATURE() command.  The default is to deliver the message to the
2078original address.
2079
2080The LDAP entries should be set up with an objectClass of
2081inetLocalMailRecipient and the address be listed in a mailLocalAddress
2082attribute.  If present, there must be only one mailHost attribute and it
2083must contain a fully qualified host name as its value.  Similarly, if
2084present, there must be only one mailRoutingAddress attribute and it must
2085contain an RFC 822 compliant address.  Some example LDAP records (in LDIF
2086format):
2087
2088	dn: uid=tom, o=example.com, c=US
2089	objectClass: inetLocalMailRecipient
2090	mailLocalAddress: tom@example.com
2091	mailRoutingAddress: thomas@mailhost.example.com
2092
2093This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2094
2095	dn: uid=dick, o=example.com, c=US
2096	objectClass: inetLocalMailRecipient
2097	mailLocalAddress: dick@example.com
2098	mailHost: eng.example.com
2099
2100This would relay mail for dick@example.com to the same address but redirect
2101the mail to MX records listed for the host eng.example.com (unless the
2102mailertable overrides).
2103
2104	dn: uid=harry, o=example.com, c=US
2105	objectClass: inetLocalMailRecipient
2106	mailLocalAddress: harry@example.com
2107	mailHost: mktmail.example.com
2108	mailRoutingAddress: harry@mkt.example.com
2109
2110This would relay mail for harry@example.com to the MX records listed for
2111the host mktmail.example.com using the new address harry@mkt.example.com
2112when talking to that host.
2113
2114	dn: uid=virtual.example.com, o=example.com, c=US
2115	objectClass: inetLocalMailRecipient
2116	mailLocalAddress: @virtual.example.com
2117	mailHost: server.example.com
2118	mailRoutingAddress: virtual@example.com
2119
2120This would send all mail destined for any username @virtual.example.com to
2121the machine server.example.com's MX servers and deliver to the address
2122virtual@example.com on that relay machine.
2123
2124
2125+---------------------------------+
2126| ANTI-SPAM CONFIGURATION CONTROL |
2127+---------------------------------+
2128
2129The primary anti-spam features available in sendmail are:
2130
2131* Relaying is denied by default.
2132* Better checking on sender information.
2133* Access database.
2134* Header checks.
2135
2136Relaying (transmission of messages from a site outside your host (class
2137{w}) to another site except yours) is denied by default.  Note that this
2138changed in sendmail 8.9; previous versions allowed relaying by default.
2139If you really want to revert to the old behaviour, you will need to use
2140FEATURE(`promiscuous_relay').  You can allow certain domains to relay
2141through your server by adding their domain name or IP address to class
2142{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2143(described below).  Note that IPv6 addresses must be prefaced with "IPv6:".
2144The file consists (like any other file based class) of entries listed on
2145separate lines, e.g.,
2146
2147	sendmail.org
2148	128.32
2149	IPv6:2002:c0a8:02c7
2150	IPv6:2002:c0a8:51d2::23f4
2151	host.mydomain.com
2152	[UNIX:localhost]
2153
2154Notice: the last entry allows relaying for connections via a UNIX
2155socket to the MTA/MSP.  This might be necessary if your configuration
2156doesn't allow relaying by other means in that case, e.g., by having
2157localhost.$m in class {R} (make sure $m is not just a top level
2158domain).
2159
2160If you use
2161
2162	FEATURE(`relay_entire_domain')
2163
2164then any host in any of your local domains (that is, class {m})
2165will be relayed (that is, you will accept mail either to or from any
2166host in your domain).
2167
2168You can also allow relaying based on the MX records of the host
2169portion of an incoming recipient address by using
2170
2171	FEATURE(`relay_based_on_MX')
2172
2173For example, if your server receives a recipient of user@domain.com
2174and domain.com lists your server in its MX records, the mail will be
2175accepted for relay to domain.com.  This feature may cause problems
2176if MX lookups for the recipient domain are slow or time out.  In that
2177case, mail will be temporarily rejected.  It is usually better to
2178maintain a list of hosts/domains for which the server acts as relay.
2179Note also that this feature will stop spammers from using your host
2180to relay spam but it will not stop outsiders from using your server
2181as a relay for their site (that is, they set up an MX record pointing
2182to your mail server, and you will relay mail addressed to them
2183without any prior arrangement).  Along the same lines,
2184
2185	FEATURE(`relay_local_from')
2186
2187will allow relaying if the sender specifies a return path (i.e.
2188MAIL FROM:<user@domain>) domain which is a local domain.  This is a
2189dangerous feature as it will allow spammers to spam using your mail
2190server by simply specifying a return address of user@your.domain.com.
2191It should not be used unless absolutely necessary.
2192A slightly better solution is
2193
2194	FEATURE(`relay_mail_from')
2195
2196which allows relaying if the mail sender is listed as RELAY in the
2197access map.  If an optional argument `domain' (this is the literal
2198word `domain', not a placeholder) is given, the domain portion of
2199the mail sender is also checked to allowing relaying.  This option
2200only works together with the tag From: for the LHS of the access
2201map entries.  This feature allows spammers to abuse your mail server
2202by specifying a return address that you enabled in your access file.
2203This may be harder to figure out for spammers, but it should not
2204be used unless necessary.  Instead use STARTTLS to
2205allow relaying for roaming users.
2206
2207
2208If source routing is used in the recipient address (e.g.,
2209RCPT TO:<user%site.com@othersite.com>), sendmail will check
2210user@site.com for relaying if othersite.com is an allowed relay host
2211in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2212or the access database if FEATURE(`access_db') is used.  To prevent
2213the address from being stripped down, use:
2214
2215	FEATURE(`loose_relay_check')
2216
2217If you think you need to use this feature, you probably do not.  This
2218should only be used for sites which have no control over the addresses
2219that they provide a gateway for.  Use this FEATURE with caution as it
2220can allow spammers to relay through your server if not setup properly.
2221
2222NOTICE: It is possible to relay mail through a system which the anti-relay
2223rules do not prevent: the case of a system that does use FEATURE(`nouucp',
2224`nospecial') (system A) and relays local messages to a mail hub (e.g., via
2225LOCAL_RELAY or LUSER_RELAY) (system B).  If system B doesn't use
2226FEATURE(`nouucp') at all, addresses of the form
2227<example.net!user@local.host> would be relayed to <user@example.net>.
2228System A doesn't recognize `!' as an address separator and therefore
2229forwards it to the mail hub which in turns relays it because it came from
2230a trusted local host.  So if a mailserver allows UUCP (bang-format)
2231addresses, all systems from which it allows relaying should do the same
2232or reject those addresses.
2233
2234As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2235an unresolvable domain (i.e., one that DNS, your local name service,
2236or special case rules in ruleset 3 cannot locate).  This also applies
2237to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2238IP address can't be mapped to a host name.  If you want to continue
2239to accept such domains, e.g., because you are inside a firewall that
2240has only a limited view of the Internet host name space (note that you
2241will not be able to return mail to them unless you have some "smart
2242host" forwarder), use
2243
2244	FEATURE(`accept_unresolvable_domains')
2245
2246Alternatively, you can allow specific addresses by adding them to
2247the access map, e.g.,
2248
2249	From:unresolvable.domain	OK
2250	From:[1.2.3.4]			OK
2251	From:[1.2.4]			OK
2252
2253Notice: domains which are temporarily unresolvable are (temporarily)
2254rejected with a 451 reply code.  If those domains should be accepted
2255(which is discouraged) then you can use
2256
2257	LOCAL_CONFIG
2258	C{ResOk}TEMP
2259
2260sendmail will also refuse mail if the MAIL FROM: parameter is not
2261fully qualified (i.e., contains a domain as well as a user).  If you
2262want to continue to accept such senders, use
2263
2264	FEATURE(`accept_unqualified_senders')
2265
2266Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2267i.e., unqualified addresses are accepted even without this FEATURE.  If
2268this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2269to enforce fully qualified domain names.
2270
2271An ``access'' database can be created to accept or reject mail from
2272selected domains.  For example, you may choose to reject all mail
2273originating from known spammers.  To enable such a database, use
2274
2275	FEATURE(`access_db')
2276
2277Notice: the access database is applied to the envelope addresses
2278and the connection information, not to the header.
2279
2280The FEATURE macro can accept as second parameter the key file
2281definition for the database; for example
2282
2283	FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2284
2285Notice: If a second argument is specified it must contain the option
2286`-T<TMPF>' as shown above.  The optional parameters may be
2287
2288	`skip'			enables SKIP as value part (see below).
2289	`lookupdotdomain'	another way to enable the feature of the
2290				same name (see above).
2291	`relaytofulladdress'	enable entries of the form
2292				To:user@example.com	RELAY
2293				to allow relaying to just a specific
2294				e-mail address instead of an entire domain.
2295
2296Remember, since /etc/mail/access is a database, after creating the text
2297file as described below, you must use makemap to create the database
2298map.  For example:
2299
2300	makemap hash /etc/mail/access < /etc/mail/access
2301
2302The table itself uses e-mail addresses, domain names, and network
2303numbers as keys.  Note that IPv6 addresses must be prefaced with "IPv6:".
2304For example,
2305
2306	From:spammer@aol.com			REJECT
2307	From:cyberspammer.com			REJECT
2308	Connect:cyberspammer.com		REJECT
2309	Connect:TLD				REJECT
2310	Connect:192.168.212			REJECT
2311	Connect:IPv6:2002:c0a8:02c7		RELAY
2312	Connect:IPv6:2002:c0a8:51d2::23f4	REJECT
2313
2314would refuse mail from spammer@aol.com, any user from cyberspammer.com
2315(or any host within the cyberspammer.com domain), any host in the entire
2316top level domain TLD, 192.168.212.* network, and the IPv6 address
23172002:c0a8:51d2::23f4.  It would allow relay for the IPv6 network
23182002:c0a8:02c7::/48.
2319
2320Entries in the access map should be tagged according to their type.
2321Three tags are available:
2322
2323	Connect:	connection information (${client_addr}, ${client_name})
2324	From:		envelope sender
2325	To:		envelope recipient
2326
2327Notice: untagged entries are deprecated.
2328
2329If the required item is looked up in a map, it will be tried first
2330with the corresponding tag in front, then (as fallback to enable
2331backward compatibility) without any tag, unless the specific feature
2332requires a tag.  For example,
2333
2334	From:spammer@some.dom	REJECT
2335	To:friend.domain	RELAY
2336	Connect:friend.domain	OK
2337	Connect:from.domain	RELAY
2338	From:good@another.dom	OK
2339	From:another.dom	REJECT
2340
2341This would deny mails from spammer@some.dom but you could still
2342send mail to that address even if FEATURE(`blacklist_recipients')
2343is enabled.  Your system will allow relaying to friend.domain, but
2344not from it (unless enabled by other means).  Connections from that
2345domain will be allowed even if it ends up in one of the DNS based
2346rejection lists.  Relaying is enabled from from.domain but not to
2347it (since relaying is based on the connection information for
2348outgoing relaying, the tag Connect: must be used; for incoming
2349relaying, which is based on the recipient address, To: must be
2350used).  The last two entries allow mails from good@another.dom but
2351reject mail from all other addresses with another.dom as domain
2352part.
2353
2354
2355The value part of the map can contain:
2356
2357	OK		Accept mail even if other rules in the running
2358			ruleset would reject it, for example, if the domain
2359			name is unresolvable.  "Accept" does not mean
2360			"relay", but at most acceptance for local
2361			recipients.  That is, OK allows less than RELAY.
2362	RELAY		Accept mail addressed to the indicated domain
2363			(or address if `relaytofulladdress' is set) or
2364			received from the indicated domain for relaying
2365			through your SMTP server.  RELAY also serves as
2366			an implicit OK for the other checks.
2367	REJECT		Reject the sender or recipient with a general
2368			purpose message.
2369	DISCARD		Discard the message completely using the
2370			$#discard mailer.  If it is used in check_compat,
2371			it affects only the designated recipient, not
2372			the whole message as it does in all other cases.
2373			This should only be used if really necessary.
2374	SKIP		This can only be used for host/domain names
2375			and IP addresses/nets.  It will abort the current
2376			search for this entry without accepting or rejecting
2377			it but causing the default action.
2378	### any text	where ### is an RFC 821 compliant error code and
2379			"any text" is a message to return for the command.
2380			The entire string should be quoted to avoid
2381			surprises:
2382
2383				"### any text"
2384
2385			Otherwise sendmail formats the text as email
2386			addresses, e.g., it may remove spaces.
2387			This type is deprecated, use one of the two
2388			ERROR:  entries below instead.
2389	ERROR:### any text
2390			as above, but useful to mark error messages as such.
2391			If quotes need to be used to avoid modifications
2392			(see above), they should be placed like this:
2393
2394				ERROR:"### any text"
2395
2396	ERROR:D.S.N:### any text
2397			where D.S.N is an RFC 1893 compliant error code
2398			and the rest as above.  If quotes need to be used
2399			to avoid modifications, they should be placed
2400			like this:
2401
2402				ERROR:D.S.N:"### any text"
2403
2404	QUARANTINE:any text
2405			Quarantine the message using the given text as the
2406			quarantining reason.
2407
2408For example:
2409
2410	From:cyberspammer.com	ERROR:"550 We don't accept mail from spammers"
2411	From:okay.cyberspammer.com	OK
2412	Connect:sendmail.org		RELAY
2413	To:sendmail.org			RELAY
2414	Connect:128.32			RELAY
2415	Connect:128.32.2		SKIP
2416	Connect:IPv6:1:2:3:4:5:6:7	RELAY
2417	Connect:suspicious.example.com	QUARANTINE:Mail from suspicious host
2418	Connect:[127.0.0.3]		OK
2419	Connect:[IPv6:1:2:3:4:5:6:7:8]	OK
2420
2421would accept mail from okay.cyberspammer.com, but would reject mail
2422from all other hosts at cyberspammer.com with the indicated message.
2423It would allow relaying mail from and to any hosts in the sendmail.org
2424domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2425and from the 128.32.*.* network except for the 128.32.2.* network,
2426which shows how SKIP is useful to exempt subnets/subdomains.  The
2427last two entries are for checks against ${client_name} if the IP
2428address doesn't resolve to a hostname (or is considered as "may be
2429forged").  That is, using square brackets means these are host
2430names, not network numbers.
2431
2432Warning: if you change the RFC 821 compliant error code from the default
2433value of 550, then you should probably also change the RFC 1893 compliant
2434error code to match it.  For example, if you use
2435
2436	To:user@example.com	ERROR:450 mailbox full
2437
2438the error returned would be "450 5.0.0 mailbox full" which is wrong.
2439Use "ERROR:4.2.2:450 mailbox full" instead.
2440
2441Note, UUCP users may need to add hostname.UUCP to the access database
2442or class {R}.
2443
2444If you also use:
2445
2446	FEATURE(`relay_hosts_only')
2447
2448then the above example will allow relaying for sendmail.org, but not
2449hosts within the sendmail.org domain.  Note that this will also require
2450hosts listed in class {R} to be fully qualified host names.
2451
2452You can also use the access database to block sender addresses based on
2453the username portion of the address.  For example:
2454
2455	From:FREE.STEALTH.MAILER@	ERROR:550 Spam not accepted
2456
2457Note that you must include the @ after the username to signify that
2458this database entry is for checking only the username portion of the
2459sender address.
2460
2461If you use:
2462
2463	FEATURE(`blacklist_recipients')
2464
2465then you can add entries to the map for local users, hosts in your
2466domains, or addresses in your domain which should not receive mail:
2467
2468	To:badlocaluser@	ERROR:550 Mailbox disabled for badlocaluser
2469	To:host.my.TLD		ERROR:550 That host does not accept mail
2470	To:user@other.my.TLD	ERROR:550 Mailbox disabled for this recipient
2471
2472This would prevent a recipient of badlocaluser in any of the local
2473domains (class {w}), any user at host.my.TLD, and the single address
2474user@other.my.TLD from receiving mail.  Please note: a local username
2475must be now tagged with an @ (this is consistent with the check of
2476the sender address, and hence it is possible to distinguish between
2477hostnames and usernames).  Enabling this feature will keep you from
2478sending mails to all addresses that have an error message or REJECT
2479as value part in the access map.  Taking the example from above:
2480
2481	spammer@aol.com		REJECT
2482	cyberspammer.com	REJECT
2483
2484Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2485That's why tagged entries should be used.
2486
2487There are several DNS based blacklists which can be found by
2488querying a search engine.  These are databases of spammers
2489maintained in DNS.  To use such a database, specify
2490
2491	FEATURE(`dnsbl', `dnsbl.example.com')
2492
2493This will cause sendmail to reject mail from any site listed in the
2494DNS based blacklist.  You must select a DNS based blacklist domain
2495to check by specifying an argument to the FEATURE.  The default
2496error message is
2497
2498	Rejected: IP-ADDRESS listed at SERVER
2499
2500where IP-ADDRESS and SERVER are replaced by the appropriate
2501information.  A second argument can be used to specify a different
2502text or action.  For example,
2503
2504	FEATURE(`dnsbl', `dnsbl.example.com', `quarantine')
2505
2506would quarantine the message if the client IP address is listed
2507at `dnsbl.example.com'.
2508
2509By default, temporary lookup failures are ignored
2510and hence cause the connection not to be rejected by the DNS based
2511rejection list.  This behavior can be changed by specifying a third
2512argument, which must be either `t' or a full error message.  For
2513example:
2514
2515	FEATURE(`dnsbl', `dnsbl.example.com', `',
2516	`"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2517
2518If `t' is used, the error message is:
2519
2520	451 Temporary lookup failure of IP-ADDRESS at SERVER
2521
2522where IP-ADDRESS and SERVER are replaced by the appropriate
2523information.
2524
2525This FEATURE can be included several times to query different
2526DNS based rejection lists.
2527
2528Notice: to avoid checking your own local domains against those
2529blacklists, use the access_db feature and add:
2530
2531	Connect:10.1		OK
2532	Connect:127.0.0.1	RELAY
2533
2534to the access map, where 10.1 is your local network.  You may
2535want to use "RELAY" instead of "OK" to allow also relaying
2536instead of just disabling the DNS lookups in the blacklists.
2537
2538
2539The features described above make use of the check_relay, check_mail,
2540and check_rcpt rulesets.  Note that check_relay checks the SMTP
2541client hostname and IP address when the connection is made to your
2542server.  It does not check if a mail message is being relayed to
2543another server.  That check is done in check_rcpt.  If you wish to
2544include your own checks, you can put your checks in the rulesets
2545Local_check_relay, Local_check_mail, and Local_check_rcpt.  For
2546example if you wanted to block senders with all numeric usernames
2547(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2548regex map:
2549
2550	LOCAL_CONFIG
2551	Kallnumbers regex -a@MATCH ^[0-9]+$
2552
2553	LOCAL_RULESETS
2554	SLocal_check_mail
2555	# check address against various regex checks
2556	R$*				$: $>Parse0 $>3 $1
2557	R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $)
2558	R@MATCH				$#error $: 553 Header Error
2559
2560These rules are called with the original arguments of the corresponding
2561check_* ruleset.  If the local ruleset returns $#OK, no further checking
2562is done by the features described above and the mail is accepted.  If
2563the local ruleset resolves to a mailer (such as $#error or $#discard),
2564the appropriate action is taken.  Other results starting with $# are
2565interpreted by sendmail and may lead to unspecified behavior.  Note: do
2566NOT create a mailer with the name OK.  Return values that do not start
2567with $# are ignored, i.e., normal processing continues.
2568
2569Delay all checks
2570----------------
2571
2572By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2573will not be called when a client connects or issues a MAIL command,
2574respectively.  Instead, those rulesets will be called by the check_rcpt
2575ruleset; they will be skipped if a sender has been authenticated using
2576a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2577If check_mail returns an error then the RCPT TO command will be rejected
2578with that error.  If it returns some other result starting with $# then
2579check_relay will be skipped.  If the sender address (or a part of it) is
2580listed in the access map and it has a RHS of OK or RELAY, then check_relay
2581will be skipped.  This has an interesting side effect: if your domain is
2582my.domain and you have
2583
2584	my.domain	RELAY
2585
2586in the access map, then any e-mail with a sender address of
2587<user@my.domain> will not be rejected by check_relay even though
2588it would match the hostname or IP address.  This allows spammers
2589to get around DNS based blacklist by faking the sender address.  To
2590avoid this problem you have to use tagged entries:
2591
2592	To:my.domain		RELAY
2593	Connect:my.domain	RELAY
2594
2595if you need those entries at all (class {R} may take care of them).
2596
2597FEATURE(`delay_checks') can take an optional argument:
2598
2599	FEATURE(`delay_checks', `friend')
2600		 enables spamfriend test
2601	FEATURE(`delay_checks', `hater')
2602		 enables spamhater test
2603
2604If such an argument is given, the recipient will be looked up in the
2605access map (using the tag Spam:).  If the argument is `friend', then
2606the default behavior is to apply the other rulesets and make a SPAM
2607friend the exception.  The rulesets check_mail and check_relay will be
2608skipped only if the recipient address is found and has RHS FRIEND.  If
2609the argument is `hater', then the default behavior is to skip the rulesets
2610check_mail and check_relay and make a SPAM hater the exception.  The
2611other two rulesets will be applied only if the recipient address is
2612found and has RHS HATER.
2613
2614This allows for simple exceptions from the tests, e.g., by activating
2615the friend option and having
2616
2617	Spam:abuse@	FRIEND
2618
2619in the access map, mail to abuse@localdomain will get through (where
2620"localdomain" is any domain in class {w}).  It is also possible to
2621specify a full address or an address with +detail:
2622
2623	Spam:abuse@my.domain	FRIEND
2624	Spam:me+abuse@		FRIEND
2625	Spam:spam.domain	FRIEND
2626
2627Note: The required tag has been changed in 8.12 from To: to Spam:.
2628This change is incompatible to previous versions.  However, you can
2629(for now) simply add the new entries to the access map, the old
2630ones will be ignored.  As soon as you removed the old entries from
2631the access map, specify a third parameter (`n') to this feature and
2632the backward compatibility rules will not be in the generated .cf
2633file.
2634
2635Header Checks
2636-------------
2637
2638You can also reject mail on the basis of the contents of headers.
2639This is done by adding a ruleset call to the 'H' header definition command
2640in sendmail.cf.  For example, this can be used to check the validity of
2641a Message-ID: header:
2642
2643	LOCAL_CONFIG
2644	HMessage-Id: $>CheckMessageId
2645
2646	LOCAL_RULESETS
2647	SCheckMessageId
2648	R< $+ @ $+ >		$@ OK
2649	R$*			$#error $: 553 Header Error
2650
2651The alternative format:
2652
2653	HSubject: $>+CheckSubject
2654
2655that is, $>+ instead of $>, gives the full Subject: header including
2656comments to the ruleset (comments in parentheses () are stripped
2657by default).
2658
2659A default ruleset for headers which don't have a specific ruleset
2660defined for them can be given by:
2661
2662	H*: $>CheckHdr
2663
2664Notice:
26651. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2666That may cause problems with simple header checks due to the
2667tokenization.  It might be simpler to use a regex map and apply it
2668to $&{currHeader}.
26692. There are no default rulesets coming with this distribution of
2670sendmail.  You can write your own or search the WWW for examples.
26713. When using a default ruleset for headers, the name of the header
2672currently being checked can be found in the $&{hdr_name} macro.
2673
2674After all of the headers are read, the check_eoh ruleset will be called for
2675any final header-related checks.  The ruleset is called with the number of
2676headers and the size of all of the headers in bytes separated by $|.  One
2677example usage is to reject messages which do not have a Message-Id:
2678header.  However, the Message-Id: header is *NOT* a required header and is
2679not a guaranteed spam indicator.  This ruleset is an example and should
2680probably not be used in production.
2681
2682	LOCAL_CONFIG
2683	Kstorage macro
2684	HMessage-Id: $>CheckMessageId
2685
2686	LOCAL_RULESETS
2687	SCheckMessageId
2688	# Record the presence of the header
2689	R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
2690	R< $+ @ $+ >		$@ OK
2691	R$*			$#error $: 553 Header Error
2692
2693	Scheck_eoh
2694	# Check the macro
2695	R$*			$: < $&{MessageIdCheck} >
2696	# Clear the macro for the next message
2697	R$*			$: $(storage {MessageIdCheck} $) $1
2698	# Has a Message-Id: header
2699	R< $+ >			$@ OK
2700	# Allow missing Message-Id: from local mail
2701	R$*			$: < $&{client_name} >
2702	R< >			$@ OK
2703	R< $=w >		$@ OK
2704	# Otherwise, reject the mail
2705	R$*			$#error $: 553 Header Error
2706
2707
2708+--------------------+
2709| CONNECTION CONTROL |
2710+--------------------+
2711
2712The features ratecontrol and conncontrol allow to establish connection
2713limits per client IP address or net.  These features can limit the
2714rate of connections (connections per time unit) or the number of
2715incoming SMTP connections, respectively.  If enabled, appropriate
2716rulesets are called at the end of check_relay, i.e., after DNS
2717blacklists and generic access_db operations.  The features require
2718FEATURE(`access_db') to be listed earlier in the mc file.
2719
2720Note: FEATURE(`delay_checks') delays those connection control checks
2721after a recipient address has been received, hence making these
2722connection control features less useful.  To run the checks as early
2723as possible, specify the parameter `nodelay', e.g.,
2724
2725	FEATURE(`ratecontrol', `nodelay')
2726
2727In that case, FEATURE(`delay_checks') has no effect on connection
2728control (and it must be specified earlier in the mc file).
2729
2730An optional second argument `terminate' specifies whether the
2731rulesets should return the error code 421 which will cause
2732sendmail to terminate the session with that error if it is
2733returned from check_relay, i.e., not delayed as explained in
2734the previous paragraph.  Example:
2735
2736	FEATURE(`ratecontrol', `nodelay', `terminate')
2737
2738
2739+----------+
2740| STARTTLS |
2741+----------+
2742
2743In this text, cert will be used as an abbreviation for X.509 certificate,
2744DN (CN) is the distinguished (common) name of a cert, and CA is a
2745certification authority, which signs (issues) certs.
2746
2747For STARTTLS to be offered by sendmail you need to set at least
2748these variables (the file names and paths are just examples):
2749
2750	define(`confCACERT_PATH', `/etc/mail/certs/')
2751	define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
2752	define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
2753	define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
2754
2755On systems which do not have the compile flag HASURANDOM set (see
2756sendmail/README) you also must set confRAND_FILE.
2757
2758See doc/op/op.{me,ps,txt} for more information about these options,
2759especially the sections ``Certificates for STARTTLS'' and ``PRNG for
2760STARTTLS''.
2761
2762Macros related to STARTTLS are:
2763
2764${cert_issuer} holds the DN of the CA (the cert issuer).
2765${cert_subject} holds the DN of the cert (called the cert subject).
2766${cn_issuer} holds the CN of the CA (the cert issuer).
2767${cn_subject} holds the CN of the cert (called the cert subject).
2768${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
2769	TLSv1/SSLv3, SSLv3, SSLv2.
2770${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
2771	EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
2772${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
2773	used for the connection.
2774${verify} holds the result of the verification of the presented cert.
2775	Possible values are:
2776	OK	 verification succeeded.
2777	NO	 no cert presented.
2778	NOT	 no cert requested.
2779	FAIL	 cert presented but could not be verified,
2780		 e.g., the cert of the signing CA is missing.
2781	NONE	 STARTTLS has not been performed.
2782	TEMP	 temporary error occurred.
2783	PROTOCOL protocol error occurred (SMTP level).
2784	SOFTWARE STARTTLS handshake failed.
2785${server_name} the name of the server of the current outgoing SMTP
2786	connection.
2787${server_addr} the address of the server of the current outgoing SMTP
2788	connection.
2789
2790Relaying
2791--------
2792
2793SMTP STARTTLS can allow relaying for remote SMTP clients which have
2794successfully authenticated themselves.  If the verification of the cert
2795failed (${verify} != OK), relaying is subject to the usual rules.
2796Otherwise the DN of the issuer is looked up in the access map using the
2797tag CERTISSUER.  If the resulting value is RELAY, relaying is allowed.
2798If it is SUBJECT, the DN of the cert subject is looked up next in the
2799access map using the tag CERTSUBJECT.  If the value is RELAY, relaying
2800is allowed.
2801
2802To make things a bit more flexible (or complicated), the values for
2803${cert_issuer} and ${cert_subject} can be optionally modified by regular
2804expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
2805_CERT_REGEX_SUBJECT_, respectively.  To avoid problems with those macros in
2806rulesets and map lookups, they are modified as follows: each non-printable
2807character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
2808by their HEX value with a leading '+'.  For example:
2809
2810/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
2811darth+cert@endmail.org
2812
2813is encoded as:
2814
2815/C=US/ST=California/O=endmail.org/OU=private/CN=
2816Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2817
2818(line breaks have been inserted for readability).
2819
2820The  macros  which are subject to this encoding are ${cert_subject},
2821${cert_issuer},  ${cn_subject},  and ${cn_issuer}.
2822
2823Examples:
2824
2825To allow relaying for everyone who can present a cert signed by
2826
2827/C=US/ST=California/O=endmail.org/OU=private/CN=
2828Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2829
2830simply use:
2831
2832CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2833Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	RELAY
2834
2835To allow relaying only for a subset of machines that have a cert signed by
2836
2837/C=US/ST=California/O=endmail.org/OU=private/CN=
2838Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2839
2840use:
2841
2842CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2843Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	SUBJECT
2844CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
2845DeathStar/Email=deathstar@endmail.org		RELAY
2846
2847Notes:
2848- line breaks have been inserted after "CN=" for readability,
2849  each tagged entry must be one (long) line in the access map.
2850- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
2851  is replaced by "emailAddress=".
2852
2853Of course it is also possible to write a simple ruleset that allows
2854relaying for everyone who can present a cert that can be verified, e.g.,
2855
2856LOCAL_RULESETS
2857SLocal_check_rcpt
2858R$*	$: $&{verify}
2859ROK	$# OK
2860
2861Allowing Connections
2862--------------------
2863
2864The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
2865an SMTP connection is accepted (or should continue).
2866
2867tls_server is called when sendmail acts as client after a STARTTLS command
2868(should) have been issued.  The parameter is the value of ${verify}.
2869
2870tls_client is called when sendmail acts as server, after a STARTTLS command
2871has been issued, and from check_mail.  The parameter is the value of
2872${verify} and STARTTLS or MAIL, respectively.
2873
2874Both rulesets behave the same.  If no access map is in use, the connection
2875will be accepted unless ${verify} is SOFTWARE, in which case the connection
2876is always aborted.  For tls_server/tls_client, ${client_name}/${server_name}
2877is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
2878with the ruleset LookUpDomain.  If no entry is found, ${client_addr}
2879(${server_addr}) is looked up in the access map (same tag, ruleset
2880LookUpAddr).  If this doesn't result in an entry either, just the tag is
2881looked up in the access map (included the trailing colon).  Notice:
2882requiring that e-mail is sent to a server only encrypted, e.g., via
2883
2884TLS_Srv:secure.domain	ENCR:112
2885
2886doesn't necessarily mean that e-mail sent to that domain is encrypted.
2887If the domain has multiple MX servers, e.g.,
2888
2889secure.domain.	IN MX 10	mail.secure.domain.
2890secure.domain.	IN MX 50	mail.other.domain.
2891
2892then mail to user@secure.domain may go unencrypted to mail.other.domain.
2893tls_rcpt can be used to address this problem.
2894
2895tls_rcpt is called before a RCPT TO: command is sent.  The parameter is the
2896current recipient.  This ruleset is only defined if FEATURE(`access_db')
2897is selected.  A recipient address user@domain is looked up in the access
2898map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
2899and TLS_Rcpt:; the first match is taken.
2900
2901The result of the lookups is then used to call the ruleset TLS_connection,
2902which checks the requirement specified by the RHS in the access map against
2903the actual parameters of the current TLS connection, esp. ${verify} and
2904${cipher_bits}.  Legal RHSs in the access map are:
2905
2906VERIFY		verification must have succeeded
2907VERIFY:bits	verification must have succeeded and ${cipher_bits} must
2908		be greater than or equal bits.
2909ENCR:bits	${cipher_bits} must be greater than or equal bits.
2910
2911The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
2912or permanent error.  The default is a temporary error code (403 4.7.0)
2913unless the macro TLS_PERM_ERR is set during generation of the .cf file.
2914
2915If a certain level of encryption is required, then it might also be
2916possible that this level is provided by the security layer from a SASL
2917algorithm, e.g., DIGEST-MD5.
2918
2919Furthermore, there can be a list of extensions added.  Such a list
2920starts with '+' and the items are separated by '++'.  Allowed
2921extensions are:
2922
2923CN:name		name must match ${cn_subject}
2924CN		${client_name}/${server_name} must match ${cn_subject}
2925CS:name		name must match ${cert_subject}
2926CI:name		name must match ${cert_issuer}
2927
2928Example: e-mail sent to secure.example.com should only use an encrypted
2929connection.  E-mail received from hosts within the laptop.example.com domain
2930should only be accepted if they have been authenticated.  The host which
2931receives e-mail for darth@endmail.org must present a cert that uses the
2932CN smtp.endmail.org.
2933
2934TLS_Srv:secure.example.com      ENCR:112
2935TLS_Clt:laptop.example.com      PERM+VERIFY:112
2936TLS_Rcpt:darth@endmail.org	ENCR:112+CN:smtp.endmail.org
2937
2938
2939Disabling STARTTLS And Setting SMTP Server Features
2940---------------------------------------------------
2941
2942By default STARTTLS is used whenever possible.  However, there are
2943some broken MTAs that don't properly implement STARTTLS.  To be able
2944to send to (or receive from) those MTAs, the ruleset try_tls
2945(srv_features) can be used that work together with the access map.
2946Entries for the access map must be tagged with Try_TLS (Srv_Features)
2947and refer to the hostname or IP address of the connecting system.
2948A default case can be specified by using just the tag.  For example,
2949the following entries in the access map:
2950
2951	Try_TLS:broken.server	NO
2952	Srv_Features:my.domain	v
2953	Srv_Features:		V
2954
2955will turn off STARTTLS when sending to broken.server (or any host
2956in that domain), and request a client certificate during the TLS
2957handshake only for hosts in my.domain.  The valid entries on the RHS
2958for Srv_Features are listed in the Sendmail Installation and
2959Operations Guide.
2960
2961
2962Received: Header
2963----------------
2964
2965The Received: header reveals whether STARTTLS has been used.  It contains an
2966extra line:
2967
2968(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
2969
2970
2971+--------------------------------+
2972| ADDING NEW MAILERS OR RULESETS |
2973+--------------------------------+
2974
2975Sometimes you may need to add entirely new mailers or rulesets.  They
2976should be introduced with the constructs MAILER_DEFINITIONS and
2977LOCAL_RULESETS respectively.  For example:
2978
2979	MAILER_DEFINITIONS
2980	Mmymailer, ...
2981	...
2982
2983	LOCAL_RULESETS
2984	Smyruleset
2985	...
2986
2987Local additions for the rulesets srv_features, try_tls, tls_rcpt,
2988tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
2989LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
2990respectively.  For example, to add a local ruleset that decides
2991whether to try STARTTLS in a sendmail client, use:
2992
2993	LOCAL_TRY_TLS
2994	R...
2995
2996Note: you don't need to add a name for the ruleset, it is implicitly
2997defined by using the appropriate macro.
2998
2999
3000+-------------------------+
3001| ADDING NEW MAIL FILTERS |
3002+-------------------------+
3003
3004Sendmail supports mail filters to filter incoming SMTP messages according
3005to the "Sendmail Mail Filter API" documentation.  These filters can be
3006configured in your mc file using the two commands:
3007
3008	MAIL_FILTER(`name', `equates')
3009	INPUT_MAIL_FILTER(`name', `equates')
3010
3011The first command, MAIL_FILTER(), simply defines a filter with the given
3012name and equates.  For example:
3013
3014	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3015
3016This creates the equivalent sendmail.cf entry:
3017
3018	Xarchive, S=local:/var/run/archivesock, F=R
3019
3020The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
3021but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
3022of the filter such that the filter will actually be called by sendmail.
3023
3024For example, the two commands:
3025
3026	INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3027	INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3028
3029are equivalent to the three commands:
3030
3031	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3032	MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3033	define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
3034
3035In general, INPUT_MAIL_FILTER() should be used unless you need to define
3036more filters than you want to use for `confINPUT_MAIL_FILTERS'.
3037
3038Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
3039commands will clear the list created by the prior INPUT_MAIL_FILTER()
3040commands.
3041
3042
3043+-------------------------+
3044| QUEUE GROUP DEFINITIONS |
3045+-------------------------+
3046
3047In addition to the queue directory (which is the default queue group
3048called "mqueue"), sendmail can deal with multiple queue groups, which
3049are collections of queue directories with the same behaviour.  Queue
3050groups can be defined using the command:
3051
3052	QUEUE_GROUP(`name', `equates')
3053
3054For details about queue groups, please see doc/op/op.{me,ps,txt}.
3055
3056+-------------------------------+
3057| NON-SMTP BASED CONFIGURATIONS |
3058+-------------------------------+
3059
3060These configuration files are designed primarily for use by
3061SMTP-based sites.  They may not be well tuned for UUCP-only or
3062UUCP-primarily nodes (the latter is defined as a small local net
3063connected to the rest of the world via UUCP).  However, there is
3064one hook to handle some special cases.
3065
3066You can define a ``smart host'' that understands a richer address syntax
3067using:
3068
3069	define(`SMART_HOST', `mailer:hostname')
3070
3071In this case, the ``mailer:'' defaults to "relay".  Any messages that
3072can't be handled using the usual UUCP rules are passed to this host.
3073
3074If you are on a local SMTP-based net that connects to the outside
3075world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
3076For example:
3077
3078	define(`SMART_HOST', `uucp-new:uunet')
3079	LOCAL_NET_CONFIG
3080	R$* < @ $* .$m. > $*	$#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
3081
3082This will cause all names that end in your domain name ($m) to be sent
3083via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3084If you have FEATURE(`nocanonify'), you may need to omit the dots after
3085the $m.  If you are running a local DNS inside your domain which is
3086not otherwise connected to the outside world, you probably want to
3087use:
3088
3089	define(`SMART_HOST', `smtp:fire.wall.com')
3090	LOCAL_NET_CONFIG
3091	R$* < @ $* . > $*	$#smtp $@ $2. $: $1 < @ $2. > $3
3092
3093That is, send directly only to things you found in your DNS lookup;
3094anything else goes through SMART_HOST.
3095
3096You may need to turn off the anti-spam rules in order to accept
3097UUCP mail with FEATURE(`promiscuous_relay') and
3098FEATURE(`accept_unresolvable_domains').
3099
3100
3101+-----------+
3102| WHO AM I? |
3103+-----------+
3104
3105Normally, the $j macro is automatically defined to be your fully
3106qualified domain name (FQDN).  Sendmail does this by getting your
3107host name using gethostname and then calling gethostbyname on the
3108result.  For example, in some environments gethostname returns
3109only the root of the host name (such as "foo"); gethostbyname is
3110supposed to return the FQDN ("foo.bar.com").  In some (fairly rare)
3111cases, gethostbyname may fail to return the FQDN.  In this case
3112you MUST define confDOMAIN_NAME to be your fully qualified domain
3113name.  This is usually done using:
3114
3115	Dmbar.com
3116	define(`confDOMAIN_NAME', `$w.$m')dnl
3117
3118
3119+-----------------------------------+
3120| ACCEPTING MAIL FOR MULTIPLE NAMES |
3121+-----------------------------------+
3122
3123If your host is known by several different names, you need to augment
3124class {w}.  This is a list of names by which your host is known, and
3125anything sent to an address using a host name in this list will be
3126treated as local mail.  You can do this in two ways:  either create the
3127file /etc/mail/local-host-names containing a list of your aliases (one per
3128line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3129``LOCAL_DOMAIN(`alias.host.name')''.  Be sure you use the fully-qualified
3130name of the host, rather than a short name.
3131
3132If you want to have different address in different domains, take
3133a look at the virtusertable feature, which is also explained at
3134http://www.sendmail.org/virtual-hosting.html
3135
3136
3137+--------------------+
3138| USING MAILERTABLES |
3139+--------------------+
3140
3141To use FEATURE(`mailertable'), you will have to create an external
3142database containing the routing information for various domains.
3143For example, a mailertable file in text format might be:
3144
3145	.my.domain		xnet:%1.my.domain
3146	uuhost1.my.domain	uucp-new:uuhost1
3147	.bitnet			smtp:relay.bit.net
3148
3149This should normally be stored in /etc/mail/mailertable.  The actual
3150database version of the mailertable is built using:
3151
3152	makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3153
3154The semantics are simple.  Any LHS entry that does not begin with
3155a dot matches the full host name indicated.  LHS entries beginning
3156with a dot match anything ending with that domain name (including
3157the leading dot) -- that is, they can be thought of as having a
3158leading ".+" regular expression pattern for a non-empty sequence of
3159characters.  Matching is done in order of most-to-least qualified
3160-- for example, even though ".my.domain" is listed first in the
3161above example, an entry of "uuhost1.my.domain" will match the second
3162entry since it is more explicit.  Note: e-mail to "user@my.domain"
3163does not match any entry in the above table.  You need to have
3164something like:
3165
3166	my.domain		esmtp:host.my.domain
3167
3168The RHS should always be a "mailer:host" pair.  The mailer is the
3169configuration name of a mailer (that is, an M line in the
3170sendmail.cf file).  The "host" will be the hostname passed to
3171that mailer.  In domain-based matches (that is, those with leading
3172dots) the "%1" may be used to interpolate the wildcarded part of
3173the host name.  For example, the first line above sends everything
3174addressed to "anything.my.domain" to that same host name, but using
3175the (presumably experimental) xnet mailer.
3176
3177In some cases you may want to temporarily turn off MX records,
3178particularly on gateways.  For example, you may want to MX
3179everything in a domain to one machine that then forwards it
3180directly.  To do this, you might use the DNS configuration:
3181
3182	*.domain.	IN	MX	0	relay.machine
3183
3184and on relay.machine use the mailertable:
3185
3186	.domain		smtp:[gateway.domain]
3187
3188The [square brackets] turn off MX records for this host only.
3189If you didn't do this, the mailertable would use the MX record
3190again, which would give you an MX loop.  Note that the use of
3191wildcard MX records is almost always a bad idea.  Please avoid
3192using them if possible.
3193
3194
3195+--------------------------------+
3196| USING USERDB TO MAP FULL NAMES |
3197+--------------------------------+
3198
3199The user database was not originally intended for mapping full names
3200to login names (e.g., Eric.Allman => eric), but some people are using
3201it that way.  (it is recommended that you set up aliases for this
3202purpose instead -- since you can specify multiple alias files, this
3203is fairly easy.)  The intent was to locate the default maildrop at
3204a site, but allow you to override this by sending to a specific host.
3205
3206If you decide to set up the user database in this fashion, it is
3207imperative that you not use FEATURE(`stickyhost') -- otherwise,
3208e-mail sent to Full.Name@local.host.name will be rejected.
3209
3210To build the internal form of the user database, use:
3211
3212	makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3213
3214As a general rule, it is an extremely bad idea to using full names
3215as e-mail addresses, since they are not in any sense unique.  For
3216example, the UNIX software-development community has at least two
3217well-known Peter Deutsches, and at one time Bell Labs had two
3218Stephen R. Bournes with offices along the same hallway.  Which one
3219will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3220The less famous of the two, or the one that was hired later?
3221
3222Finger should handle full names (and be fuzzy).  Mail should use
3223handles, and not be fuzzy.
3224
3225
3226+--------------------------------+
3227| MISCELLANEOUS SPECIAL FEATURES |
3228+--------------------------------+
3229
3230Plussed users
3231	Sometimes it is convenient to merge configuration on a
3232	centralized mail machine, for example, to forward all
3233	root mail to a mail server.  In this case it might be
3234	useful to be able to treat the root addresses as a class
3235	of addresses with subtle differences.  You can do this
3236	using plussed users.  For example, a client might include
3237	the alias:
3238
3239		root:  root+client1@server
3240
3241	On the server, this will match an alias for "root+client1".
3242	If that is not found, the alias "root+*" will be tried,
3243	then "root".
3244
3245
3246+----------------+
3247| SECURITY NOTES |
3248+----------------+
3249
3250A lot of sendmail security comes down to you.  Sendmail 8 is much
3251more careful about checking for security problems than previous
3252versions, but there are some things that you still need to watch
3253for.  In particular:
3254
3255* Make sure the aliases file is not writable except by trusted
3256  system personnel.  This includes both the text and database
3257  version.
3258
3259* Make sure that other files that sendmail reads, such as the
3260  mailertable, are only writable by trusted system personnel.
3261
3262* The queue directory should not be world writable PARTICULARLY
3263  if your system allows "file giveaways" (that is, if a non-root
3264  user can chown any file they own to any other user).
3265
3266* If your system allows file giveaways, DO NOT create a publically
3267  writable directory for forward files.  This will allow anyone
3268  to steal anyone else's e-mail.  Instead, create a script that
3269  copies the .forward file from users' home directories once a
3270  night (if you want the non-NFS-mounted forward directory).
3271
3272* If your system allows file giveaways, you'll find that
3273  sendmail is much less trusting of :include: files -- in
3274  particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3275  /etc/shells before they will be trusted (that is, before
3276  files and programs listed in them will be honored).
3277
3278In general, file giveaways are a mistake -- if you can turn them
3279off, do so.
3280
3281
3282+--------------------------------+
3283| TWEAKING CONFIGURATION OPTIONS |
3284+--------------------------------+
3285
3286There are a large number of configuration options that don't normally
3287need to be changed.  However, if you feel you need to tweak them,
3288you can define the following M4 variables. Note that some of these
3289variables require formats that are defined in RFC 2821 or RFC 2822.
3290Before changing them you need to make sure you do not violate those
3291(and other relevant) RFCs.
3292
3293This list is shown in four columns:  the name you define, the default
3294value for that definition, the option or macro that is affected
3295(either Ox for an option or Dx for a macro), and a brief description.
3296
3297Some options are likely to be deprecated in future versions -- that is,
3298the option is only included to provide back-compatibility.  These are
3299marked with "*".
3300
3301Remember that these options are M4 variables, and hence may need to
3302be quoted.  In particular, arguments with commas will usually have to
3303be ``double quoted, like this phrase'' to avoid having the comma
3304confuse things.  This is common for alias file definitions and for
3305the read timeout.
3306
3307M4 Variable Name	Configuration	[Default] & Description
3308================	=============	=======================
3309confMAILER_NAME		$n macro	[MAILER-DAEMON] The sender name used
3310					for internally generated outgoing
3311					messages.
3312confDOMAIN_NAME		$j macro	If defined, sets $j.  This should
3313					only be done if your system cannot
3314					determine your local domain name,
3315					and then it should be set to
3316					$w.Foo.COM, where Foo.COM is your
3317					domain name.
3318confCF_VERSION		$Z macro	If defined, this is appended to the
3319					configuration version name.
3320confLDAP_CLUSTER	${sendmailMTACluster} macro
3321					If defined, this is the LDAP
3322					cluster to use for LDAP searches
3323					as described above in ``USING LDAP
3324					FOR ALIASES, MAPS, AND CLASSES''.
3325confFROM_HEADER		From:		[$?x$x <$g>$|$g$.] The format of an
3326					internally generated From: address.
3327confRECEIVED_HEADER	Received:
3328		[$?sfrom $s $.$?_($?s$|from $.$_)
3329			$.$?{auth_type}(authenticated)
3330			$.by $j ($v/$Z)$?r with $r$. id $i$?u
3331			for $u; $|;
3332			$.$b]
3333					The format of the Received: header
3334					in messages passed through this host.
3335					It is unwise to try to change this.
3336confMESSAGEID_HEADER	Message-Id:	[<$t.$i@$j>] The format of an
3337					internally generated Message-Id:
3338					header.
3339confCW_FILE		Fw class	[/etc/mail/local-host-names] Name
3340					of file used to get the local
3341					additions to class {w} (local host
3342					names).
3343confCT_FILE		Ft class	[/etc/mail/trusted-users] Name of
3344					file used to get the local additions
3345					to class {t} (trusted users).
3346confCR_FILE		FR class	[/etc/mail/relay-domains] Name of
3347					file used to get the local additions
3348					to class {R} (hosts allowed to relay).
3349confTRUSTED_USERS	Ct class	[no default] Names of users to add to
3350					the list of trusted users.  This list
3351					always includes root, uucp, and daemon.
3352					See also FEATURE(`use_ct_file').
3353confTRUSTED_USER	TrustedUser	[no default] Trusted user for file
3354					ownership and starting the daemon.
3355					Not to be confused with
3356					confTRUSTED_USERS (see above).
3357confSMTP_MAILER		-		[esmtp] The mailer name used when
3358					SMTP connectivity is required.
3359					One of "smtp", "smtp8",
3360					"esmtp", or "dsmtp".
3361confUUCP_MAILER		-		[uucp-old] The mailer to be used by
3362					default for bang-format recipient
3363					addresses.  See also discussion of
3364					class {U}, class {Y}, and class {Z}
3365					in the MAILER(`uucp') section.
3366confLOCAL_MAILER	-		[local] The mailer name used when
3367					local connectivity is required.
3368					Almost always "local".
3369confRELAY_MAILER	-		[relay] The default mailer name used
3370					for relaying any mail (e.g., to a
3371					BITNET_RELAY, a SMART_HOST, or
3372					whatever).  This can reasonably be
3373					"uucp-new" if you are on a
3374					UUCP-connected site.
3375confSEVEN_BIT_INPUT	SevenBitInput	[False] Force input to seven bits?
3376confEIGHT_BIT_HANDLING	EightBitMode	[pass8] 8-bit data handling
3377confALIAS_WAIT		AliasWait	[10m] Time to wait for alias file
3378					rebuild until you get bored and
3379					decide that the apparently pending
3380					rebuild failed.
3381confMIN_FREE_BLOCKS	MinFreeBlocks	[100] Minimum number of free blocks on
3382					queue filesystem to accept SMTP mail.
3383					(Prior to 8.7 this was minfree/maxsize,
3384					where minfree was the number of free
3385					blocks and maxsize was the maximum
3386					message size.  Use confMAX_MESSAGE_SIZE
3387					for the second value now.)
3388confMAX_MESSAGE_SIZE	MaxMessageSize	[infinite] The maximum size of messages
3389					that will be accepted (in bytes).
3390confBLANK_SUB		BlankSub	[.] Blank (space) substitution
3391					character.
3392confCON_EXPENSIVE	HoldExpensive	[False] Avoid connecting immediately
3393					to mailers marked expensive.
3394confCHECKPOINT_INTERVAL	CheckpointInterval
3395					[10] Checkpoint queue files every N
3396					recipients.
3397confDELIVERY_MODE	DeliveryMode	[background] Default delivery mode.
3398confERROR_MODE		ErrorMode	[print] Error message mode.
3399confERROR_MESSAGE	ErrorHeader	[undefined] Error message header/file.
3400confSAVE_FROM_LINES	SaveFromLine	Save extra leading From_ lines.
3401confTEMP_FILE_MODE	TempFileMode	[0600] Temporary file mode.
3402confMATCH_GECOS		MatchGECOS	[False] Match GECOS field.
3403confMAX_HOP		MaxHopCount	[25] Maximum hop count.
3404confIGNORE_DOTS*	IgnoreDots	[False; always False in -bs or -bd
3405					mode] Ignore dot as terminator for
3406					incoming messages?
3407confBIND_OPTS		ResolverOptions	[undefined] Default options for DNS
3408					resolver.
3409confMIME_FORMAT_ERRORS*	SendMimeErrors	[True] Send error messages as MIME-
3410					encapsulated messages per RFC 1344.
3411confFORWARD_PATH	ForwardPath	[$z/.forward.$w:$z/.forward]
3412					The colon-separated list of places to
3413					search for .forward files.  N.B.: see
3414					the Security Notes section.
3415confMCI_CACHE_SIZE	ConnectionCacheSize
3416					[2] Size of open connection cache.
3417confMCI_CACHE_TIMEOUT	ConnectionCacheTimeout
3418					[5m] Open connection cache timeout.
3419confHOST_STATUS_DIRECTORY HostStatusDirectory
3420					[undefined] If set, host status is kept
3421					on disk between sendmail runs in the
3422					named directory tree.  This need not be
3423					a full pathname, in which case it is
3424					interpreted relative to the queue
3425					directory.
3426confSINGLE_THREAD_DELIVERY  SingleThreadDelivery
3427					[False] If this option and the
3428					HostStatusDirectory option are both
3429					set, single thread deliveries to other
3430					hosts.  That is, don't allow any two
3431					sendmails on this host to connect
3432					simultaneously to any other single
3433					host.  This can slow down delivery in
3434					some cases, in particular since a
3435					cached but otherwise idle connection
3436					to a host will prevent other sendmails
3437					from connecting to the other host.
3438confUSE_ERRORS_TO*	UseErrorsTo	[False] Use the Errors-To: header to
3439					deliver error messages.  This should
3440					not be necessary because of general
3441					acceptance of the envelope/header
3442					distinction.
3443confLOG_LEVEL		LogLevel	[9] Log level.
3444confME_TOO		MeToo		[True] Include sender in group
3445					expansions.  This option is
3446					deprecated and will be removed from
3447					a future version.
3448confCHECK_ALIASES	CheckAliases	[False] Check RHS of aliases when
3449					running newaliases.  Since this does
3450					DNS lookups on every address, it can
3451					slow down the alias rebuild process
3452					considerably on large alias files.
3453confOLD_STYLE_HEADERS*	OldStyleHeaders	[True] Assume that headers without
3454					special chars are old style.
3455confPRIVACY_FLAGS	PrivacyOptions	[authwarnings] Privacy flags.
3456confCOPY_ERRORS_TO	PostmasterCopy	[undefined] Address for additional
3457					copies of all error messages.
3458confQUEUE_FACTOR	QueueFactor	[600000] Slope of queue-only function.
3459confQUEUE_FILE_MODE	QueueFileMode	[undefined] Default permissions for
3460					queue files (octal).  If not set,
3461					sendmail uses 0600 unless its real
3462					and effective uid are different in
3463					which case it uses 0644.
3464confDONT_PRUNE_ROUTES	DontPruneRoutes	[False] Don't prune down route-addr
3465					syntax addresses to the minimum
3466					possible.
3467confSAFE_QUEUE*		SuperSafe	[True] Commit all messages to disk
3468					before forking.
3469confTO_INITIAL		Timeout.initial	[5m] The timeout waiting for a response
3470					on the initial connect.
3471confTO_CONNECT		Timeout.connect	[0] The timeout waiting for an initial
3472					connect() to complete.  This can only
3473					shorten connection timeouts; the kernel
3474					silently enforces an absolute maximum
3475					(which varies depending on the system).
3476confTO_ICONNECT		Timeout.iconnect
3477					[undefined] Like Timeout.connect, but
3478					applies only to the very first attempt
3479					to connect to a host in a message.
3480					This allows a single very fast pass
3481					followed by more careful delivery
3482					attempts in the future.
3483confTO_ACONNECT		Timeout.aconnect
3484					[0] The overall timeout waiting for
3485					all connection for a single delivery
3486					attempt to succeed.  If 0, no overall
3487					limit is applied.
3488confTO_HELO		Timeout.helo	[5m] The timeout waiting for a response
3489					to a HELO or EHLO command.
3490confTO_MAIL		Timeout.mail	[10m] The timeout waiting for a
3491					response to the MAIL command.
3492confTO_RCPT		Timeout.rcpt	[1h] The timeout waiting for a response
3493					to the RCPT command.
3494confTO_DATAINIT		Timeout.datainit
3495					[5m] The timeout waiting for a 354
3496					response from the DATA command.
3497confTO_DATABLOCK	Timeout.datablock
3498					[1h] The timeout waiting for a block
3499					during DATA phase.
3500confTO_DATAFINAL	Timeout.datafinal
3501					[1h] The timeout waiting for a response
3502					to the final "." that terminates a
3503					message.
3504confTO_RSET		Timeout.rset	[5m] The timeout waiting for a response
3505					to the RSET command.
3506confTO_QUIT		Timeout.quit	[2m] The timeout waiting for a response
3507					to the QUIT command.
3508confTO_MISC		Timeout.misc	[2m] The timeout waiting for a response
3509					to other SMTP commands.
3510confTO_COMMAND		Timeout.command	[1h] In server SMTP, the timeout
3511					waiting	for a command to be issued.
3512confTO_IDENT		Timeout.ident	[5s] The timeout waiting for a
3513					response to an IDENT query.
3514confTO_FILEOPEN		Timeout.fileopen
3515					[60s] The timeout waiting for a file
3516					(e.g., :include: file) to be opened.
3517confTO_LHLO		Timeout.lhlo	[2m] The timeout waiting for a response
3518					to an LMTP LHLO command.
3519confTO_STARTTLS		Timeout.starttls
3520					[1h] The timeout waiting for a
3521					response to an SMTP STARTTLS command.
3522confTO_CONTROL		Timeout.control
3523					[2m] The timeout for a complete
3524					control socket transaction to complete.
3525confTO_QUEUERETURN	Timeout.queuereturn
3526					[5d] The timeout before a message is
3527					returned as undeliverable.
3528confTO_QUEUERETURN_NORMAL
3529			Timeout.queuereturn.normal
3530					[undefined] As above, for normal
3531					priority messages.
3532confTO_QUEUERETURN_URGENT
3533			Timeout.queuereturn.urgent
3534					[undefined] As above, for urgent
3535					priority messages.
3536confTO_QUEUERETURN_NONURGENT
3537			Timeout.queuereturn.non-urgent
3538					[undefined] As above, for non-urgent
3539					(low) priority messages.
3540confTO_QUEUERETURN_DSN
3541			Timeout.queuereturn.dsn
3542					[undefined] As above, for delivery
3543					status notification messages.
3544confTO_QUEUEWARN	Timeout.queuewarn
3545					[4h] The timeout before a warning
3546					message is sent to the sender telling
3547					them that the message has been
3548					deferred.
3549confTO_QUEUEWARN_NORMAL	Timeout.queuewarn.normal
3550					[undefined] As above, for normal
3551					priority messages.
3552confTO_QUEUEWARN_URGENT	Timeout.queuewarn.urgent
3553					[undefined] As above, for urgent
3554					priority messages.
3555confTO_QUEUEWARN_NONURGENT
3556			Timeout.queuewarn.non-urgent
3557					[undefined] As above, for non-urgent
3558					(low) priority messages.
3559confTO_QUEUEWARN_DSN
3560			Timeout.queuewarn.dsn
3561					[undefined] As above, for delivery
3562					status notification messages.
3563confTO_HOSTSTATUS	Timeout.hoststatus
3564					[30m] How long information about host
3565					statuses will be maintained before it
3566					is considered stale and the host should
3567					be retried.  This applies both within
3568					a single queue run and to persistent
3569					information (see below).
3570confTO_RESOLVER_RETRANS	Timeout.resolver.retrans
3571					[varies] Sets the resolver's
3572					retransmission time interval (in
3573					seconds).  Sets both
3574					Timeout.resolver.retrans.first and
3575					Timeout.resolver.retrans.normal.
3576confTO_RESOLVER_RETRANS_FIRST  Timeout.resolver.retrans.first
3577					[varies] Sets the resolver's
3578					retransmission time interval (in
3579					seconds) for the first attempt to
3580					deliver a message.
3581confTO_RESOLVER_RETRANS_NORMAL  Timeout.resolver.retrans.normal
3582					[varies] Sets the resolver's
3583					retransmission time interval (in
3584					seconds) for all resolver lookups
3585					except the first delivery attempt.
3586confTO_RESOLVER_RETRY	Timeout.resolver.retry
3587					[varies] Sets the number of times
3588					to retransmit a resolver query.
3589					Sets both
3590					Timeout.resolver.retry.first and
3591					Timeout.resolver.retry.normal.
3592confTO_RESOLVER_RETRY_FIRST  Timeout.resolver.retry.first
3593					[varies] Sets the number of times
3594					to retransmit a resolver query for
3595					the first attempt to deliver a
3596					message.
3597confTO_RESOLVER_RETRY_NORMAL  Timeout.resolver.retry.normal
3598					[varies] Sets the number of times
3599					to retransmit a resolver query for
3600					all resolver lookups except the
3601					first delivery attempt.
3602confTIME_ZONE		TimeZoneSpec	[USE_SYSTEM] Time zone info -- can be
3603					USE_SYSTEM to use the system's idea,
3604					USE_TZ to use the user's TZ envariable,
3605					or something else to force that value.
3606confDEF_USER_ID		DefaultUser	[1:1] Default user id.
3607confUSERDB_SPEC		UserDatabaseSpec
3608					[undefined] User database
3609					specification.
3610confFALLBACK_MX		FallbackMXhost	[undefined] Fallback MX host.
3611confFALLBACK_SMARTHOST	FallbackSmartHost
3612					[undefined] Fallback smart host.
3613confTRY_NULL_MX_LIST	TryNullMXList	[False] If this host is the best MX
3614					for a host and other arrangements
3615					haven't been made, try connecting
3616					to the host directly; normally this
3617					would be a config error.
3618confQUEUE_LA		QueueLA		[varies] Load average at which
3619					queue-only function kicks in.
3620					Default values is (8 * numproc)
3621					where numproc is the number of
3622					processors online (if that can be
3623					determined).
3624confREFUSE_LA		RefuseLA	[varies] Load average at which
3625					incoming SMTP connections are
3626					refused.  Default values is (12 *
3627					numproc) where numproc is the
3628					number of processors online (if
3629					that can be determined).
3630confREJECT_LOG_INTERVAL	RejectLogInterval	[3h] Log interval when
3631					refusing connections for this long.
3632confDELAY_LA		DelayLA		[0] Load average at which sendmail
3633					will sleep for one second on most
3634					SMTP commands and before accepting
3635					connections.  0 means no limit.
3636confMAX_ALIAS_RECURSION	MaxAliasRecursion
3637					[10] Maximum depth of alias recursion.
3638confMAX_DAEMON_CHILDREN	MaxDaemonChildren
3639					[undefined] The maximum number of
3640					children the daemon will permit.  After
3641					this number, connections will be
3642					rejected.  If not set or <= 0, there is
3643					no limit.
3644confMAX_HEADERS_LENGTH	MaxHeadersLength
3645					[32768] Maximum length of the sum
3646					of all headers.
3647confMAX_MIME_HEADER_LENGTH  MaxMimeHeaderLength
3648					[undefined] Maximum length of
3649					certain MIME header field values.
3650confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
3651					[undefined] The maximum number of
3652					connections permitted per second per
3653					daemon.  After this many connections
3654					are accepted, further connections
3655					will be delayed.  If not set or <= 0,
3656					there is no limit.
3657confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
3658					[60s] Define the length of the
3659					interval for which the number of
3660					incoming connections is maintained.
3661confWORK_RECIPIENT_FACTOR
3662			RecipientFactor	[30000] Cost of each recipient.
3663confSEPARATE_PROC	ForkEachJob	[False] Run all deliveries in a
3664					separate process.
3665confWORK_CLASS_FACTOR	ClassFactor	[1800] Priority multiplier for class.
3666confWORK_TIME_FACTOR	RetryFactor	[90000] Cost of each delivery attempt.
3667confQUEUE_SORT_ORDER	QueueSortOrder	[Priority] Queue sort algorithm:
3668					Priority, Host, Filename, Random,
3669					Modification, or Time.
3670confMIN_QUEUE_AGE	MinQueueAge	[0] The minimum amount of time a job
3671					must sit in the queue between queue
3672					runs.  This allows you to set the
3673					queue run interval low for better
3674					responsiveness without trying all
3675					jobs in each run.
3676confDEF_CHAR_SET	DefaultCharSet	[unknown-8bit] When converting
3677					unlabeled 8 bit input to MIME, the
3678					character set to use by default.
3679confSERVICE_SWITCH_FILE	ServiceSwitchFile
3680					[/etc/mail/service.switch] The file
3681					to use for the service switch on
3682					systems that do not have a
3683					system-defined switch.
3684confHOSTS_FILE		HostsFile	[/etc/hosts] The file to use when doing
3685					"file" type access of hosts names.
3686confDIAL_DELAY		DialDelay	[0s] If a connection fails, wait this
3687					long and try again.  Zero means "don't
3688					retry".  This is to allow "dial on
3689					demand" connections to have enough time
3690					to complete a connection.
3691confNO_RCPT_ACTION	NoRecipientAction
3692					[none] What to do if there are no legal
3693					recipient fields (To:, Cc: or Bcc:)
3694					in the message.  Legal values can
3695					be "none" to just leave the
3696					nonconforming message as is, "add-to"
3697					to add a To: header with all the
3698					known recipients (which may expose
3699					blind recipients), "add-apparently-to"
3700					to do the same but use Apparently-To:
3701					instead of To: (strongly discouraged
3702					in accordance with IETF standards),
3703					"add-bcc" to add an empty Bcc:
3704					header, or "add-to-undisclosed" to
3705					add the header
3706					``To: undisclosed-recipients:;''.
3707confSAFE_FILE_ENV	SafeFileEnvironment
3708					[undefined] If set, sendmail will do a
3709					chroot() into this directory before
3710					writing files.
3711confCOLON_OK_IN_ADDR	ColonOkInAddr	[True unless Configuration Level > 6]
3712					If set, colons are treated as a regular
3713					character in addresses.  If not set,
3714					they are treated as the introducer to
3715					the RFC 822 "group" syntax.  Colons are
3716					handled properly in route-addrs.  This
3717					option defaults on for V5 and lower
3718					configuration files.
3719confMAX_QUEUE_RUN_SIZE	MaxQueueRunSize	[0] If set, limit the maximum size of
3720					any given queue run to this number of
3721					entries.  Essentially, this will stop
3722					reading each queue directory after this
3723					number of entries are reached; it does
3724					_not_ pick the highest priority jobs,
3725					so this should be as large as your
3726					system can tolerate.  If not set, there
3727					is no limit.
3728confMAX_QUEUE_CHILDREN	MaxQueueChildren
3729					[undefined] Limits the maximum number
3730					of concurrent queue runners active.
3731					This is to keep system resources used
3732					within a reasonable limit.  Relates to
3733					Queue Groups and ForkEachJob.
3734confMAX_RUNNERS_PER_QUEUE	MaxRunnersPerQueue
3735					[1] Only active when MaxQueueChildren
3736					defined.  Controls the maximum number
3737					of queue runners (aka queue children)
3738					active at the same time in a work
3739					group.  See also MaxQueueChildren.
3740confDONT_EXPAND_CNAMES	DontExpandCnames
3741					[False] If set, $[ ... $] lookups that
3742					do DNS based lookups do not expand
3743					CNAME records.  This currently violates
3744					the published standards, but the IETF
3745					seems to be moving toward legalizing
3746					this.  For example, if "FTP.Foo.ORG"
3747					is a CNAME for "Cruft.Foo.ORG", then
3748					with this option set a lookup of
3749					"FTP" will return "FTP.Foo.ORG"; if
3750					clear it returns "Cruft.FOO.ORG".  N.B.
3751					you may not see any effect until your
3752					downstream neighbors stop doing CNAME
3753					lookups as well.
3754confFROM_LINE		UnixFromLine	[From $g $d] The From_ line used
3755					when sending to files or programs.
3756confSINGLE_LINE_FROM_HEADER  SingleLineFromHeader
3757					[False] From: lines that have
3758					embedded newlines are unwrapped
3759					onto one line.
3760confALLOW_BOGUS_HELO	AllowBogusHELO	[False] Allow HELO SMTP command that
3761					does not include a host name.
3762confMUST_QUOTE_CHARS	MustQuoteChars	[.'] Characters to be quoted in a full
3763					name phrase (@,;:\()[] are automatic).
3764confOPERATORS		OperatorChars	[.:%@!^/[]+] Address operator
3765					characters.
3766confSMTP_LOGIN_MSG	SmtpGreetingMessage
3767					[$j Sendmail $v/$Z; $b]
3768					The initial (spontaneous) SMTP
3769					greeting message.  The word "ESMTP"
3770					will be inserted between the first and
3771					second words to convince other
3772					sendmails to try to speak ESMTP.
3773confDONT_INIT_GROUPS	DontInitGroups	[False] If set, the initgroups(3)
3774					routine will never be invoked.  You
3775					might want to do this if you are
3776					running NIS and you have a large group
3777					map, since this call does a sequential
3778					scan of the map; in a large site this
3779					can cause your ypserv to run
3780					essentially full time.  If you set
3781					this, agents run on behalf of users
3782					will only have their primary
3783					(/etc/passwd) group permissions.
3784confUNSAFE_GROUP_WRITES	UnsafeGroupWrites
3785					[True] If set, group-writable
3786					:include: and .forward files are
3787					considered "unsafe", that is, programs
3788					and files cannot be directly referenced
3789					from such files.  World-writable files
3790					are always considered unsafe.
3791					Notice: this option is deprecated and
3792					will be removed in future versions;
3793					Set GroupWritableForwardFileSafe
3794					and GroupWritableIncludeFileSafe in
3795					DontBlameSendmail if required.
3796confCONNECT_ONLY_TO	ConnectOnlyTo	[undefined] override connection
3797					address (for testing).
3798confCONTROL_SOCKET_NAME	ControlSocketName
3799					[undefined] Control socket for daemon
3800					management.
3801confDOUBLE_BOUNCE_ADDRESS  DoubleBounceAddress
3802					[postmaster] If an error occurs when
3803					sending an error message, send that
3804					"double bounce" error message to this
3805					address.  If it expands to an empty
3806					string, double bounces are dropped.
3807confSOFT_BOUNCE		SoftBounce	[False] If set, issue temporary errors
3808					(4xy) instead of permanent errors
3809					(5xy).  This can be useful during
3810					testing of a new configuration to
3811					avoid erroneous bouncing of mails.
3812confDEAD_LETTER_DROP	DeadLetterDrop	[undefined] Filename to save bounce
3813					messages which could not be returned
3814					to the user or sent to postmaster.
3815					If not set, the queue file will
3816					be renamed.
3817confRRT_IMPLIES_DSN	RrtImpliesDsn	[False] Return-Receipt-To: header
3818					implies DSN request.
3819confRUN_AS_USER		RunAsUser	[undefined] If set, become this user
3820					when reading and delivering mail.
3821					Causes all file reads (e.g., .forward
3822					and :include: files) to be done as
3823					this user.  Also, all programs will
3824					be run as this user, and all output
3825					files will be written as this user.
3826confMAX_RCPTS_PER_MESSAGE  MaxRecipientsPerMessage
3827					[infinite] If set, allow no more than
3828					the specified number of recipients in
3829					an SMTP envelope.  Further recipients
3830					receive a 452 error code (i.e., they
3831					are deferred for the next delivery
3832					attempt).
3833confBAD_RCPT_THROTTLE	BadRcptThrottle	[infinite] If set and the specified
3834					number of recipients in a single SMTP
3835					transaction have been rejected, sleep
3836					for one second after each subsequent
3837					RCPT command in that transaction.
3838confDONT_PROBE_INTERFACES  DontProbeInterfaces
3839					[False] If set, sendmail will _not_
3840					insert the names and addresses of any
3841					local interfaces into class {w}
3842					(list of known "equivalent" addresses).
3843					If you set this, you must also include
3844					some support for these addresses (e.g.,
3845					in a mailertable entry) -- otherwise,
3846					mail to addresses in this list will
3847					bounce with a configuration error.
3848					If set to "loopback" (without
3849					quotes), sendmail will skip
3850					loopback interfaces (e.g., "lo0").
3851confPID_FILE		PidFile		[system dependent] Location of pid
3852					file.
3853confPROCESS_TITLE_PREFIX  ProcessTitlePrefix
3854					[undefined] Prefix string for the
3855					process title shown on 'ps' listings.
3856confDONT_BLAME_SENDMAIL	DontBlameSendmail
3857					[safe] Override sendmail's file
3858					safety checks.  This will definitely
3859					compromise system security and should
3860					not be used unless absolutely
3861					necessary.
3862confREJECT_MSG		-		[550 Access denied] The message
3863					given if the access database contains
3864					REJECT in the value portion.
3865confRELAY_MSG		-		[550 Relaying denied] The message
3866					given if an unauthorized relaying
3867					attempt is rejected.
3868confDF_BUFFER_SIZE	DataFileBufferSize
3869					[4096] The maximum size of a
3870					memory-buffered data (df) file
3871					before a disk-based file is used.
3872confXF_BUFFER_SIZE	XScriptFileBufferSize
3873					[4096] The maximum size of a
3874					memory-buffered transcript (xf)
3875					file before a disk-based file is
3876					used.
3877confTLS_SRV_OPTIONS	TLSSrvOptions	If this option is 'V' no client
3878					verification is performed, i.e.,
3879					the server doesn't ask for a
3880					certificate.
3881confLDAP_DEFAULT_SPEC	LDAPDefaultSpec	[undefined] Default map
3882					specification for LDAP maps.  The
3883					value should only contain LDAP
3884					specific settings such as "-h host
3885					-p port -d bindDN", etc.  The
3886					settings will be used for all LDAP
3887					maps unless they are specified in
3888					the individual map specification
3889					('K' command).
3890confCACERT_PATH		CACertPath	[undefined] Path to directory
3891					with certs of CAs.
3892confCACERT		CACertFile	[undefined] File containing one CA
3893					cert.
3894confSERVER_CERT		ServerCertFile	[undefined] File containing the
3895					cert of the server, i.e., this cert
3896					is used when sendmail acts as
3897					server.
3898confSERVER_KEY		ServerKeyFile	[undefined] File containing the
3899					private key belonging to the server
3900					cert.
3901confCLIENT_CERT		ClientCertFile	[undefined] File containing the
3902					cert of the client, i.e., this cert
3903					is used when sendmail acts as
3904					client.
3905confCLIENT_KEY		ClientKeyFile	[undefined] File containing the
3906					private key belonging to the client
3907					cert.
3908confCRL			CRLFile		[undefined] File containing certificate
3909					revocation status, useful for X.509v3
3910					authentication. Note that CRL requires
3911					at least OpenSSL version 0.9.7.
3912confDH_PARAMETERS	DHParameters	[undefined] File containing the
3913					DH parameters.
3914confRAND_FILE		RandFile	[undefined] File containing random
3915					data (use prefix file:) or the
3916					name of the UNIX socket if EGD is
3917					used (use prefix egd:).  STARTTLS
3918					requires this option if the compile
3919					flag HASURANDOM is not set (see
3920					sendmail/README).
3921confNICE_QUEUE_RUN	NiceQueueRun	[undefined]  If set, the priority of
3922					queue runners is set the given value
3923					(nice(3)).
3924confDIRECT_SUBMISSION_MODIFIERS	DirectSubmissionModifiers
3925					[undefined] Defines {daemon_flags}
3926					for direct submissions.
3927confUSE_MSP		UseMSP		[undefined] Use as mail submission
3928					program.
3929confDELIVER_BY_MIN	DeliverByMin	[0] Minimum time for Deliver By
3930					SMTP Service Extension (RFC 2852).
3931confREQUIRES_DIR_FSYNC	RequiresDirfsync	[true] RequiresDirfsync can
3932					be used to turn off the compile time
3933					flag REQUIRES_DIR_FSYNC at runtime.
3934					See sendmail/README for details.
3935confSHARED_MEMORY_KEY	SharedMemoryKey [0] Key for shared memory.
3936confSHARED_MEMORY_KEY_FILE
3937			SharedMemoryKeyFile
3938					[undefined] File where the
3939					automatically selected key for
3940					shared memory is stored.
3941confFAST_SPLIT		FastSplit	[1] If set to a value greater than
3942					zero, the initial MX lookups on
3943					addresses is suppressed when they
3944					are sorted which may result in
3945					faster envelope splitting.  If the
3946					mail is submitted directly from the
3947					command line, then the value also
3948					limits the number of processes to
3949					deliver the envelopes.
3950confMAILBOX_DATABASE	MailboxDatabase	[pw] Type of lookup to find
3951					information about local mailboxes.
3952confDEQUOTE_OPTS	-		[empty] Additional options for the
3953					dequote map.
3954confMAX_NOOP_COMMANDS	MaxNOOPCommands	[20] Maximum number of "useless"
3955					commands before the SMTP server
3956					will slow down responding.
3957confHELO_NAME		HeloName	If defined, use as name for EHLO/HELO
3958					command (instead of $j).
3959confINPUT_MAIL_FILTERS	InputMailFilters
3960					A comma separated list of filters
3961					which determines which filters and
3962					the invocation sequence are
3963					contacted for incoming SMTP
3964					messages.  If none are set, no
3965					filters will be contacted.
3966confMILTER_LOG_LEVEL	Milter.LogLevel	[9] Log level for input mail filter
3967					actions, defaults to LogLevel.
3968confMILTER_MACROS_CONNECT	Milter.macros.connect
3969					[j, _, {daemon_name}, {if_name},
3970					{if_addr}] Macros to transmit to
3971					milters when a session connection
3972					starts.
3973confMILTER_MACROS_HELO	Milter.macros.helo
3974					[{tls_version}, {cipher},
3975					{cipher_bits}, {cert_subject},
3976					{cert_issuer}] Macros to transmit to
3977					milters after HELO/EHLO command.
3978confMILTER_MACROS_ENVFROM	Milter.macros.envfrom
3979					[i, {auth_type}, {auth_authen},
3980					{auth_ssf}, {auth_author},
3981					{mail_mailer}, {mail_host},
3982					{mail_addr}] Macros to transmit to
3983					milters after MAIL FROM command.
3984confMILTER_MACROS_ENVRCPT	Milter.macros.envrcpt
3985					[{rcpt_mailer}, {rcpt_host},
3986					{rcpt_addr}] Macros to transmit to
3987					milters after RCPT TO command.
3988confMILTER_MACROS_EOM		Milter.macros.eom
3989					[{msg_id}] Macros to transmit to
3990					milters after the terminating
3991					DATA '.' is received.
3992confMILTER_MACROS_EOH		Milter.macros.eoh
3993					Macros to transmit to milters
3994					after the end of headers.
3995confMILTER_MACROS_DATA		Milter.macros.data
3996					Macros to transmit to milters
3997					after DATA command is received.
3998
3999
4000See also the description of OSTYPE for some parameters that can be
4001tweaked (generally pathnames to mailers).
4002
4003ClientPortOptions and DaemonPortOptions are special cases since multiple
4004clients/daemons can be defined.  This can be done via
4005
4006	CLIENT_OPTIONS(`field1=value1,field2=value2,...')
4007	DAEMON_OPTIONS(`field1=value1,field2=value2,...')
4008
4009Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
4010ClientPortOptions settings) are allowed in order to give settings for each
4011protocol family (e.g., one for Family=inet and one for Family=inet6).  A
4012restriction placed on one family only affects outgoing connections on that
4013particular family.
4014
4015If DAEMON_OPTIONS is not used, then the default is
4016
4017	DAEMON_OPTIONS(`Port=smtp, Name=MTA')
4018	DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
4019
4020If you use one DAEMON_OPTIONS macro, it will alter the parameters
4021of the first of these.  The second will still be defaulted; it
4022represents a "Message Submission Agent" (MSA) as defined by RFC
40232476 (see below).  To turn off the default definition for the MSA,
4024use FEATURE(`no_default_msa') (see also FEATURES).  If you use
4025additional DAEMON_OPTIONS macros, they will add additional daemons.
4026
4027Example 1:  To change the port for the SMTP listener, while
4028still using the MSA default, use
4029	DAEMON_OPTIONS(`Port=925, Name=MTA')
4030
4031Example 2:  To change the port for the MSA daemon, while still
4032using the default SMTP port, use
4033	FEATURE(`no_default_msa')
4034	DAEMON_OPTIONS(`Name=MTA')
4035	DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
4036
4037Note that if the first of those DAEMON_OPTIONS lines were omitted, then
4038there would be no listener on the standard SMTP port.
4039
4040Example 3: To listen on both IPv4 and IPv6 interfaces, use
4041
4042	DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4043	DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4044
4045A "Message Submission Agent" still uses all of the same rulesets for
4046processing the message (and therefore still allows message rejection via
4047the check_* rulesets).  In accordance with the RFC, the MSA will ensure
4048that all domains in envelope addresses are fully qualified if the message
4049is relayed to another MTA.  It will also enforce the normal address syntax
4050rules and log error messages.  Additionally, by using the M=a modifier you
4051can require authentication before messages are accepted by the MSA.
4052Notice: Do NOT use the 'a' modifier on a public accessible MTA!  Finally,
4053the M=E modifier shown above disables ETRN as required by RFC 2476.
4054
4055Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
4056commands:
4057
4058	INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
4059	MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
4060
4061The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
4062same order they were specified by also setting confINPUT_MAIL_FILTERS.  A
4063filter can be defined without adding it to the input filter list by using
4064MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
4065Alternatively, you can reset the list of filters and their order by setting
4066confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
4067your .mc file.
4068
4069
4070+----------------------------+
4071| MESSAGE SUBMISSION PROGRAM |
4072+----------------------------+
4073
4074This section contains a list of caveats and
4075a few hints how for those who want to tweak the default configuration
4076for it (which is installed as submit.cf).
4077
4078Notice: do not add options/features to submit.mc unless you are
4079absolutely sure you need them.  Options you may want to change
4080include:
4081
4082- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4083  avoiding X-Authentication warnings.
4084- confTIME_ZONE to change it from the default `USE_TZ'.
4085- confDELIVERY_MODE is set to interactive in msp.m4 instead
4086  of the default background mode.
4087- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4088  to the LOCAL_RELAY instead of the default relay.
4089
4090The MSP performs hostname canonicalization by default.  Mail may end
4091up for various DNS related reasons in the MSP queue.  This problem
4092can be minimized by using
4093
4094	FEATURE(`nocanonify', `canonify_hosts')
4095	define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
4096
4097See the discussion about nocanonify for possible side effects.
4098
4099Some things are not intended to work with the MSP.  These include
4100features that influence the delivery process (e.g., mailertable,
4101aliases), or those that are only important for a SMTP server (e.g.,
4102virtusertable, DaemonPortOptions, multiple queues).  Moreover,
4103relaxing certain restrictions (RestrictQueueRun, permissions on
4104queue directory) or adding features (e.g., enabling prog/file mailer)
4105can cause security problems.
4106
4107Other things don't work well with the MSP and require tweaking or
4108workarounds.
4109
4110The file and the map created by makemap should be owned by smmsp,
4111its group should be smmsp, and it should have mode 640.
4112
4113feature/msp.m4 defines almost all settings for the MSP.  Most of
4114those should not be changed at all.  Some of the features and options
4115can be overridden if really necessary.  It is a bit tricky to do
4116this, because it depends on the actual way the option is defined
4117in feature/msp.m4.  If it is directly defined (i.e., define()) then
4118the modified value must be defined after
4119
4120	FEATURE(`msp')
4121
4122If it is conditionally defined (i.e., ifdef()) then the desired
4123value must be defined before the FEATURE line in the .mc file.
4124To see how the options are defined read feature/msp.m4.
4125
4126
4127+--------------------------+
4128| FORMAT OF FILES AND MAPS |
4129+--------------------------+
4130
4131Files that define classes, i.e., F{classname}, consist of lines
4132each of which contains a single element of the class.  For example,
4133/etc/mail/local-host-names may have the following content:
4134
4135my.domain
4136another.domain
4137
4138Maps must be created using makemap(8) , e.g.,
4139
4140	makemap hash MAP < MAP
4141
4142In general, a text file from which a map is created contains lines
4143of the form
4144
4145key	value
4146
4147where 'key' and 'value' are also called LHS and RHS, respectively.
4148By default, the delimiter between LHS and RHS is a non-empty sequence
4149of white space characters.
4150
4151
4152+------------------+
4153| DIRECTORY LAYOUT |
4154+------------------+
4155
4156Within this directory are several subdirectories, to wit:
4157
4158m4		General support routines.  These are typically
4159		very important and should not be changed without
4160		very careful consideration.
4161
4162cf		The configuration files themselves.  They have
4163		".mc" suffixes, and must be run through m4 to
4164		become complete.  The resulting output should
4165		have a ".cf" suffix.
4166
4167ostype		Definitions describing a particular operating
4168		system type.  These should always be referenced
4169		using the OSTYPE macro in the .mc file.  Examples
4170		include "bsd4.3", "bsd4.4", "sunos3.5", and
4171		"sunos4.1".
4172
4173domain		Definitions describing a particular domain, referenced
4174		using the DOMAIN macro in the .mc file.  These are
4175		site dependent; for example, "CS.Berkeley.EDU.m4"
4176		describes hosts in the CS.Berkeley.EDU subdomain.
4177
4178mailer		Descriptions of mailers.  These are referenced using
4179		the MAILER macro in the .mc file.
4180
4181sh		Shell files used when building the .cf file from the
4182		.mc file in the cf subdirectory.
4183
4184feature		These hold special orthogonal features that you might
4185		want to include.  They should be referenced using
4186		the FEATURE macro.
4187
4188hack		Local hacks.  These can be referenced using the HACK
4189		macro.  They shouldn't be of more than voyeuristic
4190		interest outside the .Berkeley.EDU domain, but who knows?
4191
4192siteconfig	Site configuration -- e.g., tables of locally connected
4193		UUCP sites.
4194
4195
4196+------------------------+
4197| ADMINISTRATIVE DETAILS |
4198+------------------------+
4199
4200The following sections detail usage of certain internal parts of the
4201sendmail.cf file.  Read them carefully if you are trying to modify
4202the current model.  If you find the above descriptions adequate, these
4203should be {boring, confusing, tedious, ridiculous} (pick one or more).
4204
4205RULESETS (* means built in to sendmail)
4206
4207   0 *	Parsing
4208   1 *	Sender rewriting
4209   2 *	Recipient rewriting
4210   3 *	Canonicalization
4211   4 *	Post cleanup
4212   5 *	Local address rewrite (after aliasing)
4213  1x	mailer rules (sender qualification)
4214  2x	mailer rules (recipient qualification)
4215  3x	mailer rules (sender header qualification)
4216  4x	mailer rules (recipient header qualification)
4217  5x	mailer subroutines (general)
4218  6x	mailer subroutines (general)
4219  7x	mailer subroutines (general)
4220  8x	reserved
4221  90	Mailertable host stripping
4222  96	Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4223  97	Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4224  98	Local part of ruleset 0 (ruleset 8 in old sendmail)
4225
4226
4227MAILERS
4228
4229   0	local, prog	local and program mailers
4230   1	[e]smtp, relay	SMTP channel
4231   2	uucp-*		UNIX-to-UNIX Copy Program
4232   3	netnews		Network News delivery
4233   4	fax		Sam Leffler's HylaFAX software
4234   5	mail11		DECnet mailer
4235
4236
4237MACROS
4238
4239   A
4240   B	Bitnet Relay
4241   C	DECnet Relay
4242   D	The local domain -- usually not needed
4243   E	reserved for X.400 Relay
4244   F	FAX Relay
4245   G
4246   H	mail Hub (for mail clusters)
4247   I
4248   J
4249   K
4250   L	Luser Relay
4251   M	Masquerade (who you claim to be)
4252   N
4253   O
4254   P
4255   Q
4256   R	Relay (for unqualified names)
4257   S	Smart Host
4258   T
4259   U	my UUCP name (if you have a UUCP connection)
4260   V	UUCP Relay (class {V} hosts)
4261   W	UUCP Relay (class {W} hosts)
4262   X	UUCP Relay (class {X} hosts)
4263   Y	UUCP Relay (all other hosts)
4264   Z	Version number
4265
4266
4267CLASSES
4268
4269   A
4270   B	domains that are candidates for bestmx lookup
4271   C
4272   D
4273   E	addresses that should not seem to come from $M
4274   F	hosts this system forward for
4275   G	domains that should be looked up in genericstable
4276   H
4277   I
4278   J
4279   K
4280   L	addresses that should not be forwarded to $R
4281   M	domains that should be mapped to $M
4282   N	host/domains that should not be mapped to $M
4283   O	operators that indicate network operations (cannot be in local names)
4284   P	top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4285   Q
4286   R	domains this system is willing to relay (pass anti-spam filters)
4287   S
4288   T
4289   U	locally connected UUCP hosts
4290   V	UUCP hosts connected to relay $V
4291   W	UUCP hosts connected to relay $W
4292   X	UUCP hosts connected to relay $X
4293   Y	locally connected smart UUCP hosts
4294   Z	locally connected domain-ized UUCP hosts
4295   .	the class containing only a dot
4296   [	the class containing only a left bracket
4297
4298
4299M4 DIVERSIONS
4300
4301   1	Local host detection and resolution
4302   2	Local Ruleset 3 additions
4303   3	Local Ruleset 0 additions
4304   4	UUCP Ruleset 0 additions
4305   5	locally interpreted names (overrides $R)
4306   6	local configuration (at top of file)
4307   7	mailer definitions
4308   8	DNS based blacklists
4309   9	special local rulesets (1 and 2)
4310
4311$Revision: 8.727 $, Last updated $Date: 2009/05/07 23:46:17 $
4312