1 2 SENDMAIL CONFIGURATION FILES 3 4This document describes the sendmail configuration files. It 5explains how to create a sendmail.cf file for use with sendmail. 6It also describes how to set options for sendmail which are explained 7in the Sendmail Installation and Operation guide, which can be found 8on-line at http://www.sendmail.org/%7Eca/email/doc8.12/op.html . 9Recall this URL throughout this document when references to 10doc/op/op.* are made. 11 12Table of Content: 13 14INTRODUCTION AND EXAMPLE 15A BRIEF INTRODUCTION TO M4 16FILE LOCATIONS 17OSTYPE 18DOMAINS 19MAILERS 20FEATURES 21HACKS 22SITE CONFIGURATION 23USING UUCP MAILERS 24TWEAKING RULESETS 25MASQUERADING AND RELAYING 26USING LDAP FOR ALIASES, MAPS, AND CLASSES 27LDAP ROUTING 28ANTI-SPAM CONFIGURATION CONTROL 29CONNECTION CONTROL 30STARTTLS 31ADDING NEW MAILERS OR RULESETS 32ADDING NEW MAIL FILTERS 33QUEUE GROUP DEFINITIONS 34NON-SMTP BASED CONFIGURATIONS 35WHO AM I? 36ACCEPTING MAIL FOR MULTIPLE NAMES 37USING MAILERTABLES 38USING USERDB TO MAP FULL NAMES 39MISCELLANEOUS SPECIAL FEATURES 40SECURITY NOTES 41TWEAKING CONFIGURATION OPTIONS 42MESSAGE SUBMISSION PROGRAM 43FORMAT OF FILES AND MAPS 44DIRECTORY LAYOUT 45ADMINISTRATIVE DETAILS 46 47 48+--------------------------+ 49| INTRODUCTION AND EXAMPLE | 50+--------------------------+ 51 52Configuration files are contained in the subdirectory "cf", with a 53suffix ".mc". They must be run through "m4" to produce a ".cf" file. 54You must pre-load "cf.m4": 55 56 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 57 58Alternatively, you can simply: 59 60 cd ${CFDIR}/cf 61 /usr/ccs/bin/make config.cf 62 63where ${CFDIR} is the root of the cf directory and config.mc is the 64name of your configuration file. If you are running a version of M4 65that understands the __file__ builtin (versions of GNU m4 >= 0.75 do 66this, but the versions distributed with 4.4BSD and derivatives do not) 67or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. 68For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST 69use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: 70 71 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf 72 73Let's examine a typical .mc file: 74 75 divert(-1) 76 # 77 # Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers. 78 # All rights reserved. 79 # Copyright (c) 1983 Eric P. Allman. All rights reserved. 80 # Copyright (c) 1988, 1993 81 # The Regents of the University of California. All rights reserved. 82 # 83 # By using this file, you agree to the terms and conditions set 84 # forth in the LICENSE file which can be found at the top level of 85 # the sendmail distribution. 86 # 87 88 # 89 # This is a Berkeley-specific configuration file for HP-UX 9.x. 90 # It applies only to the Computer Science Division at Berkeley, 91 # and should not be used elsewhere. It is provided on the sendmail 92 # distribution as a sample only. To create your own configuration 93 # file, create an appropriate domain file in ../domain, change the 94 # `DOMAIN' macro below to reference that file, and copy the result 95 # to a name of your own choosing. 96 # 97 divert(0) 98 99The divert(-1) will delete the crud in the resulting output file. 100The copyright notice can be replaced by whatever your lawyers require; 101our lawyers require the one that is included in these files. A copyleft 102is a copyright by another name. The divert(0) restores regular output. 103 104 VERSIONID(`<SCCS or RCS version id>') 105 106VERSIONID is a macro that stuffs the version information into the 107resulting file. You could use SCCS, RCS, CVS, something else, or 108omit it completely. This is not the same as the version id included 109in SMTP greeting messages -- this is defined in m4/version.m4. 110 111 OSTYPE(`hpux9')dnl 112 113You must specify an OSTYPE to properly configure things such as the 114pathname of the help and status files, the flags needed for the local 115mailer, and other important things. If you omit it, you will get an 116error when you try to build the configuration. Look at the ostype 117directory for the list of known operating system types. 118 119 DOMAIN(`CS.Berkeley.EDU')dnl 120 121This example is specific to the Computer Science Division at Berkeley. 122You can use "DOMAIN(`generic')" to get a sufficiently bland definition 123that may well work for you, or you can create a customized domain 124definition appropriate for your environment. 125 126 MAILER(`local') 127 MAILER(`smtp') 128 129These describe the mailers used at the default CS site. The local 130mailer is always included automatically. Beware: MAILER declarations 131should only be followed by LOCAL_* sections. The general rules are 132that the order should be: 133 134 VERSIONID 135 OSTYPE 136 DOMAIN 137 FEATURE 138 local macro definitions 139 MAILER 140 LOCAL_CONFIG 141 LOCAL_RULE_* 142 LOCAL_RULESETS 143 144There are a few exceptions to this rule. Local macro definitions which 145influence a FEATURE() should be done before that feature. For example, 146a define(`PROCMAIL_MAILER_PATH', ...) should be done before 147FEATURE(`local_procmail'). 148 149 150+----------------------------+ 151| A BRIEF INTRODUCTION TO M4 | 152+----------------------------+ 153 154Sendmail uses the M4 macro processor to ``compile'' the configuration 155files. The most important thing to know is that M4 is stream-based, 156that is, it doesn't understand about lines. For this reason, in some 157places you may see the word ``dnl'', which stands for ``delete 158through newline''; essentially, it deletes all characters starting 159at the ``dnl'' up to and including the next newline character. In 160most cases sendmail uses this only to avoid lots of unnecessary 161blank lines in the output. 162 163Other important directives are define(A, B) which defines the macro 164``A'' to have value ``B''. Macros are expanded as they are read, so 165one normally quotes both values to prevent expansion. For example, 166 167 define(`SMART_HOST', `smart.foo.com') 168 169One word of warning: M4 macros are expanded even in lines that appear 170to be comments. For example, if you have 171 172 # See FEATURE(`foo') above 173 174it will not do what you expect, because the FEATURE(`foo') will be 175expanded. This also applies to 176 177 # And then define the $X macro to be the return address 178 179because ``define'' is an M4 keyword. If you want to use them, surround 180them with directed quotes, `like this'. 181 182Since m4 uses single quotes (opening "`" and closing "'") to quote 183arguments, those quotes can't be used in arguments. For example, 184it is not possible to define a rejection message containing a single 185quote. Usually there are simple workarounds by changing those 186messages; in the worst case it might be ok to change the value 187directly in the generated .cf file, which however is not advised. 188 189+----------------+ 190| FILE LOCATIONS | 191+----------------+ 192 193sendmail 8.9 has introduced a new configuration directory for sendmail 194related files, /etc/mail. The new files available for sendmail 8.9 -- 195the class {R} /etc/mail/relay-domains and the access database 196/etc/mail/access -- take advantage of this new directory. Beginning with 1978.10, all files will use this directory by default (some options may be 198set by OSTYPE() files). This new directory should help to restore 199uniformity to sendmail's file locations. 200 201Below is a table of some of the common changes: 202 203Old filename New filename 204------------ ------------ 205/etc/bitdomain /etc/mail/bitdomain 206/etc/domaintable /etc/mail/domaintable 207/etc/genericstable /etc/mail/genericstable 208/etc/uudomain /etc/mail/uudomain 209/etc/virtusertable /etc/mail/virtusertable 210/etc/userdb /etc/mail/userdb 211 212/etc/aliases /etc/mail/aliases 213/etc/sendmail/aliases /etc/mail/aliases 214/etc/ucbmail/aliases /etc/mail/aliases 215/usr/adm/sendmail/aliases /etc/mail/aliases 216/usr/lib/aliases /etc/mail/aliases 217/usr/lib/mail/aliases /etc/mail/aliases 218/usr/ucblib/aliases /etc/mail/aliases 219 220/etc/sendmail.cw /etc/mail/local-host-names 221/etc/mail/sendmail.cw /etc/mail/local-host-names 222/etc/sendmail/sendmail.cw /etc/mail/local-host-names 223 224/etc/sendmail.ct /etc/mail/trusted-users 225 226/etc/sendmail.oE /etc/mail/error-header 227 228/etc/sendmail.hf /etc/mail/helpfile 229/etc/mail/sendmail.hf /etc/mail/helpfile 230/usr/ucblib/sendmail.hf /etc/mail/helpfile 231/etc/ucbmail/sendmail.hf /etc/mail/helpfile 232/usr/lib/sendmail.hf /etc/mail/helpfile 233/usr/share/lib/sendmail.hf /etc/mail/helpfile 234/usr/share/misc/sendmail.hf /etc/mail/helpfile 235/share/misc/sendmail.hf /etc/mail/helpfile 236 237/etc/service.switch /etc/mail/service.switch 238 239/etc/sendmail.st /etc/mail/statistics 240/etc/mail/sendmail.st /etc/mail/statistics 241/etc/mailer/sendmail.st /etc/mail/statistics 242/etc/sendmail/sendmail.st /etc/mail/statistics 243/usr/lib/sendmail.st /etc/mail/statistics 244/usr/ucblib/sendmail.st /etc/mail/statistics 245 246Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR 247to create the pathnames. The default value of this variable is 248`/etc/mail/'. If you set this macro to a different value, you MUST include 249a trailing slash. 250 251Notice: all filenames used in a .mc (or .cf) file should be absolute 252(starting at the root, i.e., with '/'). Relative filenames most 253likely cause surprises during operations (unless otherwise noted). 254 255 256+--------+ 257| OSTYPE | 258+--------+ 259 260You MUST define an operating system environment, or the configuration 261file build will puke. There are several environments available; look 262at the "ostype" directory for the current list. This macro changes 263things like the location of the alias file and queue directory. Some 264of these files are identical to one another. 265 266It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. 267In general, the OSTYPE macro should go immediately after any version 268information, and MAILER definitions should always go last. 269 270Operating system definitions are usually easy to write. They may define 271the following variables (everything defaults, so an ostype file may be 272empty). Unfortunately, the list of configuration-supported systems is 273not as broad as the list of source-supported systems, since many of 274the source contributors do not include corresponding ostype files. 275 276ALIAS_FILE [/etc/mail/aliases] The location of the text version 277 of the alias file(s). It can be a comma-separated 278 list of names (but be sure you quote values with 279 commas in them -- for example, use 280 define(`ALIAS_FILE', `a,b') 281 to get "a" and "b" both listed as alias files; 282 otherwise the define() primitive only sees "a"). 283HELP_FILE [/etc/mail/helpfile] The name of the file 284 containing information printed in response to 285 the SMTP HELP command. 286QUEUE_DIR [/var/spool/mqueue] The directory containing 287 queue files. To use multiple queues, supply 288 a value ending with an asterisk. For 289 example, /var/spool/mqueue/qd* will use all of the 290 directories or symbolic links to directories 291 beginning with 'qd' in /var/spool/mqueue as queue 292 directories. The names 'qf', 'df', and 'xf' are 293 reserved as specific subdirectories for the 294 corresponding queue file types as explained in 295 doc/op/op.me. See also QUEUE GROUP DEFINITIONS. 296MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing 297 queue files for the MSP (Mail Submission Program). 298STATUS_FILE [/etc/mail/statistics] The file containing status 299 information. 300LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. 301LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The 302 flags lsDFMAw5:/|@q are always included. 303LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local 304 mail. 305LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local 306 mail that you are willing to accept. 307LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of 308 messages to deliver in a single connection. Only 309 useful for LMTP local mailers. 310LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 311 that ARRIVE from an address that resolves to the 312 local mailer and which are converted to MIME will be 313 labeled with this character set. 314LOCAL_MAILER_EOL [undefined] If defined, the string to use as the 315 end of line for the local mailer. 316LOCAL_MAILER_DSN_DIAGNOSTIC_CODE 317 [X-Unix] The DSN Diagnostic-Code value for the 318 local mailer. This should be changed with care. 319LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. 320LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The 321 flags lsDFM are always included. 322LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" 323 mail. 324LOCAL_SHELL_DIR [$z:/] The directory search path in which the 325 shell should run. 326LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer. 327SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default 328 flags are `mDFMuX' for all SMTP-based mailers; the 329 "esmtp" mailer adds `a'; "smtp8" adds `8'; and 330 "dsmtp" adds `%'. 331RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default 332 flags are `mDFMuX' for all SMTP-based mailers; the 333 relay mailer adds `a8'. If this is not defined, 334 then SMTP_MAILER_FLAGS is used. 335SMTP_MAILER_MAX [undefined] The maximum size of messages that will 336 be transported using the smtp, smtp8, esmtp, or dsmtp 337 mailers. 338SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of 339 messages to deliver in a single connection for the 340 smtp, smtp8, esmtp, or dsmtp mailers. 341SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of 342 recipients to deliver in a single connection for the 343 smtp, smtp8, esmtp, or dsmtp mailers. 344SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. 345 About the only reason you would want to change this 346 would be to change the default port. 347ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. 348SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. 349DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. 350RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. 351SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer. 352ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer. 353SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer. 354DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer. 355RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer. 356RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of 357 messages to deliver in a single connection for the 358 relay mailer. 359SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 360 that ARRIVE from an address that resolves to one of 361 the SMTP mailers and which are converted to MIME will 362 be labeled with this character set. 363SMTP_MAILER_LL [990] The maximum line length for SMTP mailers 364 (except the relay mailer). 365RELAY_MAILER_LL [2040] The maximum line length for the relay mailer. 366UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. 367UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default 368 flags are `DFMhuU' (and `m' for uucp-new mailer, 369 minus `U' for uucp-dom mailer). 370UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments 371 passed to the UUCP mailer. 372UUCP_MAILER_MAX [100000] The maximum size message accepted for 373 transmission by the UUCP mailers. 374UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data 375 that ARRIVE from an address that resolves to one of 376 the UUCP mailers and which are converted to MIME will 377 be labeled with this character set. 378UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers. 379PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail 380 program. This is also used by 381 FEATURE(`local_procmail'). 382PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags 383 DFM are always set. This is NOT used by 384 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS 385 instead. 386PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to 387 the Procmail mailer. This is NOT used by 388 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS 389 instead. 390PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that 391 will be accepted by the procmail mailer. 392PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer. 393confEBINDIR [/usr/libexec] The directory for executables. 394 Currently used for FEATURE(`local_lmtp') and 395 FEATURE(`smrsh'). 396LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer. 397 398Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: 399MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part 400of the macro Name_MAILER_FLAGS (note: that means Name is entirely in 401upper case) and change can be: flags that should be used directly 402(thus overriding the default value), or if it starts with `+' (`-') 403then those flags are added to (removed from) the default value. 404Example: 405 406 MODIFY_MAILER_FLAGS(`LOCAL', `+e') 407 408will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are 409several smtp mailers all of which are manipulated individually. 410See the section MAILERS for the available mailer names. 411WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS 412unconditionally, i.e., without respecting any definitions in an 413OSTYPE setting. 414 415 416+---------+ 417| DOMAINS | 418+---------+ 419 420You will probably want to collect domain-dependent defines into one 421file, referenced by the DOMAIN macro. For example, the Berkeley 422domain file includes definitions for several internal distinguished 423hosts: 424 425UUCP_RELAY The host that will accept UUCP-addressed email. 426 If not defined, all UUCP sites must be directly 427 connected. 428BITNET_RELAY The host that will accept BITNET-addressed email. 429 If not defined, the .BITNET pseudo-domain won't work. 430DECNET_RELAY The host that will accept DECNET-addressed email. 431 If not defined, the .DECNET pseudo-domain and addresses 432 of the form node::user will not work. 433FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. 434 The "fax" mailer overrides this value. 435LOCAL_RELAY The site that will handle unqualified names -- that 436 is, names without an @domain extension. 437 Normally MAIL_HUB is preferred for this function. 438 LOCAL_RELAY is mostly useful in conjunction with 439 FEATURE(`stickyhost') -- see the discussion of 440 stickyhost below. If not set, they are assumed to 441 belong on this machine. This allows you to have a 442 central site to store a company- or department-wide 443 alias database. This only works at small sites, 444 and only with some user agents. 445LUSER_RELAY The site that will handle lusers -- that is, apparently 446 local names that aren't local accounts or aliases. To 447 specify a local user instead of a site, set this to 448 ``local:username''. 449 450Any of these can be either ``mailer:hostname'' (in which case the 451mailer is the internal mailer name, such as ``uucp-new'' and the hostname 452is the name of the host as appropriate for that mailer) or just a 453``hostname'', in which case a default mailer type (usually ``relay'', 454a variant on SMTP) is used. WARNING: if you have a wildcard MX 455record matching your domain, you probably want to define these to 456have a trailing dot so that you won't get the mail diverted back 457to yourself. 458 459The domain file can also be used to define a domain name, if needed 460(using "DD<domain>") and set certain site-wide features. If all hosts 461at your site masquerade behind one email name, you could also use 462MASQUERADE_AS here. 463 464You do not have to define a domain -- in particular, if you are a 465single machine sitting off somewhere, it is probably more work than 466it's worth. This is just a mechanism for combining "domain dependent 467knowledge" into one place. 468 469 470+---------+ 471| MAILERS | 472+---------+ 473 474There are fewer mailers supported in this version than the previous 475version, owing mostly to a simpler world. As a general rule, put the 476MAILER definitions last in your .mc file. 477 478local The local and prog mailers. You will almost always 479 need these; the only exception is if you relay ALL 480 your mail to another site. This mailer is included 481 automatically. 482 483smtp The Simple Mail Transport Protocol mailer. This does 484 not hide hosts behind a gateway or another other 485 such hack; it assumes a world where everyone is 486 running the name server. This file actually defines 487 five mailers: "smtp" for regular (old-style) SMTP to 488 other servers, "esmtp" for extended SMTP to other 489 servers, "smtp8" to do SMTP to other servers without 490 converting 8-bit data to MIME (essentially, this is 491 your statement that you know the other end is 8-bit 492 clean even if it doesn't say so), "dsmtp" to do on 493 demand delivery, and "relay" for transmission to the 494 RELAY_HOST, LUSER_RELAY, or MAIL_HUB. 495 496uucp The UNIX-to-UNIX Copy Program mailer. Actually, this 497 defines two mailers, "uucp-old" (a.k.a. "uucp") and 498 "uucp-new" (a.k.a. "suucp"). The latter is for when you 499 know that the UUCP mailer at the other end can handle 500 multiple recipients in one transfer. If the smtp mailer 501 is included in your configuration, two other mailers 502 ("uucp-dom" and "uucp-uudom") are also defined [warning: you 503 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you 504 include the uucp mailer, sendmail looks for all names in 505 class {U} and sends them to the uucp-old mailer; all 506 names in class {Y} are sent to uucp-new; and all 507 names in class {Z} are sent to uucp-uudom. Note that 508 this is a function of what version of rmail runs on 509 the receiving end, and hence may be out of your control. 510 See the section below describing UUCP mailers in more 511 detail. 512 513procmail An interface to procmail (does not come with sendmail). 514 This is designed to be used in mailertables. For example, 515 a common question is "how do I forward all mail for a given 516 domain to a single person?". If you have this mailer 517 defined, you could set up a mailertable reading: 518 519 host.com procmail:/etc/procmailrcs/host.com 520 521 with the file /etc/procmailrcs/host.com reading: 522 523 :0 # forward mail for host.com 524 ! -oi -f $1 person@other.host 525 526 This would arrange for (anything)@host.com to be sent 527 to person@other.host. In a procmail script, $1 is the 528 name of the sender and $2 is the name of the recipient. 529 If you use this with FEATURE(`local_procmail'), the FEATURE 530 should be listed first. 531 532 Of course there are other ways to solve this particular 533 problem, e.g., a catch-all entry in a virtusertable. 534 535The local mailer accepts addresses of the form "user+detail", where 536the "+detail" is not used for mailbox matching but is available 537to certain local mail programs (in particular, see 538FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and 539"eric+sww" all indicate the same user, but additional arguments <null>, 540"sendmail", and "sww" may be provided for use in sorting mail. 541 542 543+----------+ 544| FEATURES | 545+----------+ 546 547Special features can be requested using the "FEATURE" macro. For 548example, the .mc line: 549 550 FEATURE(`use_cw_file') 551 552tells sendmail that you want to have it read an /etc/mail/local-host-names 553file to get values for class {w}. A FEATURE may contain up to 9 554optional parameters -- for example: 555 556 FEATURE(`mailertable', `dbm /usr/lib/mailertable') 557 558The default database map type for the table features can be set with 559 560 define(`DATABASE_MAP_TYPE', `dbm') 561 562which would set it to use ndbm databases. The default is the Berkeley DB 563hash database format. Note that you must still declare a database map type 564if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used 565if no argument is given for the FEATURE. It must be specified before any 566feature that uses a map. 567 568Also, features which can take a map definition as an argument can also take 569the special keyword `LDAP'. If that keyword is used, the map will use the 570LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND 571CLASSES'' section below. 572 573Available features are: 574 575use_cw_file Read the file /etc/mail/local-host-names file to get 576 alternate names for this host. This might be used if you 577 were on a host that MXed for a dynamic set of other hosts. 578 If the set is static, just including the line "Cw<name1> 579 <name2> ..." (where the names are fully qualified domain 580 names) is probably superior. The actual filename can be 581 overridden by redefining confCW_FILE. 582 583use_ct_file Read the file /etc/mail/trusted-users file to get the 584 names of users that will be ``trusted'', that is, able to 585 set their envelope from address using -f without generating 586 a warning message. The actual filename can be overridden 587 by redefining confCT_FILE. 588 589redirect Reject all mail addressed to "address.REDIRECT" with 590 a ``551 User has moved; please try <address>'' message. 591 If this is set, you can alias people who have left 592 to their new address with ".REDIRECT" appended. 593 594nouucp Don't route UUCP addresses. This feature takes one 595 parameter: 596 `reject': reject addresses which have "!" in the local 597 part unless it originates from a system 598 that is allowed to relay. 599 `nospecial': don't do anything special with "!". 600 Warnings: 1. See the notice in the anti-spam section. 601 2. don't remove "!" from OperatorChars if `reject' is 602 given as parameter. 603 604nocanonify Don't pass addresses to $[ ... $] for canonification 605 by default, i.e., host/domain names are considered canonical, 606 except for unqualified names, which must not be used in this 607 mode (violation of the standard). It can be changed by 608 setting the DaemonPortOptions modifiers (M=). That is, 609 FEATURE(`nocanonify') will be overridden by setting the 610 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, 611 it can be emulated by setting the 'C' flag 612 (DaemonPortOptions=Modifiers=C). This would generally only 613 be used by sites that only act as mail gateways or which have 614 user agents that do full canonification themselves. You may 615 also want to use 616 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off 617 the usual resolver options that do a similar thing. 618 619 An exception list for FEATURE(`nocanonify') can be 620 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 621 i.e., a list of domains which are nevertheless passed to 622 $[ ... $] for canonification. This is useful to turn on 623 canonification for local domains, e.g., use 624 CANONIFY_DOMAIN(`my.domain my') to canonify addresses 625 which end in "my.domain" or "my". 626 Another way to require canonification in the local 627 domain is CANONIFY_DOMAIN(`$=m'). 628 629 A trailing dot is added to addresses with more than 630 one component in it such that other features which 631 expect a trailing dot (e.g., virtusertable) will 632 still work. 633 634 If `canonify_hosts' is specified as parameter, i.e., 635 FEATURE(`nocanonify', `canonify_hosts'), then 636 addresses which have only a hostname, e.g., 637 <user@host>, will be canonified (and hopefully fully 638 qualified), too. 639 640stickyhost This feature is sometimes used with LOCAL_RELAY, 641 although it can be used for a different effect with 642 MAIL_HUB. 643 644 When used without MAIL_HUB, email sent to 645 "user@local.host" are marked as "sticky" -- that 646 is, the local addresses aren't matched against UDB, 647 don't go through ruleset 5, and are not forwarded to 648 the LOCAL_RELAY (if defined). 649 650 With MAIL_HUB, mail addressed to "user@local.host" 651 is forwarded to the mail hub, with the envelope 652 address still remaining "user@local.host". 653 Without stickyhost, the envelope would be changed 654 to "user@mail_hub", in order to protect against 655 mailing loops. 656 657mailertable Include a "mailer table" which can be used to override 658 routing for particular domains (which are not in class {w}, 659 i.e. local host names). The argument of the FEATURE may be 660 the key definition. If none is specified, the definition 661 used is: 662 663 hash /etc/mail/mailertable 664 665 Keys in this database are fully qualified domain names 666 or partial domains preceded by a dot -- for example, 667 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a 668 special case of the latter, "." matches any domain not 669 covered by other keys. Values must be of the form: 670 mailer:domain 671 where "mailer" is the internal mailer name, and "domain" 672 is where to send the message. These maps are not 673 reflected into the message header. As a special case, 674 the forms: 675 local:user 676 will forward to the indicated user using the local mailer, 677 local: 678 will forward to the original user in the e-mail address 679 using the local mailer, and 680 error:code message 681 error:D.S.N:code message 682 will give an error message with the indicated SMTP reply 683 code and message, where D.S.N is an RFC 1893 compliant 684 error code. 685 686domaintable Include a "domain table" which can be used to provide 687 domain name mapping. Use of this should really be 688 limited to your own domains. It may be useful if you 689 change names (e.g., your company changes names from 690 oldname.com to newname.com). The argument of the 691 FEATURE may be the key definition. If none is specified, 692 the definition used is: 693 694 hash /etc/mail/domaintable 695 696 The key in this table is the domain name; the value is 697 the new (fully qualified) domain. Anything in the 698 domaintable is reflected into headers; that is, this 699 is done in ruleset 3. 700 701bitdomain Look up bitnet hosts in a table to try to turn them into 702 internet addresses. The table can be built using the 703 bitdomain program contributed by John Gardiner Myers. 704 The argument of the FEATURE may be the key definition; if 705 none is specified, the definition used is: 706 707 hash /etc/mail/bitdomain 708 709 Keys are the bitnet hostname; values are the corresponding 710 internet hostname. 711 712uucpdomain Similar feature for UUCP hosts. The default map definition 713 is: 714 715 hash /etc/mail/uudomain 716 717 At the moment there is no automagic tool to build this 718 database. 719 720always_add_domain 721 Include the local host domain even on locally delivered 722 mail. Normally it is not added on unqualified names. 723 However, if you use a shared message store but do not use 724 the same user name space everywhere, you may need the host 725 name on local names. An optional argument specifies 726 another domain to be added than the local. 727 728allmasquerade If masquerading is enabled (using MASQUERADE_AS), this 729 feature will cause recipient addresses to also masquerade 730 as being from the masquerade host. Normally they get 731 the local hostname. Although this may be right for 732 ordinary users, it can break local aliases. For example, 733 if you send to "localalias", the originating sendmail will 734 find that alias and send to all members, but send the 735 message with "To: localalias@masqueradehost". Since that 736 alias likely does not exist, replies will fail. Use this 737 feature ONLY if you can guarantee that the ENTIRE 738 namespace on your masquerade host supersets all the 739 local entries. 740 741limited_masquerade 742 Normally, any hosts listed in class {w} are masqueraded. If 743 this feature is given, only the hosts listed in class {M} (see 744 below: MASQUERADE_DOMAIN) are masqueraded. This is useful 745 if you have several domains with disjoint namespaces hosted 746 on the same machine. 747 748masquerade_entire_domain 749 If masquerading is enabled (using MASQUERADE_AS) and 750 MASQUERADE_DOMAIN (see below) is set, this feature will 751 cause addresses to be rewritten such that the masquerading 752 domains are actually entire domains to be hidden. All 753 hosts within the masquerading domains will be rewritten 754 to the masquerade name (used in MASQUERADE_AS). For example, 755 if you have: 756 757 MASQUERADE_AS(`masq.com') 758 MASQUERADE_DOMAIN(`foo.org') 759 MASQUERADE_DOMAIN(`bar.com') 760 761 then *foo.org and *bar.com are converted to masq.com. Without 762 this feature, only foo.org and bar.com are masqueraded. 763 764 NOTE: only domains within your jurisdiction and 765 current hierarchy should be masqueraded using this. 766 767local_no_masquerade 768 This feature prevents the local mailer from masquerading even 769 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect 770 on addresses of mail going outside the local domain. 771 772masquerade_envelope 773 If masquerading is enabled (using MASQUERADE_AS) or the 774 genericstable is in use, this feature will cause envelope 775 addresses to also masquerade as being from the masquerade 776 host. Normally only the header addresses are masqueraded. 777 778genericstable This feature will cause unqualified addresses (i.e., without 779 a domain) and addresses with a domain listed in class {G} 780 to be looked up in a map and turned into another ("generic") 781 form, which can change both the domain name and the user name. 782 Notice: if you use an MSP (as it is default starting with 783 8.12), the MTA will only receive qualified addresses from the 784 MSP (as required by the RFCs). Hence you need to add your 785 domain to class {G}. This feature is similar to the userdb 786 functionality. The same types of addresses as for 787 masquerading are looked up, i.e., only header sender 788 addresses unless the allmasquerade and/or masquerade_envelope 789 features are given. Qualified addresses must have the domain 790 part in class {G}; entries can be added to this class by the 791 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously 792 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). 793 794 The argument of FEATURE(`genericstable') may be the map 795 definition; the default map definition is: 796 797 hash /etc/mail/genericstable 798 799 The key for this table is either the full address, the domain 800 (with a leading @; the localpart is passed as first argument) 801 or the unqualified username (tried in the order mentioned); 802 the value is the new user address. If the new user address 803 does not include a domain, it will be qualified in the standard 804 manner, i.e., using $j or the masquerade name. Note that the 805 address being looked up must be fully qualified. For local 806 mail, it is necessary to use FEATURE(`always_add_domain') 807 for the addresses to be qualified. 808 The "+detail" of an address is passed as %1, so entries like 809 810 old+*@foo.org new+%1@example.com 811 gen+*@foo.org %1@example.com 812 813 and other forms are possible. 814 815generics_entire_domain 816 If the genericstable is enabled and GENERICS_DOMAIN or 817 GENERICS_DOMAIN_FILE is used, this feature will cause 818 addresses to be searched in the map if their domain 819 parts are subdomains of elements in class {G}. 820 821virtusertable A domain-specific form of aliasing, allowing multiple 822 virtual domains to be hosted on one machine. For example, 823 if the virtuser table contains: 824 825 info@foo.com foo-info 826 info@bar.com bar-info 827 joe@bar.com error:nouser 550 No such user here 828 jax@bar.com error:5.7.0:550 Address invalid 829 @baz.org jane@example.net 830 831 then mail addressed to info@foo.com will be sent to the 832 address foo-info, mail addressed to info@bar.com will be 833 delivered to bar-info, and mail addressed to anyone at baz.org 834 will be sent to jane@example.net, mail to joe@bar.com will 835 be rejected with the specified error message, and mail to 836 jax@bar.com will also have a RFC 1893 compliant error code 837 5.7.0. 838 839 The username from the original address is passed 840 as %1 allowing: 841 842 @foo.org %1@example.com 843 844 meaning someone@foo.org will be sent to someone@example.com. 845 Additionally, if the local part consists of "user+detail" 846 then "detail" is passed as %2 and "+detail" is passed as %3 847 when a match against user+* is attempted, so entries like 848 849 old+*@foo.org new+%2@example.com 850 gen+*@foo.org %2@example.com 851 +*@foo.org %1%3@example.com 852 X++@foo.org Z%3@example.com 853 @bar.org %1%3 854 855 and other forms are possible. Note: to preserve "+detail" 856 for a default case (@domain) %1%3 must be used as RHS. 857 There are two wildcards after "+": "+" matches only a non-empty 858 detail, "*" matches also empty details, e.g., user+@foo.org 859 matches +*@foo.org but not ++@foo.org. This can be used 860 to ensure that the parameters %2 and %3 are not empty. 861 862 All the host names on the left hand side (foo.com, bar.com, 863 and baz.org) must be in class {w} or class {VirtHost}. The 864 latter can be defined by the macros VIRTUSER_DOMAIN or 865 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 866 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or 867 VIRTUSER_DOMAIN_FILE is used, then the entries of class 868 {VirtHost} are added to class {R}, i.e., relaying is allowed 869 to (and from) those domains. The default map definition is: 870 871 hash /etc/mail/virtusertable 872 873 A new definition can be specified as the second argument of 874 the FEATURE macro, such as 875 876 FEATURE(`virtusertable', `dbm /etc/mail/virtusers') 877 878virtuser_entire_domain 879 If the virtusertable is enabled and VIRTUSER_DOMAIN or 880 VIRTUSER_DOMAIN_FILE is used, this feature will cause 881 addresses to be searched in the map if their domain 882 parts are subdomains of elements in class {VirtHost}. 883 884ldap_routing Implement LDAP-based e-mail recipient routing according to 885 the Internet Draft draft-lachman-laser-ldap-mail-routing-01. 886 This provides a method to re-route addresses with a 887 domain portion in class {LDAPRoute} to either a 888 different mail host or a different address. Hosts can 889 be added to this class using LDAPROUTE_DOMAIN and 890 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 891 MASQUERADE_DOMAIN_FILE, see below). 892 893 See the LDAP ROUTING section below for more information. 894 895nullclient This is a special case -- it creates a configuration file 896 containing nothing but support for forwarding all mail to a 897 central hub via a local SMTP-based network. The argument 898 is the name of that hub. 899 900 The only other feature that should be used in conjunction 901 with this one is FEATURE(`nocanonify'). No mailers 902 should be defined. No aliasing or forwarding is done. 903 904local_lmtp Use an LMTP capable local mailer. The argument to this 905 feature is the pathname of an LMTP capable mailer. By 906 default, mail.local is used. This is expected to be the 907 mail.local which came with the 8.9 distribution which is 908 LMTP capable. The path to mail.local is set by the 909 confEBINDIR m4 variable -- making the default 910 LOCAL_MAILER_PATH /usr/libexec/mail.local. 911 If a different LMTP capable mailer is used, its pathname 912 can be specified as second parameter and the arguments 913 passed to it (A=) as third parameter, e.g., 914 915 FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp') 916 917 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 918 i.e., without respecting any definitions in an OSTYPE setting. 919 920local_procmail Use procmail or another delivery agent as the local mailer. 921 The argument to this feature is the pathname of the 922 delivery agent, which defaults to PROCMAIL_MAILER_PATH. 923 Note that this does NOT use PROCMAIL_MAILER_FLAGS or 924 PROCMAIL_MAILER_ARGS for the local mailer; tweak 925 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or 926 specify the appropriate parameters. When procmail is used, 927 the local mailer can make use of the 928 "user+indicator@local.host" syntax; normally the +indicator 929 is just tossed, but by default it is passed as the -a 930 argument to procmail. 931 932 This feature can take up to three arguments: 933 934 1. Path to the mailer program 935 [default: /usr/local/bin/procmail] 936 2. Argument vector including name of the program 937 [default: procmail -Y -a $h -d $u] 938 3. Flags for the mailer [default: SPfhn9] 939 940 Empty arguments cause the defaults to be taken. 941 Note that if you are on a system with a broken 942 setreuid() call, you may need to add -f $f to the procmail 943 argument vector to pass the proper sender to procmail. 944 945 For example, this allows it to use the maildrop 946 (http://www.flounder.net/~mrsam/maildrop/) mailer instead 947 by specifying: 948 949 FEATURE(`local_procmail', `/usr/local/bin/maildrop', 950 `maildrop -d $u') 951 952 or scanmails using: 953 954 FEATURE(`local_procmail', `/usr/local/bin/scanmails') 955 956 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, 957 i.e., without respecting any definitions in an OSTYPE setting. 958 959bestmx_is_local Accept mail as though locally addressed for any host that 960 lists us as the best possible MX record. This generates 961 additional DNS traffic, but should be OK for low to 962 medium traffic hosts. The argument may be a set of 963 domains, which will limit the feature to only apply to 964 these domains -- this will reduce unnecessary DNS 965 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH 966 WILDCARD MX RECORDS!!! If you have a wildcard MX record 967 that matches your domain, you cannot use this feature. 968 969smrsh Use the SendMail Restricted SHell (smrsh) provided 970 with the distribution instead of /bin/sh for mailing 971 to programs. This improves the ability of the local 972 system administrator to control what gets run via 973 e-mail. If an argument is provided it is used as the 974 pathname to smrsh; otherwise, the path defined by 975 confEBINDIR is used for the smrsh binary -- by default, 976 /usr/libexec/smrsh is assumed. 977 978promiscuous_relay 979 By default, the sendmail configuration files do not permit 980 mail relaying (that is, accepting mail from outside your 981 local host (class {w}) and sending it to another host than 982 your local host). This option sets your site to allow 983 mail relaying from any site to any site. In almost all 984 cases, it is better to control relaying more carefully 985 with the access map, class {R}, or authentication. Domains 986 can be added to class {R} by the macros RELAY_DOMAIN or 987 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and 988 MASQUERADE_DOMAIN_FILE, see below). 989 990relay_entire_domain 991 This option allows any host in your domain as defined by 992 class {m} to use your server for relaying. Notice: make 993 sure that your domain is not just a top level domain, 994 e.g., com. This can happen if you give your host a name 995 like example.com instead of host.example.com. 996 997relay_hosts_only 998 By default, names that are listed as RELAY in the access 999 db and class {R} are treated as domain names, not host names. 1000 For example, if you specify ``foo.com'', then mail to or 1001 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com 1002 will all be accepted for relaying. This feature changes 1003 the behaviour to lookup individual host names only. 1004 1005relay_based_on_MX 1006 Turns on the ability to allow relaying based on the MX 1007 records of the host portion of an incoming recipient; that 1008 is, if an MX record for host foo.com points to your site, 1009 you will accept and relay mail addressed to foo.com. See 1010 description below for more information before using this 1011 feature. Also, see the KNOWNBUGS entry regarding bestmx 1012 map lookups. 1013 1014 FEATURE(`relay_based_on_MX') does not necessarily allow 1015 routing of these messages which you expect to be allowed, 1016 if route address syntax (or %-hack syntax) is used. If 1017 this is a problem, add entries to the access-table or use 1018 FEATURE(`loose_relay_check'). 1019 1020relay_mail_from 1021 Allows relaying if the mail sender is listed as RELAY in 1022 the access map. If an optional argument `domain' (this 1023 is the literal word `domain', not a placeholder) is given, 1024 relaying can be allowed just based on the domain portion 1025 of the sender address. This feature should only be used if 1026 absolutely necessary as the sender address can be easily 1027 forged. Use of this feature requires the "From:" tag to 1028 be used for the key in the access map; see the discussion 1029 of tags and FEATURE(`relay_mail_from') in the section on 1030 anti-spam configuration control. 1031 1032relay_local_from 1033 Allows relaying if the domain portion of the mail sender 1034 is a local host. This should only be used if absolutely 1035 necessary as it opens a window for spammers. Specifically, 1036 they can send mail to your mail server that claims to be 1037 from your domain (either directly or via a routed address), 1038 and you will go ahead and relay it out to arbitrary hosts 1039 on the Internet. 1040 1041accept_unqualified_senders 1042 Normally, MAIL FROM: commands in the SMTP session will be 1043 refused if the connection is a network connection and the 1044 sender address does not include a domain name. If your 1045 setup sends local mail unqualified (i.e., MAIL FROM:<joe>), 1046 you will need to use this feature to accept unqualified 1047 sender addresses. Setting the DaemonPortOptions modifier 1048 'u' overrides the default behavior, i.e., unqualified 1049 addresses are accepted even without this FEATURE. 1050 If this FEATURE is not used, the DaemonPortOptions modifier 1051 'f' can be used to enforce fully qualified addresses. 1052 1053accept_unresolvable_domains 1054 Normally, MAIL FROM: commands in the SMTP session will be 1055 refused if the host part of the argument to MAIL FROM: 1056 cannot be located in the host name service (e.g., an A or 1057 MX record in DNS). If you are inside a firewall that has 1058 only a limited view of the Internet host name space, this 1059 could cause problems. In this case you probably want to 1060 use this feature to accept all domains on input, even if 1061 they are unresolvable. 1062 1063access_db Turns on the access database feature. The access db gives 1064 you the ability to allow or refuse to accept mail from 1065 specified domains for administrative reasons. Moreover, 1066 it can control the behavior of sendmail in various situations. 1067 By default, the access database specification is: 1068 1069 hash -T<TMPF> /etc/mail/access 1070 1071 See the anti-spam configuration control section for further 1072 important information about this feature. Notice: 1073 "-T<TMPF>" is meant literal, do not replace it by anything. 1074 1075blacklist_recipients 1076 Turns on the ability to block incoming mail for certain 1077 recipient usernames, hostnames, or addresses. For 1078 example, you can block incoming mail to user nobody, 1079 host foo.mydomain.com, or guest@bar.mydomain.com. 1080 These specifications are put in the access db as 1081 described in the anti-spam configuration control section 1082 later in this document. 1083 1084delay_checks The rulesets check_mail and check_relay will not be called 1085 when a client connects or issues a MAIL command, respectively. 1086 Instead, those rulesets will be called by the check_rcpt 1087 ruleset; they will be skipped under certain circumstances. 1088 See "Delay all checks" in the anti-spam configuration control 1089 section. Note: this feature is incompatible to the versions 1090 in 8.10 and 8.11. 1091 1092use_client_ptr If this feature is enabled then check_relay will override 1093 its first argument with $&{client_ptr}. This is useful for 1094 rejections based on the unverified hostname of client, 1095 which turns on the same behavior as in earlier sendmail 1096 versions when delay_checks was not in use. See doc/op/op.* 1097 about check_relay, {client_name}, and {client_ptr}. 1098 1099dnsbl Turns on rejection, discarding, or quarantining of hosts 1100 found in a DNS based list. The first argument is used as 1101 the domain in which blocked hosts are listed. A second 1102 argument can be used to change the default error message, 1103 or select one of the operations `discard' and `quarantine'. 1104 Without that second argument, the error message will be 1105 1106 Rejected: IP-ADDRESS listed at SERVER 1107 1108 where IP-ADDRESS and SERVER are replaced by the appropriate 1109 information. By default, temporary lookup failures are 1110 ignored. This behavior can be changed by specifying a 1111 third argument, which must be either `t' or a full error 1112 message. See the anti-spam configuration control section for 1113 an example. The dnsbl feature can be included several times 1114 to query different DNS based rejection lists. See also 1115 enhdnsbl for an enhanced version. 1116 1117 Set the DNSBL_MAP mc option to change the default map 1118 definition from `host'. Set the DNSBL_MAP_OPT mc option 1119 to add additional options to the map specification used. 1120 1121 Some DNS based rejection lists cause failures if asked 1122 for AAAA records. If your sendmail version is compiled 1123 with IPv6 support (NETINET6) and you experience this 1124 problem, add 1125 1126 define(`DNSBL_MAP', `dns -R A') 1127 1128 before the first use of this feature. Alternatively you 1129 can use enhdnsbl instead (see below). Moreover, this 1130 statement can be used to reduce the number of DNS retries, 1131 e.g., 1132 1133 define(`DNSBL_MAP', `dns -R A -r2') 1134 1135 See below (EDNSBL_TO) for an explanation. 1136 1137enhdnsbl Enhanced version of dnsbl (see above). Further arguments 1138 (up to 5) can be used to specify specific return values 1139 from lookups. Temporary lookup failures are ignored unless 1140 a third argument is given, which must be either `t' or a full 1141 error message. By default, any successful lookup will 1142 generate an error. Otherwise the result of the lookup is 1143 compared with the supplied argument(s), and only if a match 1144 occurs an error is generated. For example, 1145 1146 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.') 1147 1148 will reject the e-mail if the lookup returns the value 1149 ``127.0.0.2.'', or generate a 451 response if the lookup 1150 temporarily failed. The arguments can contain metasymbols 1151 as they are allowed in the LHS of rules. As the example 1152 shows, the default values are also used if an empty argument, 1153 i.e., `', is specified. This feature requires that sendmail 1154 has been compiled with the flag DNSMAP (see sendmail/README). 1155 1156 Set the EDNSBL_TO mc option to change the DNS retry count 1157 from the default value of 5, this can be very useful when 1158 a DNS server is not responding, which in turn may cause 1159 clients to time out (an entry stating 1160 1161 did not issue MAIL/EXPN/VRFY/ETRN 1162 1163 will be logged). 1164 1165ratecontrol Enable simple ruleset to do connection rate control 1166 checking. This requires entries in access_db of the form 1167 1168 ClientRate:IP.ADD.RE.SS LIMIT 1169 1170 The RHS specifies the maximum number of connections 1171 (an integer number) over the time interval defined 1172 by ConnectionRateWindowSize, where 0 means unlimited. 1173 1174 Take the following example: 1175 1176 ClientRate:10.1.2.3 4 1177 ClientRate:127.0.0.1 0 1178 ClientRate: 10 1179 1180 10.1.2.3 can only make up to 4 connections, the 1181 general limit it 10, and 127.0.0.1 can make an unlimited 1182 number of connections per ConnectionRateWindowSize. 1183 1184 See also CONNECTION CONTROL. 1185 1186conncontrol Enable a simple check of the number of incoming SMTP 1187 connections. This requires entries in access_db of the 1188 form 1189 1190 ClientConn:IP.ADD.RE.SS LIMIT 1191 1192 The RHS specifies the maximum number of open connections 1193 (an integer number). 1194 1195 Take the following example: 1196 1197 ClientConn:10.1.2.3 4 1198 ClientConn:127.0.0.1 0 1199 ClientConn: 10 1200 1201 10.1.2.3 can only have up to 4 open connections, the 1202 general limit it 10, and 127.0.0.1 does not have any 1203 explicit limit. 1204 1205 See also CONNECTION CONTROL. 1206 1207mtamark Experimental support for "Marking Mail Transfer Agents in 1208 Reverse DNS with TXT RRs" (MTAMark), see 1209 draft-stumpf-dns-mtamark-01. Optional arguments are: 1210 1211 1. Error message, default: 1212 1213 550 Rejected: $&{client_addr} not listed as MTA 1214 1215 2. Temporary lookup failures are ignored unless a second 1216 argument is given, which must be either `t' or a full 1217 error message. 1218 1219 3. Lookup prefix, default: _perm._smtp._srv. This should 1220 not be changed unless the draft changes it. 1221 1222 Example: 1223 1224 FEATURE(`mtamark', `', `t') 1225 1226lookupdotdomain Look up also .domain in the access map. This allows to 1227 match only subdomains. It does not work well with 1228 FEATURE(`relay_hosts_only'), because most lookups for 1229 subdomains are suppressed by the latter feature. 1230 1231loose_relay_check 1232 Normally, if % addressing is used for a recipient, e.g. 1233 user%site@othersite, and othersite is in class {R}, the 1234 check_rcpt ruleset will strip @othersite and recheck 1235 user@site for relaying. This feature changes that 1236 behavior. It should not be needed for most installations. 1237 1238preserve_luser_host 1239 Preserve the name of the recipient host if LUSER_RELAY is 1240 used. Without this option, the domain part of the 1241 recipient address will be replaced by the host specified as 1242 LUSER_RELAY. This feature only works if the hostname is 1243 passed to the mailer (see mailer triple in op.me). Note 1244 that in the default configuration the local mailer does not 1245 receive the hostname, i.e., the mailer triple has an empty 1246 hostname. 1247 1248preserve_local_plus_detail 1249 Preserve the +detail portion of the address when passing 1250 address to local delivery agent. Disables alias and 1251 .forward +detail stripping (e.g., given user+detail, only 1252 that address will be looked up in the alias file; user+* and 1253 user will not be looked up). Only use if the local 1254 delivery agent in use supports +detail addressing. 1255 1256compat_check Enable ruleset check_compat to look up pairs of addresses 1257 with the Compat: tag -- Compat:sender<@>recipient -- in the 1258 access map. Valid values for the RHS include 1259 DISCARD silently discard recipient 1260 TEMP: return a temporary error 1261 ERROR: return a permanent error 1262 In the last two cases, a 4xy/5xy SMTP reply code should 1263 follow the colon. 1264 1265no_default_msa Don't generate the default MSA daemon, i.e., 1266 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') 1267 To define a MSA daemon with other parameters, use this 1268 FEATURE and introduce new settings via DAEMON_OPTIONS(). 1269 1270msp Defines config file for Message Submission Program. 1271 See cf/submit.mc for how 1272 to use it. An optional argument can be used to override 1273 the default of `[localhost]' to use as host to send all 1274 e-mails to. Note that MX records will be used if the 1275 specified hostname is not in square brackets (e.g., 1276 [hostname]). If `MSA' is specified as second argument then 1277 port 587 is used to contact the server. Example: 1278 1279 FEATURE(`msp', `', `MSA') 1280 1281 Some more hints about possible changes can be found below 1282 in the section MESSAGE SUBMISSION PROGRAM. 1283 1284 Note: Due to many problems, submit.mc uses 1285 1286 FEATURE(`msp', `[127.0.0.1]') 1287 1288 by default. If you have a machine with IPv6 only, 1289 change it to 1290 1291 FEATURE(`msp', `[IPv6:::1]') 1292 1293 If you want to continue using '[localhost]', (the behavior 1294 up to 8.12.6), use 1295 1296 FEATURE(`msp') 1297 1298queuegroup A simple example how to select a queue group based 1299 on the full e-mail address or the domain of the 1300 recipient. Selection is done via entries in the 1301 access map using the tag QGRP:, for example: 1302 1303 QGRP:example.com main 1304 QGRP:friend@some.org others 1305 QGRP:my.domain local 1306 1307 where "main", "others", and "local" are names of 1308 queue groups. If an argument is specified, it is used 1309 as default queue group. 1310 1311 Note: please read the warning in doc/op/op.me about 1312 queue groups and possible queue manipulations. 1313 1314greet_pause Adds the greet_pause ruleset which enables open proxy 1315 and SMTP slamming protection. The feature can take an 1316 argument specifying the milliseconds to wait: 1317 1318 FEATURE(`greet_pause', `5000') dnl 5 seconds 1319 1320 If FEATURE(`access_db') is enabled, an access database 1321 lookup with the GreetPause tag is done using client 1322 hostname, domain, IP address, or subnet to determine the 1323 pause time: 1324 1325 GreetPause:my.domain 0 1326 GreetPause:example.com 5000 1327 GreetPause:10.1.2 2000 1328 GreetPause:127.0.0.1 0 1329 1330 When using FEATURE(`access_db'), the optional 1331 FEATURE(`greet_pause') argument becomes the default if 1332 nothing is found in the access database. A ruleset called 1333 Local_greet_pause can be used for local modifications, e.g., 1334 1335 LOCAL_RULESETS 1336 SLocal_greet_pause 1337 R$* $: $&{daemon_flags} 1338 R$* a $* $# 0 1339 1340block_bad_helo Reject messages from SMTP clients which provide a HELO/EHLO 1341 argument which is either unqualified, or is one of our own 1342 names (i.e., the server name instead of the client name). 1343 This check is performed at RCPT stage and disabled for the 1344 following cases: 1345 - authenticated sessions, 1346 - connections from IP addresses in class $={R}. 1347 Currently access_db lookups can not be used to 1348 (selectively) disable this test, moreover, 1349 FEATURE(`delay_checks') 1350 is required. 1351 1352require_rdns Reject mail from connecting SMTP clients without proper 1353 rDNS (reverse DNS), functional gethostbyaddr() resolution. 1354 Note: this feature will cause false positives, i.e., there 1355 are legitimate MTAs that do not have proper DNS entries. 1356 Rejecting mails from those MTAs is a local policy decision. 1357 1358 The basic policy is to reject message with a 5xx error if 1359 the IP address fails to resolve. However, if this is a 1360 temporary failure, a 4xx temporary failure is returned. 1361 If the look-up succeeds, but returns an apparently forged 1362 value, this is treated as a temporary failure with a 4xx 1363 error code. 1364 1365 EXCEPTIONS: 1366 1367 Exceptions based on access entries are discussed below. 1368 Any IP address matched using $=R (the "relay-domains" file) 1369 is excepted from the rules. Since we have explicitly 1370 allowed relaying for this host, based on IP address, we 1371 ignore the rDNS failure. 1372 1373 The philosophical assumption here is that most users do 1374 not control their rDNS. They should be able to send mail 1375 through their ISP, whether or not they have valid rDNS. 1376 The class $=R, roughly speaking, contains those IP addresses 1377 and address ranges for which we are the ISP, or are acting 1378 as if the ISP. 1379 1380 If `delay_checks' is in effect (recommended), then any 1381 sender who has authenticated is also excepted from the 1382 restrictions. This happens because the rules produced by 1383 this FEATURE() will not be applied to authenticated senders 1384 (assuming `delay_checks'). 1385 1386 ACCESS MAP ENTRIES: 1387 1388 Entries such as 1389 Connect:1.2.3.4 OK 1390 Connect:1.2 RELAY 1391 will whitelist IP address 1.2.3.4, so that the rDNS 1392 blocking does apply to that IP address 1393 1394 Entries such as 1395 Connect:1.2.3.4 REJECT 1396 will have the effect of forcing a temporary failure for 1397 that address to be treated as a permanent failure. 1398 1399badmx Reject envelope sender addresses (MAIL) whose domain part 1400 resolves to a "bad" MX record. By default these are 1401 MX records which resolve to A records that match the 1402 regular expression: 1403 1404 ^(127\.|10\.|0\.0\.0\.0) 1405 1406 This default regular expression can be overridden by 1407 specifying an argument, e.g., 1408 1409 FEATURE(`badmx', `^127\.0\.0\.1') 1410 1411 Note: this feature requires that the sendmail binary 1412 has been compiled with the options MAP_REGEX and 1413 DNSMAP. 1414 1415+--------------------+ 1416| USING UUCP MAILERS | 1417+--------------------+ 1418 1419It's hard to get UUCP mailers right because of the extremely ad hoc 1420nature of UUCP addressing. These config files are really designed 1421for domain-based addressing, even for UUCP sites. 1422 1423There are four UUCP mailers available. The choice of which one to 1424use is partly a matter of local preferences and what is running at 1425the other end of your UUCP connection. Unlike good protocols that 1426define what will go over the wire, UUCP uses the policy that you 1427should do what is right for the other end; if they change, you have 1428to change. This makes it hard to do the right thing, and discourages 1429people from updating their software. In general, if you can avoid 1430UUCP, please do. 1431 1432The major choice is whether to go for a domainized scheme or a 1433non-domainized scheme. This depends entirely on what the other 1434end will recognize. If at all possible, you should encourage the 1435other end to go to a domain-based system -- non-domainized addresses 1436don't work entirely properly. 1437 1438The four mailers are: 1439 1440 uucp-old (obsolete name: "uucp") 1441 This is the oldest, the worst (but the closest to UUCP) way of 1442 sending messages across UUCP connections. It does bangify 1443 everything and prepends $U (your UUCP name) to the sender's 1444 address (which can already be a bang path itself). It can 1445 only send to one address at a time, so it spends a lot of 1446 time copying duplicates of messages. Avoid this if at all 1447 possible. 1448 1449 uucp-new (obsolete name: "suucp") 1450 The same as above, except that it assumes that in one rmail 1451 command you can specify several recipients. It still has a 1452 lot of other problems. 1453 1454 uucp-dom 1455 This UUCP mailer keeps everything as domain addresses. 1456 Basically, it uses the SMTP mailer rewriting rules. This mailer 1457 is only included if MAILER(`smtp') is specified before 1458 MAILER(`uucp'). 1459 1460 Unfortunately, a lot of UUCP mailer transport agents require 1461 bangified addresses in the envelope, although you can use 1462 domain-based addresses in the message header. (The envelope 1463 shows up as the From_ line on UNIX mail.) So.... 1464 1465 uucp-uudom 1466 This is a cross between uucp-new (for the envelope addresses) 1467 and uucp-dom (for the header addresses). It bangifies the 1468 envelope sender (From_ line in messages) without adding the 1469 local hostname, unless there is no host name on the address 1470 at all (e.g., "wolf") or the host component is a UUCP host name 1471 instead of a domain name ("somehost!wolf" instead of 1472 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') 1473 is also specified earlier. 1474 1475Examples: 1476 1477On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following 1478summarizes the sender rewriting for various mailers. 1479 1480Mailer sender rewriting in the envelope 1481------ ------ ------------------------- 1482uucp-{old,new} wolf grasp!wolf 1483uucp-dom wolf wolf@grasp.insa-lyon.fr 1484uucp-uudom wolf grasp.insa-lyon.fr!wolf 1485 1486uucp-{old,new} wolf@fr.net grasp!fr.net!wolf 1487uucp-dom wolf@fr.net wolf@fr.net 1488uucp-uudom wolf@fr.net fr.net!wolf 1489 1490uucp-{old,new} somehost!wolf grasp!somehost!wolf 1491uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr 1492uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf 1493 1494If you are using one of the domainized UUCP mailers, you really want 1495to convert all UUCP addresses to domain format -- otherwise, it will 1496do it for you (and probably not the way you expected). For example, 1497if you have the address foo!bar!baz (and you are not sending to foo), 1498the heuristics will add the @uucp.relay.name or @local.host.name to 1499this address. However, if you map foo to foo.host.name first, it 1500will not add the local hostname. You can do this using the uucpdomain 1501feature. 1502 1503 1504+-------------------+ 1505| TWEAKING RULESETS | 1506+-------------------+ 1507 1508For more complex configurations, you can define special rules. 1509The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing 1510the names. Any modifications made here are reflected in the header. 1511 1512A common use is to convert old UUCP addresses to SMTP addresses using 1513the UUCPSMTP macro. For example: 1514 1515 LOCAL_RULE_3 1516 UUCPSMTP(`decvax', `decvax.dec.com') 1517 UUCPSMTP(`research', `research.att.com') 1518 1519will cause addresses of the form "decvax!user" and "research!user" 1520to be converted to "user@decvax.dec.com" and "user@research.att.com" 1521respectively. 1522 1523This could also be used to look up hosts in a database map: 1524 1525 LOCAL_RULE_3 1526 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 1527 1528This map would be defined in the LOCAL_CONFIG portion, as shown below. 1529 1530Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. 1531For example, new rules are needed to parse hostnames that you accept 1532via MX records. For example, you might have: 1533 1534 LOCAL_RULE_0 1535 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> 1536 1537You would use this if you had installed an MX record for cnmat.Berkeley.EDU 1538pointing at this host; this rule catches the message and forwards it on 1539using UUCP. 1540 1541You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. 1542These rulesets are normally empty. 1543 1544A similar macro is LOCAL_CONFIG. This introduces lines added after the 1545boilerplate option setting but before rulesets. Do not declare rulesets in 1546the LOCAL_CONFIG section. It can be used to declare local database maps or 1547whatever. For example: 1548 1549 LOCAL_CONFIG 1550 Khostmap hash /etc/mail/hostmap 1551 Kyplocal nis -m hosts.byname 1552 1553 1554+---------------------------+ 1555| MASQUERADING AND RELAYING | 1556+---------------------------+ 1557 1558You can have your host masquerade as another using 1559 1560 MASQUERADE_AS(`host.domain') 1561 1562This causes mail being sent to be labeled as coming from the 1563indicated host.domain, rather than $j. One normally masquerades as 1564one of one's own subdomains (for example, it's unlikely that 1565Berkeley would choose to masquerade as an MIT site). This 1566behaviour is modified by a plethora of FEATUREs; in particular, see 1567masquerade_envelope, allmasquerade, limited_masquerade, and 1568masquerade_entire_domain. 1569 1570The masquerade name is not normally canonified, so it is important 1571that it be your One True Name, that is, fully qualified and not a 1572CNAME. However, if you use a CNAME, the receiving side may canonify 1573it for you, so don't think you can cheat CNAME mapping this way. 1574 1575Normally the only addresses that are masqueraded are those that come 1576from this host (that is, are either unqualified or in class {w}, the list 1577of local domain names). You can augment this list, which is realized 1578by class {M} using 1579 1580 MASQUERADE_DOMAIN(`otherhost.domain') 1581 1582The effect of this is that although mail to user@otherhost.domain 1583will not be delivered locally, any mail including any user@otherhost.domain 1584will, when relayed, be rewritten to have the MASQUERADE_AS address. 1585This can be a space-separated list of names. 1586 1587If these names are in a file, you can use 1588 1589 MASQUERADE_DOMAIN_FILE(`filename') 1590 1591to read the list of names from the indicated file (i.e., to add 1592elements to class {M}). 1593 1594To exempt hosts or subdomains from being masqueraded, you can use 1595 1596 MASQUERADE_EXCEPTION(`host.domain') 1597 1598This can come handy if you want to masquerade a whole domain 1599except for one (or a few) host(s). If these names are in a file, 1600you can use 1601 1602 MASQUERADE_EXCEPTION_FILE(`filename') 1603 1604Normally only header addresses are masqueraded. If you want to 1605masquerade the envelope as well, use 1606 1607 FEATURE(`masquerade_envelope') 1608 1609There are always users that need to be "exposed" -- that is, their 1610internal site name should be displayed instead of the masquerade name. 1611Root is an example (which has been "exposed" by default prior to 8.10). 1612You can add users to this list using 1613 1614 EXPOSED_USER(`usernames') 1615 1616This adds users to class {E}; you could also use 1617 1618 EXPOSED_USER_FILE(`filename') 1619 1620You can also arrange to relay all unqualified names (that is, names 1621without @host) to a relay host. For example, if you have a central 1622email server, you might relay to that host so that users don't have 1623to have .forward files or aliases. You can do this using 1624 1625 define(`LOCAL_RELAY', `mailer:hostname') 1626 1627The ``mailer:'' can be omitted, in which case the mailer defaults to 1628"relay". There are some user names that you don't want relayed, perhaps 1629because of local aliases. A common example is root, which may be 1630locally aliased. You can add entries to this list using 1631 1632 LOCAL_USER(`usernames') 1633 1634This adds users to class {L}; you could also use 1635 1636 LOCAL_USER_FILE(`filename') 1637 1638If you want all incoming mail sent to a centralized hub, as for a 1639shared /var/spool/mail scheme, use 1640 1641 define(`MAIL_HUB', `mailer:hostname') 1642 1643Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY 1644and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will 1645be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. 1646Note: there is a (long standing) bug which keeps this combination from 1647working for addresses of the form user+detail. 1648Names in class {L} will be delivered locally, so you MUST have aliases or 1649.forward files for them. 1650 1651For example, if you are on machine mastodon.CS.Berkeley.EDU and you have 1652FEATURE(`stickyhost'), the following combinations of settings will have the 1653indicated effects: 1654 1655email sent to.... eric eric@mastodon.CS.Berkeley.EDU 1656 1657LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) 1658mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) 1659 1660MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1661mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) 1662 1663Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU 1664MAIL_HUB set as above (no local aliasing) (aliasing done) 1665 1666If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and 1667MAIL_HUB act identically, with MAIL_HUB taking precedence. 1668 1669If you want all outgoing mail to go to a central relay site, define 1670SMART_HOST as well. Briefly: 1671 1672 LOCAL_RELAY applies to unqualified names (e.g., "eric"). 1673 MAIL_HUB applies to names qualified with the name of the 1674 local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). 1675 SMART_HOST applies to names qualified with other hosts or 1676 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" 1677 or "eric@[127.0.0.1]"). 1678 1679However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, 1680DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you 1681really want absolutely everything to go to a single central site you will 1682need to unset all the other relays -- or better yet, find or build a 1683minimal config file that does this. 1684 1685For duplicate suppression to work properly, the host name is best 1686specified with a terminal dot: 1687 1688 define(`MAIL_HUB', `host.domain.') 1689 note the trailing dot ---^ 1690 1691 1692+-------------------------------------------+ 1693| USING LDAP FOR ALIASES, MAPS, AND CLASSES | 1694+-------------------------------------------+ 1695 1696LDAP can be used for aliases, maps, and classes by either specifying your 1697own LDAP map specification or using the built-in default LDAP map 1698specification. The built-in default specifications all provide lookups 1699which match against either the machine's fully qualified hostname (${j}) or 1700a "cluster". The cluster allows you to share LDAP entries among a large 1701number of machines without having to enter each of the machine names into 1702each LDAP entry. To set the LDAP cluster name to use for a particular 1703machine or set of machines, set the confLDAP_CLUSTER m4 variable to a 1704unique name. For example: 1705 1706 define(`confLDAP_CLUSTER', `Servers') 1707 1708Here, the word `Servers' will be the cluster name. As an example, assume 1709that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong 1710to the Servers cluster. 1711 1712Some of the LDAP LDIF examples below show use of the Servers cluster. 1713Every entry must have either a sendmailMTAHost or sendmailMTACluster 1714attribute or it will be ignored. Be careful as mixing clusters and 1715individual host records can have surprising results (see the CAUTION 1716sections below). 1717 1718See the file cf/sendmail.schema for the actual LDAP schemas. Note that 1719this schema (and therefore the lookups and examples below) is experimental 1720at this point as it has had little public review. Therefore, it may change 1721in future versions. Feedback via sendmail-YYYY@support.sendmail.org is 1722encouraged (replace YYYY with the current year, e.g., 2005). 1723 1724------- 1725Aliases 1726------- 1727 1728The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias 1729lookups. To use the default schema, simply use: 1730 1731 define(`ALIAS_FILE', `ldap:') 1732 1733By doing so, you will use the default schema which expands to a map 1734declared as follows: 1735 1736 ldap -k (&(objectClass=sendmailMTAAliasObject) 1737 (sendmailMTAAliasGrouping=aliases) 1738 (|(sendmailMTACluster=${sendmailMTACluster}) 1739 (sendmailMTAHost=$j)) 1740 (sendmailMTAKey=%0)) 1741 -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject 1742 1743 1744NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1745used when the binary expands the `ldap:' token as the AliasFile option is 1746not actually macro-expanded when read from the sendmail.cf file. 1747 1748Example LDAP LDIF entries might be: 1749 1750 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org 1751 objectClass: sendmailMTA 1752 objectClass: sendmailMTAAlias 1753 objectClass: sendmailMTAAliasObject 1754 sendmailMTAAliasGrouping: aliases 1755 sendmailMTAHost: etrn.sendmail.org 1756 sendmailMTAKey: sendmail-list 1757 sendmailMTAAliasValue: ca@example.org 1758 sendmailMTAAliasValue: eric 1759 sendmailMTAAliasValue: gshapiro@example.com 1760 1761 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org 1762 objectClass: sendmailMTA 1763 objectClass: sendmailMTAAlias 1764 objectClass: sendmailMTAAliasObject 1765 sendmailMTAAliasGrouping: aliases 1766 sendmailMTAHost: etrn.sendmail.org 1767 sendmailMTAKey: owner-sendmail-list 1768 sendmailMTAAliasValue: eric 1769 1770 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org 1771 objectClass: sendmailMTA 1772 objectClass: sendmailMTAAlias 1773 objectClass: sendmailMTAAliasObject 1774 sendmailMTAAliasGrouping: aliases 1775 sendmailMTACluster: Servers 1776 sendmailMTAKey: postmaster 1777 sendmailMTAAliasValue: eric 1778 1779Here, the aliases sendmail-list and owner-sendmail-list will be available 1780only on etrn.sendmail.org but the postmaster alias will be available on 1781every machine in the Servers cluster (including etrn.sendmail.org). 1782 1783CAUTION: aliases are additive so that entries like these: 1784 1785 dn: sendmailMTAKey=bob, dc=sendmail, dc=org 1786 objectClass: sendmailMTA 1787 objectClass: sendmailMTAAlias 1788 objectClass: sendmailMTAAliasObject 1789 sendmailMTAAliasGrouping: aliases 1790 sendmailMTACluster: Servers 1791 sendmailMTAKey: bob 1792 sendmailMTAAliasValue: eric 1793 1794 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org 1795 objectClass: sendmailMTA 1796 objectClass: sendmailMTAAlias 1797 objectClass: sendmailMTAAliasObject 1798 sendmailMTAAliasGrouping: aliases 1799 sendmailMTAHost: etrn.sendmail.org 1800 sendmailMTAKey: bob 1801 sendmailMTAAliasValue: gshapiro 1802 1803would mean that on all of the hosts in the cluster, mail to bob would go to 1804eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and 1805gshapiro. 1806 1807If you prefer not to use the default LDAP schema for your aliases, you can 1808specify the map parameters when setting ALIAS_FILE. For example: 1809 1810 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember') 1811 1812---- 1813Maps 1814---- 1815 1816FEATURE()'s which take an optional map definition argument (e.g., access, 1817mailertable, virtusertable, etc.) can instead take the special keyword 1818`LDAP', e.g.: 1819 1820 FEATURE(`access_db', `LDAP') 1821 FEATURE(`virtusertable', `LDAP') 1822 1823When this keyword is given, that map will use LDAP lookups consisting of 1824the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName 1825with the map name, a search attribute of sendmailMTAKey, and the value 1826attribute sendmailMTAMapValue. 1827 1828The values for sendmailMTAMapName are: 1829 1830 FEATURE() sendmailMTAMapName 1831 --------- ------------------ 1832 access_db access 1833 authinfo authinfo 1834 bitdomain bitdomain 1835 domaintable domain 1836 genericstable generics 1837 mailertable mailer 1838 uucpdomain uucpdomain 1839 virtusertable virtuser 1840 1841For example, FEATURE(`mailertable', `LDAP') would use the map definition: 1842 1843 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject) 1844 (sendmailMTAMapName=mailer) 1845 (|(sendmailMTACluster=${sendmailMTACluster}) 1846 (sendmailMTAHost=$j)) 1847 (sendmailMTAKey=%0)) 1848 -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject 1849 1850An example LDAP LDIF entry using this map might be: 1851 1852 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org 1853 objectClass: sendmailMTA 1854 objectClass: sendmailMTAMap 1855 sendmailMTACluster: Servers 1856 sendmailMTAMapName: mailer 1857 1858 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1859 objectClass: sendmailMTA 1860 objectClass: sendmailMTAMap 1861 objectClass: sendmailMTAMapObject 1862 sendmailMTAMapName: mailer 1863 sendmailMTACluster: Servers 1864 sendmailMTAKey: example.com 1865 sendmailMTAMapValue: relay:[smtp.example.com] 1866 1867CAUTION: If your LDAP database contains the record above and *ALSO* a host 1868specific record such as: 1869 1870 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org 1871 objectClass: sendmailMTA 1872 objectClass: sendmailMTAMap 1873 objectClass: sendmailMTAMapObject 1874 sendmailMTAMapName: mailer 1875 sendmailMTAHost: etrn.sendmail.org 1876 sendmailMTAKey: example.com 1877 sendmailMTAMapValue: relay:[mx.example.com] 1878 1879then these entries will give unexpected results. When the lookup is done 1880on etrn.sendmail.org, the effect is that there is *NO* match at all as maps 1881require a single match. Since the host etrn.sendmail.org is also in the 1882Servers cluster, LDAP would return two answers for the example.com map key 1883in which case sendmail would treat this as no match at all. 1884 1885If you prefer not to use the default LDAP schema for your maps, you can 1886specify the map parameters when using the FEATURE(). For example: 1887 1888 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value') 1889 1890------- 1891Classes 1892------- 1893 1894Normally, classes can be filled via files or programs. As of 8.12, they 1895can also be filled via map lookups using a new syntax: 1896 1897 F{ClassName}mapkey@mapclass:mapspec 1898 1899mapkey is optional and if not provided the map key will be empty. This can 1900be used with LDAP to read classes from LDAP. Note that the lookup is only 1901done when sendmail is initially started. Use the special value `@LDAP' to 1902use the default LDAP schema. For example: 1903 1904 RELAY_DOMAIN_FILE(`@LDAP') 1905 1906would put all of the attribute sendmailMTAClassValue values of LDAP records 1907with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of 1908'R' into class $={R}. In other words, it is equivalent to the LDAP map 1909specification: 1910 1911 F{R}@ldap:-k (&(objectClass=sendmailMTAClass) 1912 (sendmailMTAClassName=R) 1913 (|(sendmailMTACluster=${sendmailMTACluster}) 1914 (sendmailMTAHost=$j))) 1915 -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass 1916 1917NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually 1918used when the binary expands the `@LDAP' token as class declarations are 1919not actually macro-expanded when read from the sendmail.cf file. 1920 1921This can be used with class related commands such as RELAY_DOMAIN_FILE(), 1922MASQUERADE_DOMAIN_FILE(), etc: 1923 1924 Command sendmailMTAClassName 1925 ------- -------------------- 1926 CANONIFY_DOMAIN_FILE() Canonify 1927 EXPOSED_USER_FILE() E 1928 GENERICS_DOMAIN_FILE() G 1929 LDAPROUTE_DOMAIN_FILE() LDAPRoute 1930 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv 1931 LOCAL_USER_FILE() L 1932 MASQUERADE_DOMAIN_FILE() M 1933 MASQUERADE_EXCEPTION_FILE() N 1934 RELAY_DOMAIN_FILE() R 1935 VIRTUSER_DOMAIN_FILE() VirtHost 1936 1937You can also add your own as any 'F'ile class of the form: 1938 1939 F{ClassName}@LDAP 1940 ^^^^^^^^^ 1941will use "ClassName" for the sendmailMTAClassName. 1942 1943An example LDAP LDIF entry would look like: 1944 1945 dn: sendmailMTAClassName=R, dc=sendmail, dc=org 1946 objectClass: sendmailMTA 1947 objectClass: sendmailMTAClass 1948 sendmailMTACluster: Servers 1949 sendmailMTAClassName: R 1950 sendmailMTAClassValue: sendmail.org 1951 sendmailMTAClassValue: example.com 1952 sendmailMTAClassValue: 10.56.23 1953 1954CAUTION: If your LDAP database contains the record above and *ALSO* a host 1955specific record such as: 1956 1957 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org 1958 objectClass: sendmailMTA 1959 objectClass: sendmailMTAClass 1960 sendmailMTAHost: etrn.sendmail.org 1961 sendmailMTAClassName: R 1962 sendmailMTAClassValue: example.com 1963 1964the result will be similar to the aliases caution above. When the lookup 1965is done on etrn.sendmail.org, $={R} would contain all of the entries (from 1966both the cluster match and the host match). In other words, the effective 1967is additive. 1968 1969If you prefer not to use the default LDAP schema for your classes, you can 1970specify the map parameters when using the class command. For example: 1971 1972 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host') 1973 1974Remember, macros can not be used in a class declaration as the binary does 1975not expand them. 1976 1977 1978+--------------+ 1979| LDAP ROUTING | 1980+--------------+ 1981 1982FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft 1983LDAP Schema for Intranet Mail Routing 1984(draft-lachman-laser-ldap-mail-routing-01). This feature enables 1985LDAP-based rerouting of a particular address to either a different host 1986or a different address. The LDAP lookup is first attempted on the full 1987address (e.g., user@example.com) and then on the domain portion 1988(e.g., @example.com). Be sure to setup your domain for LDAP routing using 1989LDAPROUTE_DOMAIN(), e.g.: 1990 1991 LDAPROUTE_DOMAIN(`example.com') 1992 1993Additionally, you can specify equivalent domains for LDAP routing using 1994LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent' 1995hostnames are mapped to $M (the masqueraded hostname for the server) before 1996the LDAP query. For example, if the mail is addressed to 1997user@host1.example.com, normally the LDAP lookup would only be done for 1998'user@host1.example.com' and '@host1.example.com'. However, if 1999LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be 2000done on 'user@example.com' and '@example.com' after attempting the 2001host1.example.com lookups. 2002 2003By default, the feature will use the schemas as specified in the draft 2004and will not reject addresses not found by the LDAP lookup. However, 2005this behavior can be changed by giving additional arguments to the FEATURE() 2006command: 2007 2008 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, 2009 <detail>, <nodomain>, <tempfail>) 2010 2011where <mailHost> is a map definition describing how to lookup an alternative 2012mail host for a particular address; <mailRoutingAddress> is a map definition 2013describing how to lookup an alternative address for a particular address; 2014the <bounce> argument, if present and not the word "passthru", dictates 2015that mail should be bounced if neither a mailHost nor mailRoutingAddress 2016is found, if set to "sendertoo", the sender will be rejected if not 2017found in LDAP; and <detail> indicates what actions to take if the address 2018contains +detail information -- `strip' tries the lookup with the +detail 2019and if no matches are found, strips the +detail and tries the lookup again; 2020`preserve', does the same as `strip' but if a mailRoutingAddress match is 2021found, the +detail information is copied to the new address; the <nodomain> 2022argument, if present, will prevent the @domain lookup if the full 2023address is not found in LDAP; the <tempfail> argument, if set to 2024"tempfail", instructs the rules to give an SMTP 4XX temporary 2025error if the LDAP server gives the MTA a temporary failure, or if set to 2026"queue" (the default), the MTA will locally queue the mail. 2027 2028The default <mailHost> map definition is: 2029 2030 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient) 2031 (mailLocalAddress=%0)) 2032 2033The default <mailRoutingAddress> map definition is: 2034 2035 ldap -1 -T<TMPF> -v mailRoutingAddress 2036 -k (&(objectClass=inetLocalMailRecipient) 2037 (mailLocalAddress=%0)) 2038 2039Note that neither includes the LDAP server hostname (-h server) or base DN 2040(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that 2041your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with 2042these settings. If this is not the case, the map definitions should be 2043changed as described above. The "-T<TMPF>" is required in any user 2044specified map definition to catch temporary errors. 2045 2046The following possibilities exist as a result of an LDAP lookup on an 2047address: 2048 2049 mailHost is mailRoutingAddress is Results in 2050 ----------- --------------------- ---------- 2051 set to a set mail delivered to 2052 "local" host mailRoutingAddress 2053 2054 set to a not set delivered to 2055 "local" host original address 2056 2057 set to a set mailRoutingAddress 2058 remote host relayed to mailHost 2059 2060 set to a not set original address 2061 remote host relayed to mailHost 2062 2063 not set set mail delivered to 2064 mailRoutingAddress 2065 2066 not set not set delivered to 2067 original address *OR* 2068 bounced as unknown user 2069 2070The term "local" host above means the host specified is in class {w}. If 2071the result would mean sending the mail to a different host, that host is 2072looked up in the mailertable before delivery. 2073 2074Note that the last case depends on whether the third argument is given 2075to the FEATURE() command. The default is to deliver the message to the 2076original address. 2077 2078The LDAP entries should be set up with an objectClass of 2079inetLocalMailRecipient and the address be listed in a mailLocalAddress 2080attribute. If present, there must be only one mailHost attribute and it 2081must contain a fully qualified host name as its value. Similarly, if 2082present, there must be only one mailRoutingAddress attribute and it must 2083contain an RFC 822 compliant address. Some example LDAP records (in LDIF 2084format): 2085 2086 dn: uid=tom, o=example.com, c=US 2087 objectClass: inetLocalMailRecipient 2088 mailLocalAddress: tom@example.com 2089 mailRoutingAddress: thomas@mailhost.example.com 2090 2091This would deliver mail for tom@example.com to thomas@mailhost.example.com. 2092 2093 dn: uid=dick, o=example.com, c=US 2094 objectClass: inetLocalMailRecipient 2095 mailLocalAddress: dick@example.com 2096 mailHost: eng.example.com 2097 2098This would relay mail for dick@example.com to the same address but redirect 2099the mail to MX records listed for the host eng.example.com (unless the 2100mailertable overrides). 2101 2102 dn: uid=harry, o=example.com, c=US 2103 objectClass: inetLocalMailRecipient 2104 mailLocalAddress: harry@example.com 2105 mailHost: mktmail.example.com 2106 mailRoutingAddress: harry@mkt.example.com 2107 2108This would relay mail for harry@example.com to the MX records listed for 2109the host mktmail.example.com using the new address harry@mkt.example.com 2110when talking to that host. 2111 2112 dn: uid=virtual.example.com, o=example.com, c=US 2113 objectClass: inetLocalMailRecipient 2114 mailLocalAddress: @virtual.example.com 2115 mailHost: server.example.com 2116 mailRoutingAddress: virtual@example.com 2117 2118This would send all mail destined for any username @virtual.example.com to 2119the machine server.example.com's MX servers and deliver to the address 2120virtual@example.com on that relay machine. 2121 2122 2123+---------------------------------+ 2124| ANTI-SPAM CONFIGURATION CONTROL | 2125+---------------------------------+ 2126 2127The primary anti-spam features available in sendmail are: 2128 2129* Relaying is denied by default. 2130* Better checking on sender information. 2131* Access database. 2132* Header checks. 2133 2134Relaying (transmission of messages from a site outside your host (class 2135{w}) to another site except yours) is denied by default. Note that this 2136changed in sendmail 8.9; previous versions allowed relaying by default. 2137If you really want to revert to the old behaviour, you will need to use 2138FEATURE(`promiscuous_relay'). You can allow certain domains to relay 2139through your server by adding their domain name or IP address to class 2140{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database 2141(described below). Note that IPv6 addresses must be prefaced with "IPv6:". 2142The file consists (like any other file based class) of entries listed on 2143separate lines, e.g., 2144 2145 sendmail.org 2146 128.32 2147 IPv6:2002:c0a8:02c7 2148 IPv6:2002:c0a8:51d2::23f4 2149 host.mydomain.com 2150 [UNIX:localhost] 2151 2152Notice: the last entry allows relaying for connections via a UNIX 2153socket to the MTA/MSP. This might be necessary if your configuration 2154doesn't allow relaying by other means in that case, e.g., by having 2155localhost.$m in class {R} (make sure $m is not just a top level 2156domain). 2157 2158If you use 2159 2160 FEATURE(`relay_entire_domain') 2161 2162then any host in any of your local domains (that is, class {m}) 2163will be relayed (that is, you will accept mail either to or from any 2164host in your domain). 2165 2166You can also allow relaying based on the MX records of the host 2167portion of an incoming recipient address by using 2168 2169 FEATURE(`relay_based_on_MX') 2170 2171For example, if your server receives a recipient of user@domain.com 2172and domain.com lists your server in its MX records, the mail will be 2173accepted for relay to domain.com. This feature may cause problems 2174if MX lookups for the recipient domain are slow or time out. In that 2175case, mail will be temporarily rejected. It is usually better to 2176maintain a list of hosts/domains for which the server acts as relay. 2177Note also that this feature will stop spammers from using your host 2178to relay spam but it will not stop outsiders from using your server 2179as a relay for their site (that is, they set up an MX record pointing 2180to your mail server, and you will relay mail addressed to them 2181without any prior arrangement). Along the same lines, 2182 2183 FEATURE(`relay_local_from') 2184 2185will allow relaying if the sender specifies a return path (i.e. 2186MAIL FROM:<user@domain>) domain which is a local domain. This is a 2187dangerous feature as it will allow spammers to spam using your mail 2188server by simply specifying a return address of user@your.domain.com. 2189It should not be used unless absolutely necessary. 2190A slightly better solution is 2191 2192 FEATURE(`relay_mail_from') 2193 2194which allows relaying if the mail sender is listed as RELAY in the 2195access map. If an optional argument `domain' (this is the literal 2196word `domain', not a placeholder) is given, the domain portion of 2197the mail sender is also checked to allowing relaying. This option 2198only works together with the tag From: for the LHS of the access 2199map entries. This feature allows spammers to abuse your mail server 2200by specifying a return address that you enabled in your access file. 2201This may be harder to figure out for spammers, but it should not 2202be used unless necessary. Instead use STARTTLS to 2203allow relaying for roaming users. 2204 2205 2206If source routing is used in the recipient address (e.g., 2207RCPT TO:<user%site.com@othersite.com>), sendmail will check 2208user@site.com for relaying if othersite.com is an allowed relay host 2209in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, 2210or the access database if FEATURE(`access_db') is used. To prevent 2211the address from being stripped down, use: 2212 2213 FEATURE(`loose_relay_check') 2214 2215If you think you need to use this feature, you probably do not. This 2216should only be used for sites which have no control over the addresses 2217that they provide a gateway for. Use this FEATURE with caution as it 2218can allow spammers to relay through your server if not setup properly. 2219 2220NOTICE: It is possible to relay mail through a system which the anti-relay 2221rules do not prevent: the case of a system that does use FEATURE(`nouucp', 2222`nospecial') (system A) and relays local messages to a mail hub (e.g., via 2223LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use 2224FEATURE(`nouucp') at all, addresses of the form 2225<example.net!user@local.host> would be relayed to <user@example.net>. 2226System A doesn't recognize `!' as an address separator and therefore 2227forwards it to the mail hub which in turns relays it because it came from 2228a trusted local host. So if a mailserver allows UUCP (bang-format) 2229addresses, all systems from which it allows relaying should do the same 2230or reject those addresses. 2231 2232As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has 2233an unresolvable domain (i.e., one that DNS, your local name service, 2234or special case rules in ruleset 3 cannot locate). This also applies 2235to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the 2236IP address can't be mapped to a host name. If you want to continue 2237to accept such domains, e.g., because you are inside a firewall that 2238has only a limited view of the Internet host name space (note that you 2239will not be able to return mail to them unless you have some "smart 2240host" forwarder), use 2241 2242 FEATURE(`accept_unresolvable_domains') 2243 2244Alternatively, you can allow specific addresses by adding them to 2245the access map, e.g., 2246 2247 From:unresolvable.domain OK 2248 From:[1.2.3.4] OK 2249 From:[1.2.4] OK 2250 2251Notice: domains which are temporarily unresolvable are (temporarily) 2252rejected with a 451 reply code. If those domains should be accepted 2253(which is discouraged) then you can use 2254 2255 LOCAL_CONFIG 2256 C{ResOk}TEMP 2257 2258sendmail will also refuse mail if the MAIL FROM: parameter is not 2259fully qualified (i.e., contains a domain as well as a user). If you 2260want to continue to accept such senders, use 2261 2262 FEATURE(`accept_unqualified_senders') 2263 2264Setting the DaemonPortOptions modifier 'u' overrides the default behavior, 2265i.e., unqualified addresses are accepted even without this FEATURE. If 2266this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used 2267to enforce fully qualified domain names. 2268 2269An ``access'' database can be created to accept or reject mail from 2270selected domains. For example, you may choose to reject all mail 2271originating from known spammers. To enable such a database, use 2272 2273 FEATURE(`access_db') 2274 2275Notice: the access database is applied to the envelope addresses 2276and the connection information, not to the header. 2277 2278The FEATURE macro can accept as second parameter the key file 2279definition for the database; for example 2280 2281 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map') 2282 2283Notice: If a second argument is specified it must contain the option 2284`-T<TMPF>' as shown above. The optional parameters may be 2285 2286 `skip' enables SKIP as value part (see below). 2287 `lookupdotdomain' another way to enable the feature of the 2288 same name (see above). 2289 `relaytofulladdress' enable entries of the form 2290 To:user@example.com RELAY 2291 to allow relaying to just a specific 2292 e-mail address instead of an entire domain. 2293 2294Remember, since /etc/mail/access is a database, after creating the text 2295file as described below, you must use makemap to create the database 2296map. For example: 2297 2298 makemap hash /etc/mail/access < /etc/mail/access 2299 2300The table itself uses e-mail addresses, domain names, and network 2301numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:". 2302For example, 2303 2304 From:spammer@aol.com REJECT 2305 From:cyberspammer.com REJECT 2306 Connect:cyberspammer.com REJECT 2307 Connect:TLD REJECT 2308 Connect:192.168.212 REJECT 2309 Connect:IPv6:2002:c0a8:02c7 RELAY 2310 Connect:IPv6:2002:c0a8:51d2::23f4 REJECT 2311 2312would refuse mail from spammer@aol.com, any user from cyberspammer.com 2313(or any host within the cyberspammer.com domain), any host in the entire 2314top level domain TLD, 192.168.212.* network, and the IPv6 address 23152002:c0a8:51d2::23f4. It would allow relay for the IPv6 network 23162002:c0a8:02c7::/48. 2317 2318Entries in the access map should be tagged according to their type. 2319Three tags are available: 2320 2321 Connect: connection information (${client_addr}, ${client_name}) 2322 From: envelope sender 2323 To: envelope recipient 2324 2325Notice: untagged entries are deprecated. 2326 2327If the required item is looked up in a map, it will be tried first 2328with the corresponding tag in front, then (as fallback to enable 2329backward compatibility) without any tag, unless the specific feature 2330requires a tag. For example, 2331 2332 From:spammer@some.dom REJECT 2333 To:friend.domain RELAY 2334 Connect:friend.domain OK 2335 Connect:from.domain RELAY 2336 From:good@another.dom OK 2337 From:another.dom REJECT 2338 2339This would deny mails from spammer@some.dom but you could still 2340send mail to that address even if FEATURE(`blacklist_recipients') 2341is enabled. Your system will allow relaying to friend.domain, but 2342not from it (unless enabled by other means). Connections from that 2343domain will be allowed even if it ends up in one of the DNS based 2344rejection lists. Relaying is enabled from from.domain but not to 2345it (since relaying is based on the connection information for 2346outgoing relaying, the tag Connect: must be used; for incoming 2347relaying, which is based on the recipient address, To: must be 2348used). The last two entries allow mails from good@another.dom but 2349reject mail from all other addresses with another.dom as domain 2350part. 2351 2352 2353The value part of the map can contain: 2354 2355 OK Accept mail even if other rules in the running 2356 ruleset would reject it, for example, if the domain 2357 name is unresolvable. "Accept" does not mean 2358 "relay", but at most acceptance for local 2359 recipients. That is, OK allows less than RELAY. 2360 RELAY Accept mail addressed to the indicated domain 2361 (or address if `relaytofulladdress' is set) or 2362 received from the indicated domain for relaying 2363 through your SMTP server. RELAY also serves as 2364 an implicit OK for the other checks. 2365 REJECT Reject the sender or recipient with a general 2366 purpose message. 2367 DISCARD Discard the message completely using the 2368 $#discard mailer. If it is used in check_compat, 2369 it affects only the designated recipient, not 2370 the whole message as it does in all other cases. 2371 This should only be used if really necessary. 2372 SKIP This can only be used for host/domain names 2373 and IP addresses/nets. It will abort the current 2374 search for this entry without accepting or rejecting 2375 it but causing the default action. 2376 ### any text where ### is an RFC 821 compliant error code and 2377 "any text" is a message to return for the command. 2378 The entire string should be quoted to avoid 2379 surprises: 2380 2381 "### any text" 2382 2383 Otherwise sendmail formats the text as email 2384 addresses, e.g., it may remove spaces. 2385 This type is deprecated, use one of the two 2386 ERROR: entries below instead. 2387 ERROR:### any text 2388 as above, but useful to mark error messages as such. 2389 If quotes need to be used to avoid modifications 2390 (see above), they should be placed like this: 2391 2392 ERROR:"### any text" 2393 2394 ERROR:D.S.N:### any text 2395 where D.S.N is an RFC 1893 compliant error code 2396 and the rest as above. If quotes need to be used 2397 to avoid modifications, they should be placed 2398 like this: 2399 2400 ERROR:D.S.N:"### any text" 2401 2402 QUARANTINE:any text 2403 Quarantine the message using the given text as the 2404 quarantining reason. 2405 2406For example: 2407 2408 From:cyberspammer.com ERROR:"550 We don't accept mail from spammers" 2409 From:okay.cyberspammer.com OK 2410 Connect:sendmail.org RELAY 2411 To:sendmail.org RELAY 2412 Connect:128.32 RELAY 2413 Connect:128.32.2 SKIP 2414 Connect:IPv6:1:2:3:4:5:6:7 RELAY 2415 Connect:suspicious.example.com QUARANTINE:Mail from suspicious host 2416 Connect:[127.0.0.3] OK 2417 Connect:[IPv6:1:2:3:4:5:6:7:8] OK 2418 2419would accept mail from okay.cyberspammer.com, but would reject mail 2420from all other hosts at cyberspammer.com with the indicated message. 2421It would allow relaying mail from and to any hosts in the sendmail.org 2422domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network 2423and from the 128.32.*.* network except for the 128.32.2.* network, 2424which shows how SKIP is useful to exempt subnets/subdomains. The 2425last two entries are for checks against ${client_name} if the IP 2426address doesn't resolve to a hostname (or is considered as "may be 2427forged"). That is, using square brackets means these are host 2428names, not network numbers. 2429 2430Warning: if you change the RFC 821 compliant error code from the default 2431value of 550, then you should probably also change the RFC 1893 compliant 2432error code to match it. For example, if you use 2433 2434 To:user@example.com ERROR:450 mailbox full 2435 2436the error returned would be "450 5.0.0 mailbox full" which is wrong. 2437Use "ERROR:4.2.2:450 mailbox full" instead. 2438 2439Note, UUCP users may need to add hostname.UUCP to the access database 2440or class {R}. 2441 2442If you also use: 2443 2444 FEATURE(`relay_hosts_only') 2445 2446then the above example will allow relaying for sendmail.org, but not 2447hosts within the sendmail.org domain. Note that this will also require 2448hosts listed in class {R} to be fully qualified host names. 2449 2450You can also use the access database to block sender addresses based on 2451the username portion of the address. For example: 2452 2453 From:FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted 2454 2455Note that you must include the @ after the username to signify that 2456this database entry is for checking only the username portion of the 2457sender address. 2458 2459If you use: 2460 2461 FEATURE(`blacklist_recipients') 2462 2463then you can add entries to the map for local users, hosts in your 2464domains, or addresses in your domain which should not receive mail: 2465 2466 To:badlocaluser@ ERROR:550 Mailbox disabled for badlocaluser 2467 To:host.my.TLD ERROR:550 That host does not accept mail 2468 To:user@other.my.TLD ERROR:550 Mailbox disabled for this recipient 2469 2470This would prevent a recipient of badlocaluser in any of the local 2471domains (class {w}), any user at host.my.TLD, and the single address 2472user@other.my.TLD from receiving mail. Please note: a local username 2473must be now tagged with an @ (this is consistent with the check of 2474the sender address, and hence it is possible to distinguish between 2475hostnames and usernames). Enabling this feature will keep you from 2476sending mails to all addresses that have an error message or REJECT 2477as value part in the access map. Taking the example from above: 2478 2479 spammer@aol.com REJECT 2480 cyberspammer.com REJECT 2481 2482Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. 2483That's why tagged entries should be used. 2484 2485There are several DNS based blacklists which can be found by 2486querying a search engine. These are databases of spammers 2487maintained in DNS. To use such a database, specify 2488 2489 FEATURE(`dnsbl', `dnsbl.example.com') 2490 2491This will cause sendmail to reject mail from any site listed in the 2492DNS based blacklist. You must select a DNS based blacklist domain 2493to check by specifying an argument to the FEATURE. The default 2494error message is 2495 2496 Rejected: IP-ADDRESS listed at SERVER 2497 2498where IP-ADDRESS and SERVER are replaced by the appropriate 2499information. A second argument can be used to specify a different 2500text or action. For example, 2501 2502 FEATURE(`dnsbl', `dnsbl.example.com', `quarantine') 2503 2504would quarantine the message if the client IP address is listed 2505at `dnsbl.example.com'. 2506 2507By default, temporary lookup failures are ignored 2508and hence cause the connection not to be rejected by the DNS based 2509rejection list. This behavior can be changed by specifying a third 2510argument, which must be either `t' or a full error message. For 2511example: 2512 2513 FEATURE(`dnsbl', `dnsbl.example.com', `', 2514 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"') 2515 2516If `t' is used, the error message is: 2517 2518 451 Temporary lookup failure of IP-ADDRESS at SERVER 2519 2520where IP-ADDRESS and SERVER are replaced by the appropriate 2521information. 2522 2523This FEATURE can be included several times to query different 2524DNS based rejection lists. 2525 2526Notice: to avoid checking your own local domains against those 2527blacklists, use the access_db feature and add: 2528 2529 Connect:10.1 OK 2530 Connect:127.0.0.1 RELAY 2531 2532to the access map, where 10.1 is your local network. You may 2533want to use "RELAY" instead of "OK" to allow also relaying 2534instead of just disabling the DNS lookups in the blacklists. 2535 2536 2537The features described above make use of the check_relay, check_mail, 2538and check_rcpt rulesets. Note that check_relay checks the SMTP 2539client hostname and IP address when the connection is made to your 2540server. It does not check if a mail message is being relayed to 2541another server. That check is done in check_rcpt. If you wish to 2542include your own checks, you can put your checks in the rulesets 2543Local_check_relay, Local_check_mail, and Local_check_rcpt. For 2544example if you wanted to block senders with all numeric usernames 2545(i.e. 2312343@bigisp.com), you would use Local_check_mail and the 2546regex map: 2547 2548 LOCAL_CONFIG 2549 Kallnumbers regex -a@MATCH ^[0-9]+$ 2550 2551 LOCAL_RULESETS 2552 SLocal_check_mail 2553 # check address against various regex checks 2554 R$* $: $>Parse0 $>3 $1 2555 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) 2556 R@MATCH $#error $: 553 Header Error 2557 2558These rules are called with the original arguments of the corresponding 2559check_* ruleset. If the local ruleset returns $#OK, no further checking 2560is done by the features described above and the mail is accepted. If 2561the local ruleset resolves to a mailer (such as $#error or $#discard), 2562the appropriate action is taken. Other results starting with $# are 2563interpreted by sendmail and may lead to unspecified behavior. Note: do 2564NOT create a mailer with the name OK. Return values that do not start 2565with $# are ignored, i.e., normal processing continues. 2566 2567Delay all checks 2568---------------- 2569 2570By using FEATURE(`delay_checks') the rulesets check_mail and check_relay 2571will not be called when a client connects or issues a MAIL command, 2572respectively. Instead, those rulesets will be called by the check_rcpt 2573ruleset; they will be skipped if a sender has been authenticated using 2574a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). 2575If check_mail returns an error then the RCPT TO command will be rejected 2576with that error. If it returns some other result starting with $# then 2577check_relay will be skipped. If the sender address (or a part of it) is 2578listed in the access map and it has a RHS of OK or RELAY, then check_relay 2579will be skipped. This has an interesting side effect: if your domain is 2580my.domain and you have 2581 2582 my.domain RELAY 2583 2584in the access map, then any e-mail with a sender address of 2585<user@my.domain> will not be rejected by check_relay even though 2586it would match the hostname or IP address. This allows spammers 2587to get around DNS based blacklist by faking the sender address. To 2588avoid this problem you have to use tagged entries: 2589 2590 To:my.domain RELAY 2591 Connect:my.domain RELAY 2592 2593if you need those entries at all (class {R} may take care of them). 2594 2595FEATURE(`delay_checks') can take an optional argument: 2596 2597 FEATURE(`delay_checks', `friend') 2598 enables spamfriend test 2599 FEATURE(`delay_checks', `hater') 2600 enables spamhater test 2601 2602If such an argument is given, the recipient will be looked up in the 2603access map (using the tag Spam:). If the argument is `friend', then 2604the default behavior is to apply the other rulesets and make a SPAM 2605friend the exception. The rulesets check_mail and check_relay will be 2606skipped only if the recipient address is found and has RHS FRIEND. If 2607the argument is `hater', then the default behavior is to skip the rulesets 2608check_mail and check_relay and make a SPAM hater the exception. The 2609other two rulesets will be applied only if the recipient address is 2610found and has RHS HATER. 2611 2612This allows for simple exceptions from the tests, e.g., by activating 2613the friend option and having 2614 2615 Spam:abuse@ FRIEND 2616 2617in the access map, mail to abuse@localdomain will get through (where 2618"localdomain" is any domain in class {w}). It is also possible to 2619specify a full address or an address with +detail: 2620 2621 Spam:abuse@my.domain FRIEND 2622 Spam:me+abuse@ FRIEND 2623 Spam:spam.domain FRIEND 2624 2625Note: The required tag has been changed in 8.12 from To: to Spam:. 2626This change is incompatible to previous versions. However, you can 2627(for now) simply add the new entries to the access map, the old 2628ones will be ignored. As soon as you removed the old entries from 2629the access map, specify a third parameter (`n') to this feature and 2630the backward compatibility rules will not be in the generated .cf 2631file. 2632 2633Header Checks 2634------------- 2635 2636You can also reject mail on the basis of the contents of headers. 2637This is done by adding a ruleset call to the 'H' header definition command 2638in sendmail.cf. For example, this can be used to check the validity of 2639a Message-ID: header: 2640 2641 LOCAL_CONFIG 2642 HMessage-Id: $>CheckMessageId 2643 2644 LOCAL_RULESETS 2645 SCheckMessageId 2646 R< $+ @ $+ > $@ OK 2647 R$* $#error $: 553 Header Error 2648 2649The alternative format: 2650 2651 HSubject: $>+CheckSubject 2652 2653that is, $>+ instead of $>, gives the full Subject: header including 2654comments to the ruleset (comments in parentheses () are stripped 2655by default). 2656 2657A default ruleset for headers which don't have a specific ruleset 2658defined for them can be given by: 2659 2660 H*: $>CheckHdr 2661 2662Notice: 26631. All rules act on tokens as explained in doc/op/op.{me,ps,txt}. 2664That may cause problems with simple header checks due to the 2665tokenization. It might be simpler to use a regex map and apply it 2666to $&{currHeader}. 26672. There are no default rulesets coming with this distribution of 2668sendmail. You can write your own or search the WWW for examples. 26693. When using a default ruleset for headers, the name of the header 2670currently being checked can be found in the $&{hdr_name} macro. 2671 2672After all of the headers are read, the check_eoh ruleset will be called for 2673any final header-related checks. The ruleset is called with the number of 2674headers and the size of all of the headers in bytes separated by $|. One 2675example usage is to reject messages which do not have a Message-Id: 2676header. However, the Message-Id: header is *NOT* a required header and is 2677not a guaranteed spam indicator. This ruleset is an example and should 2678probably not be used in production. 2679 2680 LOCAL_CONFIG 2681 Kstorage macro 2682 HMessage-Id: $>CheckMessageId 2683 2684 LOCAL_RULESETS 2685 SCheckMessageId 2686 # Record the presence of the header 2687 R$* $: $(storage {MessageIdCheck} $@ OK $) $1 2688 R< $+ @ $+ > $@ OK 2689 R$* $#error $: 553 Header Error 2690 2691 Scheck_eoh 2692 # Check the macro 2693 R$* $: < $&{MessageIdCheck} > 2694 # Clear the macro for the next message 2695 R$* $: $(storage {MessageIdCheck} $) $1 2696 # Has a Message-Id: header 2697 R< $+ > $@ OK 2698 # Allow missing Message-Id: from local mail 2699 R$* $: < $&{client_name} > 2700 R< > $@ OK 2701 R< $=w > $@ OK 2702 # Otherwise, reject the mail 2703 R$* $#error $: 553 Header Error 2704 2705 2706+--------------------+ 2707| CONNECTION CONTROL | 2708+--------------------+ 2709 2710The features ratecontrol and conncontrol allow to establish connection 2711limits per client IP address or net. These features can limit the 2712rate of connections (connections per time unit) or the number of 2713incoming SMTP connections, respectively. If enabled, appropriate 2714rulesets are called at the end of check_relay, i.e., after DNS 2715blacklists and generic access_db operations. The features require 2716FEATURE(`access_db') to be listed earlier in the mc file. 2717 2718Note: FEATURE(`delay_checks') delays those connection control checks 2719after a recipient address has been received, hence making these 2720connection control features less useful. To run the checks as early 2721as possible, specify the parameter `nodelay', e.g., 2722 2723 FEATURE(`ratecontrol', `nodelay') 2724 2725In that case, FEATURE(`delay_checks') has no effect on connection 2726control (and it must be specified earlier in the mc file). 2727 2728An optional second argument `terminate' specifies whether the 2729rulesets should return the error code 421 which will cause 2730sendmail to terminate the session with that error if it is 2731returned from check_relay, i.e., not delayed as explained in 2732the previous paragraph. Example: 2733 2734 FEATURE(`ratecontrol', `nodelay', `terminate') 2735 2736 2737+----------+ 2738| STARTTLS | 2739+----------+ 2740 2741In this text, cert will be used as an abbreviation for X.509 certificate, 2742DN (CN) is the distinguished (common) name of a cert, and CA is a 2743certification authority, which signs (issues) certs. 2744 2745For STARTTLS to be offered by sendmail you need to set at least 2746these variables (the file names and paths are just examples): 2747 2748 define(`confCACERT_PATH', `/etc/mail/certs/') 2749 define(`confCACERT', `/etc/mail/certs/CA.cert.pem') 2750 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem') 2751 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem') 2752 2753On systems which do not have the compile flag HASURANDOM set (see 2754sendmail/README) you also must set confRAND_FILE. 2755 2756See doc/op/op.{me,ps,txt} for more information about these options, 2757especially the sections ``Certificates for STARTTLS'' and ``PRNG for 2758STARTTLS''. 2759 2760Macros related to STARTTLS are: 2761 2762${cert_issuer} holds the DN of the CA (the cert issuer). 2763${cert_subject} holds the DN of the cert (called the cert subject). 2764${cn_issuer} holds the CN of the CA (the cert issuer). 2765${cn_subject} holds the CN of the cert (called the cert subject). 2766${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, 2767 TLSv1/SSLv3, SSLv3, SSLv2. 2768${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 2769 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. 2770${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm 2771 used for the connection. 2772${verify} holds the result of the verification of the presented cert. 2773 Possible values are: 2774 OK verification succeeded. 2775 NO no cert presented. 2776 NOT no cert requested. 2777 FAIL cert presented but could not be verified, 2778 e.g., the cert of the signing CA is missing. 2779 NONE STARTTLS has not been performed. 2780 TEMP temporary error occurred. 2781 PROTOCOL protocol error occurred (SMTP level). 2782 SOFTWARE STARTTLS handshake failed. 2783${server_name} the name of the server of the current outgoing SMTP 2784 connection. 2785${server_addr} the address of the server of the current outgoing SMTP 2786 connection. 2787 2788Relaying 2789-------- 2790 2791SMTP STARTTLS can allow relaying for remote SMTP clients which have 2792successfully authenticated themselves. If the verification of the cert 2793failed (${verify} != OK), relaying is subject to the usual rules. 2794Otherwise the DN of the issuer is looked up in the access map using the 2795tag CERTISSUER. If the resulting value is RELAY, relaying is allowed. 2796If it is SUBJECT, the DN of the cert subject is looked up next in the 2797access map using the tag CERTSUBJECT. If the value is RELAY, relaying 2798is allowed. 2799 2800To make things a bit more flexible (or complicated), the values for 2801${cert_issuer} and ${cert_subject} can be optionally modified by regular 2802expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and 2803_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in 2804rulesets and map lookups, they are modified as follows: each non-printable 2805character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced 2806by their HEX value with a leading '+'. For example: 2807 2808/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= 2809darth+cert@endmail.org 2810 2811is encoded as: 2812 2813/C=US/ST=California/O=endmail.org/OU=private/CN= 2814Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2815 2816(line breaks have been inserted for readability). 2817 2818The macros which are subject to this encoding are ${cert_subject}, 2819${cert_issuer}, ${cn_subject}, and ${cn_issuer}. 2820 2821Examples: 2822 2823To allow relaying for everyone who can present a cert signed by 2824 2825/C=US/ST=California/O=endmail.org/OU=private/CN= 2826Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2827 2828simply use: 2829 2830CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2831Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY 2832 2833To allow relaying only for a subset of machines that have a cert signed by 2834 2835/C=US/ST=California/O=endmail.org/OU=private/CN= 2836Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 2837 2838use: 2839 2840CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= 2841Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT 2842CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= 2843DeathStar/Email=deathstar@endmail.org RELAY 2844 2845Notes: 2846- line breaks have been inserted after "CN=" for readability, 2847 each tagged entry must be one (long) line in the access map. 2848- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN 2849 is replaced by "emailAddress=". 2850 2851Of course it is also possible to write a simple ruleset that allows 2852relaying for everyone who can present a cert that can be verified, e.g., 2853 2854LOCAL_RULESETS 2855SLocal_check_rcpt 2856R$* $: $&{verify} 2857ROK $# OK 2858 2859Allowing Connections 2860-------------------- 2861 2862The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether 2863an SMTP connection is accepted (or should continue). 2864 2865tls_server is called when sendmail acts as client after a STARTTLS command 2866(should) have been issued. The parameter is the value of ${verify}. 2867 2868tls_client is called when sendmail acts as server, after a STARTTLS command 2869has been issued, and from check_mail. The parameter is the value of 2870${verify} and STARTTLS or MAIL, respectively. 2871 2872Both rulesets behave the same. If no access map is in use, the connection 2873will be accepted unless ${verify} is SOFTWARE, in which case the connection 2874is always aborted. For tls_server/tls_client, ${client_name}/${server_name} 2875is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done 2876with the ruleset LookUpDomain. If no entry is found, ${client_addr} 2877(${server_addr}) is looked up in the access map (same tag, ruleset 2878LookUpAddr). If this doesn't result in an entry either, just the tag is 2879looked up in the access map (included the trailing colon). Notice: 2880requiring that e-mail is sent to a server only encrypted, e.g., via 2881 2882TLS_Srv:secure.domain ENCR:112 2883 2884doesn't necessarily mean that e-mail sent to that domain is encrypted. 2885If the domain has multiple MX servers, e.g., 2886 2887secure.domain. IN MX 10 mail.secure.domain. 2888secure.domain. IN MX 50 mail.other.domain. 2889 2890then mail to user@secure.domain may go unencrypted to mail.other.domain. 2891tls_rcpt can be used to address this problem. 2892 2893tls_rcpt is called before a RCPT TO: command is sent. The parameter is the 2894current recipient. This ruleset is only defined if FEATURE(`access_db') 2895is selected. A recipient address user@domain is looked up in the access 2896map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain, 2897and TLS_Rcpt:; the first match is taken. 2898 2899The result of the lookups is then used to call the ruleset TLS_connection, 2900which checks the requirement specified by the RHS in the access map against 2901the actual parameters of the current TLS connection, esp. ${verify} and 2902${cipher_bits}. Legal RHSs in the access map are: 2903 2904VERIFY verification must have succeeded 2905VERIFY:bits verification must have succeeded and ${cipher_bits} must 2906 be greater than or equal bits. 2907ENCR:bits ${cipher_bits} must be greater than or equal bits. 2908 2909The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary 2910or permanent error. The default is a temporary error code (403 4.7.0) 2911unless the macro TLS_PERM_ERR is set during generation of the .cf file. 2912 2913If a certain level of encryption is required, then it might also be 2914possible that this level is provided by the security layer from a SASL 2915algorithm, e.g., DIGEST-MD5. 2916 2917Furthermore, there can be a list of extensions added. Such a list 2918starts with '+' and the items are separated by '++'. Allowed 2919extensions are: 2920 2921CN:name name must match ${cn_subject} 2922CN ${server_name} must match ${cn_subject} 2923CS:name name must match ${cert_subject} 2924CI:name name must match ${cert_issuer} 2925 2926Example: e-mail sent to secure.example.com should only use an encrypted 2927connection. E-mail received from hosts within the laptop.example.com domain 2928should only be accepted if they have been authenticated. The host which 2929receives e-mail for darth@endmail.org must present a cert that uses the 2930CN smtp.endmail.org. 2931 2932TLS_Srv:secure.example.com ENCR:112 2933TLS_Clt:laptop.example.com PERM+VERIFY:112 2934TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org 2935 2936 2937Disabling STARTTLS And Setting SMTP Server Features 2938--------------------------------------------------- 2939 2940By default STARTTLS is used whenever possible. However, there are 2941some broken MTAs that don't properly implement STARTTLS. To be able 2942to send to (or receive from) those MTAs, the ruleset try_tls 2943(srv_features) can be used that work together with the access map. 2944Entries for the access map must be tagged with Try_TLS (Srv_Features) 2945and refer to the hostname or IP address of the connecting system. 2946A default case can be specified by using just the tag. For example, 2947the following entries in the access map: 2948 2949 Try_TLS:broken.server NO 2950 Srv_Features:my.domain v 2951 Srv_Features: V 2952 2953will turn off STARTTLS when sending to broken.server (or any host 2954in that domain), and request a client certificate during the TLS 2955handshake only for hosts in my.domain. The valid entries on the RHS 2956for Srv_Features are listed in the Sendmail Installation and 2957Operations Guide. 2958 2959 2960Received: Header 2961---------------- 2962 2963The Received: header reveals whether STARTTLS has been used. It contains an 2964extra line: 2965 2966(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify}) 2967 2968 2969+--------------------------------+ 2970| ADDING NEW MAILERS OR RULESETS | 2971+--------------------------------+ 2972 2973Sometimes you may need to add entirely new mailers or rulesets. They 2974should be introduced with the constructs MAILER_DEFINITIONS and 2975LOCAL_RULESETS respectively. For example: 2976 2977 MAILER_DEFINITIONS 2978 Mmymailer, ... 2979 ... 2980 2981 LOCAL_RULESETS 2982 Smyruleset 2983 ... 2984 2985Local additions for the rulesets srv_features, try_tls, tls_rcpt, 2986tls_client, and tls_server can be made using LOCAL_SRV_FEATURES, 2987LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER, 2988respectively. For example, to add a local ruleset that decides 2989whether to try STARTTLS in a sendmail client, use: 2990 2991 LOCAL_TRY_TLS 2992 R... 2993 2994Note: you don't need to add a name for the ruleset, it is implicitly 2995defined by using the appropriate macro. 2996 2997 2998+-------------------------+ 2999| ADDING NEW MAIL FILTERS | 3000+-------------------------+ 3001 3002Sendmail supports mail filters to filter incoming SMTP messages according 3003to the "Sendmail Mail Filter API" documentation. These filters can be 3004configured in your mc file using the two commands: 3005 3006 MAIL_FILTER(`name', `equates') 3007 INPUT_MAIL_FILTER(`name', `equates') 3008 3009The first command, MAIL_FILTER(), simply defines a filter with the given 3010name and equates. For example: 3011 3012 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3013 3014This creates the equivalent sendmail.cf entry: 3015 3016 Xarchive, S=local:/var/run/archivesock, F=R 3017 3018The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER 3019but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name 3020of the filter such that the filter will actually be called by sendmail. 3021 3022For example, the two commands: 3023 3024 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3025 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3026 3027are equivalent to the three commands: 3028 3029 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') 3030 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') 3031 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') 3032 3033In general, INPUT_MAIL_FILTER() should be used unless you need to define 3034more filters than you want to use for `confINPUT_MAIL_FILTERS'. 3035 3036Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() 3037commands will clear the list created by the prior INPUT_MAIL_FILTER() 3038commands. 3039 3040 3041+-------------------------+ 3042| QUEUE GROUP DEFINITIONS | 3043+-------------------------+ 3044 3045In addition to the queue directory (which is the default queue group 3046called "mqueue"), sendmail can deal with multiple queue groups, which 3047are collections of queue directories with the same behaviour. Queue 3048groups can be defined using the command: 3049 3050 QUEUE_GROUP(`name', `equates') 3051 3052For details about queue groups, please see doc/op/op.{me,ps,txt}. 3053 3054+-------------------------------+ 3055| NON-SMTP BASED CONFIGURATIONS | 3056+-------------------------------+ 3057 3058These configuration files are designed primarily for use by 3059SMTP-based sites. They may not be well tuned for UUCP-only or 3060UUCP-primarily nodes (the latter is defined as a small local net 3061connected to the rest of the world via UUCP). However, there is 3062one hook to handle some special cases. 3063 3064You can define a ``smart host'' that understands a richer address syntax 3065using: 3066 3067 define(`SMART_HOST', `mailer:hostname') 3068 3069In this case, the ``mailer:'' defaults to "relay". Any messages that 3070can't be handled using the usual UUCP rules are passed to this host. 3071 3072If you are on a local SMTP-based net that connects to the outside 3073world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. 3074For example: 3075 3076 define(`SMART_HOST', `uucp-new:uunet') 3077 LOCAL_NET_CONFIG 3078 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 3079 3080This will cause all names that end in your domain name ($m) to be sent 3081via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. 3082If you have FEATURE(`nocanonify'), you may need to omit the dots after 3083the $m. If you are running a local DNS inside your domain which is 3084not otherwise connected to the outside world, you probably want to 3085use: 3086 3087 define(`SMART_HOST', `smtp:fire.wall.com') 3088 LOCAL_NET_CONFIG 3089 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 3090 3091That is, send directly only to things you found in your DNS lookup; 3092anything else goes through SMART_HOST. 3093 3094You may need to turn off the anti-spam rules in order to accept 3095UUCP mail with FEATURE(`promiscuous_relay') and 3096FEATURE(`accept_unresolvable_domains'). 3097 3098 3099+-----------+ 3100| WHO AM I? | 3101+-----------+ 3102 3103Normally, the $j macro is automatically defined to be your fully 3104qualified domain name (FQDN). Sendmail does this by getting your 3105host name using gethostname and then calling gethostbyname on the 3106result. For example, in some environments gethostname returns 3107only the root of the host name (such as "foo"); gethostbyname is 3108supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) 3109cases, gethostbyname may fail to return the FQDN. In this case 3110you MUST define confDOMAIN_NAME to be your fully qualified domain 3111name. This is usually done using: 3112 3113 Dmbar.com 3114 define(`confDOMAIN_NAME', `$w.$m')dnl 3115 3116 3117+-----------------------------------+ 3118| ACCEPTING MAIL FOR MULTIPLE NAMES | 3119+-----------------------------------+ 3120 3121If your host is known by several different names, you need to augment 3122class {w}. This is a list of names by which your host is known, and 3123anything sent to an address using a host name in this list will be 3124treated as local mail. You can do this in two ways: either create the 3125file /etc/mail/local-host-names containing a list of your aliases (one per 3126line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add 3127``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified 3128name of the host, rather than a short name. 3129 3130If you want to have different address in different domains, take 3131a look at the virtusertable feature, which is also explained at 3132http://www.sendmail.org/virtual-hosting.html 3133 3134 3135+--------------------+ 3136| USING MAILERTABLES | 3137+--------------------+ 3138 3139To use FEATURE(`mailertable'), you will have to create an external 3140database containing the routing information for various domains. 3141For example, a mailertable file in text format might be: 3142 3143 .my.domain xnet:%1.my.domain 3144 uuhost1.my.domain uucp-new:uuhost1 3145 .bitnet smtp:relay.bit.net 3146 3147This should normally be stored in /etc/mail/mailertable. The actual 3148database version of the mailertable is built using: 3149 3150 makemap hash /etc/mail/mailertable < /etc/mail/mailertable 3151 3152The semantics are simple. Any LHS entry that does not begin with 3153a dot matches the full host name indicated. LHS entries beginning 3154with a dot match anything ending with that domain name (including 3155the leading dot) -- that is, they can be thought of as having a 3156leading ".+" regular expression pattern for a non-empty sequence of 3157characters. Matching is done in order of most-to-least qualified 3158-- for example, even though ".my.domain" is listed first in the 3159above example, an entry of "uuhost1.my.domain" will match the second 3160entry since it is more explicit. Note: e-mail to "user@my.domain" 3161does not match any entry in the above table. You need to have 3162something like: 3163 3164 my.domain esmtp:host.my.domain 3165 3166The RHS should always be a "mailer:host" pair. The mailer is the 3167configuration name of a mailer (that is, an M line in the 3168sendmail.cf file). The "host" will be the hostname passed to 3169that mailer. In domain-based matches (that is, those with leading 3170dots) the "%1" may be used to interpolate the wildcarded part of 3171the host name. For example, the first line above sends everything 3172addressed to "anything.my.domain" to that same host name, but using 3173the (presumably experimental) xnet mailer. 3174 3175In some cases you may want to temporarily turn off MX records, 3176particularly on gateways. For example, you may want to MX 3177everything in a domain to one machine that then forwards it 3178directly. To do this, you might use the DNS configuration: 3179 3180 *.domain. IN MX 0 relay.machine 3181 3182and on relay.machine use the mailertable: 3183 3184 .domain smtp:[gateway.domain] 3185 3186The [square brackets] turn off MX records for this host only. 3187If you didn't do this, the mailertable would use the MX record 3188again, which would give you an MX loop. Note that the use of 3189wildcard MX records is almost always a bad idea. Please avoid 3190using them if possible. 3191 3192 3193+--------------------------------+ 3194| USING USERDB TO MAP FULL NAMES | 3195+--------------------------------+ 3196 3197The user database was not originally intended for mapping full names 3198to login names (e.g., Eric.Allman => eric), but some people are using 3199it that way. (it is recommended that you set up aliases for this 3200purpose instead -- since you can specify multiple alias files, this 3201is fairly easy.) The intent was to locate the default maildrop at 3202a site, but allow you to override this by sending to a specific host. 3203 3204If you decide to set up the user database in this fashion, it is 3205imperative that you not use FEATURE(`stickyhost') -- otherwise, 3206e-mail sent to Full.Name@local.host.name will be rejected. 3207 3208To build the internal form of the user database, use: 3209 3210 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt 3211 3212As a general rule, it is an extremely bad idea to using full names 3213as e-mail addresses, since they are not in any sense unique. For 3214example, the UNIX software-development community has at least two 3215well-known Peter Deutsches, and at one time Bell Labs had two 3216Stephen R. Bournes with offices along the same hallway. Which one 3217will be forced to suffer the indignity of being Stephen_R_Bourne_2? 3218The less famous of the two, or the one that was hired later? 3219 3220Finger should handle full names (and be fuzzy). Mail should use 3221handles, and not be fuzzy. 3222 3223 3224+--------------------------------+ 3225| MISCELLANEOUS SPECIAL FEATURES | 3226+--------------------------------+ 3227 3228Plussed users 3229 Sometimes it is convenient to merge configuration on a 3230 centralized mail machine, for example, to forward all 3231 root mail to a mail server. In this case it might be 3232 useful to be able to treat the root addresses as a class 3233 of addresses with subtle differences. You can do this 3234 using plussed users. For example, a client might include 3235 the alias: 3236 3237 root: root+client1@server 3238 3239 On the server, this will match an alias for "root+client1". 3240 If that is not found, the alias "root+*" will be tried, 3241 then "root". 3242 3243 3244+----------------+ 3245| SECURITY NOTES | 3246+----------------+ 3247 3248A lot of sendmail security comes down to you. Sendmail 8 is much 3249more careful about checking for security problems than previous 3250versions, but there are some things that you still need to watch 3251for. In particular: 3252 3253* Make sure the aliases file is not writable except by trusted 3254 system personnel. This includes both the text and database 3255 version. 3256 3257* Make sure that other files that sendmail reads, such as the 3258 mailertable, are only writable by trusted system personnel. 3259 3260* The queue directory should not be world writable PARTICULARLY 3261 if your system allows "file giveaways" (that is, if a non-root 3262 user can chown any file they own to any other user). 3263 3264* If your system allows file giveaways, DO NOT create a publically 3265 writable directory for forward files. This will allow anyone 3266 to steal anyone else's e-mail. Instead, create a script that 3267 copies the .forward file from users' home directories once a 3268 night (if you want the non-NFS-mounted forward directory). 3269 3270* If your system allows file giveaways, you'll find that 3271 sendmail is much less trusting of :include: files -- in 3272 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in 3273 /etc/shells before they will be trusted (that is, before 3274 files and programs listed in them will be honored). 3275 3276In general, file giveaways are a mistake -- if you can turn them 3277off, do so. 3278 3279 3280+--------------------------------+ 3281| TWEAKING CONFIGURATION OPTIONS | 3282+--------------------------------+ 3283 3284There are a large number of configuration options that don't normally 3285need to be changed. However, if you feel you need to tweak them, 3286you can define the following M4 variables. Note that some of these 3287variables require formats that are defined in RFC 2821 or RFC 2822. 3288Before changing them you need to make sure you do not violate those 3289(and other relevant) RFCs. 3290 3291This list is shown in four columns: the name you define, the default 3292value for that definition, the option or macro that is affected 3293(either Ox for an option or Dx for a macro), and a brief description. 3294 3295Some options are likely to be deprecated in future versions -- that is, 3296the option is only included to provide back-compatibility. These are 3297marked with "*". 3298 3299Remember that these options are M4 variables, and hence may need to 3300be quoted. In particular, arguments with commas will usually have to 3301be ``double quoted, like this phrase'' to avoid having the comma 3302confuse things. This is common for alias file definitions and for 3303the read timeout. 3304 3305M4 Variable Name Configuration [Default] & Description 3306================ ============= ======================= 3307confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used 3308 for internally generated outgoing 3309 messages. 3310confDOMAIN_NAME $j macro If defined, sets $j. This should 3311 only be done if your system cannot 3312 determine your local domain name, 3313 and then it should be set to 3314 $w.Foo.COM, where Foo.COM is your 3315 domain name. 3316confCF_VERSION $Z macro If defined, this is appended to the 3317 configuration version name. 3318confLDAP_CLUSTER ${sendmailMTACluster} macro 3319 If defined, this is the LDAP 3320 cluster to use for LDAP searches 3321 as described above in ``USING LDAP 3322 FOR ALIASES, MAPS, AND CLASSES''. 3323confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an 3324 internally generated From: address. 3325confRECEIVED_HEADER Received: 3326 [$?sfrom $s $.$?_($?s$|from $.$_) 3327 $.$?{auth_type}(authenticated) 3328 $.by $j ($v/$Z)$?r with $r$. id $i$?u 3329 for $u; $|; 3330 $.$b] 3331 The format of the Received: header 3332 in messages passed through this host. 3333 It is unwise to try to change this. 3334confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an 3335 internally generated Message-Id: 3336 header. 3337confCW_FILE Fw class [/etc/mail/local-host-names] Name 3338 of file used to get the local 3339 additions to class {w} (local host 3340 names). 3341confCT_FILE Ft class [/etc/mail/trusted-users] Name of 3342 file used to get the local additions 3343 to class {t} (trusted users). 3344confCR_FILE FR class [/etc/mail/relay-domains] Name of 3345 file used to get the local additions 3346 to class {R} (hosts allowed to relay). 3347confTRUSTED_USERS Ct class [no default] Names of users to add to 3348 the list of trusted users. This list 3349 always includes root, uucp, and daemon. 3350 See also FEATURE(`use_ct_file'). 3351confTRUSTED_USER TrustedUser [no default] Trusted user for file 3352 ownership and starting the daemon. 3353 Not to be confused with 3354 confTRUSTED_USERS (see above). 3355confSMTP_MAILER - [esmtp] The mailer name used when 3356 SMTP connectivity is required. 3357 One of "smtp", "smtp8", 3358 "esmtp", or "dsmtp". 3359confUUCP_MAILER - [uucp-old] The mailer to be used by 3360 default for bang-format recipient 3361 addresses. See also discussion of 3362 class {U}, class {Y}, and class {Z} 3363 in the MAILER(`uucp') section. 3364confLOCAL_MAILER - [local] The mailer name used when 3365 local connectivity is required. 3366 Almost always "local". 3367confRELAY_MAILER - [relay] The default mailer name used 3368 for relaying any mail (e.g., to a 3369 BITNET_RELAY, a SMART_HOST, or 3370 whatever). This can reasonably be 3371 "uucp-new" if you are on a 3372 UUCP-connected site. 3373confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? 3374confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling 3375confALIAS_WAIT AliasWait [10m] Time to wait for alias file 3376 rebuild until you get bored and 3377 decide that the apparently pending 3378 rebuild failed. 3379confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on 3380 queue filesystem to accept SMTP mail. 3381 (Prior to 8.7 this was minfree/maxsize, 3382 where minfree was the number of free 3383 blocks and maxsize was the maximum 3384 message size. Use confMAX_MESSAGE_SIZE 3385 for the second value now.) 3386confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages 3387 that will be accepted (in bytes). 3388confBLANK_SUB BlankSub [.] Blank (space) substitution 3389 character. 3390confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately 3391 to mailers marked expensive. 3392confCHECKPOINT_INTERVAL CheckpointInterval 3393 [10] Checkpoint queue files every N 3394 recipients. 3395confDELIVERY_MODE DeliveryMode [background] Default delivery mode. 3396confERROR_MODE ErrorMode [print] Error message mode. 3397confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. 3398confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. 3399confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. 3400confMATCH_GECOS MatchGECOS [False] Match GECOS field. 3401confMAX_HOP MaxHopCount [25] Maximum hop count. 3402confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd 3403 mode] Ignore dot as terminator for 3404 incoming messages? 3405confBIND_OPTS ResolverOptions [undefined] Default options for DNS 3406 resolver. 3407confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- 3408 encapsulated messages per RFC 1344. 3409confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] 3410 The colon-separated list of places to 3411 search for .forward files. N.B.: see 3412 the Security Notes section. 3413confMCI_CACHE_SIZE ConnectionCacheSize 3414 [2] Size of open connection cache. 3415confMCI_CACHE_TIMEOUT ConnectionCacheTimeout 3416 [5m] Open connection cache timeout. 3417confHOST_STATUS_DIRECTORY HostStatusDirectory 3418 [undefined] If set, host status is kept 3419 on disk between sendmail runs in the 3420 named directory tree. This need not be 3421 a full pathname, in which case it is 3422 interpreted relative to the queue 3423 directory. 3424confSINGLE_THREAD_DELIVERY SingleThreadDelivery 3425 [False] If this option and the 3426 HostStatusDirectory option are both 3427 set, single thread deliveries to other 3428 hosts. That is, don't allow any two 3429 sendmails on this host to connect 3430 simultaneously to any other single 3431 host. This can slow down delivery in 3432 some cases, in particular since a 3433 cached but otherwise idle connection 3434 to a host will prevent other sendmails 3435 from connecting to the other host. 3436confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to 3437 deliver error messages. This should 3438 not be necessary because of general 3439 acceptance of the envelope/header 3440 distinction. 3441confLOG_LEVEL LogLevel [9] Log level. 3442confME_TOO MeToo [True] Include sender in group 3443 expansions. This option is 3444 deprecated and will be removed from 3445 a future version. 3446confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when 3447 running newaliases. Since this does 3448 DNS lookups on every address, it can 3449 slow down the alias rebuild process 3450 considerably on large alias files. 3451confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without 3452 special chars are old style. 3453confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. 3454confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional 3455 copies of all error messages. 3456confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. 3457confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for 3458 queue files (octal). If not set, 3459 sendmail uses 0600 unless its real 3460 and effective uid are different in 3461 which case it uses 0644. 3462confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr 3463 syntax addresses to the minimum 3464 possible. 3465confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk 3466 before forking. 3467confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response 3468 on the initial connect. 3469confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial 3470 connect() to complete. This can only 3471 shorten connection timeouts; the kernel 3472 silently enforces an absolute maximum 3473 (which varies depending on the system). 3474confTO_ICONNECT Timeout.iconnect 3475 [undefined] Like Timeout.connect, but 3476 applies only to the very first attempt 3477 to connect to a host in a message. 3478 This allows a single very fast pass 3479 followed by more careful delivery 3480 attempts in the future. 3481confTO_ACONNECT Timeout.aconnect 3482 [0] The overall timeout waiting for 3483 all connection for a single delivery 3484 attempt to succeed. If 0, no overall 3485 limit is applied. 3486confTO_HELO Timeout.helo [5m] The timeout waiting for a response 3487 to a HELO or EHLO command. 3488confTO_MAIL Timeout.mail [10m] The timeout waiting for a 3489 response to the MAIL command. 3490confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response 3491 to the RCPT command. 3492confTO_DATAINIT Timeout.datainit 3493 [5m] The timeout waiting for a 354 3494 response from the DATA command. 3495confTO_DATABLOCK Timeout.datablock 3496 [1h] The timeout waiting for a block 3497 during DATA phase. 3498confTO_DATAFINAL Timeout.datafinal 3499 [1h] The timeout waiting for a response 3500 to the final "." that terminates a 3501 message. 3502confTO_RSET Timeout.rset [5m] The timeout waiting for a response 3503 to the RSET command. 3504confTO_QUIT Timeout.quit [2m] The timeout waiting for a response 3505 to the QUIT command. 3506confTO_MISC Timeout.misc [2m] The timeout waiting for a response 3507 to other SMTP commands. 3508confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout 3509 waiting for a command to be issued. 3510confTO_IDENT Timeout.ident [5s] The timeout waiting for a 3511 response to an IDENT query. 3512confTO_FILEOPEN Timeout.fileopen 3513 [60s] The timeout waiting for a file 3514 (e.g., :include: file) to be opened. 3515confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response 3516 to an LMTP LHLO command. 3517confTO_STARTTLS Timeout.starttls 3518 [1h] The timeout waiting for a 3519 response to an SMTP STARTTLS command. 3520confTO_CONTROL Timeout.control 3521 [2m] The timeout for a complete 3522 control socket transaction to complete. 3523confTO_QUEUERETURN Timeout.queuereturn 3524 [5d] The timeout before a message is 3525 returned as undeliverable. 3526confTO_QUEUERETURN_NORMAL 3527 Timeout.queuereturn.normal 3528 [undefined] As above, for normal 3529 priority messages. 3530confTO_QUEUERETURN_URGENT 3531 Timeout.queuereturn.urgent 3532 [undefined] As above, for urgent 3533 priority messages. 3534confTO_QUEUERETURN_NONURGENT 3535 Timeout.queuereturn.non-urgent 3536 [undefined] As above, for non-urgent 3537 (low) priority messages. 3538confTO_QUEUERETURN_DSN 3539 Timeout.queuereturn.dsn 3540 [undefined] As above, for delivery 3541 status notification messages. 3542confTO_QUEUEWARN Timeout.queuewarn 3543 [4h] The timeout before a warning 3544 message is sent to the sender telling 3545 them that the message has been 3546 deferred. 3547confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal 3548 [undefined] As above, for normal 3549 priority messages. 3550confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent 3551 [undefined] As above, for urgent 3552 priority messages. 3553confTO_QUEUEWARN_NONURGENT 3554 Timeout.queuewarn.non-urgent 3555 [undefined] As above, for non-urgent 3556 (low) priority messages. 3557confTO_QUEUEWARN_DSN 3558 Timeout.queuewarn.dsn 3559 [undefined] As above, for delivery 3560 status notification messages. 3561confTO_HOSTSTATUS Timeout.hoststatus 3562 [30m] How long information about host 3563 statuses will be maintained before it 3564 is considered stale and the host should 3565 be retried. This applies both within 3566 a single queue run and to persistent 3567 information (see below). 3568confTO_RESOLVER_RETRANS Timeout.resolver.retrans 3569 [varies] Sets the resolver's 3570 retransmission time interval (in 3571 seconds). Sets both 3572 Timeout.resolver.retrans.first and 3573 Timeout.resolver.retrans.normal. 3574confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 3575 [varies] Sets the resolver's 3576 retransmission time interval (in 3577 seconds) for the first attempt to 3578 deliver a message. 3579confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 3580 [varies] Sets the resolver's 3581 retransmission time interval (in 3582 seconds) for all resolver lookups 3583 except the first delivery attempt. 3584confTO_RESOLVER_RETRY Timeout.resolver.retry 3585 [varies] Sets the number of times 3586 to retransmit a resolver query. 3587 Sets both 3588 Timeout.resolver.retry.first and 3589 Timeout.resolver.retry.normal. 3590confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 3591 [varies] Sets the number of times 3592 to retransmit a resolver query for 3593 the first attempt to deliver a 3594 message. 3595confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 3596 [varies] Sets the number of times 3597 to retransmit a resolver query for 3598 all resolver lookups except the 3599 first delivery attempt. 3600confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be 3601 USE_SYSTEM to use the system's idea, 3602 USE_TZ to use the user's TZ envariable, 3603 or something else to force that value. 3604confDEF_USER_ID DefaultUser [1:1] Default user id. 3605confUSERDB_SPEC UserDatabaseSpec 3606 [undefined] User database 3607 specification. 3608confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. 3609confFALLBACK_SMARTHOST FallbackSmartHost 3610 [undefined] Fallback smart host. 3611confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX 3612 for a host and other arrangements 3613 haven't been made, try connecting 3614 to the host directly; normally this 3615 would be a config error. 3616confQUEUE_LA QueueLA [varies] Load average at which 3617 queue-only function kicks in. 3618 Default values is (8 * numproc) 3619 where numproc is the number of 3620 processors online (if that can be 3621 determined). 3622confREFUSE_LA RefuseLA [varies] Load average at which 3623 incoming SMTP connections are 3624 refused. Default values is (12 * 3625 numproc) where numproc is the 3626 number of processors online (if 3627 that can be determined). 3628confREJECT_LOG_INTERVAL RejectLogInterval [3h] Log interval when 3629 refusing connections for this long. 3630confDELAY_LA DelayLA [0] Load average at which sendmail 3631 will sleep for one second on most 3632 SMTP commands and before accepting 3633 connections. 0 means no limit. 3634confMAX_ALIAS_RECURSION MaxAliasRecursion 3635 [10] Maximum depth of alias recursion. 3636confMAX_DAEMON_CHILDREN MaxDaemonChildren 3637 [undefined] The maximum number of 3638 children the daemon will permit. After 3639 this number, connections will be 3640 rejected. If not set or <= 0, there is 3641 no limit. 3642confMAX_HEADERS_LENGTH MaxHeadersLength 3643 [32768] Maximum length of the sum 3644 of all headers. 3645confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 3646 [undefined] Maximum length of 3647 certain MIME header field values. 3648confCONNECTION_RATE_THROTTLE ConnectionRateThrottle 3649 [undefined] The maximum number of 3650 connections permitted per second per 3651 daemon. After this many connections 3652 are accepted, further connections 3653 will be delayed. If not set or <= 0, 3654 there is no limit. 3655confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize 3656 [60s] Define the length of the 3657 interval for which the number of 3658 incoming connections is maintained. 3659confWORK_RECIPIENT_FACTOR 3660 RecipientFactor [30000] Cost of each recipient. 3661confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a 3662 separate process. 3663confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. 3664confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. 3665confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: 3666 Priority, Host, Filename, Random, 3667 Modification, or Time. 3668confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job 3669 must sit in the queue between queue 3670 runs. This allows you to set the 3671 queue run interval low for better 3672 responsiveness without trying all 3673 jobs in each run. 3674confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting 3675 unlabeled 8 bit input to MIME, the 3676 character set to use by default. 3677confSERVICE_SWITCH_FILE ServiceSwitchFile 3678 [/etc/mail/service.switch] The file 3679 to use for the service switch on 3680 systems that do not have a 3681 system-defined switch. 3682confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing 3683 "file" type access of hosts names. 3684confDIAL_DELAY DialDelay [0s] If a connection fails, wait this 3685 long and try again. Zero means "don't 3686 retry". This is to allow "dial on 3687 demand" connections to have enough time 3688 to complete a connection. 3689confNO_RCPT_ACTION NoRecipientAction 3690 [none] What to do if there are no legal 3691 recipient fields (To:, Cc: or Bcc:) 3692 in the message. Legal values can 3693 be "none" to just leave the 3694 nonconforming message as is, "add-to" 3695 to add a To: header with all the 3696 known recipients (which may expose 3697 blind recipients), "add-apparently-to" 3698 to do the same but use Apparently-To: 3699 instead of To: (strongly discouraged 3700 in accordance with IETF standards), 3701 "add-bcc" to add an empty Bcc: 3702 header, or "add-to-undisclosed" to 3703 add the header 3704 ``To: undisclosed-recipients:;''. 3705confSAFE_FILE_ENV SafeFileEnvironment 3706 [undefined] If set, sendmail will do a 3707 chroot() into this directory before 3708 writing files. 3709confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] 3710 If set, colons are treated as a regular 3711 character in addresses. If not set, 3712 they are treated as the introducer to 3713 the RFC 822 "group" syntax. Colons are 3714 handled properly in route-addrs. This 3715 option defaults on for V5 and lower 3716 configuration files. 3717confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of 3718 any given queue run to this number of 3719 entries. Essentially, this will stop 3720 reading each queue directory after this 3721 number of entries are reached; it does 3722 _not_ pick the highest priority jobs, 3723 so this should be as large as your 3724 system can tolerate. If not set, there 3725 is no limit. 3726confMAX_QUEUE_CHILDREN MaxQueueChildren 3727 [undefined] Limits the maximum number 3728 of concurrent queue runners active. 3729 This is to keep system resources used 3730 within a reasonable limit. Relates to 3731 Queue Groups and ForkEachJob. 3732confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 3733 [1] Only active when MaxQueueChildren 3734 defined. Controls the maximum number 3735 of queue runners (aka queue children) 3736 active at the same time in a work 3737 group. See also MaxQueueChildren. 3738confDONT_EXPAND_CNAMES DontExpandCnames 3739 [False] If set, $[ ... $] lookups that 3740 do DNS based lookups do not expand 3741 CNAME records. This currently violates 3742 the published standards, but the IETF 3743 seems to be moving toward legalizing 3744 this. For example, if "FTP.Foo.ORG" 3745 is a CNAME for "Cruft.Foo.ORG", then 3746 with this option set a lookup of 3747 "FTP" will return "FTP.Foo.ORG"; if 3748 clear it returns "Cruft.FOO.ORG". N.B. 3749 you may not see any effect until your 3750 downstream neighbors stop doing CNAME 3751 lookups as well. 3752confFROM_LINE UnixFromLine [From $g $d] The From_ line used 3753 when sending to files or programs. 3754confSINGLE_LINE_FROM_HEADER SingleLineFromHeader 3755 [False] From: lines that have 3756 embedded newlines are unwrapped 3757 onto one line. 3758confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that 3759 does not include a host name. 3760confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full 3761 name phrase (@,;:\()[] are automatic). 3762confOPERATORS OperatorChars [.:%@!^/[]+] Address operator 3763 characters. 3764confSMTP_LOGIN_MSG SmtpGreetingMessage 3765 [$j Sendmail $v/$Z; $b] 3766 The initial (spontaneous) SMTP 3767 greeting message. The word "ESMTP" 3768 will be inserted between the first and 3769 second words to convince other 3770 sendmails to try to speak ESMTP. 3771confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) 3772 routine will never be invoked. You 3773 might want to do this if you are 3774 running NIS and you have a large group 3775 map, since this call does a sequential 3776 scan of the map; in a large site this 3777 can cause your ypserv to run 3778 essentially full time. If you set 3779 this, agents run on behalf of users 3780 will only have their primary 3781 (/etc/passwd) group permissions. 3782confUNSAFE_GROUP_WRITES UnsafeGroupWrites 3783 [True] If set, group-writable 3784 :include: and .forward files are 3785 considered "unsafe", that is, programs 3786 and files cannot be directly referenced 3787 from such files. World-writable files 3788 are always considered unsafe. 3789 Notice: this option is deprecated and 3790 will be removed in future versions; 3791 Set GroupWritableForwardFileSafe 3792 and GroupWritableIncludeFileSafe in 3793 DontBlameSendmail if required. 3794confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection 3795 address (for testing). 3796confCONTROL_SOCKET_NAME ControlSocketName 3797 [undefined] Control socket for daemon 3798 management. 3799confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress 3800 [postmaster] If an error occurs when 3801 sending an error message, send that 3802 "double bounce" error message to this 3803 address. If it expands to an empty 3804 string, double bounces are dropped. 3805confSOFT_BOUNCE SoftBounce [False] If set, issue temporary errors 3806 (4xy) instead of permanent errors 3807 (5xy). This can be useful during 3808 testing of a new configuration to 3809 avoid erroneous bouncing of mails. 3810confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce 3811 messages which could not be returned 3812 to the user or sent to postmaster. 3813 If not set, the queue file will 3814 be renamed. 3815confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header 3816 implies DSN request. 3817confRUN_AS_USER RunAsUser [undefined] If set, become this user 3818 when reading and delivering mail. 3819 Causes all file reads (e.g., .forward 3820 and :include: files) to be done as 3821 this user. Also, all programs will 3822 be run as this user, and all output 3823 files will be written as this user. 3824confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage 3825 [infinite] If set, allow no more than 3826 the specified number of recipients in 3827 an SMTP envelope. Further recipients 3828 receive a 452 error code (i.e., they 3829 are deferred for the next delivery 3830 attempt). 3831confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified 3832 number of recipients in a single SMTP 3833 transaction have been rejected, sleep 3834 for one second after each subsequent 3835 RCPT command in that transaction. 3836confDONT_PROBE_INTERFACES DontProbeInterfaces 3837 [False] If set, sendmail will _not_ 3838 insert the names and addresses of any 3839 local interfaces into class {w} 3840 (list of known "equivalent" addresses). 3841 If you set this, you must also include 3842 some support for these addresses (e.g., 3843 in a mailertable entry) -- otherwise, 3844 mail to addresses in this list will 3845 bounce with a configuration error. 3846 If set to "loopback" (without 3847 quotes), sendmail will skip 3848 loopback interfaces (e.g., "lo0"). 3849confPID_FILE PidFile [system dependent] Location of pid 3850 file. 3851confPROCESS_TITLE_PREFIX ProcessTitlePrefix 3852 [undefined] Prefix string for the 3853 process title shown on 'ps' listings. 3854confDONT_BLAME_SENDMAIL DontBlameSendmail 3855 [safe] Override sendmail's file 3856 safety checks. This will definitely 3857 compromise system security and should 3858 not be used unless absolutely 3859 necessary. 3860confREJECT_MSG - [550 Access denied] The message 3861 given if the access database contains 3862 REJECT in the value portion. 3863confRELAY_MSG - [550 Relaying denied] The message 3864 given if an unauthorized relaying 3865 attempt is rejected. 3866confDF_BUFFER_SIZE DataFileBufferSize 3867 [4096] The maximum size of a 3868 memory-buffered data (df) file 3869 before a disk-based file is used. 3870confXF_BUFFER_SIZE XScriptFileBufferSize 3871 [4096] The maximum size of a 3872 memory-buffered transcript (xf) 3873 file before a disk-based file is 3874 used. 3875confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client 3876 verification is performed, i.e., 3877 the server doesn't ask for a 3878 certificate. 3879confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map 3880 specification for LDAP maps. The 3881 value should only contain LDAP 3882 specific settings such as "-h host 3883 -p port -d bindDN", etc. The 3884 settings will be used for all LDAP 3885 maps unless they are specified in 3886 the individual map specification 3887 ('K' command). 3888confCACERT_PATH CACertPath [undefined] Path to directory 3889 with certs of CAs. 3890confCACERT CACertFile [undefined] File containing one CA 3891 cert. 3892confSERVER_CERT ServerCertFile [undefined] File containing the 3893 cert of the server, i.e., this cert 3894 is used when sendmail acts as 3895 server. 3896confSERVER_KEY ServerKeyFile [undefined] File containing the 3897 private key belonging to the server 3898 cert. 3899confCLIENT_CERT ClientCertFile [undefined] File containing the 3900 cert of the client, i.e., this cert 3901 is used when sendmail acts as 3902 client. 3903confCLIENT_KEY ClientKeyFile [undefined] File containing the 3904 private key belonging to the client 3905 cert. 3906confCRL CRLFile [undefined] File containing certificate 3907 revocation status, useful for X.509v3 3908 authentication. Note that CRL requires 3909 at least OpenSSL version 0.9.7. 3910confDH_PARAMETERS DHParameters [undefined] File containing the 3911 DH parameters. 3912confRAND_FILE RandFile [undefined] File containing random 3913 data (use prefix file:) or the 3914 name of the UNIX socket if EGD is 3915 used (use prefix egd:). STARTTLS 3916 requires this option if the compile 3917 flag HASURANDOM is not set (see 3918 sendmail/README). 3919confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of 3920 queue runners is set the given value 3921 (nice(3)). 3922confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 3923 [undefined] Defines {daemon_flags} 3924 for direct submissions. 3925confUSE_MSP UseMSP [undefined] Use as mail submission 3926 program. 3927confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By 3928 SMTP Service Extension (RFC 2852). 3929confREQUIRES_DIR_FSYNC RequiresDirfsync [true] RequiresDirfsync can 3930 be used to turn off the compile time 3931 flag REQUIRES_DIR_FSYNC at runtime. 3932 See sendmail/README for details. 3933confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory. 3934confSHARED_MEMORY_KEY_FILE 3935 SharedMemoryKeyFile 3936 [undefined] File where the 3937 automatically selected key for 3938 shared memory is stored. 3939confFAST_SPLIT FastSplit [1] If set to a value greater than 3940 zero, the initial MX lookups on 3941 addresses is suppressed when they 3942 are sorted which may result in 3943 faster envelope splitting. If the 3944 mail is submitted directly from the 3945 command line, then the value also 3946 limits the number of processes to 3947 deliver the envelopes. 3948confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find 3949 information about local mailboxes. 3950confDEQUOTE_OPTS - [empty] Additional options for the 3951 dequote map. 3952confMAX_NOOP_COMMANDS MaxNOOPCommands [20] Maximum number of "useless" 3953 commands before the SMTP server 3954 will slow down responding. 3955confHELO_NAME HeloName If defined, use as name for EHLO/HELO 3956 command (instead of $j). 3957confINPUT_MAIL_FILTERS InputMailFilters 3958 A comma separated list of filters 3959 which determines which filters and 3960 the invocation sequence are 3961 contacted for incoming SMTP 3962 messages. If none are set, no 3963 filters will be contacted. 3964confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter 3965 actions, defaults to LogLevel. 3966confMILTER_MACROS_CONNECT Milter.macros.connect 3967 [j, _, {daemon_name}, {if_name}, 3968 {if_addr}] Macros to transmit to 3969 milters when a session connection 3970 starts. 3971confMILTER_MACROS_HELO Milter.macros.helo 3972 [{tls_version}, {cipher}, 3973 {cipher_bits}, {cert_subject}, 3974 {cert_issuer}] Macros to transmit to 3975 milters after HELO/EHLO command. 3976confMILTER_MACROS_ENVFROM Milter.macros.envfrom 3977 [i, {auth_type}, {auth_authen}, 3978 {auth_ssf}, {auth_author}, 3979 {mail_mailer}, {mail_host}, 3980 {mail_addr}] Macros to transmit to 3981 milters after MAIL FROM command. 3982confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 3983 [{rcpt_mailer}, {rcpt_host}, 3984 {rcpt_addr}] Macros to transmit to 3985 milters after RCPT TO command. 3986confMILTER_MACROS_EOM Milter.macros.eom 3987 [{msg_id}] Macros to transmit to 3988 milters after the terminating 3989 DATA '.' is received. 3990confMILTER_MACROS_EOH Milter.macros.eoh 3991 Macros to transmit to milters 3992 after the end of headers. 3993confMILTER_MACROS_DATA Milter.macros.data 3994 Macros to transmit to milters 3995 after DATA command is received. 3996 3997 3998See also the description of OSTYPE for some parameters that can be 3999tweaked (generally pathnames to mailers). 4000 4001ClientPortOptions and DaemonPortOptions are special cases since multiple 4002clients/daemons can be defined. This can be done via 4003 4004 CLIENT_OPTIONS(`field1=value1,field2=value2,...') 4005 DAEMON_OPTIONS(`field1=value1,field2=value2,...') 4006 4007Note that multiple CLIENT_OPTIONS() commands (and therefore multiple 4008ClientPortOptions settings) are allowed in order to give settings for each 4009protocol family (e.g., one for Family=inet and one for Family=inet6). A 4010restriction placed on one family only affects outgoing connections on that 4011particular family. 4012 4013If DAEMON_OPTIONS is not used, then the default is 4014 4015 DAEMON_OPTIONS(`Port=smtp, Name=MTA') 4016 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') 4017 4018If you use one DAEMON_OPTIONS macro, it will alter the parameters 4019of the first of these. The second will still be defaulted; it 4020represents a "Message Submission Agent" (MSA) as defined by RFC 40212476 (see below). To turn off the default definition for the MSA, 4022use FEATURE(`no_default_msa') (see also FEATURES). If you use 4023additional DAEMON_OPTIONS macros, they will add additional daemons. 4024 4025Example 1: To change the port for the SMTP listener, while 4026still using the MSA default, use 4027 DAEMON_OPTIONS(`Port=925, Name=MTA') 4028 4029Example 2: To change the port for the MSA daemon, while still 4030using the default SMTP port, use 4031 FEATURE(`no_default_msa') 4032 DAEMON_OPTIONS(`Name=MTA') 4033 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') 4034 4035Note that if the first of those DAEMON_OPTIONS lines were omitted, then 4036there would be no listener on the standard SMTP port. 4037 4038Example 3: To listen on both IPv4 and IPv6 interfaces, use 4039 4040 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') 4041 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') 4042 4043A "Message Submission Agent" still uses all of the same rulesets for 4044processing the message (and therefore still allows message rejection via 4045the check_* rulesets). In accordance with the RFC, the MSA will ensure 4046that all domains in envelope addresses are fully qualified if the message 4047is relayed to another MTA. It will also enforce the normal address syntax 4048rules and log error messages. Additionally, by using the M=a modifier you 4049can require authentication before messages are accepted by the MSA. 4050Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally, 4051the M=E modifier shown above disables ETRN as required by RFC 2476. 4052 4053Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() 4054commands: 4055 4056 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') 4057 MAIL_FILTER(`myfilter', `S=inet:3333@localhost') 4058 4059The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the 4060same order they were specified by also setting confINPUT_MAIL_FILTERS. A 4061filter can be defined without adding it to the input filter list by using 4062MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. 4063Alternatively, you can reset the list of filters and their order by setting 4064confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in 4065your .mc file. 4066 4067 4068+----------------------------+ 4069| MESSAGE SUBMISSION PROGRAM | 4070+----------------------------+ 4071 4072This section contains a list of caveats and 4073a few hints how for those who want to tweak the default configuration 4074for it (which is installed as submit.cf). 4075 4076Notice: do not add options/features to submit.mc unless you are 4077absolutely sure you need them. Options you may want to change 4078include: 4079 4080- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for 4081 avoiding X-Authentication warnings. 4082- confTIME_ZONE to change it from the default `USE_TZ'. 4083- confDELIVERY_MODE is set to interactive in msp.m4 instead 4084 of the default background mode. 4085- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses 4086 to the LOCAL_RELAY instead of the default relay. 4087 4088The MSP performs hostname canonicalization by default. Mail may end 4089up for various DNS related reasons in the MSP queue. This problem 4090can be minimized by using 4091 4092 FEATURE(`nocanonify', `canonify_hosts') 4093 define(`confDIRECT_SUBMISSION_MODIFIERS', `C') 4094 4095See the discussion about nocanonify for possible side effects. 4096 4097Some things are not intended to work with the MSP. These include 4098features that influence the delivery process (e.g., mailertable, 4099aliases), or those that are only important for a SMTP server (e.g., 4100virtusertable, DaemonPortOptions, multiple queues). Moreover, 4101relaxing certain restrictions (RestrictQueueRun, permissions on 4102queue directory) or adding features (e.g., enabling prog/file mailer) 4103can cause security problems. 4104 4105Other things don't work well with the MSP and require tweaking or 4106workarounds. 4107 4108The file and the map created by makemap should be owned by smmsp, 4109its group should be smmsp, and it should have mode 640. 4110 4111feature/msp.m4 defines almost all settings for the MSP. Most of 4112those should not be changed at all. Some of the features and options 4113can be overridden if really necessary. It is a bit tricky to do 4114this, because it depends on the actual way the option is defined 4115in feature/msp.m4. If it is directly defined (i.e., define()) then 4116the modified value must be defined after 4117 4118 FEATURE(`msp') 4119 4120If it is conditionally defined (i.e., ifdef()) then the desired 4121value must be defined before the FEATURE line in the .mc file. 4122To see how the options are defined read feature/msp.m4. 4123 4124 4125+--------------------------+ 4126| FORMAT OF FILES AND MAPS | 4127+--------------------------+ 4128 4129Files that define classes, i.e., F{classname}, consist of lines 4130each of which contains a single element of the class. For example, 4131/etc/mail/local-host-names may have the following content: 4132 4133my.domain 4134another.domain 4135 4136Maps must be created using makemap(8) , e.g., 4137 4138 makemap hash MAP < MAP 4139 4140In general, a text file from which a map is created contains lines 4141of the form 4142 4143key value 4144 4145where 'key' and 'value' are also called LHS and RHS, respectively. 4146By default, the delimiter between LHS and RHS is a non-empty sequence 4147of white space characters. 4148 4149 4150+------------------+ 4151| DIRECTORY LAYOUT | 4152+------------------+ 4153 4154Within this directory are several subdirectories, to wit: 4155 4156m4 General support routines. These are typically 4157 very important and should not be changed without 4158 very careful consideration. 4159 4160cf The configuration files themselves. They have 4161 ".mc" suffixes, and must be run through m4 to 4162 become complete. The resulting output should 4163 have a ".cf" suffix. 4164 4165ostype Definitions describing a particular operating 4166 system type. These should always be referenced 4167 using the OSTYPE macro in the .mc file. Examples 4168 include "bsd4.3", "bsd4.4", "sunos3.5", and 4169 "sunos4.1". 4170 4171domain Definitions describing a particular domain, referenced 4172 using the DOMAIN macro in the .mc file. These are 4173 site dependent; for example, "CS.Berkeley.EDU.m4" 4174 describes hosts in the CS.Berkeley.EDU subdomain. 4175 4176mailer Descriptions of mailers. These are referenced using 4177 the MAILER macro in the .mc file. 4178 4179sh Shell files used when building the .cf file from the 4180 .mc file in the cf subdirectory. 4181 4182feature These hold special orthogonal features that you might 4183 want to include. They should be referenced using 4184 the FEATURE macro. 4185 4186hack Local hacks. These can be referenced using the HACK 4187 macro. They shouldn't be of more than voyeuristic 4188 interest outside the .Berkeley.EDU domain, but who knows? 4189 4190siteconfig Site configuration -- e.g., tables of locally connected 4191 UUCP sites. 4192 4193 4194+------------------------+ 4195| ADMINISTRATIVE DETAILS | 4196+------------------------+ 4197 4198The following sections detail usage of certain internal parts of the 4199sendmail.cf file. Read them carefully if you are trying to modify 4200the current model. If you find the above descriptions adequate, these 4201should be {boring, confusing, tedious, ridiculous} (pick one or more). 4202 4203RULESETS (* means built in to sendmail) 4204 4205 0 * Parsing 4206 1 * Sender rewriting 4207 2 * Recipient rewriting 4208 3 * Canonicalization 4209 4 * Post cleanup 4210 5 * Local address rewrite (after aliasing) 4211 1x mailer rules (sender qualification) 4212 2x mailer rules (recipient qualification) 4213 3x mailer rules (sender header qualification) 4214 4x mailer rules (recipient header qualification) 4215 5x mailer subroutines (general) 4216 6x mailer subroutines (general) 4217 7x mailer subroutines (general) 4218 8x reserved 4219 90 Mailertable host stripping 4220 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 4221 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 4222 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 4223 4224 4225MAILERS 4226 4227 0 local, prog local and program mailers 4228 1 [e]smtp, relay SMTP channel 4229 2 uucp-* UNIX-to-UNIX Copy Program 4230 3 netnews Network News delivery 4231 4 fax Sam Leffler's HylaFAX software 4232 5 mail11 DECnet mailer 4233 4234 4235MACROS 4236 4237 A 4238 B Bitnet Relay 4239 C DECnet Relay 4240 D The local domain -- usually not needed 4241 E reserved for X.400 Relay 4242 F FAX Relay 4243 G 4244 H mail Hub (for mail clusters) 4245 I 4246 J 4247 K 4248 L Luser Relay 4249 M Masquerade (who you claim to be) 4250 N 4251 O 4252 P 4253 Q 4254 R Relay (for unqualified names) 4255 S Smart Host 4256 T 4257 U my UUCP name (if you have a UUCP connection) 4258 V UUCP Relay (class {V} hosts) 4259 W UUCP Relay (class {W} hosts) 4260 X UUCP Relay (class {X} hosts) 4261 Y UUCP Relay (all other hosts) 4262 Z Version number 4263 4264 4265CLASSES 4266 4267 A 4268 B domains that are candidates for bestmx lookup 4269 C 4270 D 4271 E addresses that should not seem to come from $M 4272 F hosts this system forward for 4273 G domains that should be looked up in genericstable 4274 H 4275 I 4276 J 4277 K 4278 L addresses that should not be forwarded to $R 4279 M domains that should be mapped to $M 4280 N host/domains that should not be mapped to $M 4281 O operators that indicate network operations (cannot be in local names) 4282 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. 4283 Q 4284 R domains this system is willing to relay (pass anti-spam filters) 4285 S 4286 T 4287 U locally connected UUCP hosts 4288 V UUCP hosts connected to relay $V 4289 W UUCP hosts connected to relay $W 4290 X UUCP hosts connected to relay $X 4291 Y locally connected smart UUCP hosts 4292 Z locally connected domain-ized UUCP hosts 4293 . the class containing only a dot 4294 [ the class containing only a left bracket 4295 4296 4297M4 DIVERSIONS 4298 4299 1 Local host detection and resolution 4300 2 Local Ruleset 3 additions 4301 3 Local Ruleset 0 additions 4302 4 UUCP Ruleset 0 additions 4303 5 locally interpreted names (overrides $R) 4304 6 local configuration (at top of file) 4305 7 mailer definitions 4306 8 DNS based blacklists 4307 9 special local rulesets (1 and 2) 4308 4309$Revision: 8.722 $, Last updated $Date: 2007/04/03 21:26:58 $ 4310ident "%Z%%M% %I% %E% SMI" 4311