xref: /titanic_44/usr/src/cmd/sendmail/cf/README (revision 1979231e1e29c981e5d1e6cee60f2db46d052b00)
1 
2 		SENDMAIL CONFIGURATION FILES
3 
4 This document describes the sendmail configuration files.  It
5 explains how to create a sendmail.cf file for use with sendmail.
6 It also describes how to set options for sendmail which are explained
7 in the Sendmail Installation and Operation guide, which can be found
8 on-line at http://www.sendmail.org/%7Eca/email/doc8.12/op.html .
9 Recall this URL throughout this document when references to
10 doc/op/op.* are made.
11 
12 Table of Content:
13 
14 INTRODUCTION AND EXAMPLE
15 A BRIEF INTRODUCTION TO M4
16 FILE LOCATIONS
17 OSTYPE
18 DOMAINS
19 MAILERS
20 FEATURES
21 HACKS
22 SITE CONFIGURATION
23 USING UUCP MAILERS
24 TWEAKING RULESETS
25 MASQUERADING AND RELAYING
26 USING LDAP FOR ALIASES, MAPS, AND CLASSES
27 LDAP ROUTING
28 ANTI-SPAM CONFIGURATION CONTROL
29 CONNECTION CONTROL
30 STARTTLS
31 ADDING NEW MAILERS OR RULESETS
32 ADDING NEW MAIL FILTERS
33 QUEUE GROUP DEFINITIONS
34 NON-SMTP BASED CONFIGURATIONS
35 WHO AM I?
36 ACCEPTING MAIL FOR MULTIPLE NAMES
37 USING MAILERTABLES
38 USING USERDB TO MAP FULL NAMES
39 MISCELLANEOUS SPECIAL FEATURES
40 SECURITY NOTES
41 TWEAKING CONFIGURATION OPTIONS
42 MESSAGE SUBMISSION PROGRAM
43 FORMAT OF FILES AND MAPS
44 DIRECTORY LAYOUT
45 ADMINISTRATIVE DETAILS
46 
47 
48 +--------------------------+
49 | INTRODUCTION AND EXAMPLE |
50 +--------------------------+
51 
52 Configuration files are contained in the subdirectory "cf", with a
53 suffix ".mc".  They must be run through "m4" to produce a ".cf" file.
54 You must pre-load "cf.m4":
55 
56 	m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
57 
58 Alternatively, you can simply:
59 
60 	cd ${CFDIR}/cf
61 	/usr/ccs/bin/make config.cf
62 
63 where ${CFDIR} is the root of the cf directory and config.mc is the
64 name of your configuration file.  If you are running a version of M4
65 that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
66 this, but the versions distributed with 4.4BSD and derivatives do not)
67 or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
68 For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
69 use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash!  For example:
70 
71 	m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
72 
73 Let's examine a typical .mc file:
74 
75 	divert(-1)
76 	#
77 	# Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
78 	#	All rights reserved.
79 	# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
80 	# Copyright (c) 1988, 1993
81 	#	The Regents of the University of California.  All rights reserved.
82 	#
83 	# By using this file, you agree to the terms and conditions set
84 	# forth in the LICENSE file which can be found at the top level of
85 	# the sendmail distribution.
86 	#
87 
88 	#
89 	#  This is a Berkeley-specific configuration file for HP-UX 9.x.
90 	#  It applies only to the Computer Science Division at Berkeley,
91 	#  and should not be used elsewhere.   It is provided on the sendmail
92 	#  distribution as a sample only.  To create your own configuration
93 	#  file, create an appropriate domain file in ../domain, change the
94 	#  `DOMAIN' macro below to reference that file, and copy the result
95 	#  to a name of your own choosing.
96 	#
97 	divert(0)
98 
99 The divert(-1) will delete the crud in the resulting output file.
100 The copyright notice can be replaced by whatever your lawyers require;
101 our lawyers require the one that is included in these files.  A copyleft
102 is a copyright by another name.  The divert(0) restores regular output.
103 
104 	VERSIONID(`<SCCS or RCS version id>')
105 
106 VERSIONID is a macro that stuffs the version information into the
107 resulting file.  You could use SCCS, RCS, CVS, something else, or
108 omit it completely.  This is not the same as the version id included
109 in SMTP greeting messages -- this is defined in m4/version.m4.
110 
111 	OSTYPE(`hpux9')dnl
112 
113 You must specify an OSTYPE to properly configure things such as the
114 pathname of the help and status files, the flags needed for the local
115 mailer, and other important things.  If you omit it, you will get an
116 error when you try to build the configuration.  Look at the ostype
117 directory for the list of known operating system types.
118 
119 	DOMAIN(`CS.Berkeley.EDU')dnl
120 
121 This example is specific to the Computer Science Division at Berkeley.
122 You can use "DOMAIN(`generic')" to get a sufficiently bland definition
123 that may well work for you, or you can create a customized domain
124 definition appropriate for your environment.
125 
126 	MAILER(`local')
127 	MAILER(`smtp')
128 
129 These describe the mailers used at the default CS site.  The local
130 mailer is always included automatically.  Beware: MAILER declarations
131 should only be followed by LOCAL_* sections.  The general rules are
132 that the order should be:
133 
134 	VERSIONID
135 	OSTYPE
136 	DOMAIN
137 	FEATURE
138 	local macro definitions
139 	MAILER
140 	LOCAL_CONFIG
141 	LOCAL_RULE_*
142 	LOCAL_RULESETS
143 
144 There are a few exceptions to this rule.  Local macro definitions which
145 influence a FEATURE() should be done before that feature.  For example,
146 a define(`PROCMAIL_MAILER_PATH', ...) should be done before
147 FEATURE(`local_procmail').
148 
149 
150 +----------------------------+
151 | A BRIEF INTRODUCTION TO M4 |
152 +----------------------------+
153 
154 Sendmail uses the M4 macro processor to ``compile'' the configuration
155 files.  The most important thing to know is that M4 is stream-based,
156 that is, it doesn't understand about lines.  For this reason, in some
157 places you may see the word ``dnl'', which stands for ``delete
158 through newline''; essentially, it deletes all characters starting
159 at the ``dnl'' up to and including the next newline character.  In
160 most cases sendmail uses this only to avoid lots of unnecessary
161 blank lines in the output.
162 
163 Other important directives are define(A, B) which defines the macro
164 ``A'' to have value ``B''.  Macros are expanded as they are read, so
165 one normally quotes both values to prevent expansion.  For example,
166 
167 	define(`SMART_HOST', `smart.foo.com')
168 
169 One word of warning:  M4 macros are expanded even in lines that appear
170 to be comments.  For example, if you have
171 
172 	# See FEATURE(`foo') above
173 
174 it will not do what you expect, because the FEATURE(`foo') will be
175 expanded.  This also applies to
176 
177 	# And then define the $X macro to be the return address
178 
179 because ``define'' is an M4 keyword.  If you want to use them, surround
180 them with directed quotes, `like this'.
181 
182 Since m4 uses single quotes (opening "`" and closing "'") to quote
183 arguments, those quotes can't be used in arguments.  For example,
184 it is not possible to define a rejection message containing a single
185 quote. Usually there are simple workarounds by changing those
186 messages; in the worst case it might be ok to change the value
187 directly in the generated .cf file, which however is not advised.
188 
189 +----------------+
190 | FILE LOCATIONS |
191 +----------------+
192 
193 sendmail 8.9 has introduced a new configuration directory for sendmail
194 related files, /etc/mail.  The new files available for sendmail 8.9 --
195 the class {R} /etc/mail/relay-domains and the access database
196 /etc/mail/access -- take advantage of this new directory.  Beginning with
197 8.10, all files will use this directory by default (some options may be
198 set by OSTYPE() files).  This new directory should help to restore
199 uniformity to sendmail's file locations.
200 
201 Below is a table of some of the common changes:
202 
203 Old filename			New filename
204 ------------			------------
205 /etc/bitdomain			/etc/mail/bitdomain
206 /etc/domaintable		/etc/mail/domaintable
207 /etc/genericstable		/etc/mail/genericstable
208 /etc/uudomain			/etc/mail/uudomain
209 /etc/virtusertable		/etc/mail/virtusertable
210 /etc/userdb			/etc/mail/userdb
211 
212 /etc/aliases			/etc/mail/aliases
213 /etc/sendmail/aliases		/etc/mail/aliases
214 /etc/ucbmail/aliases		/etc/mail/aliases
215 /usr/adm/sendmail/aliases	/etc/mail/aliases
216 /usr/lib/aliases		/etc/mail/aliases
217 /usr/lib/mail/aliases		/etc/mail/aliases
218 /usr/ucblib/aliases		/etc/mail/aliases
219 
220 /etc/sendmail.cw		/etc/mail/local-host-names
221 /etc/mail/sendmail.cw		/etc/mail/local-host-names
222 /etc/sendmail/sendmail.cw	/etc/mail/local-host-names
223 
224 /etc/sendmail.ct		/etc/mail/trusted-users
225 
226 /etc/sendmail.oE		/etc/mail/error-header
227 
228 /etc/sendmail.hf		/etc/mail/helpfile
229 /etc/mail/sendmail.hf		/etc/mail/helpfile
230 /usr/ucblib/sendmail.hf		/etc/mail/helpfile
231 /etc/ucbmail/sendmail.hf	/etc/mail/helpfile
232 /usr/lib/sendmail.hf		/etc/mail/helpfile
233 /usr/share/lib/sendmail.hf	/etc/mail/helpfile
234 /usr/share/misc/sendmail.hf	/etc/mail/helpfile
235 /share/misc/sendmail.hf		/etc/mail/helpfile
236 
237 /etc/service.switch		/etc/mail/service.switch
238 
239 /etc/sendmail.st		/etc/mail/statistics
240 /etc/mail/sendmail.st		/etc/mail/statistics
241 /etc/mailer/sendmail.st		/etc/mail/statistics
242 /etc/sendmail/sendmail.st	/etc/mail/statistics
243 /usr/lib/sendmail.st		/etc/mail/statistics
244 /usr/ucblib/sendmail.st		/etc/mail/statistics
245 
246 Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
247 to create the pathnames.  The default value of this variable is
248 `/etc/mail/'.  If you set this macro to a different value, you MUST include
249 a trailing slash.
250 
251 Notice: all filenames used in a .mc (or .cf) file should be absolute
252 (starting at the root, i.e., with '/').  Relative filenames most
253 likely cause surprises during operations (unless otherwise noted).
254 
255 
256 +--------+
257 | OSTYPE |
258 +--------+
259 
260 You MUST define an operating system environment, or the configuration
261 file build will puke.  There are several environments available; look
262 at the "ostype" directory for the current list.  This macro changes
263 things like the location of the alias file and queue directory.  Some
264 of these files are identical to one another.
265 
266 It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
267 In general, the OSTYPE macro should go immediately after any version
268 information, and MAILER definitions should always go last.
269 
270 Operating system definitions are usually easy to write.  They may define
271 the following variables (everything defaults, so an ostype file may be
272 empty).  Unfortunately, the list of configuration-supported systems is
273 not as broad as the list of source-supported systems, since many of
274 the source contributors do not include corresponding ostype files.
275 
276 ALIAS_FILE		[/etc/mail/aliases] The location of the text version
277 			of the alias file(s).  It can be a comma-separated
278 			list of names (but be sure you quote values with
279 			commas in them -- for example, use
280 				define(`ALIAS_FILE', `a,b')
281 			to get "a" and "b" both listed as alias files;
282 			otherwise the define() primitive only sees "a").
283 HELP_FILE		[/etc/mail/helpfile] The name of the file
284 			containing information printed in response to
285 			the SMTP HELP command.
286 QUEUE_DIR		[/var/spool/mqueue] The directory containing
287 			queue files.  To use multiple queues, supply
288 			a value ending with an asterisk.  For
289 			example, /var/spool/mqueue/qd* will use all of the
290 			directories or symbolic links to directories
291 			beginning with 'qd' in /var/spool/mqueue as queue
292 			directories.  The names 'qf', 'df', and 'xf' are
293 			reserved as specific subdirectories for the
294 			corresponding queue file types as explained in
295 			doc/op/op.me.  See also QUEUE GROUP DEFINITIONS.
296 MSP_QUEUE_DIR		[/var/spool/clientmqueue] The directory containing
297 			queue files for the MSP (Mail Submission Program).
298 STATUS_FILE		[/etc/mail/statistics] The file containing status
299 			information.
300 LOCAL_MAILER_PATH	[/bin/mail] The program used to deliver local mail.
301 LOCAL_MAILER_FLAGS	[Prmn9] The flags used by the local mailer.  The
302 			flags lsDFMAw5:/|@q are always included.
303 LOCAL_MAILER_ARGS	[mail -d $u] The arguments passed to deliver local
304 			mail.
305 LOCAL_MAILER_MAX	[undefined] If defined, the maximum size of local
306 			mail that you are willing to accept.
307 LOCAL_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
308 			messages to deliver in a single connection.  Only
309 			useful for LMTP local mailers.
310 LOCAL_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
311 			that ARRIVE from an address that resolves to the
312 			local mailer and which are converted to MIME will be
313 			labeled with this character set.
314 LOCAL_MAILER_EOL	[undefined] If defined, the string to use as the
315 			end of line for the local mailer.
316 LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
317 			[X-Unix] The DSN Diagnostic-Code value for the
318 			local mailer.  This should be changed with care.
319 LOCAL_SHELL_PATH	[/bin/sh] The shell used to deliver piped email.
320 LOCAL_SHELL_FLAGS	[eu9] The flags used by the shell mailer.  The
321 			flags lsDFM are always included.
322 LOCAL_SHELL_ARGS	[sh -c $u] The arguments passed to deliver "prog"
323 			mail.
324 LOCAL_SHELL_DIR		[$z:/] The directory search path in which the
325 			shell should run.
326 LOCAL_MAILER_QGRP	[undefined] The queue group for the local mailer.
327 SMTP_MAILER_FLAGS	[undefined] Flags added to SMTP mailer.  Default
328 			flags are `mDFMuX' for all SMTP-based mailers; the
329 			"esmtp" mailer adds `a'; "smtp8" adds `8'; and
330 			"dsmtp" adds `%'.
331 RELAY_MAILER_FLAGS	[undefined] Flags added to the relay mailer.  Default
332 			flags are `mDFMuX' for all SMTP-based mailers; the
333 			relay mailer adds `a8'.  If this is not defined,
334 			then SMTP_MAILER_FLAGS is used.
335 SMTP_MAILER_MAX		[undefined] The maximum size of messages that will
336 			be transported using the smtp, smtp8, esmtp, or dsmtp
337 			mailers.
338 SMTP_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
339 			messages to deliver in a single connection for the
340 			smtp, smtp8, esmtp, or dsmtp mailers.
341 SMTP_MAILER_MAXRCPTS	[undefined] If defined, the maximum number of
342 			recipients to deliver in a single connection for the
343 			smtp, smtp8, esmtp, or dsmtp mailers.
344 SMTP_MAILER_ARGS	[TCP $h] The arguments passed to the smtp mailer.
345 			About the only reason you would want to change this
346 			would be to change the default port.
347 ESMTP_MAILER_ARGS	[TCP $h] The arguments passed to the esmtp mailer.
348 SMTP8_MAILER_ARGS	[TCP $h] The arguments passed to the smtp8 mailer.
349 DSMTP_MAILER_ARGS	[TCP $h] The arguments passed to the dsmtp mailer.
350 RELAY_MAILER_ARGS	[TCP $h] The arguments passed to the relay mailer.
351 SMTP_MAILER_QGRP	[undefined] The queue group for the smtp mailer.
352 ESMTP_MAILER_QGRP	[undefined] The queue group for the esmtp mailer.
353 SMTP8_MAILER_QGRP	[undefined] The queue group for the smtp8 mailer.
354 DSMTP_MAILER_QGRP	[undefined] The queue group for the dsmtp mailer.
355 RELAY_MAILER_QGRP	[undefined] The queue group for the relay mailer.
356 RELAY_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
357 			messages to deliver in a single connection for the
358 			relay mailer.
359 SMTP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
360 			that ARRIVE from an address that resolves to one of
361 			the SMTP mailers and which are converted to MIME will
362 			be labeled with this character set.
363 UUCP_MAILER_PATH	[/usr/bin/uux] The program used to send UUCP mail.
364 UUCP_MAILER_FLAGS	[undefined] Flags added to UUCP mailer.  Default
365 			flags are `DFMhuU' (and `m' for uucp-new mailer,
366 			minus `U' for uucp-dom mailer).
367 UUCP_MAILER_ARGS	[uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
368 			passed to the UUCP mailer.
369 UUCP_MAILER_MAX		[100000] The maximum size message accepted for
370 			transmission by the UUCP mailers.
371 UUCP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
372 			that ARRIVE from an address that resolves to one of
373 			the UUCP mailers and which are converted to MIME will
374 			be labeled with this character set.
375 UUCP_MAILER_QGRP	[undefined] The queue group for the UUCP mailers.
376 PROCMAIL_MAILER_PATH	[/usr/local/bin/procmail] The path to the procmail
377 			program.  This is also used by
378 			FEATURE(`local_procmail').
379 PROCMAIL_MAILER_FLAGS	[SPhnu9] Flags added to Procmail mailer.  Flags
380 			DFM are always set.  This is NOT used by
381 			FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
382 			instead.
383 PROCMAIL_MAILER_ARGS	[procmail -Y -m $h $f $u] The arguments passed to
384 			the Procmail mailer.  This is NOT used by
385 			FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
386 			instead.
387 PROCMAIL_MAILER_MAX	[undefined] If set, the maximum size message that
388 			will be accepted by the procmail mailer.
389 PROCMAIL_MAILER_QGRP	[undefined] The queue group for the procmail mailer.
390 confEBINDIR		[/usr/libexec] The directory for executables.
391 			Currently used for FEATURE(`local_lmtp') and
392 			FEATURE(`smrsh').
393 LOCAL_PROG_QGRP		[undefined] The queue group for the prog mailer.
394 
395 Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
396 MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
397 of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
398 upper case) and change can be: flags that should be used directly
399 (thus overriding the default value), or if it starts with `+' (`-')
400 then those flags are added to (removed from) the default value.
401 Example:
402 
403 	MODIFY_MAILER_FLAGS(`LOCAL', `+e')
404 
405 will add the flag `e' to LOCAL_MAILER_FLAGS.  Notice: there are
406 several smtp mailers all of which are manipulated individually.
407 See the section MAILERS for the available mailer names.
408 WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
409 unconditionally, i.e., without respecting any definitions in an
410 OSTYPE setting.
411 
412 
413 +---------+
414 | DOMAINS |
415 +---------+
416 
417 You will probably want to collect domain-dependent defines into one
418 file, referenced by the DOMAIN macro.  For example, the Berkeley
419 domain file includes definitions for several internal distinguished
420 hosts:
421 
422 UUCP_RELAY	The host that will accept UUCP-addressed email.
423 		If not defined, all UUCP sites must be directly
424 		connected.
425 BITNET_RELAY	The host that will accept BITNET-addressed email.
426 		If not defined, the .BITNET pseudo-domain won't work.
427 DECNET_RELAY	The host that will accept DECNET-addressed email.
428 		If not defined, the .DECNET pseudo-domain and addresses
429 		of the form node::user will not work.
430 FAX_RELAY	The host that will accept mail to the .FAX pseudo-domain.
431 		The "fax" mailer overrides this value.
432 LOCAL_RELAY	The site that will handle unqualified names -- that
433 		is, names without an @domain extension.
434 		Normally MAIL_HUB is preferred for this function.
435 		LOCAL_RELAY is mostly useful in conjunction with
436 		FEATURE(`stickyhost') -- see the discussion of
437 		stickyhost below.  If not set, they are assumed to
438 		belong on this machine.  This allows you to have a
439 		central site to store a company- or department-wide
440 		alias database.  This only works at small sites,
441 		and only with some user agents.
442 LUSER_RELAY	The site that will handle lusers -- that is, apparently
443 		local names that aren't local accounts or aliases.  To
444 		specify a local user instead of a site, set this to
445 		``local:username''.
446 
447 Any of these can be either ``mailer:hostname'' (in which case the
448 mailer is the internal mailer name, such as ``uucp-new'' and the hostname
449 is the name of the host as appropriate for that mailer) or just a
450 ``hostname'', in which case a default mailer type (usually ``relay'',
451 a variant on SMTP) is used.  WARNING: if you have a wildcard MX
452 record matching your domain, you probably want to define these to
453 have a trailing dot so that you won't get the mail diverted back
454 to yourself.
455 
456 The domain file can also be used to define a domain name, if needed
457 (using "DD<domain>") and set certain site-wide features.  If all hosts
458 at your site masquerade behind one email name, you could also use
459 MASQUERADE_AS here.
460 
461 You do not have to define a domain -- in particular, if you are a
462 single machine sitting off somewhere, it is probably more work than
463 it's worth.  This is just a mechanism for combining "domain dependent
464 knowledge" into one place.
465 
466 
467 +---------+
468 | MAILERS |
469 +---------+
470 
471 There are fewer mailers supported in this version than the previous
472 version, owing mostly to a simpler world.  As a general rule, put the
473 MAILER definitions last in your .mc file.
474 
475 local		The local and prog mailers.  You will almost always
476 		need these; the only exception is if you relay ALL
477 		your mail to another site.  This mailer is included
478 		automatically.
479 
480 smtp		The Simple Mail Transport Protocol mailer.  This does
481 		not hide hosts behind a gateway or another other
482 		such hack; it assumes a world where everyone is
483 		running the name server.  This file actually defines
484 		five mailers: "smtp" for regular (old-style) SMTP to
485 		other servers, "esmtp" for extended SMTP to other
486 		servers, "smtp8" to do SMTP to other servers without
487 		converting 8-bit data to MIME (essentially, this is
488 		your statement that you know the other end is 8-bit
489 		clean even if it doesn't say so), "dsmtp" to do on
490 		demand delivery, and "relay" for transmission to the
491 		RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
492 
493 uucp		The UNIX-to-UNIX Copy Program mailer.  Actually, this
494 		defines two mailers, "uucp-old" (a.k.a. "uucp") and
495 		"uucp-new" (a.k.a. "suucp").  The latter is for when you
496 		know that the UUCP mailer at the other end can handle
497 		multiple recipients in one transfer.  If the smtp mailer
498 		is included in your configuration, two other mailers
499 		("uucp-dom" and "uucp-uudom") are also defined [warning: you
500 		MUST specify MAILER(`smtp') before MAILER(`uucp')].  When you
501 		include the uucp mailer, sendmail looks for all names in
502 		class {U} and sends them to the uucp-old mailer; all
503 		names in class {Y} are sent to uucp-new; and all
504 		names in class {Z} are sent to uucp-uudom.  Note that
505 		this is a function of what version of rmail runs on
506 		the receiving end, and hence may be out of your control.
507 		See the section below describing UUCP mailers in more
508 		detail.
509 
510 procmail	An interface to procmail (does not come with sendmail).
511 		This is designed to be used in mailertables.  For example,
512 		a common question is "how do I forward all mail for a given
513 		domain to a single person?".  If you have this mailer
514 		defined, you could set up a mailertable reading:
515 
516 			host.com	procmail:/etc/procmailrcs/host.com
517 
518 		with the file /etc/procmailrcs/host.com reading:
519 
520 			:0	# forward mail for host.com
521 			! -oi -f $1 person@other.host
522 
523 		This would arrange for (anything)@host.com to be sent
524 		to person@other.host.  In a procmail script, $1 is the
525 		name of the sender and $2 is the name of the recipient.
526 		If you use this with FEATURE(`local_procmail'), the FEATURE
527 		should be listed first.
528 
529 		Of course there are other ways to solve this particular
530 		problem, e.g., a catch-all entry in a virtusertable.
531 
532 The local mailer accepts addresses of the form "user+detail", where
533 the "+detail" is not used for mailbox matching but is available
534 to certain local mail programs (in particular, see
535 FEATURE(`local_procmail')).  For example, "eric", "eric+sendmail", and
536 "eric+sww" all indicate the same user, but additional arguments <null>,
537 "sendmail", and "sww" may be provided for use in sorting mail.
538 
539 
540 +----------+
541 | FEATURES |
542 +----------+
543 
544 Special features can be requested using the "FEATURE" macro.  For
545 example, the .mc line:
546 
547 	FEATURE(`use_cw_file')
548 
549 tells sendmail that you want to have it read an /etc/mail/local-host-names
550 file to get values for class {w}.  A FEATURE may contain up to 9
551 optional parameters -- for example:
552 
553 	FEATURE(`mailertable', `dbm /usr/lib/mailertable')
554 
555 The default database map type for the table features can be set with
556 
557 	define(`DATABASE_MAP_TYPE', `dbm')
558 
559 which would set it to use ndbm databases.  The default is the Berkeley DB
560 hash database format.  Note that you must still declare a database map type
561 if you specify an argument to a FEATURE.  DATABASE_MAP_TYPE is only used
562 if no argument is given for the FEATURE.  It must be specified before any
563 feature that uses a map.
564 
565 Also, features which can take a map definition as an argument can also take
566 the special keyword `LDAP'.  If that keyword is used, the map will use the
567 LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
568 CLASSES'' section below.
569 
570 Available features are:
571 
572 use_cw_file	Read the file /etc/mail/local-host-names file to get
573 		alternate names for this host.  This might be used if you
574 		were on a host that MXed for a dynamic set of other hosts.
575 		If the set is static, just including the line "Cw<name1>
576 		<name2> ..." (where the names are fully qualified domain
577 		names) is probably superior.  The actual filename can be
578 		overridden by redefining confCW_FILE.
579 
580 use_ct_file	Read the file /etc/mail/trusted-users file to get the
581 		names of users that will be ``trusted'', that is, able to
582 		set their envelope from address using -f without generating
583 		a warning message.  The actual filename can be overridden
584 		by redefining confCT_FILE.
585 
586 redirect	Reject all mail addressed to "address.REDIRECT" with
587 		a ``551 User has moved; please try <address>'' message.
588 		If this is set, you can alias people who have left
589 		to their new address with ".REDIRECT" appended.
590 
591 nouucp		Don't route UUCP addresses.  This feature takes one
592 		parameter:
593 		`reject': reject addresses which have "!" in the local
594 			part unless it originates from a system
595 			that is allowed to relay.
596 		`nospecial': don't do anything special with "!".
597 		Warnings: 1. See the notice in the anti-spam section.
598 		2. don't remove "!" from OperatorChars if `reject' is
599 		given as parameter.
600 
601 nocanonify	Don't pass addresses to $[ ... $] for canonification
602 		by default, i.e., host/domain names are considered canonical,
603 		except for unqualified names, which must not be used in this
604 		mode (violation of the standard).  It can be changed by
605 		setting the DaemonPortOptions modifiers (M=).  That is,
606 		FEATURE(`nocanonify') will be overridden by setting the
607 		'c' flag.  Conversely, if FEATURE(`nocanonify') is not used,
608 		it can be emulated by setting the 'C' flag
609 		(DaemonPortOptions=Modifiers=C).  This would generally only
610 		be used by sites that only act as mail gateways or which have
611 		user agents that do full canonification themselves.  You may
612 		also want to use
613 		"define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
614 		the usual resolver options that do a similar thing.
615 
616 		An exception list for FEATURE(`nocanonify') can be
617 		specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
618 		i.e., a list of domains which are nevertheless passed to
619 		$[ ... $] for canonification.  This is useful to turn on
620 		canonification for local domains, e.g., use
621 		CANONIFY_DOMAIN(`my.domain my') to canonify addresses
622 		which end in "my.domain" or "my".
623 		Another way to require canonification in the local
624 		domain is CANONIFY_DOMAIN(`$=m').
625 
626 		A trailing dot is added to addresses with more than
627 		one component in it such that other features which
628 		expect a trailing dot (e.g., virtusertable) will
629 		still work.
630 
631 		If `canonify_hosts' is specified as parameter, i.e.,
632 		FEATURE(`nocanonify', `canonify_hosts'), then
633 		addresses which have only a hostname, e.g.,
634 		<user@host>, will be canonified (and hopefully fully
635 		qualified), too.
636 
637 stickyhost	This feature is sometimes used with LOCAL_RELAY,
638 		although it can be used for a different effect with
639 		MAIL_HUB.
640 
641 		When used without MAIL_HUB, email sent to
642 		"user@local.host" are marked as "sticky" -- that
643 		is, the local addresses aren't matched against UDB,
644 		don't go through ruleset 5, and are not forwarded to
645 		the LOCAL_RELAY (if defined).
646 
647 		With MAIL_HUB, mail addressed to "user@local.host"
648 		is forwarded to the mail hub, with the envelope
649 		address still remaining "user@local.host".
650 		Without stickyhost, the envelope would be changed
651 		to "user@mail_hub", in order to protect against
652 		mailing loops.
653 
654 mailertable	Include a "mailer table" which can be used to override
655 		routing for particular domains (which are not in class {w},
656 		i.e.  local host names).  The argument of the FEATURE may be
657 		the key definition.  If none is specified, the definition
658 		used is:
659 
660 			hash /etc/mail/mailertable
661 
662 		Keys in this database are fully qualified domain names
663 		or partial domains preceded by a dot -- for example,
664 		"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".  As a
665 		special case of the latter, "." matches any domain not
666 		covered by other keys.  Values must be of the form:
667 			mailer:domain
668 		where "mailer" is the internal mailer name, and "domain"
669 		is where to send the message.  These maps are not
670 		reflected into the message header.  As a special case,
671 		the forms:
672 			local:user
673 		will forward to the indicated user using the local mailer,
674 			local:
675 		will forward to the original user in the e-mail address
676 		using the local mailer, and
677 			error:code message
678 			error:D.S.N:code message
679 		will give an error message with the indicated SMTP reply
680 		code and message, where D.S.N is an RFC 1893 compliant
681 		error code.
682 
683 domaintable	Include a "domain table" which can be used to provide
684 		domain name mapping.  Use of this should really be
685 		limited to your own domains.  It may be useful if you
686 		change names (e.g., your company changes names from
687 		oldname.com to newname.com).  The argument of the
688 		FEATURE may be the key definition.  If none is specified,
689 		the definition used is:
690 
691 			hash /etc/mail/domaintable
692 
693 		The key in this table is the domain name; the value is
694 		the new (fully qualified) domain.  Anything in the
695 		domaintable is reflected into headers; that is, this
696 		is done in ruleset 3.
697 
698 bitdomain	Look up bitnet hosts in a table to try to turn them into
699 		internet addresses.  The table can be built using the
700 		bitdomain program contributed by John Gardiner Myers.
701 		The argument of the FEATURE may be the key definition; if
702 		none is specified, the definition used is:
703 
704 			hash /etc/mail/bitdomain
705 
706 		Keys are the bitnet hostname; values are the corresponding
707 		internet hostname.
708 
709 uucpdomain	Similar feature for UUCP hosts.  The default map definition
710 		is:
711 
712 			hash /etc/mail/uudomain
713 
714 		At the moment there is no automagic tool to build this
715 		database.
716 
717 always_add_domain
718 		Include the local host domain even on locally delivered
719 		mail.  Normally it is not added on unqualified names.
720 		However, if you use a shared message store but do not use
721 		the same user name space everywhere, you may need the host
722 		name on local names.  An optional argument specifies
723 		another domain to be added than the local.
724 
725 allmasquerade	If masquerading is enabled (using MASQUERADE_AS), this
726 		feature will cause recipient addresses to also masquerade
727 		as being from the masquerade host.  Normally they get
728 		the local hostname.  Although this may be right for
729 		ordinary users, it can break local aliases.  For example,
730 		if you send to "localalias", the originating sendmail will
731 		find that alias and send to all members, but send the
732 		message with "To: localalias@masqueradehost".  Since that
733 		alias likely does not exist, replies will fail.  Use this
734 		feature ONLY if you can guarantee that the ENTIRE
735 		namespace on your masquerade host supersets all the
736 		local entries.
737 
738 limited_masquerade
739 		Normally, any hosts listed in class {w} are masqueraded.  If
740 		this feature is given, only the hosts listed in class {M} (see
741 		below:  MASQUERADE_DOMAIN) are masqueraded.  This is useful
742 		if you have several domains with disjoint namespaces hosted
743 		on the same machine.
744 
745 masquerade_entire_domain
746 		If masquerading is enabled (using MASQUERADE_AS) and
747 		MASQUERADE_DOMAIN (see below) is set, this feature will
748 		cause addresses to be rewritten such that the masquerading
749 		domains are actually entire domains to be hidden.  All
750 		hosts within the masquerading domains will be rewritten
751 		to the masquerade name (used in MASQUERADE_AS).  For example,
752 		if you have:
753 
754 			MASQUERADE_AS(`masq.com')
755 			MASQUERADE_DOMAIN(`foo.org')
756 			MASQUERADE_DOMAIN(`bar.com')
757 
758 		then *foo.org and *bar.com are converted to masq.com.  Without
759 		this feature, only foo.org and bar.com are masqueraded.
760 
761 		    NOTE: only domains within your jurisdiction and
762 		    current hierarchy should be masqueraded using this.
763 
764 local_no_masquerade
765 		This feature prevents the local mailer from masquerading even
766 		if MASQUERADE_AS is used.  MASQUERADE_AS will only have effect
767 		on addresses of mail going outside the local domain.
768 
769 masquerade_envelope
770 		If masquerading is enabled (using MASQUERADE_AS) or the
771 		genericstable is in use, this feature will cause envelope
772 		addresses to also masquerade as being from the masquerade
773 		host.  Normally only the header addresses are masqueraded.
774 
775 genericstable	This feature will cause unqualified addresses (i.e., without
776 		a domain) and addresses with a domain listed in class {G}
777 		to be looked up in a map and turned into another ("generic")
778 		form, which can change both the domain name and the user name.
779 		Notice: if you use an MSP (as it is default starting with
780 		8.12), the MTA will only receive qualified addresses from the
781 		MSP (as required by the RFCs).  Hence you need to add your
782 		domain to class {G}.  This feature is similar to the userdb
783 		functionality.  The same types of addresses as for
784 		masquerading are looked up, i.e., only header sender
785 		addresses unless the allmasquerade and/or masquerade_envelope
786 		features are given.  Qualified addresses must have the domain
787 		part in class {G}; entries can be added to this class by the
788 		macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
789 		to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
790 
791 		The argument of FEATURE(`genericstable') may be the map
792 		definition; the default map definition is:
793 
794 			hash /etc/mail/genericstable
795 
796 		The key for this table is either the full address, the domain
797 		(with a leading @; the localpart is passed as first argument)
798 		or the unqualified username (tried in the order mentioned);
799 		the value is the new user address.  If the new user address
800 		does not include a domain, it will be qualified in the standard
801 		manner, i.e., using $j or the masquerade name.  Note that the
802 		address being looked up must be fully qualified.  For local
803 		mail, it is necessary to use FEATURE(`always_add_domain')
804 		for the addresses to be qualified.
805 		The "+detail" of an address is passed as %1, so entries like
806 
807 			old+*@foo.org	new+%1@example.com
808 			gen+*@foo.org	%1@example.com
809 
810 		and other forms are possible.
811 
812 generics_entire_domain
813 		If the genericstable is enabled and GENERICS_DOMAIN or
814 		GENERICS_DOMAIN_FILE is used, this feature will cause
815 		addresses to be searched in the map if their domain
816 		parts are subdomains of elements in class {G}.
817 
818 virtusertable	A domain-specific form of aliasing, allowing multiple
819 		virtual domains to be hosted on one machine.  For example,
820 		if the virtuser table contains:
821 
822 			info@foo.com	foo-info
823 			info@bar.com	bar-info
824 			joe@bar.com	error:nouser 550 No such user here
825 			jax@bar.com	error:5.7.0:550 Address invalid
826 			@baz.org	jane@example.net
827 
828 		then mail addressed to info@foo.com will be sent to the
829 		address foo-info, mail addressed to info@bar.com will be
830 		delivered to bar-info, and mail addressed to anyone at baz.org
831 		will be sent to jane@example.net, mail to joe@bar.com will
832 		be rejected with the specified error message, and mail to
833 		jax@bar.com will also have a RFC 1893 compliant error code
834 		5.7.0.
835 
836 		The username from the original address is passed
837 		as %1 allowing:
838 
839 			@foo.org	%1@example.com
840 
841 		meaning someone@foo.org will be sent to someone@example.com.
842 		Additionally, if the local part consists of "user+detail"
843 		then "detail" is passed as %2 and "+detail" is passed as %3
844 		when a match against user+* is attempted, so entries like
845 
846 			old+*@foo.org	new+%2@example.com
847 			gen+*@foo.org	%2@example.com
848 			+*@foo.org	%1%3@example.com
849 			X++@foo.org	Z%3@example.com
850 			@bar.org	%1%3
851 
852 		and other forms are possible.  Note: to preserve "+detail"
853 		for a default case (@domain) %1%3 must be used as RHS.
854 		There are two wildcards after "+": "+" matches only a non-empty
855 		detail, "*" matches also empty details, e.g., user+@foo.org
856 		matches +*@foo.org but not ++@foo.org.  This can be used
857 		to ensure that the parameters %2 and %3 are not empty.
858 
859 		All the host names on the left hand side (foo.com, bar.com,
860 		and baz.org) must be in class {w} or class {VirtHost}.  The
861 		latter can be defined by the macros VIRTUSER_DOMAIN or
862 		VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
863 		MASQUERADE_DOMAIN_FILE, see below).  If VIRTUSER_DOMAIN or
864 		VIRTUSER_DOMAIN_FILE is used, then the entries of class
865 		{VirtHost} are added to class {R}, i.e., relaying is allowed
866 		to (and from) those domains.  The default map definition is:
867 
868 			hash /etc/mail/virtusertable
869 
870 		A new definition can be specified as the second argument of
871 		the FEATURE macro, such as
872 
873 			FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
874 
875 virtuser_entire_domain
876 		If the virtusertable is enabled and VIRTUSER_DOMAIN or
877 		VIRTUSER_DOMAIN_FILE is used, this feature will cause
878 		addresses to be searched in the map if their domain
879 		parts are subdomains of elements in class {VirtHost}.
880 
881 ldap_routing	Implement LDAP-based e-mail recipient routing according to
882 		the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
883 		This provides a method to re-route addresses with a
884 		domain portion in class {LDAPRoute} to either a
885 		different mail host or a different address.  Hosts can
886 		be added to this class using LDAPROUTE_DOMAIN and
887 		LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
888 		MASQUERADE_DOMAIN_FILE, see below).
889 
890 		See the LDAP ROUTING section below for more information.
891 
892 nodns		If you aren't running DNS at your site (for example,
893 		you are UUCP-only connected).  It's hard to consider
894 		this a "feature", but hey, it had to go somewhere.
895 		Actually, as of 8.7 this is a no-op -- remove "dns" from
896 		the hosts service switch entry instead.
897 
898 nullclient	This is a special case -- it creates a configuration file
899 		containing nothing but support for forwarding all mail to a
900 		central hub via a local SMTP-based network.  The argument
901 		is the name of that hub.
902 
903 		The only other feature that should be used in conjunction
904 		with this one is FEATURE(`nocanonify').  No mailers
905 		should be defined.  No aliasing or forwarding is done.
906 
907 local_lmtp	Use an LMTP capable local mailer.  The argument to this
908 		feature is the pathname of an LMTP capable mailer.  By
909 		default, mail.local is used.  This is expected to be the
910 		mail.local which came with the 8.9 distribution which is
911 		LMTP capable.  The path to mail.local is set by the
912 		confEBINDIR m4 variable -- making the default
913 		LOCAL_MAILER_PATH /usr/libexec/mail.local.
914 		If a different LMTP capable mailer is used, its pathname
915 		can be specified as second parameter and the arguments
916 		passed to it (A=) as third parameter, e.g.,
917 
918 			FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
919 
920 		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
921 		i.e., without respecting any definitions in an OSTYPE setting.
922 
923 local_procmail	Use procmail or another delivery agent as the local mailer.
924 		The argument to this feature is the pathname of the
925 		delivery agent, which defaults to PROCMAIL_MAILER_PATH.
926 		Note that this does NOT use PROCMAIL_MAILER_FLAGS or
927 		PROCMAIL_MAILER_ARGS for the local mailer; tweak
928 		LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
929 		specify the appropriate parameters.  When procmail is used,
930 		the local mailer can make use of the
931 		"user+indicator@local.host" syntax; normally the +indicator
932 		is just tossed, but by default it is passed as the -a
933 		argument to procmail.
934 
935 		This feature can take up to three arguments:
936 
937 		1. Path to the mailer program
938 		   [default: /usr/local/bin/procmail]
939 		2. Argument vector including name of the program
940 		   [default: procmail -Y -a $h -d $u]
941 		3. Flags for the mailer [default: SPfhn9]
942 
943 		Empty arguments cause the defaults to be taken.
944 		Note that if you are on a system with a broken
945 		setreuid() call, you may need to add -f $f to the procmail
946 		argument vector to pass the proper sender to procmail.
947 
948 		For example, this allows it to use the maildrop
949 		(http://www.flounder.net/~mrsam/maildrop/) mailer instead
950 		by specifying:
951 
952 		FEATURE(`local_procmail', `/usr/local/bin/maildrop',
953 		 `maildrop -d $u')
954 
955 		or scanmails using:
956 
957 		FEATURE(`local_procmail', `/usr/local/bin/scanmails')
958 
959 		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
960 		i.e.,  without respecting any definitions in an OSTYPE setting.
961 
962 bestmx_is_local	Accept mail as though locally addressed for any host that
963 		lists us as the best possible MX record.  This generates
964 		additional DNS traffic, but should be OK for low to
965 		medium traffic hosts.  The argument may be a set of
966 		domains, which will limit the feature to only apply to
967 		these domains -- this will reduce unnecessary DNS
968 		traffic.  THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
969 		WILDCARD MX RECORDS!!!  If you have a wildcard MX record
970 		that matches your domain, you cannot use this feature.
971 
972 smrsh		Use the SendMail Restricted SHell (smrsh) provided
973 		with the distribution instead of /bin/sh for mailing
974 		to programs.  This improves the ability of the local
975 		system administrator to control what gets run via
976 		e-mail.  If an argument is provided it is used as the
977 		pathname to smrsh; otherwise, the path defined by
978 		confEBINDIR is used for the smrsh binary -- by default,
979 		/usr/libexec/smrsh is assumed.
980 
981 promiscuous_relay
982 		By default, the sendmail configuration files do not permit
983 		mail relaying (that is, accepting mail from outside your
984 		local host (class {w}) and sending it to another host than
985 		your local host).  This option sets your site to allow
986 		mail relaying from any site to any site.  In almost all
987 		cases, it is better to control relaying more carefully
988 		with the access map, class {R}, or authentication.  Domains
989 		can be added to class {R} by the macros RELAY_DOMAIN or
990 		RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
991 		MASQUERADE_DOMAIN_FILE, see below).
992 
993 relay_entire_domain
994 		This option allows any host in your domain as defined by
995 		class {m} to use your server for relaying.  Notice: make
996 		sure that your domain is not just a top level domain,
997 		e.g., com.  This can happen if you give your host a name
998 		like example.com instead of host.example.com.
999 
1000 relay_hosts_only
1001 		By default, names that are listed as RELAY in the access
1002 		db and class {R} are treated as domain names, not host names.
1003 		For example, if you specify ``foo.com'', then mail to or
1004 		from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1005 		will all be accepted for relaying.  This feature changes
1006 		the behaviour to lookup individual host names only.
1007 
1008 relay_based_on_MX
1009 		Turns on the ability to allow relaying based on the MX
1010 		records of the host portion of an incoming recipient; that
1011 		is, if an MX record for host foo.com points to your site,
1012 		you will accept and relay mail addressed to foo.com.  See
1013 		description below for more information before using this
1014 		feature.  Also, see the KNOWNBUGS entry regarding bestmx
1015 		map lookups.
1016 
1017 		FEATURE(`relay_based_on_MX') does not necessarily allow
1018 		routing of these messages which you expect to be allowed,
1019 		if route address syntax (or %-hack syntax) is used.  If
1020 		this is a problem, add entries to the access-table or use
1021 		FEATURE(`loose_relay_check').
1022 
1023 relay_mail_from
1024 		Allows relaying if the mail sender is listed as RELAY in
1025 		the access map.  If an optional argument `domain' (this
1026 		is the literal word `domain', not a placeholder) is given,
1027 		relaying can be allowed just based on the domain portion
1028 		of the sender address.  This feature should only be used if
1029 		absolutely necessary as the sender address can be easily
1030 		forged.  Use of this feature requires the "From:" tag to
1031 		be used for the key in the access map; see the discussion
1032 		of tags and FEATURE(`relay_mail_from') in the section on
1033 		anti-spam configuration control.
1034 
1035 relay_local_from
1036 		Allows relaying if the domain portion of the mail sender
1037 		is a local host.  This should only be used if absolutely
1038 		necessary as it opens a window for spammers.  Specifically,
1039 		they can send mail to your mail server that claims to be
1040 		from your domain (either directly or via a routed address),
1041 		and you will go ahead and relay it out to arbitrary hosts
1042 		on the Internet.
1043 
1044 accept_unqualified_senders
1045 		Normally, MAIL FROM: commands in the SMTP session will be
1046 		refused if the connection is a network connection and the
1047 		sender address does not include a domain name.  If your
1048 		setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1049 		you will need to use this feature to accept unqualified
1050 		sender addresses.  Setting the DaemonPortOptions modifier
1051 		'u' overrides the default behavior, i.e., unqualified
1052 		addresses are accepted even without this FEATURE.
1053 		If this FEATURE is not used, the DaemonPortOptions modifier
1054 		'f' can be used to enforce fully qualified addresses.
1055 
1056 accept_unresolvable_domains
1057 		Normally, MAIL FROM: commands in the SMTP session will be
1058 		refused if the host part of the argument to MAIL FROM:
1059 		cannot be located in the host name service (e.g., an A or
1060 		MX record in DNS).  If you are inside a firewall that has
1061 		only a limited view of the Internet host name space, this
1062 		could cause problems.  In this case you probably want to
1063 		use this feature to accept all domains on input, even if
1064 		they are unresolvable.
1065 
1066 access_db	Turns on the access database feature.  The access db gives
1067 		you the ability to allow or refuse to accept mail from
1068 		specified domains for administrative reasons.  Moreover,
1069 		it can control the behavior of sendmail in various situations.
1070 		By default, the access database specification is:
1071 
1072 			hash -T<TMPF> /etc/mail/access
1073 
1074 		See the anti-spam configuration control section for further
1075 		important information about this feature.  Notice:
1076 		"-T<TMPF>" is meant literal, do not replace it by anything.
1077 
1078 blacklist_recipients
1079 		Turns on the ability to block incoming mail for certain
1080 		recipient usernames, hostnames, or addresses.  For
1081 		example, you can block incoming mail to user nobody,
1082 		host foo.mydomain.com, or guest@bar.mydomain.com.
1083 		These specifications are put in the access db as
1084 		described in the anti-spam configuration control section
1085 		later in this document.
1086 
1087 delay_checks	The rulesets check_mail and check_relay will not be called
1088 		when a client connects or issues a MAIL command, respectively.
1089 		Instead, those rulesets will be called by the check_rcpt
1090 		ruleset; they will be skipped under certain circumstances.
1091 		See "Delay all checks" in the anti-spam configuration control
1092 		section.  Note: this feature is incompatible to the versions
1093 		in 8.10 and 8.11.
1094 
1095 use_client_ptr	If this feature is enabled then check_relay will override
1096 		its first argument with $&{client_ptr}.  This is useful for
1097 		rejections based on the unverified hostname of client,
1098 		which turns on the same behavior as in earlier sendmail
1099 		versions when delay_checks was not in use.  See doc/op/op.*
1100 		about check_relay, {client_name}, and {client_ptr}.
1101 
1102 dnsbl		Turns on rejection of hosts found in an DNS based rejection
1103 		list.  The first is used as the domain in which blocked
1104 		hosts are listed.  A second argument can be used to change
1105 		the default error message.  Without that second argument,
1106 		the error message will be
1107 			Rejected: IP-ADDRESS listed at SERVER
1108 		where IP-ADDRESS and SERVER are replaced by the appropriate
1109 		information.  By default, temporary lookup failures are
1110 		ignored.  This behavior can be changed by specifying a
1111 		third argument, which must be either `t' or a full error
1112 		message.  See the anti-spam configuration control section for
1113 		an example.  The dnsbl feature can be included several times
1114 		to query different DNS based rejection lists.  See also
1115 		enhdnsbl for an enhanced version.
1116 
1117 		Set the DNSBL_MAP mc option to change the default map
1118 		definition from `host'.  Set the DNSBL_MAP_OPT mc option
1119 		to add additional options to the map specification used.
1120 
1121 		Some DNS based rejection lists cause failures if asked
1122 		for AAAA records. If your sendmail version is compiled
1123 		with IPv6 support (NETINET6) and you experience this
1124 		problem, add
1125 
1126 			define(`DNSBL_MAP', `dns -R A')
1127 
1128 		before the first use of this feature.  Alternatively you
1129 		can use enhdnsbl instead (see below).  Moreover, this
1130 		statement can be used to reduce the number of DNS retries,
1131 		e.g.,
1132 
1133 			define(`DNSBL_MAP', `dns -R A -r2')
1134 
1135 		See below (EDNSBL_TO) for an explanation.
1136 
1137 enhdnsbl	Enhanced version of dnsbl (see above).  Further arguments
1138 		(up to 5) can be used to specify specific return values
1139 		from lookups.  Temporary lookup failures are ignored unless
1140 		a third argument is given, which must be either `t' or a full
1141 		error message.  By default, any successful lookup will
1142 		generate an error.  Otherwise the result of the lookup is
1143 		compared with the supplied argument(s), and only if a match
1144 		occurs an error is generated.  For example,
1145 
1146 		FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
1147 
1148 		will reject the e-mail if the lookup returns the value
1149 		``127.0.0.2.'', or generate a 451 response if the lookup
1150 		temporarily failed.  The arguments can contain metasymbols
1151 		as they are allowed in the LHS of rules.  As the example
1152 		shows, the default values are also used if an empty argument,
1153 		i.e., `', is specified.  This feature requires that sendmail
1154 		has been compiled with the flag DNSMAP (see sendmail/README).
1155 
1156 		Set the EDNSBL_TO mc option to change the DNS retry count
1157 		from the default value of 5, this can be very useful when
1158 		a DNS server is not responding, which in turn may cause
1159 		clients to time out (an entry stating
1160 
1161 			did not issue MAIL/EXPN/VRFY/ETRN
1162 
1163 		will be logged).
1164 
1165 ratecontrol	Enable simple ruleset to do connection rate control
1166 		checking.  This requires entries in access_db of the form
1167 
1168 			ClientRate:IP.ADD.RE.SS		LIMIT
1169 
1170 		The RHS specifies the maximum number of connections
1171 		(an integer number) over the time interval defined
1172 		by ConnectionRateWindowSize, where 0 means unlimited.
1173 
1174 		Take the following example:
1175 
1176 			ClientRate:10.1.2.3		4
1177 			ClientRate:127.0.0.1		0
1178 			ClientRate:			10
1179 
1180 		10.1.2.3 can only make up to 4 connections, the
1181 		general limit it 10, and 127.0.0.1 can make an unlimited
1182 		number of connections per ConnectionRateWindowSize.
1183 
1184 		See also CONNECTION CONTROL.
1185 
1186 conncontrol	Enable a simple check of the number of incoming SMTP
1187 		connections.  This requires entries in access_db of the
1188 		form
1189 
1190 			ClientConn:IP.ADD.RE.SS		LIMIT
1191 
1192 		The RHS specifies the maximum number of open connections
1193 		(an integer number).
1194 
1195 		Take the following example:
1196 
1197 			ClientConn:10.1.2.3		4
1198 			ClientConn:127.0.0.1		0
1199 			ClientConn:			10
1200 
1201 		10.1.2.3 can only have up to 4 open connections, the
1202 		general limit it 10, and 127.0.0.1 does not have any
1203 		explicit limit.
1204 
1205 		See also CONNECTION CONTROL.
1206 
1207 mtamark		Experimental support for "Marking Mail Transfer Agents in
1208 		Reverse DNS with TXT RRs" (MTAMark), see
1209 		draft-stumpf-dns-mtamark-01.  Optional arguments are:
1210 
1211 		1. Error message, default:
1212 
1213 			550 Rejected: $&{client_addr} not listed as MTA
1214 
1215 		2. Temporary lookup failures are ignored unless a second
1216 		argument is given, which must be either `t' or a full
1217 		error message.
1218 
1219 		3. Lookup prefix, default: _perm._smtp._srv.  This should
1220 		not be changed unless the draft changes it.
1221 
1222 		Example:
1223 
1224 			FEATURE(`mtamark', `', `t')
1225 
1226 lookupdotdomain	Look up also .domain in the access map.  This allows to
1227 		match only subdomains.  It does not work well with
1228 		FEATURE(`relay_hosts_only'), because most lookups for
1229 		subdomains are suppressed by the latter feature.
1230 
1231 loose_relay_check
1232 		Normally, if % addressing is used for a recipient, e.g.
1233 		user%site@othersite, and othersite is in class {R}, the
1234 		check_rcpt ruleset will strip @othersite and recheck
1235 		user@site for relaying.  This feature changes that
1236 		behavior.  It should not be needed for most installations.
1237 
1238 preserve_luser_host
1239 		Preserve the name of the recipient host if LUSER_RELAY is
1240 		used.  Without this option, the domain part of the
1241 		recipient address will be replaced by the host specified as
1242 		LUSER_RELAY.  This feature only works if the hostname is
1243 		passed to the mailer (see mailer triple in op.me).  Note
1244 		that in the default configuration the local mailer does not
1245 		receive the hostname, i.e., the mailer triple has an empty
1246 		hostname.
1247 
1248 preserve_local_plus_detail
1249 		Preserve the +detail portion of the address when passing
1250 		address to local delivery agent.  Disables alias and
1251 		.forward +detail stripping (e.g., given user+detail, only
1252 		that address will be looked up in the alias file; user+* and
1253 		user will not be looked up).  Only use if the local
1254 		delivery agent in use supports +detail addressing.
1255 
1256 compat_check	Enable ruleset check_compat to look up pairs of addresses
1257 		with the Compat: tag --	Compat:sender<@>recipient -- in the
1258 		access map.  Valid values for the RHS include
1259 			DISCARD	silently discard recipient
1260 			TEMP:	return a temporary error
1261 			ERROR:	return a permanent error
1262 		In the last two cases, a 4xy/5xy SMTP reply code should
1263 		follow the colon.
1264 
1265 no_default_msa	Don't generate the default MSA daemon, i.e.,
1266 		DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1267 		To define a MSA daemon with other parameters, use this
1268 		FEATURE and introduce new settings via DAEMON_OPTIONS().
1269 
1270 msp		Defines config file for Message Submission Program.
1271 		See cf/submit.mc for how
1272 		to use it.  An optional argument can be used to override
1273 		the default of `[localhost]' to use as host to send all
1274 		e-mails to.  Note that MX records will be used if the
1275 		specified hostname is not in square brackets (e.g.,
1276 		[hostname]).  If `MSA' is specified as second argument then
1277 		port 587 is used to contact the server.  Example:
1278 
1279 			FEATURE(`msp', `', `MSA')
1280 
1281 		Some more hints about possible changes can be found below
1282 		in the section MESSAGE SUBMISSION PROGRAM.
1283 
1284 		Note: Due to many problems, submit.mc uses
1285 
1286 			FEATURE(`msp', `[127.0.0.1]')
1287 
1288 		by default.  If you have a machine with IPv6 only,
1289 		change it to
1290 
1291 			FEATURE(`msp', `[IPv6:::1]')
1292 
1293 		If you want to continue using '[localhost]', (the behavior
1294 		up to 8.12.6), use
1295 
1296 			FEATURE(`msp')
1297 
1298 queuegroup	A simple example how to select a queue group based
1299 		on the full e-mail address or the domain of the
1300 		recipient.  Selection is done via entries in the
1301 		access map using the tag QGRP:, for example:
1302 
1303 			QGRP:example.com	main
1304 			QGRP:friend@some.org	others
1305 			QGRP:my.domain		local
1306 
1307 		where "main", "others", and "local" are names of
1308 		queue groups.  If an argument is specified, it is used
1309 		as default queue group.
1310 
1311 		Note: please read the warning in doc/op/op.me about
1312 		queue groups and possible queue manipulations.
1313 
1314 greet_pause	Adds the greet_pause ruleset which enables open proxy
1315 		and SMTP slamming protection.  The feature can take an
1316 		argument specifying the milliseconds to wait:
1317 
1318 			FEATURE(`greet_pause', `5000')  dnl 5 seconds
1319 
1320 		If FEATURE(`access_db') is enabled, an access database
1321 		lookup with the GreetPause tag is done using client
1322 		hostname, domain, IP address, or subnet to determine the
1323 		pause time:
1324 
1325 			GreetPause:my.domain	0
1326 			GreetPause:example.com	5000
1327 			GreetPause:10.1.2	2000
1328 			GreetPause:127.0.0.1	0
1329 
1330 		When using FEATURE(`access_db'), the optional
1331 		FEATURE(`greet_pause') argument becomes the default if
1332 		nothing is found in the access database.  A ruleset called
1333 		Local_greet_pause can be used for local modifications, e.g.,
1334 
1335 			LOCAL_RULESETS
1336 			SLocal_greet_pause
1337 			R$*		$: $&{daemon_flags}
1338 			R$* a $*	$# 0
1339 
1340 +--------------------+
1341 | USING UUCP MAILERS |
1342 +--------------------+
1343 
1344 It's hard to get UUCP mailers right because of the extremely ad hoc
1345 nature of UUCP addressing.  These config files are really designed
1346 for domain-based addressing, even for UUCP sites.
1347 
1348 There are four UUCP mailers available.  The choice of which one to
1349 use is partly a matter of local preferences and what is running at
1350 the other end of your UUCP connection.  Unlike good protocols that
1351 define what will go over the wire, UUCP uses the policy that you
1352 should do what is right for the other end; if they change, you have
1353 to change.  This makes it hard to do the right thing, and discourages
1354 people from updating their software.  In general, if you can avoid
1355 UUCP, please do.
1356 
1357 The major choice is whether to go for a domainized scheme or a
1358 non-domainized scheme.  This depends entirely on what the other
1359 end will recognize.  If at all possible, you should encourage the
1360 other end to go to a domain-based system -- non-domainized addresses
1361 don't work entirely properly.
1362 
1363 The four mailers are:
1364 
1365     uucp-old (obsolete name: "uucp")
1366 	This is the oldest, the worst (but the closest to UUCP) way of
1367 	sending messages across UUCP connections.  It does bangify
1368 	everything and prepends $U (your UUCP name) to the sender's
1369 	address (which can already be a bang path itself).  It can
1370 	only send to one address at a time, so it spends a lot of
1371 	time copying duplicates of messages.  Avoid this if at all
1372 	possible.
1373 
1374     uucp-new (obsolete name: "suucp")
1375 	The same as above, except that it assumes that in one rmail
1376 	command you can specify several recipients.  It still has a
1377 	lot of other problems.
1378 
1379     uucp-dom
1380 	This UUCP mailer keeps everything as domain addresses.
1381 	Basically, it uses the SMTP mailer rewriting rules.  This mailer
1382 	is only included if MAILER(`smtp') is specified before
1383 	MAILER(`uucp').
1384 
1385 	Unfortunately, a lot of UUCP mailer transport agents require
1386 	bangified addresses in the envelope, although you can use
1387 	domain-based addresses in the message header.  (The envelope
1388 	shows up as the From_ line on UNIX mail.)  So....
1389 
1390     uucp-uudom
1391 	This is a cross between uucp-new (for the envelope addresses)
1392 	and uucp-dom (for the header addresses).  It bangifies the
1393 	envelope sender (From_ line in messages) without adding the
1394 	local hostname, unless there is no host name on the address
1395 	at all (e.g., "wolf") or the host component is a UUCP host name
1396 	instead of a domain name ("somehost!wolf" instead of
1397 	"some.dom.ain!wolf").  This is also included only if MAILER(`smtp')
1398 	is also specified earlier.
1399 
1400 Examples:
1401 
1402 On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1403 summarizes the sender rewriting for various mailers.
1404 
1405 Mailer		sender		rewriting in the envelope
1406 ------		------		-------------------------
1407 uucp-{old,new}	wolf		grasp!wolf
1408 uucp-dom	wolf		wolf@grasp.insa-lyon.fr
1409 uucp-uudom	wolf		grasp.insa-lyon.fr!wolf
1410 
1411 uucp-{old,new}	wolf@fr.net	grasp!fr.net!wolf
1412 uucp-dom	wolf@fr.net	wolf@fr.net
1413 uucp-uudom	wolf@fr.net	fr.net!wolf
1414 
1415 uucp-{old,new}	somehost!wolf	grasp!somehost!wolf
1416 uucp-dom	somehost!wolf	somehost!wolf@grasp.insa-lyon.fr
1417 uucp-uudom	somehost!wolf	grasp.insa-lyon.fr!somehost!wolf
1418 
1419 If you are using one of the domainized UUCP mailers, you really want
1420 to convert all UUCP addresses to domain format -- otherwise, it will
1421 do it for you (and probably not the way you expected).  For example,
1422 if you have the address foo!bar!baz (and you are not sending to foo),
1423 the heuristics will add the @uucp.relay.name or @local.host.name to
1424 this address.  However, if you map foo to foo.host.name first, it
1425 will not add the local hostname.  You can do this using the uucpdomain
1426 feature.
1427 
1428 
1429 +-------------------+
1430 | TWEAKING RULESETS |
1431 +-------------------+
1432 
1433 For more complex configurations, you can define special rules.
1434 The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1435 the names.  Any modifications made here are reflected in the header.
1436 
1437 A common use is to convert old UUCP addresses to SMTP addresses using
1438 the UUCPSMTP macro.  For example:
1439 
1440 	LOCAL_RULE_3
1441 	UUCPSMTP(`decvax',	`decvax.dec.com')
1442 	UUCPSMTP(`research',	`research.att.com')
1443 
1444 will cause addresses of the form "decvax!user" and "research!user"
1445 to be converted to "user@decvax.dec.com" and "user@research.att.com"
1446 respectively.
1447 
1448 This could also be used to look up hosts in a database map:
1449 
1450 	LOCAL_RULE_3
1451 	R$* < @ $+ > $*		$: $1 < @ $(hostmap $2 $) > $3
1452 
1453 This map would be defined in the LOCAL_CONFIG portion, as shown below.
1454 
1455 Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1456 For example, new rules are needed to parse hostnames that you accept
1457 via MX records.  For example, you might have:
1458 
1459 	LOCAL_RULE_0
1460 	R$+ <@ host.dom.ain.>	$#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1461 
1462 You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1463 pointing at this host; this rule catches the message and forwards it on
1464 using UUCP.
1465 
1466 You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1467 These rulesets are normally empty.
1468 
1469 A similar macro is LOCAL_CONFIG.  This introduces lines added after the
1470 boilerplate option setting but before rulesets.  Do not declare rulesets in
1471 the LOCAL_CONFIG section.  It can be used to declare local database maps or
1472 whatever.  For example:
1473 
1474 	LOCAL_CONFIG
1475 	Khostmap hash /etc/mail/hostmap
1476 	Kyplocal nis -m hosts.byname
1477 
1478 
1479 +---------------------------+
1480 | MASQUERADING AND RELAYING |
1481 +---------------------------+
1482 
1483 You can have your host masquerade as another using
1484 
1485 	MASQUERADE_AS(`host.domain')
1486 
1487 This causes mail being sent to be labeled as coming from the
1488 indicated host.domain, rather than $j.  One normally masquerades as
1489 one of one's own subdomains (for example, it's unlikely that
1490 Berkeley would choose to masquerade as an MIT site).  This
1491 behaviour is modified by a plethora of FEATUREs; in particular, see
1492 masquerade_envelope, allmasquerade, limited_masquerade, and
1493 masquerade_entire_domain.
1494 
1495 The masquerade name is not normally canonified, so it is important
1496 that it be your One True Name, that is, fully qualified and not a
1497 CNAME.  However, if you use a CNAME, the receiving side may canonify
1498 it for you, so don't think you can cheat CNAME mapping this way.
1499 
1500 Normally the only addresses that are masqueraded are those that come
1501 from this host (that is, are either unqualified or in class {w}, the list
1502 of local domain names).  You can augment this list, which is realized
1503 by class {M} using
1504 
1505 	MASQUERADE_DOMAIN(`otherhost.domain')
1506 
1507 The effect of this is that although mail to user@otherhost.domain
1508 will not be delivered locally, any mail including any user@otherhost.domain
1509 will, when relayed, be rewritten to have the MASQUERADE_AS address.
1510 This can be a space-separated list of names.
1511 
1512 If these names are in a file, you can use
1513 
1514 	MASQUERADE_DOMAIN_FILE(`filename')
1515 
1516 to read the list of names from the indicated file (i.e., to add
1517 elements to class {M}).
1518 
1519 To exempt hosts or subdomains from being masqueraded, you can use
1520 
1521 	MASQUERADE_EXCEPTION(`host.domain')
1522 
1523 This can come handy if you want to masquerade a whole domain
1524 except for one (or a few) host(s).  If these names are in a file,
1525 you can use
1526 
1527 	MASQUERADE_EXCEPTION_FILE(`filename')
1528 
1529 Normally only header addresses are masqueraded.  If you want to
1530 masquerade the envelope as well, use
1531 
1532 	FEATURE(`masquerade_envelope')
1533 
1534 There are always users that need to be "exposed" -- that is, their
1535 internal site name should be displayed instead of the masquerade name.
1536 Root is an example (which has been "exposed" by default prior to 8.10).
1537 You can add users to this list using
1538 
1539 	EXPOSED_USER(`usernames')
1540 
1541 This adds users to class {E}; you could also use
1542 
1543 	EXPOSED_USER_FILE(`filename')
1544 
1545 You can also arrange to relay all unqualified names (that is, names
1546 without @host) to a relay host.  For example, if you have a central
1547 email server, you might relay to that host so that users don't have
1548 to have .forward files or aliases.  You can do this using
1549 
1550 	define(`LOCAL_RELAY', `mailer:hostname')
1551 
1552 The ``mailer:'' can be omitted, in which case the mailer defaults to
1553 "relay".  There are some user names that you don't want relayed, perhaps
1554 because of local aliases.  A common example is root, which may be
1555 locally aliased.  You can add entries to this list using
1556 
1557 	LOCAL_USER(`usernames')
1558 
1559 This adds users to class {L}; you could also use
1560 
1561 	LOCAL_USER_FILE(`filename')
1562 
1563 If you want all incoming mail sent to a centralized hub, as for a
1564 shared /var/spool/mail scheme, use
1565 
1566 	define(`MAIL_HUB', `mailer:hostname')
1567 
1568 Again, ``mailer:'' defaults to "relay".  If you define both LOCAL_RELAY
1569 and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1570 be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1571 Note: there is a (long standing) bug which keeps this combination from
1572 working for addresses of the form user+detail.
1573 Names in class {L} will be delivered locally, so you MUST have aliases or
1574 .forward files for them.
1575 
1576 For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1577 FEATURE(`stickyhost'), the following combinations of settings will have the
1578 indicated effects:
1579 
1580 email sent to....	eric			  eric@mastodon.CS.Berkeley.EDU
1581 
1582 LOCAL_RELAY set to	mail.CS.Berkeley.EDU	  (delivered locally)
1583 mail.CS.Berkeley.EDU	  (no local aliasing)	    (aliasing done)
1584 
1585 MAIL_HUB set to		mammoth.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1586 mammoth.CS.Berkeley.EDU	  (aliasing done)	    (aliasing done)
1587 
1588 Both LOCAL_RELAY and	mail.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1589 MAIL_HUB set as above	  (no local aliasing)	    (aliasing done)
1590 
1591 If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1592 MAIL_HUB act identically, with MAIL_HUB taking precedence.
1593 
1594 If you want all outgoing mail to go to a central relay site, define
1595 SMART_HOST as well.  Briefly:
1596 
1597 	LOCAL_RELAY applies to unqualified names (e.g., "eric").
1598 	MAIL_HUB applies to names qualified with the name of the
1599 		local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1600 	SMART_HOST applies to names qualified with other hosts or
1601 		bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1602 		or "eric@[127.0.0.1]").
1603 
1604 However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1605 DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1606 really want absolutely everything to go to a single central site you will
1607 need to unset all the other relays -- or better yet, find or build a
1608 minimal config file that does this.
1609 
1610 For duplicate suppression to work properly, the host name is best
1611 specified with a terminal dot:
1612 
1613 	define(`MAIL_HUB', `host.domain.')
1614 	      note the trailing dot ---^
1615 
1616 
1617 +-------------------------------------------+
1618 | USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1619 +-------------------------------------------+
1620 
1621 LDAP can be used for aliases, maps, and classes by either specifying your
1622 own LDAP map specification or using the built-in default LDAP map
1623 specification.  The built-in default specifications all provide lookups
1624 which match against either the machine's fully qualified hostname (${j}) or
1625 a "cluster".  The cluster allows you to share LDAP entries among a large
1626 number of machines without having to enter each of the machine names into
1627 each LDAP entry.  To set the LDAP cluster name to use for a particular
1628 machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1629 unique name.  For example:
1630 
1631 	define(`confLDAP_CLUSTER', `Servers')
1632 
1633 Here, the word `Servers' will be the cluster name.  As an example, assume
1634 that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1635 to the Servers cluster.
1636 
1637 Some of the LDAP LDIF examples below show use of the Servers cluster.
1638 Every entry must have either a sendmailMTAHost or sendmailMTACluster
1639 attribute or it will be ignored.  Be careful as mixing clusters and
1640 individual host records can have surprising results (see the CAUTION
1641 sections below).
1642 
1643 See the file cf/sendmail.schema for the actual LDAP schemas.  Note that
1644 this schema (and therefore the lookups and examples below) is experimental
1645 at this point as it has had little public review.  Therefore, it may change
1646 in future versions.  Feedback via sendmail-YYYY@support.sendmail.org is
1647 encouraged (replace YYYY with the current year, e.g., 2005).
1648 
1649 -------
1650 Aliases
1651 -------
1652 
1653 The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
1654 lookups.  To use the default schema, simply use:
1655 
1656 	define(`ALIAS_FILE', `ldap:')
1657 
1658 By doing so, you will use the default schema which expands to a map
1659 declared as follows:
1660 
1661 	ldap -k (&(objectClass=sendmailMTAAliasObject)
1662 		  (sendmailMTAAliasGrouping=aliases)
1663 		  (|(sendmailMTACluster=${sendmailMTACluster})
1664 		    (sendmailMTAHost=$j))
1665 		  (sendmailMTAKey=%0))
1666 	     -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
1667 
1668 
1669 NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1670 used when the binary expands the `ldap:' token as the AliasFile option is
1671 not actually macro-expanded when read from the sendmail.cf file.
1672 
1673 Example LDAP LDIF entries might be:
1674 
1675 	dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
1676 	objectClass: sendmailMTA
1677 	objectClass: sendmailMTAAlias
1678 	objectClass: sendmailMTAAliasObject
1679 	sendmailMTAAliasGrouping: aliases
1680 	sendmailMTAHost: etrn.sendmail.org
1681 	sendmailMTAKey: sendmail-list
1682 	sendmailMTAAliasValue: ca@example.org
1683 	sendmailMTAAliasValue: eric
1684 	sendmailMTAAliasValue: gshapiro@example.com
1685 
1686 	dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
1687 	objectClass: sendmailMTA
1688 	objectClass: sendmailMTAAlias
1689 	objectClass: sendmailMTAAliasObject
1690 	sendmailMTAAliasGrouping: aliases
1691 	sendmailMTAHost: etrn.sendmail.org
1692 	sendmailMTAKey: owner-sendmail-list
1693 	sendmailMTAAliasValue: eric
1694 
1695 	dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
1696 	objectClass: sendmailMTA
1697 	objectClass: sendmailMTAAlias
1698 	objectClass: sendmailMTAAliasObject
1699 	sendmailMTAAliasGrouping: aliases
1700 	sendmailMTACluster: Servers
1701 	sendmailMTAKey: postmaster
1702 	sendmailMTAAliasValue: eric
1703 
1704 Here, the aliases sendmail-list and owner-sendmail-list will be available
1705 only on etrn.sendmail.org but the postmaster alias will be available on
1706 every machine in the Servers cluster (including etrn.sendmail.org).
1707 
1708 CAUTION: aliases are additive so that entries like these:
1709 
1710 	dn: sendmailMTAKey=bob, dc=sendmail, dc=org
1711 	objectClass: sendmailMTA
1712 	objectClass: sendmailMTAAlias
1713 	objectClass: sendmailMTAAliasObject
1714 	sendmailMTAAliasGrouping: aliases
1715 	sendmailMTACluster: Servers
1716 	sendmailMTAKey: bob
1717 	sendmailMTAAliasValue: eric
1718 
1719 	dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
1720 	objectClass: sendmailMTA
1721 	objectClass: sendmailMTAAlias
1722 	objectClass: sendmailMTAAliasObject
1723 	sendmailMTAAliasGrouping: aliases
1724 	sendmailMTAHost: etrn.sendmail.org
1725 	sendmailMTAKey: bob
1726 	sendmailMTAAliasValue: gshapiro
1727 
1728 would mean that on all of the hosts in the cluster, mail to bob would go to
1729 eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
1730 gshapiro.
1731 
1732 If you prefer not to use the default LDAP schema for your aliases, you can
1733 specify the map parameters when setting ALIAS_FILE.  For example:
1734 
1735 	define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
1736 
1737 ----
1738 Maps
1739 ----
1740 
1741 FEATURE()'s which take an optional map definition argument (e.g., access,
1742 mailertable, virtusertable, etc.) can instead take the special keyword
1743 `LDAP', e.g.:
1744 
1745 	FEATURE(`access_db', `LDAP')
1746 	FEATURE(`virtusertable', `LDAP')
1747 
1748 When this keyword is given, that map will use LDAP lookups consisting of
1749 the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
1750 with the map name, a search attribute of sendmailMTAKey, and the value
1751 attribute sendmailMTAMapValue.
1752 
1753 The values for sendmailMTAMapName are:
1754 
1755 	FEATURE()		sendmailMTAMapName
1756 	---------		------------------
1757 	access_db		access
1758 	authinfo		authinfo
1759 	bitdomain		bitdomain
1760 	domaintable		domain
1761 	genericstable		generics
1762 	mailertable		mailer
1763 	uucpdomain		uucpdomain
1764 	virtusertable		virtuser
1765 
1766 For example, FEATURE(`mailertable', `LDAP') would use the map definition:
1767 
1768 	Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
1769 			       (sendmailMTAMapName=mailer)
1770 			       (|(sendmailMTACluster=${sendmailMTACluster})
1771 				 (sendmailMTAHost=$j))
1772 			       (sendmailMTAKey=%0))
1773 			  -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
1774 
1775 An example LDAP LDIF entry using this map might be:
1776 
1777 	dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
1778 	objectClass: sendmailMTA
1779 	objectClass: sendmailMTAMap
1780 	sendmailMTACluster: Servers
1781 	sendmailMTAMapName: mailer
1782 
1783 	dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1784 	objectClass: sendmailMTA
1785 	objectClass: sendmailMTAMap
1786 	objectClass: sendmailMTAMapObject
1787 	sendmailMTAMapName: mailer
1788 	sendmailMTACluster: Servers
1789 	sendmailMTAKey: example.com
1790 	sendmailMTAMapValue: relay:[smtp.example.com]
1791 
1792 CAUTION: If your LDAP database contains the record above and *ALSO* a host
1793 specific record such as:
1794 
1795 	dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1796 	objectClass: sendmailMTA
1797 	objectClass: sendmailMTAMap
1798 	objectClass: sendmailMTAMapObject
1799 	sendmailMTAMapName: mailer
1800 	sendmailMTAHost: etrn.sendmail.org
1801 	sendmailMTAKey: example.com
1802 	sendmailMTAMapValue: relay:[mx.example.com]
1803 
1804 then these entries will give unexpected results.  When the lookup is done
1805 on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
1806 require a single match.  Since the host etrn.sendmail.org is also in the
1807 Servers cluster, LDAP would return two answers for the example.com map key
1808 in which case sendmail would treat this as no match at all.
1809 
1810 If you prefer not to use the default LDAP schema for your maps, you can
1811 specify the map parameters when using the FEATURE().  For example:
1812 
1813 	FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
1814 
1815 -------
1816 Classes
1817 -------
1818 
1819 Normally, classes can be filled via files or programs.  As of 8.12, they
1820 can also be filled via map lookups using a new syntax:
1821 
1822 	F{ClassName}mapkey@mapclass:mapspec
1823 
1824 mapkey is optional and if not provided the map key will be empty.  This can
1825 be used with LDAP to read classes from LDAP.  Note that the lookup is only
1826 done when sendmail is initially started.  Use the special value `@LDAP' to
1827 use the default LDAP schema.  For example:
1828 
1829 	RELAY_DOMAIN_FILE(`@LDAP')
1830 
1831 would put all of the attribute sendmailMTAClassValue values of LDAP records
1832 with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
1833 'R' into class $={R}.  In other words, it is equivalent to the LDAP map
1834 specification:
1835 
1836 	F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
1837 		       (sendmailMTAClassName=R)
1838 		       (|(sendmailMTACluster=${sendmailMTACluster})
1839 			 (sendmailMTAHost=$j)))
1840 		  -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
1841 
1842 NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1843 used when the binary expands the `@LDAP' token as class declarations are
1844 not actually macro-expanded when read from the sendmail.cf file.
1845 
1846 This can be used with class related commands such as RELAY_DOMAIN_FILE(),
1847 MASQUERADE_DOMAIN_FILE(), etc:
1848 
1849 	Command				sendmailMTAClassName
1850 	-------				--------------------
1851 	CANONIFY_DOMAIN_FILE()		Canonify
1852 	EXPOSED_USER_FILE()		E
1853 	GENERICS_DOMAIN_FILE()		G
1854 	LDAPROUTE_DOMAIN_FILE()		LDAPRoute
1855 	LDAPROUTE_EQUIVALENT_FILE()	LDAPRouteEquiv
1856 	LOCAL_USER_FILE()		L
1857 	MASQUERADE_DOMAIN_FILE()	M
1858 	MASQUERADE_EXCEPTION_FILE()	N
1859 	RELAY_DOMAIN_FILE()		R
1860 	VIRTUSER_DOMAIN_FILE()		VirtHost
1861 
1862 You can also add your own as any 'F'ile class of the form:
1863 
1864 	F{ClassName}@LDAP
1865 	  ^^^^^^^^^
1866 will use "ClassName" for the sendmailMTAClassName.
1867 
1868 An example LDAP LDIF entry would look like:
1869 
1870 	dn: sendmailMTAClassName=R, dc=sendmail, dc=org
1871 	objectClass: sendmailMTA
1872 	objectClass: sendmailMTAClass
1873 	sendmailMTACluster: Servers
1874 	sendmailMTAClassName: R
1875 	sendmailMTAClassValue: sendmail.org
1876 	sendmailMTAClassValue: example.com
1877 	sendmailMTAClassValue: 10.56.23
1878 
1879 CAUTION: If your LDAP database contains the record above and *ALSO* a host
1880 specific record such as:
1881 
1882 	dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
1883 	objectClass: sendmailMTA
1884 	objectClass: sendmailMTAClass
1885 	sendmailMTAHost: etrn.sendmail.org
1886 	sendmailMTAClassName: R
1887 	sendmailMTAClassValue: example.com
1888 
1889 the result will be similar to the aliases caution above.  When the lookup
1890 is done on etrn.sendmail.org, $={R} would contain all of the entries (from
1891 both the cluster match and the host match).  In other words, the effective
1892 is additive.
1893 
1894 If you prefer not to use the default LDAP schema for your classes, you can
1895 specify the map parameters when using the class command.  For example:
1896 
1897 	VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
1898 
1899 Remember, macros can not be used in a class declaration as the binary does
1900 not expand them.
1901 
1902 
1903 +--------------+
1904 | LDAP ROUTING |
1905 +--------------+
1906 
1907 FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
1908 LDAP Schema for Intranet Mail Routing
1909 (draft-lachman-laser-ldap-mail-routing-01).  This feature enables
1910 LDAP-based rerouting of a particular address to either a different host
1911 or a different address.  The LDAP lookup is first attempted on the full
1912 address (e.g., user@example.com) and then on the domain portion
1913 (e.g., @example.com).  Be sure to setup your domain for LDAP routing using
1914 LDAPROUTE_DOMAIN(), e.g.:
1915 
1916 	LDAPROUTE_DOMAIN(`example.com')
1917 
1918 Additionally, you can specify equivalent domains for LDAP routing using
1919 LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE().  'Equivalent'
1920 hostnames are mapped to $M (the masqueraded hostname for the server) before
1921 the LDAP query.  For example, if the mail is addressed to
1922 user@host1.example.com, normally the LDAP lookup would only be done for
1923 'user@host1.example.com' and '@host1.example.com'.   However, if
1924 LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
1925 done on 'user@example.com' and '@example.com' after attempting the
1926 host1.example.com lookups.
1927 
1928 By default, the feature will use the schemas as specified in the draft
1929 and will not reject addresses not found by the LDAP lookup.  However,
1930 this behavior can be changed by giving additional arguments to the FEATURE()
1931 command:
1932 
1933  FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
1934 		 <detail>, <nodomain>, <tempfail>)
1935 
1936 where <mailHost> is a map definition describing how to lookup an alternative
1937 mail host for a particular address; <mailRoutingAddress> is a map definition
1938 describing how to lookup an alternative address for a particular address;
1939 the <bounce> argument, if present and not the word "passthru", dictates
1940 that mail should be bounced if neither a mailHost nor mailRoutingAddress
1941 is found, if set to "sendertoo", the sender will be rejected if not
1942 found in LDAP; and <detail> indicates what actions to take if the address
1943 contains +detail information -- `strip' tries the lookup with the +detail
1944 and if no matches are found, strips the +detail and tries the lookup again;
1945 `preserve', does the same as `strip' but if a mailRoutingAddress match is
1946 found, the +detail information is copied to the new address; the <nodomain>
1947 argument, if present, will prevent the @domain lookup if the full
1948 address is not found in LDAP; the <tempfail> argument, if set to
1949 "tempfail", instructs the rules to give an SMTP 4XX temporary
1950 error if the LDAP server gives the MTA a temporary failure, or if set to
1951 "queue" (the default), the MTA will locally queue the mail.
1952 
1953 The default <mailHost> map definition is:
1954 
1955 	ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
1956 				 (mailLocalAddress=%0))
1957 
1958 The default <mailRoutingAddress> map definition is:
1959 
1960 	ldap -1 -T<TMPF> -v mailRoutingAddress
1961 			 -k (&(objectClass=inetLocalMailRecipient)
1962 			      (mailLocalAddress=%0))
1963 
1964 Note that neither includes the LDAP server hostname (-h server) or base DN
1965 (-b o=org,c=COUNTRY), both necessary for LDAP queries.  It is presumed that
1966 your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
1967 these settings.  If this is not the case, the map definitions should be
1968 changed as described above.  The "-T<TMPF>" is required in any user
1969 specified map definition to catch temporary errors.
1970 
1971 The following possibilities exist as a result of an LDAP lookup on an
1972 address:
1973 
1974 	mailHost is	mailRoutingAddress is	Results in
1975 	-----------	---------------------	----------
1976 	set to a	set			mail delivered to
1977 	"local" host				mailRoutingAddress
1978 
1979 	set to a	not set			delivered to
1980 	"local" host				original address
1981 
1982 	set to a	set			mailRoutingAddress
1983 	remote host				relayed to mailHost
1984 
1985 	set to a	not set			original address
1986 	remote host				relayed to mailHost
1987 
1988 	not set		set			mail delivered to
1989 						mailRoutingAddress
1990 
1991 	not set		not set			delivered to
1992 						original address *OR*
1993 						bounced as unknown user
1994 
1995 The term "local" host above means the host specified is in class {w}.  If
1996 the result would mean sending the mail to a different host, that host is
1997 looked up in the mailertable before delivery.
1998 
1999 Note that the last case depends on whether the third argument is given
2000 to the FEATURE() command.  The default is to deliver the message to the
2001 original address.
2002 
2003 The LDAP entries should be set up with an objectClass of
2004 inetLocalMailRecipient and the address be listed in a mailLocalAddress
2005 attribute.  If present, there must be only one mailHost attribute and it
2006 must contain a fully qualified host name as its value.  Similarly, if
2007 present, there must be only one mailRoutingAddress attribute and it must
2008 contain an RFC 822 compliant address.  Some example LDAP records (in LDIF
2009 format):
2010 
2011 	dn: uid=tom, o=example.com, c=US
2012 	objectClass: inetLocalMailRecipient
2013 	mailLocalAddress: tom@example.com
2014 	mailRoutingAddress: thomas@mailhost.example.com
2015 
2016 This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2017 
2018 	dn: uid=dick, o=example.com, c=US
2019 	objectClass: inetLocalMailRecipient
2020 	mailLocalAddress: dick@example.com
2021 	mailHost: eng.example.com
2022 
2023 This would relay mail for dick@example.com to the same address but redirect
2024 the mail to MX records listed for the host eng.example.com (unless the
2025 mailertable overrides).
2026 
2027 	dn: uid=harry, o=example.com, c=US
2028 	objectClass: inetLocalMailRecipient
2029 	mailLocalAddress: harry@example.com
2030 	mailHost: mktmail.example.com
2031 	mailRoutingAddress: harry@mkt.example.com
2032 
2033 This would relay mail for harry@example.com to the MX records listed for
2034 the host mktmail.example.com using the new address harry@mkt.example.com
2035 when talking to that host.
2036 
2037 	dn: uid=virtual.example.com, o=example.com, c=US
2038 	objectClass: inetLocalMailRecipient
2039 	mailLocalAddress: @virtual.example.com
2040 	mailHost: server.example.com
2041 	mailRoutingAddress: virtual@example.com
2042 
2043 This would send all mail destined for any username @virtual.example.com to
2044 the machine server.example.com's MX servers and deliver to the address
2045 virtual@example.com on that relay machine.
2046 
2047 
2048 +---------------------------------+
2049 | ANTI-SPAM CONFIGURATION CONTROL |
2050 +---------------------------------+
2051 
2052 The primary anti-spam features available in sendmail are:
2053 
2054 * Relaying is denied by default.
2055 * Better checking on sender information.
2056 * Access database.
2057 * Header checks.
2058 
2059 Relaying (transmission of messages from a site outside your host (class
2060 {w}) to another site except yours) is denied by default.  Note that this
2061 changed in sendmail 8.9; previous versions allowed relaying by default.
2062 If you really want to revert to the old behaviour, you will need to use
2063 FEATURE(`promiscuous_relay').  You can allow certain domains to relay
2064 through your server by adding their domain name or IP address to class
2065 {R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2066 (described below).  Note that IPv6 addresses must be prefaced with "IPv6:".
2067 The file consists (like any other file based class) of entries listed on
2068 separate lines, e.g.,
2069 
2070 	sendmail.org
2071 	128.32
2072 	IPv6:2002:c0a8:02c7
2073 	IPv6:2002:c0a8:51d2::23f4
2074 	host.mydomain.com
2075 	[UNIX:localhost]
2076 
2077 Notice: the last entry allows relaying for connections via a UNIX
2078 socket to the MTA/MSP.  This might be necessary if your configuration
2079 doesn't allow relaying by other means in that case, e.g., by having
2080 localhost.$m in class {R} (make sure $m is not just a top level
2081 domain).
2082 
2083 If you use
2084 
2085 	FEATURE(`relay_entire_domain')
2086 
2087 then any host in any of your local domains (that is, class {m})
2088 will be relayed (that is, you will accept mail either to or from any
2089 host in your domain).
2090 
2091 You can also allow relaying based on the MX records of the host
2092 portion of an incoming recipient address by using
2093 
2094 	FEATURE(`relay_based_on_MX')
2095 
2096 For example, if your server receives a recipient of user@domain.com
2097 and domain.com lists your server in its MX records, the mail will be
2098 accepted for relay to domain.com.  This feature may cause problems
2099 if MX lookups for the recipient domain are slow or time out.  In that
2100 case, mail will be temporarily rejected.  It is usually better to
2101 maintain a list of hosts/domains for which the server acts as relay.
2102 Note also that this feature will stop spammers from using your host
2103 to relay spam but it will not stop outsiders from using your server
2104 as a relay for their site (that is, they set up an MX record pointing
2105 to your mail server, and you will relay mail addressed to them
2106 without any prior arrangement).  Along the same lines,
2107 
2108 	FEATURE(`relay_local_from')
2109 
2110 will allow relaying if the sender specifies a return path (i.e.
2111 MAIL FROM:<user@domain>) domain which is a local domain.  This is a
2112 dangerous feature as it will allow spammers to spam using your mail
2113 server by simply specifying a return address of user@your.domain.com.
2114 It should not be used unless absolutely necessary.
2115 A slightly better solution is
2116 
2117 	FEATURE(`relay_mail_from')
2118 
2119 which allows relaying if the mail sender is listed as RELAY in the
2120 access map.  If an optional argument `domain' (this is the literal
2121 word `domain', not a placeholder) is given, the domain portion of
2122 the mail sender is also checked to allowing relaying.  This option
2123 only works together with the tag From: for the LHS of the access
2124 map entries.  This feature allows spammers to abuse your mail server
2125 by specifying a return address that you enabled in your access file.
2126 This may be harder to figure out for spammers, but it should not
2127 be used unless necessary.  Instead use STARTTLS to
2128 allow relaying for roaming users.
2129 
2130 
2131 If source routing is used in the recipient address (e.g.,
2132 RCPT TO:<user%site.com@othersite.com>), sendmail will check
2133 user@site.com for relaying if othersite.com is an allowed relay host
2134 in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2135 or the access database if FEATURE(`access_db') is used.  To prevent
2136 the address from being stripped down, use:
2137 
2138 	FEATURE(`loose_relay_check')
2139 
2140 If you think you need to use this feature, you probably do not.  This
2141 should only be used for sites which have no control over the addresses
2142 that they provide a gateway for.  Use this FEATURE with caution as it
2143 can allow spammers to relay through your server if not setup properly.
2144 
2145 NOTICE: It is possible to relay mail through a system which the anti-relay
2146 rules do not prevent: the case of a system that does use FEATURE(`nouucp',
2147 `nospecial') (system A) and relays local messages to a mail hub (e.g., via
2148 LOCAL_RELAY or LUSER_RELAY) (system B).  If system B doesn't use
2149 FEATURE(`nouucp') at all, addresses of the form
2150 <example.net!user@local.host> would be relayed to <user@example.net>.
2151 System A doesn't recognize `!' as an address separator and therefore
2152 forwards it to the mail hub which in turns relays it because it came from
2153 a trusted local host.  So if a mailserver allows UUCP (bang-format)
2154 addresses, all systems from which it allows relaying should do the same
2155 or reject those addresses.
2156 
2157 As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2158 an unresolvable domain (i.e., one that DNS, your local name service,
2159 or special case rules in ruleset 3 cannot locate).  This also applies
2160 to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2161 IP address can't be mapped to a host name.  If you want to continue
2162 to accept such domains, e.g., because you are inside a firewall that
2163 has only a limited view of the Internet host name space (note that you
2164 will not be able to return mail to them unless you have some "smart
2165 host" forwarder), use
2166 
2167 	FEATURE(`accept_unresolvable_domains')
2168 
2169 Alternatively, you can allow specific addresses by adding them to
2170 the access map, e.g.,
2171 
2172 	From:unresolvable.domain	OK
2173 	From:[1.2.3.4]			OK
2174 	From:[1.2.4]			OK
2175 
2176 Notice: domains which are temporarily unresolvable are (temporarily)
2177 rejected with a 451 reply code.  If those domains should be accepted
2178 (which is discouraged) then you can use
2179 
2180 	LOCAL_CONFIG
2181 	C{ResOk}TEMP
2182 
2183 sendmail will also refuse mail if the MAIL FROM: parameter is not
2184 fully qualified (i.e., contains a domain as well as a user).  If you
2185 want to continue to accept such senders, use
2186 
2187 	FEATURE(`accept_unqualified_senders')
2188 
2189 Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2190 i.e., unqualified addresses are accepted even without this FEATURE.  If
2191 this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2192 to enforce fully qualified domain names.
2193 
2194 An ``access'' database can be created to accept or reject mail from
2195 selected domains.  For example, you may choose to reject all mail
2196 originating from known spammers.  To enable such a database, use
2197 
2198 	FEATURE(`access_db')
2199 
2200 Notice: the access database is applied to the envelope addresses
2201 and the connection information, not to the header.
2202 
2203 The FEATURE macro can accept as second parameter the key file
2204 definition for the database; for example
2205 
2206 	FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2207 
2208 Notice: If a second argument is specified it must contain the option
2209 `-T<TMPF>' as shown above.  The optional third and fourth parameters
2210 may be `skip' or `lookupdotdomain'.  The former enables SKIP as
2211 value part (see below), the latter is another way to enable the
2212 feature of the same name (see above).
2213 
2214 Remember, since /etc/mail/access is a database, after creating the text
2215 file as described below, you must use makemap to create the database
2216 map.  For example:
2217 
2218 	makemap hash /etc/mail/access < /etc/mail/access
2219 
2220 The table itself uses e-mail addresses, domain names, and network
2221 numbers as keys.  Note that IPv6 addresses must be prefaced with "IPv6:".
2222 For example,
2223 
2224 	From:spammer@aol.com			REJECT
2225 	From:cyberspammer.com			REJECT
2226 	Connect:cyberspammer.com		REJECT
2227 	Connect:TLD				REJECT
2228 	Connect:192.168.212			REJECT
2229 	Connect:IPv6:2002:c0a8:02c7		RELAY
2230 	Connect:IPv6:2002:c0a8:51d2::23f4	REJECT
2231 
2232 would refuse mail from spammer@aol.com, any user from cyberspammer.com
2233 (or any host within the cyberspammer.com domain), any host in the entire
2234 top level domain TLD, 192.168.212.* network, and the IPv6 address
2235 2002:c0a8:51d2::23f4.  It would allow relay for the IPv6 network
2236 2002:c0a8:02c7::/48.
2237 
2238 Entries in the access map should be tagged according to their type.
2239 Three tags are available:
2240 
2241 	Connect:	connection information (${client_addr}, ${client_name})
2242 	From:		envelope sender
2243 	To:		envelope recipient
2244 
2245 Notice: untagged entries are deprecated.
2246 
2247 If the required item is looked up in a map, it will be tried first
2248 with the corresponding tag in front, then (as fallback to enable
2249 backward compatibility) without any tag, unless the specific feature
2250 requires a tag.  For example,
2251 
2252 	From:spammer@some.dom	REJECT
2253 	To:friend.domain	RELAY
2254 	Connect:friend.domain	OK
2255 	Connect:from.domain	RELAY
2256 	From:good@another.dom	OK
2257 	From:another.dom	REJECT
2258 
2259 This would deny mails from spammer@some.dom but you could still
2260 send mail to that address even if FEATURE(`blacklist_recipients')
2261 is enabled.  Your system will allow relaying to friend.domain, but
2262 not from it (unless enabled by other means).  Connections from that
2263 domain will be allowed even if it ends up in one of the DNS based
2264 rejection lists.  Relaying is enabled from from.domain but not to
2265 it (since relaying is based on the connection information for
2266 outgoing relaying, the tag Connect: must be used; for incoming
2267 relaying, which is based on the recipient address, To: must be
2268 used).  The last two entries allow mails from good@another.dom but
2269 reject mail from all other addresses with another.dom as domain
2270 part.
2271 
2272 
2273 The value part of the map can contain:
2274 
2275 	OK		Accept mail even if other rules in the running
2276 			ruleset would reject it, for example, if the domain
2277 			name is unresolvable.  "Accept" does not mean
2278 			"relay", but at most acceptance for local
2279 			recipients.  That is, OK allows less than RELAY.
2280 	RELAY		Accept mail addressed to the indicated domain or
2281 			received from the indicated domain for relaying
2282 			through your SMTP server.  RELAY also serves as
2283 			an implicit OK for the other checks.
2284 	REJECT		Reject the sender or recipient with a general
2285 			purpose message.
2286 	DISCARD		Discard the message completely using the
2287 			$#discard mailer.  If it is used in check_compat,
2288 			it affects only the designated recipient, not
2289 			the whole message as it does in all other cases.
2290 			This should only be used if really necessary.
2291 	SKIP		This can only be used for host/domain names
2292 			and IP addresses/nets.  It will abort the current
2293 			search for this entry without accepting or rejecting
2294 			it but causing the default action.
2295 	### any text	where ### is an RFC 821 compliant error code and
2296 			"any text" is a message to return for the command.
2297 			The entire string should be quoted to avoid
2298 			surprises:
2299 
2300 				"### any text"
2301 
2302 			Otherwise sendmail formats the text as email
2303 			addresses, e.g., it may remove spaces.
2304 			This type is deprecated, use one of the two
2305 			ERROR:  entries below instead.
2306 	ERROR:### any text
2307 			as above, but useful to mark error messages as such.
2308 			If quotes need to be used to avoid modifications
2309 			(see above), they should be placed like this:
2310 
2311 				ERROR:"### any text"
2312 
2313 	ERROR:D.S.N:### any text
2314 			where D.S.N is an RFC 1893 compliant error code
2315 			and the rest as above.  If quotes need to be used
2316 			to avoid modifications, they should be placed
2317 			like this:
2318 
2319 				ERROR:D.S.N:"### any text"
2320 
2321 	QUARANTINE:any text
2322 			Quarantine the message using the given text as the
2323 			quarantining reason.
2324 
2325 For example:
2326 
2327 	From:cyberspammer.com	ERROR:"550 We don't accept mail from spammers"
2328 	From:okay.cyberspammer.com	OK
2329 	Connect:sendmail.org		RELAY
2330 	To:sendmail.org			RELAY
2331 	Connect:128.32			RELAY
2332 	Connect:128.32.2		SKIP
2333 	Connect:IPv6:1:2:3:4:5:6:7	RELAY
2334 	Connect:suspicious.example.com	QUARANTINE:Mail from suspicious host
2335 	Connect:[127.0.0.3]		OK
2336 	Connect:[IPv6:1:2:3:4:5:6:7:8]	OK
2337 
2338 would accept mail from okay.cyberspammer.com, but would reject mail
2339 from all other hosts at cyberspammer.com with the indicated message.
2340 It would allow relaying mail from and to any hosts in the sendmail.org
2341 domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2342 and from the 128.32.*.* network except for the 128.32.2.* network,
2343 which shows how SKIP is useful to exempt subnets/subdomains.  The
2344 last two entries are for checks against ${client_name} if the IP
2345 address doesn't resolve to a hostname (or is considered as "may be
2346 forged").  That is, using square brackets means these are host
2347 names, not network numbers.
2348 
2349 Warning: if you change the RFC 821 compliant error code from the default
2350 value of 550, then you should probably also change the RFC 1893 compliant
2351 error code to match it.  For example, if you use
2352 
2353 	To:user@example.com	ERROR:450 mailbox full
2354 
2355 the error returned would be "450 5.0.0 mailbox full" which is wrong.
2356 Use "ERROR:4.2.2:450 mailbox full" instead.
2357 
2358 Note, UUCP users may need to add hostname.UUCP to the access database
2359 or class {R}.
2360 
2361 If you also use:
2362 
2363 	FEATURE(`relay_hosts_only')
2364 
2365 then the above example will allow relaying for sendmail.org, but not
2366 hosts within the sendmail.org domain.  Note that this will also require
2367 hosts listed in class {R} to be fully qualified host names.
2368 
2369 You can also use the access database to block sender addresses based on
2370 the username portion of the address.  For example:
2371 
2372 	From:FREE.STEALTH.MAILER@	ERROR:550 Spam not accepted
2373 
2374 Note that you must include the @ after the username to signify that
2375 this database entry is for checking only the username portion of the
2376 sender address.
2377 
2378 If you use:
2379 
2380 	FEATURE(`blacklist_recipients')
2381 
2382 then you can add entries to the map for local users, hosts in your
2383 domains, or addresses in your domain which should not receive mail:
2384 
2385 	To:badlocaluser@	ERROR:550 Mailbox disabled for badlocaluser
2386 	To:host.my.TLD		ERROR:550 That host does not accept mail
2387 	To:user@other.my.TLD	ERROR:550 Mailbox disabled for this recipient
2388 
2389 This would prevent a recipient of badlocaluser in any of the local
2390 domains (class {w}), any user at host.my.TLD, and the single address
2391 user@other.my.TLD from receiving mail.  Please note: a local username
2392 must be now tagged with an @ (this is consistent with the check of
2393 the sender address, and hence it is possible to distinguish between
2394 hostnames and usernames).  Enabling this feature will keep you from
2395 sending mails to all addresses that have an error message or REJECT
2396 as value part in the access map.  Taking the example from above:
2397 
2398 	spammer@aol.com		REJECT
2399 	cyberspammer.com	REJECT
2400 
2401 Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2402 That's why tagged entries should be used.
2403 
2404 There are several DNS based blacklists which can be found by
2405 querying a search engine.  These are databases of spammers
2406 maintained in DNS.  To use such a database, specify
2407 
2408 	FEATURE(`dnsbl', `dnsbl.example.com')
2409 
2410 This will cause sendmail to reject mail from any site listed in the
2411 DNS based blacklist.  You must select an DNSB based blacklist domain
2412 to check by specifying an argument to the FEATURE.  The default
2413 error message is
2414 
2415 	Rejected: IP-ADDRESS listed at SERVER
2416 
2417 where IP-ADDRESS and SERVER are replaced by the appropriate
2418 information.  A second argument can be used to specify a different
2419 text.  By default, temporary lookup failures are ignored and hence
2420 cause the connection not to be rejected by the DNS based rejection
2421 list.  This behavior can be changed by specifying a third argument,
2422 which must be either `t' or a full error message.  For example:
2423 
2424 	FEATURE(`dnsbl', `dnsbl.example.com', `',
2425 	`"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2426 
2427 If `t' is used, the error message is:
2428 
2429 	451 Temporary lookup failure of IP-ADDRESS at SERVER
2430 
2431 where IP-ADDRESS and SERVER are replaced by the appropriate
2432 information.
2433 
2434 This FEATURE can be included several times to query different
2435 DNS based rejection lists.
2436 
2437 Notice: to avoid checking your own local domains against those
2438 blacklists, use the access_db feature and add:
2439 
2440 	Connect:10.1		OK
2441 	Connect:127.0.0.1	RELAY
2442 
2443 to the access map, where 10.1 is your local network.  You may
2444 want to use "RELAY" instead of "OK" to allow also relaying
2445 instead of just disabling the DNS lookups in the blacklists.
2446 
2447 
2448 The features described above make use of the check_relay, check_mail,
2449 and check_rcpt rulesets.  Note that check_relay checks the SMTP
2450 client hostname and IP address when the connection is made to your
2451 server.  It does not check if a mail message is being relayed to
2452 another server.  That check is done in check_rcpt.  If you wish to
2453 include your own checks, you can put your checks in the rulesets
2454 Local_check_relay, Local_check_mail, and Local_check_rcpt.  For
2455 example if you wanted to block senders with all numeric usernames
2456 (i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2457 regex map:
2458 
2459 	LOCAL_CONFIG
2460 	Kallnumbers regex -a@MATCH ^[0-9]+$
2461 
2462 	LOCAL_RULESETS
2463 	SLocal_check_mail
2464 	# check address against various regex checks
2465 	R$*				$: $>Parse0 $>3 $1
2466 	R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $)
2467 	R@MATCH				$#error $: 553 Header Error
2468 
2469 These rules are called with the original arguments of the corresponding
2470 check_* ruleset.  If the local ruleset returns $#OK, no further checking
2471 is done by the features described above and the mail is accepted.  If
2472 the local ruleset resolves to a mailer (such as $#error or $#discard),
2473 the appropriate action is taken.  Other results starting with $# are
2474 interpreted by sendmail and may lead to unspecified behavior.  Note: do
2475 NOT create a mailer with the name OK.  Return values that do not start
2476 with $# are ignored, i.e., normal processing continues.
2477 
2478 Delay all checks
2479 ----------------
2480 
2481 By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2482 will not be called when a client connects or issues a MAIL command,
2483 respectively.  Instead, those rulesets will be called by the check_rcpt
2484 ruleset; they will be skipped if a sender has been authenticated using
2485 a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2486 If check_mail returns an error then the RCPT TO command will be rejected
2487 with that error.  If it returns some other result starting with $# then
2488 check_relay will be skipped.  If the sender address (or a part of it) is
2489 listed in the access map and it has a RHS of OK or RELAY, then check_relay
2490 will be skipped.  This has an interesting side effect: if your domain is
2491 my.domain and you have
2492 
2493 	my.domain	RELAY
2494 
2495 in the access map, then any e-mail with a sender address of
2496 <user@my.domain> will not be rejected by check_relay even though
2497 it would match the hostname or IP address.  This allows spammers
2498 to get around DNS based blacklist by faking the sender address.  To
2499 avoid this problem you have to use tagged entries:
2500 
2501 	To:my.domain		RELAY
2502 	Connect:my.domain	RELAY
2503 
2504 if you need those entries at all (class {R} may take care of them).
2505 
2506 FEATURE(`delay_checks') can take an optional argument:
2507 
2508 	FEATURE(`delay_checks', `friend')
2509 		 enables spamfriend test
2510 	FEATURE(`delay_checks', `hater')
2511 		 enables spamhater test
2512 
2513 If such an argument is given, the recipient will be looked up in the
2514 access map (using the tag Spam:).  If the argument is `friend', then
2515 the default behavior is to apply the other rulesets and make a SPAM
2516 friend the exception.  The rulesets check_mail and check_relay will be
2517 skipped only if the recipient address is found and has RHS FRIEND.  If
2518 the argument is `hater', then the default behavior is to skip the rulesets
2519 check_mail and check_relay and make a SPAM hater the exception.  The
2520 other two rulesets will be applied only if the recipient address is
2521 found and has RHS HATER.
2522 
2523 This allows for simple exceptions from the tests, e.g., by activating
2524 the friend option and having
2525 
2526 	Spam:abuse@	FRIEND
2527 
2528 in the access map, mail to abuse@localdomain will get through (where
2529 "localdomain" is any domain in class {w}).  It is also possible to
2530 specify a full address or an address with +detail:
2531 
2532 	Spam:abuse@my.domain	FRIEND
2533 	Spam:me+abuse@		FRIEND
2534 	Spam:spam.domain	FRIEND
2535 
2536 Note: The required tag has been changed in 8.12 from To: to Spam:.
2537 This change is incompatible to previous versions.  However, you can
2538 (for now) simply add the new entries to the access map, the old
2539 ones will be ignored.  As soon as you removed the old entries from
2540 the access map, specify a third parameter (`n') to this feature and
2541 the backward compatibility rules will not be in the generated .cf
2542 file.
2543 
2544 Header Checks
2545 -------------
2546 
2547 You can also reject mail on the basis of the contents of headers.
2548 This is done by adding a ruleset call to the 'H' header definition command
2549 in sendmail.cf.  For example, this can be used to check the validity of
2550 a Message-ID: header:
2551 
2552 	LOCAL_CONFIG
2553 	HMessage-Id: $>CheckMessageId
2554 
2555 	LOCAL_RULESETS
2556 	SCheckMessageId
2557 	R< $+ @ $+ >		$@ OK
2558 	R$*			$#error $: 553 Header Error
2559 
2560 The alternative format:
2561 
2562 	HSubject: $>+CheckSubject
2563 
2564 that is, $>+ instead of $>, gives the full Subject: header including
2565 comments to the ruleset (comments in parentheses () are stripped
2566 by default).
2567 
2568 A default ruleset for headers which don't have a specific ruleset
2569 defined for them can be given by:
2570 
2571 	H*: $>CheckHdr
2572 
2573 Notice:
2574 1. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2575 That may cause problems with simple header checks due to the
2576 tokenization.  It might be simpler to use a regex map and apply it
2577 to $&{currHeader}.
2578 2. There are no default rulesets coming with this distribution of
2579 sendmail.  You can write your own or search the WWW for examples.
2580 3. When using a default ruleset for headers, the name of the header
2581 currently being checked can be found in the $&{hdr_name} macro.
2582 
2583 After all of the headers are read, the check_eoh ruleset will be called for
2584 any final header-related checks.  The ruleset is called with the number of
2585 headers and the size of all of the headers in bytes separated by $|.  One
2586 example usage is to reject messages which do not have a Message-Id:
2587 header.  However, the Message-Id: header is *NOT* a required header and is
2588 not a guaranteed spam indicator.  This ruleset is an example and should
2589 probably not be used in production.
2590 
2591 	LOCAL_CONFIG
2592 	Kstorage macro
2593 	HMessage-Id: $>CheckMessageId
2594 
2595 	LOCAL_RULESETS
2596 	SCheckMessageId
2597 	# Record the presence of the header
2598 	R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
2599 	R< $+ @ $+ >		$@ OK
2600 	R$*			$#error $: 553 Header Error
2601 
2602 	Scheck_eoh
2603 	# Check the macro
2604 	R$*			$: < $&{MessageIdCheck} >
2605 	# Clear the macro for the next message
2606 	R$*			$: $(storage {MessageIdCheck} $) $1
2607 	# Has a Message-Id: header
2608 	R< $+ >			$@ OK
2609 	# Allow missing Message-Id: from local mail
2610 	R$*			$: < $&{client_name} >
2611 	R< >			$@ OK
2612 	R< $=w >		$@ OK
2613 	# Otherwise, reject the mail
2614 	R$*			$#error $: 553 Header Error
2615 
2616 
2617 +--------------------+
2618 | CONNECTION CONTROL |
2619 +--------------------+
2620 
2621 The features ratecontrol and conncontrol allow to establish connection
2622 limits per client IP address or net.  These features can limit the
2623 rate of connections (connections per time unit) or the number of
2624 incoming SMTP connections, respectively.  If enabled, appropriate
2625 rulesets are called at the end of check_relay, i.e., after DNS
2626 blacklists and generic access_db operations.  The features require
2627 FEATURE(`access_db') to be listed earlier in the mc file.
2628 
2629 Note: FEATURE(`delay_checks') delays those connection control checks
2630 after a recipient address has been received, hence making these
2631 connection control features less useful.  To run the checks as early
2632 as possible, specify the parameter `nodelay', e.g.,
2633 
2634 	FEATURE(`ratecontrol', `nodelay')
2635 
2636 In that case, FEATURE(`delay_checks') has no effect on connection
2637 control (and it must be specified earlier in the mc file).
2638 
2639 An optional second argument `terminate' specifies whether the
2640 rulesets should return the error code 421 which will cause
2641 sendmail to terminate the session with that error if it is
2642 returned from check_relay, i.e., not delayed as explained in
2643 the previous paragraph.  Example:
2644 
2645 	FEATURE(`ratecontrol', `nodelay', `terminate')
2646 
2647 
2648 +----------+
2649 | STARTTLS |
2650 +----------+
2651 
2652 In this text, cert will be used as an abbreviation for X.509 certificate,
2653 DN (CN) is the distinguished (common) name of a cert, and CA is a
2654 certification authority, which signs (issues) certs.
2655 
2656 For STARTTLS to be offered by sendmail you need to set at least
2657 these variables (the file names and paths are just examples):
2658 
2659 	define(`confCACERT_PATH', `/etc/mail/certs/')
2660 	define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
2661 	define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
2662 	define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
2663 
2664 On systems which do not have the compile flag HASURANDOM set (see
2665 sendmail/README) you also must set confRAND_FILE.
2666 
2667 See doc/op/op.{me,ps,txt} for more information about these options,
2668 especially the sections ``Certificates for STARTTLS'' and ``PRNG for
2669 STARTTLS''.
2670 
2671 Macros related to STARTTLS are:
2672 
2673 ${cert_issuer} holds the DN of the CA (the cert issuer).
2674 ${cert_subject} holds the DN of the cert (called the cert subject).
2675 ${cn_issuer} holds the CN of the CA (the cert issuer).
2676 ${cn_subject} holds the CN of the cert (called the cert subject).
2677 ${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
2678 	TLSv1/SSLv3, SSLv3, SSLv2.
2679 ${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
2680 	EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
2681 ${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
2682 	used for the connection.
2683 ${verify} holds the result of the verification of the presented cert.
2684 	Possible values are:
2685 	OK	 verification succeeded.
2686 	NO	 no cert presented.
2687 	NOT	 no cert requested.
2688 	FAIL	 cert presented but could not be verified,
2689 		 e.g., the cert of the signing CA is missing.
2690 	NONE	 STARTTLS has not been performed.
2691 	TEMP	 temporary error occurred.
2692 	PROTOCOL protocol error occurred (SMTP level).
2693 	SOFTWARE STARTTLS handshake failed.
2694 ${server_name} the name of the server of the current outgoing SMTP
2695 	connection.
2696 ${server_addr} the address of the server of the current outgoing SMTP
2697 	connection.
2698 
2699 Relaying
2700 --------
2701 
2702 SMTP STARTTLS can allow relaying for remote SMTP clients which have
2703 successfully authenticated themselves.  If the verification of the cert
2704 failed (${verify} != OK), relaying is subject to the usual rules.
2705 Otherwise the DN of the issuer is looked up in the access map using the
2706 tag CERTISSUER.  If the resulting value is RELAY, relaying is allowed.
2707 If it is SUBJECT, the DN of the cert subject is looked up next in the
2708 access map using the tag CERTSUBJECT.  If the value is RELAY, relaying
2709 is allowed.
2710 
2711 To make things a bit more flexible (or complicated), the values for
2712 ${cert_issuer} and ${cert_subject} can be optionally modified by regular
2713 expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
2714 _CERT_REGEX_SUBJECT_, respectively.  To avoid problems with those macros in
2715 rulesets and map lookups, they are modified as follows: each non-printable
2716 character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
2717 by their HEX value with a leading '+'.  For example:
2718 
2719 /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
2720 darth+cert@endmail.org
2721 
2722 is encoded as:
2723 
2724 /C=US/ST=California/O=endmail.org/OU=private/CN=
2725 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2726 
2727 (line breaks have been inserted for readability).
2728 
2729 The  macros  which are subject to this encoding are ${cert_subject},
2730 ${cert_issuer},  ${cn_subject},  and ${cn_issuer}.
2731 
2732 Examples:
2733 
2734 To allow relaying for everyone who can present a cert signed by
2735 
2736 /C=US/ST=California/O=endmail.org/OU=private/CN=
2737 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2738 
2739 simply use:
2740 
2741 CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2742 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	RELAY
2743 
2744 To allow relaying only for a subset of machines that have a cert signed by
2745 
2746 /C=US/ST=California/O=endmail.org/OU=private/CN=
2747 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2748 
2749 use:
2750 
2751 CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2752 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	SUBJECT
2753 CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
2754 DeathStar/Email=deathstar@endmail.org		RELAY
2755 
2756 Notes:
2757 - line breaks have been inserted after "CN=" for readability,
2758   each tagged entry must be one (long) line in the access map.
2759 - if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
2760   is replaced by "emailAddress=".
2761 
2762 Of course it is also possible to write a simple ruleset that allows
2763 relaying for everyone who can present a cert that can be verified, e.g.,
2764 
2765 LOCAL_RULESETS
2766 SLocal_check_rcpt
2767 R$*	$: $&{verify}
2768 ROK	$# OK
2769 
2770 Allowing Connections
2771 --------------------
2772 
2773 The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
2774 an SMTP connection is accepted (or should continue).
2775 
2776 tls_server is called when sendmail acts as client after a STARTTLS command
2777 (should) have been issued.  The parameter is the value of ${verify}.
2778 
2779 tls_client is called when sendmail acts as server, after a STARTTLS command
2780 has been issued, and from check_mail.  The parameter is the value of
2781 ${verify} and STARTTLS or MAIL, respectively.
2782 
2783 Both rulesets behave the same.  If no access map is in use, the connection
2784 will be accepted unless ${verify} is SOFTWARE, in which case the connection
2785 is always aborted.  For tls_server/tls_client, ${client_name}/${server_name}
2786 is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
2787 with the ruleset LookUpDomain.  If no entry is found, ${client_addr}
2788 (${server_addr}) is looked up in the access map (same tag, ruleset
2789 LookUpAddr).  If this doesn't result in an entry either, just the tag is
2790 looked up in the access map (included the trailing colon).  Notice:
2791 requiring that e-mail is sent to a server only encrypted, e.g., via
2792 
2793 TLS_Srv:secure.domain	ENCR:112
2794 
2795 doesn't necessarily mean that e-mail sent to that domain is encrypted.
2796 If the domain has multiple MX servers, e.g.,
2797 
2798 secure.domain.	IN MX 10	mail.secure.domain.
2799 secure.domain.	IN MX 50	mail.other.domain.
2800 
2801 then mail to user@secure.domain may go unencrypted to mail.other.domain.
2802 tls_rcpt can be used to address this problem.
2803 
2804 tls_rcpt is called before a RCPT TO: command is sent.  The parameter is the
2805 current recipient.  This ruleset is only defined if FEATURE(`access_db')
2806 is selected.  A recipient address user@domain is looked up in the access
2807 map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
2808 and TLS_Rcpt:; the first match is taken.
2809 
2810 The result of the lookups is then used to call the ruleset TLS_connection,
2811 which checks the requirement specified by the RHS in the access map against
2812 the actual parameters of the current TLS connection, esp. ${verify} and
2813 ${cipher_bits}.  Legal RHSs in the access map are:
2814 
2815 VERIFY		verification must have succeeded
2816 VERIFY:bits	verification must have succeeded and ${cipher_bits} must
2817 		be greater than or equal bits.
2818 ENCR:bits	${cipher_bits} must be greater than or equal bits.
2819 
2820 The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
2821 or permanent error.  The default is a temporary error code (403 4.7.0)
2822 unless the macro TLS_PERM_ERR is set during generation of the .cf file.
2823 
2824 If a certain level of encryption is required, then it might also be
2825 possible that this level is provided by the security layer from a SASL
2826 algorithm, e.g., DIGEST-MD5.
2827 
2828 Furthermore, there can be a list of extensions added.  Such a list
2829 starts with '+' and the items are separated by '++'.  Allowed
2830 extensions are:
2831 
2832 CN:name		name must match ${cn_subject}
2833 CN		${server_name} must match ${cn_subject}
2834 CS:name		name must match ${cert_subject}
2835 CI:name		name must match ${cert_issuer}
2836 
2837 Example: e-mail sent to secure.example.com should only use an encrypted
2838 connection.  E-mail received from hosts within the laptop.example.com domain
2839 should only be accepted if they have been authenticated.  The host which
2840 receives e-mail for darth@endmail.org must present a cert that uses the
2841 CN smtp.endmail.org.
2842 
2843 TLS_Srv:secure.example.com      ENCR:112
2844 TLS_Clt:laptop.example.com      PERM+VERIFY:112
2845 TLS_Rcpt:darth@endmail.org	ENCR:112+CN:smtp.endmail.org
2846 
2847 
2848 Disabling STARTTLS And Setting SMTP Server Features
2849 ---------------------------------------------------
2850 
2851 By default STARTTLS is used whenever possible.  However, there are
2852 some broken MTAs that don't properly implement STARTTLS.  To be able
2853 to send to (or receive from) those MTAs, the ruleset try_tls
2854 (srv_features) can be used that work together with the access map.
2855 Entries for the access map must be tagged with Try_TLS (Srv_Features)
2856 and refer to the hostname or IP address of the connecting system.
2857 A default case can be specified by using just the tag.  For example,
2858 the following entries in the access map:
2859 
2860 	Try_TLS:broken.server	NO
2861 	Srv_Features:my.domain	v
2862 	Srv_Features:		V
2863 
2864 will turn off STARTTLS when sending to broken.server (or any host
2865 in that domain), and request a client certificate during the TLS
2866 handshake only for hosts in my.domain.  The valid entries on the RHS
2867 for Srv_Features are listed in the Sendmail Installation and
2868 Operations Guide.
2869 
2870 
2871 Received: Header
2872 ----------------
2873 
2874 The Received: header reveals whether STARTTLS has been used.  It contains an
2875 extra line:
2876 
2877 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
2878 
2879 
2880 +--------------------------------+
2881 | ADDING NEW MAILERS OR RULESETS |
2882 +--------------------------------+
2883 
2884 Sometimes you may need to add entirely new mailers or rulesets.  They
2885 should be introduced with the constructs MAILER_DEFINITIONS and
2886 LOCAL_RULESETS respectively.  For example:
2887 
2888 	MAILER_DEFINITIONS
2889 	Mmymailer, ...
2890 	...
2891 
2892 	LOCAL_RULESETS
2893 	Smyruleset
2894 	...
2895 
2896 Local additions for the rulesets srv_features, try_tls, tls_rcpt,
2897 tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
2898 LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
2899 respectively.  For example, to add a local ruleset that decides
2900 whether to try STARTTLS in a sendmail client, use:
2901 
2902 	LOCAL_TRY_TLS
2903 	R...
2904 
2905 Note: you don't need to add a name for the ruleset, it is implicitly
2906 defined by using the appropriate macro.
2907 
2908 
2909 +-------------------------+
2910 | ADDING NEW MAIL FILTERS |
2911 +-------------------------+
2912 
2913 Sendmail supports mail filters to filter incoming SMTP messages according
2914 to the "Sendmail Mail Filter API" documentation.  These filters can be
2915 configured in your mc file using the two commands:
2916 
2917 	MAIL_FILTER(`name', `equates')
2918 	INPUT_MAIL_FILTER(`name', `equates')
2919 
2920 The first command, MAIL_FILTER(), simply defines a filter with the given
2921 name and equates.  For example:
2922 
2923 	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2924 
2925 This creates the equivalent sendmail.cf entry:
2926 
2927 	Xarchive, S=local:/var/run/archivesock, F=R
2928 
2929 The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
2930 but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
2931 of the filter such that the filter will actually be called by sendmail.
2932 
2933 For example, the two commands:
2934 
2935 	INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2936 	INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2937 
2938 are equivalent to the three commands:
2939 
2940 	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2941 	MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2942 	define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
2943 
2944 In general, INPUT_MAIL_FILTER() should be used unless you need to define
2945 more filters than you want to use for `confINPUT_MAIL_FILTERS'.
2946 
2947 Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
2948 commands will clear the list created by the prior INPUT_MAIL_FILTER()
2949 commands.
2950 
2951 
2952 +-------------------------+
2953 | QUEUE GROUP DEFINITIONS |
2954 +-------------------------+
2955 
2956 In addition to the queue directory (which is the default queue group
2957 called "mqueue"), sendmail can deal with multiple queue groups, which
2958 are collections of queue directories with the same behaviour.  Queue
2959 groups can be defined using the command:
2960 
2961 	QUEUE_GROUP(`name', `equates')
2962 
2963 For details about queue groups, please see doc/op/op.{me,ps,txt}.
2964 
2965 +-------------------------------+
2966 | NON-SMTP BASED CONFIGURATIONS |
2967 +-------------------------------+
2968 
2969 These configuration files are designed primarily for use by
2970 SMTP-based sites.  They may not be well tuned for UUCP-only or
2971 UUCP-primarily nodes (the latter is defined as a small local net
2972 connected to the rest of the world via UUCP).  However, there is
2973 one hook to handle some special cases.
2974 
2975 You can define a ``smart host'' that understands a richer address syntax
2976 using:
2977 
2978 	define(`SMART_HOST', `mailer:hostname')
2979 
2980 In this case, the ``mailer:'' defaults to "relay".  Any messages that
2981 can't be handled using the usual UUCP rules are passed to this host.
2982 
2983 If you are on a local SMTP-based net that connects to the outside
2984 world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
2985 For example:
2986 
2987 	define(`SMART_HOST', `uucp-new:uunet')
2988 	LOCAL_NET_CONFIG
2989 	R$* < @ $* .$m. > $*	$#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
2990 
2991 This will cause all names that end in your domain name ($m) to be sent
2992 via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
2993 If you have FEATURE(`nocanonify'), you may need to omit the dots after
2994 the $m.  If you are running a local DNS inside your domain which is
2995 not otherwise connected to the outside world, you probably want to
2996 use:
2997 
2998 	define(`SMART_HOST', `smtp:fire.wall.com')
2999 	LOCAL_NET_CONFIG
3000 	R$* < @ $* . > $*	$#smtp $@ $2. $: $1 < @ $2. > $3
3001 
3002 That is, send directly only to things you found in your DNS lookup;
3003 anything else goes through SMART_HOST.
3004 
3005 You may need to turn off the anti-spam rules in order to accept
3006 UUCP mail with FEATURE(`promiscuous_relay') and
3007 FEATURE(`accept_unresolvable_domains').
3008 
3009 
3010 +-----------+
3011 | WHO AM I? |
3012 +-----------+
3013 
3014 Normally, the $j macro is automatically defined to be your fully
3015 qualified domain name (FQDN).  Sendmail does this by getting your
3016 host name using gethostname and then calling gethostbyname on the
3017 result.  For example, in some environments gethostname returns
3018 only the root of the host name (such as "foo"); gethostbyname is
3019 supposed to return the FQDN ("foo.bar.com").  In some (fairly rare)
3020 cases, gethostbyname may fail to return the FQDN.  In this case
3021 you MUST define confDOMAIN_NAME to be your fully qualified domain
3022 name.  This is usually done using:
3023 
3024 	Dmbar.com
3025 	define(`confDOMAIN_NAME', `$w.$m')dnl
3026 
3027 
3028 +-----------------------------------+
3029 | ACCEPTING MAIL FOR MULTIPLE NAMES |
3030 +-----------------------------------+
3031 
3032 If your host is known by several different names, you need to augment
3033 class {w}.  This is a list of names by which your host is known, and
3034 anything sent to an address using a host name in this list will be
3035 treated as local mail.  You can do this in two ways:  either create the
3036 file /etc/mail/local-host-names containing a list of your aliases (one per
3037 line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3038 ``LOCAL_DOMAIN(`alias.host.name')''.  Be sure you use the fully-qualified
3039 name of the host, rather than a short name.
3040 
3041 If you want to have different address in different domains, take
3042 a look at the virtusertable feature, which is also explained at
3043 http://www.sendmail.org/virtual-hosting.html
3044 
3045 
3046 +--------------------+
3047 | USING MAILERTABLES |
3048 +--------------------+
3049 
3050 To use FEATURE(`mailertable'), you will have to create an external
3051 database containing the routing information for various domains.
3052 For example, a mailertable file in text format might be:
3053 
3054 	.my.domain		xnet:%1.my.domain
3055 	uuhost1.my.domain	uucp-new:uuhost1
3056 	.bitnet			smtp:relay.bit.net
3057 
3058 This should normally be stored in /etc/mail/mailertable.  The actual
3059 database version of the mailertable is built using:
3060 
3061 	makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3062 
3063 The semantics are simple.  Any LHS entry that does not begin with
3064 a dot matches the full host name indicated.  LHS entries beginning
3065 with a dot match anything ending with that domain name (including
3066 the leading dot) -- that is, they can be thought of as having a
3067 leading ".+" regular expression pattern for a non-empty sequence of
3068 characters.  Matching is done in order of most-to-least qualified
3069 -- for example, even though ".my.domain" is listed first in the
3070 above example, an entry of "uuhost1.my.domain" will match the second
3071 entry since it is more explicit.  Note: e-mail to "user@my.domain"
3072 does not match any entry in the above table.  You need to have
3073 something like:
3074 
3075 	my.domain		esmtp:host.my.domain
3076 
3077 The RHS should always be a "mailer:host" pair.  The mailer is the
3078 configuration name of a mailer (that is, an M line in the
3079 sendmail.cf file).  The "host" will be the hostname passed to
3080 that mailer.  In domain-based matches (that is, those with leading
3081 dots) the "%1" may be used to interpolate the wildcarded part of
3082 the host name.  For example, the first line above sends everything
3083 addressed to "anything.my.domain" to that same host name, but using
3084 the (presumably experimental) xnet mailer.
3085 
3086 In some cases you may want to temporarily turn off MX records,
3087 particularly on gateways.  For example, you may want to MX
3088 everything in a domain to one machine that then forwards it
3089 directly.  To do this, you might use the DNS configuration:
3090 
3091 	*.domain.	IN	MX	0	relay.machine
3092 
3093 and on relay.machine use the mailertable:
3094 
3095 	.domain		smtp:[gateway.domain]
3096 
3097 The [square brackets] turn off MX records for this host only.
3098 If you didn't do this, the mailertable would use the MX record
3099 again, which would give you an MX loop.  Note that the use of
3100 wildcard MX records is almost always a bad idea.  Please avoid
3101 using them if possible.
3102 
3103 
3104 +--------------------------------+
3105 | USING USERDB TO MAP FULL NAMES |
3106 +--------------------------------+
3107 
3108 The user database was not originally intended for mapping full names
3109 to login names (e.g., Eric.Allman => eric), but some people are using
3110 it that way.  (it is recommended that you set up aliases for this
3111 purpose instead -- since you can specify multiple alias files, this
3112 is fairly easy.)  The intent was to locate the default maildrop at
3113 a site, but allow you to override this by sending to a specific host.
3114 
3115 If you decide to set up the user database in this fashion, it is
3116 imperative that you not use FEATURE(`stickyhost') -- otherwise,
3117 e-mail sent to Full.Name@local.host.name will be rejected.
3118 
3119 To build the internal form of the user database, use:
3120 
3121 	makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3122 
3123 As a general rule, it is an extremely bad idea to using full names
3124 as e-mail addresses, since they are not in any sense unique.  For
3125 example, the UNIX software-development community has at least two
3126 well-known Peter Deutsches, and at one time Bell Labs had two
3127 Stephen R. Bournes with offices along the same hallway.  Which one
3128 will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3129 The less famous of the two, or the one that was hired later?
3130 
3131 Finger should handle full names (and be fuzzy).  Mail should use
3132 handles, and not be fuzzy.
3133 
3134 
3135 +--------------------------------+
3136 | MISCELLANEOUS SPECIAL FEATURES |
3137 +--------------------------------+
3138 
3139 Plussed users
3140 	Sometimes it is convenient to merge configuration on a
3141 	centralized mail machine, for example, to forward all
3142 	root mail to a mail server.  In this case it might be
3143 	useful to be able to treat the root addresses as a class
3144 	of addresses with subtle differences.  You can do this
3145 	using plussed users.  For example, a client might include
3146 	the alias:
3147 
3148 		root:  root+client1@server
3149 
3150 	On the server, this will match an alias for "root+client1".
3151 	If that is not found, the alias "root+*" will be tried,
3152 	then "root".
3153 
3154 
3155 +----------------+
3156 | SECURITY NOTES |
3157 +----------------+
3158 
3159 A lot of sendmail security comes down to you.  Sendmail 8 is much
3160 more careful about checking for security problems than previous
3161 versions, but there are some things that you still need to watch
3162 for.  In particular:
3163 
3164 * Make sure the aliases file is not writable except by trusted
3165   system personnel.  This includes both the text and database
3166   version.
3167 
3168 * Make sure that other files that sendmail reads, such as the
3169   mailertable, are only writable by trusted system personnel.
3170 
3171 * The queue directory should not be world writable PARTICULARLY
3172   if your system allows "file giveaways" (that is, if a non-root
3173   user can chown any file they own to any other user).
3174 
3175 * If your system allows file giveaways, DO NOT create a publically
3176   writable directory for forward files.  This will allow anyone
3177   to steal anyone else's e-mail.  Instead, create a script that
3178   copies the .forward file from users' home directories once a
3179   night (if you want the non-NFS-mounted forward directory).
3180 
3181 * If your system allows file giveaways, you'll find that
3182   sendmail is much less trusting of :include: files -- in
3183   particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3184   /etc/shells before they will be trusted (that is, before
3185   files and programs listed in them will be honored).
3186 
3187 In general, file giveaways are a mistake -- if you can turn them
3188 off, do so.
3189 
3190 
3191 +--------------------------------+
3192 | TWEAKING CONFIGURATION OPTIONS |
3193 +--------------------------------+
3194 
3195 There are a large number of configuration options that don't normally
3196 need to be changed.  However, if you feel you need to tweak them,
3197 you can define the following M4 variables. Note that some of these
3198 variables require formats that are defined in RFC 2821 or RFC 2822.
3199 Before changing them you need to make sure you do not violate those
3200 (and other relevant) RFCs.
3201 
3202 This list is shown in four columns:  the name you define, the default
3203 value for that definition, the option or macro that is affected
3204 (either Ox for an option or Dx for a macro), and a brief description.
3205 
3206 Some options are likely to be deprecated in future versions -- that is,
3207 the option is only included to provide back-compatibility.  These are
3208 marked with "*".
3209 
3210 Remember that these options are M4 variables, and hence may need to
3211 be quoted.  In particular, arguments with commas will usually have to
3212 be ``double quoted, like this phrase'' to avoid having the comma
3213 confuse things.  This is common for alias file definitions and for
3214 the read timeout.
3215 
3216 M4 Variable Name	Configuration	[Default] & Description
3217 ================	=============	=======================
3218 confMAILER_NAME		$n macro	[MAILER-DAEMON] The sender name used
3219 					for internally generated outgoing
3220 					messages.
3221 confDOMAIN_NAME		$j macro	If defined, sets $j.  This should
3222 					only be done if your system cannot
3223 					determine your local domain name,
3224 					and then it should be set to
3225 					$w.Foo.COM, where Foo.COM is your
3226 					domain name.
3227 confCF_VERSION		$Z macro	If defined, this is appended to the
3228 					configuration version name.
3229 confLDAP_CLUSTER	${sendmailMTACluster} macro
3230 					If defined, this is the LDAP
3231 					cluster to use for LDAP searches
3232 					as described above in ``USING LDAP
3233 					FOR ALIASES, MAPS, AND CLASSES''.
3234 confFROM_HEADER		From:		[$?x$x <$g>$|$g$.] The format of an
3235 					internally generated From: address.
3236 confRECEIVED_HEADER	Received:
3237 		[$?sfrom $s $.$?_($?s$|from $.$_)
3238 			$.$?{auth_type}(authenticated)
3239 			$.by $j ($v/$Z)$?r with $r$. id $i$?u
3240 			for $u; $|;
3241 			$.$b]
3242 					The format of the Received: header
3243 					in messages passed through this host.
3244 					It is unwise to try to change this.
3245 confMESSAGEID_HEADER	Message-Id:	[<$t.$i@$j>] The format of an
3246 					internally generated Message-Id:
3247 					header.
3248 confCW_FILE		Fw class	[/etc/mail/local-host-names] Name
3249 					of file used to get the local
3250 					additions to class {w} (local host
3251 					names).
3252 confCT_FILE		Ft class	[/etc/mail/trusted-users] Name of
3253 					file used to get the local additions
3254 					to class {t} (trusted users).
3255 confCR_FILE		FR class	[/etc/mail/relay-domains] Name of
3256 					file used to get the local additions
3257 					to class {R} (hosts allowed to relay).
3258 confTRUSTED_USERS	Ct class	[no default] Names of users to add to
3259 					the list of trusted users.  This list
3260 					always includes root, uucp, and daemon.
3261 					See also FEATURE(`use_ct_file').
3262 confTRUSTED_USER	TrustedUser	[no default] Trusted user for file
3263 					ownership and starting the daemon.
3264 					Not to be confused with
3265 					confTRUSTED_USERS (see above).
3266 confSMTP_MAILER		-		[esmtp] The mailer name used when
3267 					SMTP connectivity is required.
3268 					One of "smtp", "smtp8",
3269 					"esmtp", or "dsmtp".
3270 confUUCP_MAILER		-		[uucp-old] The mailer to be used by
3271 					default for bang-format recipient
3272 					addresses.  See also discussion of
3273 					class {U}, class {Y}, and class {Z}
3274 					in the MAILER(`uucp') section.
3275 confLOCAL_MAILER	-		[local] The mailer name used when
3276 					local connectivity is required.
3277 					Almost always "local".
3278 confRELAY_MAILER	-		[relay] The default mailer name used
3279 					for relaying any mail (e.g., to a
3280 					BITNET_RELAY, a SMART_HOST, or
3281 					whatever).  This can reasonably be
3282 					"uucp-new" if you are on a
3283 					UUCP-connected site.
3284 confSEVEN_BIT_INPUT	SevenBitInput	[False] Force input to seven bits?
3285 confEIGHT_BIT_HANDLING	EightBitMode	[pass8] 8-bit data handling
3286 confALIAS_WAIT		AliasWait	[10m] Time to wait for alias file
3287 					rebuild until you get bored and
3288 					decide that the apparently pending
3289 					rebuild failed.
3290 confMIN_FREE_BLOCKS	MinFreeBlocks	[100] Minimum number of free blocks on
3291 					queue filesystem to accept SMTP mail.
3292 					(Prior to 8.7 this was minfree/maxsize,
3293 					where minfree was the number of free
3294 					blocks and maxsize was the maximum
3295 					message size.  Use confMAX_MESSAGE_SIZE
3296 					for the second value now.)
3297 confMAX_MESSAGE_SIZE	MaxMessageSize	[infinite] The maximum size of messages
3298 					that will be accepted (in bytes).
3299 confBLANK_SUB		BlankSub	[.] Blank (space) substitution
3300 					character.
3301 confCON_EXPENSIVE	HoldExpensive	[False] Avoid connecting immediately
3302 					to mailers marked expensive.
3303 confCHECKPOINT_INTERVAL	CheckpointInterval
3304 					[10] Checkpoint queue files every N
3305 					recipients.
3306 confDELIVERY_MODE	DeliveryMode	[background] Default delivery mode.
3307 confERROR_MODE		ErrorMode	[print] Error message mode.
3308 confERROR_MESSAGE	ErrorHeader	[undefined] Error message header/file.
3309 confSAVE_FROM_LINES	SaveFromLine	Save extra leading From_ lines.
3310 confTEMP_FILE_MODE	TempFileMode	[0600] Temporary file mode.
3311 confMATCH_GECOS		MatchGECOS	[False] Match GECOS field.
3312 confMAX_HOP		MaxHopCount	[25] Maximum hop count.
3313 confIGNORE_DOTS*	IgnoreDots	[False; always False in -bs or -bd
3314 					mode] Ignore dot as terminator for
3315 					incoming messages?
3316 confBIND_OPTS		ResolverOptions	[undefined] Default options for DNS
3317 					resolver.
3318 confMIME_FORMAT_ERRORS*	SendMimeErrors	[True] Send error messages as MIME-
3319 					encapsulated messages per RFC 1344.
3320 confFORWARD_PATH	ForwardPath	[$z/.forward.$w:$z/.forward]
3321 					The colon-separated list of places to
3322 					search for .forward files.  N.B.: see
3323 					the Security Notes section.
3324 confMCI_CACHE_SIZE	ConnectionCacheSize
3325 					[2] Size of open connection cache.
3326 confMCI_CACHE_TIMEOUT	ConnectionCacheTimeout
3327 					[5m] Open connection cache timeout.
3328 confHOST_STATUS_DIRECTORY HostStatusDirectory
3329 					[undefined] If set, host status is kept
3330 					on disk between sendmail runs in the
3331 					named directory tree.  This need not be
3332 					a full pathname, in which case it is
3333 					interpreted relative to the queue
3334 					directory.
3335 confSINGLE_THREAD_DELIVERY  SingleThreadDelivery
3336 					[False] If this option and the
3337 					HostStatusDirectory option are both
3338 					set, single thread deliveries to other
3339 					hosts.  That is, don't allow any two
3340 					sendmails on this host to connect
3341 					simultaneously to any other single
3342 					host.  This can slow down delivery in
3343 					some cases, in particular since a
3344 					cached but otherwise idle connection
3345 					to a host will prevent other sendmails
3346 					from connecting to the other host.
3347 confUSE_ERRORS_TO*	UseErrorsTo	[False] Use the Errors-To: header to
3348 					deliver error messages.  This should
3349 					not be necessary because of general
3350 					acceptance of the envelope/header
3351 					distinction.
3352 confLOG_LEVEL		LogLevel	[9] Log level.
3353 confME_TOO		MeToo		[True] Include sender in group
3354 					expansions.  This option is
3355 					deprecated and will be removed from
3356 					a future version.
3357 confCHECK_ALIASES	CheckAliases	[False] Check RHS of aliases when
3358 					running newaliases.  Since this does
3359 					DNS lookups on every address, it can
3360 					slow down the alias rebuild process
3361 					considerably on large alias files.
3362 confOLD_STYLE_HEADERS*	OldStyleHeaders	[True] Assume that headers without
3363 					special chars are old style.
3364 confPRIVACY_FLAGS	PrivacyOptions	[authwarnings] Privacy flags.
3365 confCOPY_ERRORS_TO	PostmasterCopy	[undefined] Address for additional
3366 					copies of all error messages.
3367 confQUEUE_FACTOR	QueueFactor	[600000] Slope of queue-only function.
3368 confQUEUE_FILE_MODE	QueueFileMode	[undefined] Default permissions for
3369 					queue files (octal).  If not set,
3370 					sendmail uses 0600 unless its real
3371 					and effective uid are different in
3372 					which case it uses 0644.
3373 confDONT_PRUNE_ROUTES	DontPruneRoutes	[False] Don't prune down route-addr
3374 					syntax addresses to the minimum
3375 					possible.
3376 confSAFE_QUEUE*		SuperSafe	[True] Commit all messages to disk
3377 					before forking.
3378 confTO_INITIAL		Timeout.initial	[5m] The timeout waiting for a response
3379 					on the initial connect.
3380 confTO_CONNECT		Timeout.connect	[0] The timeout waiting for an initial
3381 					connect() to complete.  This can only
3382 					shorten connection timeouts; the kernel
3383 					silently enforces an absolute maximum
3384 					(which varies depending on the system).
3385 confTO_ICONNECT		Timeout.iconnect
3386 					[undefined] Like Timeout.connect, but
3387 					applies only to the very first attempt
3388 					to connect to a host in a message.
3389 					This allows a single very fast pass
3390 					followed by more careful delivery
3391 					attempts in the future.
3392 confTO_ACONNECT		Timeout.aconnect
3393 					[0] The overall timeout waiting for
3394 					all connection for a single delivery
3395 					attempt to succeed.  If 0, no overall
3396 					limit is applied.
3397 confTO_HELO		Timeout.helo	[5m] The timeout waiting for a response
3398 					to a HELO or EHLO command.
3399 confTO_MAIL		Timeout.mail	[10m] The timeout waiting for a
3400 					response to the MAIL command.
3401 confTO_RCPT		Timeout.rcpt	[1h] The timeout waiting for a response
3402 					to the RCPT command.
3403 confTO_DATAINIT		Timeout.datainit
3404 					[5m] The timeout waiting for a 354
3405 					response from the DATA command.
3406 confTO_DATABLOCK	Timeout.datablock
3407 					[1h] The timeout waiting for a block
3408 					during DATA phase.
3409 confTO_DATAFINAL	Timeout.datafinal
3410 					[1h] The timeout waiting for a response
3411 					to the final "." that terminates a
3412 					message.
3413 confTO_RSET		Timeout.rset	[5m] The timeout waiting for a response
3414 					to the RSET command.
3415 confTO_QUIT		Timeout.quit	[2m] The timeout waiting for a response
3416 					to the QUIT command.
3417 confTO_MISC		Timeout.misc	[2m] The timeout waiting for a response
3418 					to other SMTP commands.
3419 confTO_COMMAND		Timeout.command	[1h] In server SMTP, the timeout
3420 					waiting	for a command to be issued.
3421 confTO_IDENT		Timeout.ident	[5s] The timeout waiting for a
3422 					response to an IDENT query.
3423 confTO_FILEOPEN		Timeout.fileopen
3424 					[60s] The timeout waiting for a file
3425 					(e.g., :include: file) to be opened.
3426 confTO_LHLO		Timeout.lhlo	[2m] The timeout waiting for a response
3427 					to an LMTP LHLO command.
3428 confTO_STARTTLS		Timeout.starttls
3429 					[1h] The timeout waiting for a
3430 					response to an SMTP STARTTLS command.
3431 confTO_CONTROL		Timeout.control
3432 					[2m] The timeout for a complete
3433 					control socket transaction to complete.
3434 confTO_QUEUERETURN	Timeout.queuereturn
3435 					[5d] The timeout before a message is
3436 					returned as undeliverable.
3437 confTO_QUEUERETURN_NORMAL
3438 			Timeout.queuereturn.normal
3439 					[undefined] As above, for normal
3440 					priority messages.
3441 confTO_QUEUERETURN_URGENT
3442 			Timeout.queuereturn.urgent
3443 					[undefined] As above, for urgent
3444 					priority messages.
3445 confTO_QUEUERETURN_NONURGENT
3446 			Timeout.queuereturn.non-urgent
3447 					[undefined] As above, for non-urgent
3448 					(low) priority messages.
3449 confTO_QUEUERETURN_DSN
3450 			Timeout.queuereturn.dsn
3451 					[undefined] As above, for delivery
3452 					status notification messages.
3453 confTO_QUEUEWARN	Timeout.queuewarn
3454 					[4h] The timeout before a warning
3455 					message is sent to the sender telling
3456 					them that the message has been
3457 					deferred.
3458 confTO_QUEUEWARN_NORMAL	Timeout.queuewarn.normal
3459 					[undefined] As above, for normal
3460 					priority messages.
3461 confTO_QUEUEWARN_URGENT	Timeout.queuewarn.urgent
3462 					[undefined] As above, for urgent
3463 					priority messages.
3464 confTO_QUEUEWARN_NONURGENT
3465 			Timeout.queuewarn.non-urgent
3466 					[undefined] As above, for non-urgent
3467 					(low) priority messages.
3468 confTO_QUEUEWARN_DSN
3469 			Timeout.queuewarn.dsn
3470 					[undefined] As above, for delivery
3471 					status notification messages.
3472 confTO_HOSTSTATUS	Timeout.hoststatus
3473 					[30m] How long information about host
3474 					statuses will be maintained before it
3475 					is considered stale and the host should
3476 					be retried.  This applies both within
3477 					a single queue run and to persistent
3478 					information (see below).
3479 confTO_RESOLVER_RETRANS	Timeout.resolver.retrans
3480 					[varies] Sets the resolver's
3481 					retransmission time interval (in
3482 					seconds).  Sets both
3483 					Timeout.resolver.retrans.first and
3484 					Timeout.resolver.retrans.normal.
3485 confTO_RESOLVER_RETRANS_FIRST  Timeout.resolver.retrans.first
3486 					[varies] Sets the resolver's
3487 					retransmission time interval (in
3488 					seconds) for the first attempt to
3489 					deliver a message.
3490 confTO_RESOLVER_RETRANS_NORMAL  Timeout.resolver.retrans.normal
3491 					[varies] Sets the resolver's
3492 					retransmission time interval (in
3493 					seconds) for all resolver lookups
3494 					except the first delivery attempt.
3495 confTO_RESOLVER_RETRY	Timeout.resolver.retry
3496 					[varies] Sets the number of times
3497 					to retransmit a resolver query.
3498 					Sets both
3499 					Timeout.resolver.retry.first and
3500 					Timeout.resolver.retry.normal.
3501 confTO_RESOLVER_RETRY_FIRST  Timeout.resolver.retry.first
3502 					[varies] Sets the number of times
3503 					to retransmit a resolver query for
3504 					the first attempt to deliver a
3505 					message.
3506 confTO_RESOLVER_RETRY_NORMAL  Timeout.resolver.retry.normal
3507 					[varies] Sets the number of times
3508 					to retransmit a resolver query for
3509 					all resolver lookups except the
3510 					first delivery attempt.
3511 confTIME_ZONE		TimeZoneSpec	[USE_SYSTEM] Time zone info -- can be
3512 					USE_SYSTEM to use the system's idea,
3513 					USE_TZ to use the user's TZ envariable,
3514 					or something else to force that value.
3515 confDEF_USER_ID		DefaultUser	[1:1] Default user id.
3516 confUSERDB_SPEC		UserDatabaseSpec
3517 					[undefined] User database
3518 					specification.
3519 confFALLBACK_MX		FallbackMXhost	[undefined] Fallback MX host.
3520 confFALLBACK_SMARTHOST	FallbackSmartHost
3521 					[undefined] Fallback smart host.
3522 confTRY_NULL_MX_LIST	TryNullMXList	[False] If this host is the best MX
3523 					for a host and other arrangements
3524 					haven't been made, try connecting
3525 					to the host directly; normally this
3526 					would be a config error.
3527 confQUEUE_LA		QueueLA		[varies] Load average at which
3528 					queue-only function kicks in.
3529 					Default values is (8 * numproc)
3530 					where numproc is the number of
3531 					processors online (if that can be
3532 					determined).
3533 confREFUSE_LA		RefuseLA	[varies] Load average at which
3534 					incoming SMTP connections are
3535 					refused.  Default values is (12 *
3536 					numproc) where numproc is the
3537 					number of processors online (if
3538 					that can be determined).
3539 confREJECT_LOG_INTERVAL	RejectLogInterval	[3h] Log interval when
3540 					refusing connections for this long.
3541 confDELAY_LA		DelayLA		[0] Load average at which sendmail
3542 					will sleep for one second on most
3543 					SMTP commands and before accepting
3544 					connections.  0 means no limit.
3545 confMAX_ALIAS_RECURSION	MaxAliasRecursion
3546 					[10] Maximum depth of alias recursion.
3547 confMAX_DAEMON_CHILDREN	MaxDaemonChildren
3548 					[undefined] The maximum number of
3549 					children the daemon will permit.  After
3550 					this number, connections will be
3551 					rejected.  If not set or <= 0, there is
3552 					no limit.
3553 confMAX_HEADERS_LENGTH	MaxHeadersLength
3554 					[32768] Maximum length of the sum
3555 					of all headers.
3556 confMAX_MIME_HEADER_LENGTH  MaxMimeHeaderLength
3557 					[undefined] Maximum length of
3558 					certain MIME header field values.
3559 confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
3560 					[undefined] The maximum number of
3561 					connections permitted per second per
3562 					daemon.  After this many connections
3563 					are accepted, further connections
3564 					will be delayed.  If not set or <= 0,
3565 					there is no limit.
3566 confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
3567 					[60s] Define the length of the
3568 					interval for which the number of
3569 					incoming connections is maintained.
3570 confWORK_RECIPIENT_FACTOR
3571 			RecipientFactor	[30000] Cost of each recipient.
3572 confSEPARATE_PROC	ForkEachJob	[False] Run all deliveries in a
3573 					separate process.
3574 confWORK_CLASS_FACTOR	ClassFactor	[1800] Priority multiplier for class.
3575 confWORK_TIME_FACTOR	RetryFactor	[90000] Cost of each delivery attempt.
3576 confQUEUE_SORT_ORDER	QueueSortOrder	[Priority] Queue sort algorithm:
3577 					Priority, Host, Filename, Random,
3578 					Modification, or Time.
3579 confMIN_QUEUE_AGE	MinQueueAge	[0] The minimum amount of time a job
3580 					must sit in the queue between queue
3581 					runs.  This allows you to set the
3582 					queue run interval low for better
3583 					responsiveness without trying all
3584 					jobs in each run.
3585 confDEF_CHAR_SET	DefaultCharSet	[unknown-8bit] When converting
3586 					unlabeled 8 bit input to MIME, the
3587 					character set to use by default.
3588 confSERVICE_SWITCH_FILE	ServiceSwitchFile
3589 					[/etc/mail/service.switch] The file
3590 					to use for the service switch on
3591 					systems that do not have a
3592 					system-defined switch.
3593 confHOSTS_FILE		HostsFile	[/etc/hosts] The file to use when doing
3594 					"file" type access of hosts names.
3595 confDIAL_DELAY		DialDelay	[0s] If a connection fails, wait this
3596 					long and try again.  Zero means "don't
3597 					retry".  This is to allow "dial on
3598 					demand" connections to have enough time
3599 					to complete a connection.
3600 confNO_RCPT_ACTION	NoRecipientAction
3601 					[none] What to do if there are no legal
3602 					recipient fields (To:, Cc: or Bcc:)
3603 					in the message.  Legal values can
3604 					be "none" to just leave the
3605 					nonconforming message as is, "add-to"
3606 					to add a To: header with all the
3607 					known recipients (which may expose
3608 					blind recipients), "add-apparently-to"
3609 					to do the same but use Apparently-To:
3610 					instead of To: (strongly discouraged
3611 					in accordance with IETF standards),
3612 					"add-bcc" to add an empty Bcc:
3613 					header, or "add-to-undisclosed" to
3614 					add the header
3615 					``To: undisclosed-recipients:;''.
3616 confSAFE_FILE_ENV	SafeFileEnvironment
3617 					[undefined] If set, sendmail will do a
3618 					chroot() into this directory before
3619 					writing files.
3620 confCOLON_OK_IN_ADDR	ColonOkInAddr	[True unless Configuration Level > 6]
3621 					If set, colons are treated as a regular
3622 					character in addresses.  If not set,
3623 					they are treated as the introducer to
3624 					the RFC 822 "group" syntax.  Colons are
3625 					handled properly in route-addrs.  This
3626 					option defaults on for V5 and lower
3627 					configuration files.
3628 confMAX_QUEUE_RUN_SIZE	MaxQueueRunSize	[0] If set, limit the maximum size of
3629 					any given queue run to this number of
3630 					entries.  Essentially, this will stop
3631 					reading each queue directory after this
3632 					number of entries are reached; it does
3633 					_not_ pick the highest priority jobs,
3634 					so this should be as large as your
3635 					system can tolerate.  If not set, there
3636 					is no limit.
3637 confMAX_QUEUE_CHILDREN	MaxQueueChildren
3638 					[undefined] Limits the maximum number
3639 					of concurrent queue runners active.
3640 					This is to keep system resources used
3641 					within a reasonable limit.  Relates to
3642 					Queue Groups and ForkEachJob.
3643 confMAX_RUNNERS_PER_QUEUE	MaxRunnersPerQueue
3644 					[1] Only active when MaxQueueChildren
3645 					defined.  Controls the maximum number
3646 					of queue runners (aka queue children)
3647 					active at the same time in a work
3648 					group.  See also MaxQueueChildren.
3649 confDONT_EXPAND_CNAMES	DontExpandCnames
3650 					[False] If set, $[ ... $] lookups that
3651 					do DNS based lookups do not expand
3652 					CNAME records.  This currently violates
3653 					the published standards, but the IETF
3654 					seems to be moving toward legalizing
3655 					this.  For example, if "FTP.Foo.ORG"
3656 					is a CNAME for "Cruft.Foo.ORG", then
3657 					with this option set a lookup of
3658 					"FTP" will return "FTP.Foo.ORG"; if
3659 					clear it returns "Cruft.FOO.ORG".  N.B.
3660 					you may not see any effect until your
3661 					downstream neighbors stop doing CNAME
3662 					lookups as well.
3663 confFROM_LINE		UnixFromLine	[From $g $d] The From_ line used
3664 					when sending to files or programs.
3665 confSINGLE_LINE_FROM_HEADER  SingleLineFromHeader
3666 					[False] From: lines that have
3667 					embedded newlines are unwrapped
3668 					onto one line.
3669 confALLOW_BOGUS_HELO	AllowBogusHELO	[False] Allow HELO SMTP command that
3670 					does not include a host name.
3671 confMUST_QUOTE_CHARS	MustQuoteChars	[.'] Characters to be quoted in a full
3672 					name phrase (@,;:\()[] are automatic).
3673 confOPERATORS		OperatorChars	[.:%@!^/[]+] Address operator
3674 					characters.
3675 confSMTP_LOGIN_MSG	SmtpGreetingMessage
3676 					[$j Sendmail $v/$Z; $b]
3677 					The initial (spontaneous) SMTP
3678 					greeting message.  The word "ESMTP"
3679 					will be inserted between the first and
3680 					second words to convince other
3681 					sendmails to try to speak ESMTP.
3682 confDONT_INIT_GROUPS	DontInitGroups	[False] If set, the initgroups(3)
3683 					routine will never be invoked.  You
3684 					might want to do this if you are
3685 					running NIS and you have a large group
3686 					map, since this call does a sequential
3687 					scan of the map; in a large site this
3688 					can cause your ypserv to run
3689 					essentially full time.  If you set
3690 					this, agents run on behalf of users
3691 					will only have their primary
3692 					(/etc/passwd) group permissions.
3693 confUNSAFE_GROUP_WRITES	UnsafeGroupWrites
3694 					[True] If set, group-writable
3695 					:include: and .forward files are
3696 					considered "unsafe", that is, programs
3697 					and files cannot be directly referenced
3698 					from such files.  World-writable files
3699 					are always considered unsafe.
3700 					Notice: this option is deprecated and
3701 					will be removed in future versions;
3702 					Set GroupWritableForwardFileSafe
3703 					and GroupWritableIncludeFileSafe in
3704 					DontBlameSendmail if required.
3705 confCONNECT_ONLY_TO	ConnectOnlyTo	[undefined] override connection
3706 					address (for testing).
3707 confCONTROL_SOCKET_NAME	ControlSocketName
3708 					[undefined] Control socket for daemon
3709 					management.
3710 confDOUBLE_BOUNCE_ADDRESS  DoubleBounceAddress
3711 					[postmaster] If an error occurs when
3712 					sending an error message, send that
3713 					"double bounce" error message to this
3714 					address.  If it expands to an empty
3715 					string, double bounces are dropped.
3716 confDEAD_LETTER_DROP	DeadLetterDrop	[undefined] Filename to save bounce
3717 					messages which could not be returned
3718 					to the user or sent to postmaster.
3719 					If not set, the queue file will
3720 					be renamed.
3721 confRRT_IMPLIES_DSN	RrtImpliesDsn	[False] Return-Receipt-To: header
3722 					implies DSN request.
3723 confRUN_AS_USER		RunAsUser	[undefined] If set, become this user
3724 					when reading and delivering mail.
3725 					Causes all file reads (e.g., .forward
3726 					and :include: files) to be done as
3727 					this user.  Also, all programs will
3728 					be run as this user, and all output
3729 					files will be written as this user.
3730 confMAX_RCPTS_PER_MESSAGE  MaxRecipientsPerMessage
3731 					[infinite] If set, allow no more than
3732 					the specified number of recipients in
3733 					an SMTP envelope.  Further recipients
3734 					receive a 452 error code (i.e., they
3735 					are deferred for the next delivery
3736 					attempt).
3737 confBAD_RCPT_THROTTLE	BadRcptThrottle	[infinite] If set and the specified
3738 					number of recipients in a single SMTP
3739 					transaction have been rejected, sleep
3740 					for one second after each subsequent
3741 					RCPT command in that transaction.
3742 confDONT_PROBE_INTERFACES  DontProbeInterfaces
3743 					[False] If set, sendmail will _not_
3744 					insert the names and addresses of any
3745 					local interfaces into class {w}
3746 					(list of known "equivalent" addresses).
3747 					If you set this, you must also include
3748 					some support for these addresses (e.g.,
3749 					in a mailertable entry) -- otherwise,
3750 					mail to addresses in this list will
3751 					bounce with a configuration error.
3752 					If set to "loopback" (without
3753 					quotes), sendmail will skip
3754 					loopback interfaces (e.g., "lo0").
3755 confPID_FILE		PidFile		[system dependent] Location of pid
3756 					file.
3757 confPROCESS_TITLE_PREFIX  ProcessTitlePrefix
3758 					[undefined] Prefix string for the
3759 					process title shown on 'ps' listings.
3760 confDONT_BLAME_SENDMAIL	DontBlameSendmail
3761 					[safe] Override sendmail's file
3762 					safety checks.  This will definitely
3763 					compromise system security and should
3764 					not be used unless absolutely
3765 					necessary.
3766 confREJECT_MSG		-		[550 Access denied] The message
3767 					given if the access database contains
3768 					REJECT in the value portion.
3769 confRELAY_MSG		-		[550 Relaying denied] The message
3770 					given if an unauthorized relaying
3771 					attempt is rejected.
3772 confDF_BUFFER_SIZE	DataFileBufferSize
3773 					[4096] The maximum size of a
3774 					memory-buffered data (df) file
3775 					before a disk-based file is used.
3776 confXF_BUFFER_SIZE	XScriptFileBufferSize
3777 					[4096] The maximum size of a
3778 					memory-buffered transcript (xf)
3779 					file before a disk-based file is
3780 					used.
3781 confTLS_SRV_OPTIONS	TLSSrvOptions	If this option is 'V' no client
3782 					verification is performed, i.e.,
3783 					the server doesn't ask for a
3784 					certificate.
3785 confLDAP_DEFAULT_SPEC	LDAPDefaultSpec	[undefined] Default map
3786 					specification for LDAP maps.  The
3787 					value should only contain LDAP
3788 					specific settings such as "-h host
3789 					-p port -d bindDN", etc.  The
3790 					settings will be used for all LDAP
3791 					maps unless they are specified in
3792 					the individual map specification
3793 					('K' command).
3794 confCACERT_PATH		CACertPath	[undefined] Path to directory
3795 					with certs of CAs.
3796 confCACERT		CACertFile	[undefined] File containing one CA
3797 					cert.
3798 confSERVER_CERT		ServerCertFile	[undefined] File containing the
3799 					cert of the server, i.e., this cert
3800 					is used when sendmail acts as
3801 					server.
3802 confSERVER_KEY		ServerKeyFile	[undefined] File containing the
3803 					private key belonging to the server
3804 					cert.
3805 confCLIENT_CERT		ClientCertFile	[undefined] File containing the
3806 					cert of the client, i.e., this cert
3807 					is used when sendmail acts as
3808 					client.
3809 confCLIENT_KEY		ClientKeyFile	[undefined] File containing the
3810 					private key belonging to the client
3811 					cert.
3812 confCRL			CRLFile		[undefined] File containing certificate
3813 					revocation status, useful for X.509v3
3814 					authentication. Note that CRL requires
3815 					at least OpenSSL version 0.9.7.
3816 confDH_PARAMETERS	DHParameters	[undefined] File containing the
3817 					DH parameters.
3818 confRAND_FILE		RandFile	[undefined] File containing random
3819 					data (use prefix file:) or the
3820 					name of the UNIX socket if EGD is
3821 					used (use prefix egd:).  STARTTLS
3822 					requires this option if the compile
3823 					flag HASURANDOM is not set (see
3824 					sendmail/README).
3825 confNICE_QUEUE_RUN	NiceQueueRun	[undefined]  If set, the priority of
3826 					queue runners is set the given value
3827 					(nice(3)).
3828 confDIRECT_SUBMISSION_MODIFIERS	DirectSubmissionModifiers
3829 					[undefined] Defines {daemon_flags}
3830 					for direct submissions.
3831 confUSE_MSP		UseMSP		[undefined] Use as mail submission
3832 					program.
3833 confDELIVER_BY_MIN	DeliverByMin	[0] Minimum time for Deliver By
3834 					SMTP Service Extension (RFC 2852).
3835 confREQUIRES_DIR_FSYNC	RequiresDirfsync	[true] RequiresDirfsync can
3836 					be used to turn off the compile time
3837 					flag REQUIRES_DIR_FSYNC at runtime.
3838 					See sendmail/README for details.
3839 confSHARED_MEMORY_KEY	SharedMemoryKey [0] Key for shared memory.
3840 confFAST_SPLIT		FastSplit	[1] If set to a value greater than
3841 					zero, the initial MX lookups on
3842 					addresses is suppressed when they
3843 					are sorted which may result in
3844 					faster envelope splitting.  If the
3845 					mail is submitted directly from the
3846 					command line, then the value also
3847 					limits the number of processes to
3848 					deliver the envelopes.
3849 confMAILBOX_DATABASE	MailboxDatabase	[pw] Type of lookup to find
3850 					information about local mailboxes.
3851 confDEQUOTE_OPTS	-		[empty] Additional options for the
3852 					dequote map.
3853 confINPUT_MAIL_FILTERS	InputMailFilters
3854 					A comma separated list of filters
3855 					which determines which filters and
3856 					the invocation sequence are
3857 					contacted for incoming SMTP
3858 					messages.  If none are set, no
3859 					filters will be contacted.
3860 confMILTER_LOG_LEVEL	Milter.LogLevel	[9] Log level for input mail filter
3861 					actions, defaults to LogLevel.
3862 confMILTER_MACROS_CONNECT	Milter.macros.connect
3863 					[j, _, {daemon_name}, {if_name},
3864 					{if_addr}] Macros to transmit to
3865 					milters when a session connection
3866 					starts.
3867 confMILTER_MACROS_HELO	Milter.macros.helo
3868 					[{tls_version}, {cipher},
3869 					{cipher_bits}, {cert_subject},
3870 					{cert_issuer}] Macros to transmit to
3871 					milters after HELO/EHLO command.
3872 confMILTER_MACROS_ENVFROM	Milter.macros.envfrom
3873 					[i, {auth_type}, {auth_authen},
3874 					{auth_ssf}, {auth_author},
3875 					{mail_mailer}, {mail_host},
3876 					{mail_addr}] Macros to transmit to
3877 					milters after MAIL FROM command.
3878 confMILTER_MACROS_ENVRCPT	Milter.macros.envrcpt
3879 					[{rcpt_mailer}, {rcpt_host},
3880 					{rcpt_addr}] Macros to transmit to
3881 					milters after RCPT TO command.
3882 confMILTER_MACROS_EOM		Milter.macros.eom
3883 					[{msg_id}] Macros to transmit to
3884 					milters after DATA command.
3885 
3886 
3887 See also the description of OSTYPE for some parameters that can be
3888 tweaked (generally pathnames to mailers).
3889 
3890 ClientPortOptions and DaemonPortOptions are special cases since multiple
3891 clients/daemons can be defined.  This can be done via
3892 
3893 	CLIENT_OPTIONS(`field1=value1,field2=value2,...')
3894 	DAEMON_OPTIONS(`field1=value1,field2=value2,...')
3895 
3896 Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
3897 ClientPortOptions settings) are allowed in order to give settings for each
3898 protocol family (e.g., one for Family=inet and one for Family=inet6).  A
3899 restriction placed on one family only affects outgoing connections on that
3900 particular family.
3901 
3902 If DAEMON_OPTIONS is not used, then the default is
3903 
3904 	DAEMON_OPTIONS(`Port=smtp, Name=MTA')
3905 	DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
3906 
3907 If you use one DAEMON_OPTIONS macro, it will alter the parameters
3908 of the first of these.  The second will still be defaulted; it
3909 represents a "Message Submission Agent" (MSA) as defined by RFC
3910 2476 (see below).  To turn off the default definition for the MSA,
3911 use FEATURE(`no_default_msa') (see also FEATURES).  If you use
3912 additional DAEMON_OPTIONS macros, they will add additional daemons.
3913 
3914 Example 1:  To change the port for the SMTP listener, while
3915 still using the MSA default, use
3916 	DAEMON_OPTIONS(`Port=925, Name=MTA')
3917 
3918 Example 2:  To change the port for the MSA daemon, while still
3919 using the default SMTP port, use
3920 	FEATURE(`no_default_msa')
3921 	DAEMON_OPTIONS(`Name=MTA')
3922 	DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
3923 
3924 Note that if the first of those DAEMON_OPTIONS lines were omitted, then
3925 there would be no listener on the standard SMTP port.
3926 
3927 Example 3: To listen on both IPv4 and IPv6 interfaces, use
3928 
3929 	DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
3930 	DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
3931 
3932 A "Message Submission Agent" still uses all of the same rulesets for
3933 processing the message (and therefore still allows message rejection via
3934 the check_* rulesets).  In accordance with the RFC, the MSA will ensure
3935 that all domains in envelope addresses are fully qualified if the message
3936 is relayed to another MTA.  It will also enforce the normal address syntax
3937 rules and log error messages.  Additionally, by using the M=a modifier you
3938 can require authentication before messages are accepted by the MSA.
3939 Notice: Do NOT use the 'a' modifier on a public accessible MTA!  Finally,
3940 the M=E modifier shown above disables ETRN as required by RFC 2476.
3941 
3942 Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
3943 commands:
3944 
3945 	INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
3946 	MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
3947 
3948 The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
3949 same order they were specified by also setting confINPUT_MAIL_FILTERS.  A
3950 filter can be defined without adding it to the input filter list by using
3951 MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
3952 Alternatively, you can reset the list of filters and their order by setting
3953 confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
3954 your .mc file.
3955 
3956 
3957 +----------------------------+
3958 | MESSAGE SUBMISSION PROGRAM |
3959 +----------------------------+
3960 
3961 This section contains a list of caveats and
3962 a few hints how for those who want to tweak the default configuration
3963 for it (which is installed as submit.cf).
3964 
3965 Notice: do not add options/features to submit.mc unless you are
3966 absolutely sure you need them.  Options you may want to change
3967 include:
3968 
3969 - confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
3970   avoiding X-Authentication warnings.
3971 - confTIME_ZONE to change it from the default `USE_TZ'.
3972 - confDELIVERY_MODE is set to interactive in msp.m4 instead
3973   of the default background mode.
3974 - FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
3975   to the LOCAL_RELAY instead of the default relay.
3976 
3977 The MSP performs hostname canonicalization by default.  Mail may end
3978 up for various DNS related reasons in the MSP queue.  This problem
3979 can be minimized by using
3980 
3981 	FEATURE(`nocanonify', `canonify_hosts')
3982 	define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
3983 
3984 See the discussion about nocanonify for possible side effects.
3985 
3986 Some things are not intended to work with the MSP.  These include
3987 features that influence the delivery process (e.g., mailertable,
3988 aliases), or those that are only important for a SMTP server (e.g.,
3989 virtusertable, DaemonPortOptions, multiple queues).  Moreover,
3990 relaxing certain restrictions (RestrictQueueRun, permissions on
3991 queue directory) or adding features (e.g., enabling prog/file mailer)
3992 can cause security problems.
3993 
3994 Other things don't work well with the MSP and require tweaking or
3995 workarounds.
3996 
3997 The file and the map created by makemap should be owned by smmsp,
3998 its group should be smmsp, and it should have mode 640.
3999 
4000 feature/msp.m4 defines almost all settings for the MSP.  Most of
4001 those should not be changed at all.  Some of the features and options
4002 can be overridden if really necessary.  It is a bit tricky to do
4003 this, because it depends on the actual way the option is defined
4004 in feature/msp.m4.  If it is directly defined (i.e., define()) then
4005 the modified value must be defined after
4006 
4007 	FEATURE(`msp')
4008 
4009 If it is conditionally defined (i.e., ifdef()) then the desired
4010 value must be defined before the FEATURE line in the .mc file.
4011 To see how the options are defined read feature/msp.m4.
4012 
4013 
4014 +--------------------------+
4015 | FORMAT OF FILES AND MAPS |
4016 +--------------------------+
4017 
4018 Files that define classes, i.e., F{classname}, consist of lines
4019 each of which contains a single element of the class.  For example,
4020 /etc/mail/local-host-names may have the following content:
4021 
4022 my.domain
4023 another.domain
4024 
4025 Maps must be created using makemap(8) , e.g.,
4026 
4027 	makemap hash MAP < MAP
4028 
4029 In general, a text file from which a map is created contains lines
4030 of the form
4031 
4032 key	value
4033 
4034 where 'key' and 'value' are also called LHS and RHS, respectively.
4035 By default, the delimiter between LHS and RHS is a non-empty sequence
4036 of white space characters.
4037 
4038 
4039 +------------------+
4040 | DIRECTORY LAYOUT |
4041 +------------------+
4042 
4043 Within this directory are several subdirectories, to wit:
4044 
4045 m4		General support routines.  These are typically
4046 		very important and should not be changed without
4047 		very careful consideration.
4048 
4049 cf		The configuration files themselves.  They have
4050 		".mc" suffixes, and must be run through m4 to
4051 		become complete.  The resulting output should
4052 		have a ".cf" suffix.
4053 
4054 ostype		Definitions describing a particular operating
4055 		system type.  These should always be referenced
4056 		using the OSTYPE macro in the .mc file.  Examples
4057 		include "bsd4.3", "bsd4.4", "sunos3.5", and
4058 		"sunos4.1".
4059 
4060 domain		Definitions describing a particular domain, referenced
4061 		using the DOMAIN macro in the .mc file.  These are
4062 		site dependent; for example, "CS.Berkeley.EDU.m4"
4063 		describes hosts in the CS.Berkeley.EDU subdomain.
4064 
4065 mailer		Descriptions of mailers.  These are referenced using
4066 		the MAILER macro in the .mc file.
4067 
4068 sh		Shell files used when building the .cf file from the
4069 		.mc file in the cf subdirectory.
4070 
4071 feature		These hold special orthogonal features that you might
4072 		want to include.  They should be referenced using
4073 		the FEATURE macro.
4074 
4075 hack		Local hacks.  These can be referenced using the HACK
4076 		macro.  They shouldn't be of more than voyeuristic
4077 		interest outside the .Berkeley.EDU domain, but who knows?
4078 
4079 siteconfig	Site configuration -- e.g., tables of locally connected
4080 		UUCP sites.
4081 
4082 
4083 +------------------------+
4084 | ADMINISTRATIVE DETAILS |
4085 +------------------------+
4086 
4087 The following sections detail usage of certain internal parts of the
4088 sendmail.cf file.  Read them carefully if you are trying to modify
4089 the current model.  If you find the above descriptions adequate, these
4090 should be {boring, confusing, tedious, ridiculous} (pick one or more).
4091 
4092 RULESETS (* means built in to sendmail)
4093 
4094    0 *	Parsing
4095    1 *	Sender rewriting
4096    2 *	Recipient rewriting
4097    3 *	Canonicalization
4098    4 *	Post cleanup
4099    5 *	Local address rewrite (after aliasing)
4100   1x	mailer rules (sender qualification)
4101   2x	mailer rules (recipient qualification)
4102   3x	mailer rules (sender header qualification)
4103   4x	mailer rules (recipient header qualification)
4104   5x	mailer subroutines (general)
4105   6x	mailer subroutines (general)
4106   7x	mailer subroutines (general)
4107   8x	reserved
4108   90	Mailertable host stripping
4109   96	Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4110   97	Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4111   98	Local part of ruleset 0 (ruleset 8 in old sendmail)
4112 
4113 
4114 MAILERS
4115 
4116    0	local, prog	local and program mailers
4117    1	[e]smtp, relay	SMTP channel
4118    2	uucp-*		UNIX-to-UNIX Copy Program
4119    3	netnews		Network News delivery
4120    4	fax		Sam Leffler's HylaFAX software
4121    5	mail11		DECnet mailer
4122 
4123 
4124 MACROS
4125 
4126    A
4127    B	Bitnet Relay
4128    C	DECnet Relay
4129    D	The local domain -- usually not needed
4130    E	reserved for X.400 Relay
4131    F	FAX Relay
4132    G
4133    H	mail Hub (for mail clusters)
4134    I
4135    J
4136    K
4137    L	Luser Relay
4138    M	Masquerade (who you claim to be)
4139    N
4140    O
4141    P
4142    Q
4143    R	Relay (for unqualified names)
4144    S	Smart Host
4145    T
4146    U	my UUCP name (if you have a UUCP connection)
4147    V	UUCP Relay (class {V} hosts)
4148    W	UUCP Relay (class {W} hosts)
4149    X	UUCP Relay (class {X} hosts)
4150    Y	UUCP Relay (all other hosts)
4151    Z	Version number
4152 
4153 
4154 CLASSES
4155 
4156    A
4157    B	domains that are candidates for bestmx lookup
4158    C
4159    D
4160    E	addresses that should not seem to come from $M
4161    F	hosts this system forward for
4162    G	domains that should be looked up in genericstable
4163    H
4164    I
4165    J
4166    K
4167    L	addresses that should not be forwarded to $R
4168    M	domains that should be mapped to $M
4169    N	host/domains that should not be mapped to $M
4170    O	operators that indicate network operations (cannot be in local names)
4171    P	top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4172    Q
4173    R	domains this system is willing to relay (pass anti-spam filters)
4174    S
4175    T
4176    U	locally connected UUCP hosts
4177    V	UUCP hosts connected to relay $V
4178    W	UUCP hosts connected to relay $W
4179    X	UUCP hosts connected to relay $X
4180    Y	locally connected smart UUCP hosts
4181    Z	locally connected domain-ized UUCP hosts
4182    .	the class containing only a dot
4183    [	the class containing only a left bracket
4184 
4185 
4186 M4 DIVERSIONS
4187 
4188    1	Local host detection and resolution
4189    2	Local Ruleset 3 additions
4190    3	Local Ruleset 0 additions
4191    4	UUCP Ruleset 0 additions
4192    5	locally interpreted names (overrides $R)
4193    6	local configuration (at top of file)
4194    7	mailer definitions
4195    8	DNS based blacklists
4196    9	special local rulesets (1 and 2)
4197 
4198 $Revision: 8.706 $, Last updated $Date: 2006/04/18 22:31:06 $
4199 ident	"%Z%%M%	%I%	%E% SMI"
4200