2 SENDMAIL CONFIGURATION FILES
4 This document describes the sendmail configuration files. It
5 explains how to create a sendmail.cf file for use with sendmail.
6 It also describes how to set options for sendmail which are explained
7 in the Sendmail Installation and Operation guide (doc/op/op.me).
9 To get started, you may want to look at tcpproto.mc (for TCP-only
10 sites) and clientproto.mc (for clusters of clients using a single
11 mail host), or the generic-*.mc files as operating system-specific
16 INTRODUCTION AND EXAMPLE
17 A BRIEF INTRODUCTION TO M4
27 MASQUERADING AND RELAYING
28 USING LDAP FOR ALIASES, MAPS, AND CLASSES
30 ANTI-SPAM CONFIGURATION CONTROL
34 ADDING NEW MAILERS OR RULESETS
35 ADDING NEW MAIL FILTERS
36 QUEUE GROUP DEFINITIONS
37 NON-SMTP BASED CONFIGURATIONS
39 ACCEPTING MAIL FOR MULTIPLE NAMES
41 USING USERDB TO MAP FULL NAMES
42 MISCELLANEOUS SPECIAL FEATURES
44 TWEAKING CONFIGURATION OPTIONS
45 MESSAGE SUBMISSION PROGRAM
46 FORMAT OF FILES AND MAPS
48 ADMINISTRATIVE DETAILS
51 +--------------------------+
52 | INTRODUCTION AND EXAMPLE |
53 +--------------------------+
55 Configuration files are contained in the subdirectory "cf", with a
56 suffix ".mc". They must be run through "m4" to produce a ".cf" file.
57 You must pre-load "cf.m4":
59 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
61 Alternatively, you can simply:
66 where ${CFDIR} is the root of the cf directory and config.mc is the
67 name of your configuration file. If you are running a version of M4
68 that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
69 this, but the versions distributed with 4.4BSD and derivatives do not)
70 or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
71 For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
72 use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example:
74 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
76 Let's examine a typical .mc file:
80 # Copyright (c) 1998-2005 Proofpoint, Inc. and its suppliers.
81 # All rights reserved.
82 # Copyright (c) 1983 Eric P. Allman. All rights reserved.
83 # Copyright (c) 1988, 1993
84 # The Regents of the University of California. All rights reserved.
86 # By using this file, you agree to the terms and conditions set
87 # forth in the LICENSE file which can be found at the top level of
88 # the sendmail distribution.
92 # This is a Berkeley-specific configuration file for HP-UX 9.x.
93 # It applies only to the Computer Science Division at Berkeley,
94 # and should not be used elsewhere. It is provided on the sendmail
95 # distribution as a sample only. To create your own configuration
96 # file, create an appropriate domain file in ../domain, change the
97 # `DOMAIN' macro below to reference that file, and copy the result
98 # to a name of your own choosing.
102 The divert(-1) will delete the crud in the resulting output file.
103 The copyright notice can be replaced by whatever your lawyers require;
104 our lawyers require the one that is included in these files. A copyleft
105 is a copyright by another name. The divert(0) restores regular output.
107 VERSIONID(`<SCCS or RCS version id>')
109 VERSIONID is a macro that stuffs the version information into the
110 resulting file. You could use SCCS, RCS, CVS, something else, or
111 omit it completely. This is not the same as the version id included
112 in SMTP greeting messages -- this is defined in m4/version.m4.
116 You must specify an OSTYPE to properly configure things such as the
117 pathname of the help and status files, the flags needed for the local
118 mailer, and other important things. If you omit it, you will get an
119 error when you try to build the configuration. Look at the ostype
120 directory for the list of known operating system types.
122 DOMAIN(`CS.Berkeley.EDU')dnl
124 This example is specific to the Computer Science Division at Berkeley.
125 You can use "DOMAIN(`generic')" to get a sufficiently bland definition
126 that may well work for you, or you can create a customized domain
127 definition appropriate for your environment.
132 These describe the mailers used at the default CS site. The local
133 mailer is always included automatically. Beware: MAILER declarations
134 should only be followed by LOCAL_* sections. The general rules are
135 that the order should be:
141 local macro definitions
147 There are a few exceptions to this rule. Local macro definitions which
148 influence a FEATURE() should be done before that feature. For example,
149 a define(`PROCMAIL_MAILER_PATH', ...) should be done before
150 FEATURE(`local_procmail').
152 *******************************************************************
153 *** BE SURE YOU CUSTOMIZE THESE FILES! They have some ***
154 *** Berkeley-specific assumptions built in, such as the name ***
155 *** of their UUCP-relay. You'll want to create your own ***
156 *** domain description, and use that in place of ***
157 *** domain/Berkeley.EDU.m4. ***
158 *******************************************************************
162 Some rulesets, features, and options are only useful if the sendmail
163 binary has been compiled with the appropriate options, e.g., the
164 ruleset tls_server is only invoked if sendmail has been compiled
165 with STARTTLS. This is usually obvious from the context and hence
166 not further specified here.
167 There are also so called "For Future Releases" (FFR) compile time
168 options which might be included in a subsequent version or might
169 simply be removed as they turned out not to be really useful.
170 These are generally not documented but if they are, then the required
171 compile time options are listed in doc/op/op.* for rulesets and
172 macros, and for mc/cf specific options they are usually listed here.
173 In addition to compile time options for the sendmail binary, there
174 can also be FFRs for mc/cf which in general can be enabled when the
175 configuration file is generated by defining them at the top of your
178 define(`_FFR_NAME_HERE', 1)
181 +----------------------------+
182 | A BRIEF INTRODUCTION TO M4 |
183 +----------------------------+
185 Sendmail uses the M4 macro processor to ``compile'' the configuration
186 files. The most important thing to know is that M4 is stream-based,
187 that is, it doesn't understand about lines. For this reason, in some
188 places you may see the word ``dnl'', which stands for ``delete
189 through newline''; essentially, it deletes all characters starting
190 at the ``dnl'' up to and including the next newline character. In
191 most cases sendmail uses this only to avoid lots of unnecessary
192 blank lines in the output.
194 Other important directives are define(A, B) which defines the macro
195 ``A'' to have value ``B''. Macros are expanded as they are read, so
196 one normally quotes both values to prevent expansion. For example,
198 define(`SMART_HOST', `smart.foo.com')
200 One word of warning: M4 macros are expanded even in lines that appear
201 to be comments. For example, if you have
203 # See FEATURE(`foo') above
205 it will not do what you expect, because the FEATURE(`foo') will be
206 expanded. This also applies to
208 # And then define the $X macro to be the return address
210 because ``define'' is an M4 keyword. If you want to use them, surround
211 them with directed quotes, `like this'.
213 Since m4 uses single quotes (opening "`" and closing "'") to quote
214 arguments, those quotes can't be used in arguments. For example,
215 it is not possible to define a rejection message containing a single
216 quote. Usually there are simple workarounds by changing those
217 messages; in the worst case it might be ok to change the value
218 directly in the generated .cf file, which however is not advised.
224 This package requires a post-V7 version of m4; if you are running the
225 4.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or
226 BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works.
227 Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a
228 Net/2 or GNU version. GNU m4 is available from
229 ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version).
230 EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU
238 sendmail 8.9 has introduced a new configuration directory for sendmail
239 related files, /etc/mail. The new files available for sendmail 8.9 --
240 the class {R} /etc/mail/relay-domains and the access database
241 /etc/mail/access -- take advantage of this new directory. Beginning with
242 8.10, all files will use this directory by default (some options may be
243 set by OSTYPE() files). This new directory should help to restore
244 uniformity to sendmail's file locations.
246 Below is a table of some of the common changes:
248 Old filename New filename
249 ------------ ------------
250 /etc/bitdomain /etc/mail/bitdomain
251 /etc/domaintable /etc/mail/domaintable
252 /etc/genericstable /etc/mail/genericstable
253 /etc/uudomain /etc/mail/uudomain
254 /etc/virtusertable /etc/mail/virtusertable
255 /etc/userdb /etc/mail/userdb
257 /etc/aliases /etc/mail/aliases
258 /etc/sendmail/aliases /etc/mail/aliases
259 /etc/ucbmail/aliases /etc/mail/aliases
260 /usr/adm/sendmail/aliases /etc/mail/aliases
261 /usr/lib/aliases /etc/mail/aliases
262 /usr/lib/mail/aliases /etc/mail/aliases
263 /usr/ucblib/aliases /etc/mail/aliases
265 /etc/sendmail.cw /etc/mail/local-host-names
266 /etc/mail/sendmail.cw /etc/mail/local-host-names
267 /etc/sendmail/sendmail.cw /etc/mail/local-host-names
269 /etc/sendmail.ct /etc/mail/trusted-users
271 /etc/sendmail.oE /etc/mail/error-header
273 /etc/sendmail.hf /etc/mail/helpfile
274 /etc/mail/sendmail.hf /etc/mail/helpfile
275 /usr/ucblib/sendmail.hf /etc/mail/helpfile
276 /etc/ucbmail/sendmail.hf /etc/mail/helpfile
277 /usr/lib/sendmail.hf /etc/mail/helpfile
278 /usr/share/lib/sendmail.hf /etc/mail/helpfile
279 /usr/share/misc/sendmail.hf /etc/mail/helpfile
280 /share/misc/sendmail.hf /etc/mail/helpfile
282 /etc/service.switch /etc/mail/service.switch
284 /etc/sendmail.st /etc/mail/statistics
285 /etc/mail/sendmail.st /etc/mail/statistics
286 /etc/mailer/sendmail.st /etc/mail/statistics
287 /etc/sendmail/sendmail.st /etc/mail/statistics
288 /usr/lib/sendmail.st /etc/mail/statistics
289 /usr/ucblib/sendmail.st /etc/mail/statistics
291 Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
292 to create the pathnames. The default value of this variable is
293 `/etc/mail/'. If you set this macro to a different value, you MUST include
296 Notice: all filenames used in a .mc (or .cf) file should be absolute
297 (starting at the root, i.e., with '/'). Relative filenames most
298 likely cause surprises during operations (unless otherwise noted).
305 You MUST define an operating system environment, or the configuration
306 file build will puke. There are several environments available; look
307 at the "ostype" directory for the current list. This macro changes
308 things like the location of the alias file and queue directory. Some
309 of these files are identical to one another.
311 It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
312 In general, the OSTYPE macro should go immediately after any version
313 information, and MAILER definitions should always go last.
315 Operating system definitions are usually easy to write. They may define
316 the following variables (everything defaults, so an ostype file may be
317 empty). Unfortunately, the list of configuration-supported systems is
318 not as broad as the list of source-supported systems, since many of
319 the source contributors do not include corresponding ostype files.
321 ALIAS_FILE [/etc/mail/aliases] The location of the text version
322 of the alias file(s). It can be a comma-separated
323 list of names (but be sure you quote values with
324 commas in them -- for example, use
325 define(`ALIAS_FILE', `a,b')
326 to get "a" and "b" both listed as alias files;
327 otherwise the define() primitive only sees "a").
328 HELP_FILE [/etc/mail/helpfile] The name of the file
329 containing information printed in response to
330 the SMTP HELP command.
331 QUEUE_DIR [/var/spool/mqueue] The directory containing
332 queue files. To use multiple queues, supply
333 a value ending with an asterisk. For
334 example, /var/spool/mqueue/qd* will use all of the
335 directories or symbolic links to directories
336 beginning with 'qd' in /var/spool/mqueue as queue
337 directories. The names 'qf', 'df', and 'xf' are
338 reserved as specific subdirectories for the
339 corresponding queue file types as explained in
340 doc/op/op.me. See also QUEUE GROUP DEFINITIONS.
341 MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing
342 queue files for the MSP (Mail Submission Program,
343 see sendmail/SECURITY).
344 STATUS_FILE [/etc/mail/statistics] The file containing status
346 LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail.
347 LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The
348 flags lsDFMAw5:/|@q are always included.
349 LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local
351 LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local
352 mail that you are willing to accept.
353 LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of
354 messages to deliver in a single connection. Only
355 useful for LMTP local mailers.
356 LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
357 that ARRIVE from an address that resolves to the
358 local mailer and which are converted to MIME will be
359 labeled with this character set.
360 LOCAL_MAILER_EOL [undefined] If defined, the string to use as the
361 end of line for the local mailer.
362 LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
363 [X-Unix] The DSN Diagnostic-Code value for the
364 local mailer. This should be changed with care.
365 LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email.
366 LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The
367 flags lsDFM are always included.
368 LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
370 LOCAL_SHELL_DIR [$z:/] The directory search path in which the
372 LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer.
373 USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program
375 USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer.
376 USENET_MAILER_ARGS [-m -h -n] The command line arguments for the
377 usenet mailer. NOTE: Some versions of inews
378 (such as those shipped with newer versions of INN)
379 use different flags. Double check the defaults
380 against the inews man page.
381 USENET_MAILER_MAX [undefined] The maximum size of messages that will
382 be accepted by the usenet mailer.
383 USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer.
384 SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default
385 flags are `mDFMuX' for all SMTP-based mailers; the
386 "esmtp" mailer adds `a'; "smtp8" adds `8'; and
388 RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default
389 flags are `mDFMuX' for all SMTP-based mailers; the
390 relay mailer adds `a8'. If this is not defined,
391 then SMTP_MAILER_FLAGS is used.
392 SMTP_MAILER_MAX [undefined] The maximum size of messages that will
393 be transported using the smtp, smtp8, esmtp, or dsmtp
395 SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of
396 messages to deliver in a single connection for the
397 smtp, smtp8, esmtp, or dsmtp mailers.
398 SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
399 recipients to deliver in a single envelope for the
400 smtp, smtp8, esmtp, or dsmtp mailers.
401 SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer.
402 About the only reason you would want to change this
403 would be to change the default port.
404 ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer.
405 SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer.
406 DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer.
407 RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer.
408 SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer.
409 ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer.
410 SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer.
411 DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer.
412 RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer.
413 RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of
414 messages to deliver in a single connection for the
416 SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
417 that ARRIVE from an address that resolves to one of
418 the SMTP mailers and which are converted to MIME will
419 be labeled with this character set.
420 RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
421 that ARRIVE from an address that resolves to the
422 relay mailers and which are converted to MIME will
423 be labeled with this character set.
424 SMTP_MAILER_LL [990] The maximum line length for SMTP mailers
425 (except the relay mailer).
426 RELAY_MAILER_LL [2040] The maximum line length for the relay mailer.
427 UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail.
428 UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default
429 flags are `DFMhuU' (and `m' for uucp-new mailer,
430 minus `U' for uucp-dom mailer).
431 UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
432 passed to the UUCP mailer.
433 UUCP_MAILER_MAX [100000] The maximum size message accepted for
434 transmission by the UUCP mailers.
435 UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
436 that ARRIVE from an address that resolves to one of
437 the UUCP mailers and which are converted to MIME will
438 be labeled with this character set.
439 UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers.
440 FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to
442 FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX
444 FAX_MAILER_MAX [100000] The maximum size message accepted for
446 POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer.
447 POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq
449 POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer.
450 POP_MAILER_QGRP [undefined] The queue group for the pop mailer.
451 PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail
452 program. This is also used by
453 FEATURE(`local_procmail').
454 PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags
455 DFM are always set. This is NOT used by
456 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
458 PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
459 the Procmail mailer. This is NOT used by
460 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
462 PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that
463 will be accepted by the procmail mailer.
464 PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer.
465 MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer.
466 MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer.
467 MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11
469 MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer.
470 PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery
472 PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM
474 PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer.
475 PH_MAILER_QGRP [undefined] The queue group for the ph mailer.
476 CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The
477 flags lsDFMnPq are always included.
478 CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver
480 CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed
481 to deliver cyrus mail.
482 CYRUS_MAILER_MAX [undefined] If set, the maximum size message that
483 will be accepted by the cyrus mailer.
484 CYRUS_MAILER_USER [cyrus:mail] The user and group to become when
485 running the cyrus mailer.
486 CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer.
487 CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer.
488 The flags lsDFMnP are always included.
489 CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed
490 to deliver cyrusbb mail.
491 CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The
492 flags lsDFMnqXz are always included.
493 CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of
494 messages to deliver in a single connection for the
496 CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
497 recipients to deliver in a single connection for the
499 CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed
500 to the cyrusv2 mailer. This can be used to
501 change the name of the Unix domain socket, or
502 to switch to delivery via TCP (e.g., `TCP $h lmtp')
503 CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer.
504 CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
505 that ARRIVE from an address that resolves to one the
506 Cyrus mailer and which are converted to MIME will
507 be labeled with this character set.
508 confEBINDIR [/usr/libexec] The directory for executables.
509 Currently used for FEATURE(`local_lmtp') and
511 QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer.
512 QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver
514 QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed
515 to deliver qpage mail.
516 QPAGE_MAILER_MAX [4096] If set, the maximum size message that
517 will be accepted by the qpage mailer.
518 QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer.
519 LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer.
521 Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
522 MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
523 of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
524 upper case) and change can be: flags that should be used directly
525 (thus overriding the default value), or if it starts with `+' (`-')
526 then those flags are added to (removed from) the default value.
529 MODIFY_MAILER_FLAGS(`LOCAL', `+e')
531 will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are
532 several smtp mailers all of which are manipulated individually.
533 See the section MAILERS for the available mailer names.
534 WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
535 unconditionally, i.e., without respecting any definitions in an
543 You will probably want to collect domain-dependent defines into one
544 file, referenced by the DOMAIN macro. For example, the Berkeley
545 domain file includes definitions for several internal distinguished
548 UUCP_RELAY The host that will accept UUCP-addressed email.
549 If not defined, all UUCP sites must be directly
551 BITNET_RELAY The host that will accept BITNET-addressed email.
552 If not defined, the .BITNET pseudo-domain won't work.
553 DECNET_RELAY The host that will accept DECNET-addressed email.
554 If not defined, the .DECNET pseudo-domain and addresses
555 of the form node::user will not work.
556 FAX_RELAY The host that will accept mail to the .FAX pseudo-domain.
557 The "fax" mailer overrides this value.
558 LOCAL_RELAY The site that will handle unqualified names -- that
559 is, names without an @domain extension.
560 Normally MAIL_HUB is preferred for this function.
561 LOCAL_RELAY is mostly useful in conjunction with
562 FEATURE(`stickyhost') -- see the discussion of
563 stickyhost below. If not set, they are assumed to
564 belong on this machine. This allows you to have a
565 central site to store a company- or department-wide
566 alias database. This only works at small sites,
567 and only with some user agents.
568 LUSER_RELAY The site that will handle lusers -- that is, apparently
569 local names that aren't local accounts or aliases. To
570 specify a local user instead of a site, set this to
573 Any of these can be either ``mailer:hostname'' (in which case the
574 mailer is the internal mailer name, such as ``uucp-new'' and the hostname
575 is the name of the host as appropriate for that mailer) or just a
576 ``hostname'', in which case a default mailer type (usually ``relay'',
577 a variant on SMTP) is used. WARNING: if you have a wildcard MX
578 record matching your domain, you probably want to define these to
579 have a trailing dot so that you won't get the mail diverted back
582 The domain file can also be used to define a domain name, if needed
583 (using "DD<domain>") and set certain site-wide features. If all hosts
584 at your site masquerade behind one email name, you could also use
587 You do not have to define a domain -- in particular, if you are a
588 single machine sitting off somewhere, it is probably more work than
589 it's worth. This is just a mechanism for combining "domain dependent
590 knowledge" into one place.
597 There are fewer mailers supported in this version than the previous
598 version, owing mostly to a simpler world. As a general rule, put the
599 MAILER definitions last in your .mc file.
601 local The local and prog mailers. You will almost always
602 need these; the only exception is if you relay ALL
603 your mail to another site. This mailer is included
606 smtp The Simple Mail Transport Protocol mailer. This does
607 not hide hosts behind a gateway or another other
608 such hack; it assumes a world where everyone is
609 running the name server. This file actually defines
610 five mailers: "smtp" for regular (old-style) SMTP to
611 other servers, "esmtp" for extended SMTP to other
612 servers, "smtp8" to do SMTP to other servers without
613 converting 8-bit data to MIME (essentially, this is
614 your statement that you know the other end is 8-bit
615 clean even if it doesn't say so), "dsmtp" to do on
616 demand delivery, and "relay" for transmission to the
617 RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
619 uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
620 defines two mailers, "uucp-old" (a.k.a. "uucp") and
621 "uucp-new" (a.k.a. "suucp"). The latter is for when you
622 know that the UUCP mailer at the other end can handle
623 multiple recipients in one transfer. If the smtp mailer
624 is included in your configuration, two other mailers
625 ("uucp-dom" and "uucp-uudom") are also defined [warning: you
626 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you
627 include the uucp mailer, sendmail looks for all names in
628 class {U} and sends them to the uucp-old mailer; all
629 names in class {Y} are sent to uucp-new; and all
630 names in class {Z} are sent to uucp-uudom. Note that
631 this is a function of what version of rmail runs on
632 the receiving end, and hence may be out of your control.
633 See the section below describing UUCP mailers in more
636 usenet Usenet (network news) delivery. If this is specified,
637 an extra rule is added to ruleset 0 that forwards all
638 local email for users named ``group.usenet'' to the
639 ``inews'' program. Note that this works for all groups,
640 and may be considered a security problem.
642 fax Facsimile transmission. This is experimental and based
643 on Sam Leffler's HylaFAX software. For more information,
644 see http://www.hylafax.org/.
646 pop Post Office Protocol.
648 procmail An interface to procmail (does not come with sendmail).
649 This is designed to be used in mailertables. For example,
650 a common question is "how do I forward all mail for a given
651 domain to a single person?". If you have this mailer
652 defined, you could set up a mailertable reading:
654 host.com procmail:/etc/procmailrcs/host.com
656 with the file /etc/procmailrcs/host.com reading:
658 :0 # forward mail for host.com
659 ! -oi -f $1 person@other.host
661 This would arrange for (anything)@host.com to be sent
662 to person@other.host. In a procmail script, $1 is the
663 name of the sender and $2 is the name of the recipient.
664 If you use this with FEATURE(`local_procmail'), the FEATURE
665 should be listed first.
667 Of course there are other ways to solve this particular
668 problem, e.g., a catch-all entry in a virtusertable.
670 mail11 The DECnet mail11 mailer, useful only if you have the mail11
671 program from gatekeeper.dec.com:/pub/DEC/gwtools (and
672 DECnet, of course). This is for Phase IV DECnet support;
673 if you have Phase V at your site you may have additional
676 phquery The phquery program. This is somewhat counterintuitively
677 referenced as the "ph" mailer internally. It can be used
678 to do CCSO name server lookups. The phquery program, which
679 this mailer uses, is distributed with the ph client.
681 cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to
682 a local cyrus user. this mailer can make use of the
683 "user+detail@local.host" syntax (see
684 FEATURE(`preserve_local_plus_detail')); it will deliver the
685 mail to the user's "detail" mailbox if the mailbox's ACL
686 permits. The cyrusbb mailer delivers to a system-wide
687 cyrus mailbox if the mailbox's ACL permits. The cyrus
688 mailer must be defined after the local mailer.
690 cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to
691 local cyrus users via LMTP. This mailer can make use of the
692 "user+detail@local.host" syntax (see
693 FEATURE(`preserve_local_plus_detail')); it will deliver the
694 mail to the user's "detail" mailbox if the mailbox's ACL
695 permits. The cyrusv2 mailer must be defined after the
698 qpage A mailer for QuickPage, a pager interface. See
699 http://www.qpage.org/ for further information.
701 The local mailer accepts addresses of the form "user+detail", where
702 the "+detail" is not used for mailbox matching but is available
703 to certain local mail programs (in particular, see
704 FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and
705 "eric+sww" all indicate the same user, but additional arguments <null>,
706 "sendmail", and "sww" may be provided for use in sorting mail.
713 Special features can be requested using the "FEATURE" macro. For
714 example, the .mc line:
716 FEATURE(`use_cw_file')
718 tells sendmail that you want to have it read an /etc/mail/local-host-names
719 file to get values for class {w}. A FEATURE may contain up to 9
720 optional parameters -- for example:
722 FEATURE(`mailertable', `dbm /usr/lib/mailertable')
724 The default database map type for the table features can be set with
726 define(`DATABASE_MAP_TYPE', `dbm')
728 which would set it to use ndbm databases. The default is the Berkeley DB
729 hash database format. Note that you must still declare a database map type
730 if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
731 if no argument is given for the FEATURE. It must be specified before any
732 feature that uses a map.
734 Also, features which can take a map definition as an argument can also take
735 the special keyword `LDAP'. If that keyword is used, the map will use the
736 LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
737 CLASSES'' section below.
739 Available features are:
741 use_cw_file Read the file /etc/mail/local-host-names file to get
742 alternate names for this host. This might be used if you
743 were on a host that MXed for a dynamic set of other hosts.
744 If the set is static, just including the line "Cw<name1>
745 <name2> ..." (where the names are fully qualified domain
746 names) is probably superior. The actual filename can be
747 overridden by redefining confCW_FILE.
749 use_ct_file Read the file /etc/mail/trusted-users file to get the
750 names of users that will be ``trusted'', that is, able to
751 set their envelope from address using -f without generating
752 a warning message. The actual filename can be overridden
753 by redefining confCT_FILE.
755 redirect Reject all mail addressed to "address.REDIRECT" with
756 a ``551 User has moved; please try <address>'' message.
757 If this is set, you can alias people who have left
758 to their new address with ".REDIRECT" appended.
760 nouucp Don't route UUCP addresses. This feature takes one
762 `reject': reject addresses which have "!" in the local
763 part unless it originates from a system
764 that is allowed to relay.
765 `nospecial': don't do anything special with "!".
766 Warnings: 1. See the notice in the anti-spam section.
767 2. don't remove "!" from OperatorChars if `reject' is
770 nopercenthack Don't treat % as routing character. This feature takes one
772 `reject': reject addresses which have % in the local
773 part unless it originates from a system
774 that is allowed to relay.
775 `nospecial': don't do anything special with %.
776 Warnings: 1. See the notice in the anti-spam section.
777 2. Don't remove % from OperatorChars if `reject' is
780 nocanonify Don't pass addresses to $[ ... $] for canonification
781 by default, i.e., host/domain names are considered canonical,
782 except for unqualified names, which must not be used in this
783 mode (violation of the standard). It can be changed by
784 setting the DaemonPortOptions modifiers (M=). That is,
785 FEATURE(`nocanonify') will be overridden by setting the
786 'c' flag. Conversely, if FEATURE(`nocanonify') is not used,
787 it can be emulated by setting the 'C' flag
788 (DaemonPortOptions=Modifiers=C). This would generally only
789 be used by sites that only act as mail gateways or which have
790 user agents that do full canonification themselves. You may
792 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
793 the usual resolver options that do a similar thing.
795 An exception list for FEATURE(`nocanonify') can be
796 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
797 i.e., a list of domains which are nevertheless passed to
798 $[ ... $] for canonification. This is useful to turn on
799 canonification for local domains, e.g., use
800 CANONIFY_DOMAIN(`my.domain my') to canonify addresses
801 which end in "my.domain" or "my".
802 Another way to require canonification in the local
803 domain is CANONIFY_DOMAIN(`$=m').
805 A trailing dot is added to addresses with more than
806 one component in it such that other features which
807 expect a trailing dot (e.g., virtusertable) will
810 If `canonify_hosts' is specified as parameter, i.e.,
811 FEATURE(`nocanonify', `canonify_hosts'), then
812 addresses which have only a hostname, e.g.,
813 <user@host>, will be canonified (and hopefully fully
816 stickyhost This feature is sometimes used with LOCAL_RELAY,
817 although it can be used for a different effect with
820 When used without MAIL_HUB, email sent to
821 "user@local.host" are marked as "sticky" -- that
822 is, the local addresses aren't matched against UDB,
823 don't go through ruleset 5, and are not forwarded to
824 the LOCAL_RELAY (if defined).
826 With MAIL_HUB, mail addressed to "user@local.host"
827 is forwarded to the mail hub, with the envelope
828 address still remaining "user@local.host".
829 Without stickyhost, the envelope would be changed
830 to "user@mail_hub", in order to protect against
833 mailertable Include a "mailer table" which can be used to override
834 routing for particular domains (which are not in class {w},
835 i.e. local host names). The argument of the FEATURE may be
836 the key definition. If none is specified, the definition
839 hash /etc/mail/mailertable
841 Keys in this database are fully qualified domain names
842 or partial domains preceded by a dot -- for example,
843 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a
844 special case of the latter, "." matches any domain not
845 covered by other keys. Values must be of the form:
847 where "mailer" is the internal mailer name, and "domain"
848 is where to send the message. These maps are not
849 reflected into the message header. As a special case,
852 will forward to the indicated user using the local mailer,
854 will forward to the original user in the e-mail address
855 using the local mailer, and
857 error:D.S.N:code message
858 will give an error message with the indicated SMTP reply
859 code and message, where D.S.N is an RFC 1893 compliant
862 domaintable Include a "domain table" which can be used to provide
863 domain name mapping. Use of this should really be
864 limited to your own domains. It may be useful if you
865 change names (e.g., your company changes names from
866 oldname.com to newname.com). The argument of the
867 FEATURE may be the key definition. If none is specified,
868 the definition used is:
870 hash /etc/mail/domaintable
872 The key in this table is the domain name; the value is
873 the new (fully qualified) domain. Anything in the
874 domaintable is reflected into headers; that is, this
875 is done in ruleset 3.
877 bitdomain Look up bitnet hosts in a table to try to turn them into
878 internet addresses. The table can be built using the
879 bitdomain program contributed by John Gardiner Myers.
880 The argument of the FEATURE may be the key definition; if
881 none is specified, the definition used is:
883 hash /etc/mail/bitdomain
885 Keys are the bitnet hostname; values are the corresponding
888 uucpdomain Similar feature for UUCP hosts. The default map definition
891 hash /etc/mail/uudomain
893 At the moment there is no automagic tool to build this
897 Include the local host domain even on locally delivered
898 mail. Normally it is not added on unqualified names.
899 However, if you use a shared message store but do not use
900 the same user name space everywhere, you may need the host
901 name on local names. An optional argument specifies
902 another domain to be added than the local.
904 allmasquerade If masquerading is enabled (using MASQUERADE_AS), this
905 feature will cause recipient addresses to also masquerade
906 as being from the masquerade host. Normally they get
907 the local hostname. Although this may be right for
908 ordinary users, it can break local aliases. For example,
909 if you send to "localalias", the originating sendmail will
910 find that alias and send to all members, but send the
911 message with "To: localalias@masqueradehost". Since that
912 alias likely does not exist, replies will fail. Use this
913 feature ONLY if you can guarantee that the ENTIRE
914 namespace on your masquerade host supersets all the
918 Normally, any hosts listed in class {w} are masqueraded. If
919 this feature is given, only the hosts listed in class {M} (see
920 below: MASQUERADE_DOMAIN) are masqueraded. This is useful
921 if you have several domains with disjoint namespaces hosted
924 masquerade_entire_domain
925 If masquerading is enabled (using MASQUERADE_AS) and
926 MASQUERADE_DOMAIN (see below) is set, this feature will
927 cause addresses to be rewritten such that the masquerading
928 domains are actually entire domains to be hidden. All
929 hosts within the masquerading domains will be rewritten
930 to the masquerade name (used in MASQUERADE_AS). For example,
933 MASQUERADE_AS(`masq.com')
934 MASQUERADE_DOMAIN(`foo.org')
935 MASQUERADE_DOMAIN(`bar.com')
937 then *foo.org and *bar.com are converted to masq.com. Without
938 this feature, only foo.org and bar.com are masqueraded.
940 NOTE: only domains within your jurisdiction and
941 current hierarchy should be masqueraded using this.
944 This feature prevents the local mailer from masquerading even
945 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect
946 on addresses of mail going outside the local domain.
949 If masquerading is enabled (using MASQUERADE_AS) or the
950 genericstable is in use, this feature will cause envelope
951 addresses to also masquerade as being from the masquerade
952 host. Normally only the header addresses are masqueraded.
954 genericstable This feature will cause unqualified addresses (i.e., without
955 a domain) and addresses with a domain listed in class {G}
956 to be looked up in a map and turned into another ("generic")
957 form, which can change both the domain name and the user name.
958 Notice: if you use an MSP (as it is default starting with
959 8.12), the MTA will only receive qualified addresses from the
960 MSP (as required by the RFCs). Hence you need to add your
961 domain to class {G}. This feature is similar to the userdb
962 functionality. The same types of addresses as for
963 masquerading are looked up, i.e., only header sender
964 addresses unless the allmasquerade and/or masquerade_envelope
965 features are given. Qualified addresses must have the domain
966 part in class {G}; entries can be added to this class by the
967 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
968 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
970 The argument of FEATURE(`genericstable') may be the map
971 definition; the default map definition is:
973 hash /etc/mail/genericstable
975 The key for this table is either the full address, the domain
976 (with a leading @; the localpart is passed as first argument)
977 or the unqualified username (tried in the order mentioned);
978 the value is the new user address. If the new user address
979 does not include a domain, it will be qualified in the standard
980 manner, i.e., using $j or the masquerade name. Note that the
981 address being looked up must be fully qualified. For local
982 mail, it is necessary to use FEATURE(`always_add_domain')
983 for the addresses to be qualified.
984 The "+detail" of an address is passed as %1, so entries like
986 old+*@foo.org new+%1@example.com
987 gen+*@foo.org %1@example.com
989 and other forms are possible.
991 generics_entire_domain
992 If the genericstable is enabled and GENERICS_DOMAIN or
993 GENERICS_DOMAIN_FILE is used, this feature will cause
994 addresses to be searched in the map if their domain
995 parts are subdomains of elements in class {G}.
997 virtusertable A domain-specific form of aliasing, allowing multiple
998 virtual domains to be hosted on one machine. For example,
999 if the virtuser table contains:
1001 info@foo.com foo-info
1002 info@bar.com bar-info
1003 joe@bar.com error:nouser 550 No such user here
1004 jax@bar.com error:5.7.0:550 Address invalid
1005 @baz.org jane@example.net
1007 then mail addressed to info@foo.com will be sent to the
1008 address foo-info, mail addressed to info@bar.com will be
1009 delivered to bar-info, and mail addressed to anyone at baz.org
1010 will be sent to jane@example.net, mail to joe@bar.com will
1011 be rejected with the specified error message, and mail to
1012 jax@bar.com will also have a RFC 1893 compliant error code
1015 The username from the original address is passed
1018 @foo.org %1@example.com
1020 meaning someone@foo.org will be sent to someone@example.com.
1021 Additionally, if the local part consists of "user+detail"
1022 then "detail" is passed as %2 and "+detail" is passed as %3
1023 when a match against user+* is attempted, so entries like
1025 old+*@foo.org new+%2@example.com
1026 gen+*@foo.org %2@example.com
1027 +*@foo.org %1%3@example.com
1028 X++@foo.org Z%3@example.com
1031 and other forms are possible. Note: to preserve "+detail"
1032 for a default case (@domain) %1%3 must be used as RHS.
1033 There are two wildcards after "+": "+" matches only a non-empty
1034 detail, "*" matches also empty details, e.g., user+@foo.org
1035 matches +*@foo.org but not ++@foo.org. This can be used
1036 to ensure that the parameters %2 and %3 are not empty.
1038 All the host names on the left hand side (foo.com, bar.com,
1039 and baz.org) must be in class {w} or class {VirtHost}. The
1040 latter can be defined by the macros VIRTUSER_DOMAIN or
1041 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1042 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
1043 VIRTUSER_DOMAIN_FILE is used, then the entries of class
1044 {VirtHost} are added to class {R}, i.e., relaying is allowed
1045 to (and from) those domains, which by default includes also
1046 all subdomains (see relay_hosts_only). The default map
1049 hash /etc/mail/virtusertable
1051 A new definition can be specified as the second argument of
1052 the FEATURE macro, such as
1054 FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
1056 virtuser_entire_domain
1057 If the virtusertable is enabled and VIRTUSER_DOMAIN or
1058 VIRTUSER_DOMAIN_FILE is used, this feature will cause
1059 addresses to be searched in the map if their domain
1060 parts are subdomains of elements in class {VirtHost}.
1062 ldap_routing Implement LDAP-based e-mail recipient routing according to
1063 the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
1064 This provides a method to re-route addresses with a
1065 domain portion in class {LDAPRoute} to either a
1066 different mail host or a different address. Hosts can
1067 be added to this class using LDAPROUTE_DOMAIN and
1068 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1069 MASQUERADE_DOMAIN_FILE, see below).
1071 See the LDAP ROUTING section below for more information.
1073 nullclient This is a special case -- it creates a configuration file
1074 containing nothing but support for forwarding all mail to a
1075 central hub via a local SMTP-based network. The argument
1076 is the name of that hub.
1078 The only other feature that should be used in conjunction
1079 with this one is FEATURE(`nocanonify'). No mailers
1080 should be defined. No aliasing or forwarding is done.
1082 local_lmtp Use an LMTP capable local mailer. The argument to this
1083 feature is the pathname of an LMTP capable mailer. By
1084 default, mail.local is used. This is expected to be the
1085 mail.local which came with the 8.9 distribution which is
1086 LMTP capable. The path to mail.local is set by the
1087 confEBINDIR m4 variable -- making the default
1088 LOCAL_MAILER_PATH /usr/libexec/mail.local.
1089 If a different LMTP capable mailer is used, its pathname
1090 can be specified as second parameter and the arguments
1091 passed to it (A=) as third parameter, e.g.,
1093 FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
1095 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1096 i.e., without respecting any definitions in an OSTYPE setting.
1098 local_procmail Use procmail or another delivery agent as the local mailer.
1099 The argument to this feature is the pathname of the
1100 delivery agent, which defaults to PROCMAIL_MAILER_PATH.
1101 Note that this does NOT use PROCMAIL_MAILER_FLAGS or
1102 PROCMAIL_MAILER_ARGS for the local mailer; tweak
1103 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
1104 specify the appropriate parameters. When procmail is used,
1105 the local mailer can make use of the
1106 "user+indicator@local.host" syntax; normally the +indicator
1107 is just tossed, but by default it is passed as the -a
1108 argument to procmail.
1110 This feature can take up to three arguments:
1112 1. Path to the mailer program
1113 [default: /usr/local/bin/procmail]
1114 2. Argument vector including name of the program
1115 [default: procmail -Y -a $h -d $u]
1116 3. Flags for the mailer [default: SPfhn9]
1118 Empty arguments cause the defaults to be taken.
1119 Note that if you are on a system with a broken
1120 setreuid() call, you may need to add -f $f to the procmail
1121 argument vector to pass the proper sender to procmail.
1123 For example, this allows it to use the maildrop mailer
1124 instead by specifying:
1126 FEATURE(`local_procmail', `/usr/local/bin/maildrop',
1131 FEATURE(`local_procmail', `/usr/local/bin/scanmails')
1133 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1134 i.e., without respecting any definitions in an OSTYPE setting.
1136 bestmx_is_local Accept mail as though locally addressed for any host that
1137 lists us as the best possible MX record. This generates
1138 additional DNS traffic, but should be OK for low to
1139 medium traffic hosts. The argument may be a set of
1140 domains, which will limit the feature to only apply to
1141 these domains -- this will reduce unnecessary DNS
1142 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
1143 WILDCARD MX RECORDS!!! If you have a wildcard MX record
1144 that matches your domain, you cannot use this feature.
1146 smrsh Use the SendMail Restricted SHell (smrsh) provided
1147 with the distribution instead of /bin/sh for mailing
1148 to programs. This improves the ability of the local
1149 system administrator to control what gets run via
1150 e-mail. If an argument is provided it is used as the
1151 pathname to smrsh; otherwise, the path defined by
1152 confEBINDIR is used for the smrsh binary -- by default,
1153 /usr/libexec/smrsh is assumed.
1156 By default, the sendmail configuration files do not permit
1157 mail relaying (that is, accepting mail from outside your
1158 local host (class {w}) and sending it to another host than
1159 your local host). This option sets your site to allow
1160 mail relaying from any site to any site. In almost all
1161 cases, it is better to control relaying more carefully
1162 with the access map, class {R}, or authentication. Domains
1163 can be added to class {R} by the macros RELAY_DOMAIN or
1164 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1165 MASQUERADE_DOMAIN_FILE, see below).
1168 This option allows any host in your domain as defined by
1169 class {m} to use your server for relaying. Notice: make
1170 sure that your domain is not just a top level domain,
1171 e.g., com. This can happen if you give your host a name
1172 like example.com instead of host.example.com.
1175 By default, names that are listed as RELAY in the access
1176 db and class {R} are treated as domain names, not host names.
1177 For example, if you specify ``foo.com'', then mail to or
1178 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1179 will all be accepted for relaying. This feature changes
1180 the behaviour to look up individual host names only.
1183 Turns on the ability to allow relaying based on the MX
1184 records of the host portion of an incoming recipient; that
1185 is, if an MX record for host foo.com points to your site,
1186 you will accept and relay mail addressed to foo.com. See
1187 description below for more information before using this
1188 feature. Also, see the KNOWNBUGS entry regarding bestmx
1191 FEATURE(`relay_based_on_MX') does not necessarily allow
1192 routing of these messages which you expect to be allowed,
1193 if route address syntax (or %-hack syntax) is used. If
1194 this is a problem, add entries to the access-table or use
1195 FEATURE(`loose_relay_check').
1198 Allows relaying if the mail sender is listed as RELAY in
1199 the access map. If an optional argument `domain' (this
1200 is the literal word `domain', not a placeholder) is given,
1201 relaying can be allowed just based on the domain portion
1202 of the sender address. This feature should only be used if
1203 absolutely necessary as the sender address can be easily
1204 forged. Use of this feature requires the "From:" tag to
1205 be used for the key in the access map; see the discussion
1206 of tags and FEATURE(`relay_mail_from') in the section on
1207 anti-spam configuration control.
1210 Allows relaying if the domain portion of the mail sender
1211 is a local host. This should only be used if absolutely
1212 necessary as it opens a window for spammers. Specifically,
1213 they can send mail to your mail server that claims to be
1214 from your domain (either directly or via a routed address),
1215 and you will go ahead and relay it out to arbitrary hosts
1218 accept_unqualified_senders
1219 Normally, MAIL FROM: commands in the SMTP session will be
1220 refused if the connection is a network connection and the
1221 sender address does not include a domain name. If your
1222 setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1223 you will need to use this feature to accept unqualified
1224 sender addresses. Setting the DaemonPortOptions modifier
1225 'u' overrides the default behavior, i.e., unqualified
1226 addresses are accepted even without this FEATURE.
1227 If this FEATURE is not used, the DaemonPortOptions modifier
1228 'f' can be used to enforce fully qualified addresses.
1230 accept_unresolvable_domains
1231 Normally, MAIL FROM: commands in the SMTP session will be
1232 refused if the host part of the argument to MAIL FROM:
1233 cannot be located in the host name service (e.g., an A or
1234 MX record in DNS). If you are inside a firewall that has
1235 only a limited view of the Internet host name space, this
1236 could cause problems. In this case you probably want to
1237 use this feature to accept all domains on input, even if
1238 they are unresolvable.
1240 access_db Turns on the access database feature. The access db gives
1241 you the ability to allow or refuse to accept mail from
1242 specified domains for administrative reasons. Moreover,
1243 it can control the behavior of sendmail in various situations.
1244 By default, the access database specification is:
1246 hash -T<TMPF> /etc/mail/access
1248 See the anti-spam configuration control section for further
1249 important information about this feature. Notice:
1250 "-T<TMPF>" is meant literal, do not replace it by anything.
1252 blocklist_recipients
1253 Turns on the ability to block incoming mail for certain
1254 recipient usernames, hostnames, or addresses. For
1255 example, you can block incoming mail to user nobody,
1256 host foo.mydomain.com, or guest@bar.mydomain.com.
1257 These specifications are put in the access db as
1258 described in the anti-spam configuration control section
1259 later in this document.
1261 delay_checks The rulesets check_mail and check_relay will not be called
1262 when a client connects or issues a MAIL command, respectively.
1263 Instead, those rulesets will be called by the check_rcpt
1264 ruleset; they will be skipped under certain circumstances.
1265 See "Delay all checks" in the anti-spam configuration control
1266 section. Note: this feature is incompatible to the versions
1269 check_other Enable a default check_other ruleset which terminates
1270 an SMTP session when it encounters a command which matches
1271 a regular expression given as argument. If no argument
1272 is given, then the default (to match potential headers) is:
1275 use_client_ptr If this feature is enabled then check_relay will override
1276 its first argument with $&{client_ptr}. This is useful for
1277 rejections based on the unverified hostname of client,
1278 which turns on the same behavior as in earlier sendmail
1279 versions when delay_checks was not in use. See doc/op/op.*
1280 about check_relay, {client_name}, and {client_ptr}.
1282 dnsbl Turns on rejection, discarding, or quarantining of hosts
1283 found in a DNS based list. The first argument is used as
1284 the domain in which blocked hosts are listed. A second
1285 argument can be used to change the default error message,
1286 or select one of the operations `discard' and `quarantine'.
1287 Without that second argument, the error message will be
1289 Rejected: IP-ADDRESS listed at SERVER
1291 where IP-ADDRESS and SERVER are replaced by the appropriate
1292 information. By default, temporary lookup failures are
1293 ignored. This behavior can be changed by specifying a
1294 third argument, which must be either `t' or a full error
1295 message. See the anti-spam configuration control section for
1296 an example. The dnsbl feature can be included several times
1297 to query different DNS based rejection lists. See also
1298 enhdnsbl for an enhanced version.
1300 Set the DNSBL_MAP mc option to change the default map
1301 definition from `host'. Set the DNSBL_MAP_OPT mc option
1302 to add additional options to the map specification used.
1304 Note: currently only IPv4 addresses are checked.
1306 Some DNS based rejection lists cause failures if asked
1307 for AAAA records. If your sendmail version is compiled
1308 with IPv6 support (NETINET6) and you experience this
1311 define(`DNSBL_MAP', `dns -R A')
1313 before the first use of this feature. Alternatively you
1314 can use enhdnsbl instead (see below). Moreover, this
1315 statement can be used to reduce the number of DNS retries,
1318 define(`DNSBL_MAP', `dns -R A -r2')
1320 See below (EDNSBL_TO) for an explanation.
1322 enhdnsbl Enhanced version of dnsbl (see above). Further arguments
1323 (up to 5) can be used to specify specific return values
1324 from lookups. Temporary lookup failures are ignored unless
1325 a third argument is given, which must be either `t' or a full
1326 error message. By default, any successful lookup will
1327 generate an error. Otherwise the result of the lookup is
1328 compared with the supplied argument(s), and only if a match
1329 occurs an error is generated. For example,
1331 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2')
1333 will reject the e-mail if the lookup returns the value
1334 ``127.0.0.2'', or generate a 451 response if the lookup
1335 temporarily failed. The arguments can contain metasymbols
1336 as they are allowed in the LHS of rules. As the example
1337 shows, the default values are also used if an empty argument,
1338 i.e., `', is specified. This feature requires that sendmail
1339 has been compiled with the flag DNSMAP (see sendmail/README).
1341 Set the EDNSBL_TO mc option to change the DNS retry count
1342 from the default value of 5, this can be very useful when
1343 a DNS server is not responding, which in turn may cause
1344 clients to time out (an entry stating
1346 did not issue MAIL/EXPN/VRFY/ETRN
1350 ratecontrol Enable simple ruleset to do connection rate control
1351 checking. This requires entries in access_db of the form
1353 ClientRate:IP.ADD.RE.SS LIMIT
1355 The RHS specifies the maximum number of connections
1356 (an integer number) over the time interval defined
1357 by ConnectionRateWindowSize, where 0 means unlimited.
1359 Take the following example:
1361 ClientRate:10.1.2.3 4
1362 ClientRate:127.0.0.1 0
1365 10.1.2.3 can only make up to 4 connections, the
1366 general limit it 10, and 127.0.0.1 can make an unlimited
1367 number of connections per ConnectionRateWindowSize.
1369 See also CONNECTION CONTROL.
1371 conncontrol Enable a simple check of the number of incoming SMTP
1372 connections. This requires entries in access_db of the
1375 ClientConn:IP.ADD.RE.SS LIMIT
1377 The RHS specifies the maximum number of open connections
1378 (an integer number).
1380 Take the following example:
1382 ClientConn:10.1.2.3 4
1383 ClientConn:127.0.0.1 0
1386 10.1.2.3 can only have up to 4 open connections, the
1387 general limit it 10, and 127.0.0.1 does not have any
1390 See also CONNECTION CONTROL.
1392 mtamark Experimental support for "Marking Mail Transfer Agents in
1393 Reverse DNS with TXT RRs" (MTAMark), see
1394 draft-stumpf-dns-mtamark-01. Optional arguments are:
1396 1. Error message, default:
1398 550 Rejected: $&{client_addr} not listed as MTA
1400 2. Temporary lookup failures are ignored unless a second
1401 argument is given, which must be either `t' or a full
1404 3. Lookup prefix, default: _perm._smtp._srv. This should
1405 not be changed unless the draft changes it.
1409 FEATURE(`mtamark', `', `t')
1411 lookupdotdomain Look up also .domain in the access map. This allows to
1412 match only subdomains. It does not work well with
1413 FEATURE(`relay_hosts_only'), because most lookups for
1414 subdomains are suppressed by the latter feature.
1417 Normally, if % addressing is used for a recipient, e.g.
1418 user%site@othersite, and othersite is in class {R}, the
1419 check_rcpt ruleset will strip @othersite and recheck
1420 user@site for relaying. This feature changes that
1421 behavior. It should not be needed for most installations.
1423 authinfo Provide a separate map for client side authentication
1424 information. See SMTP AUTHENTICATION for details.
1425 By default, the authinfo database specification is:
1427 hash /etc/mail/authinfo
1430 Preserve the name of the recipient host if LUSER_RELAY is
1431 used. Without this option, the domain part of the
1432 recipient address will be replaced by the host specified as
1433 LUSER_RELAY. This feature only works if the hostname is
1434 passed to the mailer (see mailer triple in op.me). Note
1435 that in the default configuration the local mailer does not
1436 receive the hostname, i.e., the mailer triple has an empty
1439 preserve_local_plus_detail
1440 Preserve the +detail portion of the address when passing
1441 address to local delivery agent. Disables alias and
1442 .forward +detail stripping (e.g., given user+detail, only
1443 that address will be looked up in the alias file; user+* and
1444 user will not be looked up). Only use if the local
1445 delivery agent in use supports +detail addressing.
1446 Moreover, this will most likely not work if the 'w' flag
1447 for the local mailer is set as the entire local address
1448 including +detail is passed to the user lookup function.
1450 compat_check Enable ruleset check_compat to look up pairs of addresses
1451 with the Compat: tag -- Compat:sender<@>recipient -- in the
1452 access map. Valid values for the RHS include
1453 DISCARD silently discard recipient
1454 TEMP: return a temporary error
1455 ERROR: return a permanent error
1456 In the last two cases, a 4xy/5xy SMTP reply code should
1459 no_default_msa Don't generate the default MSA daemon, i.e.,
1460 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1461 To define a MSA daemon with other parameters, use this
1462 FEATURE and introduce new settings via DAEMON_OPTIONS().
1464 msp Defines config file for Message Submission Program.
1465 See sendmail/SECURITY for details and cf/cf/submit.mc how
1466 to use it. An optional argument can be used to override
1467 the default of `[localhost]' to use as host to send all
1468 e-mails to. Note that MX records will be used if the
1469 specified hostname is not in square brackets (e.g.,
1470 [hostname]). If `MSA' is specified as second argument then
1471 port 587 is used to contact the server. Example:
1473 FEATURE(`msp', `', `MSA')
1475 Some more hints about possible changes can be found below
1476 in the section MESSAGE SUBMISSION PROGRAM.
1478 Note: Due to many problems, submit.mc uses
1480 FEATURE(`msp', `[127.0.0.1]')
1482 by default. If you have a machine with IPv6 only,
1485 FEATURE(`msp', `[IPv6:0:0:0:0:0:0:0:1]')
1487 If you want to continue using '[localhost]', (the behavior
1492 queuegroup A simple example how to select a queue group based
1493 on the full e-mail address or the domain of the
1494 recipient. Selection is done via entries in the
1495 access map using the tag QGRP:, for example:
1497 QGRP:example.com main
1498 QGRP:friend@some.org others
1499 QGRP:my.domain local
1501 where "main", "others", and "local" are names of
1502 queue groups. If an argument is specified, it is used
1503 as default queue group.
1505 Note: please read the warning in doc/op/op.me about
1506 queue groups and possible queue manipulations.
1508 greet_pause Adds the greet_pause ruleset which enables open proxy
1509 and SMTP slamming protection. The feature can take an
1510 argument specifying the milliseconds to wait:
1512 FEATURE(`greet_pause', `5000') dnl 5 seconds
1514 If FEATURE(`access_db') is enabled, an access database
1515 lookup with the GreetPause tag is done using client
1516 hostname, domain, IP address, or subnet to determine the
1519 GreetPause:my.domain 0
1520 GreetPause:example.com 5000
1521 GreetPause:10.1.2 2000
1522 GreetPause:127.0.0.1 0
1524 When using FEATURE(`access_db'), the optional
1525 FEATURE(`greet_pause') argument becomes the default if
1526 nothing is found in the access database. A ruleset called
1527 Local_greet_pause can be used for local modifications, e.g.,
1531 R$* $: $&{daemon_flags}
1534 block_bad_helo Reject messages from SMTP clients which provide a HELO/EHLO
1535 argument which is either unqualified, or is one of our own
1536 names (i.e., the server name instead of the client name).
1537 This check is performed at RCPT stage and disabled for the
1539 - authenticated sessions,
1540 - connections from IP addresses in class $={R}.
1541 Currently access_db lookups can not be used to
1542 (selectively) disable this test, moreover,
1544 FEATURE(`delay_checks')
1546 is required. Note, the block_bad_helo feature automatically
1547 adds the IPv6 and IPv4 localhost IP addresses to $={w} (local
1548 host names) and $={R} (relay permitted).
1550 require_rdns Reject mail from connecting SMTP clients without proper
1551 rDNS (reverse DNS), functional gethostbyaddr() resolution.
1552 Note: this feature will cause false positives, i.e., there
1553 are legitimate MTAs that do not have proper DNS entries.
1554 Rejecting mails from those MTAs is a local policy decision.
1556 The basic policy is to reject message with a 5xx error if
1557 the IP address fails to resolve. However, if this is a
1558 temporary failure, a 4xx temporary failure is returned.
1559 If the look-up succeeds, but returns an apparently forged
1560 value, this is treated as a temporary failure with a 4xx
1565 Exceptions based on access entries are discussed below.
1566 Any IP address matched using $=R (the "relay-domains" file)
1567 is excepted from the rules. Since we have explicitly
1568 allowed relaying for this host, based on IP address, we
1569 ignore the rDNS failure.
1571 The philosophical assumption here is that most users do
1572 not control their rDNS. They should be able to send mail
1573 through their ISP, whether or not they have valid rDNS.
1574 The class $=R, roughly speaking, contains those IP addresses
1575 and address ranges for which we are the ISP, or are acting
1578 If `delay_checks' is in effect (recommended), then any
1579 sender who has authenticated is also excepted from the
1580 restrictions. This happens because the rules produced by
1581 this FEATURE() will not be applied to authenticated senders
1582 (assuming `delay_checks').
1589 will allowlist IP address 1.2.3.4 and IP net 1.3.*
1590 so that the rDNS blocking does apply not to those IPs.
1593 Connect:1.2.3.4 REJECT
1594 will have the effect of forcing a temporary failure for
1595 that address to be treated as a permanent failure.
1597 badmx Reject envelope sender addresses (MAIL) whose domain part
1598 resolves to a "bad" MX record. By default these are
1599 MX records which resolve to A records that match the
1602 ^(127\.|10\.|0\.0\.0\.0)
1604 This default regular expression can be overridden by
1605 specifying an argument, e.g.,
1607 FEATURE(`badmx', `^127\.0\.0\.1')
1609 Note: this feature requires that the sendmail binary
1610 has been compiled with the options MAP_REGEX and
1613 sts Experimental support for Strict Transport Security
1614 (MTA-STS, see RFC 8461). It sets the option
1615 StrictTransportSecurity and takes one optional
1616 argument: the socket map specification to access
1617 postfix-mta-sts-resolver (see feature/sts.m4
1618 for the default value).
1619 For more information see doc/op/op.me.
1621 fips3 Basic support for FIPS in OpenSSL 3 by setting
1622 the environment variables OPENSSL_CONF and
1623 OPENSSL_MODULES to the first and second argument,
1624 respectively. For details, see the file and
1625 the OpenSSL documentation.
1631 Some things just can't be called features. To make this clear,
1632 they go in the hack subdirectory and are referenced using the HACK
1633 macro. These will tend to be site-dependent. The release
1634 includes the Berkeley-dependent "cssubdomain" hack (that makes
1635 sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
1636 this is intended as a short-term aid while moving hosts into
1640 +--------------------+
1641 | SITE CONFIGURATION |
1642 +--------------------+
1644 *****************************************************
1645 * This section is really obsolete, and is preserved *
1646 * only for back compatibility. You should plan on *
1647 * using mailertables for new installations. In *
1648 * particular, it doesn't work for the newer forms *
1649 * of UUCP mailers, such as uucp-uudom. *
1650 *****************************************************
1652 Complex sites will need more local configuration information, such as
1653 lists of UUCP hosts they speak with directly. This can get a bit more
1654 tricky. For an example of a "complex" site, see cf/ucbvax.mc.
1656 The SITECONFIG macro allows you to indirectly reference site-dependent
1657 configuration information stored in the siteconfig subdirectory. For
1660 SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
1662 reads the file uucp.ucbvax for local connection information. The
1663 second parameter is the local name (in this case just "ucbvax" since
1664 it is locally connected, and hence a UUCP hostname). The third
1665 parameter is the name of both a macro to store the local name (in
1666 this case, {U}) and the name of the class (e.g., {U}) in which to store
1667 the host information read from the file. Another SITECONFIG line reads
1669 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
1671 This says that the file uucp.ucbarpa contains the list of UUCP sites
1672 connected to ucbarpa.Berkeley.EDU. Class {W} will be used to
1673 store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
1674 is, the name of the relay to which the hosts listed in uucp.ucbarpa
1675 are connected. [The machine ucbarpa is gone now, but this
1676 out-of-date configuration file has been left around to demonstrate
1677 how you might do this.]
1679 Note that the case of SITECONFIG with a third parameter of ``U'' is
1680 special; the second parameter is assumed to be the UUCP name of the
1681 local site, rather than the name of a remote site, and the UUCP name
1682 is entered into class {w} (the list of local hostnames) as $U.UUCP.
1684 The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
1685 more than a sequence of SITE macros describing connectivity. For
1691 The second example demonstrates that you can use two names on the
1692 same line; these are usually aliases for the same host (or are at
1693 least in the same company).
1695 The macro LOCAL_UUCP can be used to add rules into the generated
1696 cf file at the place where MAILER(`uucp') inserts its rules. This
1697 should only be used if really necessary.
1700 +--------------------+
1701 | USING UUCP MAILERS |
1702 +--------------------+
1704 It's hard to get UUCP mailers right because of the extremely ad hoc
1705 nature of UUCP addressing. These config files are really designed
1706 for domain-based addressing, even for UUCP sites.
1708 There are four UUCP mailers available. The choice of which one to
1709 use is partly a matter of local preferences and what is running at
1710 the other end of your UUCP connection. Unlike good protocols that
1711 define what will go over the wire, UUCP uses the policy that you
1712 should do what is right for the other end; if they change, you have
1713 to change. This makes it hard to do the right thing, and discourages
1714 people from updating their software. In general, if you can avoid
1717 The major choice is whether to go for a domainized scheme or a
1718 non-domainized scheme. This depends entirely on what the other
1719 end will recognize. If at all possible, you should encourage the
1720 other end to go to a domain-based system -- non-domainized addresses
1721 don't work entirely properly.
1723 The four mailers are:
1725 uucp-old (obsolete name: "uucp")
1726 This is the oldest, the worst (but the closest to UUCP) way of
1727 sending messages across UUCP connections. It does bangify
1728 everything and prepends $U (your UUCP name) to the sender's
1729 address (which can already be a bang path itself). It can
1730 only send to one address at a time, so it spends a lot of
1731 time copying duplicates of messages. Avoid this if at all
1734 uucp-new (obsolete name: "suucp")
1735 The same as above, except that it assumes that in one rmail
1736 command you can specify several recipients. It still has a
1737 lot of other problems.
1740 This UUCP mailer keeps everything as domain addresses.
1741 Basically, it uses the SMTP mailer rewriting rules. This mailer
1742 is only included if MAILER(`smtp') is specified before
1745 Unfortunately, a lot of UUCP mailer transport agents require
1746 bangified addresses in the envelope, although you can use
1747 domain-based addresses in the message header. (The envelope
1748 shows up as the From_ line on UNIX mail.) So....
1751 This is a cross between uucp-new (for the envelope addresses)
1752 and uucp-dom (for the header addresses). It bangifies the
1753 envelope sender (From_ line in messages) without adding the
1754 local hostname, unless there is no host name on the address
1755 at all (e.g., "wolf") or the host component is a UUCP host name
1756 instead of a domain name ("somehost!wolf" instead of
1757 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
1758 is also specified earlier.
1762 On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1763 summarizes the sender rewriting for various mailers.
1765 Mailer sender rewriting in the envelope
1766 ------ ------ -------------------------
1767 uucp-{old,new} wolf grasp!wolf
1768 uucp-dom wolf wolf@grasp.insa-lyon.fr
1769 uucp-uudom wolf grasp.insa-lyon.fr!wolf
1771 uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
1772 uucp-dom wolf@fr.net wolf@fr.net
1773 uucp-uudom wolf@fr.net fr.net!wolf
1775 uucp-{old,new} somehost!wolf grasp!somehost!wolf
1776 uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
1777 uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
1779 If you are using one of the domainized UUCP mailers, you really want
1780 to convert all UUCP addresses to domain format -- otherwise, it will
1781 do it for you (and probably not the way you expected). For example,
1782 if you have the address foo!bar!baz (and you are not sending to foo),
1783 the heuristics will add the @uucp.relay.name or @local.host.name to
1784 this address. However, if you map foo to foo.host.name first, it
1785 will not add the local hostname. You can do this using the uucpdomain
1789 +-------------------+
1790 | TWEAKING RULESETS |
1791 +-------------------+
1793 For more complex configurations, you can define special rules.
1794 The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1795 the names. Any modifications made here are reflected in the header.
1797 A common use is to convert old UUCP addresses to SMTP addresses using
1798 the UUCPSMTP macro. For example:
1801 UUCPSMTP(`decvax', `decvax.dec.com')
1802 UUCPSMTP(`research', `research.att.com')
1804 will cause addresses of the form "decvax!user" and "research!user"
1805 to be converted to "user@decvax.dec.com" and "user@research.att.com"
1808 This could also be used to look up hosts in a database map:
1811 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3
1813 This map would be defined in the LOCAL_CONFIG portion, as shown below.
1815 Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1816 For example, new rules are needed to parse hostnames that you accept
1817 via MX records. For example, you might have:
1820 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1822 You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1823 pointing at this host; this rule catches the message and forwards it on
1826 You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1827 These rulesets are normally empty.
1829 A similar macro is LOCAL_CONFIG. This introduces lines added after the
1830 boilerplate option setting but before rulesets. Do not declare rulesets in
1831 the LOCAL_CONFIG section. It can be used to declare local database maps or
1832 whatever. For example:
1835 Khostmap hash /etc/mail/hostmap
1836 Kyplocal nis -m hosts.byname
1839 +---------------------------+
1840 | MASQUERADING AND RELAYING |
1841 +---------------------------+
1843 You can have your host masquerade as another using
1845 MASQUERADE_AS(`host.domain')
1847 This causes mail being sent to be labeled as coming from the
1848 indicated host.domain, rather than $j. One normally masquerades as
1849 one of one's own subdomains (for example, it's unlikely that
1850 Berkeley would choose to masquerade as an MIT site). This
1851 behaviour is modified by a plethora of FEATUREs; in particular, see
1852 masquerade_envelope, allmasquerade, limited_masquerade, and
1853 masquerade_entire_domain.
1855 The masquerade name is not normally canonified, so it is important
1856 that it be your One True Name, that is, fully qualified and not a
1857 CNAME. However, if you use a CNAME, the receiving side may canonify
1858 it for you, so don't think you can cheat CNAME mapping this way.
1860 Normally the only addresses that are masqueraded are those that come
1861 from this host (that is, are either unqualified or in class {w}, the list
1862 of local domain names). You can augment this list, which is realized
1865 MASQUERADE_DOMAIN(`otherhost.domain')
1867 The effect of this is that although mail to user@otherhost.domain
1868 will not be delivered locally, any mail including any user@otherhost.domain
1869 will, when relayed, be rewritten to have the MASQUERADE_AS address.
1870 This can be a space-separated list of names.
1872 If these names are in a file, you can use
1874 MASQUERADE_DOMAIN_FILE(`filename')
1876 to read the list of names from the indicated file (i.e., to add
1877 elements to class {M}).
1879 To exempt hosts or subdomains from being masqueraded, you can use
1881 MASQUERADE_EXCEPTION(`host.domain')
1883 This can come handy if you want to masquerade a whole domain
1884 except for one (or a few) host(s). If these names are in a file,
1887 MASQUERADE_EXCEPTION_FILE(`filename')
1889 Normally only header addresses are masqueraded. If you want to
1890 masquerade the envelope as well, use
1892 FEATURE(`masquerade_envelope')
1894 There are always users that need to be "exposed" -- that is, their
1895 internal site name should be displayed instead of the masquerade name.
1896 Root is an example (which has been "exposed" by default prior to 8.10).
1897 You can add users to this list using
1899 EXPOSED_USER(`usernames')
1901 This adds users to class {E}; you could also use
1903 EXPOSED_USER_FILE(`filename')
1905 You can also arrange to relay all unqualified names (that is, names
1906 without @host) to a relay host. For example, if you have a central
1907 email server, you might relay to that host so that users don't have
1908 to have .forward files or aliases. You can do this using
1910 define(`LOCAL_RELAY', `mailer:hostname')
1912 The ``mailer:'' can be omitted, in which case the mailer defaults to
1913 "relay". There are some user names that you don't want relayed, perhaps
1914 because of local aliases. A common example is root, which may be
1915 locally aliased. You can add entries to this list using
1917 LOCAL_USER(`usernames')
1919 This adds users to class {L}; you could also use
1921 LOCAL_USER_FILE(`filename')
1923 If you want all incoming mail sent to a centralized hub, as for a
1924 shared /var/spool/mail scheme, use
1926 define(`MAIL_HUB', `mailer:hostname')
1928 Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY
1929 and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1930 be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1931 Note: there is a (long standing) bug which keeps this combination from
1932 working for addresses of the form user+detail.
1933 Names in class {L} will be delivered locally, so you MUST have aliases or
1934 .forward files for them.
1936 For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1937 FEATURE(`stickyhost'), the following combinations of settings will have the
1940 email sent to.... eric eric@mastodon.CS.Berkeley.EDU
1942 LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally)
1943 mail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
1945 MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1946 mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done)
1948 Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1949 MAIL_HUB set as above (no local aliasing) (aliasing done)
1951 If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1952 MAIL_HUB act identically, with MAIL_HUB taking precedence.
1954 If you want all outgoing mail to go to a central relay site, define
1955 SMART_HOST as well. Briefly:
1957 LOCAL_RELAY applies to unqualified names (e.g., "eric").
1958 MAIL_HUB applies to names qualified with the name of the
1959 local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1960 SMART_HOST applies to names qualified with other hosts or
1961 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1962 or "eric@[127.0.0.1]").
1964 However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1965 DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1966 really want absolutely everything to go to a single central site you will
1967 need to unset all the other relays -- or better yet, find or build a
1968 minimal config file that does this.
1970 For duplicate suppression to work properly, the host name is best
1971 specified with a terminal dot:
1973 define(`MAIL_HUB', `host.domain.')
1974 note the trailing dot ---^
1977 +-------------------------------------------+
1978 | USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1979 +-------------------------------------------+
1981 LDAP can be used for aliases, maps, and classes by either specifying your
1982 own LDAP map specification or using the built-in default LDAP map
1983 specification. The built-in default specifications all provide lookups
1984 which match against either the machine's fully qualified hostname (${j}) or
1985 a "cluster". The cluster allows you to share LDAP entries among a large
1986 number of machines without having to enter each of the machine names into
1987 each LDAP entry. To set the LDAP cluster name to use for a particular
1988 machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1989 unique name. For example:
1991 define(`confLDAP_CLUSTER', `Servers')
1993 Here, the word `Servers' will be the cluster name. As an example, assume
1994 that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1995 to the Servers cluster.
1997 Some of the LDAP LDIF examples below show use of the Servers cluster.
1998 Every entry must have either a sendmailMTAHost or sendmailMTACluster
1999 attribute or it will be ignored. Be careful as mixing clusters and
2000 individual host records can have surprising results (see the CAUTION
2003 See the file cf/sendmail.schema for the actual LDAP schemas. Note that
2004 this schema (and therefore the lookups and examples below) is experimental
2005 at this point as it has had little public review. Therefore, it may change
2006 in future versions. Feedback via sendmail-YYYY@support.sendmail.org is
2007 encouraged (replace YYYY with the current year, e.g., 2005).
2013 The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
2014 lookups. To use the default schema, simply use:
2016 define(`ALIAS_FILE', `ldap:')
2018 By doing so, you will use the default schema which expands to a map
2019 declared as follows:
2021 ldap -k (&(objectClass=sendmailMTAAliasObject)
2022 (sendmailMTAAliasGrouping=aliases)
2023 (|(sendmailMTACluster=${sendmailMTACluster})
2024 (sendmailMTAHost=$j))
2025 (sendmailMTAKey=%0))
2026 -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
2029 NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
2030 used when the binary expands the `ldap:' token as the AliasFile option is
2031 not actually macro-expanded when read from the sendmail.cf file.
2033 Example LDAP LDIF entries might be:
2035 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
2036 objectClass: sendmailMTA
2037 objectClass: sendmailMTAAlias
2038 objectClass: sendmailMTAAliasObject
2039 sendmailMTAAliasGrouping: aliases
2040 sendmailMTAHost: etrn.sendmail.org
2041 sendmailMTAKey: sendmail-list
2042 sendmailMTAAliasValue: ca@example.org
2043 sendmailMTAAliasValue: eric
2044 sendmailMTAAliasValue: gshapiro@example.com
2046 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
2047 objectClass: sendmailMTA
2048 objectClass: sendmailMTAAlias
2049 objectClass: sendmailMTAAliasObject
2050 sendmailMTAAliasGrouping: aliases
2051 sendmailMTAHost: etrn.sendmail.org
2052 sendmailMTAKey: owner-sendmail-list
2053 sendmailMTAAliasValue: eric
2055 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
2056 objectClass: sendmailMTA
2057 objectClass: sendmailMTAAlias
2058 objectClass: sendmailMTAAliasObject
2059 sendmailMTAAliasGrouping: aliases
2060 sendmailMTACluster: Servers
2061 sendmailMTAKey: postmaster
2062 sendmailMTAAliasValue: eric
2064 Here, the aliases sendmail-list and owner-sendmail-list will be available
2065 only on etrn.sendmail.org but the postmaster alias will be available on
2066 every machine in the Servers cluster (including etrn.sendmail.org).
2068 CAUTION: aliases are additive so that entries like these:
2070 dn: sendmailMTAKey=bob, dc=sendmail, dc=org
2071 objectClass: sendmailMTA
2072 objectClass: sendmailMTAAlias
2073 objectClass: sendmailMTAAliasObject
2074 sendmailMTAAliasGrouping: aliases
2075 sendmailMTACluster: Servers
2077 sendmailMTAAliasValue: eric
2079 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
2080 objectClass: sendmailMTA
2081 objectClass: sendmailMTAAlias
2082 objectClass: sendmailMTAAliasObject
2083 sendmailMTAAliasGrouping: aliases
2084 sendmailMTAHost: etrn.sendmail.org
2086 sendmailMTAAliasValue: gshapiro
2088 would mean that on all of the hosts in the cluster, mail to bob would go to
2089 eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
2092 If you prefer not to use the default LDAP schema for your aliases, you can
2093 specify the map parameters when setting ALIAS_FILE. For example:
2095 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
2101 FEATURE()'s which take an optional map definition argument (e.g., access,
2102 mailertable, virtusertable, etc.) can instead take the special keyword
2105 FEATURE(`access_db', `LDAP')
2106 FEATURE(`virtusertable', `LDAP')
2108 When this keyword is given, that map will use LDAP lookups consisting of
2109 the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
2110 with the map name, a search attribute of sendmailMTAKey, and the value
2111 attribute sendmailMTAMapValue.
2113 The values for sendmailMTAMapName are:
2115 FEATURE() sendmailMTAMapName
2116 --------- ------------------
2121 genericstable generics
2123 uucpdomain uucpdomain
2124 virtusertable virtuser
2126 For example, FEATURE(`mailertable', `LDAP') would use the map definition:
2128 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
2129 (sendmailMTAMapName=mailer)
2130 (|(sendmailMTACluster=${sendmailMTACluster})
2131 (sendmailMTAHost=$j))
2132 (sendmailMTAKey=%0))
2133 -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
2135 An example LDAP LDIF entry using this map might be:
2137 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
2138 objectClass: sendmailMTA
2139 objectClass: sendmailMTAMap
2140 sendmailMTACluster: Servers
2141 sendmailMTAMapName: mailer
2143 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2144 objectClass: sendmailMTA
2145 objectClass: sendmailMTAMap
2146 objectClass: sendmailMTAMapObject
2147 sendmailMTAMapName: mailer
2148 sendmailMTACluster: Servers
2149 sendmailMTAKey: example.com
2150 sendmailMTAMapValue: relay:[smtp.example.com]
2152 CAUTION: If your LDAP database contains the record above and *ALSO* a host
2153 specific record such as:
2155 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2156 objectClass: sendmailMTA
2157 objectClass: sendmailMTAMap
2158 objectClass: sendmailMTAMapObject
2159 sendmailMTAMapName: mailer
2160 sendmailMTAHost: etrn.sendmail.org
2161 sendmailMTAKey: example.com
2162 sendmailMTAMapValue: relay:[mx.example.com]
2164 then these entries will give unexpected results. When the lookup is done
2165 on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
2166 require a single match. Since the host etrn.sendmail.org is also in the
2167 Servers cluster, LDAP would return two answers for the example.com map key
2168 in which case sendmail would treat this as no match at all.
2170 If you prefer not to use the default LDAP schema for your maps, you can
2171 specify the map parameters when using the FEATURE(). For example:
2173 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
2179 Normally, classes can be filled via files or programs. As of 8.12, they
2180 can also be filled via map lookups using a new syntax:
2182 F{ClassName}mapkey@mapclass:mapspec
2184 mapkey is optional and if not provided the map key will be empty. This can
2185 be used with LDAP to read classes from LDAP. Note that the lookup is only
2186 done when sendmail is initially started. Use the special value `@LDAP' to
2187 use the default LDAP schema. For example:
2189 RELAY_DOMAIN_FILE(`@LDAP')
2191 would put all of the attribute sendmailMTAClassValue values of LDAP records
2192 with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
2193 'R' into class $={R}. In other words, it is equivalent to the LDAP map
2196 F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
2197 (sendmailMTAClassName=R)
2198 (|(sendmailMTACluster=${sendmailMTACluster})
2199 (sendmailMTAHost=$j)))
2200 -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
2202 NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
2203 used when the binary expands the `@LDAP' token as class declarations are
2204 not actually macro-expanded when read from the sendmail.cf file.
2206 This can be used with class related commands such as RELAY_DOMAIN_FILE(),
2207 MASQUERADE_DOMAIN_FILE(), etc:
2209 Command sendmailMTAClassName
2210 ------- --------------------
2211 CANONIFY_DOMAIN_FILE() Canonify
2212 EXPOSED_USER_FILE() E
2213 GENERICS_DOMAIN_FILE() G
2214 LDAPROUTE_DOMAIN_FILE() LDAPRoute
2215 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv
2217 MASQUERADE_DOMAIN_FILE() M
2218 MASQUERADE_EXCEPTION_FILE() N
2219 RELAY_DOMAIN_FILE() R
2220 VIRTUSER_DOMAIN_FILE() VirtHost
2222 You can also add your own as any 'F'ile class of the form:
2226 will use "ClassName" for the sendmailMTAClassName.
2228 An example LDAP LDIF entry would look like:
2230 dn: sendmailMTAClassName=R, dc=sendmail, dc=org
2231 objectClass: sendmailMTA
2232 objectClass: sendmailMTAClass
2233 sendmailMTACluster: Servers
2234 sendmailMTAClassName: R
2235 sendmailMTAClassValue: sendmail.org
2236 sendmailMTAClassValue: example.com
2237 sendmailMTAClassValue: 10.56.23
2239 CAUTION: If your LDAP database contains the record above and *ALSO* a host
2240 specific record such as:
2242 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
2243 objectClass: sendmailMTA
2244 objectClass: sendmailMTAClass
2245 sendmailMTAHost: etrn.sendmail.org
2246 sendmailMTAClassName: R
2247 sendmailMTAClassValue: example.com
2249 the result will be similar to the aliases caution above. When the lookup
2250 is done on etrn.sendmail.org, $={R} would contain all of the entries (from
2251 both the cluster match and the host match). In other words, the effective
2254 If you prefer not to use the default LDAP schema for your classes, you can
2255 specify the map parameters when using the class command. For example:
2257 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
2259 Remember, macros can not be used in a class declaration as the binary does
2267 FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
2268 LDAP Schema for Intranet Mail Routing
2269 (draft-lachman-laser-ldap-mail-routing-01). This feature enables
2270 LDAP-based rerouting of a particular address to either a different host
2271 or a different address. The LDAP lookup is first attempted on the full
2272 address (e.g., user@example.com) and then on the domain portion
2273 (e.g., @example.com). Be sure to setup your domain for LDAP routing using
2274 LDAPROUTE_DOMAIN(), e.g.:
2276 LDAPROUTE_DOMAIN(`example.com')
2278 Additionally, you can specify equivalent domains for LDAP routing using
2279 LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent'
2280 hostnames are mapped to $M (the masqueraded hostname for the server) before
2281 the LDAP query. For example, if the mail is addressed to
2282 user@host1.example.com, normally the LDAP lookup would only be done for
2283 'user@host1.example.com' and '@host1.example.com'. However, if
2284 LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
2285 done on 'user@example.com' and '@example.com' after attempting the
2286 host1.example.com lookups.
2288 By default, the feature will use the schemas as specified in the draft
2289 and will not reject addresses not found by the LDAP lookup. However,
2290 this behavior can be changed by giving additional arguments to the FEATURE()
2293 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
2294 <detail>, <nodomain>, <tempfail>)
2296 where <mailHost> is a map definition describing how to look up an alternative
2297 mail host for a particular address; <mailRoutingAddress> is a map definition
2298 describing how to look up an alternative address for a particular address;
2299 the <bounce> argument, if present and not the word "passthru", dictates
2300 that mail should be bounced if neither a mailHost nor mailRoutingAddress
2301 is found, if set to "sendertoo", the sender will be rejected if not
2302 found in LDAP; and <detail> indicates what actions to take if the address
2303 contains +detail information -- `strip' tries the lookup with the +detail
2304 and if no matches are found, strips the +detail and tries the lookup again;
2305 `preserve', does the same as `strip' but if a mailRoutingAddress match is
2306 found, the +detail information is copied to the new address; the <nodomain>
2307 argument, if present, will prevent the @domain lookup if the full
2308 address is not found in LDAP; the <tempfail> argument, if set to
2309 "tempfail", instructs the rules to give an SMTP 4XX temporary
2310 error if the LDAP server gives the MTA a temporary failure, or if set to
2311 "queue" (the default), the MTA will locally queue the mail.
2313 The default <mailHost> map definition is:
2315 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2316 (mailLocalAddress=%0))
2318 The default <mailRoutingAddress> map definition is:
2320 ldap -1 -T<TMPF> -v mailRoutingAddress
2321 -k (&(objectClass=inetLocalMailRecipient)
2322 (mailLocalAddress=%0))
2324 Note that neither includes the LDAP server hostname (-h server) or base DN
2325 (-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
2326 your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
2327 these settings. If this is not the case, the map definitions should be
2328 changed as described above. The "-T<TMPF>" is required in any user
2329 specified map definition to catch temporary errors.
2331 The following possibilities exist as a result of an LDAP lookup on an
2334 mailHost is mailRoutingAddress is Results in
2335 ----------- --------------------- ----------
2336 set to a set mail delivered to
2337 "local" host mailRoutingAddress
2339 set to a not set delivered to
2340 "local" host original address
2342 set to a set mailRoutingAddress
2343 remote host relayed to mailHost
2345 set to a not set original address
2346 remote host relayed to mailHost
2348 not set set mail delivered to
2351 not set not set delivered to
2352 original address *OR*
2353 bounced as unknown user
2355 The term "local" host above means the host specified is in class {w}. If
2356 the result would mean sending the mail to a different host, that host is
2357 looked up in the mailertable before delivery.
2359 Note that the last case depends on whether the third argument is given
2360 to the FEATURE() command. The default is to deliver the message to the
2363 The LDAP entries should be set up with an objectClass of
2364 inetLocalMailRecipient and the address be listed in a mailLocalAddress
2365 attribute. If present, there must be only one mailHost attribute and it
2366 must contain a fully qualified host name as its value. Similarly, if
2367 present, there must be only one mailRoutingAddress attribute and it must
2368 contain an RFC 822 compliant address. Some example LDAP records (in LDIF
2371 dn: uid=tom, o=example.com, c=US
2372 objectClass: inetLocalMailRecipient
2373 mailLocalAddress: tom@example.com
2374 mailRoutingAddress: thomas@mailhost.example.com
2376 This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2378 dn: uid=dick, o=example.com, c=US
2379 objectClass: inetLocalMailRecipient
2380 mailLocalAddress: dick@example.com
2381 mailHost: eng.example.com
2383 This would relay mail for dick@example.com to the same address but redirect
2384 the mail to MX records listed for the host eng.example.com (unless the
2385 mailertable overrides).
2387 dn: uid=harry, o=example.com, c=US
2388 objectClass: inetLocalMailRecipient
2389 mailLocalAddress: harry@example.com
2390 mailHost: mktmail.example.com
2391 mailRoutingAddress: harry@mkt.example.com
2393 This would relay mail for harry@example.com to the MX records listed for
2394 the host mktmail.example.com using the new address harry@mkt.example.com
2395 when talking to that host.
2397 dn: uid=virtual.example.com, o=example.com, c=US
2398 objectClass: inetLocalMailRecipient
2399 mailLocalAddress: @virtual.example.com
2400 mailHost: server.example.com
2401 mailRoutingAddress: virtual@example.com
2403 This would send all mail destined for any username @virtual.example.com to
2404 the machine server.example.com's MX servers and deliver to the address
2405 virtual@example.com on that relay machine.
2408 +---------------------------------+
2409 | ANTI-SPAM CONFIGURATION CONTROL |
2410 +---------------------------------+
2412 The primary anti-spam features available in sendmail are:
2414 * Relaying is denied by default.
2415 * Better checking on sender information.
2419 Relaying (transmission of messages from a site outside your host (class
2420 {w}) to another site except yours) is denied by default. Note that this
2421 changed in sendmail 8.9; previous versions allowed relaying by default.
2422 If you really want to revert to the old behaviour, you will need to use
2423 FEATURE(`promiscuous_relay'). You can allow certain domains to relay
2424 through your server by adding their domain name or IP address to class
2425 {R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2426 (described below). Note that IPv6 addresses must be prefaced with "IPv6:".
2427 The file consists (like any other file based class) of entries listed on
2428 separate lines, e.g.,
2433 IPv6:2002:c0a8:51d2::23f4
2437 Notice: the last entry allows relaying for connections via a UNIX
2438 socket to the MTA/MSP. This might be necessary if your configuration
2439 doesn't allow relaying by other means in that case, e.g., by having
2440 localhost.$m in class {R} (make sure $m is not just a top level
2445 FEATURE(`relay_entire_domain')
2447 then any host in any of your local domains (that is, class {m})
2448 will be relayed (that is, you will accept mail either to or from any
2449 host in your domain).
2451 You can also allow relaying based on the MX records of the host
2452 portion of an incoming recipient address by using
2454 FEATURE(`relay_based_on_MX')
2456 For example, if your server receives a recipient of user@domain.com
2457 and domain.com lists your server in its MX records, the mail will be
2458 accepted for relay to domain.com. This feature may cause problems
2459 if MX lookups for the recipient domain are slow or time out. In that
2460 case, mail will be temporarily rejected. It is usually better to
2461 maintain a list of hosts/domains for which the server acts as relay.
2462 Note also that this feature will stop spammers from using your host
2463 to relay spam but it will not stop outsiders from using your server
2464 as a relay for their site (that is, they set up an MX record pointing
2465 to your mail server, and you will relay mail addressed to them
2466 without any prior arrangement). Along the same lines,
2468 FEATURE(`relay_local_from')
2470 will allow relaying if the sender specifies a return path (i.e.
2471 MAIL FROM:<user@domain>) domain which is a local domain. This is a
2472 dangerous feature as it will allow spammers to spam using your mail
2473 server by simply specifying a return address of user@your.domain.com.
2474 It should not be used unless absolutely necessary.
2475 A slightly better solution is
2477 FEATURE(`relay_mail_from')
2479 which allows relaying if the mail sender is listed as RELAY in the
2480 access map. If an optional argument `domain' (this is the literal
2481 word `domain', not a placeholder) is given, the domain portion of
2482 the mail sender is also checked to allowing relaying. This option
2483 only works together with the tag From: for the LHS of the access
2484 map entries. This feature allows spammers to abuse your mail server
2485 by specifying a return address that you enabled in your access file.
2486 This may be harder to figure out for spammers, but it should not
2487 be used unless necessary. Instead use SMTP AUTH or STARTTLS to
2488 allow relaying for roaming users.
2491 If source routing is used in the recipient address (e.g.,
2492 RCPT TO:<user%site.com@othersite.com>), sendmail will check
2493 user@site.com for relaying if othersite.com is an allowed relay host
2494 in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2495 or the access database if FEATURE(`access_db') is used. To prevent
2496 the address from being stripped down, use:
2498 FEATURE(`loose_relay_check')
2500 If you think you need to use this feature, you probably do not. This
2501 should only be used for sites which have no control over the addresses
2502 that they provide a gateway for. Use this FEATURE with caution as it
2503 can allow spammers to relay through your server if not setup properly.
2505 NOTICE: It is possible to relay mail through a system which the
2506 anti-relay rules do not prevent: the case of a system that does use
2507 FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial')
2508 (system A) and relays local messages to a mail hub (e.g., via
2509 LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the
2510 same feature (nouucp / nopercenthack) at all, addresses of the form
2511 <example.net!user@local.host> / <user%example.net@local.host>
2512 would be relayed to <user@example.net>.
2513 System A doesn't recognize `!' / `%' as an address separator and
2514 therefore forwards it to the mail hub which in turns relays it
2515 because it came from a trusted local host. So if a mailserver
2516 allows UUCP (bang-format) / %-hack addresses, all systems from which
2517 it allows relaying should do the same or reject those addresses.
2519 As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2520 an unresolvable domain (i.e., one that DNS, your local name service,
2521 or special case rules in ruleset 3 cannot locate). This also applies
2522 to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2523 IP address can't be mapped to a host name. If you want to continue
2524 to accept such domains, e.g., because you are inside a firewall that
2525 has only a limited view of the Internet host name space (note that you
2526 will not be able to return mail to them unless you have some "smart
2527 host" forwarder), use
2529 FEATURE(`accept_unresolvable_domains')
2531 Alternatively, you can allow specific addresses by adding them to
2532 the access map, e.g.,
2534 From:unresolvable.domain OK
2538 Notice: domains which are temporarily unresolvable are (temporarily)
2539 rejected with a 451 reply code. If those domains should be accepted
2540 (which is discouraged) then you can use
2545 sendmail will also refuse mail if the MAIL FROM: parameter is not
2546 fully qualified (i.e., contains a domain as well as a user). If you
2547 want to continue to accept such senders, use
2549 FEATURE(`accept_unqualified_senders')
2551 Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2552 i.e., unqualified addresses are accepted even without this FEATURE. If
2553 this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2554 to enforce fully qualified domain names.
2556 An ``access'' database can be created to accept or reject mail from
2557 selected domains. For example, you may choose to reject all mail
2558 originating from known spammers. To enable such a database, use
2560 FEATURE(`access_db')
2562 Notice: the access database is applied to the envelope addresses
2563 and the connection information, not to the header.
2565 The FEATURE macro can accept as second parameter the key file
2566 definition for the database; for example
2568 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2570 Notice: If a second argument is specified it must contain the option
2571 `-T<TMPF>' as shown above. The optional parameters may be
2573 `skip' enables SKIP as value part (see below).
2574 `lookupdotdomain' another way to enable the feature of the
2575 same name (see above).
2576 `relaytofulladdress' enable entries of the form
2577 To:user@example.com RELAY
2578 to allow relaying to just a specific
2579 e-mail address instead of an entire domain.
2581 Remember, since /etc/mail/access is a database, after creating the text
2582 file as described below, you must use makemap to create the database
2585 makemap hash /etc/mail/access < /etc/mail/access
2587 The table itself uses e-mail addresses, domain names, and network
2588 numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:".
2591 From:spammer@aol.com REJECT
2592 From:cyberspammer.com REJECT
2593 Connect:cyberspammer.com REJECT
2595 Connect:192.168.212 REJECT
2596 Connect:IPv6:2002:c0a8:02c7 RELAY
2597 Connect:IPv6:2002:c0a8:51d2::23f4 REJECT
2599 would refuse mail from spammer@aol.com, any user from cyberspammer.com
2600 (or any host within the cyberspammer.com domain), any host in the entire
2601 top level domain TLD, 192.168.212.* network, and the IPv6 address
2602 2002:c0a8:51d2::23f4. It would allow relay for the IPv6 network
2603 2002:c0a8:02c7::/48.
2605 Entries in the access map should be tagged according to their type.
2606 These tags are applicable:
2608 Connect: connection information (${client_addr}, ${client_name})
2609 From: envelope sender
2610 To: envelope recipient
2612 Notice: untagged entries are deprecated.
2614 If the required item is looked up in a map, it will be tried first
2615 with the corresponding tag in front, then (as fallback to enable
2616 backward compatibility) without any tag, unless the specific feature
2617 requires a tag. For example,
2619 From:spammer@some.dom REJECT
2620 To:friend.domain RELAY
2621 Connect:friend.domain OK
2622 Connect:from.domain RELAY
2623 From:good@another.dom OK
2624 From:another.dom REJECT
2626 This would deny mails from spammer@some.dom but you could still
2627 send mail to that address even if FEATURE(`blocklist_recipients')
2628 is enabled. Your system will allow relaying to friend.domain, but
2629 not from it (unless enabled by other means). Connections from that
2630 domain will be allowed even if it ends up in one of the DNS based
2631 rejection lists. Relaying is enabled from from.domain but not to
2632 it (since relaying is based on the connection information for
2633 outgoing relaying, the tag Connect: must be used; for incoming
2634 relaying, which is based on the recipient address, To: must be
2635 used). The last two entries allow mails from good@another.dom but
2636 reject mail from all other addresses with another.dom as domain
2640 The value part of the map can contain:
2642 OK Accept mail even if other rules in the running
2643 ruleset would reject it, for example, if the domain
2644 name is unresolvable. "Accept" does not mean
2645 "relay", but at most acceptance for local
2646 recipients. That is, OK allows less than RELAY.
2647 RELAY Accept mail addressed to the indicated domain
2648 (or address if `relaytofulladdress' is set) or
2649 received from the indicated domain for relaying
2650 through your SMTP server. RELAY also serves as
2651 an implicit OK for the other checks.
2652 REJECT Reject the sender or recipient with a general
2654 DISCARD Discard the message completely using the
2655 $#discard mailer. If it is used in check_compat,
2656 it affects only the designated recipient, not
2657 the whole message as it does in all other cases.
2658 This should only be used if really necessary.
2659 SKIP This can only be used for host/domain names
2660 and IP addresses/nets. It will abort the current
2661 search for this entry without accepting or rejecting
2662 it but causing the default action.
2663 ### any text where ### is an RFC 821 compliant error code and
2664 "any text" is a message to return for the command.
2665 The entire string should be quoted to avoid
2670 Otherwise sendmail formats the text as email
2671 addresses, e.g., it may remove spaces.
2672 This type is deprecated, use one of the two
2673 ERROR: entries below instead.
2675 as above, but useful to mark error messages as such.
2676 If quotes need to be used to avoid modifications
2677 (see above), they should be placed like this:
2679 ERROR:"### any text"
2681 ERROR:D.S.N:### any text
2682 where D.S.N is an RFC 1893 compliant error code
2683 and the rest as above. If quotes need to be used
2684 to avoid modifications, they should be placed
2687 ERROR:D.S.N:"### any text"
2690 Quarantine the message using the given text as the
2691 quarantining reason.
2695 From:cyberspammer.com ERROR:"550 We don't accept mail from spammers"
2696 From:okay.cyberspammer.com OK
2697 Connect:sendmail.org RELAY
2698 To:sendmail.org RELAY
2699 Connect:128.32 RELAY
2700 Connect:128.32.2 SKIP
2701 Connect:IPv6:1:2:3:4:5:6:7 RELAY
2702 Connect:suspicious.example.com QUARANTINE:Mail from suspicious host
2703 Connect:[127.0.0.3] OK
2704 Connect:[IPv6:1:2:3:4:5:6:7:8] OK
2706 would accept mail from okay.cyberspammer.com, but would reject mail
2707 from all other hosts at cyberspammer.com with the indicated message.
2708 It would allow relaying mail from and to any hosts in the sendmail.org
2709 domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2710 and from the 128.32.*.* network except for the 128.32.2.* network,
2711 which shows how SKIP is useful to exempt subnets/subdomains. The
2712 last two entries are for checks against ${client_name} if the IP
2713 address doesn't resolve to a hostname (or is considered as "may be
2714 forged"). That is, using square brackets means these are host
2715 names, not network numbers.
2717 Warning: if you change the RFC 821 compliant error code from the default
2718 value of 550, then you should probably also change the RFC 1893 compliant
2719 error code to match it. For example, if you use
2721 To:user@example.com ERROR:450 mailbox full
2723 the error returned would be "450 5.0.0 mailbox full" which is wrong.
2724 Use "ERROR:4.2.2:450 mailbox full" instead.
2726 Note, UUCP users may need to add hostname.UUCP to the access database
2731 FEATURE(`relay_hosts_only')
2733 then the above example will allow relaying for sendmail.org, but not
2734 hosts within the sendmail.org domain. Note that this will also require
2735 hosts listed in class {R} to be fully qualified host names.
2737 You can also use the access database to block sender addresses based on
2738 the username portion of the address. For example:
2740 From:FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted
2742 Note that you must include the @ after the username to signify that
2743 this database entry is for checking only the username portion of the
2748 FEATURE(`blocklist_recipients')
2750 then you can add entries to the map for local users, hosts in your
2751 domains, or addresses in your domain which should not receive mail:
2753 To:badlocaluser@ ERROR:550 Mailbox disabled for badlocaluser
2754 To:host.my.TLD ERROR:550 That host does not accept mail
2755 To:user@other.my.TLD ERROR:550 Mailbox disabled for this recipient
2757 This would prevent a recipient of badlocaluser in any of the local
2758 domains (class {w}), any user at host.my.TLD, and the single address
2759 user@other.my.TLD from receiving mail. Please note: a local username
2760 must be now tagged with an @ (this is consistent with the check of
2761 the sender address, and hence it is possible to distinguish between
2762 hostnames and usernames). Enabling this feature will keep you from
2763 sending mails to all addresses that have an error message or REJECT
2764 as value part in the access map. Taking the example from above:
2766 spammer@aol.com REJECT
2767 cyberspammer.com REJECT
2769 Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2770 That's why tagged entries should be used.
2772 There are several DNS based blocklists which can be found by
2773 querying a search engine. These are databases of spammers
2774 maintained in DNS. To use such a database, specify
2776 FEATURE(`dnsbl', `dnsbl.example.com')
2778 This will cause sendmail to reject mail from any site listed in the
2779 DNS based blocklist. You must select a DNS based blocklist domain
2780 to check by specifying an argument to the FEATURE. The default
2783 Rejected: IP-ADDRESS listed at SERVER
2785 where IP-ADDRESS and SERVER are replaced by the appropriate
2786 information. A second argument can be used to specify a different
2787 text or action. For example,
2789 FEATURE(`dnsbl', `dnsbl.example.com', `quarantine')
2791 would quarantine the message if the client IP address is listed
2792 at `dnsbl.example.com'.
2794 By default, temporary lookup failures are ignored
2795 and hence cause the connection not to be rejected by the DNS based
2796 rejection list. This behavior can be changed by specifying a third
2797 argument, which must be either `t' or a full error message. For
2800 FEATURE(`dnsbl', `dnsbl.example.com', `',
2801 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2803 If `t' is used, the error message is:
2805 451 Temporary lookup failure of IP-ADDRESS at SERVER
2807 where IP-ADDRESS and SERVER are replaced by the appropriate
2810 This FEATURE can be included several times to query different
2811 DNS based rejection lists.
2813 Notice: to avoid checking your own local domains against those
2814 blocklists, use the access_db feature and add:
2817 Connect:127.0.0.1 RELAY
2819 to the access map, where 10.1 is your local network. You may
2820 want to use "RELAY" instead of "OK" to allow also relaying
2821 instead of just disabling the DNS lookups in the blocklists.
2824 The features described above make use of the check_relay, check_mail,
2825 and check_rcpt rulesets. Note that check_relay checks the SMTP
2826 client hostname and IP address when the connection is made to your
2827 server. It does not check if a mail message is being relayed to
2828 another server. That check is done in check_rcpt. If you wish to
2829 include your own checks, you can put your checks in the rulesets
2830 Local_check_relay, Local_check_mail, and Local_check_rcpt. For
2831 example if you wanted to block senders with all numeric usernames
2832 (i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2836 Kallnumbers regex -a@MATCH ^[0-9]+$
2840 # check address against various regex checks
2841 R$* $: $>Parse0 $>3 $1
2842 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $)
2843 R@MATCH $#error $: 553 Address Error
2845 These rules are called with the original arguments of the corresponding
2846 check_* ruleset. If the local ruleset returns $#OK, no further checking
2847 is done by the features described above and the mail is accepted. If
2848 the local ruleset resolves to a mailer (such as $#error or $#discard),
2849 the appropriate action is taken. Other results starting with $# are
2850 interpreted by sendmail and may lead to unspecified behavior. Note: do
2851 NOT create a mailer with the name OK. Return values that do not start
2852 with $# are ignored, i.e., normal processing continues.
2857 By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2858 will not be called when a client connects or issues a MAIL command,
2859 respectively. Instead, those rulesets will be called by the check_rcpt
2860 ruleset; they will be skipped if a sender has been authenticated using
2861 a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2862 If check_mail returns an error then the RCPT TO command will be rejected
2863 with that error. If it returns some other result starting with $# then
2864 check_relay will be skipped. If the sender address (or a part of it) is
2865 listed in the access map and it has a RHS of OK or RELAY, then check_relay
2866 will be skipped. This has an interesting side effect: if your domain is
2867 my.domain and you have
2871 in the access map, then any e-mail with a sender address of
2872 <user@my.domain> will not be rejected by check_relay even though
2873 it would match the hostname or IP address. This allows spammers
2874 to get around DNS based blocklist by faking the sender address. To
2875 avoid this problem you have to use tagged entries:
2878 Connect:my.domain RELAY
2880 if you need those entries at all (class {R} may take care of them).
2882 FEATURE(`delay_checks') can take an optional argument:
2884 FEATURE(`delay_checks', `friend')
2885 enables spamfriend test
2886 FEATURE(`delay_checks', `hater')
2887 enables spamhater test
2889 If such an argument is given, the recipient will be looked up in the
2890 access map (using the tag Spam:). If the argument is `friend', then
2891 the default behavior is to apply the other rulesets and make a SPAM
2892 friend the exception. The rulesets check_mail and check_relay will be
2893 skipped only if the recipient address is found and has RHS FRIEND. If
2894 the argument is `hater', then the default behavior is to skip the rulesets
2895 check_mail and check_relay and make a SPAM hater the exception. The
2896 other two rulesets will be applied only if the recipient address is
2897 found and has RHS HATER.
2899 This allows for simple exceptions from the tests, e.g., by activating
2900 the friend option and having
2904 in the access map, mail to abuse@localdomain will get through (where
2905 "localdomain" is any domain in class {w}). It is also possible to
2906 specify a full address or an address with +detail:
2908 Spam:abuse@my.domain FRIEND
2909 Spam:me+abuse@ FRIEND
2910 Spam:spam.domain FRIEND
2912 Note: The required tag has been changed in 8.12 from To: to Spam:.
2913 This change is incompatible to previous versions. However, you can
2914 (for now) simply add the new entries to the access map, the old
2915 ones will be ignored. As soon as you removed the old entries from
2916 the access map, specify a third parameter (`n') to this feature and
2917 the backward compatibility rules will not be in the generated .cf
2923 You can also reject mail on the basis of the contents of headers.
2924 This is done by adding a ruleset call to the 'H' header definition command
2925 in sendmail.cf. For example, this can be used to check the validity of
2926 a Message-ID: header:
2929 HMessage-Id: $>CheckMessageId
2934 R$* $#error $: 553 Header Error
2936 The alternative format:
2938 HSubject: $>+CheckSubject
2940 that is, $>+ instead of $>, gives the full Subject: header including
2941 comments to the ruleset (comments in parentheses () are stripped
2944 A default ruleset for headers which don't have a specific ruleset
2945 defined for them can be given by:
2950 1. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2951 That may cause problems with simple header checks due to the
2952 tokenization. It might be simpler to use a regex map and apply it
2954 2. There are no default rulesets coming with this distribution of
2955 sendmail. You can write your own, can search the WWW for examples,
2956 or take a look at cf/cf/knecht.mc.
2957 3. When using a default ruleset for headers, the name of the header
2958 currently being checked can be found in the $&{hdr_name} macro.
2960 After all of the headers are read, the check_eoh ruleset will be called for
2961 any final header-related checks. The ruleset is called with the number of
2962 headers and the size of all of the headers in bytes separated by $|. One
2963 example usage is to reject messages which do not have a Message-Id:
2964 header. However, the Message-Id: header is *NOT* a required header and is
2965 not a guaranteed spam indicator. This ruleset is an example and should
2966 probably not be used in production.
2970 HMessage-Id: $>CheckMessageId
2974 # Record the presence of the header
2975 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
2977 R$* $#error $: 553 Header Error
2981 R$* $: < $&{MessageIdCheck} >
2982 # Clear the macro for the next message
2983 R$* $: $(storage {MessageIdCheck} $) $1
2984 # Has a Message-Id: header
2986 # Allow missing Message-Id: from local mail
2987 R$* $: < $&{client_name} >
2990 # Otherwise, reject the mail
2991 R$* $#error $: 553 Header Error
2994 +--------------------+
2995 | CONNECTION CONTROL |
2996 +--------------------+
2998 The features ratecontrol and conncontrol allow to establish connection
2999 limits per client IP address or net. These features can limit the
3000 rate of connections (connections per time unit) or the number of
3001 incoming SMTP connections, respectively. If enabled, appropriate
3002 rulesets are called at the end of check_relay, i.e., after DNS
3003 blocklists and generic access_db operations. The features require
3004 FEATURE(`access_db') to be listed earlier in the mc file.
3006 Note: FEATURE(`delay_checks') delays those connection control checks
3007 after a recipient address has been received, hence making these
3008 connection control features less useful. To run the checks as early
3009 as possible, specify the parameter `nodelay', e.g.,
3011 FEATURE(`ratecontrol', `nodelay')
3013 In that case, FEATURE(`delay_checks') has no effect on connection
3014 control (and it must be specified earlier in the mc file).
3016 An optional second argument `terminate' specifies whether the
3017 rulesets should return the error code 421 which will cause
3018 sendmail to terminate the session with that error if it is
3019 returned from check_relay, i.e., not delayed as explained in
3020 the previous paragraph. Example:
3022 FEATURE(`ratecontrol', `nodelay', `terminate')
3029 In this text, cert will be used as an abbreviation for X.509 certificate,
3030 DN (CN) is the distinguished (common) name of a cert, and CA is a
3031 certification authority, which signs (issues) certs.
3033 For STARTTLS to be offered by sendmail you need to set at least
3034 these variables (the file names and paths are just examples):
3036 define(`confCACERT_PATH', `/etc/mail/certs/')
3037 define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
3038 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
3039 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
3041 On systems which do not have the compile flag HASURANDOM set (see
3042 sendmail/README) you also must set confRAND_FILE.
3044 See doc/op/op.{me,ps,txt} for more information about these options,
3045 especially the sections ``Certificates for STARTTLS'' and ``PRNG for
3048 Macros related to STARTTLS are:
3050 ${cert_issuer} holds the DN of the CA (the cert issuer).
3051 ${cert_subject} holds the DN of the cert (called the cert subject).
3052 ${cn_issuer} holds the CN of the CA (the cert issuer).
3053 ${cn_subject} holds the CN of the cert (called the cert subject).
3054 ${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
3055 TLSv1/SSLv3, SSLv3, SSLv2.
3056 ${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
3057 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
3058 ${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
3059 used for the connection.
3060 ${verify} holds the result of the verification of the presented cert.
3061 Possible values are:
3062 OK verification succeeded.
3063 NO no cert presented.
3064 NOT no cert requested.
3065 FAIL cert presented but could not be verified,
3066 e.g., the cert of the signing CA is missing.
3067 NONE STARTTLS has not been performed.
3068 TEMP temporary error occurred.
3069 PROTOCOL protocol error occurred (SMTP level).
3070 SOFTWARE STARTTLS handshake failed.
3071 ${server_name} the name of the server of the current outgoing SMTP
3073 ${server_addr} the address of the server of the current outgoing SMTP
3079 SMTP STARTTLS can allow relaying for remote SMTP clients which have
3080 successfully authenticated themselves. If the verification of the cert
3081 failed (${verify} != OK), relaying is subject to the usual rules.
3082 Otherwise the DN of the issuer is looked up in the access map using the
3083 tag CERTISSUER. If the resulting value is RELAY, relaying is allowed.
3084 If it is SUBJECT, the DN of the cert subject is looked up next in the
3085 access map using the tag CERTSUBJECT. If the value is RELAY, relaying
3088 To make things a bit more flexible (or complicated), the values for
3089 ${cert_issuer} and ${cert_subject} can be optionally modified by regular
3090 expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
3091 _CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
3092 rulesets and map lookups, they are modified as follows: each non-printable
3093 character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
3094 by their HEX value with a leading '+'. For example:
3096 /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/emailAddress=
3097 darth+cert@endmail.org
3101 /C=US/ST=California/O=endmail.org/OU=private/CN=
3102 Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3104 (line breaks have been inserted for readability).
3106 The macros which are subject to this encoding are ${cert_subject},
3107 ${cert_issuer}, ${cn_subject}, and ${cn_issuer}.
3111 To allow relaying for everyone who can present a cert signed by
3113 /C=US/ST=California/O=endmail.org/OU=private/CN=
3114 Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3118 CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3119 Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org RELAY
3121 To allow relaying only for a subset of machines that have a cert signed by
3123 /C=US/ST=California/O=endmail.org/OU=private/CN=
3124 Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
3128 CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3129 Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org SUBJECT
3130 CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
3131 DeathStar/emailAddress=deathstar@endmail.org RELAY
3133 Note: line breaks have been inserted after "CN=" for readability,
3134 each tagged entry must be one (long) line in the access map.
3136 Of course it is also possible to write a simple ruleset that allows
3137 relaying for everyone who can present a cert that can be verified, e.g.,
3144 Allowing Connections
3145 --------------------
3147 The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
3148 an SMTP connection is accepted (or should continue).
3150 tls_server is called when sendmail acts as client after a STARTTLS command
3151 (should) have been issued. The parameter is the value of ${verify}.
3153 tls_client is called when sendmail acts as server, after a STARTTLS command
3154 has been issued, and from check_mail. The parameter is the value of
3155 ${verify} and STARTTLS or MAIL, respectively.
3157 Both rulesets behave the same. If no access map is in use, the connection
3158 will be accepted unless ${verify} is SOFTWARE, in which case the connection
3159 is always aborted. For tls_server/tls_client, ${client_name}/${server_name}
3160 is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
3161 with the ruleset LookUpDomain. If no entry is found, ${client_addr}
3162 (${server_addr}) is looked up in the access map (same tag, ruleset
3163 LookUpAddr). If this doesn't result in an entry either, just the tag is
3164 looked up in the access map (included the trailing colon). Notice:
3165 requiring that e-mail is sent to a server only encrypted, e.g., via
3167 TLS_Srv:secure.domain ENCR:112
3169 doesn't necessarily mean that e-mail sent to that domain is encrypted.
3170 If the domain has multiple MX servers, e.g.,
3172 secure.domain. IN MX 10 mail.secure.domain.
3173 secure.domain. IN MX 50 mail.other.domain.
3175 then mail to user@secure.domain may go unencrypted to mail.other.domain.
3176 tls_rcpt can be used to address this problem.
3178 tls_rcpt is called before a RCPT TO: command is sent. The parameter is the
3179 current recipient. This ruleset is only defined if FEATURE(`access_db')
3180 is selected. A recipient address user@domain is looked up in the access
3181 map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
3182 and TLS_Rcpt:; the first match is taken.
3184 The result of the lookups is then used to call the ruleset TLS_connection,
3185 which checks the requirement specified by the RHS in the access map against
3186 the actual parameters of the current TLS connection, esp. ${verify} and
3187 ${cipher_bits}. Legal RHSs in the access map are:
3189 VERIFY verification must have succeeded
3190 VERIFY:bits verification must have succeeded and ${cipher_bits} must
3191 be greater than or equal bits.
3192 ENCR:bits ${cipher_bits} must be greater than or equal bits.
3194 The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
3195 or permanent error. The default is a temporary error code unless
3196 the macro TLS_PERM_ERR is set during generation of the .cf file.
3198 If a certain level of encryption is required, then it might also be
3199 possible that this level is provided by the security layer from a SASL
3200 algorithm, e.g., DIGEST-MD5.
3202 Furthermore, there can be a list of extensions added. Such a list
3203 starts with '+' and the items are separated by '++'. Allowed
3206 CN:name name must match ${cn_subject}
3207 CN ${client_name}/${server_name} must match ${cn_subject}
3208 CS:name name must match ${cert_subject}
3209 CI:name name must match ${cert_issuer}
3210 CITag:MYTag look up MYTag:${cert_issuer} in access map; the check
3211 only succeeds if it is found with a RHS of OK.
3213 Example: e-mail sent to secure.example.com should only use an encrypted
3214 connection. E-mail received from hosts within the laptop.example.com domain
3215 should only be accepted if they have been authenticated. The host which
3216 receives e-mail for darth@endmail.org must present a cert that uses the
3217 CN smtp.endmail.org. E-mail sent to safe.example.com must be verified,
3218 have a matching CN, and must present a cert signed by a CA with one of
3221 TLS_Srv:secure.example.com ENCR:112
3222 TLS_Clt:laptop.example.com PERM+VERIFY:112
3223 TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
3224 TLS_Srv:safe.example.net VERIFY+CN++CITag:MyCA
3225 MyCA:/C=US/ST=CA/O=safe/CN=example.net/ OK
3226 MyCA:/C=US/ST=CA/O=secure/CN=example.net/ OK
3229 TLS Options per Session
3230 -----------------------
3232 By default STARTTLS is used whenever possible. However, there are
3233 MTAs with STARTTLS interoperability issues. To be able to send to
3234 (or receive from) those MTAs several features are available:
3236 1) Various TLS options be be set per IP/domain.
3237 2) STARTTLS can be turned off for specific IP addresses/domains.
3239 About 1): the rulesets tls_srv_features and tls_clt_features can
3240 be used to return a (semicolon separated) list of TLS related
3243 - Options: compare {Server,Client}SSLOptions.
3244 - CipherList: same as the global option.
3245 - CertFile, KeyFile: {Server,Client}{Cert,Key}File
3246 - Flags: see doc/op/op.me for details.
3248 If FEATURE(`tls_session_features') and FEATURE(`access_db') are
3249 used, then default rulesets are activated which look up entries in
3250 the access map with the tags TLS_Srv_features and TLS_Clt_features,
3251 respectively. For example, these entries:
3253 TLS_Srv_features:10.0.2.4 CipherList=MEDIUM+aRSA;
3254 TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT
3256 specify a cipherlist with MEDIUM strength ciphers that use RSA
3257 certificates only for the client with the IP address 10.0.2.4,
3258 and turn off TLSv1.2 when connecting to the server with the IP
3259 address 10.1.0.1 as well as setting a specific cipherlist.
3260 If FEATURE(`tls_session_features') is not used the user can provide
3261 their own rulesets which must return the appropriate data.
3262 If the rulesets are not defined or do not return a value, the
3263 default TLS options are not modified.
3265 About 2): the rulesets try_tls, srv_features, and clt_features can
3266 be used together with the access map. Entries for the access map
3267 must be tagged with Try_TLS, Srv_Features, Clt_Features and refer
3268 to the hostname or IP address of the connecting system (the latter
3269 is not available for clt_features). A default case can be specified
3270 by using just the tag. For example, the following entries in the
3273 Try_TLS:broken.server NO
3274 Srv_Features:my.domain v
3276 Clt_Features:broken.sts M
3278 will turn off STARTTLS when sending to broken.server (or any host
3279 in that domain), request a client certificate during the TLS handshake
3280 only for hosts in my.domain, and disable MTA-STS for broken.sts.
3281 The valid entries on the RHS for Srv_Features and Clt_Features are
3282 listed in the Sendmail Installation and Operations Guide.
3288 The Received: header reveals whether STARTTLS has been used. It contains an
3291 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
3294 +---------------------+
3295 | SMTP AUTHENTICATION |
3296 +---------------------+
3298 The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
3299 used in anti-relay rulesets to allow relaying for those users that
3300 authenticated themselves. A very simple example is:
3303 R$* $: $&{auth_type}
3306 which checks whether a user has successfully authenticated using
3307 any available mechanism. Depending on the setup of the Cyrus SASL
3308 library, more sophisticated rulesets might be required, e.g.,
3311 R$* $: $&{auth_type} $| $&{auth_authen}
3312 RDIGEST-MD5 $| $+@$=w $# OK
3314 to allow relaying for users that authenticated using DIGEST-MD5
3315 and have an identity in the local domains.
3317 The ruleset trust_auth is used to determine whether a given AUTH=
3318 parameter (that is passed to this ruleset) should be trusted. This
3319 ruleset may make use of the other ${auth_*} macros. Only if the
3320 ruleset resolves to the error mailer, the AUTH= parameter is not
3321 trusted. A user supplied ruleset Local_trust_auth can be written
3322 to modify the default behavior, which only trust the AUTH=
3323 parameter if it is identical to the authenticated user.
3325 Per default, relaying is allowed for any user who authenticated
3326 via a "trusted" mechanism, i.e., one that is defined via
3327 TRUST_AUTH_MECH(`list of mechanisms')
3329 TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
3331 If the selected mechanism provides a security layer the number of
3332 bits used for the key of the symmetric cipher is stored in the
3335 Providing SMTP AUTH Data when sendmail acts as Client
3336 -----------------------------------------------------
3338 If sendmail acts as client, it needs some information how to
3339 authenticate against another MTA. This information can be provided
3340 by the ruleset authinfo or by the option DefaultAuthInfo. The
3341 authinfo ruleset looks up {server_name} using the tag AuthInfo: in
3342 the access map. If no entry is found, {server_addr} is looked up
3343 in the same way and finally just the tag AuthInfo: to provide
3344 default values. Note: searches for domain parts or IP nets are
3345 only performed if the access map is used; if the authinfo feature
3346 is used then only up to three lookups are performed (two exact
3347 matches, one default).
3349 Note: If your daemon does client authentication when sending, and
3350 if it uses either PLAIN or LOGIN authentication, then you *must*
3351 prevent ordinary users from seeing verbose output. Do NOT install
3352 sendmail set-user-ID. Use PrivacyOptions to turn off verbose output
3353 ("goaway" works for this).
3355 Notice: the default configuration file causes the option DefaultAuthInfo
3356 to fail since the ruleset authinfo is in the .cf file. If you really
3357 want to use DefaultAuthInfo (it is deprecated) then you have to
3360 The RHS for an AuthInfo: entry in the access map should consists of a
3361 list of tokens, each of which has the form: "TDstring" (including
3362 the quotes). T is a tag which describes the item, D is a delimiter,
3363 either ':' for simple text or '=' for a base64 encoded string.
3364 Valid values for the tag are:
3366 U user (authorization) id
3370 M list of mechanisms delimited by spaces
3372 Example entries are:
3374 AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
3375 AuthInfo:host.more.dom "U:user" "P=c2VjcmV0"
3377 User id or authentication id must exist as well as the password. All
3378 other entries have default values. If one of user or authentication
3379 id is missing, the existing value is used for the missing item.
3380 If "R:" is not specified, realm defaults to $j. The list of mechanisms
3381 defaults to those specified by AuthMechanisms.
3383 Since this map contains sensitive information, either the access
3384 map must be unreadable by everyone but root (or the trusted user)
3385 or FEATURE(`authinfo') must be used which provides a separate map.
3386 Notice: It is not checked whether the map is actually
3387 group/world-unreadable, this is left to the user.
3390 +--------------------------------+
3391 | ADDING NEW MAILERS OR RULESETS |
3392 +--------------------------------+
3394 Sometimes you may need to add entirely new mailers or rulesets. They
3395 should be introduced with the constructs MAILER_DEFINITIONS and
3396 LOCAL_RULESETS respectively. For example:
3406 Local additions for the rulesets srv_features, clt_features, try_tls,
3407 tls_rcpt, tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
3408 LOCAL_CLT_FEATURES, LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT,
3409 and LOCAL_TLS_SERVER, respectively. For example, to add a local
3410 ruleset that decides whether to try STARTTLS in a sendmail client, use:
3415 Note: you don't need to add a name for the ruleset, it is implicitly
3416 defined by using the appropriate macro.
3419 +-------------------------+
3420 | ADDING NEW MAIL FILTERS |
3421 +-------------------------+
3423 Sendmail supports mail filters to filter incoming SMTP messages according
3424 to the "Sendmail Mail Filter API" documentation. These filters can be
3425 configured in your mc file using the two commands:
3427 MAIL_FILTER(`name', `equates')
3428 INPUT_MAIL_FILTER(`name', `equates')
3430 The first command, MAIL_FILTER(), simply defines a filter with the given
3431 name and equates. For example:
3433 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3435 This creates the equivalent sendmail.cf entry:
3437 Xarchive, S=local:/var/run/archivesock, F=R
3439 The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
3440 but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
3441 of the filter such that the filter will actually be called by sendmail.
3443 For example, the two commands:
3445 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3446 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3448 are equivalent to the three commands:
3450 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3451 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3452 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
3454 In general, INPUT_MAIL_FILTER() should be used unless you need to define
3455 more filters than you want to use for `confINPUT_MAIL_FILTERS'.
3457 Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
3458 commands will clear the list created by the prior INPUT_MAIL_FILTER()
3462 +-------------------------+
3463 | QUEUE GROUP DEFINITIONS |
3464 +-------------------------+
3466 In addition to the queue directory (which is the default queue group
3467 called "mqueue"), sendmail can deal with multiple queue groups, which
3468 are collections of queue directories with the same behaviour. Queue
3469 groups can be defined using the command:
3471 QUEUE_GROUP(`name', `equates')
3473 For details about queue groups, please see doc/op/op.{me,ps,txt}.
3476 +-------------------------------+
3477 | NON-SMTP BASED CONFIGURATIONS |
3478 +-------------------------------+
3480 These configuration files are designed primarily for use by
3481 SMTP-based sites. They may not be well tuned for UUCP-only or
3482 UUCP-primarily nodes (the latter is defined as a small local net
3483 connected to the rest of the world via UUCP). However, there is
3484 one hook to handle some special cases.
3486 You can define a ``smart host'' that understands a richer address syntax
3489 define(`SMART_HOST', `mailer:hostname')
3491 In this case, the ``mailer:'' defaults to "relay". Any messages that
3492 can't be handled using the usual UUCP rules are passed to this host.
3494 If you are on a local SMTP-based net that connects to the outside
3495 world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
3498 define(`SMART_HOST', `uucp-new:uunet')
3500 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
3502 This will cause all names that end in your domain name ($m) to be sent
3503 via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3504 If you have FEATURE(`nocanonify'), you may need to omit the dots after
3505 the $m. If you are running a local DNS inside your domain which is
3506 not otherwise connected to the outside world, you probably want to
3509 define(`SMART_HOST', `smtp:fire.wall.com')
3511 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3
3513 That is, send directly only to things you found in your DNS lookup;
3514 anything else goes through SMART_HOST.
3516 You may need to turn off the anti-spam rules in order to accept
3517 UUCP mail with FEATURE(`promiscuous_relay') and
3518 FEATURE(`accept_unresolvable_domains').
3525 Normally, the $j macro is automatically defined to be your fully
3526 qualified domain name (FQDN). Sendmail does this by getting your
3527 host name using gethostname and then calling gethostbyname on the
3528 result. For example, in some environments gethostname returns
3529 only the root of the host name (such as "foo"); gethostbyname is
3530 supposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
3531 cases, gethostbyname may fail to return the FQDN. In this case
3532 you MUST define confDOMAIN_NAME to be your fully qualified domain
3533 name. This is usually done using:
3536 define(`confDOMAIN_NAME', `$w.$m')dnl
3539 +-----------------------------------+
3540 | ACCEPTING MAIL FOR MULTIPLE NAMES |
3541 +-----------------------------------+
3543 If your host is known by several different names, you need to augment
3544 class {w}. This is a list of names by which your host is known, and
3545 anything sent to an address using a host name in this list will be
3546 treated as local mail. You can do this in two ways: either create the
3547 file /etc/mail/local-host-names containing a list of your aliases (one per
3548 line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3549 ``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
3550 name of the host, rather than a short name.
3552 If you want to have different address in different domains, take
3553 a look at the virtusertable feature, which is also explained at
3554 http://www.sendmail.org/virtual-hosting.html
3557 +--------------------+
3558 | USING MAILERTABLES |
3559 +--------------------+
3561 To use FEATURE(`mailertable'), you will have to create an external
3562 database containing the routing information for various domains.
3563 For example, a mailertable file in text format might be:
3565 .my.domain xnet:%1.my.domain
3566 uuhost1.my.domain uucp-new:uuhost1
3567 .bitnet smtp:relay.bit.net
3569 This should normally be stored in /etc/mail/mailertable. The actual
3570 database version of the mailertable is built using:
3572 makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3574 The semantics are simple. Any LHS entry that does not begin with
3575 a dot matches the full host name indicated. LHS entries beginning
3576 with a dot match anything ending with that domain name (including
3577 the leading dot) -- that is, they can be thought of as having a
3578 leading ".+" regular expression pattern for a non-empty sequence of
3579 characters. Matching is done in order of most-to-least qualified
3580 -- for example, even though ".my.domain" is listed first in the
3581 above example, an entry of "uuhost1.my.domain" will match the second
3582 entry since it is more explicit. Note: e-mail to "user@my.domain"
3583 does not match any entry in the above table. You need to have
3586 my.domain esmtp:host.my.domain
3588 The RHS should always be a "mailer:host" pair. The mailer is the
3589 configuration name of a mailer (that is, an M line in the
3590 sendmail.cf file). The "host" will be the hostname passed to
3591 that mailer. In domain-based matches (that is, those with leading
3592 dots) the "%1" may be used to interpolate the wildcarded part of
3593 the host name. For example, the first line above sends everything
3594 addressed to "anything.my.domain" to that same host name, but using
3595 the (presumably experimental) xnet mailer.
3597 In some cases you may want to temporarily turn off MX records,
3598 particularly on gateways. For example, you may want to MX
3599 everything in a domain to one machine that then forwards it
3600 directly. To do this, you might use the DNS configuration:
3602 *.domain. IN MX 0 relay.machine
3604 and on relay.machine use the mailertable:
3606 .domain smtp:[gateway.domain]
3608 The [square brackets] turn off MX records for this host only.
3609 If you didn't do this, the mailertable would use the MX record
3610 again, which would give you an MX loop. Note that the use of
3611 wildcard MX records is almost always a bad idea. Please avoid
3612 using them if possible.
3615 +--------------------------------+
3616 | USING USERDB TO MAP FULL NAMES |
3617 +--------------------------------+
3619 The user database was not originally intended for mapping full names
3620 to login names (e.g., Eric.Allman => eric), but some people are using
3621 it that way. (it is recommended that you set up aliases for this
3622 purpose instead -- since you can specify multiple alias files, this
3623 is fairly easy.) The intent was to locate the default maildrop at
3624 a site, but allow you to override this by sending to a specific host.
3626 If you decide to set up the user database in this fashion, it is
3627 imperative that you not use FEATURE(`stickyhost') -- otherwise,
3628 e-mail sent to Full.Name@local.host.name will be rejected.
3630 To build the internal form of the user database, use:
3632 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3634 As a general rule, it is an extremely bad idea to using full names
3635 as e-mail addresses, since they are not in any sense unique. For
3636 example, the UNIX software-development community has at least two
3637 well-known Peter Deutsches, and at one time Bell Labs had two
3638 Stephen R. Bournes with offices along the same hallway. Which one
3639 will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3640 The less famous of the two, or the one that was hired later?
3642 Finger should handle full names (and be fuzzy). Mail should use
3643 handles, and not be fuzzy.
3646 +--------------------------------+
3647 | MISCELLANEOUS SPECIAL FEATURES |
3648 +--------------------------------+
3651 Sometimes it is convenient to merge configuration on a
3652 centralized mail machine, for example, to forward all
3653 root mail to a mail server. In this case it might be
3654 useful to be able to treat the root addresses as a class
3655 of addresses with subtle differences. You can do this
3656 using plussed users. For example, a client might include
3659 root: root+client1@server
3661 On the server, this will match an alias for "root+client1".
3662 If that is not found, the alias "root+*" will be tried,
3670 A lot of sendmail security comes down to you. Sendmail 8 is much
3671 more careful about checking for security problems than previous
3672 versions, but there are some things that you still need to watch
3675 * Make sure the aliases file is not writable except by trusted
3676 system personnel. This includes both the text and database
3679 * Make sure that other files that sendmail reads, such as the
3680 mailertable, are only writable by trusted system personnel.
3682 * The queue directory should not be world writable PARTICULARLY
3683 if your system allows "file giveaways" (that is, if a non-root
3684 user can chown any file they own to any other user).
3686 * If your system allows file giveaways, DO NOT create a publicly
3687 writable directory for forward files. This will allow anyone
3688 to steal anyone else's e-mail. Instead, create a script that
3689 copies the .forward file from users' home directories once a
3690 night (if you want the non-NFS-mounted forward directory).
3692 * If your system allows file giveaways, you'll find that
3693 sendmail is much less trusting of :include: files -- in
3694 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3695 /etc/shells before they will be trusted (that is, before
3696 files and programs listed in them will be honored).
3698 In general, file giveaways are a mistake -- if you can turn them
3702 +--------------------------------+
3703 | TWEAKING CONFIGURATION OPTIONS |
3704 +--------------------------------+
3706 There are a large number of configuration options that don't normally
3707 need to be changed. However, if you feel you need to tweak them,
3708 you can define the following M4 variables. Note that some of these
3709 variables require formats that are defined in RFC 2821 or RFC 2822.
3710 Before changing them you need to make sure you do not violate those
3711 (and other relevant) RFCs.
3713 This list is shown in four columns: the name you define, the default
3714 value for that definition, the option or macro that is affected
3715 (either Ox for an option or Dx for a macro), and a brief description.
3716 Greater detail of the semantics can be found in the Installation
3717 and Operations Guide.
3719 Some options are likely to be deprecated in future versions -- that is,
3720 the option is only included to provide back-compatibility. These are
3723 Remember that these options are M4 variables, and hence may need to
3724 be quoted. In particular, arguments with commas will usually have to
3725 be ``double quoted, like this phrase'' to avoid having the comma
3726 confuse things. This is common for alias file definitions and for
3729 M4 Variable Name Configuration [Default] & Description
3730 ================ ============= =======================
3731 confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
3732 for internally generated outgoing
3734 confDOMAIN_NAME $j macro If defined, sets $j. This should
3735 only be done if your system cannot
3736 determine your local domain name,
3737 and then it should be set to
3738 $w.Foo.COM, where Foo.COM is your
3740 confCF_VERSION $Z macro If defined, this is appended to the
3741 configuration version name.
3742 confLDAP_CLUSTER ${sendmailMTACluster} macro
3743 If defined, this is the LDAP
3744 cluster to use for LDAP searches
3745 as described above in ``USING LDAP
3746 FOR ALIASES, MAPS, AND CLASSES''.
3747 confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
3748 internally generated From: address.
3749 confRECEIVED_HEADER Received:
3750 [$?sfrom $s $.$?_($?s$|from $.$_)
3751 $.$?{auth_type}(authenticated)
3752 $.by $j ($v/$Z)$?r with $r$. id $i$?u
3755 The format of the Received: header
3756 in messages passed through this host.
3757 It is unwise to try to change this.
3758 confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an
3759 internally generated Message-Id:
3761 confCW_FILE Fw class [/etc/mail/local-host-names] Name
3762 of file used to get the local
3763 additions to class {w} (local host
3765 confCT_FILE Ft class [/etc/mail/trusted-users] Name of
3766 file used to get the local additions
3767 to class {t} (trusted users).
3768 confCR_FILE FR class [/etc/mail/relay-domains] Name of
3769 file used to get the local additions
3770 to class {R} (hosts allowed to relay).
3771 confTRUSTED_USERS Ct class [no default] Names of users to add to
3772 the list of trusted users. This list
3773 always includes root, uucp, and daemon.
3774 See also FEATURE(`use_ct_file').
3775 confTRUSTED_USER TrustedUser [no default] Trusted user for file
3776 ownership and starting the daemon.
3777 Not to be confused with
3778 confTRUSTED_USERS (see above).
3779 confSMTP_MAILER - [esmtp] The mailer name used when
3780 SMTP connectivity is required.
3781 One of "smtp", "smtp8",
3782 "esmtp", or "dsmtp".
3783 confUUCP_MAILER - [uucp-old] The mailer to be used by
3784 default for bang-format recipient
3785 addresses. See also discussion of
3786 class {U}, class {Y}, and class {Z}
3787 in the MAILER(`uucp') section.
3788 confLOCAL_MAILER - [local] The mailer name used when
3789 local connectivity is required.
3790 Almost always "local".
3791 confRELAY_MAILER - [relay] The default mailer name used
3792 for relaying any mail (e.g., to a
3793 BITNET_RELAY, a SMART_HOST, or
3794 whatever). This can reasonably be
3795 "uucp-new" if you are on a
3796 UUCP-connected site.
3797 confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits?
3798 confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
3799 confALIAS_WAIT AliasWait [10m] Time to wait for alias file
3800 rebuild until you get bored and
3801 decide that the apparently pending
3803 confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on
3804 queue filesystem to accept SMTP mail.
3805 (Prior to 8.7 this was minfree/maxsize,
3806 where minfree was the number of free
3807 blocks and maxsize was the maximum
3808 message size. Use confMAX_MESSAGE_SIZE
3809 for the second value now.)
3810 confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages
3811 that will be accepted (in bytes).
3812 confBLANK_SUB BlankSub [.] Blank (space) substitution
3814 confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately
3815 to mailers marked expensive.
3816 confCHECKPOINT_INTERVAL CheckpointInterval
3817 [10] Checkpoint queue files every N
3819 confDELIVERY_MODE DeliveryMode [background] Default delivery mode.
3820 confERROR_MODE ErrorMode [print] Error message mode.
3821 confERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
3822 confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines.
3823 confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode.
3824 confMATCH_GECOS MatchGECOS [False] Match GECOS field.
3825 confMAX_HOP MaxHopCount [25] Maximum hop count.
3826 confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
3827 mode] Ignore dot as terminator for
3829 confBIND_OPTS ResolverOptions [undefined] Default options for DNS
3831 confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
3832 encapsulated messages per RFC 1344.
3833 confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward]
3834 The colon-separated list of places to
3835 search for .forward files. N.B.: see
3836 the Security Notes section.
3837 confMCI_CACHE_SIZE ConnectionCacheSize
3838 [2] Size of open connection cache.
3839 confMCI_CACHE_TIMEOUT ConnectionCacheTimeout
3840 [5m] Open connection cache timeout.
3841 confHOST_STATUS_DIRECTORY HostStatusDirectory
3842 [undefined] If set, host status is kept
3843 on disk between sendmail runs in the
3844 named directory tree. This need not be
3845 a full pathname, in which case it is
3846 interpreted relative to the queue
3848 confSINGLE_THREAD_DELIVERY SingleThreadDelivery
3849 [False] If this option and the
3850 HostStatusDirectory option are both
3851 set, single thread deliveries to other
3852 hosts. That is, don't allow any two
3853 sendmails on this host to connect
3854 simultaneously to any other single
3855 host. This can slow down delivery in
3856 some cases, in particular since a
3857 cached but otherwise idle connection
3858 to a host will prevent other sendmails
3859 from connecting to the other host.
3860 confUSE_COMPRESSED_IPV6_ADDRESSES
3861 UseCompressedIPv6Addresses
3862 [undefined] If set, use the compressed
3863 form of IPv6 addresses, such as
3864 IPV6:::1, instead of the uncompressed
3865 form, such as IPv6:0:0:0:0:0:0:0:1.
3866 confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
3867 deliver error messages. This should
3868 not be necessary because of general
3869 acceptance of the envelope/header
3871 confLOG_LEVEL LogLevel [9] Log level.
3872 confME_TOO MeToo [True] Include sender in group
3873 expansions. This option is
3874 deprecated and will be removed from
3876 confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when
3877 running newaliases. Since this does
3878 DNS lookups on every address, it can
3879 slow down the alias rebuild process
3880 considerably on large alias files.
3881 confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without
3882 special chars are old style.
3883 confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags.
3884 confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
3885 copies of all error messages.
3886 confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
3887 confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for
3888 queue files (octal). If not set,
3889 sendmail uses 0600 unless its real
3890 and effective uid are different in
3891 which case it uses 0644.
3892 confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
3893 syntax addresses to the minimum
3895 confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk
3897 confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
3898 on the initial connect.
3899 confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial
3900 connect() to complete. This can only
3901 shorten connection timeouts; the kernel
3902 silently enforces an absolute maximum
3903 (which varies depending on the system).
3904 confTO_ICONNECT Timeout.iconnect
3905 [undefined] Like Timeout.connect, but
3906 applies only to the very first attempt
3907 to connect to a host in a message.
3908 This allows a single very fast pass
3909 followed by more careful delivery
3910 attempts in the future.
3911 confTO_ACONNECT Timeout.aconnect
3912 [0] The overall timeout waiting for
3913 all connection for a single delivery
3914 attempt to succeed. If 0, no overall
3916 confTO_HELO Timeout.helo [5m] The timeout waiting for a response
3917 to a HELO or EHLO command.
3918 confTO_MAIL Timeout.mail [10m] The timeout waiting for a
3919 response to the MAIL command.
3920 confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response
3921 to the RCPT command.
3922 confTO_DATAINIT Timeout.datainit
3923 [5m] The timeout waiting for a 354
3924 response from the DATA command.
3925 confTO_DATABLOCK Timeout.datablock
3926 [1h] The timeout waiting for a block
3928 confTO_DATAFINAL Timeout.datafinal
3929 [1h] The timeout waiting for a response
3930 to the final "." that terminates a
3932 confTO_RSET Timeout.rset [5m] The timeout waiting for a response
3933 to the RSET command.
3934 confTO_QUIT Timeout.quit [2m] The timeout waiting for a response
3935 to the QUIT command.
3936 confTO_MISC Timeout.misc [2m] The timeout waiting for a response
3937 to other SMTP commands.
3938 confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout
3939 waiting for a command to be issued.
3940 confTO_IDENT Timeout.ident [5s] The timeout waiting for a
3941 response to an IDENT query.
3942 confTO_FILEOPEN Timeout.fileopen
3943 [60s] The timeout waiting for a file
3944 (e.g., :include: file) to be opened.
3945 confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response
3946 to an LMTP LHLO command.
3947 confTO_AUTH Timeout.auth [10m] The timeout waiting for a
3948 response in an AUTH dialogue.
3949 confTO_STARTTLS Timeout.starttls
3950 [1h] The timeout waiting for a
3951 response to an SMTP STARTTLS command.
3952 confTO_CONTROL Timeout.control
3953 [2m] The timeout for a complete
3954 control socket transaction to complete.
3955 confTO_QUEUERETURN Timeout.queuereturn
3956 [5d] The timeout before a message is
3957 returned as undeliverable.
3958 confTO_QUEUERETURN_NORMAL
3959 Timeout.queuereturn.normal
3960 [undefined] As above, for normal
3962 confTO_QUEUERETURN_URGENT
3963 Timeout.queuereturn.urgent
3964 [undefined] As above, for urgent
3966 confTO_QUEUERETURN_NONURGENT
3967 Timeout.queuereturn.non-urgent
3968 [undefined] As above, for non-urgent
3969 (low) priority messages.
3970 confTO_QUEUERETURN_DSN
3971 Timeout.queuereturn.dsn
3972 [undefined] As above, for delivery
3973 status notification messages.
3974 confTO_QUEUEWARN Timeout.queuewarn
3975 [4h] The timeout before a warning
3976 message is sent to the sender telling
3977 them that the message has been
3979 confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal
3980 [undefined] As above, for normal
3982 confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent
3983 [undefined] As above, for urgent
3985 confTO_QUEUEWARN_NONURGENT
3986 Timeout.queuewarn.non-urgent
3987 [undefined] As above, for non-urgent
3988 (low) priority messages.
3989 confTO_QUEUEWARN_DSN
3990 Timeout.queuewarn.dsn
3991 [undefined] As above, for delivery
3992 status notification messages.
3993 confTO_HOSTSTATUS Timeout.hoststatus
3994 [30m] How long information about host
3995 statuses will be maintained before it
3996 is considered stale and the host should
3997 be retried. This applies both within
3998 a single queue run and to persistent
3999 information (see below).
4000 confTO_RESOLVER_RETRANS Timeout.resolver.retrans
4001 [varies] Sets the resolver's
4002 retransmission time interval (in
4004 Timeout.resolver.retrans.first and
4005 Timeout.resolver.retrans.normal.
4006 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
4007 [varies] Sets the resolver's
4008 retransmission time interval (in
4009 seconds) for the first attempt to
4011 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
4012 [varies] Sets the resolver's
4013 retransmission time interval (in
4014 seconds) for all resolver lookups
4015 except the first delivery attempt.
4016 confTO_RESOLVER_RETRY Timeout.resolver.retry
4017 [varies] Sets the number of times
4018 to retransmit a resolver query.
4020 Timeout.resolver.retry.first and
4021 Timeout.resolver.retry.normal.
4022 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
4023 [varies] Sets the number of times
4024 to retransmit a resolver query for
4025 the first attempt to deliver a
4027 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
4028 [varies] Sets the number of times
4029 to retransmit a resolver query for
4030 all resolver lookups except the
4031 first delivery attempt.
4032 confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
4033 USE_SYSTEM to use the system's idea,
4034 USE_TZ to use the user's TZ envariable,
4035 or something else to force that value.
4036 confDEF_USER_ID DefaultUser [1:1] Default user id.
4037 confUSERDB_SPEC UserDatabaseSpec
4038 [undefined] User database
4040 confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
4041 confFALLBACK_SMARTHOST FallbackSmartHost
4042 [undefined] Fallback smart host.
4043 confTLS_FALLBACK_TO_CLEAR TLSFallbacktoClear
4044 [undefined] If set, immediately try
4045 a connection again without STARTTLS
4046 after a TLS handshake failure.
4047 confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
4048 for a host and other arrangements
4049 haven't been made, try connecting
4050 to the host directly; normally this
4051 would be a config error.
4052 confQUEUE_LA QueueLA [varies] Load average at which
4053 queue-only function kicks in.
4054 Default values is (8 * numproc)
4055 where numproc is the number of
4056 processors online (if that can be
4058 confREFUSE_LA RefuseLA [varies] Load average at which
4059 incoming SMTP connections are
4060 refused. Default values is (12 *
4061 numproc) where numproc is the
4062 number of processors online (if
4063 that can be determined).
4064 confREJECT_LOG_INTERVAL RejectLogInterval [3h] Log interval when
4065 refusing connections for this long.
4066 confDELAY_LA DelayLA [0] Load average at which sendmail
4067 will sleep for one second on most
4068 SMTP commands and before accepting
4069 connections. 0 means no limit.
4070 confMAX_ALIAS_RECURSION MaxAliasRecursion
4071 [10] Maximum depth of alias recursion.
4072 confMAX_DAEMON_CHILDREN MaxDaemonChildren
4073 [undefined] The maximum number of
4074 children the daemon will permit. After
4075 this number, connections will be
4076 rejected. If not set or <= 0, there is
4078 confMAX_HEADERS_LENGTH MaxHeadersLength
4079 [32768] Maximum length of the sum
4081 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
4082 [undefined] Maximum length of
4083 certain MIME header field values.
4084 confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
4085 [undefined] The maximum number of
4086 connections permitted per second per
4087 daemon. After this many connections
4088 are accepted, further connections
4089 will be delayed. If not set or <= 0,
4091 confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
4092 [60s] Define the length of the
4093 interval for which the number of
4094 incoming connections is maintained.
4095 confWORK_RECIPIENT_FACTOR
4096 RecipientFactor [30000] Cost of each recipient.
4097 confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a
4099 confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class.
4100 confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
4101 confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
4102 Priority, Host, Filename, Random,
4103 Modification, or Time.
4104 confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater
4105 than zero, entries in the queue
4106 will be retried during a queue run
4107 only if the individual retry time
4108 has been reached which is doubled
4109 for each attempt. The maximum retry
4110 time is limited by the specified value.
4111 confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
4112 must sit in the queue between queue
4113 runs. This allows you to set the
4114 queue run interval low for better
4115 responsiveness without trying all
4117 confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
4118 unlabeled 8 bit input to MIME, the
4119 character set to use by default.
4120 confSERVICE_SWITCH_FILE ServiceSwitchFile
4121 [/etc/mail/service.switch] The file
4122 to use for the service switch on
4123 systems that do not have a
4124 system-defined switch.
4125 confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing
4126 "file" type access of hosts names.
4127 confDIAL_DELAY DialDelay [0s] If a connection fails, wait this
4128 long and try again. Zero means "don't
4129 retry". This is to allow "dial on
4130 demand" connections to have enough time
4131 to complete a connection.
4132 confNO_RCPT_ACTION NoRecipientAction
4133 [none] What to do if there are no legal
4134 recipient fields (To:, Cc: or Bcc:)
4135 in the message. Legal values can
4136 be "none" to just leave the
4137 nonconforming message as is, "add-to"
4138 to add a To: header with all the
4139 known recipients (which may expose
4140 blind recipients), "add-apparently-to"
4141 to do the same but use Apparently-To:
4142 instead of To: (strongly discouraged
4143 in accordance with IETF standards),
4144 "add-bcc" to add an empty Bcc:
4145 header, or "add-to-undisclosed" to
4147 ``To: undisclosed-recipients:;''.
4148 confSAFE_FILE_ENV SafeFileEnvironment
4149 [undefined] If set, sendmail will do a
4150 chroot() into this directory before
4152 confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6]
4153 If set, colons are treated as a regular
4154 character in addresses. If not set,
4155 they are treated as the introducer to
4156 the RFC 822 "group" syntax. Colons are
4157 handled properly in route-addrs. This
4158 option defaults on for V5 and lower
4159 configuration files.
4160 confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
4161 any given queue run to this number of
4162 entries. Essentially, this will stop
4163 reading each queue directory after this
4164 number of entries are reached; it does
4165 _not_ pick the highest priority jobs,
4166 so this should be as large as your
4167 system can tolerate. If not set, there
4169 confMAX_QUEUE_CHILDREN MaxQueueChildren
4170 [undefined] Limits the maximum number
4171 of concurrent queue runners active.
4172 This is to keep system resources used
4173 within a reasonable limit. Relates to
4174 Queue Groups and ForkEachJob.
4175 confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
4176 [1] Only active when MaxQueueChildren
4177 defined. Controls the maximum number
4178 of queue runners (aka queue children)
4179 active at the same time in a work
4180 group. See also MaxQueueChildren.
4181 confDONT_EXPAND_CNAMES DontExpandCnames
4182 [False] If set, $[ ... $] lookups that
4183 do DNS based lookups do not expand
4184 CNAME records. This currently violates
4185 the published standards, but the IETF
4186 seems to be moving toward legalizing
4187 this. For example, if "FTP.Foo.ORG"
4188 is a CNAME for "Cruft.Foo.ORG", then
4189 with this option set a lookup of
4190 "FTP" will return "FTP.Foo.ORG"; if
4191 clear it returns "Cruft.FOO.ORG". N.B.
4192 you may not see any effect until your
4193 downstream neighbors stop doing CNAME
4195 confFROM_LINE UnixFromLine [From $g $d] The From_ line used
4196 when sending to files or programs.
4197 confSINGLE_LINE_FROM_HEADER SingleLineFromHeader
4198 [False] From: lines that have
4199 embedded newlines are unwrapped
4201 confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that
4202 does not include a host name.
4203 confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full
4204 name phrase (@,;:\()[] are automatic).
4205 confOPERATORS OperatorChars [.:%@!^/[]+] Address operator
4207 confSMTP_LOGIN_MSG SmtpGreetingMessage
4208 [$j Sendmail $v/$Z; $b]
4209 The initial (spontaneous) SMTP
4210 greeting message. The word "ESMTP"
4211 will be inserted between the first and
4212 second words to convince other
4213 sendmails to try to speak ESMTP.
4214 confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3)
4215 routine will never be invoked. You
4216 might want to do this if you are
4217 running NIS and you have a large group
4218 map, since this call does a sequential
4219 scan of the map; in a large site this
4220 can cause your ypserv to run
4221 essentially full time. If you set
4222 this, agents run on behalf of users
4223 will only have their primary
4224 (/etc/passwd) group permissions.
4225 confUNSAFE_GROUP_WRITES UnsafeGroupWrites
4226 [True] If set, group-writable
4227 :include: and .forward files are
4228 considered "unsafe", that is, programs
4229 and files cannot be directly referenced
4230 from such files. World-writable files
4231 are always considered unsafe.
4232 Notice: this option is deprecated and
4233 will be removed in future versions;
4234 Set GroupWritableForwardFileSafe
4235 and GroupWritableIncludeFileSafe in
4236 DontBlameSendmail if required.
4237 confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection
4238 address (for testing).
4239 confCONTROL_SOCKET_NAME ControlSocketName
4240 [undefined] Control socket for daemon
4242 confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress
4243 [postmaster] If an error occurs when
4244 sending an error message, send that
4245 "double bounce" error message to this
4246 address. If it expands to an empty
4247 string, double bounces are dropped.
4248 confSOFT_BOUNCE SoftBounce [False] If set, issue temporary errors
4249 (4xy) instead of permanent errors
4250 (5xy). This can be useful during
4251 testing of a new configuration to
4252 avoid erroneous bouncing of mails.
4253 confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce
4254 messages which could not be returned
4255 to the user or sent to postmaster.
4256 If not set, the queue file will
4258 confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header
4259 implies DSN request.
4260 confRUN_AS_USER RunAsUser [undefined] If set, become this user
4261 when reading and delivering mail.
4262 Causes all file reads (e.g., .forward
4263 and :include: files) to be done as
4264 this user. Also, all programs will
4265 be run as this user, and all output
4266 files will be written as this user.
4267 confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
4268 [infinite] If set, allow no more than
4269 the specified number of recipients in
4270 an SMTP envelope. Further recipients
4271 receive a 452 error code (i.e., they
4272 are deferred for the next delivery
4274 confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified
4275 number of recipients in a single SMTP
4276 transaction have been rejected, sleep
4277 for one second after each subsequent
4278 RCPT command in that transaction.
4279 confDONT_PROBE_INTERFACES DontProbeInterfaces
4280 [False] If set, sendmail will _not_
4281 insert the names and addresses of any
4282 local interfaces into class {w}
4283 (list of known "equivalent" addresses).
4284 If you set this, you must also include
4285 some support for these addresses (e.g.,
4286 in a mailertable entry) -- otherwise,
4287 mail to addresses in this list will
4288 bounce with a configuration error.
4289 If set to "loopback" (without
4290 quotes), sendmail will skip
4291 loopback interfaces (e.g., "lo0").
4292 confPID_FILE PidFile [system dependent] Location of pid
4294 confPROCESS_TITLE_PREFIX ProcessTitlePrefix
4295 [undefined] Prefix string for the
4296 process title shown on 'ps' listings.
4297 confDONT_BLAME_SENDMAIL DontBlameSendmail
4298 [safe] Override sendmail's file
4299 safety checks. This will definitely
4300 compromise system security and should
4301 not be used unless absolutely
4303 confREJECT_MSG - [550 Access denied] The message
4304 given if the access database contains
4305 REJECT in the value portion.
4306 confRELAY_MSG - [550 Relaying denied] The message
4307 given if an unauthorized relaying
4308 attempt is rejected.
4309 confDF_BUFFER_SIZE DataFileBufferSize
4310 [4096] The maximum size of a
4311 memory-buffered data (df) file
4312 before a disk-based file is used.
4313 confXF_BUFFER_SIZE XScriptFileBufferSize
4314 [4096] The maximum size of a
4315 memory-buffered transcript (xf)
4316 file before a disk-based file is
4318 confAUTH_MECHANISMS AuthMechanisms [EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5
4319 CRAM-MD5] List of authentication
4320 mechanisms for AUTH (separated by
4321 spaces). The advertised list of
4322 authentication mechanisms will be the
4323 intersection of this list and the list
4324 of available mechanisms as determined
4325 by the Cyrus SASL library.
4326 confAUTH_REALM AuthRealm [undefined] The authentication realm
4327 that is passed to the Cyrus SASL
4328 library. If no realm is specified,
4329 $j is used. See KNOWNBUGS.
4330 confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
4331 authentication information for
4332 outgoing connections. This file must
4333 contain the user id, the authorization
4334 id, the password (plain text), the
4335 realm to use, and the list of
4336 mechanisms to try, each on a separate
4337 line and must be readable by root (or
4338 the trusted user) only. If no realm
4339 is specified, $j is used. If no
4340 mechanisms are given in the file,
4341 AuthMechanisms is used. Notice: this
4342 option is deprecated and will be
4343 removed in future versions; it doesn't
4344 work for the MSP since it can't read
4345 the file. Use the authinfo ruleset
4346 instead. See also the section SMTP
4348 confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A'
4349 then the AUTH= parameter for the
4350 MAIL FROM command is only issued
4351 when authentication succeeded.
4352 See doc/op/op.me for more options
4354 confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption
4355 strength for the security layer in
4356 SMTP AUTH (SASL). Default is
4357 essentially unlimited.
4358 confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client
4359 verification is performed, i.e.,
4360 the server doesn't ask for a
4362 confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related
4363 options for server side. See
4364 SSL_CTX_set_options(3) for a list.
4365 confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related
4366 options for client side. See
4367 SSL_CTX_set_options(3) for a list.
4368 confCIPHER_LIST CipherList [undefined] Cipher list for TLS.
4369 See ciphers(1) for possible values.
4370 confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
4371 specification for LDAP maps. The
4372 value should only contain LDAP
4373 specific settings such as "-h host
4374 -p port -d bindDN", etc. The
4375 settings will be used for all LDAP
4376 maps unless they are specified in
4377 the individual map specification
4379 confCACERT_PATH CACertPath [undefined] Path to directory with
4380 certificates of CAs which must contain
4381 their hashes as filenames or links.
4382 confCACERT CACertFile [undefined] File containing at least
4384 confSERVER_CERT ServerCertFile [undefined] File containing the
4385 cert of the server, i.e., this cert
4386 is used when sendmail acts as
4388 confSERVER_KEY ServerKeyFile [undefined] File containing the
4389 private key belonging to the server
4391 confCLIENT_CERT ClientCertFile [undefined] File containing the
4392 cert of the client, i.e., this cert
4393 is used when sendmail acts as
4395 confCLIENT_KEY ClientKeyFile [undefined] File containing the
4396 private key belonging to the client
4398 confCRL CRLFile [undefined] File containing certificate
4399 revocation status, useful for X.509v3
4401 confCRL_PATH CRLPath [undefined] Directory containing
4402 hashes pointing to certificate
4403 revocation status files.
4404 confDH_PARAMETERS DHParameters [undefined] File containing the
4406 confDANE DANE [false] Enable DANE support.
4407 confRAND_FILE RandFile [undefined] File containing random
4408 data (use prefix file:) or the
4409 name of the UNIX socket if EGD is
4410 used (use prefix egd:). STARTTLS
4411 requires this option if the compile
4412 flag HASURANDOM is not set (see
4414 confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm
4415 [undefined] The fingerprint algorithm
4416 (digest) to use for the presented
4418 confSSL_ENGINE SSLEngine [undefined] Name of SSLEngine.
4419 confSSL_ENGINE_PATH SSLEnginePath [undefined] Path to dynamic library
4421 confOPENSSL_CNF [/etc/mail/sendmail.ossl] Set the
4422 environment variable OPENSSL_CONF.
4423 An empty value disables setting it.
4424 confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
4425 queue runners is set the given value
4427 confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
4428 [undefined] Defines {daemon_flags}
4429 for direct submissions.
4430 confUSE_MSP UseMSP [undefined] Use as mail submission
4431 program, see sendmail/SECURITY.
4432 confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By
4433 SMTP Service Extension (RFC 2852).
4434 confREQUIRES_DIR_FSYNC RequiresDirfsync [true] RequiresDirfsync can
4435 be used to turn off the compile time
4436 flag REQUIRES_DIR_FSYNC at runtime.
4437 See sendmail/README for details.
4438 confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory.
4439 confSHARED_MEMORY_KEY_FILE
4441 [undefined] File where the
4442 automatically selected key for
4443 shared memory is stored.
4444 confFAST_SPLIT FastSplit [1] If set to a value greater than
4445 zero, the initial MX lookups on
4446 addresses is suppressed when they
4447 are sorted which may result in
4448 faster envelope splitting. If the
4449 mail is submitted directly from the
4450 command line, then the value also
4451 limits the number of processes to
4452 deliver the envelopes.
4453 confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find
4454 information about local mailboxes.
4455 confDEQUOTE_OPTS - [empty] Additional options for the
4457 confMAX_NOOP_COMMANDS MaxNOOPCommands [20] Maximum number of "useless"
4458 commands before the SMTP server
4459 will slow down responding.
4460 confHELO_NAME HeloName If defined, use as name for EHLO/HELO
4461 command (instead of $j).
4462 confINPUT_MAIL_FILTERS InputMailFilters
4463 A comma separated list of filters
4464 which determines which filters and
4465 the invocation sequence are
4466 contacted for incoming SMTP
4467 messages. If none are set, no
4468 filters will be contacted.
4469 confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter
4470 actions, defaults to LogLevel.
4471 confMILTER_MACROS_CONNECT Milter.macros.connect
4472 [j, _, {daemon_name}, {if_name},
4473 {if_addr}] Macros to transmit to
4474 milters when a session connection
4476 confMILTER_MACROS_HELO Milter.macros.helo
4477 [{tls_version}, {cipher},
4478 {cipher_bits}, {cert_subject},
4479 {cert_issuer}] Macros to transmit to
4480 milters after HELO/EHLO command.
4481 confMILTER_MACROS_ENVFROM Milter.macros.envfrom
4482 [i, {auth_type}, {auth_authen},
4483 {auth_ssf}, {auth_author},
4484 {mail_mailer}, {mail_host},
4485 {mail_addr}] Macros to transmit to
4486 milters after MAIL FROM command.
4487 confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
4488 [{rcpt_mailer}, {rcpt_host},
4489 {rcpt_addr}] Macros to transmit to
4490 milters after RCPT TO command.
4491 confMILTER_MACROS_EOM Milter.macros.eom
4492 [{msg_id}] Macros to transmit to
4493 milters after the terminating
4494 DATA '.' is received.
4495 confMILTER_MACROS_EOH Milter.macros.eoh
4496 Macros to transmit to milters
4497 after the end of headers.
4498 confMILTER_MACROS_DATA Milter.macros.data
4499 Macros to transmit to milters
4500 after DATA command is received.
4503 See also the description of OSTYPE for some parameters that can be
4504 tweaked (generally pathnames to mailers).
4506 ClientPortOptions and DaemonPortOptions are special cases since multiple
4507 clients/daemons can be defined. This can be done via
4509 CLIENT_OPTIONS(`field1=value1,field2=value2,...')
4510 DAEMON_OPTIONS(`field1=value1,field2=value2,...')
4512 Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
4513 ClientPortOptions settings) are allowed in order to give settings for each
4514 protocol family (e.g., one for Family=inet and one for Family=inet6). A
4515 restriction placed on one family only affects outgoing connections on that
4518 If DAEMON_OPTIONS is not used, then the default is
4520 DAEMON_OPTIONS(`Port=smtp, Name=MTA')
4521 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
4523 If you use one DAEMON_OPTIONS macro, it will alter the parameters
4524 of the first of these. The second will still be defaulted; it
4525 represents a "Message Submission Agent" (MSA) as defined by RFC
4526 2476 (see below). To turn off the default definition for the MSA,
4527 use FEATURE(`no_default_msa') (see also FEATURES). If you use
4528 additional DAEMON_OPTIONS macros, they will add additional daemons.
4530 Example 1: To change the port for the SMTP listener, while
4531 still using the MSA default, use
4532 DAEMON_OPTIONS(`Port=925, Name=MTA')
4534 Example 2: To change the port for the MSA daemon, while still
4535 using the default SMTP port, use
4536 FEATURE(`no_default_msa')
4537 DAEMON_OPTIONS(`Name=MTA')
4538 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
4540 Note that if the first of those DAEMON_OPTIONS lines were omitted, then
4541 there would be no listener on the standard SMTP port.
4543 Example 3: To listen on both IPv4 and IPv6 interfaces, use
4545 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4546 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4548 A "Message Submission Agent" still uses all of the same rulesets for
4549 processing the message (and therefore still allows message rejection via
4550 the check_* rulesets). In accordance with the RFC, the MSA will ensure
4551 that all domains in envelope addresses are fully qualified if the message
4552 is relayed to another MTA. It will also enforce the normal address syntax
4553 rules and log error messages. Additionally, by using the M=a modifier you
4554 can require authentication before messages are accepted by the MSA.
4555 Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally,
4556 the M=E modifier shown above disables ETRN as required by RFC 2476.
4558 Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
4561 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
4562 MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
4564 The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
4565 same order they were specified by also setting confINPUT_MAIL_FILTERS. A
4566 filter can be defined without adding it to the input filter list by using
4567 MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
4568 Alternatively, you can reset the list of filters and their order by setting
4569 confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
4573 +----------------------------+
4574 | MESSAGE SUBMISSION PROGRAM |
4575 +----------------------------+
4577 The purpose of the message submission program (MSP) is explained
4578 in sendmail/SECURITY. This section contains a list of caveats and
4579 a few hints how for those who want to tweak the default configuration
4580 for it (which is installed as submit.cf).
4582 Notice: do not add options/features to submit.mc unless you are
4583 absolutely sure you need them. Options you may want to change
4586 - confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4587 avoiding X-Authentication warnings.
4588 - confTIME_ZONE to change it from the default `USE_TZ'.
4589 - confDELIVERY_MODE is set to interactive in msp.m4 instead
4590 of the default background mode.
4591 - FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4592 to the LOCAL_RELAY instead of the default relay.
4593 - confRAND_FILE if you use STARTTLS and sendmail is not compiled with
4594 the flag HASURANDOM.
4596 The MSP performs hostname canonicalization by default. As also
4597 explained in sendmail/SECURITY, mail may end up for various DNS
4598 related reasons in the MSP queue. This problem can be minimized by
4601 FEATURE(`nocanonify', `canonify_hosts')
4602 define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
4604 See the discussion about nocanonify for possible side effects.
4606 Some things are not intended to work with the MSP. These include
4607 features that influence the delivery process (e.g., mailertable,
4608 aliases), or those that are only important for a SMTP server (e.g.,
4609 virtusertable, DaemonPortOptions, multiple queues). Moreover,
4610 relaxing certain restrictions (RestrictQueueRun, permissions on
4611 queue directory) or adding features (e.g., enabling prog/file mailer)
4612 can cause security problems.
4614 Other things don't work well with the MSP and require tweaking or
4615 workarounds. For example, to allow for client authentication it
4616 is not just sufficient to provide a client certificate and the
4617 corresponding key, but it is also necessary to make the key group
4618 (smmsp) readable and tell sendmail not to complain about that, i.e.,
4620 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
4622 If the MSP should actually use AUTH then the necessary data
4623 should be placed in a map as explained in SMTP AUTHENTICATION:
4625 FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')
4627 /etc/mail/msp-authinfo should contain an entry like:
4629 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5"
4631 The file and the map created by makemap should be owned by smmsp,
4632 its group should be smmsp, and it should have mode 640. The database
4633 used by the MTA for AUTH must have a corresponding entry.
4634 Additionally the MTA must trust this authentication data so the AUTH=
4635 part will be relayed on to the next hop. This can be achieved by
4636 adding the following to your sendmail.mc file:
4640 R$* $: $&{auth_authen}
4643 Note: the authentication data can leak to local users who invoke
4644 the MSP with debug options or even with -v. For that reason either
4645 an authentication mechanism that does not show the password in the
4646 AUTH dialogue (e.g., DIGEST-MD5) or a different authentication
4647 method like STARTTLS should be used.
4649 feature/msp.m4 defines almost all settings for the MSP. Most of
4650 those should not be changed at all. Some of the features and options
4651 can be overridden if really necessary. It is a bit tricky to do
4652 this, because it depends on the actual way the option is defined
4653 in feature/msp.m4. If it is directly defined (i.e., define()) then
4654 the modified value must be defined after
4658 If it is conditionally defined (i.e., ifdef()) then the desired
4659 value must be defined before the FEATURE line in the .mc file.
4660 To see how the options are defined read feature/msp.m4.
4663 +--------------------------+
4664 | FORMAT OF FILES AND MAPS |
4665 +--------------------------+
4667 Files that define classes, i.e., F{classname}, consist of lines
4668 each of which contains a single element of the class. For example,
4669 /etc/mail/local-host-names may have the following content:
4674 Maps must be created using makemap(8) , e.g.,
4676 makemap hash MAP < MAP
4678 In general, a text file from which a map is created contains lines
4683 where 'key' and 'value' are also called LHS and RHS, respectively.
4684 By default, the delimiter between LHS and RHS is a non-empty sequence
4685 of white space characters.
4688 +------------------+
4689 | DIRECTORY LAYOUT |
4690 +------------------+
4692 Within this directory are several subdirectories, to wit:
4694 m4 General support routines. These are typically
4695 very important and should not be changed without
4696 very careful consideration.
4698 cf The configuration files themselves. They have
4699 ".mc" suffixes, and must be run through m4 to
4700 become complete. The resulting output should
4701 have a ".cf" suffix.
4703 ostype Definitions describing a particular operating
4704 system type. These should always be referenced
4705 using the OSTYPE macro in the .mc file. Examples
4706 include "bsd4.3", "bsd4.4", "sunos3.5", and
4709 domain Definitions describing a particular domain, referenced
4710 using the DOMAIN macro in the .mc file. These are
4711 site dependent; for example, "CS.Berkeley.EDU.m4"
4712 describes hosts in the CS.Berkeley.EDU subdomain.
4714 mailer Descriptions of mailers. These are referenced using
4715 the MAILER macro in the .mc file.
4717 sh Shell files used when building the .cf file from the
4718 .mc file in the cf subdirectory.
4720 feature These hold special orthogonal features that you might
4721 want to include. They should be referenced using
4724 hack Local hacks. These can be referenced using the HACK
4725 macro. They shouldn't be of more than voyeuristic
4726 interest outside the .Berkeley.EDU domain, but who knows?
4728 siteconfig Site configuration -- e.g., tables of locally connected
4732 +------------------------+
4733 | ADMINISTRATIVE DETAILS |
4734 +------------------------+
4736 The following sections detail usage of certain internal parts of the
4737 sendmail.cf file. Read them carefully if you are trying to modify
4738 the current model. If you find the above descriptions adequate, these
4739 should be {boring, confusing, tedious, ridiculous} (pick one or more).
4741 RULESETS (* means built in to sendmail)
4744 1 * Sender rewriting
4745 2 * Recipient rewriting
4746 3 * Canonicalization
4748 5 * Local address rewrite (after aliasing)
4749 1x mailer rules (sender qualification)
4750 2x mailer rules (recipient qualification)
4751 3x mailer rules (sender header qualification)
4752 4x mailer rules (recipient header qualification)
4753 5x mailer subroutines (general)
4754 6x mailer subroutines (general)
4755 7x mailer subroutines (general)
4757 90 Mailertable host stripping
4758 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4759 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4760 98 Local part of ruleset 0 (ruleset 8 in old sendmail)
4765 0 local, prog local and program mailers
4766 1 [e]smtp, relay SMTP channel
4767 2 uucp-* UNIX-to-UNIX Copy Program
4768 3 netnews Network News delivery
4769 4 fax Sam Leffler's HylaFAX software
4770 5 mail11 DECnet mailer
4778 D The local domain -- usually not needed
4779 E reserved for X.400 Relay
4782 H mail Hub (for mail clusters)
4787 M Masquerade (who you claim to be)
4792 R Relay (for unqualified names)
4795 U my UUCP name (if you have a UUCP connection)
4796 V UUCP Relay (class {V} hosts)
4797 W UUCP Relay (class {W} hosts)
4798 X UUCP Relay (class {X} hosts)
4799 Y UUCP Relay (all other hosts)
4806 B domains that are candidates for bestmx lookup
4809 E addresses that should not seem to come from $M
4810 F hosts this system forward for
4811 G domains that should be looked up in genericstable
4816 L addresses that should not be forwarded to $R
4817 M domains that should be mapped to $M
4818 N host/domains that should not be mapped to $M
4819 O operators that indicate network operations (cannot be in local names)
4820 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4822 R domains this system is willing to relay (pass anti-spam filters)
4825 U locally connected UUCP hosts
4826 V UUCP hosts connected to relay $V
4827 W UUCP hosts connected to relay $W
4828 X UUCP hosts connected to relay $X
4829 Y locally connected smart UUCP hosts
4830 Z locally connected domain-ized UUCP hosts
4831 . the class containing only a dot
4832 [ the class containing only a left bracket
4837 1 Local host detection and resolution
4838 2 Local Ruleset 3 additions
4839 3 Local Ruleset 0 additions
4840 4 UUCP Ruleset 0 additions
4841 5 locally interpreted names (overrides $R)
4842 6 local configuration (at top of file)
4843 7 mailer definitions
4844 8 DNS based blocklists
4845 9 special local rulesets (1 and 2)