2 SENDMAIL CONFIGURATION FILES
4 This document describes the sendmail configuration files. This package
5 requires a post-V7 version of m4; if you are running the 4.2bsd, SysV.2, or
6 7th Edition version. SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work.
7 GNU m4 version 1.1 or later also works. Unfortunately, the M4 on BSDI 1.0
8 doesn't work -- you'll have to use a Net/2 or GNU version. GNU m4 is
9 available from ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the
10 latset version). EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x
11 is fine). Use GNU m4 on this platform.
13 To get started, you may want to look at tcpproto.mc (for TCP-only sites),
14 uucpproto.mc (for UUCP-only sites), and clientproto.mc (for clusters of
15 clients using a single mail host). Others are versions previously used at
16 Berkeley. For example, ucbvax has gone away, but ucbvax.mc demonstrates
17 some interesting techniques.
19 *******************************************************************
20 *** BE SURE YOU CUSTOMIZE THESE FILES! They have some ***
21 *** Berkeley-specific assumptions built in, such as the name ***
22 *** of their UUCP-relay. You'll want to create your own ***
23 *** domain description, and use that in place of ***
24 *** domain/Berkeley.EDU.m4. ***
25 *******************************************************************
28 +--------------------------+
29 | INTRODUCTION AND EXAMPLE |
30 +--------------------------+
32 Configuration files are contained in the subdirectory "cf", with a
33 suffix ".mc". They must be run through "m4" to produce a ".cf" file.
34 You must pre-load "cf.m4":
36 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
38 Alternatively, you can simply:
43 where ${CFDIR} is the root of the cf directory and config.mc is the
44 name of your configuration file. If you are running a version of M4
45 that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
46 this, but the versions distributed with 4.4BSD and derivatives do not)
47 or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
48 For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
49 use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example:
51 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
53 Let's examine a typical .mc file:
57 # Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
58 # All rights reserved.
59 # Copyright (c) 1983 Eric P. Allman. All rights reserved.
60 # Copyright (c) 1988, 1993
61 # The Regents of the University of California. All rights reserved.
63 # By using this file, you agree to the terms and conditions set
64 # forth in the LICENSE file which can be found at the top level of
65 # the sendmail distribution.
69 # This is a Berkeley-specific configuration file for HP-UX 9.x.
70 # It applies only to the Computer Science Division at Berkeley,
71 # and should not be used elsewhere. It is provided on the sendmail
72 # distribution as a sample only. To create your own configuration
73 # file, create an appropriate domain file in ../domain, change the
74 # `DOMAIN' macro below to reference that file, and copy the result
75 # to a name of your own choosing.
79 The divert(-1) will delete the crud in the resulting output file.
80 The copyright notice can be replaced by whatever your lawyers require;
81 our lawyers require the one that is included in these files. A copyleft
82 is a copyright by another name. The divert(0) restores regular output.
84 VERSIONID(`<SCCS or RCS version id>')
86 VERSIONID is a macro that stuffs the version information into the
87 resulting file. You could use SCCS, RCS, CVS, something else, or
88 omit it completely. This is not the same as the version id included
89 in SMTP greeting messages -- this is defined in m4/version.m4.
93 You must specify an OSTYPE to properly configure things such as the
94 pathname of the help and status files, the flags needed for the local
95 mailer, and other important things. If you omit it, you will get an
96 error when you try to build the configuration. Look at the ostype
97 directory for the list of known operating system types.
99 DOMAIN(`CS.Berkeley.EDU')dnl
101 This example is specific to the Computer Science Division at Berkeley.
102 You can use "DOMAIN(`generic')" to get a sufficiently bland definition
103 that may well work for you, or you can create a customized domain
104 definition appropriate for your environment.
109 These describe the mailers used at the default CS site. The
110 local mailer is always included automatically. Beware: MAILER
111 declarations should always be at the end of the configuration file,
112 and MAILER(`smtp') should always precede MAILER(`procmail'), and
113 MAILER(`uucp'). The general rules are that the order should be:
119 local macro definitions
124 There are a few exceptions to this rule. Local macro definitions which
125 influence a FEATURE() should be done before that feature. For example,
126 a define(`PROCMAIL_MAILER_PATH', ...) should be done before
127 FEATURE(`local_procmail').
130 +----------------------------+
131 | A BRIEF INTRODUCTION TO M4 |
132 +----------------------------+
134 Sendmail uses the M4 macro processor to ``compile'' the configuration
135 files. The most important thing to know is that M4 is stream-based,
136 that is, it doesn't understand about lines. For this reason, in some
137 places you may see the word ``dnl'', which stands for ``delete
138 through newline''; essentially, it deletes all characters starting
139 at the ``dnl'' up to and including the next newline character. In
140 most cases sendmail uses this only to avoid lots of unnecessary
141 blank lines in the output.
143 Other important directives are define(A, B) which defines the macro
144 ``A'' to have value ``B''. Macros are expanded as they are read, so
145 one normally quotes both values to prevent expansion. For example,
147 define(`SMART_HOST', `smart.foo.com')
149 One word of warning: M4 macros are expanded even in lines that appear
150 to be comments. For example, if you have
152 # See FEATURE(`foo') above
154 it will not do what you expect, because the FEATURE(`foo') will be
155 expanded. This also applies to
157 # And then define the $X macro to be the return address
159 because ``define'' is an M4 keyword. If you want to use them, surround
160 them with directed quotes, `like this'.
166 sendmail 8.9 has introduced a new configuration directory for sendmail
167 related files, /etc/mail. The new files available for sendmail 8.9 --
168 the class {R} /etc/mail/relay-domains and the access database
169 /etc/mail/access -- take advantage of this new directory. Beginning with
170 8.10, all files will use this directory by default (some options may be
171 set by OSTYPE() files). This new directory should help to restore
172 uniformity to sendmail's file locations.
174 Below is a table of some of the common changes:
176 Old filename New filename
177 ------------ ------------
178 /etc/bitdomain /etc/mail/bitdomain
179 /etc/domaintable /etc/mail/domaintable
180 /etc/genericstable /etc/mail/genericstable
181 /etc/uudomain /etc/mail/uudomain
182 /etc/virtusertable /etc/mail/virtusertable
183 /etc/userdb /etc/mail/userdb
185 /etc/aliases /etc/mail/aliases
186 /etc/sendmail/aliases /etc/mail/aliases
187 /etc/ucbmail/aliases /etc/mail/aliases
188 /usr/adm/sendmail/aliases /etc/mail/aliases
189 /usr/lib/aliases /etc/mail/aliases
190 /usr/lib/mail/aliases /etc/mail/aliases
191 /usr/ucblib/aliases /etc/mail/aliases
193 /etc/sendmail.cw /etc/mail/local-host-names
194 /etc/mail/sendmail.cw /etc/mail/local-host-names
195 /etc/sendmail/sendmail.cw /etc/mail/local-host-names
197 /etc/sendmail.ct /etc/mail/trusted-users
199 /etc/sendmail.oE /etc/mail/error-header
201 /etc/sendmail.hf /etc/mail/helpfile
202 /etc/mail/sendmail.hf /etc/mail/helpfile
203 /usr/ucblib/sendmail.hf /etc/mail/helpfile
204 /etc/ucbmail/sendmail.hf /etc/mail/helpfile
205 /usr/lib/sendmail.hf /etc/mail/helpfile
206 /usr/share/lib/sendmail.hf /etc/mail/helpfile
207 /usr/share/misc/sendmail.hf /etc/mail/helpfile
208 /share/misc/sendmail.hf /etc/mail/helpfile
210 /etc/service.switch /etc/mail/service.switch
212 /etc/sendmail.st /etc/mail/statistics
213 /etc/mail/sendmail.st /etc/mail/statistics
214 /etc/mailer/sendmail.st /etc/mail/statistics
215 /etc/sendmail/sendmail.st /etc/mail/statistics
216 /usr/lib/sendmail.st /etc/mail/statistics
217 /usr/ucblib/sendmail.st /etc/mail/statistics
219 Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
220 to create the pathnames. The default value of this variable is
221 `/etc/mail/'. If you set this macro to a different value, you MUST include
228 You MUST define an operating system environment, or the configuration
229 file build will puke. There are several environments available; look
230 at the "ostype" directory for the current list. This macro changes
231 things like the location of the alias file and queue directory. Some
232 of these files are identical to one another.
234 It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
235 In general, the OSTYPE macro should go immediately after any version
236 information, and MAILER definitions should always go last.
238 Operating system definitions are usually easy to write. They may define
239 the following variables (everything defaults, so an ostype file may be
240 empty). Unfortunately, the list of configuration-supported systems is
241 not as broad as the list of source-supported systems, since many of
242 the source contributors do not include corresponding ostype files.
244 ALIAS_FILE [/etc/mail/aliases] The location of the text version
245 of the alias file(s). It can be a comma-separated
246 list of names (but be sure you quote values with
247 commas in them -- for example, use
248 define(`ALIAS_FILE', `a,b')
249 to get "a" and "b" both listed as alias files;
250 otherwise the define() primitive only sees "a").
251 HELP_FILE [/etc/mail/helpfile] The name of the file
252 containing information printed in response to
253 the SMTP HELP command.
254 QUEUE_DIR [/var/spool/mqueue] The directory containing
255 queue files. To use multiple queues, supply
256 a value ending with an asterisk. For
257 example, /var/spool/mqueue/q* will use all of the
258 directories or symbolic links to directories
259 beginning with 'q' in /var/spool/mqueue as queue
260 directories. The names 'qf', 'df', and 'xf' are
261 used as specific subdirectories for the corresponding
263 STATUS_FILE [/etc/mail/statistics] The file containing status
265 LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail.
266 LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The
267 flags lsDFMAw5:/|@q are always included.
268 LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local
270 LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local
271 mail that you are willing to accept.
272 LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of
273 messages to deliver in a single connection. Only
274 useful for LMTP local mailers.
275 LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
276 that ARRIVE from an address that resolves to the
277 local mailer and which are converted to MIME will be
278 labeled with this character set.
279 LOCAL_MAILER_EOL [undefined] If defined, the string to use as the
280 end of line for the local mailer.
281 LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
282 [X-Unix] The DSN Diagnostic-Code value for the
283 local mailer. This should be changed with care.
284 LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email.
285 LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The
286 flags lsDFM are always included.
287 LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
289 LOCAL_SHELL_DIR [$z:/] The directory search path in which the
291 USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program
293 USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer.
294 USENET_MAILER_ARGS [-m -h -n] The command line arguments for the
296 USENET_MAILER_MAX [100000] The maximum size of messages that will
297 be accepted by the usenet mailer.
298 SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default
299 flags are `mDFMuX' for all SMTP-based mailers; the
300 "esmtp" mailer adds `a'; "smtp8" adds `8'; and
302 RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default
303 flags are `mDFMuX' for all SMTP-based mailers; the
304 relay mailer adds `a8'. If this is not defined,
305 then SMTP_MAILER_FLAGS is used.
306 SMTP_MAILER_MAX [undefined] The maximum size of messages that will
307 be transported using the smtp, smtp8, esmtp, or dsmtp
309 SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of
310 messages to deliver in a single connection for the
311 smtp, smtp8, esmtp, or dsmtp mailers.
312 SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer.
313 About the only reason you would want to change this
314 would be to change the default port.
315 ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer.
316 SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer.
317 DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer.
318 RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer.
319 RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of
320 messages to deliver in a single connection for the
322 SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
323 that ARRIVE from an address that resolves to one of
324 the SMTP mailers and which are converted to MIME will
325 be labeled with this character set.
326 UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail.
327 UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default
328 flags are `DFMhuU' (and `m' for uucp-new mailer,
329 minus `U' for uucp-dom mailer).
330 UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
331 passed to the UUCP mailer.
332 UUCP_MAILER_MAX [100000] The maximum size message accepted for
333 transmission by the UUCP mailers.
334 UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
335 that ARRIVE from an address that resolves to one of
336 the UUCP mailers and which are converted to MIME will
337 be labeled with this character set.
338 FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to
340 FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX
342 FAX_MAILER_MAX [100000] The maximum size message accepted for
344 POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer.
345 POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq
347 POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer.
348 PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail
349 program. This is also used by
350 FEATURE(`local_procmail').
351 PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags
352 DFM are always set. This is NOT used by
353 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
355 PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
356 the Procmail mailer. This is NOT used by
357 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
359 PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that
360 will be accepted by the procmail mailer.
361 MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer.
362 MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer.
363 MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11
365 PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery
367 PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM
369 PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer.
370 CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The
371 flags lsDFMnPq are always included.
372 CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver
374 CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed
375 to deliver cyrus mail.
376 CYRUS_MAILER_MAX [undefined] If set, the maximum size message that
377 will be accepted by the cyrus mailer.
378 CYRUS_MAILER_USER [cyrus:mail] The user and group to become when
379 running the cyrus mailer.
380 CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer.
381 The flags lsDFMnP are always included.
382 CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed
383 to deliver cyrusbb mail.
384 confEBINDIR [/usr/libexec] The directory for executables.
385 Currently used for FEATURE(`local_lmtp') and
387 QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer.
388 QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver
390 QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed
391 to deliver qpage mail.
392 QPAGE_MAILER_MAX [4096] If set, the maximum size message that
393 will be accepted by the qpage mailer.
395 Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
396 MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of
397 the macro Name_MAILER_FLAGS and change can be: flags that should
398 be used directly (thus overriding the default value), or if it
399 starts with `+' (`-') then those flags are added to (removed from)
400 the default value. Example:
402 MODIFY_MAILER_FLAGS(`LOCAL', `+e')
404 will add the flag `e' to LOCAL_MAILER_FLAGS.
405 WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
406 unconditionally, i.e., without respecting any definitions in an
414 You will probably want to collect domain-dependent defines into one
415 file, referenced by the DOMAIN macro. For example, the Berkeley
416 domain file includes definitions for several internal distinguished
419 UUCP_RELAY The host that will accept UUCP-addressed email.
420 If not defined, all UUCP sites must be directly
422 BITNET_RELAY The host that will accept BITNET-addressed email.
423 If not defined, the .BITNET pseudo-domain won't work.
424 DECNET_RELAY The host that will accept DECNET-addressed email.
425 If not defined, the .DECNET pseudo-domain and addresses
426 of the form node::user will not work.
427 FAX_RELAY The host that will accept mail to the .FAX pseudo-domain.
428 The "fax" mailer overrides this value.
429 LOCAL_RELAY DEPRECATED. The site that will handle unqualified
430 names -- that is, names with out an @domain extension.
431 If not set, they are assumed to belong on this machine.
432 This allows you to have a central site to store a
433 company- or department-wide alias database. This
434 only works at small sites, and only with some user
436 LUSER_RELAY The site that will handle lusers -- that is, apparently
437 local names that aren't local accounts or aliases. To
438 specify a local user instead of a site, set this to
441 Any of these can be either ``mailer:hostname'' (in which case the
442 mailer is the internal mailer name, such as ``uucp-new'' and the hostname
443 is the name of the host as appropriate for that mailer) or just a
444 ``hostname'', in which case a default mailer type (usually ``relay'',
445 a variant on SMTP) is used. WARNING: if you have a wildcard MX
446 record matching your domain, you probably want to define these to
447 have a trailing dot so that you won't get the mail diverted back
450 The domain file can also be used to define a domain name, if needed
451 (using "DD<domain>") and set certain site-wide features. If all hosts
452 at your site masquerade behind one email name, you could also use
455 You do not have to define a domain -- in particular, if you are a
456 single machine sitting off somewhere, it is probably more work than
457 it's worth. This is just a mechanism for combining "domain dependent
458 knowledge" into one place.
464 There are fewer mailers supported in this version than the previous
465 version, owing mostly to a simpler world. As a general rule, put the
466 MAILER definitions last in your .mc file, and always put MAILER(`smtp')
467 before MAILER(`uucp') and MAILER(`procmail') -- several features and
468 definitions will modify the definition of mailers, and the smtp mailer
469 modifies the UUCP mailer. Moreover, MAILER(`cyrus'), MAILER(`pop'),
470 MAILER(`phquery'), and MAILER(`usenet') must be defined after
473 local The local and prog mailers. You will almost always
474 need these; the only exception is if you relay ALL
475 your mail to another site. This mailer is included
478 smtp The Simple Mail Transport Protocol mailer. This does
479 not hide hosts behind a gateway or another other
480 such hack; it assumes a world where everyone is
481 running the name server. This file actually defines
482 five mailers: "smtp" for regular (old-style) SMTP to
483 other servers, "esmtp" for extended SMTP to other
484 servers, "smtp8" to do SMTP to other servers without
485 converting 8-bit data to MIME (essentially, this is
486 your statement that you know the other end is 8-bit
487 clean even if it doesn't say so), "dsmtp" to do on
488 demand delivery, and "relay" for transmission to the
489 RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
491 uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
492 defines two mailers, "uucp-old" (a.k.a. "uucp") and
493 "uucp-new" (a.k.a. "suucp"). The latter is for when you
494 know that the UUCP mailer at the other end can handle
495 multiple recipients in one transfer. If the smtp mailer
496 is also included in your configuration, two other mailers
497 ("uucp-dom" and "uucp-uudom") are also defined [warning:
498 you MUST specify MAILER(smtp) before MAILER(uucp)]. When you
499 include the uucp mailer, sendmail looks for all names in
500 class {U} and sends them to the uucp-old mailer; all
501 names in class {Y} are sent to uucp-new; and all
502 names in class {Z} are sent to uucp-uudom. Note that
503 this is a function of what version of rmail runs on
504 the receiving end, and hence may be out of your control.
505 See the section below describing UUCP mailers in more
508 usenet Usenet (network news) delivery. If this is specified,
509 an extra rule is added to ruleset 0 that forwards all
510 local email for users named ``group.usenet'' to the
511 ``inews'' program. Note that this works for all groups,
512 and may be considered a security problem.
514 fax Facsimile transmission. This is experimental and based
515 on Sam Leffler's HylaFAX software. For more information,
516 see http://www.vix.com/hylafax/.
518 pop Post Office Protocol.
520 procmail An interface to procmail (does not come with sendmail).
521 This is designed to be used in mailertables. For example,
522 a common question is "how do I forward all mail for a given
523 domain to a single person?". If you have this mailer
524 defined, you could set up a mailertable reading:
526 host.com procmail:/etc/procmailrcs/host.com
528 with the file /etc/procmailrcs/host.com reading:
530 :0 # forward mail for host.com
531 ! -oi -f $1 person@other.host
533 This would arrange for (anything)@host.com to be sent
534 to person@other.host. Within the procmail script, $1 is
535 the name of the sender and $2 is the name of the recipient.
536 If you use this with FEATURE(`local_procmail'), the FEATURE
537 should be listed first.
539 mail11 The DECnet mail11 mailer, useful only if you have the mail11
540 program from gatekeeper.dec.com:/pub/DEC/gwtools (and
541 DECnet, of course). This is for Phase IV DECnet support;
542 if you have Phase V at your site you may have additional
545 phquery The phquery program. This is somewhat counterintuitively
546 referenced as the "ph" mailer internally. It can be used
547 to do CCSO name server lookups. The phquery program, which
548 this mailer uses, is distributed with the ph client.
550 cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to
551 a local cyrus user. this mailer can make use of the
552 "user+detail@local.host" syntax; it will deliver the mail to
553 the user's "detail" mailbox if the mailbox's ACL permits.
554 The cyrusbb mailer delivers to a system-wide cyrus mailbox
555 if the mailbox's ACL permits. The cyrus mailer must be
556 defined after the local mailer.
558 qpage A mailer for QuickPage, a pager interface. See
559 http://www.qpage.org/ for further information.
561 The local mailer accepts addresses of the form "user+detail", where
562 the "+detail" is not used for mailbox matching but is available
563 to certain local mail programs (in particular, see
564 FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and
565 "eric+sww" all indicate the same user, but additional arguments <null>,
566 "sendmail", and "sww" may be provided for use in sorting mail.
573 Special features can be requested using the "FEATURE" macro. For
574 example, the .mc line:
576 FEATURE(`use_cw_file')
578 tells sendmail that you want to have it read an /etc/mail/local-host-names
579 file to get values for class {w}. The FEATURE may contain up to 9
580 optional parameters -- for example:
582 FEATURE(`mailertable', `dbm /usr/lib/mailertable')
584 The default database map type for the table features can be set with
586 define(`DATABASE_MAP_TYPE', `dbm')
588 which would set it to use ndbm databases. The default is the Berkeley DB
589 hash database format. Note that you must still declare a database map type
590 if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
591 if no argument is given for the FEATURE. It must be specified before any
592 feature that uses a map.
594 Available features are:
596 use_cw_file Read the file /etc/mail/local-host-names file to get
597 alternate names for this host. This might be used if you
598 were on a host that MXed for a dynamic set of other hosts.
599 If the set is static, just including the line "Cw<name1>
600 <name2> ..." (where the names are fully qualified domain
601 names) is probably superior. The actual filename can be
602 overridden by redefining confCW_FILE.
604 use_ct_file Read the file /etc/mail/trusted-users file to get the
605 names of users that will be ``trusted'', that is, able to
606 set their envelope from address using -f without generating
607 a warning message. The actual filename can be overridden
608 by redefining confCT_FILE.
610 redirect Reject all mail addressed to "address.REDIRECT" with
611 a ``551 User has moved; please try <address>'' message.
612 If this is set, you can alias people who have left
613 to their new address with ".REDIRECT" appended.
615 nouucp Don't route UUCP addresses. This feature takes one
617 `reject': reject addresses which have "!" in the local
618 part unless it originates from a system
619 that is allowed to relay.
620 `nospecial': don't do anything special with "!".
621 Warnings: 1. See the NOTICE in the ANTI-SPAM section.
622 2. don't remove "!" from OperatorChars if `reject' is
625 nocanonify Don't pass addresses to $[ ... $] for canonification
626 by default. It can be changed by setting the
627 DaemonPortOptions modifiers (M=). That is,
628 FEATURE(`nocanonify') will be overridden by setting the
629 'c' flag. Conversely, if FEATURE(`nocanonify') is not used,
630 it can be emulated by setting the 'C' flag
631 (DaemonPortOptions=Modifiers=C). This would generally only
632 be used by sites that only act as mail gateways or which have
633 user agents that do full canonification themselves. You may
635 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
636 the usual resolver options that do a similar thing.
638 An exception list for FEATURE(`nocanonify') can be
639 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
640 i.e., a list of domains which are nevertheless passed to
641 $[ ... $] for canonification. This is useful to turn on
642 canonification for local domains, e.g., use
643 CANONIFY_DOMAIN(`my.domain my') to canonify addresses
644 which end in "my.domain" or "my".
645 Another way to require canonification in the local
646 domain is CANONIFY_DOMAIN(`$=m').
648 A trailing dot is added to addresses with more than
649 one component in it such that other features which
650 expect a trailing dot (e.g., virtusertable) will
653 If `canonify_hosts' is specified as parameter, i.e.,
654 FEATURE(`nocanonify', `canonify_hosts'), then
655 addresses which have only a hostname, e.g.,
656 <user@host>, will be canonified (and hopefully fully
659 stickyhost If set, email sent to "user@local.host" are marked
660 as "sticky" -- that is, the local addresses aren't
661 matched against UDB and don't go through ruleset 5.
662 This is used if you want a set up where "user" is
663 not necessarily the same as "user@local.host", e.g.,
664 to make a distinct domain-wide namespace. Prior to
665 8.7 this was the default, and notsticky was used to
668 mailertable Include a "mailer table" which can be used to override
669 routing for particular domains (which are not in class {w},
670 i.e. local host names). The argument of the FEATURE may be
671 the key definition. If none is specified, the definition
674 hash /etc/mail/mailertable
676 Keys in this database are fully qualified domain names
677 or partial domains preceded by a dot -- for example,
678 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a
679 special case of the latter, "." matches any domain not
680 covered by other keys. Values must be of the form:
682 where "mailer" is the internal mailer name, and "domain"
683 is where to send the message. These maps are not
684 reflected into the message header. As a special case,
687 will forward to the indicated user using the local mailer,
689 will forward to the original user in the e-mail address
690 using the local mailer, and
692 error:D.S.N:code message
693 will give an error message with the indicated SMTP reply
694 code and message, where D.S.N is an RFC 1893 compliant
697 domaintable Include a "domain table" which can be used to provide
698 domain name mapping. Use of this should really be
699 limited to your own domains. It may be useful if you
700 change names (e.g., your company changes names from
701 oldname.com to newname.com). The argument of the
702 FEATURE may be the key definition. If none is specified,
703 the definition used is:
705 hash /etc/mail/domaintable
707 The key in this table is the domain name; the value is
708 the new (fully qualified) domain. Anything in the
709 domaintable is reflected into headers; that is, this
710 is done in ruleset 3.
712 bitdomain Look up bitnet hosts in a table to try to turn them into
713 internet addresses. The table can be built using the
714 bitdomain program contributed by John Gardiner Myers.
715 The argument of the FEATURE may be the key definition; if
716 none is specified, the definition used is:
718 hash /etc/mail/bitdomain
720 Keys are the bitnet hostname; values are the corresponding
723 uucpdomain Similar feature for UUCP hosts. The default map definition
726 hash /etc/mail/uudomain
728 At the moment there is no automagic tool to build this
732 Include the local host domain even on locally delivered
733 mail. Normally it is not added on unqualified names.
734 However, if you use a shared message store but do not use
735 the same user name space everywhere, you may need the host
738 allmasquerade If masquerading is enabled (using MASQUERADE_AS), this
739 feature will cause recipient addresses to also masquerade
740 as being from the masquerade host. Normally they get
741 the local hostname. Although this may be right for
742 ordinary users, it can break local aliases. For example,
743 if you send to "localalias", the originating sendmail will
744 find that alias and send to all members, but send the
745 message with "To: localalias@masqueradehost". Since that
746 alias likely does not exist, replies will fail. Use this
747 feature ONLY if you can guarantee that the ENTIRE
748 namespace on your masquerade host supersets all the
752 Normally, any hosts listed in class {w} are masqueraded. If
753 this feature is given, only the hosts listed in class {M} (see
754 below: MASQUERADE_DOMAIN) are masqueraded. This is useful
755 if you have several domains with disjoint namespaces hosted
758 masquerade_entire_domain
759 If masquerading is enabled (using MASQUERADE_AS) and
760 MASQUERADE_DOMAIN (see below) is set, this feature will
761 cause addresses to be rewritten such that the masquerading
762 domains are actually entire domains to be hidden. All
763 hosts within the masquerading domains will be rewritten
764 to the masquerade name (used in MASQUERADE_AS). For example,
767 MASQUERADE_AS(`masq.com')
768 MASQUERADE_DOMAIN(`foo.org')
769 MASQUERADE_DOMAIN(`bar.com')
771 then *foo.org and *bar.com are converted to masq.com. Without
772 this feature, only foo.org and bar.com are masqueraded.
774 NOTE: only domains within your jurisdiction and
775 current hierarchy should be masqueraded using this.
777 genericstable This feature will cause unqualified addresses (i.e., without
778 a domain) and addresses with a domain listed in class {G}
779 to be looked up in a map and turned into another ("generic")
780 form, which can change both the domain name and the user name.
781 This is similar to the userdb functionality. The same types of
782 addresses as for masquerading are looked up, i.e., only header
783 sender addresses unless the allmasquerade and/or
784 masquerade_envelope features are given. Qualified addresses
785 must have the domain part in class {G}; entries can
786 be added to this class by the macros GENERICS_DOMAIN or
787 GENERICS_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
788 MASQUERADE_DOMAIN_FILE, see below).
790 The argument of FEATURE(`genericstable') may be the map
791 definition; the default map definition is:
793 hash /etc/mail/genericstable
795 The key for this table is either the full address, the domain
796 (with a leading @; the localpart is passed as first argument)
797 or the unqualified username (tried in the order mentioned);
798 the value is the new user address. If the new user address
799 does not include a domain, it will be qualified in the standard
800 manner, i.e., using $j or the masquerade name. Note that the
801 address being looked up must be fully qualified. For local
802 mail, it is necessary to use FEATURE(`always_add_domain')
803 for the addresses to be qualified.
804 The "+detail" of an address is passed as %1, so entries like
806 old+*@foo.org new+%1@example.com
807 gen+*@foo.org %1@example.com
809 and other forms are possible.
811 generics_entire_domain
812 If the genericstable is enabled and GENERICS_DOMAIN or
813 GENERICS_DOMAIN_FILE is used, this feature will cause
814 addresses to be searched in the map if their domain
815 parts are subdomains of elements in class {G}.
817 virtusertable A domain-specific form of aliasing, allowing multiple
818 virtual domains to be hosted on one machine. For example,
819 if the virtuser table contained:
821 info@foo.com foo-info
822 info@bar.com bar-info
823 joe@bar.com error:nouser No such user here
824 jax@bar.com error:D.S.N:unavailable Address invalid
825 @baz.org jane@example.net
827 then mail addressed to info@foo.com will be sent to the
828 address foo-info, mail addressed to info@bar.com will be
829 delivered to bar-info, and mail addressed to anyone at baz.org
830 will be sent to jane@example.net, mail to joe@bar.com will
831 be rejected with the specified error message, and mail to
832 jax@bar.com will also have a RFC 1893 compliant error code
835 The username from the original address is passed
838 @foo.org %1@example.com
840 meaning someone@foo.org will be sent to someone@example.com.
841 Additionally, if the local part consists of "user+detail"
842 then "detail" is passed as %2 when a match against user+*
843 is attempted, so entries like
845 old+*@foo.org new+%2@example.com
846 gen+*@foo.org %2@example.com
847 +*@foo.org %1+%2@example.com
849 and other forms are possible. Note: to preserve "+detail"
850 for a default case (@domain) +*@domain must be used as
853 All the host names on the left hand side (foo.com, bar.com,
854 and baz.org) must be in class {w} or class {VirtHost}, the
855 latter can be defined by the macros VIRTUSER_DOMAIN or
856 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
857 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
858 VIRTUSER_DOMAIN_FILE is used, then the entries of class
859 {VirtHost} are added to class {R}, i.e., relaying is allowed
860 to (and from) those domains. The default map definition is:
862 hash /etc/mail/virtusertable
864 A new definition can be specified as the second argument of
865 the FEATURE macro, such as
867 FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
869 virtuser_entire_domain
870 If the virtusertable is enabled and VIRTUSER_DOMAIN or
871 VIRTUSER_DOMAIN_FILE is used, this feature will cause
872 addresses to be searched in the map if their domain
873 parts are subdomains of elements in class {VirtHost}.
875 ldap_routing Implement LDAP-based e-mail recipient routing according to
876 the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
877 This provides a method to re-route addresses with a
878 domain portion in class {LDAPRoute} to either a
879 different mail host or a different address. Hosts can
880 be added to this class using LDAPROUTE_DOMAIN and
881 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
882 MASQUERADE_DOMAIN_FILE, see below).
884 See the LDAP ROUTING section below for more information.
886 nodns If you aren't running DNS at your site (for example,
887 you are UUCP-only connected). It's hard to consider
888 this a "feature", but hey, it had to go somewhere.
889 Actually, as of 8.7 this is a no-op -- remove "dns" from
890 the hosts service switch entry instead.
892 nullclient This is a special case -- it creates a configuration file
893 containing nothing but support for forwarding all mail to a
894 central hub via a local SMTP-based network. The argument
895 is the name of that hub.
897 The only other feature that should be used in conjunction
898 with this one is FEATURE(`nocanonify'). No mailers
899 should be defined. No aliasing or forwarding is done.
901 local_lmtp Use an LMTP capable local mailer. The argument to this
902 feature is the pathname of an LMTP capable mailer. By
903 default, mail.local is used. This is expected to be the
904 mail.local which came with the 8.9 distribution which is
905 LMTP capable. The path to mail.local is set by the
906 confEBINDIR m4 variable -- making the default
907 LOCAL_MAILER_PATH /usr/libexec/mail.local.
908 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
909 i.e., without respecting any definitions in an OSTYPE setting.
911 local_procmail Use procmail or another delivery agent as the local mailer.
912 The argument to this feature is the pathname of the
913 delivery agent, which defaults to PROCMAIL_MAILER_PATH.
914 Note that this does NOT use PROCMAIL_MAILER_FLAGS or
915 PROCMAIL_MAILER_ARGS for the local mailer; tweak
916 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
917 specify the appropriate parameters. When procmail is used,
918 the local mailer can make use of the
919 "user+indicator@local.host" syntax; normally the +indicator
920 is just tossed, but by default it is passed as the -a
921 argument to procmail.
923 This feature can take up to three arguments:
925 1. Path to the mailer program
926 [default: /usr/local/bin/procmail]
927 2. Argument vector including name of the program
928 [default: procmail -Y -a $h -d $u]
929 3. Flags for the mailer [default: SPfhn9]
931 Empty arguments cause the defaults to be taken.
933 For example, this allows it to use the maildrop
934 (http://www.flounder.net/~mrsam/maildrop/) mailer instead
937 FEATURE(`local_procmail', `/usr/local/bin/maildrop',
942 FEATURE(`local_procmail', `/usr/local/bin/scanmails')
944 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
945 i.e., without respecting any definitions in an OSTYPE setting.
947 bestmx_is_local Accept mail as though locally addressed for any host that
948 lists us as the best possible MX record. This generates
949 additional DNS traffic, but should be OK for low to
950 medium traffic hosts. The argument may be a set of
951 domains, which will limit the feature to only apply to
952 these domains -- this will reduce unnecessary DNS
953 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
954 WILDCARD MX RECORDS!!! If you have a wildcard MX record
955 that matches your domain, you cannot use this feature.
957 smrsh Use the SendMail Restricted SHell (smrsh) provided
958 with the distribution instead of /bin/sh for mailing
959 to programs. This improves the ability of the local
960 system administrator to control what gets run via
961 e-mail. If an argument is provided it is used as the
962 pathname to smrsh; otherwise, the path defined by
963 confEBINDIR is used for the smrsh binary -- by default,
964 /usr/libexec/smrsh is assumed.
967 By default, the sendmail configuration files do not permit
968 mail relaying (that is, accepting mail from outside your
969 local host (class {w}) and sending it to another host than
970 your local host). This option sets your site to allow
971 mail relaying from any site to any site. In almost all
972 cases, it is better to control relaying more carefully
973 with the access map, class {R}, or authentication. Domains
974 can be added to class {R} by the macros RELAY_DOMAIN or
975 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
976 MASQUERADE_DOMAIN_FILE, see below).
979 By default, only hosts listed as RELAY in the access db
980 will be allowed to relay. This option also allows any
981 host in your domain as defined by class {m}.
984 By default, names that are listed as RELAY in the access
985 db and class {R} are domain names, not host names.
986 For example, if you specify ``foo.com'', then mail to or
987 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
988 will all be accepted for relaying. This feature changes
989 the behaviour to lookup individual host names only.
992 Turns on the ability to allow relaying based on the MX
993 records of the host portion of an incoming recipient; that
994 is, if an MX record for host foo.com points to your site,
995 you will accept and relay mail addressed to foo.com. See
996 description below for more information before using this
997 feature. Also, see the KNOWNBUGS entry regarding bestmx
1000 FEATURE(`relay_based_on_MX') does not necessarily allow
1001 routing of these messages which you expect to be allowed,
1002 if route address syntax (or %-hack syntax) is used. If
1003 this is a problem, add entries to the access-table or use
1004 FEATURE(`loose_relay_check').
1007 Allows relaying if the mail sender is listed as RELAY in
1008 the access map. If an optional argument `domain' is given,
1009 the domain portion of the mail sender is checked too.
1010 This should only be used if absolutely necessary as the
1011 sender address can be easily forged. Use of this feature
1012 requires the "From:" tag be prepended to the key in the
1013 access map; see the discussion of tags and
1014 FEATURE(`relay_mail_from') in the section on ANTI-SPAM
1015 CONFIGURATION CONTROL.
1018 Allows relaying if the domain portion of the mail sender
1019 is a local host. This should only be used if absolutely
1020 necessary as it opens a window for spammers. Specifically,
1021 they can send mail to your mail server that claims to be
1022 from your domain (either directly or via a routed address),
1023 and you will go ahead and relay it out to arbitrary hosts
1026 accept_unqualified_senders
1027 Normally, MAIL FROM: commands in the SMTP session will be
1028 refused if the connection is a network connection and the
1029 sender address does not include a domain name. If your
1030 setup sends local mail unqualified (i.e., MAIL FROM: <joe>),
1031 you will need to use this feature to accept unqualified
1032 sender addresses. Setting the DaemonPortOptions modifier
1033 'u' overrides the default behavior, i.e., unqualified
1034 addresses are accepted even without this FEATURE.
1035 If this FEATURE is not used, the DaemonPortOptions modifier
1036 'f' can be used to enforce fully qualified addresses.
1038 accept_unresolvable_domains
1039 Normally, MAIL FROM: commands in the SMTP session will be
1040 refused if the host part of the argument to MAIL FROM:
1041 cannot be located in the host name service (e.g., an A or
1042 MX record in DNS). If you are inside a firewall that has
1043 only a limited view of the Internet host name space, this
1044 could cause problems. In this case you probably want to
1045 use this feature to accept all domains on input, even if
1046 they are unresolvable.
1048 access_db Turns on the access database feature. The access db gives
1049 you the ability to allow or refuse to accept mail from
1050 specified domains for administrative reasons. By default,
1051 the access database specification is:
1053 hash /etc/mail/access
1055 The format of the database is described in the anti-spam
1056 configuration control section later in this document.
1058 blacklist_recipients
1059 Turns on the ability to block incoming mail for certain
1060 recipient usernames, hostnames, or addresses. For
1061 example, you can block incoming mail to user nobody,
1062 host foo.mydomain.com, or guest@bar.mydomain.com.
1063 These specifications are put in the access db as
1064 described in the anti-spam configuration control section
1065 later in this document.
1067 rbl This feature is deprecated! Please use dnsbl instead.
1068 Turns on rejection of hosts found in the Realtime Blackhole
1069 List. If an argument is provided it is used as the domain
1070 in which blocked hosts are listed; otherwise, the main
1071 RBL domain rbl.maps.vix.com is used. For details, see
1072 http://maps.vix.com/rbl/.
1074 dnsbl Turns on rejection of hosts found in an DNS based rejection
1075 list. If an argument is provided it is used as the domain
1076 in which blocked hosts are listed; otherwise it defaults to
1077 rbl.maps.vix.com. An explanation for an DNS based rejection
1078 list can be found http://maps.vix.com/rbl/. A second argument
1079 can be used to change the default error message of
1080 Mail from $&{client_addr} refused by blackhole site SERVER
1081 where SERVER is replaced by the first argument. This feature
1082 can be included several times to query different DNS based
1086 Normally, if % addressing is used for a recipient, e.g.
1087 user%site@othersite, and othersite is in class {R}, the
1088 check_rcpt ruleset will strip @othersite and recheck
1089 user@site for relaying. This feature changes that
1090 behavior. It should not be needed for most installations.
1092 no_default_msa Don't generate the default MSA daemon, i.e.,
1093 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1094 To define a MSA daemon with other parameters, use this
1095 FEATURE and introduce new settings via DAEMON_OPTIONS().
1101 Some things just can't be called features. To make this clear,
1102 they go in the hack subdirectory and are referenced using the HACK
1103 macro. These will tend to be site-dependent. The release
1104 includes the Berkeley-dependent "cssubdomain" hack (that makes
1105 sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
1106 this is intended as a short-term aid while moving hosts into
1110 +--------------------+
1111 | SITE CONFIGURATION |
1112 +--------------------+
1114 *****************************************************
1115 * This section is really obsolete, and is preserved *
1116 * only for back compatibility. You should plan on *
1117 * using mailertables for new installations. In *
1118 * particular, it doesn't work for the newer forms *
1119 * of UUCP mailers, such as uucp-uudom. *
1120 *****************************************************
1122 Complex sites will need more local configuration information, such as
1123 lists of UUCP hosts they speak with directly. This can get a bit more
1124 tricky. For an example of a "complex" site, see cf/ucbvax.mc.
1126 The SITECONFIG macro allows you to indirectly reference site-dependent
1127 configuration information stored in the siteconfig subdirectory. For
1130 SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
1132 reads the file uucp.ucbvax for local connection information. The
1133 second parameter is the local name (in this case just "ucbvax" since
1134 it is locally connected, and hence a UUCP hostname). The third
1135 parameter is the name of both a macro to store the local name (in
1136 this case, {U}) and the name of the class (e.g., {U}) in which to store
1137 the host information read from the file. Another SITECONFIG line reads
1139 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
1141 This says that the file uucp.ucbarpa contains the list of UUCP sites
1142 connected to ucbarpa.Berkeley.EDU. Class {W} will be used to
1143 store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
1144 is, the name of the relay to which the hosts listed in uucp.ucbarpa
1145 are connected. [The machine ucbarpa is gone now, but this
1146 out-of-date configuration file has been left around to demonstrate
1147 how you might do this.]
1149 Note that the case of SITECONFIG with a third parameter of ``U'' is
1150 special; the second parameter is assumed to be the UUCP name of the
1151 local site, rather than the name of a remote site, and the UUCP name
1152 is entered into class {w} (the list of local hostnames) as $U.UUCP.
1154 The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
1155 more than a sequence of SITE macros describing connectivity. For
1161 The second example demonstrates that you can use two names on the
1162 same line; these are usually aliases for the same host (or are at
1163 least in the same company).
1166 +--------------------+
1167 | USING UUCP MAILERS |
1168 +--------------------+
1170 It's hard to get UUCP mailers right because of the extremely ad hoc
1171 nature of UUCP addressing. These config files are really designed
1172 for domain-based addressing, even for UUCP sites.
1174 There are four UUCP mailers available. The choice of which one to
1175 use is partly a matter of local preferences and what is running at
1176 the other end of your UUCP connection. Unlike good protocols that
1177 define what will go over the wire, UUCP uses the policy that you
1178 should do what is right for the other end; if they change, you have
1179 to change. This makes it hard to do the right thing, and discourages
1180 people from updating their software. In general, if you can avoid
1183 The major choice is whether to go for a domainized scheme or a
1184 non-domainized scheme. This depends entirely on what the other
1185 end will recognize. If at all possible, you should encourage the
1186 other end to go to a domain-based system -- non-domainized addresses
1187 don't work entirely properly.
1189 The four mailers are:
1191 uucp-old (obsolete name: "uucp")
1192 This is the oldest, the worst (but the closest to UUCP) way of
1193 sending messages accros UUCP connections. It does bangify
1194 everything and prepends $U (your UUCP name) to the sender's
1195 address (which can already be a bang path itself). It can
1196 only send to one address at a time, so it spends a lot of
1197 time copying duplicates of messages. Avoid this if at all
1200 uucp-new (obsolete name: "suucp")
1201 The same as above, except that it assumes that in one rmail
1202 command you can specify several recipients. It still has a
1203 lot of other problems.
1206 This UUCP mailer keeps everything as domain addresses.
1207 Basically, it uses the SMTP mailer rewriting rules. This mailer
1208 is only included if MAILER(`smtp') is also specified.
1210 Unfortunately, a lot of UUCP mailer transport agents require
1211 bangified addresses in the envelope, although you can use
1212 domain-based addresses in the message header. (The envelope
1213 shows up as the From_ line on UNIX mail.) So....
1216 This is a cross between uucp-new (for the envelope addresses)
1217 and uucp-dom (for the header addresses). It bangifies the
1218 envelope sender (From_ line in messages) without adding the
1219 local hostname, unless there is no host name on the address
1220 at all (e.g., "wolf") or the host component is a UUCP host name
1221 instead of a domain name ("somehost!wolf" instead of
1222 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
1227 On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1228 summarizes the sender rewriting for various mailers.
1230 Mailer sender rewriting in the envelope
1231 ------ ------ -------------------------
1232 uucp-{old,new} wolf grasp!wolf
1233 uucp-dom wolf wolf@grasp.insa-lyon.fr
1234 uucp-uudom wolf grasp.insa-lyon.fr!wolf
1236 uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
1237 uucp-dom wolf@fr.net wolf@fr.net
1238 uucp-uudom wolf@fr.net fr.net!wolf
1240 uucp-{old,new} somehost!wolf grasp!somehost!wolf
1241 uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
1242 uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
1244 If you are using one of the domainized UUCP mailers, you really want
1245 to convert all UUCP addresses to domain format -- otherwise, it will
1246 do it for you (and probably not the way you expected). For example,
1247 if you have the address foo!bar!baz (and you are not sending to foo),
1248 the heuristics will add the @uucp.relay.name or @local.host.name to
1249 this address. However, if you map foo to foo.host.name first, it
1250 will not add the local hostname. You can do this using the uucpdomain
1254 +-------------------+
1255 | TWEAKING RULESETS |
1256 +-------------------+
1258 For more complex configurations, you can define special rules.
1259 The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1260 the names. Any modifications made here are reflected in the header.
1262 A common use is to convert old UUCP addresses to SMTP addresses using
1263 the UUCPSMTP macro. For example:
1266 UUCPSMTP(`decvax', `decvax.dec.com')
1267 UUCPSMTP(`research', `research.att.com')
1269 will cause addresses of the form "decvax!user" and "research!user"
1270 to be converted to "user@decvax.dec.com" and "user@research.att.com"
1273 This could also be used to look up hosts in a database map:
1276 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3
1278 This map would be defined in the LOCAL_CONFIG portion, as shown below.
1280 Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1281 For example, new rules are needed to parse hostnames that you accept
1282 via MX records. For example, you might have:
1285 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1287 You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1288 pointing at this host; this rule catches the message and forwards it on
1291 You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1292 These rulesets are normally empty.
1294 A similar macro is LOCAL_CONFIG. This introduces lines added after the
1295 boilerplate option setting but before rulesets. Do not declare rulesets in
1296 the LOCAL_CONFIG section. It can be used to declare local database maps or
1297 whatever. For example:
1300 Khostmap hash /etc/mail/hostmap
1301 Kyplocal nis -m hosts.byname
1304 +---------------------------+
1305 | MASQUERADING AND RELAYING |
1306 +---------------------------+
1308 You can have your host masquerade as another using
1310 MASQUERADE_AS(`host.domain')
1312 This causes mail being sent to be labeled as coming from the
1313 indicated host.domain, rather than $j. One normally masquerades as
1314 one of one's own subdomains (for example, it's unlikely that
1315 Berkeley would choose to masquerade as an MIT site). This
1316 behaviour is modified by a plethora of FEATUREs; in particular, see
1317 masquerade_envelope, allmasquerade, limited_masquerade, and
1318 masquerade_entire_domain.
1320 The masquerade name is not normally canonified, so it is important
1321 that it be your One True Name, that is, fully qualified and not a
1322 CNAME. However, if you use a CNAME, the receiving side may canonify
1323 it for you, so don't think you can cheat CNAME mapping this way.
1325 Normally the only addresses that are masqueraded are those that come
1326 from this host (that is, are either unqualified or in class {w}, the list
1327 of local domain names). You can augment this list, which is realized
1330 MASQUERADE_DOMAIN(`otherhost.domain')
1332 The effect of this is that although mail to user@otherhost.domain
1333 will not be delivered locally, any mail including any user@otherhost.domain
1334 will, when relayed, be rewritten to have the MASQUERADE_AS address.
1335 This can be a space-separated list of names.
1337 If these names are in a file, you can use
1339 MASQUERADE_DOMAIN_FILE(`filename')
1341 to read the list of names from the indicated file (i.e., to add
1342 elements to class {M}).
1344 To exempt hosts or subdomains from being masqueraded, you can use
1346 MASQUERADE_EXCEPTION(`host.domain')
1348 This can come handy if you want to masquerade a whole domain
1349 except for one (or a few) host(s).
1351 Normally only header addresses are masqueraded. If you want to
1352 masquerade the envelope as well, use
1354 FEATURE(`masquerade_envelope')
1356 There are always users that need to be "exposed" -- that is, their
1357 internal site name should be displayed instead of the masquerade name.
1358 Root is an example (which has been "exposed" by default prior to 8.10).
1359 You can add users to this list using
1361 EXPOSED_USER(`usernames')
1363 This adds users to class {E}; you could also use something like
1365 FE/etc/mail/exposed-users
1367 You can also arrange to relay all unqualified names (that is, names
1368 without @host) to a relay host. For example, if you have a central
1369 email server, you might relay to that host so that users don't have
1370 to have .forward files or aliases. You can do this using
1372 define(`LOCAL_RELAY', `mailer:hostname')
1374 The ``mailer:'' can be omitted, in which case the mailer defaults to
1375 "relay". There are some user names that you don't want relayed, perhaps
1376 because of local aliases. A common example is root, which may be
1377 locally aliased. You can add entries to this list using
1379 LOCAL_USER(`usernames')
1381 This adds users to class {L}; you could also use something like
1383 FL/etc/mail/local-users
1385 If you want all incoming mail sent to a centralized hub, as for a
1386 shared /var/spool/mail scheme, use
1388 define(`MAIL_HUB', `mailer:hostname')
1390 Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY
1391 and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1392 be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1393 Note: there is a (long standing) bug which keeps this combination from
1394 working for addresses of the form user+detail.
1395 Names in class {L} will be delivered locally, so you MUST have aliases or
1396 .forward files for them.
1398 For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1399 FEATURE(`stickyhost'), the following combinations of settings will have the
1402 email sent to.... eric eric@mastodon.CS.Berkeley.EDU
1404 LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally)
1405 mail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
1407 MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1408 mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done)
1410 Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1411 MAIL_HUB set as above (no local aliasing) (aliasing done)
1413 If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1414 MAIL_HUB act identically, with MAIL_HUB taking precedence.
1416 If you want all outgoing mail to go to a central relay site, define
1417 SMART_HOST as well. Briefly:
1419 LOCAL_RELAY applies to unqualified names (e.g., "eric").
1420 MAIL_HUB applies to names qualified with the name of the
1421 local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1422 SMART_HOST applies to names qualified with other hosts or
1423 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1424 or "eric@[127.0.0.1]").
1426 However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1427 DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1428 really want absolutely everything to go to a single central site you will
1429 need to unset all the other relays -- or better yet, find or build a
1430 minimal config file that does this.
1432 For duplicate suppression to work properly, the host name is best
1433 specified with a terminal dot:
1435 define(`MAIL_HUB', `host.domain.')
1436 note the trailing dot ---^
1443 FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
1444 LDAP Schema for Intranet Mail Routing
1445 (draft-lachman-laser-ldap-mail-routing-01). This feature enables
1446 LDAP-based rerouting of a particular address to either a different host
1447 or a different address. The LDAP lookup is first attempted on the full
1448 address (e.g., user@example.com) and then on the domain portion
1449 (e.g., @example.com). Be sure to setup your domain for LDAP routing using
1450 LDAPROUTE_DOMAIN(), e.g.:
1452 LDAPROUTE_DOMAIN(`example.com')
1454 By default, the feature will use the schemas as specified in the draft
1455 and will not reject addresses not found by the LDAP lookup. However,
1456 this behavior can be changed by giving additional arguments to the FEATURE()
1459 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>)
1461 where <mailHost> is a map definition describing how to lookup an alternative
1462 mail host for a particular address; <mailRoutingAddress> is a map definition
1463 describing how to lookup an alternative address for a particular address; and
1464 the <bounce> argument, if present and not the word "passthru", dictates
1465 that mail should be bounced if neither a mailHost nor mailRoutingAddress
1468 The default <mailHost> map definition is:
1470 ldap -1 -v mailHost -k (&(objectClass=inetLocalMailRecipient)
1471 (mailLocalAddress=%0))
1473 The default <mailRoutingAddress> map definition is:
1475 ldap -1 -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient)
1476 (mailLocalAddress=%0))
1478 Note that neither includes the LDAP server hostname (-h server) or base DN
1479 (-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
1480 your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
1481 these settings. If this is not the case, the map definitions should be
1482 changed as described above.
1484 The following possibilities exist as a result of an LDAP lookup on an
1487 mailHost is mailRoutingAddress is Results in
1488 ----------- --------------------- ----------
1489 set to a set mail delivered to
1490 "local" host mailRoutingAddress
1492 set to a not set delivered to
1493 "local" host original address
1495 set to a set mailRoutingAddress
1496 remote host relayed to mailHost
1498 set to a not set original address
1499 remote host relayed to mailHost
1501 not set set mail delivered to
1504 not set not set delivered to
1505 original address *OR*
1506 bounced as unknown user
1508 The term "local" host above means the host specified is in class {w}.
1509 Note that the last case depends on whether the third argument is given
1510 to the FEATURE() command. The default is to deliver the message to the
1513 The LDAP entries should be set up with an objectClass of
1514 inetLocalMailRecipient and the address be listed in a mailLocalAddress
1515 attribute. If present, there must be only one mailHost attribute and it
1516 must contain a fully qualified host name as its value. Similarly, if
1517 present, there must be only one mailRoutingAddress attribute and it must
1518 contain an RFC 822 compliant address. Some example LDAP records (in ldif
1521 dn: uid=tom, o=example.com, c=US
1522 objectClass: inetLocalMailRecipient
1523 mailLocalAddress: tom@example.com
1524 mailRoutingAddress: thomas@mailhost.example.com
1526 This would deliver mail for tom@example.com to thomas@mailhost.example.com.
1528 dn: uid=dick, o=example.com, c=US
1529 objectClass: inetLocalMailRecipient
1530 mailLocalAddress: dick@example.com
1531 mailHost: eng.example.com
1533 This would relay mail for dick@example.com to the same address but redirect
1534 the mail to MX records listed for the host eng.example.com.
1536 dn: uid=harry, o=example.com, c=US
1537 objectClass: inetLocalMailRecipient
1538 mailLocalAddress: harry@example.com
1539 mailHost: mktmail.example.com
1540 mailRoutingAddress: harry@mkt.example.com
1542 This would relay mail for harry@example.com to the MX records listed for
1543 the host mktmail.example.com using the new address harry@mkt.example.com
1544 when talking to that host.
1546 dn: uid=virtual.example.com, o=example.com, c=US
1547 objectClass: inetLocalMailRecipient
1548 mailLocalAddress: @virtual.example.com
1549 mailHost: server.example.com
1550 mailRoutingAddress: virtual@example.com
1552 This would send all mail destined for any username @virtual.example.com to
1553 the machine server.example.com's MX servers and deliver to the address
1554 virtual@example.com on that relay machine.
1557 +---------------------------------+
1558 | ANTI-SPAM CONFIGURATION CONTROL |
1559 +---------------------------------+
1561 The primary anti-spam features available in sendmail are:
1563 * Relaying is denied by default.
1564 * Better checking on sender information.
1568 Relaying (transmission of messages from a site outside your host (class
1569 {w}) to another site except yours) is denied by default. Note that this
1570 changed in sendmail 8.9; previous versions allowed relaying by default.
1571 If you really want to revert to the old behaviour, you will need to use
1572 FEATURE(`promiscuous_relay'). You can allow certain domains to relay
1573 through your server by adding their domain name or IP address to class
1574 {R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
1575 (described below). The file consists (like any other file based class)
1576 of entries listed on separate lines, e.g.,
1585 FEATURE(`relay_entire_domain')
1587 then any host in any of your local domains (that is, class {m})
1588 will be relayed (that is, you will accept mail either to or from any
1589 host in your domain).
1591 You can also allow relaying based on the MX records of the host
1592 portion of an incoming recipient address by using
1594 FEATURE(`relay_based_on_MX')
1596 For example, if your server receives a recipient of user@domain.com
1597 and domain.com lists your server in its MX records, the mail will be
1598 accepted for relay to domain.com. Note that this will stop spammers
1599 from using your host to relay spam but it will not stop outsiders from
1600 using your server as a relay for their site (that is, they set up an
1601 MX record pointing to your mail server, and you will relay mail addressed
1602 to them without any prior arrangement). Along the same lines,
1604 FEATURE(`relay_local_from')
1606 will allow relaying if the sender specifies a return path (i.e.
1607 MAIL FROM: <user@domain>) domain which is a local domain. This a
1608 dangerous feature as it will allow spammers to spam using your mail
1609 server by simply specifying a return address of user@your.domain.com.
1610 It should not be used unless absolutely necessary.
1611 A slightly better solution is
1613 FEATURE(`relay_mail_from')
1615 which allows relaying if the mail sender is listed as RELAY in the
1616 access map. If an optional argument `domain' is given, the domain
1617 portion of the mail sender is also checked to allowing relaying.
1618 This option only works together with the tag From: for the LHS of
1619 the access map entries (see below: Finer control...).
1622 If source routing is used in the recipient address (i.e.
1623 RCPT TO: <user%site.com@othersite.com>), sendmail will check
1624 user@site.com for relaying if othersite.com is an allowed relay host
1625 in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
1626 or the access database if FEATURE(`access_db') is used. To prevent
1627 the address from being stripped down, use:
1629 FEATURE(`loose_relay_check')
1631 If you think you need to use this feature, you probably do not. This
1632 should only be used for sites which have no control over the addresses
1633 that they provide a gateway for. Use this FEATURE with caution as it
1634 can allow spammers to relay through your server if not setup properly.
1636 NOTICE: It is possible to relay mail through a system which the anti-relay
1637 rules do not prevent: the case of a system that does use FEATURE(`nouucp',
1638 `nospecial') (system A) and relays local messages to a mail hub (e.g., via
1639 LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use
1640 FEATURE(`nouucp') at all, addresses of the form
1641 <example.net!user@local.host> would be relayed to <user@example.net>.
1642 System A doesn't recognize `!' as an address separator and therefore
1643 forwards it to the mail hub which in turns relays it because it came from
1644 a trusted local host. So if a mailserver allows UUCP (bang-format)
1645 addresses, all systems from which it allows relaying should do the same
1646 or reject those addresses.
1648 As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
1649 an unresolvable domain (i.e., one that DNS, your local name service,
1650 or special case rules in ruleset 3 cannot locate). If you want to
1651 continue to accept such domains, e.g., because you are inside a
1652 firewall that has only a limited view of the Internet host name space
1653 (note that you will not be able to return mail to them unless you have
1654 some "smart host" forwarder), use
1656 FEATURE(`accept_unresolvable_domains')
1658 sendmail will also refuse mail if the MAIL FROM: parameter is not
1659 fully qualified (i.e., contains a domain as well as a user). If you
1660 want to continue to accept such senders, use
1662 FEATURE(`accept_unqualified_senders')
1664 Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
1665 i.e., unqualified addresses are accepted even without this FEATURE. If
1666 this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
1667 to enforce fully qualified addresses.
1669 An ``access'' database can be created to accept or reject mail from
1670 selected domains. For example, you may choose to reject all mail
1671 originating from known spammers. To enable such a database, use
1673 FEATURE(`access_db')
1675 The FEATURE macro can accept a second parameter giving the key file
1676 definition for the database; for example
1678 FEATURE(`access_db', `hash /etc/mail/access')
1680 Remember, since /etc/mail/access is a database, after creating the text
1681 file as described below, you must use makemap to create the database
1684 makemap hash /etc/mail/access < /etc/mail/access
1686 The table itself uses e-mail addresses, domain names, and network
1687 numbers as keys. For example,
1689 spammer@aol.com REJECT
1690 cyberspammer.com REJECT
1693 would refuse mail from spammer@aol.com, any user from cyberspammer.com
1694 (or any host within the cyberspammer.com domain), and any host on the
1695 192.168.212.* network.
1697 The value part of the map can contain:
1699 OK Accept mail even if other rules in the
1700 running ruleset would reject it, for example,
1701 if the domain name is unresolvable.
1702 RELAY Accept mail addressed to the indicated domain or
1703 received from the indicated domain for relaying
1704 through your SMTP server. RELAY also serves as
1705 an implicit OK for the other checks.
1706 REJECT Reject the sender or recipient with a general
1708 DISCARD Discard the message completely using the
1709 $#discard mailer. For sender addresses it
1710 indicates that you should discard anything
1711 received from the indicated domain. If it
1712 is used for recipients, it affects only
1713 the designated recipients, not the whole
1715 ### any text where ### is an RFC 821 compliant error code and
1716 "any text" is a message to return for the command.
1717 The string should be quoted to avoid surprises,
1718 e.g., sendmail may remove spaces otherwise.
1720 as above, but useful to mark error messages as such.
1721 ERROR:D.S.N:### any text
1722 where D.S.N is an RFC 1893 compliant error code
1723 and the rest as above.
1727 cyberspammer.com ERROR:"550 We don't accept mail from spammers"
1728 okay.cyberspammer.com OK
1733 [1:2:3:4:5:6:7:8] OK
1735 would accept mail from okay.cyberspammer.com, but would reject mail from
1736 all other hosts at cyberspammer.com with the indicated message. It would
1737 allow relaying mail from and to any hosts in the sendmail.org domain, and
1738 allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:*
1739 network. The latter two entries are for checks against ${client_name} if
1740 the IP address doesn't resolve to a hostname (or is considered as "may be
1743 Warning: if you change the RFC 821 compliant error code from the default
1744 value of 550, then you should probably also change the RFC 1893 compliant
1745 error code to match it. For example, if you use
1747 user@example.com 450 mailbox full
1749 the error returned would be "450 4.0.0 mailbox full" which is wrong.
1750 Use "450 4.2.2 mailbox full" or "ERROR:4.2.2:450 mailbox full"
1753 Note, UUCP users may need to add hostname.UUCP to the access database
1754 or class {R}. If you also use:
1756 FEATURE(`relay_hosts_only')
1758 then the above example will allow relaying for sendmail.org, but not
1759 hosts within the sendmail.org domain. Note that this will also require
1760 hosts listed in class {R} to be fully qualified host names.
1762 You can also use the access database to block sender addresses based on
1763 the username portion of the address. For example:
1765 FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted
1767 Note that you must include the @ after the username to signify that
1768 this database entry is for checking only the username portion of the
1773 FEATURE(`blacklist_recipients')
1775 then you can add entries to the map for local users, hosts in your
1776 domains, or addresses in your domain which should not receive mail:
1778 badlocaluser@ ERROR:550 Mailbox disabled for this username
1779 host.mydomain.com ERROR:550 That host does not accept mail
1780 user@otherhost.mydomain.com ERROR:550 Mailbox disabled for this recipient
1782 This would prevent a recipient of badlocaluser@mydomain.com, any
1783 user at host.mydomain.com, and the single address
1784 user@otherhost.mydomain.com from receiving mail. Please note: a
1785 local username must be now tagged with an @ (this is consistent
1786 with the check of the sender address, and hence it is possible to
1787 distinguish between hostnames and usernames). Enabling this feature
1788 will keep you from sending mails to all addresses that have an
1789 error message or REJECT as value part in the access map. Taking
1790 the example from above:
1792 spammer@aol.com REJECT
1793 cyberspammer.com REJECT
1795 Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
1797 There is also a ``Realtime Blackhole List'' run by the MAPS project
1798 at http://maps.vix.com/. This is a database maintained in DNS of
1799 spammers. To use this database, use
1803 This will cause sendmail to reject mail from any site in the
1804 Realtime Blackhole List database. You can specify an alternative
1805 RBL domain to check by specifying an argument to the FEATURE.
1806 A second argument can be used to change the default error message
1807 Mail from $&{client_addr} refused by blackhole site DOMAIN
1808 where DOMAIN is replaced by the first argument. This FEATURE can
1809 be included several times to query different DNS based rejection
1810 lists, e.g., the dial-up user list (see http://maps.vix.com/dul/).
1812 The features described above make use of the check_relay, check_mail,
1813 and check_rcpt rulesets. If you wish to include your own checks,
1814 you can put your checks in the rulesets Local_check_relay,
1815 Local_check_mail, and Local_check_rcpt. For example if you wanted to
1816 block senders with all numeric usernames (i.e. 2312343@bigisp.com),
1817 you would use Local_check_mail and the new regex map:
1820 Kallnumbers regex -a@MATCH ^[0-9]+$
1824 # check address against various regex checks
1825 R$* $: $>Parse0 $>3 $1
1826 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $)
1827 R@MATCH $#error $: 553 Header Error
1829 These rules are called with the original arguments of the corresponding
1830 check_* ruleset. If the local ruleset returns $#OK, no further checking
1831 is done by the features described above and the mail is accepted. If the
1832 local ruleset resolves to a mailer (such as $#error or $#discard), the
1833 appropriate action is taken. Otherwise, the results of the local
1834 rewriting are ignored.
1836 Finer control by using tags for the LHS of the access map
1838 Read this section only if the options listed so far are not sufficient
1839 for your purposes. There is now the option to tag entries in the
1840 access map according to their type. Three tags are available:
1842 Connect: connection information (${client_addr}, ${client_name})
1846 If the required item is looked up in a map, it will be tried first
1847 with the corresponding tag in front, then (as fallback to enable
1848 backward compatibility) without any tag. For example,
1850 From:spammer@some.dom REJECT
1851 To:friend.domain RELAY
1852 Connect:friend.domain OK
1853 Connect:from.domain RELAY
1854 From:good@another.dom OK
1855 From:another.dom REJECT
1857 This would deny mails from spammer@some.dom but you could still
1858 send mail to that address even if FEATURE(`blacklist_recipients')
1859 is enabled. Your system will allow relaying to friend.domain, but
1860 not from it (unless enabled by other means). Connections from that
1861 domain will be allowed even if it ends up in one of the DNS based
1862 rejection lists. Relaying is enabled from from.domain but not to
1863 it (since relaying is based on the connection information for
1864 outgoing relaying, the tag Connect: must be used; for incoming
1865 relaying, which is based on the recipient address, To: must be
1866 used). The last two entries allow mails from good@another.dom but
1867 reject mail from all other addresses with another.dom as domain
1872 By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
1873 will not be called when a client connects or issues a MAIL command,
1874 respectively. Instead, those rulesets will be called by the check_rcpt
1875 ruleset; they will be skipped if a sender has been authenticated using
1876 a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
1877 If check_mail returns an error then the RCPT TO command will be rejected
1878 with that error. If it returns some other result starting with $# then
1879 check_relay will be skipped. If the sender address (or a part of it) is
1880 listed in the access map and it has a RHS of OK or RELAY, then check_relay
1881 will be skipped. This has an interesting side effect: if your domain is
1882 my.domain and you have
1886 in the access map, then all e-mail with a sender address of
1887 <user@my.domain> gets through, even if check_relay would reject it
1888 (e.g., based on the hostname or IP address). This allows spammers
1889 to get around DNS based blacklist by faking the sender address. To
1890 avoid this problem you have to use tagged entries:
1893 Connect:my.domain RELAY
1895 if you need those entries at all (class {R} may take care of them).
1897 FEATURE(`delay_checks') can take an optional argument:
1899 FEATURE(`delay_checks', `friend')
1900 enables spamfriend test
1901 FEATURE(`delay_checks', `hater')
1902 enables spamhater test
1904 If such an argument is given, the recipient will be looked up in the access
1905 map (using the tag To:). If the argument is `friend', then the other
1906 rulesets will be skipped if the recipient address is found and has RHS
1907 spamfriend. If the argument is `hater', then the other rulesets will be
1908 applied if the recipient address is found and has RHS spamhater.
1910 This allows for simple exceptions from the tests, e.g., by activating
1911 the spamfriend option and having
1913 To:abuse@ SPAMFRIEND
1915 in the access map, mail to abuse@localdomain will get through. It is
1916 also possible to specify a full address or an address with +detail:
1918 To:abuse@abuse.my.domain SPAMFRIEND
1919 To:me+abuse@ SPAMFRIEND
1924 You can also reject mail on the basis of the contents of headers.
1925 This is done by adding a ruleset call to the 'H' header definition command
1926 in sendmail.cf. For example, this can be used to check the validity of
1927 a Message-ID: header:
1930 HMessage-Id: $>CheckMessageId
1934 R$* $#error $: 553 Header Error
1936 The alternative format:
1938 HSubject: $>+CheckSubject
1940 that is, $>+ instead of $>, gives the full Subject: header including
1941 comments to the ruleset (comments in parentheses () are stripped
1944 A default ruleset for headers which don't have a specific ruleset
1945 defined for them can be given by:
1949 After all of the headers are read, the check_eoh ruleset will be called for
1950 any final header-related checks. The ruleset is called with the number of
1951 headers and the size of all of the headers in bytes separated by $|. One
1952 example usage is to reject messages which do not have a Message-Id:
1953 header. However, the Message-Id: header is *NOT* a required header and is
1954 not a guaranteed spam indicator. This ruleset is an example and should
1955 probably not be used in production.
1961 HMessage-Id: $>CheckMessageId
1964 # Record the presence of the header
1965 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
1967 R$* $#error $: 553 Header Error
1971 R$* $: < $&{MessageIdCheck} >
1972 # Clear the macro for the next message
1973 R$* $: $(storage {MessageIdCheck} $) $1
1974 # Has a Message-Id: header
1976 # Allow missing Message-Id: from local mail
1977 R$* $: < $&{client_name} >
1980 # Otherwise, reject the mail
1981 R$* $#error $: 553 Header Error
1987 In this text, cert will be used as an abreviation for X.509 certificate,
1988 DN is the distinguished name of a cert, and CA is a certification authority.
1990 Macros related to STARTTLS are:
1992 ${cert_issuer} holds the DN of the CA (the cert issuer).
1993 ${cert_subject} holds the DN of the cert (called the cert subject).
1994 ${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
1996 ${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
1997 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
1998 ${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
1999 used for the connection.
2000 ${verify} holds the result of the verification of the presented cert. Possible
2002 OK verification succeeded.
2003 NO no cert presented.
2004 FAIL cert presented but could not be verified, e.g., the signing
2006 NONE STARTTLS has not been performed.
2007 TEMP temporary error occurred.
2008 PROTOCOL some protocol error occurred.
2009 SOFTWARE STARTTLS handshake failed.
2010 ${server_name} the name of the server of the current outgoing SMTP
2012 ${server_addr} the address of the server of the current outgoing SMTP
2017 SMTP STARTTLS can allow relaying for senders who have successfully
2018 authenticated themselves. This is done in the ruleset RelayAuth. If the
2019 verification of the cert failed (${verify} != OK), relaying is subject to
2020 the usual rules. Otherwise the DN of the issuer is looked up in the access
2021 map using the tag CERTISSUER. If the resulting value is RELAY, relaying is
2022 allowed. If it is SUBJECT, the DN of the cert subject is looked up next in
2023 the access map. using the tag CERTSUBJECT. If the value is RELAY, relaying
2026 To make things a bit more flexible (or complicated), the values for
2027 ${cert_issuer} and ${cert_subject} can be optionally modified by regular
2028 expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
2029 _CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
2030 rulesets and map lookups, they are modified as follows: each non-printable
2031 character and the characters '<', '>', '(', ')', '"', '+' are replaced by
2032 their HEX value with a leading '+'. For example:
2034 /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
2035 darth+cert@endmail.org
2039 /C=US/ST=California/O=endmail.org/OU=private/CN=
2040 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2042 (line breaks have been inserted for readability).
2044 Of course it is also possible to write a simple rulesets that allows
2045 relaying for everyone who can present a cert that can be verified, e.g.,
2052 Allowing Connections
2054 The rulesets tls_server and tls_client are used to decide whether an SMTP
2055 connection is accepted (or should continue).
2057 tls_server is called when sendmail acts as client after a STARTTLS command
2058 (should) have been issued. The parameter is the value of ${verify}.
2060 tls_client is called when sendmail acts as server, after a STARTTLS command
2061 has been issued, and from check_mail. The parameter is the value of
2062 ${verify} and STARTTLS or MAIL, respectively.
2064 Both rulesets behave the same. If no access map is in use, the connection
2065 will be accepted unless ${verify} is SOFTWARE, in which case the connection
2066 is always aborted. Otherwise, ${client_name} (${server_name}) is looked
2067 up in the access map using the tag TLS_Srv (or TLS_Clt), which is done
2068 with the ruleset LookUpDomain. If no entry is found, ${client_addr}
2069 (${server_addr}) is looked up in the access map (same tag, ruleset
2070 LookUpAddr). If this doesn't result in an entry either, just the tag is
2071 looked up in the access map (included the trailing :). The result of the
2072 lookups is then used to call the ruleset tls_connection, which checks the
2073 requirement specified by the RHS in the access map against the actual
2074 parameters of the current TLS connection, esp. ${verify} and
2075 ${cipher_bits}. Legal RHSs in the access map are:
2077 VERIFY verification must have succeeded
2078 VERIFY:bits verification must have succeeded and ${cipher_bits} must
2079 be greater than or equal bits.
2080 ENCR:bits ${cipher_bits} must be greater than or equal bits.
2082 The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
2083 or permanent error. The default is a temporary error code (403 4.7.0)
2084 unless the macro TLS_PERM_ERR is set during generation of the .cf file.
2086 If a certain level of encryption is required, then it might also be
2087 possible that this level is provided by the security layer from a SASL
2088 algorithm, e.g., DIGEST-MD5.
2090 Example: e-mail send to secure.example.com should only use an encrypted
2091 connection. e-mail received from hosts within the laptop.example.com domain
2092 should only be accepted if they have been authenticated.
2093 TLS_Srv:secure.example.com ENCR:112
2094 TLS_Clt:laptop.example.com PERM+VERIFY:112
2098 The Received: header reveals whether STARTTLS has been used. It contains an
2101 (using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify})
2103 +---------------------+
2104 | SMTP AUTHENTICATION |
2105 +---------------------+
2107 The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
2108 used in anti-relay rulesets to allow relaying for those users that
2109 authenticated themselves. A very simple example is:
2112 R$* $: $&{auth_type}
2115 which checks whether a user has successfully authenticated using
2116 any available mechanism. Depending on the setup of the CYRUS SASL
2117 library, more sophisticated rulesets might be required, e.g.,
2120 R$* $: $&{auth_type} $| $&{auth_authen}
2121 RDIGEST-MD5 $| $+@$=w $# OK
2123 to allow relaying for users that authenticated using DIGEST-MD5
2124 and have an identity in the local domains.
2126 The ruleset Strust_auth is used to determine whether a given AUTH=
2127 parameter (that is passed to this ruleset) should be trusted. This
2128 ruleset may make use of the other ${auth_*} macros. Only if the
2129 ruleset resolves to the error mailer, the AUTH= parameter is not
2130 trusted. A user supplied ruleset Local_trust_auth can be written
2131 to modify the default behavior, which only trust the AUTH=
2132 parameter if it is identical to the authenticated user.
2134 Per default, relaying is allowed for any user who authenticated
2135 via a "trusted" mechanism, i.e., one that is defined via
2136 TRUST_AUTH_MECH(`list of mechanisms')
2138 If the selected mechanism provides a security layer the number of
2139 bits used for the key of the symmetric cipher is stored in the
2142 +--------------------------------+
2143 | ADDING NEW MAILERS OR RULESETS |
2144 +--------------------------------+
2146 Sometimes you may need to add entirely new mailers or rulesets. They
2147 should be introduced with the constructs MAILER_DEFINITIONS and
2148 LOCAL_RULESETS respectively. For example:
2160 +---------------------------+
2161 | ADDING NEW MAILER FILTERS |
2162 +---------------------------+
2164 Sendmail supports mail filters to filter incoming SMTP messages according
2165 to the "Sendmail Mail Filter API" documentation. These filters can be
2166 configured in your mc file using the two commands:
2168 MAIL_FILTER(`name', `equates')
2169 INPUT_MAIL_FILTER(`name', `equates')
2171 The first command, MAIL_FILTER(), simply defines a filter with the given
2172 name and equates. For example:
2174 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2176 This creates the equivalent sendmail.cf entry:
2178 Xarchive, S=local:/var/run/archivesock, F=R
2180 The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
2181 but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
2182 of the filter such that the filter will actually be called by sendmail.
2184 For example, the two commands:
2186 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2187 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2189 are equivalent to the three commands:
2191 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2192 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2193 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
2195 In general, INPUT_MAIL_FILTER() should be used unless you need to define
2196 more filters than you want to use for `confINPUT_MAIL_FILTERS'.
2198 Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
2199 commands will clear the list created by the prior INPUT_MAIL_FILTER()
2201 #endif /* _FFR_MILTER */
2204 +-------------------------------+
2205 | NON-SMTP BASED CONFIGURATIONS |
2206 +-------------------------------+
2208 These configuration files are designed primarily for use by
2209 SMTP-based sites. They may not be well tuned for UUCP-only or
2210 UUCP-primarily nodes (the latter is defined as a small local net
2211 connected to the rest of the world via UUCP). However, there is
2212 one hook to handle some special cases.
2214 You can define a ``smart host'' that understands a richer address syntax
2217 define(`SMART_HOST', `mailer:hostname')
2219 In this case, the ``mailer:'' defaults to "relay". Any messages that
2220 can't be handled using the usual UUCP rules are passed to this host.
2222 If you are on a local SMTP-based net that connects to the outside
2223 world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
2226 define(`SMART_HOST', `uucp-new:uunet')
2228 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
2230 This will cause all names that end in your domain name ($m) via
2231 SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
2232 If you have FEATURE(`nocanonify'), you may need to omit the dots after
2233 the $m. If you are running a local DNS inside your domain which is
2234 not otherwise connected to the outside world, you probably want to
2237 define(`SMART_HOST', `smtp:fire.wall.com')
2239 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3
2241 That is, send directly only to things you found in your DNS lookup;
2242 anything else goes through SMART_HOST.
2244 You may need to turn off the anti-spam rules in order to accept
2245 UUCP mail with FEATURE(`promiscuous_relay') and
2246 FEATURE(`accept_unresolvable_domains').
2253 Normally, the $j macro is automatically defined to be your fully
2254 qualified domain name (FQDN). Sendmail does this by getting your
2255 host name using gethostname and then calling gethostbyname on the
2256 result. For example, in some environments gethostname returns
2257 only the root of the host name (such as "foo"); gethostbyname is
2258 supposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
2259 cases, gethostbyname may fail to return the FQDN. In this case
2260 you MUST define confDOMAIN_NAME to be your fully qualified domain
2261 name. This is usually done using:
2264 define(`confDOMAIN_NAME', `$w.$m')dnl
2267 +-----------------------------------+
2268 | ACCEPTING MAIL FOR MULTIPLE NAMES |
2269 +-----------------------------------+
2271 If your host is known by several different names, you need to augment
2272 class {w}. This is a list of names by which your host is known, and
2273 anything sent to an address using a host name in this list will be
2274 treated as local mail. You can do this in two ways: either create the
2275 file /etc/mail/local-host-names containing a list of your aliases (one per
2276 line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
2277 ``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
2278 name of the host, rather than a short name.
2280 If you want to have different address in different domains, take
2281 a look at the virtusertable feature, which is also explained at
2282 http://www.sendmail.org/virtual-hosting.html
2285 +--------------------+
2286 | USING MAILERTABLES |
2287 +--------------------+
2289 To use FEATURE(`mailertable'), you will have to create an external
2290 database containing the routing information for various domains.
2291 For example, a mailertable file in text format might be:
2293 .my.domain xnet:%1.my.domain
2294 uuhost1.my.domain uucp-new:uuhost1
2295 .bitnet smtp:relay.bit.net
2297 This should normally be stored in /etc/mail/mailertable. The actual
2298 database version of the mailertable is built using:
2300 makemap hash /etc/mail/mailertable < /etc/mail/mailertable
2302 The semantics are simple. Any LHS entry that does not begin with
2303 a dot matches the full host name indicated. LHS entries beginning
2304 with a dot match anything ending with that domain name (including
2305 the leading dot) -- that is, they can be thought of as having a
2306 leading ".+" regular expression pattern for a non-empty sequence of
2307 characters. Matching is done in order of most-to-least qualified
2308 -- for example, even though ".my.domain" is listed first in the
2309 above example, an entry of "uuhost1.my.domain" will match the second
2310 entry since it is more explicit. Note: e-mail to "user@my.domain"
2311 does not match any entry in the above table. You need to have
2314 my.domain esmtp:host.my.domain
2316 The RHS should always be a "mailer:host" pair. The mailer is the
2317 configuration name of a mailer (that is, an {M} line in the
2318 sendmail.cf file). The "host" will be the hostname passed to
2319 that mailer. In domain-based matches (that is, those with leading
2320 dots) the "%1" may be used to interpolate the wildcarded part of
2321 the host name. For example, the first line above sends everything
2322 addressed to "anything.my.domain" to that same host name, but using
2323 the (presumably experimental) xnet mailer.
2325 In some cases you may want to temporarily turn off MX records,
2326 particularly on gateways. For example, you may want to MX
2327 everything in a domain to one machine that then forwards it
2328 directly. To do this, you might use the DNS configuration:
2330 *.domain. IN MX 0 relay.machine
2332 and on relay.machine use the mailertable:
2334 .domain smtp:[gateway.domain]
2336 The [square brackets] turn off MX records for this host only.
2337 If you didn't do this, the mailertable would use the MX record
2338 again, which would give you an MX loop.
2341 +--------------------------------+
2342 | USING USERDB TO MAP FULL NAMES |
2343 +--------------------------------+
2345 The user database was not originally intended for mapping full names
2346 to login names (e.g., Eric.Allman => eric), but some people are using
2347 it that way. (it is recommended that you set up aliases for this
2348 purpose instead -- since you can specify multiple alias files, this
2349 is fairly easy.) The intent was to locate the default maildrop at
2350 a site, but allow you to override this by sending to a specific host.
2352 If you decide to set up the user database in this fashion, it is
2353 imperative that you not use FEATURE(`stickyhost') -- otherwise,
2354 e-mail sent to Full.Name@local.host.name will be rejected.
2356 To build the internal form of the user database, use:
2358 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
2360 As a general rule, it is an extremely bad idea to using full names
2361 as e-mail addresses, since they are not in any sense unique. For
2362 example, the UNIX software-development community has at least two
2363 well-known Peter Deutsches, and at one time Bell Labs had two
2364 Stephen R. Bournes with offices along the same hallway. Which one
2365 will be forced to suffer the indignity of being Stephen_R_Bourne_2?
2366 The less famous of the two, or the one that was hired later?
2368 Finger should handle full names (and be fuzzy). Mail should use
2369 handles, and not be fuzzy.
2372 +--------------------------------+
2373 | MISCELLANEOUS SPECIAL FEATURES |
2374 +--------------------------------+
2377 Sometimes it is convenient to merge configuration on a
2378 centralized mail machine, for example, to forward all
2379 root mail to a mail server. In this case it might be
2380 useful to be able to treat the root addresses as a class
2381 of addresses with subtle differences. You can do this
2382 using plussed users. For example, a client might include
2385 root: root+client1@server
2387 On the server, this will match an alias for "root+client1".
2388 If that is not found, the alias "root+*" will be tried,
2396 A lot of sendmail security comes down to you. Sendmail 8 is much
2397 more careful about checking for security problems than previous
2398 versions, but there are some things that you still need to watch
2401 * Make sure the aliases file isn't writable except by trusted
2402 system personnel. This includes both the text and database
2405 * Make sure that other files that sendmail reads, such as the
2406 mailertable, are only writable by trusted system personnel.
2408 * The queue directory should not be world writable PARTICULARLY
2409 if your system allows "file giveaways" (that is, if a non-root
2410 user can chown any file they own to any other user).
2412 * If your system allows file giveaways, DO NOT create a publically
2413 writable directory for forward files. This will allow anyone
2414 to steal anyone else's e-mail. Instead, create a script that
2415 copies the .forward file from users' home directories once a
2416 night (if you want the non-NFS-mounted forward directory).
2418 * If your system allows file giveaways, you'll find that
2419 sendmail is much less trusting of :include: files -- in
2420 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
2421 /etc/shells before they will be trusted (that is, before
2422 files and programs listed in them will be honored).
2424 In general, file giveaways are a mistake -- if you can turn them
2428 +--------------------------------+
2429 | TWEAKING CONFIGURATION OPTIONS |
2430 +--------------------------------+
2432 There are a large number of configuration options that don't normally
2433 need to be changed. However, if you feel you need to tweak them, you
2434 can define the following M4 variables. This list is shown in four
2435 columns: the name you define, the default value for that definition,
2436 the option or macro that is affected (either Ox for an option or Dx
2437 for a macro), and a brief description. Greater detail of the semantics
2438 can be found in the Installation and Operations Guide.
2440 Some options are likely to be deprecated in future versions -- that is,
2441 the option is only included to provide back-compatibility. These are
2444 Remember that these options are M4 variables, and hence may need to
2445 be quoted. In particular, arguments with commas will usually have to
2446 be ``double quoted, like this phrase'' to avoid having the comma
2447 confuse things. This is common for alias file definitions and for
2450 M4 Variable Name Configuration Description & [Default]
2451 ================ ============= =======================
2452 confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
2453 for internally generated outgoing
2455 confDOMAIN_NAME $j macro If defined, sets $j. This should
2456 only be done if your system cannot
2457 determine your local domain name,
2458 and then it should be set to
2459 $w.Foo.COM, where Foo.COM is your
2461 confCF_VERSION $Z macro If defined, this is appended to the
2462 configuration version name.
2463 confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
2464 internally generated From: address.
2465 confRECEIVED_HEADER Received:
2466 [$?sfrom $s $.$?_($?s$|from $.$_)
2467 $.$?{auth_type}(authenticated)
2468 $.by $j ($v/$Z)$?r with $r$. id $i$?u
2471 The format of the Received: header
2472 in messages passed through this host.
2473 It is unwise to try to change this.
2474 confCW_FILE Fw class [/etc/mail/local-host-names] Name
2475 of file used to get the local
2476 additions to class {w} (local host
2478 confCT_FILE Ft class [/etc/mail/trusted-users] Name of
2479 file used to get the local additions
2480 to class {t} (trusted users).
2481 confCR_FILE FR class [/etc/mail/relay-domains] Name of
2482 file used to get the local additions
2483 to class {R} (hosts allowed to relay).
2484 confTRUSTED_USERS Ct class [no default] Names of users to add to
2485 the list of trusted users. This list
2486 always includes root, uucp, and daemon.
2487 See also FEATURE(`use_ct_file').
2488 confTRUSTED_USER TrustedUser [no default] Trusted user for file
2489 ownership and starting the daemon.
2490 Not to be confused with
2491 confTRUSTED_USERS (see above).
2492 confSMTP_MAILER - [esmtp] The mailer name used when
2493 SMTP connectivity is required.
2494 One of "smtp", "smtp8",
2495 "esmtp", or "dsmtp".
2496 confUUCP_MAILER - [uucp-old] The mailer to be used by
2497 default for bang-format recipient
2498 addresses. See also discussion of
2499 class {U}, class {Y}, and class {Z}
2500 in the MAILER(`uucp') section.
2501 confLOCAL_MAILER - [local] The mailer name used when
2502 local connectivity is required.
2503 Almost always "local".
2504 confRELAY_MAILER - [relay] The default mailer name used
2505 for relaying any mail (e.g., to a
2506 BITNET_RELAY, a SMART_HOST, or
2507 whatever). This can reasonably be
2508 "uucp-new" if you are on a
2509 UUCP-connected site.
2510 confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits?
2511 confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
2512 confALIAS_WAIT AliasWait [10m] Time to wait for alias file
2513 rebuild until you get bored and
2514 decide that the apparently pending
2516 confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on
2517 queue filesystem to accept SMTP mail.
2518 (Prior to 8.7 this was minfree/maxsize,
2519 where minfree was the number of free
2520 blocks and maxsize was the maximum
2521 message size. Use confMAX_MESSAGE_SIZE
2522 for the second value now.)
2523 confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages
2524 that will be accepted (in bytes).
2525 confBLANK_SUB BlankSub [.] Blank (space) substitution
2527 confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately
2528 to mailers marked expensive.
2529 confCHECKPOINT_INTERVAL CheckpointInterval
2530 [10] Checkpoint queue files every N
2532 confDELIVERY_MODE DeliveryMode [background] Default delivery mode.
2533 confAUTO_REBUILD AutoRebuildAliases
2534 [False] Automatically rebuild alias
2536 There is a potential for a denial
2537 of service attack if this is set.
2538 This option is deprecated and will
2539 be removed from a future version.
2540 confERROR_MODE ErrorMode [print] Error message mode.
2541 confERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
2542 confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines.
2543 confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode.
2544 confMATCH_GECOS MatchGECOS [False] Match GECOS field.
2545 confMAX_HOP MaxHopCount [25] Maximum hop count.
2546 confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
2547 mode] Ignore dot as terminator for
2549 confBIND_OPTS ResolverOptions [undefined] Default options for DNS
2551 confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
2552 encapsulated messages per RFC 1344.
2553 confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward]
2554 The colon-separated list of places to
2555 search for .forward files. N.B.: see
2556 the Security Notes section.
2557 confMCI_CACHE_SIZE ConnectionCacheSize
2558 [2] Size of open connection cache.
2559 confMCI_CACHE_TIMEOUT ConnectionCacheTimeout
2560 [5m] Open connection cache timeout.
2561 confHOST_STATUS_DIRECTORY HostStatusDirectory
2562 [undefined] If set, host status is kept
2563 on disk between sendmail runs in the
2564 named directory tree. This need not be
2565 a full pathname, in which case it is
2566 interpreted relative to the queue
2568 confSINGLE_THREAD_DELIVERY SingleThreadDelivery
2569 [False] If this option and the
2570 HostStatusDirectory option are both
2571 set, single thread deliveries to other
2572 hosts. That is, don't allow any two
2573 sendmails on this host to connect
2574 simultaneously to any other single
2575 host. This can slow down delivery in
2576 some cases, in particular since a
2577 cached but otherwise idle connection
2578 to a host will prevent other sendmails
2579 from connecting to the other host.
2580 confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
2581 deliver error messages. This should
2582 not be necessary because of general
2583 acceptance of the envelope/header
2585 confLOG_LEVEL LogLevel [9] Log level.
2586 confME_TOO MeToo [True] Include sender in group
2587 expansions. This option is
2588 deprecated and will be removed from
2590 confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when
2591 running newaliases. Since this does
2592 DNS lookups on every address, it can
2593 slow down the alias rebuild process
2594 considerably on large alias files.
2595 confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without
2596 special chars are old style.
2597 confCLIENT_OPTIONS ClientPortOptions
2598 [none] Options for outgoing SMTP client
2600 confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags.
2601 confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
2602 copies of all error messages.
2603 confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
2604 confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
2605 syntax addresses to the minimum
2607 confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk
2609 confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
2610 on the initial connect.
2611 confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial
2612 connect() to complete. This can only
2613 shorten connection timeouts; the kernel
2614 silently enforces an absolute maximum
2615 (which varies depending on the system).
2616 confTO_ICONNECT Timeout.iconnect
2617 [undefined] Like Timeout.connect, but
2618 applies only to the very first attempt
2619 to connect to a host in a message.
2620 This allows a single very fast pass
2621 followed by more careful delivery
2622 attempts in the future.
2623 confTO_HELO Timeout.helo [5m] The timeout waiting for a response
2624 to a HELO or EHLO command.
2625 confTO_MAIL Timeout.mail [10m] The timeout waiting for a
2626 response to the MAIL command.
2627 confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response
2628 to the RCPT command.
2629 confTO_DATAINIT Timeout.datainit
2630 [5m] The timeout waiting for a 354
2631 response from the DATA command.
2632 confTO_DATABLOCK Timeout.datablock
2633 [1h] The timeout waiting for a block
2635 confTO_DATAFINAL Timeout.datafinal
2636 [1h] The timeout waiting for a response
2637 to the final "." that terminates a
2639 confTO_RSET Timeout.rset [5m] The timeout waiting for a response
2640 to the RSET command.
2641 confTO_QUIT Timeout.quit [2m] The timeout waiting for a response
2642 to the QUIT command.
2643 confTO_MISC Timeout.misc [2m] The timeout waiting for a response
2644 to other SMTP commands.
2645 confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout
2646 waiting for a command to be issued.
2647 confTO_IDENT Timeout.ident [5s] The timeout waiting for a
2648 response to an IDENT query.
2649 confTO_FILEOPEN Timeout.fileopen
2650 [60s] The timeout waiting for a file
2651 (e.g., :include: file) to be opened.
2652 confTO_CONTROL Timeout.control
2653 [2m] The timeout for a complete
2654 control socket transaction to complete.
2655 confTO_QUEUERETURN Timeout.queuereturn
2656 [5d] The timeout before a message is
2657 returned as undeliverable.
2658 confTO_QUEUERETURN_NORMAL
2659 Timeout.queuereturn.normal
2660 [undefined] As above, for normal
2662 confTO_QUEUERETURN_URGENT
2663 Timeout.queuereturn.urgent
2664 [undefined] As above, for urgent
2666 confTO_QUEUERETURN_NONURGENT
2667 Timeout.queuereturn.non-urgent
2668 [undefined] As above, for non-urgent
2669 (low) priority messages.
2670 confTO_QUEUEWARN Timeout.queuewarn
2671 [4h] The timeout before a warning
2672 message is sent to the sender telling
2673 them that the message has been
2675 confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal
2676 [undefined] As above, for normal
2678 confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent
2679 [undefined] As above, for urgent
2681 confTO_QUEUEWARN_NONURGENT
2682 Timeout.queuewarn.non-urgent
2683 [undefined] As above, for non-urgent
2684 (low) priority messages.
2685 confTO_HOSTSTATUS Timeout.hoststatus
2686 [30m] How long information about host
2687 statuses will be maintained before it
2688 is considered stale and the host should
2689 be retried. This applies both within
2690 a single queue run and to persistent
2691 information (see below).
2692 confTO_RESOLVER_RETRANS Timeout.resolver.retrans
2693 [varies] Sets the resolver's
2694 retransmition time interval (in
2696 Timeout.resolver.retrans.first and
2697 Timeout.resolver.retrans.normal.
2698 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
2699 [varies] Sets the resolver's
2700 retransmition time interval (in
2701 seconds) for the first attempt to
2703 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
2704 [varies] Sets the resolver's
2705 retransmition time interval (in
2706 seconds) for all resolver lookups
2707 except the first delivery attempt.
2708 confTO_RESOLVER_RETRY Timeout.resolver.retry
2709 [varies] Sets the number of times
2710 to retransmit a resolver query.
2712 Timeout.resolver.retry.first and
2713 Timeout.resolver.retry.normal.
2714 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
2715 [varies] Sets the number of times
2716 to retransmit a resolver query for
2717 the first attempt to deliver a
2719 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
2720 [varies] Sets the number of times
2721 to retransmit a resolver query for
2722 all resolver lookups except the
2723 first delivery attempt.
2724 confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
2725 USE_SYSTEM to use the system's idea,
2726 USE_TZ to use the user's TZ envariable,
2727 or something else to force that value.
2728 confDEF_USER_ID DefaultUser [1:1] Default user id.
2729 confUSERDB_SPEC UserDatabaseSpec
2730 [undefined] User database
2732 confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
2733 confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
2734 for a host and other arrangements
2735 haven't been made, try connecting
2736 to the host directly; normally this
2737 would be a config error.
2738 confQUEUE_LA QueueLA [varies] Load average at which
2739 queue-only function kicks in.
2740 Default values is (8 * numproc)
2741 where numproc is the number of
2742 processors online (if that can be
2744 confREFUSE_LA RefuseLA [varies] Load average at which
2745 incoming SMTP connections are
2746 refused. Default values is (12 *
2747 numproc) where numproc is the
2748 number of processors online (if
2749 that can be determined).
2750 confMAX_ALIAS_RECURSION MaxAliasRecursion
2751 [10] Maximum depth of alias recursion.
2752 confMAX_DAEMON_CHILDREN MaxDaemonChildren
2753 [undefined] The maximum number of
2754 children the daemon will permit. After
2755 this number, connections will be
2756 rejected. If not set or <= 0, there is
2758 confMAX_HEADERS_LENGTH MaxHeadersLength
2759 [undefined] Maximum length of the sum
2761 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
2762 [undefined] Maximum length of
2763 certain MIME header field values.
2764 confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
2765 [undefined] The maximum number of
2766 connections permitted per second.
2767 After this many connections are
2768 accepted, further connections will be
2769 delayed. If not set or <= 0, there is
2771 confWORK_RECIPIENT_FACTOR
2772 RecipientFactor [30000] Cost of each recipient.
2773 confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a
2775 confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class.
2776 confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
2777 confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
2778 Priority, Host, Filename, or Time.
2779 confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
2780 must sit in the queue between queue
2781 runs. This allows you to set the
2782 queue run interval low for better
2783 responsiveness without trying all
2785 confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
2786 unlabeled 8 bit input to MIME, the
2787 character set to use by default.
2788 confSERVICE_SWITCH_FILE ServiceSwitchFile
2789 [/etc/mail/service.switch] The file
2790 to use for the service switch on
2791 systems that do not have a
2792 system-defined switch.
2793 confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing
2794 "file" type access of hosts names.
2795 confDIAL_DELAY DialDelay [0s] If a connection fails, wait this
2796 long and try again. Zero means "don't
2797 retry". This is to allow "dial on
2798 demand" connections to have enough time
2799 to complete a connection.
2800 confNO_RCPT_ACTION NoRecipientAction
2801 [none] What to do if there are no legal
2802 recipient fields (To:, Cc: or Bcc:)
2803 in the message. Legal values can
2804 be "none" to just leave the
2805 nonconforming message as is, "add-to"
2806 to add a To: header with all the
2807 known recipients (which may expose
2808 blind recipients), "add-apparently-to"
2809 to do the same but use Apparently-To:
2810 instead of To:, "add-bcc" to add an
2811 empty Bcc: header, or
2812 "add-to-undisclosed" to add the header
2813 ``To: undisclosed-recipients:;''.
2814 confSAFE_FILE_ENV SafeFileEnvironment
2815 [undefined] If set, sendmail will do a
2816 chroot() into this directory before
2818 confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6]
2819 If set, colons are treated as a regular
2820 character in addresses. If not set,
2821 they are treated as the introducer to
2822 the RFC 822 "group" syntax. Colons are
2823 handled properly in route-addrs. This
2824 option defaults on for V5 and lower
2825 configuration files.
2826 confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
2827 any given queue run to this number of
2828 entries. Essentially, this will stop
2829 reading each queue directory after this
2830 number of entries are reached; it does
2831 _not_ pick the highest priority jobs,
2832 so this should be as large as your
2833 system can tolerate. If not set, there
2835 confDONT_EXPAND_CNAMES DontExpandCnames
2836 [False] If set, $[ ... $] lookups that
2837 do DNS based lookups do not expand
2838 CNAME records. This currently violates
2839 the published standards, but the IETF
2840 seems to be moving toward legalizing
2841 this. For example, if "FTP.Foo.ORG"
2842 is a CNAME for "Cruft.Foo.ORG", then
2843 with this option set a lookup of
2844 "FTP" will return "FTP.Foo.ORG"; if
2845 clear it returns "Cruft.FOO.ORG". N.B.
2846 you may not see any effect until your
2847 downstream neighbors stop doing CNAME
2849 confFROM_LINE UnixFromLine [From $g $d] The From_ line used
2850 when sending to files or programs.
2851 confSINGLE_LINE_FROM_HEADER SingleLineFromHeader
2852 [False] From: lines that have
2853 embedded newlines are unwrapped
2855 confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that
2856 does not include a host name.
2857 confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full
2858 name phrase (@,;:\()[] are automatic).
2859 confOPERATORS OperatorChars [.:%@!^/[]+] Address operator
2861 confSMTP_LOGIN_MSG SmtpGreetingMessage
2862 [$j Sendmail $v/$Z; $b]
2863 The initial (spontaneous) SMTP
2864 greeting message. The word "ESMTP"
2865 will be inserted between the first and
2866 second words to convince other
2867 sendmails to try to speak ESMTP.
2868 confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3)
2869 routine will never be invoked. You
2870 might want to do this if you are
2871 running NIS and you have a large group
2872 map, since this call does a sequential
2873 scan of the map; in a large site this
2874 can cause your ypserv to run
2875 essentially full time. If you set
2876 this, agents run on behalf of users
2877 will only have their primary
2878 (/etc/passwd) group permissions.
2879 confUNSAFE_GROUP_WRITES UnsafeGroupWrites
2880 [False] If set, group-writable
2881 :include: and .forward files are
2882 considered "unsafe", that is, programs
2883 and files cannot be directly referenced
2884 from such files. World-writable files
2885 are always considered unsafe.
2886 confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection
2887 address (for testing).
2888 confCONTROL_SOCKET_NAME ControlSocketName
2889 [undefined] Control socket for daemon
2891 confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress
2892 [postmaster] If an error occurs when
2893 sending an error message, send that
2894 "double bounce" error message to this
2896 confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce
2897 messages which could not be returned
2898 to the user or sent to postmaster.
2899 If not set, the queue file will
2901 confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header
2902 implies DSN request.
2903 confRUN_AS_USER RunAsUser [undefined] If set, become this user
2904 when reading and delivering mail.
2905 Causes all file reads (e.g., .forward
2906 and :include: files) to be done as
2907 this user. Also, all programs will
2908 be run as this user, and all output
2909 files will be written as this user.
2910 Intended for use only on firewalls
2911 where users do not have accounts.
2912 confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
2913 [infinite] If set, allow no more than
2914 the specified number of recipients in
2915 an SMTP envelope. Further recipients
2916 receive a 452 error code (i.e., they
2917 are deferred for the next delivery
2919 confDONT_PROBE_INTERFACES DontProbeInterfaces
2920 [False] If set, sendmail will _not_
2921 insert the names and addresses of any
2922 local interfaces into class {w}
2923 (list of known "equivalent" addresses).
2924 If you set this, you must also include
2925 some support for these addresses (e.g.,
2926 in a mailertable entry) -- otherwise,
2927 mail to addresses in this list will
2928 bounce with a configuration error.
2929 confPID_FILE PidFile [system dependent] Location of pid
2931 confPROCESS_TITLE_PREFIX ProcessTitlePrefix
2932 [undefined] Prefix string for the
2933 process title shown on 'ps' listings.
2934 confDONT_BLAME_SENDMAIL DontBlameSendmail
2935 [safe] Override sendmail's file
2936 safety checks. This will definitely
2937 compromise system security and should
2938 not be used unless absolutely
2940 confREJECT_MSG - [550 Access denied] The message
2941 given if the access database contains
2942 REJECT in the value portion.
2943 confDF_BUFFER_SIZE DataFileBufferSize
2944 [4096] The maximum size of a
2945 memory-buffered data (df) file
2946 before a disk-based file is used.
2947 confXF_BUFFER_SIZE XScriptFileBufferSize
2948 [4096] The maximum size of a
2949 memory-buffered transcript (xf)
2950 file before a disk-based file is
2952 confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5
2953 CRAM-MD5] List of authentication
2954 mechanisms for AUTH (separated by
2955 spaces). The advertised list of
2956 authentication mechanisms will be the
2957 intersection of this list and the list
2958 of available mechanisms as determined
2959 by the CYRUS SASL library.
2960 confDEF_AUTH_INFO DefaultAuthInfo [undefined] Filename that contains
2961 authentication information for
2962 outgoing connections. This file
2963 must contain the user id, the
2964 authorization id, the password
2965 (plain text), and the realm to use,
2966 each on a separate line and must be
2967 readable by root (or the trusted
2968 user) only. If no realm is
2969 specified, $j is used.
2971 NOTE: Currently, AuthMechanisms is
2972 used to determine the list of
2973 mechanisms to use on an outgoing
2974 connection. Sites which require a
2975 different list of mechanisms for
2976 incoming connections and outgoing
2977 connections will have the ability
2978 to do this in 8.11 by specifying a
2979 list of mechanisms as the fifth
2980 line of the DefaultAuthInfo file.
2981 If no mechanisms are given in the
2982 file, AuthMechanisms is used. The
2983 code for doing so is included as
2984 in the sendmail source code but
2985 disabled. It can be enabled by
2986 recompiling sendmail with:
2987 -D_FFR_DEFAUTHINFO_MECHS
2988 confAUTH_OPTIONS AuthOptions [undefined] If this options is 'A'
2989 then the AUTH= parameter for the
2990 MAIL FROM command is only issued
2991 when authentication succeeded.
2992 confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
2993 specification for LDAP maps. The
2994 value should only contain LDAP
2995 specific settings such as "-h host
2996 -p port -d bindDN", etc. The
2997 settings will be used for all LDAP
2998 maps unless they are specified in
2999 the individual map specification
3001 confCACERT_PATH CACERTPath [undefined] Path to directory
3003 confCACERT CACERTFile [undefined] File containing one CA
3005 confSERVER_CERT ServerCertFile [undefined] File containing the
3006 cert of the server, i.e., this cert
3007 is used when sendmail acts as
3009 confSERVER_KEY ServerKeyFile [undefined] File containing the
3010 private key belonging to the server
3012 confCLIENT_CERT ClientCertFile [undefined] File containing the
3013 cert of the client, i.e., this cert
3014 is used when sendmail acts as
3016 confCLIENT_KEY ClientKeyFile [undefined] File containing the
3017 private key belonging to the client
3019 confDH_PARAMETERS DHParameters [undefined] File containing the
3021 confRAND_FILE RandFile [undefined] File containing random
3022 data (use prefix file:) or the
3023 name of the UNIX socket if EGD is
3024 used (use prefix egd:). STARTTLS
3025 requires this option if the compile
3026 flag HASURANDOM is not set (see
3029 See also the description of OSTYPE for some parameters that can be
3030 tweaked (generally pathnames to mailers).
3032 DaemonPortOptions are a special case since multiple daemons can be
3033 defined. This can be done via
3035 DAEMON_OPTIONS(`field1=value1,field2=value2,...')
3037 If DAEMON_OPTIONS is not used, then the default is
3039 DAEMON_OPTIONS(`Port=smtp, Name=MTA')
3040 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
3042 If you use one DAEMON_OPTIONS macro, it will alter the parameters
3043 of the first of these. The second will still be defaulted; it
3044 represents a "Message Submission Agent" (MSA) as defined by RFC
3045 2476 (see below). To turn off the default definition for the MSA,
3046 use FEATURE(`no_default_msa') (see also FEATURES). If you use
3047 additional DAEMON_OPTIONS macros, they will add additional daemons.
3049 Example 1: To change the port for the SMTP listener, while
3050 still using the MSA default, use
3051 DAEMON_OPTIONS(`Port=925, Name=MTA')
3053 Example 2: To change the port for the MSA daemon, while still
3054 using the default SMTP port, use
3055 FEATURE(`no_default_msa')
3056 DAEMON_OPTIONS(`Name=MTA')
3057 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
3059 Note that if the first of those DAEMON_OPTIONS lines were omitted, then
3060 there would be no listener on the standard SMTP port.
3062 Example 3: To listen on both IPv4 and IPv6 interfaces, use
3064 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
3065 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
3067 A "Message Submission Agent" still uses all of the same rulesets for
3068 processing the message (and therefore still allows message rejection via
3069 the check_* rulesets). In accordance with the RFC, the MSA will ensure
3070 that all domains in the envelope are fully qualified if the message is
3071 relayed to another MTA. It will also enforce the normal address syntax
3072 rules and log error messages. Additionally, by using the M=a modifier
3073 you can require authentication before messages are accepted by the MSA.
3074 Finally, the M=E modifier shown above disables ETRN as required by RFC
3082 Within this directory are several subdirectories, to wit:
3084 m4 General support routines. These are typically
3085 very important and should not be changed without
3086 very careful consideration.
3088 cf The configuration files themselves. They have
3089 ".mc" suffixes, and must be run through m4 to
3090 become complete. The resulting output should
3091 have a ".cf" suffix.
3093 ostype Definitions describing a particular operating
3094 system type. These should always be referenced
3095 using the OSTYPE macro in the .mc file. Examples
3096 include "bsd4.3", "bsd4.4", "sunos3.5", and
3099 domain Definitions describing a particular domain, referenced
3100 using the DOMAIN macro in the .mc file. These are
3101 site dependent; for example, "CS.Berkeley.EDU.m4"
3102 describes hosts in the CS.Berkeley.EDU subdomain.
3104 mailer Descriptions of mailers. These are referenced using
3105 the MAILER macro in the .mc file.
3107 sh Shell files used when building the .cf file from the
3108 .mc file in the cf subdirectory.
3110 feature These hold special orthogonal features that you might
3111 want to include. They should be referenced using
3114 hack Local hacks. These can be referenced using the HACK
3115 macro. They shouldn't be of more than voyeuristic
3116 interest outside the .Berkeley.EDU domain, but who knows?
3118 siteconfig Site configuration -- e.g., tables of locally connected
3122 +------------------------+
3123 | ADMINISTRATIVE DETAILS |
3124 +------------------------+
3126 The following sections detail usage of certain internal parts of the
3127 sendmail.cf file. Read them carefully if you are trying to modify
3128 the current model. If you find the above descriptions adequate, these
3129 should be {boring, confusing, tedious, ridiculous} (pick one or more).
3131 RULESETS (* means built in to sendmail)
3134 1 * Sender rewriting
3135 2 * Recipient rewriting
3136 3 * Canonicalization
3138 5 * Local address rewrite (after aliasing)
3139 1x mailer rules (sender qualification)
3140 2x mailer rules (recipient qualification)
3141 3x mailer rules (sender header qualification)
3142 4x mailer rules (recipient header qualification)
3143 5x mailer subroutines (general)
3144 6x mailer subroutines (general)
3145 7x mailer subroutines (general)
3147 90 Mailertable host stripping
3148 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
3149 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
3150 98 Local part of ruleset 0 (ruleset 8 in old sendmail)
3151 99 Guaranteed null (for debugging)
3156 0 local, prog local and program mailers
3157 1 [e]smtp, relay SMTP channel
3158 2 uucp-* UNIX-to-UNIX Copy Program
3159 3 netnews Network News delivery
3160 4 fax Sam Leffler's HylaFAX software
3161 5 mail11 DECnet mailer
3169 D The local domain -- usually not needed
3170 E reserved for X.400 Relay
3173 H mail Hub (for mail clusters)
3178 M Masquerade (who you claim to be)
3183 R Relay (for unqualified names)
3186 U my UUCP name (if you have a UUCP connection)
3187 V UUCP Relay (class {V} hosts)
3188 W UUCP Relay (class {W} hosts)
3189 X UUCP Relay (class {X} hosts)
3190 Y UUCP Relay (all other hosts)
3197 B domains that are candidates for bestmx lookup
3200 E addresses that should not seem to come from $M
3201 F hosts this system forward for
3202 G domains that should be looked up in genericstable
3207 L addresses that should not be forwarded to $R
3208 M domains that should be mapped to $M
3209 N host/domains that should not be mapped to $M
3210 O operators that indicate network operations (cannot be in local names)
3211 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
3213 R domains this system is willing to relay (pass anti-spam filters)
3216 U locally connected UUCP hosts
3217 V UUCP hosts connected to relay $V
3218 W UUCP hosts connected to relay $W
3219 X UUCP hosts connected to relay $X
3220 Y locally connected smart UUCP hosts
3221 Z locally connected domain-ized UUCP hosts
3222 . the class containing only a dot
3223 [ the class containing only a left bracket
3228 1 Local host detection and resolution
3229 2 Local Ruleset 3 additions
3230 3 Local Ruleset 0 additions
3231 4 UUCP Ruleset 0 additions
3232 5 locally interpreted names (overrides $R)
3233 6 local configuration (at top of file)
3234 7 mailer definitions
3235 8 DNS based blacklists
3236 9 special local rulesets (1 and 2)
3238 $Revision: 8.383.2.1.2.24 $, Last updated $Date: 2000/09/24 02:05:54 $