2 SENDMAIL CONFIGURATION FILES
4 This document describes the sendmail configuration files. It
5 explains how to create a sendmail.cf file for use with sendmail.
6 It also describes how to set options for sendmail which are explained
7 in the Sendmail Installation and Operation guide (doc/op/op.me).
9 To get started, you may want to look at tcpproto.mc (for TCP-only
10 sites) and clientproto.mc (for clusters of clients using a single
11 mail host), or the generic-*.mc files as operating system-specific
16 INTRODUCTION AND EXAMPLE
17 A BRIEF INTRODUCTION TO M4
27 MASQUERADING AND RELAYING
28 USING LDAP FOR ALIASES, MAPS, AND CLASSES
30 ANTI-SPAM CONFIGURATION CONTROL
34 ADDING NEW MAILERS OR RULESETS
35 ADDING NEW MAIL FILTERS
36 QUEUE GROUP DEFINITIONS
37 NON-SMTP BASED CONFIGURATIONS
39 ACCEPTING MAIL FOR MULTIPLE NAMES
41 USING USERDB TO MAP FULL NAMES
42 MISCELLANEOUS SPECIAL FEATURES
44 TWEAKING CONFIGURATION OPTIONS
45 MESSAGE SUBMISSION PROGRAM
46 FORMAT OF FILES AND MAPS
48 ADMINISTRATIVE DETAILS
51 +--------------------------+
52 | INTRODUCTION AND EXAMPLE |
53 +--------------------------+
55 Configuration files are contained in the subdirectory "cf", with a
56 suffix ".mc". They must be run through "m4" to produce a ".cf" file.
57 You must pre-load "cf.m4":
59 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
61 Alternatively, you can simply:
66 where ${CFDIR} is the root of the cf directory and config.mc is the
67 name of your configuration file. If you are running a version of M4
68 that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
69 this, but the versions distributed with 4.4BSD and derivatives do not)
70 or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
71 For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
72 use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example:
74 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
76 Let's examine a typical .mc file:
80 # Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
81 # All rights reserved.
82 # Copyright (c) 1983 Eric P. Allman. All rights reserved.
83 # Copyright (c) 1988, 1993
84 # The Regents of the University of California. All rights reserved.
86 # By using this file, you agree to the terms and conditions set
87 # forth in the LICENSE file which can be found at the top level of
88 # the sendmail distribution.
92 # This is a Berkeley-specific configuration file for HP-UX 9.x.
93 # It applies only to the Computer Science Division at Berkeley,
94 # and should not be used elsewhere. It is provided on the sendmail
95 # distribution as a sample only. To create your own configuration
96 # file, create an appropriate domain file in ../domain, change the
97 # `DOMAIN' macro below to reference that file, and copy the result
98 # to a name of your own choosing.
102 The divert(-1) will delete the crud in the resulting output file.
103 The copyright notice can be replaced by whatever your lawyers require;
104 our lawyers require the one that is included in these files. A copyleft
105 is a copyright by another name. The divert(0) restores regular output.
107 VERSIONID(`<SCCS or RCS version id>')
109 VERSIONID is a macro that stuffs the version information into the
110 resulting file. You could use SCCS, RCS, CVS, something else, or
111 omit it completely. This is not the same as the version id included
112 in SMTP greeting messages -- this is defined in m4/version.m4.
116 You must specify an OSTYPE to properly configure things such as the
117 pathname of the help and status files, the flags needed for the local
118 mailer, and other important things. If you omit it, you will get an
119 error when you try to build the configuration. Look at the ostype
120 directory for the list of known operating system types.
122 DOMAIN(`CS.Berkeley.EDU')dnl
124 This example is specific to the Computer Science Division at Berkeley.
125 You can use "DOMAIN(`generic')" to get a sufficiently bland definition
126 that may well work for you, or you can create a customized domain
127 definition appropriate for your environment.
132 These describe the mailers used at the default CS site. The local
133 mailer is always included automatically. Beware: MAILER declarations
134 should only be followed by LOCAL_* sections. The general rules are
135 that the order should be:
141 local macro definitions
147 There are a few exceptions to this rule. Local macro definitions which
148 influence a FEATURE() should be done before that feature. For example,
149 a define(`PROCMAIL_MAILER_PATH', ...) should be done before
150 FEATURE(`local_procmail').
152 *******************************************************************
153 *** BE SURE YOU CUSTOMIZE THESE FILES! They have some ***
154 *** Berkeley-specific assumptions built in, such as the name ***
155 *** of their UUCP-relay. You'll want to create your own ***
156 *** domain description, and use that in place of ***
157 *** domain/Berkeley.EDU.m4. ***
158 *******************************************************************
161 +----------------------------+
162 | A BRIEF INTRODUCTION TO M4 |
163 +----------------------------+
165 Sendmail uses the M4 macro processor to ``compile'' the configuration
166 files. The most important thing to know is that M4 is stream-based,
167 that is, it doesn't understand about lines. For this reason, in some
168 places you may see the word ``dnl'', which stands for ``delete
169 through newline''; essentially, it deletes all characters starting
170 at the ``dnl'' up to and including the next newline character. In
171 most cases sendmail uses this only to avoid lots of unnecessary
172 blank lines in the output.
174 Other important directives are define(A, B) which defines the macro
175 ``A'' to have value ``B''. Macros are expanded as they are read, so
176 one normally quotes both values to prevent expansion. For example,
178 define(`SMART_HOST', `smart.foo.com')
180 One word of warning: M4 macros are expanded even in lines that appear
181 to be comments. For example, if you have
183 # See FEATURE(`foo') above
185 it will not do what you expect, because the FEATURE(`foo') will be
186 expanded. This also applies to
188 # And then define the $X macro to be the return address
190 because ``define'' is an M4 keyword. If you want to use them, surround
191 them with directed quotes, `like this'.
193 Since m4 uses single quotes (opening "`" and closing "'") to quote
194 arguments, those quotes can't be used in arguments. For example,
195 it is not possible to define a rejection message containing a single
196 quote. Usually there are simple workarounds by changing those
197 messages; in the worst case it might be ok to change the value
198 directly in the generated .cf file, which however is not advised.
204 This package requires a post-V7 version of m4; if you are running the
205 4.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or
206 BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works.
207 Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a
208 Net/2 or GNU version. GNU m4 is available from
209 ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version).
210 EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU
218 sendmail 8.9 has introduced a new configuration directory for sendmail
219 related files, /etc/mail. The new files available for sendmail 8.9 --
220 the class {R} /etc/mail/relay-domains and the access database
221 /etc/mail/access -- take advantage of this new directory. Beginning with
222 8.10, all files will use this directory by default (some options may be
223 set by OSTYPE() files). This new directory should help to restore
224 uniformity to sendmail's file locations.
226 Below is a table of some of the common changes:
228 Old filename New filename
229 ------------ ------------
230 /etc/bitdomain /etc/mail/bitdomain
231 /etc/domaintable /etc/mail/domaintable
232 /etc/genericstable /etc/mail/genericstable
233 /etc/uudomain /etc/mail/uudomain
234 /etc/virtusertable /etc/mail/virtusertable
235 /etc/userdb /etc/mail/userdb
237 /etc/aliases /etc/mail/aliases
238 /etc/sendmail/aliases /etc/mail/aliases
239 /etc/ucbmail/aliases /etc/mail/aliases
240 /usr/adm/sendmail/aliases /etc/mail/aliases
241 /usr/lib/aliases /etc/mail/aliases
242 /usr/lib/mail/aliases /etc/mail/aliases
243 /usr/ucblib/aliases /etc/mail/aliases
245 /etc/sendmail.cw /etc/mail/local-host-names
246 /etc/mail/sendmail.cw /etc/mail/local-host-names
247 /etc/sendmail/sendmail.cw /etc/mail/local-host-names
249 /etc/sendmail.ct /etc/mail/trusted-users
251 /etc/sendmail.oE /etc/mail/error-header
253 /etc/sendmail.hf /etc/mail/helpfile
254 /etc/mail/sendmail.hf /etc/mail/helpfile
255 /usr/ucblib/sendmail.hf /etc/mail/helpfile
256 /etc/ucbmail/sendmail.hf /etc/mail/helpfile
257 /usr/lib/sendmail.hf /etc/mail/helpfile
258 /usr/share/lib/sendmail.hf /etc/mail/helpfile
259 /usr/share/misc/sendmail.hf /etc/mail/helpfile
260 /share/misc/sendmail.hf /etc/mail/helpfile
262 /etc/service.switch /etc/mail/service.switch
264 /etc/sendmail.st /etc/mail/statistics
265 /etc/mail/sendmail.st /etc/mail/statistics
266 /etc/mailer/sendmail.st /etc/mail/statistics
267 /etc/sendmail/sendmail.st /etc/mail/statistics
268 /usr/lib/sendmail.st /etc/mail/statistics
269 /usr/ucblib/sendmail.st /etc/mail/statistics
271 Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
272 to create the pathnames. The default value of this variable is
273 `/etc/mail/'. If you set this macro to a different value, you MUST include
276 Notice: all filenames used in a .mc (or .cf) file should be absolute
277 (starting at the root, i.e., with '/'). Relative filenames most
278 likely cause surprises during operations (unless otherwise noted).
285 You MUST define an operating system environment, or the configuration
286 file build will puke. There are several environments available; look
287 at the "ostype" directory for the current list. This macro changes
288 things like the location of the alias file and queue directory. Some
289 of these files are identical to one another.
291 It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
292 In general, the OSTYPE macro should go immediately after any version
293 information, and MAILER definitions should always go last.
295 Operating system definitions are usually easy to write. They may define
296 the following variables (everything defaults, so an ostype file may be
297 empty). Unfortunately, the list of configuration-supported systems is
298 not as broad as the list of source-supported systems, since many of
299 the source contributors do not include corresponding ostype files.
301 ALIAS_FILE [/etc/mail/aliases] The location of the text version
302 of the alias file(s). It can be a comma-separated
303 list of names (but be sure you quote values with
304 commas in them -- for example, use
305 define(`ALIAS_FILE', `a,b')
306 to get "a" and "b" both listed as alias files;
307 otherwise the define() primitive only sees "a").
308 HELP_FILE [/etc/mail/helpfile] The name of the file
309 containing information printed in response to
310 the SMTP HELP command.
311 QUEUE_DIR [/var/spool/mqueue] The directory containing
312 queue files. To use multiple queues, supply
313 a value ending with an asterisk. For
314 example, /var/spool/mqueue/qd* will use all of the
315 directories or symbolic links to directories
316 beginning with 'qd' in /var/spool/mqueue as queue
317 directories. The names 'qf', 'df', and 'xf' are
318 reserved as specific subdirectories for the
319 corresponding queue file types as explained in
320 doc/op/op.me. See also QUEUE GROUP DEFINITIONS.
321 MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing
322 queue files for the MSP (Mail Submission Program,
323 see sendmail/SECURITY).
324 STATUS_FILE [/etc/mail/statistics] The file containing status
326 LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail.
327 LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The
328 flags lsDFMAw5:/|@q are always included.
329 LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local
331 LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local
332 mail that you are willing to accept.
333 LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of
334 messages to deliver in a single connection. Only
335 useful for LMTP local mailers.
336 LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
337 that ARRIVE from an address that resolves to the
338 local mailer and which are converted to MIME will be
339 labeled with this character set.
340 LOCAL_MAILER_EOL [undefined] If defined, the string to use as the
341 end of line for the local mailer.
342 LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
343 [X-Unix] The DSN Diagnostic-Code value for the
344 local mailer. This should be changed with care.
345 LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email.
346 LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The
347 flags lsDFM are always included.
348 LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
350 LOCAL_SHELL_DIR [$z:/] The directory search path in which the
352 LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer.
353 USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program
355 USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer.
356 USENET_MAILER_ARGS [-m -h -n] The command line arguments for the
357 usenet mailer. NOTE: Some versions of inews
358 (such as those shipped with newer versions of INN)
359 use different flags. Double check the defaults
360 against the inews man page.
361 USENET_MAILER_MAX [undefined] The maximum size of messages that will
362 be accepted by the usenet mailer.
363 USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer.
364 SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default
365 flags are `mDFMuX' for all SMTP-based mailers; the
366 "esmtp" mailer adds `a'; "smtp8" adds `8'; and
368 RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default
369 flags are `mDFMuX' for all SMTP-based mailers; the
370 relay mailer adds `a8'. If this is not defined,
371 then SMTP_MAILER_FLAGS is used.
372 SMTP_MAILER_MAX [undefined] The maximum size of messages that will
373 be transported using the smtp, smtp8, esmtp, or dsmtp
375 SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of
376 messages to deliver in a single connection for the
377 smtp, smtp8, esmtp, or dsmtp mailers.
378 SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
379 recipients to deliver in a single connection for the
380 smtp, smtp8, esmtp, or dsmtp mailers.
381 SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer.
382 About the only reason you would want to change this
383 would be to change the default port.
384 ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer.
385 SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer.
386 DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer.
387 RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer.
388 SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer.
389 ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer.
390 SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer.
391 DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer.
392 RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer.
393 RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of
394 messages to deliver in a single connection for the
396 SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
397 that ARRIVE from an address that resolves to one of
398 the SMTP mailers and which are converted to MIME will
399 be labeled with this character set.
400 UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail.
401 UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default
402 flags are `DFMhuU' (and `m' for uucp-new mailer,
403 minus `U' for uucp-dom mailer).
404 UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
405 passed to the UUCP mailer.
406 UUCP_MAILER_MAX [100000] The maximum size message accepted for
407 transmission by the UUCP mailers.
408 UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
409 that ARRIVE from an address that resolves to one of
410 the UUCP mailers and which are converted to MIME will
411 be labeled with this character set.
412 UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers.
413 FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to
415 FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX
417 FAX_MAILER_MAX [100000] The maximum size message accepted for
419 POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer.
420 POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq
422 POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer.
423 POP_MAILER_QGRP [undefined] The queue group for the pop mailer.
424 PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail
425 program. This is also used by
426 FEATURE(`local_procmail').
427 PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags
428 DFM are always set. This is NOT used by
429 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
431 PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
432 the Procmail mailer. This is NOT used by
433 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
435 PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that
436 will be accepted by the procmail mailer.
437 PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer.
438 MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer.
439 MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer.
440 MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11
442 MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer.
443 PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery
445 PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM
447 PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer.
448 PH_MAILER_QGRP [undefined] The queue group for the ph mailer.
449 CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The
450 flags lsDFMnPq are always included.
451 CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver
453 CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed
454 to deliver cyrus mail.
455 CYRUS_MAILER_MAX [undefined] If set, the maximum size message that
456 will be accepted by the cyrus mailer.
457 CYRUS_MAILER_USER [cyrus:mail] The user and group to become when
458 running the cyrus mailer.
459 CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer.
460 CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer.
461 The flags lsDFMnP are always included.
462 CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed
463 to deliver cyrusbb mail.
464 CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The
465 flags lsDFMnqXz are always included.
466 CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of
467 messages to deliver in a single connection for the
469 CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
470 recipients to deliver in a single connection for the
472 CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed
473 to the cyrusv2 mailer. This can be used to
474 change the name of the Unix domain socket, or
475 to switch to delivery via TCP (e.g., `TCP $h lmtp')
476 CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer.
477 CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
478 that ARRIVE from an address that resolves to one the
479 Cyrus mailer and which are converted to MIME will
480 be labeled with this character set.
481 confEBINDIR [/usr/libexec] The directory for executables.
482 Currently used for FEATURE(`local_lmtp') and
484 QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer.
485 QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver
487 QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed
488 to deliver qpage mail.
489 QPAGE_MAILER_MAX [4096] If set, the maximum size message that
490 will be accepted by the qpage mailer.
491 QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer.
492 LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer.
494 Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
495 MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
496 of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
497 upper case) and change can be: flags that should be used directly
498 (thus overriding the default value), or if it starts with `+' (`-')
499 then those flags are added to (removed from) the default value.
502 MODIFY_MAILER_FLAGS(`LOCAL', `+e')
504 will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are
505 several smtp mailers all of which are manipulated individually.
506 See the section MAILERS for the available mailer names.
507 WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
508 unconditionally, i.e., without respecting any definitions in an
516 You will probably want to collect domain-dependent defines into one
517 file, referenced by the DOMAIN macro. For example, the Berkeley
518 domain file includes definitions for several internal distinguished
521 UUCP_RELAY The host that will accept UUCP-addressed email.
522 If not defined, all UUCP sites must be directly
524 BITNET_RELAY The host that will accept BITNET-addressed email.
525 If not defined, the .BITNET pseudo-domain won't work.
526 DECNET_RELAY The host that will accept DECNET-addressed email.
527 If not defined, the .DECNET pseudo-domain and addresses
528 of the form node::user will not work.
529 FAX_RELAY The host that will accept mail to the .FAX pseudo-domain.
530 The "fax" mailer overrides this value.
531 LOCAL_RELAY The site that will handle unqualified names -- that
532 is, names without an @domain extension.
533 Normally MAIL_HUB is preferred for this function.
534 LOCAL_RELAY is mostly useful in conjunction with
535 FEATURE(`stickyhost') -- see the discussion of
536 stickyhost below. If not set, they are assumed to
537 belong on this machine. This allows you to have a
538 central site to store a company- or department-wide
539 alias database. This only works at small sites,
540 and only with some user agents.
541 LUSER_RELAY The site that will handle lusers -- that is, apparently
542 local names that aren't local accounts or aliases. To
543 specify a local user instead of a site, set this to
546 Any of these can be either ``mailer:hostname'' (in which case the
547 mailer is the internal mailer name, such as ``uucp-new'' and the hostname
548 is the name of the host as appropriate for that mailer) or just a
549 ``hostname'', in which case a default mailer type (usually ``relay'',
550 a variant on SMTP) is used. WARNING: if you have a wildcard MX
551 record matching your domain, you probably want to define these to
552 have a trailing dot so that you won't get the mail diverted back
555 The domain file can also be used to define a domain name, if needed
556 (using "DD<domain>") and set certain site-wide features. If all hosts
557 at your site masquerade behind one email name, you could also use
560 You do not have to define a domain -- in particular, if you are a
561 single machine sitting off somewhere, it is probably more work than
562 it's worth. This is just a mechanism for combining "domain dependent
563 knowledge" into one place.
570 There are fewer mailers supported in this version than the previous
571 version, owing mostly to a simpler world. As a general rule, put the
572 MAILER definitions last in your .mc file.
574 local The local and prog mailers. You will almost always
575 need these; the only exception is if you relay ALL
576 your mail to another site. This mailer is included
579 smtp The Simple Mail Transport Protocol mailer. This does
580 not hide hosts behind a gateway or another other
581 such hack; it assumes a world where everyone is
582 running the name server. This file actually defines
583 five mailers: "smtp" for regular (old-style) SMTP to
584 other servers, "esmtp" for extended SMTP to other
585 servers, "smtp8" to do SMTP to other servers without
586 converting 8-bit data to MIME (essentially, this is
587 your statement that you know the other end is 8-bit
588 clean even if it doesn't say so), "dsmtp" to do on
589 demand delivery, and "relay" for transmission to the
590 RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
592 uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
593 defines two mailers, "uucp-old" (a.k.a. "uucp") and
594 "uucp-new" (a.k.a. "suucp"). The latter is for when you
595 know that the UUCP mailer at the other end can handle
596 multiple recipients in one transfer. If the smtp mailer
597 is included in your configuration, two other mailers
598 ("uucp-dom" and "uucp-uudom") are also defined [warning: you
599 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you
600 include the uucp mailer, sendmail looks for all names in
601 class {U} and sends them to the uucp-old mailer; all
602 names in class {Y} are sent to uucp-new; and all
603 names in class {Z} are sent to uucp-uudom. Note that
604 this is a function of what version of rmail runs on
605 the receiving end, and hence may be out of your control.
606 See the section below describing UUCP mailers in more
609 usenet Usenet (network news) delivery. If this is specified,
610 an extra rule is added to ruleset 0 that forwards all
611 local email for users named ``group.usenet'' to the
612 ``inews'' program. Note that this works for all groups,
613 and may be considered a security problem.
615 fax Facsimile transmission. This is experimental and based
616 on Sam Leffler's HylaFAX software. For more information,
617 see http://www.hylafax.org/.
619 pop Post Office Protocol.
621 procmail An interface to procmail (does not come with sendmail).
622 This is designed to be used in mailertables. For example,
623 a common question is "how do I forward all mail for a given
624 domain to a single person?". If you have this mailer
625 defined, you could set up a mailertable reading:
627 host.com procmail:/etc/procmailrcs/host.com
629 with the file /etc/procmailrcs/host.com reading:
631 :0 # forward mail for host.com
632 ! -oi -f $1 person@other.host
634 This would arrange for (anything)@host.com to be sent
635 to person@other.host. In a procmail script, $1 is the
636 name of the sender and $2 is the name of the recipient.
637 If you use this with FEATURE(`local_procmail'), the FEATURE
638 should be listed first.
640 Of course there are other ways to solve this particular
641 problem, e.g., a catch-all entry in a virtusertable.
643 mail11 The DECnet mail11 mailer, useful only if you have the mail11
644 program from gatekeeper.dec.com:/pub/DEC/gwtools (and
645 DECnet, of course). This is for Phase IV DECnet support;
646 if you have Phase V at your site you may have additional
649 phquery The phquery program. This is somewhat counterintuitively
650 referenced as the "ph" mailer internally. It can be used
651 to do CCSO name server lookups. The phquery program, which
652 this mailer uses, is distributed with the ph client.
654 cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to
655 a local cyrus user. this mailer can make use of the
656 "user+detail@local.host" syntax (see
657 FEATURE(`preserve_local_plus_detail')); it will deliver the
658 mail to the user's "detail" mailbox if the mailbox's ACL
659 permits. The cyrusbb mailer delivers to a system-wide
660 cyrus mailbox if the mailbox's ACL permits. The cyrus
661 mailer must be defined after the local mailer.
663 cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to
664 local cyrus users via LMTP. This mailer can make use of the
665 "user+detail@local.host" syntax (see
666 FEATURE(`preserve_local_plus_detail')); it will deliver the
667 mail to the user's "detail" mailbox if the mailbox's ACL
668 permits. The cyrusv2 mailer must be defined after the
671 qpage A mailer for QuickPage, a pager interface. See
672 http://www.qpage.org/ for further information.
674 The local mailer accepts addresses of the form "user+detail", where
675 the "+detail" is not used for mailbox matching but is available
676 to certain local mail programs (in particular, see
677 FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and
678 "eric+sww" all indicate the same user, but additional arguments <null>,
679 "sendmail", and "sww" may be provided for use in sorting mail.
686 Special features can be requested using the "FEATURE" macro. For
687 example, the .mc line:
689 FEATURE(`use_cw_file')
691 tells sendmail that you want to have it read an /etc/mail/local-host-names
692 file to get values for class {w}. A FEATURE may contain up to 9
693 optional parameters -- for example:
695 FEATURE(`mailertable', `dbm /usr/lib/mailertable')
697 The default database map type for the table features can be set with
699 define(`DATABASE_MAP_TYPE', `dbm')
701 which would set it to use ndbm databases. The default is the Berkeley DB
702 hash database format. Note that you must still declare a database map type
703 if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
704 if no argument is given for the FEATURE. It must be specified before any
705 feature that uses a map.
707 Also, features which can take a map definition as an argument can also take
708 the special keyword `LDAP'. If that keyword is used, the map will use the
709 LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
710 CLASSES'' section below.
712 Available features are:
714 use_cw_file Read the file /etc/mail/local-host-names file to get
715 alternate names for this host. This might be used if you
716 were on a host that MXed for a dynamic set of other hosts.
717 If the set is static, just including the line "Cw<name1>
718 <name2> ..." (where the names are fully qualified domain
719 names) is probably superior. The actual filename can be
720 overridden by redefining confCW_FILE.
722 use_ct_file Read the file /etc/mail/trusted-users file to get the
723 names of users that will be ``trusted'', that is, able to
724 set their envelope from address using -f without generating
725 a warning message. The actual filename can be overridden
726 by redefining confCT_FILE.
728 redirect Reject all mail addressed to "address.REDIRECT" with
729 a ``551 User has moved; please try <address>'' message.
730 If this is set, you can alias people who have left
731 to their new address with ".REDIRECT" appended.
733 nouucp Don't route UUCP addresses. This feature takes one
735 `reject': reject addresses which have "!" in the local
736 part unless it originates from a system
737 that is allowed to relay.
738 `nospecial': don't do anything special with "!".
739 Warnings: 1. See the notice in the anti-spam section.
740 2. don't remove "!" from OperatorChars if `reject' is
743 nocanonify Don't pass addresses to $[ ... $] for canonification
744 by default, i.e., host/domain names are considered canonical,
745 except for unqualified names, which must not be used in this
746 mode (violation of the standard). It can be changed by
747 setting the DaemonPortOptions modifiers (M=). That is,
748 FEATURE(`nocanonify') will be overridden by setting the
749 'c' flag. Conversely, if FEATURE(`nocanonify') is not used,
750 it can be emulated by setting the 'C' flag
751 (DaemonPortOptions=Modifiers=C). This would generally only
752 be used by sites that only act as mail gateways or which have
753 user agents that do full canonification themselves. You may
755 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
756 the usual resolver options that do a similar thing.
758 An exception list for FEATURE(`nocanonify') can be
759 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
760 i.e., a list of domains which are nevertheless passed to
761 $[ ... $] for canonification. This is useful to turn on
762 canonification for local domains, e.g., use
763 CANONIFY_DOMAIN(`my.domain my') to canonify addresses
764 which end in "my.domain" or "my".
765 Another way to require canonification in the local
766 domain is CANONIFY_DOMAIN(`$=m').
768 A trailing dot is added to addresses with more than
769 one component in it such that other features which
770 expect a trailing dot (e.g., virtusertable) will
773 If `canonify_hosts' is specified as parameter, i.e.,
774 FEATURE(`nocanonify', `canonify_hosts'), then
775 addresses which have only a hostname, e.g.,
776 <user@host>, will be canonified (and hopefully fully
779 stickyhost This feature is sometimes used with LOCAL_RELAY,
780 although it can be used for a different effect with
783 When used without MAIL_HUB, email sent to
784 "user@local.host" are marked as "sticky" -- that
785 is, the local addresses aren't matched against UDB,
786 don't go through ruleset 5, and are not forwarded to
787 the LOCAL_RELAY (if defined).
789 With MAIL_HUB, mail addressed to "user@local.host"
790 is forwarded to the mail hub, with the envelope
791 address still remaining "user@local.host".
792 Without stickyhost, the envelope would be changed
793 to "user@mail_hub", in order to protect against
796 mailertable Include a "mailer table" which can be used to override
797 routing for particular domains (which are not in class {w},
798 i.e. local host names). The argument of the FEATURE may be
799 the key definition. If none is specified, the definition
802 hash /etc/mail/mailertable
804 Keys in this database are fully qualified domain names
805 or partial domains preceded by a dot -- for example,
806 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a
807 special case of the latter, "." matches any domain not
808 covered by other keys. Values must be of the form:
810 where "mailer" is the internal mailer name, and "domain"
811 is where to send the message. These maps are not
812 reflected into the message header. As a special case,
815 will forward to the indicated user using the local mailer,
817 will forward to the original user in the e-mail address
818 using the local mailer, and
820 error:D.S.N:code message
821 will give an error message with the indicated SMTP reply
822 code and message, where D.S.N is an RFC 1893 compliant
825 domaintable Include a "domain table" which can be used to provide
826 domain name mapping. Use of this should really be
827 limited to your own domains. It may be useful if you
828 change names (e.g., your company changes names from
829 oldname.com to newname.com). The argument of the
830 FEATURE may be the key definition. If none is specified,
831 the definition used is:
833 hash /etc/mail/domaintable
835 The key in this table is the domain name; the value is
836 the new (fully qualified) domain. Anything in the
837 domaintable is reflected into headers; that is, this
838 is done in ruleset 3.
840 bitdomain Look up bitnet hosts in a table to try to turn them into
841 internet addresses. The table can be built using the
842 bitdomain program contributed by John Gardiner Myers.
843 The argument of the FEATURE may be the key definition; if
844 none is specified, the definition used is:
846 hash /etc/mail/bitdomain
848 Keys are the bitnet hostname; values are the corresponding
851 uucpdomain Similar feature for UUCP hosts. The default map definition
854 hash /etc/mail/uudomain
856 At the moment there is no automagic tool to build this
860 Include the local host domain even on locally delivered
861 mail. Normally it is not added on unqualified names.
862 However, if you use a shared message store but do not use
863 the same user name space everywhere, you may need the host
864 name on local names. An optional argument specifies
865 another domain to be added than the local.
867 allmasquerade If masquerading is enabled (using MASQUERADE_AS), this
868 feature will cause recipient addresses to also masquerade
869 as being from the masquerade host. Normally they get
870 the local hostname. Although this may be right for
871 ordinary users, it can break local aliases. For example,
872 if you send to "localalias", the originating sendmail will
873 find that alias and send to all members, but send the
874 message with "To: localalias@masqueradehost". Since that
875 alias likely does not exist, replies will fail. Use this
876 feature ONLY if you can guarantee that the ENTIRE
877 namespace on your masquerade host supersets all the
881 Normally, any hosts listed in class {w} are masqueraded. If
882 this feature is given, only the hosts listed in class {M} (see
883 below: MASQUERADE_DOMAIN) are masqueraded. This is useful
884 if you have several domains with disjoint namespaces hosted
887 masquerade_entire_domain
888 If masquerading is enabled (using MASQUERADE_AS) and
889 MASQUERADE_DOMAIN (see below) is set, this feature will
890 cause addresses to be rewritten such that the masquerading
891 domains are actually entire domains to be hidden. All
892 hosts within the masquerading domains will be rewritten
893 to the masquerade name (used in MASQUERADE_AS). For example,
896 MASQUERADE_AS(`masq.com')
897 MASQUERADE_DOMAIN(`foo.org')
898 MASQUERADE_DOMAIN(`bar.com')
900 then *foo.org and *bar.com are converted to masq.com. Without
901 this feature, only foo.org and bar.com are masqueraded.
903 NOTE: only domains within your jurisdiction and
904 current hierarchy should be masqueraded using this.
907 This feature prevents the local mailer from masquerading even
908 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect
909 on addresses of mail going outside the local domain.
912 If masquerading is enabled (using MASQUERADE_AS) or the
913 genericstable is in use, this feature will cause envelope
914 addresses to also masquerade as being from the masquerade
915 host. Normally only the header addresses are masqueraded.
917 genericstable This feature will cause unqualified addresses (i.e., without
918 a domain) and addresses with a domain listed in class {G}
919 to be looked up in a map and turned into another ("generic")
920 form, which can change both the domain name and the user name.
921 Notice: if you use an MSP (as it is default starting with
922 8.12), the MTA will only receive qualified addresses from the
923 MSP (as required by the RFCs). Hence you need to add your
924 domain to class {G}. This feature is similar to the userdb
925 functionality. The same types of addresses as for
926 masquerading are looked up, i.e., only header sender
927 addresses unless the allmasquerade and/or masquerade_envelope
928 features are given. Qualified addresses must have the domain
929 part in class {G}; entries can be added to this class by the
930 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
931 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
933 The argument of FEATURE(`genericstable') may be the map
934 definition; the default map definition is:
936 hash /etc/mail/genericstable
938 The key for this table is either the full address, the domain
939 (with a leading @; the localpart is passed as first argument)
940 or the unqualified username (tried in the order mentioned);
941 the value is the new user address. If the new user address
942 does not include a domain, it will be qualified in the standard
943 manner, i.e., using $j or the masquerade name. Note that the
944 address being looked up must be fully qualified. For local
945 mail, it is necessary to use FEATURE(`always_add_domain')
946 for the addresses to be qualified.
947 The "+detail" of an address is passed as %1, so entries like
949 old+*@foo.org new+%1@example.com
950 gen+*@foo.org %1@example.com
952 and other forms are possible.
954 generics_entire_domain
955 If the genericstable is enabled and GENERICS_DOMAIN or
956 GENERICS_DOMAIN_FILE is used, this feature will cause
957 addresses to be searched in the map if their domain
958 parts are subdomains of elements in class {G}.
960 virtusertable A domain-specific form of aliasing, allowing multiple
961 virtual domains to be hosted on one machine. For example,
962 if the virtuser table contains:
964 info@foo.com foo-info
965 info@bar.com bar-info
966 joe@bar.com error:nouser 550 No such user here
967 jax@bar.com error:5.7.0:550 Address invalid
968 @baz.org jane@example.net
970 then mail addressed to info@foo.com will be sent to the
971 address foo-info, mail addressed to info@bar.com will be
972 delivered to bar-info, and mail addressed to anyone at baz.org
973 will be sent to jane@example.net, mail to joe@bar.com will
974 be rejected with the specified error message, and mail to
975 jax@bar.com will also have a RFC 1893 compliant error code
978 The username from the original address is passed
981 @foo.org %1@example.com
983 meaning someone@foo.org will be sent to someone@example.com.
984 Additionally, if the local part consists of "user+detail"
985 then "detail" is passed as %2 and "+detail" is passed as %3
986 when a match against user+* is attempted, so entries like
988 old+*@foo.org new+%2@example.com
989 gen+*@foo.org %2@example.com
990 +*@foo.org %1%3@example.com
991 X++@foo.org Z%3@example.com
994 and other forms are possible. Note: to preserve "+detail"
995 for a default case (@domain) %1%3 must be used as RHS.
996 There are two wildcards after "+": "+" matches only a non-empty
997 detail, "*" matches also empty details, e.g., user+@foo.org
998 matches +*@foo.org but not ++@foo.org. This can be used
999 to ensure that the parameters %2 and %3 are not empty.
1001 All the host names on the left hand side (foo.com, bar.com,
1002 and baz.org) must be in class {w} or class {VirtHost}. The
1003 latter can be defined by the macros VIRTUSER_DOMAIN or
1004 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1005 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
1006 VIRTUSER_DOMAIN_FILE is used, then the entries of class
1007 {VirtHost} are added to class {R}, i.e., relaying is allowed
1008 to (and from) those domains. The default map definition is:
1010 hash /etc/mail/virtusertable
1012 A new definition can be specified as the second argument of
1013 the FEATURE macro, such as
1015 FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
1017 virtuser_entire_domain
1018 If the virtusertable is enabled and VIRTUSER_DOMAIN or
1019 VIRTUSER_DOMAIN_FILE is used, this feature will cause
1020 addresses to be searched in the map if their domain
1021 parts are subdomains of elements in class {VirtHost}.
1023 ldap_routing Implement LDAP-based e-mail recipient routing according to
1024 the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
1025 This provides a method to re-route addresses with a
1026 domain portion in class {LDAPRoute} to either a
1027 different mail host or a different address. Hosts can
1028 be added to this class using LDAPROUTE_DOMAIN and
1029 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1030 MASQUERADE_DOMAIN_FILE, see below).
1032 See the LDAP ROUTING section below for more information.
1034 nodns If you aren't running DNS at your site (for example,
1035 you are UUCP-only connected). It's hard to consider
1036 this a "feature", but hey, it had to go somewhere.
1037 Actually, as of 8.7 this is a no-op -- remove "dns" from
1038 the hosts service switch entry instead.
1040 nullclient This is a special case -- it creates a configuration file
1041 containing nothing but support for forwarding all mail to a
1042 central hub via a local SMTP-based network. The argument
1043 is the name of that hub.
1045 The only other feature that should be used in conjunction
1046 with this one is FEATURE(`nocanonify'). No mailers
1047 should be defined. No aliasing or forwarding is done.
1049 local_lmtp Use an LMTP capable local mailer. The argument to this
1050 feature is the pathname of an LMTP capable mailer. By
1051 default, mail.local is used. This is expected to be the
1052 mail.local which came with the 8.9 distribution which is
1053 LMTP capable. The path to mail.local is set by the
1054 confEBINDIR m4 variable -- making the default
1055 LOCAL_MAILER_PATH /usr/libexec/mail.local.
1056 If a different LMTP capable mailer is used, its pathname
1057 can be specified as second parameter and the arguments
1058 passed to it (A=) as third parameter, e.g.,
1060 FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
1062 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1063 i.e., without respecting any definitions in an OSTYPE setting.
1065 local_procmail Use procmail or another delivery agent as the local mailer.
1066 The argument to this feature is the pathname of the
1067 delivery agent, which defaults to PROCMAIL_MAILER_PATH.
1068 Note that this does NOT use PROCMAIL_MAILER_FLAGS or
1069 PROCMAIL_MAILER_ARGS for the local mailer; tweak
1070 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
1071 specify the appropriate parameters. When procmail is used,
1072 the local mailer can make use of the
1073 "user+indicator@local.host" syntax; normally the +indicator
1074 is just tossed, but by default it is passed as the -a
1075 argument to procmail.
1077 This feature can take up to three arguments:
1079 1. Path to the mailer program
1080 [default: /usr/local/bin/procmail]
1081 2. Argument vector including name of the program
1082 [default: procmail -Y -a $h -d $u]
1083 3. Flags for the mailer [default: SPfhn9]
1085 Empty arguments cause the defaults to be taken.
1086 Note that if you are on a system with a broken
1087 setreuid() call, you may need to add -f $f to the procmail
1088 argument vector to pass the proper sender to procmail.
1090 For example, this allows it to use the maildrop
1091 (http://www.flounder.net/~mrsam/maildrop/) mailer instead
1094 FEATURE(`local_procmail', `/usr/local/bin/maildrop',
1099 FEATURE(`local_procmail', `/usr/local/bin/scanmails')
1101 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1102 i.e., without respecting any definitions in an OSTYPE setting.
1104 bestmx_is_local Accept mail as though locally addressed for any host that
1105 lists us as the best possible MX record. This generates
1106 additional DNS traffic, but should be OK for low to
1107 medium traffic hosts. The argument may be a set of
1108 domains, which will limit the feature to only apply to
1109 these domains -- this will reduce unnecessary DNS
1110 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
1111 WILDCARD MX RECORDS!!! If you have a wildcard MX record
1112 that matches your domain, you cannot use this feature.
1114 smrsh Use the SendMail Restricted SHell (smrsh) provided
1115 with the distribution instead of /bin/sh for mailing
1116 to programs. This improves the ability of the local
1117 system administrator to control what gets run via
1118 e-mail. If an argument is provided it is used as the
1119 pathname to smrsh; otherwise, the path defined by
1120 confEBINDIR is used for the smrsh binary -- by default,
1121 /usr/libexec/smrsh is assumed.
1124 By default, the sendmail configuration files do not permit
1125 mail relaying (that is, accepting mail from outside your
1126 local host (class {w}) and sending it to another host than
1127 your local host). This option sets your site to allow
1128 mail relaying from any site to any site. In almost all
1129 cases, it is better to control relaying more carefully
1130 with the access map, class {R}, or authentication. Domains
1131 can be added to class {R} by the macros RELAY_DOMAIN or
1132 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1133 MASQUERADE_DOMAIN_FILE, see below).
1136 This option allows any host in your domain as defined by
1137 class {m} to use your server for relaying. Notice: make
1138 sure that your domain is not just a top level domain,
1139 e.g., com. This can happen if you give your host a name
1140 like example.com instead of host.example.com.
1143 By default, names that are listed as RELAY in the access
1144 db and class {R} are treated as domain names, not host names.
1145 For example, if you specify ``foo.com'', then mail to or
1146 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1147 will all be accepted for relaying. This feature changes
1148 the behaviour to lookup individual host names only.
1151 Turns on the ability to allow relaying based on the MX
1152 records of the host portion of an incoming recipient; that
1153 is, if an MX record for host foo.com points to your site,
1154 you will accept and relay mail addressed to foo.com. See
1155 description below for more information before using this
1156 feature. Also, see the KNOWNBUGS entry regarding bestmx
1159 FEATURE(`relay_based_on_MX') does not necessarily allow
1160 routing of these messages which you expect to be allowed,
1161 if route address syntax (or %-hack syntax) is used. If
1162 this is a problem, add entries to the access-table or use
1163 FEATURE(`loose_relay_check').
1166 Allows relaying if the mail sender is listed as RELAY in
1167 the access map. If an optional argument `domain' (this
1168 is the literal word `domain', not a placeholder) is given,
1169 relaying can be allowed just based on the domain portion
1170 of the sender address. This feature should only be used if
1171 absolutely necessary as the sender address can be easily
1172 forged. Use of this feature requires the "From:" tag to
1173 be used for the key in the access map; see the discussion
1174 of tags and FEATURE(`relay_mail_from') in the section on
1175 anti-spam configuration control.
1178 Allows relaying if the domain portion of the mail sender
1179 is a local host. This should only be used if absolutely
1180 necessary as it opens a window for spammers. Specifically,
1181 they can send mail to your mail server that claims to be
1182 from your domain (either directly or via a routed address),
1183 and you will go ahead and relay it out to arbitrary hosts
1186 accept_unqualified_senders
1187 Normally, MAIL FROM: commands in the SMTP session will be
1188 refused if the connection is a network connection and the
1189 sender address does not include a domain name. If your
1190 setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1191 you will need to use this feature to accept unqualified
1192 sender addresses. Setting the DaemonPortOptions modifier
1193 'u' overrides the default behavior, i.e., unqualified
1194 addresses are accepted even without this FEATURE.
1195 If this FEATURE is not used, the DaemonPortOptions modifier
1196 'f' can be used to enforce fully qualified addresses.
1198 accept_unresolvable_domains
1199 Normally, MAIL FROM: commands in the SMTP session will be
1200 refused if the host part of the argument to MAIL FROM:
1201 cannot be located in the host name service (e.g., an A or
1202 MX record in DNS). If you are inside a firewall that has
1203 only a limited view of the Internet host name space, this
1204 could cause problems. In this case you probably want to
1205 use this feature to accept all domains on input, even if
1206 they are unresolvable.
1208 access_db Turns on the access database feature. The access db gives
1209 you the ability to allow or refuse to accept mail from
1210 specified domains for administrative reasons. Moreover,
1211 it can control the behavior of sendmail in various situations.
1212 By default, the access database specification is:
1214 hash -T<TMPF> /etc/mail/access
1216 See the anti-spam configuration control section for further
1217 important information about this feature. Notice:
1218 "-T<TMPF>" is meant literal, do not replace it by anything.
1220 blacklist_recipients
1221 Turns on the ability to block incoming mail for certain
1222 recipient usernames, hostnames, or addresses. For
1223 example, you can block incoming mail to user nobody,
1224 host foo.mydomain.com, or guest@bar.mydomain.com.
1225 These specifications are put in the access db as
1226 described in the anti-spam configuration control section
1227 later in this document.
1229 delay_checks The rulesets check_mail and check_relay will not be called
1230 when a client connects or issues a MAIL command, respectively.
1231 Instead, those rulesets will be called by the check_rcpt
1232 ruleset; they will be skipped under certain circumstances.
1233 See "Delay all checks" in the anti-spam configuration control
1234 section. Note: this feature is incompatible to the versions
1237 use_client_ptr If this feature is enabled then check_relay will override
1238 its first argument with $&{client_ptr}. This is useful for
1239 rejections based on the unverified hostname of client,
1240 which turns on the same behavior as in earlier sendmail
1241 versions when delay_checks was not in use. See doc/op/op.*
1242 about check_relay, {client_name}, and {client_ptr}.
1244 dnsbl Turns on rejection of hosts found in an DNS based rejection
1245 list. If an argument is provided it is used as the domain
1246 in which blocked hosts are listed; otherwise it defaults to
1247 blackholes.mail-abuse.org. An explanation for an DNS based
1248 rejection list can be found at http://mail-abuse.org/rbl/.
1249 A second argument can be used to change the default error
1250 message. Without that second argument, the error message
1252 Rejected: IP-ADDRESS listed at SERVER
1253 where IP-ADDRESS and SERVER are replaced by the appropriate
1254 information. By default, temporary lookup failures are
1255 ignored. This behavior can be changed by specifying a
1256 third argument, which must be either `t' or a full error
1257 message. See the anti-spam configuration control section for
1258 an example. The dnsbl feature can be included several times
1259 to query different DNS based rejection lists. See also
1260 enhdnsbl for an enhanced version.
1262 Set the DNSBL_MAP mc option to change the default map
1263 definition from `host'. Set the DNSBL_MAP_OPT mc option
1264 to add additional options to the map specification used.
1266 Some DNS based rejection lists cause failures if asked
1267 for AAAA records. If your sendmail version is compiled
1268 with IPv6 support (NETINET6) and you experience this
1271 define(`DNSBL_MAP', `dns -R A')
1273 before the first use of this feature. Alternatively you
1274 can use enhdnsbl instead (see below). Moreover, this
1275 statement can be used to reduce the number of DNS retries,
1278 define(`DNSBL_MAP', `dns -R A -r2')
1280 See below (EDNSBL_TO) for an explanation.
1282 NOTE: The default DNS blacklist, blackholes.mail-abuse.org,
1283 is a service offered by the Mail Abuse Prevention System
1284 (MAPS). As of July 31, 2001, MAPS is a subscription
1285 service, so using that network address won't work if you
1286 haven't subscribed. Contact MAPS to subscribe
1287 (http://mail-abuse.org/).
1289 enhdnsbl Enhanced version of dnsbl (see above). Further arguments
1290 (up to 5) can be used to specify specific return values
1291 from lookups. Temporary lookup failures are ignored unless
1292 a third argument is given, which must be either `t' or a full
1293 error message. By default, any successful lookup will
1294 generate an error. Otherwise the result of the lookup is
1295 compared with the supplied argument(s), and only if a match
1296 occurs an error is generated. For example,
1298 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
1300 will reject the e-mail if the lookup returns the value
1301 ``127.0.0.2.'', or generate a 451 response if the lookup
1302 temporarily failed. The arguments can contain metasymbols
1303 as they are allowed in the LHS of rules. As the example
1304 shows, the default values are also used if an empty argument,
1305 i.e., `', is specified. This feature requires that sendmail
1306 has been compiled with the flag DNSMAP (see sendmail/README).
1308 Set the EDNSBL_TO mc option to change the DNS retry count
1309 from the default value of 5, this can be very useful when
1310 a DNS server is not responding, which in turn may cause
1311 clients to time out (an entry stating
1313 did not issue MAIL/EXPN/VRFY/ETRN
1317 ratecontrol Enable simple ruleset to do connection rate control
1318 checking. This requires entries in access_db of the form
1320 ClientRate:IP.ADD.RE.SS LIMIT
1322 The RHS specifies the maximum number of connections
1323 (an integer number) over the time interval defined
1324 by ConnectionRateWindowSize, where 0 means unlimited.
1326 Take the following example:
1328 ClientRate:10.1.2.3 4
1329 ClientRate:127.0.0.1 0
1332 10.1.2.3 can only make up to 4 connections, the
1333 general limit it 10, and 127.0.0.1 can make an unlimited
1334 number of connections per ConnectionRateWindowSize.
1336 See also CONNECTION CONTROL.
1338 conncontrol Enable a simple check of the number of incoming SMTP
1339 connections. This requires entries in access_db of the
1342 ClientConn:IP.ADD.RE.SS LIMIT
1344 The RHS specifies the maximum number of open connections
1345 (an integer number).
1347 Take the following example:
1349 ClientConn:10.1.2.3 4
1350 ClientConn:127.0.0.1 0
1353 10.1.2.3 can only have up to 4 open connections, the
1354 general limit it 10, and 127.0.0.1 does not have any
1357 See also CONNECTION CONTROL.
1359 mtamark Experimental support for "Marking Mail Transfer Agents in
1360 Reverse DNS with TXT RRs" (MTAMark), see
1361 draft-stumpf-dns-mtamark-01. Optional arguments are:
1363 1. Error message, default:
1365 550 Rejected: $&{client_addr} not listed as MTA
1367 2. Temporary lookup failures are ignored unless a second
1368 argument is given, which must be either `t' or a full
1371 3. Lookup prefix, default: _perm._smtp._srv. This should
1372 not be changed unless the draft changes it.
1376 FEATURE(`mtamark', `', `t')
1378 lookupdotdomain Look up also .domain in the access map. This allows to
1379 match only subdomains. It does not work well with
1380 FEATURE(`relay_hosts_only'), because most lookups for
1381 subdomains are suppressed by the latter feature.
1384 Normally, if % addressing is used for a recipient, e.g.
1385 user%site@othersite, and othersite is in class {R}, the
1386 check_rcpt ruleset will strip @othersite and recheck
1387 user@site for relaying. This feature changes that
1388 behavior. It should not be needed for most installations.
1390 authinfo Provide a separate map for client side authentication
1391 information. See SMTP AUTHENTICATION for details.
1392 By default, the authinfo database specification is:
1394 hash /etc/mail/authinfo
1397 Preserve the name of the recipient host if LUSER_RELAY is
1398 used. Without this option, the domain part of the
1399 recipient address will be replaced by the host specified as
1400 LUSER_RELAY. This feature only works if the hostname is
1401 passed to the mailer (see mailer triple in op.me). Note
1402 that in the default configuration the local mailer does not
1403 receive the hostname, i.e., the mailer triple has an empty
1406 preserve_local_plus_detail
1407 Preserve the +detail portion of the address when passing
1408 address to local delivery agent. Disables alias and
1409 .forward +detail stripping (e.g., given user+detail, only
1410 that address will be looked up in the alias file; user+* and
1411 user will not be looked up). Only use if the local
1412 delivery agent in use supports +detail addressing.
1414 compat_check Enable ruleset check_compat to look up pairs of addresses
1415 with the Compat: tag -- Compat:sender<@>recipient -- in the
1416 access map. Valid values for the RHS include
1417 DISCARD silently discard recipient
1418 TEMP: return a temporary error
1419 ERROR: return a permanent error
1420 In the last two cases, a 4xy/5xy SMTP reply code should
1423 no_default_msa Don't generate the default MSA daemon, i.e.,
1424 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1425 To define a MSA daemon with other parameters, use this
1426 FEATURE and introduce new settings via DAEMON_OPTIONS().
1428 msp Defines config file for Message Submission Program.
1429 See sendmail/SECURITY for details and cf/cf/submit.mc how
1430 to use it. An optional argument can be used to override
1431 the default of `[localhost]' to use as host to send all
1432 e-mails to. Note that MX records will be used if the
1433 specified hostname is not in square brackets (e.g.,
1434 [hostname]). If `MSA' is specified as second argument then
1435 port 587 is used to contact the server. Example:
1437 FEATURE(`msp', `', `MSA')
1439 Some more hints about possible changes can be found below
1440 in the section MESSAGE SUBMISSION PROGRAM.
1442 Note: Due to many problems, submit.mc uses
1444 FEATURE(`msp', `[127.0.0.1]')
1446 by default. If you have a machine with IPv6 only,
1449 FEATURE(`msp', `[IPv6:::1]')
1451 If you want to continue using '[localhost]', (the behavior
1456 queuegroup A simple example how to select a queue group based
1457 on the full e-mail address or the domain of the
1458 recipient. Selection is done via entries in the
1459 access map using the tag QGRP:, for example:
1461 QGRP:example.com main
1462 QGRP:friend@some.org others
1463 QGRP:my.domain local
1465 where "main", "others", and "local" are names of
1466 queue groups. If an argument is specified, it is used
1467 as default queue group.
1469 Note: please read the warning in doc/op/op.me about
1470 queue groups and possible queue manipulations.
1472 greet_pause Adds the greet_pause ruleset which enables open proxy
1473 and SMTP slamming protection. The feature can take an
1474 argument specifying the milliseconds to wait:
1476 FEATURE(`greet_pause', `5000') dnl 5 seconds
1478 If FEATURE(`access_db') is enabled, an access database
1479 lookup with the GreetPause tag is done using client
1480 hostname, domain, IP address, or subnet to determine the
1483 GreetPause:my.domain 0
1484 GreetPause:example.com 5000
1485 GreetPause:10.1.2 2000
1486 GreetPause:127.0.0.1 0
1488 When using FEATURE(`access_db'), the optional
1489 FEATURE(`greet_pause') argument becomes the default if
1490 nothing is found in the access database. A ruleset called
1491 Local_greet_pause can be used for local modifications, e.g.,
1495 R$* $: $&{daemon_flags}
1502 Some things just can't be called features. To make this clear,
1503 they go in the hack subdirectory and are referenced using the HACK
1504 macro. These will tend to be site-dependent. The release
1505 includes the Berkeley-dependent "cssubdomain" hack (that makes
1506 sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
1507 this is intended as a short-term aid while moving hosts into
1511 +--------------------+
1512 | SITE CONFIGURATION |
1513 +--------------------+
1515 *****************************************************
1516 * This section is really obsolete, and is preserved *
1517 * only for back compatibility. You should plan on *
1518 * using mailertables for new installations. In *
1519 * particular, it doesn't work for the newer forms *
1520 * of UUCP mailers, such as uucp-uudom. *
1521 *****************************************************
1523 Complex sites will need more local configuration information, such as
1524 lists of UUCP hosts they speak with directly. This can get a bit more
1525 tricky. For an example of a "complex" site, see cf/ucbvax.mc.
1527 The SITECONFIG macro allows you to indirectly reference site-dependent
1528 configuration information stored in the siteconfig subdirectory. For
1531 SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
1533 reads the file uucp.ucbvax for local connection information. The
1534 second parameter is the local name (in this case just "ucbvax" since
1535 it is locally connected, and hence a UUCP hostname). The third
1536 parameter is the name of both a macro to store the local name (in
1537 this case, {U}) and the name of the class (e.g., {U}) in which to store
1538 the host information read from the file. Another SITECONFIG line reads
1540 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
1542 This says that the file uucp.ucbarpa contains the list of UUCP sites
1543 connected to ucbarpa.Berkeley.EDU. Class {W} will be used to
1544 store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
1545 is, the name of the relay to which the hosts listed in uucp.ucbarpa
1546 are connected. [The machine ucbarpa is gone now, but this
1547 out-of-date configuration file has been left around to demonstrate
1548 how you might do this.]
1550 Note that the case of SITECONFIG with a third parameter of ``U'' is
1551 special; the second parameter is assumed to be the UUCP name of the
1552 local site, rather than the name of a remote site, and the UUCP name
1553 is entered into class {w} (the list of local hostnames) as $U.UUCP.
1555 The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
1556 more than a sequence of SITE macros describing connectivity. For
1562 The second example demonstrates that you can use two names on the
1563 same line; these are usually aliases for the same host (or are at
1564 least in the same company).
1566 The macro LOCAL_UUCP can be used to add rules into the generated
1567 cf file at the place where MAILER(`uucp') inserts its rules. This
1568 should only be used if really necessary.
1570 +--------------------+
1571 | USING UUCP MAILERS |
1572 +--------------------+
1574 It's hard to get UUCP mailers right because of the extremely ad hoc
1575 nature of UUCP addressing. These config files are really designed
1576 for domain-based addressing, even for UUCP sites.
1578 There are four UUCP mailers available. The choice of which one to
1579 use is partly a matter of local preferences and what is running at
1580 the other end of your UUCP connection. Unlike good protocols that
1581 define what will go over the wire, UUCP uses the policy that you
1582 should do what is right for the other end; if they change, you have
1583 to change. This makes it hard to do the right thing, and discourages
1584 people from updating their software. In general, if you can avoid
1587 The major choice is whether to go for a domainized scheme or a
1588 non-domainized scheme. This depends entirely on what the other
1589 end will recognize. If at all possible, you should encourage the
1590 other end to go to a domain-based system -- non-domainized addresses
1591 don't work entirely properly.
1593 The four mailers are:
1595 uucp-old (obsolete name: "uucp")
1596 This is the oldest, the worst (but the closest to UUCP) way of
1597 sending messages across UUCP connections. It does bangify
1598 everything and prepends $U (your UUCP name) to the sender's
1599 address (which can already be a bang path itself). It can
1600 only send to one address at a time, so it spends a lot of
1601 time copying duplicates of messages. Avoid this if at all
1604 uucp-new (obsolete name: "suucp")
1605 The same as above, except that it assumes that in one rmail
1606 command you can specify several recipients. It still has a
1607 lot of other problems.
1610 This UUCP mailer keeps everything as domain addresses.
1611 Basically, it uses the SMTP mailer rewriting rules. This mailer
1612 is only included if MAILER(`smtp') is specified before
1615 Unfortunately, a lot of UUCP mailer transport agents require
1616 bangified addresses in the envelope, although you can use
1617 domain-based addresses in the message header. (The envelope
1618 shows up as the From_ line on UNIX mail.) So....
1621 This is a cross between uucp-new (for the envelope addresses)
1622 and uucp-dom (for the header addresses). It bangifies the
1623 envelope sender (From_ line in messages) without adding the
1624 local hostname, unless there is no host name on the address
1625 at all (e.g., "wolf") or the host component is a UUCP host name
1626 instead of a domain name ("somehost!wolf" instead of
1627 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
1628 is also specified earlier.
1632 On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1633 summarizes the sender rewriting for various mailers.
1635 Mailer sender rewriting in the envelope
1636 ------ ------ -------------------------
1637 uucp-{old,new} wolf grasp!wolf
1638 uucp-dom wolf wolf@grasp.insa-lyon.fr
1639 uucp-uudom wolf grasp.insa-lyon.fr!wolf
1641 uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
1642 uucp-dom wolf@fr.net wolf@fr.net
1643 uucp-uudom wolf@fr.net fr.net!wolf
1645 uucp-{old,new} somehost!wolf grasp!somehost!wolf
1646 uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
1647 uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
1649 If you are using one of the domainized UUCP mailers, you really want
1650 to convert all UUCP addresses to domain format -- otherwise, it will
1651 do it for you (and probably not the way you expected). For example,
1652 if you have the address foo!bar!baz (and you are not sending to foo),
1653 the heuristics will add the @uucp.relay.name or @local.host.name to
1654 this address. However, if you map foo to foo.host.name first, it
1655 will not add the local hostname. You can do this using the uucpdomain
1659 +-------------------+
1660 | TWEAKING RULESETS |
1661 +-------------------+
1663 For more complex configurations, you can define special rules.
1664 The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1665 the names. Any modifications made here are reflected in the header.
1667 A common use is to convert old UUCP addresses to SMTP addresses using
1668 the UUCPSMTP macro. For example:
1671 UUCPSMTP(`decvax', `decvax.dec.com')
1672 UUCPSMTP(`research', `research.att.com')
1674 will cause addresses of the form "decvax!user" and "research!user"
1675 to be converted to "user@decvax.dec.com" and "user@research.att.com"
1678 This could also be used to look up hosts in a database map:
1681 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3
1683 This map would be defined in the LOCAL_CONFIG portion, as shown below.
1685 Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1686 For example, new rules are needed to parse hostnames that you accept
1687 via MX records. For example, you might have:
1690 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1692 You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1693 pointing at this host; this rule catches the message and forwards it on
1696 You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1697 These rulesets are normally empty.
1699 A similar macro is LOCAL_CONFIG. This introduces lines added after the
1700 boilerplate option setting but before rulesets. Do not declare rulesets in
1701 the LOCAL_CONFIG section. It can be used to declare local database maps or
1702 whatever. For example:
1705 Khostmap hash /etc/mail/hostmap
1706 Kyplocal nis -m hosts.byname
1709 +---------------------------+
1710 | MASQUERADING AND RELAYING |
1711 +---------------------------+
1713 You can have your host masquerade as another using
1715 MASQUERADE_AS(`host.domain')
1717 This causes mail being sent to be labeled as coming from the
1718 indicated host.domain, rather than $j. One normally masquerades as
1719 one of one's own subdomains (for example, it's unlikely that
1720 Berkeley would choose to masquerade as an MIT site). This
1721 behaviour is modified by a plethora of FEATUREs; in particular, see
1722 masquerade_envelope, allmasquerade, limited_masquerade, and
1723 masquerade_entire_domain.
1725 The masquerade name is not normally canonified, so it is important
1726 that it be your One True Name, that is, fully qualified and not a
1727 CNAME. However, if you use a CNAME, the receiving side may canonify
1728 it for you, so don't think you can cheat CNAME mapping this way.
1730 Normally the only addresses that are masqueraded are those that come
1731 from this host (that is, are either unqualified or in class {w}, the list
1732 of local domain names). You can augment this list, which is realized
1735 MASQUERADE_DOMAIN(`otherhost.domain')
1737 The effect of this is that although mail to user@otherhost.domain
1738 will not be delivered locally, any mail including any user@otherhost.domain
1739 will, when relayed, be rewritten to have the MASQUERADE_AS address.
1740 This can be a space-separated list of names.
1742 If these names are in a file, you can use
1744 MASQUERADE_DOMAIN_FILE(`filename')
1746 to read the list of names from the indicated file (i.e., to add
1747 elements to class {M}).
1749 To exempt hosts or subdomains from being masqueraded, you can use
1751 MASQUERADE_EXCEPTION(`host.domain')
1753 This can come handy if you want to masquerade a whole domain
1754 except for one (or a few) host(s). If these names are in a file,
1757 MASQUERADE_EXCEPTION_FILE(`filename')
1759 Normally only header addresses are masqueraded. If you want to
1760 masquerade the envelope as well, use
1762 FEATURE(`masquerade_envelope')
1764 There are always users that need to be "exposed" -- that is, their
1765 internal site name should be displayed instead of the masquerade name.
1766 Root is an example (which has been "exposed" by default prior to 8.10).
1767 You can add users to this list using
1769 EXPOSED_USER(`usernames')
1771 This adds users to class {E}; you could also use
1773 EXPOSED_USER_FILE(`filename')
1775 You can also arrange to relay all unqualified names (that is, names
1776 without @host) to a relay host. For example, if you have a central
1777 email server, you might relay to that host so that users don't have
1778 to have .forward files or aliases. You can do this using
1780 define(`LOCAL_RELAY', `mailer:hostname')
1782 The ``mailer:'' can be omitted, in which case the mailer defaults to
1783 "relay". There are some user names that you don't want relayed, perhaps
1784 because of local aliases. A common example is root, which may be
1785 locally aliased. You can add entries to this list using
1787 LOCAL_USER(`usernames')
1789 This adds users to class {L}; you could also use
1791 LOCAL_USER_FILE(`filename')
1793 If you want all incoming mail sent to a centralized hub, as for a
1794 shared /var/spool/mail scheme, use
1796 define(`MAIL_HUB', `mailer:hostname')
1798 Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY
1799 and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1800 be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1801 Note: there is a (long standing) bug which keeps this combination from
1802 working for addresses of the form user+detail.
1803 Names in class {L} will be delivered locally, so you MUST have aliases or
1804 .forward files for them.
1806 For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1807 FEATURE(`stickyhost'), the following combinations of settings will have the
1810 email sent to.... eric eric@mastodon.CS.Berkeley.EDU
1812 LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally)
1813 mail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
1815 MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1816 mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done)
1818 Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1819 MAIL_HUB set as above (no local aliasing) (aliasing done)
1821 If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1822 MAIL_HUB act identically, with MAIL_HUB taking precedence.
1824 If you want all outgoing mail to go to a central relay site, define
1825 SMART_HOST as well. Briefly:
1827 LOCAL_RELAY applies to unqualified names (e.g., "eric").
1828 MAIL_HUB applies to names qualified with the name of the
1829 local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1830 SMART_HOST applies to names qualified with other hosts or
1831 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1832 or "eric@[127.0.0.1]").
1834 However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1835 DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1836 really want absolutely everything to go to a single central site you will
1837 need to unset all the other relays -- or better yet, find or build a
1838 minimal config file that does this.
1840 For duplicate suppression to work properly, the host name is best
1841 specified with a terminal dot:
1843 define(`MAIL_HUB', `host.domain.')
1844 note the trailing dot ---^
1847 +-------------------------------------------+
1848 | USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1849 +-------------------------------------------+
1851 LDAP can be used for aliases, maps, and classes by either specifying your
1852 own LDAP map specification or using the built-in default LDAP map
1853 specification. The built-in default specifications all provide lookups
1854 which match against either the machine's fully qualified hostname (${j}) or
1855 a "cluster". The cluster allows you to share LDAP entries among a large
1856 number of machines without having to enter each of the machine names into
1857 each LDAP entry. To set the LDAP cluster name to use for a particular
1858 machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1859 unique name. For example:
1861 define(`confLDAP_CLUSTER', `Servers')
1863 Here, the word `Servers' will be the cluster name. As an example, assume
1864 that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1865 to the Servers cluster.
1867 Some of the LDAP LDIF examples below show use of the Servers cluster.
1868 Every entry must have either a sendmailMTAHost or sendmailMTACluster
1869 attribute or it will be ignored. Be careful as mixing clusters and
1870 individual host records can have surprising results (see the CAUTION
1873 See the file cf/sendmail.schema for the actual LDAP schemas. Note that
1874 this schema (and therefore the lookups and examples below) is experimental
1875 at this point as it has had little public review. Therefore, it may change
1876 in future versions. Feedback via sendmail-YYYY@support.sendmail.org is
1877 encouraged (replace YYYY with the current year, e.g., 2005).
1883 The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
1884 lookups. To use the default schema, simply use:
1886 define(`ALIAS_FILE', `ldap:')
1888 By doing so, you will use the default schema which expands to a map
1889 declared as follows:
1891 ldap -k (&(objectClass=sendmailMTAAliasObject)
1892 (sendmailMTAAliasGrouping=aliases)
1893 (|(sendmailMTACluster=${sendmailMTACluster})
1894 (sendmailMTAHost=$j))
1895 (sendmailMTAKey=%0))
1896 -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
1899 NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1900 used when the binary expands the `ldap:' token as the AliasFile option is
1901 not actually macro-expanded when read from the sendmail.cf file.
1903 Example LDAP LDIF entries might be:
1905 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
1906 objectClass: sendmailMTA
1907 objectClass: sendmailMTAAlias
1908 objectClass: sendmailMTAAliasObject
1909 sendmailMTAAliasGrouping: aliases
1910 sendmailMTAHost: etrn.sendmail.org
1911 sendmailMTAKey: sendmail-list
1912 sendmailMTAAliasValue: ca@example.org
1913 sendmailMTAAliasValue: eric
1914 sendmailMTAAliasValue: gshapiro@example.com
1916 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
1917 objectClass: sendmailMTA
1918 objectClass: sendmailMTAAlias
1919 objectClass: sendmailMTAAliasObject
1920 sendmailMTAAliasGrouping: aliases
1921 sendmailMTAHost: etrn.sendmail.org
1922 sendmailMTAKey: owner-sendmail-list
1923 sendmailMTAAliasValue: eric
1925 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
1926 objectClass: sendmailMTA
1927 objectClass: sendmailMTAAlias
1928 objectClass: sendmailMTAAliasObject
1929 sendmailMTAAliasGrouping: aliases
1930 sendmailMTACluster: Servers
1931 sendmailMTAKey: postmaster
1932 sendmailMTAAliasValue: eric
1934 Here, the aliases sendmail-list and owner-sendmail-list will be available
1935 only on etrn.sendmail.org but the postmaster alias will be available on
1936 every machine in the Servers cluster (including etrn.sendmail.org).
1938 CAUTION: aliases are additive so that entries like these:
1940 dn: sendmailMTAKey=bob, dc=sendmail, dc=org
1941 objectClass: sendmailMTA
1942 objectClass: sendmailMTAAlias
1943 objectClass: sendmailMTAAliasObject
1944 sendmailMTAAliasGrouping: aliases
1945 sendmailMTACluster: Servers
1947 sendmailMTAAliasValue: eric
1949 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
1950 objectClass: sendmailMTA
1951 objectClass: sendmailMTAAlias
1952 objectClass: sendmailMTAAliasObject
1953 sendmailMTAAliasGrouping: aliases
1954 sendmailMTAHost: etrn.sendmail.org
1956 sendmailMTAAliasValue: gshapiro
1958 would mean that on all of the hosts in the cluster, mail to bob would go to
1959 eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
1962 If you prefer not to use the default LDAP schema for your aliases, you can
1963 specify the map parameters when setting ALIAS_FILE. For example:
1965 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
1971 FEATURE()'s which take an optional map definition argument (e.g., access,
1972 mailertable, virtusertable, etc.) can instead take the special keyword
1975 FEATURE(`access_db', `LDAP')
1976 FEATURE(`virtusertable', `LDAP')
1978 When this keyword is given, that map will use LDAP lookups consisting of
1979 the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
1980 with the map name, a search attribute of sendmailMTAKey, and the value
1981 attribute sendmailMTAMapValue.
1983 The values for sendmailMTAMapName are:
1985 FEATURE() sendmailMTAMapName
1986 --------- ------------------
1991 genericstable generics
1993 uucpdomain uucpdomain
1994 virtusertable virtuser
1996 For example, FEATURE(`mailertable', `LDAP') would use the map definition:
1998 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
1999 (sendmailMTAMapName=mailer)
2000 (|(sendmailMTACluster=${sendmailMTACluster})
2001 (sendmailMTAHost=$j))
2002 (sendmailMTAKey=%0))
2003 -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
2005 An example LDAP LDIF entry using this map might be:
2007 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
2008 objectClass: sendmailMTA
2009 objectClass: sendmailMTAMap
2010 sendmailMTACluster: Servers
2011 sendmailMTAMapName: mailer
2013 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2014 objectClass: sendmailMTA
2015 objectClass: sendmailMTAMap
2016 objectClass: sendmailMTAMapObject
2017 sendmailMTAMapName: mailer
2018 sendmailMTACluster: Servers
2019 sendmailMTAKey: example.com
2020 sendmailMTAMapValue: relay:[smtp.example.com]
2022 CAUTION: If your LDAP database contains the record above and *ALSO* a host
2023 specific record such as:
2025 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2026 objectClass: sendmailMTA
2027 objectClass: sendmailMTAMap
2028 objectClass: sendmailMTAMapObject
2029 sendmailMTAMapName: mailer
2030 sendmailMTAHost: etrn.sendmail.org
2031 sendmailMTAKey: example.com
2032 sendmailMTAMapValue: relay:[mx.example.com]
2034 then these entries will give unexpected results. When the lookup is done
2035 on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
2036 require a single match. Since the host etrn.sendmail.org is also in the
2037 Servers cluster, LDAP would return two answers for the example.com map key
2038 in which case sendmail would treat this as no match at all.
2040 If you prefer not to use the default LDAP schema for your maps, you can
2041 specify the map parameters when using the FEATURE(). For example:
2043 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
2049 Normally, classes can be filled via files or programs. As of 8.12, they
2050 can also be filled via map lookups using a new syntax:
2052 F{ClassName}mapkey@mapclass:mapspec
2054 mapkey is optional and if not provided the map key will be empty. This can
2055 be used with LDAP to read classes from LDAP. Note that the lookup is only
2056 done when sendmail is initially started. Use the special value `@LDAP' to
2057 use the default LDAP schema. For example:
2059 RELAY_DOMAIN_FILE(`@LDAP')
2061 would put all of the attribute sendmailMTAClassValue values of LDAP records
2062 with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
2063 'R' into class $={R}. In other words, it is equivalent to the LDAP map
2066 F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
2067 (sendmailMTAClassName=R)
2068 (|(sendmailMTACluster=${sendmailMTACluster})
2069 (sendmailMTAHost=$j)))
2070 -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
2072 NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
2073 used when the binary expands the `@LDAP' token as class declarations are
2074 not actually macro-expanded when read from the sendmail.cf file.
2076 This can be used with class related commands such as RELAY_DOMAIN_FILE(),
2077 MASQUERADE_DOMAIN_FILE(), etc:
2079 Command sendmailMTAClassName
2080 ------- --------------------
2081 CANONIFY_DOMAIN_FILE() Canonify
2082 EXPOSED_USER_FILE() E
2083 GENERICS_DOMAIN_FILE() G
2084 LDAPROUTE_DOMAIN_FILE() LDAPRoute
2085 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv
2087 MASQUERADE_DOMAIN_FILE() M
2088 MASQUERADE_EXCEPTION_FILE() N
2089 RELAY_DOMAIN_FILE() R
2090 VIRTUSER_DOMAIN_FILE() VirtHost
2092 You can also add your own as any 'F'ile class of the form:
2096 will use "ClassName" for the sendmailMTAClassName.
2098 An example LDAP LDIF entry would look like:
2100 dn: sendmailMTAClassName=R, dc=sendmail, dc=org
2101 objectClass: sendmailMTA
2102 objectClass: sendmailMTAClass
2103 sendmailMTACluster: Servers
2104 sendmailMTAClassName: R
2105 sendmailMTAClassValue: sendmail.org
2106 sendmailMTAClassValue: example.com
2107 sendmailMTAClassValue: 10.56.23
2109 CAUTION: If your LDAP database contains the record above and *ALSO* a host
2110 specific record such as:
2112 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
2113 objectClass: sendmailMTA
2114 objectClass: sendmailMTAClass
2115 sendmailMTAHost: etrn.sendmail.org
2116 sendmailMTAClassName: R
2117 sendmailMTAClassValue: example.com
2119 the result will be similar to the aliases caution above. When the lookup
2120 is done on etrn.sendmail.org, $={R} would contain all of the entries (from
2121 both the cluster match and the host match). In other words, the effective
2124 If you prefer not to use the default LDAP schema for your classes, you can
2125 specify the map parameters when using the class command. For example:
2127 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
2129 Remember, macros can not be used in a class declaration as the binary does
2137 FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
2138 LDAP Schema for Intranet Mail Routing
2139 (draft-lachman-laser-ldap-mail-routing-01). This feature enables
2140 LDAP-based rerouting of a particular address to either a different host
2141 or a different address. The LDAP lookup is first attempted on the full
2142 address (e.g., user@example.com) and then on the domain portion
2143 (e.g., @example.com). Be sure to setup your domain for LDAP routing using
2144 LDAPROUTE_DOMAIN(), e.g.:
2146 LDAPROUTE_DOMAIN(`example.com')
2148 Additionally, you can specify equivalent domains for LDAP routing using
2149 LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent'
2150 hostnames are mapped to $M (the masqueraded hostname for the server) before
2151 the LDAP query. For example, if the mail is addressed to
2152 user@host1.example.com, normally the LDAP lookup would only be done for
2153 'user@host1.example.com' and '@host1.example.com'. However, if
2154 LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
2155 done on 'user@example.com' and '@example.com' after attempting the
2156 host1.example.com lookups.
2158 By default, the feature will use the schemas as specified in the draft
2159 and will not reject addresses not found by the LDAP lookup. However,
2160 this behavior can be changed by giving additional arguments to the FEATURE()
2163 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
2164 <detail>, <nodomain>, <tempfail>)
2166 where <mailHost> is a map definition describing how to lookup an alternative
2167 mail host for a particular address; <mailRoutingAddress> is a map definition
2168 describing how to lookup an alternative address for a particular address;
2169 the <bounce> argument, if present and not the word "passthru", dictates
2170 that mail should be bounced if neither a mailHost nor mailRoutingAddress
2171 is found, if set to "sendertoo", the sender will be rejected if not
2172 found in LDAP; and <detail> indicates what actions to take if the address
2173 contains +detail information -- `strip' tries the lookup with the +detail
2174 and if no matches are found, strips the +detail and tries the lookup again;
2175 `preserve', does the same as `strip' but if a mailRoutingAddress match is
2176 found, the +detail information is copied to the new address; the <nodomain>
2177 argument, if present, will prevent the @domain lookup if the full
2178 address is not found in LDAP; the <tempfail> argument, if set to
2179 "tempfail", instructs the rules to give an SMTP 4XX temporary
2180 error if the LDAP server gives the MTA a temporary failure, or if set to
2181 "queue" (the default), the MTA will locally queue the mail.
2183 The default <mailHost> map definition is:
2185 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2186 (mailLocalAddress=%0))
2188 The default <mailRoutingAddress> map definition is:
2190 ldap -1 -T<TMPF> -v mailRoutingAddress
2191 -k (&(objectClass=inetLocalMailRecipient)
2192 (mailLocalAddress=%0))
2194 Note that neither includes the LDAP server hostname (-h server) or base DN
2195 (-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
2196 your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
2197 these settings. If this is not the case, the map definitions should be
2198 changed as described above. The "-T<TMPF>" is required in any user
2199 specified map definition to catch temporary errors.
2201 The following possibilities exist as a result of an LDAP lookup on an
2204 mailHost is mailRoutingAddress is Results in
2205 ----------- --------------------- ----------
2206 set to a set mail delivered to
2207 "local" host mailRoutingAddress
2209 set to a not set delivered to
2210 "local" host original address
2212 set to a set mailRoutingAddress
2213 remote host relayed to mailHost
2215 set to a not set original address
2216 remote host relayed to mailHost
2218 not set set mail delivered to
2221 not set not set delivered to
2222 original address *OR*
2223 bounced as unknown user
2225 The term "local" host above means the host specified is in class {w}. If
2226 the result would mean sending the mail to a different host, that host is
2227 looked up in the mailertable before delivery.
2229 Note that the last case depends on whether the third argument is given
2230 to the FEATURE() command. The default is to deliver the message to the
2233 The LDAP entries should be set up with an objectClass of
2234 inetLocalMailRecipient and the address be listed in a mailLocalAddress
2235 attribute. If present, there must be only one mailHost attribute and it
2236 must contain a fully qualified host name as its value. Similarly, if
2237 present, there must be only one mailRoutingAddress attribute and it must
2238 contain an RFC 822 compliant address. Some example LDAP records (in LDIF
2241 dn: uid=tom, o=example.com, c=US
2242 objectClass: inetLocalMailRecipient
2243 mailLocalAddress: tom@example.com
2244 mailRoutingAddress: thomas@mailhost.example.com
2246 This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2248 dn: uid=dick, o=example.com, c=US
2249 objectClass: inetLocalMailRecipient
2250 mailLocalAddress: dick@example.com
2251 mailHost: eng.example.com
2253 This would relay mail for dick@example.com to the same address but redirect
2254 the mail to MX records listed for the host eng.example.com (unless the
2255 mailertable overrides).
2257 dn: uid=harry, o=example.com, c=US
2258 objectClass: inetLocalMailRecipient
2259 mailLocalAddress: harry@example.com
2260 mailHost: mktmail.example.com
2261 mailRoutingAddress: harry@mkt.example.com
2263 This would relay mail for harry@example.com to the MX records listed for
2264 the host mktmail.example.com using the new address harry@mkt.example.com
2265 when talking to that host.
2267 dn: uid=virtual.example.com, o=example.com, c=US
2268 objectClass: inetLocalMailRecipient
2269 mailLocalAddress: @virtual.example.com
2270 mailHost: server.example.com
2271 mailRoutingAddress: virtual@example.com
2273 This would send all mail destined for any username @virtual.example.com to
2274 the machine server.example.com's MX servers and deliver to the address
2275 virtual@example.com on that relay machine.
2278 +---------------------------------+
2279 | ANTI-SPAM CONFIGURATION CONTROL |
2280 +---------------------------------+
2282 The primary anti-spam features available in sendmail are:
2284 * Relaying is denied by default.
2285 * Better checking on sender information.
2289 Relaying (transmission of messages from a site outside your host (class
2290 {w}) to another site except yours) is denied by default. Note that this
2291 changed in sendmail 8.9; previous versions allowed relaying by default.
2292 If you really want to revert to the old behaviour, you will need to use
2293 FEATURE(`promiscuous_relay'). You can allow certain domains to relay
2294 through your server by adding their domain name or IP address to class
2295 {R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2296 (described below). Note that IPv6 addresses must be prefaced with "IPv6:".
2297 The file consists (like any other file based class) of entries listed on
2298 separate lines, e.g.,
2303 IPv6:2002:c0a8:51d2::23f4
2307 Notice: the last entry allows relaying for connections via a UNIX
2308 socket to the MTA/MSP. This might be necessary if your configuration
2309 doesn't allow relaying by other means in that case, e.g., by having
2310 localhost.$m in class {R} (make sure $m is not just a top level
2315 FEATURE(`relay_entire_domain')
2317 then any host in any of your local domains (that is, class {m})
2318 will be relayed (that is, you will accept mail either to or from any
2319 host in your domain).
2321 You can also allow relaying based on the MX records of the host
2322 portion of an incoming recipient address by using
2324 FEATURE(`relay_based_on_MX')
2326 For example, if your server receives a recipient of user@domain.com
2327 and domain.com lists your server in its MX records, the mail will be
2328 accepted for relay to domain.com. This feature may cause problems
2329 if MX lookups for the recipient domain are slow or time out. In that
2330 case, mail will be temporarily rejected. It is usually better to
2331 maintain a list of hosts/domains for which the server acts as relay.
2332 Note also that this feature will stop spammers from using your host
2333 to relay spam but it will not stop outsiders from using your server
2334 as a relay for their site (that is, they set up an MX record pointing
2335 to your mail server, and you will relay mail addressed to them
2336 without any prior arrangement). Along the same lines,
2338 FEATURE(`relay_local_from')
2340 will allow relaying if the sender specifies a return path (i.e.
2341 MAIL FROM:<user@domain>) domain which is a local domain. This is a
2342 dangerous feature as it will allow spammers to spam using your mail
2343 server by simply specifying a return address of user@your.domain.com.
2344 It should not be used unless absolutely necessary.
2345 A slightly better solution is
2347 FEATURE(`relay_mail_from')
2349 which allows relaying if the mail sender is listed as RELAY in the
2350 access map. If an optional argument `domain' (this is the literal
2351 word `domain', not a placeholder) is given, the domain portion of
2352 the mail sender is also checked to allowing relaying. This option
2353 only works together with the tag From: for the LHS of the access
2354 map entries. This feature allows spammers to abuse your mail server
2355 by specifying a return address that you enabled in your access file.
2356 This may be harder to figure out for spammers, but it should not
2357 be used unless necessary. Instead use SMTP AUTH or STARTTLS to
2358 allow relaying for roaming users.
2361 If source routing is used in the recipient address (e.g.,
2362 RCPT TO:<user%site.com@othersite.com>), sendmail will check
2363 user@site.com for relaying if othersite.com is an allowed relay host
2364 in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2365 or the access database if FEATURE(`access_db') is used. To prevent
2366 the address from being stripped down, use:
2368 FEATURE(`loose_relay_check')
2370 If you think you need to use this feature, you probably do not. This
2371 should only be used for sites which have no control over the addresses
2372 that they provide a gateway for. Use this FEATURE with caution as it
2373 can allow spammers to relay through your server if not setup properly.
2375 NOTICE: It is possible to relay mail through a system which the anti-relay
2376 rules do not prevent: the case of a system that does use FEATURE(`nouucp',
2377 `nospecial') (system A) and relays local messages to a mail hub (e.g., via
2378 LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use
2379 FEATURE(`nouucp') at all, addresses of the form
2380 <example.net!user@local.host> would be relayed to <user@example.net>.
2381 System A doesn't recognize `!' as an address separator and therefore
2382 forwards it to the mail hub which in turns relays it because it came from
2383 a trusted local host. So if a mailserver allows UUCP (bang-format)
2384 addresses, all systems from which it allows relaying should do the same
2385 or reject those addresses.
2387 As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2388 an unresolvable domain (i.e., one that DNS, your local name service,
2389 or special case rules in ruleset 3 cannot locate). This also applies
2390 to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2391 IP address can't be mapped to a host name. If you want to continue
2392 to accept such domains, e.g., because you are inside a firewall that
2393 has only a limited view of the Internet host name space (note that you
2394 will not be able to return mail to them unless you have some "smart
2395 host" forwarder), use
2397 FEATURE(`accept_unresolvable_domains')
2399 Alternatively, you can allow specific addresses by adding them to
2400 the access map, e.g.,
2402 From:unresolvable.domain OK
2406 Notice: domains which are temporarily unresolvable are (temporarily)
2407 rejected with a 451 reply code. If those domains should be accepted
2408 (which is discouraged) then you can use
2413 sendmail will also refuse mail if the MAIL FROM: parameter is not
2414 fully qualified (i.e., contains a domain as well as a user). If you
2415 want to continue to accept such senders, use
2417 FEATURE(`accept_unqualified_senders')
2419 Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2420 i.e., unqualified addresses are accepted even without this FEATURE. If
2421 this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2422 to enforce fully qualified domain names.
2424 An ``access'' database can be created to accept or reject mail from
2425 selected domains. For example, you may choose to reject all mail
2426 originating from known spammers. To enable such a database, use
2428 FEATURE(`access_db')
2430 Notice: the access database is applied to the envelope addresses
2431 and the connection information, not to the header.
2433 The FEATURE macro can accept as second parameter the key file
2434 definition for the database; for example
2436 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2438 Notice: If a second argument is specified it must contain the option
2439 `-T<TMPF>' as shown above. The optional third and fourth parameters
2440 may be `skip' or `lookupdotdomain'. The former enables SKIP as
2441 value part (see below), the latter is another way to enable the
2442 feature of the same name (see above).
2444 Remember, since /etc/mail/access is a database, after creating the text
2445 file as described below, you must use makemap to create the database
2448 makemap hash /etc/mail/access < /etc/mail/access
2450 The table itself uses e-mail addresses, domain names, and network
2451 numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:".
2454 From:spammer@aol.com REJECT
2455 From:cyberspammer.com REJECT
2456 Connect:cyberspammer.com REJECT
2458 Connect:192.168.212 REJECT
2459 Connect:IPv6:2002:c0a8:02c7 RELAY
2460 Connect:IPv6:2002:c0a8:51d2::23f4 REJECT
2462 would refuse mail from spammer@aol.com, any user from cyberspammer.com
2463 (or any host within the cyberspammer.com domain), any host in the entire
2464 top level domain TLD, 192.168.212.* network, and the IPv6 address
2465 2002:c0a8:51d2::23f4. It would allow relay for the IPv6 network
2466 2002:c0a8:02c7::/48.
2468 Entries in the access map should be tagged according to their type.
2469 Three tags are available:
2471 Connect: connection information (${client_addr}, ${client_name})
2472 From: envelope sender
2473 To: envelope recipient
2475 Notice: untagged entries are deprecated.
2477 If the required item is looked up in a map, it will be tried first
2478 with the corresponding tag in front, then (as fallback to enable
2479 backward compatibility) without any tag, unless the specific feature
2480 requires a tag. For example,
2482 From:spammer@some.dom REJECT
2483 To:friend.domain RELAY
2484 Connect:friend.domain OK
2485 Connect:from.domain RELAY
2486 From:good@another.dom OK
2487 From:another.dom REJECT
2489 This would deny mails from spammer@some.dom but you could still
2490 send mail to that address even if FEATURE(`blacklist_recipients')
2491 is enabled. Your system will allow relaying to friend.domain, but
2492 not from it (unless enabled by other means). Connections from that
2493 domain will be allowed even if it ends up in one of the DNS based
2494 rejection lists. Relaying is enabled from from.domain but not to
2495 it (since relaying is based on the connection information for
2496 outgoing relaying, the tag Connect: must be used; for incoming
2497 relaying, which is based on the recipient address, To: must be
2498 used). The last two entries allow mails from good@another.dom but
2499 reject mail from all other addresses with another.dom as domain
2503 The value part of the map can contain:
2505 OK Accept mail even if other rules in the running
2506 ruleset would reject it, for example, if the domain
2507 name is unresolvable. "Accept" does not mean
2508 "relay", but at most acceptance for local
2509 recipients. That is, OK allows less than RELAY.
2510 RELAY Accept mail addressed to the indicated domain or
2511 received from the indicated domain for relaying
2512 through your SMTP server. RELAY also serves as
2513 an implicit OK for the other checks.
2514 REJECT Reject the sender or recipient with a general
2516 DISCARD Discard the message completely using the
2517 $#discard mailer. If it is used in check_compat,
2518 it affects only the designated recipient, not
2519 the whole message as it does in all other cases.
2520 This should only be used if really necessary.
2521 SKIP This can only be used for host/domain names
2522 and IP addresses/nets. It will abort the current
2523 search for this entry without accepting or rejecting
2524 it but causing the default action.
2525 ### any text where ### is an RFC 821 compliant error code and
2526 "any text" is a message to return for the command.
2527 The entire string should be quoted to avoid
2532 Otherwise sendmail formats the text as email
2533 addresses, e.g., it may remove spaces.
2534 This type is deprecated, use one of the two
2535 ERROR: entries below instead.
2537 as above, but useful to mark error messages as such.
2538 If quotes need to be used to avoid modifications
2539 (see above), they should be placed like this:
2541 ERROR:"### any text"
2543 ERROR:D.S.N:### any text
2544 where D.S.N is an RFC 1893 compliant error code
2545 and the rest as above. If quotes need to be used
2546 to avoid modifications, they should be placed
2549 ERROR:D.S.N:"### any text"
2552 Quarantine the message using the given text as the
2553 quarantining reason.
2557 From:cyberspammer.com ERROR:"550 We don't accept mail from spammers"
2558 From:okay.cyberspammer.com OK
2559 Connect:sendmail.org RELAY
2560 To:sendmail.org RELAY
2561 Connect:128.32 RELAY
2562 Connect:128.32.2 SKIP
2563 Connect:IPv6:1:2:3:4:5:6:7 RELAY
2564 Connect:suspicious.example.com QUARANTINE:Mail from suspicious host
2565 Connect:[127.0.0.3] OK
2566 Connect:[IPv6:1:2:3:4:5:6:7:8] OK
2568 would accept mail from okay.cyberspammer.com, but would reject mail
2569 from all other hosts at cyberspammer.com with the indicated message.
2570 It would allow relaying mail from and to any hosts in the sendmail.org
2571 domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2572 and from the 128.32.*.* network except for the 128.32.2.* network,
2573 which shows how SKIP is useful to exempt subnets/subdomains. The
2574 last two entries are for checks against ${client_name} if the IP
2575 address doesn't resolve to a hostname (or is considered as "may be
2576 forged"). That is, using square brackets means these are host
2577 names, not network numbers.
2579 Warning: if you change the RFC 821 compliant error code from the default
2580 value of 550, then you should probably also change the RFC 1893 compliant
2581 error code to match it. For example, if you use
2583 To:user@example.com ERROR:450 mailbox full
2585 the error returned would be "450 5.0.0 mailbox full" which is wrong.
2586 Use "ERROR:4.2.2:450 mailbox full" instead.
2588 Note, UUCP users may need to add hostname.UUCP to the access database
2593 FEATURE(`relay_hosts_only')
2595 then the above example will allow relaying for sendmail.org, but not
2596 hosts within the sendmail.org domain. Note that this will also require
2597 hosts listed in class {R} to be fully qualified host names.
2599 You can also use the access database to block sender addresses based on
2600 the username portion of the address. For example:
2602 From:FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted
2604 Note that you must include the @ after the username to signify that
2605 this database entry is for checking only the username portion of the
2610 FEATURE(`blacklist_recipients')
2612 then you can add entries to the map for local users, hosts in your
2613 domains, or addresses in your domain which should not receive mail:
2615 To:badlocaluser@ ERROR:550 Mailbox disabled for badlocaluser
2616 To:host.my.TLD ERROR:550 That host does not accept mail
2617 To:user@other.my.TLD ERROR:550 Mailbox disabled for this recipient
2619 This would prevent a recipient of badlocaluser in any of the local
2620 domains (class {w}), any user at host.my.TLD, and the single address
2621 user@other.my.TLD from receiving mail. Please note: a local username
2622 must be now tagged with an @ (this is consistent with the check of
2623 the sender address, and hence it is possible to distinguish between
2624 hostnames and usernames). Enabling this feature will keep you from
2625 sending mails to all addresses that have an error message or REJECT
2626 as value part in the access map. Taking the example from above:
2628 spammer@aol.com REJECT
2629 cyberspammer.com REJECT
2631 Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2632 That's why tagged entries should be used.
2634 There are several DNS based blacklists, the first of which was
2635 the RBL (``Realtime Blackhole List'') run by the MAPS project,
2636 see http://mail-abuse.org/. These are databases of spammers
2637 maintained in DNS. To use such a database, specify
2641 This will cause sendmail to reject mail from any site in the original
2642 Realtime Blackhole List database. This default DNS blacklist,
2643 blackholes.mail-abuse.org, is a service offered by the Mail Abuse
2644 Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription
2645 service, so using that network address won't work if you haven't
2646 subscribed. Contact MAPS to subscribe (http://mail-abuse.org/).
2648 You can specify an alternative RBL server to check by specifying an
2649 argument to the FEATURE. The default error message is
2651 Rejected: IP-ADDRESS listed at SERVER
2653 where IP-ADDRESS and SERVER are replaced by the appropriate
2654 information. A second argument can be used to specify a different
2655 text. By default, temporary lookup failures are ignored and hence
2656 cause the connection not to be rejected by the DNS based rejection
2657 list. This behavior can be changed by specifying a third argument,
2658 which must be either `t' or a full error message. For example:
2660 FEATURE(`dnsbl', `dnsbl.example.com', `',
2661 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2663 If `t' is used, the error message is:
2665 451 Temporary lookup failure of IP-ADDRESS at SERVER
2667 where IP-ADDRESS and SERVER are replaced by the appropriate
2670 This FEATURE can be included several times to query different
2671 DNS based rejection lists, e.g., the dial-up user list (see
2672 http://mail-abuse.org/dul/).
2674 Notice: to avoid checking your own local domains against those
2675 blacklists, use the access_db feature and add:
2678 Connect:127.0.0.1 RELAY
2680 to the access map, where 10.1 is your local network. You may
2681 want to use "RELAY" instead of "OK" to allow also relaying
2682 instead of just disabling the DNS lookups in the blacklists.
2685 The features described above make use of the check_relay, check_mail,
2686 and check_rcpt rulesets. Note that check_relay checks the SMTP
2687 client hostname and IP address when the connection is made to your
2688 server. It does not check if a mail message is being relayed to
2689 another server. That check is done in check_rcpt. If you wish to
2690 include your own checks, you can put your checks in the rulesets
2691 Local_check_relay, Local_check_mail, and Local_check_rcpt. For
2692 example if you wanted to block senders with all numeric usernames
2693 (i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2697 Kallnumbers regex -a@MATCH ^[0-9]+$
2701 # check address against various regex checks
2702 R$* $: $>Parse0 $>3 $1
2703 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $)
2704 R@MATCH $#error $: 553 Header Error
2706 These rules are called with the original arguments of the corresponding
2707 check_* ruleset. If the local ruleset returns $#OK, no further checking
2708 is done by the features described above and the mail is accepted. If
2709 the local ruleset resolves to a mailer (such as $#error or $#discard),
2710 the appropriate action is taken. Other results starting with $# are
2711 interpreted by sendmail and may lead to unspecified behavior. Note: do
2712 NOT create a mailer with the name OK. Return values that do not start
2713 with $# are ignored, i.e., normal processing continues.
2718 By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2719 will not be called when a client connects or issues a MAIL command,
2720 respectively. Instead, those rulesets will be called by the check_rcpt
2721 ruleset; they will be skipped if a sender has been authenticated using
2722 a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2723 If check_mail returns an error then the RCPT TO command will be rejected
2724 with that error. If it returns some other result starting with $# then
2725 check_relay will be skipped. If the sender address (or a part of it) is
2726 listed in the access map and it has a RHS of OK or RELAY, then check_relay
2727 will be skipped. This has an interesting side effect: if your domain is
2728 my.domain and you have
2732 in the access map, then any e-mail with a sender address of
2733 <user@my.domain> will not be rejected by check_relay even though
2734 it would match the hostname or IP address. This allows spammers
2735 to get around DNS based blacklist by faking the sender address. To
2736 avoid this problem you have to use tagged entries:
2739 Connect:my.domain RELAY
2741 if you need those entries at all (class {R} may take care of them).
2743 FEATURE(`delay_checks') can take an optional argument:
2745 FEATURE(`delay_checks', `friend')
2746 enables spamfriend test
2747 FEATURE(`delay_checks', `hater')
2748 enables spamhater test
2750 If such an argument is given, the recipient will be looked up in the
2751 access map (using the tag Spam:). If the argument is `friend', then
2752 the default behavior is to apply the other rulesets and make a SPAM
2753 friend the exception. The rulesets check_mail and check_relay will be
2754 skipped only if the recipient address is found and has RHS FRIEND. If
2755 the argument is `hater', then the default behavior is to skip the rulesets
2756 check_mail and check_relay and make a SPAM hater the exception. The
2757 other two rulesets will be applied only if the recipient address is
2758 found and has RHS HATER.
2760 This allows for simple exceptions from the tests, e.g., by activating
2761 the friend option and having
2765 in the access map, mail to abuse@localdomain will get through (where
2766 "localdomain" is any domain in class {w}). It is also possible to
2767 specify a full address or an address with +detail:
2769 Spam:abuse@my.domain FRIEND
2770 Spam:me+abuse@ FRIEND
2771 Spam:spam.domain FRIEND
2773 Note: The required tag has been changed in 8.12 from To: to Spam:.
2774 This change is incompatible to previous versions. However, you can
2775 (for now) simply add the new entries to the access map, the old
2776 ones will be ignored. As soon as you removed the old entries from
2777 the access map, specify a third parameter (`n') to this feature and
2778 the backward compatibility rules will not be in the generated .cf
2784 You can also reject mail on the basis of the contents of headers.
2785 This is done by adding a ruleset call to the 'H' header definition command
2786 in sendmail.cf. For example, this can be used to check the validity of
2787 a Message-ID: header:
2790 HMessage-Id: $>CheckMessageId
2795 R$* $#error $: 553 Header Error
2797 The alternative format:
2799 HSubject: $>+CheckSubject
2801 that is, $>+ instead of $>, gives the full Subject: header including
2802 comments to the ruleset (comments in parentheses () are stripped
2805 A default ruleset for headers which don't have a specific ruleset
2806 defined for them can be given by:
2811 1. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2812 That may cause problems with simple header checks due to the
2813 tokenization. It might be simpler to use a regex map and apply it
2815 2. There are no default rulesets coming with this distribution of
2816 sendmail. You can write your own, can search the WWW for examples,
2817 or take a look at cf/cf/knecht.mc.
2818 3. When using a default ruleset for headers, the name of the header
2819 currently being checked can be found in the $&{hdr_name} macro.
2821 After all of the headers are read, the check_eoh ruleset will be called for
2822 any final header-related checks. The ruleset is called with the number of
2823 headers and the size of all of the headers in bytes separated by $|. One
2824 example usage is to reject messages which do not have a Message-Id:
2825 header. However, the Message-Id: header is *NOT* a required header and is
2826 not a guaranteed spam indicator. This ruleset is an example and should
2827 probably not be used in production.
2831 HMessage-Id: $>CheckMessageId
2835 # Record the presence of the header
2836 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
2838 R$* $#error $: 553 Header Error
2842 R$* $: < $&{MessageIdCheck} >
2843 # Clear the macro for the next message
2844 R$* $: $(storage {MessageIdCheck} $) $1
2845 # Has a Message-Id: header
2847 # Allow missing Message-Id: from local mail
2848 R$* $: < $&{client_name} >
2851 # Otherwise, reject the mail
2852 R$* $#error $: 553 Header Error
2855 +--------------------+
2856 | CONNECTION CONTROL |
2857 +--------------------+
2859 The features ratecontrol and conncontrol allow to establish connection
2860 limits per client IP address or net. These features can limit the
2861 rate of connections (connections per time unit) or the number of
2862 incoming SMTP connections, respectively. If enabled, appropriate
2863 rulesets are called at the end of check_relay, i.e., after DNS
2864 blacklists and generic access_db operations. The features require
2865 FEATURE(`access_db') to be listed earlier in the mc file.
2867 Note: FEATURE(`delay_checks') delays those connection control checks
2868 after a recipient address has been received, hence making these
2869 connection control features less useful. To run the checks as early
2870 as possible, specify the parameter `nodelay', e.g.,
2872 FEATURE(`ratecontrol', `nodelay')
2874 In that case, FEATURE(`delay_checks') has no effect on connection
2875 control (and it must be specified earlier in the mc file).
2877 An optional second argument `terminate' specifies whether the
2878 rulesets should return the error code 421 which will cause
2879 sendmail to terminate the session with that error if it is
2880 returned from check_relay, i.e., not delayed as explained in
2881 the previous paragraph. Example:
2883 FEATURE(`ratecontrol', `nodelay', `terminate')
2890 In this text, cert will be used as an abbreviation for X.509 certificate,
2891 DN (CN) is the distinguished (common) name of a cert, and CA is a
2892 certification authority, which signs (issues) certs.
2894 For STARTTLS to be offered by sendmail you need to set at least
2895 these variables (the file names and paths are just examples):
2897 define(`confCACERT_PATH', `/etc/mail/certs/')
2898 define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
2899 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
2900 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
2902 On systems which do not have the compile flag HASURANDOM set (see
2903 sendmail/README) you also must set confRAND_FILE.
2905 See doc/op/op.{me,ps,txt} for more information about these options,
2906 especially the sections ``Certificates for STARTTLS'' and ``PRNG for
2909 Macros related to STARTTLS are:
2911 ${cert_issuer} holds the DN of the CA (the cert issuer).
2912 ${cert_subject} holds the DN of the cert (called the cert subject).
2913 ${cn_issuer} holds the CN of the CA (the cert issuer).
2914 ${cn_subject} holds the CN of the cert (called the cert subject).
2915 ${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
2916 TLSv1/SSLv3, SSLv3, SSLv2.
2917 ${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
2918 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
2919 ${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
2920 used for the connection.
2921 ${verify} holds the result of the verification of the presented cert.
2922 Possible values are:
2923 OK verification succeeded.
2924 NO no cert presented.
2925 NOT no cert requested.
2926 FAIL cert presented but could not be verified,
2927 e.g., the cert of the signing CA is missing.
2928 NONE STARTTLS has not been performed.
2929 TEMP temporary error occurred.
2930 PROTOCOL protocol error occurred (SMTP level).
2931 SOFTWARE STARTTLS handshake failed.
2932 ${server_name} the name of the server of the current outgoing SMTP
2934 ${server_addr} the address of the server of the current outgoing SMTP
2940 SMTP STARTTLS can allow relaying for remote SMTP clients which have
2941 successfully authenticated themselves. If the verification of the cert
2942 failed (${verify} != OK), relaying is subject to the usual rules.
2943 Otherwise the DN of the issuer is looked up in the access map using the
2944 tag CERTISSUER. If the resulting value is RELAY, relaying is allowed.
2945 If it is SUBJECT, the DN of the cert subject is looked up next in the
2946 access map using the tag CERTSUBJECT. If the value is RELAY, relaying
2949 To make things a bit more flexible (or complicated), the values for
2950 ${cert_issuer} and ${cert_subject} can be optionally modified by regular
2951 expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
2952 _CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
2953 rulesets and map lookups, they are modified as follows: each non-printable
2954 character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
2955 by their HEX value with a leading '+'. For example:
2957 /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
2958 darth+cert@endmail.org
2962 /C=US/ST=California/O=endmail.org/OU=private/CN=
2963 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2965 (line breaks have been inserted for readability).
2967 The macros which are subject to this encoding are ${cert_subject},
2968 ${cert_issuer}, ${cn_subject}, and ${cn_issuer}.
2972 To allow relaying for everyone who can present a cert signed by
2974 /C=US/ST=California/O=endmail.org/OU=private/CN=
2975 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2979 CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2980 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY
2982 To allow relaying only for a subset of machines that have a cert signed by
2984 /C=US/ST=California/O=endmail.org/OU=private/CN=
2985 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2989 CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2990 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT
2991 CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
2992 DeathStar/Email=deathstar@endmail.org RELAY
2995 - line breaks have been inserted after "CN=" for readability,
2996 each tagged entry must be one (long) line in the access map.
2997 - if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
2998 is replaced by "emailAddress=".
3000 Of course it is also possible to write a simple ruleset that allows
3001 relaying for everyone who can present a cert that can be verified, e.g.,
3008 Allowing Connections
3009 --------------------
3011 The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
3012 an SMTP connection is accepted (or should continue).
3014 tls_server is called when sendmail acts as client after a STARTTLS command
3015 (should) have been issued. The parameter is the value of ${verify}.
3017 tls_client is called when sendmail acts as server, after a STARTTLS command
3018 has been issued, and from check_mail. The parameter is the value of
3019 ${verify} and STARTTLS or MAIL, respectively.
3021 Both rulesets behave the same. If no access map is in use, the connection
3022 will be accepted unless ${verify} is SOFTWARE, in which case the connection
3023 is always aborted. For tls_server/tls_client, ${client_name}/${server_name}
3024 is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
3025 with the ruleset LookUpDomain. If no entry is found, ${client_addr}
3026 (${server_addr}) is looked up in the access map (same tag, ruleset
3027 LookUpAddr). If this doesn't result in an entry either, just the tag is
3028 looked up in the access map (included the trailing colon). Notice:
3029 requiring that e-mail is sent to a server only encrypted, e.g., via
3031 TLS_Srv:secure.domain ENCR:112
3033 doesn't necessarily mean that e-mail sent to that domain is encrypted.
3034 If the domain has multiple MX servers, e.g.,
3036 secure.domain. IN MX 10 mail.secure.domain.
3037 secure.domain. IN MX 50 mail.other.domain.
3039 then mail to user@secure.domain may go unencrypted to mail.other.domain.
3040 tls_rcpt can be used to address this problem.
3042 tls_rcpt is called before a RCPT TO: command is sent. The parameter is the
3043 current recipient. This ruleset is only defined if FEATURE(`access_db')
3044 is selected. A recipient address user@domain is looked up in the access
3045 map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
3046 and TLS_Rcpt:; the first match is taken.
3048 The result of the lookups is then used to call the ruleset TLS_connection,
3049 which checks the requirement specified by the RHS in the access map against
3050 the actual parameters of the current TLS connection, esp. ${verify} and
3051 ${cipher_bits}. Legal RHSs in the access map are:
3053 VERIFY verification must have succeeded
3054 VERIFY:bits verification must have succeeded and ${cipher_bits} must
3055 be greater than or equal bits.
3056 ENCR:bits ${cipher_bits} must be greater than or equal bits.
3058 The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
3059 or permanent error. The default is a temporary error code (403 4.7.0)
3060 unless the macro TLS_PERM_ERR is set during generation of the .cf file.
3062 If a certain level of encryption is required, then it might also be
3063 possible that this level is provided by the security layer from a SASL
3064 algorithm, e.g., DIGEST-MD5.
3066 Furthermore, there can be a list of extensions added. Such a list
3067 starts with '+' and the items are separated by '++'. Allowed
3070 CN:name name must match ${cn_subject}
3071 CN ${server_name} must match ${cn_subject}
3072 CS:name name must match ${cert_subject}
3073 CI:name name must match ${cert_issuer}
3075 Example: e-mail sent to secure.example.com should only use an encrypted
3076 connection. E-mail received from hosts within the laptop.example.com domain
3077 should only be accepted if they have been authenticated. The host which
3078 receives e-mail for darth@endmail.org must present a cert that uses the
3079 CN smtp.endmail.org.
3081 TLS_Srv:secure.example.com ENCR:112
3082 TLS_Clt:laptop.example.com PERM+VERIFY:112
3083 TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
3086 Disabling STARTTLS And Setting SMTP Server Features
3087 ---------------------------------------------------
3089 By default STARTTLS is used whenever possible. However, there are
3090 some broken MTAs that don't properly implement STARTTLS. To be able
3091 to send to (or receive from) those MTAs, the ruleset try_tls
3092 (srv_features) can be used that work together with the access map.
3093 Entries for the access map must be tagged with Try_TLS (Srv_Features)
3094 and refer to the hostname or IP address of the connecting system.
3095 A default case can be specified by using just the tag. For example,
3096 the following entries in the access map:
3098 Try_TLS:broken.server NO
3099 Srv_Features:my.domain v
3102 will turn off STARTTLS when sending to broken.server (or any host
3103 in that domain), and request a client certificate during the TLS
3104 handshake only for hosts in my.domain. The valid entries on the RHS
3105 for Srv_Features are listed in the Sendmail Installation and
3112 The Received: header reveals whether STARTTLS has been used. It contains an
3115 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
3118 +---------------------+
3119 | SMTP AUTHENTICATION |
3120 +---------------------+
3122 The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
3123 used in anti-relay rulesets to allow relaying for those users that
3124 authenticated themselves. A very simple example is:
3127 R$* $: $&{auth_type}
3130 which checks whether a user has successfully authenticated using
3131 any available mechanism. Depending on the setup of the Cyrus SASL
3132 library, more sophisticated rulesets might be required, e.g.,
3135 R$* $: $&{auth_type} $| $&{auth_authen}
3136 RDIGEST-MD5 $| $+@$=w $# OK
3138 to allow relaying for users that authenticated using DIGEST-MD5
3139 and have an identity in the local domains.
3141 The ruleset trust_auth is used to determine whether a given AUTH=
3142 parameter (that is passed to this ruleset) should be trusted. This
3143 ruleset may make use of the other ${auth_*} macros. Only if the
3144 ruleset resolves to the error mailer, the AUTH= parameter is not
3145 trusted. A user supplied ruleset Local_trust_auth can be written
3146 to modify the default behavior, which only trust the AUTH=
3147 parameter if it is identical to the authenticated user.
3149 Per default, relaying is allowed for any user who authenticated
3150 via a "trusted" mechanism, i.e., one that is defined via
3151 TRUST_AUTH_MECH(`list of mechanisms')
3153 TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
3155 If the selected mechanism provides a security layer the number of
3156 bits used for the key of the symmetric cipher is stored in the
3159 Providing SMTP AUTH Data when sendmail acts as Client
3160 -----------------------------------------------------
3162 If sendmail acts as client, it needs some information how to
3163 authenticate against another MTA. This information can be provided
3164 by the ruleset authinfo or by the option DefaultAuthInfo. The
3165 authinfo ruleset looks up {server_name} using the tag AuthInfo: in
3166 the access map. If no entry is found, {server_addr} is looked up
3167 in the same way and finally just the tag AuthInfo: to provide
3168 default values. Note: searches for domain parts or IP nets are
3169 only performed if the access map is used; if the authinfo feature
3170 is used then only up to three lookups are performed (two exact
3171 matches, one default).
3173 Note: If your daemon does client authentication when sending, and
3174 if it uses either PLAIN or LOGIN authentication, then you *must*
3175 prevent ordinary users from seeing verbose output. Do NOT install
3176 sendmail set-user-ID. Use PrivacyOptions to turn off verbose output
3177 ("goaway" works for this).
3179 Notice: the default configuration file causes the option DefaultAuthInfo
3180 to fail since the ruleset authinfo is in the .cf file. If you really
3181 want to use DefaultAuthInfo (it is deprecated) then you have to
3184 The RHS for an AuthInfo: entry in the access map should consists of a
3185 list of tokens, each of which has the form: "TDstring" (including
3186 the quotes). T is a tag which describes the item, D is a delimiter,
3187 either ':' for simple text or '=' for a base64 encoded string.
3188 Valid values for the tag are:
3190 U user (authorization) id
3194 M list of mechanisms delimited by spaces
3196 Example entries are:
3198 AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
3199 AuthInfo:host.more.dom "U:user" "P=c2VjcmV0"
3201 User id or authentication id must exist as well as the password. All
3202 other entries have default values. If one of user or authentication
3203 id is missing, the existing value is used for the missing item.
3204 If "R:" is not specified, realm defaults to $j. The list of mechanisms
3205 defaults to those specified by AuthMechanisms.
3207 Since this map contains sensitive information, either the access
3208 map must be unreadable by everyone but root (or the trusted user)
3209 or FEATURE(`authinfo') must be used which provides a separate map.
3210 Notice: It is not checked whether the map is actually
3211 group/world-unreadable, this is left to the user.
3213 +--------------------------------+
3214 | ADDING NEW MAILERS OR RULESETS |
3215 +--------------------------------+
3217 Sometimes you may need to add entirely new mailers or rulesets. They
3218 should be introduced with the constructs MAILER_DEFINITIONS and
3219 LOCAL_RULESETS respectively. For example:
3229 Local additions for the rulesets srv_features, try_tls, tls_rcpt,
3230 tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
3231 LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
3232 respectively. For example, to add a local ruleset that decides
3233 whether to try STARTTLS in a sendmail client, use:
3238 Note: you don't need to add a name for the ruleset, it is implicitly
3239 defined by using the appropriate macro.
3242 +-------------------------+
3243 | ADDING NEW MAIL FILTERS |
3244 +-------------------------+
3246 Sendmail supports mail filters to filter incoming SMTP messages according
3247 to the "Sendmail Mail Filter API" documentation. These filters can be
3248 configured in your mc file using the two commands:
3250 MAIL_FILTER(`name', `equates')
3251 INPUT_MAIL_FILTER(`name', `equates')
3253 The first command, MAIL_FILTER(), simply defines a filter with the given
3254 name and equates. For example:
3256 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3258 This creates the equivalent sendmail.cf entry:
3260 Xarchive, S=local:/var/run/archivesock, F=R
3262 The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
3263 but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
3264 of the filter such that the filter will actually be called by sendmail.
3266 For example, the two commands:
3268 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3269 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3271 are equivalent to the three commands:
3273 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3274 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3275 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
3277 In general, INPUT_MAIL_FILTER() should be used unless you need to define
3278 more filters than you want to use for `confINPUT_MAIL_FILTERS'.
3280 Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
3281 commands will clear the list created by the prior INPUT_MAIL_FILTER()
3285 +-------------------------+
3286 | QUEUE GROUP DEFINITIONS |
3287 +-------------------------+
3289 In addition to the queue directory (which is the default queue group
3290 called "mqueue"), sendmail can deal with multiple queue groups, which
3291 are collections of queue directories with the same behaviour. Queue
3292 groups can be defined using the command:
3294 QUEUE_GROUP(`name', `equates')
3296 For details about queue groups, please see doc/op/op.{me,ps,txt}.
3298 +-------------------------------+
3299 | NON-SMTP BASED CONFIGURATIONS |
3300 +-------------------------------+
3302 These configuration files are designed primarily for use by
3303 SMTP-based sites. They may not be well tuned for UUCP-only or
3304 UUCP-primarily nodes (the latter is defined as a small local net
3305 connected to the rest of the world via UUCP). However, there is
3306 one hook to handle some special cases.
3308 You can define a ``smart host'' that understands a richer address syntax
3311 define(`SMART_HOST', `mailer:hostname')
3313 In this case, the ``mailer:'' defaults to "relay". Any messages that
3314 can't be handled using the usual UUCP rules are passed to this host.
3316 If you are on a local SMTP-based net that connects to the outside
3317 world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
3320 define(`SMART_HOST', `uucp-new:uunet')
3322 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
3324 This will cause all names that end in your domain name ($m) to be sent
3325 via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3326 If you have FEATURE(`nocanonify'), you may need to omit the dots after
3327 the $m. If you are running a local DNS inside your domain which is
3328 not otherwise connected to the outside world, you probably want to
3331 define(`SMART_HOST', `smtp:fire.wall.com')
3333 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3
3335 That is, send directly only to things you found in your DNS lookup;
3336 anything else goes through SMART_HOST.
3338 You may need to turn off the anti-spam rules in order to accept
3339 UUCP mail with FEATURE(`promiscuous_relay') and
3340 FEATURE(`accept_unresolvable_domains').
3347 Normally, the $j macro is automatically defined to be your fully
3348 qualified domain name (FQDN). Sendmail does this by getting your
3349 host name using gethostname and then calling gethostbyname on the
3350 result. For example, in some environments gethostname returns
3351 only the root of the host name (such as "foo"); gethostbyname is
3352 supposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
3353 cases, gethostbyname may fail to return the FQDN. In this case
3354 you MUST define confDOMAIN_NAME to be your fully qualified domain
3355 name. This is usually done using:
3358 define(`confDOMAIN_NAME', `$w.$m')dnl
3361 +-----------------------------------+
3362 | ACCEPTING MAIL FOR MULTIPLE NAMES |
3363 +-----------------------------------+
3365 If your host is known by several different names, you need to augment
3366 class {w}. This is a list of names by which your host is known, and
3367 anything sent to an address using a host name in this list will be
3368 treated as local mail. You can do this in two ways: either create the
3369 file /etc/mail/local-host-names containing a list of your aliases (one per
3370 line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3371 ``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
3372 name of the host, rather than a short name.
3374 If you want to have different address in different domains, take
3375 a look at the virtusertable feature, which is also explained at
3376 http://www.sendmail.org/virtual-hosting.html
3379 +--------------------+
3380 | USING MAILERTABLES |
3381 +--------------------+
3383 To use FEATURE(`mailertable'), you will have to create an external
3384 database containing the routing information for various domains.
3385 For example, a mailertable file in text format might be:
3387 .my.domain xnet:%1.my.domain
3388 uuhost1.my.domain uucp-new:uuhost1
3389 .bitnet smtp:relay.bit.net
3391 This should normally be stored in /etc/mail/mailertable. The actual
3392 database version of the mailertable is built using:
3394 makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3396 The semantics are simple. Any LHS entry that does not begin with
3397 a dot matches the full host name indicated. LHS entries beginning
3398 with a dot match anything ending with that domain name (including
3399 the leading dot) -- that is, they can be thought of as having a
3400 leading ".+" regular expression pattern for a non-empty sequence of
3401 characters. Matching is done in order of most-to-least qualified
3402 -- for example, even though ".my.domain" is listed first in the
3403 above example, an entry of "uuhost1.my.domain" will match the second
3404 entry since it is more explicit. Note: e-mail to "user@my.domain"
3405 does not match any entry in the above table. You need to have
3408 my.domain esmtp:host.my.domain
3410 The RHS should always be a "mailer:host" pair. The mailer is the
3411 configuration name of a mailer (that is, an M line in the
3412 sendmail.cf file). The "host" will be the hostname passed to
3413 that mailer. In domain-based matches (that is, those with leading
3414 dots) the "%1" may be used to interpolate the wildcarded part of
3415 the host name. For example, the first line above sends everything
3416 addressed to "anything.my.domain" to that same host name, but using
3417 the (presumably experimental) xnet mailer.
3419 In some cases you may want to temporarily turn off MX records,
3420 particularly on gateways. For example, you may want to MX
3421 everything in a domain to one machine that then forwards it
3422 directly. To do this, you might use the DNS configuration:
3424 *.domain. IN MX 0 relay.machine
3426 and on relay.machine use the mailertable:
3428 .domain smtp:[gateway.domain]
3430 The [square brackets] turn off MX records for this host only.
3431 If you didn't do this, the mailertable would use the MX record
3432 again, which would give you an MX loop. Note that the use of
3433 wildcard MX records is almost always a bad idea. Please avoid
3434 using them if possible.
3437 +--------------------------------+
3438 | USING USERDB TO MAP FULL NAMES |
3439 +--------------------------------+
3441 The user database was not originally intended for mapping full names
3442 to login names (e.g., Eric.Allman => eric), but some people are using
3443 it that way. (it is recommended that you set up aliases for this
3444 purpose instead -- since you can specify multiple alias files, this
3445 is fairly easy.) The intent was to locate the default maildrop at
3446 a site, but allow you to override this by sending to a specific host.
3448 If you decide to set up the user database in this fashion, it is
3449 imperative that you not use FEATURE(`stickyhost') -- otherwise,
3450 e-mail sent to Full.Name@local.host.name will be rejected.
3452 To build the internal form of the user database, use:
3454 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3456 As a general rule, it is an extremely bad idea to using full names
3457 as e-mail addresses, since they are not in any sense unique. For
3458 example, the UNIX software-development community has at least two
3459 well-known Peter Deutsches, and at one time Bell Labs had two
3460 Stephen R. Bournes with offices along the same hallway. Which one
3461 will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3462 The less famous of the two, or the one that was hired later?
3464 Finger should handle full names (and be fuzzy). Mail should use
3465 handles, and not be fuzzy.
3468 +--------------------------------+
3469 | MISCELLANEOUS SPECIAL FEATURES |
3470 +--------------------------------+
3473 Sometimes it is convenient to merge configuration on a
3474 centralized mail machine, for example, to forward all
3475 root mail to a mail server. In this case it might be
3476 useful to be able to treat the root addresses as a class
3477 of addresses with subtle differences. You can do this
3478 using plussed users. For example, a client might include
3481 root: root+client1@server
3483 On the server, this will match an alias for "root+client1".
3484 If that is not found, the alias "root+*" will be tried,
3492 A lot of sendmail security comes down to you. Sendmail 8 is much
3493 more careful about checking for security problems than previous
3494 versions, but there are some things that you still need to watch
3497 * Make sure the aliases file is not writable except by trusted
3498 system personnel. This includes both the text and database
3501 * Make sure that other files that sendmail reads, such as the
3502 mailertable, are only writable by trusted system personnel.
3504 * The queue directory should not be world writable PARTICULARLY
3505 if your system allows "file giveaways" (that is, if a non-root
3506 user can chown any file they own to any other user).
3508 * If your system allows file giveaways, DO NOT create a publically
3509 writable directory for forward files. This will allow anyone
3510 to steal anyone else's e-mail. Instead, create a script that
3511 copies the .forward file from users' home directories once a
3512 night (if you want the non-NFS-mounted forward directory).
3514 * If your system allows file giveaways, you'll find that
3515 sendmail is much less trusting of :include: files -- in
3516 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3517 /etc/shells before they will be trusted (that is, before
3518 files and programs listed in them will be honored).
3520 In general, file giveaways are a mistake -- if you can turn them
3524 +--------------------------------+
3525 | TWEAKING CONFIGURATION OPTIONS |
3526 +--------------------------------+
3528 There are a large number of configuration options that don't normally
3529 need to be changed. However, if you feel you need to tweak them,
3530 you can define the following M4 variables. Note that some of these
3531 variables require formats that are defined in RFC 2821 or RFC 2822.
3532 Before changing them you need to make sure you do not violate those
3533 (and other relevant) RFCs.
3535 This list is shown in four columns: the name you define, the default
3536 value for that definition, the option or macro that is affected
3537 (either Ox for an option or Dx for a macro), and a brief description.
3538 Greater detail of the semantics can be found in the Installation
3539 and Operations Guide.
3541 Some options are likely to be deprecated in future versions -- that is,
3542 the option is only included to provide back-compatibility. These are
3545 Remember that these options are M4 variables, and hence may need to
3546 be quoted. In particular, arguments with commas will usually have to
3547 be ``double quoted, like this phrase'' to avoid having the comma
3548 confuse things. This is common for alias file definitions and for
3551 M4 Variable Name Configuration [Default] & Description
3552 ================ ============= =======================
3553 confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
3554 for internally generated outgoing
3556 confDOMAIN_NAME $j macro If defined, sets $j. This should
3557 only be done if your system cannot
3558 determine your local domain name,
3559 and then it should be set to
3560 $w.Foo.COM, where Foo.COM is your
3562 confCF_VERSION $Z macro If defined, this is appended to the
3563 configuration version name.
3564 confLDAP_CLUSTER ${sendmailMTACluster} macro
3565 If defined, this is the LDAP
3566 cluster to use for LDAP searches
3567 as described above in ``USING LDAP
3568 FOR ALIASES, MAPS, AND CLASSES''.
3569 confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
3570 internally generated From: address.
3571 confRECEIVED_HEADER Received:
3572 [$?sfrom $s $.$?_($?s$|from $.$_)
3573 $.$?{auth_type}(authenticated)
3574 $.by $j ($v/$Z)$?r with $r$. id $i$?u
3577 The format of the Received: header
3578 in messages passed through this host.
3579 It is unwise to try to change this.
3580 confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an
3581 internally generated Message-Id:
3583 confCW_FILE Fw class [/etc/mail/local-host-names] Name
3584 of file used to get the local
3585 additions to class {w} (local host
3587 confCT_FILE Ft class [/etc/mail/trusted-users] Name of
3588 file used to get the local additions
3589 to class {t} (trusted users).
3590 confCR_FILE FR class [/etc/mail/relay-domains] Name of
3591 file used to get the local additions
3592 to class {R} (hosts allowed to relay).
3593 confTRUSTED_USERS Ct class [no default] Names of users to add to
3594 the list of trusted users. This list
3595 always includes root, uucp, and daemon.
3596 See also FEATURE(`use_ct_file').
3597 confTRUSTED_USER TrustedUser [no default] Trusted user for file
3598 ownership and starting the daemon.
3599 Not to be confused with
3600 confTRUSTED_USERS (see above).
3601 confSMTP_MAILER - [esmtp] The mailer name used when
3602 SMTP connectivity is required.
3603 One of "smtp", "smtp8",
3604 "esmtp", or "dsmtp".
3605 confUUCP_MAILER - [uucp-old] The mailer to be used by
3606 default for bang-format recipient
3607 addresses. See also discussion of
3608 class {U}, class {Y}, and class {Z}
3609 in the MAILER(`uucp') section.
3610 confLOCAL_MAILER - [local] The mailer name used when
3611 local connectivity is required.
3612 Almost always "local".
3613 confRELAY_MAILER - [relay] The default mailer name used
3614 for relaying any mail (e.g., to a
3615 BITNET_RELAY, a SMART_HOST, or
3616 whatever). This can reasonably be
3617 "uucp-new" if you are on a
3618 UUCP-connected site.
3619 confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits?
3620 confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
3621 confALIAS_WAIT AliasWait [10m] Time to wait for alias file
3622 rebuild until you get bored and
3623 decide that the apparently pending
3625 confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on
3626 queue filesystem to accept SMTP mail.
3627 (Prior to 8.7 this was minfree/maxsize,
3628 where minfree was the number of free
3629 blocks and maxsize was the maximum
3630 message size. Use confMAX_MESSAGE_SIZE
3631 for the second value now.)
3632 confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages
3633 that will be accepted (in bytes).
3634 confBLANK_SUB BlankSub [.] Blank (space) substitution
3636 confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately
3637 to mailers marked expensive.
3638 confCHECKPOINT_INTERVAL CheckpointInterval
3639 [10] Checkpoint queue files every N
3641 confDELIVERY_MODE DeliveryMode [background] Default delivery mode.
3642 confERROR_MODE ErrorMode [print] Error message mode.
3643 confERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
3644 confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines.
3645 confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode.
3646 confMATCH_GECOS MatchGECOS [False] Match GECOS field.
3647 confMAX_HOP MaxHopCount [25] Maximum hop count.
3648 confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
3649 mode] Ignore dot as terminator for
3651 confBIND_OPTS ResolverOptions [undefined] Default options for DNS
3653 confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
3654 encapsulated messages per RFC 1344.
3655 confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward]
3656 The colon-separated list of places to
3657 search for .forward files. N.B.: see
3658 the Security Notes section.
3659 confMCI_CACHE_SIZE ConnectionCacheSize
3660 [2] Size of open connection cache.
3661 confMCI_CACHE_TIMEOUT ConnectionCacheTimeout
3662 [5m] Open connection cache timeout.
3663 confHOST_STATUS_DIRECTORY HostStatusDirectory
3664 [undefined] If set, host status is kept
3665 on disk between sendmail runs in the
3666 named directory tree. This need not be
3667 a full pathname, in which case it is
3668 interpreted relative to the queue
3670 confSINGLE_THREAD_DELIVERY SingleThreadDelivery
3671 [False] If this option and the
3672 HostStatusDirectory option are both
3673 set, single thread deliveries to other
3674 hosts. That is, don't allow any two
3675 sendmails on this host to connect
3676 simultaneously to any other single
3677 host. This can slow down delivery in
3678 some cases, in particular since a
3679 cached but otherwise idle connection
3680 to a host will prevent other sendmails
3681 from connecting to the other host.
3682 confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
3683 deliver error messages. This should
3684 not be necessary because of general
3685 acceptance of the envelope/header
3687 confLOG_LEVEL LogLevel [9] Log level.
3688 confME_TOO MeToo [True] Include sender in group
3689 expansions. This option is
3690 deprecated and will be removed from
3692 confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when
3693 running newaliases. Since this does
3694 DNS lookups on every address, it can
3695 slow down the alias rebuild process
3696 considerably on large alias files.
3697 confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without
3698 special chars are old style.
3699 confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags.
3700 confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
3701 copies of all error messages.
3702 confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
3703 confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for
3704 queue files (octal). If not set,
3705 sendmail uses 0600 unless its real
3706 and effective uid are different in
3707 which case it uses 0644.
3708 confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
3709 syntax addresses to the minimum
3711 confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk
3713 confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
3714 on the initial connect.
3715 confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial
3716 connect() to complete. This can only
3717 shorten connection timeouts; the kernel
3718 silently enforces an absolute maximum
3719 (which varies depending on the system).
3720 confTO_ICONNECT Timeout.iconnect
3721 [undefined] Like Timeout.connect, but
3722 applies only to the very first attempt
3723 to connect to a host in a message.
3724 This allows a single very fast pass
3725 followed by more careful delivery
3726 attempts in the future.
3727 confTO_ACONNECT Timeout.aconnect
3728 [0] The overall timeout waiting for
3729 all connection for a single delivery
3730 attempt to succeed. If 0, no overall
3732 confTO_HELO Timeout.helo [5m] The timeout waiting for a response
3733 to a HELO or EHLO command.
3734 confTO_MAIL Timeout.mail [10m] The timeout waiting for a
3735 response to the MAIL command.
3736 confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response
3737 to the RCPT command.
3738 confTO_DATAINIT Timeout.datainit
3739 [5m] The timeout waiting for a 354
3740 response from the DATA command.
3741 confTO_DATABLOCK Timeout.datablock
3742 [1h] The timeout waiting for a block
3744 confTO_DATAFINAL Timeout.datafinal
3745 [1h] The timeout waiting for a response
3746 to the final "." that terminates a
3748 confTO_RSET Timeout.rset [5m] The timeout waiting for a response
3749 to the RSET command.
3750 confTO_QUIT Timeout.quit [2m] The timeout waiting for a response
3751 to the QUIT command.
3752 confTO_MISC Timeout.misc [2m] The timeout waiting for a response
3753 to other SMTP commands.
3754 confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout
3755 waiting for a command to be issued.
3756 confTO_IDENT Timeout.ident [5s] The timeout waiting for a
3757 response to an IDENT query.
3758 confTO_FILEOPEN Timeout.fileopen
3759 [60s] The timeout waiting for a file
3760 (e.g., :include: file) to be opened.
3761 confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response
3762 to an LMTP LHLO command.
3763 confTO_AUTH Timeout.auth [10m] The timeout waiting for a
3764 response in an AUTH dialogue.
3765 confTO_STARTTLS Timeout.starttls
3766 [1h] The timeout waiting for a
3767 response to an SMTP STARTTLS command.
3768 confTO_CONTROL Timeout.control
3769 [2m] The timeout for a complete
3770 control socket transaction to complete.
3771 confTO_QUEUERETURN Timeout.queuereturn
3772 [5d] The timeout before a message is
3773 returned as undeliverable.
3774 confTO_QUEUERETURN_NORMAL
3775 Timeout.queuereturn.normal
3776 [undefined] As above, for normal
3778 confTO_QUEUERETURN_URGENT
3779 Timeout.queuereturn.urgent
3780 [undefined] As above, for urgent
3782 confTO_QUEUERETURN_NONURGENT
3783 Timeout.queuereturn.non-urgent
3784 [undefined] As above, for non-urgent
3785 (low) priority messages.
3786 confTO_QUEUERETURN_DSN
3787 Timeout.queuereturn.dsn
3788 [undefined] As above, for delivery
3789 status notification messages.
3790 confTO_QUEUEWARN Timeout.queuewarn
3791 [4h] The timeout before a warning
3792 message is sent to the sender telling
3793 them that the message has been
3795 confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal
3796 [undefined] As above, for normal
3798 confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent
3799 [undefined] As above, for urgent
3801 confTO_QUEUEWARN_NONURGENT
3802 Timeout.queuewarn.non-urgent
3803 [undefined] As above, for non-urgent
3804 (low) priority messages.
3805 confTO_QUEUEWARN_DSN
3806 Timeout.queuewarn.dsn
3807 [undefined] As above, for delivery
3808 status notification messages.
3809 confTO_HOSTSTATUS Timeout.hoststatus
3810 [30m] How long information about host
3811 statuses will be maintained before it
3812 is considered stale and the host should
3813 be retried. This applies both within
3814 a single queue run and to persistent
3815 information (see below).
3816 confTO_RESOLVER_RETRANS Timeout.resolver.retrans
3817 [varies] Sets the resolver's
3818 retransmission time interval (in
3820 Timeout.resolver.retrans.first and
3821 Timeout.resolver.retrans.normal.
3822 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
3823 [varies] Sets the resolver's
3824 retransmission time interval (in
3825 seconds) for the first attempt to
3827 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
3828 [varies] Sets the resolver's
3829 retransmission time interval (in
3830 seconds) for all resolver lookups
3831 except the first delivery attempt.
3832 confTO_RESOLVER_RETRY Timeout.resolver.retry
3833 [varies] Sets the number of times
3834 to retransmit a resolver query.
3836 Timeout.resolver.retry.first and
3837 Timeout.resolver.retry.normal.
3838 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
3839 [varies] Sets the number of times
3840 to retransmit a resolver query for
3841 the first attempt to deliver a
3843 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
3844 [varies] Sets the number of times
3845 to retransmit a resolver query for
3846 all resolver lookups except the
3847 first delivery attempt.
3848 confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
3849 USE_SYSTEM to use the system's idea,
3850 USE_TZ to use the user's TZ envariable,
3851 or something else to force that value.
3852 confDEF_USER_ID DefaultUser [1:1] Default user id.
3853 confUSERDB_SPEC UserDatabaseSpec
3854 [undefined] User database
3856 confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
3857 confFALLBACK_SMARTHOST FallbackSmartHost
3858 [undefined] Fallback smart host.
3859 confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
3860 for a host and other arrangements
3861 haven't been made, try connecting
3862 to the host directly; normally this
3863 would be a config error.
3864 confQUEUE_LA QueueLA [varies] Load average at which
3865 queue-only function kicks in.
3866 Default values is (8 * numproc)
3867 where numproc is the number of
3868 processors online (if that can be
3870 confREFUSE_LA RefuseLA [varies] Load average at which
3871 incoming SMTP connections are
3872 refused. Default values is (12 *
3873 numproc) where numproc is the
3874 number of processors online (if
3875 that can be determined).
3876 confREJECT_LOG_INTERVAL RejectLogInterval [3h] Log interval when
3877 refusing connections for this long.
3878 confDELAY_LA DelayLA [0] Load average at which sendmail
3879 will sleep for one second on most
3880 SMTP commands and before accepting
3881 connections. 0 means no limit.
3882 confMAX_ALIAS_RECURSION MaxAliasRecursion
3883 [10] Maximum depth of alias recursion.
3884 confMAX_DAEMON_CHILDREN MaxDaemonChildren
3885 [undefined] The maximum number of
3886 children the daemon will permit. After
3887 this number, connections will be
3888 rejected. If not set or <= 0, there is
3890 confMAX_HEADERS_LENGTH MaxHeadersLength
3891 [32768] Maximum length of the sum
3893 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
3894 [undefined] Maximum length of
3895 certain MIME header field values.
3896 confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
3897 [undefined] The maximum number of
3898 connections permitted per second per
3899 daemon. After this many connections
3900 are accepted, further connections
3901 will be delayed. If not set or <= 0,
3903 confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
3904 [60s] Define the length of the
3905 interval for which the number of
3906 incoming connections is maintained.
3907 confWORK_RECIPIENT_FACTOR
3908 RecipientFactor [30000] Cost of each recipient.
3909 confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a
3911 confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class.
3912 confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
3913 confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
3914 Priority, Host, Filename, Random,
3915 Modification, or Time.
3916 confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
3917 must sit in the queue between queue
3918 runs. This allows you to set the
3919 queue run interval low for better
3920 responsiveness without trying all
3922 confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
3923 unlabeled 8 bit input to MIME, the
3924 character set to use by default.
3925 confSERVICE_SWITCH_FILE ServiceSwitchFile
3926 [/etc/mail/service.switch] The file
3927 to use for the service switch on
3928 systems that do not have a
3929 system-defined switch.
3930 confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing
3931 "file" type access of hosts names.
3932 confDIAL_DELAY DialDelay [0s] If a connection fails, wait this
3933 long and try again. Zero means "don't
3934 retry". This is to allow "dial on
3935 demand" connections to have enough time
3936 to complete a connection.
3937 confNO_RCPT_ACTION NoRecipientAction
3938 [none] What to do if there are no legal
3939 recipient fields (To:, Cc: or Bcc:)
3940 in the message. Legal values can
3941 be "none" to just leave the
3942 nonconforming message as is, "add-to"
3943 to add a To: header with all the
3944 known recipients (which may expose
3945 blind recipients), "add-apparently-to"
3946 to do the same but use Apparently-To:
3947 instead of To: (strongly discouraged
3948 in accordance with IETF standards),
3949 "add-bcc" to add an empty Bcc:
3950 header, or "add-to-undisclosed" to
3952 ``To: undisclosed-recipients:;''.
3953 confSAFE_FILE_ENV SafeFileEnvironment
3954 [undefined] If set, sendmail will do a
3955 chroot() into this directory before
3957 confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6]
3958 If set, colons are treated as a regular
3959 character in addresses. If not set,
3960 they are treated as the introducer to
3961 the RFC 822 "group" syntax. Colons are
3962 handled properly in route-addrs. This
3963 option defaults on for V5 and lower
3964 configuration files.
3965 confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
3966 any given queue run to this number of
3967 entries. Essentially, this will stop
3968 reading each queue directory after this
3969 number of entries are reached; it does
3970 _not_ pick the highest priority jobs,
3971 so this should be as large as your
3972 system can tolerate. If not set, there
3974 confMAX_QUEUE_CHILDREN MaxQueueChildren
3975 [undefined] Limits the maximum number
3976 of concurrent queue runners active.
3977 This is to keep system resources used
3978 within a reasonable limit. Relates to
3979 Queue Groups and ForkEachJob.
3980 confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
3981 [1] Only active when MaxQueueChildren
3982 defined. Controls the maximum number
3983 of queue runners (aka queue children)
3984 active at the same time in a work
3985 group. See also MaxQueueChildren.
3986 confDONT_EXPAND_CNAMES DontExpandCnames
3987 [False] If set, $[ ... $] lookups that
3988 do DNS based lookups do not expand
3989 CNAME records. This currently violates
3990 the published standards, but the IETF
3991 seems to be moving toward legalizing
3992 this. For example, if "FTP.Foo.ORG"
3993 is a CNAME for "Cruft.Foo.ORG", then
3994 with this option set a lookup of
3995 "FTP" will return "FTP.Foo.ORG"; if
3996 clear it returns "Cruft.FOO.ORG". N.B.
3997 you may not see any effect until your
3998 downstream neighbors stop doing CNAME
4000 confFROM_LINE UnixFromLine [From $g $d] The From_ line used
4001 when sending to files or programs.
4002 confSINGLE_LINE_FROM_HEADER SingleLineFromHeader
4003 [False] From: lines that have
4004 embedded newlines are unwrapped
4006 confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that
4007 does not include a host name.
4008 confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full
4009 name phrase (@,;:\()[] are automatic).
4010 confOPERATORS OperatorChars [.:%@!^/[]+] Address operator
4012 confSMTP_LOGIN_MSG SmtpGreetingMessage
4013 [$j Sendmail $v/$Z; $b]
4014 The initial (spontaneous) SMTP
4015 greeting message. The word "ESMTP"
4016 will be inserted between the first and
4017 second words to convince other
4018 sendmails to try to speak ESMTP.
4019 confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3)
4020 routine will never be invoked. You
4021 might want to do this if you are
4022 running NIS and you have a large group
4023 map, since this call does a sequential
4024 scan of the map; in a large site this
4025 can cause your ypserv to run
4026 essentially full time. If you set
4027 this, agents run on behalf of users
4028 will only have their primary
4029 (/etc/passwd) group permissions.
4030 confUNSAFE_GROUP_WRITES UnsafeGroupWrites
4031 [True] If set, group-writable
4032 :include: and .forward files are
4033 considered "unsafe", that is, programs
4034 and files cannot be directly referenced
4035 from such files. World-writable files
4036 are always considered unsafe.
4037 Notice: this option is deprecated and
4038 will be removed in future versions;
4039 Set GroupWritableForwardFileSafe
4040 and GroupWritableIncludeFileSafe in
4041 DontBlameSendmail if required.
4042 confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection
4043 address (for testing).
4044 confCONTROL_SOCKET_NAME ControlSocketName
4045 [undefined] Control socket for daemon
4047 confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress
4048 [postmaster] If an error occurs when
4049 sending an error message, send that
4050 "double bounce" error message to this
4051 address. If it expands to an empty
4052 string, double bounces are dropped.
4053 confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce
4054 messages which could not be returned
4055 to the user or sent to postmaster.
4056 If not set, the queue file will
4058 confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header
4059 implies DSN request.
4060 confRUN_AS_USER RunAsUser [undefined] If set, become this user
4061 when reading and delivering mail.
4062 Causes all file reads (e.g., .forward
4063 and :include: files) to be done as
4064 this user. Also, all programs will
4065 be run as this user, and all output
4066 files will be written as this user.
4067 confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
4068 [infinite] If set, allow no more than
4069 the specified number of recipients in
4070 an SMTP envelope. Further recipients
4071 receive a 452 error code (i.e., they
4072 are deferred for the next delivery
4074 confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified
4075 number of recipients in a single SMTP
4076 transaction have been rejected, sleep
4077 for one second after each subsequent
4078 RCPT command in that transaction.
4079 confDONT_PROBE_INTERFACES DontProbeInterfaces
4080 [False] If set, sendmail will _not_
4081 insert the names and addresses of any
4082 local interfaces into class {w}
4083 (list of known "equivalent" addresses).
4084 If you set this, you must also include
4085 some support for these addresses (e.g.,
4086 in a mailertable entry) -- otherwise,
4087 mail to addresses in this list will
4088 bounce with a configuration error.
4089 If set to "loopback" (without
4090 quotes), sendmail will skip
4091 loopback interfaces (e.g., "lo0").
4092 confPID_FILE PidFile [system dependent] Location of pid
4094 confPROCESS_TITLE_PREFIX ProcessTitlePrefix
4095 [undefined] Prefix string for the
4096 process title shown on 'ps' listings.
4097 confDONT_BLAME_SENDMAIL DontBlameSendmail
4098 [safe] Override sendmail's file
4099 safety checks. This will definitely
4100 compromise system security and should
4101 not be used unless absolutely
4103 confREJECT_MSG - [550 Access denied] The message
4104 given if the access database contains
4105 REJECT in the value portion.
4106 confRELAY_MSG - [550 Relaying denied] The message
4107 given if an unauthorized relaying
4108 attempt is rejected.
4109 confDF_BUFFER_SIZE DataFileBufferSize
4110 [4096] The maximum size of a
4111 memory-buffered data (df) file
4112 before a disk-based file is used.
4113 confXF_BUFFER_SIZE XScriptFileBufferSize
4114 [4096] The maximum size of a
4115 memory-buffered transcript (xf)
4116 file before a disk-based file is
4118 confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5
4119 CRAM-MD5] List of authentication
4120 mechanisms for AUTH (separated by
4121 spaces). The advertised list of
4122 authentication mechanisms will be the
4123 intersection of this list and the list
4124 of available mechanisms as determined
4125 by the Cyrus SASL library.
4126 confAUTH_REALM AuthRealm [undefined] The authentication realm
4127 that is passed to the Cyrus SASL
4128 library. If no realm is specified,
4130 confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
4131 authentication information for
4132 outgoing connections. This file must
4133 contain the user id, the authorization
4134 id, the password (plain text), the
4135 realm to use, and the list of
4136 mechanisms to try, each on a separate
4137 line and must be readable by root (or
4138 the trusted user) only. If no realm
4139 is specified, $j is used. If no
4140 mechanisms are given in the file,
4141 AuthMechanisms is used. Notice: this
4142 option is deprecated and will be
4143 removed in future versions; it doesn't
4144 work for the MSP since it can't read
4145 the file. Use the authinfo ruleset
4146 instead. See also the section SMTP
4148 confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A'
4149 then the AUTH= parameter for the
4150 MAIL FROM command is only issued
4151 when authentication succeeded.
4152 See doc/op/op.me for more options
4154 confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption
4155 strength for the security layer in
4156 SMTP AUTH (SASL). Default is
4157 essentially unlimited.
4158 confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client
4159 verification is performed, i.e.,
4160 the server doesn't ask for a
4162 confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
4163 specification for LDAP maps. The
4164 value should only contain LDAP
4165 specific settings such as "-h host
4166 -p port -d bindDN", etc. The
4167 settings will be used for all LDAP
4168 maps unless they are specified in
4169 the individual map specification
4171 confCACERT_PATH CACertPath [undefined] Path to directory
4173 confCACERT CACertFile [undefined] File containing one CA
4175 confSERVER_CERT ServerCertFile [undefined] File containing the
4176 cert of the server, i.e., this cert
4177 is used when sendmail acts as
4179 confSERVER_KEY ServerKeyFile [undefined] File containing the
4180 private key belonging to the server
4182 confCLIENT_CERT ClientCertFile [undefined] File containing the
4183 cert of the client, i.e., this cert
4184 is used when sendmail acts as
4186 confCLIENT_KEY ClientKeyFile [undefined] File containing the
4187 private key belonging to the client
4189 confCRL CRLFile [undefined] File containing certificate
4190 revocation status, useful for X.509v3
4191 authentication. Note that CRL requires
4192 at least OpenSSL version 0.9.7.
4193 confDH_PARAMETERS DHParameters [undefined] File containing the
4195 confRAND_FILE RandFile [undefined] File containing random
4196 data (use prefix file:) or the
4197 name of the UNIX socket if EGD is
4198 used (use prefix egd:). STARTTLS
4199 requires this option if the compile
4200 flag HASURANDOM is not set (see
4202 confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
4203 queue runners is set the given value
4205 confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
4206 [undefined] Defines {daemon_flags}
4207 for direct submissions.
4208 confUSE_MSP UseMSP [undefined] Use as mail submission
4209 program, see sendmail/SECURITY.
4210 confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By
4211 SMTP Service Extension (RFC 2852).
4212 confREQUIRES_DIR_FSYNC RequiresDirfsync [true] RequiresDirfsync can
4213 be used to turn off the compile time
4214 flag REQUIRES_DIR_FSYNC at runtime.
4215 See sendmail/README for details.
4216 confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory.
4217 confFAST_SPLIT FastSplit [1] If set to a value greater than
4218 zero, the initial MX lookups on
4219 addresses is suppressed when they
4220 are sorted which may result in
4221 faster envelope splitting. If the
4222 mail is submitted directly from the
4223 command line, then the value also
4224 limits the number of processes to
4225 deliver the envelopes.
4226 confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find
4227 information about local mailboxes.
4228 confDEQUOTE_OPTS - [empty] Additional options for the
4230 confINPUT_MAIL_FILTERS InputMailFilters
4231 A comma separated list of filters
4232 which determines which filters and
4233 the invocation sequence are
4234 contacted for incoming SMTP
4235 messages. If none are set, no
4236 filters will be contacted.
4237 confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter
4238 actions, defaults to LogLevel.
4239 confMILTER_MACROS_CONNECT Milter.macros.connect
4240 [j, _, {daemon_name}, {if_name},
4241 {if_addr}] Macros to transmit to
4242 milters when a session connection
4244 confMILTER_MACROS_HELO Milter.macros.helo
4245 [{tls_version}, {cipher},
4246 {cipher_bits}, {cert_subject},
4247 {cert_issuer}] Macros to transmit to
4248 milters after HELO/EHLO command.
4249 confMILTER_MACROS_ENVFROM Milter.macros.envfrom
4250 [i, {auth_type}, {auth_authen},
4251 {auth_ssf}, {auth_author},
4252 {mail_mailer}, {mail_host},
4253 {mail_addr}] Macros to transmit to
4254 milters after MAIL FROM command.
4255 confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
4256 [{rcpt_mailer}, {rcpt_host},
4257 {rcpt_addr}] Macros to transmit to
4258 milters after RCPT TO command.
4259 confMILTER_MACROS_EOM Milter.macros.eom
4260 [{msg_id}] Macros to transmit to
4261 milters after DATA command.
4264 See also the description of OSTYPE for some parameters that can be
4265 tweaked (generally pathnames to mailers).
4267 ClientPortOptions and DaemonPortOptions are special cases since multiple
4268 clients/daemons can be defined. This can be done via
4270 CLIENT_OPTIONS(`field1=value1,field2=value2,...')
4271 DAEMON_OPTIONS(`field1=value1,field2=value2,...')
4273 Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
4274 ClientPortOptions settings) are allowed in order to give settings for each
4275 protocol family (e.g., one for Family=inet and one for Family=inet6). A
4276 restriction placed on one family only affects outgoing connections on that
4279 If DAEMON_OPTIONS is not used, then the default is
4281 DAEMON_OPTIONS(`Port=smtp, Name=MTA')
4282 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
4284 If you use one DAEMON_OPTIONS macro, it will alter the parameters
4285 of the first of these. The second will still be defaulted; it
4286 represents a "Message Submission Agent" (MSA) as defined by RFC
4287 2476 (see below). To turn off the default definition for the MSA,
4288 use FEATURE(`no_default_msa') (see also FEATURES). If you use
4289 additional DAEMON_OPTIONS macros, they will add additional daemons.
4291 Example 1: To change the port for the SMTP listener, while
4292 still using the MSA default, use
4293 DAEMON_OPTIONS(`Port=925, Name=MTA')
4295 Example 2: To change the port for the MSA daemon, while still
4296 using the default SMTP port, use
4297 FEATURE(`no_default_msa')
4298 DAEMON_OPTIONS(`Name=MTA')
4299 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
4301 Note that if the first of those DAEMON_OPTIONS lines were omitted, then
4302 there would be no listener on the standard SMTP port.
4304 Example 3: To listen on both IPv4 and IPv6 interfaces, use
4306 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4307 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4309 A "Message Submission Agent" still uses all of the same rulesets for
4310 processing the message (and therefore still allows message rejection via
4311 the check_* rulesets). In accordance with the RFC, the MSA will ensure
4312 that all domains in envelope addresses are fully qualified if the message
4313 is relayed to another MTA. It will also enforce the normal address syntax
4314 rules and log error messages. Additionally, by using the M=a modifier you
4315 can require authentication before messages are accepted by the MSA.
4316 Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally,
4317 the M=E modifier shown above disables ETRN as required by RFC 2476.
4319 Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
4322 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
4323 MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
4325 The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
4326 same order they were specified by also setting confINPUT_MAIL_FILTERS. A
4327 filter can be defined without adding it to the input filter list by using
4328 MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
4329 Alternatively, you can reset the list of filters and their order by setting
4330 confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
4334 +----------------------------+
4335 | MESSAGE SUBMISSION PROGRAM |
4336 +----------------------------+
4338 The purpose of the message submission program (MSP) is explained
4339 in sendmail/SECURITY. This section contains a list of caveats and
4340 a few hints how for those who want to tweak the default configuration
4341 for it (which is installed as submit.cf).
4343 Notice: do not add options/features to submit.mc unless you are
4344 absolutely sure you need them. Options you may want to change
4347 - confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4348 avoiding X-Authentication warnings.
4349 - confTIME_ZONE to change it from the default `USE_TZ'.
4350 - confDELIVERY_MODE is set to interactive in msp.m4 instead
4351 of the default background mode.
4352 - FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4353 to the LOCAL_RELAY instead of the default relay.
4354 - confRAND_FILE if you use STARTTLS and sendmail is not compiled with
4355 the flag HASURANDOM.
4357 The MSP performs hostname canonicalization by default. As also
4358 explained in sendmail/SECURITY, mail may end up for various DNS
4359 related reasons in the MSP queue. This problem can be minimized by
4362 FEATURE(`nocanonify', `canonify_hosts')
4363 define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
4365 See the discussion about nocanonify for possible side effects.
4367 Some things are not intended to work with the MSP. These include
4368 features that influence the delivery process (e.g., mailertable,
4369 aliases), or those that are only important for a SMTP server (e.g.,
4370 virtusertable, DaemonPortOptions, multiple queues). Moreover,
4371 relaxing certain restrictions (RestrictQueueRun, permissions on
4372 queue directory) or adding features (e.g., enabling prog/file mailer)
4373 can cause security problems.
4375 Other things don't work well with the MSP and require tweaking or
4376 workarounds. For example, to allow for client authentication it
4377 is not just sufficient to provide a client certificate and the
4378 corresponding key, but it is also necessary to make the key group
4379 (smmsp) readable and tell sendmail not to complain about that, i.e.,
4381 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
4383 If the MSP should actually use AUTH then the necessary data
4384 should be placed in a map as explained in SMTP AUTHENTICATION:
4386 FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')
4388 /etc/mail/msp-authinfo should contain an entry like:
4390 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5"
4392 The file and the map created by makemap should be owned by smmsp,
4393 its group should be smmsp, and it should have mode 640. The database
4394 used by the MTA for AUTH must have a corresponding entry.
4395 Additionally the MTA must trust this authentication data so the AUTH=
4396 part will be relayed on to the next hop. This can be achieved by
4397 adding the following to your sendmail.mc file:
4401 R$* $: $&{auth_authen}
4404 Note: the authentication data can leak to local users who invoke
4405 the MSP with debug options or even with -v. For that reason either
4406 an authentication mechanism that does not show the password in the
4407 AUTH dialogue (e.g., DIGEST-MD5) or a different authentication
4408 method like STARTTLS should be used.
4410 feature/msp.m4 defines almost all settings for the MSP. Most of
4411 those should not be changed at all. Some of the features and options
4412 can be overridden if really necessary. It is a bit tricky to do
4413 this, because it depends on the actual way the option is defined
4414 in feature/msp.m4. If it is directly defined (i.e., define()) then
4415 the modified value must be defined after
4419 If it is conditionally defined (i.e., ifdef()) then the desired
4420 value must be defined before the FEATURE line in the .mc file.
4421 To see how the options are defined read feature/msp.m4.
4424 +--------------------------+
4425 | FORMAT OF FILES AND MAPS |
4426 +--------------------------+
4428 Files that define classes, i.e., F{classname}, consist of lines
4429 each of which contains a single element of the class. For example,
4430 /etc/mail/local-host-names may have the following content:
4435 Maps must be created using makemap(8) , e.g.,
4437 makemap hash MAP < MAP
4439 In general, a text file from which a map is created contains lines
4444 where 'key' and 'value' are also called LHS and RHS, respectively.
4445 By default, the delimiter between LHS and RHS is a non-empty sequence
4446 of white space characters.
4449 +------------------+
4450 | DIRECTORY LAYOUT |
4451 +------------------+
4453 Within this directory are several subdirectories, to wit:
4455 m4 General support routines. These are typically
4456 very important and should not be changed without
4457 very careful consideration.
4459 cf The configuration files themselves. They have
4460 ".mc" suffixes, and must be run through m4 to
4461 become complete. The resulting output should
4462 have a ".cf" suffix.
4464 ostype Definitions describing a particular operating
4465 system type. These should always be referenced
4466 using the OSTYPE macro in the .mc file. Examples
4467 include "bsd4.3", "bsd4.4", "sunos3.5", and
4470 domain Definitions describing a particular domain, referenced
4471 using the DOMAIN macro in the .mc file. These are
4472 site dependent; for example, "CS.Berkeley.EDU.m4"
4473 describes hosts in the CS.Berkeley.EDU subdomain.
4475 mailer Descriptions of mailers. These are referenced using
4476 the MAILER macro in the .mc file.
4478 sh Shell files used when building the .cf file from the
4479 .mc file in the cf subdirectory.
4481 feature These hold special orthogonal features that you might
4482 want to include. They should be referenced using
4485 hack Local hacks. These can be referenced using the HACK
4486 macro. They shouldn't be of more than voyeuristic
4487 interest outside the .Berkeley.EDU domain, but who knows?
4489 siteconfig Site configuration -- e.g., tables of locally connected
4493 +------------------------+
4494 | ADMINISTRATIVE DETAILS |
4495 +------------------------+
4497 The following sections detail usage of certain internal parts of the
4498 sendmail.cf file. Read them carefully if you are trying to modify
4499 the current model. If you find the above descriptions adequate, these
4500 should be {boring, confusing, tedious, ridiculous} (pick one or more).
4502 RULESETS (* means built in to sendmail)
4505 1 * Sender rewriting
4506 2 * Recipient rewriting
4507 3 * Canonicalization
4509 5 * Local address rewrite (after aliasing)
4510 1x mailer rules (sender qualification)
4511 2x mailer rules (recipient qualification)
4512 3x mailer rules (sender header qualification)
4513 4x mailer rules (recipient header qualification)
4514 5x mailer subroutines (general)
4515 6x mailer subroutines (general)
4516 7x mailer subroutines (general)
4518 90 Mailertable host stripping
4519 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4520 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4521 98 Local part of ruleset 0 (ruleset 8 in old sendmail)
4526 0 local, prog local and program mailers
4527 1 [e]smtp, relay SMTP channel
4528 2 uucp-* UNIX-to-UNIX Copy Program
4529 3 netnews Network News delivery
4530 4 fax Sam Leffler's HylaFAX software
4531 5 mail11 DECnet mailer
4539 D The local domain -- usually not needed
4540 E reserved for X.400 Relay
4543 H mail Hub (for mail clusters)
4548 M Masquerade (who you claim to be)
4553 R Relay (for unqualified names)
4556 U my UUCP name (if you have a UUCP connection)
4557 V UUCP Relay (class {V} hosts)
4558 W UUCP Relay (class {W} hosts)
4559 X UUCP Relay (class {X} hosts)
4560 Y UUCP Relay (all other hosts)
4567 B domains that are candidates for bestmx lookup
4570 E addresses that should not seem to come from $M
4571 F hosts this system forward for
4572 G domains that should be looked up in genericstable
4577 L addresses that should not be forwarded to $R
4578 M domains that should be mapped to $M
4579 N host/domains that should not be mapped to $M
4580 O operators that indicate network operations (cannot be in local names)
4581 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4583 R domains this system is willing to relay (pass anti-spam filters)
4586 U locally connected UUCP hosts
4587 V UUCP hosts connected to relay $V
4588 W UUCP hosts connected to relay $W
4589 X UUCP hosts connected to relay $X
4590 Y locally connected smart UUCP hosts
4591 Z locally connected domain-ized UUCP hosts
4592 . the class containing only a dot
4593 [ the class containing only a left bracket
4598 1 Local host detection and resolution
4599 2 Local Ruleset 3 additions
4600 3 Local Ruleset 0 additions
4601 4 UUCP Ruleset 0 additions
4602 5 locally interpreted names (overrides $R)
4603 6 local configuration (at top of file)
4604 7 mailer definitions
4605 8 DNS based blacklists
4606 9 special local rulesets (1 and 2)
4608 $Revision: 8.704 $, Last updated $Date: 2006/02/15 05:49:31 $