2 SENDMAIL CONFIGURATION FILES
4 This document describes the sendmail configuration files. It
5 explains how to create a sendmail.cf file for use with sendmail.
6 It also describes how to set options for sendmail which are explained
7 in the Sendmail Installation and Operation guide (doc/op/op.me).
9 To get started, you may want to look at tcpproto.mc (for TCP-only
10 sites) and clientproto.mc (for clusters of clients using a single
11 mail host), or the generic-*.mc files as operating system-specific
16 INTRODUCTION AND EXAMPLE
17 A BRIEF INTRODUCTION TO M4
27 MASQUERADING AND RELAYING
28 USING LDAP FOR ALIASES, MAPS, AND CLASSES
30 ANTI-SPAM CONFIGURATION CONTROL
34 ADDING NEW MAILERS OR RULESETS
35 ADDING NEW MAIL FILTERS
36 QUEUE GROUP DEFINITIONS
37 NON-SMTP BASED CONFIGURATIONS
39 ACCEPTING MAIL FOR MULTIPLE NAMES
41 USING USERDB TO MAP FULL NAMES
42 MISCELLANEOUS SPECIAL FEATURES
44 TWEAKING CONFIGURATION OPTIONS
45 MESSAGE SUBMISSION PROGRAM
46 FORMAT OF FILES AND MAPS
48 ADMINISTRATIVE DETAILS
51 +--------------------------+
52 | INTRODUCTION AND EXAMPLE |
53 +--------------------------+
55 Configuration files are contained in the subdirectory "cf", with a
56 suffix ".mc". They must be run through "m4" to produce a ".cf" file.
57 You must pre-load "cf.m4":
59 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
61 Alternatively, you can simply:
66 where ${CFDIR} is the root of the cf directory and config.mc is the
67 name of your configuration file. If you are running a version of M4
68 that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
69 this, but the versions distributed with 4.4BSD and derivatives do not)
70 or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
71 For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
72 use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example:
74 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
76 Let's examine a typical .mc file:
80 # Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
81 # All rights reserved.
82 # Copyright (c) 1983 Eric P. Allman. All rights reserved.
83 # Copyright (c) 1988, 1993
84 # The Regents of the University of California. All rights reserved.
86 # By using this file, you agree to the terms and conditions set
87 # forth in the LICENSE file which can be found at the top level of
88 # the sendmail distribution.
92 # This is a Berkeley-specific configuration file for HP-UX 9.x.
93 # It applies only to the Computer Science Division at Berkeley,
94 # and should not be used elsewhere. It is provided on the sendmail
95 # distribution as a sample only. To create your own configuration
96 # file, create an appropriate domain file in ../domain, change the
97 # `DOMAIN' macro below to reference that file, and copy the result
98 # to a name of your own choosing.
102 The divert(-1) will delete the crud in the resulting output file.
103 The copyright notice can be replaced by whatever your lawyers require;
104 our lawyers require the one that is included in these files. A copyleft
105 is a copyright by another name. The divert(0) restores regular output.
107 VERSIONID(`<SCCS or RCS version id>')
109 VERSIONID is a macro that stuffs the version information into the
110 resulting file. You could use SCCS, RCS, CVS, something else, or
111 omit it completely. This is not the same as the version id included
112 in SMTP greeting messages -- this is defined in m4/version.m4.
116 You must specify an OSTYPE to properly configure things such as the
117 pathname of the help and status files, the flags needed for the local
118 mailer, and other important things. If you omit it, you will get an
119 error when you try to build the configuration. Look at the ostype
120 directory for the list of known operating system types.
122 DOMAIN(`CS.Berkeley.EDU')dnl
124 This example is specific to the Computer Science Division at Berkeley.
125 You can use "DOMAIN(`generic')" to get a sufficiently bland definition
126 that may well work for you, or you can create a customized domain
127 definition appropriate for your environment.
132 These describe the mailers used at the default CS site. The local
133 mailer is always included automatically. Beware: MAILER declarations
134 should only be followed by LOCAL_* sections. The general rules are
135 that the order should be:
141 local macro definitions
147 There are a few exceptions to this rule. Local macro definitions which
148 influence a FEATURE() should be done before that feature. For example,
149 a define(`PROCMAIL_MAILER_PATH', ...) should be done before
150 FEATURE(`local_procmail').
152 *******************************************************************
153 *** BE SURE YOU CUSTOMIZE THESE FILES! They have some ***
154 *** Berkeley-specific assumptions built in, such as the name ***
155 *** of their UUCP-relay. You'll want to create your own ***
156 *** domain description, and use that in place of ***
157 *** domain/Berkeley.EDU.m4. ***
158 *******************************************************************
161 +----------------------------+
162 | A BRIEF INTRODUCTION TO M4 |
163 +----------------------------+
165 Sendmail uses the M4 macro processor to ``compile'' the configuration
166 files. The most important thing to know is that M4 is stream-based,
167 that is, it doesn't understand about lines. For this reason, in some
168 places you may see the word ``dnl'', which stands for ``delete
169 through newline''; essentially, it deletes all characters starting
170 at the ``dnl'' up to and including the next newline character. In
171 most cases sendmail uses this only to avoid lots of unnecessary
172 blank lines in the output.
174 Other important directives are define(A, B) which defines the macro
175 ``A'' to have value ``B''. Macros are expanded as they are read, so
176 one normally quotes both values to prevent expansion. For example,
178 define(`SMART_HOST', `smart.foo.com')
180 One word of warning: M4 macros are expanded even in lines that appear
181 to be comments. For example, if you have
183 # See FEATURE(`foo') above
185 it will not do what you expect, because the FEATURE(`foo') will be
186 expanded. This also applies to
188 # And then define the $X macro to be the return address
190 because ``define'' is an M4 keyword. If you want to use them, surround
191 them with directed quotes, `like this'.
193 Since m4 uses single quotes (opening "`" and closing "'") to quote
194 arguments, those quotes can't be used in arguments. For example,
195 it is not possible to define a rejection message containing a single
196 quote. Usually there are simple workarounds by changing those
197 messages; in the worst case it might be ok to change the value
198 directly in the generated .cf file, which however is not advised.
204 This package requires a post-V7 version of m4; if you are running the
205 4.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or
206 BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works.
207 Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a
208 Net/2 or GNU version. GNU m4 is available from
209 ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version).
210 EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU
218 sendmail 8.9 has introduced a new configuration directory for sendmail
219 related files, /etc/mail. The new files available for sendmail 8.9 --
220 the class {R} /etc/mail/relay-domains and the access database
221 /etc/mail/access -- take advantage of this new directory. Beginning with
222 8.10, all files will use this directory by default (some options may be
223 set by OSTYPE() files). This new directory should help to restore
224 uniformity to sendmail's file locations.
226 Below is a table of some of the common changes:
228 Old filename New filename
229 ------------ ------------
230 /etc/bitdomain /etc/mail/bitdomain
231 /etc/domaintable /etc/mail/domaintable
232 /etc/genericstable /etc/mail/genericstable
233 /etc/uudomain /etc/mail/uudomain
234 /etc/virtusertable /etc/mail/virtusertable
235 /etc/userdb /etc/mail/userdb
237 /etc/aliases /etc/mail/aliases
238 /etc/sendmail/aliases /etc/mail/aliases
239 /etc/ucbmail/aliases /etc/mail/aliases
240 /usr/adm/sendmail/aliases /etc/mail/aliases
241 /usr/lib/aliases /etc/mail/aliases
242 /usr/lib/mail/aliases /etc/mail/aliases
243 /usr/ucblib/aliases /etc/mail/aliases
245 /etc/sendmail.cw /etc/mail/local-host-names
246 /etc/mail/sendmail.cw /etc/mail/local-host-names
247 /etc/sendmail/sendmail.cw /etc/mail/local-host-names
249 /etc/sendmail.ct /etc/mail/trusted-users
251 /etc/sendmail.oE /etc/mail/error-header
253 /etc/sendmail.hf /etc/mail/helpfile
254 /etc/mail/sendmail.hf /etc/mail/helpfile
255 /usr/ucblib/sendmail.hf /etc/mail/helpfile
256 /etc/ucbmail/sendmail.hf /etc/mail/helpfile
257 /usr/lib/sendmail.hf /etc/mail/helpfile
258 /usr/share/lib/sendmail.hf /etc/mail/helpfile
259 /usr/share/misc/sendmail.hf /etc/mail/helpfile
260 /share/misc/sendmail.hf /etc/mail/helpfile
262 /etc/service.switch /etc/mail/service.switch
264 /etc/sendmail.st /etc/mail/statistics
265 /etc/mail/sendmail.st /etc/mail/statistics
266 /etc/mailer/sendmail.st /etc/mail/statistics
267 /etc/sendmail/sendmail.st /etc/mail/statistics
268 /usr/lib/sendmail.st /etc/mail/statistics
269 /usr/ucblib/sendmail.st /etc/mail/statistics
271 Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
272 to create the pathnames. The default value of this variable is
273 `/etc/mail/'. If you set this macro to a different value, you MUST include
276 Notice: all filenames used in a .mc (or .cf) file should be absolute
277 (starting at the root, i.e., with '/'). Relative filenames most
278 likely cause surprises during operations (unless otherwise noted).
285 You MUST define an operating system environment, or the configuration
286 file build will puke. There are several environments available; look
287 at the "ostype" directory for the current list. This macro changes
288 things like the location of the alias file and queue directory. Some
289 of these files are identical to one another.
291 It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
292 In general, the OSTYPE macro should go immediately after any version
293 information, and MAILER definitions should always go last.
295 Operating system definitions are usually easy to write. They may define
296 the following variables (everything defaults, so an ostype file may be
297 empty). Unfortunately, the list of configuration-supported systems is
298 not as broad as the list of source-supported systems, since many of
299 the source contributors do not include corresponding ostype files.
301 ALIAS_FILE [/etc/mail/aliases] The location of the text version
302 of the alias file(s). It can be a comma-separated
303 list of names (but be sure you quote values with
304 commas in them -- for example, use
305 define(`ALIAS_FILE', `a,b')
306 to get "a" and "b" both listed as alias files;
307 otherwise the define() primitive only sees "a").
308 HELP_FILE [/etc/mail/helpfile] The name of the file
309 containing information printed in response to
310 the SMTP HELP command.
311 QUEUE_DIR [/var/spool/mqueue] The directory containing
312 queue files. To use multiple queues, supply
313 a value ending with an asterisk. For
314 example, /var/spool/mqueue/qd* will use all of the
315 directories or symbolic links to directories
316 beginning with 'qd' in /var/spool/mqueue as queue
317 directories. The names 'qf', 'df', and 'xf' are
318 reserved as specific subdirectories for the
319 corresponding queue file types as explained in
320 doc/op/op.me. See also QUEUE GROUP DEFINITIONS.
321 MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing
322 queue files for the MSP (Mail Submission Program,
323 see sendmail/SECURITY).
324 STATUS_FILE [/etc/mail/statistics] The file containing status
326 LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail.
327 LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The
328 flags lsDFMAw5:/|@q are always included.
329 LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local
331 LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local
332 mail that you are willing to accept.
333 LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of
334 messages to deliver in a single connection. Only
335 useful for LMTP local mailers.
336 LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
337 that ARRIVE from an address that resolves to the
338 local mailer and which are converted to MIME will be
339 labeled with this character set.
340 LOCAL_MAILER_EOL [undefined] If defined, the string to use as the
341 end of line for the local mailer.
342 LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
343 [X-Unix] The DSN Diagnostic-Code value for the
344 local mailer. This should be changed with care.
345 LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email.
346 LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The
347 flags lsDFM are always included.
348 LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
350 LOCAL_SHELL_DIR [$z:/] The directory search path in which the
352 LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer.
353 USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program
355 USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer.
356 USENET_MAILER_ARGS [-m -h -n] The command line arguments for the
357 usenet mailer. NOTE: Some versions of inews
358 (such as those shipped with newer versions of INN)
359 use different flags. Double check the defaults
360 against the inews man page.
361 USENET_MAILER_MAX [undefined] The maximum size of messages that will
362 be accepted by the usenet mailer.
363 USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer.
364 SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default
365 flags are `mDFMuX' for all SMTP-based mailers; the
366 "esmtp" mailer adds `a'; "smtp8" adds `8'; and
368 RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default
369 flags are `mDFMuX' for all SMTP-based mailers; the
370 relay mailer adds `a8'. If this is not defined,
371 then SMTP_MAILER_FLAGS is used.
372 SMTP_MAILER_MAX [undefined] The maximum size of messages that will
373 be transported using the smtp, smtp8, esmtp, or dsmtp
375 SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of
376 messages to deliver in a single connection for the
377 smtp, smtp8, esmtp, or dsmtp mailers.
378 SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
379 recipients to deliver in a single connection for the
380 smtp, smtp8, esmtp, or dsmtp mailers.
381 SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer.
382 About the only reason you would want to change this
383 would be to change the default port.
384 ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer.
385 SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer.
386 DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer.
387 RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer.
388 SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer.
389 ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer.
390 SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer.
391 DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer.
392 RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer.
393 RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of
394 messages to deliver in a single connection for the
396 SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
397 that ARRIVE from an address that resolves to one of
398 the SMTP mailers and which are converted to MIME will
399 be labeled with this character set.
400 SMTP_MAILER_LL [990] The maximum line length for SMTP mailers
401 (except the relay mailer).
402 RELAY_MAILER_LL [2040] The maximum line length for the relay mailer.
403 UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail.
404 UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default
405 flags are `DFMhuU' (and `m' for uucp-new mailer,
406 minus `U' for uucp-dom mailer).
407 UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
408 passed to the UUCP mailer.
409 UUCP_MAILER_MAX [100000] The maximum size message accepted for
410 transmission by the UUCP mailers.
411 UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
412 that ARRIVE from an address that resolves to one of
413 the UUCP mailers and which are converted to MIME will
414 be labeled with this character set.
415 UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers.
416 FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to
418 FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX
420 FAX_MAILER_MAX [100000] The maximum size message accepted for
422 POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer.
423 POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq
425 POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer.
426 POP_MAILER_QGRP [undefined] The queue group for the pop mailer.
427 PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail
428 program. This is also used by
429 FEATURE(`local_procmail').
430 PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags
431 DFM are always set. This is NOT used by
432 FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
434 PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
435 the Procmail mailer. This is NOT used by
436 FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
438 PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that
439 will be accepted by the procmail mailer.
440 PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer.
441 MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer.
442 MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer.
443 MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11
445 MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer.
446 PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery
448 PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM
450 PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer.
451 PH_MAILER_QGRP [undefined] The queue group for the ph mailer.
452 CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The
453 flags lsDFMnPq are always included.
454 CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver
456 CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed
457 to deliver cyrus mail.
458 CYRUS_MAILER_MAX [undefined] If set, the maximum size message that
459 will be accepted by the cyrus mailer.
460 CYRUS_MAILER_USER [cyrus:mail] The user and group to become when
461 running the cyrus mailer.
462 CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer.
463 CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer.
464 The flags lsDFMnP are always included.
465 CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed
466 to deliver cyrusbb mail.
467 CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The
468 flags lsDFMnqXz are always included.
469 CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of
470 messages to deliver in a single connection for the
472 CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
473 recipients to deliver in a single connection for the
475 CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed
476 to the cyrusv2 mailer. This can be used to
477 change the name of the Unix domain socket, or
478 to switch to delivery via TCP (e.g., `TCP $h lmtp')
479 CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer.
480 CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
481 that ARRIVE from an address that resolves to one the
482 Cyrus mailer and which are converted to MIME will
483 be labeled with this character set.
484 confEBINDIR [/usr/libexec] The directory for executables.
485 Currently used for FEATURE(`local_lmtp') and
487 QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer.
488 QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver
490 QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed
491 to deliver qpage mail.
492 QPAGE_MAILER_MAX [4096] If set, the maximum size message that
493 will be accepted by the qpage mailer.
494 QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer.
495 LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer.
497 Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
498 MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
499 of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
500 upper case) and change can be: flags that should be used directly
501 (thus overriding the default value), or if it starts with `+' (`-')
502 then those flags are added to (removed from) the default value.
505 MODIFY_MAILER_FLAGS(`LOCAL', `+e')
507 will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are
508 several smtp mailers all of which are manipulated individually.
509 See the section MAILERS for the available mailer names.
510 WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
511 unconditionally, i.e., without respecting any definitions in an
519 You will probably want to collect domain-dependent defines into one
520 file, referenced by the DOMAIN macro. For example, the Berkeley
521 domain file includes definitions for several internal distinguished
524 UUCP_RELAY The host that will accept UUCP-addressed email.
525 If not defined, all UUCP sites must be directly
527 BITNET_RELAY The host that will accept BITNET-addressed email.
528 If not defined, the .BITNET pseudo-domain won't work.
529 DECNET_RELAY The host that will accept DECNET-addressed email.
530 If not defined, the .DECNET pseudo-domain and addresses
531 of the form node::user will not work.
532 FAX_RELAY The host that will accept mail to the .FAX pseudo-domain.
533 The "fax" mailer overrides this value.
534 LOCAL_RELAY The site that will handle unqualified names -- that
535 is, names without an @domain extension.
536 Normally MAIL_HUB is preferred for this function.
537 LOCAL_RELAY is mostly useful in conjunction with
538 FEATURE(`stickyhost') -- see the discussion of
539 stickyhost below. If not set, they are assumed to
540 belong on this machine. This allows you to have a
541 central site to store a company- or department-wide
542 alias database. This only works at small sites,
543 and only with some user agents.
544 LUSER_RELAY The site that will handle lusers -- that is, apparently
545 local names that aren't local accounts or aliases. To
546 specify a local user instead of a site, set this to
549 Any of these can be either ``mailer:hostname'' (in which case the
550 mailer is the internal mailer name, such as ``uucp-new'' and the hostname
551 is the name of the host as appropriate for that mailer) or just a
552 ``hostname'', in which case a default mailer type (usually ``relay'',
553 a variant on SMTP) is used. WARNING: if you have a wildcard MX
554 record matching your domain, you probably want to define these to
555 have a trailing dot so that you won't get the mail diverted back
558 The domain file can also be used to define a domain name, if needed
559 (using "DD<domain>") and set certain site-wide features. If all hosts
560 at your site masquerade behind one email name, you could also use
563 You do not have to define a domain -- in particular, if you are a
564 single machine sitting off somewhere, it is probably more work than
565 it's worth. This is just a mechanism for combining "domain dependent
566 knowledge" into one place.
573 There are fewer mailers supported in this version than the previous
574 version, owing mostly to a simpler world. As a general rule, put the
575 MAILER definitions last in your .mc file.
577 local The local and prog mailers. You will almost always
578 need these; the only exception is if you relay ALL
579 your mail to another site. This mailer is included
582 smtp The Simple Mail Transport Protocol mailer. This does
583 not hide hosts behind a gateway or another other
584 such hack; it assumes a world where everyone is
585 running the name server. This file actually defines
586 five mailers: "smtp" for regular (old-style) SMTP to
587 other servers, "esmtp" for extended SMTP to other
588 servers, "smtp8" to do SMTP to other servers without
589 converting 8-bit data to MIME (essentially, this is
590 your statement that you know the other end is 8-bit
591 clean even if it doesn't say so), "dsmtp" to do on
592 demand delivery, and "relay" for transmission to the
593 RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
595 uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
596 defines two mailers, "uucp-old" (a.k.a. "uucp") and
597 "uucp-new" (a.k.a. "suucp"). The latter is for when you
598 know that the UUCP mailer at the other end can handle
599 multiple recipients in one transfer. If the smtp mailer
600 is included in your configuration, two other mailers
601 ("uucp-dom" and "uucp-uudom") are also defined [warning: you
602 MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you
603 include the uucp mailer, sendmail looks for all names in
604 class {U} and sends them to the uucp-old mailer; all
605 names in class {Y} are sent to uucp-new; and all
606 names in class {Z} are sent to uucp-uudom. Note that
607 this is a function of what version of rmail runs on
608 the receiving end, and hence may be out of your control.
609 See the section below describing UUCP mailers in more
612 usenet Usenet (network news) delivery. If this is specified,
613 an extra rule is added to ruleset 0 that forwards all
614 local email for users named ``group.usenet'' to the
615 ``inews'' program. Note that this works for all groups,
616 and may be considered a security problem.
618 fax Facsimile transmission. This is experimental and based
619 on Sam Leffler's HylaFAX software. For more information,
620 see http://www.hylafax.org/.
622 pop Post Office Protocol.
624 procmail An interface to procmail (does not come with sendmail).
625 This is designed to be used in mailertables. For example,
626 a common question is "how do I forward all mail for a given
627 domain to a single person?". If you have this mailer
628 defined, you could set up a mailertable reading:
630 host.com procmail:/etc/procmailrcs/host.com
632 with the file /etc/procmailrcs/host.com reading:
634 :0 # forward mail for host.com
635 ! -oi -f $1 person@other.host
637 This would arrange for (anything)@host.com to be sent
638 to person@other.host. In a procmail script, $1 is the
639 name of the sender and $2 is the name of the recipient.
640 If you use this with FEATURE(`local_procmail'), the FEATURE
641 should be listed first.
643 Of course there are other ways to solve this particular
644 problem, e.g., a catch-all entry in a virtusertable.
646 mail11 The DECnet mail11 mailer, useful only if you have the mail11
647 program from gatekeeper.dec.com:/pub/DEC/gwtools (and
648 DECnet, of course). This is for Phase IV DECnet support;
649 if you have Phase V at your site you may have additional
652 phquery The phquery program. This is somewhat counterintuitively
653 referenced as the "ph" mailer internally. It can be used
654 to do CCSO name server lookups. The phquery program, which
655 this mailer uses, is distributed with the ph client.
657 cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to
658 a local cyrus user. this mailer can make use of the
659 "user+detail@local.host" syntax (see
660 FEATURE(`preserve_local_plus_detail')); it will deliver the
661 mail to the user's "detail" mailbox if the mailbox's ACL
662 permits. The cyrusbb mailer delivers to a system-wide
663 cyrus mailbox if the mailbox's ACL permits. The cyrus
664 mailer must be defined after the local mailer.
666 cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to
667 local cyrus users via LMTP. This mailer can make use of the
668 "user+detail@local.host" syntax (see
669 FEATURE(`preserve_local_plus_detail')); it will deliver the
670 mail to the user's "detail" mailbox if the mailbox's ACL
671 permits. The cyrusv2 mailer must be defined after the
674 qpage A mailer for QuickPage, a pager interface. See
675 http://www.qpage.org/ for further information.
677 The local mailer accepts addresses of the form "user+detail", where
678 the "+detail" is not used for mailbox matching but is available
679 to certain local mail programs (in particular, see
680 FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and
681 "eric+sww" all indicate the same user, but additional arguments <null>,
682 "sendmail", and "sww" may be provided for use in sorting mail.
689 Special features can be requested using the "FEATURE" macro. For
690 example, the .mc line:
692 FEATURE(`use_cw_file')
694 tells sendmail that you want to have it read an /etc/mail/local-host-names
695 file to get values for class {w}. A FEATURE may contain up to 9
696 optional parameters -- for example:
698 FEATURE(`mailertable', `dbm /usr/lib/mailertable')
700 The default database map type for the table features can be set with
702 define(`DATABASE_MAP_TYPE', `dbm')
704 which would set it to use ndbm databases. The default is the Berkeley DB
705 hash database format. Note that you must still declare a database map type
706 if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
707 if no argument is given for the FEATURE. It must be specified before any
708 feature that uses a map.
710 Also, features which can take a map definition as an argument can also take
711 the special keyword `LDAP'. If that keyword is used, the map will use the
712 LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
713 CLASSES'' section below.
715 Available features are:
717 use_cw_file Read the file /etc/mail/local-host-names file to get
718 alternate names for this host. This might be used if you
719 were on a host that MXed for a dynamic set of other hosts.
720 If the set is static, just including the line "Cw<name1>
721 <name2> ..." (where the names are fully qualified domain
722 names) is probably superior. The actual filename can be
723 overridden by redefining confCW_FILE.
725 use_ct_file Read the file /etc/mail/trusted-users file to get the
726 names of users that will be ``trusted'', that is, able to
727 set their envelope from address using -f without generating
728 a warning message. The actual filename can be overridden
729 by redefining confCT_FILE.
731 redirect Reject all mail addressed to "address.REDIRECT" with
732 a ``551 User has moved; please try <address>'' message.
733 If this is set, you can alias people who have left
734 to their new address with ".REDIRECT" appended.
736 nouucp Don't route UUCP addresses. This feature takes one
738 `reject': reject addresses which have "!" in the local
739 part unless it originates from a system
740 that is allowed to relay.
741 `nospecial': don't do anything special with "!".
742 Warnings: 1. See the notice in the anti-spam section.
743 2. don't remove "!" from OperatorChars if `reject' is
746 nocanonify Don't pass addresses to $[ ... $] for canonification
747 by default, i.e., host/domain names are considered canonical,
748 except for unqualified names, which must not be used in this
749 mode (violation of the standard). It can be changed by
750 setting the DaemonPortOptions modifiers (M=). That is,
751 FEATURE(`nocanonify') will be overridden by setting the
752 'c' flag. Conversely, if FEATURE(`nocanonify') is not used,
753 it can be emulated by setting the 'C' flag
754 (DaemonPortOptions=Modifiers=C). This would generally only
755 be used by sites that only act as mail gateways or which have
756 user agents that do full canonification themselves. You may
758 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
759 the usual resolver options that do a similar thing.
761 An exception list for FEATURE(`nocanonify') can be
762 specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
763 i.e., a list of domains which are nevertheless passed to
764 $[ ... $] for canonification. This is useful to turn on
765 canonification for local domains, e.g., use
766 CANONIFY_DOMAIN(`my.domain my') to canonify addresses
767 which end in "my.domain" or "my".
768 Another way to require canonification in the local
769 domain is CANONIFY_DOMAIN(`$=m').
771 A trailing dot is added to addresses with more than
772 one component in it such that other features which
773 expect a trailing dot (e.g., virtusertable) will
776 If `canonify_hosts' is specified as parameter, i.e.,
777 FEATURE(`nocanonify', `canonify_hosts'), then
778 addresses which have only a hostname, e.g.,
779 <user@host>, will be canonified (and hopefully fully
782 stickyhost This feature is sometimes used with LOCAL_RELAY,
783 although it can be used for a different effect with
786 When used without MAIL_HUB, email sent to
787 "user@local.host" are marked as "sticky" -- that
788 is, the local addresses aren't matched against UDB,
789 don't go through ruleset 5, and are not forwarded to
790 the LOCAL_RELAY (if defined).
792 With MAIL_HUB, mail addressed to "user@local.host"
793 is forwarded to the mail hub, with the envelope
794 address still remaining "user@local.host".
795 Without stickyhost, the envelope would be changed
796 to "user@mail_hub", in order to protect against
799 mailertable Include a "mailer table" which can be used to override
800 routing for particular domains (which are not in class {w},
801 i.e. local host names). The argument of the FEATURE may be
802 the key definition. If none is specified, the definition
805 hash /etc/mail/mailertable
807 Keys in this database are fully qualified domain names
808 or partial domains preceded by a dot -- for example,
809 "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a
810 special case of the latter, "." matches any domain not
811 covered by other keys. Values must be of the form:
813 where "mailer" is the internal mailer name, and "domain"
814 is where to send the message. These maps are not
815 reflected into the message header. As a special case,
818 will forward to the indicated user using the local mailer,
820 will forward to the original user in the e-mail address
821 using the local mailer, and
823 error:D.S.N:code message
824 will give an error message with the indicated SMTP reply
825 code and message, where D.S.N is an RFC 1893 compliant
828 domaintable Include a "domain table" which can be used to provide
829 domain name mapping. Use of this should really be
830 limited to your own domains. It may be useful if you
831 change names (e.g., your company changes names from
832 oldname.com to newname.com). The argument of the
833 FEATURE may be the key definition. If none is specified,
834 the definition used is:
836 hash /etc/mail/domaintable
838 The key in this table is the domain name; the value is
839 the new (fully qualified) domain. Anything in the
840 domaintable is reflected into headers; that is, this
841 is done in ruleset 3.
843 bitdomain Look up bitnet hosts in a table to try to turn them into
844 internet addresses. The table can be built using the
845 bitdomain program contributed by John Gardiner Myers.
846 The argument of the FEATURE may be the key definition; if
847 none is specified, the definition used is:
849 hash /etc/mail/bitdomain
851 Keys are the bitnet hostname; values are the corresponding
854 uucpdomain Similar feature for UUCP hosts. The default map definition
857 hash /etc/mail/uudomain
859 At the moment there is no automagic tool to build this
863 Include the local host domain even on locally delivered
864 mail. Normally it is not added on unqualified names.
865 However, if you use a shared message store but do not use
866 the same user name space everywhere, you may need the host
867 name on local names. An optional argument specifies
868 another domain to be added than the local.
870 allmasquerade If masquerading is enabled (using MASQUERADE_AS), this
871 feature will cause recipient addresses to also masquerade
872 as being from the masquerade host. Normally they get
873 the local hostname. Although this may be right for
874 ordinary users, it can break local aliases. For example,
875 if you send to "localalias", the originating sendmail will
876 find that alias and send to all members, but send the
877 message with "To: localalias@masqueradehost". Since that
878 alias likely does not exist, replies will fail. Use this
879 feature ONLY if you can guarantee that the ENTIRE
880 namespace on your masquerade host supersets all the
884 Normally, any hosts listed in class {w} are masqueraded. If
885 this feature is given, only the hosts listed in class {M} (see
886 below: MASQUERADE_DOMAIN) are masqueraded. This is useful
887 if you have several domains with disjoint namespaces hosted
890 masquerade_entire_domain
891 If masquerading is enabled (using MASQUERADE_AS) and
892 MASQUERADE_DOMAIN (see below) is set, this feature will
893 cause addresses to be rewritten such that the masquerading
894 domains are actually entire domains to be hidden. All
895 hosts within the masquerading domains will be rewritten
896 to the masquerade name (used in MASQUERADE_AS). For example,
899 MASQUERADE_AS(`masq.com')
900 MASQUERADE_DOMAIN(`foo.org')
901 MASQUERADE_DOMAIN(`bar.com')
903 then *foo.org and *bar.com are converted to masq.com. Without
904 this feature, only foo.org and bar.com are masqueraded.
906 NOTE: only domains within your jurisdiction and
907 current hierarchy should be masqueraded using this.
910 This feature prevents the local mailer from masquerading even
911 if MASQUERADE_AS is used. MASQUERADE_AS will only have effect
912 on addresses of mail going outside the local domain.
915 If masquerading is enabled (using MASQUERADE_AS) or the
916 genericstable is in use, this feature will cause envelope
917 addresses to also masquerade as being from the masquerade
918 host. Normally only the header addresses are masqueraded.
920 genericstable This feature will cause unqualified addresses (i.e., without
921 a domain) and addresses with a domain listed in class {G}
922 to be looked up in a map and turned into another ("generic")
923 form, which can change both the domain name and the user name.
924 Notice: if you use an MSP (as it is default starting with
925 8.12), the MTA will only receive qualified addresses from the
926 MSP (as required by the RFCs). Hence you need to add your
927 domain to class {G}. This feature is similar to the userdb
928 functionality. The same types of addresses as for
929 masquerading are looked up, i.e., only header sender
930 addresses unless the allmasquerade and/or masquerade_envelope
931 features are given. Qualified addresses must have the domain
932 part in class {G}; entries can be added to this class by the
933 macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
934 to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
936 The argument of FEATURE(`genericstable') may be the map
937 definition; the default map definition is:
939 hash /etc/mail/genericstable
941 The key for this table is either the full address, the domain
942 (with a leading @; the localpart is passed as first argument)
943 or the unqualified username (tried in the order mentioned);
944 the value is the new user address. If the new user address
945 does not include a domain, it will be qualified in the standard
946 manner, i.e., using $j or the masquerade name. Note that the
947 address being looked up must be fully qualified. For local
948 mail, it is necessary to use FEATURE(`always_add_domain')
949 for the addresses to be qualified.
950 The "+detail" of an address is passed as %1, so entries like
952 old+*@foo.org new+%1@example.com
953 gen+*@foo.org %1@example.com
955 and other forms are possible.
957 generics_entire_domain
958 If the genericstable is enabled and GENERICS_DOMAIN or
959 GENERICS_DOMAIN_FILE is used, this feature will cause
960 addresses to be searched in the map if their domain
961 parts are subdomains of elements in class {G}.
963 virtusertable A domain-specific form of aliasing, allowing multiple
964 virtual domains to be hosted on one machine. For example,
965 if the virtuser table contains:
967 info@foo.com foo-info
968 info@bar.com bar-info
969 joe@bar.com error:nouser 550 No such user here
970 jax@bar.com error:5.7.0:550 Address invalid
971 @baz.org jane@example.net
973 then mail addressed to info@foo.com will be sent to the
974 address foo-info, mail addressed to info@bar.com will be
975 delivered to bar-info, and mail addressed to anyone at baz.org
976 will be sent to jane@example.net, mail to joe@bar.com will
977 be rejected with the specified error message, and mail to
978 jax@bar.com will also have a RFC 1893 compliant error code
981 The username from the original address is passed
984 @foo.org %1@example.com
986 meaning someone@foo.org will be sent to someone@example.com.
987 Additionally, if the local part consists of "user+detail"
988 then "detail" is passed as %2 and "+detail" is passed as %3
989 when a match against user+* is attempted, so entries like
991 old+*@foo.org new+%2@example.com
992 gen+*@foo.org %2@example.com
993 +*@foo.org %1%3@example.com
994 X++@foo.org Z%3@example.com
997 and other forms are possible. Note: to preserve "+detail"
998 for a default case (@domain) %1%3 must be used as RHS.
999 There are two wildcards after "+": "+" matches only a non-empty
1000 detail, "*" matches also empty details, e.g., user+@foo.org
1001 matches +*@foo.org but not ++@foo.org. This can be used
1002 to ensure that the parameters %2 and %3 are not empty.
1004 All the host names on the left hand side (foo.com, bar.com,
1005 and baz.org) must be in class {w} or class {VirtHost}. The
1006 latter can be defined by the macros VIRTUSER_DOMAIN or
1007 VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1008 MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
1009 VIRTUSER_DOMAIN_FILE is used, then the entries of class
1010 {VirtHost} are added to class {R}, i.e., relaying is allowed
1011 to (and from) those domains, which by default includes also
1012 all subdomains (see relay_hosts_only). The default map
1015 hash /etc/mail/virtusertable
1017 A new definition can be specified as the second argument of
1018 the FEATURE macro, such as
1020 FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
1022 virtuser_entire_domain
1023 If the virtusertable is enabled and VIRTUSER_DOMAIN or
1024 VIRTUSER_DOMAIN_FILE is used, this feature will cause
1025 addresses to be searched in the map if their domain
1026 parts are subdomains of elements in class {VirtHost}.
1028 ldap_routing Implement LDAP-based e-mail recipient routing according to
1029 the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
1030 This provides a method to re-route addresses with a
1031 domain portion in class {LDAPRoute} to either a
1032 different mail host or a different address. Hosts can
1033 be added to this class using LDAPROUTE_DOMAIN and
1034 LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1035 MASQUERADE_DOMAIN_FILE, see below).
1037 See the LDAP ROUTING section below for more information.
1039 nullclient This is a special case -- it creates a configuration file
1040 containing nothing but support for forwarding all mail to a
1041 central hub via a local SMTP-based network. The argument
1042 is the name of that hub.
1044 The only other feature that should be used in conjunction
1045 with this one is FEATURE(`nocanonify'). No mailers
1046 should be defined. No aliasing or forwarding is done.
1048 local_lmtp Use an LMTP capable local mailer. The argument to this
1049 feature is the pathname of an LMTP capable mailer. By
1050 default, mail.local is used. This is expected to be the
1051 mail.local which came with the 8.9 distribution which is
1052 LMTP capable. The path to mail.local is set by the
1053 confEBINDIR m4 variable -- making the default
1054 LOCAL_MAILER_PATH /usr/libexec/mail.local.
1055 If a different LMTP capable mailer is used, its pathname
1056 can be specified as second parameter and the arguments
1057 passed to it (A=) as third parameter, e.g.,
1059 FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
1061 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1062 i.e., without respecting any definitions in an OSTYPE setting.
1064 local_procmail Use procmail or another delivery agent as the local mailer.
1065 The argument to this feature is the pathname of the
1066 delivery agent, which defaults to PROCMAIL_MAILER_PATH.
1067 Note that this does NOT use PROCMAIL_MAILER_FLAGS or
1068 PROCMAIL_MAILER_ARGS for the local mailer; tweak
1069 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
1070 specify the appropriate parameters. When procmail is used,
1071 the local mailer can make use of the
1072 "user+indicator@local.host" syntax; normally the +indicator
1073 is just tossed, but by default it is passed as the -a
1074 argument to procmail.
1076 This feature can take up to three arguments:
1078 1. Path to the mailer program
1079 [default: /usr/local/bin/procmail]
1080 2. Argument vector including name of the program
1081 [default: procmail -Y -a $h -d $u]
1082 3. Flags for the mailer [default: SPfhn9]
1084 Empty arguments cause the defaults to be taken.
1085 Note that if you are on a system with a broken
1086 setreuid() call, you may need to add -f $f to the procmail
1087 argument vector to pass the proper sender to procmail.
1089 For example, this allows it to use the maildrop
1090 (http://www.flounder.net/~mrsam/maildrop/) mailer instead
1093 FEATURE(`local_procmail', `/usr/local/bin/maildrop',
1098 FEATURE(`local_procmail', `/usr/local/bin/scanmails')
1100 WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
1101 i.e., without respecting any definitions in an OSTYPE setting.
1103 bestmx_is_local Accept mail as though locally addressed for any host that
1104 lists us as the best possible MX record. This generates
1105 additional DNS traffic, but should be OK for low to
1106 medium traffic hosts. The argument may be a set of
1107 domains, which will limit the feature to only apply to
1108 these domains -- this will reduce unnecessary DNS
1109 traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
1110 WILDCARD MX RECORDS!!! If you have a wildcard MX record
1111 that matches your domain, you cannot use this feature.
1113 smrsh Use the SendMail Restricted SHell (smrsh) provided
1114 with the distribution instead of /bin/sh for mailing
1115 to programs. This improves the ability of the local
1116 system administrator to control what gets run via
1117 e-mail. If an argument is provided it is used as the
1118 pathname to smrsh; otherwise, the path defined by
1119 confEBINDIR is used for the smrsh binary -- by default,
1120 /usr/libexec/smrsh is assumed.
1123 By default, the sendmail configuration files do not permit
1124 mail relaying (that is, accepting mail from outside your
1125 local host (class {w}) and sending it to another host than
1126 your local host). This option sets your site to allow
1127 mail relaying from any site to any site. In almost all
1128 cases, it is better to control relaying more carefully
1129 with the access map, class {R}, or authentication. Domains
1130 can be added to class {R} by the macros RELAY_DOMAIN or
1131 RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
1132 MASQUERADE_DOMAIN_FILE, see below).
1135 This option allows any host in your domain as defined by
1136 class {m} to use your server for relaying. Notice: make
1137 sure that your domain is not just a top level domain,
1138 e.g., com. This can happen if you give your host a name
1139 like example.com instead of host.example.com.
1142 By default, names that are listed as RELAY in the access
1143 db and class {R} are treated as domain names, not host names.
1144 For example, if you specify ``foo.com'', then mail to or
1145 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1146 will all be accepted for relaying. This feature changes
1147 the behaviour to look up individual host names only.
1150 Turns on the ability to allow relaying based on the MX
1151 records of the host portion of an incoming recipient; that
1152 is, if an MX record for host foo.com points to your site,
1153 you will accept and relay mail addressed to foo.com. See
1154 description below for more information before using this
1155 feature. Also, see the KNOWNBUGS entry regarding bestmx
1158 FEATURE(`relay_based_on_MX') does not necessarily allow
1159 routing of these messages which you expect to be allowed,
1160 if route address syntax (or %-hack syntax) is used. If
1161 this is a problem, add entries to the access-table or use
1162 FEATURE(`loose_relay_check').
1165 Allows relaying if the mail sender is listed as RELAY in
1166 the access map. If an optional argument `domain' (this
1167 is the literal word `domain', not a placeholder) is given,
1168 relaying can be allowed just based on the domain portion
1169 of the sender address. This feature should only be used if
1170 absolutely necessary as the sender address can be easily
1171 forged. Use of this feature requires the "From:" tag to
1172 be used for the key in the access map; see the discussion
1173 of tags and FEATURE(`relay_mail_from') in the section on
1174 anti-spam configuration control.
1177 Allows relaying if the domain portion of the mail sender
1178 is a local host. This should only be used if absolutely
1179 necessary as it opens a window for spammers. Specifically,
1180 they can send mail to your mail server that claims to be
1181 from your domain (either directly or via a routed address),
1182 and you will go ahead and relay it out to arbitrary hosts
1185 accept_unqualified_senders
1186 Normally, MAIL FROM: commands in the SMTP session will be
1187 refused if the connection is a network connection and the
1188 sender address does not include a domain name. If your
1189 setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1190 you will need to use this feature to accept unqualified
1191 sender addresses. Setting the DaemonPortOptions modifier
1192 'u' overrides the default behavior, i.e., unqualified
1193 addresses are accepted even without this FEATURE.
1194 If this FEATURE is not used, the DaemonPortOptions modifier
1195 'f' can be used to enforce fully qualified addresses.
1197 accept_unresolvable_domains
1198 Normally, MAIL FROM: commands in the SMTP session will be
1199 refused if the host part of the argument to MAIL FROM:
1200 cannot be located in the host name service (e.g., an A or
1201 MX record in DNS). If you are inside a firewall that has
1202 only a limited view of the Internet host name space, this
1203 could cause problems. In this case you probably want to
1204 use this feature to accept all domains on input, even if
1205 they are unresolvable.
1207 access_db Turns on the access database feature. The access db gives
1208 you the ability to allow or refuse to accept mail from
1209 specified domains for administrative reasons. Moreover,
1210 it can control the behavior of sendmail in various situations.
1211 By default, the access database specification is:
1213 hash -T<TMPF> /etc/mail/access
1215 See the anti-spam configuration control section for further
1216 important information about this feature. Notice:
1217 "-T<TMPF>" is meant literal, do not replace it by anything.
1219 blacklist_recipients
1220 Turns on the ability to block incoming mail for certain
1221 recipient usernames, hostnames, or addresses. For
1222 example, you can block incoming mail to user nobody,
1223 host foo.mydomain.com, or guest@bar.mydomain.com.
1224 These specifications are put in the access db as
1225 described in the anti-spam configuration control section
1226 later in this document.
1228 delay_checks The rulesets check_mail and check_relay will not be called
1229 when a client connects or issues a MAIL command, respectively.
1230 Instead, those rulesets will be called by the check_rcpt
1231 ruleset; they will be skipped under certain circumstances.
1232 See "Delay all checks" in the anti-spam configuration control
1233 section. Note: this feature is incompatible to the versions
1236 use_client_ptr If this feature is enabled then check_relay will override
1237 its first argument with $&{client_ptr}. This is useful for
1238 rejections based on the unverified hostname of client,
1239 which turns on the same behavior as in earlier sendmail
1240 versions when delay_checks was not in use. See doc/op/op.*
1241 about check_relay, {client_name}, and {client_ptr}.
1243 dnsbl Turns on rejection, discarding, or quarantining of hosts
1244 found in a DNS based list. The first argument is used as
1245 the domain in which blocked hosts are listed. A second
1246 argument can be used to change the default error message,
1247 or select one of the operations `discard' and `quarantine'.
1248 Without that second argument, the error message will be
1250 Rejected: IP-ADDRESS listed at SERVER
1252 where IP-ADDRESS and SERVER are replaced by the appropriate
1253 information. By default, temporary lookup failures are
1254 ignored. This behavior can be changed by specifying a
1255 third argument, which must be either `t' or a full error
1256 message. See the anti-spam configuration control section for
1257 an example. The dnsbl feature can be included several times
1258 to query different DNS based rejection lists. See also
1259 enhdnsbl for an enhanced version.
1261 Set the DNSBL_MAP mc option to change the default map
1262 definition from `host'. Set the DNSBL_MAP_OPT mc option
1263 to add additional options to the map specification used.
1265 Some DNS based rejection lists cause failures if asked
1266 for AAAA records. If your sendmail version is compiled
1267 with IPv6 support (NETINET6) and you experience this
1270 define(`DNSBL_MAP', `dns -R A')
1272 before the first use of this feature. Alternatively you
1273 can use enhdnsbl instead (see below). Moreover, this
1274 statement can be used to reduce the number of DNS retries,
1277 define(`DNSBL_MAP', `dns -R A -r2')
1279 See below (EDNSBL_TO) for an explanation.
1281 enhdnsbl Enhanced version of dnsbl (see above). Further arguments
1282 (up to 5) can be used to specify specific return values
1283 from lookups. Temporary lookup failures are ignored unless
1284 a third argument is given, which must be either `t' or a full
1285 error message. By default, any successful lookup will
1286 generate an error. Otherwise the result of the lookup is
1287 compared with the supplied argument(s), and only if a match
1288 occurs an error is generated. For example,
1290 FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
1292 will reject the e-mail if the lookup returns the value
1293 ``127.0.0.2.'', or generate a 451 response if the lookup
1294 temporarily failed. The arguments can contain metasymbols
1295 as they are allowed in the LHS of rules. As the example
1296 shows, the default values are also used if an empty argument,
1297 i.e., `', is specified. This feature requires that sendmail
1298 has been compiled with the flag DNSMAP (see sendmail/README).
1300 Set the EDNSBL_TO mc option to change the DNS retry count
1301 from the default value of 5, this can be very useful when
1302 a DNS server is not responding, which in turn may cause
1303 clients to time out (an entry stating
1305 did not issue MAIL/EXPN/VRFY/ETRN
1309 ratecontrol Enable simple ruleset to do connection rate control
1310 checking. This requires entries in access_db of the form
1312 ClientRate:IP.ADD.RE.SS LIMIT
1314 The RHS specifies the maximum number of connections
1315 (an integer number) over the time interval defined
1316 by ConnectionRateWindowSize, where 0 means unlimited.
1318 Take the following example:
1320 ClientRate:10.1.2.3 4
1321 ClientRate:127.0.0.1 0
1324 10.1.2.3 can only make up to 4 connections, the
1325 general limit it 10, and 127.0.0.1 can make an unlimited
1326 number of connections per ConnectionRateWindowSize.
1328 See also CONNECTION CONTROL.
1330 conncontrol Enable a simple check of the number of incoming SMTP
1331 connections. This requires entries in access_db of the
1334 ClientConn:IP.ADD.RE.SS LIMIT
1336 The RHS specifies the maximum number of open connections
1337 (an integer number).
1339 Take the following example:
1341 ClientConn:10.1.2.3 4
1342 ClientConn:127.0.0.1 0
1345 10.1.2.3 can only have up to 4 open connections, the
1346 general limit it 10, and 127.0.0.1 does not have any
1349 See also CONNECTION CONTROL.
1351 mtamark Experimental support for "Marking Mail Transfer Agents in
1352 Reverse DNS with TXT RRs" (MTAMark), see
1353 draft-stumpf-dns-mtamark-01. Optional arguments are:
1355 1. Error message, default:
1357 550 Rejected: $&{client_addr} not listed as MTA
1359 2. Temporary lookup failures are ignored unless a second
1360 argument is given, which must be either `t' or a full
1363 3. Lookup prefix, default: _perm._smtp._srv. This should
1364 not be changed unless the draft changes it.
1368 FEATURE(`mtamark', `', `t')
1370 lookupdotdomain Look up also .domain in the access map. This allows to
1371 match only subdomains. It does not work well with
1372 FEATURE(`relay_hosts_only'), because most lookups for
1373 subdomains are suppressed by the latter feature.
1376 Normally, if % addressing is used for a recipient, e.g.
1377 user%site@othersite, and othersite is in class {R}, the
1378 check_rcpt ruleset will strip @othersite and recheck
1379 user@site for relaying. This feature changes that
1380 behavior. It should not be needed for most installations.
1382 authinfo Provide a separate map for client side authentication
1383 information. See SMTP AUTHENTICATION for details.
1384 By default, the authinfo database specification is:
1386 hash /etc/mail/authinfo
1389 Preserve the name of the recipient host if LUSER_RELAY is
1390 used. Without this option, the domain part of the
1391 recipient address will be replaced by the host specified as
1392 LUSER_RELAY. This feature only works if the hostname is
1393 passed to the mailer (see mailer triple in op.me). Note
1394 that in the default configuration the local mailer does not
1395 receive the hostname, i.e., the mailer triple has an empty
1398 preserve_local_plus_detail
1399 Preserve the +detail portion of the address when passing
1400 address to local delivery agent. Disables alias and
1401 .forward +detail stripping (e.g., given user+detail, only
1402 that address will be looked up in the alias file; user+* and
1403 user will not be looked up). Only use if the local
1404 delivery agent in use supports +detail addressing.
1406 compat_check Enable ruleset check_compat to look up pairs of addresses
1407 with the Compat: tag -- Compat:sender<@>recipient -- in the
1408 access map. Valid values for the RHS include
1409 DISCARD silently discard recipient
1410 TEMP: return a temporary error
1411 ERROR: return a permanent error
1412 In the last two cases, a 4xy/5xy SMTP reply code should
1415 no_default_msa Don't generate the default MSA daemon, i.e.,
1416 DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1417 To define a MSA daemon with other parameters, use this
1418 FEATURE and introduce new settings via DAEMON_OPTIONS().
1420 msp Defines config file for Message Submission Program.
1421 See sendmail/SECURITY for details and cf/cf/submit.mc how
1422 to use it. An optional argument can be used to override
1423 the default of `[localhost]' to use as host to send all
1424 e-mails to. Note that MX records will be used if the
1425 specified hostname is not in square brackets (e.g.,
1426 [hostname]). If `MSA' is specified as second argument then
1427 port 587 is used to contact the server. Example:
1429 FEATURE(`msp', `', `MSA')
1431 Some more hints about possible changes can be found below
1432 in the section MESSAGE SUBMISSION PROGRAM.
1434 Note: Due to many problems, submit.mc uses
1436 FEATURE(`msp', `[127.0.0.1]')
1438 by default. If you have a machine with IPv6 only,
1441 FEATURE(`msp', `[IPv6:::1]')
1443 If you want to continue using '[localhost]', (the behavior
1448 queuegroup A simple example how to select a queue group based
1449 on the full e-mail address or the domain of the
1450 recipient. Selection is done via entries in the
1451 access map using the tag QGRP:, for example:
1453 QGRP:example.com main
1454 QGRP:friend@some.org others
1455 QGRP:my.domain local
1457 where "main", "others", and "local" are names of
1458 queue groups. If an argument is specified, it is used
1459 as default queue group.
1461 Note: please read the warning in doc/op/op.me about
1462 queue groups and possible queue manipulations.
1464 greet_pause Adds the greet_pause ruleset which enables open proxy
1465 and SMTP slamming protection. The feature can take an
1466 argument specifying the milliseconds to wait:
1468 FEATURE(`greet_pause', `5000') dnl 5 seconds
1470 If FEATURE(`access_db') is enabled, an access database
1471 lookup with the GreetPause tag is done using client
1472 hostname, domain, IP address, or subnet to determine the
1475 GreetPause:my.domain 0
1476 GreetPause:example.com 5000
1477 GreetPause:10.1.2 2000
1478 GreetPause:127.0.0.1 0
1480 When using FEATURE(`access_db'), the optional
1481 FEATURE(`greet_pause') argument becomes the default if
1482 nothing is found in the access database. A ruleset called
1483 Local_greet_pause can be used for local modifications, e.g.,
1487 R$* $: $&{daemon_flags}
1490 block_bad_helo Reject messages from SMTP clients which provide a HELO/EHLO
1491 argument which is either unqualified, or is one of our own
1492 names (i.e., the server name instead of the client name).
1493 This check is performed at RCPT stage and disabled for the
1495 - authenticated sessions,
1496 - connections from IP addresses in class $={R}.
1497 Currently access_db lookups can not be used to
1498 (selectively) disable this test, moreover,
1499 FEATURE(`delay_checks')
1502 require_rdns Reject mail from connecting SMTP clients without proper
1503 rDNS (reverse DNS), functional gethostbyaddr() resolution.
1504 Note: this feature will cause false positives, i.e., there
1505 are legitimate MTAs that do not have proper DNS entries.
1506 Rejecting mails from those MTAs is a local policy decision.
1508 The basic policy is to reject message with a 5xx error if
1509 the IP address fails to resolve. However, if this is a
1510 temporary failure, a 4xx temporary failure is returned.
1511 If the look-up succeeds, but returns an apparently forged
1512 value, this is treated as a temporary failure with a 4xx
1517 Exceptions based on access entries are discussed below.
1518 Any IP address matched using $=R (the "relay-domains" file)
1519 is excepted from the rules. Since we have explicitly
1520 allowed relaying for this host, based on IP address, we
1521 ignore the rDNS failure.
1523 The philosophical assumption here is that most users do
1524 not control their rDNS. They should be able to send mail
1525 through their ISP, whether or not they have valid rDNS.
1526 The class $=R, roughly speaking, contains those IP addresses
1527 and address ranges for which we are the ISP, or are acting
1530 If `delay_checks' is in effect (recommended), then any
1531 sender who has authenticated is also excepted from the
1532 restrictions. This happens because the rules produced by
1533 this FEATURE() will not be applied to authenticated senders
1534 (assuming `delay_checks').
1541 will whitelist IP address 1.2.3.4, so that the rDNS
1542 blocking does apply to that IP address
1545 Connect:1.2.3.4 REJECT
1546 will have the effect of forcing a temporary failure for
1547 that address to be treated as a permanent failure.
1549 badmx Reject envelope sender addresses (MAIL) whose domain part
1550 resolves to a "bad" MX record. By default these are
1551 MX records which resolve to A records that match the
1554 ^(127\.|10\.|0\.0\.0\.0)
1556 This default regular expression can be overridden by
1557 specifying an argument, e.g.,
1559 FEATURE(`badmx', `^127\.0\.0\.1')
1561 Note: this feature requires that the sendmail binary
1562 has been compiled with the options MAP_REGEX and
1569 Some things just can't be called features. To make this clear,
1570 they go in the hack subdirectory and are referenced using the HACK
1571 macro. These will tend to be site-dependent. The release
1572 includes the Berkeley-dependent "cssubdomain" hack (that makes
1573 sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
1574 this is intended as a short-term aid while moving hosts into
1578 +--------------------+
1579 | SITE CONFIGURATION |
1580 +--------------------+
1582 *****************************************************
1583 * This section is really obsolete, and is preserved *
1584 * only for back compatibility. You should plan on *
1585 * using mailertables for new installations. In *
1586 * particular, it doesn't work for the newer forms *
1587 * of UUCP mailers, such as uucp-uudom. *
1588 *****************************************************
1590 Complex sites will need more local configuration information, such as
1591 lists of UUCP hosts they speak with directly. This can get a bit more
1592 tricky. For an example of a "complex" site, see cf/ucbvax.mc.
1594 The SITECONFIG macro allows you to indirectly reference site-dependent
1595 configuration information stored in the siteconfig subdirectory. For
1598 SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
1600 reads the file uucp.ucbvax for local connection information. The
1601 second parameter is the local name (in this case just "ucbvax" since
1602 it is locally connected, and hence a UUCP hostname). The third
1603 parameter is the name of both a macro to store the local name (in
1604 this case, {U}) and the name of the class (e.g., {U}) in which to store
1605 the host information read from the file. Another SITECONFIG line reads
1607 SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
1609 This says that the file uucp.ucbarpa contains the list of UUCP sites
1610 connected to ucbarpa.Berkeley.EDU. Class {W} will be used to
1611 store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
1612 is, the name of the relay to which the hosts listed in uucp.ucbarpa
1613 are connected. [The machine ucbarpa is gone now, but this
1614 out-of-date configuration file has been left around to demonstrate
1615 how you might do this.]
1617 Note that the case of SITECONFIG with a third parameter of ``U'' is
1618 special; the second parameter is assumed to be the UUCP name of the
1619 local site, rather than the name of a remote site, and the UUCP name
1620 is entered into class {w} (the list of local hostnames) as $U.UUCP.
1622 The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
1623 more than a sequence of SITE macros describing connectivity. For
1629 The second example demonstrates that you can use two names on the
1630 same line; these are usually aliases for the same host (or are at
1631 least in the same company).
1633 The macro LOCAL_UUCP can be used to add rules into the generated
1634 cf file at the place where MAILER(`uucp') inserts its rules. This
1635 should only be used if really necessary.
1637 +--------------------+
1638 | USING UUCP MAILERS |
1639 +--------------------+
1641 It's hard to get UUCP mailers right because of the extremely ad hoc
1642 nature of UUCP addressing. These config files are really designed
1643 for domain-based addressing, even for UUCP sites.
1645 There are four UUCP mailers available. The choice of which one to
1646 use is partly a matter of local preferences and what is running at
1647 the other end of your UUCP connection. Unlike good protocols that
1648 define what will go over the wire, UUCP uses the policy that you
1649 should do what is right for the other end; if they change, you have
1650 to change. This makes it hard to do the right thing, and discourages
1651 people from updating their software. In general, if you can avoid
1654 The major choice is whether to go for a domainized scheme or a
1655 non-domainized scheme. This depends entirely on what the other
1656 end will recognize. If at all possible, you should encourage the
1657 other end to go to a domain-based system -- non-domainized addresses
1658 don't work entirely properly.
1660 The four mailers are:
1662 uucp-old (obsolete name: "uucp")
1663 This is the oldest, the worst (but the closest to UUCP) way of
1664 sending messages across UUCP connections. It does bangify
1665 everything and prepends $U (your UUCP name) to the sender's
1666 address (which can already be a bang path itself). It can
1667 only send to one address at a time, so it spends a lot of
1668 time copying duplicates of messages. Avoid this if at all
1671 uucp-new (obsolete name: "suucp")
1672 The same as above, except that it assumes that in one rmail
1673 command you can specify several recipients. It still has a
1674 lot of other problems.
1677 This UUCP mailer keeps everything as domain addresses.
1678 Basically, it uses the SMTP mailer rewriting rules. This mailer
1679 is only included if MAILER(`smtp') is specified before
1682 Unfortunately, a lot of UUCP mailer transport agents require
1683 bangified addresses in the envelope, although you can use
1684 domain-based addresses in the message header. (The envelope
1685 shows up as the From_ line on UNIX mail.) So....
1688 This is a cross between uucp-new (for the envelope addresses)
1689 and uucp-dom (for the header addresses). It bangifies the
1690 envelope sender (From_ line in messages) without adding the
1691 local hostname, unless there is no host name on the address
1692 at all (e.g., "wolf") or the host component is a UUCP host name
1693 instead of a domain name ("somehost!wolf" instead of
1694 "some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
1695 is also specified earlier.
1699 On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1700 summarizes the sender rewriting for various mailers.
1702 Mailer sender rewriting in the envelope
1703 ------ ------ -------------------------
1704 uucp-{old,new} wolf grasp!wolf
1705 uucp-dom wolf wolf@grasp.insa-lyon.fr
1706 uucp-uudom wolf grasp.insa-lyon.fr!wolf
1708 uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
1709 uucp-dom wolf@fr.net wolf@fr.net
1710 uucp-uudom wolf@fr.net fr.net!wolf
1712 uucp-{old,new} somehost!wolf grasp!somehost!wolf
1713 uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
1714 uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
1716 If you are using one of the domainized UUCP mailers, you really want
1717 to convert all UUCP addresses to domain format -- otherwise, it will
1718 do it for you (and probably not the way you expected). For example,
1719 if you have the address foo!bar!baz (and you are not sending to foo),
1720 the heuristics will add the @uucp.relay.name or @local.host.name to
1721 this address. However, if you map foo to foo.host.name first, it
1722 will not add the local hostname. You can do this using the uucpdomain
1726 +-------------------+
1727 | TWEAKING RULESETS |
1728 +-------------------+
1730 For more complex configurations, you can define special rules.
1731 The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1732 the names. Any modifications made here are reflected in the header.
1734 A common use is to convert old UUCP addresses to SMTP addresses using
1735 the UUCPSMTP macro. For example:
1738 UUCPSMTP(`decvax', `decvax.dec.com')
1739 UUCPSMTP(`research', `research.att.com')
1741 will cause addresses of the form "decvax!user" and "research!user"
1742 to be converted to "user@decvax.dec.com" and "user@research.att.com"
1745 This could also be used to look up hosts in a database map:
1748 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3
1750 This map would be defined in the LOCAL_CONFIG portion, as shown below.
1752 Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1753 For example, new rules are needed to parse hostnames that you accept
1754 via MX records. For example, you might have:
1757 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1759 You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1760 pointing at this host; this rule catches the message and forwards it on
1763 You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1764 These rulesets are normally empty.
1766 A similar macro is LOCAL_CONFIG. This introduces lines added after the
1767 boilerplate option setting but before rulesets. Do not declare rulesets in
1768 the LOCAL_CONFIG section. It can be used to declare local database maps or
1769 whatever. For example:
1772 Khostmap hash /etc/mail/hostmap
1773 Kyplocal nis -m hosts.byname
1776 +---------------------------+
1777 | MASQUERADING AND RELAYING |
1778 +---------------------------+
1780 You can have your host masquerade as another using
1782 MASQUERADE_AS(`host.domain')
1784 This causes mail being sent to be labeled as coming from the
1785 indicated host.domain, rather than $j. One normally masquerades as
1786 one of one's own subdomains (for example, it's unlikely that
1787 Berkeley would choose to masquerade as an MIT site). This
1788 behaviour is modified by a plethora of FEATUREs; in particular, see
1789 masquerade_envelope, allmasquerade, limited_masquerade, and
1790 masquerade_entire_domain.
1792 The masquerade name is not normally canonified, so it is important
1793 that it be your One True Name, that is, fully qualified and not a
1794 CNAME. However, if you use a CNAME, the receiving side may canonify
1795 it for you, so don't think you can cheat CNAME mapping this way.
1797 Normally the only addresses that are masqueraded are those that come
1798 from this host (that is, are either unqualified or in class {w}, the list
1799 of local domain names). You can augment this list, which is realized
1802 MASQUERADE_DOMAIN(`otherhost.domain')
1804 The effect of this is that although mail to user@otherhost.domain
1805 will not be delivered locally, any mail including any user@otherhost.domain
1806 will, when relayed, be rewritten to have the MASQUERADE_AS address.
1807 This can be a space-separated list of names.
1809 If these names are in a file, you can use
1811 MASQUERADE_DOMAIN_FILE(`filename')
1813 to read the list of names from the indicated file (i.e., to add
1814 elements to class {M}).
1816 To exempt hosts or subdomains from being masqueraded, you can use
1818 MASQUERADE_EXCEPTION(`host.domain')
1820 This can come handy if you want to masquerade a whole domain
1821 except for one (or a few) host(s). If these names are in a file,
1824 MASQUERADE_EXCEPTION_FILE(`filename')
1826 Normally only header addresses are masqueraded. If you want to
1827 masquerade the envelope as well, use
1829 FEATURE(`masquerade_envelope')
1831 There are always users that need to be "exposed" -- that is, their
1832 internal site name should be displayed instead of the masquerade name.
1833 Root is an example (which has been "exposed" by default prior to 8.10).
1834 You can add users to this list using
1836 EXPOSED_USER(`usernames')
1838 This adds users to class {E}; you could also use
1840 EXPOSED_USER_FILE(`filename')
1842 You can also arrange to relay all unqualified names (that is, names
1843 without @host) to a relay host. For example, if you have a central
1844 email server, you might relay to that host so that users don't have
1845 to have .forward files or aliases. You can do this using
1847 define(`LOCAL_RELAY', `mailer:hostname')
1849 The ``mailer:'' can be omitted, in which case the mailer defaults to
1850 "relay". There are some user names that you don't want relayed, perhaps
1851 because of local aliases. A common example is root, which may be
1852 locally aliased. You can add entries to this list using
1854 LOCAL_USER(`usernames')
1856 This adds users to class {L}; you could also use
1858 LOCAL_USER_FILE(`filename')
1860 If you want all incoming mail sent to a centralized hub, as for a
1861 shared /var/spool/mail scheme, use
1863 define(`MAIL_HUB', `mailer:hostname')
1865 Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY
1866 and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1867 be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1868 Note: there is a (long standing) bug which keeps this combination from
1869 working for addresses of the form user+detail.
1870 Names in class {L} will be delivered locally, so you MUST have aliases or
1871 .forward files for them.
1873 For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1874 FEATURE(`stickyhost'), the following combinations of settings will have the
1877 email sent to.... eric eric@mastodon.CS.Berkeley.EDU
1879 LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally)
1880 mail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
1882 MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1883 mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done)
1885 Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
1886 MAIL_HUB set as above (no local aliasing) (aliasing done)
1888 If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1889 MAIL_HUB act identically, with MAIL_HUB taking precedence.
1891 If you want all outgoing mail to go to a central relay site, define
1892 SMART_HOST as well. Briefly:
1894 LOCAL_RELAY applies to unqualified names (e.g., "eric").
1895 MAIL_HUB applies to names qualified with the name of the
1896 local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1897 SMART_HOST applies to names qualified with other hosts or
1898 bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1899 or "eric@[127.0.0.1]").
1901 However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1902 DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1903 really want absolutely everything to go to a single central site you will
1904 need to unset all the other relays -- or better yet, find or build a
1905 minimal config file that does this.
1907 For duplicate suppression to work properly, the host name is best
1908 specified with a terminal dot:
1910 define(`MAIL_HUB', `host.domain.')
1911 note the trailing dot ---^
1914 +-------------------------------------------+
1915 | USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1916 +-------------------------------------------+
1918 LDAP can be used for aliases, maps, and classes by either specifying your
1919 own LDAP map specification or using the built-in default LDAP map
1920 specification. The built-in default specifications all provide lookups
1921 which match against either the machine's fully qualified hostname (${j}) or
1922 a "cluster". The cluster allows you to share LDAP entries among a large
1923 number of machines without having to enter each of the machine names into
1924 each LDAP entry. To set the LDAP cluster name to use for a particular
1925 machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1926 unique name. For example:
1928 define(`confLDAP_CLUSTER', `Servers')
1930 Here, the word `Servers' will be the cluster name. As an example, assume
1931 that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1932 to the Servers cluster.
1934 Some of the LDAP LDIF examples below show use of the Servers cluster.
1935 Every entry must have either a sendmailMTAHost or sendmailMTACluster
1936 attribute or it will be ignored. Be careful as mixing clusters and
1937 individual host records can have surprising results (see the CAUTION
1940 See the file cf/sendmail.schema for the actual LDAP schemas. Note that
1941 this schema (and therefore the lookups and examples below) is experimental
1942 at this point as it has had little public review. Therefore, it may change
1943 in future versions. Feedback via sendmail-YYYY@support.sendmail.org is
1944 encouraged (replace YYYY with the current year, e.g., 2005).
1950 The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
1951 lookups. To use the default schema, simply use:
1953 define(`ALIAS_FILE', `ldap:')
1955 By doing so, you will use the default schema which expands to a map
1956 declared as follows:
1958 ldap -k (&(objectClass=sendmailMTAAliasObject)
1959 (sendmailMTAAliasGrouping=aliases)
1960 (|(sendmailMTACluster=${sendmailMTACluster})
1961 (sendmailMTAHost=$j))
1962 (sendmailMTAKey=%0))
1963 -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
1966 NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1967 used when the binary expands the `ldap:' token as the AliasFile option is
1968 not actually macro-expanded when read from the sendmail.cf file.
1970 Example LDAP LDIF entries might be:
1972 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
1973 objectClass: sendmailMTA
1974 objectClass: sendmailMTAAlias
1975 objectClass: sendmailMTAAliasObject
1976 sendmailMTAAliasGrouping: aliases
1977 sendmailMTAHost: etrn.sendmail.org
1978 sendmailMTAKey: sendmail-list
1979 sendmailMTAAliasValue: ca@example.org
1980 sendmailMTAAliasValue: eric
1981 sendmailMTAAliasValue: gshapiro@example.com
1983 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
1984 objectClass: sendmailMTA
1985 objectClass: sendmailMTAAlias
1986 objectClass: sendmailMTAAliasObject
1987 sendmailMTAAliasGrouping: aliases
1988 sendmailMTAHost: etrn.sendmail.org
1989 sendmailMTAKey: owner-sendmail-list
1990 sendmailMTAAliasValue: eric
1992 dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
1993 objectClass: sendmailMTA
1994 objectClass: sendmailMTAAlias
1995 objectClass: sendmailMTAAliasObject
1996 sendmailMTAAliasGrouping: aliases
1997 sendmailMTACluster: Servers
1998 sendmailMTAKey: postmaster
1999 sendmailMTAAliasValue: eric
2001 Here, the aliases sendmail-list and owner-sendmail-list will be available
2002 only on etrn.sendmail.org but the postmaster alias will be available on
2003 every machine in the Servers cluster (including etrn.sendmail.org).
2005 CAUTION: aliases are additive so that entries like these:
2007 dn: sendmailMTAKey=bob, dc=sendmail, dc=org
2008 objectClass: sendmailMTA
2009 objectClass: sendmailMTAAlias
2010 objectClass: sendmailMTAAliasObject
2011 sendmailMTAAliasGrouping: aliases
2012 sendmailMTACluster: Servers
2014 sendmailMTAAliasValue: eric
2016 dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
2017 objectClass: sendmailMTA
2018 objectClass: sendmailMTAAlias
2019 objectClass: sendmailMTAAliasObject
2020 sendmailMTAAliasGrouping: aliases
2021 sendmailMTAHost: etrn.sendmail.org
2023 sendmailMTAAliasValue: gshapiro
2025 would mean that on all of the hosts in the cluster, mail to bob would go to
2026 eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
2029 If you prefer not to use the default LDAP schema for your aliases, you can
2030 specify the map parameters when setting ALIAS_FILE. For example:
2032 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
2038 FEATURE()'s which take an optional map definition argument (e.g., access,
2039 mailertable, virtusertable, etc.) can instead take the special keyword
2042 FEATURE(`access_db', `LDAP')
2043 FEATURE(`virtusertable', `LDAP')
2045 When this keyword is given, that map will use LDAP lookups consisting of
2046 the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
2047 with the map name, a search attribute of sendmailMTAKey, and the value
2048 attribute sendmailMTAMapValue.
2050 The values for sendmailMTAMapName are:
2052 FEATURE() sendmailMTAMapName
2053 --------- ------------------
2058 genericstable generics
2060 uucpdomain uucpdomain
2061 virtusertable virtuser
2063 For example, FEATURE(`mailertable', `LDAP') would use the map definition:
2065 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
2066 (sendmailMTAMapName=mailer)
2067 (|(sendmailMTACluster=${sendmailMTACluster})
2068 (sendmailMTAHost=$j))
2069 (sendmailMTAKey=%0))
2070 -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
2072 An example LDAP LDIF entry using this map might be:
2074 dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
2075 objectClass: sendmailMTA
2076 objectClass: sendmailMTAMap
2077 sendmailMTACluster: Servers
2078 sendmailMTAMapName: mailer
2080 dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2081 objectClass: sendmailMTA
2082 objectClass: sendmailMTAMap
2083 objectClass: sendmailMTAMapObject
2084 sendmailMTAMapName: mailer
2085 sendmailMTACluster: Servers
2086 sendmailMTAKey: example.com
2087 sendmailMTAMapValue: relay:[smtp.example.com]
2089 CAUTION: If your LDAP database contains the record above and *ALSO* a host
2090 specific record such as:
2092 dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
2093 objectClass: sendmailMTA
2094 objectClass: sendmailMTAMap
2095 objectClass: sendmailMTAMapObject
2096 sendmailMTAMapName: mailer
2097 sendmailMTAHost: etrn.sendmail.org
2098 sendmailMTAKey: example.com
2099 sendmailMTAMapValue: relay:[mx.example.com]
2101 then these entries will give unexpected results. When the lookup is done
2102 on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
2103 require a single match. Since the host etrn.sendmail.org is also in the
2104 Servers cluster, LDAP would return two answers for the example.com map key
2105 in which case sendmail would treat this as no match at all.
2107 If you prefer not to use the default LDAP schema for your maps, you can
2108 specify the map parameters when using the FEATURE(). For example:
2110 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
2116 Normally, classes can be filled via files or programs. As of 8.12, they
2117 can also be filled via map lookups using a new syntax:
2119 F{ClassName}mapkey@mapclass:mapspec
2121 mapkey is optional and if not provided the map key will be empty. This can
2122 be used with LDAP to read classes from LDAP. Note that the lookup is only
2123 done when sendmail is initially started. Use the special value `@LDAP' to
2124 use the default LDAP schema. For example:
2126 RELAY_DOMAIN_FILE(`@LDAP')
2128 would put all of the attribute sendmailMTAClassValue values of LDAP records
2129 with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
2130 'R' into class $={R}. In other words, it is equivalent to the LDAP map
2133 F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
2134 (sendmailMTAClassName=R)
2135 (|(sendmailMTACluster=${sendmailMTACluster})
2136 (sendmailMTAHost=$j)))
2137 -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
2139 NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
2140 used when the binary expands the `@LDAP' token as class declarations are
2141 not actually macro-expanded when read from the sendmail.cf file.
2143 This can be used with class related commands such as RELAY_DOMAIN_FILE(),
2144 MASQUERADE_DOMAIN_FILE(), etc:
2146 Command sendmailMTAClassName
2147 ------- --------------------
2148 CANONIFY_DOMAIN_FILE() Canonify
2149 EXPOSED_USER_FILE() E
2150 GENERICS_DOMAIN_FILE() G
2151 LDAPROUTE_DOMAIN_FILE() LDAPRoute
2152 LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv
2154 MASQUERADE_DOMAIN_FILE() M
2155 MASQUERADE_EXCEPTION_FILE() N
2156 RELAY_DOMAIN_FILE() R
2157 VIRTUSER_DOMAIN_FILE() VirtHost
2159 You can also add your own as any 'F'ile class of the form:
2163 will use "ClassName" for the sendmailMTAClassName.
2165 An example LDAP LDIF entry would look like:
2167 dn: sendmailMTAClassName=R, dc=sendmail, dc=org
2168 objectClass: sendmailMTA
2169 objectClass: sendmailMTAClass
2170 sendmailMTACluster: Servers
2171 sendmailMTAClassName: R
2172 sendmailMTAClassValue: sendmail.org
2173 sendmailMTAClassValue: example.com
2174 sendmailMTAClassValue: 10.56.23
2176 CAUTION: If your LDAP database contains the record above and *ALSO* a host
2177 specific record such as:
2179 dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
2180 objectClass: sendmailMTA
2181 objectClass: sendmailMTAClass
2182 sendmailMTAHost: etrn.sendmail.org
2183 sendmailMTAClassName: R
2184 sendmailMTAClassValue: example.com
2186 the result will be similar to the aliases caution above. When the lookup
2187 is done on etrn.sendmail.org, $={R} would contain all of the entries (from
2188 both the cluster match and the host match). In other words, the effective
2191 If you prefer not to use the default LDAP schema for your classes, you can
2192 specify the map parameters when using the class command. For example:
2194 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
2196 Remember, macros can not be used in a class declaration as the binary does
2204 FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
2205 LDAP Schema for Intranet Mail Routing
2206 (draft-lachman-laser-ldap-mail-routing-01). This feature enables
2207 LDAP-based rerouting of a particular address to either a different host
2208 or a different address. The LDAP lookup is first attempted on the full
2209 address (e.g., user@example.com) and then on the domain portion
2210 (e.g., @example.com). Be sure to setup your domain for LDAP routing using
2211 LDAPROUTE_DOMAIN(), e.g.:
2213 LDAPROUTE_DOMAIN(`example.com')
2215 Additionally, you can specify equivalent domains for LDAP routing using
2216 LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent'
2217 hostnames are mapped to $M (the masqueraded hostname for the server) before
2218 the LDAP query. For example, if the mail is addressed to
2219 user@host1.example.com, normally the LDAP lookup would only be done for
2220 'user@host1.example.com' and '@host1.example.com'. However, if
2221 LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
2222 done on 'user@example.com' and '@example.com' after attempting the
2223 host1.example.com lookups.
2225 By default, the feature will use the schemas as specified in the draft
2226 and will not reject addresses not found by the LDAP lookup. However,
2227 this behavior can be changed by giving additional arguments to the FEATURE()
2230 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
2231 <detail>, <nodomain>, <tempfail>)
2233 where <mailHost> is a map definition describing how to look up an alternative
2234 mail host for a particular address; <mailRoutingAddress> is a map definition
2235 describing how to look up an alternative address for a particular address;
2236 the <bounce> argument, if present and not the word "passthru", dictates
2237 that mail should be bounced if neither a mailHost nor mailRoutingAddress
2238 is found, if set to "sendertoo", the sender will be rejected if not
2239 found in LDAP; and <detail> indicates what actions to take if the address
2240 contains +detail information -- `strip' tries the lookup with the +detail
2241 and if no matches are found, strips the +detail and tries the lookup again;
2242 `preserve', does the same as `strip' but if a mailRoutingAddress match is
2243 found, the +detail information is copied to the new address; the <nodomain>
2244 argument, if present, will prevent the @domain lookup if the full
2245 address is not found in LDAP; the <tempfail> argument, if set to
2246 "tempfail", instructs the rules to give an SMTP 4XX temporary
2247 error if the LDAP server gives the MTA a temporary failure, or if set to
2248 "queue" (the default), the MTA will locally queue the mail.
2250 The default <mailHost> map definition is:
2252 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2253 (mailLocalAddress=%0))
2255 The default <mailRoutingAddress> map definition is:
2257 ldap -1 -T<TMPF> -v mailRoutingAddress
2258 -k (&(objectClass=inetLocalMailRecipient)
2259 (mailLocalAddress=%0))
2261 Note that neither includes the LDAP server hostname (-h server) or base DN
2262 (-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
2263 your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
2264 these settings. If this is not the case, the map definitions should be
2265 changed as described above. The "-T<TMPF>" is required in any user
2266 specified map definition to catch temporary errors.
2268 The following possibilities exist as a result of an LDAP lookup on an
2271 mailHost is mailRoutingAddress is Results in
2272 ----------- --------------------- ----------
2273 set to a set mail delivered to
2274 "local" host mailRoutingAddress
2276 set to a not set delivered to
2277 "local" host original address
2279 set to a set mailRoutingAddress
2280 remote host relayed to mailHost
2282 set to a not set original address
2283 remote host relayed to mailHost
2285 not set set mail delivered to
2288 not set not set delivered to
2289 original address *OR*
2290 bounced as unknown user
2292 The term "local" host above means the host specified is in class {w}. If
2293 the result would mean sending the mail to a different host, that host is
2294 looked up in the mailertable before delivery.
2296 Note that the last case depends on whether the third argument is given
2297 to the FEATURE() command. The default is to deliver the message to the
2300 The LDAP entries should be set up with an objectClass of
2301 inetLocalMailRecipient and the address be listed in a mailLocalAddress
2302 attribute. If present, there must be only one mailHost attribute and it
2303 must contain a fully qualified host name as its value. Similarly, if
2304 present, there must be only one mailRoutingAddress attribute and it must
2305 contain an RFC 822 compliant address. Some example LDAP records (in LDIF
2308 dn: uid=tom, o=example.com, c=US
2309 objectClass: inetLocalMailRecipient
2310 mailLocalAddress: tom@example.com
2311 mailRoutingAddress: thomas@mailhost.example.com
2313 This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2315 dn: uid=dick, o=example.com, c=US
2316 objectClass: inetLocalMailRecipient
2317 mailLocalAddress: dick@example.com
2318 mailHost: eng.example.com
2320 This would relay mail for dick@example.com to the same address but redirect
2321 the mail to MX records listed for the host eng.example.com (unless the
2322 mailertable overrides).
2324 dn: uid=harry, o=example.com, c=US
2325 objectClass: inetLocalMailRecipient
2326 mailLocalAddress: harry@example.com
2327 mailHost: mktmail.example.com
2328 mailRoutingAddress: harry@mkt.example.com
2330 This would relay mail for harry@example.com to the MX records listed for
2331 the host mktmail.example.com using the new address harry@mkt.example.com
2332 when talking to that host.
2334 dn: uid=virtual.example.com, o=example.com, c=US
2335 objectClass: inetLocalMailRecipient
2336 mailLocalAddress: @virtual.example.com
2337 mailHost: server.example.com
2338 mailRoutingAddress: virtual@example.com
2340 This would send all mail destined for any username @virtual.example.com to
2341 the machine server.example.com's MX servers and deliver to the address
2342 virtual@example.com on that relay machine.
2345 +---------------------------------+
2346 | ANTI-SPAM CONFIGURATION CONTROL |
2347 +---------------------------------+
2349 The primary anti-spam features available in sendmail are:
2351 * Relaying is denied by default.
2352 * Better checking on sender information.
2356 Relaying (transmission of messages from a site outside your host (class
2357 {w}) to another site except yours) is denied by default. Note that this
2358 changed in sendmail 8.9; previous versions allowed relaying by default.
2359 If you really want to revert to the old behaviour, you will need to use
2360 FEATURE(`promiscuous_relay'). You can allow certain domains to relay
2361 through your server by adding their domain name or IP address to class
2362 {R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2363 (described below). Note that IPv6 addresses must be prefaced with "IPv6:".
2364 The file consists (like any other file based class) of entries listed on
2365 separate lines, e.g.,
2370 IPv6:2002:c0a8:51d2::23f4
2374 Notice: the last entry allows relaying for connections via a UNIX
2375 socket to the MTA/MSP. This might be necessary if your configuration
2376 doesn't allow relaying by other means in that case, e.g., by having
2377 localhost.$m in class {R} (make sure $m is not just a top level
2382 FEATURE(`relay_entire_domain')
2384 then any host in any of your local domains (that is, class {m})
2385 will be relayed (that is, you will accept mail either to or from any
2386 host in your domain).
2388 You can also allow relaying based on the MX records of the host
2389 portion of an incoming recipient address by using
2391 FEATURE(`relay_based_on_MX')
2393 For example, if your server receives a recipient of user@domain.com
2394 and domain.com lists your server in its MX records, the mail will be
2395 accepted for relay to domain.com. This feature may cause problems
2396 if MX lookups for the recipient domain are slow or time out. In that
2397 case, mail will be temporarily rejected. It is usually better to
2398 maintain a list of hosts/domains for which the server acts as relay.
2399 Note also that this feature will stop spammers from using your host
2400 to relay spam but it will not stop outsiders from using your server
2401 as a relay for their site (that is, they set up an MX record pointing
2402 to your mail server, and you will relay mail addressed to them
2403 without any prior arrangement). Along the same lines,
2405 FEATURE(`relay_local_from')
2407 will allow relaying if the sender specifies a return path (i.e.
2408 MAIL FROM:<user@domain>) domain which is a local domain. This is a
2409 dangerous feature as it will allow spammers to spam using your mail
2410 server by simply specifying a return address of user@your.domain.com.
2411 It should not be used unless absolutely necessary.
2412 A slightly better solution is
2414 FEATURE(`relay_mail_from')
2416 which allows relaying if the mail sender is listed as RELAY in the
2417 access map. If an optional argument `domain' (this is the literal
2418 word `domain', not a placeholder) is given, the domain portion of
2419 the mail sender is also checked to allowing relaying. This option
2420 only works together with the tag From: for the LHS of the access
2421 map entries. This feature allows spammers to abuse your mail server
2422 by specifying a return address that you enabled in your access file.
2423 This may be harder to figure out for spammers, but it should not
2424 be used unless necessary. Instead use SMTP AUTH or STARTTLS to
2425 allow relaying for roaming users.
2428 If source routing is used in the recipient address (e.g.,
2429 RCPT TO:<user%site.com@othersite.com>), sendmail will check
2430 user@site.com for relaying if othersite.com is an allowed relay host
2431 in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2432 or the access database if FEATURE(`access_db') is used. To prevent
2433 the address from being stripped down, use:
2435 FEATURE(`loose_relay_check')
2437 If you think you need to use this feature, you probably do not. This
2438 should only be used for sites which have no control over the addresses
2439 that they provide a gateway for. Use this FEATURE with caution as it
2440 can allow spammers to relay through your server if not setup properly.
2442 NOTICE: It is possible to relay mail through a system which the anti-relay
2443 rules do not prevent: the case of a system that does use FEATURE(`nouucp',
2444 `nospecial') (system A) and relays local messages to a mail hub (e.g., via
2445 LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use
2446 FEATURE(`nouucp') at all, addresses of the form
2447 <example.net!user@local.host> would be relayed to <user@example.net>.
2448 System A doesn't recognize `!' as an address separator and therefore
2449 forwards it to the mail hub which in turns relays it because it came from
2450 a trusted local host. So if a mailserver allows UUCP (bang-format)
2451 addresses, all systems from which it allows relaying should do the same
2452 or reject those addresses.
2454 As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2455 an unresolvable domain (i.e., one that DNS, your local name service,
2456 or special case rules in ruleset 3 cannot locate). This also applies
2457 to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2458 IP address can't be mapped to a host name. If you want to continue
2459 to accept such domains, e.g., because you are inside a firewall that
2460 has only a limited view of the Internet host name space (note that you
2461 will not be able to return mail to them unless you have some "smart
2462 host" forwarder), use
2464 FEATURE(`accept_unresolvable_domains')
2466 Alternatively, you can allow specific addresses by adding them to
2467 the access map, e.g.,
2469 From:unresolvable.domain OK
2473 Notice: domains which are temporarily unresolvable are (temporarily)
2474 rejected with a 451 reply code. If those domains should be accepted
2475 (which is discouraged) then you can use
2480 sendmail will also refuse mail if the MAIL FROM: parameter is not
2481 fully qualified (i.e., contains a domain as well as a user). If you
2482 want to continue to accept such senders, use
2484 FEATURE(`accept_unqualified_senders')
2486 Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2487 i.e., unqualified addresses are accepted even without this FEATURE. If
2488 this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2489 to enforce fully qualified domain names.
2491 An ``access'' database can be created to accept or reject mail from
2492 selected domains. For example, you may choose to reject all mail
2493 originating from known spammers. To enable such a database, use
2495 FEATURE(`access_db')
2497 Notice: the access database is applied to the envelope addresses
2498 and the connection information, not to the header.
2500 The FEATURE macro can accept as second parameter the key file
2501 definition for the database; for example
2503 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2505 Notice: If a second argument is specified it must contain the option
2506 `-T<TMPF>' as shown above. The optional parameters may be
2508 `skip' enables SKIP as value part (see below).
2509 `lookupdotdomain' another way to enable the feature of the
2510 same name (see above).
2511 `relaytofulladdress' enable entries of the form
2512 To:user@example.com RELAY
2513 to allow relaying to just a specific
2514 e-mail address instead of an entire domain.
2516 Remember, since /etc/mail/access is a database, after creating the text
2517 file as described below, you must use makemap to create the database
2520 makemap hash /etc/mail/access < /etc/mail/access
2522 The table itself uses e-mail addresses, domain names, and network
2523 numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:".
2526 From:spammer@aol.com REJECT
2527 From:cyberspammer.com REJECT
2528 Connect:cyberspammer.com REJECT
2530 Connect:192.168.212 REJECT
2531 Connect:IPv6:2002:c0a8:02c7 RELAY
2532 Connect:IPv6:2002:c0a8:51d2::23f4 REJECT
2534 would refuse mail from spammer@aol.com, any user from cyberspammer.com
2535 (or any host within the cyberspammer.com domain), any host in the entire
2536 top level domain TLD, 192.168.212.* network, and the IPv6 address
2537 2002:c0a8:51d2::23f4. It would allow relay for the IPv6 network
2538 2002:c0a8:02c7::/48.
2540 Entries in the access map should be tagged according to their type.
2541 Three tags are available:
2543 Connect: connection information (${client_addr}, ${client_name})
2544 From: envelope sender
2545 To: envelope recipient
2547 Notice: untagged entries are deprecated.
2549 If the required item is looked up in a map, it will be tried first
2550 with the corresponding tag in front, then (as fallback to enable
2551 backward compatibility) without any tag, unless the specific feature
2552 requires a tag. For example,
2554 From:spammer@some.dom REJECT
2555 To:friend.domain RELAY
2556 Connect:friend.domain OK
2557 Connect:from.domain RELAY
2558 From:good@another.dom OK
2559 From:another.dom REJECT
2561 This would deny mails from spammer@some.dom but you could still
2562 send mail to that address even if FEATURE(`blacklist_recipients')
2563 is enabled. Your system will allow relaying to friend.domain, but
2564 not from it (unless enabled by other means). Connections from that
2565 domain will be allowed even if it ends up in one of the DNS based
2566 rejection lists. Relaying is enabled from from.domain but not to
2567 it (since relaying is based on the connection information for
2568 outgoing relaying, the tag Connect: must be used; for incoming
2569 relaying, which is based on the recipient address, To: must be
2570 used). The last two entries allow mails from good@another.dom but
2571 reject mail from all other addresses with another.dom as domain
2575 The value part of the map can contain:
2577 OK Accept mail even if other rules in the running
2578 ruleset would reject it, for example, if the domain
2579 name is unresolvable. "Accept" does not mean
2580 "relay", but at most acceptance for local
2581 recipients. That is, OK allows less than RELAY.
2582 RELAY Accept mail addressed to the indicated domain
2583 (or address if `relaytofulladdress' is set) or
2584 received from the indicated domain for relaying
2585 through your SMTP server. RELAY also serves as
2586 an implicit OK for the other checks.
2587 REJECT Reject the sender or recipient with a general
2589 DISCARD Discard the message completely using the
2590 $#discard mailer. If it is used in check_compat,
2591 it affects only the designated recipient, not
2592 the whole message as it does in all other cases.
2593 This should only be used if really necessary.
2594 SKIP This can only be used for host/domain names
2595 and IP addresses/nets. It will abort the current
2596 search for this entry without accepting or rejecting
2597 it but causing the default action.
2598 ### any text where ### is an RFC 821 compliant error code and
2599 "any text" is a message to return for the command.
2600 The entire string should be quoted to avoid
2605 Otherwise sendmail formats the text as email
2606 addresses, e.g., it may remove spaces.
2607 This type is deprecated, use one of the two
2608 ERROR: entries below instead.
2610 as above, but useful to mark error messages as such.
2611 If quotes need to be used to avoid modifications
2612 (see above), they should be placed like this:
2614 ERROR:"### any text"
2616 ERROR:D.S.N:### any text
2617 where D.S.N is an RFC 1893 compliant error code
2618 and the rest as above. If quotes need to be used
2619 to avoid modifications, they should be placed
2622 ERROR:D.S.N:"### any text"
2625 Quarantine the message using the given text as the
2626 quarantining reason.
2630 From:cyberspammer.com ERROR:"550 We don't accept mail from spammers"
2631 From:okay.cyberspammer.com OK
2632 Connect:sendmail.org RELAY
2633 To:sendmail.org RELAY
2634 Connect:128.32 RELAY
2635 Connect:128.32.2 SKIP
2636 Connect:IPv6:1:2:3:4:5:6:7 RELAY
2637 Connect:suspicious.example.com QUARANTINE:Mail from suspicious host
2638 Connect:[127.0.0.3] OK
2639 Connect:[IPv6:1:2:3:4:5:6:7:8] OK
2641 would accept mail from okay.cyberspammer.com, but would reject mail
2642 from all other hosts at cyberspammer.com with the indicated message.
2643 It would allow relaying mail from and to any hosts in the sendmail.org
2644 domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2645 and from the 128.32.*.* network except for the 128.32.2.* network,
2646 which shows how SKIP is useful to exempt subnets/subdomains. The
2647 last two entries are for checks against ${client_name} if the IP
2648 address doesn't resolve to a hostname (or is considered as "may be
2649 forged"). That is, using square brackets means these are host
2650 names, not network numbers.
2652 Warning: if you change the RFC 821 compliant error code from the default
2653 value of 550, then you should probably also change the RFC 1893 compliant
2654 error code to match it. For example, if you use
2656 To:user@example.com ERROR:450 mailbox full
2658 the error returned would be "450 5.0.0 mailbox full" which is wrong.
2659 Use "ERROR:4.2.2:450 mailbox full" instead.
2661 Note, UUCP users may need to add hostname.UUCP to the access database
2666 FEATURE(`relay_hosts_only')
2668 then the above example will allow relaying for sendmail.org, but not
2669 hosts within the sendmail.org domain. Note that this will also require
2670 hosts listed in class {R} to be fully qualified host names.
2672 You can also use the access database to block sender addresses based on
2673 the username portion of the address. For example:
2675 From:FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted
2677 Note that you must include the @ after the username to signify that
2678 this database entry is for checking only the username portion of the
2683 FEATURE(`blacklist_recipients')
2685 then you can add entries to the map for local users, hosts in your
2686 domains, or addresses in your domain which should not receive mail:
2688 To:badlocaluser@ ERROR:550 Mailbox disabled for badlocaluser
2689 To:host.my.TLD ERROR:550 That host does not accept mail
2690 To:user@other.my.TLD ERROR:550 Mailbox disabled for this recipient
2692 This would prevent a recipient of badlocaluser in any of the local
2693 domains (class {w}), any user at host.my.TLD, and the single address
2694 user@other.my.TLD from receiving mail. Please note: a local username
2695 must be now tagged with an @ (this is consistent with the check of
2696 the sender address, and hence it is possible to distinguish between
2697 hostnames and usernames). Enabling this feature will keep you from
2698 sending mails to all addresses that have an error message or REJECT
2699 as value part in the access map. Taking the example from above:
2701 spammer@aol.com REJECT
2702 cyberspammer.com REJECT
2704 Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2705 That's why tagged entries should be used.
2707 There are several DNS based blacklists which can be found by
2708 querying a search engine. These are databases of spammers
2709 maintained in DNS. To use such a database, specify
2711 FEATURE(`dnsbl', `dnsbl.example.com')
2713 This will cause sendmail to reject mail from any site listed in the
2714 DNS based blacklist. You must select a DNS based blacklist domain
2715 to check by specifying an argument to the FEATURE. The default
2718 Rejected: IP-ADDRESS listed at SERVER
2720 where IP-ADDRESS and SERVER are replaced by the appropriate
2721 information. A second argument can be used to specify a different
2722 text or action. For example,
2724 FEATURE(`dnsbl', `dnsbl.example.com', `quarantine')
2726 would quarantine the message if the client IP address is listed
2727 at `dnsbl.example.com'.
2729 By default, temporary lookup failures are ignored
2730 and hence cause the connection not to be rejected by the DNS based
2731 rejection list. This behavior can be changed by specifying a third
2732 argument, which must be either `t' or a full error message. For
2735 FEATURE(`dnsbl', `dnsbl.example.com', `',
2736 `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2738 If `t' is used, the error message is:
2740 451 Temporary lookup failure of IP-ADDRESS at SERVER
2742 where IP-ADDRESS and SERVER are replaced by the appropriate
2745 This FEATURE can be included several times to query different
2746 DNS based rejection lists.
2748 Notice: to avoid checking your own local domains against those
2749 blacklists, use the access_db feature and add:
2752 Connect:127.0.0.1 RELAY
2754 to the access map, where 10.1 is your local network. You may
2755 want to use "RELAY" instead of "OK" to allow also relaying
2756 instead of just disabling the DNS lookups in the blacklists.
2759 The features described above make use of the check_relay, check_mail,
2760 and check_rcpt rulesets. Note that check_relay checks the SMTP
2761 client hostname and IP address when the connection is made to your
2762 server. It does not check if a mail message is being relayed to
2763 another server. That check is done in check_rcpt. If you wish to
2764 include your own checks, you can put your checks in the rulesets
2765 Local_check_relay, Local_check_mail, and Local_check_rcpt. For
2766 example if you wanted to block senders with all numeric usernames
2767 (i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2771 Kallnumbers regex -a@MATCH ^[0-9]+$
2775 # check address against various regex checks
2776 R$* $: $>Parse0 $>3 $1
2777 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $)
2778 R@MATCH $#error $: 553 Header Error
2780 These rules are called with the original arguments of the corresponding
2781 check_* ruleset. If the local ruleset returns $#OK, no further checking
2782 is done by the features described above and the mail is accepted. If
2783 the local ruleset resolves to a mailer (such as $#error or $#discard),
2784 the appropriate action is taken. Other results starting with $# are
2785 interpreted by sendmail and may lead to unspecified behavior. Note: do
2786 NOT create a mailer with the name OK. Return values that do not start
2787 with $# are ignored, i.e., normal processing continues.
2792 By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2793 will not be called when a client connects or issues a MAIL command,
2794 respectively. Instead, those rulesets will be called by the check_rcpt
2795 ruleset; they will be skipped if a sender has been authenticated using
2796 a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2797 If check_mail returns an error then the RCPT TO command will be rejected
2798 with that error. If it returns some other result starting with $# then
2799 check_relay will be skipped. If the sender address (or a part of it) is
2800 listed in the access map and it has a RHS of OK or RELAY, then check_relay
2801 will be skipped. This has an interesting side effect: if your domain is
2802 my.domain and you have
2806 in the access map, then any e-mail with a sender address of
2807 <user@my.domain> will not be rejected by check_relay even though
2808 it would match the hostname or IP address. This allows spammers
2809 to get around DNS based blacklist by faking the sender address. To
2810 avoid this problem you have to use tagged entries:
2813 Connect:my.domain RELAY
2815 if you need those entries at all (class {R} may take care of them).
2817 FEATURE(`delay_checks') can take an optional argument:
2819 FEATURE(`delay_checks', `friend')
2820 enables spamfriend test
2821 FEATURE(`delay_checks', `hater')
2822 enables spamhater test
2824 If such an argument is given, the recipient will be looked up in the
2825 access map (using the tag Spam:). If the argument is `friend', then
2826 the default behavior is to apply the other rulesets and make a SPAM
2827 friend the exception. The rulesets check_mail and check_relay will be
2828 skipped only if the recipient address is found and has RHS FRIEND. If
2829 the argument is `hater', then the default behavior is to skip the rulesets
2830 check_mail and check_relay and make a SPAM hater the exception. The
2831 other two rulesets will be applied only if the recipient address is
2832 found and has RHS HATER.
2834 This allows for simple exceptions from the tests, e.g., by activating
2835 the friend option and having
2839 in the access map, mail to abuse@localdomain will get through (where
2840 "localdomain" is any domain in class {w}). It is also possible to
2841 specify a full address or an address with +detail:
2843 Spam:abuse@my.domain FRIEND
2844 Spam:me+abuse@ FRIEND
2845 Spam:spam.domain FRIEND
2847 Note: The required tag has been changed in 8.12 from To: to Spam:.
2848 This change is incompatible to previous versions. However, you can
2849 (for now) simply add the new entries to the access map, the old
2850 ones will be ignored. As soon as you removed the old entries from
2851 the access map, specify a third parameter (`n') to this feature and
2852 the backward compatibility rules will not be in the generated .cf
2858 You can also reject mail on the basis of the contents of headers.
2859 This is done by adding a ruleset call to the 'H' header definition command
2860 in sendmail.cf. For example, this can be used to check the validity of
2861 a Message-ID: header:
2864 HMessage-Id: $>CheckMessageId
2869 R$* $#error $: 553 Header Error
2871 The alternative format:
2873 HSubject: $>+CheckSubject
2875 that is, $>+ instead of $>, gives the full Subject: header including
2876 comments to the ruleset (comments in parentheses () are stripped
2879 A default ruleset for headers which don't have a specific ruleset
2880 defined for them can be given by:
2885 1. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2886 That may cause problems with simple header checks due to the
2887 tokenization. It might be simpler to use a regex map and apply it
2889 2. There are no default rulesets coming with this distribution of
2890 sendmail. You can write your own, can search the WWW for examples,
2891 or take a look at cf/cf/knecht.mc.
2892 3. When using a default ruleset for headers, the name of the header
2893 currently being checked can be found in the $&{hdr_name} macro.
2895 After all of the headers are read, the check_eoh ruleset will be called for
2896 any final header-related checks. The ruleset is called with the number of
2897 headers and the size of all of the headers in bytes separated by $|. One
2898 example usage is to reject messages which do not have a Message-Id:
2899 header. However, the Message-Id: header is *NOT* a required header and is
2900 not a guaranteed spam indicator. This ruleset is an example and should
2901 probably not be used in production.
2905 HMessage-Id: $>CheckMessageId
2909 # Record the presence of the header
2910 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
2912 R$* $#error $: 553 Header Error
2916 R$* $: < $&{MessageIdCheck} >
2917 # Clear the macro for the next message
2918 R$* $: $(storage {MessageIdCheck} $) $1
2919 # Has a Message-Id: header
2921 # Allow missing Message-Id: from local mail
2922 R$* $: < $&{client_name} >
2925 # Otherwise, reject the mail
2926 R$* $#error $: 553 Header Error
2929 +--------------------+
2930 | CONNECTION CONTROL |
2931 +--------------------+
2933 The features ratecontrol and conncontrol allow to establish connection
2934 limits per client IP address or net. These features can limit the
2935 rate of connections (connections per time unit) or the number of
2936 incoming SMTP connections, respectively. If enabled, appropriate
2937 rulesets are called at the end of check_relay, i.e., after DNS
2938 blacklists and generic access_db operations. The features require
2939 FEATURE(`access_db') to be listed earlier in the mc file.
2941 Note: FEATURE(`delay_checks') delays those connection control checks
2942 after a recipient address has been received, hence making these
2943 connection control features less useful. To run the checks as early
2944 as possible, specify the parameter `nodelay', e.g.,
2946 FEATURE(`ratecontrol', `nodelay')
2948 In that case, FEATURE(`delay_checks') has no effect on connection
2949 control (and it must be specified earlier in the mc file).
2951 An optional second argument `terminate' specifies whether the
2952 rulesets should return the error code 421 which will cause
2953 sendmail to terminate the session with that error if it is
2954 returned from check_relay, i.e., not delayed as explained in
2955 the previous paragraph. Example:
2957 FEATURE(`ratecontrol', `nodelay', `terminate')
2964 In this text, cert will be used as an abbreviation for X.509 certificate,
2965 DN (CN) is the distinguished (common) name of a cert, and CA is a
2966 certification authority, which signs (issues) certs.
2968 For STARTTLS to be offered by sendmail you need to set at least
2969 these variables (the file names and paths are just examples):
2971 define(`confCACERT_PATH', `/etc/mail/certs/')
2972 define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
2973 define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
2974 define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
2976 On systems which do not have the compile flag HASURANDOM set (see
2977 sendmail/README) you also must set confRAND_FILE.
2979 See doc/op/op.{me,ps,txt} for more information about these options,
2980 especially the sections ``Certificates for STARTTLS'' and ``PRNG for
2983 Macros related to STARTTLS are:
2985 ${cert_issuer} holds the DN of the CA (the cert issuer).
2986 ${cert_subject} holds the DN of the cert (called the cert subject).
2987 ${cn_issuer} holds the CN of the CA (the cert issuer).
2988 ${cn_subject} holds the CN of the cert (called the cert subject).
2989 ${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
2990 TLSv1/SSLv3, SSLv3, SSLv2.
2991 ${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
2992 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
2993 ${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
2994 used for the connection.
2995 ${verify} holds the result of the verification of the presented cert.
2996 Possible values are:
2997 OK verification succeeded.
2998 NO no cert presented.
2999 NOT no cert requested.
3000 FAIL cert presented but could not be verified,
3001 e.g., the cert of the signing CA is missing.
3002 NONE STARTTLS has not been performed.
3003 TEMP temporary error occurred.
3004 PROTOCOL protocol error occurred (SMTP level).
3005 SOFTWARE STARTTLS handshake failed.
3006 ${server_name} the name of the server of the current outgoing SMTP
3008 ${server_addr} the address of the server of the current outgoing SMTP
3014 SMTP STARTTLS can allow relaying for remote SMTP clients which have
3015 successfully authenticated themselves. If the verification of the cert
3016 failed (${verify} != OK), relaying is subject to the usual rules.
3017 Otherwise the DN of the issuer is looked up in the access map using the
3018 tag CERTISSUER. If the resulting value is RELAY, relaying is allowed.
3019 If it is SUBJECT, the DN of the cert subject is looked up next in the
3020 access map using the tag CERTSUBJECT. If the value is RELAY, relaying
3023 To make things a bit more flexible (or complicated), the values for
3024 ${cert_issuer} and ${cert_subject} can be optionally modified by regular
3025 expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
3026 _CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
3027 rulesets and map lookups, they are modified as follows: each non-printable
3028 character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
3029 by their HEX value with a leading '+'. For example:
3031 /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
3032 darth+cert@endmail.org
3036 /C=US/ST=California/O=endmail.org/OU=private/CN=
3037 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
3039 (line breaks have been inserted for readability).
3041 The macros which are subject to this encoding are ${cert_subject},
3042 ${cert_issuer}, ${cn_subject}, and ${cn_issuer}.
3046 To allow relaying for everyone who can present a cert signed by
3048 /C=US/ST=California/O=endmail.org/OU=private/CN=
3049 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
3053 CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3054 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY
3056 To allow relaying only for a subset of machines that have a cert signed by
3058 /C=US/ST=California/O=endmail.org/OU=private/CN=
3059 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
3063 CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
3064 Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT
3065 CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
3066 DeathStar/Email=deathstar@endmail.org RELAY
3069 - line breaks have been inserted after "CN=" for readability,
3070 each tagged entry must be one (long) line in the access map.
3071 - if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
3072 is replaced by "emailAddress=".
3074 Of course it is also possible to write a simple ruleset that allows
3075 relaying for everyone who can present a cert that can be verified, e.g.,
3082 Allowing Connections
3083 --------------------
3085 The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
3086 an SMTP connection is accepted (or should continue).
3088 tls_server is called when sendmail acts as client after a STARTTLS command
3089 (should) have been issued. The parameter is the value of ${verify}.
3091 tls_client is called when sendmail acts as server, after a STARTTLS command
3092 has been issued, and from check_mail. The parameter is the value of
3093 ${verify} and STARTTLS or MAIL, respectively.
3095 Both rulesets behave the same. If no access map is in use, the connection
3096 will be accepted unless ${verify} is SOFTWARE, in which case the connection
3097 is always aborted. For tls_server/tls_client, ${client_name}/${server_name}
3098 is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
3099 with the ruleset LookUpDomain. If no entry is found, ${client_addr}
3100 (${server_addr}) is looked up in the access map (same tag, ruleset
3101 LookUpAddr). If this doesn't result in an entry either, just the tag is
3102 looked up in the access map (included the trailing colon). Notice:
3103 requiring that e-mail is sent to a server only encrypted, e.g., via
3105 TLS_Srv:secure.domain ENCR:112
3107 doesn't necessarily mean that e-mail sent to that domain is encrypted.
3108 If the domain has multiple MX servers, e.g.,
3110 secure.domain. IN MX 10 mail.secure.domain.
3111 secure.domain. IN MX 50 mail.other.domain.
3113 then mail to user@secure.domain may go unencrypted to mail.other.domain.
3114 tls_rcpt can be used to address this problem.
3116 tls_rcpt is called before a RCPT TO: command is sent. The parameter is the
3117 current recipient. This ruleset is only defined if FEATURE(`access_db')
3118 is selected. A recipient address user@domain is looked up in the access
3119 map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
3120 and TLS_Rcpt:; the first match is taken.
3122 The result of the lookups is then used to call the ruleset TLS_connection,
3123 which checks the requirement specified by the RHS in the access map against
3124 the actual parameters of the current TLS connection, esp. ${verify} and
3125 ${cipher_bits}. Legal RHSs in the access map are:
3127 VERIFY verification must have succeeded
3128 VERIFY:bits verification must have succeeded and ${cipher_bits} must
3129 be greater than or equal bits.
3130 ENCR:bits ${cipher_bits} must be greater than or equal bits.
3132 The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
3133 or permanent error. The default is a temporary error code (403 4.7.0)
3134 unless the macro TLS_PERM_ERR is set during generation of the .cf file.
3136 If a certain level of encryption is required, then it might also be
3137 possible that this level is provided by the security layer from a SASL
3138 algorithm, e.g., DIGEST-MD5.
3140 Furthermore, there can be a list of extensions added. Such a list
3141 starts with '+' and the items are separated by '++'. Allowed
3144 CN:name name must match ${cn_subject}
3145 CN ${client_name}/${server_name} must match ${cn_subject}
3146 CS:name name must match ${cert_subject}
3147 CI:name name must match ${cert_issuer}
3149 Example: e-mail sent to secure.example.com should only use an encrypted
3150 connection. E-mail received from hosts within the laptop.example.com domain
3151 should only be accepted if they have been authenticated. The host which
3152 receives e-mail for darth@endmail.org must present a cert that uses the
3153 CN smtp.endmail.org.
3155 TLS_Srv:secure.example.com ENCR:112
3156 TLS_Clt:laptop.example.com PERM+VERIFY:112
3157 TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
3160 Disabling STARTTLS And Setting SMTP Server Features
3161 ---------------------------------------------------
3163 By default STARTTLS is used whenever possible. However, there are
3164 some broken MTAs that don't properly implement STARTTLS. To be able
3165 to send to (or receive from) those MTAs, the ruleset try_tls
3166 (srv_features) can be used that work together with the access map.
3167 Entries for the access map must be tagged with Try_TLS (Srv_Features)
3168 and refer to the hostname or IP address of the connecting system.
3169 A default case can be specified by using just the tag. For example,
3170 the following entries in the access map:
3172 Try_TLS:broken.server NO
3173 Srv_Features:my.domain v
3176 will turn off STARTTLS when sending to broken.server (or any host
3177 in that domain), and request a client certificate during the TLS
3178 handshake only for hosts in my.domain. The valid entries on the RHS
3179 for Srv_Features are listed in the Sendmail Installation and
3186 The Received: header reveals whether STARTTLS has been used. It contains an
3189 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
3192 +---------------------+
3193 | SMTP AUTHENTICATION |
3194 +---------------------+
3196 The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
3197 used in anti-relay rulesets to allow relaying for those users that
3198 authenticated themselves. A very simple example is:
3201 R$* $: $&{auth_type}
3204 which checks whether a user has successfully authenticated using
3205 any available mechanism. Depending on the setup of the Cyrus SASL
3206 library, more sophisticated rulesets might be required, e.g.,
3209 R$* $: $&{auth_type} $| $&{auth_authen}
3210 RDIGEST-MD5 $| $+@$=w $# OK
3212 to allow relaying for users that authenticated using DIGEST-MD5
3213 and have an identity in the local domains.
3215 The ruleset trust_auth is used to determine whether a given AUTH=
3216 parameter (that is passed to this ruleset) should be trusted. This
3217 ruleset may make use of the other ${auth_*} macros. Only if the
3218 ruleset resolves to the error mailer, the AUTH= parameter is not
3219 trusted. A user supplied ruleset Local_trust_auth can be written
3220 to modify the default behavior, which only trust the AUTH=
3221 parameter if it is identical to the authenticated user.
3223 Per default, relaying is allowed for any user who authenticated
3224 via a "trusted" mechanism, i.e., one that is defined via
3225 TRUST_AUTH_MECH(`list of mechanisms')
3227 TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
3229 If the selected mechanism provides a security layer the number of
3230 bits used for the key of the symmetric cipher is stored in the
3233 Providing SMTP AUTH Data when sendmail acts as Client
3234 -----------------------------------------------------
3236 If sendmail acts as client, it needs some information how to
3237 authenticate against another MTA. This information can be provided
3238 by the ruleset authinfo or by the option DefaultAuthInfo. The
3239 authinfo ruleset looks up {server_name} using the tag AuthInfo: in
3240 the access map. If no entry is found, {server_addr} is looked up
3241 in the same way and finally just the tag AuthInfo: to provide
3242 default values. Note: searches for domain parts or IP nets are
3243 only performed if the access map is used; if the authinfo feature
3244 is used then only up to three lookups are performed (two exact
3245 matches, one default).
3247 Note: If your daemon does client authentication when sending, and
3248 if it uses either PLAIN or LOGIN authentication, then you *must*
3249 prevent ordinary users from seeing verbose output. Do NOT install
3250 sendmail set-user-ID. Use PrivacyOptions to turn off verbose output
3251 ("goaway" works for this).
3253 Notice: the default configuration file causes the option DefaultAuthInfo
3254 to fail since the ruleset authinfo is in the .cf file. If you really
3255 want to use DefaultAuthInfo (it is deprecated) then you have to
3258 The RHS for an AuthInfo: entry in the access map should consists of a
3259 list of tokens, each of which has the form: "TDstring" (including
3260 the quotes). T is a tag which describes the item, D is a delimiter,
3261 either ':' for simple text or '=' for a base64 encoded string.
3262 Valid values for the tag are:
3264 U user (authorization) id
3268 M list of mechanisms delimited by spaces
3270 Example entries are:
3272 AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
3273 AuthInfo:host.more.dom "U:user" "P=c2VjcmV0"
3275 User id or authentication id must exist as well as the password. All
3276 other entries have default values. If one of user or authentication
3277 id is missing, the existing value is used for the missing item.
3278 If "R:" is not specified, realm defaults to $j. The list of mechanisms
3279 defaults to those specified by AuthMechanisms.
3281 Since this map contains sensitive information, either the access
3282 map must be unreadable by everyone but root (or the trusted user)
3283 or FEATURE(`authinfo') must be used which provides a separate map.
3284 Notice: It is not checked whether the map is actually
3285 group/world-unreadable, this is left to the user.
3287 +--------------------------------+
3288 | ADDING NEW MAILERS OR RULESETS |
3289 +--------------------------------+
3291 Sometimes you may need to add entirely new mailers or rulesets. They
3292 should be introduced with the constructs MAILER_DEFINITIONS and
3293 LOCAL_RULESETS respectively. For example:
3303 Local additions for the rulesets srv_features, try_tls, tls_rcpt,
3304 tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
3305 LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
3306 respectively. For example, to add a local ruleset that decides
3307 whether to try STARTTLS in a sendmail client, use:
3312 Note: you don't need to add a name for the ruleset, it is implicitly
3313 defined by using the appropriate macro.
3316 +-------------------------+
3317 | ADDING NEW MAIL FILTERS |
3318 +-------------------------+
3320 Sendmail supports mail filters to filter incoming SMTP messages according
3321 to the "Sendmail Mail Filter API" documentation. These filters can be
3322 configured in your mc file using the two commands:
3324 MAIL_FILTER(`name', `equates')
3325 INPUT_MAIL_FILTER(`name', `equates')
3327 The first command, MAIL_FILTER(), simply defines a filter with the given
3328 name and equates. For example:
3330 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3332 This creates the equivalent sendmail.cf entry:
3334 Xarchive, S=local:/var/run/archivesock, F=R
3336 The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
3337 but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
3338 of the filter such that the filter will actually be called by sendmail.
3340 For example, the two commands:
3342 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3343 INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3345 are equivalent to the three commands:
3347 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3348 MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
3349 define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
3351 In general, INPUT_MAIL_FILTER() should be used unless you need to define
3352 more filters than you want to use for `confINPUT_MAIL_FILTERS'.
3354 Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
3355 commands will clear the list created by the prior INPUT_MAIL_FILTER()
3359 +-------------------------+
3360 | QUEUE GROUP DEFINITIONS |
3361 +-------------------------+
3363 In addition to the queue directory (which is the default queue group
3364 called "mqueue"), sendmail can deal with multiple queue groups, which
3365 are collections of queue directories with the same behaviour. Queue
3366 groups can be defined using the command:
3368 QUEUE_GROUP(`name', `equates')
3370 For details about queue groups, please see doc/op/op.{me,ps,txt}.
3372 +-------------------------------+
3373 | NON-SMTP BASED CONFIGURATIONS |
3374 +-------------------------------+
3376 These configuration files are designed primarily for use by
3377 SMTP-based sites. They may not be well tuned for UUCP-only or
3378 UUCP-primarily nodes (the latter is defined as a small local net
3379 connected to the rest of the world via UUCP). However, there is
3380 one hook to handle some special cases.
3382 You can define a ``smart host'' that understands a richer address syntax
3385 define(`SMART_HOST', `mailer:hostname')
3387 In this case, the ``mailer:'' defaults to "relay". Any messages that
3388 can't be handled using the usual UUCP rules are passed to this host.
3390 If you are on a local SMTP-based net that connects to the outside
3391 world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
3394 define(`SMART_HOST', `uucp-new:uunet')
3396 R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
3398 This will cause all names that end in your domain name ($m) to be sent
3399 via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3400 If you have FEATURE(`nocanonify'), you may need to omit the dots after
3401 the $m. If you are running a local DNS inside your domain which is
3402 not otherwise connected to the outside world, you probably want to
3405 define(`SMART_HOST', `smtp:fire.wall.com')
3407 R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3
3409 That is, send directly only to things you found in your DNS lookup;
3410 anything else goes through SMART_HOST.
3412 You may need to turn off the anti-spam rules in order to accept
3413 UUCP mail with FEATURE(`promiscuous_relay') and
3414 FEATURE(`accept_unresolvable_domains').
3421 Normally, the $j macro is automatically defined to be your fully
3422 qualified domain name (FQDN). Sendmail does this by getting your
3423 host name using gethostname and then calling gethostbyname on the
3424 result. For example, in some environments gethostname returns
3425 only the root of the host name (such as "foo"); gethostbyname is
3426 supposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
3427 cases, gethostbyname may fail to return the FQDN. In this case
3428 you MUST define confDOMAIN_NAME to be your fully qualified domain
3429 name. This is usually done using:
3432 define(`confDOMAIN_NAME', `$w.$m')dnl
3435 +-----------------------------------+
3436 | ACCEPTING MAIL FOR MULTIPLE NAMES |
3437 +-----------------------------------+
3439 If your host is known by several different names, you need to augment
3440 class {w}. This is a list of names by which your host is known, and
3441 anything sent to an address using a host name in this list will be
3442 treated as local mail. You can do this in two ways: either create the
3443 file /etc/mail/local-host-names containing a list of your aliases (one per
3444 line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3445 ``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
3446 name of the host, rather than a short name.
3448 If you want to have different address in different domains, take
3449 a look at the virtusertable feature, which is also explained at
3450 http://www.sendmail.org/virtual-hosting.html
3453 +--------------------+
3454 | USING MAILERTABLES |
3455 +--------------------+
3457 To use FEATURE(`mailertable'), you will have to create an external
3458 database containing the routing information for various domains.
3459 For example, a mailertable file in text format might be:
3461 .my.domain xnet:%1.my.domain
3462 uuhost1.my.domain uucp-new:uuhost1
3463 .bitnet smtp:relay.bit.net
3465 This should normally be stored in /etc/mail/mailertable. The actual
3466 database version of the mailertable is built using:
3468 makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3470 The semantics are simple. Any LHS entry that does not begin with
3471 a dot matches the full host name indicated. LHS entries beginning
3472 with a dot match anything ending with that domain name (including
3473 the leading dot) -- that is, they can be thought of as having a
3474 leading ".+" regular expression pattern for a non-empty sequence of
3475 characters. Matching is done in order of most-to-least qualified
3476 -- for example, even though ".my.domain" is listed first in the
3477 above example, an entry of "uuhost1.my.domain" will match the second
3478 entry since it is more explicit. Note: e-mail to "user@my.domain"
3479 does not match any entry in the above table. You need to have
3482 my.domain esmtp:host.my.domain
3484 The RHS should always be a "mailer:host" pair. The mailer is the
3485 configuration name of a mailer (that is, an M line in the
3486 sendmail.cf file). The "host" will be the hostname passed to
3487 that mailer. In domain-based matches (that is, those with leading
3488 dots) the "%1" may be used to interpolate the wildcarded part of
3489 the host name. For example, the first line above sends everything
3490 addressed to "anything.my.domain" to that same host name, but using
3491 the (presumably experimental) xnet mailer.
3493 In some cases you may want to temporarily turn off MX records,
3494 particularly on gateways. For example, you may want to MX
3495 everything in a domain to one machine that then forwards it
3496 directly. To do this, you might use the DNS configuration:
3498 *.domain. IN MX 0 relay.machine
3500 and on relay.machine use the mailertable:
3502 .domain smtp:[gateway.domain]
3504 The [square brackets] turn off MX records for this host only.
3505 If you didn't do this, the mailertable would use the MX record
3506 again, which would give you an MX loop. Note that the use of
3507 wildcard MX records is almost always a bad idea. Please avoid
3508 using them if possible.
3511 +--------------------------------+
3512 | USING USERDB TO MAP FULL NAMES |
3513 +--------------------------------+
3515 The user database was not originally intended for mapping full names
3516 to login names (e.g., Eric.Allman => eric), but some people are using
3517 it that way. (it is recommended that you set up aliases for this
3518 purpose instead -- since you can specify multiple alias files, this
3519 is fairly easy.) The intent was to locate the default maildrop at
3520 a site, but allow you to override this by sending to a specific host.
3522 If you decide to set up the user database in this fashion, it is
3523 imperative that you not use FEATURE(`stickyhost') -- otherwise,
3524 e-mail sent to Full.Name@local.host.name will be rejected.
3526 To build the internal form of the user database, use:
3528 makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3530 As a general rule, it is an extremely bad idea to using full names
3531 as e-mail addresses, since they are not in any sense unique. For
3532 example, the UNIX software-development community has at least two
3533 well-known Peter Deutsches, and at one time Bell Labs had two
3534 Stephen R. Bournes with offices along the same hallway. Which one
3535 will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3536 The less famous of the two, or the one that was hired later?
3538 Finger should handle full names (and be fuzzy). Mail should use
3539 handles, and not be fuzzy.
3542 +--------------------------------+
3543 | MISCELLANEOUS SPECIAL FEATURES |
3544 +--------------------------------+
3547 Sometimes it is convenient to merge configuration on a
3548 centralized mail machine, for example, to forward all
3549 root mail to a mail server. In this case it might be
3550 useful to be able to treat the root addresses as a class
3551 of addresses with subtle differences. You can do this
3552 using plussed users. For example, a client might include
3555 root: root+client1@server
3557 On the server, this will match an alias for "root+client1".
3558 If that is not found, the alias "root+*" will be tried,
3566 A lot of sendmail security comes down to you. Sendmail 8 is much
3567 more careful about checking for security problems than previous
3568 versions, but there are some things that you still need to watch
3571 * Make sure the aliases file is not writable except by trusted
3572 system personnel. This includes both the text and database
3575 * Make sure that other files that sendmail reads, such as the
3576 mailertable, are only writable by trusted system personnel.
3578 * The queue directory should not be world writable PARTICULARLY
3579 if your system allows "file giveaways" (that is, if a non-root
3580 user can chown any file they own to any other user).
3582 * If your system allows file giveaways, DO NOT create a publically
3583 writable directory for forward files. This will allow anyone
3584 to steal anyone else's e-mail. Instead, create a script that
3585 copies the .forward file from users' home directories once a
3586 night (if you want the non-NFS-mounted forward directory).
3588 * If your system allows file giveaways, you'll find that
3589 sendmail is much less trusting of :include: files -- in
3590 particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3591 /etc/shells before they will be trusted (that is, before
3592 files and programs listed in them will be honored).
3594 In general, file giveaways are a mistake -- if you can turn them
3598 +--------------------------------+
3599 | TWEAKING CONFIGURATION OPTIONS |
3600 +--------------------------------+
3602 There are a large number of configuration options that don't normally
3603 need to be changed. However, if you feel you need to tweak them,
3604 you can define the following M4 variables. Note that some of these
3605 variables require formats that are defined in RFC 2821 or RFC 2822.
3606 Before changing them you need to make sure you do not violate those
3607 (and other relevant) RFCs.
3609 This list is shown in four columns: the name you define, the default
3610 value for that definition, the option or macro that is affected
3611 (either Ox for an option or Dx for a macro), and a brief description.
3612 Greater detail of the semantics can be found in the Installation
3613 and Operations Guide.
3615 Some options are likely to be deprecated in future versions -- that is,
3616 the option is only included to provide back-compatibility. These are
3619 Remember that these options are M4 variables, and hence may need to
3620 be quoted. In particular, arguments with commas will usually have to
3621 be ``double quoted, like this phrase'' to avoid having the comma
3622 confuse things. This is common for alias file definitions and for
3625 M4 Variable Name Configuration [Default] & Description
3626 ================ ============= =======================
3627 confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
3628 for internally generated outgoing
3630 confDOMAIN_NAME $j macro If defined, sets $j. This should
3631 only be done if your system cannot
3632 determine your local domain name,
3633 and then it should be set to
3634 $w.Foo.COM, where Foo.COM is your
3636 confCF_VERSION $Z macro If defined, this is appended to the
3637 configuration version name.
3638 confLDAP_CLUSTER ${sendmailMTACluster} macro
3639 If defined, this is the LDAP
3640 cluster to use for LDAP searches
3641 as described above in ``USING LDAP
3642 FOR ALIASES, MAPS, AND CLASSES''.
3643 confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
3644 internally generated From: address.
3645 confRECEIVED_HEADER Received:
3646 [$?sfrom $s $.$?_($?s$|from $.$_)
3647 $.$?{auth_type}(authenticated)
3648 $.by $j ($v/$Z)$?r with $r$. id $i$?u
3651 The format of the Received: header
3652 in messages passed through this host.
3653 It is unwise to try to change this.
3654 confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an
3655 internally generated Message-Id:
3657 confCW_FILE Fw class [/etc/mail/local-host-names] Name
3658 of file used to get the local
3659 additions to class {w} (local host
3661 confCT_FILE Ft class [/etc/mail/trusted-users] Name of
3662 file used to get the local additions
3663 to class {t} (trusted users).
3664 confCR_FILE FR class [/etc/mail/relay-domains] Name of
3665 file used to get the local additions
3666 to class {R} (hosts allowed to relay).
3667 confTRUSTED_USERS Ct class [no default] Names of users to add to
3668 the list of trusted users. This list
3669 always includes root, uucp, and daemon.
3670 See also FEATURE(`use_ct_file').
3671 confTRUSTED_USER TrustedUser [no default] Trusted user for file
3672 ownership and starting the daemon.
3673 Not to be confused with
3674 confTRUSTED_USERS (see above).
3675 confSMTP_MAILER - [esmtp] The mailer name used when
3676 SMTP connectivity is required.
3677 One of "smtp", "smtp8",
3678 "esmtp", or "dsmtp".
3679 confUUCP_MAILER - [uucp-old] The mailer to be used by
3680 default for bang-format recipient
3681 addresses. See also discussion of
3682 class {U}, class {Y}, and class {Z}
3683 in the MAILER(`uucp') section.
3684 confLOCAL_MAILER - [local] The mailer name used when
3685 local connectivity is required.
3686 Almost always "local".
3687 confRELAY_MAILER - [relay] The default mailer name used
3688 for relaying any mail (e.g., to a
3689 BITNET_RELAY, a SMART_HOST, or
3690 whatever). This can reasonably be
3691 "uucp-new" if you are on a
3692 UUCP-connected site.
3693 confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits?
3694 confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
3695 confALIAS_WAIT AliasWait [10m] Time to wait for alias file
3696 rebuild until you get bored and
3697 decide that the apparently pending
3699 confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on
3700 queue filesystem to accept SMTP mail.
3701 (Prior to 8.7 this was minfree/maxsize,
3702 where minfree was the number of free
3703 blocks and maxsize was the maximum
3704 message size. Use confMAX_MESSAGE_SIZE
3705 for the second value now.)
3706 confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages
3707 that will be accepted (in bytes).
3708 confBLANK_SUB BlankSub [.] Blank (space) substitution
3710 confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately
3711 to mailers marked expensive.
3712 confCHECKPOINT_INTERVAL CheckpointInterval
3713 [10] Checkpoint queue files every N
3715 confDELIVERY_MODE DeliveryMode [background] Default delivery mode.
3716 confERROR_MODE ErrorMode [print] Error message mode.
3717 confERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
3718 confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines.
3719 confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode.
3720 confMATCH_GECOS MatchGECOS [False] Match GECOS field.
3721 confMAX_HOP MaxHopCount [25] Maximum hop count.
3722 confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
3723 mode] Ignore dot as terminator for
3725 confBIND_OPTS ResolverOptions [undefined] Default options for DNS
3727 confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
3728 encapsulated messages per RFC 1344.
3729 confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward]
3730 The colon-separated list of places to
3731 search for .forward files. N.B.: see
3732 the Security Notes section.
3733 confMCI_CACHE_SIZE ConnectionCacheSize
3734 [2] Size of open connection cache.
3735 confMCI_CACHE_TIMEOUT ConnectionCacheTimeout
3736 [5m] Open connection cache timeout.
3737 confHOST_STATUS_DIRECTORY HostStatusDirectory
3738 [undefined] If set, host status is kept
3739 on disk between sendmail runs in the
3740 named directory tree. This need not be
3741 a full pathname, in which case it is
3742 interpreted relative to the queue
3744 confSINGLE_THREAD_DELIVERY SingleThreadDelivery
3745 [False] If this option and the
3746 HostStatusDirectory option are both
3747 set, single thread deliveries to other
3748 hosts. That is, don't allow any two
3749 sendmails on this host to connect
3750 simultaneously to any other single
3751 host. This can slow down delivery in
3752 some cases, in particular since a
3753 cached but otherwise idle connection
3754 to a host will prevent other sendmails
3755 from connecting to the other host.
3756 confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
3757 deliver error messages. This should
3758 not be necessary because of general
3759 acceptance of the envelope/header
3761 confLOG_LEVEL LogLevel [9] Log level.
3762 confME_TOO MeToo [True] Include sender in group
3763 expansions. This option is
3764 deprecated and will be removed from
3766 confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when
3767 running newaliases. Since this does
3768 DNS lookups on every address, it can
3769 slow down the alias rebuild process
3770 considerably on large alias files.
3771 confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without
3772 special chars are old style.
3773 confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags.
3774 confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
3775 copies of all error messages.
3776 confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
3777 confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for
3778 queue files (octal). If not set,
3779 sendmail uses 0600 unless its real
3780 and effective uid are different in
3781 which case it uses 0644.
3782 confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
3783 syntax addresses to the minimum
3785 confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk
3787 confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
3788 on the initial connect.
3789 confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial
3790 connect() to complete. This can only
3791 shorten connection timeouts; the kernel
3792 silently enforces an absolute maximum
3793 (which varies depending on the system).
3794 confTO_ICONNECT Timeout.iconnect
3795 [undefined] Like Timeout.connect, but
3796 applies only to the very first attempt
3797 to connect to a host in a message.
3798 This allows a single very fast pass
3799 followed by more careful delivery
3800 attempts in the future.
3801 confTO_ACONNECT Timeout.aconnect
3802 [0] The overall timeout waiting for
3803 all connection for a single delivery
3804 attempt to succeed. If 0, no overall
3806 confTO_HELO Timeout.helo [5m] The timeout waiting for a response
3807 to a HELO or EHLO command.
3808 confTO_MAIL Timeout.mail [10m] The timeout waiting for a
3809 response to the MAIL command.
3810 confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response
3811 to the RCPT command.
3812 confTO_DATAINIT Timeout.datainit
3813 [5m] The timeout waiting for a 354
3814 response from the DATA command.
3815 confTO_DATABLOCK Timeout.datablock
3816 [1h] The timeout waiting for a block
3818 confTO_DATAFINAL Timeout.datafinal
3819 [1h] The timeout waiting for a response
3820 to the final "." that terminates a
3822 confTO_RSET Timeout.rset [5m] The timeout waiting for a response
3823 to the RSET command.
3824 confTO_QUIT Timeout.quit [2m] The timeout waiting for a response
3825 to the QUIT command.
3826 confTO_MISC Timeout.misc [2m] The timeout waiting for a response
3827 to other SMTP commands.
3828 confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout
3829 waiting for a command to be issued.
3830 confTO_IDENT Timeout.ident [5s] The timeout waiting for a
3831 response to an IDENT query.
3832 confTO_FILEOPEN Timeout.fileopen
3833 [60s] The timeout waiting for a file
3834 (e.g., :include: file) to be opened.
3835 confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response
3836 to an LMTP LHLO command.
3837 confTO_AUTH Timeout.auth [10m] The timeout waiting for a
3838 response in an AUTH dialogue.
3839 confTO_STARTTLS Timeout.starttls
3840 [1h] The timeout waiting for a
3841 response to an SMTP STARTTLS command.
3842 confTO_CONTROL Timeout.control
3843 [2m] The timeout for a complete
3844 control socket transaction to complete.
3845 confTO_QUEUERETURN Timeout.queuereturn
3846 [5d] The timeout before a message is
3847 returned as undeliverable.
3848 confTO_QUEUERETURN_NORMAL
3849 Timeout.queuereturn.normal
3850 [undefined] As above, for normal
3852 confTO_QUEUERETURN_URGENT
3853 Timeout.queuereturn.urgent
3854 [undefined] As above, for urgent
3856 confTO_QUEUERETURN_NONURGENT
3857 Timeout.queuereturn.non-urgent
3858 [undefined] As above, for non-urgent
3859 (low) priority messages.
3860 confTO_QUEUERETURN_DSN
3861 Timeout.queuereturn.dsn
3862 [undefined] As above, for delivery
3863 status notification messages.
3864 confTO_QUEUEWARN Timeout.queuewarn
3865 [4h] The timeout before a warning
3866 message is sent to the sender telling
3867 them that the message has been
3869 confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal
3870 [undefined] As above, for normal
3872 confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent
3873 [undefined] As above, for urgent
3875 confTO_QUEUEWARN_NONURGENT
3876 Timeout.queuewarn.non-urgent
3877 [undefined] As above, for non-urgent
3878 (low) priority messages.
3879 confTO_QUEUEWARN_DSN
3880 Timeout.queuewarn.dsn
3881 [undefined] As above, for delivery
3882 status notification messages.
3883 confTO_HOSTSTATUS Timeout.hoststatus
3884 [30m] How long information about host
3885 statuses will be maintained before it
3886 is considered stale and the host should
3887 be retried. This applies both within
3888 a single queue run and to persistent
3889 information (see below).
3890 confTO_RESOLVER_RETRANS Timeout.resolver.retrans
3891 [varies] Sets the resolver's
3892 retransmission time interval (in
3894 Timeout.resolver.retrans.first and
3895 Timeout.resolver.retrans.normal.
3896 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
3897 [varies] Sets the resolver's
3898 retransmission time interval (in
3899 seconds) for the first attempt to
3901 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
3902 [varies] Sets the resolver's
3903 retransmission time interval (in
3904 seconds) for all resolver lookups
3905 except the first delivery attempt.
3906 confTO_RESOLVER_RETRY Timeout.resolver.retry
3907 [varies] Sets the number of times
3908 to retransmit a resolver query.
3910 Timeout.resolver.retry.first and
3911 Timeout.resolver.retry.normal.
3912 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
3913 [varies] Sets the number of times
3914 to retransmit a resolver query for
3915 the first attempt to deliver a
3917 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
3918 [varies] Sets the number of times
3919 to retransmit a resolver query for
3920 all resolver lookups except the
3921 first delivery attempt.
3922 confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
3923 USE_SYSTEM to use the system's idea,
3924 USE_TZ to use the user's TZ envariable,
3925 or something else to force that value.
3926 confDEF_USER_ID DefaultUser [1:1] Default user id.
3927 confUSERDB_SPEC UserDatabaseSpec
3928 [undefined] User database
3930 confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
3931 confFALLBACK_SMARTHOST FallbackSmartHost
3932 [undefined] Fallback smart host.
3933 confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
3934 for a host and other arrangements
3935 haven't been made, try connecting
3936 to the host directly; normally this
3937 would be a config error.
3938 confQUEUE_LA QueueLA [varies] Load average at which
3939 queue-only function kicks in.
3940 Default values is (8 * numproc)
3941 where numproc is the number of
3942 processors online (if that can be
3944 confREFUSE_LA RefuseLA [varies] Load average at which
3945 incoming SMTP connections are
3946 refused. Default values is (12 *
3947 numproc) where numproc is the
3948 number of processors online (if
3949 that can be determined).
3950 confREJECT_LOG_INTERVAL RejectLogInterval [3h] Log interval when
3951 refusing connections for this long.
3952 confDELAY_LA DelayLA [0] Load average at which sendmail
3953 will sleep for one second on most
3954 SMTP commands and before accepting
3955 connections. 0 means no limit.
3956 confMAX_ALIAS_RECURSION MaxAliasRecursion
3957 [10] Maximum depth of alias recursion.
3958 confMAX_DAEMON_CHILDREN MaxDaemonChildren
3959 [undefined] The maximum number of
3960 children the daemon will permit. After
3961 this number, connections will be
3962 rejected. If not set or <= 0, there is
3964 confMAX_HEADERS_LENGTH MaxHeadersLength
3965 [32768] Maximum length of the sum
3967 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
3968 [undefined] Maximum length of
3969 certain MIME header field values.
3970 confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
3971 [undefined] The maximum number of
3972 connections permitted per second per
3973 daemon. After this many connections
3974 are accepted, further connections
3975 will be delayed. If not set or <= 0,
3977 confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
3978 [60s] Define the length of the
3979 interval for which the number of
3980 incoming connections is maintained.
3981 confWORK_RECIPIENT_FACTOR
3982 RecipientFactor [30000] Cost of each recipient.
3983 confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a
3985 confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class.
3986 confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
3987 confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
3988 Priority, Host, Filename, Random,
3989 Modification, or Time.
3990 confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
3991 must sit in the queue between queue
3992 runs. This allows you to set the
3993 queue run interval low for better
3994 responsiveness without trying all
3996 confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
3997 unlabeled 8 bit input to MIME, the
3998 character set to use by default.
3999 confSERVICE_SWITCH_FILE ServiceSwitchFile
4000 [/etc/mail/service.switch] The file
4001 to use for the service switch on
4002 systems that do not have a
4003 system-defined switch.
4004 confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing
4005 "file" type access of hosts names.
4006 confDIAL_DELAY DialDelay [0s] If a connection fails, wait this
4007 long and try again. Zero means "don't
4008 retry". This is to allow "dial on
4009 demand" connections to have enough time
4010 to complete a connection.
4011 confNO_RCPT_ACTION NoRecipientAction
4012 [none] What to do if there are no legal
4013 recipient fields (To:, Cc: or Bcc:)
4014 in the message. Legal values can
4015 be "none" to just leave the
4016 nonconforming message as is, "add-to"
4017 to add a To: header with all the
4018 known recipients (which may expose
4019 blind recipients), "add-apparently-to"
4020 to do the same but use Apparently-To:
4021 instead of To: (strongly discouraged
4022 in accordance with IETF standards),
4023 "add-bcc" to add an empty Bcc:
4024 header, or "add-to-undisclosed" to
4026 ``To: undisclosed-recipients:;''.
4027 confSAFE_FILE_ENV SafeFileEnvironment
4028 [undefined] If set, sendmail will do a
4029 chroot() into this directory before
4031 confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6]
4032 If set, colons are treated as a regular
4033 character in addresses. If not set,
4034 they are treated as the introducer to
4035 the RFC 822 "group" syntax. Colons are
4036 handled properly in route-addrs. This
4037 option defaults on for V5 and lower
4038 configuration files.
4039 confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
4040 any given queue run to this number of
4041 entries. Essentially, this will stop
4042 reading each queue directory after this
4043 number of entries are reached; it does
4044 _not_ pick the highest priority jobs,
4045 so this should be as large as your
4046 system can tolerate. If not set, there
4048 confMAX_QUEUE_CHILDREN MaxQueueChildren
4049 [undefined] Limits the maximum number
4050 of concurrent queue runners active.
4051 This is to keep system resources used
4052 within a reasonable limit. Relates to
4053 Queue Groups and ForkEachJob.
4054 confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
4055 [1] Only active when MaxQueueChildren
4056 defined. Controls the maximum number
4057 of queue runners (aka queue children)
4058 active at the same time in a work
4059 group. See also MaxQueueChildren.
4060 confDONT_EXPAND_CNAMES DontExpandCnames
4061 [False] If set, $[ ... $] lookups that
4062 do DNS based lookups do not expand
4063 CNAME records. This currently violates
4064 the published standards, but the IETF
4065 seems to be moving toward legalizing
4066 this. For example, if "FTP.Foo.ORG"
4067 is a CNAME for "Cruft.Foo.ORG", then
4068 with this option set a lookup of
4069 "FTP" will return "FTP.Foo.ORG"; if
4070 clear it returns "Cruft.FOO.ORG". N.B.
4071 you may not see any effect until your
4072 downstream neighbors stop doing CNAME
4074 confFROM_LINE UnixFromLine [From $g $d] The From_ line used
4075 when sending to files or programs.
4076 confSINGLE_LINE_FROM_HEADER SingleLineFromHeader
4077 [False] From: lines that have
4078 embedded newlines are unwrapped
4080 confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that
4081 does not include a host name.
4082 confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full
4083 name phrase (@,;:\()[] are automatic).
4084 confOPERATORS OperatorChars [.:%@!^/[]+] Address operator
4086 confSMTP_LOGIN_MSG SmtpGreetingMessage
4087 [$j Sendmail $v/$Z; $b]
4088 The initial (spontaneous) SMTP
4089 greeting message. The word "ESMTP"
4090 will be inserted between the first and
4091 second words to convince other
4092 sendmails to try to speak ESMTP.
4093 confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3)
4094 routine will never be invoked. You
4095 might want to do this if you are
4096 running NIS and you have a large group
4097 map, since this call does a sequential
4098 scan of the map; in a large site this
4099 can cause your ypserv to run
4100 essentially full time. If you set
4101 this, agents run on behalf of users
4102 will only have their primary
4103 (/etc/passwd) group permissions.
4104 confUNSAFE_GROUP_WRITES UnsafeGroupWrites
4105 [True] If set, group-writable
4106 :include: and .forward files are
4107 considered "unsafe", that is, programs
4108 and files cannot be directly referenced
4109 from such files. World-writable files
4110 are always considered unsafe.
4111 Notice: this option is deprecated and
4112 will be removed in future versions;
4113 Set GroupWritableForwardFileSafe
4114 and GroupWritableIncludeFileSafe in
4115 DontBlameSendmail if required.
4116 confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection
4117 address (for testing).
4118 confCONTROL_SOCKET_NAME ControlSocketName
4119 [undefined] Control socket for daemon
4121 confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress
4122 [postmaster] If an error occurs when
4123 sending an error message, send that
4124 "double bounce" error message to this
4125 address. If it expands to an empty
4126 string, double bounces are dropped.
4127 confSOFT_BOUNCE SoftBounce [False] If set, issue temporary errors
4128 (4xy) instead of permanent errors
4129 (5xy). This can be useful during
4130 testing of a new configuration to
4131 avoid erroneous bouncing of mails.
4132 confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce
4133 messages which could not be returned
4134 to the user or sent to postmaster.
4135 If not set, the queue file will
4137 confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header
4138 implies DSN request.
4139 confRUN_AS_USER RunAsUser [undefined] If set, become this user
4140 when reading and delivering mail.
4141 Causes all file reads (e.g., .forward
4142 and :include: files) to be done as
4143 this user. Also, all programs will
4144 be run as this user, and all output
4145 files will be written as this user.
4146 confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
4147 [infinite] If set, allow no more than
4148 the specified number of recipients in
4149 an SMTP envelope. Further recipients
4150 receive a 452 error code (i.e., they
4151 are deferred for the next delivery
4153 confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified
4154 number of recipients in a single SMTP
4155 transaction have been rejected, sleep
4156 for one second after each subsequent
4157 RCPT command in that transaction.
4158 confDONT_PROBE_INTERFACES DontProbeInterfaces
4159 [False] If set, sendmail will _not_
4160 insert the names and addresses of any
4161 local interfaces into class {w}
4162 (list of known "equivalent" addresses).
4163 If you set this, you must also include
4164 some support for these addresses (e.g.,
4165 in a mailertable entry) -- otherwise,
4166 mail to addresses in this list will
4167 bounce with a configuration error.
4168 If set to "loopback" (without
4169 quotes), sendmail will skip
4170 loopback interfaces (e.g., "lo0").
4171 confPID_FILE PidFile [system dependent] Location of pid
4173 confPROCESS_TITLE_PREFIX ProcessTitlePrefix
4174 [undefined] Prefix string for the
4175 process title shown on 'ps' listings.
4176 confDONT_BLAME_SENDMAIL DontBlameSendmail
4177 [safe] Override sendmail's file
4178 safety checks. This will definitely
4179 compromise system security and should
4180 not be used unless absolutely
4182 confREJECT_MSG - [550 Access denied] The message
4183 given if the access database contains
4184 REJECT in the value portion.
4185 confRELAY_MSG - [550 Relaying denied] The message
4186 given if an unauthorized relaying
4187 attempt is rejected.
4188 confDF_BUFFER_SIZE DataFileBufferSize
4189 [4096] The maximum size of a
4190 memory-buffered data (df) file
4191 before a disk-based file is used.
4192 confXF_BUFFER_SIZE XScriptFileBufferSize
4193 [4096] The maximum size of a
4194 memory-buffered transcript (xf)
4195 file before a disk-based file is
4197 confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5
4198 CRAM-MD5] List of authentication
4199 mechanisms for AUTH (separated by
4200 spaces). The advertised list of
4201 authentication mechanisms will be the
4202 intersection of this list and the list
4203 of available mechanisms as determined
4204 by the Cyrus SASL library.
4205 confAUTH_REALM AuthRealm [undefined] The authentication realm
4206 that is passed to the Cyrus SASL
4207 library. If no realm is specified,
4209 confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
4210 authentication information for
4211 outgoing connections. This file must
4212 contain the user id, the authorization
4213 id, the password (plain text), the
4214 realm to use, and the list of
4215 mechanisms to try, each on a separate
4216 line and must be readable by root (or
4217 the trusted user) only. If no realm
4218 is specified, $j is used. If no
4219 mechanisms are given in the file,
4220 AuthMechanisms is used. Notice: this
4221 option is deprecated and will be
4222 removed in future versions; it doesn't
4223 work for the MSP since it can't read
4224 the file. Use the authinfo ruleset
4225 instead. See also the section SMTP
4227 confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A'
4228 then the AUTH= parameter for the
4229 MAIL FROM command is only issued
4230 when authentication succeeded.
4231 See doc/op/op.me for more options
4233 confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption
4234 strength for the security layer in
4235 SMTP AUTH (SASL). Default is
4236 essentially unlimited.
4237 confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client
4238 verification is performed, i.e.,
4239 the server doesn't ask for a
4241 confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
4242 specification for LDAP maps. The
4243 value should only contain LDAP
4244 specific settings such as "-h host
4245 -p port -d bindDN", etc. The
4246 settings will be used for all LDAP
4247 maps unless they are specified in
4248 the individual map specification
4250 confCACERT_PATH CACertPath [undefined] Path to directory
4252 confCACERT CACertFile [undefined] File containing one CA
4254 confSERVER_CERT ServerCertFile [undefined] File containing the
4255 cert of the server, i.e., this cert
4256 is used when sendmail acts as
4258 confSERVER_KEY ServerKeyFile [undefined] File containing the
4259 private key belonging to the server
4261 confCLIENT_CERT ClientCertFile [undefined] File containing the
4262 cert of the client, i.e., this cert
4263 is used when sendmail acts as
4265 confCLIENT_KEY ClientKeyFile [undefined] File containing the
4266 private key belonging to the client
4268 confCRL CRLFile [undefined] File containing certificate
4269 revocation status, useful for X.509v3
4270 authentication. Note that CRL requires
4271 at least OpenSSL version 0.9.7.
4272 confDH_PARAMETERS DHParameters [undefined] File containing the
4274 confRAND_FILE RandFile [undefined] File containing random
4275 data (use prefix file:) or the
4276 name of the UNIX socket if EGD is
4277 used (use prefix egd:). STARTTLS
4278 requires this option if the compile
4279 flag HASURANDOM is not set (see
4281 confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
4282 queue runners is set the given value
4284 confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
4285 [undefined] Defines {daemon_flags}
4286 for direct submissions.
4287 confUSE_MSP UseMSP [undefined] Use as mail submission
4288 program, see sendmail/SECURITY.
4289 confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By
4290 SMTP Service Extension (RFC 2852).
4291 confREQUIRES_DIR_FSYNC RequiresDirfsync [true] RequiresDirfsync can
4292 be used to turn off the compile time
4293 flag REQUIRES_DIR_FSYNC at runtime.
4294 See sendmail/README for details.
4295 confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory.
4296 confSHARED_MEMORY_KEY_FILE
4298 [undefined] File where the
4299 automatically selected key for
4300 shared memory is stored.
4301 confFAST_SPLIT FastSplit [1] If set to a value greater than
4302 zero, the initial MX lookups on
4303 addresses is suppressed when they
4304 are sorted which may result in
4305 faster envelope splitting. If the
4306 mail is submitted directly from the
4307 command line, then the value also
4308 limits the number of processes to
4309 deliver the envelopes.
4310 confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find
4311 information about local mailboxes.
4312 confDEQUOTE_OPTS - [empty] Additional options for the
4314 confMAX_NOOP_COMMANDS MaxNOOPCommands [20] Maximum number of "useless"
4315 commands before the SMTP server
4316 will slow down responding.
4317 confHELO_NAME HeloName If defined, use as name for EHLO/HELO
4318 command (instead of $j).
4319 confINPUT_MAIL_FILTERS InputMailFilters
4320 A comma separated list of filters
4321 which determines which filters and
4322 the invocation sequence are
4323 contacted for incoming SMTP
4324 messages. If none are set, no
4325 filters will be contacted.
4326 confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter
4327 actions, defaults to LogLevel.
4328 confMILTER_MACROS_CONNECT Milter.macros.connect
4329 [j, _, {daemon_name}, {if_name},
4330 {if_addr}] Macros to transmit to
4331 milters when a session connection
4333 confMILTER_MACROS_HELO Milter.macros.helo
4334 [{tls_version}, {cipher},
4335 {cipher_bits}, {cert_subject},
4336 {cert_issuer}] Macros to transmit to
4337 milters after HELO/EHLO command.
4338 confMILTER_MACROS_ENVFROM Milter.macros.envfrom
4339 [i, {auth_type}, {auth_authen},
4340 {auth_ssf}, {auth_author},
4341 {mail_mailer}, {mail_host},
4342 {mail_addr}] Macros to transmit to
4343 milters after MAIL FROM command.
4344 confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
4345 [{rcpt_mailer}, {rcpt_host},
4346 {rcpt_addr}] Macros to transmit to
4347 milters after RCPT TO command.
4348 confMILTER_MACROS_EOM Milter.macros.eom
4349 [{msg_id}] Macros to transmit to
4350 milters after the terminating
4351 DATA '.' is received.
4352 confMILTER_MACROS_EOH Milter.macros.eoh
4353 Macros to transmit to milters
4354 after the end of headers.
4355 confMILTER_MACROS_DATA Milter.macros.data
4356 Macros to transmit to milters
4357 after DATA command is received.
4360 See also the description of OSTYPE for some parameters that can be
4361 tweaked (generally pathnames to mailers).
4363 ClientPortOptions and DaemonPortOptions are special cases since multiple
4364 clients/daemons can be defined. This can be done via
4366 CLIENT_OPTIONS(`field1=value1,field2=value2,...')
4367 DAEMON_OPTIONS(`field1=value1,field2=value2,...')
4369 Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
4370 ClientPortOptions settings) are allowed in order to give settings for each
4371 protocol family (e.g., one for Family=inet and one for Family=inet6). A
4372 restriction placed on one family only affects outgoing connections on that
4375 If DAEMON_OPTIONS is not used, then the default is
4377 DAEMON_OPTIONS(`Port=smtp, Name=MTA')
4378 DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
4380 If you use one DAEMON_OPTIONS macro, it will alter the parameters
4381 of the first of these. The second will still be defaulted; it
4382 represents a "Message Submission Agent" (MSA) as defined by RFC
4383 2476 (see below). To turn off the default definition for the MSA,
4384 use FEATURE(`no_default_msa') (see also FEATURES). If you use
4385 additional DAEMON_OPTIONS macros, they will add additional daemons.
4387 Example 1: To change the port for the SMTP listener, while
4388 still using the MSA default, use
4389 DAEMON_OPTIONS(`Port=925, Name=MTA')
4391 Example 2: To change the port for the MSA daemon, while still
4392 using the default SMTP port, use
4393 FEATURE(`no_default_msa')
4394 DAEMON_OPTIONS(`Name=MTA')
4395 DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
4397 Note that if the first of those DAEMON_OPTIONS lines were omitted, then
4398 there would be no listener on the standard SMTP port.
4400 Example 3: To listen on both IPv4 and IPv6 interfaces, use
4402 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4403 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4405 A "Message Submission Agent" still uses all of the same rulesets for
4406 processing the message (and therefore still allows message rejection via
4407 the check_* rulesets). In accordance with the RFC, the MSA will ensure
4408 that all domains in envelope addresses are fully qualified if the message
4409 is relayed to another MTA. It will also enforce the normal address syntax
4410 rules and log error messages. Additionally, by using the M=a modifier you
4411 can require authentication before messages are accepted by the MSA.
4412 Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally,
4413 the M=E modifier shown above disables ETRN as required by RFC 2476.
4415 Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
4418 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
4419 MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
4421 The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
4422 same order they were specified by also setting confINPUT_MAIL_FILTERS. A
4423 filter can be defined without adding it to the input filter list by using
4424 MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
4425 Alternatively, you can reset the list of filters and their order by setting
4426 confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
4430 +----------------------------+
4431 | MESSAGE SUBMISSION PROGRAM |
4432 +----------------------------+
4434 The purpose of the message submission program (MSP) is explained
4435 in sendmail/SECURITY. This section contains a list of caveats and
4436 a few hints how for those who want to tweak the default configuration
4437 for it (which is installed as submit.cf).
4439 Notice: do not add options/features to submit.mc unless you are
4440 absolutely sure you need them. Options you may want to change
4443 - confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4444 avoiding X-Authentication warnings.
4445 - confTIME_ZONE to change it from the default `USE_TZ'.
4446 - confDELIVERY_MODE is set to interactive in msp.m4 instead
4447 of the default background mode.
4448 - FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4449 to the LOCAL_RELAY instead of the default relay.
4450 - confRAND_FILE if you use STARTTLS and sendmail is not compiled with
4451 the flag HASURANDOM.
4453 The MSP performs hostname canonicalization by default. As also
4454 explained in sendmail/SECURITY, mail may end up for various DNS
4455 related reasons in the MSP queue. This problem can be minimized by
4458 FEATURE(`nocanonify', `canonify_hosts')
4459 define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
4461 See the discussion about nocanonify for possible side effects.
4463 Some things are not intended to work with the MSP. These include
4464 features that influence the delivery process (e.g., mailertable,
4465 aliases), or those that are only important for a SMTP server (e.g.,
4466 virtusertable, DaemonPortOptions, multiple queues). Moreover,
4467 relaxing certain restrictions (RestrictQueueRun, permissions on
4468 queue directory) or adding features (e.g., enabling prog/file mailer)
4469 can cause security problems.
4471 Other things don't work well with the MSP and require tweaking or
4472 workarounds. For example, to allow for client authentication it
4473 is not just sufficient to provide a client certificate and the
4474 corresponding key, but it is also necessary to make the key group
4475 (smmsp) readable and tell sendmail not to complain about that, i.e.,
4477 define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
4479 If the MSP should actually use AUTH then the necessary data
4480 should be placed in a map as explained in SMTP AUTHENTICATION:
4482 FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')
4484 /etc/mail/msp-authinfo should contain an entry like:
4486 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5"
4488 The file and the map created by makemap should be owned by smmsp,
4489 its group should be smmsp, and it should have mode 640. The database
4490 used by the MTA for AUTH must have a corresponding entry.
4491 Additionally the MTA must trust this authentication data so the AUTH=
4492 part will be relayed on to the next hop. This can be achieved by
4493 adding the following to your sendmail.mc file:
4497 R$* $: $&{auth_authen}
4500 Note: the authentication data can leak to local users who invoke
4501 the MSP with debug options or even with -v. For that reason either
4502 an authentication mechanism that does not show the password in the
4503 AUTH dialogue (e.g., DIGEST-MD5) or a different authentication
4504 method like STARTTLS should be used.
4506 feature/msp.m4 defines almost all settings for the MSP. Most of
4507 those should not be changed at all. Some of the features and options
4508 can be overridden if really necessary. It is a bit tricky to do
4509 this, because it depends on the actual way the option is defined
4510 in feature/msp.m4. If it is directly defined (i.e., define()) then
4511 the modified value must be defined after
4515 If it is conditionally defined (i.e., ifdef()) then the desired
4516 value must be defined before the FEATURE line in the .mc file.
4517 To see how the options are defined read feature/msp.m4.
4520 +--------------------------+
4521 | FORMAT OF FILES AND MAPS |
4522 +--------------------------+
4524 Files that define classes, i.e., F{classname}, consist of lines
4525 each of which contains a single element of the class. For example,
4526 /etc/mail/local-host-names may have the following content:
4531 Maps must be created using makemap(8) , e.g.,
4533 makemap hash MAP < MAP
4535 In general, a text file from which a map is created contains lines
4540 where 'key' and 'value' are also called LHS and RHS, respectively.
4541 By default, the delimiter between LHS and RHS is a non-empty sequence
4542 of white space characters.
4545 +------------------+
4546 | DIRECTORY LAYOUT |
4547 +------------------+
4549 Within this directory are several subdirectories, to wit:
4551 m4 General support routines. These are typically
4552 very important and should not be changed without
4553 very careful consideration.
4555 cf The configuration files themselves. They have
4556 ".mc" suffixes, and must be run through m4 to
4557 become complete. The resulting output should
4558 have a ".cf" suffix.
4560 ostype Definitions describing a particular operating
4561 system type. These should always be referenced
4562 using the OSTYPE macro in the .mc file. Examples
4563 include "bsd4.3", "bsd4.4", "sunos3.5", and
4566 domain Definitions describing a particular domain, referenced
4567 using the DOMAIN macro in the .mc file. These are
4568 site dependent; for example, "CS.Berkeley.EDU.m4"
4569 describes hosts in the CS.Berkeley.EDU subdomain.
4571 mailer Descriptions of mailers. These are referenced using
4572 the MAILER macro in the .mc file.
4574 sh Shell files used when building the .cf file from the
4575 .mc file in the cf subdirectory.
4577 feature These hold special orthogonal features that you might
4578 want to include. They should be referenced using
4581 hack Local hacks. These can be referenced using the HACK
4582 macro. They shouldn't be of more than voyeuristic
4583 interest outside the .Berkeley.EDU domain, but who knows?
4585 siteconfig Site configuration -- e.g., tables of locally connected
4589 +------------------------+
4590 | ADMINISTRATIVE DETAILS |
4591 +------------------------+
4593 The following sections detail usage of certain internal parts of the
4594 sendmail.cf file. Read them carefully if you are trying to modify
4595 the current model. If you find the above descriptions adequate, these
4596 should be {boring, confusing, tedious, ridiculous} (pick one or more).
4598 RULESETS (* means built in to sendmail)
4601 1 * Sender rewriting
4602 2 * Recipient rewriting
4603 3 * Canonicalization
4605 5 * Local address rewrite (after aliasing)
4606 1x mailer rules (sender qualification)
4607 2x mailer rules (recipient qualification)
4608 3x mailer rules (sender header qualification)
4609 4x mailer rules (recipient header qualification)
4610 5x mailer subroutines (general)
4611 6x mailer subroutines (general)
4612 7x mailer subroutines (general)
4614 90 Mailertable host stripping
4615 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4616 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4617 98 Local part of ruleset 0 (ruleset 8 in old sendmail)
4622 0 local, prog local and program mailers
4623 1 [e]smtp, relay SMTP channel
4624 2 uucp-* UNIX-to-UNIX Copy Program
4625 3 netnews Network News delivery
4626 4 fax Sam Leffler's HylaFAX software
4627 5 mail11 DECnet mailer
4635 D The local domain -- usually not needed
4636 E reserved for X.400 Relay
4639 H mail Hub (for mail clusters)
4644 M Masquerade (who you claim to be)
4649 R Relay (for unqualified names)
4652 U my UUCP name (if you have a UUCP connection)
4653 V UUCP Relay (class {V} hosts)
4654 W UUCP Relay (class {W} hosts)
4655 X UUCP Relay (class {X} hosts)
4656 Y UUCP Relay (all other hosts)
4663 B domains that are candidates for bestmx lookup
4666 E addresses that should not seem to come from $M
4667 F hosts this system forward for
4668 G domains that should be looked up in genericstable
4673 L addresses that should not be forwarded to $R
4674 M domains that should be mapped to $M
4675 N host/domains that should not be mapped to $M
4676 O operators that indicate network operations (cannot be in local names)
4677 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4679 R domains this system is willing to relay (pass anti-spam filters)
4682 U locally connected UUCP hosts
4683 V UUCP hosts connected to relay $V
4684 W UUCP hosts connected to relay $W
4685 X UUCP hosts connected to relay $X
4686 Y locally connected smart UUCP hosts
4687 Z locally connected domain-ized UUCP hosts
4688 . the class containing only a dot
4689 [ the class containing only a left bracket
4694 1 Local host detection and resolution
4695 2 Local Ruleset 3 additions
4696 3 Local Ruleset 0 additions
4697 4 UUCP Ruleset 0 additions
4698 5 locally interpreted names (overrides $R)
4699 6 local configuration (at top of file)
4700 7 mailer definitions
4701 8 DNS based blacklists
4702 9 special local rulesets (1 and 2)
4704 $Revision: 8.728 $, Last updated $Date: 2012/09/07 16:29:13 $
projects / FreeBSD / releng / 10.0.git / blob