README revision 058561cbaa119a6f2659bc27ef343e1b47266bb2
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater SENDMAIL CONFIGURATION FILES
7a42357217528037bdfedcb17eeebfe96ae4266aAutomatic UpdaterThis document describes the sendmail configuration files. It
1167fc7904c5f0a472f8df207ac46dd52c7f1ec8Automatic Updaterexplains how to create a sendmail.cf file for use with sendmail.
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic UpdaterIt also describes how to set options for sendmail which are explained
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updaterin the Sendmail Installation and Operation guide, which can be found
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useron-line at http://www.sendmail.org/%7Eca/email/doc8.12/op.html .
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic UpdaterRecall this URL throughout this document when references to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonTable of Content:
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserINTRODUCTION AND EXAMPLE
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserA BRIEF INTRODUCTION TO M4
1ac49378a458420bc685293d12e567d7222d17b6Tinderbox UserFILE LOCATIONS
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsSITE CONFIGURATION
a01aa536188bb3535dfc1107a623e6355a8e6b7cMark AndrewsUSING UUCP MAILERS
89623368b8f662d458d9964b923050f33c5f75b0Tinderbox UserTWEAKING RULESETS
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsMASQUERADING AND RELAYING
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic UpdaterUSING LDAP FOR ALIASES, MAPS, AND CLASSES
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic UpdaterANTI-SPAM CONFIGURATION CONTROL
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonCONNECTION CONTROL
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic UpdaterADDING NEW MAILERS OR RULESETS
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonADDING NEW MAIL FILTERS
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic UpdaterQUEUE GROUP DEFINITIONS
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserNON-SMTP BASED CONFIGURATIONS
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan HuntACCEPTING MAIL FOR MULTIPLE NAMES
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic UpdaterUSING MAILERTABLES
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic UpdaterUSING USERDB TO MAP FULL NAMES
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan HuntMISCELLANEOUS SPECIAL FEATURES
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic UpdaterTWEAKING CONFIGURATION OPTIONS
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic UpdaterMESSAGE SUBMISSION PROGRAM
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan HuntFORMAT OF FILES AND MAPS
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic UpdaterDIRECTORY LAYOUT
2d2dc37599979c83495510f8af8d1756753aa2c5Automatic UpdaterADMINISTRATIVE DETAILS
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater+--------------------------+
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater| INTRODUCTION AND EXAMPLE |
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater+--------------------------+
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic UpdaterConfiguration files are contained in the subdirectory "cf", with a
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updatersuffix ".mc". They must be run through "m4" to produce a ".cf" file.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic UpdaterYou must pre-load "cf.m4":
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark AndrewsAlternatively, you can simply:
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User cd ${CFDIR}/cf
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterwhere ${CFDIR} is the root of the cf directory and config.mc is the
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updatername of your configuration file. If you are running a version of M4
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsthat understands the __file__ builtin (versions of GNU m4 >= 0.75 do
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox Userthis, but the versions distributed with 4.4BSD and derivatives do not)
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsor the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
c59750de3ea3c7d5890000fb4606e8f5835a52aaTinderbox UserFor "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updateruse -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example:
ec7751119a08c6a7250f3187beed69a8b836d349Tinderbox User m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
114f7780384371121918624ae2c80ecfce545683Tinderbox UserLet's examine a typical .mc file:
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson # Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater # All rights reserved.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater # Copyright (c) 1983 Eric P. Allman. All rights reserved.
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews # Copyright (c) 1988, 1993
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater # The Regents of the University of California. All rights reserved.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater # By using this file, you agree to the terms and conditions set
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater # forth in the LICENSE file which can be found at the top level of
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson # the sendmail distribution.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews # This is a Berkeley-specific configuration file for HP-UX 9.x.
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User # It applies only to the Computer Science Division at Berkeley,
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User # and should not be used elsewhere. It is provided on the sendmail
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews # distribution as a sample only. To create your own configuration
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont # file, create an appropriate domain file in ../domain, change the
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User # `DOMAIN' macro below to reference that file, and copy the result
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User # to a name of your own choosing.
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox UserThe divert(-1) will delete the crud in the resulting output file.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsThe copyright notice can be replaced by whatever your lawyers require;
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrewsour lawyers require the one that is included in these files. A copyleft
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updateris a copyright by another name. The divert(0) restores regular output.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews VERSIONID(`<SCCS or RCS version id>')
7500521cecdff3c00e594ec41d3a17292332ffbcTinderbox UserVERSIONID is a macro that stuffs the version information into the
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updaterresulting file. You could use SCCS, RCS, CVS, something else, or
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrewsomit it completely. This is not the same as the version id included
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsin SMTP greeting messages -- this is defined in m4/version.m4.
89623368b8f662d458d9964b923050f33c5f75b0Tinderbox User OSTYPE(`hpux9')dnl
b871c7156eb037d41f53828c6fcb9cc876128962Mark AndrewsYou must specify an OSTYPE to properly configure things such as the
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrewspathname of the help and status files, the flags needed for the local
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrewsmailer, and other important things. If you omit it, you will get an
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrewserror when you try to build the configuration. Look at the ostype
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrewsdirectory for the list of known operating system types.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic UpdaterThis example is specific to the Computer Science Division at Berkeley.
fe80a4909bf62b602feaf246866e9d29f7654194Automatic UpdaterYou can use "DOMAIN(`generic')" to get a sufficiently bland definition
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updaterthat may well work for you, or you can create a customized domain
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updaterdefinition appropriate for your environment.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater MAILER(`local')
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater MAILER(`smtp')
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic UpdaterThese describe the mailers used at the default CS site. The local
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrewsmailer is always included automatically. Beware: MAILER declarations
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafssonshould only be followed by LOCAL_* sections. The general rules are
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updaterthat the order should be:
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater local macro definitions
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User LOCAL_RULESETS
1368e4b34cef64604c874fcc40201c78e548714cTinderbox UserThere are a few exceptions to this rule. Local macro definitions which
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userinfluence a FEATURE() should be done before that feature. For example,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Usera define(`PROCMAIL_MAILER_PATH', ...) should be done before
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic UpdaterFEATURE(`local_procmail').
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater+----------------------------+
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User| A BRIEF INTRODUCTION TO M4 |
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User+----------------------------+
8711e5c73ca872d59810760af0332194cbdd619bAutomatic UpdaterSendmail uses the M4 macro processor to ``compile'' the configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterfiles. The most important thing to know is that M4 is stream-based,
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updaterthat is, it doesn't understand about lines. For this reason, in some
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updaterplaces you may see the word ``dnl'', which stands for ``delete
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updaterthrough newline''; essentially, it deletes all characters starting
4e0e18467f8ec5a9e5d0c538ce46bf07409ecf9bTinderbox Userat the ``dnl'' up to and including the next newline character. In
e85565067cf73f8cc21ee29b11761659f1d47ee9Automatic Updatermost cases sendmail uses this only to avoid lots of unnecessary
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterblank lines in the output.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterOther important directives are define(A, B) which defines the macro
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater``A'' to have value ``B''. Macros are expanded as they are read, so
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updaterone normally quotes both values to prevent expansion. For example,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater define(`SMART_HOST', `smart.foo.com')
59528addd704f8d5757b54e540520f74e588a7c7Automatic UpdaterOne word of warning: M4 macros are expanded even in lines that appear
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterto be comments. For example, if you have
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater # See FEATURE(`foo') above
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updaterit will not do what you expect, because the FEATURE(`foo') will be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterexpanded. This also applies to
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater # And then define the $X macro to be the return address
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterbecause ``define'' is an M4 keyword. If you want to use them, surround
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updaterthem with directed quotes, `like this'.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterSince m4 uses single quotes (opening "`" and closing "'") to quote
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updaterarguments, those quotes can't be used in arguments. For example,
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updaterit is not possible to define a rejection message containing a single
7262eb86f2b465822206122921e2f357218f0cfdAutomatic Updaterquote. Usually there are simple workarounds by changing those
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrewsmessages; in the worst case it might be ok to change the value
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterdirectly in the generated .cf file, which however is not advised.
bbb069be941f649228760edcc241122933c066d2Automatic Updater+----------------+
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater| FILE LOCATIONS |
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater+----------------+
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updatersendmail 8.9 has introduced a new configuration directory for sendmail
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updaterrelated files, /etc/mail. The new files available for sendmail 8.9 --
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsthe class {R} /etc/mail/relay-domains and the access database
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater/etc/mail/access -- take advantage of this new directory. Beginning with
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater8.10, all files will use this directory by default (some options may be
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsset by OSTYPE() files). This new directory should help to restore
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsuniformity to sendmail's file locations.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsBelow is a table of some of the common changes:
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsOld filename New filename
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater------------ ------------
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson/etc/sendmail.cw /etc/mail/local-host-names
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic Updater/etc/mail/sendmail.cw /etc/mail/local-host-names
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic Updater/etc/sendmail/sendmail.cw /etc/mail/local-host-names
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson/usr/share/lib/sendmail.hf /etc/mail/helpfile
e2caa7536302de34de6cc04025abcd53dc3a499aAutomatic Updater/usr/share/misc/sendmail.hf /etc/mail/helpfile
08d53af7d51409036462fa80fb1bde7a8c2ac123Automatic Updater/etc/mailer/sendmail.st /etc/mail/statistics
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater/usr/ucblib/sendmail.st /etc/mail/statistics
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsNote that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
3351ccbd5c1961404044f8273d54dad405f53960Mark Andrewsto create the pathnames. The default value of this variable is
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater`/etc/mail/'. If you set this macro to a different value, you MUST include
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrewsa trailing slash.
3351ccbd5c1961404044f8273d54dad405f53960Mark AndrewsNotice: all filenames used in a .mc (or .cf) file should be absolute
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater(starting at the root, i.e., with '/'). Relative filenames most
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrewslikely cause surprises during operations (unless otherwise noted).
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic UpdaterYou MUST define an operating system environment, or the configuration
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updaterfile build will puke. There are several environments available; look
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updaterat the "ostype" directory for the current list. This macro changes
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updaterthings like the location of the alias file and queue directory. Some
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updaterof these files are identical to one another.
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic UpdaterIt is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox UserIn general, the OSTYPE macro should go immediately after any version
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox Userinformation, and MAILER definitions should always go last.
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox UserOperating system definitions are usually easy to write. They may define
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrewsthe following variables (everything defaults, so an ostype file may be
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox Userempty). Unfortunately, the list of configuration-supported systems is
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usernot as broad as the list of source-supported systems, since many of
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userthe source contributors do not include corresponding ostype files.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsALIAS_FILE [/etc/mail/aliases] The location of the text version
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater of the alias file(s). It can be a comma-separated
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater list of names (but be sure you quote values with
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews commas in them -- for example, use
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews define(`ALIAS_FILE', `a,b')
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews to get "a" and "b" both listed as alias files;
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews otherwise the define() primitive only sees "a").
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsHELP_FILE [/etc/mail/helpfile] The name of the file
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater containing information printed in response to
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater the SMTP HELP command.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic UpdaterQUEUE_DIR [/var/spool/mqueue] The directory containing
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson queue files. To use multiple queues, supply
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater a value ending with an asterisk. For
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews example, /var/spool/mqueue/qd* will use all of the
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews directories or symbolic links to directories
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User beginning with 'qd' in /var/spool/mqueue as queue
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington directories. The names 'qf', 'df', and 'xf' are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington reserved as specific subdirectories for the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User corresponding queue file types as explained in
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User doc/op/op.me. See also QUEUE GROUP DEFINITIONS.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserMSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater queue files for the MSP (Mail Submission Program).
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserSTATUS_FILE [/etc/mail/statistics] The file containing status
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterLOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail.
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox UserLOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User flags lsDFMAw5:/|@q are always included.
d6317350b1180aa4517f2e8a92fa8fbcbf904ad8Automatic UpdaterLOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserLOCAL_MAILER_MAX [undefined] If defined, the maximum size of local
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mail that you are willing to accept.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonLOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington messages to deliver in a single connection. Only
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington useful for LMTP local mailers.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonLOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington that ARRIVE from an address that resolves to the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington local mailer and which are converted to MIME will be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington labeled with this character set.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonLOCAL_MAILER_EOL [undefined] If defined, the string to use as the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington end of line for the local mailer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonLOCAL_MAILER_DSN_DIAGNOSTIC_CODE
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [X-Unix] The DSN Diagnostic-Code value for the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington local mailer. This should be changed with care.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonLOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonLOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington flags lsDFM are always included.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonLOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonLOCAL_SHELL_DIR [$z:/] The directory search path in which the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington shell should run.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonLOCAL_MAILER_QGRP [undefined] The queue group for the local mailer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington flags are `mDFMuX' for all SMTP-based mailers; the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "esmtp" mailer adds `a'; "smtp8" adds `8'; and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "dsmtp" adds `%'.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonRELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington flags are `mDFMuX' for all SMTP-based mailers; the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington relay mailer adds `a8'. If this is not defined,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington then SMTP_MAILER_FLAGS is used.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSMTP_MAILER_MAX [undefined] The maximum size of messages that will
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be transported using the smtp, smtp8, esmtp, or dsmtp
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington messages to deliver in a single connection for the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington smtp, smtp8, esmtp, or dsmtp mailers.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington recipients to deliver in a single connection for the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington smtp, smtp8, esmtp, or dsmtp mailers.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington About the only reason you would want to change this
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington would be to change the default port.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonDSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonRELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonDSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonRELAY_MAILER_QGRP [undefined] The queue group for the relay mailer.
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic UpdaterRELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of
febbdb34a7f7759922e239655e7429d78d3a8d26Tinderbox User messages to deliver in a single connection for the
ae7e54b14c946e0984c191554db9abb4893f9349Automatic UpdaterSMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater that ARRIVE from an address that resolves to one of
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater the SMTP mailers and which are converted to MIME will
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater be labeled with this character set.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic UpdaterSMTP_MAILER_LL [990] The maximum line length for SMTP mailers
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User (except the relay mailer).
ae7e54b14c946e0984c191554db9abb4893f9349Automatic UpdaterRELAY_MAILER_LL [2040] The maximum line length for the relay mailer.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic UpdaterUUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic UpdaterUUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater flags are `DFMhuU' (and `m' for uucp-new mailer,
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater minus `U' for uucp-dom mailer).
ae7e54b14c946e0984c191554db9abb4893f9349Automatic UpdaterUUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater passed to the UUCP mailer.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic UpdaterUUCP_MAILER_MAX [100000] The maximum size message accepted for
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User transmission by the UUCP mailers.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonUUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington that ARRIVE from an address that resolves to one of
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington the UUCP mailers and which are converted to MIME will
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington be labeled with this character set.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark AndrewsUUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark AndrewsPROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington program. This is also used by
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews FEATURE(`local_procmail').
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonPROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews DFM are always set. This is NOT used by
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic UpdaterPROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater the Procmail mailer. This is NOT used by
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonPROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington will be accepted by the procmail mailer.
e10d61d84e0b735f1e8eca18644cfdb1b06cad33Tinderbox UserPROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterconfEBINDIR [/usr/libexec] The directory for executables.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Currently used for FEATURE(`local_lmtp') and
febbdb34a7f7759922e239655e7429d78d3a8d26Tinderbox User FEATURE(`smrsh').
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterLOCAL_PROG_QGRP [undefined] The queue group for the prog mailer.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterNote: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserMODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
e01f44b37ba11c9d34f4a8394f950efae5c07f33Automatic Updaterof the macro Name_MAILER_FLAGS (note: that means Name is entirely in
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userupper case) and change can be: flags that should be used directly
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater(thus overriding the default value), or if it starts with `+' (`-')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterthen those flags are added to (removed from) the default value.
3de6db3208d51de1e138b63b9670430c03f99694Automatic Updater MODIFY_MAILER_FLAGS(`LOCAL', `+e')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterwill add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userseveral smtp mailers all of which are manipulated individually.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSee the section MAILERS for the available mailer names.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonWARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonunconditionally, i.e., without respecting any definitions in an
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonOSTYPE setting.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonYou will probably want to collect domain-dependent defines into one
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonfile, referenced by the DOMAIN macro. For example, the Berkeley
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtondomain file includes definitions for several internal distinguished
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonUUCP_RELAY The host that will accept UUCP-addressed email.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington If not defined, all UUCP sites must be directly
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark AndrewsBITNET_RELAY The host that will accept BITNET-addressed email.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews If not defined, the .BITNET pseudo-domain won't work.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonDECNET_RELAY The host that will accept DECNET-addressed email.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington If not defined, the .DECNET pseudo-domain and addresses
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater of the form node::user will not work.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterFAX_RELAY The host that will accept mail to the .FAX pseudo-domain.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User The "fax" mailer overrides this value.
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic UpdaterLOCAL_RELAY The site that will handle unqualified names -- that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is, names without an @domain extension.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Normally MAIL_HUB is preferred for this function.
79cea03ba823e2d3a34895f0ba91d7fb5ad799e7Automatic Updater LOCAL_RELAY is mostly useful in conjunction with
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User FEATURE(`stickyhost') -- see the discussion of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington stickyhost below. If not set, they are assumed to
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews belong on this machine. This allows you to have a
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews central site to store a company- or department-wide
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington alias database. This only works at small sites,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and only with some user agents.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonLUSER_RELAY The site that will handle lusers -- that is, apparently
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington local names that aren't local accounts or aliases. To
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington specify a local user instead of a site, set this to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ``local:username''.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonAny of these can be either ``mailer:hostname'' (in which case the
b7aab05edae933e169d5f83c653935b17c7f0a8bMark Andrewsmailer is the internal mailer name, such as ``uucp-new'' and the hostname
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonis the name of the host as appropriate for that mailer) or just a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington``hostname'', in which case a default mailer type (usually ``relay'',
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtona variant on SMTP) is used. WARNING: if you have a wildcard MX
409ba95e573b40cf36acf97dd62ee7e9c7775851Tinderbox Userrecord matching your domain, you probably want to define these to
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrewshave a trailing dot so that you won't get the mail diverted back
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark AndrewsThe domain file can also be used to define a domain name, if needed
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington(using "DD<domain>") and set certain site-wide features. If all hosts
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonat your site masquerade behind one email name, you could also use
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonMASQUERADE_AS here.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonYou do not have to define a domain -- in particular, if you are a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonsingle machine sitting off somewhere, it is probably more work than
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonit's worth. This is just a mechanism for combining "domain dependent
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonknowledge" into one place.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterThere are fewer mailers supported in this version than the previous
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userversion, owing mostly to a simpler world. As a general rule, put the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterMAILER definitions last in your .mc file.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterlocal The local and prog mailers. You will almost always
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater need these; the only exception is if you relay ALL
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater your mail to another site. This mailer is included
56effd2e3f579fd77b1fb37d47871d1bf1286bc4Automatic Updater automatically.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatersmtp The Simple Mail Transport Protocol mailer. This does
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater not hide hosts behind a gateway or another other
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User such hack; it assumes a world where everyone is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington running the name server. This file actually defines
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews five mailers: "smtp" for regular (old-style) SMTP to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington other servers, "esmtp" for extended SMTP to other
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews servers, "smtp8" to do SMTP to other servers without
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington converting 8-bit data to MIME (essentially, this is
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews your statement that you know the other end is 8-bit
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews clean even if it doesn't say so), "dsmtp" to do on
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews demand delivery, and "relay" for transmission to the
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonuucp The UNIX-to-UNIX Copy Program mailer. Actually, this
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington defines two mailers, "uucp-old" (a.k.a. "uucp") and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "uucp-new" (a.k.a. "suucp"). The latter is for when you
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington know that the UUCP mailer at the other end can handle
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington multiple recipients in one transfer. If the smtp mailer
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington is included in your configuration, two other mailers
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ("uucp-dom" and "uucp-uudom") are also defined [warning: you
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington include the uucp mailer, sendmail looks for all names in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington class {U} and sends them to the uucp-old mailer; all
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington names in class {Y} are sent to uucp-new; and all
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington names in class {Z} are sent to uucp-uudom. Note that
409ba95e573b40cf36acf97dd62ee7e9c7775851Tinderbox User this is a function of what version of rmail runs on
89623368b8f662d458d9964b923050f33c5f75b0Tinderbox User the receiving end, and hence may be out of your control.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington See the section below describing UUCP mailers in more
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userprocmail An interface to procmail (does not come with sendmail).
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User This is designed to be used in mailertables. For example,
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User a common question is "how do I forward all mail for a given
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater domain to a single person?". If you have this mailer
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defined, you could set up a mailertable reading:
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater host.com procmail:/etc/procmailrcs/host.com
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User with the file /etc/procmailrcs/host.com reading:
1fdd58445074579ee3b65c871137a7a1740eb542Mark Andrews :0 # forward mail for host.com
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User ! -oi -f $1 person@other.host
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User This would arrange for (anything)@host.com to be sent
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User to person@other.host. In a procmail script, $1 is the
cc5a9ce75af9870f2cb9e2bf00548c2f7e6398d6Automatic Updater name of the sender and $2 is the name of the recipient.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If you use this with FEATURE(`local_procmail'), the FEATURE
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User should be listed first.
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater Of course there are other ways to solve this particular
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User problem, e.g., a catch-all entry in a virtusertable.
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic UpdaterThe local mailer accepts addresses of the form "user+detail", where
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updaterthe "+detail" is not used for mailbox matching but is available
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updaterto certain local mail programs (in particular, see
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserFEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User"eric+sww" all indicate the same user, but additional arguments <null>,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User"sendmail", and "sww" may be provided for use in sorting mail.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserSpecial features can be requested using the "FEATURE" macro. For
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userexample, the .mc line:
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater FEATURE(`use_cw_file')
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updatertells sendmail that you want to have it read an /etc/mail/local-host-names
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updaterfile to get values for class {w}. A FEATURE may contain up to 9
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updateroptional parameters -- for example:
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater FEATURE(`mailertable', `dbm /usr/lib/mailertable')
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic UpdaterThe default database map type for the table features can be set with
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater define(`DATABASE_MAP_TYPE', `dbm')
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updaterwhich would set it to use ndbm databases. The default is the Berkeley DB
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updaterhash database format. Note that you must still declare a database map type
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updaterif you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updaterif no argument is given for the FEATURE. It must be specified before any
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updaterfeature that uses a map.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic UpdaterAlso, features which can take a map definition as an argument can also take
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updaterthe special keyword `LDAP'. If that keyword is used, the map will use the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic UpdaterLDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic UpdaterCLASSES'' section below.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic UpdaterAvailable features are:
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updateruse_cw_file Read the file /etc/mail/local-host-names file to get
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater alternate names for this host. This might be used if you
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater were on a host that MXed for a dynamic set of other hosts.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater If the set is static, just including the line "Cw<name1>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <name2> ..." (where the names are fully qualified domain
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater names) is probably superior. The actual filename can be
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater overridden by redefining confCW_FILE.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updateruse_ct_file Read the file /etc/mail/trusted-users file to get the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater names of users that will be ``trusted'', that is, able to
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater set their envelope from address using -f without generating
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater a warning message. The actual filename can be overridden
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater by redefining confCT_FILE.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updaterredirect Reject all mail addressed to "address.REDIRECT" with
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater a ``551 User has moved; please try <address>'' message.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater If this is set, you can alias people who have left
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater to their new address with ".REDIRECT" appended.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Usernouucp Don't route UUCP addresses. This feature takes one
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater `reject': reject addresses which have "!" in the local
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater part unless it originates from a system
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User that is allowed to relay.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater `nospecial': don't do anything special with "!".
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater Warnings: 1. See the notice in the anti-spam section.
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews 2. don't remove "!" from OperatorChars if `reject' is
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews given as parameter.
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrewsnocanonify Don't pass addresses to $[ ... $] for canonification
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater by default, i.e., host/domain names are considered canonical,
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater except for unqualified names, which must not be used in this
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater mode (violation of the standard). It can be changed by
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater setting the DaemonPortOptions modifiers (M=). That is,
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater FEATURE(`nocanonify') will be overridden by setting the
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater 'c' flag. Conversely, if FEATURE(`nocanonify') is not used,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User it can be emulated by setting the 'C' flag
75333ed9bf283dc5f93deea43460149937402985Automatic Updater (DaemonPortOptions=Modifiers=C). This would generally only
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater be used by sites that only act as mail gateways or which have
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User user agents that do full canonification themselves. You may
4ea3649f028ea6a1e42377082a7ccf8f789fb950Automatic Updater also want to use
40072ce70bc4125329addb4aaa56d18a1230bc17Automatic Updater "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
60d5d17479b47c03b9c7c86f54269718103750b8Automatic Updater the usual resolver options that do a similar thing.
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater An exception list for FEATURE(`nocanonify') can be
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
60d5d17479b47c03b9c7c86f54269718103750b8Automatic Updater i.e., a list of domains which are nevertheless passed to
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater $[ ... $] for canonification. This is useful to turn on
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater canonification for local domains, e.g., use
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater CANONIFY_DOMAIN(`my.domain my') to canonify addresses
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater which end in "my.domain" or "my".
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater Another way to require canonification in the local
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater domain is CANONIFY_DOMAIN(`$=m').
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater A trailing dot is added to addresses with more than
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater one component in it such that other features which
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater expect a trailing dot (e.g., virtusertable) will
19dbf2e20df03f2b81ed1f347e27718084374059Automatic Updater If `canonify_hosts' is specified as parameter, i.e.,
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater FEATURE(`nocanonify', `canonify_hosts'), then
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater addresses which have only a hostname, e.g.,
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater <user@host>, will be canonified (and hopefully fully
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater qualified), too.
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updaterstickyhost This feature is sometimes used with LOCAL_RELAY,
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater although it can be used for a different effect with
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User When used without MAIL_HUB, email sent to
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User "user@local.host" are marked as "sticky" -- that
016614bf32c25cbd3f2b39f68455b8c98a1a22b3Automatic Updater is, the local addresses aren't matched against UDB,
7dd02af3c9350553e1d52d980a7812425b3f1295Automatic Updater don't go through ruleset 5, and are not forwarded to
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the LOCAL_RELAY (if defined).
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington With MAIL_HUB, mail addressed to "user@local.host"
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington is forwarded to the mail hub, with the envelope
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater address still remaining "user@local.host".
01f91b9cd440833f66e7476e43659655cb52ad10Automatic Updater Without stickyhost, the envelope would be changed
3e5b24a74c03d5b52f32d138e64e427bd2cbc8f3Automatic Updater to "user@mail_hub", in order to protect against
3e5b24a74c03d5b52f32d138e64e427bd2cbc8f3Automatic Updater mailing loops.
aa49af836ce7a7a2888f5cedf4cbb14ff4dc1d11Mark Andrewsmailertable Include a "mailer table" which can be used to override
c7145f697c1b8cd69679ed3cefa6bb7fb7d2b94fEvan Hunt routing for particular domains (which are not in class {w},
aa49af836ce7a7a2888f5cedf4cbb14ff4dc1d11Mark Andrews i.e. local host names). The argument of the FEATURE may be
aa49af836ce7a7a2888f5cedf4cbb14ff4dc1d11Mark Andrews the key definition. If none is specified, the definition
24ab436514338897008610dc9b6a7a8bdd2dee73Tinderbox User Keys in this database are fully qualified domain names
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User or partial domains preceded by a dot -- for example,
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox User "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox User special case of the latter, "." matches any domain not
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt covered by other keys. Values must be of the form:
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt mailer:domain
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt where "mailer" is the internal mailer name, and "domain"
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt is where to send the message. These maps are not
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt reflected into the message header. As a special case,
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt will forward to the indicated user using the local mailer,
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox User will forward to the original user in the e-mail address
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox User using the local mailer, and
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt error:code message
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt error:D.S.N:code message
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt will give an error message with the indicated SMTP reply
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User code and message, where D.S.N is an RFC 1893 compliant
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterdomaintable Include a "domain table" which can be used to provide
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater domain name mapping. Use of this should really be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater limited to your own domains. It may be useful if you
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater change names (e.g., your company changes names from
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater oldname.com to newname.com). The argument of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater FEATURE may be the key definition. If none is specified,
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater the definition used is:
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User The key in this table is the domain name; the value is
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the new (fully qualified) domain. Anything in the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User domaintable is reflected into headers; that is, this
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User is done in ruleset 3.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userbitdomain Look up bitnet hosts in a table to try to turn them into
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User internet addresses. The table can be built using the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater bitdomain program contributed by John Gardiner Myers.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The argument of the FEATURE may be the key definition; if
d9f94d668f4b9342e9367d80e9fc6e81fab303a0Mark Andrews none is specified, the definition used is:
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater Keys are the bitnet hostname; values are the corresponding
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater internet hostname.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useruucpdomain Similar feature for UUCP hosts. The default map definition
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At the moment there is no automagic tool to build this
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useralways_add_domain
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Include the local host domain even on locally delivered
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User mail. Normally it is not added on unqualified names.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User However, if you use a shared message store but do not use
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater the same user name space everywhere, you may need the host
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater name on local names. An optional argument specifies
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater another domain to be added than the local.
88d58d79c5bc7ce3c20a42461a5070116c736836Automatic Updaterallmasquerade If masquerading is enabled (using MASQUERADE_AS), this
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater feature will cause recipient addresses to also masquerade
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater as being from the masquerade host. Normally they get
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the local hostname. Although this may be right for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ordinary users, it can break local aliases. For example,
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater if you send to "localalias", the originating sendmail will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater find that alias and send to all members, but send the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater message with "To: localalias@masqueradehost". Since that
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater alias likely does not exist, replies will fail. Use this
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User feature ONLY if you can guarantee that the ENTIRE
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater namespace on your masquerade host supersets all the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater local entries.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterlimited_masquerade
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater Normally, any hosts listed in class {w} are masqueraded. If
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater this feature is given, only the hosts listed in class {M} (see
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater below: MASQUERADE_DOMAIN) are masqueraded. This is useful
9fa39c73fc1d8bc44fdbbb79a1d26b837e7dd555Mark Andrews if you have several domains with disjoint namespaces hosted
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater on the same machine.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Usermasquerade_entire_domain
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User If masquerading is enabled (using MASQUERADE_AS) and
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User MASQUERADE_DOMAIN (see below) is set, this feature will
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater cause addresses to be rewritten such that the masquerading
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater domains are actually entire domains to be hidden. All
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater hosts within the masquerading domains will be rewritten
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User to the masquerade name (used in MASQUERADE_AS). For example,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User MASQUERADE_AS(`masq.com')
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User MASQUERADE_DOMAIN(`foo.org')
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User MASQUERADE_DOMAIN(`bar.com')
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews then *foo.org and *bar.com are converted to masq.com. Without
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews this feature, only foo.org and bar.com are masqueraded.
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews NOTE: only domains within your jurisdiction and
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User current hierarchy should be masqueraded using this.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userlocal_no_masquerade
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User This feature prevents the local mailer from masquerading even
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater if MASQUERADE_AS is used. MASQUERADE_AS will only have effect
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User on addresses of mail going outside the local domain.
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox Usermasquerade_envelope
8a50411a003d24e8a6e6d4e922a2205c83201038Automatic Updater If masquerading is enabled (using MASQUERADE_AS) or the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User genericstable is in use, this feature will cause envelope
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User addresses to also masquerade as being from the masquerade
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater host. Normally only the header addresses are masqueraded.
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupontgenericstable This feature will cause unqualified addresses (i.e., without
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont a domain) and addresses with a domain listed in class {G}
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont to be looked up in a map and turned into another ("generic")
4dca64bb8991502db368028aeeba2f832d3b971dAutomatic Updater form, which can change both the domain name and the user name.
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont Notice: if you use an MSP (as it is default starting with
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User 8.12), the MTA will only receive qualified addresses from the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User MSP (as required by the RFCs). Hence you need to add your
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater domain to class {G}. This feature is similar to the userdb
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater functionality. The same types of addresses as for
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater masquerading are looked up, i.e., only header sender
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater addresses unless the allmasquerade and/or masquerade_envelope
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater features are given. Qualified addresses must have the domain
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater part in class {G}; entries can be added to this class by the
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater The argument of FEATURE(`genericstable') may be the map
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater definition; the default map definition is:
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater The key for this table is either the full address, the domain
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater (with a leading @; the localpart is passed as first argument)
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater or the unqualified username (tried in the order mentioned);
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the value is the new user address. If the new user address
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater does not include a domain, it will be qualified in the standard
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User manner, i.e., using $j or the masquerade name. Note that the
be46cb4bee9253ee4832340c719920642e00c41aTinderbox User address being looked up must be fully qualified. For local
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater mail, it is necessary to use FEATURE(`always_add_domain')
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater for the addresses to be qualified.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User The "+detail" of an address is passed as %1, so entries like
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater old+*@foo.org new+%1@example.com
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User gen+*@foo.org %1@example.com
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater and other forms are possible.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updatergenerics_entire_domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If the genericstable is enabled and GENERICS_DOMAIN or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater GENERICS_DOMAIN_FILE is used, this feature will cause
af9cf290cea6ada6ce27b51c724ab77ad5d73fa0Tinderbox User addresses to be searched in the map if their domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater parts are subdomains of elements in class {G}.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatervirtusertable A domain-specific form of aliasing, allowing multiple
2da2220fe7af2c45724b50b0187523b1fab0cf08Rob Austein virtual domains to be hosted on one machine. For example,
af9cf290cea6ada6ce27b51c724ab77ad5d73fa0Tinderbox User if the virtuser table contains:
c53a6f37deaa396660adb6a4ca600c4a58adfd3fAutomatic Updater info@foo.com foo-info
c53a6f37deaa396660adb6a4ca600c4a58adfd3fAutomatic Updater info@bar.com bar-info
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater joe@bar.com error:nouser 550 No such user here
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater jax@bar.com error:5.7.0:550 Address invalid
19ad308d84cbf446a144e5a91f2032389a9d65c1Tinderbox User @baz.org jane@example.net
b3386fba31414344f38f0c30849c056dceb22dceTinderbox User then mail addressed to info@foo.com will be sent to the
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater address foo-info, mail addressed to info@bar.com will be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater delivered to bar-info, and mail addressed to anyone at baz.org
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater will be sent to jane@example.net, mail to joe@bar.com will
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater be rejected with the specified error message, and mail to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater jax@bar.com will also have a RFC 1893 compliant error code
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater The username from the original address is passed
af9cf290cea6ada6ce27b51c724ab77ad5d73fa0Tinderbox User as %1 allowing:
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater @foo.org %1@example.com
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater meaning someone@foo.org will be sent to someone@example.com.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater Additionally, if the local part consists of "user+detail"
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater then "detail" is passed as %2 and "+detail" is passed as %3
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater when a match against user+* is attempted, so entries like
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater old+*@foo.org new+%2@example.com
4104e236f71eb5108fcfda6711878a97f6f4a8e7Automatic Updater gen+*@foo.org %2@example.com
4104e236f71eb5108fcfda6711878a97f6f4a8e7Automatic Updater +*@foo.org %1%3@example.com
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater X++@foo.org Z%3@example.com
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater and other forms are possible. Note: to preserve "+detail"
af9cf290cea6ada6ce27b51c724ab77ad5d73fa0Tinderbox User for a default case (@domain) %1%3 must be used as RHS.
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater There are two wildcards after "+": "+" matches only a non-empty
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater detail, "*" matches also empty details, e.g., user+@foo.org
664917bedafa65dee4349c84324a31731aa1e228Francis Dupont matches +*@foo.org but not ++@foo.org. This can be used
c53a6f37deaa396660adb6a4ca600c4a58adfd3fAutomatic Updater to ensure that the parameters %2 and %3 are not empty.
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater All the host names on the left hand side (foo.com, bar.com,
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater and baz.org) must be in class {w} or class {VirtHost}. The
19ad308d84cbf446a144e5a91f2032389a9d65c1Tinderbox User latter can be defined by the macros VIRTUSER_DOMAIN or
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater VIRTUSER_DOMAIN_FILE is used, then the entries of class
e628576d3b3d91c8954679077f4c208f1e43b433Automatic Updater {VirtHost} are added to class {R}, i.e., relaying is allowed
f8a9a38ee40c139a8d145ac76ecbff3a0f986453Mark Andrews to (and from) those domains. The default map definition is:
9d80d23172c30fd63e5046a7e69b8445e564ff31Automatic Updater A new definition can be specified as the second argument of
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater the FEATURE macro, such as
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox Uservirtuser_entire_domain
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User If the virtusertable is enabled and VIRTUSER_DOMAIN or
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User VIRTUSER_DOMAIN_FILE is used, this feature will cause
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User addresses to be searched in the map if their domain
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User parts are subdomains of elements in class {VirtHost}.
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox Userldap_routing Implement LDAP-based e-mail recipient routing according to
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User This provides a method to re-route addresses with a
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User domain portion in class {LDAPRoute} to either a
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User different mail host or a different address. Hosts can
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User be added to this class using LDAPROUTE_DOMAIN and
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User MASQUERADE_DOMAIN_FILE, see below).
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User See the LDAP ROUTING section below for more information.
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox Usernullclient This is a special case -- it creates a configuration file
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User containing nothing but support for forwarding all mail to a
bea3208b417a0700bd524807082875b7d09585e4Automatic Updater central hub via a local SMTP-based network. The argument
bea3208b417a0700bd524807082875b7d09585e4Automatic Updater is the name of that hub.
9d9d2b1450380caab764a1254c1687f0613fc94aAutomatic Updater The only other feature that should be used in conjunction
bea3208b417a0700bd524807082875b7d09585e4Automatic Updater with this one is FEATURE(`nocanonify'). No mailers
bea3208b417a0700bd524807082875b7d09585e4Automatic Updater should be defined. No aliasing or forwarding is done.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userlocal_lmtp Use an LMTP capable local mailer. The argument to this
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User feature is the pathname of an LMTP capable mailer. By
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews default, mail.local is used. This is expected to be the
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews mail.local which came with the 8.9 distribution which is
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews LMTP capable. The path to mail.local is set by the
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews confEBINDIR m4 variable -- making the default
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews LOCAL_MAILER_PATH /usr/libexec/mail.local.
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews If a different LMTP capable mailer is used, its pathname
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews can be specified as second parameter and the arguments
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews passed to it (A=) as third parameter, e.g.,
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews i.e., without respecting any definitions in an OSTYPE setting.
1368e4b34cef64604c874fcc40201c78e548714cTinderbox Userlocal_procmail Use procmail or another delivery agent as the local mailer.
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User The argument to this feature is the pathname of the
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User delivery agent, which defaults to PROCMAIL_MAILER_PATH.
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater Note that this does NOT use PROCMAIL_MAILER_FLAGS or
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User PROCMAIL_MAILER_ARGS for the local mailer; tweak
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater specify the appropriate parameters. When procmail is used,
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews the local mailer can make use of the
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User "user+indicator@local.host" syntax; normally the +indicator
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User is just tossed, but by default it is passed as the -a
8c9c79e5fea0cb698026a74821695907c8312a46Mark Andrews argument to procmail.
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User This feature can take up to three arguments:
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User 1. Path to the mailer program
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User 2. Argument vector including name of the program
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater [default: procmail -Y -a $h -d $u]
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater 3. Flags for the mailer [default: SPfhn9]
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User Empty arguments cause the defaults to be taken.
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater Note that if you are on a system with a broken
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User setreuid() call, you may need to add -f $f to the procmail
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington argument vector to pass the proper sender to procmail.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater For example, this allows it to use the maildrop
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (http://www.flounder.net/~mrsam/maildrop/) mailer instead
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater by specifying:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater FEATURE(`local_procmail', `/usr/local/bin/maildrop',
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater `maildrop -d $u')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or scanmails using:
e007e3e5b0316c6c05698a71101885743aca22bdAutomatic Updater FEATURE(`local_procmail', `/usr/local/bin/scanmails')
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User i.e., without respecting any definitions in an OSTYPE setting.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonbestmx_is_local Accept mail as though locally addressed for any host that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lists us as the best possible MX record. This generates
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater additional DNS traffic, but should be OK for low to
bbf7c3fd96ae5e02cb84743c581862e35327032aAutomatic Updater medium traffic hosts. The argument may be a set of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater domains, which will limit the feature to only apply to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater these domains -- this will reduce unnecessary DNS
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User WILDCARD MX RECORDS!!! If you have a wildcard MX record
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User that matches your domain, you cannot use this feature.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrewssmrsh Use the SendMail Restricted SHell (smrsh) provided
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User with the distribution instead of /bin/sh for mailing
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User to programs. This improves the ability of the local
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater system administrator to control what gets run via
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater e-mail. If an argument is provided it is used as the
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User pathname to smrsh; otherwise, the path defined by
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater confEBINDIR is used for the smrsh binary -- by default,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userpromiscuous_relay
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User By default, the sendmail configuration files do not permit
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater mail relaying (that is, accepting mail from outside your
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater local host (class {w}) and sending it to another host than
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater your local host). This option sets your site to allow
5e1503eb9464c2284bb782228d4c315087a2415fAutomatic Updater mail relaying from any site to any site. In almost all
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater cases, it is better to control relaying more carefully
5e1503eb9464c2284bb782228d4c315087a2415fAutomatic Updater with the access map, class {R}, or authentication. Domains
08d53af7d51409036462fa80fb1bde7a8c2ac123Automatic Updater can be added to class {R} by the macros RELAY_DOMAIN or
08d53af7d51409036462fa80fb1bde7a8c2ac123Automatic Updater RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater MASQUERADE_DOMAIN_FILE, see below).
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updaterrelay_entire_domain
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater This option allows any host in your domain as defined by
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater class {m} to use your server for relaying. Notice: make
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater sure that your domain is not just a top level domain,
07d9d0dbcc0c79deb3c34f4a8af05ac68a6800e4Mark Andrews e.g., com. This can happen if you give your host a name
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updaterrelay_hosts_only
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater By default, names that are listed as RELAY in the access
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater db and class {R} are treated as domain names, not host names.
e2e3f655d133f08056c9035412d4c013aab234e7Automatic Updater For example, if you specify ``foo.com'', then mail to or
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User will all be accepted for relaying. This feature changes
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater the behaviour to lookup individual host names only.
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updaterrelay_based_on_MX
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater Turns on the ability to allow relaying based on the MX
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater records of the host portion of an incoming recipient; that
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater is, if an MX record for host foo.com points to your site,
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User you will accept and relay mail addressed to foo.com. See
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater description below for more information before using this
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User feature. Also, see the KNOWNBUGS entry regarding bestmx
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User FEATURE(`relay_based_on_MX') does not necessarily allow
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington routing of these messages which you expect to be allowed,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington if route address syntax (or %-hack syntax) is used. If
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington this is a problem, add entries to the access-table or use
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington FEATURE(`loose_relay_check').
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterrelay_mail_from
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Allows relaying if the mail sender is listed as RELAY in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the access map. If an optional argument `domain' (this
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User is the literal word `domain', not a placeholder) is given,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User relaying can be allowed just based on the domain portion
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater of the sender address. This feature should only be used if
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater absolutely necessary as the sender address can be easily
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater forged. Use of this feature requires the "From:" tag to
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater be used for the key in the access map; see the discussion
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater of tags and FEATURE(`relay_mail_from') in the section on
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater anti-spam configuration control.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userrelay_local_from
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Allows relaying if the domain portion of the mail sender
d04fe0d954df649d763640642cb5a456ae1c63a3Automatic Updater is a local host. This should only be used if absolutely
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater necessary as it opens a window for spammers. Specifically,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User they can send mail to your mail server that claims to be
409ba95e573b40cf36acf97dd62ee7e9c7775851Tinderbox User from your domain (either directly or via a routed address),
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and you will go ahead and relay it out to arbitrary hosts
e062b72f783cdb436a1a57a630bdff471dbb3038Mark Andrews on the Internet.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateraccept_unqualified_senders
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Normally, MAIL FROM: commands in the SMTP session will be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater refused if the connection is a network connection and the
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater sender address does not include a domain name. If your
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User you will need to use this feature to accept unqualified
d04fe0d954df649d763640642cb5a456ae1c63a3Automatic Updater sender addresses. Setting the DaemonPortOptions modifier
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User 'u' overrides the default behavior, i.e., unqualified
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews addresses are accepted even without this FEATURE.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If this FEATURE is not used, the DaemonPortOptions modifier
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 'f' can be used to enforce fully qualified addresses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateraccept_unresolvable_domains
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Normally, MAIL FROM: commands in the SMTP session will be
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater refused if the host part of the argument to MAIL FROM:
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater cannot be located in the host name service (e.g., an A or
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User MX record in DNS). If you are inside a firewall that has
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater only a limited view of the Internet host name space, this
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater could cause problems. In this case you probably want to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater use this feature to accept all domains on input, even if
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater they are unresolvable.
24e0e8d17df315d5d494ca933874e545eadce773Automatic Updateraccess_db Turns on the access database feature. The access db gives
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater you the ability to allow or refuse to accept mail from
a01aa536188bb3535dfc1107a623e6355a8e6b7cMark Andrews specified domains for administrative reasons. Moreover,
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater it can control the behavior of sendmail in various situations.
79242b4b2baccf73f007645983fccad02747af13Automatic Updater By default, the access database specification is:
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User See the anti-spam configuration control section for further
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User important information about this feature. Notice:
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User "-T<TMPF>" is meant literal, do not replace it by anything.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterblacklist_recipients
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Turns on the ability to block incoming mail for certain
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater recipient usernames, hostnames, or addresses. For
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater example, you can block incoming mail to user nobody,
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater host foo.mydomain.com, or guest@bar.mydomain.com.
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater These specifications are put in the access db as
0c7657e9302e7f9a8fe4f32fe561dc7e7e7ee6b5Automatic Updater described in the anti-spam configuration control section
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater later in this document.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userdelay_checks The rulesets check_mail and check_relay will not be called
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User when a client connects or issues a MAIL command, respectively.
12ee3c02ab36d7e7430bd705cc289db1a69a5733Mark Andrews Instead, those rulesets will be called by the check_rcpt
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater ruleset; they will be skipped under certain circumstances.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews See "Delay all checks" in the anti-spam configuration control
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater section. Note: this feature is incompatible to the versions
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater in 8.10 and 8.11.
55f7099aade5630f3b10b5f007536c60e80cced2Automatic Updateruse_client_ptr If this feature is enabled then check_relay will override
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater its first argument with $&{client_ptr}. This is useful for
cd839f5cf5f84cf163f55ff05cb88ce37efd24d1Automatic Updater rejections based on the unverified hostname of client,
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater which turns on the same behavior as in earlier sendmail
cd839f5cf5f84cf163f55ff05cb88ce37efd24d1Automatic Updater versions when delay_checks was not in use. See doc/op/op.*
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User about check_relay, {client_name}, and {client_ptr}.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userdnsbl Turns on rejection, discarding, or quarantining of hosts
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User found in a DNS based list. The first argument is used as
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the domain in which blocked hosts are listed. A second
fd8fb4df8499e292daeac765f599ac7c507d9ca3Mark Andrews argument can be used to change the default error message,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User or select one of the operations `discard' and 'quarantine'.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Without that second argument, the error message will be
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater Rejected: IP-ADDRESS listed at SERVER
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater where IP-ADDRESS and SERVER are replaced by the appropriate
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater information. By default, temporary lookup failures are
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater ignored. This behavior can be changed by specifying a
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater third argument, which must be either `t' or a full error
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User message. See the anti-spam configuration control section for
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater an example. The dnsbl feature can be included several times
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater to query different DNS based rejection lists. See also
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater enhdnsbl for an enhanced version.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Set the DNSBL_MAP mc option to change the default map
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User definition from `host'. Set the DNSBL_MAP_OPT mc option
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User to add additional options to the map specification used.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Some DNS based rejection lists cause failures if asked
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater for AAAA records. If your sendmail version is compiled
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater with IPv6 support (NETINET6) and you experience this
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User define(`DNSBL_MAP', `dns -R A')
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User before the first use of this feature. Alternatively you
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater can use enhdnsbl instead (see below). Moreover, this
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater statement can be used to reduce the number of DNS retries,
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater define(`DNSBL_MAP', `dns -R A -r2')
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater See below (EDNSBL_TO) for an explanation.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterenhdnsbl Enhanced version of dnsbl (see above). Further arguments
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater (up to 5) can be used to specify specific return values
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater from lookups. Temporary lookup failures are ignored unless
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User a third argument is given, which must be either `t' or a full
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater error message. By default, any successful lookup will
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater generate an error. Otherwise the result of the lookup is
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User compared with the supplied argument(s), and only if a match
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User occurs an error is generated. For example,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater will reject the e-mail if the lookup returns the value
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater ``127.0.0.2.'', or generate a 451 response if the lookup
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater temporarily failed. The arguments can contain metasymbols
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater as they are allowed in the LHS of rules. As the example
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater shows, the default values are also used if an empty argument,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater i.e., `', is specified. This feature requires that sendmail
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater has been compiled with the flag DNSMAP (see sendmail/README).
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Set the EDNSBL_TO mc option to change the DNS retry count
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User from the default value of 5, this can be very useful when
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User a DNS server is not responding, which in turn may cause
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User clients to time out (an entry stating
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater will be logged).
4d813066e967a36c407ee641155ada0c614d4dc6Automatic Updaterratecontrol Enable simple ruleset to do connection rate control
a6e1f63f50af688610ebd2521ba7f028767b51f3Mark Andrews checking. This requires entries in access_db of the form
4d813066e967a36c407ee641155ada0c614d4dc6Automatic Updater ClientRate:IP.ADD.RE.SS LIMIT
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater The RHS specifies the maximum number of connections
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater (an integer number) over the time interval defined
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater by ConnectionRateWindowSize, where 0 means unlimited.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater Take the following example:
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater ClientRate:10.1.2.3 4
4d813066e967a36c407ee641155ada0c614d4dc6Automatic Updater ClientRate:127.0.0.1 0
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater ClientRate: 10
dbd021853bb1cd6ab128e8da8865f5965030aedcTinderbox User 10.1.2.3 can only make up to 4 connections, the
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater general limit it 10, and 127.0.0.1 can make an unlimited
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater number of connections per ConnectionRateWindowSize.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User See also CONNECTION CONTROL.
4d813066e967a36c407ee641155ada0c614d4dc6Automatic Updaterconncontrol Enable a simple check of the number of incoming SMTP
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User connections. This requires entries in access_db of the
e03c5c8cd901d3a4b389a5393ebbe9cb55252ed7Tinderbox User ClientConn:IP.ADD.RE.SS LIMIT
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User The RHS specifies the maximum number of open connections
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User (an integer number).
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater Take the following example:
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater ClientConn:10.1.2.3 4
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver ClientConn:127.0.0.1 0
bde1625cbc0256920625797a2cd4f05312f02ffaMark Andrews ClientConn: 10
ed52536a1722606f22332ba4f92cbb74c3b256d9Tinderbox User 10.1.2.3 can only have up to 4 open connections, the
ed52536a1722606f22332ba4f92cbb74c3b256d9Tinderbox User general limit it 10, and 127.0.0.1 does not have any
b86a75e3ade957c80316e03e148a6969fc3179b9Automatic Updater explicit limit.
bde1625cbc0256920625797a2cd4f05312f02ffaMark Andrews See also CONNECTION CONTROL.
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryvermtamark Experimental support for "Marking Mail Transfer Agents in
ed52536a1722606f22332ba4f92cbb74c3b256d9Tinderbox User Reverse DNS with TXT RRs" (MTAMark), see
ed52536a1722606f22332ba4f92cbb74c3b256d9Tinderbox User draft-stumpf-dns-mtamark-01. Optional arguments are:
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver 1. Error message, default:
ed52536a1722606f22332ba4f92cbb74c3b256d9Tinderbox User 550 Rejected: $&{client_addr} not listed as MTA
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater 2. Temporary lookup failures are ignored unless a second
ed52536a1722606f22332ba4f92cbb74c3b256d9Tinderbox User argument is given, which must be either `t' or a full
5645e0c82a55b05abb975bd91b9566823dc5efb0Evan Hunt error message.
ed52536a1722606f22332ba4f92cbb74c3b256d9Tinderbox User 3. Lookup prefix, default: _perm._smtp._srv. This should
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater not be changed unless the draft changes it.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews FEATURE(`mtamark', `', `t')
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrewslookupdotdomain Look up also .domain in the access map. This allows to
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews match only subdomains. It does not work well with
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews FEATURE(`relay_hosts_only'), because most lookups for
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews subdomains are suppressed by the latter feature.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrewsloose_relay_check
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews Normally, if % addressing is used for a recipient, e.g.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews user%site@othersite, and othersite is in class {R}, the
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews check_rcpt ruleset will strip @othersite and recheck
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews user@site for relaying. This feature changes that
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews behavior. It should not be needed for most installations.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrewspreserve_luser_host
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews Preserve the name of the recipient host if LUSER_RELAY is
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews used. Without this option, the domain part of the
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews recipient address will be replaced by the host specified as
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews LUSER_RELAY. This feature only works if the hostname is
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews passed to the mailer (see mailer triple in op.me). Note
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews that in the default configuration the local mailer does not
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews receive the hostname, i.e., the mailer triple has an empty
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updaterpreserve_local_plus_detail
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Preserve the +detail portion of the address when passing
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater address to local delivery agent. Disables alias and
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updater .forward +detail stripping (e.g., given user+detail, only
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews that address will be looked up in the alias file; user+* and
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews user will not be looked up). Only use if the local
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews delivery agent in use supports +detail addressing.
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrewscompat_check Enable ruleset check_compat to look up pairs of addresses
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews with the Compat: tag -- Compat:sender<@>recipient -- in the
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews access map. Valid values for the RHS include
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews DISCARD silently discard recipient
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews TEMP: return a temporary error
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews ERROR: return a permanent error
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews In the last two cases, a 4xy/5xy SMTP reply code should
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews follow the colon.
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrewsno_default_msa Don't generate the default MSA daemon, i.e.,
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews To define a MSA daemon with other parameters, use this
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews FEATURE and introduce new settings via DAEMON_OPTIONS().
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrewsmsp Defines config file for Message Submission Program.
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews to use it. An optional argument can be used to override
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews the default of `[localhost]' to use as host to send all
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews e-mails to. Note that MX records will be used if the
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews specified hostname is not in square brackets (e.g.,
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews [hostname]). If `MSA' is specified as second argument then
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User port 587 is used to contact the server. Example:
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User FEATURE(`msp', `', `MSA')
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater Some more hints about possible changes can be found below
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User in the section MESSAGE SUBMISSION PROGRAM.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Note: Due to many problems, submit.mc uses
4d813066e967a36c407ee641155ada0c614d4dc6Automatic Updater FEATURE(`msp', `[127.0.0.1]')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater by default. If you have a machine with IPv6 only,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User FEATURE(`msp', `[IPv6:::1]')
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User If you want to continue using '[localhost]', (the behavior
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User up to 8.12.6), use
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater FEATURE(`msp')
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updaterqueuegroup A simple example how to select a queue group based
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater on the full e-mail address or the domain of the
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater recipient. Selection is done via entries in the
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater access map using the tag QGRP:, for example:
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater QGRP:friend@some.org others
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater where "main", "others", and "local" are names of
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater queue groups. If an argument is specified, it is used
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater as default queue group.
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater Note: please read the warning in doc/op/op.me about
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater queue groups and possible queue manipulations.
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updatergreet_pause Adds the greet_pause ruleset which enables open proxy
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater and SMTP slamming protection. The feature can take an
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater argument specifying the milliseconds to wait:
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User FEATURE(`greet_pause', `5000') dnl 5 seconds
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater If FEATURE(`access_db') is enabled, an access database
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater lookup with the GreetPause tag is done using client
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater hostname, domain, IP address, or subnet to determine the
29b33908adf234dbe677e2c0e152e74e2b1be13dTinderbox User GreetPause:example.com 5000
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User GreetPause:10.1.2 2000
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User GreetPause:127.0.0.1 0
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User When using FEATURE(`access_db'), the optional
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User FEATURE(`greet_pause') argument becomes the default if
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User nothing is found in the access database. A ruleset called
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User Local_greet_pause can be used for local modifications, e.g.,
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User LOCAL_RULESETS
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User SLocal_greet_pause
059cd1994d4ac5c1b967ce777d2c7409dc829a42Tinderbox User R$* $: $&{daemon_flags}
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User R$* a $* $# 0
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userblock_bad_helo Reject messages from SMTP clients which provide a HELO/EHLO
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User argument which is either unqualified, or is one of our own
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater names (i.e., the server name instead of the client name).
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updaterrequire_rdns Reject mail from connecting SMTP clients without proper
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater rDNS (reverse DNS), functional gethostbyaddr() resolution.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User The basic policy is to reject message with a 5xx error if
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the IP address fails to resolve. However, if this is a
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User temporary failure, a 4xx temporary failure is returned.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User If the look-up succeeds, but returns an apparently forged
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington value, this is treated as a temporary failure with a 4xx
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Exceptions based on access entries are discussed below.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Any IP address matched using $=R (the "relay-domains" file)
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater is excepted from the rules. Since we have explicitly
13deeb1d12876eddcd6d468b170da710c00b4041Tinderbox User allowed relaying for this host, based on IP address, we
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User ignore the rDNS failure.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User The philosophical assumption here is that most users do
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User not control their rDNS. They should be able to send mail
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater through their ISP, whether or not they have valid rDNS.
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater The class $=R, roughly speaking, contains those IP addresses
94d0b4bd411a66a2c5a7ebc8722579a59cf9640bAutomatic Updater and address ranges for which we are the ISP, or are acting
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User as if the ISP.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User If `delay_checks' is in effect (recommended), then any
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User sender who has authenticated is also excepted from the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User restrictions. This happens because the rules produced by
ec7751119a08c6a7250f3187beed69a8b836d349Tinderbox User this FEATURE() will not be applied to authenticated senders
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (assuming `delay_checks').
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User ACCESS MAP ENTRIES:
ace530234c82bbfcd03bbfd4ba6c6a04293d497fMark Andrews Entries such as
879391501ee0ffba072433120bf1baa4087f8899Automatic Updater Connect:1.2.3.4 OK
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater Connect:1.2 RELAY
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater will whitelist IP address 1.2.3.4, so that the rDNS
8f536463f9fdfa7da6a8310e4f4895373beb2961Mark Andrews blocking does apply to that IP address
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater Entries such as
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Connect:1.2.3.4 REJECT
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User will have the effect of forcing a temporary failure for
ace530234c82bbfcd03bbfd4ba6c6a04293d497fMark Andrews that address to be treated as a permanent failure.
dcd42a39d311b44877161ffd1e27fa62700c0171Mark Andrewsbadmx Reject envelope sender addresses (MAIL) whose domain part
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater resolves to a "bad" MX record. By default these are
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater MX records which resolve to A records that match the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater regular expression:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ^(127\.|10\.|0\.0\.0\.0)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This default regular expression can be overridden by
3f68e9c0e5a6ce475d15eef04bfed9b08a22afa9Tinderbox User specifying an argument, e.g.,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater FEATURE(`badmx', `^127\.0\.0\.1')
3f68e9c0e5a6ce475d15eef04bfed9b08a22afa9Tinderbox User Note: this feature requires that the sendmail binary
3f68e9c0e5a6ce475d15eef04bfed9b08a22afa9Tinderbox User has been compiled with the options MAP_REGEX and
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User+--------------------+
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User| USING UUCP MAILERS |
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington+--------------------+
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIt's hard to get UUCP mailers right because of the extremely ad hoc
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonnature of UUCP addressing. These config files are really designed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterfor domain-based addressing, even for UUCP sites.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic UpdaterThere are four UUCP mailers available. The choice of which one to
63654fea53d6a58a65112234bc8d0c322e0c81b5Automatic Updateruse is partly a matter of local preferences and what is running at
63654fea53d6a58a65112234bc8d0c322e0c81b5Automatic Updaterthe other end of your UUCP connection. Unlike good protocols that
27aa770222192dda4ba4ff4b76defd4b8c846226Automatic Updaterdefine what will go over the wire, UUCP uses the policy that you
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Usershould do what is right for the other end; if they change, you have
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userto change. This makes it hard to do the right thing, and discourages
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userpeople from updating their software. In general, if you can avoid
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterUUCP, please do.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterThe major choice is whether to go for a domainized scheme or a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaternon-domainized scheme. This depends entirely on what the other
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterend will recognize. If at all possible, you should encourage the
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updaterother end to go to a domain-based system -- non-domainized addresses
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updaterdon't work entirely properly.
b871c7156eb037d41f53828c6fcb9cc876128962Mark AndrewsThe four mailers are:
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews uucp-old (obsolete name: "uucp")
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews This is the oldest, the worst (but the closest to UUCP) way of
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews sending messages across UUCP connections. It does bangify
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews everything and prepends $U (your UUCP name) to the sender's
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User address (which can already be a bang path itself). It can
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater only send to one address at a time, so it spends a lot of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater time copying duplicates of messages. Avoid this if at all
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater uucp-new (obsolete name: "suucp")
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The same as above, except that it assumes that in one rmail
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater command you can specify several recipients. It still has a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lot of other problems.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This UUCP mailer keeps everything as domain addresses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Basically, it uses the SMTP mailer rewriting rules. This mailer
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User is only included if MAILER(`smtp') is specified before
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User MAILER(`uucp').
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater Unfortunately, a lot of UUCP mailer transport agents require
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater bangified addresses in the envelope, although you can use
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater domain-based addresses in the message header. (The envelope
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater shows up as the From_ line on UNIX mail.) So....
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User This is a cross between uucp-new (for the envelope addresses)
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User and uucp-dom (for the header addresses). It bangifies the
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater envelope sender (From_ line in messages) without adding the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater local hostname, unless there is no host name on the address
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater at all (e.g., "wolf") or the host component is a UUCP host name
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater instead of a domain name ("somehost!wolf" instead of
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater "some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
183b6c7fca54001820078f324d102fc33e64bbc6Automatic Updater is also specified earlier.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserOn host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updatersummarizes the sender rewriting for various mailers.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterMailer sender rewriting in the envelope
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater------ ------ -------------------------
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateruucp-{old,new} wolf grasp!wolf
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateruucp-dom wolf wolf@grasp.insa-lyon.fr
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updateruucp-uudom wolf grasp.insa-lyon.fr!wolf
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useruucp-{old,new} wolf@fr.net grasp!fr.net!wolf
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useruucp-dom wolf@fr.net wolf@fr.net
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useruucp-uudom wolf@fr.net fr.net!wolf
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateruucp-{old,new} somehost!wolf grasp!somehost!wolf
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updateruucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateruucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterIf you are using one of the domainized UUCP mailers, you really want
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updaterto convert all UUCP addresses to domain format -- otherwise, it will
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updaterdo it for you (and probably not the way you expected). For example,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterif you have the address foo!bar!baz (and you are not sending to foo),
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updaterthe heuristics will add the @uucp.relay.name or @local.host.name to
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updaterthis address. However, if you map foo to foo.host.name first, it
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userwill not add the local hostname. You can do this using the uucpdomain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater+-------------------+
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User| TWEAKING RULESETS |
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater+-------------------+
17198e77b87667f796e910d31a4f47a80e256d09Mark AndrewsFor more complex configurations, you can define special rules.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserThe macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updaterthe names. Any modifications made here are reflected in the header.
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic UpdaterA common use is to convert old UUCP addresses to SMTP addresses using
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userthe UUCPSMTP macro. For example:
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User UUCPSMTP(`decvax', `decvax.dec.com')
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User UUCPSMTP(`research', `research.att.com')
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updaterwill cause addresses of the form "decvax!user" and "research!user"
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updaterto be converted to "user@decvax.dec.com" and "user@research.att.com"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserThis could also be used to look up hosts in a database map:
de73ef7ecdb9e009155993a6fa8dee5cd1bde319Mark Andrews R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic UpdaterThis map would be defined in the LOCAL_CONFIG portion, as shown below.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserSimilarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserFor example, new rules are needed to parse hostnames that you accept
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Uservia MX records. For example, you might have:
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserYou would use this if you had installed an MX record for cnmat.Berkeley.EDU
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userpointing at this host; this rule catches the message and forwards it on
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserYou can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserThese rulesets are normally empty.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserA similar macro is LOCAL_CONFIG. This introduces lines added after the
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updaterboilerplate option setting but before rulesets. Do not declare rulesets in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterthe LOCAL_CONFIG section. It can be used to declare local database maps or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonwhatever. For example:
febbdb34a7f7759922e239655e7429d78d3a8d26Tinderbox User Kyplocal nis -m hosts.byname
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews+---------------------------+
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater| MASQUERADING AND RELAYING |
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater+---------------------------+
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsYou can have your host masquerade as another using
6fab60452ed15c1039aee974a32d692d07eda4d2Automatic Updater MASQUERADE_AS(`host.domain')
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsThis causes mail being sent to be labeled as coming from the
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updaterindicated host.domain, rather than $j. One normally masquerades as
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updaterone of one's own subdomains (for example, it's unlikely that
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsBerkeley would choose to masquerade as an MIT site). This
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrewsbehaviour is modified by a plethora of FEATUREs; in particular, see
71ba75c604df3604673232828a68bb28c420e698Mark Andrewsmasquerade_envelope, allmasquerade, limited_masquerade, and
71ba75c604df3604673232828a68bb28c420e698Mark Andrewsmasquerade_entire_domain.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsThe masquerade name is not normally canonified, so it is important
dfd613f037c1385db661f17e086d34ea57fea9b0Automatic Updaterthat it be your One True Name, that is, fully qualified and not a
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic UpdaterCNAME. However, if you use a CNAME, the receiving side may canonify
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrewsit for you, so don't think you can cheat CNAME mapping this way.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic UpdaterNormally the only addresses that are masqueraded are those that come
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updaterfrom this host (that is, are either unqualified or in class {w}, the list
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updaterof local domain names). You can augment this list, which is realized
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updaterby class {M} using
56334ccb2d4b5a04fc12b70b5852049db5d24088Evan Hunt MASQUERADE_DOMAIN(`otherhost.domain')
56334ccb2d4b5a04fc12b70b5852049db5d24088Evan HuntThe effect of this is that although mail to user@otherhost.domain
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updaterwill not be delivered locally, any mail including any user@otherhost.domain
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updaterwill, when relayed, be rewritten to have the MASQUERADE_AS address.
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic UpdaterThis can be a space-separated list of names.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic UpdaterIf these names are in a file, you can use
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater MASQUERADE_DOMAIN_FILE(`filename')
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updaterto read the list of names from the indicated file (i.e., to add
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updaterelements to class {M}).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterTo exempt hosts or subdomains from being masqueraded, you can use
3a9593055ead76cbbb417aee2d2e656c2c92cf46Automatic Updater MASQUERADE_EXCEPTION(`host.domain')
3a9593055ead76cbbb417aee2d2e656c2c92cf46Automatic UpdaterThis can come handy if you want to masquerade a whole domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterexcept for one (or a few) host(s). If these names are in a file,
a8a1d4629ed697be4b0c0bb96b3c59d494450eedAutomatic Updater MASQUERADE_EXCEPTION_FILE(`filename')
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonNormally only header addresses are masqueraded. If you want to
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafssonmasquerade the envelope as well, use
3a9593055ead76cbbb417aee2d2e656c2c92cf46Automatic Updater FEATURE(`masquerade_envelope')
59528addd704f8d5757b54e540520f74e588a7c7Automatic UpdaterThere are always users that need to be "exposed" -- that is, their
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updaterinternal site name should be displayed instead of the masquerade name.
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic UpdaterRoot is an example (which has been "exposed" by default prior to 8.10).
ac4e70ff8955669341f435bc0a734a17c01af124Mark AndrewsYou can add users to this list using
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updater EXPOSED_USER(`usernames')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterThis adds users to class {E}; you could also use
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User EXPOSED_USER_FILE(`filename')
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserYou can also arrange to relay all unqualified names (that is, names
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userwithout @host) to a relay host. For example, if you have a central
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useremail server, you might relay to that host so that users don't have
467a823e57af687ebd486dfd73ea32f9d2a145beTinderbox Userto have .forward files or aliases. You can do this using
7d704e522860496310bb29c28e76064868401a9cMark Andrews define(`LOCAL_RELAY', `mailer:hostname')
8711e5c73ca872d59810760af0332194cbdd619bAutomatic UpdaterThe ``mailer:'' can be omitted, in which case the mailer defaults to
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User"relay". There are some user names that you don't want relayed, perhaps
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updaterbecause of local aliases. A common example is root, which may be
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updaterlocally aliased. You can add entries to this list using
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater LOCAL_USER(`usernames')
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox UserThis adds users to class {L}; you could also use
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater LOCAL_USER_FILE(`filename')
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic UpdaterIf you want all incoming mail sent to a centralized hub, as for a
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrewsshared /var/spool/mail scheme, use
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater define(`MAIL_HUB', `mailer:hostname')
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark AndrewsAgain, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrewsand MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrewsbe sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark AndrewsNote: there is a (long standing) bug which keeps this combination from
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrewsworking for addresses of the form user+detail.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark AndrewsNames in class {L} will be delivered locally, so you MUST have aliases or
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews.forward files for them.
409ba95e573b40cf36acf97dd62ee7e9c7775851Tinderbox UserFor example, if you are on machine mastodon.CS.Berkeley.EDU and you have
f7a71eef29bcbf892270460269c79664f600cffdAutomatic UpdaterFEATURE(`stickyhost'), the following combinations of settings will have the
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updaterindicated effects:
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updateremail sent to.... eric eric@mastodon.CS.Berkeley.EDU
8711e5c73ca872d59810760af0332194cbdd619bAutomatic UpdaterLOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally)
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updatermail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
8711e5c73ca872d59810760af0332194cbdd619bAutomatic UpdaterMAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updatermammoth.CS.Berkeley.EDU (aliasing done) (aliasing done)
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsBoth LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsMAIL_HUB set as above (no local aliasing) (aliasing done)
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsIf you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsMAIL_HUB act identically, with MAIL_HUB taking precedence.
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsIf you want all outgoing mail to go to a central relay site, define
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsSMART_HOST as well. Briefly:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews LOCAL_RELAY applies to unqualified names (e.g., "eric").
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews MAIL_HUB applies to names qualified with the name of the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews SMART_HOST applies to names qualified with other hosts or
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews or "eric@[127.0.0.1]").
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsHowever, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsDECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsreally want absolutely everything to go to a single central site you will
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsneed to unset all the other relays -- or better yet, find or build a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsminimal config file that does this.
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsFor duplicate suppression to work properly, the host name is best
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsspecified with a terminal dot:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews define(`MAIL_HUB', `host.domain.')
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews note the trailing dot ---^
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews+-------------------------------------------+
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews+-------------------------------------------+
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsLDAP can be used for aliases, maps, and classes by either specifying your
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsown LDAP map specification or using the built-in default LDAP map
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsspecification. The built-in default specifications all provide lookups
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewswhich match against either the machine's fully qualified hostname (${j}) or
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsa "cluster". The cluster allows you to share LDAP entries among a large
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsnumber of machines without having to enter each of the machine names into
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewseach LDAP entry. To set the LDAP cluster name to use for a particular
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsmachine or set of machines, set the confLDAP_CLUSTER m4 variable to a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsunique name. For example:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews define(`confLDAP_CLUSTER', `Servers')
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsHere, the word `Servers' will be the cluster name. As an example, assume
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsthat smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsto the Servers cluster.
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsSome of the LDAP LDIF examples below show use of the Servers cluster.
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsEvery entry must have either a sendmailMTAHost or sendmailMTACluster
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsattribute or it will be ignored. Be careful as mixing clusters and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsindividual host records can have surprising results (see the CAUTION
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewssections below).
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsSee the file cf/sendmail.schema for the actual LDAP schemas. Note that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsthis schema (and therefore the lookups and examples below) is experimental
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsat this point as it has had little public review. Therefore, it may change
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsin future versions. Feedback via sendmail-YYYY@support.sendmail.org is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsencouraged (replace YYYY with the current year, e.g., 2005).
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsThe ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewslookups. To use the default schema, simply use:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews define(`ALIAS_FILE', `ldap:')
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsBy doing so, you will use the default schema which expands to a map
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsdeclared as follows:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ldap -k (&(objectClass=sendmailMTAAliasObject)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (sendmailMTAAliasGrouping=aliases)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (|(sendmailMTACluster=${sendmailMTACluster})
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (sendmailMTAHost=$j))
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (sendmailMTAKey=%0))
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsNOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsused when the binary expands the `ldap:' token as the AliasFile option is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsnot actually macro-expanded when read from the sendmail.cf file.
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsExample LDAP LDIF entries might be:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTA
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTAAlias
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTAAliasObject
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasGrouping: aliases
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAHost: etrn.sendmail.org
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAKey: sendmail-list
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasValue: ca@example.org
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasValue: eric
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasValue: gshapiro@example.com
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTA
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTAAlias
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTAAliasObject
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasGrouping: aliases
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAHost: etrn.sendmail.org
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAKey: owner-sendmail-list
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasValue: eric
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTA
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTAAlias
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTAAliasObject
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasGrouping: aliases
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTACluster: Servers
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAKey: postmaster
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasValue: eric
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsHere, the aliases sendmail-list and owner-sendmail-list will be available
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsonly on etrn.sendmail.org but the postmaster alias will be available on
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsevery machine in the Servers cluster (including etrn.sendmail.org).
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCAUTION: aliases are additive so that entries like these:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews dn: sendmailMTAKey=bob, dc=sendmail, dc=org
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTA
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTAAlias
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTAAliasObject
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasGrouping: aliases
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTACluster: Servers
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAKey: bob
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasValue: eric
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTA
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTAAlias
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews objectClass: sendmailMTAAliasObject
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasGrouping: aliases
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAHost: etrn.sendmail.org
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAKey: bob
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sendmailMTAAliasValue: gshapiro
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewswould mean that on all of the hosts in the cluster, mail to bob would go to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewseric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsIf you prefer not to use the default LDAP schema for your aliases, you can
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updaterspecify the map parameters when setting ALIAS_FILE. For example:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsFEATURE()'s which take an optional map definition argument (e.g., access,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsmailertable, virtusertable, etc.) can instead take the special keyword
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews FEATURE(`access_db', `LDAP')
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews FEATURE(`virtusertable', `LDAP')
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsWhen this keyword is given, that map will use LDAP lookups consisting of
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsthe objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewswith the map name, a search attribute of sendmailMTAKey, and the value
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsattribute sendmailMTAMapValue.
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsThe values for sendmailMTAMapName are:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews FEATURE() sendmailMTAMapName
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews --------- ------------------
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews access_db access
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews authinfo authinfo
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews bitdomain bitdomain
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews domaintable domain
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews genericstable generics
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews mailertable mailer
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews uucpdomain uucpdomain
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews virtusertable virtuser
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsFor example, FEATURE(`mailertable', `LDAP') would use the map definition:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (sendmailMTAMapName=mailer)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (|(sendmailMTACluster=${sendmailMTACluster})
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (sendmailMTAHost=$j))
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (sendmailMTAKey=%0))
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsAn example LDAP LDIF entry using this map might be:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington objectClass: sendmailMTA
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User objectClass: sendmailMTAMap
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User sendmailMTACluster: Servers
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews sendmailMTAMapName: mailer
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews objectClass: sendmailMTA
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews objectClass: sendmailMTAMap
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews objectClass: sendmailMTAMapObject
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews sendmailMTAMapName: mailer
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews sendmailMTACluster: Servers
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews sendmailMTAKey: example.com
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews sendmailMTAMapValue: relay:[smtp.example.com]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark AndrewsCAUTION: If your LDAP database contains the record above and *ALSO* a host
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrewsspecific record such as:
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews objectClass: sendmailMTA
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews objectClass: sendmailMTAMap
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews objectClass: sendmailMTAMapObject
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews sendmailMTAMapName: mailer
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews sendmailMTAHost: etrn.sendmail.org
35bc7055d1b9b816e68a4180d46a49963e45c233Automatic Updater sendmailMTAKey: example.com
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews sendmailMTAMapValue: relay:[mx.example.com]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrewsthen these entries will give unexpected results. When the lookup is done
78cb74fab4665da2e2641ba909c6f59f74cc4193Automatic Updateron etrn.sendmail.org, the effect is that there is *NO* match at all as maps
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updaterrequire a single match. Since the host etrn.sendmail.org is also in the
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic UpdaterServers cluster, LDAP would return two answers for the example.com map key
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updaterin which case sendmail would treat this as no match at all.
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic UpdaterIf you prefer not to use the default LDAP schema for your maps, you can
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updaterspecify the map parameters when using the FEATURE(). For example:
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic UpdaterNormally, classes can be filled via files or programs. As of 8.12, they
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updatercan also be filled via map lookups using a new syntax:
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews F{ClassName}mapkey@mapclass:mapspec
309b912841e8b97bf0b0df0d96c3eaf16990c080Automatic Updatermapkey is optional and if not provided the map key will be empty. This can
66d24a46538c7c2d29fdb5611ab1173e83685b1dTinderbox Userbe used with LDAP to read classes from LDAP. Note that the lookup is only
66d24a46538c7c2d29fdb5611ab1173e83685b1dTinderbox Userdone when sendmail is initially started. Use the special value `@LDAP' to
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafssonuse the default LDAP schema. For example:
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews RELAY_DOMAIN_FILE(`@LDAP')
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrewswould put all of the attribute sendmailMTAClassValue values of LDAP records
66d24a46538c7c2d29fdb5611ab1173e83685b1dTinderbox Userwith objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
94df856897945fe58f130ba78765c57308bc5400Automatic Updater'R' into class $={R}. In other words, it is equivalent to the LDAP map
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrewsspecification:
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater (sendmailMTAClassName=R)
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater (|(sendmailMTACluster=${sendmailMTACluster})
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (sendmailMTAHost=$j)))
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark AndrewsNOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updaterused when the binary expands the `@LDAP' token as class declarations are
da93950363b307b718d156514b95b9df93a63776Mark Andrewsnot actually macro-expanded when read from the sendmail.cf file.
35bc7055d1b9b816e68a4180d46a49963e45c233Automatic UpdaterThis can be used with class related commands such as RELAY_DOMAIN_FILE(),
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic UpdaterMASQUERADE_DOMAIN_FILE(), etc:
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Command sendmailMTAClassName
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater ------- --------------------
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater CANONIFY_DOMAIN_FILE() Canonify
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater EXPOSED_USER_FILE() E
e23256e740b238bddb4ba41ffac5f81a01c92245Automatic Updater GENERICS_DOMAIN_FILE() G
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User LDAPROUTE_DOMAIN_FILE() LDAPRoute
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater LOCAL_USER_FILE() L
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater MASQUERADE_DOMAIN_FILE() M
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater MASQUERADE_EXCEPTION_FILE() N
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater RELAY_DOMAIN_FILE() R
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater VIRTUSER_DOMAIN_FILE() VirtHost
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterYou can also add your own as any 'F'ile class of the form:
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater F{ClassName}@LDAP
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterwill use "ClassName" for the sendmailMTAClassName.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterAn example LDAP LDIF entry would look like:
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater dn: sendmailMTAClassName=R, dc=sendmail, dc=org
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater objectClass: sendmailMTA
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater objectClass: sendmailMTAClass
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater sendmailMTACluster: Servers
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater sendmailMTAClassName: R
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater sendmailMTAClassValue: sendmail.org
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater sendmailMTAClassValue: example.com
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater sendmailMTAClassValue: 10.56.23
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterCAUTION: If your LDAP database contains the record above and *ALSO* a host
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterspecific record such as:
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater objectClass: sendmailMTA
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater objectClass: sendmailMTAClass
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater sendmailMTAClassName: R
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater sendmailMTAClassValue: example.com
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterthe result will be similar to the aliases caution above. When the lookup
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updateris done on etrn.sendmail.org, $={R} would contain all of the entries (from
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterboth the cluster match and the host match). In other words, the effective
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterIf you prefer not to use the default LDAP schema for your classes, you can
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterspecify the map parameters when using the class command. For example:
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterRemember, macros can not be used in a class declaration as the binary does
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaternot expand them.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater+--------------+
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater| LDAP ROUTING |
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater+--------------+
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterFEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterLDAP Schema for Intranet Mail Routing
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater(draft-lachman-laser-ldap-mail-routing-01). This feature enables
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterLDAP-based rerouting of a particular address to either a different host
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updateror a different address. The LDAP lookup is first attempted on the full
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updateraddress (e.g., user@example.com) and then on the domain portion
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater(e.g., @example.com). Be sure to setup your domain for LDAP routing using
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterLDAPROUTE_DOMAIN(), e.g.:
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater LDAPROUTE_DOMAIN(`example.com')
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterAdditionally, you can specify equivalent domains for LDAP routing using
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic UpdaterLDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent'
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updaterhostnames are mapped to $M (the masqueraded hostname for the server) before
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterthe LDAP query. For example, if the mail is addressed to
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updateruser@host1.example.com, normally the LDAP lookup would only be done for
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater'user@host1.example.com' and '@host1.example.com'. However, if
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterLDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterdone on 'user@example.com' and '@example.com' after attempting the
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterBy default, the feature will use the schemas as specified in the draft
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterand will not reject addresses not found by the LDAP lookup. However,
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterthis behavior can be changed by giving additional arguments to the FEATURE()
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater <detail>, <nodomain>, <tempfail>)
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterwhere <mailHost> is a map definition describing how to lookup an alternative
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updatermail host for a particular address; <mailRoutingAddress> is a map definition
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterdescribing how to lookup an alternative address for a particular address;
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterthe <bounce> argument, if present and not the word "passthru", dictates
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterthat mail should be bounced if neither a mailHost nor mailRoutingAddress
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updateris found, if set to "sendertoo", the sender will be rejected if not
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updaterfound in LDAP; and <detail> indicates what actions to take if the address
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updatercontains +detail information -- `strip' tries the lookup with the +detail
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updaterand if no matches are found, strips the +detail and tries the lookup again;
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater`preserve', does the same as `strip' but if a mailRoutingAddress match is
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterfound, the +detail information is copied to the new address; the <nodomain>
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updaterargument, if present, will prevent the @domain lookup if the full
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updateraddress is not found in LDAP; the <tempfail> argument, if set to
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater"tempfail", instructs the rules to give an SMTP 4XX temporary
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updatererror if the LDAP server gives the MTA a temporary failure, or if set to
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater"queue" (the default), the MTA will locally queue the mail.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterThe default <mailHost> map definition is:
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater (mailLocalAddress=%0))
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic UpdaterThe default <mailRoutingAddress> map definition is:
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater ldap -1 -T<TMPF> -v mailRoutingAddress
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater -k (&(objectClass=inetLocalMailRecipient)
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User (mailLocalAddress=%0))
c6a0f4ae1d7183a16ffb196b86b647f870694796Automatic UpdaterNote that neither includes the LDAP server hostname (-h server) or base DN
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updateryour .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updaterthese settings. If this is not the case, the map definitions should be
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updaterchanged as described above. The "-T<TMPF>" is required in any user
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updaterspecified map definition to catch temporary errors.
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic UpdaterThe following possibilities exist as a result of an LDAP lookup on an
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater mailHost is mailRoutingAddress is Results in
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater ----------- --------------------- ----------
09091b4f0f69cca36f74a291fa3eb496686aeb1eAutomatic Updater set to a set mail delivered to
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User "local" host mailRoutingAddress
4ea3649f028ea6a1e42377082a7ccf8f789fb950Automatic Updater set to a not set delivered to
644973f327e9db74779e7c0426db90909173b284Automatic Updater "local" host original address
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User set to a set mailRoutingAddress
418cc932318b1d67f88a36904d88d8a5a0a2ba09Automatic Updater remote host relayed to mailHost
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater set to a not set original address
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater remote host relayed to mailHost
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater not set set mail delivered to
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater mailRoutingAddress
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater not set not set delivered to
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater original address *OR*
7e10208057d60f5b4a49178b5f036afd4a526e2bMark Andrews bounced as unknown user
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic UpdaterThe term "local" host above means the host specified is in class {w}. If
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updaterthe result would mean sending the mail to a different host, that host is
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updaterlooked up in the mailertable before delivery.
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic UpdaterNote that the last case depends on whether the third argument is given
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updaterto the FEATURE() command. The default is to deliver the message to the
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updateroriginal address.
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic UpdaterThe LDAP entries should be set up with an objectClass of
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic UpdaterinetLocalMailRecipient and the address be listed in a mailLocalAddress
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updaterattribute. If present, there must be only one mailHost attribute and it
418cc932318b1d67f88a36904d88d8a5a0a2ba09Automatic Updatermust contain a fully qualified host name as its value. Similarly, if
dc11390a658e02e1a03accd4dbe14c94fa9de556Automatic Updaterpresent, there must be only one mailRoutingAddress attribute and it must
068a66979695c77359e7a9181bb3f831c965b21cMark Andrewscontain an RFC 822 compliant address. Some example LDAP records (in LDIF
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews dn: uid=tom, o=example.com, c=US
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews objectClass: inetLocalMailRecipient
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews mailLocalAddress: tom@example.com
90863a6f9bfb06062c7fdf269bb675e7b674fc31Mark Andrews mailRoutingAddress: thomas@mailhost.example.com
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsThis would deliver mail for tom@example.com to thomas@mailhost.example.com.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews dn: uid=dick, o=example.com, c=US
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews objectClass: inetLocalMailRecipient
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews mailLocalAddress: dick@example.com
b871c7156eb037d41f53828c6fcb9cc876128962Mark AndrewsThis would relay mail for dick@example.com to the same address but redirect
068a66979695c77359e7a9181bb3f831c965b21cMark Andrewsthe mail to MX records listed for the host eng.example.com (unless the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrewsmailertable overrides).
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews dn: uid=harry, o=example.com, c=US
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews objectClass: inetLocalMailRecipient
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater mailLocalAddress: harry@example.com
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews mailRoutingAddress: harry@mkt.example.com
68e1b398b5b1b417723e90b5e52b9148f8f93294Automatic UpdaterThis would relay mail for harry@example.com to the MX records listed for
068a66979695c77359e7a9181bb3f831c965b21cMark Andrewsthe host mktmail.example.com using the new address harry@mkt.example.com
068a66979695c77359e7a9181bb3f831c965b21cMark Andrewswhen talking to that host.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User dn: uid=virtual.example.com, o=example.com, c=US
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews objectClass: inetLocalMailRecipient
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User mailLocalAddress: @virtual.example.com
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater mailRoutingAddress: virtual@example.com
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark AndrewsThis would send all mail destined for any username @virtual.example.com to
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userthe machine server.example.com's MX servers and deliver to the address
068a66979695c77359e7a9181bb3f831c965b21cMark Andrewsvirtual@example.com on that relay machine.
872a5b83f68b8058945298715b0fa53442aad52fAutomatic Updater+---------------------------------+
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews| ANTI-SPAM CONFIGURATION CONTROL |
bdcada7d31335e05ebca757eb789e57166fb2a02Tinderbox User+---------------------------------+
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsThe primary anti-spam features available in sendmail are:
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User* Relaying is denied by default.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington* Better checking on sender information.
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updater* Access database.
7a42357217528037bdfedcb17eeebfe96ae4266aAutomatic Updater* Header checks.
e007e3e5b0316c6c05698a71101885743aca22bdAutomatic UpdaterRelaying (transmission of messages from a site outside your host (class
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews{w}) to another site except yours) is denied by default. Note that this
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonchanged in sendmail 8.9; previous versions allowed relaying by default.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf you really want to revert to the old behaviour, you will need to use
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonFEATURE(`promiscuous_relay'). You can allow certain domains to relay
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthrough your server by adding their domain name or IP address to class
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington(described below). Note that IPv6 addresses must be prefaced with "IPv6:".
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe file consists (like any other file based class) of entries listed on
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonseparate lines, e.g.,
cff0e0b52cf0928123bad6f3bccf56e22bbc07f5Automatic Updater IPv6:2002:c0a8:02c7
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IPv6:2002:c0a8:51d2::23f4
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [UNIX:localhost]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterNotice: the last entry allows relaying for connections via a UNIX
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrewssocket to the MTA/MSP. This might be necessary if your configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterdoesn't allow relaying by other means in that case, e.g., by having
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrewslocalhost.$m in class {R} (make sure $m is not just a top level
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews FEATURE(`relay_entire_domain')
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updaterthen any host in any of your local domains (that is, class {m})
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userwill be relayed (that is, you will accept mail either to or from any
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userhost in your domain).
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterYou can also allow relaying based on the MX records of the host
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userportion of an incoming recipient address by using
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updater FEATURE(`relay_based_on_MX')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterFor example, if your server receives a recipient of user@domain.com
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userand domain.com lists your server in its MX records, the mail will be
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useraccepted for relay to domain.com. This feature may cause problems
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterif MX lookups for the recipient domain are slow or time out. In that
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updatercase, mail will be temporarily rejected. It is usually better to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatermaintain a list of hosts/domains for which the server acts as relay.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterNote also that this feature will stop spammers from using your host
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updaterto relay spam but it will not stop outsiders from using your server
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafssonas a relay for their site (that is, they set up an MX record pointing
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updaterto your mail server, and you will relay mail addressed to them
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafssonwithout any prior arrangement). Along the same lines,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater FEATURE(`relay_local_from')
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterwill allow relaying if the sender specifies a return path (i.e.
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox UserMAIL FROM:<user@domain>) domain which is a local domain. This is a
b835dce3b5b80a24aa2a1d7dcc0c75b7021d8275Tinderbox Userdangerous feature as it will allow spammers to spam using your mail
9c446b72069d0ab9f710502f4d7048e50875fccbAutomatic Updaterserver by simply specifying a return address of user@your.domain.com.
1368e4b34cef64604c874fcc40201c78e548714cTinderbox UserIt should not be used unless absolutely necessary.
09091b4f0f69cca36f74a291fa3eb496686aeb1eAutomatic UpdaterA slightly better solution is
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User FEATURE(`relay_mail_from')
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox Userwhich allows relaying if the mail sender is listed as RELAY in the
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updateraccess map. If an optional argument `domain' (this is the literal
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterword `domain', not a placeholder) is given, the domain portion of
1368e4b34cef64604c874fcc40201c78e548714cTinderbox Userthe mail sender is also checked to allowing relaying. This option
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateronly works together with the tag From: for the LHS of the access
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatermap entries. This feature allows spammers to abuse your mail server
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updaterby specifying a return address that you enabled in your access file.
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox UserThis may be harder to figure out for spammers, but it should not
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userbe used unless necessary. Instead use STARTTLS to
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updaterallow relaying for roaming users.
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox UserIf source routing is used in the recipient address (e.g.,
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox UserRCPT TO:<user%site.com@othersite.com>), sendmail will check
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateruser@site.com for relaying if othersite.com is an allowed relay host
e10d61d84e0b735f1e8eca18644cfdb1b06cad33Tinderbox Userin either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox Useror the access database if FEATURE(`access_db') is used. To prevent
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox Userthe address from being stripped down, use:
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User FEATURE(`loose_relay_check')
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterIf you think you need to use this feature, you probably do not. This
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updatershould only be used for sites which have no control over the addresses
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updaterthat they provide a gateway for. Use this FEATURE with caution as it
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox Usercan allow spammers to relay through your server if not setup properly.
409ba95e573b40cf36acf97dd62ee7e9c7775851Tinderbox UserNOTICE: It is possible to relay mail through a system which the anti-relay
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrewsrules do not prevent: the case of a system that does use FEATURE(`nouucp',
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User`nospecial') (system A) and relays local messages to a mail hub (e.g., via
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserLOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterFEATURE(`nouucp') at all, addresses of the form
9c446b72069d0ab9f710502f4d7048e50875fccbAutomatic Updater<example.net!user@local.host> would be relayed to <user@example.net>.
bea3208b417a0700bd524807082875b7d09585e4Automatic UpdaterSystem A doesn't recognize `!' as an address separator and therefore
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterforwards it to the mail hub which in turns relays it because it came from
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatera trusted local host. So if a mailserver allows UUCP (bang-format)
1368e4b34cef64604c874fcc40201c78e548714cTinderbox Useraddresses, all systems from which it allows relaying should do the same
a01aa536188bb3535dfc1107a623e6355a8e6b7cMark Andrewsor reject those addresses.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterAs of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updateran unresolvable domain (i.e., one that DNS, your local name service,
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updateror special case rules in ruleset 3 cannot locate). This also applies
1368e4b34cef64604c874fcc40201c78e548714cTinderbox Userto addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterIP address can't be mapped to a host name. If you want to continue
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterto accept such domains, e.g., because you are inside a firewall that
478d64f58f5ce7a5e3ea08426d72faca8427c96dAutomatic Updaterhas only a limited view of the Internet host name space (note that you
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox Userwill not be able to return mail to them unless you have some "smart
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userhost" forwarder), use
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater FEATURE(`accept_unresolvable_domains')
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox UserAlternatively, you can allow specific addresses by adding them to
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox Userthe access map, e.g.,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater From:[1.2.3.4] OK
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater From:[1.2.4] OK
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic UpdaterNotice: domains which are temporarily unresolvable are (temporarily)
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updaterrejected with a 451 reply code. If those domains should be accepted
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater(which is discouraged) then you can use
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updatersendmail will also refuse mail if the MAIL FROM: parameter is not
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updaterfully qualified (i.e., contains a domain as well as a user). If you
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updaterwant to continue to accept such senders, use
409ba95e573b40cf36acf97dd62ee7e9c7775851Tinderbox User FEATURE(`accept_unqualified_senders')
b871c7156eb037d41f53828c6fcb9cc876128962Mark AndrewsSetting the DaemonPortOptions modifier 'u' overrides the default behavior,
9d9d2b1450380caab764a1254c1687f0613fc94aAutomatic Updateri.e., unqualified addresses are accepted even without this FEATURE. If
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterthis FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterto enforce fully qualified domain names.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterAn ``access'' database can be created to accept or reject mail from
53b97c9873a923f504893d1e2ab62000dfac221fTinderbox Userselected domains. For example, you may choose to reject all mail
1368e4b34cef64604c874fcc40201c78e548714cTinderbox Useroriginating from known spammers. To enable such a database, use
7d704e522860496310bb29c28e76064868401a9cMark Andrews FEATURE(`access_db')
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic UpdaterNotice: the access database is applied to the envelope addresses
19ad308d84cbf446a144e5a91f2032389a9d65c1Tinderbox Userand the connection information, not to the header.
713a5e3080f112b3efde9235e9c92035056ff966Automatic UpdaterThe FEATURE macro can accept as second parameter the key file
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updaterdefinition for the database; for example
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterNotice: If a second argument is specified it must contain the option
02b3e44a996e9753d86306b6a1b6b579a73787fcTinderbox User`-T<TMPF>' as shown above. The optional parameters may be
be46cb4bee9253ee4832340c719920642e00c41aTinderbox User `skip' enables SKIP as value part (see below).
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User `lookupdotdomain' another way to enable the feature of the
c243d779731a410f8dc2d2feeed20c15f299b6e3Automatic Updater same name (see above).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater `relaytofulladdress' enable entries of the form
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater To:user@example.com RELAY
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater to allow relaying to just a specific
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User e-mail address instead of an entire domain.
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic UpdaterRemember, since /etc/mail/access is a database, after creating the text
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterfile as described below, you must use makemap to create the database
572cb2c1c931f6bc6a4a019c103ae88239b0eb96Automatic Updatermap. For example:
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater makemap hash /etc/mail/access < /etc/mail/access
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserThe table itself uses e-mail addresses, domain names, and network
f22980c16f244b7d7f33b5248f2d38bd4885f108Automatic Updaternumbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:".
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User From:spammer@aol.com REJECT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Connect:TLD REJECT
d630ef2ff74445949a482660938e9fa9da52ca14Automatic Updater Connect:192.168.212 REJECT
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Connect:IPv6:2002:c0a8:02c7 RELAY
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User Connect:IPv6:2002:c0a8:51d2::23f4 REJECT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterwould refuse mail from spammer@aol.com, any user from cyberspammer.com
e10d61d84e0b735f1e8eca18644cfdb1b06cad33Tinderbox User(or any host within the cyberspammer.com domain), any host in the entire
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updatertop level domain TLD, 192.168.212.* network, and the IPv6 address
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater2002:c0a8:51d2::23f4. It would allow relay for the IPv6 network
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater2002:c0a8:02c7::/48.
f4029eb7463e99df00618de89f0bee5ac062a237Automatic UpdaterEntries in the access map should be tagged according to their type.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterThree tags are available:
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater Connect: connection information (${client_addr}, ${client_name})
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater From: envelope sender
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User To: envelope recipient
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserNotice: untagged entries are deprecated.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserIf the required item is looked up in a map, it will be tried first
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updaterwith the corresponding tag in front, then (as fallback to enable
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userbackward compatibility) without any tag, unless the specific feature
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrewsrequires a tag. For example,
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User From:spammer@some.dom REJECT
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater From:good@another.dom OK
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserThis would deny mails from spammer@some.dom but you could still
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updatersend mail to that address even if FEATURE(`blacklist_recipients')
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Useris enabled. Your system will allow relaying to friend.domain, but
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaternot from it (unless enabled by other means). Connections from that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterdomain will be allowed even if it ends up in one of the DNS based
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userrejection lists. Relaying is enabled from from.domain but not to
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userit (since relaying is based on the connection information for
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Useroutgoing relaying, the tag Connect: must be used; for incoming
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterrelaying, which is based on the recipient address, To: must be
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updaterused). The last two entries allow mails from good@another.dom but
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterreject mail from all other addresses with another.dom as domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterThe value part of the map can contain:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater OK Accept mail even if other rules in the running
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User ruleset would reject it, for example, if the domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name is unresolvable. "Accept" does not mean
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater "relay", but at most acceptance for local
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater recipients. That is, OK allows less than RELAY.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User RELAY Accept mail addressed to the indicated domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (or address if `relaytofulladdress' is set) or
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User received from the indicated domain for relaying
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater through your SMTP server. RELAY also serves as
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater an implicit OK for the other checks.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater REJECT Reject the sender or recipient with a general
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater purpose message.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DISCARD Discard the message completely using the
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater $#discard mailer. If it is used in check_compat,
59b277af9d9aac08d16be63aed5ae60ac9eef0d5Automatic Updater it affects only the designated recipient, not
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User the whole message as it does in all other cases.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This should only be used if really necessary.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater SKIP This can only be used for host/domain names
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and IP addresses/nets. It will abort the current
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User search for this entry without accepting or rejecting
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater it but causing the default action.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User ### any text where ### is an RFC 821 compliant error code and
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater "any text" is a message to return for the command.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater The entire string should be quoted to avoid
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "### any text"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Otherwise sendmail formats the text as email
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater addresses, e.g., it may remove spaces.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This type is deprecated, use one of the two
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater ERROR: entries below instead.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ERROR:### any text
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater as above, but useful to mark error messages as such.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If quotes need to be used to avoid modifications
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater (see above), they should be placed like this:
c762a0e4141c8eb9d7567c614cf6dde994f6a76dTinderbox User ERROR:"### any text"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User ERROR:D.S.N:### any text
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User where D.S.N is an RFC 1893 compliant error code
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater and the rest as above. If quotes need to be used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to avoid modifications, they should be placed
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater ERROR:D.S.N:"### any text"
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater QUARANTINE:any text
1b670d35282f1b9352692ad212be3c0aa97b0689Automatic Updater Quarantine the message using the given text as the
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User quarantining reason.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User From:cyberspammer.com ERROR:"550 We don't accept mail from spammers"
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater Connect:128.32 RELAY
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Connect:128.32.2 SKIP
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater Connect:IPv6:1:2:3:4:5:6:7 RELAY
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Connect:suspicious.example.com QUARANTINE:Mail from suspicious host
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User Connect:[127.0.0.3] OK
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Connect:[IPv6:1:2:3:4:5:6:7:8] OK
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterwould accept mail from okay.cyberspammer.com, but would reject mail
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userfrom all other hosts at cyberspammer.com with the indicated message.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterIt would allow relaying mail from and to any hosts in the sendmail.org
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userdomain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterand from the 128.32.*.* network except for the 128.32.2.* network,
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updaterwhich shows how SKIP is useful to exempt subnets/subdomains. The
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterlast two entries are for checks against ${client_name} if the IP
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Useraddress doesn't resolve to a hostname (or is considered as "may be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterforged"). That is, using square brackets means these are host
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usernames, not network numbers.
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox UserWarning: if you change the RFC 821 compliant error code from the default
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox Uservalue of 550, then you should probably also change the RFC 1893 compliant
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updatererror code to match it. For example, if you use
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater To:user@example.com ERROR:450 mailbox full
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userthe error returned would be "450 5.0.0 mailbox full" which is wrong.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserUse "ERROR:4.2.2:450 mailbox full" instead.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterNote, UUCP users may need to add hostname.UUCP to the access database
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic UpdaterIf you also use:
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater FEATURE(`relay_hosts_only')
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updaterthen the above example will allow relaying for sendmail.org, but not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterhosts within the sendmail.org domain. Note that this will also require
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updaterhosts listed in class {R} to be fully qualified host names.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserYou can also use the access database to block sender addresses based on
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterthe username portion of the address. For example:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater From:FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterNote that you must include the @ after the username to signify that
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updaterthis database entry is for checking only the username portion of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatersender address.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater FEATURE(`blacklist_recipients')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterthen you can add entries to the map for local users, hosts in your
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterdomains, or addresses in your domain which should not receive mail:
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User To:badlocaluser@ ERROR:550 Mailbox disabled for badlocaluser
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater To:host.my.TLD ERROR:550 That host does not accept mail
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User To:user@other.my.TLD ERROR:550 Mailbox disabled for this recipient
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserThis would prevent a recipient of badlocaluser in any of the local
e2e3f655d133f08056c9035412d4c013aab234e7Automatic Updaterdomains (class {w}), any user at host.my.TLD, and the single address
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updateruser@other.my.TLD from receiving mail. Please note: a local username
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usermust be now tagged with an @ (this is consistent with the check of
a01aa536188bb3535dfc1107a623e6355a8e6b7cMark Andrewsthe sender address, and hence it is possible to distinguish between
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userhostnames and usernames). Enabling this feature will keep you from
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usersending mails to all addresses that have an error message or REJECT
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Useras value part in the access map. Taking the example from above:
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater spammer@aol.com REJECT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterMail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterThat's why tagged entries should be used.
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic UpdaterThere are several DNS based blacklists which can be found by
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userquerying a search engine. These are databases of spammers
114f7780384371121918624ae2c80ecfce545683Tinderbox Usermaintained in DNS. To use such a database, specify
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater FEATURE(`dnsbl', `dnsbl.example.com')
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserThis will cause sendmail to reject mail from any site listed in the
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserDNS based blacklist. You must select a DNS based blacklist domain
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userto check by specifying an argument to the FEATURE. The default
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox Usererror message is
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User Rejected: IP-ADDRESS listed at SERVER
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userwhere IP-ADDRESS and SERVER are replaced by the appropriate
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updaterinformation. A second argument can be used to specify a different
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usertext or action. For example,
7d704e522860496310bb29c28e76064868401a9cMark Andrews FEATURE(`dnsbl', `dnsbl.example.com', `quarantine')
114f7780384371121918624ae2c80ecfce545683Tinderbox Userwould quarantine the message if the client IP address is listed
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserBy default, temporary lookup failures are ignored
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userand hence cause the connection not to be rejected by the DNS based
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userrejection list. This behavior can be changed by specifying a third
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userargument, which must be either `t' or a full error message. For
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater FEATURE(`dnsbl', `dnsbl.example.com', `',
71fc4775d04aea66809e3eb5b5159c55413bdc5cMark Andrews `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
71fc4775d04aea66809e3eb5b5159c55413bdc5cMark AndrewsIf `t' is used, the error message is:
7d704e522860496310bb29c28e76064868401a9cMark Andrews 451 Temporary lookup failure of IP-ADDRESS at SERVER
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterwhere IP-ADDRESS and SERVER are replaced by the appropriate
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterThis FEATURE can be included several times to query different
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterDNS based rejection lists.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterNotice: to avoid checking your own local domains against those
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updaterblacklists, use the access_db feature and add:
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater Connect:10.1 OK
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater Connect:127.0.0.1 RELAY
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userto the access map, where 10.1 is your local network. You may
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userwant to use "RELAY" instead of "OK" to allow also relaying
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userinstead of just disabling the DNS lookups in the blacklists.
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic UpdaterThe features described above make use of the check_relay, check_mail,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterand check_rcpt rulesets. Note that check_relay checks the SMTP
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userclient hostname and IP address when the connection is made to your
da24e725ff982595d74da7e75e9fbd6a696367ccAutomatic Updaterserver. It does not check if a mail message is being relayed to
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Useranother server. That check is done in check_rcpt. If you wish to
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userinclude your own checks, you can put your checks in the rulesets
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserLocal_check_relay, Local_check_mail, and Local_check_rcpt. For
5b10b473e94d11cddac29340317ec3ad2a856598Automatic Updaterexample if you wanted to block senders with all numeric usernames
a01aa536188bb3535dfc1107a623e6355a8e6b7cMark Andrews(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson Kallnumbers regex -a@MATCH ^[0-9]+$
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater LOCAL_RULESETS
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater SLocal_check_mail
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson # check address against various regex checks
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater R$* $: $>Parse0 $>3 $1
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $)
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User R@MATCH $#error $: 553 Header Error
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterThese rules are called with the original arguments of the corresponding
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usercheck_* ruleset. If the local ruleset returns $#OK, no further checking
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useris done by the features described above and the mail is accepted. If
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userthe local ruleset resolves to a mailer (such as $#error or $#discard),
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userthe appropriate action is taken. Other results starting with $# are
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userinterpreted by sendmail and may lead to unspecified behavior. Note: do
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserNOT create a mailer with the name OK. Return values that do not start
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userwith $# are ignored, i.e., normal processing continues.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserDelay all checks
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User----------------
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserBy using FEATURE(`delay_checks') the rulesets check_mail and check_relay
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userwill not be called when a client connects or issues a MAIL command,
47ff70af9e842bf0f69d209433995216f560fe4aAutomatic Updaterrespectively. Instead, those rulesets will be called by the check_rcpt
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userruleset; they will be skipped if a sender has been authenticated using
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Usera "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserIf check_mail returns an error then the RCPT TO command will be rejected
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userwith that error. If it returns some other result starting with $# then
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Usercheck_relay will be skipped. If the sender address (or a part of it) is
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userlisted in the access map and it has a RHS of OK or RELAY, then check_relay
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userwill be skipped. This has an interesting side effect: if your domain is
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userin the access map, then any e-mail with a sender address of
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<user@my.domain> will not be rejected by check_relay even though
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userit would match the hostname or IP address. This allows spammers
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userto get around DNS based blacklist by faking the sender address. To
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useravoid this problem you have to use tagged entries:
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox Userif you need those entries at all (class {R} may take care of them).
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserFEATURE(`delay_checks') can take an optional argument:
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater FEATURE(`delay_checks', `friend')
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater enables spamfriend test
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater FEATURE(`delay_checks', `hater')
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User enables spamhater test
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserIf such an argument is given, the recipient will be looked up in the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useraccess map (using the tag Spam:). If the argument is `friend', then
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updaterthe default behavior is to apply the other rulesets and make a SPAM
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updaterfriend the exception. The rulesets check_mail and check_relay will be
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updaterskipped only if the recipient address is found and has RHS FRIEND. If
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updaterthe argument is `hater', then the default behavior is to skip the rulesets
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updatercheck_mail and check_relay and make a SPAM hater the exception. The
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updaterother two rulesets will be applied only if the recipient address is
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updaterfound and has RHS HATER.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterThis allows for simple exceptions from the tests, e.g., by activating
1fdd58445074579ee3b65c871137a7a1740eb542Mark Andrewsthe friend option and having
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Spam:abuse@ FRIEND
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userin the access map, mail to abuse@localdomain will get through (where
603cf17f33da24d460616389ec40d6f2a6e110a0Automatic Updater"localdomain" is any domain in class {w}). It is also possible to
09091b4f0f69cca36f74a291fa3eb496686aeb1eAutomatic Updaterspecify a full address or an address with +detail:
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Spam:abuse@my.domain FRIEND
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Spam:me+abuse@ FRIEND
55aec75784a22e9d06d52b2b8a7d5aa42d31dc00Automatic UpdaterNote: The required tag has been changed in 8.12 from To: to Spam:.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterThis change is incompatible to previous versions. However, you can
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater(for now) simply add the new entries to the access map, the old
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterones will be ignored. As soon as you removed the old entries from
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updaterthe access map, specify a third parameter (`n') to this feature and
93bd88e172a36b549938bce1731df7c10a8f3fb5Automatic Updaterthe backward compatibility rules will not be in the generated .cf
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic UpdaterYou can also reject mail on the basis of the contents of headers.
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic UpdaterThis is done by adding a ruleset call to the 'H' header definition command
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userin sendmail.cf. For example, this can be used to check the validity of
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usera Message-ID: header:
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User HMessage-Id: $>CheckMessageId
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User LOCAL_RULESETS
3c02671513da2af836b985c5e70c8e44583359afAutomatic Updater SCheckMessageId
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater R< $+ @ $+ > $@ OK
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater R$* $#error $: 553 Header Error
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic UpdaterThe alternative format:
47ff70af9e842bf0f69d209433995216f560fe4aAutomatic Updater HSubject: $>+CheckSubject
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterthat is, $>+ instead of $>, gives the full Subject: header including
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updatercomments to the ruleset (comments in parentheses () are stripped
59528addd704f8d5757b54e540520f74e588a7c7Automatic UpdaterA default ruleset for headers which don't have a specific ruleset
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updaterdefined for them can be given by:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater H*: $>CheckHdr
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater1. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
59528addd704f8d5757b54e540520f74e588a7c7Automatic UpdaterThat may cause problems with simple header checks due to the
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrewstokenization. It might be simpler to use a regex map and apply it
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updaterto $&{currHeader}.
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater2. There are no default rulesets coming with this distribution of
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updatersendmail. You can write your own or search the WWW for examples.
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater3. When using a default ruleset for headers, the name of the header
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatercurrently being checked can be found in the $&{hdr_name} macro.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic UpdaterAfter all of the headers are read, the check_eoh ruleset will be called for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterany final header-related checks. The ruleset is called with the number of
83d29eff2912ef967596eb5ed148de7668b35564Automatic Updaterheaders and the size of all of the headers in bytes separated by $|. One
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterexample usage is to reject messages which do not have a Message-Id:
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updaterheader. However, the Message-Id: header is *NOT* a required header and is
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usernot a guaranteed spam indicator. This ruleset is an example and should
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updaterprobably not be used in production.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User Kstorage macro
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater HMessage-Id: $>CheckMessageId
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater LOCAL_RULESETS
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User SCheckMessageId
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater # Record the presence of the header
78bc8fdc2488c92d7228e8de19827e2c114c56caAutomatic Updater R$* $: $(storage {MessageIdCheck} $@ OK $) $1
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater R< $+ @ $+ > $@ OK
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater R$* $#error $: 553 Header Error
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater # Check the macro
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater R$* $: < $&{MessageIdCheck} >
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User # Clear the macro for the next message
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater R$* $: $(storage {MessageIdCheck} $) $1
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater # Has a Message-Id: header
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater # Allow missing Message-Id: from local mail
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater R$* $: < $&{client_name} >
e705db6d5d886dc14f4a75a2046a075c0750e7eeAutomatic Updater R< $=w > $@ OK
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater # Otherwise, reject the mail
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater R$* $#error $: 553 Header Error
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater+--------------------+
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater| CONNECTION CONTROL |
6c910bd5e4a85a56e3a61fdf7b237a45bb2553eeTinderbox User+--------------------+
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserThe features ratecontrol and conncontrol allow to establish connection
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterlimits per client IP address or net. These features can limit the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterrate of connections (connections per time unit) or the number of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterincoming SMTP connections, respectively. If enabled, appropriate
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userrulesets are called at the end of check_relay, i.e., after DNS
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userblacklists and generic access_db operations. The features require
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserFEATURE(`access_db') to be listed earlier in the mc file.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserNote: FEATURE(`delay_checks') delays those connection control checks
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userafter a recipient address has been received, hence making these
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterconnection control features less useful. To run the checks as early
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateras possible, specify the parameter `nodelay', e.g.,
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater FEATURE(`ratecontrol', `nodelay')
2bb3422dc683c013db7042f5736240de6b86f182Automatic UpdaterIn that case, FEATURE(`delay_checks') has no effect on connection
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatercontrol (and it must be specified earlier in the mc file).
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterAn optional second argument `terminate' specifies whether the
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userrulesets should return the error code 421 which will cause
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updatersendmail to terminate the session with that error if it is
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userreturned from check_relay, i.e., not delayed as explained in
1368e4b34cef64604c874fcc40201c78e548714cTinderbox Userthe previous paragraph. Example:
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User FEATURE(`ratecontrol', `nodelay', `terminate')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterIn this text, cert will be used as an abbreviation for X.509 certificate,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserDN (CN) is the distinguished (common) name of a cert, and CA is a
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Usercertification authority, which signs (issues) certs.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterFor STARTTLS to be offered by sendmail you need to set at least
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userthese variables (the file names and paths are just examples):
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User define(`confCACERT_PATH', `/etc/mail/certs/')
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterOn systems which do not have the compile flag HASURANDOM set (see
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatersendmail/README) you also must set confRAND_FILE.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterSee doc/op/op.{me,ps,txt} for more information about these options,
1ac49378a458420bc685293d12e567d7222d17b6Tinderbox Userespecially the sections ``Certificates for STARTTLS'' and ``PRNG for
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserMacros related to STARTTLS are:
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User${cert_issuer} holds the DN of the CA (the cert issuer).
b16e2045ac28229c31f1ea3ebad15cbcb13e1d24Automatic Updater${cert_subject} holds the DN of the cert (called the cert subject).
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User${cn_issuer} holds the CN of the CA (the cert issuer).
b3386fba31414344f38f0c30849c056dceb22dceTinderbox User${cn_subject} holds the CN of the cert (called the cert subject).
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater used for the connection.
71bfd0968456cc0c69fd400d2dafd02977c649d2Tinderbox User${verify} holds the result of the verification of the presented cert.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Possible values are:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater OK verification succeeded.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User NO no cert presented.
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater NOT no cert requested.
6c910bd5e4a85a56e3a61fdf7b237a45bb2553eeTinderbox User FAIL cert presented but could not be verified,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater e.g., the cert of the signing CA is missing.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater NONE STARTTLS has not been performed.
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater TEMP temporary error occurred.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User PROTOCOL protocol error occurred (SMTP level).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater SOFTWARE STARTTLS handshake failed.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User${server_name} the name of the server of the current outgoing SMTP
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User${server_addr} the address of the server of the current outgoing SMTP
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserSMTP STARTTLS can allow relaying for remote SMTP clients which have
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usersuccessfully authenticated themselves. If the verification of the cert
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterfailed (${verify} != OK), relaying is subject to the usual rules.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserOtherwise the DN of the issuer is looked up in the access map using the
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usertag CERTISSUER. If the resulting value is RELAY, relaying is allowed.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserIf it is SUBJECT, the DN of the cert subject is looked up next in the
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Useraccess map using the tag CERTSUBJECT. If the value is RELAY, relaying
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserTo make things a bit more flexible (or complicated), the values for
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User${cert_issuer} and ${cert_subject} can be optionally modified by regular
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userexpressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
1ac49378a458420bc685293d12e567d7222d17b6Tinderbox Userrulesets and map lookups, they are modified as follows: each non-printable
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usercharacter and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
6c910bd5e4a85a56e3a61fdf7b237a45bb2553eeTinderbox Userby their HEX value with a leading '+'. For example:
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userdarth+cert@endmail.org
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Useris encoded as:
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater/C=US/ST=California/O=endmail.org/OU=private/CN=
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserDarth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User(line breaks have been inserted for readability).
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserThe macros which are subject to this encoding are ${cert_subject},
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User${cert_issuer}, ${cn_subject}, and ${cn_issuer}.
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic UpdaterTo allow relaying for everyone who can present a cert signed by
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User/C=US/ST=California/O=endmail.org/OU=private/CN=
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserDarth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterDarth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterTo allow relaying only for a subset of machines that have a cert signed by
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater/C=US/ST=California/O=endmail.org/OU=private/CN=
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterDarth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserDarth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
ce0fd07045292942bfa3e755d9ce596941528a63Automatic UpdaterDeathStar/Email=deathstar@endmail.org RELAY
523b258f0045155255bc61cd75f5cc605013fa7dAutomatic Updater- line breaks have been inserted after "CN=" for readability,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater each tagged entry must be one (long) line in the access map.
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is replaced by "emailAddress=".
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterOf course it is also possible to write a simple ruleset that allows
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updaterrelaying for everyone who can present a cert that can be verified, e.g.,
c6517a807173827b8f638d31303805ee4c1d8054Automatic UpdaterSLocal_check_rcpt
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserR$* $: $&{verify}
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterAllowing Connections
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User--------------------
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserThe rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useran SMTP connection is accepted (or should continue).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatertls_server is called when sendmail acts as client after a STARTTLS command
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater(should) have been issued. The parameter is the value of ${verify}.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatertls_client is called when sendmail acts as server, after a STARTTLS command
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userhas been issued, and from check_mail. The parameter is the value of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater${verify} and STARTTLS or MAIL, respectively.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserBoth rulesets behave the same. If no access map is in use, the connection
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterwill be accepted unless ${verify} is SOFTWARE, in which case the connection
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateris always aborted. For tls_server/tls_client, ${client_name}/${server_name}
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updateris looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterwith the ruleset LookUpDomain. If no entry is found, ${client_addr}
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater(${server_addr}) is looked up in the access map (same tag, ruleset
7f79131f9a8e804b93c57f3c679065cce878b726Automatic UpdaterLookUpAddr). If this doesn't result in an entry either, just the tag is
0ead2ac0a4b59c3e4a731027f0f66fbe602b1289Tinderbox Userlooked up in the access map (included the trailing colon). Notice:
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userrequiring that e-mail is sent to a server only encrypted, e.g., via
c904ec617fe9e711c6743660a66b7dee1e213756Tinderbox Userdoesn't necessarily mean that e-mail sent to that domain is encrypted.
78bc8fdc2488c92d7228e8de19827e2c114c56caAutomatic UpdaterIf the domain has multiple MX servers, e.g.,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatersecure.domain. IN MX 10 mail.secure.domain.
a01aa536188bb3535dfc1107a623e6355a8e6b7cMark Andrewsthen mail to user@secure.domain may go unencrypted to mail.other.domain.
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updatertls_rcpt can be used to address this problem.
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updatertls_rcpt is called before a RCPT TO: command is sent. The parameter is the
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usercurrent recipient. This ruleset is only defined if FEATURE(`access_db')
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updateris selected. A recipient address user@domain is looked up in the access
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updatermap in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updaterand TLS_Rcpt:; the first match is taken.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterThe result of the lookups is then used to call the ruleset TLS_connection,
e705db6d5d886dc14f4a75a2046a075c0750e7eeAutomatic Updaterwhich checks the requirement specified by the RHS in the access map against
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updaterthe actual parameters of the current TLS connection, esp. ${verify} and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater${cipher_bits}. Legal RHSs in the access map are:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterVERIFY verification must have succeeded
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterVERIFY:bits verification must have succeeded and ${cipher_bits} must
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be greater than or equal bits.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterENCR:bits ${cipher_bits} must be greater than or equal bits.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic UpdaterThe RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateror permanent error. The default is a temporary error code (403 4.7.0)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterunless the macro TLS_PERM_ERR is set during generation of the .cf file.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserIf a certain level of encryption is required, then it might also be
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userpossible that this level is provided by the security layer from a SASL
40696c4c389a780082fb77840c173b201ce696d6Automatic Updateralgorithm, e.g., DIGEST-MD5.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserFurthermore, there can be a list of extensions added. Such a list
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userstarts with '+' and the items are separated by '++'. Allowed
40696c4c389a780082fb77840c173b201ce696d6Automatic Updaterextensions are:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCN:name name must match ${cn_subject}
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic UpdaterCN ${server_name} must match ${cn_subject}
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCS:name name must match ${cert_subject}
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCI:name name must match ${cert_issuer}
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserExample: e-mail sent to secure.example.com should only use an encrypted
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userconnection. E-mail received from hosts within the laptop.example.com domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatershould only be accepted if they have been authenticated. The host which
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterreceives e-mail for darth@endmail.org must present a cert that uses the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterTLS_Clt:laptop.example.com PERM+VERIFY:112
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterTLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterDisabling STARTTLS And Setting SMTP Server Features
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater---------------------------------------------------
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterBy default STARTTLS is used whenever possible. However, there are
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatersome broken MTAs that don't properly implement STARTTLS. To be able
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterto send to (or receive from) those MTAs, the ruleset try_tls
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater(srv_features) can be used that work together with the access map.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterEntries for the access map must be tagged with Try_TLS (Srv_Features)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterand refer to the hostname or IP address of the connecting system.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic UpdaterA default case can be specified by using just the tag. For example,
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafssonthe following entries in the access map:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Srv_Features: V
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userwill turn off STARTTLS when sending to broken.server (or any host
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updaterin that domain), and request a client certificate during the TLS
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updaterhandshake only for hosts in my.domain. The valid entries on the RHS
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userfor Srv_Features are listed in the Sendmail Installation and
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserOperations Guide.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterReceived: Header
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater----------------
e5fe07a7ebff18f7ed4ac434b37daff6c8ee5d5bAutomatic UpdaterThe Received: header reveals whether STARTTLS has been used. It contains an
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater+--------------------------------+
9c446b72069d0ab9f710502f4d7048e50875fccbAutomatic Updater| ADDING NEW MAILERS OR RULESETS |
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater+--------------------------------+
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic UpdaterSometimes you may need to add entirely new mailers or rulesets. They
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatershould be introduced with the constructs MAILER_DEFINITIONS and
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserLOCAL_RULESETS respectively. For example:
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User MAILER_DEFINITIONS
6c910bd5e4a85a56e3a61fdf7b237a45bb2553eeTinderbox User Mmymailer, ...
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews LOCAL_RULESETS
409ba95e573b40cf36acf97dd62ee7e9c7775851Tinderbox UserLocal additions for the rulesets srv_features, try_tls, tls_rcpt,
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usertls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserLOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userrespectively. For example, to add a local ruleset that decides
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updaterwhether to try STARTTLS in a sendmail client, use:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterNote: you don't need to add a name for the ruleset, it is implicitly
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterdefined by using the appropriate macro.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater+-------------------------+
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater| ADDING NEW MAIL FILTERS |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater+-------------------------+
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterSendmail supports mail filters to filter incoming SMTP messages according
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userto the "Sendmail Mail Filter API" documentation. These filters can be
6c910bd5e4a85a56e3a61fdf7b237a45bb2553eeTinderbox Userconfigured in your mc file using the two commands:
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User MAIL_FILTER(`name', `equates')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater INPUT_MAIL_FILTER(`name', `equates')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterThe first command, MAIL_FILTER(), simply defines a filter with the given
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatername and equates. For example:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsThis creates the equivalent sendmail.cf entry:
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Xarchive, S=local:/var/run/archivesock, F=R
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark AndrewsThe INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsbut also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsof the filter such that the filter will actually be called by sendmail.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsFor example, the two commands:
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrewsare equivalent to the three commands:
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark AndrewsIn general, INPUT_MAIL_FILTER() should be used unless you need to define
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsmore filters than you want to use for `confINPUT_MAIL_FILTERS'.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark AndrewsNote that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewscommands will clear the list created by the prior INPUT_MAIL_FILTER()
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews+-------------------------+
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews| QUEUE GROUP DEFINITIONS |
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews+-------------------------+
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark AndrewsIn addition to the queue directory (which is the default queue group
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewscalled "mqueue"), sendmail can deal with multiple queue groups, which
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsare collections of queue directories with the same behaviour. Queue
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrewsgroups can be defined using the command:
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews QUEUE_GROUP(`name', `equates')
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsFor details about queue groups, please see doc/op/op.{me,ps,txt}.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews+-------------------------------+
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews| NON-SMTP BASED CONFIGURATIONS |
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews+-------------------------------+
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsThese configuration files are designed primarily for use by
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsSMTP-based sites. They may not be well tuned for UUCP-only or
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark AndrewsUUCP-primarily nodes (the latter is defined as a small local net
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsconnected to the rest of the world via UUCP). However, there is
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsone hook to handle some special cases.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsYou can define a ``smart host'' that understands a richer address syntax
e23256e740b238bddb4ba41ffac5f81a01c92245Automatic Updater define(`SMART_HOST', `mailer:hostname')
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserIn this case, the ``mailer:'' defaults to "relay". Any messages that
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Usercan't be handled using the usual UUCP rules are passed to this host.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterIf you are on a local SMTP-based net that connects to the outside
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterworld via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User define(`SMART_HOST', `uucp-new:uunet')
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User LOCAL_NET_CONFIG
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterThis will cause all names that end in your domain name ($m) to be sent
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updatervia SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonIf you have FEATURE(`nocanonify'), you may need to omit the dots after
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updaterthe $m. If you are running a local DNS inside your domain which is
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafssonnot otherwise connected to the outside world, you probably want to
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater define(`SMART_HOST', `smtp:fire.wall.com')
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater LOCAL_NET_CONFIG
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserThat is, send directly only to things you found in your DNS lookup;
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Useranything else goes through SMART_HOST.
45c349c278fd83acd4dcb91eec3482401a623e47Automatic UpdaterYou may need to turn off the anti-spam rules in order to accept
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterUUCP mail with FEATURE(`promiscuous_relay') and
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonFEATURE(`accept_unresolvable_domains').
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserNormally, the $j macro is automatically defined to be your fully
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userqualified domain name (FQDN). Sendmail does this by getting your
9fa6e3bdb4ec36d8734c63c4366375a681aa3a4dAutomatic Updaterhost name using gethostname and then calling gethostbyname on the
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updaterresult. For example, in some environments gethostname returns
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafssononly the root of the host name (such as "foo"); gethostbyname is
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usersupposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usercases, gethostbyname may fail to return the FQDN. In this case
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsyou MUST define confDOMAIN_NAME to be your fully qualified domain
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsname. This is usually done using:
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews define(`confDOMAIN_NAME', `$w.$m')dnl
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+-----------------------------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews| ACCEPTING MAIL FOR MULTIPLE NAMES |
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+-----------------------------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsIf your host is known by several different names, you need to augment
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsclass {w}. This is a list of names by which your host is known, and
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updateranything sent to an address using a host name in this list will be
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updatertreated as local mail. You can do this in two ways: either create the
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterfile /etc/mail/local-host-names containing a list of your aliases (one per
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterline), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsname of the host, rather than a short name.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsIf you want to have different address in different domains, take
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsa look at the virtusertable feature, which is also explained at
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+--------------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews| USING MAILERTABLES |
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+--------------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsTo use FEATURE(`mailertable'), you will have to create an external
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsdatabase containing the routing information for various domains.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsFor example, a mailertable file in text format might be:
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews uuhost1.my.domain uucp-new:uuhost1
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsThis should normally be stored in /etc/mail/mailertable. The actual
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsdatabase version of the mailertable is built using:
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews makemap hash /etc/mail/mailertable < /etc/mail/mailertable
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterThe semantics are simple. Any LHS entry that does not begin with
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updatera dot matches the full host name indicated. LHS entries beginning
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterwith a dot match anything ending with that domain name (including
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsthe leading dot) -- that is, they can be thought of as having a
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsleading ".+" regular expression pattern for a non-empty sequence of
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updatercharacters. Matching is done in order of most-to-least qualified
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater-- for example, even though ".my.domain" is listed first in the
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterabove example, an entry of "uuhost1.my.domain" will match the second
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterentry since it is more explicit. Note: e-mail to "user@my.domain"
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterdoes not match any entry in the above table. You need to have
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updatersomething like:
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterThe RHS should always be a "mailer:host" pair. The mailer is the
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterconfiguration name of a mailer (that is, an M line in the
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updatersendmail.cf file). The "host" will be the hostname passed to
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterthat mailer. In domain-based matches (that is, those with leading
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterdots) the "%1" may be used to interpolate the wildcarded part of
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterthe host name. For example, the first line above sends everything
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updateraddressed to "anything.my.domain" to that same host name, but using
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterthe (presumably experimental) xnet mailer.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterIn some cases you may want to temporarily turn off MX records,
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterparticularly on gateways. For example, you may want to MX
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewseverything in a domain to one machine that then forwards it
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsdirectly. To do this, you might use the DNS configuration:
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *.domain. IN MX 0 relay.machine
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterand on relay.machine use the mailertable:
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterThe [square brackets] turn off MX records for this host only.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsIf you didn't do this, the mailertable would use the MX record
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsagain, which would give you an MX loop. Note that the use of
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewswildcard MX records is almost always a bad idea. Please avoid
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsusing them if possible.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+--------------------------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews| USING USERDB TO MAP FULL NAMES |
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+--------------------------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsThe user database was not originally intended for mapping full names
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsto login names (e.g., Eric.Allman => eric), but some people are using
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsit that way. (it is recommended that you set up aliases for this
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewspurpose instead -- since you can specify multiple alias files, this
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsis fairly easy.) The intent was to locate the default maildrop at
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsa site, but allow you to override this by sending to a specific host.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsIf you decide to set up the user database in this fashion, it is
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsimperative that you not use FEATURE(`stickyhost') -- otherwise,
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewse-mail sent to Full.Name@local.host.name will be rejected.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsTo build the internal form of the user database, use:
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterAs a general rule, it is an extremely bad idea to using full names
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsas e-mail addresses, since they are not in any sense unique. For
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsexample, the UNIX software-development community has at least two
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewswell-known Peter Deutsches, and at one time Bell Labs had two
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsStephen R. Bournes with offices along the same hallway. Which one
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewswill be forced to suffer the indignity of being Stephen_R_Bourne_2?
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsThe less famous of the two, or the one that was hired later?
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsFinger should handle full names (and be fuzzy). Mail should use
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewshandles, and not be fuzzy.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+--------------------------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews| MISCELLANEOUS SPECIAL FEATURES |
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+--------------------------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews Sometimes it is convenient to merge configuration on a
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews centralized mail machine, for example, to forward all
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater root mail to a mail server. In this case it might be
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater useful to be able to treat the root addresses as a class
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater of addresses with subtle differences. You can do this
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater using plussed users. For example, a client might include
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews root: root+client1@server
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews On the server, this will match an alias for "root+client1".
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews If that is not found, the alias "root+*" will be tried,
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews then "root".
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+----------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews| SECURITY NOTES |
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+----------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsA lot of sendmail security comes down to you. Sendmail 8 is much
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsmore careful about checking for security problems than previous
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsversions, but there are some things that you still need to watch
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsfor. In particular:
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews* Make sure the aliases file is not writable except by trusted
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews system personnel. This includes both the text and database
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews* Make sure that other files that sendmail reads, such as the
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews mailertable, are only writable by trusted system personnel.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews* The queue directory should not be world writable PARTICULARLY
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater if your system allows "file giveaways" (that is, if a non-root
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews user can chown any file they own to any other user).
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater* If your system allows file giveaways, DO NOT create a publically
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews writable directory for forward files. This will allow anyone
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater to steal anyone else's e-mail. Instead, create a script that
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews copies the .forward file from users' home directories once a
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater night (if you want the non-NFS-mounted forward directory).
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater* If your system allows file giveaways, you'll find that
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater sendmail is much less trusting of :include: files -- in
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews /etc/shells before they will be trusted (that is, before
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews files and programs listed in them will be honored).
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterIn general, file giveaways are a mistake -- if you can turn them
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+--------------------------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews| TWEAKING CONFIGURATION OPTIONS |
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews+--------------------------------+
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsThere are a large number of configuration options that don't normally
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsneed to be changed. However, if you feel you need to tweak them,
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updateryou can define the following M4 variables. Note that some of these
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsvariables require formats that are defined in RFC 2821 or RFC 2822.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsBefore changing them you need to make sure you do not violate those
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews(and other relevant) RFCs.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsThis list is shown in four columns: the name you define, the default
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsvalue for that definition, the option or macro that is affected
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews(either Ox for an option or Dx for a macro), and a brief description.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsSome options are likely to be deprecated in future versions -- that is,
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsthe option is only included to provide back-compatibility. These are
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsmarked with "*".
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsRemember that these options are M4 variables, and hence may need to
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsbe quoted. In particular, arguments with commas will usually have to
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsbe ``double quoted, like this phrase'' to avoid having the comma
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterconfuse things. This is common for alias file definitions and for
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updaterthe read timeout.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterM4 Variable Name Configuration [Default] & Description
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater================ ============= =======================
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews for internally generated outgoing
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfDOMAIN_NAME $j macro If defined, sets $j. This should
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews only be done if your system cannot
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater determine your local domain name,
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews and then it should be set to
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews domain name.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfCF_VERSION $Z macro If defined, this is appended to the
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews configuration version name.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterconfLDAP_CLUSTER ${sendmailMTACluster} macro
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews If defined, this is the LDAP
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews cluster to use for LDAP searches
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews as described above in ``USING LDAP
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews FOR ALIASES, MAPS, AND CLASSES''.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews internally generated From: address.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfRECEIVED_HEADER Received:
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [$?sfrom $s $.$?_($?s$|from $.$_)
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews $.$?{auth_type}(authenticated)
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews $.by $j ($v/$Z)$?r with $r$. id $i$?u
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews The format of the Received: header
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews in messages passed through this host.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews It is unwise to try to change this.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater internally generated Message-Id:
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterconfCW_FILE Fw class [/etc/mail/local-host-names] Name
9876f11b26bdb27d145fdf9e7d996894398066aeAutomatic Updater of file used to get the local
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews additions to class {w} (local host
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterconfCT_FILE Ft class [/etc/mail/trusted-users] Name of
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater file used to get the local additions
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater to class {t} (trusted users).
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfCR_FILE FR class [/etc/mail/relay-domains] Name of
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater file used to get the local additions
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater to class {R} (hosts allowed to relay).
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfTRUSTED_USERS Ct class [no default] Names of users to add to
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews the list of trusted users. This list
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews always includes root, uucp, and daemon.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater See also FEATURE(`use_ct_file').
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterconfTRUSTED_USER TrustedUser [no default] Trusted user for file
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater ownership and starting the daemon.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews Not to be confused with
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater confTRUSTED_USERS (see above).
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterconfSMTP_MAILER - [esmtp] The mailer name used when
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater SMTP connectivity is required.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater One of "smtp", "smtp8",
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater "esmtp", or "dsmtp".
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfUUCP_MAILER - [uucp-old] The mailer to be used by
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews default for bang-format recipient
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews addresses. See also discussion of
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews class {U}, class {Y}, and class {Z}
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews in the MAILER(`uucp') section.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfLOCAL_MAILER - [local] The mailer name used when
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews local connectivity is required.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews Almost always "local".
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfRELAY_MAILER - [relay] The default mailer name used
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews for relaying any mail (e.g., to a
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews BITNET_RELAY, a SMART_HOST, or
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews whatever). This can reasonably be
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews "uucp-new" if you are on a
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews UUCP-connected site.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits?
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfALIAS_WAIT AliasWait [10m] Time to wait for alias file
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews rebuild until you get bored and
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews decide that the apparently pending
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews rebuild failed.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews queue filesystem to accept SMTP mail.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews (Prior to 8.7 this was minfree/maxsize,
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews where minfree was the number of free
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews blocks and maxsize was the maximum
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater message size. Use confMAX_MESSAGE_SIZE
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater for the second value now.)
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsconfMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater that will be accepted (in bytes).
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterconfBLANK_SUB BlankSub [.] Blank (space) substitution
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterconfCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater to mailers marked expensive.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterconfCHECKPOINT_INTERVAL CheckpointInterval
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [10] Checkpoint queue files every N
017d755d7a606dfb1e02a9d6e2b29e49e39fde16Tinderbox UserconfDELIVERY_MODE DeliveryMode [background] Default delivery mode.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic UpdaterconfERROR_MODE ErrorMode [print] Error message mode.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark AndrewsconfERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic UpdaterconfSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic UpdaterconfTEMP_FILE_MODE TempFileMode [0600] Temporary file mode.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic UpdaterconfMATCH_GECOS MatchGECOS [False] Match GECOS field.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic UpdaterconfMAX_HOP MaxHopCount [25] Maximum hop count.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserconfIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User mode] Ignore dot as terminator for
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User incoming messages?
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserconfBIND_OPTS ResolverOptions [undefined] Default options for DNS
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserconfMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
200a9e7da827b67d99193bf793aea9f3e3fa1b43Tinderbox User encapsulated messages per RFC 1344.
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic UpdaterconfFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward]
af9dbf1ccdd53933aaae9300d13ce0965d39b067Evan Hunt The colon-separated list of places to
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updater search for .forward files. N.B.: see
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User the Security Notes section.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserconfMCI_CACHE_SIZE ConnectionCacheSize
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User [2] Size of open connection cache.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserconfMCI_CACHE_TIMEOUT ConnectionCacheTimeout
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater [5m] Open connection cache timeout.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserconfHOST_STATUS_DIRECTORY HostStatusDirectory
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User [undefined] If set, host status is kept
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User on disk between sendmail runs in the
af9dbf1ccdd53933aaae9300d13ce0965d39b067Evan Hunt named directory tree. This need not be
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User a full pathname, in which case it is
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User interpreted relative to the queue
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserconfSINGLE_THREAD_DELIVERY SingleThreadDelivery
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User [False] If this option and the
09091b4f0f69cca36f74a291fa3eb496686aeb1eAutomatic Updater HostStatusDirectory option are both
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater set, single thread deliveries to other
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater hosts. That is, don't allow any two
63d98873e29dee9608c27f40613cb69d130a56e7Mark Andrews sendmails on this host to connect
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updater simultaneously to any other single
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater host. This can slow down delivery in
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews some cases, in particular since a
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User cached but otherwise idle connection
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User to a host will prevent other sendmails
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User from connecting to the other host.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserconfUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User deliver error messages. This should
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User not be necessary because of general
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User acceptance of the envelope/header
confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial
confTO_ICONNECT Timeout.iconnect
[undefined] Like Timeout.connect, but
confTO_ACONNECT Timeout.aconnect
confTO_HELO Timeout.helo [5m] The timeout waiting for a response
confTO_MAIL Timeout.mail [10m] The timeout waiting for a
confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response
confTO_DATAINIT Timeout.datainit
confTO_DATABLOCK Timeout.datablock
confTO_DATAFINAL Timeout.datafinal
confTO_RSET Timeout.rset [5m] The timeout waiting for a response
confTO_QUIT Timeout.quit [2m] The timeout waiting for a response
confTO_MISC Timeout.misc [2m] The timeout waiting for a response
confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout
confTO_IDENT Timeout.ident [5s] The timeout waiting for a
confTO_FILEOPEN Timeout.fileopen
(e.g., :include: file) to be opened.
confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response
confTO_STARTTLS Timeout.starttls
confTO_CONTROL Timeout.control
confTO_QUEUERETURN Timeout.queuereturn
confTO_QUEUEWARN Timeout.queuewarn
confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal
confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent
confTO_HOSTSTATUS Timeout.hoststatus
confTO_RESOLVER_RETRANS Timeout.resolver.retrans
confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
confTO_RESOLVER_RETRY Timeout.resolver.retry
confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
[/etc/mail/service.switch] The file
confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing
this. For example, if "FTP.Foo.ORG"
is a CNAME for "Cruft.Foo.ORG", then
"FTP" will return "FTP.Foo.ORG"; if
(/etc/passwd) group permissions.
Causes all file reads (e.g., .forward
receive a 452 error code (i.e., they
some support for these addresses (e.g.,
loopback interfaces (e.g., "lo0").
verification is performed, i.e.,
cert of the server, i.e., this cert
cert of the client, i.e., this cert
See sendmail/README for details.
confHELO_NAME HeloName If defined, use as name for EHLO/HELO
confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter
confMILTER_MACROS_CONNECT Milter.macros.connect
confMILTER_MACROS_HELO Milter.macros.helo
milters after HELO/EHLO command.
confMILTER_MACROS_ENVFROM Milter.macros.envfrom
confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
confMILTER_MACROS_EOM Milter.macros.eom
clients/daemons can be defined. This can be done via
protocol family (e.g., one for Family=inet and one for Family=inet6). A
INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
for it (which is installed as submit.cf).
- confDELIVERY_MODE is set to interactive in msp.m4 instead
features that influence the delivery process (e.g., mailertable,
aliases), or those that are only important for a SMTP server (e.g.,
feature/msp.m4 defines almost all settings for the MSP. Most of
If it is conditionally defined (i.e., ifdef()) then the desired
To see how the options are defined read feature/msp.m4.
Files that define classes, i.e., F{classname}, consist of lines
/etc/mail/local-host-names may have the following content:
Maps must be created using makemap(8) , e.g.,
site dependent; for example, "CS.Berkeley.EDU.m4"
describes hosts in the CS.Berkeley.EDU subdomain.
interest outside the .Berkeley.EDU domain, but who knows?
siteconfig Site configuration -- e.g., tables of locally connected
sendmail.cf file. Read them carefully if you are trying to modify
N host/domains that should not be mapped to $M