home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World Komputer 1999 March B
/
SCO_CASTOR4RRT.iso
/
base
/
root.13
/
etc
/
mail
/
cf
/
README
/
README~
Wrap
Text File
|
1998-08-19
|
75KB
|
1,858 lines
NEW SENDMAIL CONFIGURATION FILES
Eric Allman <eric@CS.Berkeley.EDU>
@(#)README 8.122 (Berkeley) 7/6/97
This document describes the sendmail configuration files being used
at Berkeley. These use features in the new (R8) sendmail; they will
not work on other versions.
These configuration files are probably not as general as previous
versions, and don't handle as many of the weird cases automagically.
I was able to simplify them for two reasons. First, the network
has become more consistent -- for example, at this point, everyone
on the internet is supposed to be running a name server, so hacks to
handle NIC-registered hosts can go away. Second, I assumed that a
subdomain would be running SMTP internally -- UUCP is presumed to be
a long-haul protocol. I realize that this is not universal, but it
does describe the vast majority of sites with which I am familiar,
including those outside the US.
Of course, the downside of this is that if you do live in a weird
world, things are going to get weirder for you. I'm sorry about that,
but at the time we at Berkeley had a problem, and it seemed like the
right thing to do.
This package requires a post-V7 version of m4; if you are running the
4.2bsd, SysV.2, or 7th Edition version, I suggest finding a friend with
a newer version. You can m4-expand on their system, then run locally.
SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work. GNU m4 version 1.1
or later also works. Unfortunately, I'm told that the M4 on BSDI 1.0
doesn't work -- you'll have to use a Net/2 or GNU version. GNU m4 is
available from ftp://prep.ai.mit.edu/pub/gnu/m4-1.4.tar.gz (check for
the latest version). EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken
(3.x is fine). Use GNU m4 on this platform.
IF YOU DON'T HAVE A BERKELEY MAKE, don't despair! Just run
"m4 ../m4/cf.m4 foo.mc > foo.cf" -- that should be all you need.
There is also a fairly crude (but functional) Makefile.dist that works
on the old version of make.
To get started, you may want to look at tcpproto.mc (for TCP-only
sites), uucpproto.mc (for UUCP-only sites), and clientproto.mc (for
clusters of clients using a single mail host). Others are versions
that we use at Berkeley, although not all are in current use. For
example, ucbarpa has gone away, but I've left ucbarpa.mc in because
it demonstrates some interesting techniques.
I'm not pretending that this README describes everything that these
configuration files can do; clever people can probably tweak them
to great effect. But it should get you started.
*******************************************************************
*** BE SURE YOU CUSTOMIZE THESE FILES! They have some ***
*** Berkeley-specific assumptions built in, such as the name ***
*** of our UUCP-relay. You'll want to create your own domain ***
*** description, and use that in place of domain/Berkeley.m4. ***
*******************************************************************
+--------------------------+
| INTRODUCTION AND EXAMPLE |
+--------------------------+
Configuration files are contained in the subdirectory "cf", with a
suffix ".mc". They must be run through "m4" to produce a ".cf" file.
You must pre-load "cf.m4":
m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
where ${CFDIR} is the root of the cf directory and config.mc is the
name of your configuration file. If you are running a version of M4
that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
this, but the versions distributed with 4.4BSD and derivatives do not)
or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example:
m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
Let's examine a typical .mc file:
divert(-1)
#
# Copyright (c) 1983 Eric P. Allman
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. All advertising materials mentioning features or use of this
# software # must display the following acknowledgement:
# This product includes software developed by the University of
# California, Berkeley and its contributors.
# 4. Neither the name of the University nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS''
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
# This is a Berkeley-specific configuration file for HP-UX 9.x.
# It applies only to the Computer Science Division at Berkeley,
# and should not be used elsewhere. It is provided on the sendmail
# distribution as a sample only. To create your own configuration
# file, create an appropriate domain file in ../domain, change the
# `DOMAIN' macro below to reference that file, and copy the result
# to a name of your own choosing.
#
divert(0)
The divert(-1) will delete the crud in the resulting output file.
The copyright notice can be replaced by whatever your lawyers require;
our lawyers require the one that I've included in my files. A copyleft
is a copyright by another name. The divert(0) restores regular output.
VERSIONID(`<SCCS or RCS version id>')
VERSIONID is a macro that stuffs the version information into the
resulting file. We use SCCS; you could use RCS, something else, or
omit it completely. This is not the same as the version id included
in SMTP greeting messages -- this is defined in m4/version.m4.
OSTYPE(hpux9)dnl
You must specify an OSTYPE to properly configure things such as the
pathname of the help and status files, the flags needed for the local
mailer, and other important things. If you omit it, you will get an
error when you try to build the configuration. Look at the ostype
directory for the list of known operating system types.
DOMAIN(CS.Berkeley.EDU)dnl
This example is specific to the Computer Science Division at Berkeley.
You can use "DOMAIN(generic)" to get a sufficiently bland definition
that may well work for you, or you can create a customized domain
definition appropriate for your environment.
MAILER(local)
MAILER(smtp)
These describe the mailers used at the default CS site site. The
local mailer is always included automatically. Beware: MAILER
declarations should always be at the end of the configuration file,
and MAILER(smtp) should always precede MAILER(uucp). The general
rules are that the order should be:
VERSIONID
OSTYPE
DOMAIN
FEATURE
local macro definitions
MAILER
LOCAL_RULESET_*
+----------------------------+
| A BRIEF INTRODUCTION TO M4 |
+----------------------------+
Sendmail uses the M4 macro processor to ``compile'' the configuration
files. The most important thing to know is that M4 is stream-based,
that is, it doesn't understand about lines. For this reason, in some
places you may see the word ``dnl'', which standards for ``delete
through newline''; essentially, it deletes all characters starting
at the ``dnl'' up to and including the next newline character. In
most cases sendmail uses this only to avoid lots of unnecessary
blank lines in the output.
Other important directives are define(A, B) which defines the macro
``A'' to have value ``B''. Macros are expanded as they are read, so
one normally quotes both values to prevent expansion. For example,
define(`SMART_HOST', `smart.foo.com')
One word of warning: M4 macros are expanded even in lines that appear
to be comments. For example, if you have
# See FEATURE(foo) above
it will not do what you expect, because the FEATURE(foo) will be
expanded. This also applies to
# And then define the $X macro to be the return address
because ``define'' is an M4 keyword. If you want to use them, surround
them with directed quotes, `like this'.
+--------+
| OSTYPE |
+--------+
You MUST define an operating system environment, or the configuration
file build will puke. There are several environments available; look
at the "ostype" directory for the current list. This macro changes
things like the location of the alias file and queue directory. Some
of these files are identical to one another.
It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
In general, the OSTYPE macro should go immediately after any version
information, and MAILER definitions should always go last.
Operating system definitions are usually easy to write. They may define
the following variables (everything defaults, so an ostype file may be
empty). Unfortunately, the list of configuration-supported systems is
not as broad as the list of source-supported systems, since many of
the source contributors do not include corresponding ostype files.
ALIAS_FILE [/etc/aliases] The location of the text version
of the alias file(s). It can be a comma-separated
list of names (but be sure you quote values with
commas in them -- for example, use
define(`ALIAS_FILE', `a,b')
to get "a" and "b" both listed as alias files;
otherwise the define() primitive only sees "a").
HELP_FILE [/usr/lib/sendmail.hf] The name of the file
containing information printed in response to
the SMTP HELP command.
QUEUE_DIR [/var/spool/mqueue] The directory containing
queue files.
STATUS_FILE [/etc/sendmail.st] The file containing status
information.
LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail.
LOCAL_MAILER_FLAGS [rmn] The flags used by the local mailer. The
flags lsDFM are always included.
LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local
mail.
LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local
mail that you are willing to accept.
LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to the
local mailer and which are converted to MIME will be
labelled with this character set.
LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email.
LOCAL_SHELL_FLAGS [eu] The flags used by the shell mailer. The
flags lsDFM are always included.
LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
mail.
LOCAL_SHELL_DIR [$z:/] The directory search path in which the
shell should run.
USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program
used to submit news.
USENET_MAILER_FLAGS [rlsDFMmn] The mailer flags for the usenet mailer.
USENET_MAILER_ARGS [-m -h -n] The command line arguments for the
usenet mailer.
USENET_MAILER_MAX [100000] The maximum size of messages that will
be accepted by the usenet mailer.
SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default
flags are `mDFMUX' for all SMTP-based mailers; the
"esmtp" mailer adds `a' and "smtp8" adds `8'.
SMTP_MAILER_MAX [undefined] The maximum size of messages that will
be transported using the smtp, smtp8, or esmtp
mailers.
SMTP_MAILER_ARGS [IPC $h] The arguments passed to the smtp mailer.
About the only reason you would want to change this
would be to change the default port.
ESMTP_MAILER_ARGS [IPC $h] The arguments passed to the esmtp mailer.
SMTP8_MAILER_ARGS [IPC $h] The arguments passed to the smtp8 mailer.
RELAY_MAILER_ARGS [IPC $h] The arguments passed to the relay mailer.
SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to one of
the SMTP mailers and which are converted to MIME will
be labelled with this character set.
UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail.
UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default
flags are `DFMhuU' (and `m' for uucp-new mailer,
minus `U' for uucp-dom mailer).
UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
passed to the UUCP mailer.
UUCP_MAILER_MAX [100000] The maximum size message accepted for
transmission by the UUCP mailers.
UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to one of
the UUCP mailers and which are converted to MIME will
be labelled with this character set.
FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to
submit FAX messages.
FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX
mailer.
FAX_MAILER_MAX [100000] The maximum size message accepted for
transmission by FAX.
POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer.
POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags "lsDFM"
are always added.
POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer.
PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail
program. This is also used by FEATURE(local_procmail).
PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags
``DFM'' are always set. This is NOT used by
FEATURE(local_procmail); tweak LOCAL_MAILER_FLAGS
instead.
PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
the Procmail mailer. This is NOT used by
FEATURE(local_procmail); tweak LOCAL_MAILER_ARGS
instead.
PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that
will be accepted by the procmail mailer.
MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer.
MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer.
MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11
mailer.
PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery
program.
PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer.
PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer.
CYRUS_MAILER_FLAGS [A5@] The flags used by the cyrus mailer. The
flags lsDFMnP are always included.
CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The progam used to deliver
cyrus mail.
CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed
to deliver cyrus mail.
CYRUS_MAILER_MAX [undefined] If set, the maximum size message that
will be accepted by the cyrus mailer.
CYRUS_MAILER_USER [cyrus:mail] The user and group to become when
running the cyrus mailer.
CYRUS_BB_MAILER_FLAGS [undefined] The flags used by the cyrusbb
mailer. The flags lsDFMnP are always included.
CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed
to deliver cyrusbb mail.
+---------+
| DOMAINS |
+---------+
You will probably want to collect domain-dependent defines into one
file, referenced by the DOMAIN macro. For example, our Berkeley
domain file includes definitions for several internal distinguished
hosts:
UUCP_RELAY The host that will accept UUCP-addressed email.
If not defined, all UUCP sites must be directly
connected.
BITNET_RELAY The host that will accept BITNET-addressed email.
If not defined, the .BITNET pseudo-domain won't work.
DECNET_RELAY The host that will accept DECNET-addressed email.
If not defined, the .DECNET pseudo-domain and addresses
of the form node::user will not work.
FAX_RELAY The host that will accept mail to the .FAX pseudo-domain.
The "fax" mailer overrides this value.
LOCAL_RELAY DEPRECATED. The site that will handle unqualified
names -- that is, names with out an @domain extension.
If not set, they are assumed to belong on this machine.
This allows you to have a central site to store a
company- or department-wide alias database. This
only works at small sites, and only with some user
agents.
LUSER_RELAY The site that will handle lusers -- that is, apparently
local names that aren't local accounts or aliases.
Any of these can be either ``mailer:hostname'' (in which case the
mailer is the internal mailer name, such as ``uucp-new'' and the hostname
is the name of the host as appropriate for that mailer) or just a
``hostname'', in which case a default mailer type (usually ``relay'',
a variant on SMTP) is used. WARNING: if you have a wildcard MX
record matching your domain, you probably want to define these to
have a trailing dot so that you won't get the mail diverted back
to yourself.
The domain file can also be used to define a domain name, if needed
(using "DD<domain>") and set certain site-wide features. If all hosts
at your site masquerade behind one email name, you could also use
MASQUERADE_AS here.
You do not have to define a domain -- in particular, if you are a
single machine sitting off somewhere, it is probably more work than
it's worth. This is just a mechanism for combining "domain dependent
knowledge" into one place.
+---------+
| MAILERS |
+---------+
There are fewer mailers supported in this version than the previous
version, owing mostly to a simpler world. As a general rule, put the
MAILER definitions last in your .mc file, and always put MAILER(smtp)
before MAILER(uucp) -- several features and definitions will modify
the definition of mailers, and the smtp mailer modifies the UUCP
mailer.
local The local and prog mailers. You will almost always
need these; the only exception is if you relay ALL
your mail to another site. This mailer is included
automatically.
smtp The Simple Mail Transport Protocol mailer. This does
not hide hosts behind a gateway or another other
such hack; it assumes a world where everyone is
running the name server. This file actually defines
four mailers: "smtp" for regular (old-style) SMTP to
other servers, "esmtp" for extended SMTP to other
servers, "smtp8" to do SMTP to other servers without
converting 8-bit data to MIME (essentially, this is
your statement that you know the other end is 8-bit
clean even if it doesn't say so), and "relay" for
transmission to our RELAY_HOST, LUSER_RELAY, or
MAILER_HUB.
uucp The Unix-to-Unix Copy Program mailer. Actually, this
defines two mailers, "uucp-old" (a.k.a. "uucp") and
"uucp-new" (a.k.a. "suucp"). The latter is for when you
know that the UUCP mailer at the other end can handle
multiple recipients in one transfer. If the smtp mailer
is also included in your configuration, two other mailers
("uucp-dom" and "uucp-uudom") are also defined [warning:
you MUST specify MAILER(smtp) before MAILER(uucp)]. When you
include the uucp mailer, sendmail looks for all names in
the $=U class and sends them to the uucp-old mailer; all
names in the $=Y class are sent to uucp-new; and all
names in the $=Z class are sent to uucp-uudom. Note that
this is a function of what version of rmail runs on
the receiving end, and hence may be out of your control.
See the section below describing UUCP mailers in more
detail.
usenet Usenet (network news) delivery. If this is specified,
an extra rule is added to ruleset 0 that forwards all
local email for users named ``group.usenet'' to the
``inews'' program. Note that this works for all groups,
and may be considered a security problem.
fax Facsimile transmission. This is experimental and based
on Sam Leffler's HylaFAX software. For more information,
see http://www.vix.com/hylafax/.
pop Post Office Protocol.
procmail An interface to procmail (does not come with sendmail).
This is designed to be used in mailertables. For example,
a common question is "how do I forward all mail for a given
domain to a single person?". If you have this mailer
defined, you could set up a mailertable reading:
host.com procmail:/etc/procmailrcs/host.com
with the file /etc/procmailrcs/host.com reading:
:0 # forward mail for host.com
! -oi -f $1 person@other.host
This would arrange for (anything)@host.com to be sent
to person@other.host. Within the procmail script, $1 is
the name of the sender and $2 is the name of the recipient.
If you use this with FEATURE(local_procmail), the FEATURE
should be listed first.
mail11 The DECnet mail11 mailer, useful only if you have the mail11
program from gatekeeper.dec.com:/pub/DEC/gwtools (and
DECnet, of course). This is for Phase IV DECnet support;
if you have Phase V at your site you may have additional
problems.
phquery The phquery program. This is somewhat counterintuitively
referenced as the "ph" mailer internally. It can be used
to do CCSO name server lookups. The phquery program, which
this mailer uses, is distributed with the ph client.
cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to
a local cyrus user. this mailer can make use of the
"user+detail@local.host" syntax; it will deliver the mail to
the user's "detail" mailbox if the mailbox's ACL permits.
The cyrusbb mailer delivers to a system-wide cyrus mailbox
if the mailbox's ACL permits.
The local mailer accepts addresses of the form "user+detail", where
the "+detail" is not used for mailbox matching but is available
to certain local mail programs (in particular, see FEATURE(local_procmail)).
For example, "eric", "eric+sendmail", and "eric+sww" all indicate
the same user, but additional arguments <null>, "sendmail", and "sww"
may be provided for use in sorting mail.
+----------+
| FEATURES |
+----------+
Special features can be requested using the "FEATURE" macro. For
example, the .mc line:
FEATURE(use_cw_file)
tells sendmail that you want to have it read an /etc/sendmail.cw
file to get values for class $=w. The FEATURE may contain a single
optional parameter -- for example:
FEATURE(mailertable, dbm /usr/lib/mailertable)
Available features are:
use_cw_file Read the file /etc/sendmail.cw file to get alternate
names for this host. This might be used if you were
on a host that MXed for a dynamic set of other
hosts. If the set is static, just including the line
"Cw<name1> <name2> ..." is probably superior.
The actual filename can be overridden by redefining
confCW_FILE.
use_ct_file Read the file /etc/sendmail.ct file to get the names
of users that will be ``trusted'', that is, able to
set their envelope from address using -f without
generating a warning message.
The actual filename can be overridden by redefining
confCT_FILE.
redirect Reject all mail addressed to "address.REDIRECT" with
a ``551 User not local; please try <address>'' message.
If this is set, you can alias people who have left
to their new address with ".REDIRECT" appended.
nouucp Don't do anything special with UUCP addresses at all.
nocanonify Don't pass addresses to $[ ... $] for canonification.
This would generally only be used by sites that only
act as mail gateways or which have user agents that do
full canonification themselves. You may also want to
use "define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')" to
turn off the usual resolver options that do a similar
thing.
stickyhost If set, email sent to "user@local.host" are marked
as "sticky" -- that is, the local addresses aren't
matched against UDB and don't go through ruleset 5.
This is used if you want a set up where "user" is
not necessarily the same as "user@local.host", e.g.,
to make a distinct domain-wide namespace. Prior to
8.7 this was the default, and notsticky was used to
turn this off.
mailertable Include a "mailer table" which can be used to override
routing for particular domains. The argument of the
FEATURE may be the key definition. If none is specified,
the definition used is:
hash -o /etc/mailertable
Keys in this database are fully qualified domain names
or partial domains preceded by a dot -- for example,
"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".
Values must be of the form:
mailer:domain
where "mailer" is the internal mailer name, and "domain"
is where to send the message. These maps are not
reflected into the message header.
domaintable Include a "domain table" which can be used to provide
domain name mapping. Use of this should really be
limited to your own domains. It may be useful if you
change names (e.g., your company changes names from
oldname.com to newname.com). The argument of the
FEATURE may be the key definition. If none is specified,
the definition used is:
hash -o /etc/domaintable
The key in this table is the domain name; the value is
the new (fully qualified) domain. Anything in the
domaintable is reflected into headers; that is, this
is done in ruleset 3.
bitdomain Look up bitnet hosts in a table to try to turn them into
internet addresses. The table can be built using the
bitdomain program contributed by John Gardiner Myers.
The argument of the FEATURE may be the key definition; if
none is specified, the definition used is:
hash -o /etc/bitdomain.db
Keys are the bitnet hostname; values are the corresponding
internet hostname.
uucpdomain Similar feature for UUCP hosts. The default map definition
is:
hash -o /etc/uudomain.db
At the moment there is no automagic tool to build this
database.
always_add_domain
Include the local host domain even on locally delivered
mail. Normally it is not added on unqualified names.
However, if you use a shared message store but do not use
the same user name space everywhere, you may need the host
name on local names.
allmasquerade If masquerading is enabled (using MASQUERADE_AS), this
feature will cause recipient addresses to also masquerade
as being from the masquerade host. Normally they get
the local hostname. Although this may be right for
ordinary users, it can break local aliases. For example,
if you send to "localalias", the originating sendmail will
find that alias and send to all members, but send the
message with "To: localalias@masqueradehost". Since that
alias likely does not exist, replies will fail. Use this
feature ONLY if you can guarantee that the ENTIRE
namespace on your masquerade host supersets all the
local entries.
limited_masquerade
Normally, any hosts listed in $=w are masqueraded. If this
feature is given, only the hosts listed in $=M are masqueraded.
This is useful if you have several domains with disjoint
namespaces hosted on the same machine.
masquerade_entire_domain
If masquerading is enabled (using MASQUERADE_AS) and
MASQUERADE_DOMAIN (see below) is set, this feature will
cause addresses to be rewritten such that the masquerading
domains are actually entire domains to be hidden. All
hosts within the masquerading domains will be rewritten
to the masquerade name (used in MASQUERADE_AS). For example,
if you have:
MASQUERADE_AS(masq.com)
MASQUERADE_DOMAIN(foo.org)
MASQUERADE_DOMAIN(bar.com)
then *foo.org and *bar.com are converted to masq.com. Without
this feature, only foo.org and bar.com are masqueraded.
NOTE: only domains within your jurisdiction and
current hierarchy should be masqueraded using this.
genericstable This feature will cause certain addresses originating in the
local domain or a domain listed in $=G to be looked up in a
map and turned into another ("generic") form, which can change
both the domain name and the user name. This is similar to
the userdb functionality. The same types of addresses as for
masquerading are looked up, i.e. only header sender addresses
unless the allmasquerade and/or masquerade_envelope features
are given. The addresses must be in the list of names given
by the macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE
(analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE,
see below).
The argument of FEATURE(genericstable) may be the map
defintion; the default map definition is:
hash -o /etc/genericstable
The key for this table is either the full address or the
unqualified username (the former is tried first); the
value is the new user address. If the new user address does
not include a domain, $j is used. Note that the address must
being looked up must be fully qualified. For local mail, it
is necessary to use FEATURE(always_add_domain) for the
addresses to be qualified.
virtusertable A domain-specific form of aliasing, allowing multiple
virtual domains to be hosted on one machine. For example,
if the virtuser table contained:
info@foo.com foo-info
info@bar.com bar-info
@baz.org jane@elsewhere.net
then mail addressed to info@foo.com will be sent to the
address foo-info, mail addressed to info@bar.com will be
delivered to bar-info, and mail addressed to anyone at
baz.org will be sent to jane@elsewhere.net. The username
from the original address is passed as %1 allowing:
@foo.org %1@elsewhere.com
meaning someone@foo.org will be sent to someone@elsewhere.com.
All the host names on the left hand side (foo.com, bar.com,
and baz.org) must be in $=w. The default map definition is:
hash -o /etc/virtusertable
A new definition can be specified as the second argument of
the FEATURE macro, such as
FEATURE(virtusertable, dbm -o /etc/mail/virtusers)
nodns We aren't running DNS at our site (for example,
we are UUCP-only connected). It's hard to consider
this a "feature", but hey, it had to go somewhere.
Actually, as of 8.7 this is a no-op -- remove "dns" from
the hosts service switch entry instead.
nullclient This is a special case -- it creates a stripped down
configuration file containing nothing but support for
forwarding all mail to a central hub via a local
SMTP-based network. The argument is the name of that
hub.
The only other feature that should be used in conjunction
with this one is "nocanonify" (this causes addresses to
be sent unqualified via the SMTP connection; normally
they are qualifed with the masquerade name, which
defaults to the name of the hub machine). No mailers
should be defined. No aliasing or forwarding is done.
local_procmail Use procmail as the local mailer. This mailer can
make use of the "user+indicator@local.host" syntax;
normally the +indicator is just tossed, but by default
it is passed as the -a argument to procmail. The
argument to this feature is the pathname of procmail,
which defaults to PROCMAIL_MAILER_PATH. Note that this
does NOT use PROCMAIL_MAILER_FLAGS or PROCMAIL_MAILER_ARGS
for the local mailer; tweak LOCAL_MAILER_FLAGS and
LOCAL_MAILER_ARGS instead.
bestmx_is_local Accept mail as though locally addressed for any host that
lists us as the best possible MX record. This generates
additional DNS traffic, but should be OK for low to
medium traffic hosts. THIS FEATURE IS FUNDAMENTALLY
INCOMPATIBLE WITH WILDCARD MX RECORDS!!! If you have
a wildcard MX record that matches your domain, you
cannot use this feature.
smrsh Use the SendMail Restricted SHell (smrsh) provided
with the distribution instead of /bin/sh for mailing
to programs. This improves the ability of the local
system administrator to control what gets run via
e-mail. If an argument is provided it is used as the
pathname to smrsh; otherwise, /usr/local/etc/smrsh is
assumed.
+-------+
| HACKS |
+-------+
Some things just can't be called features. To make this clear,
they go in the hack subdirectory and are referenced using the HACK
macro. These will tend to be site-dependent. The release
includes the Berkeley-dependent "cssubdomain" hack (that makes
sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
this is intended as a short-term aid while we move hosts into
subdomains.
+--------------------+
| SITE CONFIGURATION |
+--------------------+
*****************************************************
* This section is really obsolete, and is preserved *
* only for back compatibility. You should plan on *
* using mailertables for new installations. In *
* particular, it doesn't work for the newer forms *
* of UUCP mailers, such as uucp-uudom. *
*****************************************************
Complex sites will need more local configuration information, such as
lists of UUCP hosts they speak with directly. This can get a bit more
tricky. For an example of a "complex" site, see cf/ucbvax.mc.
If your host is known by several different names, you need to augment
the $=w class. This is a list of names by which you are known, and
anything sent to an address using a host name in this list will be
treated as local mail. You can do this in two ways: either create
the file /etc/sendmail.cw containing a list of your aliases (one per
line), and use ``FEATURE(use_cw_file)'' in the .mc file, or add the
line:
Cw alias.host.name
at the end of that file. See the ``vangogh.mc'' file for an example.
Be sure you use the fully-qualified name of the host, rather than a
short name.
The SITECONFIG macro allows you to indirectly reference site-dependent
configuration information stored in the siteconfig subdirectory. For
example, the line
SITECONFIG(uucp.ucbvax, ucbvax, U)
reads the file uucp.ucbvax for local connection information. The
second parameter is the local name (in this case just "ucbvax" since
it is locally connected, and hence a UUCP hostname). The third
parameter is the name of both a macro to store the local name (in
this case, $U) and the name of the class (e.g., $=U) in which to store
the host information read from the file. Another SITECONFIG line reads
SITECONFIG(uucp.ucbarpa, ucbarpa.Berkeley.EDU, W)
This says that the file uucp.ucbarpa contains the list of UUCP sites
connected to ucbarpa.Berkeley.EDU. The $=W class will be used to
store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
is, the name of the relay to which the hosts listed in uucp.ucbarpa
are connected. [The machine ucbarpa is gone now, but I've left
this out-of-date configuration file around to demonstrate how you
might do this.]
Note that the case of SITECONFIG with a third parameter of ``U'' is
special; the second parameter is assumed to be the UUCP name of the
local site, rather than the name of a remote site, and the UUCP name
is entered into $=w (the list of local hostnames) as $U.UUCP.
The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
more than a sequence of SITE macros describing connectivity. For
example:
SITE(cnmat)
SITE(sgi olympus)
The second example demonstrates that you can use two names on the
same line; these are usually aliases for the same host (or are at
least in the same company).
+--------------------+
| USING UUCP MAILERS |
+--------------------+
It's hard to get UUCP mailers right because of the extremely ad hoc
nature of UUCP addressing. These config files are really designed
for domain-based addressing, even for UUCP sites.
There are four UUCP mailers available. The choice of which one to
use is partly a matter of local preferences and what is running at
the other end of your UUCP connection. Unlike good protocols that
define what will go over the wire, UUCP uses the policy that you
should do what is right for the other end; if they change, you have
to change. This makes it hard to do the right thing, and discourages
people from updating their software. In general, if you can avoid
UUCP, please do.
The major choice is whether to go for a domainized scheme or a
non-domainized scheme. This depends entirely on what the other
end will recognize. If at all possible, you should encourage the
other end to go to a domain-based system -- non-domainized addresses
don't work entirely properly.
The four mailers are:
uucp-old (obsolete name: "uucp")
This is the oldest, the worst (but the closest to UUCP) way of
sending messages accros UUCP connections. It does bangify
everything and prepends $U (your UUCP name) to the sender's
address (which can already be a bang path itself). It can
only send to one address at a time, so it spends a lot of
time copying duplicates of messages. Avoid this if at all
possible.
uucp-new (obsolete name: "suucp")
The same as above, except that it assumes that in one rmail
command you can specify several recipients. It still has a
lot of other problems.
uucp-dom
This UUCP mailer keeps everything as domain addresses.
Basically, it uses the SMTP mailer rewriting rules. This mailer
is only included if MAILER(smtp) is also specified.
Unfortunately, a lot of UUCP mailer transport agents require
bangified addresses in the envelope, although you can use
domain-based addresses in the message header. (The envelope
shows up as the From_ line on UNIX mail.) So....
uucp-uudom
This is a cross between uucp-new (for the envelope addresses)
and uucp-dom (for the header addresses). It bangifies the
envelope sender (From_ line in messages) without adding the
local hostname, unless there is no host name on the address
at all (e.g., "wolf") or the host component is a UUCP host name
instead of a domain name ("somehost!wolf" instead of
"some.dom.ain!wolf"). This is also included only if MAILER(smtp)
is also specified.
Examples:
We are on host grasp.insa-lyon.fr (UUCP host name "grasp"). The
following summarizes the sender rewriting for various mailers.
Mailer sender rewriting in the envelope
------ ------ -------------------------
uucp-{old,new} wolf grasp!wolf
uucp-dom wolf wolf@grasp.insa-lyon.fr
uucp-uudom wolf grasp.insa-lyon.fr!wolf
uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
uucp-dom wolf@fr.net wolf@fr.net
uucp-uudom wolf@fr.net fr.net!wolf
uucp-{old,new} somehost!wolf grasp!somehost!wolf
uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
If you are using one of the domainized UUCP mailers, you really want
to convert all UUCP addresses to domain format -- otherwise, it will
do it for you (and probably not the way you expected). For example,
if you have the address foo!bar!baz (and you are not sending to foo),
the heuristics will add the @uucp.relay.name or @local.host.name to
this address. However, if you map foo to foo.host.name first, it
will not add the local hostname. You can do this using the uucpdomain
feature.
+-------------------+
| TWEAKING RULESETS |
+-------------------+
For more complex configurations, you can define special rules.
The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
the names. Any modifications made here are reflected in the header.
A common use is to convert old UUCP addreses to SMTP addresses using
the UUCPSMTP macro. For example:
LOCAL_RULE_3
UUCPSMTP(decvax, decvax.dec.com)
UUCPSMTP(research, research.att.com)
will cause addresses of the form "decvax!user" and "research!user"
to be converted to "user@decvax.dec.com" and "user@research.att.com"
respectively.
This could also be used to look up hosts in a database map:
LOCAL_RULE_3
R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3
This map would be defined in the LOCAL_CONFIG portion, as shown below.
Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
For example, new rules are needed to parse hostnames that you accept
via MX records. For example, you might have:
LOCAL_RULE_0
R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
You would use this if you had installed an MX record for cnmat.Berkeley.EDU
pointing at this host; this rule catches the message and forwards it on
using UUCP.
You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
These rulesets are normally empty.
A similar macro is LOCAL_CONFIG. This introduces lines added after the
boilerplate option setting but before rulesets, and can be used to
declare local database maps or whatever. For example:
LOCAL_CONFIG
Khostmap hash /etc/hostmap.db
Kyplocal nis -m hosts.byname
+---------------------------+
| MASQUERADING AND RELAYING |
+---------------------------+
You can have your host masquerade as another using
MASQUERADE_AS(host.domain)
This causes mail being sent to be labeled as coming from the
indicated host.domain, rather than $j. One normally masquerades as
one of one's own subdomains (for example, it's unlikely that I would
choose to masquerade as an MIT site). This behaviour is modified by
a plethora of FEATUREs; in particular, see masquerade_envelope,
allmasquerade, limited_masquerade, and masquerade_entire_domain.
The masquerade name is not normally canonified, so it is important
that it be your One True Name, that is, fully qualified and not a
CNAME. However, if you use a CNAME, the receiving side may canonify
it for you, so don't think you can cheat CNAME mapping this way.
Normally the only addresses that are masqueraded are those that come
from this host (that is, are either unqualified or in $=w, the list
of local domain names). You can augment this list using
MASQUERADE_DOMAIN(otherhost.domain)
The effect of this is that although mail to user@otherhost.domain
will not be delivered locally, any mail including any user@otherhost.domain
will, when relayed, be rewritten to have the MASQUERADE_AS address.
This can be a space-separated list of names.
If these names are in a file, you can use
MASQUERADE_DOMAIN_FILE(filename)
to read the list of names from the indicated file.
Normally only header addresses are masqueraded. If you want to
masquerade the envelope as well, use
FEATURE(masquerade_envelope)
There are always users that need to be "exposed" -- that is, their
internal site name should be displayed instead of the masquerade name.
Root is an example. You can add users to this list using
EXPOSED_USER(usernames)
This adds users to class E; you could also use something like
FE/etc/sendmail.cE
You can also arrange to relay all unqualified names (that is, names
without @host) to a relay host. For example, if you have a central
email server, you might relay to that host so that users don't have
to have .forward files or aliases. You can do this using
define(`LOCAL_RELAY', mailer:hostname)
The ``mailer:'' can be omitted, in which case the mailer defaults to
"relay". There are some user names that you don't want relayed, perhaps
because of local aliases. A common example is root, which may be
locally aliased. You can add entries to this list using
LOCAL_USER(usernames)
This adds users to class L; you could also use something like
FL/etc/sendmail.cL
If you want all incoming mail sent to a centralized hub, as for a
shared /var/spool/mail scheme, use
define(`MAIL_HUB', mailer:hostname)
Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY
and MAIL_HUB _AND_ you have FEATURE(stickyhost), unqualified names will
be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
Names in $=L will be delivered locally, so you MUST have aliases or
.forward files for them.
For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
FEATURE(stickyhost), the following combinations of settings will have the
indicated effects:
email sent to.... eric eric@mastodon.CS.Berkeley.EDU
LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally)
mail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done)
Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
MAIL_HUB set as above (no local aliasing) (aliasing done)
If you do not have FEATURE(stickyhost) set, then LOCAL_RELAY and
MAIL_HUB act identically, with MAIL_HUB taking precedence.
If you want all outgoing mail to go to a central relay site, define
SMART_HOST as well. Briefly:
LOCAL_RELAY applies to unqualifed names (e.g., "eric").
MAIL_HUB applies to names qualified with the name of the
local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
SMART_HOST applies to names qualified with other hosts.
However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
really want absolutely everything to go to a single central site you will
need to unset all the other relays -- or better yet, find or build a
minimal config file that does this.
For duplicate suppression to work properly, the host name is best
specified with a terminal dot:
define(`MAIL_HUB', `host.domain.')
note the trailing dot ---^
+--------------------------------+
| ADDING NEW MAILERS OR RULESETS |
+--------------------------------+
Sometimes you may need to add entirely new mailers or rulesets. They
should be introduced with the constructs MAILER_DEFINITIONS and
LOCAL_RULESETS respectively. For example:
MAILER_DEFINITIONS
Mmymailer, ...
...
LOCAL_RULESETS
Scheck_relay
...
+-------------------------------+
| NON-SMTP BASED CONFIGURATIONS |
+-------------------------------+
These configuration files are designed primarily for use by SMTP-based
sites. I don't pretend that they are well tuned for UUCP-only or
UUCP-primarily nodes (the latter is defined as a small local net
connected to the rest of the world via UUCP). However, there is one
hook to handle some special cases.
You can define a ``smart host'' that understands a richer address syntax
using:
define(`SMART_HOST', mailer:hostname)
In this case, the ``mailer:'' defaults to "relay". Any messages that
can't be handled using the usual UUCP rules are passed to this host.
If you are on a local SMTP-based net that connects to the outside
world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
For example:
define(`SMART_HOST', suucp:uunet)
LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
This will cause all names that end in your domain name ($m) via
SMTP; anything else will be sent via suucp (smart UUCP) to uunet.
If you have FEATURE(nocanonify), you may need to omit the dots after
the $m. If you are running a local DNS inside your domain which is
not otherwise connected to the outside world, you probably want to
use:
define(`SMART_HOST', smtp:fire.wall.com)
LOCAL_NET_CONFIG
R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3
That is, send directly only to things you found in your DNS lookup;
anything else goes through SMART_HOST.
+-----------+
| WHO AM I? |
+-----------+
Normally, the $j macro is automatically defined to be your fully
qualified domain name (FQDN). Sendmail does this by getting your
host name using gethostname and then calling gethostbyname on the
result. For example, in some environments gethostname returns
only the root of the host name (such as "foo"); gethostbyname is
supposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
cases, gethostbyname may fail to return the FQDN. In this case
you MUST define confDOMAIN_NAME to be your fully qualified domain
name. This is usually done using:
Dmbar.com
define(`confDOMAIN_NAME', `$w.$m')dnl
+--------------------+
| USING MAILERTABLES |
+--------------------+
To use FEATURE(mailertable), you will have to create an external
database containing the routing information for various domains.
For example, a mailertable file in text format might be:
.my.domain xnet:%1.my.domain
uuhost1.my.domain suucp:uuhost1
.bitnet smtp:relay.bit.net
This should normally be stored in /etc/mailertable. The actual
database version of the mailertable is built using:
makemap hash /etc/mailertable.db < /etc/mailertable
The semantics are simple. Any LHS entry that does not begin with
a dot matches the full host name indicated. LHS entries beginning
with a dot match anything ending with that domain name -- that is,
they can be thought of as having a leading "*" wildcard. Matching
is done in order of most-to-least qualified -- for example, even
though ".my.domain" is listed first in the above example, an entry
of "uuhost1.my.domain" will match the second entry since it is
more explicit.
The RHS should always be a "mailer:host" pair. The mailer is the
configuration name of a mailer (that is, an `M' line in the
sendmail.cf file). The "host" will be the hostname passed to
that mailer. In domain-based matches (that is, those with leading
dots) the "%1" may be used to interpolate the wildcarded part of
the host name. For example, the first line above sends everything
addressed to "anything.my.domain" to that same host name, but using
the (presumably experimental) xnet mailer.
In some cases you may want to temporarily turn off MX records,
particularly on gateways. For example, you may want to MX
everything in a domain to one machine that then forwards it
directly. To do this, you might use the DNS configuration:
*.domain. IN MX 0 relay.machine
and on relay.machine use the mailertable:
.domain smtp:[gateway.domain]
The [square brackets] turn off MX records for this host only.
If you didn't do this, the mailertable would use the MX record
again, which would give you an MX loop.
+--------------------------------+
| USING USERDB TO MAP FULL NAMES |
+--------------------------------+
The user database was not originally intended for mapping full names
to login names (e.g., Eric.Allman => eric), but some people are using
it that way. (I would recommend that you set up aliases for this
purpose instead -- since you can specify multiple alias files, this
is fairly easy.) The intent was to locate the default maildrop at
a site, but allow you to override this by sending to a specific host.
If you decide to set up the user database in this fashion, it is
imperative that you not use FEATURE(stickyhost) -- otherwise,
e-mail sent to Full.Name@local.host.name will be rejected.
To build the internal form of the user database, use:
makemap btree /usr/data/base.db < /usr/data/base.txt
As a general rule, I am adamantly opposed to using full names as
e-mail addresses, since they are not in any sense unique. For example,
the Unix software-development community has two Andy Tannenbaums,
at least two well-known Peter Deutsches, and at one time Bell Labs
had two Stephen R. Bournes with offices along the same hallway.
Which one will be forced to suffer the indignity of being
Stephen_R_Bourne_2? The less famous of the two, or the one that
was hired later?
Finger should handle full names (and be fuzzy). Mail should use
handles, and not be fuzzy. [Not that I expect anyone to pay any
attention to my opinions.]
+--------------------------------+
| MISCELLANEOUS SPECIAL FEATURES |
+--------------------------------+
Plussed users
Sometimes it is convenient to merge configuration on a
centralized mail machine, for example, to forward all
root mail to a mail server. In this case it might be
useful to be able to treat the root addresses as a class
of addresses with subtle differences. You can do this
using plussed users. For example, a client might include
the alias:
root: root+client1@server
On the server, this will match an alias for "root+client1".
If that is not found, the alias "root+*" will be tried,
then "root".
LDAP
For notes on use LDAP in sendmail, see
http://www-leland.stanford.edu/~bbense/Inst.html
+----------------+
| SECURITY NOTES |
+----------------+
A lot of sendmail security comes down to you. Sendmail 8 is much
more careful about checking for security problems than previous
versions, but there are some things that you still need to watch
for. In particular:
* Make sure the aliases file isn't writable except by trusted
system personnel. This includes both the text and database
version.
* Make sure that other files that sendmail reads, such as the
mailertable, are only writable by trusted system personnel.
* The queue directory should not be world writable PARTICULARLY
if your system allows "file giveaways" (that is, if a non-root
user can chown any file they own to any other user).
* If your system allows file giveaways, DO NOT create a publically
writable directory for forward files. This will allow anyone
to steal anyone else's e-mail. Instead, create a script that
copies the .forward file from users' home directories once a
night (if you want the non-NFS-mounted forward directory).
* If your system allows file giveaways, you'll find that
sendmail is much less trusting of :include: files -- in
particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
/etc/shells before they will be trusted (that is, before
files and programs listed in them will be honored).
In general, file giveaways are a mistake -- if you can turn them
off I recommend you do so.
+--------------------------------+
| TWEAKING CONFIGURATION OPTIONS |
+--------------------------------+
There are a large number of configuration options that don't normally
need to be changed. However, if you feel you need to tweak them, you
can define the following M4 variables. This list is shown in four
columns: the name you define, the default value for that definition,
the option or macro that is affected (either Ox for an option or Dx
for a macro), and a brief description. Greater detail of the semantics
can be found in the Installation and Operations Guide.
Some options are likely to be deprecated in future versions -- that is,
the option is only included to provide back-compatibility. These are
marked with "*".
Remember that these options are M4 variables, and hence may need to
be quoted. In particular, arguments with commas will usually have to
be ``double quoted, like this phrase'' to avoid having the comma
confuse things. This is common for alias file definitions and for
the read timeout.
M4 Variable Name Configuration Description & [Default]
================ ============= =======================
confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
for internally generated outgoing
messages.
confDOMAIN_NAME $j macro If defined, sets $j. This should
only be done if your system cannot
determine your local domain name,
and then it should be set to
$w.Foo.COM, where Foo.COM is your
domain name.
confCF_VERSION $Z macro If defined, this is appended to the
configuration version name.
confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
internally generated From: address.
confRECEIVED_HEADER Received:
[$?sfrom $s .$?_($?s$|from $.$_)
$.by $j ($v/$Z)$?r with $r$. id $i$?u
for $u$.;
$b]
The format of the Received: header
in messages passed through this host.
It is unwise to try to change this.
confCW_FILE Fw class [/etc/sendmail.cw] Name of file used
to get the local additions to the $=w
(local host names) class.
confCT_FILE Ft class [/etc/sendmail.ct] Name of file used
to get the local additions to the $=t
(trusted users) class.
confTRUSTED_USERS Ct class [no default] Names of users to add to
the list of trusted users. This list
always includes root, uucp, and daemon.
See also FEATURE(use_ct_file).
confSMTP_MAILER - [esmtp] The mailer name used when
SMTP connectivity is required.
One of "smtp", "smtp8", or "esmtp".
confUUCP_MAILER - [uucp-old] The mailer to be used by
default for bang-format recipient
addresses. See also discussion of
$=U, $=Y, and $=Z in the MAILER(uucp)
section.
confLOCAL_MAILER - [local] The mailer name used when
local connectivity is required.
Almost always "local".
confRELAY_MAILER - [relay] The default mailer name used
for relaying any mail (e.g., to a
BITNET_RELAY, a SMART_HOST, or
whatever). This can reasonably be
"uucp-new" if you are on a
UUCP-connected site.
confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits?
confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
confALIAS_WAIT AliasWait [10m] Time to wait for alias file
rebuild until you get bored and
decide that the apparently pending
rebuild failed.
confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on
queue filesystem to accept SMTP mail.
(Prior to 8.7 this was minfree/maxsize,
where minfree was the number of free
blocks and maxsize was the maximum
message size. Use confMAX_MESSAGE_SIZE
for the second value now.)
confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages
that will be accepted (in bytes).
confBLANK_SUB BlankSub [.] Blank (space) substitution
character.
confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately
to mailers marked expensive?
confCHECKPOINT_INTERVAL CheckpointInterval
[10] Checkpoint queue files every N
recipients.
confDELIVERY_MODE DeliveryMode [background] Default delivery mode.
confAUTO_REBUILD AutoRebuildAliases
[False] Automatically rebuild alias
file if needed.
confERROR_MODE ErrorMode [print] Error message mode.
confERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
confSAVE_FROM_LINES SafeFromLine Save extra leading From_ lines.
confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode.
confMATCH_GECOS MatchGECOS [True] Match GECOS field.
confMAX_HOP MaxHopCount [25] Maximum hop count.
confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd mode]
Ignore dot as terminator for incoming
messages?
confBIND_OPTS ResolverOptions [undefined] Default options for DNS
resolver.
confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
encapsulated messages per RFC 1344.
confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward]
The colon-separated list of places to
search for .forward files. N.B.: see
the Security Notes section.
confMCI_CACHE_SIZE ConnectionCacheSize
[2] Size of open connection cache.
confMCI_CACHE_TIMEOUT ConnectionCacheTimeout
[5m] Open connection cache timeout.
confHOST_STATUS_DIRECTORY HostStatusDirectory
[undefined] If set, host status is kept
on disk between sendmail runs in the
named directory tree. This need not be
a full pathname, in which case it is
interpreted relative to the queue
directory.
confSINGLE_THREAD_DELIVERY SingleThreadDelivery
[False] If this option and the
HostStatusDirectory option are both
set, single thread deliveries to other
hosts. That is, don't allow any two
sendmails on this host to connect
simultaneously to any other single
host. This can slow down delivery in
some cases, in particular since a
cached but otherwise idle connection
to a host will prevent other sendmails
from connecting to the other host.
confUSE_ERRORS_TO* UserErrorsTo [False] Use the Errors-To: header to
deliver error messages. This should
not be necessary because of general
acceptance of the envelope/header
distinction.
confLOG_LEVEL LogLevel [9] Log level.
confME_TOO MeToo [False] Include sender in group
expansions.
confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when
running newaliases. Since this does
DNS lookups on every address, it can
slow down the alias rebuild process
considerably on large alias files.
confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without
special chars are old style.
confDAEMON_OPTIONS DaemonPortOptions
[none] SMTP daemon options.
confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags.
confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
copies of all error messages.
confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
syntax addresses to the minimum
possible.
confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk
before forking.
confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
on the initial connect.
confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial
connect() to complete. This can only
shorten connection timeouts; the kernel
silently enforces an absolute maximum
(which varies depending on the system).
confTO_ICONNECT Timeout.iconnect
[undefined] Like Timeout.connect, but
applies only to the very first attempt
to connect to a host in a message.
This allows a single very fast pass
followed by more careful delivery
attempts in the future.
confTO_HELO Timeout.helo [5m] The timeout waiting for a response
to a HELO or EHLO command.
confTO_MAIL Timeout.mail [10m] The timeout waiting for a
response to the MAIL command.
confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response
to the RCPT command.
confTO_DATAINIT Timeout.datainit
[5m] The timeout waiting for a 354
response from the DATA command.
confTO_DATABLOCK Timeout.datablock
[1h] The timeout waiting for a block
during DATA phase.
confTO_DATAFINAL Timeout.datafinal
[1h] The timeout waiting for a response
to the final "." that terminates a
message.
confTO_RSET Timeout.rset [5m] The timeout waiting for a response
to the RSET command.
confTO_QUIT Timeout.quit [2m] The timeout waiting for a response
to the QUIT command.
confTO_MISC Timeout.misc [2m] The timeout waiting for a response
to other SMTP commands.
confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout waiting
for a command to be issued.
confTO_IDENT Timeout.ident [30s] The timeout waiting for a response
to an IDENT query.
confTO_FILEOPEN Timeout.fileopen
[60s] The timeout waiting for a file
(e.g., :include: file) to be opened.
confTO_QUEUERETURN Timeout.queuereturn
[5d] The timeout before a message is
returned as undeliverable.
confTO_QUEUERETURN_NORMAL
Timeout.queuereturn.normal
[undefined] As above, for normal
priority messages.
confTO_QUEUERETURN_URGENT
Timeout.queuereturn.urgent
[undefined] As above, for urgent
priority messages.
confTO_QUEUERETURN_NONURGENT
Timeout.queuereturn.non-urgent
[undefined] As above, for non-urgent
(low) priority messages.
confTO_QUEUEWARN Timeout.queuewarn
[4h] The timeout before a warning
message is sent to the sender telling
them that the message has been deferred.
confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal
[undefined] As above, for normal
priority messages.
confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent
[undefined] As above, for urgent
priority messages.
confTO_QUEUEWARN_NONURGENT
Timeout.queuewarn.non-urgent
[undefined] As above, for non-urgent
(low) priority messages.
confTO_HOSTSTATUS Timeout.hoststatus
[30m] How long information about host
statuses will be maintained before it
is considered stale and the host should
be retried. This applies both within
a single queue run and to persistent
information (see below).
confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
USE_SYSTEM to use the system's idea,
USE_TZ to use the user's TZ envariable,
or something else to force that value.
confDEF_USER_ID DefaultUser [1:1] Default user id.
confUSERDB_SPEC UserDatabaseSpec
[undefined] User database specification.
confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
confTRY_NULL_MX_LIST TryNullMXList [False] If we are the best MX for a
host and haven't made other
arrangements, try connecting to the
host directly; normally this would be
a config error.
confQUEUE_LA QueueLA [8] Load average at which queue-only
function kicks in.
confREFUSE_LA RefuseLA [12] Load average at which incoming
SMTP connections are refused.
confMAX_DAEMON_CHILDREN MaxDaemonChildren
[undefined] The maximum number of
children the daemon will permit. After
this number, connections will be
rejected. If not set or <= 0, there is
no limit.
confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
[undefined] The maximum number of
connections permitted per second.
After this many connections are
accepted, further connections will be
delayed. If not set or <= 0, there is
no limit.
confWORK_RECIPIENT_FACTOR
RecipientFactor [30000] Cost of each recipient.
confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a separate
process.
confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class.
confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
Priority, Host, or Time.
confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
must sit in the queue between queue
runs. This allows you to set the
queue run interval low for better
resposiveness without trying all
jobs in each run.
confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
unlabelled 8 bit input to MIME, the
character set to use by default.
confSERVICE_SWITCH_FILE ServiceSwitchFile
[/etc/service.switch] The file to use
for the service switch on systems that
do not have a system-defined switch.
confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing
"file" type access of hosts names.
confDIAL_DELAY DialDelay [0s] If a connection fails, wait this
long and try again. Zero means "don't
retry". This is to allow "dial on
demand" connections to have enough time
to complete a connection.
confNO_RCPT_ACTION NoRecipientAction
[none] What to do if there are no legal
recipient fields (To:, Cc: or Bcc:)
in the message. Legal values can
be "none" to just leave the
nonconforming message as is, "add-to"
to add a To: header with all the
known recipients (which may expose
blind recipients), "add-apparently-to"
to do the same but use Apparently-To:
instead of To:, "add-bcc" to add an
empty Bcc: header, or
"add-to-undisclosed" to add the header
``To: undisclosed-recipients:;''.
confSAFE_FILE_ENV SafeFileEnvironment
[undefined] If set, sendmail will do a
chroot() into this directory before
writing files.
confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6]
If set, colons are treated as a regular
character in addresses. If not set,
they are treated as the introducer to
the RFC 822 "group" syntax. Colons are
handled properly in route-addrs. This
option defaults on for V5 and lower
configuration files.
confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
any given queue run to this number of
entries. Essentially, this will stop
reading the queue directory after this
number of entries are reached; it does
_not_ pick the highest priority jobs,
so this should be as large as your
system can tolerate. If not set, there
is no limit.
confDONT_EXPAND_CNAMES DontExpandCnames
[False] If set, $[ ... $] lookups that
do DNS based lookups do not expand
CNAME records. This currently violates
the published standards, but the IETF
seems to be moving toward legalizing
this. For example, if "FTP.Foo.ORG"
is a CNAME for "Cruft.Foo.ORG", then
with this option set a lookup of
"FTP" will return "FTP.Foo.ORG"; if
clear it returns "Cruft.FOO.ORG". N.B.
you may not see any effect until your
downstream neighbors stop doing CNAME
lookups as well.
confFROM_LINE UnixFromLine [From $g $d] The From_ line used
when sending to files or programs.
confOPERATORS OperatorChars [.:%@!^/[]+] Address operator
characters.
confSMTP_LOGIN_MSG SmtpGreetingMessage
[$j Sendmail $v/$Z; $b]
The initial (spontaneous) SMTP
greeting message. The word "ESMTP"
will be inserted between the first and
second words to convince other
sendmails to try to speak ESMTP.
confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3)
routine will never be invoked. You
might want to do this if you are
running NIS and you have a large group
map, since this call does a sequential
scan of the map; in a large site this
can cause your ypserv to run
essentially full time. If you set
this, agents run on behalf of users
will only have their primary
(/etc/passwd) group permissions.
confUNSAFE_GROUP_WRITES UnsafeGroupWrites
[False] If set, group-writable
:include: and .forward files are
considered "unsafe", that is, programs
and files cannot be directly referenced
from such files. World-writable files
are always considered unsafe.
confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress
[postmaster] If an error occurs when
sending an error message, send that
"double bounce" error message to this
address.
confRUN_AS_USER RunAsUser [undefined] If set, become this user
when reading and delivering mail.
Causes all file reads (e.g., .forward
and :include: files) to be done as
this user. Also, all programs will
be run as this user, and all output
files will be written as this user.
Intended for use only on firewalls
where users do not have accounts.
See also the description of OSTYPE for some parameters that can be
tweaked (generally pathnames to mailers).
+-----------+
| HIERARCHY |
+-----------+
Within this directory are several subdirectories, to wit:
m4 General support routines. These are typically
very important and should not be changed without
very careful consideration.
cf The configuration files themselves. They have
".mc" suffixes, and must be run through m4 to
become complete. The resulting output should
have a ".cf" suffix.
ostype Definitions describing a particular operating
system type. These should always be referenced
using the OSTYPE macro in the .mc file. Examples
include "bsd4.3", "bsd4.4", "sunos3.5", and
"sunos4.1".
domain Definitions describing a particular domain, referenced
using the DOMAIN macro in the .mc file. These are
site dependent; for example, "CS.Berkeley.EDU.m4"
describes hosts in the CS.Berkeley.EDU subdomain.
mailer Descriptions of mailers. These are referenced using
the MAILER macro in the .mc file.
sh Shell files used when building the .cf file from the
.mc file in the cf subdirectory.
feature These hold special orthogonal features that you might
want to include. They should be referenced using
the FEATURE macro.
hack Local hacks. These can be referenced using the HACK
macro. They shouldn't be of more than voyeuristic
interest outside the .Berkeley.EDU domain, but who knows?
We've all got our own peccadillos.
siteconfig Site configuration -- e.g., tables of locally connected
UUCP sites.
+------------------------+
| ADMINISTRATIVE DETAILS |
+------------------------+
The following sections detail usage of certain internal parts of the
sendmail.cf file. Read them carefully if you are trying to modify
the current model. If you find the above descriptions adequate, these
should be {boring, confusing, tedious, ridiculous} (pick one or more).
RULESETS (* means built in to sendmail)
0 * Parsing
1 * Sender rewriting
2 * Recipient rewriting
3 * Canonicalization
4 * Post cleanup
5 * Local address rewrite (after aliasing)
1x mailer rules (sender qualification)
2x mailer rules (recipient qualification)
3x mailer rules (sender header qualification)
4x mailer rules (recipient header qualification)
5x mailer subroutines (general)
6x mailer subroutines (general)
7x mailer subroutines (general)
8x reserved
90 Mailertable host stripping
96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
98 Local part of ruleset 0 (ruleset 8 in old sendmail)
99 Guaranteed null (for debugging)
MAILERS
0 local, prog local and program mailers
1 [e]smtp, relay SMTP channel
2 uucp-* UNIX-to-UNIX Copy Program
3 netnews Network News delivery
4 fax Sam Leffler's HylaFAX software
5 mail11 DECnet mailer
MACROS
A
B Bitnet Relay
C DECnet Relay
D The local domain -- usually not needed
E reserved for X.400 Relay
F FAX Relay
G
H mail Hub (for mail clusters)
I
J
K
L Luser Relay
M Masquerade (who I claim to be)
N
O
P
Q
R Relay (for unqualified names)
S Smart Host
T
U my UUCP name (if I have a UUCP connection)
V UUCP Relay (class V hosts)
W UUCP Relay (class W hosts)
X UUCP Relay (class X hosts)
Y UUCP Relay (all other hosts)
Z Version number
CLASSES
A
B domains that are candidates for bestmx lookup
C
D
E addresses that should not seem to come from $M
F hosts we forward for
G domains that should be looked up in genericstable
H
I
J
K
L addresses that should not be forwarded to $R
M domains that should be mapped to $M
N
O operators that indicate network operations (cannot be in local names)
P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
Q
R domains we are willing to relay (pass anti-spam filters)
S
T
U locally connected UUCP hosts
V UUCP hosts connected to relay $V
W UUCP hosts connected to relay $W
X UUCP hosts connected to relay $X
Y locally connected smart UUCP hosts
Z locally connected domain-ized UUCP hosts
. the class containing only a dot
[ the class containing only a left bracket
M4 DIVERSIONS
1 Local host detection and resolution
2 Local Ruleset 3 additions
3 Local Ruleset 0 additions
4 UUCP Ruleset 0 additions
5 locally interpreted names (overrides $R)
6 local configuration (at top of file)
7 mailer definitions
8
9 special local rulesets (1 and 2)
