Lines Matching +full:local +full:- +full:bd +full:- +full:address +full:- +full:broken
9 To get started, you may want to look at tcpproto.mc (for TCP-only
11 mail host), or the generic-*.mc files as operating system-specific
30 ANTI-SPAM CONFIGURATION CONTROL
37 NON-SMTP BASED CONFIGURATIONS
51 +--------------------------+
53 +--------------------------+
57 You must pre-load "cf.m4":
70 or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
72 use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example:
74 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
78 divert(-1)
80 # Copyright (c) 1998-2005 Proofpoint, Inc. and its suppliers.
92 # This is a Berkeley-specific configuration file for HP-UX 9.x.
102 The divert(-1) will delete the crud in the resulting output file.
112 in SMTP greeting messages -- this is defined in m4/version.m4.
117 pathname of the help and status files, the flags needed for the local
129 MAILER(`local')
132 These describe the mailers used at the default CS site. The local
141 local macro definitions
147 There are a few exceptions to this rule. Local macro definitions which
154 *** Berkeley-specific assumptions built in, such as the name ***
155 *** of their UUCP-relay. You'll want to create your own ***
181 +----------------------------+
183 +----------------------------+
186 files. The most important thing to know is that M4 is stream-based,
208 # And then define the $X macro to be the return address
222 -------
224 This package requires a post-V7 version of m4; if you are running the
226 BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works.
227 Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a
229 ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version).
230 EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU
234 +----------------+
236 +----------------+
239 related files, /etc/mail. The new files available for sendmail 8.9 --
240 the class {R} /etc/mail/relay-domains and the access database
241 /etc/mail/access -- take advantage of this new directory. Beginning with
249 ------------ ------------
265 /etc/sendmail.cw /etc/mail/local-host-names
266 /etc/mail/sendmail.cw /etc/mail/local-host-names
267 /etc/sendmail/sendmail.cw /etc/mail/local-host-names
269 /etc/sendmail.ct /etc/mail/trusted-users
271 /etc/sendmail.oE /etc/mail/error-header
301 +--------+
303 +--------+
317 empty). Unfortunately, the list of configuration-supported systems is
318 not as broad as the list of source-supported systems, since many of
322 of the alias file(s). It can be a comma-separated
324 commas in them -- for example, use
346 LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail.
347 LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The
349 LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local
351 LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local
355 useful for LMTP local mailers.
356 LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
357 that ARRIVE from an address that resolves to the
358 local mailer and which are converted to MIME will be
361 end of line for the local mailer.
363 [X-Unix] The DSN Diagnostic-Code value for the
364 local mailer. This should be changed with care.
368 LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
372 LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer.
376 USENET_MAILER_ARGS [-m -h -n] The command line arguments for the
385 flags are `mDFMuX' for all SMTP-based mailers; the
389 flags are `mDFMuX' for all SMTP-based mailers; the
416 SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
417 that ARRIVE from an address that resolves to one of
420 RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
421 that ARRIVE from an address that resolves to the
429 flags are `DFMhuU' (and `m' for uucp-new mailer,
430 minus `U' for uucp-dom mailer).
431 UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
435 UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
436 that ARRIVE from an address that resolves to one of
440 FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to
451 PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail
458 PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
470 PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery
474 PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer.
480 CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed
489 CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed
504 CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
505 that ARRIVE from an address that resolves to one the
512 QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver
514 QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed
525 (thus overriding the default value), or if it starts with `+' (`-')
529 MODIFY_MAILER_FLAGS(`LOCAL', `+e')
539 +---------+
541 +---------+
543 You will probably want to collect domain-dependent defines into one
548 UUCP_RELAY The host that will accept UUCP-addressed email.
551 BITNET_RELAY The host that will accept BITNET-addressed email.
552 If not defined, the .BITNET pseudo-domain won't work.
553 DECNET_RELAY The host that will accept DECNET-addressed email.
554 If not defined, the .DECNET pseudo-domain and addresses
556 FAX_RELAY The host that will accept mail to the .FAX pseudo-domain.
558 LOCAL_RELAY The site that will handle unqualified names -- that
562 FEATURE(`stickyhost') -- see the discussion of
565 central site to store a company- or department-wide
568 LUSER_RELAY The site that will handle lusers -- that is, apparently
569 local names that aren't local accounts or aliases. To
570 specify a local user instead of a site, set this to
571 ``local:username''.
574 mailer is the internal mailer name, such as ``uucp-new'' and the hostname
583 (using "DD<domain>") and set certain site-wide features. If all hosts
587 You do not have to define a domain -- in particular, if you are a
593 +---------+
595 +---------+
601 local The local and prog mailers. You will almost always
610 five mailers: "smtp" for regular (old-style) SMTP to
613 converting 8-bit data to MIME (essentially, this is
614 your statement that you know the other end is 8-bit
619 uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
620 defines two mailers, "uucp-old" (a.k.a. "uucp") and
621 "uucp-new" (a.k.a. "suucp"). The latter is for when you
625 ("uucp-dom" and "uucp-uudom") are also defined [warning: you
628 class {U} and sends them to the uucp-old mailer; all
629 names in class {Y} are sent to uucp-new; and all
630 names in class {Z} are sent to uucp-uudom. Note that
638 local email for users named ``group.usenet'' to the
659 ! -oi -f $1 person@other.host
668 problem, e.g., a catch-all entry in a virtusertable.
682 a local cyrus user. this mailer can make use of the
683 "user+detail@local.host" syntax (see
686 permits. The cyrusbb mailer delivers to a system-wide
688 mailer must be defined after the local mailer.
691 local cyrus users via LMTP. This mailer can make use of the
692 "user+detail@local.host" syntax (see
696 local mailer.
701 The local mailer accepts addresses of the form "user+detail", where
703 to certain local mail programs (in particular, see
709 +----------+
711 +----------+
718 tells sendmail that you want to have it read an /etc/mail/local-host-names
720 optional parameters -- for example:
741 use_cw_file Read the file /etc/mail/local-host-names file to get
749 use_ct_file Read the file /etc/mail/trusted-users file to get the
751 set their envelope from address using -f without generating
755 redirect Reject all mail addressed to "address.REDIRECT" with
756 a ``551 User has moved; please try <address>'' message.
758 to their new address with ".REDIRECT" appended.
762 `reject': reject addresses which have "!" in the local
766 Warnings: 1. See the notice in the anti-spam section.
772 `reject': reject addresses which have % in the local
776 Warnings: 1. See the notice in the anti-spam section.
792 "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
799 canonification for local domains, e.g., use
802 Another way to require canonification in the local
821 "user@local.host" are marked as "sticky" -- that
822 is, the local addresses aren't matched against UDB,
826 With MAIL_HUB, mail addressed to "user@local.host"
828 address still remaining "user@local.host".
835 i.e. local host names). The argument of the FEATURE may be
842 or partial domains preceded by a dot -- for example,
851 local:user
852 will forward to the indicated user using the local mailer,
853 local:
854 will forward to the original user in the e-mail address
855 using the local mailer, and
897 Include the local host domain even on locally delivered
901 name on local names. An optional argument specifies
902 another domain to be added than the local.
907 the local hostname. Although this may be right for
908 ordinary users, it can break local aliases. For example,
915 local entries.
944 This feature prevents the local mailer from masquerading even
946 on addresses of mail going outside the local domain.
975 The key for this table is either the full address, the domain
978 the value is the new user address. If the new user address
981 address being looked up must be fully qualified. For local
984 The "+detail" of an address is passed as %1, so entries like
997 virtusertable A domain-specific form of aliasing, allowing multiple
1001 info@foo.com foo-info
1002 info@bar.com bar-info
1004 jax@bar.com error:5.7.0:550 Address invalid
1008 address foo-info, mail addressed to info@bar.com will be
1009 delivered to bar-info, and mail addressed to anyone at baz.org
1015 The username from the original address is passed
1021 Additionally, if the local part consists of "user+detail"
1033 There are two wildcards after "+": "+" matches only a non-empty
1062 ldap_routing Implement LDAP-based e-mail recipient routing according to
1063 the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
1064 This provides a method to re-route addresses with a
1066 different mail host or a different address. Hosts can
1073 nullclient This is a special case -- it creates a configuration file
1075 central hub via a local SMTP-based network. The argument
1082 local_lmtp Use an LMTP capable local mailer. The argument to this
1084 default, mail.local is used. This is expected to be the
1085 mail.local which came with the 8.9 distribution which is
1086 LMTP capable. The path to mail.local is set by the
1087 confEBINDIR m4 variable -- making the default
1088 LOCAL_MAILER_PATH /usr/libexec/mail.local.
1093 FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
1098 local_procmail Use procmail or another delivery agent as the local mailer.
1102 PROCMAIL_MAILER_ARGS for the local mailer; tweak
1105 the local mailer can make use of the
1106 "user+indicator@local.host" syntax; normally the +indicator
1107 is just tossed, but by default it is passed as the -a
1113 [default: /usr/local/bin/procmail]
1115 [default: procmail -Y -a $h -d $u]
1119 Note that if you are on a system with a broken
1120 setreuid() call, you may need to add -f $f to the procmail
1126 FEATURE(`local_procmail', `/usr/local/bin/maildrop',
1127 `maildrop -d $u')
1131 FEATURE(`local_procmail', `/usr/local/bin/scanmails')
1141 these domains -- this will reduce unnecessary DNS
1148 to programs. This improves the ability of the local
1150 e-mail. If an argument is provided it is used as the
1152 confEBINDIR is used for the smrsh binary -- by default,
1158 local host (class {w}) and sending it to another host than
1159 your local host). This option sets your site to allow
1193 if route address syntax (or %-hack syntax) is used. If
1194 this is a problem, add entries to the access-table or use
1202 of the sender address. This feature should only be used if
1203 absolutely necessary as the sender address can be easily
1207 anti-spam configuration control.
1211 is a local host. This should only be used if absolutely
1214 from your domain (either directly or via a routed address),
1221 sender address does not include a domain name. If your
1222 setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
1246 hash -T<TMPF> /etc/mail/access
1248 See the anti-spam configuration control section for further
1250 "-T<TMPF>" is meant literal, do not replace it by anything.
1258 described in the anti-spam configuration control section
1265 See "Delay all checks" in the anti-spam configuration control
1289 Rejected: IP-ADDRESS listed at SERVER
1291 where IP-ADDRESS and SERVER are replaced by the appropriate
1295 message. See the anti-spam configuration control section for
1311 define(`DNSBL_MAP', `dns -R A')
1318 define(`DNSBL_MAP', `dns -R A -r2')
1333 will reject the e-mail if the lookup returns the value
1394 draft-stumpf-dns-mtamark-01. Optional arguments are:
1432 recipient address will be replaced by the host specified as
1435 that in the default configuration the local mailer does not
1440 Preserve the +detail portion of the address when passing
1441 address to local delivery agent. Disables alias and
1443 that address will be looked up in the alias file; user+* and
1444 user will not be looked up). Only use if the local
1447 for the local mailer is set as the entire local address
1451 with the Compat: tag -- Compat:sender<@>recipient -- in the
1468 e-mails to. Note that MX records will be used if the
1493 on the full e-mail address or the domain of the
1499 QGRP:my.domain local
1501 where "main", "others", and "local" are names of
1516 hostname, domain, IP address, or subnet to determine the
1527 Local_greet_pause can be used for local modifications, e.g.,
1539 - authenticated sessions,
1540 - connections from IP addresses in class $={R}.
1547 adds the IPv6 and IPv4 localhost IP addresses to $={w} (local
1554 Rejecting mails from those MTAs is a local policy decision.
1557 the IP address fails to resolve. However, if this is a
1559 If the look-up succeeds, but returns an apparently forged
1566 Any IP address matched using $=R (the "relay-domains" file)
1568 allowed relaying for this host, based on IP address, we
1575 and address ranges for which we are the ISP, or are acting
1589 will allowlist IP address 1.2.3.4 and IP net 1.3.*
1595 that address to be treated as a permanent failure.
1614 (MTA-STS, see RFC 8461). It sets the option
1617 postfix-mta-sts-resolver (see feature/sts.m4
1627 +-------+
1629 +-------+
1633 macro. These will tend to be site-dependent. The release
1634 includes the Berkeley-dependent "cssubdomain" hack (that makes
1635 sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
1636 this is intended as a short-term aid while moving hosts into
1640 +--------------------+
1642 +--------------------+
1649 * of UUCP mailers, such as uucp-uudom. *
1652 Complex sites will need more local configuration information, such as
1656 The SITECONFIG macro allows you to indirectly reference site-dependent
1662 reads the file uucp.ucbvax for local connection information. The
1663 second parameter is the local name (in this case just "ucbvax" since
1665 parameter is the name of both a macro to store the local name (in
1676 out-of-date configuration file has been left around to demonstrate
1681 local site, rather than the name of a remote site, and the UUCP name
1682 is entered into class {w} (the list of local hostnames) as $U.UUCP.
1700 +--------------------+
1702 +--------------------+
1706 for domain-based addressing, even for UUCP sites.
1709 use is partly a matter of local preferences and what is running at
1718 non-domainized scheme. This depends entirely on what the other
1720 other end to go to a domain-based system -- non-domainized addresses
1725 uucp-old (obsolete name: "uucp")
1729 address (which can already be a bang path itself). It can
1730 only send to one address at a time, so it spends a lot of
1734 uucp-new (obsolete name: "suucp")
1739 uucp-dom
1747 domain-based addresses in the message header. (The envelope
1750 uucp-uudom
1751 This is a cross between uucp-new (for the envelope addresses)
1752 and uucp-dom (for the header addresses). It bangifies the
1754 local hostname, unless there is no host name on the address
1762 On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1766 ------ ------ -------------------------
1767 uucp-{old,new} wolf grasp!wolf
1768 uucp-dom wolf wolf@grasp.insa-lyon.fr
1769 uucp-uudom wolf grasp.insa-lyon.fr!wolf
1771 uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
1772 uucp-dom wolf@fr.net wolf@fr.net
1773 uucp-uudom wolf@fr.net fr.net!wolf
1775 uucp-{old,new} somehost!wolf grasp!somehost!wolf
1776 uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
1777 uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
1780 to convert all UUCP addresses to domain format -- otherwise, it will
1782 if you have the address foo!bar!baz (and you are not sending to foo),
1783 the heuristics will add the @uucp.relay.name or @local.host.name to
1784 this address. However, if you map foo to foo.host.name first, it
1785 will not add the local hostname. You can do this using the uucpdomain
1789 +-------------------+
1791 +-------------------+
1831 the LOCAL_CONFIG section. It can be used to declare local database maps or
1836 Kyplocal nis -m hosts.byname
1839 +---------------------------+
1841 +---------------------------+
1862 of local domain names). You can augment this list, which is realized
1869 will, when relayed, be rewritten to have the MASQUERADE_AS address.
1870 This can be a space-separated list of names.
1894 There are always users that need to be "exposed" -- that is, their
1914 because of local aliases. A common example is root, which may be
1930 be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1943 mail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
1949 MAIL_HUB set as above (no local aliasing) (aliasing done)
1959 local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1967 need to unset all the other relays -- or better yet, find or build a
1974 note the trailing dot ---^
1977 +-------------------------------------------+
1979 +-------------------------------------------+
1982 own LDAP map specification or using the built-in default LDAP map
1983 specification. The built-in default specifications all provide lookups
2006 in future versions. Feedback via sendmail-YYYY@support.sendmail.org is
2009 -------
2011 -------
2021 ldap -k (&(objectClass=sendmailMTAAliasObject)
2026 …-v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:…
2031 not actually macro-expanded when read from the sendmail.cf file.
2035 dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
2041 sendmailMTAKey: sendmail-list
2046 dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
2052 sendmailMTAKey: owner-sendmail-list
2064 Here, the aliases sendmail-list and owner-sendmail-list will be available
2095 define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
2097 ----
2099 ----
2116 --------- ------------------
2128 Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
2133 …-1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:s…
2173 FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
2175 -------
2177 -------
2196 F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
2200 …-v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:se…
2204 not actually macro-expanded when read from the sendmail.cf file.
2210 ------- --------------------
2257 VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
2263 +--------------+
2265 +--------------+
2269 (draft-lachman-laser-ldap-mail-routing-01). This feature enables
2270 LDAP-based rerouting of a particular address to either a different host
2271 or a different address. The LDAP lookup is first attempted on the full
2272 address (e.g., user@example.com) and then on the domain portion
2297 mail host for a particular address; <mailRoutingAddress> is a map definition
2298 describing how to look up an alternative address for a particular address;
2302 found in LDAP; and <detail> indicates what actions to take if the address
2303 contains +detail information -- `strip' tries the lookup with the +detail
2306 found, the +detail information is copied to the new address; the <nodomain>
2308 address is not found in LDAP; the <tempfail> argument, if set to
2315 ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
2320 ldap -1 -T<TMPF> -v mailRoutingAddress
2321 -k (&(objectClass=inetLocalMailRecipient)
2324 Note that neither includes the LDAP server hostname (-h server) or base DN
2325 (-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
2328 changed as described above. The "-T<TMPF>" is required in any user
2332 address:
2335 ----------- --------------------- ----------
2337 "local" host mailRoutingAddress
2340 "local" host original address
2345 set to a not set original address
2352 original address *OR*
2355 The term "local" host above means the host specified is in class {w}. If
2361 original address.
2364 inetLocalMailRecipient and the address be listed in a mailLocalAddress
2368 contain an RFC 822 compliant address. Some example LDAP records (in LDIF
2383 This would relay mail for dick@example.com to the same address but redirect
2394 the host mktmail.example.com using the new address harry@mkt.example.com
2404 the machine server.example.com's MX servers and deliver to the address
2408 +---------------------------------+
2409 | ANTI-SPAM CONFIGURATION CONTROL |
2410 +---------------------------------+
2412 The primary anti-spam features available in sendmail are:
2424 through your server by adding their domain name or IP address to class
2447 then any host in any of your local domains (that is, class {m})
2452 portion of an incoming recipient address by using
2471 MAIL FROM:<user@domain>) domain which is a local domain. This is a
2473 server by simply specifying a return address of user@your.domain.com.
2485 by specifying a return address that you enabled in your access file.
2491 If source routing is used in the recipient address (e.g.,
2496 the address from being stripped down, use:
2506 anti-relay rules do not prevent: the case of a system that does use
2508 (system A) and relays local messages to a mail hub (e.g., via
2511 <example.net!user@local.host> / <user%example.net@local.host>
2513 System A doesn't recognize `!' / `%' as an address separator and
2515 because it came from a trusted local host. So if a mailserver
2516 allows UUCP (bang-format) / %-hack addresses, all systems from which
2520 an unresolvable domain (i.e., one that DNS, your local name service,
2523 IP address can't be mapped to a host name. If you want to continue
2568 FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2571 `-T<TMPF>' as shown above. The optional parameters may be
2579 e-mail address instead of an entire domain.
2587 The table itself uses e-mail addresses, domain names, and network
2601 top level domain TLD, 192.168.212.* network, and the IPv6 address
2627 send mail to that address even if FEATURE(`blocklist_recipients')
2634 relaying, which is based on the recipient address, To: must be
2645 "relay", but at most acceptance for local
2648 (or address if `relaytofulladdress' is set) or
2713 address doesn't resolve to a hostname (or is considered as "may be
2738 the username portion of the address. For example:
2744 sender address.
2750 then you can add entries to the map for local users, hosts in your
2757 This would prevent a recipient of badlocaluser in any of the local
2758 domains (class {w}), any user at host.my.TLD, and the single address
2759 user@other.my.TLD from receiving mail. Please note: a local username
2761 the sender address, and hence it is possible to distinguish between
2783 Rejected: IP-ADDRESS listed at SERVER
2785 where IP-ADDRESS and SERVER are replaced by the appropriate
2791 would quarantine the message if the client IP address is listed
2805 451 Temporary lookup failure of IP-ADDRESS at SERVER
2807 where IP-ADDRESS and SERVER are replaced by the appropriate
2813 Notice: to avoid checking your own local domains against those
2819 to the access map, where 10.1 is your local network. You may
2826 client hostname and IP address when the connection is made to your
2836 Kallnumbers regex -a@MATCH ^[0-9]+$
2840 # check address against various regex checks
2843 R@MATCH $#error $: 553 Address Error
2846 check_* ruleset. If the local ruleset returns $#OK, no further checking
2848 the local ruleset resolves to a mailer (such as $#error or $#discard),
2855 ----------------
2864 check_relay will be skipped. If the sender address (or a part of it) is
2871 in the access map, then any e-mail with a sender address of
2873 it would match the hostname or IP address. This allows spammers
2874 to get around DNS based blocklist by faking the sender address. To
2893 skipped only if the recipient address is found and has RHS FRIEND. If
2896 other two rulesets will be applied only if the recipient address is
2906 specify a full address or an address with +detail:
2921 -------------
2926 a Message-ID: header:
2929 HMessage-Id: $>CheckMessageId
2961 any final header-related checks. The ruleset is called with the number of
2963 example usage is to reject messages which do not have a Message-Id:
2964 header. However, the Message-Id: header is *NOT* a required header and is
2970 HMessage-Id: $>CheckMessageId
2984 # Has a Message-Id: header
2986 # Allow missing Message-Id: from local mail
2994 +--------------------+
2996 +--------------------+
2999 limits per client IP address or net. These features can limit the
3007 after a recipient address has been received, hence making these
3025 +----------+
3027 +----------+
3056 ${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
3057 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
3073 ${server_addr} the address of the server of the current outgoing SMTP
3077 --------
3092 rulesets and map lookups, they are modified as follows: each non-printable
3145 --------------------
3165 requiring that e-mail is sent to a server only encrypted, e.g., via
3169 doesn't necessarily mean that e-mail sent to that domain is encrypted.
3176 tls_rcpt can be used to address this problem.
3180 is selected. A recipient address user@domain is looked up in the access
3200 algorithm, e.g., DIGEST-MD5.
3213 Example: e-mail sent to secure.example.com should only use an encrypted
3214 connection. E-mail received from hosts within the laptop.example.com domain
3216 receives e-mail for darth@endmail.org must present a cert that uses the
3217 CN smtp.endmail.org. E-mail sent to safe.example.com must be verified,
3230 -----------------------
3243 - Options: compare {Server,Client}SSLOptions.
3244 - CipherList: same as the global option.
3245 - CertFile, KeyFile: {Server,Client}{Cert,Key}File
3246 - Flags: see doc/op/op.me for details.
3254 TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT
3257 certificates only for the client with the IP address 10.0.2.4,
3259 address 10.1.0.1 as well as setting a specific cipherlist.
3268 to the hostname or IP address of the connecting system (the latter
3273 Try_TLS:broken.server NO
3276 Clt_Features:broken.sts M
3278 will turn off STARTTLS when sending to broken.server (or any host
3280 only for hosts in my.domain, and disable MTA-STS for broken.sts.
3286 ----------------
3294 +---------------------+
3296 +---------------------+
3299 used in anti-relay rulesets to allow relaying for those users that
3312 RDIGEST-MD5 $| $+@$=w $# OK
3314 to allow relaying for users that authenticated using DIGEST-MD5
3315 and have an identity in the local domains.
3329 TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
3336 -----------------------------------------------------
3352 sendmail set-user-ID. Use PrivacyOptions to turn off verbose output
3374 AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
3387 group/world-unreadable, this is left to the user.
3390 +--------------------------------+
3392 +--------------------------------+
3406 Local additions for the rulesets srv_features, clt_features, try_tls,
3409 and LOCAL_TLS_SERVER, respectively. For example, to add a local
3419 +-------------------------+
3421 +-------------------------+
3433 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3437 Xarchive, S=local:/var/run/archivesock, F=R
3445 INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3450 MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
3462 +-------------------------+
3464 +-------------------------+
3476 +-------------------------------+
3477 | NON-SMTP BASED CONFIGURATIONS |
3478 +-------------------------------+
3481 SMTP-based sites. They may not be well tuned for UUCP-only or
3482 UUCP-primarily nodes (the latter is defined as a small local net
3486 You can define a ``smart host'' that understands a richer address syntax
3494 If you are on a local SMTP-based net that connects to the outside
3498 define(`SMART_HOST', `uucp-new:uunet')
3503 via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
3505 the $m. If you are running a local DNS inside your domain which is
3516 You may need to turn off the anti-spam rules in order to accept
3521 +-----------+
3523 +-----------+
3539 +-----------------------------------+
3541 +-----------------------------------+
3545 anything sent to an address using a host name in this list will be
3546 treated as local mail. You can do this in two ways: either create the
3547 file /etc/mail/local-host-names containing a list of your aliases (one per
3549 ``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
3552 If you want to have different address in different domains, take
3554 http://www.sendmail.org/virtual-hosting.html
3557 +--------------------+
3559 +--------------------+
3566 uuhost1.my.domain uucp-new:uuhost1
3577 the leading dot) -- that is, they can be thought of as having a
3578 leading ".+" regular expression pattern for a non-empty sequence of
3579 characters. Matching is done in order of most-to-least qualified
3580 -- for example, even though ".my.domain" is listed first in the
3582 entry since it is more explicit. Note: e-mail to "user@my.domain"
3591 that mailer. In domain-based matches (that is, those with leading
3615 +--------------------------------+
3617 +--------------------------------+
3622 purpose instead -- since you can specify multiple alias files, this
3627 imperative that you not use FEATURE(`stickyhost') -- otherwise,
3628 e-mail sent to Full.Name@local.host.name will be rejected.
3635 as e-mail addresses, since they are not in any sense unique. For
3636 example, the UNIX software-development community has at least two
3637 well-known Peter Deutsches, and at one time Bell Labs had two
3646 +--------------------------------+
3648 +--------------------------------+
3666 +----------------+
3668 +----------------+
3683 if your system allows "file giveaways" (that is, if a non-root
3688 to steal anyone else's e-mail. Instead, create a script that
3690 night (if you want the non-NFS-mounted forward directory).
3693 sendmail is much less trusting of :include: files -- in
3698 In general, file giveaways are a mistake -- if you can turn them
3702 +--------------------------------+
3704 +--------------------------------+
3719 Some options are likely to be deprecated in future versions -- that is,
3720 the option is only included to provide back-compatibility. These are
3731 confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
3736 determine your local domain name,
3748 internally generated From: address.
3758 confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an
3759 internally generated Message-Id:
3761 confCW_FILE Fw class [/etc/mail/local-host-names] Name
3762 of file used to get the local
3763 additions to class {w} (local host
3765 confCT_FILE Ft class [/etc/mail/trusted-users] Name of
3766 file used to get the local additions
3768 confCR_FILE FR class [/etc/mail/relay-domains] Name of
3769 file used to get the local additions
3779 confSMTP_MAILER - [esmtp] The mailer name used when
3783 confUUCP_MAILER - [uucp-old] The mailer to be used by
3784 default for bang-format recipient
3788 confLOCAL_MAILER - [local] The mailer name used when
3789 local connectivity is required.
3790 Almost always "local".
3791 confRELAY_MAILER - [relay] The default mailer name used
3795 "uucp-new" if you are on a
3796 UUCP-connected site.
3798 confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
3826 confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
3831 confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
3834 The colon-separated list of places to
3866 confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
3878 DNS lookups on every address, it can
3884 confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
3886 confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
3892 confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
3967 Timeout.queuereturn.non-urgent
3968 [undefined] As above, for non-urgent
3986 Timeout.queuewarn.non-urgent
3987 [undefined] As above, for non-urgent
4032 confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
4053 queue-only function kicks in.
4117 confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
4124 system-defined switch.
4137 nonconforming message as is, "add-to"
4140 blind recipients), "add-apparently-to"
4141 to do the same but use Apparently-To:
4144 "add-bcc" to add an empty Bcc:
4145 header, or "add-to-undisclosed" to
4147 ``To: undisclosed-recipients:;''.
4157 handled properly in route-addrs. This
4205 confOPERATORS OperatorChars [.:%@!^/[]+] Address operator
4226 [True] If set, group-writable
4230 from such files. World-writable files
4238 address (for testing).
4246 address. If it expands to an empty
4258 confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header
4282 local interfaces into class {w}
4286 in a mailertable entry) -- otherwise,
4303 confREJECT_MSG - [550 Access denied] The message
4306 confRELAY_MSG - [550 Relaying denied] The message
4311 memory-buffered data (df) file
4312 before a disk-based file is used.
4315 memory-buffered transcript (xf)
4316 file before a disk-based file is
4318 confAUTH_MECHANISMS AuthMechanisms [EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5
4319 CRAM-MD5] List of authentication
4373 specific settings such as "-h host
4374 -p port -d bindDN", etc. The
4454 information about local mailboxes.
4455 confDEQUOTE_OPTS - [empty] Additional options for the
4545 DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
4546 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
4552 is relayed to another MTA. It will also enforce the normal address syntax
4561 INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
4573 +----------------------------+
4575 +----------------------------+
4586 - confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
4587 avoiding X-Authentication warnings.
4588 - confTIME_ZONE to change it from the default `USE_TZ'.
4589 - confDELIVERY_MODE is set to interactive in msp.m4 instead
4591 - FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
4593 - confRAND_FILE if you use STARTTLS and sendmail is not compiled with
4625 FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')
4627 /etc/mail/msp-authinfo should contain an entry like:
4629 AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5"
4643 Note: the authentication data can leak to local users who invoke
4644 the MSP with debug options or even with -v. For that reason either
4646 AUTH dialogue (e.g., DIGEST-MD5) or a different authentication
4663 +--------------------------+
4665 +--------------------------+
4669 /etc/mail/local-host-names may have the following content:
4684 By default, the delimiter between LHS and RHS is a non-empty sequence
4688 +------------------+
4690 +------------------+
4724 hack Local hacks. These can be referenced using the HACK
4728 siteconfig Site configuration -- e.g., tables of locally connected
4732 +------------------------+
4734 +------------------------+
4748 5 * Local address rewrite (after aliasing)
4760 98 Local part of ruleset 0 (ruleset 8 in old sendmail)
4765 0 local, prog local and program mailers
4767 2 uucp-* UNIX-to-UNIX Copy Program
4778 D The local domain -- usually not needed
4819 O operators that indicate network operations (cannot be in local names)
4820 P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4822 R domains this system is willing to relay (pass anti-spam filters)
4830 Z locally connected domain-ized UUCP hosts
4837 1 Local host detection and resolution
4838 2 Local Ruleset 3 additions
4839 3 Local Ruleset 0 additions
4842 6 local configuration (at top of file)
4845 9 special local rulesets (1 and 2)