When
we do a default Linux server installation you will find the default
/etc/mail/sendmail.mc . This file has various macros defined and with
very little explanation. Firstly, preview your default sendmail.mc. Than the below article explains the details for most of the
macros defined in sendmail.mc in the same order. For more information
refer to Sendmail.mc Explained
===============================================================================
divert(-1)
dnl
This is the sendmail macro config file. If you make changes to this
file,
dnl
you need the sendmail-cf rpm installed and then have to generate
dnl
new /etc/mail/sendmail.cf by running the following command:
dnl
dnl
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
dnl
include('/usr/share/sendmail-cf/m4/cf.m4')
This is a requirement in order to process the macro
file and generate the
sendmail.cf file. This include the cf.m4 macro files
which contains lots of macro definition for the rest of the file.
VERSIONID('linux setup for Red Hat Linux')dnl
VERSIONID is a macro that stuffs the version information into the
resulting file. You could use SCCS, RCS, CVS, something else,
or omit it completely. This is not the same as the version id
included in SMTP greeting messages -- this is defined in
m4/version.m4.
OSTYPE('linux')
You must specify an OSTYPE to properly configure things such as the
pathname of the help and status files, the flags needed for the local
mailer, and other important things. If you omit it, you will
get an error when you try to build the configuration. Look at
the ostype directory for the list of known operating system types.
DOMAIN('CS.Berkeley.EDU')dnl This example is specific to the Computer
Science Division at Berkeley. You can use "DOMAIN('generic')"
to get a sufficiently bland definition that may well work for you, or
you can create a customized domain definition appropriate for your
environment.
dnl
define('SMART_HOST','smtp.your.provider')
Uncomment
and edit the following line if your mail needs to be sent out through
an external mail server:
define('confDEF_USER_ID',''8:12'')dnl
confDEF_USER_ID
DefaultUser [1:1] Default user id.
undefine('UUCP_RELAY')dnl
UUCP_RELAY The host that will accept UUCP-addressed email.
If not defined, all UUCP sites must be directly connected.
undefine('BITNET_RELAY')dnl
BITNET_RELAY The host that will accept
BITNET-addressed email.
If not defined, the .BITNET pseudo-domain won't work.
dnl
define('confAUTO_REBUILD')dnl
define('confTO_CONNECT',
'1m')dnl
confTO_CONNECT
Timeout.connect [0] The timeout waiting for an initial
connect() to complete. This can only shorten connection
timeouts; the kernel silently enforces an absolute maximum (which
varies depending on the system).
define('confTRY_NULL_MX_LIST',true)dnl
confTRY_NULL_MX_LIST TryNullMXList[False] If this
host is the best MX
for a host and other arrangements
haven't been made, try connecting
to the host directly; normally this
would be a config error.
define('confDONT_PROBE_INTERFACES',true)dnl
confDONT_PROBE_INTERFACES DontProbeInterfaces
[False] If set, sendmail will _not_
insert the names and addresses of any
local interfaces into class {w}
(list of known "equivalent" addresses).
If you set this, you must also include
some support for these addresses (e.g.,
in a mailertable entry) -- otherwise,
mail to addresses in this list will
bounce with a configuration error.
If set to "loopback" (without
quotes), sendmail will skip
loopback interfaces (e.g., "lo0").
define('PROCMAIL_MAILER_PATH','/usr/bin/procmail')dnl
PROCMAIL_MAILER_PATH [/usr/local/bin/procmail]
The path to the procmail program. This is also used by
FEATURE('local_procmail').
define('ALIAS_FILE',
'/etc/aliases')dnl
ALIAS_FILE
[/etc/mail/aliases] The location of the text version
of the alias file(s). It can be a comma-separated
list of names (but be sure you quote values with
commas in them -- for example, use define('ALIAS_FILE', 'a,b')
to get "a" and "b" both listed as alias files;
otherwise the define() primitive only sees "a").
dnl
define('STATUS_FILE', '/etc/mail/statistics')dnl
STATUS_FILE
[/etc/mail/statistics] The file containing status information.
define('UUCP_MAILER_MAX',
'2000000')dnl
UUCP_MAILER_MAX
[100000] The maximum size message accepted for transmission by the
UUCP mailers.
define('confUSERDB_SPEC',
'/etc/mail/userdb.db')dnl
confUSERDB_SPEC
UserDatabaseSpec
[undefined] User database specification.
define('confPRIVACY_FLAGS',
'authwarnings,novrfy,noexpn,restrictqrun')dnl
confPRIVACY_FLAGS PrivacyOptions [authwarnings]
Privacy flags.
define('confAUTH_OPTIONS',
'A')dnl
confAUTH_OPTIONS AuthOptions [undefined] If this option is
'A'
then the AUTH= parameter for the
MAIL FROM command is only issued
when authentication succeeded.
Other values (which should be listed
one after the other without any
intervening characters except for
space or comma) are a, c, d, f, p,
and y. See doc/op/op.me for
details.
define('confMAX_MESSAGE_SIZE','100')dnl
confMAX_MESSAGE_SIZE MaxMessageSize
[infinite] The maximum size of
messages
that will be accepted (in bytes).
dnl
TRUST_AUTH_MECH('EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
Per default, relaying is allowed for any user who authenticated
via
a "trusted" mechanism, i.e., one that is defined via
TRUST_AUTH_MECH('list of mechanisms')
For
example: TRUST_AUTH_MECH('KERBEROS_V4 DIGEST-MD5')
dnl
define('confAUTH_MECHANISMS', 'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl
confAUTH_MECHANISMS AuthMechanisms
[GSSAPI KERBEROS_V4 DIGEST-MD5
CRAM-MD5] List of authentication
mechanisms for AUTH (separated by
spaces). The advertised list of
authentication mechanisms will be the
intersection of this list and the list
of available mechanisms as determined
by the CYRUS SASL library.
dnl
define('confCACERT_PATH','/usr/share/ssl/certs')
confCACERT_PATH
CACERTPath [undefined] Path to directory
with certs of CAs.
dnl
define('confCACERT','/usr/share/ssl/certs/ca-bundle.crt')
confCACERT CACERTFile
[undefined] File containing one CA
cert.
dnl
define('confSERVER_CERT','/usr/share/ssl/certs/sendmail.pem')
confSERVER_CERT
ServerCertFile [undefined] File containing the
cert of the server, i.e., this cert
is used when sendmail acts as
server.
dnl
define('confSERVER_KEY','/usr/share/ssl/certs/sendmail.pem')
confSERVER_KEY
ServerKeyFile [undefined] File containing the
private key belonging to the server
cert.
dnl
define('confTO_QUEUEWARN', '4h')dnl
confTO_QUEUEWARN Timeout.queuewarn
[4h] The timeout before a warning
message is sent to the sender telling
them that the message has been
deferred.
dnl
define('confTO_QUEUERETURN', '5d')dnl
confTO_QUEUERETURN
Timeout.queuereturn
[5d] The timeout before a message is
returned as undeliverable.
dnl
define('confQUEUE_LA', '12')dnl
confQUEUE_LA
QueueLA
[varies] Load average at which
queue-only function kicks in.
Default values is (8 * numproc)
where numproc is the number of
processors online (if that can be
determined).
dnl
define('confREFUSE_LA', '18')dnl
confREFUSE_LA
RefuseLA [varies] Load average at which
incoming SMTP connections are
refused. Default values is (12 *
numproc) where numproc is the
number of processors online (if
that can be determined).
define('confTO_IDENT',
'0')dnl
confTO_IDENT
Timeout.ident [5s] The timeout waiting for a
response to an IDENT query.
dnl
FEATURE(delay_checks)dnl
delay_checks The rulesets
check_mail and check_relay will not be called
when a client connects or issues a MAIL command, respectively.
Instead, those rulesets will be called by the check_rcpt
ruleset; they will be skipped under certain circumstances.
See "Delay all checks" in the anti-spam configuration
control
section. Note: this feature is incompatible to the versions
in 8.10 and 8.11.
FEATURE('no_default_msa','dnl')dnl
no_default_msa Don't generate the default MSA
daemon, i.e.,
DAEMON_OPTIONS('Port=587,Name=MSA,M=E')
To define a MSA daemon with other parameters, use this
FEATURE and introduce new settings via DAEMON_OPTIONS().
FEATURE('smrsh','/usr/sbin/smrsh')dnl
smrsh Use the SendMail
Restricted SHell (smrsh) provided
with the distribution instead of /bin/sh for mailing
to programs. This improves the ability of the local
system administrator to control what gets run via
e-mail. If an argument is provided it is used as the
pathname to smrsh; otherwise, the path defined by
confEBINDIR is used for the smrsh binary -- by default,
/usr/libexec/smrsh is assumed.
FEATURE('mailertable','hash
-o /etc/mail/mailertable.db')dnl
mailertable Include a "mailer table" which can be used
to override
routing for particular domains (which are not in class {w},
i.e. local host names). The argument of the FEATURE may
be
the key definition. If none is specified, the definition
used is:
hash /etc/mail/mailertable
Keys in this database are fully qualified domain names
or partial domains preceded by a dot -- for example,
"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".
As a
special case of the latter, "." matches any domain not
covered by other keys. Values must be of the form:
mailer:domain
where "mailer" is the internal mailer name, and "domain"
is where to send the message. These maps are not
reflected into the message header. As a special case,
the forms:
local:user
will forward to the indicated user using the local mailer,
local:
will forward to the original user in the e-mail address
using the local mailer, and
error:code message
error:D.S.N:code message
will give an error message with the indicated SMTP reply
code and message, where D.S.N is an RFC 1893 compliant
error code.
FEATURE('virtusertable','hash
-o /etc/mail/virtusertable.db')dnl
virtusertable A domain-specific form of
aliasing, allowing multiple
virtual domains to be hosted on one machine. For example,
if the virtuser table contained:
info@foo.com foo-info
info@bar.com bar-info
joe@bar.com error:nouser 550 No such user here
jax@bar.com error:5.7.0:550 Address invalid
@baz.org jane@example.net
then mail addressed to info@foo.com will be sent to the
address foo-info, mail addressed to info@bar.com will be
delivered to bar-info, and mail addressed to anyone at baz.org
will be sent to jane@example.net, mail to joe@bar.com will
be rejected with the specified error message, and mail to
jax@bar.com will also have a RFC 1893 compliant error code
5.7.0.
The username from the original address is passed
as %1 allowing:
@foo.org %1@example.com
meaning someone@foo.org will be sent to someone@example.com.
Additionally, if the local part consists of "user+detail"
then "detail" is passed as %2 and "+detail" is
passed as %3
when a match against user+* is attempted, so entries like
old+*@foo.org new+%2@example.com
gen+*@foo.org %2@example.com
+*@foo.org %1%3@example.com
X++@foo.org Z%3@example.com
@bar.org %1%3
and other forms are possible. Note: to preserve "+detail"
for a default case (@domain) %1%3 must be used as RHS.
There are two wildcards after "+": "+" matches
only a non-empty
detail, "*" matches also empty details, e.g., user+@foo.org
matches +*@foo.org but not ++@foo.org. This can be used
to ensure that the parameters %2 and %3 are not empty.
All the host names on the left hand side (foo.com, bar.com,
and baz.org) must be in class {w} or class {VirtHost}. The
latter can be defined by the macros VIRTUSER_DOMAIN or
VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
VIRTUSER_DOMAIN_FILE is used, then the entries of class
{VirtHost} are added to class {R}, i.e., relaying is allowed
to (and from) those domains. The default map definition is:
hash /etc/mail/virtusertable
A new definition can be specified as the second argument of
the FEATURE macro, such as
FEATURE('virtusertable', 'dbm /etc/mail/virtusers')
FEATURE(redirect)dnl
redirect Reject all mail addressed to
"address.REDIRECT" with
a ''551 User has moved; please try <address>'' message.
If this is set, you can alias people who have left
to their new address with ".REDIRECT" appended.
FEATURE(always_add_domain)dnl
always_add_domain
Include the local host domain even on locally delivered
mail. Normally it is not added on unqualified names.
However, if you use a shared message store but do not use
the same user name space everywhere, you may need the host
name on local names. An optional argument specifies
another domain to be added than the local.
FEATURE(use_cw_file)dnl
FEATURE('use_cw_file')tells
sendmail that you want to have it read
an
/etc/mail/local-host-names file to get values for class {w}.
FEATURE(use_ct_file)dnl
use_ct_file Read the file /etc/mail/trusted-users file to get the
names of users that will be ''trusted'', that is, able to
set their envelope from address using -f without generating
a warning message. The actual filename can be overridden
by redefining confCT_FILE.
FEATURE(local_procmail,'','procmail
-t -Y -a $h -d $u')dnl
dnl The '-t' option will retry delivery if e.g. the user runs over
his quota.
local_procmail Use procmail or another delivery
agent as the local mailer.
The argument to this feature is the pathname of the
delivery agent, which defaults to PROCMAIL_MAILER_PATH.
Note that this does NOT use PROCMAIL_MAILER_FLAGS or
PROCMAIL_MAILER_ARGS for the local mailer; tweak
LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
specify the appropriate parameters. When procmail is used,
the local mailer can make use of the
"user+indicator@local.host" syntax; normally the +indicator
is just tossed, but by default it is passed as the -a
argument to procmail.
This feature can take up to three arguments:
1. Path to the mailer program
[default: /usr/local/bin/procmail]
2. Argument vector including name of the program
[default: procmail -Y -a $h -d $u]
3. Flags for the mailer [default: SPfhn9]
Empty arguments cause the defaults to be taken.
For example, this allows it to use the maildrop
(http://www.flounder.net/~mrsam/maildrop/) mailer instead
by specifying:
FEATURE('local_procmail', '/usr/local/bin/maildrop',
'maildrop -d $u')
or scanmails using:
FEATURE('local_procmail', '/usr/local/bin/scanmails')
WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
i.e., without respecting any definitions in an OSTYPE setting.
FEATURE('access_db','hash
-T<TMPF> -o /etc/mail/access.db')dnl
access_db Turns on the access database feature.
The access db gives
you the ability to allow or refuse to accept mail from
specified domains for administrative reasons. Moreover,
it can control the behavior of sendmail in various situations.
By default, the access database specification is:
hash -T<TMPF> /etc/mail/access
See the anti-spam configuration control section for further
important information about this feature. Notice:
"-T<TMPF>" is meant literal, do not replace it by
anything.
FEATURE('blacklist_recipients')dnl
blacklist_recipients
Turns on the ability to block incoming mail for certain
recipient usernames, hostnames, or addresses. For
example, you can block incoming mail to user nobody,
host foo.mydomain.com, or guest@bar.mydomain.com.
These specifications are put in the access db as
described in the anti-spam configuration control section
later in this document.
EXPOSED_USER('root')dnl
EXPOSED_USER('usernames')
This
adds users to class {E}; you could also use
DAEMON_OPTIONS('Port=smtp,Addr=127.0.0.1, Name=MTA')
dnl
This changes sendmail to only listen on the loopback device 127.0.0.1
dnl
and not on any other network devices. Comment this out if you want
dnl
to accept email over the network.
dnl
DAEMON_OPTIONS('port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')
dnl
NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl
a kernel patch
FEATURE('accept_unresolvable_domains')dnl
dnl We strongly recommend to comment
this one out if you want to protect
dnl
yourself from spam. However, the laptop and users on computers that
do
dnl
not have 24x7 DNS do need this.
accept_unresolvable_domains
Normally, MAIL FROM: commands in the SMTP session will be
refused if the host part of the argument to MAIL FROM:
cannot be located in the host name service (e.g., an A or
MX record in DNS). If you are inside a firewall that has
only a limited view of the Internet host name space, this
could cause problems. In this case you probably want to
use this feature to accept all domains on input, even if
they are unresolvable.
dnl
FEATURE('relay_based_on_MX')dnl
relay_based_on_MX
Turns on the ability to allow relaying based on the MX
records of the host portion of an incoming recipient; that
is, if an MX record for host foo.com points to your site,
you will accept and relay mail addressed to foo.com. See
description below for more information before using this
feature. Also, see the KNOWNBUGS entry regarding bestmx
map lookups.
FEATURE('relay_based_on_MX') does not necessarily allow
routing of these messages which you expect to be allowed,
if route address syntax (or %-hack syntax) is used. If
this is a problem, add entries to the access-table or use
FEATURE('loose_relay_check').
MAILER(smtp)dnl
MAILER(procmail)dnl
These
describe the mailers used at the default CS site. The local
mailer
is always included automatically. Beware: MAILER declarations
should
always be at the end of the configuration file. The general
rules
are that the order should be:
local
The local and prog mailers. You will almost always
need these; the only exception is if you relay ALL
your mail to another site. This mailer is included
automatically.
smtp
The Simple Mail Transport Protocol mailer. This does
not hide hosts behind a gateway or another other
such hack; it assumes a world where everyone is
running the name server. This file actually defines
five mailers: "smtp" for regular (old-style) SMTP to
other servers, "esmtp" for extended SMTP to other
servers, "smtp8" to do SMTP to other servers without
converting 8-bit data to MIME (essentially, this is
your statement that you know the other end is 8-bit
clean even if it doesn't say so), "dsmtp" to do on
demand delivery, and "relay" for transmission to the
RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
pop
Post Office Protocol.
procmail
An interface to procmail (does not come with sendmail).
This is designed to be used in mailertables. For example,
a common question is "how do I forward all mail for a given
domain to a single person?". If you have this mailer
defined, you could set up a mailertable reading:
host.com procmail:/etc/procmailrcs/host.com
with the file /etc/procmailrcs/host.com reading:
:0 # forward mail for host.com
! -oi -f $1 person@other.host
This would arrange for (anything)@host.com to be sent
to person@other.host. Within the procmail script, $1 is
the name of the sender and $2 is the name of the recipient.
If you use this with FEATURE('local_procmail'), the FEATURE
should be listed first.
Of course there are other ways to solve this particular
problem, e.g., a catch-all entry in a virtusertable.
Cwlocalhost.localdomain
Familiarize Yourself with sendmail