Familiarize Yourself with sendmail
Submitted by h.santhosh@timk... on Saturday, November 22, 2003 - 15:24
 

Familiarize Yourself with sendmail

 

When we do a default Linux server installation you will find the default /etc/mail/sendmail.mc . This file has various macros defined and with very little explanation. Firstly, preview your default sendmail.mc. Than the below article explains the details for most of the macros defined in sendmail.mc in the same order. For more information refer to Sendmail.mc Explained

===============================================================================

divert(-1)

dnl This is the sendmail macro config file. If you make changes to this file,

dnl you need the sendmail-cf rpm installed and then have to generate

dnl new /etc/mail/sendmail.cf by running the following command:

dnl

dnl        m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

dnl

 

include('/usr/share/sendmail-cf/m4/cf.m4')

This is a requirement in order to process the macro file and generate the

sendmail.cf file. This include the cf.m4 macro files which contains lots of macro definition for the rest of the file.

 

VERSIONID('linux setup for Red Hat Linux')dnl

      VERSIONID is a macro that stuffs the version information into the resulting file.  You could use SCCS, RCS, CVS, something else, or omit it completely.  This is not the same as the version id included in SMTP greeting messages -- this is defined in m4/version.m4.

 

 

OSTYPE('linux')

      You must specify an OSTYPE to properly configure things such as the pathname of the help and status files, the flags needed for the local mailer, and other important things.  If you omit it, you will get an error when you try to build the configuration.  Look at the ostype directory for the list of known operating system types. DOMAIN('CS.Berkeley.EDU')dnl This example is specific to the Computer Science Division at Berkeley. You can use "DOMAIN('generic')" to get a sufficiently bland definition that may well work for you, or you can create a customized domain definition appropriate for your environment.

 

dnl define('SMART_HOST','smtp.your.provider')

Uncomment and edit the following line if your mail needs to be sent out through an external mail server:

 

define('confDEF_USER_ID',''8:12'')dnl

      confDEF_USER_ID         DefaultUser [1:1] Default user id.

 

undefine('UUCP_RELAY')dnl

      UUCP_RELAY  The host that will accept UUCP-addressed email.

            If not defined, all UUCP sites must be directly connected.

 

undefine('BITNET_RELAY')dnl

      BITNET_RELAY      The host that will accept BITNET-addressed email.

            If not defined, the .BITNET pseudo-domain won't work.

 

dnl define('confAUTO_REBUILD')dnl

 

define('confTO_CONNECT', '1m')dnl

confTO_CONNECT    Timeout.connect   [0] The timeout waiting for an initial connect() to complete.  This can only shorten connection timeouts; the kernel silently enforces an absolute maximum (which varies depending on the system).

 

define('confTRY_NULL_MX_LIST',true)dnl

      confTRY_NULL_MX_LIST    TryNullMXList[False] If this host is the best MX

                              for a host and other arrangements

                              haven't been made, try connecting

                              to the host directly; normally this

                              would be a config error.

 

 

define('confDONT_PROBE_INTERFACES',true)dnl

      confDONT_PROBE_INTERFACES  DontProbeInterfaces

                              [False] If set, sendmail will _not_

                              insert the names and addresses of any

                              local interfaces into class {w}

                              (list of known "equivalent" addresses).

                              If you set this, you must also include

                              some support for these addresses (e.g.,

                              in a mailertable entry) -- otherwise,

                              mail to addresses in this list will

                              bounce with a configuration error.

                              If set to "loopback" (without

                              quotes), sendmail will skip

                              loopback interfaces (e.g., "lo0").

     

define('PROCMAIL_MAILER_PATH','/usr/bin/procmail')dnl

      PROCMAIL_MAILER_PATH    [/usr/local/bin/procmail] The path to the procmail program.  This is also used by FEATURE('local_procmail').

 

define('ALIAS_FILE', '/etc/aliases')dnl

      ALIAS_FILE        [/etc/mail/aliases] The location of the text version

                  of the alias file(s).  It can be a comma-separated

                  list of names (but be sure you quote values with

                  commas in them -- for example, use define('ALIAS_FILE', 'a,b')

                  to get "a" and "b" both listed as alias files;

                  otherwise the define() primitive only sees "a").

 

dnl define('STATUS_FILE', '/etc/mail/statistics')dnl

      STATUS_FILE       [/etc/mail/statistics] The file containing status information.

 

define('UUCP_MAILER_MAX', '2000000')dnl

      UUCP_MAILER_MAX         [100000] The maximum size message accepted for transmission by the UUCP mailers.

 

define('confUSERDB_SPEC', '/etc/mail/userdb.db')dnl

      confUSERDB_SPEC         UserDatabaseSpec

                              [undefined] User database specification.

 

define('confPRIVACY_FLAGS', 'authwarnings,novrfy,noexpn,restrictqrun')dnl

      confPRIVACY_FLAGS PrivacyOptions    [authwarnings] Privacy flags.

 

define('confAUTH_OPTIONS', 'A')dnl

      confAUTH_OPTIONS  AuthOptions [undefined] If this option is 'A'

                              then the AUTH= parameter for the

                              MAIL FROM command is only issued

                              when authentication succeeded.

                              Other values (which should be listed

                              one after the other without any

                              intervening characters except for

                              space or comma) are a, c, d, f, p,

                              and y.  See doc/op/op.me for

                              details.

 

define('confMAX_MESSAGE_SIZE','100')dnl

      confMAX_MESSAGE_SIZE    MaxMessageSize    [infinite] The maximum size of

messages that will be accepted (in bytes).

 

 

dnl TRUST_AUTH_MECH('EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

      Per default, relaying is allowed for any user who authenticated

via a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH('list of mechanisms')

For example: TRUST_AUTH_MECH('KERBEROS_V4 DIGEST-MD5')

 

dnl define('confAUTH_MECHANISMS', 'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

      confAUTH_MECHANISMS     AuthMechanisms    [GSSAPI KERBEROS_V4 DIGEST-MD5

                              CRAM-MD5] List of authentication

                              mechanisms for AUTH (separated by

                              spaces).  The advertised list of

                              authentication mechanisms will be the

                              intersection of this list and the list

                              of available mechanisms as determined

                              by the CYRUS SASL library.

 

dnl define('confCACERT_PATH','/usr/share/ssl/certs')

      confCACERT_PATH         CACERTPath  [undefined] Path to directory

                              with certs of CAs.

 

dnl define('confCACERT','/usr/share/ssl/certs/ca-bundle.crt')

      confCACERT        CACERTFile  [undefined] File containing one CA

                              cert.

 

dnl define('confSERVER_CERT','/usr/share/ssl/certs/sendmail.pem')

      confSERVER_CERT         ServerCertFile    [undefined] File containing the

                              cert of the server, i.e., this cert

                              is used when sendmail acts as

                              server.

 

dnl define('confSERVER_KEY','/usr/share/ssl/certs/sendmail.pem')

      confSERVER_KEY          ServerKeyFile     [undefined] File containing the

                              private key belonging to the server

                              cert.

 

dnl define('confTO_QUEUEWARN', '4h')dnl

      confTO_QUEUEWARN  Timeout.queuewarn

                              [4h] The timeout before a warning

                              message is sent to the sender telling

                              them that the message has been

                              deferred.

 

dnl define('confTO_QUEUERETURN', '5d')dnl

      confTO_QUEUERETURN      Timeout.queuereturn

                              [5d] The timeout before a message is

                              returned as undeliverable.

 

dnl define('confQUEUE_LA', '12')dnl

confQUEUE_LA            QueueLA           [varies] Load average at which

                              queue-only function kicks in.

                              Default values is (8 * numproc)

                              where numproc is the number of

                              processors online (if that can be

                              determined).

 

dnl define('confREFUSE_LA', '18')dnl

confREFUSE_LA           RefuseLA    [varies] Load average at which

                              incoming SMTP connections are

                              refused.  Default values is (12 *

                              numproc) where numproc is the

                              number of processors online (if

                              that can be determined).

 

define('confTO_IDENT', '0')dnl

      confTO_IDENT            Timeout.ident     [5s] The timeout waiting for a

                              response to an IDENT query.

 

dnl FEATURE(delay_checks)dnl

      delay_checks      The rulesets check_mail and check_relay will not be called

            when a client connects or issues a MAIL command, respectively.

            Instead, those rulesets will be called by the check_rcpt

            ruleset; they will be skipped under certain circumstances.

            See "Delay all checks" in the anti-spam configuration control

            section.  Note: this feature is incompatible to the versions

            in 8.10 and 8.11.

 

FEATURE('no_default_msa','dnl')dnl

      no_default_msa    Don't generate the default MSA daemon, i.e.,

            DAEMON_OPTIONS('Port=587,Name=MSA,M=E')

            To define a MSA daemon with other parameters, use this

            FEATURE and introduce new settings via DAEMON_OPTIONS().

 

FEATURE('smrsh','/usr/sbin/smrsh')dnl

      smrsh       Use the SendMail Restricted SHell (smrsh) provided

            with the distribution instead of /bin/sh for mailing

            to programs.  This improves the ability of the local

            system administrator to control what gets run via

            e-mail.  If an argument is provided it is used as the

            pathname to smrsh; otherwise, the path defined by

            confEBINDIR is used for the smrsh binary -- by default,

            /usr/libexec/smrsh is assumed.

 

FEATURE('mailertable','hash -o /etc/mail/mailertable.db')dnl

      mailertable Include a "mailer table" which can be used to override

            routing for particular domains (which are not in class {w},

            i.e.  local host names).  The argument of the FEATURE may be

            the key definition.  If none is specified, the definition

            used is:

                  hash /etc/mail/mailertable

            Keys in this database are fully qualified domain names

            or partial domains preceded by a dot -- for example,

            "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".  As a

            special case of the latter, "." matches any domain not

            covered by other keys.  Values must be of the form:

                  mailer:domain

            where "mailer" is the internal mailer name, and "domain"

            is where to send the message.  These maps are not

            reflected into the message header.  As a special case,

            the forms:

                  local:user

            will forward to the indicated user using the local mailer,

                  local:

            will forward to the original user in the e-mail address

            using the local mailer, and

                  error:code message

                  error:D.S.N:code message

            will give an error message with the indicated SMTP reply

            code and message, where D.S.N is an RFC 1893 compliant

            error code.

 

FEATURE('virtusertable','hash -o /etc/mail/virtusertable.db')dnl

      virtusertable     A domain-specific form of aliasing, allowing multiple

            virtual domains to be hosted on one machine.  For example,

            if the virtuser table contained:

                  info@foo.com      foo-info

                  info@bar.com      bar-info

                  joe@bar.com error:nouser 550 No such user here

                  jax@bar.com error:5.7.0:550 Address invalid

                  @baz.org    jane@example.net

            then mail addressed to info@foo.com will be sent to the

            address foo-info, mail addressed to info@bar.com will be

            delivered to bar-info, and mail addressed to anyone at baz.org

            will be sent to jane@example.net, mail to joe@bar.com will

            be rejected with the specified error message, and mail to

            jax@bar.com will also have a RFC 1893 compliant error code

            5.7.0.

 

            The username from the original address is passed

            as %1 allowing:

                  @foo.org    %1@example.com

            meaning someone@foo.org will be sent to someone@example.com.

            Additionally, if the local part consists of "user+detail"

            then "detail" is passed as %2 and "+detail" is passed as %3

            when a match against user+* is attempted, so entries like

                  old+*@foo.org     new+%2@example.com

                  gen+*@foo.org     %2@example.com

                  +*@foo.org  %1%3@example.com

                  X++@foo.org Z%3@example.com

                  @bar.org    %1%3

 

            and other forms are possible.  Note: to preserve "+detail"

            for a default case (@domain) %1%3 must be used as RHS.

            There are two wildcards after "+": "+" matches only a non-empty

            detail, "*" matches also empty details, e.g., user+@foo.org

            matches +*@foo.org but not ++@foo.org.  This can be used

            to ensure that the parameters %2 and %3 are not empty.

 

            All the host names on the left hand side (foo.com, bar.com,

            and baz.org) must be in class {w} or class {VirtHost}.  The

            latter can be defined by the macros VIRTUSER_DOMAIN or

            VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and

            MASQUERADE_DOMAIN_FILE, see below).  If VIRTUSER_DOMAIN or

            VIRTUSER_DOMAIN_FILE is used, then the entries of class

            {VirtHost} are added to class {R}, i.e., relaying is allowed

            to (and from) those domains.  The default map definition is:

                  hash /etc/mail/virtusertable

            A new definition can be specified as the second argument of

            the FEATURE macro, such as

                  FEATURE('virtusertable', 'dbm /etc/mail/virtusers')

 

FEATURE(redirect)dnl

      redirect    Reject all mail addressed to "address.REDIRECT" with

            a ''551 User has moved; please try <address>'' message.

            If this is set, you can alias people who have left

            to their new address with ".REDIRECT" appended.

 

FEATURE(always_add_domain)dnl

      always_add_domain

            Include the local host domain even on locally delivered

            mail.  Normally it is not added on unqualified names.

            However, if you use a shared message store but do not use

            the same user name space everywhere, you may need the host

            name on local names.  An optional argument specifies

            another domain to be added than the local.

 

FEATURE(use_cw_file)dnl

            FEATURE('use_cw_file')tells sendmail that you want to have it read

an /etc/mail/local-host-names file to get values for class {w}.

 

FEATURE(use_ct_file)dnl

      use_ct_file Read the file /etc/mail/trusted-users file to get the

            names of users that will be ''trusted'', that is, able to

            set their envelope from address using -f without generating

            a warning message.  The actual filename can be overridden

            by redefining confCT_FILE.

 

FEATURE(local_procmail,'','procmail -t -Y -a $h -d $u')dnl

dnl The '-t' option will retry delivery if e.g. the user runs over his quota.

      local_procmail    Use procmail or another delivery agent as the local mailer.

            The argument to this feature is the pathname of the

            delivery agent, which defaults to PROCMAIL_MAILER_PATH.

            Note that this does NOT use PROCMAIL_MAILER_FLAGS or

            PROCMAIL_MAILER_ARGS for the local mailer; tweak

            LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or

            specify the appropriate parameters.  When procmail is used,

            the local mailer can make use of the

            "user+indicator@local.host" syntax; normally the +indicator

            is just tossed, but by default it is passed as the -a

            argument to procmail.

 

            This feature can take up to three arguments:

            1. Path to the mailer program

               [default: /usr/local/bin/procmail]

            2. Argument vector including name of the program

               [default: procmail -Y -a $h -d $u]

            3. Flags for the mailer [default: SPfhn9]

 

            Empty arguments cause the defaults to be taken.

            For example, this allows it to use the maildrop

            (http://www.flounder.net/~mrsam/maildrop/) mailer instead

            by specifying:

 

            FEATURE('local_procmail', '/usr/local/bin/maildrop',

             'maildrop -d $u')

            or scanmails using:

            FEATURE('local_procmail', '/usr/local/bin/scanmails')

            WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,

            i.e.,  without respecting any definitions in an OSTYPE setting.

 

FEATURE('access_db','hash -T<TMPF> -o /etc/mail/access.db')dnl

      access_db   Turns on the access database feature.  The access db gives

            you the ability to allow or refuse to accept mail from

            specified domains for administrative reasons.  Moreover,

            it can control the behavior of sendmail in various situations.

            By default, the access database specification is:

 

                  hash -T<TMPF> /etc/mail/access

 

            See the anti-spam configuration control section for further

            important information about this feature.  Notice:

            "-T<TMPF>" is meant literal, do not replace it by anything.

 

FEATURE('blacklist_recipients')dnl

      blacklist_recipients

            Turns on the ability to block incoming mail for certain

            recipient usernames, hostnames, or addresses.  For

            example, you can block incoming mail to user nobody,

            host foo.mydomain.com, or guest@bar.mydomain.com.

            These specifications are put in the access db as

            described in the anti-spam configuration control section

            later in this document.

 

EXPOSED_USER('root')dnl

      EXPOSED_USER('usernames')

This adds users to class {E}; you could also use

 

DAEMON_OPTIONS('Port=smtp,Addr=127.0.0.1, Name=MTA')

dnl This changes sendmail to only listen on the loopback device 127.0.0.1

dnl and not on any other network devices. Comment this out if you want

dnl to accept email over the network.

 

dnl DAEMON_OPTIONS('port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')

dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires

dnl       a kernel patch

 

FEATURE('accept_unresolvable_domains')dnl

dnl We strongly recommend to comment this one out if you want to protect

dnl yourself from spam. However, the laptop and users on computers that do

dnl not have 24x7 DNS do need this.

      accept_unresolvable_domains

            Normally, MAIL FROM: commands in the SMTP session will be

            refused if the host part of the argument to MAIL FROM:

            cannot be located in the host name service (e.g., an A or

            MX record in DNS).  If you are inside a firewall that has

            only a limited view of the Internet host name space, this

            could cause problems.  In this case you probably want to

            use this feature to accept all domains on input, even if

            they are unresolvable.

 

dnl FEATURE('relay_based_on_MX')dnl

      relay_based_on_MX

            Turns on the ability to allow relaying based on the MX

            records of the host portion of an incoming recipient; that

            is, if an MX record for host foo.com points to your site,

            you will accept and relay mail addressed to foo.com.  See

            description below for more information before using this

            feature.  Also, see the KNOWNBUGS entry regarding bestmx

            map lookups.

 

            FEATURE('relay_based_on_MX') does not necessarily allow

            routing of these messages which you expect to be allowed,

            if route address syntax (or %-hack syntax) is used.  If

            this is a problem, add entries to the access-table or use

            FEATURE('loose_relay_check').

 

MAILER(smtp)dnl  

MAILER(procmail)dnl

These describe the mailers used at the default CS site.  The local

mailer is always included automatically.  Beware: MAILER declarations

should always be at the end of the configuration file.  The general

rules are that the order should be:

 

local       The local and prog mailers.  You will almost always

            need these; the only exception is if you relay ALL

            your mail to another site.  This mailer is included

            automatically.

 

smtp        The Simple Mail Transport Protocol mailer.  This does

            not hide hosts behind a gateway or another other

            such hack; it assumes a world where everyone is

            running the name server.  This file actually defines

            five mailers: "smtp" for regular (old-style) SMTP to

            other servers, "esmtp" for extended SMTP to other

            servers, "smtp8" to do SMTP to other servers without

            converting 8-bit data to MIME (essentially, this is

            your statement that you know the other end is 8-bit

            clean even if it doesn't say so), "dsmtp" to do on

            demand delivery, and "relay" for transmission to the

            RELAY_HOST, LUSER_RELAY, or MAIL_HUB.

 

pop         Post Office Protocol.

 

procmail    An interface to procmail (does not come with sendmail).

            This is designed to be used in mailertables.  For example,

            a common question is "how do I forward all mail for a given

            domain to a single person?".  If you have this mailer

            defined, you could set up a mailertable reading:

                  host.com    procmail:/etc/procmailrcs/host.com

            with the file /etc/procmailrcs/host.com reading:

                  :0    # forward mail for host.com

                  ! -oi -f $1 person@other.host

            This would arrange for (anything)@host.com to be sent

            to person@other.host.  Within the procmail script, $1 is

            the name of the sender and $2 is the name of the recipient.

            If you use this with FEATURE('local_procmail'), the FEATURE

            should be listed first.

 

            Of course there are other ways to solve this particular

            problem, e.g., a catch-all entry in a virtusertable.

 

Cwlocalhost.localdomain