| 1 | |
| 2 | |
| 3 | NEW SENDMAIL CONFIGURATION FILES |
| 4 | |
| 5 | Eric Allman <eric@CS.Berkeley.EDU> |
| 6 | |
| 7 | @(#)README 8.48 (Berkeley) %G% |
| 8 | |
| 9 | |
| 10 | This document describes the sendmail configuration files being used |
| 11 | at Berkeley. These use features in the new (R8) sendmail; they will |
| 12 | not work on other versions. |
| 13 | |
| 14 | These configuration files are probably not as general as previous |
| 15 | versions, and don't handle as many of the weird cases automagically. |
| 16 | I was able to simplify by them for two reasons. First, the network |
| 17 | has become more consistent -- for example, at this point, everyone |
| 18 | on the internet is supposed to be running a name server, so hacks to |
| 19 | handle NIC-registered hosts can go away. Second, I assumed that a |
| 20 | subdomain would be running SMTP internally -- UUCP is presumed to be |
| 21 | a long-haul protocol. I realize that this is not universal, but it |
| 22 | does describe the vast majority of sites with which I am familiar, |
| 23 | including those outside the US. |
| 24 | |
| 25 | Of course, the downside of this is that if you do live in a weird |
| 26 | world, things are going to get weirder for you. I'm sorry about that, |
| 27 | but at the time we at Berkeley had a problem, and it seemed like the |
| 28 | right thing to do. |
| 29 | |
| 30 | This package requires a post-V7 version of m4; if you are running the |
| 31 | 4.2bsd, SysV.2, or 7th Edition version, I suggest finding a friend with |
| 32 | a newer version. You can m4-expand on their system, then run locally. |
| 33 | SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work. GNU m4 version 1.1 |
| 34 | also works. Unfortunately, I'm told that the M4 on BSDI 1.0 doesn't |
| 35 | work -- you'll have to use a Net/2 or GNU version. |
| 36 | |
| 37 | IF YOU DON'T HAVE A BERKELEY MAKE, don't despair! Just run |
| 38 | "m4 foo.mc > foo.cf" -- that should be all you need. There is also |
| 39 | a fairly crude (but functional) Makefile.dist that works on the |
| 40 | old version of make. |
| 41 | |
| 42 | To get started, you may want to look at tcpproto.mc (for TCP-only |
| 43 | sites), uucpproto.mc (for UUCP-only sites), and clientproto.mc (for |
| 44 | clusters of clients using a single mail host). Others are versions |
| 45 | that we use at Berkeley, although not all are in current use. For |
| 46 | example, ucbarpa has gone away, but I've left ucbarpa.mc in because |
| 47 | it demonstrates some interesting techniques. |
| 48 | |
| 49 | I'm not pretending that this README describes everything that these |
| 50 | configuration files can do; clever people can probably tweak them |
| 51 | to great effect. But it should get you started. |
| 52 | |
| 53 | ******************************************************************* |
| 54 | *** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** |
| 55 | *** Berkeley-specific assumptions built in, such as the name *** |
| 56 | *** of our UUCP-relay. You'll want to create your own domain *** |
| 57 | *** description, and use that in place of domain/Berkeley.m4. *** |
| 58 | ******************************************************************* |
| 59 | |
| 60 | |
| 61 | +--------------------------+ |
| 62 | | INTRODUCTION AND EXAMPLE | |
| 63 | +--------------------------+ |
| 64 | |
| 65 | Configuration files are contained in the subdirectory "cf", with a |
| 66 | suffix ".mc". They must be run through "m4" to produce a ".cf" file. |
| 67 | |
| 68 | Let's examine a typical .mc file (cf/cs-exposed.mc): |
| 69 | |
| 70 | divert(-1) |
| 71 | # |
| 72 | # Copyright (c) 1983 Eric P. Allman |
| 73 | # Copyright (c) 1988 The Regents of the University of California. |
| 74 | # All rights reserved. |
| 75 | # |
| 76 | # Redistribution and use in source and binary forms are permitted |
| 77 | # provided that the above copyright notice and this paragraph are |
| 78 | # duplicated in all such forms and that any documentation, |
| 79 | # advertising materials, and other materials related to such |
| 80 | # distribution and use acknowledge that the software was developed |
| 81 | # by the University of California, Berkeley. The name of the |
| 82 | # University may not be used to endorse or promote products derived |
| 83 | # from this software without specific prior written permission. |
| 84 | # THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
| 85 | # IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
| 86 | # WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
| 87 | # |
| 88 | |
| 89 | The divert(-1) will delete the crud in the resulting output file. |
| 90 | The copyright notice is what your lawyers require. Our lawyers require |
| 91 | the one that I've included in my files. A copyleft is a copyright by |
| 92 | another name. |
| 93 | |
| 94 | The next line MUST be |
| 95 | |
| 96 | include(`../m4/cf.m4') |
| 97 | |
| 98 | This will pull in the M4 macros you will need to make sense of |
| 99 | everything else. As the saying goes, don't think about it, just |
| 100 | do it. If you don't do it, don't bother reading the rest of this |
| 101 | file. |
| 102 | |
| 103 | VERSIONID(`<SCCS or RCS version id>') |
| 104 | |
| 105 | VERSIONID is a macro that stuffs the version information into the |
| 106 | resulting file. We use SCCS; you could use RCS, something else, or |
| 107 | omit it completely. This is not the same as the version id included |
| 108 | in SMTP greeting messages -- this is defined in m4/version.m4. |
| 109 | |
| 110 | DOMAIN(cs.exposed) |
| 111 | |
| 112 | This example exposes the host inside of the CS subdomain -- that is, |
| 113 | it doesn't try to hide the name of the workstation to the outside |
| 114 | world. Changing this to DOMAIN(cs.hidden) would have made outgoing |
| 115 | messages refer to "<username>@CS.Berkeley.EDU" instead of using the |
| 116 | local hostname. Internally this is effected by using |
| 117 | "MASQUERADE_AS(CS.Berkeley.EDU)". |
| 118 | |
| 119 | MAILER(smtp) |
| 120 | |
| 121 | These describe the mailers used at the default CS site site. The |
| 122 | local mailer is always included automatically. |
| 123 | |
| 124 | |
| 125 | +--------+ |
| 126 | | OSTYPE | |
| 127 | +--------+ |
| 128 | |
| 129 | Note that cf/cs-exposed.mc omits an OSTYPE macro -- this assumes |
| 130 | default Computer Science Division environment. There are several |
| 131 | explicit environments available: bsd4.3, bsd4.4, hpux, irix, osf1, |
| 132 | riscos4.5, sunos3.5, sunos4.1, and ultrix4.1. These change things |
| 133 | like the location of the alias file and queue directory. Some of |
| 134 | these files are identical to one another. |
| 135 | |
| 136 | Operating system definitions are easy to write. They may define |
| 137 | the following variables (everything defaults, so an ostype file |
| 138 | may be empty). |
| 139 | |
| 140 | ALIAS_FILE [/etc/aliases] The location of the text version |
| 141 | of the alias file(s). It can be a comma-separated |
| 142 | list of names (but be sure you quote values with |
| 143 | commas in them -- for example, use |
| 144 | define(`ALIAS_FILE', `a,b') |
| 145 | to get "a" and "b" both listed as alias files; |
| 146 | otherwise the define() primitive only sees "a"). |
| 147 | HELP_FILE [/usr/lib/sendmail.hf] The name of the file |
| 148 | containing information printed in response to |
| 149 | the SMTP HELP command. |
| 150 | QUEUE_DIR [/var/spool/mqueue] The directory containing |
| 151 | queue files. |
| 152 | STATUS_FILE [/etc/sendmail.st] The file containing status |
| 153 | information. |
| 154 | LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. |
| 155 | LOCAL_MAILER_FLAGS [rmn] The flags used by the local mailer. The |
| 156 | flags lsDFM are always included. |
| 157 | LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local |
| 158 | mail. |
| 159 | LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local |
| 160 | mail that you are willing to accept. |
| 161 | LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. |
| 162 | LOCAL_SHELL_FLAGS [eu] The flags used by the shell mailer. The |
| 163 | flags lsDFM are always included. |
| 164 | LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" |
| 165 | mail. |
| 166 | LOCAL_SHELL_DIR [$z:/] The directory search path in which the |
| 167 | shell should run. |
| 168 | USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program |
| 169 | used to submit news. |
| 170 | USENET_MAILER_FLAGS [rlsDFMmn] The mailer flags for the usenet mailer. |
| 171 | USENET_MAILER_ARGS [-m -h -n] The command line arguments for the |
| 172 | usenet mailer. |
| 173 | USENET_MAILER_MAX [100000] The maximum size of messages that will |
| 174 | be accepted by the usenet mailer. |
| 175 | SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default |
| 176 | flags are `mDFMUX' for all SMTP-based mailers; the |
| 177 | "esmtp" mailer adds `a' and "smtp8" adds `8'. |
| 178 | SMTP_MAILER_MAX [undefined] The maximum size of messages that will |
| 179 | be transported using the smtp, smtp8, or esmtp |
| 180 | mailers. |
| 181 | SMTP_MAILER_ARGS [IPC $h] The arguments passed to the smtp mailer. |
| 182 | About the only reason you would want to change this |
| 183 | would be to change the default port. |
| 184 | ESMTP_MAILER_ARGS [IPC $h] The arguments passed to the esmtp mailer. |
| 185 | SMTP8_MAILER_ARGS [IPC $h] The arguments passed to the smtp8 mailer. |
| 186 | RELAY_MAILER_ARGS [IPC $h] The arguments passed to the relay mailer. |
| 187 | UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default |
| 188 | flags are `DFMhuU' (and `m' for suucp mailer, minus |
| 189 | `U' for uucp-dom mailer). |
| 190 | UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments |
| 191 | passed to the UUCP mailer. |
| 192 | UUCP_MAX_SIZE [100000] The maximum size message accepted for |
| 193 | transmission by the UUCP mailers. |
| 194 | FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to |
| 195 | submit FAX messages. |
| 196 | FAX_MAILER_MAX [100000] The maximum size message accepted for |
| 197 | transmission by FAX. |
| 198 | POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. |
| 199 | POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags "lsDFM" |
| 200 | are always added. |
| 201 | POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. |
| 202 | PROCMAIL_MAILER_FLAGS [Shu] Flags added to Procmail mailer. Flags |
| 203 | ``DFMmn'' are always set. |
| 204 | PROCMAIL_MAILER_ARGS [procmail -m $h $f $u] The arguments passed to |
| 205 | the Procmail mailer. |
| 206 | PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that |
| 207 | will be accepted by the procmail mailer. |
| 208 | |
| 209 | +---------+ |
| 210 | | DOMAINS | |
| 211 | +---------+ |
| 212 | |
| 213 | You will probably want to collect domain-dependent defines into one |
| 214 | file, referenced by the DOMAIN macro. For example, our Berkeley |
| 215 | domain file includes definitions for several internal distinguished |
| 216 | hosts: |
| 217 | |
| 218 | UUCP_RELAY The host that will forward UUCP-addressed email. |
| 219 | If not defined, all UUCP sites must be directly |
| 220 | connected. |
| 221 | BITNET_RELAY The host that will forward BITNET-addressed email. |
| 222 | If not defined, the .BITNET pseudo-domain won't work. |
| 223 | LOCAL_RELAY The site that will handle unqualified names -- that |
| 224 | is, names with out an @domain extension. If not set, |
| 225 | they are assumed to belong on this machine. This |
| 226 | allows you to have a central site to store a |
| 227 | company- or department-wide alias database. This |
| 228 | only works at small sites, and there are better |
| 229 | methods. |
| 230 | LUSER_RELAY The site that will handle lusers -- that is, apparently |
| 231 | local names that aren't local accounts or aliases. |
| 232 | |
| 233 | Any of these can be either ``mailer:hostname'' (in which case the |
| 234 | mailer is the internal mailer name, such as ``suucp'' and the hostname |
| 235 | is the name of the host as appropriate for that mailer) or just a |
| 236 | ``hostname'', in which case a default mailer type (usually ``relay'', |
| 237 | a variant on SMTP) is used. WARNING: if you have a wildcard MX |
| 238 | record matching your domain, you probably want to define these to |
| 239 | have a trailing dot so that you won't get the mail diverted back |
| 240 | to yourself. |
| 241 | |
| 242 | The domain file can also be used to define a domain name, if needed |
| 243 | (using "DD<domain>") and set certain site-wide features. If all hosts |
| 244 | at your site masquerade behind one email name, you could also use |
| 245 | MASQUERADE_AS here. |
| 246 | |
| 247 | You do not have to define a domain -- in particular, if you are a |
| 248 | single machine sitting off somewhere, it is probably more work than |
| 249 | it's worth. This is just a mechanism for combining "domain dependent |
| 250 | knowledge" into one place. |
| 251 | |
| 252 | +---------+ |
| 253 | | MAILERS | |
| 254 | +---------+ |
| 255 | |
| 256 | There are fewer mailers supported in this version than the previous |
| 257 | version, owing mostly to a simpler world. |
| 258 | |
| 259 | local The local and prog mailers. You will almost always |
| 260 | need these; the only exception is if you relay ALL |
| 261 | your mail to another site. This mailer is included |
| 262 | automatically. |
| 263 | |
| 264 | smtp The Simple Mail Transport Protocol mailer. This does |
| 265 | not hide hosts behind a gateway or another other |
| 266 | such hack; it assumes a world where everyone is |
| 267 | running the name server. This file actually defines |
| 268 | four mailers: "smtp" for regular (old-style) SMTP to |
| 269 | other servers, "esmtp" for extended SMTP to other |
| 270 | servers, "smtp8" to do SMTP to other servers without |
| 271 | converting 8-bit data to MIME (essentially, this is |
| 272 | your statement that you know the other end is 8-bit |
| 273 | clean even if it doesn't say so), and "relay" for |
| 274 | transmission to our RELAY_HOST, LUSER_RELAY, or |
| 275 | MAILER_HUB. |
| 276 | |
| 277 | uucp The Unix-to-Unix Copy Program mailer. Actually, this |
| 278 | defines two mailers, "uucp-old" (a.k.a. "uucp") and |
| 279 | "uucp-new" (a.k.a. "suucp"). The latter is for when you |
| 280 | know that the UUCP mailer at the other end can handle |
| 281 | multiple recipients in one transfer. If the smtp mailer |
| 282 | is also included in your configuration, two other mailers |
| 283 | ("uucp-dom" and "uucp-uudom") are also defined. When you |
| 284 | include the uucp mailer, sendmail looks for all names in |
| 285 | the $=U class and sends them to the uucp-old mailer; all |
| 286 | names in the $=Y class are sent to uucp-new; and all |
| 287 | names in the $=Z class are sent to uucp-uudom. Note that |
| 288 | this is a function of what version of rmail runs on |
| 289 | the receiving end, and hence may be out of your control. |
| 290 | See the section below describing UUCP mailers in more |
| 291 | detail. |
| 292 | |
| 293 | usenet Usenet (network news) delivery. If this is specified, |
| 294 | an extra rule is added to ruleset 0 that forwards all |
| 295 | local email for users named ``group.usenet'' to the |
| 296 | ``inews'' program. Note that this works for all groups, |
| 297 | and may be considered a security problem. |
| 298 | |
| 299 | fax Facsimile transmission. This is experimental and based |
| 300 | on Sam Leffler's FlexFAX software. For more information, |
| 301 | see below. |
| 302 | |
| 303 | pop Post Office Protocol. |
| 304 | |
| 305 | procmail An interface to procmail (does not come with sendmail). |
| 306 | This is designed to be used in mailertables. For example, |
| 307 | a common question is "how do I forward all mail for a given |
| 308 | domain to a single person?". If you have this mailer |
| 309 | defined, you could set up a mailertable reading: |
| 310 | |
| 311 | host.com procmail:/etc/procmailrcs/host.com |
| 312 | |
| 313 | with the file /etc/procmailrcs/host.com reading: |
| 314 | |
| 315 | :0 # forward mail for host.com |
| 316 | ! -oi -f $1 person@other.host |
| 317 | |
| 318 | This would arrange for (anything)@host.com to be sent |
| 319 | to person@other.host. Within the procmail script, $1 is |
| 320 | the name of the sender and $2 is the name of the recipient. |
| 321 | If you use this with FEATURE(local_procmail), the FEATURE |
| 322 | should be listed first. |
| 323 | |
| 324 | The local mailer accepts addresses of the form "user+detail", where |
| 325 | the "+detail" is not used for mailbox matching but is available |
| 326 | to certain local mail programs (in particular, see FEATURE(local_procmail)). |
| 327 | For example, "eric", "eric+sendmail", and "eric+sww" all indicate |
| 328 | the same user, but additional arguments <null>, "sendmail", and "sww" |
| 329 | may be provided for use in sorting mail. |
| 330 | |
| 331 | |
| 332 | +----------+ |
| 333 | | FEATURES | |
| 334 | +----------+ |
| 335 | |
| 336 | Special features can be requested using the "FEATURE" macro. For |
| 337 | example, the .mc line: |
| 338 | |
| 339 | FEATURE(use_cw_file) |
| 340 | |
| 341 | tells sendmail that you want to have it read an /etc/sendmail.cw |
| 342 | file to get values for class $=w. The FEATURE may contain a single |
| 343 | optional parameter -- for example: |
| 344 | |
| 345 | FEATURE(mailertable, dbm /usr/lib/mailertable) |
| 346 | |
| 347 | Available features are: |
| 348 | |
| 349 | use_cw_file Read the file /etc/sendmail.cw file to get alternate |
| 350 | names for this host. This might be used if you were |
| 351 | on a host that MXed for a dynamic set of other |
| 352 | hosts. If the set is static, just including the line |
| 353 | "Cw<name1> <name2> ..." is probably superior. |
| 354 | The actual filename can be overridden by redefining |
| 355 | confCW_FILE. |
| 356 | |
| 357 | redirect Reject all mail addressed to "address.REDIRECT" with |
| 358 | a ``551 User not local; please try <address>'' message. |
| 359 | If this is set, you can alias people who have left |
| 360 | to their new address with ".REDIRECT" appended. |
| 361 | |
| 362 | nouucp Don't do anything special with UUCP addresses at all. |
| 363 | |
| 364 | nocanonify Don't pass addresses to $[ ... $] for canonification. |
| 365 | This would generally only be used by sites that only |
| 366 | act as mail gateways or which have user agents that do |
| 367 | full canonification themselves. You may also want to |
| 368 | use "define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')" to |
| 369 | turn off the usual resolver options that do a similar |
| 370 | thing. |
| 371 | |
| 372 | stickyhost If set, email sent to "user@local.host" are marked |
| 373 | as "sticky" -- that is, the local addresses aren't |
| 374 | matched against UDB and don't go through ruleset 5. |
| 375 | This is used if you want a set up where "user" is |
| 376 | not necessarily the same as "user@local.host", e.g., |
| 377 | to make a distinct domain-wide namespace. Prior to |
| 378 | 8.7 this was the default, and notsticky was used to |
| 379 | turn this off. |
| 380 | |
| 381 | mailertable Include a "mailer table" which can be used to override |
| 382 | routing for particular domains. The argument of the |
| 383 | FEATURE may be the key definition. If none is specified, |
| 384 | the definition used is: |
| 385 | hash -o /etc/mailertable |
| 386 | Keys in this database are fully qualified domain names |
| 387 | or partial domains preceded by a dot -- for example, |
| 388 | "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". |
| 389 | Values must be of the form: |
| 390 | mailer:domain |
| 391 | where "mailer" is the internal mailer name, and "domain" |
| 392 | is where to send the message. These maps are not |
| 393 | reflected into the message header. |
| 394 | |
| 395 | domaintable Include a "domain table" which can be used to provide |
| 396 | domain name mapping. Use of this should really be |
| 397 | limited to your own domains. It may be useful if you |
| 398 | change names (e.g., your company changes names from |
| 399 | oldname.com to newname.com). The argument of the |
| 400 | FEATURE may be the key definition. If none is specified, |
| 401 | the definition used is: |
| 402 | hash -o /etc/domaintable |
| 403 | The key in this table is the domain name; the value is |
| 404 | the new (fully qualified) domain. Anything in the |
| 405 | domaintable is reflected into headers; that is, this |
| 406 | is done in ruleset 3. |
| 407 | |
| 408 | bitdomain Look up bitnet hosts in a table to try to turn them into |
| 409 | internet addresses. The table can be built using the |
| 410 | bitdomain program contributed by John Gardiner Myers. |
| 411 | The argument of the FEATURE may be the key definition; if |
| 412 | none is specified, the definition used is: |
| 413 | hash -o /etc/bitdomain.db |
| 414 | Keys are the bitnet hostname; values are the corresponding |
| 415 | internet hostname. |
| 416 | |
| 417 | uucpdomain Similar feature for UUCP hosts. The default map definition |
| 418 | is: |
| 419 | hash -o /etc/uudomain.db |
| 420 | At the moment there is no automagic tool to build this |
| 421 | database. |
| 422 | |
| 423 | always_add_domain |
| 424 | Include the local host domain even on locally delivered |
| 425 | mail. Normally it is not added unless it is already |
| 426 | present. |
| 427 | |
| 428 | allmasquerade If masquerading is enabled (using MASQUERADE_AS), this |
| 429 | feature will cause recipient addresses to also masquerade |
| 430 | as being from the masquerade host. Normally they get |
| 431 | the local hostname. Although this may be right for |
| 432 | ordinary users, it can break local aliases. For example, |
| 433 | if you send to "localalias", the originating sendmail will |
| 434 | find that alias and send to all members, but send the |
| 435 | message with "To: localalias@masqueradehost". Since that |
| 436 | alias likely does not exist, replies will fail. Use this |
| 437 | feature ONLY if you can guarantee that the ENTIRE |
| 438 | namespace on your masquerade host supersets all the |
| 439 | local entries. |
| 440 | |
| 441 | nodns We aren't running DNS at our site (for example, |
| 442 | we are UUCP-only connected). It's hard to consider |
| 443 | this a "feature", but hey, it had to go somewhere. |
| 444 | |
| 445 | nullclient This is a special case -- it creates a stripped down |
| 446 | configuration file containing nothing but support for |
| 447 | forwarding all mail to a central hub via a local |
| 448 | SMTP-based network. The argument is the name of that |
| 449 | hub. |
| 450 | |
| 451 | The only other feature that should be used in conjunction |
| 452 | with this one is "nocanonify" (this causes addresses to |
| 453 | be sent unqualified via the SMTP connection; normally |
| 454 | they are qualifed with the masquerade name, which |
| 455 | defaults to the name of the hub machine). No mailers |
| 456 | should be defined. No aliasing or forwarding is done. |
| 457 | |
| 458 | local_procmail Use procmail as the local mailer. This mailer can |
| 459 | make use of the "user+indicator@local.host" syntax; |
| 460 | normally the +indicator is just tossed, but by default |
| 461 | it is passed as the -a argument to procmail. The |
| 462 | argument to this feature is the pathname of procmail, |
| 463 | which defaults to /usr/local/bin/procmail. |
| 464 | |
| 465 | bestmx_is_local Accept mail as though locally addressed for any host that |
| 466 | lists us as the best possible MX record. This generates |
| 467 | additional DNS traffic, but should be OK for low to |
| 468 | medium traffic hosts. |
| 469 | |
| 470 | smrsh Use the SendMail Restricted SHell (smrsh) provided |
| 471 | with the distribution instead of /bin/sh for mailing |
| 472 | to programs. This improves the ability of the local |
| 473 | system administrator to control what gets run via |
| 474 | e-mail. If an argument is provided it is used as the |
| 475 | pathname to smrsh; otherwise, /usr/local/etc/smrsh is |
| 476 | assumed. |
| 477 | |
| 478 | |
| 479 | +-------+ |
| 480 | | HACKS | |
| 481 | +-------+ |
| 482 | |
| 483 | Some things just can't be called features. To make this clear, |
| 484 | they go in the hack subdirectory and are referenced using the HACK |
| 485 | macro. These will tend to be site-dependent. The release |
| 486 | includes the Berkeley-dependent "cssubdomain" hack (that makes |
| 487 | sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; |
| 488 | this is intended as a short-term aid while we move hosts into |
| 489 | subdomains. |
| 490 | |
| 491 | |
| 492 | +--------------------+ |
| 493 | | SITE CONFIGURATION | |
| 494 | +--------------------+ |
| 495 | |
| 496 | ***************************************************** |
| 497 | * This section is really obsolete, and is preserved * |
| 498 | * only for back compatibility. You should plan on * |
| 499 | * using mailertables for new installations. In * |
| 500 | * particular, it doesn't work for the newer forms * |
| 501 | * of UUCP mailers, such as uucp-uudom. * |
| 502 | ***************************************************** |
| 503 | |
| 504 | Complex sites will need more local configuration information, such as |
| 505 | lists of UUCP hosts they speak with directly. This can get a bit more |
| 506 | tricky. For an example of a "complex" site, see cf/ucbvax.mc. |
| 507 | |
| 508 | If your host is known by several different names, you need to augment |
| 509 | the $=w class. This is a list of names by which you are known, and |
| 510 | anything sent to an address using a host name in this list will be |
| 511 | treated as local mail. You can do this in two ways: either create |
| 512 | the file /etc/sendmail.cw containing a list of your aliases (one per |
| 513 | line), and use ``FEATURE(use_cw_file)'' in the .mc file, or add the |
| 514 | line: |
| 515 | |
| 516 | Cw alias.host.name |
| 517 | |
| 518 | at the end of that file. See the ``vangogh.mc'' file for an example. |
| 519 | Be sure you use the fully-qualified name of the host, rather than a |
| 520 | short name. |
| 521 | |
| 522 | The SITECONFIG macro allows you to indirectly reference site-dependent |
| 523 | configuration information stored in the siteconfig subdirectory. For |
| 524 | example, the line |
| 525 | |
| 526 | SITECONFIG(uucp.ucbvax, ucbvax, U) |
| 527 | |
| 528 | reads the file uucp.ucbvax for local connection information. The |
| 529 | second parameter is the local name (in this case just "ucbvax" since |
| 530 | it is locally connected, and hence a UUCP hostname). The third |
| 531 | parameter is the name of both a macro to store the local name (in |
| 532 | this case, $U) and the name of the class (e.g., $=U) in which to store |
| 533 | the host information read from the file. Another SITECONFIG line reads |
| 534 | |
| 535 | SITECONFIG(uucp.ucbarpa, ucbarpa.Berkeley.EDU, W) |
| 536 | |
| 537 | This says that the file uucp.ucbarpa contains the list of UUCP sites |
| 538 | connected to ucbarpa.Berkeley.EDU. The $=W class will be used to |
| 539 | store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that |
| 540 | is, the name of the relay to which the hosts listed in uucp.ucbarpa |
| 541 | are connected. [The machine ucbarpa is gone now, but I've left |
| 542 | this out-of-date configuration file around to demonstrate how you |
| 543 | might do this.] |
| 544 | |
| 545 | Note that the case of SITECONFIG with a third parameter of ``U'' is |
| 546 | special; the second parameter is assumed to be the UUCP name of the |
| 547 | local site, rather than the name of a remote site, and the UUCP name |
| 548 | is entered into $=w (the list of local hostnames) as $U.UUCP. |
| 549 | |
| 550 | The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing |
| 551 | more than a sequence of SITE macros describing connectivity. For |
| 552 | example: |
| 553 | |
| 554 | SITE(cnmat) |
| 555 | SITE(sgi olympus) |
| 556 | |
| 557 | The second example demonstrates that you can use two names on the |
| 558 | same line; these are usually aliases for the same host (or are at |
| 559 | least in the same company). |
| 560 | |
| 561 | |
| 562 | +--------------------+ |
| 563 | | USING UUCP MAILERS | |
| 564 | +--------------------+ |
| 565 | |
| 566 | It's hard to get UUCP mailers right because of the extremely ad hoc |
| 567 | nature of UUCP addressing. These config files are really designed |
| 568 | for domain-based addressing, even for UUCP sites. |
| 569 | |
| 570 | There are four UUCP mailers available. The choice of which one to |
| 571 | use is partly a matter of local preferences and what is running at |
| 572 | the other end of your UUCP connection. Unlike good protocols that |
| 573 | define what will go over the wire, UUCP uses the policy that you |
| 574 | should do what is right for the other end; if they change, you have |
| 575 | to change. This makes it hard to do the right thing, and discourages |
| 576 | people from updating their software. In general, if you can avoid |
| 577 | UUCP, please do. |
| 578 | |
| 579 | The major choice is whether to go for a domainized scheme or a |
| 580 | non-domainized scheme. This depends entirely on what the other |
| 581 | end will recognize. If at all possible, you should encourage the |
| 582 | other end to go to a domain-based system -- non-domainized addresses |
| 583 | don't work entirely properly. |
| 584 | |
| 585 | The four mailers are: |
| 586 | |
| 587 | uucp-old (obsolete name: "uucp") |
| 588 | This is the oldest, the worst (but the closest to UUCP) way of |
| 589 | sending messages accros UUCP connections. It does bangify |
| 590 | everything and prepends $U (your UUCP name) to the sender's |
| 591 | address (which can already be a bang path itself). It can |
| 592 | only send to one address at a time, so it spends a lot of |
| 593 | time copying duplicates of messages. Avoid this if at all |
| 594 | possible. |
| 595 | |
| 596 | uucp-new (obsolete name: "suucp") |
| 597 | The same as above, except that it assumes that in one rmail |
| 598 | command you can specify several recipients. It still has a |
| 599 | lot of other problems. |
| 600 | |
| 601 | uucp-dom |
| 602 | This UUCP mailer keeps everything as domain addresses. |
| 603 | Basically, it uses the SMTP mailer rewriting rules. This mailer |
| 604 | is only included if MAILER(smtp) is also specified. |
| 605 | |
| 606 | Unfortunately, a lot of UUCP mailer transport agents require |
| 607 | bangified addresses in the envelope, although you can use |
| 608 | domain-based addresses in the message header. (The envelope |
| 609 | shows up as the From_ line on UNIX mail.) So.... |
| 610 | |
| 611 | uucp-uudom |
| 612 | This is a cross between uucp-new (for the envelope addresses) |
| 613 | and uucp-dom (for the header addresses). It bangifies the |
| 614 | envelope sender (From_ line in messages) without adding the |
| 615 | local hostname, unless there is no host name on the address |
| 616 | at all (e.g., "wolf") or the host component is a UUCP host name |
| 617 | instead of a domain name ("somehost!wolf" instead of |
| 618 | "some.dom.ain!wolf"). This is also included only if MAILER(smtp) |
| 619 | is also specified. |
| 620 | |
| 621 | Examples: |
| 622 | |
| 623 | We are on host grasp.insa-lyon.fr (UUCP host name "grasp"). The |
| 624 | following summarizes the sender rewriting for various mailers. |
| 625 | |
| 626 | Mailer sender rewriting in the envelope |
| 627 | ------ ------ ------------------------- |
| 628 | uucp-{old,new} wolf grasp!wolf |
| 629 | uucp-dom wolf wolf@grasp.insa-lyon.fr |
| 630 | uucp-uudom wolf grasp.insa-lyon.fr!wolf |
| 631 | |
| 632 | uucp-{old,new} wolf@fr.net grasp!fr.net!wolf |
| 633 | uucp-dom wolf@fr.net wolf@fr.net |
| 634 | uucp-uudom wolf@fr.net fr.net!wolf |
| 635 | |
| 636 | uucp-{old,new} somehost!wolf grasp!somehost!wolf |
| 637 | uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr |
| 638 | uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf |
| 639 | |
| 640 | If you are using one of the domainized UUCP mailers, you really want |
| 641 | to convert all UUCP addresses to domain format -- otherwise, it will |
| 642 | do it for you (and probably not the way you expected). For example, |
| 643 | if you have the address foo!bar!baz (and you are not sending to foo), |
| 644 | the heuristics will add the @uucp.relay.name or @local.host.name to |
| 645 | this address. However, if you map foo to foo.host.name first, it |
| 646 | will not add the local hostname. You can do this using the uucpdomain |
| 647 | feature. |
| 648 | |
| 649 | |
| 650 | +-------------------+ |
| 651 | | TWEAKING RULESETS | |
| 652 | +-------------------+ |
| 653 | |
| 654 | For more complex configurations, you can define special rules. |
| 655 | The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing |
| 656 | the names. Any modifications made here are reflected in the header. |
| 657 | |
| 658 | A common use is to convert old UUCP addreses to SMTP addresses using |
| 659 | the UUCPSMTP macro. For example: |
| 660 | |
| 661 | LOCAL_RULE_3 |
| 662 | UUCPSMTP(decvax, decvax.dec.com) |
| 663 | UUCPSMTP(research, research.att.com) |
| 664 | |
| 665 | will cause addresses of the form "decvax!user" and "research!user" |
| 666 | to be converted to "user@decvax.dec.com" and "user@research.att.com" |
| 667 | respectively. |
| 668 | |
| 669 | This could also be used to look up hosts in a database map: |
| 670 | |
| 671 | LOCAL_RULE_3 |
| 672 | R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 |
| 673 | |
| 674 | This map would be defined in the LOCAL_CONFIG portion, as shown below. |
| 675 | |
| 676 | Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. |
| 677 | For example, new rules are needed to parse hostnames that you accept |
| 678 | via MX records. For example, you might have: |
| 679 | |
| 680 | LOCAL_RULE_0 |
| 681 | R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> |
| 682 | |
| 683 | You would use this if you had installed an MX record for cnmat.Berkeley.EDU |
| 684 | pointing at this host; this rule catches the message and forwards it on |
| 685 | using UUCP. |
| 686 | |
| 687 | You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. |
| 688 | These rulesets are normally empty. |
| 689 | |
| 690 | A similar macro is LOCAL_CONFIG. This introduces lines added after the |
| 691 | boilerplate option setting but before rulesets, and can be used to |
| 692 | declare local database maps or whatever. For example: |
| 693 | |
| 694 | LOCAL_CONFIG |
| 695 | Khostmap hash /etc/hostmap.db |
| 696 | Kyplocal nis -m hosts.byname |
| 697 | |
| 698 | |
| 699 | +---------------------------+ |
| 700 | | MASQUERADING AND RELAYING | |
| 701 | +---------------------------+ |
| 702 | |
| 703 | You can have your host masquerade as another using |
| 704 | |
| 705 | MASQUERADE_AS(host.domain) |
| 706 | |
| 707 | This causes outgoing SMTP mail to be labeled as coming from the |
| 708 | indicated domain, rather than $j. One normally masquerades as one |
| 709 | of one's own subdomains (for example, it's unlikely that I would |
| 710 | choose to masquerade as an MIT site). |
| 711 | |
| 712 | The masquerade name is not normally canonified, so it is important |
| 713 | that it be your One True Name, that is, fully qualified and not a |
| 714 | CNAME. |
| 715 | |
| 716 | there are always users that need to be "exposed" -- that is, their |
| 717 | internal site name should be displayed instead of the masquerade name. |
| 718 | Root is an example. You can add users to this list using |
| 719 | |
| 720 | EXPOSED_USER(usernames) |
| 721 | |
| 722 | This adds users to class E; you could also use something like |
| 723 | |
| 724 | FE/etc/sendmail.cE |
| 725 | |
| 726 | You can also arrange to relay all unqualified names (that is, names |
| 727 | without @host) to a relay host. For example, if you have a central |
| 728 | email server, you might relay to that host so that users don't have |
| 729 | to have .forward files or aliases. You can do this using |
| 730 | |
| 731 | define(`LOCAL_RELAY', mailer:hostname) |
| 732 | |
| 733 | The ``mailer:'' can be omitted, in which case the mailer defaults to |
| 734 | "smtp". There are some user names that you don't want relayed, perhaps |
| 735 | because of local aliases. A common example is root, which may be |
| 736 | locally aliased. You can add entries to this list using |
| 737 | |
| 738 | LOCAL_USER(usernames) |
| 739 | |
| 740 | This adds users to class L; you could also use something like |
| 741 | |
| 742 | FL/etc/sendmail.cL |
| 743 | |
| 744 | If you want all incoming mail sent to a centralized hub, as for a |
| 745 | shared /var/spool/mail scheme, use |
| 746 | |
| 747 | define(`MAIL_HUB', mailer:hostname) |
| 748 | |
| 749 | Again, ``mailer:'' defaults to "smtp". If you define both LOCAL_RELAY |
| 750 | and MAIL_HUB, unqualified names will be sent to the LOCAL_RELAY and |
| 751 | other local names will be sent to MAIL_HUB. Names in $=L will be |
| 752 | delivered locally, so you MUST have aliases or .forward files for them. |
| 753 | |
| 754 | For example, if are on machine mastodon.CS.Berkeley.EDU, the following |
| 755 | combinations of settings will have the indicated effects: |
| 756 | |
| 757 | email sent to.... eric eric@mastodon.CS.Berkeley.EDU |
| 758 | |
| 759 | LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) |
| 760 | mail.CS.Berkeley.EDU |
| 761 | |
| 762 | MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU |
| 763 | mammoth.CS.Berkeley.EDU |
| 764 | |
| 765 | Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU |
| 766 | MAIL_HUB set as above |
| 767 | |
| 768 | If you want all outgoing mail to go to a central relay site, define |
| 769 | SMART_HOST as well. Briefly: |
| 770 | |
| 771 | LOCAL_RELAY applies to unqualifed names (e.g., "eric"). |
| 772 | MAIL_HUB applies to names qualified with the name of the |
| 773 | local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). |
| 774 | SMART_HOST applies to names qualified with other hosts. |
| 775 | |
| 776 | However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, and |
| 777 | FAX_RELAY) take precedence over SMART_HOST, so if you really want |
| 778 | absolutely everything to go to a single central site you will need to |
| 779 | unset all the other relays -- or better yet, find or build a minimal |
| 780 | config file that does this. |
| 781 | |
| 782 | |
| 783 | +-------------------------------+ |
| 784 | | NON-SMTP BASED CONFIGURATIONS | |
| 785 | +-------------------------------+ |
| 786 | |
| 787 | These configuration files are designed primarily for use by SMTP-based |
| 788 | sites. I don't pretend that they are well tuned for UUCP-only or |
| 789 | UUCP-primarily nodes (the latter is defined as a small local net |
| 790 | connected to the rest of the world via UUCP). However, there is one |
| 791 | hook to handle some special cases. |
| 792 | |
| 793 | You can define a ``smart host'' that understands a richer address syntax |
| 794 | using: |
| 795 | |
| 796 | define(`SMART_HOST', mailer:hostname) |
| 797 | |
| 798 | In this case, the ``mailer:'' defaults to "relay". Any messages that |
| 799 | can't be handled using the usual UUCP rules are passed to this host. |
| 800 | |
| 801 | If you are on a local SMTP-based net that connects to the outside |
| 802 | world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. |
| 803 | For example: |
| 804 | |
| 805 | define(`SMART_HOST', suucp:uunet) |
| 806 | LOCAL_NET_CONFIG |
| 807 | R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 |
| 808 | |
| 809 | This will cause all names that end in your domain name ($m) via |
| 810 | SMTP; anything else will be sent via suucp (smart UUCP) to uunet. |
| 811 | If you have FEATURE(nocanonify), you may need to omit the dots after |
| 812 | the $m. If you are running a local DNS inside your domain which is |
| 813 | not otherwise connected to the outside world, you probably want to |
| 814 | use: |
| 815 | |
| 816 | define(`SMART_HOST', smtp:fire.wall.com) |
| 817 | LOCAL_NET_CONFIG |
| 818 | R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 |
| 819 | |
| 820 | That is, send directly only to things you found in your DNS lookup; |
| 821 | anything else goes through SMART_HOST. |
| 822 | |
| 823 | If you are not running DNS at all, it is important to use |
| 824 | FEATURE(nodns) to avoid having sendmail queue everything waiting |
| 825 | for the name server to come up. |
| 826 | |
| 827 | |
| 828 | +-----------+ |
| 829 | | WHO AM I? | |
| 830 | +-----------+ |
| 831 | |
| 832 | Normally, the $j macro is automatically defined to be your fully |
| 833 | qualified domain name (FQDN). Sendmail does this by getting your |
| 834 | host name using gethostname and then calling gethostbyname on the |
| 835 | result. For example, in some environments gethostname returns |
| 836 | only the root of the host name (such as "foo"); gethostbyname is |
| 837 | supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) |
| 838 | cases, gethostbyname may fail to return the FQDN. In this case |
| 839 | you MUST define confDOMAIN_NAME to be your fully qualified domain |
| 840 | name. This is usually done using: |
| 841 | |
| 842 | Dmbar.com |
| 843 | define(`confDOMAIN_NAME', `$w.$m')dnl |
| 844 | |
| 845 | |
| 846 | +--------------------+ |
| 847 | | USING MAILERTABLES | |
| 848 | +--------------------+ |
| 849 | |
| 850 | To use FEATURE(mailertable), you will have to create an external |
| 851 | database containing the routing information for various domains. |
| 852 | For example, a mailertable file in text format might be: |
| 853 | |
| 854 | .my.domain xnet:%1.my.domain |
| 855 | uuhost1.my.domain suucp:uuhost1 |
| 856 | .bitnet smtp:relay.bit.net |
| 857 | |
| 858 | This should normally be stored in /etc/mailertable. The actual |
| 859 | database version of the mailertable is built using: |
| 860 | |
| 861 | makemap hash /etc/mailertable.db < /etc/mailertable |
| 862 | |
| 863 | The semantics are simple. Any LHS entry that does not begin with |
| 864 | a dot matches the full host name indicated. LHS entries beginning |
| 865 | with a dot match anything ending with that domain name -- that is, |
| 866 | they can be thought of as having a leading "*" wildcard. Matching |
| 867 | is done in order of most-to-least qualified -- for example, even |
| 868 | though ".my.domain" is listed first in the above example, an entry |
| 869 | of "uuhost1.my.domain" will match the second entry since it is |
| 870 | more explicit. |
| 871 | |
| 872 | The RHS should always be a "mailer:host" pair. The mailer is the |
| 873 | configuration name of a mailer (that is, an `M' line in the |
| 874 | sendmail.cf file). The "host" will be the hostname passed to |
| 875 | that mailer. In domain-based matches (that is, those with leading |
| 876 | dots) the "%1" may be used to interpolate the wildcarded part of |
| 877 | the host name. For example, the first line above sends everything |
| 878 | addressed to "anything.my.domain" to that same host name, but using |
| 879 | the (presumably experimental) xnet mailer. |
| 880 | |
| 881 | In some cases you may want to temporarily turn off MX records, |
| 882 | particularly on gateways. For example, you may want to MX |
| 883 | everything in a domain to one machine that then forwards it |
| 884 | directly. To do this, you might use the DNS configuration: |
| 885 | |
| 886 | *.domain. IN MX 0 relay.machine |
| 887 | |
| 888 | and on relay.machine use the mailertable: |
| 889 | |
| 890 | .domain smtp:[gateway.domain] |
| 891 | |
| 892 | The [square brackets] turn off MX records for this host only. |
| 893 | If you didn't do this, the mailertable would use the MX record |
| 894 | again, which would give you an MX loop. |
| 895 | |
| 896 | |
| 897 | +--------------------------------+ |
| 898 | | USING USERDB TO MAP FULL NAMES | |
| 899 | +--------------------------------+ |
| 900 | |
| 901 | The user database was not originally intended for mapping full names |
| 902 | to login names (e.g., Eric.Allman => eric), but some people are using |
| 903 | it that way. (I would recommend that you set up aliases for this |
| 904 | purpose instead -- since you can specify multiple alias files, this |
| 905 | is fairly easy.) The intent was to locate the default maildrop at |
| 906 | a site, but allow you to override this by sending to a specific host. |
| 907 | |
| 908 | If you decide to set up the user database in this fashion, it is |
| 909 | imperative that you not use FEATURE(stickyhost) -- otherwise, |
| 910 | e-mail sent to Full.Name@local.host.name will be rejected. |
| 911 | |
| 912 | To build the internal form of the user database, use: |
| 913 | |
| 914 | makemap btree /usr/data/base.db < /usr/data/base.txt |
| 915 | |
| 916 | |
| 917 | +--------------------------------+ |
| 918 | | MISCELLANEOUS SPECIAL FEATURES | |
| 919 | +--------------------------------+ |
| 920 | |
| 921 | DOTTED_USER(name) |
| 922 | Sometimes it is convenient to merge configuration on a |
| 923 | centralized mail machine, for example, to forward all |
| 924 | root mail to a mail server. In this case it might be |
| 925 | useful to be able to treat the root addresses as a class |
| 926 | of addresses with subtle differences. You can do this |
| 927 | using dotted users. For example, a client might include |
| 928 | the alias: |
| 929 | |
| 930 | root: root.client1@server |
| 931 | |
| 932 | On the server, the mail configuration would include: |
| 933 | |
| 934 | DOTTED_USER(root) |
| 935 | |
| 936 | Aliases on the server that would match this address would |
| 937 | be "root.client", "root.*", and "root", tried in that |
| 938 | order. You can specify multiple addresses either by |
| 939 | joining them in one DOTTTED_USER macro or by having |
| 940 | multiple macros: |
| 941 | |
| 942 | DOTTED_USER(root) |
| 943 | DOTTED_USER(postmaster mailer-daemon) |
| 944 | |
| 945 | defines three dotted users. |
| 946 | |
| 947 | |
| 948 | +----------------+ |
| 949 | | SECURITY NOTES | |
| 950 | +----------------+ |
| 951 | |
| 952 | A lot of sendmail security comes down to you. Sendmail 8 is much |
| 953 | more careful about checking for security problems than previous |
| 954 | versions, but there are some things that you still need to watch |
| 955 | for. In particular: |
| 956 | |
| 957 | * Make sure the aliases file isn't writable except by trusted |
| 958 | system personnel. This includes both the text and database |
| 959 | version. |
| 960 | |
| 961 | * Make sure that other files that sendmail reads, such as the |
| 962 | mailertable, is only writable by trusted system personnel. |
| 963 | |
| 964 | * The queue directory should not be world writable PARTICULARLY |
| 965 | if your system allows "file giveaways" (that is, if a non-root |
| 966 | user can chown any file they own to any other user). |
| 967 | |
| 968 | * If your system allows file giveaways, DO NOT create a publically |
| 969 | writable directory for forward files. This will allow anyone |
| 970 | to steal anyone else's e-mail. Instead, create a script that |
| 971 | copies the .forward file from users' home directories once a |
| 972 | night (if you want the non-NFS-mounted forward directory). |
| 973 | |
| 974 | * If your system allows file giveaways, you'll find that |
| 975 | sendmail is much less trusting of :include: files -- in |
| 976 | particular, you'll have to have /SENDMAIL/ANY/SHELL/ in |
| 977 | /etc/shells before they will be trusted (that is, before |
| 978 | files and programs listed in them will be honored). |
| 979 | |
| 980 | In general, file giveaways are a mistake -- if you can turn them |
| 981 | off I recommend you do so. |
| 982 | |
| 983 | |
| 984 | +------------------+ |
| 985 | | FlexFAX SOFTWARE | |
| 986 | +------------------+ |
| 987 | |
| 988 | Sam Leffler's FlexFAX software is still in beta test -- but he expects a |
| 989 | public version out "later this week" [as of 3/1/93]. The following |
| 990 | blurb is direct from Sam: |
| 991 | |
| 992 | $Header: /usr/people/sam/fax/RCS/HOWTO,v 1.14 93/05/24 11:42:16 sam Exp $ |
| 993 | |
| 994 | How To Obtain This Software (in case all you get is this file) |
| 995 | -------------------------------------------------------------- |
| 996 | The source code is available for public ftp on |
| 997 | sgi.com sgi/fax/v2.1.src.tar.Z |
| 998 | (192.48.153.1) |
| 999 | |
| 1000 | You can also obtain inst'able images for Silicon Graphics machines from |
| 1001 | sgi.com sgi/fax/v2.1.inst.tar |
| 1002 | (192.48.153.1) |
| 1003 | |
| 1004 | For example, |
| 1005 | % ftp -n sgi.com |
| 1006 | .... |
| 1007 | ftp> user anonymous |
| 1008 | ... <type in password> |
| 1009 | ftp> cd sgi/fax |
| 1010 | ftp> binary |
| 1011 | ftp> get v2.1.src.tar.Z |
| 1012 | |
| 1013 | In general, the latest version of the 2.1 release of the software is |
| 1014 | always available as "v2.1.src.tar.Z" or "v2.1.inst.tar" in the ftp |
| 1015 | directory. This file is a link to the appropriate released version (so |
| 1016 | don't waste your time retrieving the linked file as well!) Any files of |
| 1017 | the form v2.1.*.patch are shell scripts that can be used to patch older |
| 1018 | versions of the source code. For example, the file v2.1.0.patch would |
| 1019 | contain patches to update v2.1.0.tar.Z. (Note to beta testers: this is |
| 1020 | different than the naming conventions used during beta testing.) Patch |
| 1021 | files only work to go between consecutive versions, so if you are |
| 1022 | multiple versions behind the latest release, you will need to apply |
| 1023 | each patch file between your current version and the latest. |
| 1024 | |
| 1025 | |
| 1026 | Obtaining the Software by Electronic Mail |
| 1027 | ----------------------------------------- |
| 1028 | Do not send me requests for the software; they will be ignored (without |
| 1029 | response). If you cannot use FTP at all, there is a service called |
| 1030 | "ftpmail" available from gatekeeper.dec.com: you can send e-mail to |
| 1031 | this machine and it will use FTP to retrieve files for you and send you |
| 1032 | the files back again via e-mail. To find out more about the ftpmail |
| 1033 | service, send a message to "ftpmail@gatekeeper.dec.com" whose body |
| 1034 | consists of the single line "help". |
| 1035 | |
| 1036 | |
| 1037 | Obtaining the Software Within Silicon Graphics |
| 1038 | ---------------------------------------------- |
| 1039 | Internal to Silicon Graphics there are inst'able images on the host |
| 1040 | flake.asd in the directory /usr/dist. Thus you can do something like: |
| 1041 | |
| 1042 | % inst -f flake.asd.sgi.com:/usr/dist/flexfax |
| 1043 | |
| 1044 | to install the latest version of the software on your machine. |
| 1045 | |
| 1046 | |
| 1047 | What to do Once You've Retrieved Stuff |
| 1048 | -------------------------------------- |
| 1049 | The external distributions come in a compressed or uncompressed tar |
| 1050 | file. To extract the source distribution: |
| 1051 | |
| 1052 | % zcat v2.1.src.tar.Z | tar xf - |
| 1053 | |
| 1054 | (uncompress and extract individual files in current directory). To |
| 1055 | unpack and install the client portion of the inst'able distribution: |
| 1056 | |
| 1057 | % mkdir dist |
| 1058 | % cd dist; tar xf ../v2.1.inst.tar; cd .. |
| 1059 | % inst -f dist/flexfax |
| 1060 | ... |
| 1061 | inst> go |
| 1062 | |
| 1063 | (Note, the dist subdirectory is because some versions of inst fail if |
| 1064 | the files are in the current directory.) Server binaries are also |
| 1065 | included in the inst'able images as flexfax.server.*. They are not |
| 1066 | installed by default, so to get them also you need to do: |
| 1067 | |
| 1068 | % inst -f flexfax |
| 1069 | ... |
| 1070 | inst> install flexfax.server.* |
| 1071 | inst> go |
| 1072 | |
| 1073 | The SGI binaries were built for Version 4.0.5H of the IRIX operating |
| 1074 | system. They should work w/o problem on earlier versions of the |
| 1075 | system, but I have not fully tested this. Also, note that to install a |
| 1076 | server on an SGI machine, you need to have installed the Display |
| 1077 | PostScript execution environment product (dps_eoe). Otherwise, the fax |
| 1078 | server will not be able to convert PostScript to facsimile for |
| 1079 | transmission. |
| 1080 | |
| 1081 | If you are working from the source distribution, look at the file |
| 1082 | README in the top of the source tree. If you are working from the inst |
| 1083 | images, the subsystem flexfax.man.readme contains the README file and |
| 1084 | other useful pieces of information--the installed files are placed in |
| 1085 | the directory /usr/local/doc/flexfax). Basically you will need to run |
| 1086 | the faxaddmodem script to setup and configure your fax modem. Consult |
| 1087 | the README file and the manual page for faxaddmodem for information. |
| 1088 | |
| 1089 | |
| 1090 | FlexFAX Mail List |
| 1091 | ----------------- |
| 1092 | A mailing list for users of this software is located on sgi.com. |
| 1093 | If you want to join this mailing list or have a list-related request |
| 1094 | such as getting your name removed from it, send a request to |
| 1095 | |
| 1096 | majordomo@whizzer.wpd.sgi.com |
| 1097 | |
| 1098 | For example, to subscribe, send the line "subscribe flexfax" in |
| 1099 | the body of your message. The line "help" will return a list of |
| 1100 | the commands understood by the mailing list management software. |
| 1101 | |
| 1102 | Submissions (including bug reports) should be directed to: |
| 1103 | |
| 1104 | flexfax@sgi.com |
| 1105 | |
| 1106 | When corresponding about this software please always specify what |
| 1107 | version you have, what system you're running on, and, if the problem is |
| 1108 | specific to your modem, identify the modem and firmware revision. |
| 1109 | |
| 1110 | |
| 1111 | +--------------------------------+ |
| 1112 | | TWEAKING CONFIGURATION OPTIONS | |
| 1113 | +--------------------------------+ |
| 1114 | |
| 1115 | There are a large number of configuration options that don't normally |
| 1116 | need to be changed. However, if you feel you need to tweak them, you |
| 1117 | can define the following M4 variables. This list is shown in four |
| 1118 | columns: the name you define, the default value for that definition, |
| 1119 | the option or macro that is affected (either Ox for an option or Dx |
| 1120 | for a macro), and a brief description. Greater detail of the semantics |
| 1121 | can be found in the Installation and Operations Guide. |
| 1122 | |
| 1123 | Some options are likely to be deprecated in future versions -- that is, |
| 1124 | the option is only included to provide back-compatibility. These are |
| 1125 | marked with "*". |
| 1126 | |
| 1127 | Remember that these options are M4 variables, and hence may need to |
| 1128 | be quoted. In particular, arguments with commas will usually have to |
| 1129 | be ``double quoted, like this phrase'' to avoid having the comma |
| 1130 | confuse things. This is common for alias file definitions and for |
| 1131 | the read timeout. |
| 1132 | |
| 1133 | M4 Variable Name Default Mac/Opt Description |
| 1134 | ================ ======= ======= =========== |
| 1135 | confMAILER_NAME MAILER-DAEMON Dn The sender name used for |
| 1136 | internally generated |
| 1137 | outgoing messages. |
| 1138 | confFROM_LINE From $g $d Dl The From_ line used when |
| 1139 | sending to files or programs. |
| 1140 | confFROM_HEADER $?x$x <$g>$|$g$. The format of an internally |
| 1141 | Dq generated From: address. |
| 1142 | confOPERATORS .:%@!^/[]+ Do Address operator characters. |
| 1143 | confSMTP_LOGIN_MSG $j Sendmail $v/$Z ready at $b |
| 1144 | De The initial (spontaneous) |
| 1145 | SMTP greeting message. |
| 1146 | confRECEIVED_HEADER $?sfrom $s $.$?_($?s$|from $.$_) $.by $j ($v/$Z)$?r with $r$. id $i$?u for $u$.; $b |
| 1147 | HReceived |
| 1148 | The format of the Received: |
| 1149 | header in messages passed |
| 1150 | through this host. It is |
| 1151 | unwise to try to change this. |
| 1152 | confSEVEN_BIT_INPUT False O7 Force input to seven bits? |
| 1153 | confEIGHT_BIT_HANDLING pass8 O8 8-bit data handling |
| 1154 | confALIAS_WAIT 10 Oa Wait (in minutes) for alias |
| 1155 | file rebuild. |
| 1156 | confMIN_FREE_BLOCKS 4 Ob Minimum number of free blocks |
| 1157 | on queue filesystem to accept |
| 1158 | SMTP mail. |
| 1159 | confBLANK_SUB . OB Blank (space) substitution |
| 1160 | character. |
| 1161 | confCON_EXPENSIVE False Oc Avoid connecting immediately |
| 1162 | to mailers marked expensive? |
| 1163 | confCHECKPOINT_INTERVAL 10 OC Checkpoint queue files |
| 1164 | every N recipients. |
| 1165 | confDELIVERY_MODE background Od Default delivery mode. |
| 1166 | confAUTO_REBUILD False OD Automatically rebuild |
| 1167 | alias file if needed. |
| 1168 | confERROR_MODE (undefined) Oe Error message mode. |
| 1169 | confERROR_MESSAGE (undefined) OE Error message header/file. |
| 1170 | confSAVE_FROM_LINES False Of Save extra leading |
| 1171 | From_ lines. |
| 1172 | confTEMP_FILE_MODE 0600 OF Temporary file mode. |
| 1173 | confDEF_GROUP_ID 1 Og Default group id. |
| 1174 | confMATCH_GECOS False OG Match GECOS field. |
| 1175 | confMAX_HOP 17 Oh Maximum hop count. |
| 1176 | confIGNORE_DOTS False Oi * Ignore dot as terminator |
| 1177 | for incoming messages? |
| 1178 | confBIND_OPTS (empty) OI Default options for BIND. |
| 1179 | confMIME_FORMAT_ERRORS True Oj * Send error messages as MIME- |
| 1180 | encapsulated messages per |
| 1181 | RFC 1344. |
| 1182 | confFORWARD_PATH (undefined) OJ The colon-separated list of |
| 1183 | places to search for .forward |
| 1184 | files. N.B.: see the Security |
| 1185 | Notes section. |
| 1186 | confMCI_CACHE_SIZE 2 Ok Size of open connection cache. |
| 1187 | confMCI_CACHE_TIMEOUT 5m OK Open connection cache timeout. |
| 1188 | confUSE_ERRORS_TO False Ol * Use the Errors-To: header to |
| 1189 | deliver error messages. This |
| 1190 | should not be necessary because |
| 1191 | of general acceptance of the |
| 1192 | envelope/header distinction. |
| 1193 | confLOG_LEVEL 9 OL Log level. |
| 1194 | confME_TOO False Om Include sender in group |
| 1195 | expansions. |
| 1196 | confCHECK_ALIASES True On Check RHS of aliases when |
| 1197 | running newaliases. |
| 1198 | confOLD_STYLE_HEADERS True Oo * Assume that headers without |
| 1199 | special chars are old style. |
| 1200 | confDAEMON_OPTIONS (undefined) OO SMTP daemon options. |
| 1201 | confPRIVACY_FLAGS authwarnings Op Privacy flags. |
| 1202 | confCOPY_ERRORS_TO (undefined) OP Address for additional copies |
| 1203 | of all error messages. |
| 1204 | confQUEUE_FACTOR (undefined) Oq Slope of queue-only function |
| 1205 | confREAD_TIMEOUT (undefined) Or SMTP read timeouts. |
| 1206 | confDONT_PRUNE_ROUTES False OR Don't prune down route-addr |
| 1207 | syntax addresses to the |
| 1208 | minimum possible. |
| 1209 | confSAFE_QUEUE True Os * Commit all messages to disk |
| 1210 | before forking. |
| 1211 | confMESSAGE_TIMEOUT 5d/4h OT Timeout for messages before |
| 1212 | sending error/warning message. |
| 1213 | confTIME_ZONE USE_SYSTEM Ot Time zone info -- can be |
| 1214 | USE_SYSTEM to use the system's |
| 1215 | idea, USE_TZ to use the user's |
| 1216 | TZ envariable, or something |
| 1217 | else to force that value. |
| 1218 | confDEF_USER_ID 1 Ou Default user id. |
| 1219 | confUSERDB_SPEC (undefined) OU User database specification. |
| 1220 | confFALLBACK_MX (undefined) OV Fallback MX host. |
| 1221 | confTRY_NULL_MX_LIST False Ow If we are the best MX for a |
| 1222 | host and haven't made other |
| 1223 | arrangements, try connecting |
| 1224 | to the host directly; normally |
| 1225 | this would be a config error. |
| 1226 | confQUEUE_LA 8 Ox Load average at which queue-only |
| 1227 | function kicks in. |
| 1228 | confREFUSE_LA 12 OX Load average at which incoming |
| 1229 | SMTP connections are refused. |
| 1230 | confWORK_RECIPIENT_FACTOR |
| 1231 | (undefined) Oy Cost of each recipient. |
| 1232 | confSEPARATE_PROC False OY Run all deliveries in a |
| 1233 | separate process. |
| 1234 | confWORK_CLASS_FACTOR (undefined) Oz Priority multiplier for class. |
| 1235 | confWORK_TIME_FACTOR (undefined) OZ Cost of each delivery attempt. |
| 1236 | confQUEUE_SORT_ORDER Priority O QueueSortOrder |
| 1237 | Queue sort algorithm: |
| 1238 | Priority or Host. |
| 1239 | confCW_FILE /etc/sendmail.cw Name of file used to get the |
| 1240 | Fw local additions to the $=w |
| 1241 | class. |
| 1242 | confSMTP_MAILER smtp - The mailer name used when |
| 1243 | SMTP connectivity is required. |
| 1244 | One of "smtp", "smtp8", or |
| 1245 | "esmtp". |
| 1246 | confLOCAL_MAILER local - The mailer name used when |
| 1247 | local connectivity is required. |
| 1248 | Almost always "local". |
| 1249 | confRELAY_MAILER relay - The default mailer name used |
| 1250 | for relaying any mail (e.g., |
| 1251 | to a BITNET_RELAY, a |
| 1252 | SMART_HOST, or whatever). |
| 1253 | This can reasonably be "suucp" |
| 1254 | if you are on a UUCP-connected |
| 1255 | site. |
| 1256 | confDOMAIN_NAME (undefined) Dj If defined, sets $j. |
| 1257 | |
| 1258 | |
| 1259 | +-----------+ |
| 1260 | | HIERARCHY | |
| 1261 | +-----------+ |
| 1262 | |
| 1263 | Within this directory are several subdirectories, to wit: |
| 1264 | |
| 1265 | m4 General support routines. These are typically |
| 1266 | very important and should not be changed without |
| 1267 | very careful consideration. |
| 1268 | |
| 1269 | cf The configuration files themselves. They have |
| 1270 | ".mc" suffixes, and must be run through m4 to |
| 1271 | become complete. The resulting output should |
| 1272 | have a ".cf" suffix. |
| 1273 | |
| 1274 | ostype Definitions describing a particular operating |
| 1275 | system type. These should always be referenced |
| 1276 | using the OSTYPE macro in the .mc file. Examples |
| 1277 | include "bsd4.3", "bsd4.4", "sunos3.5", and |
| 1278 | "sunos4.1". |
| 1279 | |
| 1280 | domain Definitions describing a particular domain, referenced |
| 1281 | using the DOMAIN macro in the .mc file. These are |
| 1282 | site dependent; for example, we contribute "cs.exposed.m4" |
| 1283 | and "cs.hidden.m4" which both describe hosts in the |
| 1284 | CS.Berkeley.EDU subdomain; the former displays the local |
| 1285 | hostname (e.g., mammoth.CS.Berkeley.EDU), whereas the |
| 1286 | latter does its best to hide the identity of the local |
| 1287 | workstation inside the CS subdomain. |
| 1288 | |
| 1289 | mailer Descriptions of mailers. These are referenced using |
| 1290 | the MAILER macro in the .mc file. |
| 1291 | |
| 1292 | sh Shell files used when building the .cf file from the |
| 1293 | .mc file in the cf subdirectory. |
| 1294 | |
| 1295 | feature These hold special orthogonal features that you might |
| 1296 | want to include. They should be referenced using |
| 1297 | the FEATURE macro. |
| 1298 | |
| 1299 | hack Local hacks. These can be referenced using the HACK |
| 1300 | macro. They shouldn't be of more than voyeuristic |
| 1301 | interest outside the .Berkeley.EDU domain, but who knows? |
| 1302 | We've all got our own peccadillos. |
| 1303 | |
| 1304 | siteconfig Site configuration -- e.g., tables of locally connected |
| 1305 | UUCP sites. |
| 1306 | |
| 1307 | |
| 1308 | +------------------------+ |
| 1309 | | ADMINISTRATIVE DETAILS | |
| 1310 | +------------------------+ |
| 1311 | |
| 1312 | The following sections detail usage of certain internal parts of the |
| 1313 | sendmail.cf file. Read them carefully if you are trying to modify |
| 1314 | the current model. If you find the above descriptions adequate, these |
| 1315 | should be {boring, confusing, tedious, ridiculous} (pick one or more). |
| 1316 | |
| 1317 | RULESETS (* means built in to sendmail) |
| 1318 | |
| 1319 | 0 * Parsing |
| 1320 | 1 * Sender rewriting |
| 1321 | 2 * Recipient rewriting |
| 1322 | 3 * Canonicalization |
| 1323 | 4 * Post cleanup |
| 1324 | 5 * Local address rewrite (after aliasing) |
| 1325 | 1x mailer rules (sender qualification) |
| 1326 | 2x mailer rules (recipient qualification) |
| 1327 | 3x mailer rules (sender header qualification) |
| 1328 | 4x mailer rules (recipient header qualification) |
| 1329 | 5x mailer subroutines (general) |
| 1330 | 6x mailer subroutines (general) |
| 1331 | 7x mailer subroutines (general) |
| 1332 | 8x reserved |
| 1333 | 90 Mailertable host stripping |
| 1334 | 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) |
| 1335 | 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) |
| 1336 | 98 Local part of ruleset 0 (ruleset 8 in old sendmail) |
| 1337 | |
| 1338 | |
| 1339 | MAILERS |
| 1340 | |
| 1341 | 0 local, prog local and program mailers |
| 1342 | 1 [e]smtp, relay SMTP channel |
| 1343 | 2 uucp-* UNIX-to-UNIX Copy Program |
| 1344 | 3 netnews Network News delivery |
| 1345 | 4 fax Sam Leffler's FlexFAX software |
| 1346 | |
| 1347 | |
| 1348 | MACROS |
| 1349 | |
| 1350 | A |
| 1351 | B Bitnet Relay |
| 1352 | C |
| 1353 | D The local domain -- usually not needed |
| 1354 | E |
| 1355 | F FAX Relay |
| 1356 | G |
| 1357 | H mail Hub (for mail clusters) |
| 1358 | I |
| 1359 | J |
| 1360 | K |
| 1361 | L Luser Relay |
| 1362 | M Masquerade (who I claim to be) |
| 1363 | N |
| 1364 | O |
| 1365 | P |
| 1366 | Q |
| 1367 | R Relay (for unqualified names) |
| 1368 | S Smart Host |
| 1369 | T |
| 1370 | U my UUCP name (if I have a UUCP connection) |
| 1371 | V UUCP Relay (class V hosts) |
| 1372 | W UUCP Relay (class W hosts) |
| 1373 | X UUCP Relay (class X hosts) |
| 1374 | Y UUCP Relay (all other hosts) |
| 1375 | Z Version number |
| 1376 | |
| 1377 | |
| 1378 | CLASSES |
| 1379 | |
| 1380 | A |
| 1381 | B |
| 1382 | C |
| 1383 | D "dotted" users |
| 1384 | E addresses that should not seem to come from $M |
| 1385 | F hosts we forward for |
| 1386 | G |
| 1387 | H |
| 1388 | I |
| 1389 | J |
| 1390 | K |
| 1391 | L addresses that should not be forwarded to $R |
| 1392 | M |
| 1393 | N |
| 1394 | O operators that indicate network operations (cannot be in local names) |
| 1395 | P top level pseudo-domains: BITNET, FAX, UUCP, etc. |
| 1396 | Q |
| 1397 | R |
| 1398 | S |
| 1399 | T |
| 1400 | U locally connected UUCP hosts |
| 1401 | V UUCP hosts connected to relay $V |
| 1402 | W UUCP hosts connected to relay $W |
| 1403 | X UUCP hosts connected to relay $X |
| 1404 | Y locally connected smart UUCP hosts |
| 1405 | Z locally connected domain-ized UUCP hosts |
| 1406 | . the class containing only a dot |
| 1407 | |
| 1408 | |
| 1409 | M4 DIVERSIONS |
| 1410 | |
| 1411 | 1 Local host detection and resolution |
| 1412 | 2 Local Ruleset 3 additions |
| 1413 | 3 Local Ruleset 0 additions |
| 1414 | 4 UUCP Ruleset 0 additions |
| 1415 | 5 locally interpreted names (overrides $R) |
| 1416 | 6 local configuration (at top of file) |
| 1417 | 7 mailer definitions |
| 1418 | 8 |
| 1419 | 9 special local rulesets (1 and 2) |