This chapter describes IRIX sendmail, a facility for routing mail across an intranet. This chapter is for system administrators who set up and maintain the mail system on a station or network. It provides the information necessary for a straightforward implementation of sendmail. The following topics are covered:
For additional reference material on IRIX sendmail, see Appendix B, “IRIX sendmail Reference”.
The mail system is a group of programs that you can use to send messages to and receive messages from other users on the network. You can send mail through either UUCP or TCP/IP. The IRIX operating system uses Netscape Mail, System V /bin/mail, 4.3BSD /usr/sbin/Mail, and the sendmail application for its mail implementation.
The process of delivering mail involves four elements:
| User Interface | The user interface creates new messages and reads, removes, and archives received messages. Netscape Mail, System V /bin/mail, and 4.3BSD /usr/sbin/Mail are the user interfaces provided with IRIX. Man pages are available to fully describe the features of these interfaces, and Netscape has an online help system. | |
| Mail Routing | A mail router examines each message and routes it through the network to the appropriate station. The sendmail program not only routes messages, but also formats them appropriately for their recipient stations. | |
| Mail Transfer | A mail transfer program transmits messages from one station to another. The sendmail application implements the Simple Mail Transfer Protocol (SMTP) over TCP/IP. For TCP/IP mail, sendmail acts as an integrated routing and transfer program. In all cases, mail transfer has a counterpart: mail reception. In most cases, a single program provides both functions. UUCP is a mail transfer program that uses its own protocols and runs over serial lines. | |
| Mail Delivery | A mail delivery program deposits mail into a data file for later perusal by a user or another program. The /bin/mail -d program delivers local mail. |
After you compose a message by using Netscape Mail, /bin/mail, or /usr/sbin/Mail, the message is sent to sendmail, which attempts to determine the destination of the message. The sendmail application either calls /usr/bin/mail.local (for mail to a user on the local station) or passes the message to the appropriate mail transfer program (for mail to a user on a remote station).
When sendmail receives a message from another station, it analyzes the recipient address; then, it either calls /usr/bin/mail.local to complete the delivery if the local station is acting as a relay, or passes the message to the mail transfer program. For TCP/IP SMTP, sendmail also performs the mail transfer.
When you send a mail message on a network that uses TCP/IP, several layers of network software are involved. Figure 9-1 shows the layers of TCP/IP mail network software.
The Transmission Control Protocol (TCP) layer supports SMTP, which sendmail uses to transfer mail to other TCP/IP stations. The sendmail application is responsible for calling local delivery programs, mail routing, and TCP/IP mail transfer; it may also call other mail transfer programs. For example, sendmail uses the UUCP transmission program to handle messages sent to UUCP stations.
The sendmail implementation features aliasing, forwarding, automatic routing to network gateways, and flexible configuration.
In a simple network, each node has an address, and resources can be identified with a host-resource pair. For example, a mail system can refer to users with a host–user-name pair. Station names and numbers must be administered by a central authority, but user names can be assigned locally to each station.
In an intranet, multiple networks with different characteristics and management must communicate. In particular, the syntax and semantics of resource identification change. You can handle certain simple cases by using improvised techniques, such as providing network names that appear local to stations on other networks. However, the general case is extremely complex. For example, some networks require point-to-point routing, which simplifies the database update problem, because only adjacent stations are entered into the system tables; others use end-to-end addressing. Some networks use a left-associative syntax; others use a right-associative syntax, causing ambiguity in mixed addresses.
Intranet standards seek to eliminate these problems. Initially, these standards proposed expanding the address pairs to address triples, consisting of network, station, resource. Network numbers must be universally agreed upon; stations can be assigned locally on each network. The user-level presentation was quickly expanded to address domains, composed of a local resource identification and a hierarchical domain specification with a common static root, as defined in RFC 1034. The domain technique separates the issue of physical versus logical addressing. For example, an address of the form jane@iris1.company.com describes only the logical organization of the address space.
The sendmail application bridges the gap between the world of totally isolated networks that know nothing of each other and the clean, tightly coupled world of unique network numbers. This application can accept old arbitrary address syntaxes, resolving ambiguities by using heuristics specified by the network administrator, as well as domain-based addressing. It helps guide the conversion of message formats between disparate networks. In short, sendmail is designed to assist a graceful transition to consistent intranet addressing schemes.
The design goals for the sendmail application included the following:
Message delivery should be reliable, guaranteeing that every message is correctly delivered or at least brought to the attention of a human for correct disposal; no message should ever be completely lost.
Existing software should be used to do actual message delivery whenever possible.
The sendmail application should be easy to expand to fairly complex environments.
Configuration should not be compiled into the code.
The sendmail application should let various groups maintain their own mailing lists, and let individuals specify their own forwarding, without modifying the station's alias file.
Each user should be able to specify the mailer to execute to process mail being delivered. This feature allows users with specialized mailers that use a different format to build their environments without changing the system, and facilitates specialized functions (such as returning an “I am on vacation” message).
To minimize network traffic, addresses should be batched to a single station where possible, without assistance from the user.
Figure 9-2 illustrates the sendmail system structure that is based on the original design goals for sendmail.
The sendmail application neither interfaces with the user nor does actual mail delivery. Rather, it collects a message generated by a user agent program such as Berkeley Mail, edits the message as required by the destination network, and calls appropriate mailers to do mail delivery or queueing for network transmission. The exception is mail sent to a file; in this case, sendmail delivers the mail directly.
This discipline allows the insertion of new mailers at minimum cost.
Because some of the senders may be network servers and some of the mailers may be network clients, sendmail can be used as an intranet mail gateway.
Understanding the sendmail programs requires understanding a variety of components. Some of these components are daemons, scripts, files, and commands. This section describes the various sendmail components :
For sendmail to process incoming mail, a daemon must be running. The sendmail daemon is the sendmail program with specific flags. (Appendix B, “IRIX sendmail Reference” describes the sendmail command-line flags in detail.) The daemon is automatically started by the /etc/init.d/mail script at station startup. The default command for the sendmail daemon is
/usr/lib/sendmail -bd -q15m |
The -bd flag causes sendmail to run in daemon mode. The -q15m flag causes sendmail to fork a subdaemon for queue processing every 15 minutes. The -bd and -q flags can be combined in one call.
Several scripts provided with your system perform common functions in sendmail. Use the following scripts whenever possible, because they have been tested and are known to perform the task correctly:
Under rare circumstances, a user may need to stop or start the sendmail daemon manually. For example, to implement changes to the configuration file, you must stop all running sendmail processes and restart the sendmail daemon before the new configuration will take effect. To simplify the task of starting and stopping sendmail, IRIX provides a shell script called /etc/init.d/mail.
This script takes a single argument, either start or stop, which starts or stops the sendmail daemon respectively. You must be superuser (root) to use this script. For example, to stop sendmail, use the following command:
/etc/init.d/mail stop |
When /etc/init.d/mail is called with the start argument, it verifies the existence and permissions of various sendmail related files and directories (see “sendmail Related Files and Directories”,). If a required component such as the /var/spool/mqueue directory is missing, the script creates it. For more complex components, such as /etc/aliases, the script exits with a message.
If the sendmail_cf “chkconfig” flag is on, a new /etc/sendmail.cf file is generated from the /etc/sendmail.mc file.
When the /etc/init.d/mail script is called with the stop argument, it kills all running sendmail processes with a SIGTERM signal.
 | Note: Station start-up includes an automatic call to the /etc/init.d/mail script with the start argument. If station start-up runs in verbose mode (that is, /etc/chkconfig verbose on), the following message displays, verifying that sendmail has been started: |
Mailer daemons: sendmail |
For more information, examine the /etc/init.d/mail script.
The /usr/etc/configmail script provides an interface between command line input and the sendmail.mc file. The configmail parameters are maintained in the sendmail.mc file. The configmail script migrates configmail parameter changes to the sendmail.mc file.
Historically, the configmail script has been used as the primary way to manage the sendmail.cf configuration file. You can use configmail to generate the /etc/sendmail.cf file from the parameters that are stored in the sendmail.mc file by using the following command:
configmail mc2cf
Because the /etc/sendmail.mc file offers more flexibility than configmail, you should modify sendmail.mc directly. Direct editing of the /etc/sendmail.cf file is not supported.
The sendmail configuration files and directories are:
The sendmail application also can be tailored with flags and options from the command line. For more information, see Appendix B, “IRIX sendmail Reference”.
At the heart of the sendmail program is the sendmail configuration file, /etc/sendmail.cf. The sendmail.cf file is an ASCII file that contains most of the configuration information and is read at run time. This file encodes options, header declarations, mailer declarations, trusted user declarations, message precedences, address-rewriting rules, macro definitions, and class definitions.
To successfully set up sendmail, the mail administrator must know which sendmail.cf macros and variables to change.
The sendmail.mc file contains a series of commands that will be used to build a sendmail.cf file. The sendmail.mc file is also used to enable various features of the sendmail.cf file. The sendmail.mc file is written for the m4 macro processor. Thus, all quoted strings use both open and close quotes (`example'). For details on configuring sendmail.mc, see “Configuring sendmail”.
To generate a sendmail.cf file from a sendmail.mc file, use the following command:
configmail mc2cf
The sendmail.hf file is the Simple Mail Transfer Protocol (SMTP) help file. It contains some brief information about the various SMTP commands.
The sendmail.st file collects statistics related to sendmail. By default, the file is not present. You can create the file using the touch command. If the file is present, sendmail automatically updates the file with relevant sendmail statistics.
The aliases file contains the text form of the alias database used by the sendmail program. The alias database contains aliases for local mail recipients. For example, the following alias delivers mail addressed to jd on the local station to johndoe@company.com:
jd:johndoe@company.com |
| Note: The newaliases program must be run after modifying the alias database file. For more information about building the alias database, see “Building the sendmail Aliases Database”. |
The mail queue, /var/spool/mqueue, is the directory in which the mail queue and temporary files reside. The messages are stored in various queue files that exist under the /var/spool/mqueue directory. Queue files take the following forms:
qf*—control (queue) files for messages
df*—data files
tf*—temporary files
nf*—a file used when a unique ID is created
xf*—transcript file of the current session
Normally, a sendmail subdaemon processes the messages in this queue periodically, attempting to deliver each message. (The /etc/init.d/mail script starts the sendmail daemon so that it forks a subdaemon every 15 minutes to process the mail queue.) Each time sendmail processes the queue, it reads and sorts the queue, then attempts to run all jobs in order.
| Note: Any mail queue files generated this way cannot be read by previous versions of sendmail. |
The /usr/lib/sendmail.cf_m4 directory contains the data that is used to generate the sendmail.cf file. The contents of this directory are similar to the cf subdirectory from the sendmail source distribution. The sendmail.mc file selects settings and features implemented by the files in the /usr/lib/sendmail.cf_m4 directory. Use the following command to generate a new sendmail.cf file from these files:
configmail mc2cf
This section explains how the aliases database for sendmail runs, and indicates possible problems and errors. Sections are as follows:
The aliases database is a NEWDB database that contains mail aliases that are used by the sendmail program. The text form of the database is maintained in the /etc/aliases file. The aliases are of the following form:
name: name1 [, name2, ...] |
For example, the following command delivers mail addressed to jd to johndoe@company.com:
jd:johndoe@company.com |
| Note: Only the local part of an address can be aliased. For example, the following command is wrong and does not have the desired effect: |
jd@big.university.edu:jd@company.com
The sendmail application consults the alias database only after deciding that the message (as originally addressed) should be delivered locally, and after it has rewritten the address to contain only the local part.
An alias continuation line must start with a space or a tab. Blank lines and lines beginning with the number sign (#) are treated as comments.
At startup, sendmail automatically uses the newdb library to process the /etc/aliases file into the /etc/aliases.db files. Using these files to resolve aliases improves performance.
When using the NEWDB version of the database to maintain aliases, sendmail uses the /etc/alias.db file. When building the NEWDB version of the database, sendmail checks the left-hand side of each entry to make sure that it is a local address. Then sendmail issues a warning for each entry in /etc/aliases with a non-local left-hand side. Such entries are not entered into the NEWDBversion of the database.
Previous versions of IRIX sendmail looked for the keyword +:+ in the /etc/alias file and enabled NIS lookups for you. You must now to do this explicitly. By default, IRIX sendmail uses the /etc/aliases database and the NSD map, mail.aliases, for lookups. If you have configured nsd to use NIS, you do not need to do anything more. If you have not done this configuration, you can place the following line in the sendmail.mc file:
define (ALIAS_FILE',/etc/aliases,nsd:mail.aliases') dnl |
If the configuration or the command line specifies the D option, sendmail automatically tries to rebuild the alias database when it is out of date.
The sendmail application rebuilds the alias database if either of the following conditions exists:
The NEWDB version of the database is in mode 666.
sendmail is running setuid to root.
Note: Auto-rebuild can be dangerous on heavily loaded stations with large alias files. If it takes more than 5 minutes to rebuild the database, there is a chance that several processes will start the rebuild process simultaneously.
The newaliases program is used to rebuild the NEWDB version of the aliases database. This program must be run any time the text version of the aliases file is modified. If newaliases is not run after making changes to the aliases file, the changes are not incorporated into the NEWDB alias database and are not seen by the sendmail program.
To rebuild the NEWDB version of the database without restarting sendmail, enter the following command:
newaliases |
Executing the newaliases command is equivalent to giving sendmail the -bi flag, as in the following example:
/usr/lib/sendmail -bi |
You can test the aliases database with the -bv flag of the sendmail program. For more details, see Appendix B, “IRIX sendmail Reference”.
Problems can occur with the aliases database, especially if a sendmail process accesses the NEWDB version before it is completely rebuilt. Two circumstances can cause this problem:
One process accesses the database while another process is rebuilding it.
The process rebuilding the database dies because it has been killed, or a station crash has occurred before completing the rebuild.
The sendmail application has two techniques for trying to relieve these problems. First, to avoid the problem of a partially rebuilt database, sendmail ignores interrupts while rebuilding the database. Second, at the end of the rebuild it adds an alias of the following form (which is not normally legal):
@: @ |
Before sendmail accesses the database, it ensures that this entry exists. For this action to occur, the configuration file must contain the -a option.
If the @:@ entry does not exist, sendmail waits for it to appear. After the specified waiting period elapses, sendmail itself forces a rebuild. For this action to occur, the configuration file must include the D option. If the D option is not specified, a warning message is generated and sendmail continues.
If an error occurs when mail is sent to a certain address (x, for example), sendmail looks for an alias of the following form to receive the errors:
owner-x |
This scheme is typically useful for a mailing list where a user mailing to the list has no control over the maintenance of the list itself; in this case the list maintainer would be the owner of the list. For example, the following would cause jd@1company.com to get the error that occurs when someone sends mail to unix-hackers, and sendmail finds the phony user nosuchuser on the list.
unix-hackers: jd@company1.com, ed@big.university.edu,nosuchuser, jane@company2.com owner-unix-hackers: jd@company1.com |
This section provides sendmail configuration information. It does not attempt to be a complete reference for programming the sendmail.cf file and all of its features. For details of sendmail configuration, see the following resources:
sendmail, 2nd Edition by Bryan Costales & Eric Allman. This book, considered the definitive sendmail authority, is available from O'Reilly & AssociatesInc. (ISBN: 1-56592-222-0) (URL: http://www.oreilly.com/catalog/sendmail2)
The sendmail.org website (http://www.sendmail.org) has a large amount of sendmail information.
The /usr/lib/sendmail.cf_m4/README file includes detailed information on the sendmail.mc file and the m4 macro processor features and configuration. This file includes define statements that you can make to change parameters.
The sendmail.cf file is read in real time by each copy of sendmail. There is no frozen version of this file, which previous versions of IRIX sendmail supported. This section does not provide details of the sendmail.cf file. Instead, it describes how to configure and generate it by using the sendmail.mc file
The sendmail.mc file is a set of definitions, configurations, and commands to enable various features. Use this file to create the sendmail.cf file from the prototype files located in the /usr/lib/sendmail.cf_m4 directory.
To create a sendmail.cf file from the definitions in sendmail.mc file, use the following command:
configmail mc2cf
By using the defines and features in the following sections, you can implement a number of complex features, including, but not limited to those in the following list:
Masquerading and relaying
Controlling anti-spam configuration
Adding new mailers or rulesets
Using non-smtp based configurations
Using mailer tables
Using userdb to map full names
The sendmail application uses the m4 macro processor (simply known as m4) to “compile” the configuration files. m4 is stream-based; that is, it does not recognize lines. For this reason, to avoid unnecessary blank lines in the output, you might sometimes see the word dnl, which stands for “delete through newline.” Essentially, it deletes all characters starting at the dnl directive up to and including the next newline character.
Another important directive is define(A, B), which defines the macro A to have value B. Macros are expanded as they are read, so you should enclose both values in quotation marks to prevent expansion, as in the following example:
define(`SMART_HOST', `smart.foo.com') |
The open quotatation mark is the unshifted character found on the same key as the tilde (~). With some editors, you must hit this key twice before the quotation mark appears. The close quotation mark is the conventional single quotation mark found on the same key as the double quotation mark (“).
 | Warning: m4 macros are expanded even in lines that appear to be comments. In the following comment example, FEATURE(foo) will be expanded: |
# See FEATURE(foo) above |
To prevent this expansion, enclose FEATURE(foo) in quotation marks, as follows:
# See `FEATURE(foo)', above |
In the following comment example, define is an m4 keyword and must be enclosed in quotation marks:
# And then `define' the $X macro to be the return address |
Most configuration options do not need to be changed. However, if you need to modify them, you can define the m4 variables. You can find a list of these variables in the sendmail standard at the following URLs:
http://www.sendmail.org/m4/tweakingoptions.html http://www.sendmail.org/m4/ostype.html |
The list of variables that can be modified is shown with the following information:
Variable name
Option or macro that is affected (Ox for an option or Dx for a macro)
Default value for the definition
Brief description
Some options are likely to be deprecated in future versions; that is,the option is included only to provide back-compatibility. These are marked with "*".
Remember that these options are m4 variables, and hence may need to be enclosed in quotation marks. In particular, arguments with commas will usually have to be ``enclosed in double quotation marks, like this phrase`` to avoid confusion caused by the comma. This is common for alias file definitions and for the read timeout.
You must define an operating system environment, or the configuration file build will fail. There are several environments available; for the current list, look at the files in the ostype directory in the sendmail.cf_m4 directory. This macro changes elements like the location of the alias file and the queue directory. Some of these files are identical to each other.
It is imperative that the OSTYPE macro occur before any MAILER definitions. In general, the OSTYPE macro should go immediately after any version information, and MAILER definitions should always go last.
You should not have to modify the OSTYPE macro. It is set to irix6 by default.
You might want to collect domain-dependent defines into one file, referenced by the DOMAIN macro. While you do not need to do this, you can allow for a single file to define a site's configuration, and that file can be distributed to individual systems. For example, the Berkeley domain file includes definitions for several internal distinguished hosts:
| USENET_RELAY | |
The host that will accept USENET-addressed e-mail. If not defined, USENET-addressed mail will be handled by the USENET mailer as normal. USENET-addressed e-mail has the form newsgroup.USENET. | |
| UUCP_RELAY | |
The host that will accept UUCP-addressed e-mail. If not defined, all UUCP sites must be directly connected. | |
| BITNET_RELAY | |
The host that will accept BITNET-addressed e-mail. If not defined, the .BITNET pseudo-domain will not work. | |
| DECNET_RELAY | |
The host that will accept DECNET-addressed e-mail. If not defined, the .DECNET pseudo-domain and addresses of the form node::user will not work. | |
| FAX_RELAY | |
The host that will accept mail to the .FAX pseudo-domain. The “fax” mailer overrides this value. | |
| LOCAL_RELAY DEPRECATED | |
The site that will handle unqualified names -- that is, names without an @domain extension. If not set, they are assumed to belong on this machine. This allows you to have a central site to store a company- or department-wide alias database. This works only at small sites, and only with some user agents. | |
| LUSER_RELAY | |
The site that will handle lusers; that is, apparently local names that are not local accounts or aliases. | |
This version of sendmail supports a number of mailers. As a general rule, put the MAILER definitions last in your .mc file, and always put MAILER(smtp) before MAILER(uucp) because several features and definitions will modify the definition of mailers, and the smtp mailer modifies the uucp mailer. Supported mailers are as follows:
| local | The local and prog mailers. You will almost always need these; the only exception is if you relay all of your mail to another site. This mailer is included automatically. | |||
| smtp | The Simple Mail Transport Protocol mailer. This mailer is the standard mailer for internet peer-to-peer mail transport; it assumes a world where everyone is running the name server. This file actually defines four mailers: “smtp” for regular (old-style) SMTP to other servers, “esmtp” for extended SMTP to other servers, “smtp8” to do SMTP to other servers without converting 8-bit data to MIME (essentially, this is your statement that you know the other end is 8-bit clean even if it does not say so), and “relay” for transmission to our RELAY_HOST, LUSER_RELAY, or MAILER_HUB. | |||
| uucp | The UNIX-to-UNIX Copy Program mailer. Actually, this defines two mailers, “uucp-old” (a.k.a. “uucp”) and “uucp-new” (a.k.a. “suucp”). The latter is for when you know that the UUCP mailer at the other end can handle multiple recipients in one transfer. If the smtp mailer is also included in your configuration, two other mailers (“uucp-dom” and “uucp-uudom”) are also defined [warning: you must specify MAILER(smtp) before MAILER(uucp)]. When you include the uucp mailer, sendmail looks for all names in the $=U class and sends them to the uucp-old mailer; all names in the $=Y class are sent to uucp-new; and all names in the $=Z class are sent to uucp-uudom. Note that this is a function of what version of rmail runs on the receiving end, and hence may be out of your control. For more information, see the /usr/lib/sendmail.cf_m4 file. | |||
| usenet | Usenet (network news) delivery. If this mailer is specified, an extra rule is added to ruleset 0 that forwards all local e-mail for users named ``group.usenet'' to the ``inews'' program. Note that this works for all groups, and may be considered a security problem. | |||
| fax | Facsimile transmission. This is experimental and based on Sam Leffler's HylaFAX software. For more information, see http://www.vix.com/hylafax/. | |||
| pop | Post Office Protocol. | |||
| procmail | An interface to procmail (does not come with sendmail). This mailer is designed to be used in mailer tables. For example, a common question is “how do I forward all mail for a given domain to a single person?”. If you have this mailer defined, you can set up a mailer table as follows:
The /etc/procmailrcs/host.com file will contain the following entry:
This arranges for (anything)@host.com to be sent to person@other.host. Within the procmail script, $1 is the name of the sender and $2 is the name of the recipient. If you use this with FEATURE(`local_procmail'), the FEATURE macro should be listed first. | |||
| mail11 | The DECnet mail11 mailer, useful only if you have the mail11 program from gatekeeper.dec.com:/pub/DEC/gwtools (and DECnet, of course). This is for Phase IV DECnet support; if you have Phase V at your site, you may have additional problems. | |||
| phquery | The phquery program. Internally, this is somewhat counterintuitively referenced as the “ph” mailer. It can be used to do CCSO name server lookups. The phquery program, which this mailer uses, is distributed with the ph client. | |||
| cyrus | The cyrus and cyrusbb mailers. The cyrus mailer delivers to a local cyrus user. This mailer can make use of the “user+detail@local.host” syntax; it will deliver the mail to the user's “detail” mailbox if the mailbox's ACL permits. The cyrusbb mailer delivers to a system-wide cyrus mailbox if the mailbox's ACL permits. |
The local mailer accepts addresses of the form “user+detail”, where the “+detail” is not used for mailbox matching but is available to certain local mail programs (in particular, see FEATURE(`local_procmail')). For example, “eric”, “eric+sendmail”, and “eric+sww” all indicate the same user, but additional arguments <null>, “sendmail”, and “sww” may be provided for use in sorting mail.
You can request special features by using the FEATURE macro. For example, to direct sendmail to read an /etc/sendmail.cw file to get values for class $=w, put the following FEATURE macro in the sendmail.mc file:
FEATURE(`use_cw_file') |
The FEATURE macro can contain a single optional parameter, as in the following example:
FEATURE(`mailertable', `dbm /usr/lib/mailertable') |
You can set the default database map type for the table features by using a define command. The following command sets the default to use NEWDB databases:
define(`DATABASE_MAP_TYPE', `dbm')
The default is the Berkeley db hash database format. Note that you must still declare a database map type if you specify an argument with a FEATURE macro. DATABASE_MAP_TYPE is used only if no argument is provided with the FEATURE macro.
Available features are as follows:
| use_cw_file | Reads the /etc/sendmail.cw file to get alternate names for this host. This might be used if you were on a host that provides MX records for a dynamic set of other hosts. If the set is static, it is better to include the line "Cw<name1> <name2> ..." (where the names are fully qualified domain names). You can override the actual file name by redefining the confCW_FILE variable. | ||||
| use_ct_file | Reads the /etc/sendmail.ct file to get the names of users that will be trusted; that is, able to set their envelope “from” address by using -f without generating a warning message. You can override the actual file name by redefining the confCT_FILE variable. | ||||
| redirect | Rejects all mail addressed to “address.REDIRECT” and provides the following message:
If this feature is set, you can alias people who have left to their new address with “.REDIRECT” appended. | ||||
| nouucp | Prevents special treatment of UUCP addresses. | ||||
| nocanonify | Prevents passing of addresses to $[ ... $] for canonification. This feature is used only by sites that act only as mail gateways or sites that have user agents that do full canonification themselves. You may also want to use the following define command to turn off the usual resolver options that perform a similar function: define(`confBIND_OPTS',`-DNSRCH -DEFNAMES') | ||||
| stickyhost | Indicates that e-mail sent to “user@local.host” is marked as “sticky”; that is, the local addresses are not matched against UDB and do not go through ruleset 5. This feature is used when “user” is not necessarily the same as “user@local.host;” for example, to make a distinct domain-wide namespace. Prior to version 8.7, stickyhost was the default, and notsticky was used to turn this feature off. | ||||
| mailertable | Indicates inclusion of a “mailer table” that can be used to override routing for particular domains. The argument of the FEATURE can be the key definition. If none is specified, the following definition is used: hash -o /etc/mailertable Keys in this database are fully qualified domain names or partial domains preceded by a dot; for example, “vangogh.CS.Berkeley.EDU” or “.CS.Berkeley.EDU”. Values must be of the form “mailer:domain,” where “mailer” is the internal mailer name, and “domain” is the destination of the message. These maps are not reflected into the message header. Special cases are as follows: local:user - Forwards to the indicated user using the local mailer local: - Forwards to the original user in the e-mail address using the local mailer error:code message - Provides an error message with the indicated code and message. | ||||
| domaintable | Indicates inclusion of a “domain table” to provide domain name mapping. Use of this feature should be limited to your own domains. It might be useful if you change names (for example, your company changes names from oldname.com to newname.com). The argument of the FEATURE macro can be the key definition. If none is specified, the definition used is as follows: hash -o /etc/domaintable The key in this table is the domain name; the value is the new (fully qualified) domain. Anything in the domaintable is reflected into headers; that is, this is done in ruleset 3. | ||||
| bitdomain | Looks up bitnet hosts in a table to try to turn them into internet addresses. The table can be built using the bitdomain program contributed by John Gardiner Myers. The argument of the FEATURE may be the key definition; if none is specified, the definition used is as follows: hash -o /etc/bitdomain.db Keys are the bitnet hostname; values are the corresponding internet hostname. | ||||
| uucpdomain | Indicates feature for UUCP hosts similar to bitdomain. The default map definition is as follows: hash -o /etc/uudomain.db At the moment there is no automatic tool to build this database. | ||||
| always_add_domain | Indicates inclusion of the local host domain even on locally delivered mail. The local host name is not usually added on unqualified names. However, if you use a shared message store but do not use the same user name space everywhere, you might need the host name on local names. | ||||
| allmasquerade | If masquerading is enabled (using the MASQUERADE_AS macro), this feature causes recipient addresses to masquerade also, as being from the masquerade host. Recipient addresses usually get the local host name. Although this might be right for most users, it can break local aliases. For example, if you send to “localalias”, the originating sendmail will find that alias and send to all members, but send the message with “To: localalias@masqueradehost”. Since that alias likely does not exist, replies will fail. Use this feature only if you can guarantee that the entire namespace on your masquerade host supersets all of the local entries. | ||||
| limited_masquerade | Usually, any hosts listed in $=w are masqueraded. If this feature is indicated, only the hosts listed in $=M are masqueraded. This feature is useful if you have several domains with disjoint namespaces hosted on the same machine. | ||||
| masquerade_entire_domain | If masquerading is enabled (using MASQUERADE_AS) and MASQUERADE_DOMAIN is set, this feature causes addresses to be rewritten such that the masquerading domains are actually entire domains to be hidden. All hosts within the masquerading domains will be rewritten to the masquerade name (used in MASQUERADE_AS). In the following example, *foo.org and *bar.com are converted to masq.com. Without the “masquerade_entire_domain” feature, only foo.org and bar.com are masqueraded. MASQUERADE_AS(masq.com) MASQUERADE_DOMAIN(foo.org) MASQUERADE_DOMAIN(bar.com)
| ||||
| masquerade_envelope | Usually, only header addresses are masqueraded. This feature enables masquerading of the envelope of a message. | ||||
| genericstable | Causes certain addresses originating locally (that is, addresses that are unqualified) or a domain listed in $=G to be looked up in a map and turned into another (“generic”) form, which can change both the domain name and the user name. This is similar to the userdb functionality. The same types of addresses as for masquerading are looked up (that is. only header sender addresses) unless the allmasquerade and/or masquerade_envelope features are indicated. Qualified addresses must have the domain part in the list of names given by the GENERICS_DOMAIN or GENERICS_DOMAIN_FILE macros (analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE). The argument of FEATURE(`genericstable') can be the map definition. The default map definition is as follows: hash -o /etc/genericstable The key for this table is either the full address or the unqualified username (the former is tried first); the value is the new user address. If the new user address does not include a domain, it will be qualified in the standard manner; that is, using $j or the masquerade name. Note that the address being looked up must be fully qualified. For local mail, it is necessary to use FEATURE(`always_add_domain') for the addresses to be qualified. | ||||
| virtusertable | Indicates a domain-specific form of aliasing, allowing multiple virtual domains to be hosted on one machine. For example, consider a virtusertable with the following contents:
Mail addressed to info@foo.com will be sent to the address foo-info, mail addressed to info@bar.com will be delivered to bar-info, and mail addressed to anyone at baz.org will be sent to jane@elsewhere.net. The username from the original address is passed as %1 allowing:
With this designation, someone@foo.org will be sent to someone@elsewhere.com. All of the host names on the left hand side (foo.com, bar.com, and baz.org) must be in $=w. The default map definition is: hash -o /etc/virtusertable A new definition can be specified as the second argument of the FEATURE macro, as in the following example:
| ||||
| nodns | Indicates that the site is not running DNS (for example, the site might be UUCP-only connected). | ||||
| nullclient | Creates a stripped-down configuration file containing nothing but support for forwarding all mail to a central hub via a local SMTP-based network. The argument is the name of that hub. The only other feature that should be used in conjunction with nullclient is “nocanonify” (this causes addresses to be sent unqualified via the SMTP connection; usually, they are qualified with the masquerade name, which defaults to the name of the hub machine). No mailers should be defined. No aliasing or forwarding is done. Also, note that absolutely no anti-spam or anti-relaying is done in a null client configuration. | ||||
| local_lmtp | Indicates use of an LMTP capable local mailer. The argument to this feature is the pathname of an LMTP capable mailer. By default, mail.local is used. This is expected to be the LMTP capable mail.local that came with the 8.9 distribution. The path to mail.local is set by the confEBINDIR m4 variable, making the default LOCAL_MAILER_PATH /usr/libexec/mail.local. | ||||
| local_procmail | Indicates use of procmail as the local mailer. This mailer can make use of the “user+indicator@local.host” syntax; usually, the +indicator is not used, but by default it is passed as the -a argument to procmail. The argument to this feature is the pathname of procmail, which defaults to PROCMAIL_MAILER_PATH. Note that this does not use PROCMAIL_MAILER_FLAGS or PROCMAIL_MAILER_ARGS for the local mailer; make changes to LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead. | ||||
| bestmx_is_local | Indicates acceptance of mail as though locally addressed for any host that lists the local address as containing the best possible MX record. This acceptance generates additional DNS traffic, but should not cause problems for low to medium traffic hosts. However, the argument can be a set of domains, which limits the feature to apply only to these domains, reducing unnecessary DNS traffic.
| ||||
| smrsh | Indicates use of the SendMail Restricted Shell (smrsh) provided with the distribution instead of /bin/sh for mailing to programs. This improves the ability of the local system administrator to control what gets run via e-mail. If an argument is provided, it is used as the pathname to smrsh; otherwise, the path defined by confEBINDIR is used for the smrsh binary -- by default, /usr/libexec/smrsh is assumed. | ||||
| promiscuous_relay | By default, the sendmail configuration files do not permit mail relaying (that is, accepting mail from outside your domain and sending it to another host outside your domain). This option sets your site to allow mail relaying from any site to any site. In general, it is better to control the relaying more carefully with the access db and the `R' class ($=R). Domains can be added to class `R' by the RELAY_DOMAIN or RELAY_DOMAIN_FILE macros (analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE). | ||||
| relay_entire_domain | By default, only hosts listed as RELAY in the access db are allowed to relay. This option also allows any host in your domain as defined by the `m' class ($=m). | ||||
| relay_hosts_only | By default, names that are listed as RELAY in the access db and class `R' ($=R) are domain names, not host names. For example, if you specify ``foo.com'', then mail to or from foo.com, abc.foo.com, or a.very.deep.domain.foo.com will all be accepted for relaying. This feature changes the behavior to look up individual host names only. | ||||
| relay_based_on_MX | Turns on the ability to allow relaying based on the MX records of the host portion of an incoming recipient; that is, if an MX record for host foo.com points to your site, you will accept and relay mail addressed to foo.com.
| ||||
| relay_local_from | Allows relaying if the domain portion of the mail sender is a local host. This feature should be used only if absolutely necessary, because it opens a window for spammers. Specifically, mail can be sent to your mail server that claims to be from your domain (either directly or via a routed address), and you can relay it out to arbitrary hosts on the Internet. | ||||
| accept_unqualified_senders | Accepts unqualified sender addresses. Usually, if the connection is a network connection and the sender address does not include a domain name, MAIL FROM: commands in the SMTP session are refused. If your setup sends local mail unqualified (for example. MAIL FROM: <joe>), you will need to use this feature. | ||||
| accept_unresolvable_domains | Accepts all domains on input, even if they are unresolvable. Usually, if the host part of the argument to MAIL FROM: cannot be located in the host name service (for example, DNS), MAIL FROM: commands in the SMTP session are refused. If you are inside a firewall that has only a limited view of the Internet host name space, this could cause problems. In this case, you can use this feature. | ||||
| access_db | Turns on the access database feature. The access_db feature lets you allow or refuse to accept mail from specified domains for administrative reasons. By default, the access database specification is as follows: hash -o /etc/mail/access The format of the access database is described in the /usr/lib/sendmail.cf_m4/README file. | ||||
| blacklist_recipients | Turns on the ability to block incoming mail for certain recipient usernames, hostnames, or addresses. For example, you can block incoming mail to user nobody, host foo.mydomain.com, or guest@bar.mydomain.com. These specifications are put in the access database. The format of the access database is described in the /usr/lib/sendmail.cf_m4/README file. | ||||
| rbl | Turns on rejection of hosts found in the Realtime Blackhole List. If an argument is provided, it is used as the name sever to contact; otherwise, the main RBL server at rbl.maps.vix.com is used. For details, see http://maps.vix.com/rbl/. | ||||
| loose_relay_check | Usually, if a recipient using % addressing is used (for example, user%site@othersite), and othersite is in class `R', the check_rcpt ruleset will strip @othersite and recheck user@site for relaying. This feature changes that behavior. It should not be needed for most installations. | ||||
| percpu_QueueLA, percpu_RefuseLA, percpu | These features allow setting QueueLA and RefuseLA to a base value times the number of CPUs in a system. The argument is the number by which to scale. For example,
| ||||
| smart_host_domain | Allows direct delivery to a set of domains if a SMART_HOST parameter has been defined. This feature is useful inside of a firewall. All domains in the argument are considered locally connected. If no argument is given, the local domain is assumed. | ||||
| mailnews | Enables mail to be forwarded to a usenet newsgroup. Mail addressed to groups specified in the mailnews FEATURE will be translated to group.USENET, and either locally delivered (via USENET_MAILER) or forwarded (via USENET_RELAY) |
These aspects of managing the sendmail environment are covered in the following sections:
Further aspects of managing the sendmail environment are covered in Appendix B, “IRIX sendmail Reference”.
After customizing the sendmail.cf files and modifying the aliases database, you are ready to start sendmail.
By default, IRIX automatically starts sendmail at station startup by using the shell script /etc/init.d/mail. However, if you are configuring and testing sendmail and do not want to reboot the station, you can run the /etc/init.d/mail script manually. You should always use the mail script to stop and start sendmail. It processes and checks sendmail related files and programs in the correct order.
Start the sendmail daemon:
/etc/init.d/mail start |
If you need to stop sendmail, enter the following command:
/etc/init.d/mail stop |
You can list the contents of the queue by using the mailq command or by specifying the -bp flag on the sendmail command. The list includes a listing of the queue IDs, the size of each message, the date the message entered the queue, and the sender and recipients.
The -q flag (with no value) forces sendmail to process the queue. It is sometimes useful to use the -v flag (verbose) also when running the queue manually, as follows:
/usr/lib/sendmail -q -v
|
In verbose mode, sendmail displays the SMTP chatter with other stations as well as messages indicating any delivery errors and final message disposition.
Because of the locking algorithm, it is impossible for one job to freeze the queue. However, an uncooperative recipient station or a program recipient that never returns can consume many station resources. Unfortunately, there is no way to resolve this situation without violating the SMTP protocol that sendmail uses.
In some cases, if a major station goes down for a couple of days, a prohibitively large queue may be created. As a result, sendmail spends an inordinate amount of time sorting the queue. You can remedy this situation by moving the queue to a temporary location and creating a new queue. The old queue can be run later when the offending station returns to service.
Use the following commands to move the entire queue directory. The mail queue should be owned by root and belong to the mail group.
Change to the /var/spool directory.
cd /var/spool
Give the old mail queue another filename.
mv mqueue omqueue
Make another directory for the new mail queue.
mkdir mqueue
Change permissions so that the directory is owned by root.
chmod 755 mqueue
Then kill the existing sendmail daemon (because it will still be processing in the old queue directory) and create a new daemon:
Stop the sendmail daemon that is currently running.
/etc/init.d/mail stop
Start a new sendmail daemon.
/etc/init.d/mail start
To run the old mail queue, use the following command:
/usr/lib/sendmail -oQ/var/spool/omqueue -q
The -oQ flag specifies an alternate queue directory, and the -q flag causes sendmail to run every job in the queue once and then return. Use the -v (verbose) flag to watch what is going on. It might be necessary to run the old mail queue a number of times before all of the messages can be delivered.
When the queue is finally emptied, the directory can be removed with the following command:
rmdir /var/spool/omqueue
As an alternative to the alias database, users can put a file with the name .forward in their home directories. If the .forward file exists in a user's home directory, sendmail redirects mail for that user to the list of recipients in the file. The recipients are separated by commas or new lines. For example, if the home directory for user jane has a .forward file with the following contents, any mail arriving for jane is redirected to the specified accounts:
zippy@state.edu bongo@widgets.com |
The .forward file also allows the user to redirect mail to files or programs. A .forward file with the following contents redirects any incoming messages to jd@company.com, appends a copy of the message to the file /var/tmp/mail.log, and pipes a copy of the message to stdin of the /usr/bin/mymailer program:
jd@company.com /var/tmp/mail.log | /usr/bin/mymailer |
In general, file-type recipients must be writable by everyone. However, if sendmail is running as root and the file has setuid or setgid bits set, the message is written to the file.
Users can redirect mail to themselves in addition to sending it to other recipients. This feature is particularly useful if the users want to continue to receive mail in their own mailboxes while passing copies of each incoming message to some alternative destination. For example, if the home directory for user john contains a .forward file with the following contents:
\john, |/usr/sbin/vacation |
The sendmail program behaves as follows:
It sends each incoming message to john's regular mailbox; the backslash (\) preceding the name indicates that no further aliasing is to occur.
It pipes a copy of each message to stdin of the /usr/sbin/vacation program. (The vertical bar [|] is the standard UNIX pipe symbol.)
MX records are resource records in the BIND database. Each record contains the name of a target station, a preference level, and the name of an exchanger station that handles mail for the target station. (The exchanger station may be the target station itself.)
The BIND database can contain several MX records for each target station; the record with the lowest preference level is tried first.
MX records provide a way to direct mail to alternative stations. Using MX records lets you eliminate static routes from your sendmail configuration file.
For each destination station contacted by means of an IPC-type mailer (P=[IPC] in the mailer definition line), sendmail queries the DNS database for MX records associated with the destination station. If the MX query succeeds, mail will be routed through the appropriate exchanger station found among the returned MX records as described in RFC 974 and required by RFC 1123.
The result is that this version of sendmail and previous versions may use different methods to route mail to stations for which MX records are available. See Appendix B, “IRIX sendmail Reference”, for information regarding mailer definitions.