Jtech's 'Sendmail with Asterisk' Howto
Introduction
The main reason for writing this is to keep notes for myself. But if anybody can get some use out of it, please be my
guest!
For our specific application (Asterisk), we need to modify the sendmail configuration file(s) to do a couple of things
that are NOT part of a default sendmail installation. We'll explain what they are and why we need to jump through
these hoops as we go along.
Background
At my home (in japan - about 30 miles north of Tokyo), I run an Asterisk server on a Slacware Linux box. I've been
playing with this for years and friends (one as far away as Melbourne, Australia) can connect with amazingly
good results.
One of the features of Asterisk has to do with VoiceMail. If somebody calls a user that is "unavailable",
the caller can leave a voice message. Asterisk will then send the user an e-mail with the caller's voice message
attached as a ".WAV" file. Asterisk uses Sendmail to send the message.
This 'HOWTO' explains how to configure Sendmail for my unique situation to handle these voice e-mails.
My home Slackware/Asterisk set up (in general)
At my home, my ISP provides service via cable modem.
Unfortunately, My brain-dead-not-SIP-friendly router (Linksys) will not allow an Asterisk server to work if the
Asterisk box is behind the router (I've tried everything!). For this reason, I tossed another ethernet card in the Linux
box, run "iptables", "DHCPD", and let my Linux/Asterisk box also perform the functions of a router. This works.
Additionally, my paranoid ISP (J-Com) blocks port 25 (SMTP) traffic from clients if the client doesn't use J-com's
mail server. (Note: More and more ISP's are doimg this.)
My home Linux/Asterisk box IS NOT my primary Internet server. I'm using good ole' Jtech.Net for WWW
(the one you're reading these pages from) and mail. This server is not even located in Japan!
On the Jtech.Net server, I have the MTA (mail transport agent) configured to 'listen' on an alternate port number in
addition to port 25 and require clients to 'authorize' using a login name/password to send email. All clients using
Jtech.Net can use either of the ports (whichever one works) and must 'authorize'. This works okay.
Dynamic DNS
To allow incoming connections to my Asterisk server, I have to make sure my friends kwnow what IP address their
phones need to connect to. To do this, I've registered a domain name and am using "dynds.org" to my "dynamic" IP
address (supplied by my ISP) is available on the Internet. To do this, I'm running a "home-brew" version of what i call
"dyndnsupdater" to check my local (real-world) IP address and update it as necessary. This works well.
Log in as 'root'
Just mentioning this here for the newbies. You MUST be logged in as 'root' to do any of the tasks we'll be talking
about in this 'howto'. 'Nuff said.
My Linux Distro
I'm running the Slackware version of Linux. Okay, okay, I know Slack is up to version 13.xx but I'm still on
version 12.0. Although "Linux is Linux", people reading these pages who have a different distro may find file locations
slightly different from the Slack distro and your milage may vary.
Sendmail Version
The Slackware 12.0 distro includes Sendmail ver 8.14.1. Again, if you're not using this same version for Sendmail your
milage may vary here too.
Sendmail - What it is and what it isn't
Note: This is not to be a "sent in concrete" Sendmail 'howto'. In fact, I personally don't like
Sendmail due to the hassles associated with it's configuration file(s). But at least I know enough about it
to make it work for our use with Asterisk.
Sendmail - What it is.... Sendmail is, for better or worse, the de facto standard Mail Transfer Agent (MTA)
for Unix systems. While a lot could be written about the pros and cons of replacing Sendmail with an alternate MTA
(i.e. such as Postfix, Qmail, etc.) the reality is that most Unix shops have a huge installed base of machines running
Sendmail daemons as part of their default install. However, the surprising news is that the vast majority of these
systems do not need to be running a Sendmail daemon at all. - Uh, okay, clear as mud - right? - We'll try to unravel
this statement as we move along.
Let me digress a little. -- By definition, Sendmail is a "Mail Transfer Agent". Basically, Sendmail
transfers mail between itself and other MTA's using the SMTP protocol. It can also receive mail from a
"MUA" ("Mail USER Agent") to be sent out (again, using the SMTP protocol). Finally, Sendmail can hand off received
mail to a "Mail Delivery Agent" to be deposited in a local user's mailbox (if the recepient is local to the
same server Sendmail is running on).
Sendmail - What it isn't... Sendmail is not:
- An email "formatter" - This work is all done in the "MUA" (i.e. Eudora, MS Outlook, pine, etc.).
- An email "attachment handler" - Again, this is done in the "MUA". When Sendmail gets the mail message from
the "MUA", any attachments are already encoded in the email's message body.
- A POP or IMAP server - As said before, if Sendmail receives a message for a local user, it hands off the
mail to a "MDA" to be deposited in the user's mail box. The user's "MUA" can access the mail using either the POP3 or
IMAP protocol. Sendmail is long gone from the picture by the time this happens.
Sendmail can operate in one of two modes. Let's call them a "server" (or in *NIX terms, a daemon) and what I
call a "client".
The Role of the Sendmail Daemon - In reality, the Sendmail daemon on a machine is only responsible for two
things:
- Listening on port 25/tcp for incoming messages from outside of the machine.
- Flushing the local queue of unsent messages on a periodic basis.
Having a Sendmail daemon listening on 25/tcp can open up the system up for remote exploits if not configured
correctly. Yeah! A spammer's dream. Just remember that the system only needs to be listening on 25/tcp if it is
actively expecting to receive email messages from other systems. In our case, it is NOT (and never will be).
Many programmers and sysadmins believe that to have an application (i.e. asterisk) send an email using Sendmail,
that a Sendmail DAEMON needs to be running. Ain't so! - We'll see why as we go along.
But with the daemon shut off, how do we occasionally flush the local queue. - Hang on. - We'll get to that
too a little later on.
Sendmail as a client. When a Unix email client (i.e. asterisk) sends outgoing email, they invoke a new
copy of the Sendmail binary directly off the disk. This new Sendmail process simply attempts to deliver the
message to its next hop directly, rather than communicating with the local Sendmail daemon running on the system.
While it is necessary to have a proper Sendmail configuration file on each local system, again it is not necessary to
have a Sendmail daemon running in order for users and processes on the system to send email out of the machine.
Sendmail Config (and related) File(s)
For our Slackware distro (using Sendmail ver. 8.14.1) we'll be using (and modifying) several files to get Sendmail up
and running as well as telling Sendmail what to do. Here is a list of these files and their locations:
- /etc/rc.d/rc.sendmail - the Sendmail "startup" file.
- /etc/mail/sendmail.cf - the main Sendmail config file.
- /etc/mail/submit.cf - the Sendmail config file for mail submission.
- /etc/mail/authinfo.db - A 'hash' file containing our username/password to log onto our 'target' SMTP host.
(More on his later. - Note - this is not part of the default Slack install.)
- /etc/mail/authinfo - Our handmade source file for the above.
- /usr/share/sendmail/cf/cf/sendmail-slackware.mc - The source file for using the m4 macro to generate a new
sendmail.cf file. - Note - This file (and others) are part of the optional sendmail-cf-8.14.1-noarch-1.tgz
package which is part of the Slack 12.0 distro. If you didn't install this package, you'll need to install it with
"pkgtool".
Let's get our fingers busy & modify/create some files!
Based on our specific scenario (mainly because of our lame/brain-dead ISP), let's make a shopping list of what we want
Sendmail to do:
- DO NOT run as a daemon listening on port 25.
- Periodically flush our mail queue.
- Send all SMPT traffic on port: 487 to by-pass our lame/brain-dead ISP.
- Send mail ONLY to the mail host: mail.mydomain.com for further relaying.
- Log into "mail.mydomain.com" using the user name of: mailsender in order to authorize ourself on
that host.
- Use the password: PaSsWoRd" when authorizing.
The Startup File - And flushing the mail queue.
Again, let me digress a little. If, for some reason, Sendmail cannot reach a host to send mail to, it will place the
mail into the local server's "mailqueue" to be re-tried later. - While (in our case) this happens rarely, it still can
happen. We need a mechanasim to ensure this queue is periodically checked and "flushed" (or mail is sent out) as
needed.
Log in as root. - I hope you already figured this out!
We're going to be working on /etc/rc.d/rc.sendmail - Here is the portion we need to pay attention to:
sendmail_start() {
if [ -x /usr/sbin/sendmail ]; then
echo "Starting sendmail MTA daemon: /usr/sbin/sendmail -L sm-mta -bd -q25m"
/usr/sbin/sendmail -L sm-mta -bd -q25m
echo "Starting sendmail MSP queue runner: /usr/sbin/sendmail -L sm-msp-queue -Ac -q25m"
/usr/sbin/sendmail -L sm-msp-queue -Ac -q25m
fi
}
If you'll notice, we're starting up two instances of Sendmail to run in the background. - One is the MTA
whis our "Mail Transport Agent" and the other is for our MSP which is for our "Mail Submission Processing.
Let's look at what all the "switches" in the above do:
- -L sm-mta / -L sm-msp-queue - These are just tags to append to the log file telling you which instance of
sendmail made the log entry. - With only one instance of Sendmail running you really don't need this tag at all.
- -bd - This tells Sendmail to run in the background listening on port 25. - This is what we don't
want.
- -Ac - Use the submit.cf file. - Gotch'a #456: Although we'll be using the submit.cf
file, Sendmail still loads and uses the sendmail.cf file too! - This one bit me in the butt!
- -q25m - Check and (try to) flush the mail queue every 25 minutes. - Why both the MTP and MSP do this
I haven't got a clue. - But that's the way it came on my Slack 12.0 distro.
Please note in the following examples, I've color coded some (or parts) of the file entries. Parts in
green are existing lines I've changed. Parts in red
are lines I've added. And parts in blue are lines specific to your system. Please
be carefull when making changes.
BACKUP ALL PERTINENT FILES NOW!!! - Obviously this goes without saying. - RIGHT NOW! - Do the following:
cp /etc/rc.d/rc.sendmail /etc/rc.d/rc.sendmail.orig
cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.orig
cp /etc/mail/submit.cf /etc/mail/submit.cf.orig
Open up /etc/rc.d/rc.sendmail in your favorite editor and make a few of changes:
sendmail_start() {
if [ -x /usr/sbin/sendmail ]; then
#echo "Starting sendmail MTA daemon: /usr/sbin/sendmail -L sm-mta -bd -q25m"
#/usr/sbin/sendmail -L sm-mta -bd -q25m
echo "Starting sendmail MSP queue runner: /usr/sbin/sendmail -Ac -q25m"
/usr/sbin/sendmail -Ac -q25m
fi
}
Notice I completely removed the "-L" tag for the MSP? - This is purely optional. - After all, it's your box :-)
Double check to make sure your rc.sendmail file is "executable":
chmod +x /etc/rc.d/rc.sendmail
Just for grins, let's restart Sendmail if for nothing else just to kill that daemon listening on port 25:
./etc/rc.d/rc.sendmail restart
Let's whittle down our shopping list:
- Send all SMPT traffic on port: 487 to by-pass our lame/brain-dead ISP.
- Send mail ONLY to the mail host: mail.mydomain.com for further relaying.
- Log into "mail.mydomain.com" using the user name of: mailsender in order to authorize ourself on
that host.
- Use the password: PaSsWoRd" when authorizing.
The .cf files. - The fun really begins! We're going to be modifying the two .cf files (sendmail.cf & submit.cf)
in the next steps.
The .cf files are complex to understand. This is an understatement. They are also an 'A #1' sombitch to manually
edit! - I've once read that a sysadmin isn't a sysadmin until he (or she) has edited a Sendmail 'cf' file. And they're
CRAZY to do it a second time! - I honestly believe that. - Go ahead and put one up in your editor if you don't agree.
Luckilly a process exists to help us auto-generate these 'cf' files. - It's called 'm4'. - Basically, you modify
".mc" files then run the m4 macro on them. This works very well (most of the time).
Making a new sendmail.cf file - We're going to be doing this in the /usr/share/sendmail/cf/cf directory
so let's go there now:
cd /usr/share/sendmail/cf/cf
Grab a copy of sendmail-slackware.mc and copy it to myconfig.mc This keeps the original file
intact :-)
cp sendmail.slackware.mc myconfig.mc
Keeping our shopping list in mind, here's a complete copy of my myconfig.mc file and the changes I've made:
dnl# This is the default sendmail .mc file for Slackware. To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
define(`SMART_HOST',`mail.mydomain.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 487')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 487')dnl
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Let's look at what we did. Here's a short list of the lines we added or changed:
define(`SMART_HOST',`mail.mydomain.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 487')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 487')dnl
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
Gotch'a #493. Look at these following words I've extracted from the above:
`SMART_HOST 'mail 'RELAY_MAILER_ARGS `ESMTP_MAILER_ARGS `TCP
`authinfo `hash
Do you see what looks like a 'single quote' to the left of each word? Those are NOT 'single quotes'! They
are backtics. The 'backtick' key is usually located to the left of the number "1" key on a standard
US keyboard. Make sure you type this stuff in correctly.
What do each of these lines do? Let's look at each line and I'll try to explain how they modify the way
sendmail will handle the outgoing mail.
define(`SMART_HOST',`mail.mydomain.com')dnl
SMART HOST: This tells sendmail to send email to any addreessee that is not local (a user on this server) to:
mail.mydomain.com instead of trying to send directly to that addressee's own email server.
Note: The dnl at the end of each line tells the m4 macro to 'delete through to the new line' or
disregard anything to the right on this same line. Sometimes authors like to put remarks after a statement. This
prevents them from being 'looked' at when the m4 macro is run on the .mc file.
define(`RELAY_MAILER_ARGS', `TCP $h 487')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 487')dnl
RELAY_MAILER_ARGS & ESMTP_MAILER_ARGS: These two goodies tell sendmail that anytime it sends anything out
to the "real world" to use port 487 instead of the default port 25. - Well, it also tells sendmail to "listen" on port
487 too but since we're not running sendmail as a daemon, we really don't care.
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
authinfo: I'm saving the best for last :-) This line tells sendmal that when the host it is connecting to
asks for login/password info to get the necessary information from the /etc/mail/authinfo.db file. We'll be creating
this file shortly, don't fret!
Creating 'myconfig.cf' - This is a piece of cake. While you're still in /usr/share/sendmail/cf/cf type
the following command:
m4 myconfig.mc > myconfig.cf
If everything went okay, you shoudn't have seen any errors and you'll have a brand new myconfig.cf file. If
you did encounter error(s), stop and investigate. You MUST get through this step!
Now that we have a good "myconfig.cf" file, let's replace our "sendmail.cf" file with this new file. - You did
make a backup, right?
cp myconfig.cf > /etc/mail/sendmail.cf
The submit.cf file - the REAL FUN part.
Remember when we started up our MSP portion of Sendmail so we can flush the mail queue? - Normally the submit.cf file
is used to take messages out of the queue and pass them to the Sendmail daemon using the internal (localhost) interface.
But since we don't have a Sendmail daemon, this will never happen. Also we still want our individual Sendmail instances
to send out on port 487 to our specified host.
Editing submit.cf - While a "/usr/share/sendmail/cf/cf/submit.mc" file exists, I've yet to figure out how to
get a "submit.cf" file created from this thing to do what I want. - So I finally decided to bite the bullet and manually
edit the /etc/mail/submit.cf file. - Don't worry, it really isn't too painfull. - You just have to be (VERY) carefull.
Move over to the /etc/mail directory:
cd /etc/mail
Let's put submit.cf in our editor. This file is big, so look carefully for the changes I've made: (HINT -
There's only 3 changes. - One near the top and two near the bottom. - Make sure you put your changes in the same place.
#
# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@nother.smi.sendmail.com on Tue Apr 3 16:32:55 PDT 2007
##### in /extra/home/ca/sm-8.14.1/OpenSource/sendmail-8.14.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ #####
##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
##### $Id: submit.mc,v 8.14 2006/04/05 05:54:41 ca Exp $ #####
##### $Id: msp.m4,v 1.33 2004/02/09 22:32:38 ca Exp $ #####
##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####
##### $Id: proto.m4,v 8.730 2007/02/01 18:50:03 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
# my name for error messages
DnMAILER-DAEMON
{MTAHost}mail.mydomain.com
# Configuration version number
DZ8.14.1/Submit
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
#O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=i
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
O QueueFileMode=0660
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=NoMTA, Addr=127.0.0.1, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
O UseMSP=True
# privacy flags
O PrivacyOptions=goaway,noetrn,restrictqrun
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/var/spool/clientmqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
O StatusFile=/var/spool/clientmqueue/sm-client.st
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
O TimeZoneSpec=
# default UID (can be username or userid:groupid)
#O DefaultUser=mailnull
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
O DontInitGroups=True
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
O RunAsUser=smmsp
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
O DontProbeInterfaces=True
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
O TrustedUser=smmsp
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
#O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
O PidFile=/var/spool/clientmqueue/sm-client.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# convert node::user addresses into a domain-based address
R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names
R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# put DECnet back in :: form
R$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
SLocal_localaddr
R$+ $: $>ParseRecipient $1
R$* < @ $+ > $* $#relay $@ ${MTAHost} $: $1 < @ $2 > $3
# DECnet
R$+ :: $+ $#relay $@ ${MTAHost} $: $1 :: $2
R$* $#relay $@ ${MTAHost} $: $1 < @ $j >
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.59 2004/11/23 00:37:25 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=[IPC], F=lmDFMuXkw5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/SMTP,
A=TCP $h
Mprog, P=[IPC], F=lmDFMuXk5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=TCP $h
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.65 2006/07/12 21:08:10 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuXk5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXak5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h 487
Msmtp8, P=[IPC], F=mDFMuX8k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h 487
### submit.mc ###
# divert(-1)
# #
# # Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers.
# # All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is the prototype file for a set-group-ID sm-msp sendmail that
# # acts as a initial mail submission program.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: submit.mc,v 8.14 2006/04/05 05:54:41 ca Exp $')
# define(`confCF_VERSION', `Submit')dnl
# define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
# define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
# define(`confTIME_ZONE', `USE_TZ')dnl
# define(`confDONT_INIT_GROUPS', `True')dnl
# dnl
# dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
# FEATURE(`msp', `[127.0.0.1]')dnlcd /etc/mail
Okay - That's it for the .cf files. All that's left is the authinfo.db file.
The 'authinfo.db' hash file
Here's where we make the authinfo.db file. Let's take a quick look at what's left of our "shopping list" so we
know what wil end up in this file:
- Send to the mail host: mail.mydomain.com
- Send the user name as: mailsender
- Use the password: PaSsWoRd"
Wile we're still in the /etc/mail directory, create a new file called authinfo and use the following
syntax:
AuthInfo:mydomain.com "U:mailsender" "P:PaSsWoRd" "M:PLAIN"
AuthInfo: "U:mailsender" "P:PaSsWoRd" "M:PLAIN"
In case its not apparent, the text after U: is the username, after P: is the password and after the M: is the
mechanism which is used to login, valid types are DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN. Since most (if not all) SMTP
servers support "plain text" logins, start there. Once you get it working, you can play around with different forms
of encryption.
Note that the second line is almost exactly the same as the first line except its missing mydomain.com and there
is a space after the colon. I’m not exactly sure why this line is needed, but that’s how it was presented to me and
since it works, I’m not about to change it. :-)
Once you have saved your changes to authinfo, we are going to set the correct file permissions on it so that only
root can view it. This is a necessary security step as this file contains your password. Run the following command:
chmod 660 authinfo
Now create the /etc/mail/authinfo.db file with the following command:
makemap hash /etc/mail/authinfo < /etc/mail/authinfo
As with creating the myconfig.cf file, if everything went okay, you should get no errors and end up with a
new /etc/mail/authinfo.db file. This file is called a 'hash'. We're now ready to test our newly configured version
of Sendmail.
Testing the sendmail 'client'
We want to similate what happens when Asterisk sends a message. We'll start simple and work our way up.
Basically, Asterisk creates a temporary file and hands it off to sendmail for sending. We'll do sort of the same
thing by creating a text file and giving it to sendmail.
Please remember you need to be logged in as root to do this. I do all this stuff in root's home directory
/root.
First of all, create a text file and call it something like mymessage - Make the contents of the file look
something like this (Note - For test #1, send the message to a valid user that resides on the same server as your
mail (relay) host you've been setting up all along):
date: 12/1/2011
to: user@mydomain.com (use a valid e-mail address)
subject: Test Message
from: yourname@myhomelinuxbox.com
This is a test message. I hope it makes the trip!!
Now call sendmail with your mymessage file as an input:
sendmail -t < mymessage
The "-t" switch tells Sendmail to read the header of the message from the file.
D{MTAHost}[127.0.0.1]
Just replace [127.0.0.1] with the name of your new relay host. For example,
D{MTAHost}mailhost
Save your changes, and you're done!
|