Modifying the Default Sendmail Configuration File

The Sendmail configuration file that is supplied with HP-UX works correctly for most Sendmail configurations, so you probably do not need to modify the configuration file. However, certain modifications to the file are supported. This section describes examples of modifications that you may want to make. The configuration file also contains instructions for making the supported modifications.

This section discusses the following topics:




	CAUTION: HP supports the default configuration file and all the modifications described in it. If you make any changes other than the ones described in the default configuration file, HP cannot support your configuration.

The Sendmail Configuration File

The Sendmail configuration file, /etc/mail/sendmail.cf, performs the following functions:

Defines certain names and formats, such as the name of the sender for error messages (MAILER-DAEMON), the banner displayed by the SMTP server on startup, and the default header field formats.
Sets values of operational parameters, such as timeout values and logging level.
Specifies how mail will be routed. In other words, it specifies how recipient addresses are to be interpreted.
Defines the delivery agents (mailers) to be used for delivering the mail.
Specifies how Sendmail must rewrite addresses in the header, if necessary, so that the message address can be understood by the receiving host. The address rewriting process is controlled by sets of address rewriting rules called rulesets.

The default configuration file, sendmail.cf, is located in the /usr/newconfig/etc/mail/sendmail.cf directory, and is installed in the /etc/mail/sendmail.cf directory.

HP recommends that you leave a copy of the configuration file in the /usr/newconfig directory unmodified, in case you need to reinstall the default configuration settings.

To modify the configuration settings in the /etc/mail/sendmail.cf file, perform the following steps:

The gen_cf UNIX shell script is installed in the /usr/newconfig/etc/mail/cf/cf directory. You cannot copy this script to a different directory and execute it, because it uses the macros defined in the /usr/newconfig/etc/mail/cf directory to generate the sendmail.cf file.
This script provides many options that enable a specific ruleset. The *.m4 files defined in the /usr/newconfig/etc/mail/cf directory are the input files for this script. You can specify the output file, and later incorporate site-specific changes (if any) in the output file.
Run the script gen_cf from the HP-UX prompt. A list of options that enable a specific ruleset is displayed.
Choose the appropriate option. See “Sendmail Configuration Options” for a description of options.
An updated configuration file, sendmail.cf.gen, is generated in the directory /usr/newconfig/etc/mail/cf/cf.
Copy or move the sendmail.cf.gen file to /etc/mail directory as sendmail.cf. After copying the sendmail.cf.gen file to the /etc/mail directory, you can make certain site-specific modifications to the sendmail.cf file.
If you do not wish to generate the sendmail.cf file using the gen_cf script, you can directly make modifications to the /etc/mail/sendmail.cf file.

Restarting Sendmail

Issue the following commands, on a standalone system or on the mail server, to restart Sendmail:

/sbin/init.d/sendmail stop

/sbin/init.d/sendmail start

You must restart Sendmail if changes are made to any of the following:

The Sendmail configuration file, /etc/mail/sendmail.cf.
The UUCP configuration, as reflected in the output of the uuname command.

Sendmail Configuration Options

This section describes Sendmail configuration options.

Maximum message size (option MaxMessageSize)

This option restricts the maximum message (in bytes) that sendmail will accept from a remote system. If a message larger that this limit is originated form the local system, the message will be truncated to the limit.

To enable this feature uncomment the line:

O MaxMessageSize=100000

Forwarding Nondomain Mail to a Gateway

Mail that is being sent to a domain other than the sender’s domain can be forwarded to a mail gateway. To have nondomain mail forwarded to a mail gateway, edit the DS line in the /etc/mail/sendmail.cf file to specify the host name of the mail gateway:

DSmailgw.hp.com

Setting Mail Header Lengths

You can set a limit for the mail header. The maximum header length by default is 32768. To change the mail header length:

Open the sendmail.cf file.
Set the value of the option MaxHeadersLength=n, where n is the maximum number of lines allowed in the mail header.

If a mail header exceeds the maximum value, the following error message is displayed to the sender:

552 Headers too larger #MaxHeadersLength

Limiting Message Recipients

By default, the maximum number of recipients is 100. You can limit the number of users allowed to receive a single mail message. This helps to prevent the flow of spam on the mail server.

In the sendmail.cf file, set the value of MaxRecipientsPerMessage=n, where n is the maximum number of recipients allowed for a single mail message.

After a message has been sent to the maximum number of recipients allowed, Sendmail sends the error message 452 Too many recipients to the sender of the message.

This will work only when all the recipients of the mail message have their mailboxes on the same machine.

Timeout.*

You can set the total time spent in satisfying a socket control request using the Timeout.control option. The default setting for this option is:
#O Timeout.control=2m
You can set the resolver’s transmission time interval (in seconds) using the Timeout.resolver.retrans option. This option sets the Timeout.resolver.retrans.first, which sets the resolver’s transmission time interval (in seconds) for the first attempt to deliver a message. It also sets the Timeout.resolver.retrans.normal option. The default setting for this option is:
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
You can set the frequency of resolver query retransmission using the Timeout.resolver.retrans.normal option. This option sets the Timeout.resolver.retry.first option for the first attempt to deliver a message. It also sets the Timeout.resolver.retry.normal option for all resolver lookups except for the first delivery attempt. The default setting for this option is:
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4

DataFileBufferSize

Use this option to control the maximum size of a memory-buffered data (df) file before using a disk-based file. The default setting for this option is:

#O DataFileBufferSize=4096

XscriptFileBufferSize

Use this option to control the maximum size of a memory-buffered (xf) transcript before using a disk-based file. The default setting for this option is:

#O XscriptFileBufferSize=4096

MaxAliasRecursion

You can specify the maximum depth of an alias recursion in the sendmail.cf file using this option. The default setting for this option is:

#O MaxAliasRecursion=10

PidFile

You can define the location of the ProcessId (Pid) file using this option. The default setting for this option is:

#O PidFile=/etc/mail/sendmail.pid

/etc/mail/sendmail.pid is taken as the default file if this option is not set. If you choose a directory other than /etc/mail for the pid file, ensure that the directory has the same write permissions as those of /etc/mail.

ProcessTitlePrefix

You can specify the prefix string for the process title shown in the ps listings using this option. By default, this option is commented. For example, if you set this option in the sendmail.cf file as:

O ProcessTitlePrefix=HPUX_Sendmail-8.11.1

the command ps -ef | grep sendmail | grep -v grep displays sendmail: accepting connections in the output.

TrustedUser

You can use this option to specify a user who can own important files instead of root. This option necessitates fchown. The default setting for this option is:

#O TrustedUser=root

MaxMimeHeaderLength

You can set the size of the MIME headers and parameters within those headers using this option. You can also use this to protect Mail User Agents (MUA) from buffer overflow attacks. The default setting for this option is unlimited, as shown in the following example:

#O MaxMimeHeaderLength=0/0

DeadLetterDrop

Use this option to specify the location of the system-wide dead.letter file, which was formerly hardcoded to /var/tmp/dead.letter. The default setting for this option in this version is:

O DeadLetterDrop=/var/tmp/dead.letter

Sendmail does not save mail anywhere if this option is not set.

Options Configured Using the /usr/newconfig/etc/mail/cf/cf/gen_cf Script

Following are the options that you can configure in Sendmail using the /usr/newconfig/etc/mail/cf/cf/gen_cf script:




	NOTE: When you create a new `sendmail.cf` file using the `gen_cf` script, the new configuration file does not contain any change that you have added directly to the `sendmail.cf` file. You must reapply any such change to the newly created configuration file. Therefore, HP recommends that you take backup of the configuration file that contains your changes, in case you want to run the `gen_cf` script again to generate the configuration file again.

Relay On

This option is equivalent to selecting the following /usr/newconfig/etc/mail/cf/cf/gen_cf script options while generating the /usr/newconfig/etc/mail/cf/cf/sendmail.cf.gen file:

Accept unresolvable domains
Accept unqualified senders
Promiscuous relay

Relay OFF

This option generates a sendmail.cf file which is identical to the default sendmail.cf available in the /usr/newconfig/etc/mail/ directory.

If this option is used with mutually exclusive options, this option does not turn OFF the relay. The other options take precedence over the RELAY OFF option.

Relay Entire Domain

Setting this option, will allow any host in your domain as defined by the m class macro ($=m) to relay. By default, only hosts listed as RELAY in the access db file will be allowed to relay.

Relay based on MX

Setting this option, will turn ON the ability to allow relaying based on the MX records of the host portion of an incoming recipient; that is, if an MX record for host foo.com points to your site, you will accept and relay mail addressed to foo.com.

Relay hosts only

This option changes the behavior of the access database and class R macro to lookup individual host names only. By default, names that are listed as RELAY in the access database file and the class R ($=R) macro are domain names, and not host names.

Access db

The access database (db) is a user-defined file to decide the domains from which you want to receive or reject mail messages. The entries in the access db file are either domain names, IP addresses, hosts names, or e-mail addresses. Every line of the access db file has a key and a value pair.

The key can be an IP address, a domain name, a hostname, or an e-mail address. The value part of the database can contain the following values:

OK: Accepts mail even if other rules in the running ruleset reject it. For example, if the domain name is unresolvable.
RELAY: Accepts mail addressed to the indicated domain or received from the indicated domain for relaying through your SMTP server. RELAY also serves as an implicit OK for the other checks.
REJECT: Rejects the sender or recipient with a general purpose message.
DISCARD: Discards the message completely using the $#discard mailer. This value works only for sender addresses (that is, it indicates that you must discard anything received from the indicated domain).
### any text: ### specifies an RFC 821-compliant error code and any text specifies is a message to return for the command.

The default access db file is /etc/mail/access. You have to make a direct modification to /etc/mail/sendmail.cf if you want to use a non-standard access database filename.




	NOTE: Because `/etc/mail/access` is a database, after creating the text file, you must use the following `makemap` command to create the database map. `makemap dbm /etc/mail/access < /etc/mail/access` For more information on the `makemap` utility, type `man 1M makemap` at the HP-UX prompt.

Relay local from

This option allow Sendmail to relay mail messages when the sender of the mail message is a valid user on that machine. Consider a valid user abc on host 1. A user cbz on host 2 can connect to host 1 as user abc and send mail to another user xyz on host 3. This means that host 1 is now acting as a local relay agent.

You must enable this option only if absolutely necessary because it opens a window for spammers. Specifically, spammers can send mail to your mail server that claims to be from your domain (either directly or through a routed address), and you can then go ahead and relay it out to arbitrary hosts on the Internet.

Blacklist recipients

This feature enables Sendmail to block incoming mail messages destined to certain recipient user names, host names, or addresses. This feature also restricts you from sending mail messages to addresses with an error message or REJECT value in the access database file. For example, if you have the following entries in the access database file:

badlocaluser        550 Mailbox disabled for this username
host.mydomain.com   550 That host does not accept mail
user@otherhost.mydomain.com   550 Mailbox disabled for this recipient

These entries prevent a recipient of badlocaluser@mydomain.com, any user at host.mydomain.com, and the single address user@otherhost.mydomain.com from receiving mail.

spammer@aol.com          REJECT
cyberspammer.com           REJECT

The entries in the access db file indicate that Sendmail cannot send mail messages to spammer@aol.com or to the domain cyberspammer.com.

Accept unresolvable domains

Setting this option, allows Sendmail to accept all those MAIL FROM: parameters that are not fully qualified, that is, if the host portion of the argument to MAIL FROM: command cannot be located in the host name service (for example, DNS).

Accept unqualified senders

This option allows Sendmail to accept all those MAIL FROM: parameters where the mail address of the sender does not include a domain name. Normally, MAIL FROM: commands in the SMTP session are refused if the connection is a network and the sender address does not include a domain name.

Realtime Blackhole List

Setting this option, turns ON the rejection of hosts found in the Realtime Blackhole List. The default list is maintained on the server $def_rbl. This option has now been deprecated.

Loose relay check

This option turns off the default behavior of rechecking all those recipients using the % addressing. For example, if the recipient address is user%site@othersite, the default behavior without the loose_relay_check option is that Sendmail will check if any othersite is an allowed relay host specified in either class R macro or the access db file. If a site is an allowed relay host, the check_rcpt ruleset strips @othersite and checks user@site for relaying. Sendmail does not recheckif this option is set to ON. This option is not required for most installations.

Promiscuous Relay

This option allows your mail server to relay any received mails. You must be careful before enabling this option.

No Default MSA

You can use this option to generate the configuration file without the DaemonPortOptions option for the Message Submission Agent (MSA) daemon. If you use this option, the sendmail.cf configuration file will not contain the following line:

O DaemonPortOptions=Port=587, Name=MSA, M=E

DNS Blackhole List

The dnsbl option avoids the possible confusion between RealtimeBlackhole List and other DNS-based Blacklist servers, such as ORBS. It takes the name of the Blacklist server and also an optional rejection message as arguments.

You can include dnsbl multiple times in the sendmail.cf file, thereby allowing sites to subscribe to multiple Blacklist servers. The Blacklist server verifies the IP address of the incoming connection and rejects all the SMTP commands if the address is blacklisted. An error message is also displayed.

Relay mail from

You can use this option to facilitate relaying through a user machine. The sender name, which is listed as RELAY in the access map (tagged with From:), can be specified using this option. The domain portion of the mail sender is also checked when the optional argument domain is provided.

Delay checks

This option delays the anti-spam checks by Sendmail until it issues the SMTP RCPT command. Mail from certain addresses that might have been blocked by other anti-spam checks are received. In these cases, deferred checks are not done.

By using delay_checks, the rulesets check_mail and check_relay are not called when a client connects or issues a MAIL command, respectively. Instead, those rulesets are called by the check_rcpt ruleset; they are skipped if a sender has been authenticated using a trusted mechanism, for example, one that is defined via the list of AuthMechanisms. If check_mail returns an error, the RCPT TO command is rejected with that error. If it returns some other result starting with $#, then check_relay is skipped. If the sender address (or a part of it) is listed in the access map and it has a RHS of OK or RELAY, then check_relay is skipped.

Ldap Routing

You can use this option to implement the LDAP-based email recipient routing. This provides a method for rerouting addresses with a domain portion in class {LdapRoute} either to a different mail host or to a different address.

For more information, see “LDAP-Based Routing”.

Milertable

This option includes a "mailer table" which can be used to override routing for particular domains (which are not in local host names).

Genericstable

If the genericstable is enabled and GENERICS_DOMAIN or GENERICS_DOMAIN_FILE is used, this feature will cause addresses to be searched in the map if their domain parts are subdomains of elements in class {G}. For more information, see “Creating Domain-Specific Aliasing Using Virtual Hosting”.

Virtusertable

If the virtusertable is enabled and VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE is used, this feature will cause addresses to be searched in the map if their domain parts are subdomains of elements in class {VirtHost}. For more information, see “Creating Domain-Specific Aliasing Using Virtual Hosting”.

Domaintable

Include a "domain table" which can be used to provide domain name mapping. Use of this should really be limited to your own domains. It may be useful if you change names (for example, your company changes names from oldname.com to newname.com).

Send only

This option generates a sendmail.cf file without the check_compat ruleset. You can send mail messages, but you cannot receive them.

You must set the SENDMAIL_SENDONLY flag in /etc/rc.config.d/mailservs file to 1 in order to use the send_only feature.

Receive only

This option generates a sendmail.cf file with a new set of rules called check_compat. You can receive mail messages, but you cannot send them. The following are added in the /etc/rc.config.d/mailservs file:

SENDMAIL_RECVONLY
You must set this flag to 1 in order to use the receive_only feature.

SENDMAIL_SENDONLY

You must set this flag to 1 in order to use the send_only feature.




	NOTE: Sendmail depot installs the `mailservs` file in the directory `/usr/newconfig/etc/rc.config.d`. You must manually move this file to `/etc/rc.config.d/` in order to use this feature. The priorities for these flags are defined in the `/usr/newconfig/etc/rc.conig.d/mailservs` file.