19.6 Building Your Own sendmail.cf File If you mess up your sendmail.cf file, there is a backup copy in /usr/newconfig/etc/mail that can get you back up and running, although it doesn't have some of the FEATURES in the original sendmail.cf . The sendmail configuration file is built using a series of m4 macros. We won't go into m4 macros here. The important thing is that we can add key FEATURES to sendmail based on the macros we include. The takes a bit of getting used to, but in the end we can build additional capabilities into sendmail.cf by tuning the configuration files that go to build the sendmail.cf file. First, we need a list of the macros that built our current sendmail.cf file:
root@hpeos003[mail] pwd /etc/mail root@hpeos003[mail] grep '@(#)' sendmail.cf ##### @(#) ##### @(#)cfhead.m4 8.23 (Berkeley) 10/6/1998 ##### ##### @(#)cf.m4 8.29 (Berkeley) 5/19/1998 ##### ##### @(#)generic-hpux10.mc 8.8 (Berkeley) 5/19/1998 ##### ##### @(#)hpux10.m4 8.14 (Berkeley) 10/6/1998 ##### ##### @(#)generic.m4 8.9 (Berkeley) 5/19/1998 ##### ##### @(#)redirect.m4 8.10 (Berkeley) 5/19/1998 ##### ##### @(#)use_cw_file.m4 8.6 (Berkeley) 5/19/1998 ##### ##### @(#)domaintable.m4 8.9 (Berkeley) 10/6/1998 ##### ##### @(#)mailertable.m4 8.10 (Berkeley) 10/6/1998 ##### ##### @(#)genericstable.m4 8.8 (Berkeley) 10/6/1998 ##### ##### @(#)virtusertable.m4 8.8 (Berkeley) 10/6/1998 ##### ##### @(#)always_add_domain.m4 8.6 (Berkeley) 5/19/1998 ##### ##### @(#)proto.m4 8.243 (Berkeley) 2/2/1999 ##### ##### @(#)local.m4 8.30 (Berkeley) 6/30/1998 ##### ##### @(#)smtp.m4 8.38 (Berkeley) 5/19/1998 ##### ##### @(#)uucp.m4 8.30 (Berkeley) 5/19/1998 ##### root@hpeos003[mail]
We then need a configuration file where we can list the m4 macros and FEATURES we want included. HP supplies such a directory under /usr/newconfig/etc/mail/cf/cf (it might be a link to a similar directory under /usr/ contrib /sendmail if you installed sendmail version 8.11):
root@hpeos003[cf] cd /usr/contrib/sendmail/usr/newconfig/etc/mail/cf/cf root@hpeos003[cf] ll total 480 -r-xr-xr-x 1 bin bin 30761 Jul 1 07:46 gen_cf -r--r--r-- 1 bin bin 100777 May 14 05:07 generic-hpux10.cf -r--r--r-- 1 bin bin 1550 Apr 5 2003 generic-hpux10.mc root@hpeos003[cf]
The generic-hpux10.mc file looks like a good place to start, but it's only that ”a starting point! There's a shell script in this directory (called gen_cf ), which can help. If you want to build a default sendmail.cf file, use the shell script gen_cf ; it makes it slightly easier to build a sendmail.cf file. When you first run it, you will get a screen similar to this:
root@hpeos003[cf] ./gen_cf The configuration file is: sendmail.cf.gen Press Return key to continue....
From there, we proceed to this menu:
You can generate sendmail.cf with the following options: Select the options with space " " as the separator. 1 : Relay ON [Includes 9 10 13 options] 13: Promiscuous_relay 2 : Relay OFF [Default sendmail.cf] 14: No_default_msa 3 : Relay_entire_domain 15: DNS Blackhole List 4 : Relay_based_on_MX 16: Relay_mail_from 5 : Relay_hosts_only 17: Delay_checks 6 : Access_db 18: Ldap Routing 7 : Relay_local_from 19: Mailertable 8 : Blacklist_recipients 20: Genericstable 9 : Accept_unresolvable_domains 21: Virtusertable 10: Accept_unqualified_senders 22: Domaintable 11: Realtime Blackhole List 23: Send_only 12: Loose_relay_check 24: Receive_only h: Help [ Number ] [all] x: Exit from selection Enter Option[s]: 2 6 Including access_db Building... sendmail.cf.gen file Completed... root@hpeos003[cf]
As you can see, I have chosen option 2 (default sendmail.cf file). I checked which m4 macros where used to build it:
root@hpeos003[cf] grep '@(#)' sendmail.cf.gen ##### @(#)cfhead.m4 8.76.4.13 (Berkeley) 2003/03/03 ##### ##### @(#)cf.m4 8.32 (Berkeley) 2001/07/16 ##### ##### @(#)hpux11.m4 8.1 (Berkeley) 2001/07/16 ##### ##### @(#)generic.m4 8.15 (Berkeley) 2001/07/16 ##### ##### @(#) redirect.m4 8.15 (Berkeley) 2001/07/16 ##### ##### @(#)use_cw_file.m4 8.9 (Berkeley) 2001/07/16 ##### ##### @(#) always_add_domain.m4 8.9 (Berkeley) 2001/07/16 ##### ##### @(#)proto.m4 8.446.2.5.2.29 (Berkeley) 2003/05/05 ##### ##### @(#)local.m4 8.50.16.2 (Berkeley) 2001/07/16 ##### ##### @(#)smtp.m4 8.56.2.1.2.3 (Berkeley) 2001/07/16 ##### ##### @(#)uucp.m4 8.38 (Berkeley) 2001/07/16 ##### root@hpeos003[cf]
The resulting file sendmail.cf.gen is actually the same as the generic-hpux10.mc file. Where I do find the gen_cf script useful is to find a description of the available FEATURES . The available FEATURES can be found in this directory:
root@hpeos003[cf] ll ../feature/ total 92 -r--r--r-- 1 bin bin 403 Apr 5 2003 accept_unqualified_senders.m4 -r--r--r-- 1 bin bin 406 Apr 5 2003 accept_unresolvable_domains.m4 -r--r--r-- 1 bin bin 592 Apr 5 2003 access_db.m4 -r--r--r-- 1 bin bin 534 Apr 5 2003 allmasquerade.m4 -r--r--r-- 1 bin bin 540 Apr 5 2003 always_add_domain.m4 -r--r--r-- 1 bin bin 1675 Apr 5 2003 bestmx_is_local.m4 -r--r--r-- 1 bin bin 670 Apr 5 2003 bitdomain.m4 -r--r--r-- 1 bin bin 499 Apr 5 2003 blacklist_recipients.m4 -r--r--r-- 1 bin bin 653 Apr 5 2003 delay_checks.m4 -r--r--r-- 1 bin bin 875 Apr 5 2003 dnsbl.m4 -r--r--r-- 1 bin bin 686 Apr 5 2003 domaintable.m4 -r--r--r-- 1 bin bin 388 Apr 5 2003 generics_entire_domain.m4 -r--r--r-- 1 bin bin 697 Apr 5 2003 genericstable.m4 -r--r--r-- 1 bin bin 1180 Apr 5 2003 ldap_routing.m4 -r--r--r-- 1 bin bin 541 Apr 5 2003 limited_masquerade.m4 -r--r--r-- 1 bin bin 714 Apr 5 2003 local_lmtp.m4 -r--r--r-- 1 bin bin 932 Apr 5 2003 local_procmail.m4 -r--r--r-- 1 bin bin 384 Apr 5 2003 loose_relay_check.m4 -r--r--r-- 1 bin bin 690 Apr 5 2003 mailertable.m4 -r--r--r-- 1 bin bin 553 Apr 5 2003 masquerade_entire_domain.m4 -r--r--r-- 1 bin bin 543 Apr 5 2003 masquerade_envelope.m4 -r--r--r-- 1 bin bin 376 Apr 5 2003 no_default_msa.m4 -r--r--r-- 1 bin bin 732 Apr 5 2003 nocanonify.m4 -r--r--r-- 1 bin bin 724 Apr 5 2003 nodns.m4 -r--r--r-- 1 bin bin 601 Apr 5 2003 notsticky.m4 -r--r--r-- 1 bin bin 838 Apr 5 2003 nouucp.m4 -r--r--r-- 1 bin bin 1182 Apr 5 2003 nullclient.m4 -r--r--r-- 1 bin bin 385 Apr 5 2003 promiscuous_relay.m4 -r--r--r-- 1 bin bin 505 Apr 5 2003 rbl.m4 -r--r--r-- 1 bin bin 347 Apr 5 2003 receive_only.m4 -r--r--r-- 1 bin bin 816 Apr 5 2003 redirect.m4 -r--r--r-- 1 bin bin 481 Apr 5 2003 relay_based_on_MX.m4 -r--r--r-- 1 bin bin 389 Apr 5 2003 relay_entire_domain.m4 -r--r--r-- 1 bin bin 384 Apr 5 2003 relay_hosts_only.m4 -r--r--r-- 1 bin bin 382 Apr 5 2003 relay_local_from.m4 -r--r--r-- 1 bin bin 544 Apr 5 2003 relay_mail_from.m4 -r--r--r-- 1 bin bin 826 Apr 5 2003 smrsh.m4 -r--r--r-- 1 bin bin 534 Apr 5 2003 stickyhost.m4 -r--r--r-- 1 bin bin 735 Apr 5 2003 use_ct_file.m4 -r--r--r-- 1 bin bin 743 Apr 5 2003 use_cw_file.m4 -r--r--r-- 1 bin bin 663 Apr 5 2003 uucpdomain.m4 -r--r--r-- 1 bin bin 388 Apr 5 2003 virtuser_entire_domain.m4 -r--r--r-- 1 bin bin 694 Apr 5 2003 virtusertable.m4 root@hpeos003[cf]
I would want to ensure that the FEATURES in my original /etc/mail/sendmail.cf where included in this sendmail.cf file. You can simply edit the generic-hpux10.mc and add the FEATURES you want included. Here I am including the features from my original sendmail.cf file (I am taking a copy of the generic-hpux10.mc first):
root@hpeos003[cf] cp generic-hpux10.mc custom.mc root@hpeos003[cf] vi custom.mc divert(-1) # # Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # # # # This is a generic configuration file for HP-UX 9.x. # It has support for local and SMTP mail only. If you want to # customize it, copy it to a name appropriate for your environment # and do the modifications there. # divert(0)dnl divert(-1) # Ported changes from sendmail-8.9.3 - Rajesh. Dec 20, 2000. # Fix for JAGaa30867. # Enabled local site hiding and masquerading in default sendmail.cf file. # Adding feature(always_add_domain) and define __MASQUERADE_ENVELOPE_ # Fix for JAGaa30300 - Added support for openmail and uucp mailer and defined # _X400_UCCP. # Fix for JAGaa31678. # Defined _CLASS_U so that it will add the rule to handle UUCP. # divert(0)dnl VERSIONID(`$Id: generic-hpux10.mc,v 8.11 1999/02/07 07:26:02 gshapiro Exp $') OSTYPE(hpux11)dnl DOMAIN(generic)dnl define(`_X400_UUCP_')dnl define(`_MASQUERADE_ENVELOPE_')dnl define(`confTRY_NULL_MX_LIST',`T')dnl define(`LUSER_RELAY',`name_of_luser_relay')dnl define(`DATABASE_MAP_TYPE',`dbm')dnl define(`_CLASS_U_')dnl TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5')dnl FEATURE(domaintable)dnl FEATURE(mailertable)dnl FEATURE(genericstable)dnl FEATURE(virtusertable)dnl FEATURE(access_db)dnl FEATURE(blacklist_recipients)dnl FEATURE(always_add_domain)dnl MAILER(local)dnl MAILER(smtp)dnl MAILER(openmail)dnl MAILER(uucp)dnl root@hpeos003[cf]
Now I can build my new sendmail.cf file:
root@hpeos003[cf] export CFDIR=/usr/contrib/sendmail/usr/newconfig/etc/mail/cf root@hpeos003[cf] m4 $CFDIR/m4/cf.m4 custom.mc > sendmail.cf.custom root@hpeos003[cf] grep '@(#)' sendmail.cf.custom ##### @(#)cfhead.m4 8.76.4.13 (Berkeley) 2003/03/03 ##### ##### @(#)cf.m4 8.32 (Berkeley) 2001/07/16 ##### ##### @(#)hpux11.m4 8.1 (Berkeley) 2001/07/16 ##### ##### @(#)generic.m4 8.15 (Berkeley) 2001/07/16 ##### ##### @(#) redirect.m4 8.15 (Berkeley) 2001/07/16 ##### ##### @(#)use_cw_file.m4 8.9 (Berkeley) 2001/07/16 ##### ##### @(#) domaintable.m4 8.17 (Berkeley) 2001/07/16 ##### ##### @(#) mailertable.m4 8.18 (Berkeley) 2001/07/16 ##### ##### @(#) genericstable.m4 8.16 (Berkeley) 2001/07/16 ##### ##### @(#) virtusertable.m4 8.16 (Berkeley) 2001/07/16 ##### ##### @(#) access_db.m4 8.15 (Berkeley) 2001/07/16 ##### ##### @(#) blacklist_recipients.m4 8.13 (Berkeley) 2001/07/16 ##### ##### @(#) always_add_domain.m4 8.9 (Berkeley) 2001/07/16 ##### ##### @(#)proto.m4 8.446.2.5.2.29 (Berkeley) 2003/05/05 ##### ##### @(#)local.m4 8.50.16.2 (Berkeley) 2001/07/16 ##### ##### @(#)smtp.m4 8.56.2.1.2.3 (Berkeley) 2001/07/16 ##### ##### @(#)uucp.m4 8.38 (Berkeley) 2001/07/16 ##### root@hpeos003[cf]
This looks better. You will probably notice that I have included the access.db and blacklist_recipients FEATURES . I won't go into these in great detail except to list the features as described by the gen_cf script: Access database: Access database is a user defined file to decide the domains from which your user wants to receive/reject mail messages. The entires in the access db file are either domain names, IP addresses, hosts names or e-mail addresses. Every line of the access db file has a key and a value pair. 1) The key can be an IP address, a domain name, a hostname or an e-mail address. 2) The value part of the database can be: Value Meaning ----- --------- OK Accept mail even if other rules in the running ruleset would reject it, for example, if the domain name is unresolvable. RELAY Accept mail addressed to the indicated domain or received from the indicated domain for relaying through your SMTP server. RELAY also serves as an implicit OK for the other checks. REJECT Reject the sender or recipient with a general purpose message. DISCARD Discard the message completely using the 0discard mailer. This only works for sender addresses (i.e., it indicates that you should discard anything received from the indicated domain). ### any text where ### is an RFC 821 compliant error code and any text is a message to return for the command. The default access db file is /etc/mail/access. This can be replaced by a file of user's choice in the sendmail.cf file after the generation of the sendmail.cf using this option. NOTE: Since /etc/mail/access is a database, after creating the text file, you must use makemap to create the database map. The command to make the database is as shown: makemap dbm /etc/mail/access < /etc/mail/access Refer to makemap(1M) manpage for details on makemap utility. Black list recipients : This feature enables sendmail to block incoming mail messages destined for certain recipient usernames, hostnames, or addresses. This feature also restricts you from sending mail messages to addresses with an error message or REJECT value in the Access Database file. For example, if you have the following entries in the Access Database file: badlocaluser 550 Mailbox disabled for this username host.mydomain.com 550 That host does not accept mail user@otherhost.mydomain.com 550 Mailbox disabled for this recipient This would prevent a recipient of badlocaluser@mydomain.com, any user at host.mydomain.com, and the single address user@otherhost.mydomain.com from receiving mail. spammer@aol.com REJECT cyberspammer.com REJECT Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. I am sure you will agree that both FEATURES look rather interesting, especially in dealing with spam email. I could take my sendmail.cf.custom file, copy it /etc/mail/sendmail.cf , and start using it. | 