Copyrighted Material

Index

Note to the reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations.

Symbols and Numbers access database, 156–161, 197 action field in, 159–161 ! (exclamation point) for UUCP bang address field in, 157–159 addressing, 188 address formats, 158 $: symbol in rewrite rules, 235–236 to block mail, 309–312 $@ symbol in rewrite rules, 235 creation, 311–312 $&x syntax, 184 linuxconf to create, 311, 312 $(database-spec$) syntax, 239 for relay controls, 304 $#discard mailer, 244 TLS actions in, 355 $#error mailer, 244, 313 access_db feature, 130, 132, 143, 157, $[hostname$] syntax, 238 376, 388 $>name syntax, 236–237 action field in access database, 159–161 to call rulesets, 221 AddDomain ruleset, 225 $#OK mailer, 244 address field in access database, 157–159 $v command syntax, 296 address test mode . (dot) character, 188–189, 228 commands, 281 =M command, 291 configuration file, 290–291 =S command, 291–292 debug setting during, 292–293 [ (bracket) character, 188–189 alias 7bit encoding, 19 defining personal mail, 153–154 8bit encoding, 19 for e-mail recipient, 46 8BITMIME, 21 in Sendmail, 47–48 aliases database, 138, 149–154 A input address processing through, 271 COPYRIGHTED MATERIALlocation for, 200 acceptable use policy, 300 preventing modification, 341 accept_unqualified_senders feature, for Red Hat, 150–151 376, 389 Sendmail instructions to rebuild, 126 accept_unresolvable_domains feature, 131, vs. user database, 155–156 306, 376, 389 aliases file, 47

436 AliasFile option in sendmail.cf – CANONIFY_DOMAIN command (m4)

AliasFile option in sendmail.cf, 418 B ALIAS_FILE variable, 127, 132, 150 background daemon, starting sendmail AliasWait option in sendmail.cf, 418 as, 398 allmasquerade feature, 252, 376, 388 backup mail exchange server, 34 AllowBogusHELO option in base64 encoding, 19 sendmail.cf, 418 bestmx_is_local feature, 377, 381, 390 always_add_domain feature, 129–130, 132, binary encoding, 19 377, 381, 390 BIND software, 74 anonymous FTP to download RPM bitdomain database, 380 software, 64–65 bitdomain feature, 143, 144, 171, 377 anti-spam rule, defining, 311 .BITNET pseudo-domain, 125–126 APOP command (POP), 23, 329 BITNET_RELAY variable, 125–126, APPEND command (IMAP4), 27 265, 386 application media type (MIME), 16 blacklist_recipients feature, 130–131, 132, arguments for m4 macros, quoted strings, 96 158–159, 377, 388 Argv (A) field, in mailer definition, 209, 211 BlankSub option in sendmail.cf, 418 arith database, defining, 197 BSD-style Linux system, running Sendmail ASCII, e-mail support, 19 on, 53 asymmetric cryptography, 343 buffers for sendmail.cf file data, 93 audio media type (MIME), 16 bug fixes, 326 AUTH DIGEST-MD5, 22 Build command, to compile sendmail, 72–73 AUTH extension to SMTP, 344 build script, in cf/cf directory, 87–88 AUTH protocol, 342 auth server (identd), 300 AUTHENTICATE command (IMAP4), 26 C authentication, 343–344, 344–350 in relaying, 349–350 C.. command, 188 authentication client, 347–349 C[[ command, 188 authid (authentication identity), 347 C (define class) command, 182, 186– AuthMechanisms option in sendmail.cf, 418 190, 215 AuthOptions option in sendmail.cf, 418 CACERTFile option in sendmail.cf, 418 AutoRebuildAliases option in CACERTPath option in sendmail.cf, 418 sendmail.cf, 418 Caldera, 54. See also System-V-style Linux canon command, 290 canonify ruleset, 44, 220, 222, 223, 228, 243, 280 CANONIFY_DOMAIN command (m4), 362, 390

CANONIFY_DOMAIN_FILE command (m4) – comments 437

CANONIFY_DOMAIN_FILE command class variable O, 188 (m4), 362, 390 class variable P, 187–188 CAPABILITY command (IMAP4), 26 class variables, 416–417 case sensitivity, 153, 173, 195 loading from file, 190–191 certificate, 350 in pattern matching, 229 self-signed, 352 class w, 127 Index certificate authority adding value to, 187 locating, 352 failed test, 147–148 and public key cryptography, 350 class w variable, loading from file, 115–116 cf directory structure, 82–91 classes cf/cf directory, 85–88 in Sendmail, 186 contents, 86 setting and viewing, 287–288 cf/cf directory, build script, 87–88 ClassFactor option in sendmail.cf, 418 cf/domain directory, 85 ClassTest ruleset, 230 cf/feature directory, 90 cleanup after RPM software, 69–71 cf/hack directory, 83–84 client cf/m4 directory, 90–91 authentication, 347–349 cf/mailer directory, 89 mail, 38 cf/ostype directory, 88–89 problems from blocking relaying, 302 cf/sh directory, 84 Properties box for configuring, 38–39, 39 cf/siteconfig directory, 84 Sendmail as, 49 .cf file extension, 86 client-only.mc macro configuration file, 262 cfhead.m4 file, 92 client_addr variable, placing test value cf.m4 file, 91 in, 308 changes, dealing with, 117 ClientCertFile option in sendmail.cf, 419 Charset (C) field, in mailer definition, 210 ClientKeyFile option in sendmail.cf, 419 CHECK command (IMAP4), 27 ClientPortOptions option in CheckAliases option in sendmail.cf, 418 sendmail.cf, 419 check_mail ruleset, 222, 223 CLOSE command (IMAP4), 27, 29 CheckpointInterval option in ColonOkInAddr option in sendmail.cf, 419 sendmail.cf, 418 command-line options to test Sendmail, check_recpt ruleset, 222, 223 269–280 check_relay ruleset, 222, 223 -bv option, 270–271 chkconfig, to enable Sendmail, 58 hoststat command, 273–276 class E, 118 mailq command, 276–280 class M, 252 verbose option, 271–273 class R, 146, 191, 302, 303 comments class t, users in, 202 in m4 macro language, 94

438 compatibility of Sendmail configuration – Cyrus mailers

in Red Hat aliases database, 151 confMAPDEF database, available from script lines, 53 options, 139 in sendmail.cf file, 182 confMAX_DAEMON_CHILDREN compatibility of Sendmail configuration, parameter, 335–336 75–76 confMAX_HEADERS_LENGTH compiling Sendmail variable, 132 with Build command, 72–73 confMAX_MESSAGE_SIZE, 337 checking options, 141 confSERVER_CERT parameter, 351 conditionals confSERVER_KEY parameter, 351 in D (define macro) command, 185–186 confTO_CONNECT variable, 126, 132 in m4 macro language, 110 confTRUSTED_USERS parameter, 202 in pattern matching, 231 confTRY_NULL_MX_LIST variable, 126– in procmail recipe, 317 127, 132 confAUTH_MECHANISMS parameter, 345 confUSERDB_SPEC variable, 127, 132, confAUTO_REBUILD variable, 126, 132 142, 154 confBINDIR parameter, 110 ConnectionCacheSize option in confCLIENT_CERT parameter, 351 sendmail.cf, 419 confCLIENT_KEY parameter, 351 ConnectionCacheTimeout option in confCONNECTION_RATE_THROTTLE, sendmail.cf, 419 336–337 ConnectionRateThrottle option in confCR_FILE variable, 142, 146 sendmail.cf, 419 confCW_FILE variable, 115 ConnectOnlyTo option in sendmail.cf, 419 confDEF_USER_ID variable, 125, 132, 338 Content-Transfer-Encoding header (MIME), confDONT_PROBE_INTERFACES vari- 19–20 able, 127, 132 Content:Type: header (MIME), 16–19 confEBINDIR variable, 128 ControlSocketName option in confFORWARD_PATH variable, 113–114 sendmail.cf, 420 confHOST_STATUS_DIRECTORY, COPY command (IMAP4), 27 273, 274 copyright notice in .m4 files, 109 config keyword for Sendmail error code, 244 cr file, 145 configuration file. See also sendmail.cf file cracked address, 284 build script to create multiple, 88 CREATE command (IMAP4), 26 forcing reload, 59 cryptography, 343–344 configuration variables for sendmail.cf ct file, 144 file, 96 Ctrl+Alt+Del, disabling, 323 confLDAP_DEFAULT_SPEC, 394 Cyrus mailers, 113–114, 392

D (define macro) command – deleting messages, with POP command 439

D virtusertable feature, 161–166. See also virtusertable feature D (define macro) command, 182–186, 215 database records in DNS, 33 conditional format, 185–186 DataFileBufferSize option in daemon mode for Sendmail, 51 sendmail.cf, 420 DAEMON variable for Sendmail script, 54 datagrams, 4 DAEMON_OPTIONS command (m4), 362, Index Date: header, 14 393–394 DeadLetterDrop option in sendmail.cf, 420 DaemonPortOptions option in Debian packages, 61 sendmail.cf, 420 debug levels, 293–297, 399–410 DATA command (SMTP), 5, 12 output of level 0.10, 294–295 data field in DNS database record, 33 output of level 35.9, 295 database files output of level 37.1, 296–297 access database, 156–161 DECNET_RELAY variable, 264, 386 adding support, 138–144 dedicated servers, 326 compiler options, 138–142 DefaultAuthInfo option in sendmail.cf, aliases database, 149–154. See also aliases 347, 420 database DefaultCharSet option in sendmail.cf, 420 bitdomain feature, 143, 144, 171, DefaultUser option in sendmail.cf, 338, 420 377, 380 defense in depth, 322 cr file, 145 define class (C) command, 182, 186– ct file, 144 190, 215 domaintable feature, 143, 171, 377, 380 define command (m4), 92, 362, 365 genericstable database, 169–171 to configure databases, 142–144 information retrieval using rewrite and FEATURE macros, 97 rules, 239 format for, 96 local-host-names file, 115, 116, 147–149 parameters, 367–376 mailertable, 128, 143, 166–169, 377, 380 in redhat.mc file, 125–127 defining, 197 to set directory path, 110 makemap command, 172–174. See also define header (H) command, 215 makemap command define macro (D) command, 182–186, 215 relay-domains file, 145–146, 191, conditional format, 185–186 302–303 define rule (R) command, 215, 226–242 role in Sendmail, 137 delay_checks feature, 377 user database, 154–156, 256 DELE command (POP), 23 uucpdomain feature, 143, 144, 171, DELETE command (IMAP4), 26 379, 380 deleting messages, with POP command, 25

440 deliverability of mail – DSN (Delivery Status Notifications)

deliverability of mail, processing address to dnl command (m4), 92, 94, 362, 365 determine, 270 in redhat.mc file, 124 delivery addresses, 45, 220 DNS (Domain Name Service), 33–36 delivery of messages, feedback about, 31 address records for blackhole entries, 307 Delivery Status Notifications (DSN), 21 server reliability, 306 delivery triple, 12, 43–44, 45 dnsbl feature, 307, 377, 389 variations, 243, 244–246 testing, 308 DeliveryMode, 296, 420 documentation, ownership and changes denial of service attack, 321 to, 67 dependencies, 66–67 DOMAIN command (m4), 85, 92, 95, 98, deprecated switches, for sendmail 362, 386–390 command, 398 editing, 132 dequote database, defining, 197 in generic-linux.mc file, 98, 108, 112–114 +detail syntax, 113–114, 165 .forward path definition, 113–114 in genericstable database, 170 DOMAIN file, 247, 248–249 devtools directory, 138 domaintable database, 380 DHParameters option in sendmail.cf, 420 domaintable feature, 143, 171, 377 DialDelay option in sendmail.cf, 421 DontBlameSendmail option in sendmail.cf, DIGEST-MD5 authentication, 346 340, 421–424 digital signature, 343 DontExpandCnames option in direct delivery of messages, 32, 32 endmail.cf, 424 systems incapable of handling, 34 DontInitGroups option in sendmail.cf, 424 directory DontProbeInterfaces option in macro to define, 366 sendmail.cf, 424 parameter to store path for executable DontPruneRoutes option in sendmail.cf, 424 binary files, 110 dot (.) character, 188–189, 228 RPM creation for Sendmail, 122 DoubleBounceAddress option in s Directory (D) field in mailer definition, 210 endmail.cf, 424 DISCARD keyword in access database, 159, downloading 160, 309–310 RPM software with anonymous FTP, $#discard mailer, 244 64–65 discarding text in macro configuration Sendmail source code, 71–72 file, 98 dpkg command to install Sendmail, 61–62 divert command (m4), 92, 93–94, 98, dsmtp mailer, 119 362, 365 definition, 206 DSN (Delivery Status Notifications), 21

e-mail addresses – FETCH command (IMAP4) 441

E sender name to generate, 183 ErrorHeader option in sendmail.cf, 424 e-mail addresses ErrorMode option in sendmail.cf, 424 basic types, 220 esmtp mailer, 119 formatting, 44–45 definition, 206 parsing and rewriting, 204–205 mailertable feature for, 167 rewriting, 234 Index /etc/mail directory, 75 rulesets to process, 221 /etc/mail/relay-domains file, 145 tokens in, 227 /etc/mail/trusted-users file, 144 e-mail messages. See also mail architecture /etc/mail/userdb.db database, 154–156, 256 insertion of header, 203–204 /etc/passwd file, 195 maximum size, 337 /etc/promailrd file, 315 message headers, 13–15 /etc/rc.d/init.d directory, 51, 54 with MIME header, 17–18 ETRN keyword, 21 privacy, 342 EXAMINE command (IMAP4), 26 RFC 822 to define format, 13 exclamation point (!) for UUCP bang editing sendmail.cf file, 211–212 addressing, 188 EHLO command (SMTP), 12, 20–21 Expand command (SMTP), 5, 8 EightBitMode option in sendmail.cf, 424 expandable classes, 188 elm mailer, filter tool, 315 EXPOSED_USER command (m4), 102, else symbol in pattern matching, 231 104–105, 118, 255, 362, 388 embedded spaces in e-mail address, 195 EXPUNGE command (IMAP4), 27 empty rulesets, 223 Extended SMTP, 20–22 encryption, 343–344 mailer to support, 119 End-of-line (E) field in mailer definition, 209, 210 ENHANCEDSTATUSCODES, 21 F EnvFromL ruleset, 225 F (load class) command, class variable from EnvFromSMTP ruleset, 224 file, 190–191 environment variables in procmailrc file, 315 FallbackMXhost option in sendmail.cf, 425 EnvToL ruleset, 225, 228–229 fax mailer, 391 EnvToSMTP ruleset, 224 FAX_RELAY variable, 264, 386 error mailer, 164 FEATURE command (m4), 92, 98, 362, $#error mailer, 244, 313 376–381 error messages for database configuration, 142–143 defining in access database, 160, 310 format for, 96 from mailertable, 167–168 FETCH command (IMAP4), 27, 29 returning to sender, 164, 244–246

442 field body in e-mail message – Hello command (SMTP)

field body in e-mail message, 13 commands, 108 field name in e-mail message, 13 contents, 97–98 file security, 340–341 DOMAIN command, 112–114 disabling, 199 FEATURE command, 114–115 files, loading class variable from, 190–191 MAILER commands, 118–122 final ruleset, 220, 222 OSTYPE command (m4), 109–112 firewall, 322 root account protection from masquerad- flags ing, 117–118 for address processing, 284–285 GENERICS_DOMAIN command (m4), for mailers, 431–433 170, 362 modifying, 104, 385 GENERICS_DOMAIN_FILE command procmail recipe, 316 (m4), 170, 256, 363 Flags (F) field in mailer definition, 208, 210 generics_entire domain feature, 256, 377 flow control in rewrite rules, 234–237 genericstable database, 169–171, 380 ForkEachJob option in sendmail.cf, 425 and masquerading, 256–258 Format of Headers section (sendmail.cf file), genericstable feature, 143, 377 203–204 glint tool, 68 formatting e-mail addresses, 44–45 gnorpm tool (GNOME), 69, 69 .forward file, 48, 153 Gnu Privacy Guard (GnuPG), 342 location for, 200 GnuPG (Gnu Privacy Guard), 342 path to locate, 113–114 grep command, 124 security for, 340–341 group ID for Sendmail, 125 forwarding mail, 47 alias for, 150, 152–153 vs. relaying, 48 H ForwardPath option in sendmail.cf, 425 H (define header) command, 203, 215 From command (SMTP), 5 H variable, 262 From: header, 14 HACK command (m4), 102, 103, 363, 366 FTP, anonymous, to download RPM soft- hacks, for temporary Sendmail configuration ware, 64–65 problems, 83–84 hardware, security for, 322–323 HdrFromL ruleset, 225 G HdrFromSMTP ruleset, 225 gawk, 319 HdrToL ruleset, 225 gcc compiler, problems from, 74 headers GDBM, incompatibility with Sendmail, 74 formatting, 46 generic-linux.cf file, 108 maximum number of bytes for all, 114 generic-linux.mc file, 86–87, 108–122 Hello command (SMTP), 5 hub, 38 HostStatusDirectory optionin hoststat command, HostsFile optioninsendmail.cf,425 hosts.deny file,331 hosts.allow file,331 hostnames HoldExpensive optioninsendmail.cf,425 HelpFile optioninsendmail.cf,425 Help command(SMTP),5,8 infinite loops inetd configuration,removingdaemons indefinite tokens, incoming spam,blocking, include command(m4),102,103–104 inbound mail IMAP (InternetMailAccessProtocol), image mediatype(MIME),16 IgnoreDots optioninsendmail.cf,425 ifdef command(m4),110–111 identification daemon, identd (authserver),300 I reasons fornotadvertising,249 list tobemasqueraded,252 hiding. blocking mailfromfake,306 adding toclassw,148 accepting mailforother,115–116 in rewriterules,235,236 in mailrouting,262 header processing, forwarding, 46 through stunnel,329 sendmail.cf, 425 from, 327 See masquerading 232–233 273–276 314 300–301 305–314 , 240,243 25–29 epcmad(MP keyedfile(K)command – Help command(SMTP) keyed file(K)command,182, keyboard, securityfor,323 KDE desktopenvironment,kpackage K (keyedfile)command,182, K junk mail. J IPC (Inter-ProcessCommunication),43 IP address,4 Internet Protocolsuite,3, Internet MailAccessProtocol(IMAP), Inter-Process Communication(IPC),43 installing Sendmail, INPUT_MAIL_FILTER command(m4), type argument,192–193 switches, 193–196 type argument,192–193 switches, 193–196 in e-mailaddress,239 in accessdatabaseaddressfield,158 through stunnel,329 X toolsfor, with RPM, locating RPMsoftware, known problems, installing binaries, with dpkg, configuration compatibility, cleanup afterRPM, tool, 68 363, 389 on vendorwebsite, using rpmfind.net, anonymous FTPtodownload, See spam 61–62 66–68 68–69 61–71 74 73–74 69–71 63–64 62 4 62–65 191–197 191–197 75–76 64–65 25–29 , 215 443

Index 444 kill command – LUSER_RELAY macro

kill command, 60–61 local mailer, 207 kpackage tool, 68 localaddr ruleset, 220, 222 Local_check_mail ruleset, 224, 313 Local_check_rcpt ruleset, 224, 313, 349 L Local_check_relay ruleset, 223, 313 LAST command (POP), 23 LOCAL_CONFIG command (m4), 102, LDAP map routing, 394 104, 257, 363, 392 LDAP map specification, 199 LOCAL_DOMAIN command (m4), 148, LDAPDefaultSpec option in sendmail.cf, 424 363, 390 LDAPROUTE_DOMAIN command (m4), local_lmtp feature, 377 363, 394 Local_localaddr ruleset, 223 LDAPROUTE_DOMAIN_FILE command LOCAL_NET_CONFIG command (m4), (m4), 363, 394 261, 363, 393 ldap_routing feature, 377, 394 local_procmail feature, 111–112, 132, limited_masquerade feature, 252, 377, 388 377, 381 Linelimit (L) field, in mailer definition, LOCAL_RELAY define command, 183, 386 209, 211 LOCAL_RULE_n command (m4), 102, 104, Linux, default configuration for 363, 392 Sendmail, 40 LOCAL_RULESETS command (m4), 102, linuxconf 104, 259, 363, 392 to create access database, 311, 312 Local_trust_auth ruleset, 224, 349 to enable Sendmail, 57, 57–58 LOCAL_USER command (m4), 263, linux.m4 OSTYPE file, 109 363, 387 LIST command (IMAP4), 26 locked room, for server, 323 LIST command (POP), 23, 25 login access, limiting, 328–335 literals in pattern matching, 228 LOGIN command (IMAP4), 26, 28 load class (F) command, 190–191, 215 LogLevel option in sendmail.cf, 425 loading class variable from file, 190–191 LOGOUT command (IMAP4), 26 local host alias, 47 logs, host status, 275 local-host-names file, 115, 116, 147–149 LookUpAddress ruleset, 222 Local Info section (sendmail.cf file), 180–199 LookUpDomain ruleset, 222 class variable loading from file, 190–191 loops define class (C) command, 186–190 in mail routing, 262 define macro (D) command, 182–186 in rewrite rules, 235, 236 keyed file (K) command, 191–197 loose_relay_check feature, 377 version level (V) command, 197–199 LSUB command (IMAP4), 27 local mail, relay host to handle, 183 LUSER_RELAY macro, 264, 386 macro variables,expanding,184 m4 macrolanguage,82, .m4 fileextension,84,94 M variable,183 M (mailer)command, =M command,291 M reasons touse,216 output control, definitions, 90 configuration file,94. commands, command orderinconfigurationfile, command line,99–100 samples, 210–211 testing, 100 sample, putting inplace,101 installing, 100–102 quick reference, OSTYPE command,88–89,92,94,96, MAILER command, local code, LDAP maprouting, FEATURE command,92,96,98,142– building simple, DOMAIN command, define command, DAEMON_OPTIONS command,362, extension 97–98 98, 118–122 143, 362, also define command(m4) 393–394 109–112 DOMAINcommand(m4) 97–99 361–394 392–393 92–94 , 363, 376–381 361–366 99–102 , 262,364, 205–211 367–376 91–105 390–392 See also 394 89 386–390 , 92,95,98, , 215 . .mcfile see also 382–386 . see Mcmad–MAILER(smtp)command(m4) – =M command

MAILER (smtp)command(m4),95,119 mailer rulesets, MAILER (procmail)command(m4), mailer (M)command, MAILER (local)command(m4),95,119 MAILER-DAEMON alias,152 MAILER command(m4), maildrop keywordinuserdatabase,155 mailbox synchronization,25 mailbox server,38 mailbox protocols, mailbox foruser,14 mail11 mailer,392 mail server,37 mail-routing loops,35 mail relay mail hub,38 MAIL From:command(SMTP),12 Mail Exchange(MX)record,33–34 mail deliverytriple. Mail Definitionssection(sendmail.cffile), mail architecture Mail AbusePreventionSystem(MAPS), in generic-linux.mcfile,98, relaying by,302 parameter todefine,386–390 configuration topreventspam, processing, samples, components, basics, 131, 168 363, 205–211 306–309 formal definitions, common terminology,38–39 390–392 31–33 39–41 35–36 224–226 36–41 , 40 22–29 See , 205–211 deliverytriple 41 36–39 89 , 92,95,98, 118–122 , 215 301–305 445

Index 446 MAILER_DEFINITIONS command (m4) – message media type (MIME)

MAILER_DEFINITIONS command (m4), MASQUERADE_AS command (m4), 102, 259, 364, 393 104, 249–250, 364, 387 mailers, 42–43 MASQUERADE_DOMAIN command configuration, 120–122 (m4), 253, 364, 387 filtering spam at, 314–319 MASQUERADE_DOMAIN_FILE com- flags, 431–433 mand (m4), 364, 387 macro to define, 259 masquerade_entire_domain feature, 253, printing definitions, 291 255, 378, 388 mailertable database, 380 masquerade_envelope feature, 378, 388 defining, 197 MASQUERADE_EXCEPTION command mailertable feature, 128, 143, 166–169, 377 (m4), 255, 364, 387 Mailertable ruleset, 222, 223 masquerading, 33, 104–105, 212, 249–258 MAIL_FILTER command (m4), 363, 389 enabling, 249–251 MAIL_HUB command, 183, 263 options, 251–256 MAIL_HUB server, 262 protecting root account from, 117–118 MAIL_HUB variable, 386 reasons to use, 249 mailing lists usernames, 256–258 alias to define, 150, 152 MatchGECOS option in sendmail.cf, 425 defining, 47 MaxAliasRecursion option in expanding, 8 sendmail.cf, 425 mailname in user database, 156 MaxDaemonChildren option in mailq command, 276–280 sendmail.cf, 425 Makefile, 88 MaxHeadersLength option in database compiler options, 138 sendmail.cf, 425 makemap command, 155, 172–174 MaxHopCount option in sendmail.cf, 425 to build virtusertable database, 166 MaxMessageSize option in sendmail.cf, 425 command line options, 173 MaxMimeHeaderLength option in send- to create access database, 161 mail.cf, 425 man pages, ownership and changes to, 67 MaxQueueRunSize option in MAP_REGEX database option, 140 sendmail.cf, 426 MAPS (Mail Abuse Prevention System), MaxRecipientsPerMessage option in send- 306–309 mail.cf, 426 MasqEnv ruleset, 222 Maxsize (M) field in mailer definition, 209 MasqHdr ruleset, 222 .mc file extension, 86, 92, 94, 145 MasqRelay ruleset, 225 message headers, 13–15 MasqSMTP ruleset, 224 Message-Id: header, 14 masquerade-envelope feature, 252 message media type (MIME), 16 message submissionagent(MSA),36,37 Message Precedencesection(sendmail.cf /mx command,289–290 MustQuoteChars optioninsendmail.cf,426 multipart mediatype(MIME),16 MUA (messageuseragent),36 MTA (messagetransferagent),36,37 MSA (messagesubmissionagent),36,37 MODIFY_MAILER_FLAGS command MinQueueAge optioninsendmail.cf,426 MinFreeBlocks optioninsendmail.cf,426 MIME (MultipurposeInternetMailExten- mget command(FTP),65 MeToo optioninsendmail.cf,426 messages. message useragent(MUA),36 message transferagent(MTA),36,37 Sendmail as, parameters forSendmaildaemonas, parameters forSendmaildaemonas, parameters forSendmaildaemonas, Content:Type: header, Content-Transfer-Encoding header, mail tosend,51 Sendmail as, parameters forSendmaildaemonas, file), (m4), 103,104,364,385 sions), 393–394 393–394 393–394 19–20 393–394 201–202 See 15–20 e-mailmessages 46–48 42–46 esg rcdnescin(edalc ie nullclientfeature – Message Precedencesection(sendmail.cffile) 16–19 nullclient feature,38,378 null charactertoenddatabasekeys,195 ntsysv, nouucp feature,378,379 nouser keywordforSendmailerrorcode,244 "not equal"condition,189 NoRecipientAction optionin NOOP command(POP),23 NOOP command(IMAP4),26 nohost keywordforSendmailerror nodns feature,378 no_default_msa feature,378 nocanonify feature,378 No Opcommand(SMTP),5 NIS databaseoption,140 nicknames forusers,47,150 Nice (N)fieldinmailerdefinition,210 NEWDB databaseoption,140 newaliases command,151–152 network protocols,3 network connection,waittimefor,126 name formailer,207 name fieldinDNSdatabaserecord,33 n variable,183 N MX (MailExchange)record,33–34 configuration, 261 relay basedon,305 processing, sendmail.cf, 426 code, 244 testing, 271 56 , 57 35–36 447

Index 448 O (set option) command – protocols

O PID (process ID), 51 determining, 60–61 O (set option) command, 215 PidFile option in sendmail.cf, 426 OK keyword in access database, 159, 160 plain.cf configuration file, 250 OldStyleHeaders option in sendmail.cf, 426 pop mailer, 392 ONEX, 22 POP (Post Office Protocol), 22–25 operating systems, configuration files for, 89 through stunnel, 329 OperatorChars option in sendmail.cf, 426 popauth program, 329 Options section (sendmail.cf file), 199–201 port for Sendmail daemon, 393 OSTYPE command (m4), 88–89, 92, 94, 96, Post Office Protocol (POP), 22–25 262, 364, 382–386 commands, 23 in generic-linux.mc file, 98, 109–112 through stunnel, 329 outbound addresses postmaster alias, 152 converting, 156 PostmasterCopy option in sendmail.cf, 426 server for, 262 presistent status report, 275 outbound mail, blocking with blacklist_ Pretty Good Privacy (PGP), 342 recipients feature, 310 priority, assigning to messages, 201–202 output stream, divert command to direct, 93 PrivacyOptions option in sendmail.cf, owner-staff alias, 152 426–427 private key, 350 P process ID (PID), 51 determining, 60–61 P class variable, 187–188 ProcessTitlePrefix option in sendmail.cf, 427 P command, 201 procmail mailer, 207, 392 P (set precedence) command, 215 access to, 168–169 package management systems, 61 filter, 315–319 dependencies, 66–67 PROCMAIL_MAILER_PATH variable, /parse command, 283–284 110, 132 parse ruleset, 44, 220, 222, 223 .procmailrc file, 315 ParseRecipient ruleset, 222, 223 reading, 317–319 PASS command (POP), 23 prog mailer, 207 passwd man pages, 67 promiscuous_relay feature, 305, 378, 389 patches to software, security holes in, 325 protocol keyword for Sendmail error Path (P) field in mailer definition, 208, 210 code, 244 pattern matching in rewrite rules, 226–231 protocols, 3 PGP (Pretty Good Privacy), 342 IMAP (Internet Mail Access Protocol), phquery mailer, 392 25–29 physical security, 322–323 mailbox, 22–29 RCPT To:command(SMTP),12 RBL (RealtimeBlackholeList), rbl feature,378 RandFile optioninsendmail.cf,427 R (definerule)command,215, R quoted-printable encoding,19 Quit command(SMTP),5,12 QUIT command(POP),23 QueueSortOrder optioninsendmail.cf,427 QueueLA optioninsendmail.cf,427 QueueFactor optioninsendmail.cf,427 QueueDirectory optioninsendmail.cf,427 QUEUE variableforSendmailscript,54 queue Qpopper (Qualcomm),329 qpage mailer,392 Q purgestat command,276 public keycryptography,343 PseudoToReal ruleset,224 pseudo-domain, 114 ps command,51,60 proto.m4 file,91 switch toforceSendmailprocess, manually running, displaying contents,276 certificate authorityand,350 class variabletoholdlist,188 store-and-forward, 32, SMTP (SimpleMailTransportProtocol), 398–399 4–13 278–280 32 226–242 306–309 rt.4fl REJECTkeywordinaccessdatabase – proto.m4 file REJECT keywordinaccessdatabase,159, regular expressions,140 registered datatypesforMIME,17 RefuseLA optioninsendmail.cf,427 .REDIRECT pseudo-domain, redirect feature,378,381 redhat.mc file,123–124 Red Hat. recursion inrewriterules, RecipientFactor optioninsendmail.cf,427 recipient ruleset,220,223 Recipient (R)fieldinmailerdefinition,208– Recipient command(SMTP),5 recipient address,45,220 recipes inprocmailrcfile,315–316 Received: header,14 rebooting, preventing,323 Realtime BlackholeList(RBL), realm, 348 real-time modeforSendmail,51 README fileincfdirectory,82 in generic-linux.mcfile, rulesets insendmail.cffilefrom,221 FEATURE commands, editing, 132 define commands, active commands,124–125 Web site,62, sendmail security report,325, Package Manager,toolsforrunning, aliases databasefor,150–151 160, 310 209, 210 start-up script,58–59 configuration modification, configuration, 68–69 See also 63 System-V-styleLinux 122–131 125–127 325 128–131 234–237 114–115 114–115 306–309 131–135 449

Index 450 relay client, configuring – RFC (Request for Comments)

relay client, configuring, 261–265 recursion and flow control, 234–237 relay-domains file, 145–146, 191, 302–303 rulesets, 219–226 relay host, storing name, 183 ruleset 0, 242–246 RELAY keyword, 304 template field, 231–242 in access database, 159, 160 external information, 238–242 relay mailer, 119 indefinite tokens, 232–233 definition, 206 writing local, 257–261 relay server, 38 Rewriting Rules section (sendmail.cf file), clearing names from variables, 125–126 204–205 for non-SMTP mail, 264 RFC (Request for Comments) RelayAuth ruleset, 354 821, 4, 5–6 relay_based_on_MX feature, 305, 378, 389 821 extended SMTP services, 21 RELAY_DOMAIN command (m4), 146, 822 to define message header format, 15 364, 387 974 mail routing and the Domain RELAY_DOMAIN_FILE command (m4), system, 35 146, 364, 387 1869 SMTP Service Extensions, 20 relay_entire_domain feature, 304, 378, 389 1870 SMTP Service Extension for message relay_hosts_only feature, 378, 389 size declaration, 21 relaying 1891 delivery status notifications, 21 forwarding vs., 48 1893 Enhanced Mail System Status role of authentication in, 349–350 Codes, 21 relay_local_from feature, 304–305, 378, 389 1939 Post Office Protocol Version 3, 23 relay_mail_from feature, 378 1985 for remote message queue remote login services, eliminating, 328 starting, 21 RENAME command (IMAP4), 26 2045 MIME (Multipurpose Internet Mail report MIME subtype, 18 Extensions), 15, 19 Reset command (SMTP), 5 2046 MIME media types, 16 ResolverOptions option in sendmail.cf, 428 2048 MIME registration procedures, response codes for SMTP, 9–10 16–17 RETR command (POP), 23, 25 2060 (Internet Message Access Protocol RetryFactor option in sendmail.cf, 428 Version 4rev1), 26 Return-Path header, 14 2222 Simple Authentication and Security rewrite rules, 44 Layer, 342 to block spam, 312–314 2246 TLS Protocol version 1.0, 342 definition, 226–242 2487 SMTP Service extension for Secure displaying, 291–292 SMTP over TLS, 342 grouping into rulesets, 219–220 2554 SMTP Service Extension for Authen- pattern matching, 226–231 tication, 22, 342, 350 running Sendmail, running process,killcommandtosendsig- RunAsUser optioninsendmail.cf,339– rulesets, RSET command(POP),23 RrtImpliesDsn optioninsendmail.cf,428 rpmfind.net, tolocateSendmailsoftware, RPM software root account in testmode, at start-up, mailer, to formate-mailaddresses,44–45,282 empty, 223 calling fromrule,236–237 addresses processedby, sendmail-cf files,83 locating, to installSendmail, directory creationforSendmail,122 cleanup after, anonymous FTPtodownload, protection frommasquerading, alias for,152 nal, 60–61 340, 428 62–63 /tryflags command, /try command, /parse command, internal values, -bt option, on SystemV-styleLinuxsystem, controlling withsignals, on BSD-styleLinuxsystem, on vendorwebsite, using rpmfind.net, 219–226 224–226 , 64 62–65 51–61 280–293 280–283 69–71 51–77 285–287 287–293 66–68 283–284 62–63 284–285 62 221 59–61 , 64 53 64–65 117–118 54–59 otacut–Sendcommand(SMTP) – root account security, secure shell(ssh2),328 secret key,343 SEARCH command(IMAP4),27 scripts tostartSendmailatbootup,51 script kiddies,324 scanf pattern(%s),190–191 SaveFrom Lineoptioninsendmail.cf,428 SASL (SimpleAuthenticationandSecurity SANS InstituteWebsite,SecurityAlertCon- saml command(SMTP),6 SafeFileEnvironment optioninsendmail.cf, S variable,262 S (setruleset)command,215,219–220,229 =S command,291–292 S Send command(SMTP),5 self-signed certificates,352 SELECT command(IMAP4),26,28 Sendmail protocols, input passingtestof,244 disabling file,199 disabling checks,421–424 basics, threats, 321 for Sendmailserver, Layer), 342 sensus, 324 428 transport layersecurity, encryption andcryptography, authentication, for software, limiting loginaccess, for hardware, against unauthorizedaccess, 321–357 321–335 324–328 322–323 344–350 342–356 335–342 328–335 350–356 337–342 343–344 451

Index 452 sender address – shared secret

sender address, 45, 220 define macro (D) command, 182–186 genericstable database to rewrite, 169 inserting text, 258–259 sender ruleset, 220, 223 keyed file (K) command, 191–197 rules added to, 259–260 version level (V) command, 197–199 Sender (S) field in mailer definition, 208– m4 source files to build, 82 209, 210 Mail Definitions section, 205–211 Sendmail. See also installing Sendmail; run- adding definition, 259 ning Sendmail mailer flags, 431–433 alias in, 47–48 Message Precedence section, 201–202 checking compile options, 141 options, 418–431 determination if running, 51 Options section, 199–201 downloading and compiling, 71–76 Rewriting Rules section, 204–205 mailers, 42–43 adding to, 259 requesting outside information from, 289 rulesets defined in, 221 restarting and testing, 68 sections, 179–180 roles, 41–49 testing, 212–214 client, 49 Trusted Users section, 202 message submission agent, 42–46 variables, 296, 411–416 message transfer agent, 37, 46–48 sendmail.cw file, 117 sendmail command, 395–410 SendMIMEErrors option in sendmail.cf, 428 command-line switches, 396–399 server, 38 debug levels, 399–410 auth server (identd), 300 verbose option, 11–13 dedicated, 326 SendMail Restricted Shell (smrsh), 128 locked room for, 323 Sendmail server, obtaining certificates and relay, 38 keys for, 352 clearing names from variables, sendmail.cf file, 75, 76, 81, 179–217 125–126 changes to, 214 for non-SMTP mail, 264 command summary, 215–216 securing for Sendmail, 335–342 editing, 211–212 ServerCertFile option in sendmail.cf, 428 Format of Headers section, 203–204 ServerKeyFile option in sendmail.cf, 428 HostStatusDirectory option, 274 ServiceSwitchFile option in sendmail.cf, 428 inserting text, 257–261 set option (O) command, 215 local code, 392–393 set precedence (P) command, 215 Local Info section, 180–199 set ruleset (S) command, 215, 219–220, 229 class variable loading from file, SevenBitInput option in sendmail.cf, 429 190–191 .sh file extension, 84 define class (C) command, 186–190 shared secret, 348 software SngleLineFromHeader optionin SmtpGreetingMessage optionin smtp8 mailer,119 SMTP (SimpleMailTransportProtocol), smtp mailer,119 smrsh feature,128,132, SMART_HOST variable,183,262,263,386 Slackware, scripttostartSendmail,53 SIZE extension,21 SITECONFIG command(m4),84,103, SITE command(m4),103,364 SingleThreadDelivery optionin Simple MailTransportProtocol(SMTP), Simple AuthenticationandSecurityLayer SIGUSR1 signal,60 signals tocontrolSendmail, SIGINT signal,60 SIGHUP signal,59,60 security for, removing unneeded, disabling unneeded, closing securityholes, definition, 206 in verbosemode, through telnet, response codes, extended, commands, 5 AUTH extension,344 definition, 206 sendmail.cf, 429 sendmail.cf, 429 4–13 364, 366 sendmail.cf, 429 4–13 (SASL), 342 20–22 324–328 6–9 9–10 11–13 327–328 326–327 341–342 325–326 59–61 , 378 IHPsga symmetriccryptography – SIGHUP signal spam, 48 spaces, embeddedine-mailaddress,195 soml command(SMTP),5 symmetric cryptography,343 symbols inrewriterulespatternmatching, SuperSafe optioninsendmail.cf,429 SUBSCRIBE command(IMAP4),26 Subject: header,15 stunnel, 328–329 STORE command(IMAP4),27,29 store-and-forward protocols, stickyhost feature,379 STATUS_FILE variable,127,132 StatusFile optioninsendmail.cf,429 STATUS command(IMAP4),27 STAT command(POP),23 STARTTLS protocol,342 start-up scripts staff-request alias,152 SSL (SecureSocketLayer),350 ssh2 (secureshell),328 avoiding beingsource, variables, 353 removing daemonsfrom,327 manually starting, editing, 53 use ofrelaying,145 sendmail toblock, filter atmailer, 226–227 using rewriterules, using realtimeblackholelist, using accessdatabase, with procmail, mail relayingconfiguration, identification daemon, acceptable usepolicy, 314–319 315–319 58–59 305–314 312–314 299–305 300 309–312 300–301 32 , 32 301–305 306–309 453

Index 454 syntax – trust_auth ruleset

syntax testing Sendmail $&x, 184 command-line options, 269–280 $(database-spec$), 239 -bv option, 270–271 $[hostname$], 238 hoststat command, 273–276 $>name, 236–237 mailq command, 276–280 to call rulesets, 221 verbose option, 271–273 $v command, 296 debug levels, 293–297 +detail, 113–114, 165 running in test mode, 116, 280–293 in genericstable database, 170 address test mode commands, 281 System V-style Linux, running Sendmail on, internal values, 287–293 54–59 /parse command, 283–284 /try command, 285–287 /tryflags command, 284–285 T text media type (MIME), 16 T (trusted users) command, 202, 215 theft of service, 335. See also spam tag for IMAP commands, 28 Timeout options in sendmail.cf, 429–431 tag keyword, 310 TimeZoneSpec option in sendmail.cf, 431 tail command, 99 tksysv to enable Sendmail, 55, 55–56 tar files, 61 TLS (Transport Layer Security), 342, directory creation for Sendmail, 82 350–356 TCP (Transmission Control Protocol), 4 limits, 356 port for message submission agent, 37 sendmail's uses for, 352–356 port for Sendmail listener, 37 tls_client ruleset, 222, 223, 355 ports for IMAP, 26 tls_server ruleset, 222, 223, 354 ports for POP, 22 To: header, 15 tcpd wrapper daemon, 330–332 tokens telnet in e-mail address, 227 to IMAP port, 27–28 indefinite, 232–233, 240, 243 POP use with, 24 from rewrite rules, 205 SMTP through, 6–9 TokenTest ruleset, 233 tempfail keyword, for Sendmail error TOP command (POP), 23 code, 245 Transmission Control Protocol (TCP). See TempFileMode option in sendmail.cf, 429 TCP (Transmission Control Protocol) template field in rewrite rules, 231–242 Transport Layer Security (TLS), 342, indefinite tokens, 232–233 350–356 testing limits, 356 e-mail, free accounts for, 272 sendmail's uses for, 352–356 sendmail.cf file, 212–214 trust_auth ruleset, 222 type field turn command(SMTP),6 TryNullMXList optioninsendmail.cf,431 /tryflags command,212–213, /try command, TrustedUser optioninsendmail.cf,339,431 trusted users(T)command,202,215 Trusted Userssection(sendmail.cffile), trusted users,144 TRUST_AUTH_MECH command(m4), updating SendmailwithRPM,66 UNSUBSCRIBE command(IMAP4),26 UnsafeGroupWrites optionins UnixFromLine optioninsendmail.cf,431 Unix header,14 uninterruptible powersupply(UPS),323 undeliverable mail,returningtosender,200 undefine command(m4),92,364,365,367 unavailable keywordforSendmailerror unauthorized access UIDL command(POP),23 UID command(IMAP4),27 UDB_DEFAULT_SPEC option,140 U in mailerdefinition,209,210 in DNSdatabaserecord,33 in redhat.mcfile,125–126 format for,96 as securitythreat,321 security against, by scriptkiddies,324 349, 364,366 endmail.cf, 431 code, 245 285–287 337–342 RS_UHMC omn m)–uucpdomainfeature – TRUST_AUTH_MECH command(m4) 284–285 202 uucpdomain feature,143,144,171,379 uucpdomain database,380 uucp mailer,391 UUCP bangaddressing,!(exclamationpoint) UUCP, 32 /usr/local/src directory,82 usernames Userid (U)field,inmailerdefinition,210 USERDB databaseoption,140 USERDB compilerflag,154 UserDatabaseSpec optioninsendmail.cf,431 user ID,338 user database, USER command(POP),23,25 user usenet mailer,391 UseErrorsTo optioninsendmail.cf,431 use_cw_file variable, use_ct_file feature,142,202,379,381 usage keyword,forSendmailerrorcode,245 UPS (uninterruptiblepowersupply),323 uppercase characters,processingindatabase files todefineconnectivity,84 for TCPconnections,301 masquerading exceptiontocreate,255 masquerading, for Sendmail,125 responsibility formailfilters,315 mailbox for,14 limiting access, as sourceofconfigurationproblem, for, 188 379, 381 build, 194 with tcpdwrapperdaemon, 117 154–156 256–258 328–335 115–116 , 256 , 142,147, 330–332 116– 455

Index 456 UUCP_MAILER_MAX variable – xinetd configuration

UUCP_MAILER_MAX variable, 127, 132 video media type (MIME), 16 UUCP_RELAY variable, 125–126, 264, 386 {VirtHost} class, 162 UUCPSMTP command (m4), 103, 364 virtual domain names, masquerading, 252 virtual mail domain, 161 defining, 161–163 V mailertable feature for, 168 V (version level) command, 182, 197– virtuser database, defining, 197 199, 215 VIRTUSER_DOMAIN command (m4), variables. See also class variables 162, 365 for mailers, 120–121 VIRTUSER_DOMAIN_FILE command names for D command, 182 (m4), 365 in pattern matching, 229 virtuser_entire_domain feature, 379 in rewrite rules pattern matching, 226 virtusertable database, 380–381 sendmail.cf file, 296, 411–416 virtusertable feature, 128, 143, 161– setting and viewing, 287–288 166, 379 vendor web site, locating RPM software building and testing, 165–166 on, 62 delivery address definition, 163–166 vendors. See Red Hat vulnerabilities in software, tracking, 324 VERB, 22 verbose mode W for makemap command, 173–174 to run mailq, 278 web sites SMTP (Simple Mail Transport Protocol) about security vulnerabilities, 324 in, 11–13 for information about spammers, 311 for testing Sendmail, 271–273 wrapper to control network access, 330–332 Verify command (SMTP), 5, 8 {verify} variable, 353–354 version level (V) command, 182, 197– X 199, 215 X Windows tools version number for Sendmail install, 68–69 Sendmail vs. sendmail.cf, 91 tksysv, 55, 55–56 Z variable to set, 184 X.400 protocol, 32 VERSIONID command (m4), 91, 92, 95, X.509 certificate, 350 96, 364 xinetd configuration in generic-linux.mc file, 98, 108 to control network access, 332–335 version.m4 file, 91 removing daemons from, 327 Y XUSR, 22 XscriptFileBufferSize optionin Z variable,91,184 Z YPCOMPAT databaseoption,140 sendmail.cf, 431 srpFlBfeSz pini edalc Zvariable – XscriptFileBufferSize optioninsendmail.cf 457

Index