It is sometimes useful to overwrite the From: field of
an outgoing mail message. Let's say you have a web-based program that
generates email. Normally the
mail message would appear to come from the user who owned the web server
process. We might want to specify some other source address so that the mail
appears to have originated from some other user or address on that machine.
sendmail provides a means of specifying which systems
users are to be entrusted with the ability to do this.
The use_ct_file feature enables the specification and
use of a file that lists the names of trusted users. By default, a small
number of system users are trusted by sendmail
(root, for example). The default filename for this feature
is /etc/mail/trusted-users in systems exploiting the
/etc/mail/ configuration directory and
/etc/sendmail.ct in those that don't. You can specify
the name and location of the file by overriding the
Add FEATURE(use_ct_file) to your
sendmail.mc file to enable the feature.
Mail aliases are a powerful feature that enable mail to be directed to
mailboxes that are alternate names for users or processes on a
destination host. For example, it is common practice to have feedback
or comments relating to a World Wide Web server to be directed to
“webmaster.” Often there isn't a user known as
“webmaster” on the target machine, instead it is an alias
of another system user. Another common use of mail aliases is
exploited by mailing list server programs in which an alias directs
incoming messages to the list server program for handling.
The /etc/aliases file is where the aliases are stored.
The sendmail program consults this file when determining
how to handle an incoming mail message. If it finds an entry in this file
matching the target user in the mail message, it redirects the message to
wherever the entry describes.
Specifically there are three things that aliases allow to happen:
They provide a shorthand or well-known name for mail to be addressed to in
order to go to one or more persons.
They can invoke a program with the mail message as the input to the program.
They can send mail to a file.
All systems require aliases for
MAILER-DAEMON to be RFC-compliant.
Always be extremely aware of security when defining aliases that invoke
programs or write to programs, since sendmail generally
runs with root permissions.
Details concerning mail aliases may be found in the
aliases(5) manual page. A sample
aliases file is shown
in Example 18-4.
Example 18-4. Sample aliases File
# The following two aliases must be present to be RFC-compliant.
# It is important to resolve them to 'a person' who reads mail routinely.
postmaster: root # required entry
MAILER-DAEMON: postmaster # required entry
# demonstrate the common types of aliases
usenet: janet # alias for a person
admin: joe,janet # alias for several people
newspak-users: :include:/usr/lib/lists/newspak # read recipients from file
changefeed: |/usr/local/lib/gup # alias that invokes program
complaints: /var/log/complaints # alias writes mail to file
Whenever you update the /etc/aliases file, be
sure to run the command:
to rebuild the database that sendmail uses internally.
The /usr/bin/newaliases command is a symbolic link to the
sendmail executable, and when invoked this way,
behaves exactly as though it were invoked as:
# /usr/lib/sendmail -bi
The newaliases command is an alternative and more
convenient way to do this.
Sometimes a host finds mail that it is unable to deliver directly to
the desired remote host. It is often convenient to have a single host on a
network take on the role of managing transmission of mail to remote hosts
that are difficult to reach, rather than have each local host try to do this
There are a few good reasons to have a single host take on mail
management. You can simplify management by having only one host
with a comprehensive mail configuration that knows how to handle all
of the different mail transport types, such as UUCP, Usenet, etc. All
other hosts need only a single tranport protocol to send their mail to
this central host. Hosts that fill this central mail routing and
forwarding role are called smart hosts. If you
have a smart host that will accept mail from you, you can send it mail
of any sort and it will manage the routing and transmission of that
mail to the desired remote destinations.
Another good application for smart host configurations is to manage
transmission of mail across a private firewall. An organization may
elect to install a private IP network and use their own,
unregistered IP addresses. The private network may be connected to
the Internet through a firewall. Sending mail to and from hosts in
the private network to the outside world using SMTP would not be
possible in a conventional configuration because the hosts are not
able to accept or establish direct network connections to hosts on the
Internet. Instead, the organization could elect to have the firewall
provide a mail smart host function. The smart host running on the
firewall is able to establish direct network connections with hosts
both on the private network and on the Internet. The smart host would
accept mail from both hosts on the private network and the Internet,
store them in local storage and then manage the retransmission of that
mail to the correct host directly.
Smart hosts are usually used when all other methods of delivery have
failed. In the case of the organization with the private network, it
would be perfectly reasonable to have the hosts attempt to deliver
mail directly first, and if that fails then to send it to the smart
host. This relieves the smart host of a lot of traffic because other
hosts can directly send mail to other hosts on the private network.
sendmail provides a simple method of configuring
a smart host using the SMART_HOST feature; when
implementing it in the Virtual Brewery configuration, we do exactly this. The
relevant portions of our configuration that define the smart host are:
# This rule ensures that all local mail is delivered using the
# smtp transport, everything else will go via the smart host.
R$* < @ $* .$m. > $* $#smtp [email protected] $2.$m. $: $1 < @ $2.$m. > $3
The SMART_HOST macro allows you to specify the host that
should relay all outgoing mail that you are unable to deliver directly,
and the mail transport protocol to use to talk to it.
In our configuration we are using the uucp-new transport
to UUCP host moria. If we wanted to configure
sendmail to use an SMTP-based Smart Host, we would instead
use something like:
We don't need to specify SMTP as the transport, as it is the default.
Can you guess what the LOCAL_NET_CONFIG macro and the
rewrite rule might be doing?
The LOCAL_NET_CONFIG macro allows you to add raw
sendmail rewrite rules to your configuration that define
what mail should stay within the local mail system. In our example, we've used
a rule that matches any email address where the host belongs to our
domain (.$m.) and rewrite it so that it is sent directly
to the SMTP mailer.
This ensures that any message for a host on our local domain is directed
immediately to the SMTP mailer and forwarded to that host, rather than falling
through to our smart host, which is the default treatment.
If you've subscribed to a mailing list, published your email address on a
web site, or posted an article to UseNet, you will most likely have
begun to receive unsolicited advertising email. It is commonplace now
for people to scour the net in search of email addresses to add to mailing
lists that they then sell to companies seeking to advertise their products.
This sort of mass-mailing behavior is commonly called spamming.
On-line Dictionary of Computing offers a mail-specific definition of
2. (A narrowing of sense 1, above) To indiscrimately send large amounts of
unsolicited e-mail meant to promote a product or service. Spam in this sense
is sort of like the electronic equivalent of junk mail sent to "Occupant."
In the 1990s, with the rise in commercial awareness of the net, there are
actually scumbags who offer spamming as a "service" to companies wishing to
advertise on the net. They do this by mailing to collections of e-mail
addresses, Usenet news, or mailing lists. Such practises have caused outrage
and aggressive reaction by many net users against the individuals concerned.
Fortunately, sendmail includes some support for mechanisms
that can help you deal with unsolicited mail.
The Real-time Blackhole List is a public facility provided to help reduce the
volume of unsolicited advertising you have to contend with. Known email
sources and hosts are listed in a queryable database on the Internet. They're
entered there by people who have received unsolicited advertising from some
email address. Major domains sometimes find themselves on the list because of
slip-ups in shutting down spam. While some people complain about
particular choices made by the maintainers of the list, it remains
very popular and disagreements are usually worked out quickly. Full details
on how the service is operated may be found
from the home site of the Mail Abuse Protection System at
If you enable this sendmail feature, it will test the source
address of each incoming mail message against the Real-time Blackhole List to
determine whether to accept the message. If you run a large site
with many users, this feature could save a considerable volume of disk space.
This feature accepts a parameter to specify the name of the
server to use. The default is the main server at
To configure the Real-time Blackhole List feature, add the following
macro declaration to your sendmail.mc file:
Should you wish to specify some other RBL server, you would use a
declaration that looks like:
An alternative system that offers greater flexibility and control at
the cost of manual configuration is the sendmailaccess_db feature. The access
database allows you to configure which hosts or users you will accept
mail from and which you will relay mail for.
Managing who you will relay mail for is important, as it is another technique
commonly employed by spamming hosts to circumvent systems such as the Real-time
Blackhole List just described. Instead of sending the mail to you directly,
spammers will relay the mail via some other unsuspecting host who allows it.
The incoming SMTP connection then doesn't come from the known spamming host,
it instead comes from the relay host. To ensure that your own mail hosts
aren't used in this way, you should relay mail only for known hosts. Versions
of sendmail that are 8.9.0 or newer have
relaying disabled by default, so for those you'll need to use the access
database to enable individual hosts to relay.
The general idea is simple. When a new incoming SMTP connection is received,
sendmail retrieves the message header information and then
consults the access database to see whether it should proceed to accept
the body of the message itself.
The access database is a collection of rules that describe what action should
be taken for messages received from nominated hosts. The default access control
file is called /etc/mail/access. The table has a simple
format. Each line of the table contains an access rule. The lefthand side of
each rule is a pattern used to match the sender of an incoming mail message.
It may be a complete email address, a hostname, or an IP address. The
righthand side is the action to take. There are five types of action you may
configure. These are:
Accept the mail message.
Accept messages from this host or user even if they are not destined
for our host; that is, accept messages for relaying to other hosts from
Reject the mail with a generic message.
Discard the message using the $#discard mailer.
### any text
Return an error message using ### as
the error code (which should be RFC-821 compliant) and “any
text” as the message.
This example would reject any email received from
any host in the domain aol.com
and the host 126.96.36.199.
The next rule would accept email from
[email protected] despite the fact
that the domain itself has a reject rule. The last rule allows relaying
of mail from any host in the
To enable the access database feature, use the following declaration in your
The default definition builds the database using
hash -o /etc/mail/access, which generates
a simple hashed database from the plain text file. This is perfectly adequate
in most installations. There are other options that you should consider if
you intend to have a large access database. Consult the sendmail book or
other sendmail documentation for details.
If you have users or automated processes that send mail but will never
need to receive it, it is sometimes useful to refuse to accept mail destined
for them. This saves wasted disk-space storing mail that will never be
read. The blacklist_recipients
feature, when used in combination with the
access_db feature, allows you to
disable the receipt of mail for local users.
To enable the feature, you add the following lines to your
sendmail.mc file, if they're not already there:
To disable receipt of mail for a local user, simply add his details
into the access database. Usually you would use the
### entry style that would return a
meaningful error message to the sender so they know why the mail is
not being delivered. This feature applies equally well to users in
virtual mail domains, and you must include the virtual mail domain
in the access database specification. Some sample
/etc/mail/access entries might look like:
daemon 550 Daemon does not accept or read mail.
flacco 550 Mail for this user has been administratively disabled.
[email protected] 550 Mail disabled for this recipient.
Virtual email hosting provides a host the capability of accepting and
delivering mail on behalf of a number of different domains as though it were
a number of separate mail hosts. Most commonly, virtual hosting is exploited by
Internet Application Providers in combination with virtual web hosting, but
it's simple to configure and you never know when you might be in a position to
virtual host a mailing list for your favorite Linux project, so we'll
describe it here.
When sendmail receives an email message, it compares the
destination host in the message headers to the local host name. If they
match, sendmail accepts the message for local delivery;
if they differ, sendmail may decide to accept the message
and attempt to forward it on to the final destination (See
Section 188.8.131.52” earlier in this chapter for details on how to configure
sendmail to accept mail for forwarding ).
If we wish to configure virtual email hosting, the first thing we need to do
is to convince sendmail that it should also accept mail
for the domains that we are hosting. Fortunately, this is a very simple thing
The sendmailuse_cw_file feature allows us to
specify the name of a file where we store domain names for which
sendmail accepts mail. To configure the feature, add the
feature declaration to your sendmail.mc file:
The default name of the file will be
/etc/mail/local-host-names for distributions using
the /etc/mail/ configuration directory or
/etc/sendmail.cw for those that don't. Alternatively,
you can specify the name and location of the file by overriding the
confCW_FILE macro using a variation on:
To stick with the default filename, if we wished to offer virtual hosting to
the bovine.net, dairy.org, and
artist.org domains, we would create a
/etc/mail/local-host-names that looks like:
When this is done, and assuming appropriate DNS records exist that point those
domain names to our host, sendmail will accept mail
messages for those domains as though they were destined for our real domain
The sendmailvirtusertable feature configures
support for the virtual user table, where we configure virtual
email hosting. The virtual user table maps incoming mail destined for some
[email protected] to some [email protected].
You can think of this as an advanced mail alias feature, one that operates
using not just the destination user, but also the destination domain.
To configure the virtusertable
feature, add the feature to your sendmail.mc
configuration as shown:
By default, the file containing the rules to perform translations will be
/etc/mail/virtusertable. You can override this by
supplying an argument to the macro definition; consult a
detailed sendmail reference to learn about what options
The format of the virtual user table is very simple. The lefthand side of
each line contains a pattern representing the original destination mail
address; the righthand side has a pattern representing the mail address the
virtual hosted address will be mapped to.
The following example shows three possible types of entries:
In this example, we are virtual hosting three domains:
bovine.net, dairy.org, and
The first entry redirects mail sent to a user in the
bovine.net virtual domain to a local
user on the machine. The second entry redirects mail to a user in the same
virtual domain to a user in another domain. The third example redirects all
mail addressed to any user in the dairly.org virtual
domain to a single remote mail address. Finally, the last entry redirects
any mail to a user in the artist.org virtual domain to
the same user in another domain; for example,
[email protected] would be redirected to