diff options
Diffstat (limited to 'cf/README')
-rw-r--r-- | cf/README | 59 |
1 files changed, 47 insertions, 12 deletions
diff --git a/cf/README b/cf/README index b26c99c6aaf31..03dfa1b6983e6 100644 --- a/cf/README +++ b/cf/README @@ -397,6 +397,10 @@ SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data that ARRIVE from an address that resolves to one of the SMTP mailers and which are converted to MIME will be labeled with this character set. +RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data + that ARRIVE from an address that resolves to the + relay mailers and which are converted to MIME will + be labeled with this character set. SMTP_MAILER_LL [990] The maximum line length for SMTP mailers (except the relay mailer). RELAY_MAILER_LL [2040] The maximum line length for the relay mailer. @@ -743,6 +747,16 @@ nouucp Don't route UUCP addresses. This feature takes one 2. don't remove "!" from OperatorChars if `reject' is given as parameter. +nopercenthack Don't treat % as routing character. This feature takes one + parameter: + `reject': reject addresses which have % in the local + part unless it originates from a system + that is allowed to relay. + `nospecial': don't do anything special with %. + Warnings: 1. See the notice in the anti-spam section. + 2. Don't remove % from OperatorChars if `reject' is + given as parameter. + nocanonify Don't pass addresses to $[ ... $] for canonification by default, i.e., host/domain names are considered canonical, except for unqualified names, which must not be used in this @@ -2442,17 +2456,19 @@ should only be used for sites which have no control over the addresses that they provide a gateway for. Use this FEATURE with caution as it can allow spammers to relay through your server if not setup properly. -NOTICE: It is possible to relay mail through a system which the anti-relay -rules do not prevent: the case of a system that does use FEATURE(`nouucp', -`nospecial') (system A) and relays local messages to a mail hub (e.g., via -LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use -FEATURE(`nouucp') at all, addresses of the form -<example.net!user@local.host> would be relayed to <user@example.net>. -System A doesn't recognize `!' as an address separator and therefore -forwards it to the mail hub which in turns relays it because it came from -a trusted local host. So if a mailserver allows UUCP (bang-format) -addresses, all systems from which it allows relaying should do the same -or reject those addresses. +NOTICE: It is possible to relay mail through a system which the +anti-relay rules do not prevent: the case of a system that does use +FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial') +(system A) and relays local messages to a mail hub (e.g., via +LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the +same feature (nouucp / nopercenthack) at all, addresses of the form +<example.net!user@local.host> / <user%example.net@local.host> +would be relayed to <user@example.net>. +System A doesn't recognize `!' / `%' as an address separator and +therefore forwards it to the mail hub which in turns relays it +because it came from a trusted local host. So if a mailserver +allows UUCP (bang-format) / %-hack addresses, all systems from which +it allows relaying should do the same or reject those addresses. As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has an unresolvable domain (i.e., one that DNS, your local name service, @@ -3990,6 +4006,13 @@ confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: Priority, Host, Filename, Random, Modification, or Time. +confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater + than zero, entries in the queue + will be retried during a queue run + only if the individual retry time + has been reached which is doubled + for each attempt. The maximum retry + time is limited by the specified value. confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job must sit in the queue between queue runs. This allows you to set the @@ -4208,7 +4231,7 @@ confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5 confAUTH_REALM AuthRealm [undefined] The authentication realm that is passed to the Cyrus SASL library. If no realm is specified, - $j is used. + $j is used. See KNOWNBUGS. confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains authentication information for outgoing connections. This file must @@ -4241,6 +4264,14 @@ confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client verification is performed, i.e., the server doesn't ask for a certificate. +confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related + options for server side. See + SSL_CTX_set_options(3) for a list. +confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related + options for client side. See + SSL_CTX_set_options(3) for a list. +confCIPHER_LIST CipherList [undefined] Cipher list for TLS. + See ciphers(1) for possible values. confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map specification for LDAP maps. The value should only contain LDAP @@ -4281,6 +4312,10 @@ confRAND_FILE RandFile [undefined] File containing random requires this option if the compile flag HASURANDOM is not set (see sendmail/README). +confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm + [undefined] The fingerprint algorithm + (digest) to use for the presented + cert. confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of queue runners is set the given value (nice(3)). |