summaryrefslogtreecommitdiff
path: root/cf/README
diff options
context:
space:
mode:
Diffstat (limited to 'cf/README')
-rw-r--r--cf/README59
1 files changed, 47 insertions, 12 deletions
diff --git a/cf/README b/cf/README
index b26c99c6aaf31..03dfa1b6983e6 100644
--- a/cf/README
+++ b/cf/README
@@ -397,6 +397,10 @@ SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to one of
the SMTP mailers and which are converted to MIME will
be labeled with this character set.
+RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
+ that ARRIVE from an address that resolves to the
+ relay mailers and which are converted to MIME will
+ be labeled with this character set.
SMTP_MAILER_LL [990] The maximum line length for SMTP mailers
(except the relay mailer).
RELAY_MAILER_LL [2040] The maximum line length for the relay mailer.
@@ -743,6 +747,16 @@ nouucp Don't route UUCP addresses. This feature takes one
2. don't remove "!" from OperatorChars if `reject' is
given as parameter.
+nopercenthack Don't treat % as routing character. This feature takes one
+ parameter:
+ `reject': reject addresses which have % in the local
+ part unless it originates from a system
+ that is allowed to relay.
+ `nospecial': don't do anything special with %.
+ Warnings: 1. See the notice in the anti-spam section.
+ 2. Don't remove % from OperatorChars if `reject' is
+ given as parameter.
+
nocanonify Don't pass addresses to $[ ... $] for canonification
by default, i.e., host/domain names are considered canonical,
except for unqualified names, which must not be used in this
@@ -2442,17 +2456,19 @@ should only be used for sites which have no control over the addresses
that they provide a gateway for. Use this FEATURE with caution as it
can allow spammers to relay through your server if not setup properly.
-NOTICE: It is possible to relay mail through a system which the anti-relay
-rules do not prevent: the case of a system that does use FEATURE(`nouucp',
-`nospecial') (system A) and relays local messages to a mail hub (e.g., via
-LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use
-FEATURE(`nouucp') at all, addresses of the form
-<example.net!user@local.host> would be relayed to <user@example.net>.
-System A doesn't recognize `!' as an address separator and therefore
-forwards it to the mail hub which in turns relays it because it came from
-a trusted local host. So if a mailserver allows UUCP (bang-format)
-addresses, all systems from which it allows relaying should do the same
-or reject those addresses.
+NOTICE: It is possible to relay mail through a system which the
+anti-relay rules do not prevent: the case of a system that does use
+FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial')
+(system A) and relays local messages to a mail hub (e.g., via
+LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the
+same feature (nouucp / nopercenthack) at all, addresses of the form
+<example.net!user@local.host> / <user%example.net@local.host>
+would be relayed to <user@example.net>.
+System A doesn't recognize `!' / `%' as an address separator and
+therefore forwards it to the mail hub which in turns relays it
+because it came from a trusted local host. So if a mailserver
+allows UUCP (bang-format) / %-hack addresses, all systems from which
+it allows relaying should do the same or reject those addresses.
As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
an unresolvable domain (i.e., one that DNS, your local name service,
@@ -3990,6 +4006,13 @@ confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
Priority, Host, Filename, Random,
Modification, or Time.
+confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater
+ than zero, entries in the queue
+ will be retried during a queue run
+ only if the individual retry time
+ has been reached which is doubled
+ for each attempt. The maximum retry
+ time is limited by the specified value.
confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
must sit in the queue between queue
runs. This allows you to set the
@@ -4208,7 +4231,7 @@ confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5
confAUTH_REALM AuthRealm [undefined] The authentication realm
that is passed to the Cyrus SASL
library. If no realm is specified,
- $j is used.
+ $j is used. See KNOWNBUGS.
confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
authentication information for
outgoing connections. This file must
@@ -4241,6 +4264,14 @@ confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client
verification is performed, i.e.,
the server doesn't ask for a
certificate.
+confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related
+ options for server side. See
+ SSL_CTX_set_options(3) for a list.
+confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related
+ options for client side. See
+ SSL_CTX_set_options(3) for a list.
+confCIPHER_LIST CipherList [undefined] Cipher list for TLS.
+ See ciphers(1) for possible values.
confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
specification for LDAP maps. The
value should only contain LDAP
@@ -4281,6 +4312,10 @@ confRAND_FILE RandFile [undefined] File containing random
requires this option if the compile
flag HASURANDOM is not set (see
sendmail/README).
+confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm
+ [undefined] The fingerprint algorithm
+ (digest) to use for the presented
+ cert.
confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
queue runners is set the given value
(nice(3)).