Mail configuration

Mail config is present in the following files:
  1. /etc/mail/ The "Root" configuration file
  2. /etc/mail/access Spam protection
  3. /etc/mail/aliases "Nice" names for local users
  4. /etc/mail/genericstable "Nice" names for outgoing mail
  5. /etc/mail/virtusertable "Nice" names with domain names
  6. /etc/mail/mailertable Domains for which we have an MX Record, but whose mail should be delivered elsewhere
  7. /etc/mail/relay-domains Domains for which we accept to relay mail
  8. /etc/mail/ Domains which are handled locally

This documentation also features the following items:

  1. An overview how the various config files of sendmail play together
  2. When does sendmail consider two domains to be identical
  3. What needs to be done when adding a new mail domain
More documentation can be found on's web site.

Important note for sendmail experts: this document refers to the sendmail configuration as it is used by LLL and LTNB, and is a functional description. I am fully aware that by manually tweaking, you can obtain different precedences between the various config files. Moreover, this is a functionaly description: the order of checks as performed by the rules may not be the same as represented, however, the system behaves as if files were checked in the order presented.


Mail enters at the top left of the figure, and while it travels through the system, the following checks are performed:

  1. Access control: spammers (listed by complete mail address or just by their domain) get their mail rejected. Additionnally, this file may also contain lists of addresses which are allowed to relay (skip relay-domains check).
  2. DNS canonifying. Using DNS, sendmail transforms all host name parts into their "canonical form". In order to do this, it follows CNAMES chains, until it finds a name which is no longer a CNAME. For instance, if is a CNAME for, then sendmail replaces the address into
  3. relay-domains check. The goal of this check is to prevent third parties from abusing our mail server to relay their mails. Any mail where neither the sender nor the destinator is local to the ltnb is considered a third-party mail.
  4. Then sendmail checks the mailertable file for any special rules for this destination. These may either be smtp: or esmtp: rules, which specify another mailer to which the mail should be relayed, or local: which specifies that this is local mail, that should bypass the following steps ( and virtusertable)
  5. Next, sendmail checks the file. If the host name of the mail is mentioned here-in, the mail is considered local. Else, it is considered remote, and sendmail checks the DNS for any MX records of this address. If no MX or A record for the destination is found, the mail is returned as undeliverable (domain not known). If the MX or A record points back to itself, a "local configuration error" is returned; indeed, if this mailer was really responsible for that domain, it should have a local: entry in the mailertable or an entry in for that domain.
  6. Next, sendmail checks the virtusertable for any domain-dependant aliases. For instance, if LTNB server mail for both and, then this file allows to assign a different recipient to and (different domain, same username). If a entry is found for the recipient, the recipient gets replaced with its alias, and the mail is reinjected through DNS canonify at mailertable.
  7. Next, the alias file is checked for any domain-independant aliases. If an entry is found for the recipient, the recipient gets replaced with its alias, and the mail is reinjected through DNS canonify at mailertable.
  8. Last, mail is delivered to the local mailbox of the recipient (or returned as an error, if no such user exists)
Additionnally, general sendmail behavior, as well as the exact location of the above-mentioned config files is specified in

This is the "root" configuration file of sendmail, point to the others. It needs the following changes (diff listing: new lines are marked by +, removed lines by -, and unchanged lines are indicated for context).

---	Wed Sep  6 01:17:10 2000
+++	Sat Mar  3 07:52:08 2001
@@ -119,7 +119,7 @@
 dnl  to accept further hostnames as local email, add them here or put
 dnl  them into the `/etc/mail/' file.
-dnl FEATURE(`use_cw_file')dnl
 dnl  This FEATURE enables (open)ldap and requires some arguments. For
 dnl  information see  Note that this
Enable the file (needed for serving mail to multiple domains).

@@ -159,9 +159,9 @@
 dnl  for rejecting well known spammers
 dnl  (see and
-dnl FEATURE(`dnsbl')dnl
 dnl FEATURE(`dnsbl',`',` Mail from $&{client_addr} rejected - dul; see')dnl
-dnl FEATURE(`dnsbl',`', ` Mail from $&{client_addr} rejected - open relay; see')dnl
+FEATURE(`dnsbl',`', ` Mail from $&{client_addr} rejected - open relay; see')dnl
 dnl  Just add the local domain if the email address doesn't have one
Enable spam filtering features

@@ -188,6 +188,11 @@
 dnl MASQUERADE_DOMAIN(`otherdmain.notused')dnl
 dnl FEATURE(`limited_masquerade')dnl
+dnl  use procmail for local mail delivery. the exact pathname is given above.
 dnl  These mailers are available. per default only smtp is used. You have
 dnl  to add entries to /etc/mail/mailertable to enable one of the other
 dnl  mailers.
Deliver local mail via procmail. Allows users more customization options via their .procmailrc file.

@@ -218,3 +223,20 @@
 dnl Cw localhost www.domain.notused
+dnl LTNB specific stuff
+define(`confCONNECTION_RATE_THROTTLE', `3')dnl
+dnl Settings recommended by
+define(`confMIN_FREE_BLOCKS', `4000')dnl
+define(`confMAX_MESSAGE_SIZE', 1000000)dnl
+define(`confAUTO_REBUILD', False)dnl
+define(`confREFUSE_LA', 8)dnl
+dnl MAX_DAEMON_CHILDREN recommended is 40 for 128MB of Ram: take half of
+dnl it, as lots of other stuff is running on Pollux too
+define(`confMAX_DAEMON_CHILDREN', 12)dnl
+dnl define(`confMAX_HEADERS_LENGTH', 32)dnl Not supported yet
+define(`confMAX_MIME_HEADER_LENGTH', 1024)dnl
+define(`confMAX_RCPTS_PER_MESSAGE', 100)dnl
Set resource limits (number of connections, minimum available disk space, max spawned processed, ...) in order to prevent sendmail from crashing under unusual load. Such unusual load may happen as a result of a deliberate cracking attempts (some student had attempted to set up a mail loop to do this last year), or inadvertantly (when reconnecting network after a week long outage, some computers have a huge amount of mail to postmaster piled up, which they unload at once when reconnecting). is not directly read by sendmail. Rather, it has to be convered into /etc/ using the following command:

m4 </etc/mai/ >/etc/


This file is mostly used to block access from spammers. Each line has the following format:
address code message
This is the e-mail address of the spammer to be blocked. Either the complete address (, or just the domain ( If only the domain is indicated, all mails from that domain are rejected.
code an error code to return to the sending mailer, usually 550
an error message to return to the sending mailer. Chose any witty comment that you like.
Code and message may also be replaced with the word REJECT which returns a code 550 with a boring "Access denied" message. Example:   550 Please keep your spam to yourself    550 Please keep your spam to yourself       550 Please keep your spam to yourself      550 Doctor, whenever I eat Hormel products, I feel a strong urge to throw up violently.  What can I do about this?


Defines mail aliases. When manually editing this file, make sure not to set any aliases that are also set by webmin (anything that goes into the mail alias field of webmin). However, you may redirect login names (if they are not also webmin aliases).

Aliases may have more than one target, and may be spread over several lines (each line having a blank in the first column is considered as a continuation) Example:

pe: Jean-Paul.Gedgen,
Targets themselves are expanded. If you don't want to further expand targets, prepend with a backslash (\). Example:
root:          joe, \root


This is more or less the contrary of the aliases file. In certain conditions, From addresses in outgoing mails are replaced according to genericstable. Example:
jpg      Jean-Paul.Gedgen
mstoltz  Michel.Stoltz
arassel  Alain.Rassel
aknaff   Alain.Knaff
rkirsch  Ramon.Kirsch
ejpg     Eleve.Jpg
emstoltz Stoltz.Michel
mteusch  Marc.Teusch
mborsche Mike.Borschette
This means that mails sent from jpg have their From address replaced by Jean-Paul.Gedgen, etc. Be sure to have the reverse mapping in aliases or virtusertable, or else those users won't receive replies to their mails. Automatically maintained by webmin, but it should be ok to edit manually if you avoid both login names and aliases covered by webmin.

N.B. When sending mail from a browser, this is actually not used, as the browser himself already sets the long name as sender. As far as I know, this file only comes into play when sending mail from the command line.


This is like aliases, but allows to redirect names depending on domains. This is useful especially for virtual webhosting, so that for instance will be redirected to a different person than . Note: it is not possible in virtusertable to redirect to multiple recipients. However, it is possible to redirect to an alias (defined in /etc/aliases) which itself is redirected to multiple recipients. Example:                 fknaff                    mknaff                         alain                        speters                   speters                        mrassel                         dbelardi                 dbelardi


This is used to define paths to other mailers, for situations where the nameserver (MX Records) cannot be used for some reason.

This is useful if our mailer is itself an MX record for another domain, but doesn't handle the mail itself. Without the mailertable, our mailer would look up the target domain using its MX record, which would point to itself, leading to an error.

Example:      smtp:[]            smtp:[]
This means for instance that mail sent to will be delivered via SMTP to host (this is actually not a redundant information: DNS considers mail addresses (MX Records) and IP hosts (A Records) to be distinct. The left hand side refers to the mail address, whereas the right hand side refers to a host).

Mailertable can also be used to specify mail to be delivered local, in addition to The advantage is that it allows a more flexible syntax (specifying only domain names rather than full names):                local:
This says that all mail sent to an address ending in is to be considered local. The disadvantage of this approach are the following: In mailertable, if an entry is prefixed with a dot (such as, it matches all domains ending with that string. If no leading dot is present, only exact matches are accepted. If several lines match (for instance, if both a and an entry is present), the most specific match (longest string) is taken.


This is a list of hosts for which we relay.

Explanation: Sendmail normally refuses mail where neither the sender nor the recipient is a local user. For example, our sendmail would refuse to relay mails which are sent from a user to a user at This is done in order to avoid that spammers abuse our mailer to relay their meat products. Obviously mail where either the sender or the recipient is local is accepted, or else we would not be able to communicate. For instance, if an ltnb user sends to, the mail is relayed all right. If a user sends to an user it is relayed too.

The relay-domains file defines which hosts are considered local. It can contain both domains (, IP addresses (, or shorthands thereof (158.64.28.). Two kinds of domains need to be included (which often overlap):

List of domains which are considered "local" by sendmails for delivery purposes. Any mail addressed to one of those domains will be delivered locally.

N.B. Addresses used in virtusertable must also be set in . Addresses relayed using mailertable should not be set in In summary, if an MX record point to our mailer, the corresponding address should be either in or in mailertable.

Unlike relay-domains, domains listed in are interpreted as exact matches; for example would not match

When are two domains identical for sendmail?

If an address A is a CNAME for another name B, all occurrences of A are considered by sendmail to be equivalent to B. A does in that case not be mentioned separately in, mailertable or virtusertable.

However, if an address C is an MX Record pointing to D, both are considered different, and C should definately be set either in or in mailertable. In that case, it doesn't even matter whether D is a CNAME for something else or not.

When setting domains equivalent via CNAMES, be careful though that it cuts both ways: If you set for instance to be a CNAME for, this means that sendmail will have no way of distinguishing between and !

Adding a new domain for sendmail

When adding a new domain for sendmail, the following actions need to be performed: