The confREJECT_LOG_INTERVAL mc configuration macro defines the logging interval used by the RejectLogInterval option. See Section 24.1.11 ^[V8.13] for a description of this option and the nature of the warning message that is logged.

The confREQUIRES_DIR_FSYNC mc configuration macro defines the RequiresDirfsync option and causes sendmail to change the effect of the compile-time flag REQUIRES_DIR_FSYNC (3.4.47[3ed]) at runtime. See Section 24.1.12 ^[V8.13] for a description of this new option and how it may be used.

The new confCONNECTION_RATE_WINDOW_SIZE mc configuration macro defines the ConnectionRateWindowSize option as well as the window of time over which a count of the number of connections is maintained. See Section 24.1.13 ^[V8.13] for a description of this new option and how it may be used.

Prior to V8.13, there were only three ways to modify the timeouts for the Timeout.queuereturn option (24.9.109.18^[3ed]):

define(`confTO_QUEUERETURN_URGENT´,`timeout´)         
               
                V8.7 and later
define(`confTO_QUEUERETURN_NORMAL´,`timeout´)         
               
                V8.7 and later
define(`confTO_QUEUERETURN_NONURGENT´,`timeout´)      
               
               
                V8.7 and later

V8.13 has added a fourth way to modify that same option. If the precedence (25.10^[3ed]) for the message is normal, and if the message is a DSN return message, the new Timeout.queuereturn.dsn timeout will be used:

define(`confTO_QUEUERETURN_DSN´,`timeout´)  
               
               
                V8.13 and later

See Section 24.1.15 ^[V8.13] for a description of this addition to an existing option and how it may be used.

Prior to V8.13, there were only three ways to modify the timeouts for the Timeout.queuewarn option (24.9.109.19^[3ed]):

define(`confTO_QUEUEWARN_URGENT´,`timeout´)        
               
                V8.7 and later
define(`confTO_QUEUEWARN_NORMAL´,`timeout´)        
               
                V8.7 and later
define(`confTO_QUEUEWARN_NONURGENT´,`timeout´)     
               
                V8.7 and later

V8.13 has added a fourth way to modify that same option. If the precedence (25.10^[3ed]) for the message is normal, and if the message is a DSN return message, the new Timeout.queuewarn.dsn timeout will be used:

define(`confTO_QUEUEWARN_DSN´,`timeout´)  
               
               
                V8.13 and later

See Section 24.1.16 ^[V8.13] for a description of this addition to an existing option and how it may be used.

The Local Mail Transfer Protocol (LMTP) can be used to transfer mail from sendmail to the program that delivers mail to the local user. Historically, that has been a program such as /bin/mail that simply gathered a message on its standard input and wrote that message to the end of the file that the user reads. Beginning with V8.9, sendmail can speak LMTP to local delivery programs. The mail.local program (5.3^[3ed]), supplied in source form with the sendmail open source distribution, is one such program, and procmail(1) is another.

The local_lmtp feature (4.8.19[3ed]) is used to enable the mail.local program. Prior to V8.13, that feature could only take one or, optionally, two arguments:

FEATURE(`local_lmtp´)
FEATURE(`local_lmtp´, `/usr/sbin/mail.local´)

Here, the first line both enables the use of the mail.local program and defines the location of that program by default, as the path /usr/libexec/mail.local. The second line supplies a second argument to the feature, which defines a different location for the program /usr/sbin/mail.local. Essentially, the second argument is supplied as the value to the P= equate (20.5.11^[3ed]) for the local delivery agent.

V8.13 allows you to add a third, optional argument that supplies the command-line arguments for the mail.local program (as well as for any other program that uses LMTP, such as procmail). Essentially, the third argument is supplied as the value to the A= equate (20.5.2^[3ed]). For example, the following supplies the -7 command-line switch for the mail.local program (don’t advertise 8-bit MIME support):

FEATURE(`local_lmtp´,, `mail.local -l -7´)

And the following enables procmail(1) to be used for LMTP delivery:

FEATURE(`local_lmtp´, `/mail/bin/procmail´, `procmail -Y -a $h -z´)

Note that the second argument, if unused, must be present and empty if you wish to specify a third argument. Also note that you should manually append new command-line switches to the default switches, rather than replace them.

The ratecontrol feature allows you to use the access database to control the rate at which other machines can connect to your server. The rate is based on the setting of the ConnectionRateWindowSize option (Section 24.1.13 ^[V8.13]), which defaults to 60 seconds. So, for example, it you want to reject more than 10 connections per minute (60 seconds) from the IP address 192.168.23.45, you would put the following into your access database source file:

               ClientRate:192.168.23.45     10

Here, if the host with the IP address 192.168.23.45 connects to your server more than 10 times in a given 60 seconds (the default window of time), the eleventh and subsequent connections during that interval will be rejected.

You enable the ratecontrol feature like this:

               FEATURE(`ratecontrol´)

But note, if you have not already declared the access database (7.5^[3ed]), you must do so before declaring this new feature, or you will get the following error when building your new configuration file:

*** ERROR: FEATURE(ratecontrol) requires FEATURE(access_db)

Once you have successfully enabled this ratecontrol feature, you may use it to control the connection rate by the IP addresses of hosts or networks or to set the default limit:

ClientRate:192.168.23.45                   2
ClientRate:127.0.0.1                       0
ClientRate:                                10
ClientRate:10.5.2                          2
ClientRate:IPv6:2002:c0a8:51d2::23f4       5

Here, the first line (as you have seen) limits the number of connections from the IP address 123.45.67.89 to no more than two connections per minute (where the ConnectionRateWindowSize option, Section 24.1.13 ^[V8.13], is set to 60 seconds or one minute).

The second line specifies a limit of zero, which means there is no limit imposed on the rate. This is suitable for the loopback interface address (127.0.0.1), because that is where the local submission version of sendmail delivers its mail.

The third line omits the IP address entirely, thereby setting a default limit for all other IP (unspecified) addresses. Without this default setting, any unspecified address would be unlimited.

The fourth line shows how network addresses may also be limited. However, note that this does not apply to the entire network (only to individual hosts inside the network) because the values are not cumulative for a network.

The last line shows that IPV6 addresses can be specified merely by prefixing each with a literal IPv6:.

Note that the rates we show here are just examples, not recommendations. The rates you choose as limits will depend on your particular circumstances.

FEATURE(`ratecontrol´, `nodelay´)

452 Connection rate limit exceeded

FEATURE(`ratecontrol´, `nodelay´, `terminate´)
FEATURE(`ratecontrol´, , `terminate´)

The conncontrol feature allows you to use the access database to control the number of simultaneous connections another machine may have to your server. The number of simultaneous connections allowed each interval is based on the setting of the ConnectionRateWindowSize option (Section 24.1.13 ^[V8.13]), which defaults to 60 seconds. So, for example, if you want to reject a host that has more than 10 simultaneous connections to your server (sometime in the last 60 seconds), where that host has the IP address 192.168.23.45, you would put the following into your access database source file:

               ClientConn:192.168.23.45       10

Here, if the host with the IP address 192.168.23.45 tries to set up an eleventh simultaneous connection to your server, that connection will be denied.

Enable the conncontrol feature like this:

               FEATURE(`conncontrol´)

But note, if you have not already declared the access database (7.5^[3ed]), you must do so before declaring this new feature, or you will get the following error when building your new configuration file:

*** ERROR: FEATURE(conncontrol) requires FEATURE(access_db)

Once you have successfully enabled this conncontrol feature, you may use it to control the number of simultaneous connections, based on IP addresses of hosts or networks, or to set the default limit:

ClientConn:192.168.23.45                   2
ClientConn:127.0.0.1                       0
ClientConn:                                10
ClientConn:10.5.2                          2
ClientConn:IPv6:2002:c0a8:51d2::23f4       5

Here, the first line (as you have seen) limits the number of simultaneous connections from the IP address 1192.168.23.45 to two.

The second line specifies a limit of zero, which means that there is no limit imposed on the number of simultaneous connections. This is suitable for the loopback interface address (127.0.0.1), because that is where the local submission version of sendmail delivers its mail.

The third line omits the IP address entirely, thereby setting the default limit for all other IP (unspecified) addresses.

The fourth line shows how network addresses may also be limited.

The last line shows that IPV6 addresses may be specified merely by prefixing each with a literal IPv6:.

Note that the limits we show here are just examples, not recommendations. The limits you choose will depend on your particular circumstances.

FEATURE(`conncontrol´, `nodelay´)

452 Too many open connections

FEATURE(`conncontrol´, `nodelay´, `terminate´)
FEATURE(`conncontrol´,  ,`terminate´)

Use of UUCP is enabled by declaring the uucp delivery agent (20.4.15^[3ed]):

MAILER(`uucp´)

This mc file declaration causes delivery agents, rules, and rule sets to be added to your configuration file so that UUCP mail may be handled.

Inside the parse rule set 0, rules are added that select UUCP delivery agents. First, locally connected UUCP addresses are detected and the appropriate UUCP delivery agent is selected based on each such address found. Addresses in the class $=Z select the uucp-uudom delivery agent. Addresses in the class $=Y select the uucp-new delivery agent. And addresses in the class $=U select the uucp-old delivery agent.

Next, rules are included (which will be added to your sendmail configuration file) that detect remotely connected UUCP addresses.

But if you need to add rules between these two phases (between the detection of local UUCP addresses and remote UUCP addresses), you may do so by utilizing this new LOCAL_UUCP mc macro. For example, the following mc file entry:

               LOCAL_UUCP
               R$* < @ $={ServerUUCP} . UUCP. > $*        $#uucp-uudom $@ $2 $: $1 < @ $2 .UUCP.> $3

causes the above new rule to be added to the parse rule set 0 in the location shown here:

# resolve locally connected UUCP links
... 
                                                
               
               
                New rules added here.
# resolve remotely connected UUCP links (if any)

Note that the LOCAL_UUCP mc macro is not intended for casual use. It should only be used to solve special UUCP needs that cannot be solved using more conventional means.