V8
sendmail
internally predefines two delivery agents for the special handling of files (
*file*
and
*include*
) and one for the special handling of errors (
error
).
The
*file*
delivery agent (the
*
characters are part of the name) handles delivery to files. The
*include*
delivery agent handles delivery through
:include:
lists. Neither can be considered a real delivery agent, because actual delivery is still handled internally by
sendmail
. Instead, they provide a way to tune delivery-agent behavior for these two delivery needs.
The predefined defaults for these delivery agents can be viewed with the following command: [13]
[13] The output lines are unfortunately wrapped at the right margin of this book text.
%/usr/lib/sendmail -d0.15 -bt < /dev/null | egrep "file|include"
mailer 1 (*file*): P=[FILE] S=0/0 R=0/0 M=0 U=0:0 F=9DEFMPloqsu L=0 E=\n T=DNS/RF C822/X-Unix A=FILE $u mailer 2 (*include*): P=/dev/null S=0/0 R=0/0 M=0 U=0:0 F=su L=0 E=\n T=<undefine d>/<undefined>/<undefined> A=INCLUDE $u
The defaults may be overwritten by declaring these delivery agents in the configuration file. For example, the following configuration file declaration overrides the internal definition shown above, and limits the size of any mail message that is delivered to files to 1 megabyte:
M*file*, P=[FILE],M=1000000
, F=9DEFMPloqsu, T=DNS/RFC822/X-Unix, A=FILE $u
Note that any equate that does not default to zero (such as the
P=
,
F=
,
T=
, and
A=
equates) needs to be copied to this configuration file declaration, or the original value will be lost.
A similar change in definition for the m4 configuration of V8 sendmail would look like this:
LOCAL_CONFIG M*file*, P=[FILE],M=1000000
, F=9DEFMPloqsu, T=DNS/RFC822/X-Unix, A=FILE $u
All versions of
sendmail
define a special internal delivery agent called
error
that is designed to aid in the issuance of error messages. It is always available for use in rule sets 0 and 5, and the
check_...
rule sets and cannot be defined with an
M
command.
Beginning with V8.7, the form for using the
error
agent in the RHS of a rule looks like this:
R... $#error $@dsn
$: text of error message here
In general terms, the text following the
$:
is the actual error message that will be included in bounced mail and sent back to a connecting SMTP host. For example, the following rule in rule set 0 would cause all mail to the local user George Washington to bounce:
RGeorge.Washington $#error $: George Washington doesn't sleep here anymore
with an error message like this:
553 <george.washington>... George Washington doesn't sleep here anymore
Delivery Status Notification (DSN, see RFC1893) provides a means for conveying the status of a message's delivery. That status is conveyed in the form of a numeric triple (so as to be easily parseable by machines). This triple is included in the "machine readable" part of bounced messages:
success
.category
.detail
Each part of the triple is separated from the others with dot characters. There may be no space around the dots. The parts are numeric, and the meanings are as follows:
success
Was the overall delivery attempt a success? This part can be one of three digits. A 2 means that the message was successfully delivered. A 4 means that delivery has failed so far but it may succeed in the future. A 5 means that delivery failed (permanently).
category
Failure can be caused by several categories of problem. For example, if this
category
is a 1, it means that there was a problem with the address. If it is a 4 it means that there was a problem with the network.
detail
The
detail
further illuminates the
category
. For example, a category of 1 (address problem) might be caused by a detail of 1 (no such mailbox), or 4 (ambiguous address).
The
$@
part of the
error
delivery agent declaration specifies a DSN code that is appropriate for the error.
R... $#error$@ success.category.detail
$: text of error message here
The
sendmail
program sets its
exit
(2) value according to the
success.category.detail
specified.
Table 30.6
shows the relationship between those DSN codes on the left and UNIX
exit
(2) values on the right. Note that the exit values are defined in
<sysexits.h>
, and note that
success
codes of 2 and 4 completely ignore any
category
and
detail
that may be present (that is, 2.
anything
.
anything
marks successful delivery). If
$@
lists a code that is not in the table, the default exit value is EX_CONFIG. To illustrate, observe that
8.7.1
(see RFC1893) will exit with EX_DATAERR because it corresponds to the
*.7.*
in the table.
DSN | exit(2) | String | Meaning |
---|---|---|---|
2.*.*
|
EX_OK | Successful delivery | |
4.*.*
|
EX_TEMPFAIL | tempfail | Temporary failure, will keep trying |
*.0.*
|
EX_UNAVAILABLE | unavailable | Other address status |
*.1.0
|
EX_DATAERR | Other address status | |
*.1.1
|
EX_NOUSER | nouser | Address is that of a bad mailbox |
*.1.2
|
EX_NOHOST | nohost | Address of recipient is bad |
*.1.3
|
EX_USAGE | usage | Address of recipient has bad syntax |
*.1.4
|
EX_UNAVAILABLE | unavailable | Address is ambiguous |
*.1.5
|
EX_OK | Address of destination is valid | |
*.1.6
|
EX_NOUSER | nouser | Address has moved, no forwarding |
*.1.7
|
EX_USAGE | usage | Address of sender has bad syntax |
*.1.8
|
EX_NOHOST | nohost | Address of sender is bad |
*.2.0
|
EX_UNAVAILABLE | unavailable | Mailbox status is undefined |
*.2.1
|
EX_UNAVAILABLE | unavailable | Mailbox disabled |
*.2.2
|
EX_UNAVAILABLE | unavailable | Mailbox full |
*.2.3
|
EX_DATAERR | Mailbox is too small or message is too large | |
*.2.4
|
EX_UNAVAILABLE | unavailable | Mailbox led to mail list expansion problems |
*.3.*
|
EX_OSERR | Operating system error | |
*.4.0
|
EX_IOERR | Network error is undefined | |
*.4.1
|
EX_TEMPFAIL | tempfail | Network: no answer from host |
*.4.2
|
EX_IOERR | Network bad connection | |
*.4.3
|
EX_TEMPFAIL | tempfail | Network routing failure |
*.4.4
|
EX_PROTOCOL | protocol | Network unable to route |
*.4.5
|
EX_TEMPFAIL | tempfail | Network congestion |
*.4.6
|
EX_CONFIG | config | Network routing loop detected |
*.4.7
|
EX_UNAVAILABLE | unavailable | Network delivery time expired |
*.5.*
|
EX_PROTOCOL | protocol | Protocol failure |
*.6.*
|
EX_UNAVAILABLE | unavailable | Message contents bad or media failure |
*.7.*
|
EX_DATAERR | Security: general security rejection | |
else | EX_CONFIG | config | Internal configuration error |
To illustrate, consider the need to reject all mail from a particular host (say evilhost.domain ). We want to reject that host for security reasons, so we might set up a rule like this:
R$* < @ evilhost.domain > $* $#error $@ 5.7.1 $: You are bad, go away
Here, the number following the
$@
contains a dot, so it is interpreted as a DSN status expression. The
.7.
in it causes sendmail to set its exit valut to EX_DATAERR, and the
5.7.1
is defined in RFC1893 as meaning "Permanent failure, delivery not authorized, message refused."
If the number following the
$@
does not contain a dot,
sendmail
sets its
exit
(2) value to that number. For example, the below results in the same
exit
(2) value as the above but gives a less informative DSN in the bounce message:
R$* < @ evilhost.domain > $* $#error $@65
$: You are bad, go away the value of EX_DATAERR from <sysexits.h>
If the expression following the
$@
is non-numeric,
sendmail
looks up the string and translates a known one into the appropriate
exit
(2) value. The recognized strings are listed in the third column of
Table 30.6
. For example, the following will cause
sendmail
to exit with an EX_UNAVAILABLE value:
R$* < @ evilhost.domain > $* $#error $@unavailable
$: You are bad, go away
If the string following the
$@
is not one of those listed in the table, the default
exit
(2) value becomes EX_UNAVAILABLE.
Recall that the text of the error message following the
$:
is used as a literal error message. That is, this
$:
part:
R... $#error$: george doesn't sleep here anymore
produces this error for the address [email protected] :
553 <[email protected]>... george doesn't sleep here anymore
Here the 553 is an SMTP code (see RFC821). If you want a different SMTP code issued, you may do so by prefixing the
$:
part with it:
R... $#error $:421
george doesn't sleep here anymore
If three digits followed by a space are present as a prefix, those digits are used as the SMTP reply code when sendmail is speaking SMTP. If no digits and space prefix the text, the default SMTP reply code is 553.
A few SMTP codes that are useful with
$:
are listed in
Table 30.7
. The complete list of all SMTP codes can be found in RFC821.
Code | Meaning |
---|---|
421 | Service not available (drop the message) |
553 | Requested action not taken (bounce the message) |
Note that you should restrict yourself to the small set of codes that may legally be returned to the RCPT SMTP command. Also note that any DSN code that is specified in the
$@
part must avoid conflicting with the meaning of the SMTP code. For example, the following construct is wrong and should be avoided:
R... $#error $@ 2.1.1 $: 553 ... avoid such conflicts
Here, the DSN
2.1.1
means that delivery was successful, whereas the SMTP
553
means that delivery failed and the message bounced.