Chapter 12 Configuring Channel Definitions

This chapter describes how to use channel keyword definitions in the MTA configuration file imta.cnf. Please read Chapter 10, About MTA Services and Configuration, as well as 8.5.3 Channel Definitions and 10.2 The MTA Configuration File before reading this chapter. This chapter contains the following sections:

• 12.1 Configuring Channel Defaults

• 12.2 Channel Keywords Listed Alphabetically

• 12.3 Channel Keywords Categorized by Function

• 12.4 Configuring SMTP Channels

• 12.5 Configuring Message Processing and Delivery

• 12.6 Configuring Address Handling

• 12.7 Configuring Header Handling

• 12.8 Attachments and MIME Processing

• 12.9 Limits on Messages, Quotas, Recipients, and Authentication Attempts

• 12.10 File Creation in the MTA Queue

• 12.11 Configuring Logging and Debugging

• 12.12 Miscellaneous Keywords

If you make channel definition changes in imta.cnf, you must restart any programs or channels that load the configuration data only once when they start up—for example, the SMTP server—by using the imsimta restart command. If you are using a compiled configuration, you must recompile and then restart. For more information about compiling configuration information and starting programs, see the Sun Java System Messaging Server 6.3 Administration Reference.

12.1 Configuring Channel Defaults

Many configurations involve repetition of various channel keywords on all or nearly all channels. Maintaining such a configuration is both tedious and error-prone. To simplify some configurations, you can specify which keywords are defaults for various channels.

For example, the following line in a configuration file indicates that all channel blocks following the line will inherit the keywords specified in the line:

defaults keyword1 keyword2 keyword3 ...

The defaults line can be thought of as a special channel block that changes the keyword defaults without actually specifying a channel. The defaults line also does not require any additional lines of channel block information (if any are specified they will be ignored).

There is no limit on the number of defaults lines that can be specified—the effects of multiple defaults lines are cumulative with the most recently encountered (reading from top to bottom) line having precedence.

It may be useful to unconditionally eliminate the effects of any defaults lines starting at some point in the configuration file (at the start of a standalone section of channel blocks in an external file, for example). The nodefaults line is provided for this purpose. For example, inserting the following line in the configuration file nullifies all settings established by any previous defaults channel and returns the configuration to the state that would apply if no defaults had been specified:

nodefaults

Like regular channel blocks, a blank line must separate each defaults or nodefaults channel block from other channel blocks. The defaults and nodefaults channel blocks are the only channel blocks which may appear before the local channel in the configuration file. However, like any other channel block, they must appear after the last rewrite rule.

12.2 Channel Keywords Listed Alphabetically

The following table is an alphabetized list of keywords.

12.3 Channel Keywords Categorized by Function

The following tables are categorized lists of keywords. The tables and categories are as follows:

• Table 12–2 Address Handling Keywords

• Table 12–3 Attachments and MIME Processing

• Table 12–4 Character Sets and Eight Bit Data

• Table 12–5 File Creation in the MTA Queue Area

• Table 12–6 Header Keywords

• Table 12–7 Incoming Channel Matching and Switching Keywords

• Table 12–8 Logging and Debugging Channel Keywords

• Table 12–9 Long Address Lists or Headers Channel Keywords

• Table 12–10 Mailbox Filter Channel Keywords

• Table 12–11 NO-SOLICIT SMTP Extension Support Keywords

• Table 12–12 Notification and Postmaster Messages Keywords

• Table 12–13 Processing Control and Job Submission Keywords

• Table 12–14 Sensitivity Limit Keywords

• Table 12–15 Keywords for Limits on Messages, User Quotas, Privileges, and Authentication Attempts

• Table 12–16 SMTP Authentication, SASL and TLS Keywords

• Table 12–17 SMTP Commands and Protocol Keywords

• Table 12–18 TCP/IP Connection and DNS Lookup Support Keywords

• Table 12–19 Miscellaneous Keywords

12.4 Configuring SMTP Channels

Depending on the type of installation, Messaging Server provides several SMTP channels at installation time (see table below). These channels implement SMTP over TCP/IP. The multithreaded TCP SMTP channel includes a multithreaded SMTP server that runs under the control of the Dispatcher. Outgoing SMTP mail is processed by the channel program tcp_smtp_client, and runs as needed under the control of the Job Controller.

You can modify the definitions of these channels or create new channels by adding or removing channel keywords as described in this section. In addition, an option file may be used to control various characteristics of TCP/IP channels. Such an option file must be stored in the MTA configuration directory (msg-svr-base/config) and named x_option, where x is the name of the channel. Refer to the Option File in Sun Java System Messaging Server 6.3 Administration Reference for details.

This section is divided into the following subsections:

• 12.4.1 Configuring SMTP Channel Options

• 12.4.2 SMTP Command and Protocol Support

• 12.4.3 TCP/IP Connection and DNS Lookup Support

• 12.4.4 SMTP Authentication, SASL, and TLS

• 12.4.5 Using Authenticated Addresses from SMTP AUTH in Header

• 12.4.6 Support for SMTP Chunking

• 12.4.7 Specifying Microsoft Exchange Gateway Channels

• 12.4.8 Transport Layer Security

12.4.1 Configuring SMTP Channel Options

TCP/IP channel option files control various characteristics of TCP/IP channels. Channel option files must be stored in the MTA configuration directory and named x_option, where x is the name of the channel. For example, /msg-svr-base/config/tcp_local_option

The option file consists of one or more keywords and associated values. For example you can disable mailing list expansion on your server by including the DISABLE_EXPAND keyword in the option file and setting the value to 1.

Other option file keywords allow you to:

• Set a limit on the number of recipients allowed per message (ALLOW_RECIPIENTS_PER_TRANSACTION)

• Set a limit on the number of messages allowed per connection (ALLOW_TRANSACTIONS_PER_SESSION)

• Fine tune the type of information logged to the MTA log file (LOG_CONNECTION, LOG_TRANPORTINFO)

• Specify the maximum number of simultaneous outbound connections that the client channel program allows (MAX_CLIENT_THREADS)

SMTP channel options that take effect after channel switching should be placed in the appropriate channel option file (that is, tcp_local_option, tcp_auth_option, tcp_intranet_option). SMTP channel option files that take effect before channel switching MUST be placed in the channel option file for the original channel—usually tcp_local, because messages usually enter the MTA via the tcp_local channel before channel switching occurs.

For information about all channel option keywords and syntax, see the Sun Java System Messaging Server 6.3 Administration Reference.

12.4.2 SMTP Command and Protocol Support

You can specify whether an SMTP channel supports certain SMTP commands, such as EHLO, ETRN, EXPN and VRFY. You can also specify whether the channel support DNS domain verification, which characters the channel accepts as line terminators, and so on. This section describes the following:

• 12.4.2.1 Channel Protocol Selection and Line Terminators

• 12.4.2.2 EHLO Command Support

• 12.4.2.3 ETRN Command Support

• 12.4.2.4 VRFY Command Support

• 12.4.2.5 EXPN Support

• 12.4.2.6 DNS Domain Verification

• 12.4.2.7 Character Set Labeling and Eight-Bit Data

• 12.4.2.8 Protocol Streaming

Table 12–21 summarizes the keywords described in this section.

12.4.2.1 Channel Protocol Selection and Line Terminators

Keywords: smtp, nosmtp, smtp_crlf, smtp_cr, smtp_crorlf, smtp_lf

The smtp and nosmtp keywords specify whether or not a channel supports the SMTP protocol. The smtp keyword, or one of its variations, is mandatory for all SMTP channels.

The keywords smtp_crlf, smtp_cr, smtp_crorlf, and smtp_lf can be used on SMTP channels to specify the character sequences that the MTA will accept as line terminators. The keyword smtp_crlf or smtp means that lines must be terminated with a carriage return (CR) line feed (LF) sequence. The keyword smtp_lf means that an LF without a preceding CR is accepted. The keyword smtp_cr means that a CR is accepted without a following LF. Finally, smtp_crorlf means that any of CR, LF, or the standard CRLF sequence are allowed as the SMTP line terminator. These option affect only the handling of incoming material.

Because the SMTP standard requires CRLF as the line terminator, the MTA always generates the standard CRLF sequence. The various smtp keywords merely control whether the MTA will accept additional non-standard line terminators. For example, you can specify smtp_crlf if you want the MTA to accept only strictly legal SMTP messages and reject any messages with nonstandard line terminators.

12.4.2.2 EHLO Command Support

Keywords: ehlo, noehlo, checkehlo

The SMTP protocol has been extended (RFC 1869) to allow for negotiation of additional commands. This is done by using the new EHLO command, which replaces RFC 821's HELO command. Extended SMTP servers respond to EHLO by providing a list of the extensions they support. Unextended servers return an unknown command error and the client then sends the old HELO command instead.

This fallback strategy normally works well with both extended and unextended servers. Problems can arise, however, with servers that do not implement SMTP according to RFC 821. In particular, some noncompliant servers are known to drop the connection on receipt of an unknown command.

The SMTP client implements a strategy whereby it attempts to reconnect and use HELO when any server drops the connection on receipt of an EHLO. However, this strategy might not work if the remote server not only drops the connection but also goes into a problematic state upon receipt of EHLO.

The channel keywords ehlo, noehlo, and checkehlo are provided to deal with such situations. The ehlo keyword tells the MTA to use the EHLO command on all initial connection attempts. The noehlo keyword disables all use of the EHLO command. The checkehlo keyword tests the response banner returned by the remote SMTP server for the string “ESMTP”. If this string is found EHLO is used; if not, HELO is used. The default behavior is to use EHLO on all initial connection attempts, unless the banner line contains the string “fire away”, in which case HELO is used; note that there is no keyword corresponding to this default behavior, which lies between the behaviors resulting from the ehlo and checkehlo keywords.

12.4.2.3 ETRN Command Support

Keywords: allowetrn, blocketrn, disableetrn, domainetrn, silentetrn, sendetrn, nosendetrn, novrfy

The ETRN command, defined in RFC 1985, provides an extension to the SMTP service whereby an SMTP client and server can interact to give the server an opportunity to start the processing of its queues for messages to go to a given host.

Using ETRN, an SMTP client can request that a remote SMTP server start processing the message queues destined for sending to the SMTP client. Thus, ETRN provides a way to implement “polling” of remote SMTP systems for messages incoming to one’s own system. This can be useful for systems that have only transient connections between each other, for example, sites that are set up as secondary mail exchange (MX) hosts for other sites that only have a dial-up connection to the Internet. By enabling this command, you permit remote, possibly dial-up, servers to request delivery of their mail.

The SMTP client specifies on the SMTP ETRN command line the name of the system to which to send messages (generally the SMTP client system’s own name). If the remote SMTP server supports the ETRN command, it will trigger execution of a separate process to connect back to the named system and send any messages awaiting delivery for that named system.

Responding to ETRN Commands

The allowetrn, blocketrn, domainetrn, and silentetrn keywords control the MTA response when a sending SMTP client issues the ETRN command, requesting that the MTA attempt to deliver messages in the MTA queues.

By default, the MTA will attempt to honor all ETRN commands; that is, the allowetrn keyword is enabled. You can specify that the MTA not honor ETRN commands by including the blocketrn keyword in the channel definition.

You can specify that the MTA honor all ETRN commands, but without echoing the name of the channel that the domain matched and that the MTA will be attempting to run by including the silentetrn keyword. The domainetrn keyword specifies that the MTA honor only ETRN commands that specify a domain; it also causes the MTA not to echo back the name of the channel that the domain matched and that the MTA will be attempting to run.

disableetrn disables support for the ETRN command entirely; ETRN is not advertised by the SMTP server as a supported command.

Sending ETRN Commands

The sendetrn and nosendetrn channel keywords control whether the MTA sends an ETRN command at the beginning of an SMTP connection. The default is nosendetrn, meaning that the MTA will not send an ETRN command. The sendetrn keyword tells the MTA to send an ETRN command, if the remote SMTP server says it supports ETRN. The sendetrn keyword should be followed by the name of the system requesting that its messages receive a delivery attempt.

12.4.2.4 VRFY Command Support

Keywords: domainvrfy, localvrfy, vrfyallow, vrfydefault, vrfyhide

The VRFY command enables SMTP clients to send a request to an SMTP server to verify that mail for a specific user name resides on the server. The VRFY command is defined in RFC 821.

The server sends a response indicating whether the user is local or not, whether mail will be forwarded, and so on. A response of 250 indicates that the user name is local; a response of 251 indicates that the user name is not local, but the server can forward the message. The server response includes the mailbox name.

Sending a VRFY Command

Under normal circumstances there is no reason to issue a VRFY command as part of an SMTP dialogue. The SMTP RCPT TO command should perform the same function that VRFY does and return an appropriate error. However, servers exist that can accept any address in a RCPT TO (and bounce it later), whereas these same servers perform more extensive checking as part of a VRFY command.

By default, the MTA does not send a VRFY command (the novrfy keyword is enabled).

If necessary, the MTA can be configured to issue the SMTP VRFY command by including the domainvrfy or localvrfy keyword in the channel definition. The keyword domainvrfy causes a VRFY command to be issued with a full address (user@host) as its argument. The localvrfy keyword causes the MTA to issue a VRFY command with just the local part of the address (user).

Responding to a VRFY Command

The vrfyallow, vrfydefault, and vrfyhide keywords control the SMTP server’s response when a sending SMTP client issues an SMTP VRFY command.

The vrfyallow keyword tells the MTA to issue a detailed, informative response. The vrfydefault tells the MTA to provide a detailed, informative response, unless the channel option HIDE_VERIFY=1 has been specified. The vrfyhide keyword tells the MTA to issue only a vague, ambiguous response. These keywords allow per-channel control of VRFY responses, as opposed to the HIDE_VERIFY option, which normally applies to all incoming TCP/IP channels handled through the same SMTP server.

12.4.2.5 EXPN Support

Keywords: expnallow, expndisable, expndefault

expnallow allows EXPN even if it has been disabled at the SMTP server level with the DISABLE_EXPAND SMTP channel option. expndisable disables EXPN unconditionally. expndefault allows EXPN if the SMTP server is set to allow it (default). Expansion can be disabled on a per-list basis, but if it is disabled at the server level, the per-list settings are irrelevant.

12.4.2.6 DNS Domain Verification

Keywords: mailfromdnsverify, nomailfromdnsverify

Setting mailfromdnsverify on an incoming TCP/IP channel causes the MTA to verify that an entry in the DNS exists for the domain used on the SMTP MAIL FROM command and to reject the message if no such entry exists. The default, nomailfromdnsverify, means that no such check is performed. Note that performing DNS checks on the return address domain may result in rejecting some desired valid messages (for instance, from legitimate sites that simply have not yet registered their domain name, or at times of bad information in the DNS); it is contrary to the spirit of being generous in what you accept and getting the e-mail through, expressed in RFC 1123, Requirements for Internet Hosts. However, some sites may desire to perform such checks in cases where unsolicited bulk email (UBE) is being sent with forged e-mail addresses from non-existent domains.

Because the introduction of DNS wildcard entries in the COM and ORG top-level domains has made mailfromdnsverify less useful, the mailfromdnsverify code has been modified. When the DNS returns one or more A records, these values are compared against the domain literals specified by the new MTA option BLOCKED_MAIL_FROM_IPS. If a match is found, the domain is considered to be invalid. In order to restore correct behavior the current correct setting is:

BLOCKED_MAIL_FROM_IPS=[64.94.110.11]

This option’s value defaults to an empty string.

12.4.2.7 Character Set Labeling and Eight-Bit Data

Keywords: charset7, charset8, charsetesc, sevenbit, eightbit, eightnegotiate, eightstrict

Character Set Labeling

The MIME specification provides a mechanism to label the character set used in a plain text message. Specifically, a charset= parameter can be specified as part of the Content-type: header line. Various character set names are defined in MIME, including US-ASCII (the default), ISO-8859-1, ISO-8859-2, and many more that have been subsequently defined.

Some existing systems and user agents do not provide a mechanism for generating these character set labels; as a result, some plain text messages may not be properly labeled. The charset7, charset8, and charsetesc channel keywords provide a per-channel mechanism to specify character set names to be inserted into message headers which lack character set labelling. Each keyword requires a single argument giving the character set name. The names are not checked for validity. Note, however, that character set conversion can only be done on character sets specified in the character set definition file charsets.txt found in the MTA table directory. The names defined in this file should be used if possible.

The charset7 character set name is used if the message contains only seven bit characters; the charset8 character set name will be used if eight bit data is found in the message; charsetesc will be used if a message containing only seven bit data happens to contain escape characters also. If the appropriate keyword is not specified no character set name will be inserted into Content-type: header lines.

Note that the charset8 keyword also controls the MIME encoding of 8-bit characters in message headers (where 8-bit data is unconditionally illegal). The MTA normally MIME-encodes any (illegal) 8-bit data encountered in message headers, labeling it as the UNKNOWN charset if no charset8 value has been specified.

These character set specifications never override existing labels; that is, they have no effect if a message already has a character set label or is of a type other than text. It is usually appropriate to label MTA local channels as follows:

l ... charset7 US-ASCII charset8 ISO-8859-1 ...
hostname

If there is no Content-type header in the message, it is added. This keyword also adds the MIME-version: header line if it is missing.

The charsetesc keyword tends to be particularly useful on channels that receive unlabeled messages using Japanese or Korean character sets that contain the escape character.

Eight-Bit Data

Some transports restrict the use of characters with ordinal values greater than 127 (decimal). Most notably, some SMTP servers will strip the high bit and thus garble messages that use characters in this eight-bit range.

Messaging Server provides facilities to automatically encode such messages so that troublesome eight bit characters do not appear directly in the message. This encoding can be applied to all messages enqueued to a given channel by specifying the sevenbit keyword. A channel should be marked eightbit if no such restriction exists.

The SMTP protocol disallows eightbit “unless the remote SMTP server explicitly says it supports the SMTP extension allowing eightbit.” Some transports such as extended SMTP may actually support a form of negotiation to determine if eight bit characters can be transmitted. Therefore, the use of the eightnegotiate keyword is strongly recommended to instruct the channel to encode messages when negotiation fails. This is the default for all channels; channels that do not support negotiation will simply assume that the transport is capable of handling eight bit data.

The eightstrict keyword tells Messaging Server to reject any incoming messages with headers that contain illegal eight bit data.

12.4.2.8 Protocol Streaming

Keywords: streaming

Some mail protocols support streaming operations. This means that the MTA can issue more than one operation at a time and wait for replies to each operation to arrive in batches. The streaming keyword controls the degree of protocol streaming used in the protocol associated with a channel. This keyword requires an integer parameter; how the parameter is interpreted is specific to the protocol in use.

Under normal circumstances, the extent of streaming support available is negotiated using the SMTP pipelining extension. As such this keyword should never be used under normal circumstances.

The streaming values available range from 0 to 3. A value of 0 specifies no streaming, a value of 1 causes groups of RCPT TO commands to stream, a value of 2 causes MAIL FROM/RCPT TO stream, and a value of 3 causes HELO/MAIL FROM/RCPT TO or RSET/MAIL FROM/RCPT TO streaming to be used. The default value is 0.

12.4.3 TCP/IP Connection and DNS Lookup Support

You can specify information about how the server handles TCP/IP connections and address lookups. This section describes the following:

• 12.4.3.1 TCP/IP Port Number and Interface Address

• 12.4.3.2 Caching for Channel Connection Information

• 12.4.3.3 Reverse DNS Lookups

• 12.4.3.4 IDENT Lookups

• 12.4.3.5 TCP/IP MX Record Support

• 12.4.3.6 Nameserver Lookups

• 12.4.3.7 Last Resort Host

• 12.4.3.8 Alternate Channels for Incoming Mail (Switch Channels)

• 12.4.3.9 Source Channel Switching Based on User or Domain Settings

• 12.4.3.10 Target Host Choice

Table 12–22 lists the TCP/IP connection and DNS lookup keywords described in this section.

12.4.3.1 TCP/IP Port Number and Interface Address

Keywords: port, interfaceaddress

The SMTP over TCP/IP channels normally connect to port 25 when sending messages. The port keyword can be used to instruct an SMTP over TCP/IP channel to connect to a nonstandard port. Note that this keyword complements the Dispatcher option PORT, which controls which ports the MTA listens on for accepting SMTP connections.

The interfaceaddress keyword controls the address to which a TCP/IP channel binds as the source address for outbound connections; that is, on a system with multiple interface addresses this keyword controls which address will be used as the source IP address when the MTA sends outgoing SMTP messages. Note that this keyword complements the Dispatcher option INTERFACE_ADDRESS, which controls which interface address a TCP/IP channel listens on for accepting incoming connections and messages.

12.4.3.2 Caching for Channel Connection Information

Keywords: cacheeverything, nocache, cachefailures, cachesuccesses

Channels using the SMTP protocol maintain a cache containing a history of prior connection attempts. This cache is used to avoid reconnecting multiple times to inaccessible hosts, which can waste lots of time and delay other messages. The cache is a per process cache and only persists during a single run of the outbound SMTP delivery channel.

The cache normally records both connection successes and failures. (Successful connection attempts are recorded in order to offset subsequent failures—a host that succeeded before but fails now doesn't warrant as long of a delay before making another connection attempt as does one that has never been tried or one that has failed previously.)

However, the caching strategy used by the MTA is not necessarily appropriate for all situations. Therefore channel keywords are provided to adjust the MTA cache.

The cacheeverything keyword enables all forms of caching and is the default. The nocache keyword disables all caching.

The cachefailures keyword enables caching of connection failures but not successes—this forces a somewhat more restricted retry than cacheeverything does. Finally, cachesuccesses caches only successes. This last keyword is effectively equivalent to nocache for SMTP channels.

12.4.3.3 Reverse DNS Lookups

Keywords: forwardchecknone, forwardchecktag, forwardcheckdelete

The forwardchecknone, forwardchecktag, and forwardcheckdelete channel keywords can modify the effects of doing reverse DNS lookups. These keywords can control whether the MTA does a forward lookup of an IP name found using a DNS reverse lookup, and if such forward lookups are requested, specify what the MTA does if the forward lookup of the IP name does not match the original IP number of the connection.

The forwardchecknone keyword is the default, and means that no forward lookup is done. The forwardchecktag keyword tells the MTA to do a forward lookup after each reverse lookup and to tag the IP name with an asterisk (*), if the number found using the forward lookup does not match that of the original connection. The forwardcheckdelete keyword tells the MTA to do a forward lookup after each reverse lookup and to ignore (delete) the reverse lookup returned name if the forward lookup of that name does not match the original connection IP address; in this case, the MTA uses the original IP address instead.

Having the forward lookup not match the original IP address is normal at many sites, where a more “generic” IP name is used for several different IP addresses.

12.4.3.4 IDENT Lookups

Keywords: identnone, identnonelimited, identtnonnumeric, identnonesymbolic, identtcp, identtcpnumeric, identtcpsymbolic, identtcplimited

The IDENT keywords control how the MTA handles connections and lookups using the IDENT protocol. The IDENT protocol is described in RFC 1413.

The identtcp, identtcpsymbolic, and identtcpnumeric keywords tell the MTA to perform a connection and lookup using the IDENT protocol. The information obtained from the IDENT protocol (usually the identity of the user making the SMTP connection) is inserted into the Received: header of the message as follows:

• identtcp inserts the host name corresponding to the incoming IP number, as reported from a DNS reverse lookup and the IP number itself.

• identtcpsymbolic inserts the host name corresponding to the incoming IP number, as reported from a DNS reverse lookup; the IP number itself is not included in the Received: header.

• identtcpnumeric inserts the actual incoming IP number—no DNS reverse lookup on the IP number is performed.

The remote system must be running an IDENT server for the IDENT lookup caused by identtcp, identtcpsymbolic, or identtcpnumeric to be useful.

Be aware that IDENT query attempts may incur a performance hit. Increasingly routers will “black hole” attempted connections to ports that they don’t recognize. If this happens on an IDENT query, then the MTA does not hear back until the connection times out (a TCP/IP stack controlled time-out, typically on the order of a minute or two).

Another performance factor occurs when comparing identtcp, indenttcplimited, or identtcpsymbolic to identtcpnumeric. The DNS reverse lookup called for with identtcp, identtcplimited, or identtcpsymbolic incurs some additional overhead to obtain the more user-friendly host name.

The identnone keyword disables IDENT lookup, but does specify IP to host name translation, and both IP number and host name will be included in the Received: header for the message.

The identnonesymbolic keyword disables IDENT lookup, but does do IP to host name translation; only the host name will be included in the Received: header for the message.

The identnonenumeric keyword disables this IDENT lookup and inhibits the usual DNS reverse lookup translation of IP number to host name, and might result in a performance improvement at the cost of less user-friendly information in the Received: header. This is the default.

The identtcplimited and identnonelimited keywords have the same effect as identtcp and identnone, respectively, as far as IDENT lookups, reverse DNS lookups, and information displayed in Received: header. Where they differ is that with identtcplimited or identnonelimited the IP literal address is always used as the basis for any channel switching due to use of the switchchannel keyword, regardless of whether the DNS reverse lookup succeeds in determining a host name.

12.4.3.5 TCP/IP MX Record Support

Keywords: mx, nomx, defaultmx, randommx, nonrandommx

Some TCP/IP networks support the use of MX (mail forwarding) records and some do not. Some TCP/IP channel programs can be configured not to use MX records if they are not provided by the network that the MTA system is connected to. The mx, nomx, defaultmx, randommx, nonrandommx keywords control MX record support.

The keyword randommx specifies that MX lookups should be done and MX record values of equal precedence should be processed in random order. The keyword nonrandommx specifies that MX lookups should be done and MX values of equal precedence should be processed in the same order in which they were received.

The mx keyword is currently equivalent to nonrandommx; it might change to be equivalent to randommx in a future release. The nomx keyword disables MX lookups. The defaultmx keyword specifies that mx should be used if the network says that MX records are supported. The keyword defaultmx is the default on channels that support MX lookups in any form.

12.4.3.6 Nameserver Lookups

Keywords: nameservers, defaultnameservers

When name server lookups are being performed, the nameservers channel keyword may be used to specify a list of name servers to consult rather than consulting the TCP/IP stack's own choice of name servers. The nameservers keyword requires a space separated list of IP addresses for the name servers, as shown in the following example:

nameservers 1.2.3.1 1.2.3.2

The default, defaultnameservers, means use the TCP/IP stack's own choice of name servers.

To prevent name server lookups on UNIX, you can modify the nsswitch.conf file. On NT, modify the TCP/IP configuration.

12.4.3.7 Last Resort Host

Keywords: lastresort

The lastresort keyword is used to specify a host to connect to even when all other connection attempts fail. In effect this acts as an MX record of last resort. This is only useful on SMTP channels.

The keyword requires a single parameter specifying the name of the “system of last resort.” For example:

tcp_local single_sys smtp mx lastresort mailhub.siroe.com
TCP-DAEMON

12.4.3.8 Alternate Channels for Incoming Mail (Switch Channels)

Keywords: switchchannel, allowswitchchannel, noswitchchannel. See also saslswitchchannel on 12.4.4 SMTP Authentication, SASL, and TLS, and tlsswitchchannel on 12.4.8 Transport Layer Security and userswitchchannel on 12.4.3.9 Source Channel Switching Based on User or Domain Settings

The following keywords control selection of an alternate channel for incoming mail: switchchannel, allowswitchchannel, noswitchchannel.

When the MTA accepts an incoming connection from a remote system, it must choose a channel with which to associate the connection. Normally this decision is based on the transfer used; for example, an incoming SMTP over TCP/IP connection is automatically associated with the tcp_local channel.

This convention breaks down, however, when multiple outgoing channels with different characteristics are used to handle different systems over the same transfer. When this happens, incoming connections are not associated with the same channel as outgoing connections, and the result is that the corresponding channel characteristics are not associated with the remote system.

The switchchannel keyword provides a way to eliminate this difficulty. If switchchannel is specified on the initial channel the server uses, the IP address of the connecting (originating) host will be matched against the channel table and if it matches the source channel will change accordingly. If no IP address match is found or if a match is found that matches the original default incoming channel, the MTA may optionally try matching using the host name found by doing a DNS reverse lookup. The source channel may change to any channel marked switchchannel or allowswitchchannel (the default). The noswitchchannel keyword specifies that no channel switching should be done to or from the channel.

Specification of switchchannel on anything other than a channel that a server associates with by default has no effect. At present, switchchannel only affects SMTP channels, but there are actually no other channels where switchchannel would be reasonable.

12.4.3.9 Source Channel Switching Based on User or Domain Settings

Keywords: userswitchchannel. See also switchchannel on 12.4.3.8 Alternate Channels for Incoming Mail (Switch Channels)

Source channel switching based on user or domain settings is now possible. There are three new settings involved:

1. A new channel keyword userswitchchannel. This keyword must be present on the initial source channel for user channel switching to occur.

2. A new MTA option LDAP_DOMAIN_ATTR_SOURCE_CHANNEL that specifies the name of a domain-level attribute containing the name of the channel to which to switch.

3. A new MTA option LDAP_SOURCE_CHANNEL that specifies the name of a user-level attribute containing the name of the channel to which to switch.

Additionally, the channel being switched to must be set to allow channel switches. That is, it cannot be marked with the noswitchchannel keyword. Switching is done based on information returned by rewriting the MAIL FROM address. Note that MAIL FROM addresses are easily forged so this functionality should be used with extreme care.

12.4.3.10 Target Host Choice

Keywords: daemon, multiple, single, single_sys

The interpretation and usage of the daemon keyword depends upon the type of channel to which it is applied.

The daemon keyword is used on SMTP channels to control the choice of a target host.

Normally, channels connect to whatever host is listed in the envelope address of the message being processed. The daemon keyword is used to tell the channel to instead connect to a specific remote system, generally a firewall or mail hub system, regardless of the envelope address. The actual remote system name should appear directly after the daemon keyword, as shown in the following example:

tcp_firewall smtp mx daemon firewall.acme.com
TCP-DAEMON

If the argument after the daemon keyword is not a fully qualified domain name, the argument will be ignored and the channel will connect to the channel's official host. The official host is the fully qualified hostname associated with the channel. This can be specified in the second line of a three line channel block:

tcp_firewall smtp mx daemon router
firewall.acme.com
TCP-DAEMON

The official host can also be specified after TCP-DAEMON in a two-line channel block so outbound connections will identify themselves as a particular host:

tcp_firewall smtp mx daemon router
TCP-DAEMON firewall.acme.com

When specifying the firewall or gateway system name as the official host name, the argument given to the daemon keyword is typically specified as router, as shown in the following example:

tcp_firewall smtp mx daemon router
firewall.acme.com
TCP-DAEMON

Messaging Server allows multiple destination addresses to appear in each queued message. Some channel programs, however, may only be able to process messages with one recipient, or with a limited number of recipients, or with a single destination system per message copy. For example, the SMTP client programs for the TCP/IP channels only establish a connection to a single remote host in a given transaction, so only addresses to that host can be processed (this despite the fact that a single channel is typically used for all TCP/IP traffic).

Other keywords of interest are multiple, single and single_sys. The multiple keyword, the default, creates a single copy of the message for the entire channel. The single keyword specifies that a separate copy of the message should be created for each destination address on the channel. The single_sys keyword creates a single copy of the message for each destination system used. Note that at least one copy of each message is created for each channel the message is queued to, regardless of the keywords used.

12.4.4 SMTP Authentication, SASL, and TLS

Keywords: maysaslserver, mustsaslserver, nosasl, nosaslserver, saslswitchchannel, nosaslswitchchannel)

You can control whether the Messaging Server supports authentication to the SMTP server using SASL (Simple Authentication and Security Layer). SASL is defined in RFC 2222 and or more information about SASL, SMTP authentication, and security is in Chapter 23, Configuring Security and Access Control.

The maysaslserver, mustsaslserver, nosasl, nosaslserver, switchchannel, and saslswitchchannel channel keywords are used to configure SASL (SMTP AUTH) use during the SMTP protocol by SMTP channels such as TCP/IP channels.

nosasl is the default and means that SASL authentication is not permitted or attempted. It subsumes nosaslserver, which means that SASL authentication is not permitted. Specifying maysaslserver causes the SMTP server to permit clients to attempt to use SASL authentication. Specifying mustsaslserver causes the SMTP server to insist that clients use SASL authentication; the SMTP server does not accept messages unless the remote client successfully authenticates.

Use saslswitchchannel to cause incoming connections to be switched to a specified channel upon a client’s successful use of SASL. It takes a required value, specifying the channel to which to switch.

12.4.5 Using Authenticated Addresses from SMTP AUTH in Header

Keywords: authrewrite

The authrewrite channel keyword and associated AUTH_REWRITE mapping table allows modification of header and envelope addresses using addressing information obtained from authentication operations. Specifically, SASL authentication can be configured to provide an authorized email address. Normally the SMTP AUTH information is used, though this may be overridden via the FROM_ACCESS mapping. The authrewrite keyword takes a required bit value, according to Table 12–23.

The $Z flag should be highly restricted as there are few legitimate uses for modifying envelope and header addresses.

12.4.6 Support for SMTP Chunking

Keywords: chunkingclient, chunkingserver, nochunkingclient, nochunkingserver

Support for SMTP chunking (RFC 3030) has been added to both the SMTP client and server. This support is enabled by default. Four new channel keywords can be used to control whether or not chunking is allowed. They are as follows:

• chunkingclient - Enable client chunking support (default).

• chunkingserver - Enable server chunking support (default).

• nochunkingclient - Disable client chunking support.

• nochunkingserver - Disable server chunking support.

The log file action field has been extended to indicate whether or not chunking was used to transfer a given message. Specifically, a C will be appended if chunking is used. Note that ESMTP has to be used for chunking to work, so you'll typically see field values like EEC or DEC.

12.4.7 Specifying Microsoft Exchange Gateway Channels

Keywords: msexchange, nomsexchange

The msexchange channel keyword may be used on TCP/IP channels to tell the MTA that this is a channel that communicates with Microsoft Exchange gateways and clients. When placed on an incoming TCP/IP channel which has SASL enabled (via a maysaslserver or mustsaslserver keyword), it causes the MTA’s SMTP server to advertise AUTH using an “incorrect” format (based upon the original ESMTP AUTH specification, which was actually incompatible with correct ESMTP usage, rather than the newer, corrected AUTH specification). Some Microsoft Exchange clients, for instance, does not recognize the correct AUTH format and only recognizes the incorrect AUTH format.

The msexchange channel keyword also causes advertisement (and recognition) of broken TLS commands.

nomsexchange is the default.

12.4.8 Transport Layer Security

Keywords: maytls, maytlsclient, maytlsserver, musttls, musttlsclient, musttlsserver, notls, notlsclient, notlsserver, tlsswitchchannel

The maytls, maytlsclient, maytlsserver, musttls, musttlsclient, musttlsserver, notls, notlsclient, notlsserver, and tlsswitchchannel channel keywords are used to configure TLS use during the SMTP protocol by SMTP based channels such as TCP/IP channels.

The default is notls, and means that TLS will not be permitted or attempted. It subsumes the notlsclient keyword, which means that TLS use will not be attempted by the MTA SMTP client on outgoing connections (the STARTTLS command will not be issued during outgoing connections) and the notlsserver keyword, which means that TLS use will not be permitted by the MTA SMTP server on incoming connections (the STARTTLS extension will not be advertised by the SMTP server nor the command itself accepted).

Specifying maytls causes the MTA to offer TLS to incoming connections and to attempt TLS upon outgoing connections. It subsumes maytlsclient, which means that the MTA SMTP client will attempt TLS use when sending outgoing messages, if sending to an SMTP server that supports TLS, and maytlsserver, which means that the MTA SMTP server will advertise support for the STARTTLS extension and will allow TLS use when receiving messages.

Note that for TLS to work, the following conditions must be in place:

• Protections/ownerships of the certificates have to be set so that the mailsrv account can access the files.

• The directory where the certificates are stored need to have protections/ownerships set such that the mailsrv account can access the files within that directory.

Specifying musttls will cause the MTA to insist upon TLS in both outgoing and incoming connections; email will not be exchanged with remote systems that fail to successfully negotiate TLS use. It subsumes musttlsclient, which means that the MTA SMTP client will insist on TLS use when sending outgoing messages and will not send to SMTP servers that do not successfully negotiate TLS use (the MTA will issue the STARTTLS command and that command must succeed). It also subsumes musttlsserver, which means that the MTA SMTP server will advertise support for the STARTTLS extension and will insist upon TLS use when receiving incoming messages and will not accept messages from clients that do not successfully negotiate TLS use.

The tlsswitchchannel keyword is used to cause incoming connections to be switched to a specified channel upon a client's successful TLS negotiation. It takes a required value, specifying the channel to which to switch.

12.5 Configuring Message Processing and Delivery

You can configure when the server attempts to deliver messages based on certain criteria. You can also specify parameters for job processing, such as processing limits for service jobs, or when to spawn a new SMTP channel thread. This section describes the following:

• 12.5.1 Setting Channel Directionality

• 12.5.2 Implementing Deferred Delivery Dates

• 12.5.3 Specifying the Retry Frequency for Messages that Failed Delivery

• 12.5.4 Processing Pools for Channel Execution Jobs

• 12.5.5 Service Job Limits

• 12.5.7 Message Priority Based on Size

• 12.5.8 SMTP Channel Threads

• 12.5.9 Expansion of Multiple Addresses

• 12.5.10 Enable Service Conversions

For conceptual information on message processing and delivery, refer to Table 12–24

12.5 Configuring Message Processing and Delivery summarizes the keywords described in this section.

12.5.1 Setting Channel Directionality

Keywords: master, slave, bidirectional

Three keywords are used to specify whether a channel is served by a master program (master), a slave program (slave), or both (bidirectional). The default, if none of these keywords are specified, is bidirectional. These keywords determine whether the MTA initiates delivery activity when a message is queued to the channel.

The use of these keywords reflects certain fundamental characteristics of the corresponding channel program or programs. The descriptions of the various channels the MTA supports indicate when and where these keywords should be used.

12.5.2 Implementing Deferred Delivery Dates

Keywords: deferred, nodeferred

The deferred channel keyword implements recognition and honoring of the Deferred-delivery: header line. Messages with a deferred delivery date in the future are held in the channel queue until they either expire and are returned or the deferred delivery date is reached. See RFC 1327 for details on the format and operation of the Deferred-delivery: header line.

The keyword nodeferred is the default. It is important to realize that while support for deferred message processing is mandated by RFC 1327, actual implementation of it effectively lets people use the mail system as an extension of their disk quota and opens the system up to potential denial-of-service attacks on your disk space by arbitrary malicious users.

12.5.3 Specifying the Retry Frequency for Messages that Failed Delivery

Keywords: backoff, nonurgentbackoff, normalbackoff, urgentbackoff, notices

By default, the frequency of delivery retries for messages that have had delivery failures depends on the message’s priority. The default intervals between delivery attempts (in minutes) is shown below. The first number after the priority indicates the number of minutes after the initial delivery failure that the first delivery retry is attempted:

urgent: 30, 60, 60, 120, 120, 120, 240
normal: 60, 120, 120, 240, 240, 240, 480
nonurgent: 120, 240, 240, 480, 480, 480, 960

For urgent messages, a retry is attempted 30 minutes after the initial delivery failure, 60 minutes after the first delivery retry, 60 minutes after the second retry, 120 minutes after the third and so on. Retries after the last specified attempt repeat at the same interval. Thus, for urgent messages, retries occur every 240 minutes.

Delivery attempts continue for a period of time specified by the notices, nonurgentnotices, normalnotices, or urgentnotices keywords. If a successful delivery cannot be made, a delivery failure notification is generated and the message is returned to sender. (For details on the notices keyword, see 10.10.4.3 To Set Notification Message Delivery Intervals

The backoff keywords allow you to specify customized sets of delivery retry intervals for messages of varying priorities. nonurgentbackoff specifies the intervals for nonurgent messages. normalbackoff specifies the intervals for normal messages. urgentbackoff specifies the intervals for urgent messages. If none of these keywords is specified, backoff specifies the intervals for all messages regardless of priority.

An example, is shown below:

urgentbackoff "pt30m" "pt1h" "pt2h" "pt3h" "pt4h" "pt5h" "pt8h" "pt16h"

Here, delivery retries of urgent messages is attempted 30 minutes after the initial delivery failure, one hour after the first delivery attempt (1 hour 30 minutes after initial failure), two hours after the second delivery attempt, three hours after the third, four hours after the fourth, five hours after the fifth, eight hours after the sixth, 16 hours after the seventh delivery attempt. Subsequent attempts are made every 16 hours until the period of time specified by the notices keyword. If a successful delivery cannot be made, a delivery failure notification is generated and the message is returned to sender. Note that the interval syntax is in ISO 8601P and is described in the Sun Java System Messaging Server Administration Reference.

In this next example,

normalbackoff "pt30m" "pt1h" "pt8h" "p1d" "p2d” "p1w"

a delivery retry of normal messages is attempted 30 minutes after the initial delivery failure, one hour after the first delivery attempt, eight hours after the second attempt, one day after the third, two days after the fourth, one week after the fifth and repeating each week until the period of time specified by the notices keyword. If a successful delivery cannot be made, a delivery failure notification is generated and the message is returned to sender.

In this final example,

backoff "pt30m" "pt120m" "pt16h" "pt36h" "p3d"

all failed message deliveries, regardless of message priority—unless overridden by nonurgentbackoff, normalbackoff, or urgentbackoff—will be retried 30 minutes after the initial delivery failure, two hours after the first retry attempt, 16 hours after the second attempt, 36 hours after the third, three days after the fourth and repeating every three days until the period of time specified by the notices keyword. If a successful delivery cannot be made, a delivery failure notification is generated and the message is returned to sender.

12.5.4 Processing Pools for Channel Execution Jobs

Keywords: pool

You can configure various channels to share resources by running within the same pool. You might want to configure other channels to run in pools dedicated to a particular channel. Within each pool, messages are automatically sorted into different processing queues according to message priority. Higher priority messages in the pool are processed before lower-priority messages. (See 12.5.7 Message Priority Based on Size

The pools where the jobs are created can be selected on a channel by channel basis by using the pool keyword. The pool keyword must be followed by the name of the pool to which delivery jobs for the current channel should be pooled. The name of the pool should not contain more than twelve characters.

For further information on Job Controller concepts and configuration, refer to 10.4.8 Job Controller File, 10.4.8 Job Controller File, and 12.5.5 Service Job Limits.

12.5.5 Service Job Limits

Keywords: maxjobs, filesperjob

Each time a message is enqueued to a channel, the Job Controller ensures that there is a job running to deliver the message. This might involve starting a new job process, adding a thread, or simply noting that a job is already running. A single service job may not be sufficient to ensure prompt delivery of all messages, however. (For further information on Job Controller concepts and configuration, refer to 10.4.8 Job Controller File, 12.5.4 Processing Pools for Channel Execution Jobs and 8.7 The Job Controller.

For any given installation, there is a reasonable maximum number of processes and threads to be started for delivering messages. This maximum number depends on factors such as the number of processors, the speed of the disks, and the characteristics of the connections. In the MTA configuration, it is possible to control the following:

• The maximum number of processes to start running for a given channel (the maxjobs channel keyword)

• The maximum number of processes to start for a set of channels (the JOB_LIMIT parameter in the relevant pool section of the Job Controller configuration file)

• The number of queued messages received before a new thread or process is started (the threaddepth channel keyword)

• For some channels, the maximum number of threads that will run within a given delivery program (max_client_threads parameter in the channel option file)

The maximum number of processes to start running for a given channel is the minimum of the maxjobs set on the channel and the JOB_LIMIT set for the pool that the channel runs in.

Assume a message needs processing. In general, the Job Controller starts new processes as follows:

• If no process is running for a channel and the pool job limit has not been reached, then the Job Controller starts a new process.

• If a channel program is single-threaded or the thread limit has been reached and the backlog increases past a multiple of threads (specified with threaddepth) and neither the channel nor pool job limit has been reached, the Job Controller starts a new process

• If a channel program is multithreaded and the thread limit has not been reached and the backlog of messages increase past a multiple of threaddepth, a new thread is started.

For SMTP channels in particular, new threads or processes are started as messages are enqueued for different hosts. Thus, for SMTP channels, the Job Controller starts new processes as follows. Assume a message needs processing:

• If no process is running for an SMTP channel and the pool limit has not been reached, the Job Controller starts a new process.

• If the thread limit (MAX_CLIENT_THREADS) has been reached, a message is enqueued for a host not yet being serviced, and neither the channel (maxjobs) nor pool job limit (JOB_LIMIT) has been reached then a new process is started.

• If the thread limit has not been reached and a message is enqueued for a host not yet being serviced, then a new thread is started.

• If the thread limit has not been reached and a message is enqueued that takes the backlog of messages for that host increase past a multiple of threaddepth, a new thread is started.

See also 12.5.8 SMTP Channel Threads.

The filesperjob keyword can be used to cause the MTA to create additional service jobs. This keyword takes a single positive integer parameter which specifies how many queue entries (that is, files) must be sent to the associated channel before more than one service job is created to handle them. If a value less than or equal to zero is given it is interpreted as a request to queue only one service job. Not specifying a keyword is equivalent to specifying a value of zero. The effect of this keyword is maximized; the larger number computed will be the number of service jobs that are actually created.

The filesperjob keyword divides the number of actual queue entries or files by the given value. Note that the number of queue entries resulting from a given message is controlled by a large number of factors, including but not limited to the use of the single and single_sys keywords and the specification of header-modifying actions in mailing lists.

The maxjobs keyword places an upper bound on the total number of service jobs that can be running concurrently. This keyword must be followed by an integer value; if the computed number of service jobs is greater than this value only maxjobs jobs will actually be created. The default for this value if maxjobs is not specified is 100. Normally maxjobs is set to a value that is less than or equal to the total number of jobs that can run simultaneously in whatever service pool or pools the channel uses.

12.5.6 Setting Connection Transaction Limits

Keywords: transactionlimit

transactionlimit limits the number of messages allowed per connection. This can be used to thwart attackers in the following way:

An attacker can connect via SMTP and send many RCPT TO commands in an attempt to guess legitimate email addresses. Such an attack can be thwarted by limiting the number of invalid RCPT TOs allowed in a transaction. The attacker may respond by using multiple transactions, but with transactionlimit you can limit the number of transaction allowed in an SMTP session. The attacker can use multiple sessions, but now his cost is getting prohibitive. Connection throttling can be used to limit the number of sessions in various ways making the cost really prohibitive in most cases.

This is not without cost our side, however. Some SMTP clients react badly to recipient limits, transaction limits, or both. Exceptions need to be made for these clients. But TCP channel options apply to the SMTP server unconditionally. The solution is to use channel keywords and switchchannel to route problematic agents to channels with larger limits.

12.5.7 Message Priority Based on Size

Keywords: urgentblocklimit, normalblocklimit, nonurgentblocklimit

The urgentblocklimit, normalblocklimit, and nonurgentblocklimit keywords may be used to instruct the MTA to downgrade the priority of messages based on size. These keywords affect the priority that the Job Controller applies when processing the message.

12.5.8 SMTP Channel Threads

Keywords: threaddepth,

The multithreaded SMTP client sorts outgoing messages to different destinations to different threads. The threaddepth keyword may be used to instruct the multithreaded SMTP client to handle only the specified number of messages in any one thread, using additional threads even for messages all to the same destination (hence normally all handled in one thread). The default for this keyword is 10.

Each time the backlog for a channel increases past a multiple of threaddepth, the Job Controller tries to increase the amount of processing dedicated to processing messages queued for that channel. For multithreaded channels, the Job Controller advises any job processing messages for that channel to start a new thread, or if all jobs have the maximum threads allowed for the channel (MAX_CLIENT_THREADS in the option for the tcp_* channels) it will start a new process. For single-threaded channels it will start new process. Note that the Job Controller will not start a new job if the job limit for the channel (maxjobs) or the pool (JOB_LIMIT) has been reached.

Essentially, threaddepth controls how aggressive jobs are scheduled. Let's consider two different situations:

(1) a normal (outbound) SMTP channel

(2) a forward-to-a-smart-host SMTP channel

The job controller sorts messages destined for a particular channel by the destination host, and it schedules the jobs to process messages based on the backlog on these destinations hosts.

In the first instance, there will be a large number of destination hosts and the backlog for most of them will be small. There will be lots of threads running and everything should work well, except, perhaps, for destination hosts like aol, yahoo, hotmail, and so on, where there can be a large amount of traffic. With a thread depth of 128, you'd only get a second thread delivering to yahoo once the backlog reached 128. This is not desirable.

In the second instance, there is only the one destination host and having many threads delivering to that host are desirable. If anything, the default value of 10 could be too small.

Use of threaddepth may be of particular interest for achieving multithreading on a daemon router TCP/IP channel—a TCP/IP channel that connects to a single specific SMTP server—when the SMTP server to which the channel connects can handle multiple simultaneous connections.

12.5.9 Expansion of Multiple Addresses

Keywords: expandlimit, expandchannel, holdlimit

Most channels support the specification of multiple recipient addresses in the transfer of each inbound message. The specification of many recipient addresses in a single message may result in delays in message transfer processing (online delays). If the delays are long enough, network time-outs can occur, which in turn can lead to repeated message submission attempts and other problems.

The MTA provides a special facility to force deferred (offline) processing if more than a given number of addresses are specified for a single message. Deferral of message processing can decrease on-line delays enormously. Note, however, that the processing overhead is deferred, not avoided completely.

This special facility is activated by using a combination of, for instance, the generic reprocessing channel and the expandlimit keyword. The expandlimit keyword takes an integer argument that specifies how many addresses should be accepted in messages coming from the channel before deferring processing. The default value is infinite if the expandlimit keyword is not specified. A value of 0 will force deferred processing on all incoming addresses from the channel.

The expandlimit keyword must not be specified on the local channel or the reprocessing channel itself; the results of such a specification are unpredictable.

The channel actually used to perform the deferred processing may be specified using the expandchannel keyword; the reprocessing channel is used by default, if expandchannel is not specified, but use of some other reprocessing or processing channel may be useful for special purposes. If a channel for deferred processing is specified via expandchannel, that channel should be a reprocessing or processing channel; specification of other sorts of channels may lead to unpredictable results.

The reprocessing channel, or whatever channel is used to perform the deferred processing, must be added to the MTA configuration file in order for the expandlimit keyword to have any effect. If your configuration was built by the MTA configuration utility, then you should already have a reprocessing channel.

Extraordinarily large lists of recipient addresses are often a characteristic of unsolicited bulk email. The holdlimit keyword tells the MTA that messages coming in the channel that result in more than the specified number of recipients should be marked as .HELD messages and enqueued to the reprocess channel (or to whatever channel is specified via the expandchannel keyword). The files will sit unprocessed in the reprocess queue awaiting manual intervention by the MTA postmaster.

12.5.10 Enable Service Conversions

Keywords: service, noservice

The service keyword unconditionally enables service conversions regardless of CHARSET-CONVERSION entry. If the noservice keyword is set, service conversions for messages coming into this channel must be enabled via CHARSET-CONVERSION.

12.6 Configuring Address Handling

This section describes keywords that deal with address handling. It consists of the following sections:

• 12.5.10 Enable Service Conversions

• 12.6.1 Address Types and Conventions

• 12.6.2 Interpreting Addresses that Use ! and %

• 12.6.3 Adding Routing Information in Addresses

• 12.6.4 Disabling Rewriting of Explicit Routing Addresses

• 12.6.5 Address Rewriting Upon Message Dequeue

• 12.6.6 Specifying a Host Name to Use When Correcting Incomplete Addresses

• 12.6.7 Legalizing Messages Without Recipient Header Lines

• 12.6.8 Stripping Illegal Blank Recipient Headers

• 12.6.9 Enabling Channel-Specific Use of the Reverse Database

• 12.6.10 Enabling Restricted Mailbox Encoding

• 12.6.11 Generating of Return-path Header Lines

• 12.6.12 Constructing Received Header Lines from Envelope To and From Addresses

• 12.6.13 Handling Comments in Address Header Lines

• 12.6.14 Handling Personal Names in Address Header Lines

• 12.6.15 Specifying Alias File and Alias Database Probes

• 12.6.16 Subaddress Handling

• 12.6.17 Enabling Channel-specific Rewrite Rules Checks

• 12.6.18 Removing Source Routes

• 12.6.19 Specifying Address Must be from an Alias

12.6.1 Address Types and Conventions

Keywords: 822, 733, uucp, header_822, header_733, header_uucp

This group of keywords control what types of addresses the channel supports. A distinction is made between the addresses used in the transport layer (the message envelope) and those used in message headers.

12.6.1.1 822 (sourceroute)

Source route envelope addresses. This channel supports full RFC 822 format envelope addressing conventions including source routes. The keyword sourceroute is also available as a synonym for 822. This is the default if no other envelope address type keyword is specified.

12.6.1.2 733 (percents)

Percent sign envelope addresses. This channel supports full RFC 822 format envelope addressing with the exception of source routes; source routes should be rewritten using percent sign conventions instead. The keyword percents is also available as a synonym for 733.

Use of 733 address conventions on an SMTP channel results in these conventions being carried over to the transport layer addresses in the SMTP envelope. This may violate RFC 821. Only use 733 address conventions when you are sure they are necessary.

12.6.1.3 uucp (bangstyle)

Bang-style envelope addresses. This channel uses addresses that conform to RFC 976 bang-style address conventions in the envelope (for example, this is a UUCP channel). The keyword bangstyle is also available as a synonym for uucp.

12.6.1.4 header_822

Source route header addresses. This channel supports full RFC 822 format header addressing conventions including source routes. This is the default if no other header address type keyword is specified.

12.6.1.5 header_733

Percent sign header addresses. This channel supports RFC 822 format header addressing with the exception of source routes; source routes should be rewritten using percent sign conventions instead.

Use of 733 address conventions in message headers may violate RFC 822 and RFC 976. Only use this keyword if you are sure that the channel connects to a system that cannot deal with source route addresses.

12.6.1.6 header_uucp

UUCP or bang-style header addresses. The use of this keyword is not recommended. Such usage violates RFC 976.

12.6.2 Interpreting Addresses that Use ! and %

Keywords: bangoverpercent, nobangoverpercent, percentonly

Addresses are always interpreted in accordance with RFC 822 and RFC 976. However, there are ambiguities in the treatment of certain composite addresses that are not addressed by these standards. In particular, an address of the form A!B%C can be interpreted as either:

• A as the routing host and C as the final destination host

or

• C as the routing host and A as the final destination host

While RFC 976 implies that mailers can interpret addresses using the latter set of conventions, it does not say that such an interpretation is required. Some situations may be better served by the former interpretation.

The bangoverpercent keyword forces the former A!(B%C) interpretation. The nobangoverpercent keyword forces the latter (A!B)%C interpretation. nobangoverpercent is the default.

This keyword does not affect the treatment of addresses of the form A!B@C. These addresses are always treated as (A!B)@C. Such treatment is mandated by both RFC 822 and RFC 976.

The percentonly keyword ignores bang paths. When this keyword is set, percents are interpreted for routing.

12.6.3 Adding Routing Information in Addresses

Keywords: exproute, noexproute, improute, noimproute

The addressing model that the MTA deals with assumes that all systems are aware of the addresses of all other systems and how to get to them. Unfortunately, this ideal is not possible in all cases, such as when a channel connects to one or more systems that are not known to the rest of the world (for example, internal machines on a private TCP/IP network). Addresses for systems on this channel may not be legal on remote systems outside of the site. If you want to be able to reply to such addresses, they must contain a source route that tells remote systems to route messages through the local machine. The local machine can then (automatically) route the messages to these machines.

The exproute keyword (short for “explicit routing“) tells the MTA that the associated channel requires explicit routing when its addresses are passed on to remote systems. If this keyword is specified on a channel, the MTA adds routing information containing the name of the local system (or the current alias for the local system) to all header addresses and all envelope From: addresses that match the channel. noexproute, the default, specifies that no routing information should be added.

The EXPROUTE_FORWARD option can be used to restrict the action of exproute to backward-pointing addresses. Another scenario occurs when the MTA connects to a system through a channel that cannot perform proper routing for itself. In this case, all addresses associated with other channels need to have routing indicated when they are used in mail sent to the channel that connects to the incapable system.

Implicit routing and the improute keyword is used to handle this situation. The MTA knows that all addresses matching other channels need routing when they are used in mail sent to a channel marked improute. The default, noimproute, specifies that no routing information should be added to addresses in messages going out on the specified channel. The IMPROUTE_FORWARD option can be used to restrict the action of improute to backward-pointing addresses.

The exproute and improute keywords should be used sparingly. They make addresses longer, more complex, and may defeat intelligent routing schemes used by other systems. Explicit and implicit routing should not be confused with specified routes. Specified routes are used to insert routing information from rewrite rules into addresses. This is activated by the special A@B@C rewrite rule template.

Specified routes, when activated, apply to all addresses, both in the header and the envelope. Specified routes are activated by particular rewrite rules and as such are usually independent of the channel currently in use. Explicit and implicit routing, on the other hand, are controlled on a per-channel basis and the route address inserted is always the local system.

12.6.4 Disabling Rewriting of Explicit Routing Addresses

Keywords: routelocal

The routelocal channel keyword causes the MTA, when rewriting an address to the channel, to attempt to “short circuit” any explicit routing in the address. Explicitly routed addresses (using !, %, or @ characters) are simplified.

Use of this keyword on “internal” channels, such as internal TCP/IP channels, can allow simpler configuration of SMTP relay blocking.

Note that this keyword should not be used on channels that may require explicit % or other routing.

12.6.5 Address Rewriting Upon Message Dequeue

Keywords: connectalias, connectcanonical

The MTA normally rewrites addresses as it enqueues messages to its channel queues. No additional rewriting is performed during message dequeue. This presents a potential problem when host names change while there are messages in the channel queues still addressed to the old name.

The connectalias keyword tells the MTA to deliver to whatever host is listed in the recipient address. This is the default. The keyword connectcanonical tells the MTA to connect to the host alias for the system that to which the MTA would be connected.

12.6.6 Specifying a Host Name to Use When Correcting Incomplete Addresses

Keywords: remotehost, noremotehost, defaulthost, nodefaulthost

The MTA often receives addresses that do not contain domain names from misconfigured or incompliant mailers and SMTP clients. The MTA attempts to make such addresses legal before allowing them to pass further. The MTA does this by appending a domain name to the address (for example, appends @siroe.com to mrochek).

For envelope To: addresses missing a domain name, the MTA always assumes that the local host name should be appended. However for other addresses, such as From: addresses, in the case of the MTA SMTP server there are at least two reasonable choices for the domain name: the local MTA host name and the remote host name reported by the client SMTP. Or in some cases, there may be yet a third reasonable choice—a particular domain name to add to messages coming in that channel. Now, either of these two first choices are likely to be correct as both may occur operationally with some frequency. The use of the remote host’s domain name is appropriate when dealing with improperly configured SMTP clients. The use of the local host’s domain name may be appropriate when dealing with a lightweight remote mail client such as a POP or IMAP client that uses SMTP to post messages. Or if lightweight remote mail clients such as POP or IMAP, clients should have their own specific domain name which is not that of the local host. Then add that specific other domain name may be appropriate. The best that the MTA can do is to allow the choice to be made on a channel by channel basis.

The noremotehost channel keyword specifies that the local host’s name should be used. The keyword noremotehost is the default.

The defaulthost channel keyword is used to specify a particular host name to append to incoming bare user id’s. It must be followed by the domain name to use in completing addresses (in envelope From: and in headers) that come into that channel. (In the case of submit channels, the defaulthost keyword’s first argument also affects bare envelope To: addresses.) An optional second domain name (that has at least one period in it) may be specified to use in completing envelope To: addresses. nodefaulthost is the default.

The switchchannel keyword as described, in the preceding section, 12.4.3.8 Alternate Channels for Incoming Mail (Switch Channels) associate incoming SMTP connections with a particular channel. This facility can be used to group remote mail clients on a channel where they can receive proper treatment. Alternatively, it is simpler to deploy standards-compliant remote mail clients (even if a multitude of noncompliant clients are in use) rather than attempting to fix the network-wide problem on your MTA hosts.

12.6.7 Legalizing Messages Without Recipient Header Lines

Keywords: missingrecipientpolicy

RFC 822 (Internet) messages are required to contain recipient header lines: To:, Cc:, or Bcc: header lines. A message without such header lines is illegal. Nevertheless, some broken user agents and mailers (for example, many older versions of sendmail) emit illegal messages.

The missingrecipientpolicy keyword takes an integer value specifying the approach to use for such messages; the default value, if the keyword is not explicitly present, is 1 (pass the illegal message through unchanged).

Note that the MISSING_RECIPIENT_POLICY option can be used to set an MTA system default for this behavior. The initial Messaging Server configuration sets MISSING_RECIPIENT_POLICY to 1.

12.6.8 Stripping Illegal Blank Recipient Headers

Keywords: dropblank, nodropblank

In RFC 822 (Internet) messages, any To:, Resent-To:, Cc:, or Resent-Cc: header is required to contain at least one address—such a header may not have a blank value. Nevertheless, some mailers may emit such illegal headers. The dropblank channel keyword, if specified on a source channel, causes the MTA to strip any such illegal blank headers from incoming messages.

12.6.9 Enabling Channel-Specific Use of the Reverse Database

Keywords: reverse, noreverse

The reverse keyword tells the MTA that addresses in messages queued to the channel should be checked against, and possibly modified, by the address reversal database or REVERSE mapping, if either exists. noreverse exempts addresses in messages queued to the channel from address reversal processing. The reverse keyword is the default. Refer to 10.9 To Convert Addresses from an Internal Form to a Public Form

12.6.10 Enabling Restricted Mailbox Encoding

Keywords: restricted, unrestricted

Some mail systems have difficulty dealing with the full spectrum of addresses allowed by RFC 822. A particularly common example of this is sendmail-based mailers with incorrect configuration files. Quoted local-parts (or mailbox specifications) are a frequent source of trouble:

"smith, ned"@siroe.com

This is such a major source of difficulty that a methodology was laid out in RFC 1137 to work around the problem. The basic approach is to remove quoting from the address, then apply a translation that maps the characters requiring quoting into characters allowed in an atom (see RFC 822 for a definition of an atom as it is used here). For example, the preceding address would become:

smith#m#_ned@siroe.com

The restricted channel keyword tells the MTA that the channel connects to mail systems that require this encoding. The MTA then encodes quoted local-parts in both header and envelope addresses as messages are written to the channel. Incoming addresses on the channel are decoded automatically. The unrestricted keyword tells the MTA not to perform RFC 1137 encoding and decoding. The keyword unrestricted is the default.

The restricted keyword should be applied to the channel that connects to systems unable to accept quoted local-parts. It should not be applied to the channels that actually generate the quoted local-parts. (It is assumed that a channel capable of generating such an address is also capable of handling such an address.)

12.6.11 Generating of Return-path Header Lines

Keywords: addreturnpath, noaddreturnpath

Normally, adding the Return-path: header line is the responsibility of a channel performing a final delivery. But for some channels, like the ims-ms channel, it is more efficient for the MTA to add the Return-path: header rather than allowing the channel to perform add it. The addreturnpath keyword causes the MTA to add a Return-path: header when enqueuing to this channel.

12.6.12 Constructing Received Header Lines from Envelope To and From Addresses

Keywords: receivedfor, noreceivedfor, receivedfrom, noreceivedfrom

The receivedfor keyword instructs the MTA that if a message is addressed to just one envelope recipient, to include that envelope To: address in the Received: header line it constructs. The keyword receivedfor is the default. The noreceivedfor keyword instructs the MTA to construct Received: header lines without including any envelope addressee information.

The receivedfrom keyword instructs the MTA to include the original envelope From: address when constructing a Received: header line for an incoming message if the MTA has changed the envelope From: address due to, for example, certain sorts of mailing list expansions. receivedfrom is the default. The noreceivedfrom keyword instructs the MTA to construct Received: header lines without including the original envelope From: address.

12.6.13 Handling Comments in Address Header Lines

Keywords: commentinc, commentmap commentomit, commentstrip, commenttotal, sourcecommentinc, sourcecommentmap, sourcecommentomit, sourcecommentstrip, sourcecommenttotal

The MTA interprets the contents of header lines only when necessary. However, all registered header lines containing addresses must be parsed to rewrite and eliminate short form addresses and otherwise convert them to legal addresses. During this process, comments (strings enclosed in parentheses) are extracted and may be modified or excluded when the header line is rebuilt.

This behavior is controlled by the use of the commentinc, commentmap, commentomit, commentstrip, and commenttotalkeywords. The commentinc keyword tells the MTA to retain comments in header lines. It is the default. The keyword commentomit tells the MTA to remove any comments from addressing headers, for example, To:, From:, or Cc: header lines.

The keyword commenttotal tells the MTA to remove any comments from all header lines, except Received: header lines; this keyword is not normally useful or recommended. commentstrip tells the MTA to strip any nonatomic characters from all comment fields. The commentmap keyword runs comment strings through the COMMENT_STRINGS mapping table.

On source channels, this behavior is controlled by the use of the sourcecommentinc, sourcecommentmap, sourcecommentomit, sourcecommentstrip, and sourcecommenttotal keywords. The sourcecommentinc keyword indicates to the MTA to retain comments in header lines. It is the default. The sourcecommentomit keyword indicates to the MTA to remove any comments from addressing headers, for example, To:, From:, and Cc: headers. The sourcecommenttotal keyword indicates to the MTA to remove any comments from all headers, except Received: headers; as such, this keyword is not normally useful or recommended. And finally, the sourcecommentstrip keyword indicates to the MTA to strip any nonatomic characters from all comment fields. The sourcecommentmap keyword runs comment strings through source channels.

These keywords can be applied to any channel.

The syntax for the COMMENT_STRINGS mapping table is as follows:

(comment_text) | address

If the entry template sets the $Y flag, the original comment is replaced with the specified text (which should include the enclosing parentheses).

12.6.14 Handling Personal Names in Address Header Lines

Keywords: personalinc, personalmap, personalomit, personalstrip, sourcepersonalinc, sourcepersonalmap, sourcepersonalomit, sourcepersonalstrip

During the rewriting process, all header lines containing addresses must be parsed in order to rewrite and eliminate short form addresses and otherwise convert them to legal addresses. During this process personal names (strings preceding angle-bracket-delimited addresses) are extracted and can be optionally modified or excluded when the header line is rebuilt.

This behavior is controlled by the use of the personalinc, personalmap, personalomit, and personalstrip keywords. The keyword personalinc tells the MTA to retain personal names in the headers. It is the default. The keyword personalomit tells the MTA to remove all personal names. The keyword personalstrip tells the MTA to strip any nonatomic characters from all personal name fields. The personalmap keyword indicates to the MTA to run the personal names through the PERSONAL_NAMES mapping table.

On source channels, this behavior is controlled by the use of a sourcepersonalinc, sourcepersonalmap, sourcepersonalomit, or sourcepersonalstrip keyword. The sourcepersonalinc keyword indicates to the MTA to retain personal names in the headers. It is the default. The sourcepersonalomit keyword indicates to the MTA to remove all personal names. And finally, the sourcepersonalstrip indicates to the MTA to strip any nonatomic characters from all personal name fields. The sourcepersonalmap keyword indicates to the MTA to run the personal names through source channels.

These keywords can be applied to any channel. If the PERSONAL_NAMES mapping table returns 8-bit characters, they are UTF-8 encoded.

The syntax of the PERSONAL_NAMES mapping table probes is:

personal_name | address

If the template sets the $Y flag, the original personal name is replaced with the specified text.

12.6.15 Specifying Alias File and Alias Database Probes

Keywords: aliaslocal

Normally only addresses rewritten to the local channel (that is, the l channel on UNIX) are looked up in the alias file and alias database. The aliaslocal keyword may be placed on a channel to cause addresses rewritten to that channel to be looked up in the alias file and alias database also. The exact form of the lookup probes that are made is then controlled by the ALIAS_DOMAINS option.

12.6.16 Subaddress Handling

Keywords: subaddressexact, subaddressrelaxed, subaddresswild

As background regarding the concept of subaddresses, the native and ims-ms channels interpret a + character in the local portion of an address (the mailbox portion) specially: in an address of the form name+subaddress@domain the MTA considers the portion of the mailbox after the plus character a subaddress. The native channel treats a subaddress as additional cosmetic information and actually deliver to the account name, without regard to the subaddress; the ims-ms channel interprets the subaddress as the folder name to which to deliver.

Subaddresses also affect the lookup of aliases by the local channel (that is, the L channel on UNIX) and the lookup of aliases by any channel marked with the aliaslocal keyword, and the lookup of mailboxes by the directory channel. The exact handling of subaddresses for such matching is configurable: when comparing an address against an entry, the MTA always first checks the entire mailbox including the subaddress for an exact match; whether or not the MTA performs additional checks after that is configurable.

The subaddressexact keyword instructs the MTA to perform no special subaddress handling during entry matching; the entire mailbox, including the subaddress, must match an entry in order for the alias to be considered to match. No additional comparisons (in particular, no wildcard comparisons or comparisons with the subaddress removed) are performed. The subaddresswild keyword instructs the MTA that after looking for an exact match including the entire subaddress, the MTA should next look for an entry of the form name+*. The subaddressrelaxed keyword instructs the MTA that after looking for an exact match and then a match of the form name+*, that the MTA should make one additional check for a match on just the name portion. With subaddressrelaxed, an alias entry of the following form matches either name or name+subaddress, transforming a plain name to newname, and transforming name+subaddress to newname+subaddress. The subaddressrelaxed keyword is the default.

name:   newname+*

Thus the subaddresswild keyword or the subaddressrelaxed keyword may be useful when aliases or a directory channel are in use yet users wish to receive mail addressed using arbitrary subaddresses. These keywords obviate the need for a separate entry for every single subaddress variant on an address.

Note that these keywords only make sense for the local channel (that is, the L channel on UNIX) and the directory channel, or any channel marked with the aliaslocal keyword.

Standard Messaging Server configurations relay upon the L channel indeed having subaddressrelaxed behavior (the default, when other keywords have not been explicitly used).

12.6.17 Enabling Channel-specific Rewrite Rules Checks

Keywords: rules, norules

The rules keyword tells the MTA to enforce channel-specific rewrite rule checks for this channel. This is the default. The norules keyword tells the MTA not to check for this channel. These two keywords are usually used for debugging and are rarely used in actual applications.

12.6.18 Removing Source Routes

Keywords: dequeue_removeroute

The dequeue_removeroute keyword removes source routes from envelope To: addresses as messages are dequeued. This keyword is currently only implemented on tcp-* channels. It is useful for transferring messages to systems that do not handle source routes correctly.

12.6.19 Specifying Address Must be from an Alias

Keywords: viaaliasoptional, viaaliasrequired

viaaliasrequired specifies that any final recipient address that matches the channel must be produced by an alias. A final recipient address refers to the match after alias expansion (if relevant) has been performed. The address cannot be handed directly to the MTA as a recipient address; that is, it is not sufficient for an address to merely rewrite to the channel. After rewriting to the channel, an address must also expand through an alias to be considered to have truly matched the channel.

The viaaliasrequired keyword may be used, for example, on the local channel to prevent delivery to arbitrary accounts (such as arbitrary native Berkeley mailboxes on a UNIX system).

The default is viaaliasoptional, which means that the final recipient addresses that match the channel are not required to be produced by an alias.

12.6.20 Recipient Address Handling

Keywords: acceptalladdresses, acceptvalidaddresses

acceptvalidaddresses is the default and corresponds to the MTA's standard behavior where any recipient errors are reported immediately during the SMTP dialogue. If the keyword acceptalladdresses is specified on a channel, then all recipient addresses are accepted during the SMTP dialogue. Any invalid addresses will have a DSN sent later.

12.7 Configuring Header Handling

This section describes keywords that deal with header and envelope information. It consists of the following sections:

• 12.7.1 Rewriting Embedded Headers

• 12.7.2 Removing Selected Message Header Lines

• 12.7.3 Generating/Removing X-Envelope-to Header Lines

• 12.7.4 Converting Date to Two- or Four-Digits

• 12.7.5 Specifying Day of Week in Date

• 12.7.6 Automatic Splitting of Long Header Lines

• 12.7.7 Header Alignment and Folding

• 12.7.8 Specifying Maximum Length Header

• 12.7.9 Sensitivity Checking

• 12.7.10 Setting Default Language in Headers

• 12.7.11 Controlling Message-hash: Headers

12.7.1 Rewriting Embedded Headers

Keywords: noinner, inner

The contents of header lines are interpreted only when necessary. However, MIME messages can contain multiple sets of message headers as a result of the ability to imbed messages within messages (message/RFC822). The MTA normally only interprets and rewrites the outermost set of message headers. The MTA can optionally be told to apply header rewriting to inner headers within the message as well.

This behavior is controlled by the use of the noinner and inner keywords. The keyword noinner tells the MTA not to rewrite inner message header lines. It is the default. The keyword inner tells the MTA to parse messages and rewrite inner headers. These keywords can be applied to any channel.

12.7.2 Removing Selected Message Header Lines

Keywords: headertrim, noheadertrim, headerread, noheaderread, innertrim noinnertrim

The MTA provides per-channel facilities for trimming or removing selected message header lines from messages. This is done through a combination of a channel keyword and an associated header option file or two. Header option file format is described in Header Option Files in Sun Java System Messaging Server 6.3 Administration Reference.

The headertrim keyword instructs the MTA to consult a header option file associated with the channel and to trim the headers on messages queued to that destination channel accordingly, after the original message headers are processed. The noheadertrim keyword bypasses header trimming. The keyword noheadertrim is the default.

The innertrim keyword instructs the MTA to perform header trimming on inner message parts, that is, embedded MESSAGE/RFC822 parts, as well. The noinnertrim keyword, which is the default, tells the MTA not to perform any header trimming on inner message parts.

The headerread keyword instructs the MTA to consult a header option file associated with the channel and to trim the headers on messages enqueued by that source channel accordingly, before the original message headers are processed. Note that headertrim header trimming, on the other hand, is applied after the messages have been processed and is the destination channel, rather than the source channel. The noheaderread keyword bypasses message enqueue header trimming. noheaderread is the default.

Unlike the headeromit and headerbottom keywords, the headertrim and headerread keywords may be applied to any channel whatsoever. Note, however, that stripping away vital header information from messages may cause improper operation of the MTA. Be extremely careful when selecting headers to remove or limit. This facility exists because there are occasional situations where selected header lines must be removed or otherwise limited.

Stripping away header information from messages may cause improper operation of the MTA. Be careful when selecting headers to remove or limit. These keywords are provided for the rare situations where selected header lines must be removed or limited. Before trimming or removing any header line, you must understand the usage of that header line and have considered the possible implications of its removal.

Header options files for the headertrim and innertrim keywords have names of the form channel_headers.opt with channel, the name of the channel with which the header option file is associated. Similarly, header options files for the headerread keyword have names of the form channel_read_headers.opt. These files are stored in the MTA configuration directory, instance_root/config/.

12.7.3 Generating/Removing X-Envelope-to Header Lines

Keywords: x_env_to, nox_env_to

The x_env_to and nox_env_to keywords control the generation or suppression of X-Envelope-to header lines on copies of messages queued to a specific channel. On channels that are marked with the single keyword, the x_env_to keyword enables generation of these headers while the nox_env_to removes such headers from enqueued messages. The default is nox_env_to.

Although it will rarely make sense to do so, the x_env_to keyword can now be used without also setting single on a channel.

12.7.4 Converting Date to Two- or Four-Digits

Keywords: datefour, datetwo

The original RFC 822 specification called for two-digit years in the date fields in message headers. This was later changed to four digits by RFC 1123. However, some older mail systems cannot accommodate four-digit dates. In addition, some newer mail systems can no longer tolerate two-digit dates.

Systems that cannot handle both formats are in violation of the standards.

The datefour and datetwo keywords control the MTA’s processing of the year field in message header dates. The keyword datefour, the default, instructs the MTA to expand all year fields to four digits. Two- digit dates with a value less than 50 have 2000 added, while values greater than 50 have 1900 added.

The keyword datetwo instructs the MTA to remove the leading two digits from four-digit dates. This is intended to provide compatibility with incompliant mail systems that require two digit dates; it should never be used for any other purpose.

12.7.5 Specifying Day of Week in Date

Keywords: dayofweek, nodayofweek