As of sendmail version 8.9, forwarding of SMTP messages is not permitted by default. The simplest approach is to list the domains you are willing to relay in the file /etc/mail/relay-domains. Anything listed in this file will be accepted for relaying.

The following sendmail features are recommended to help control relay:

  • FEATURE(access_db). Tells sendmail to refer to the access database to enable or disable access from individual domains (or hosts only, if FEATURE(relay_hosts_only) is set).
  • FEATURE(blacklist_recipients). If set, this feature looks up recipients as well as senders in the access database.

The access database is normally found in /etc/mail/access. Each database entry consists of a domain name or network number as the key and an action as the value.Valid Keys:

  • Fully or partially qualified host or domain names.
  • Network address or subnetwork address.
    • 128.227.128
    • 128.227
  • Email address to reject mail from a specific user.

Key Values:

  • REJECT to refuse connections from this host
  • DISCARD to accept the message but silently discard it (the sender will think it has been accepted)
  • OK to allow access (overriding other built-in checks)
  • RELAY to allow access including relaying SMTP through your machine
  • an arbitrary message to reject the mail with the customized message.

For example, an access database might contain: REJECT RELAY 550 Spammers shan’t see sunlight here

to reject all mail from any host in the domain, allow any relaying to or from any host in the domain, and reject mail from with a specific message.


[infinite]If set, allow no more than the specified number of recipients in an SMTP envelope. Further recipients receive a 452 error code (i.e., they are deferred for the next delivery attempt).



[authwarnings] Privacy flags.



[$j Sendmail $v/$Z; $b] The initial (spontaneous) SMTP greeting message. The word “ESMTP” will be inserted between the first and second words to convince other sendmails to try to speak ESMTP.