1 .\" Copyright (c) 1998-2013 Proofpoint, Inc. and its suppliers.
2 .\" All rights reserved.
3 .\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
4 .\" Copyright (c) 1983, 1993
5 .\" The Regents of the University of California. All rights reserved.
7 .\" By using this file, you agree to the terms and conditions set
8 .\" forth in the LICENSE file which can be found at the top level of
9 .\" the sendmail distribution.
12 .\" $Id: op.me,v 8.759 2014-01-13 14:40:05 ca Exp $
14 .\" eqn op.me | pic | troff -me
16 .\" Define \(sc if not defined (for text output)
18 .if !c \(sc .char \(sc S
20 .\" Define \(dg as "*" for text output and create a new .DG macro
21 .\" which describes the symbol.
37 .\" Define \(dd as "#" for text output and create a new .DD macro
38 .\" which describes the symbol.
51 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
52 .oh 'Sendmail Installation and Operation Guide''SMM:08-%'
53 .\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin
55 .\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb
74 .b SENDMAIL\u\s-6TM\s0\d
77 .b "INSTALLATION AND OPERATION GUIDE"
80 This documentation is under modification.
95 For Sendmail Version 8.18
98 Sendmail is a trademark of Proofpoint, Inc.
99 US Patent Numbers 6865671, 6986037.
103 .i Sendmail \u\s-2TM\s0\d
104 implements a general purpose internetwork mail routing facility
107 It is not tied to any one transport protocol \*-
108 its function may be likened to a crossbar switch,
109 relaying messages from one domain into another.
111 it can do a limited amount of message header editing
112 to put the message into a format that is appropriate
113 for the receiving domain.
114 All of this is done under the control of a configuration file.
116 Due to the requirements of flexibility
119 the configuration file can seem somewhat unapproachable.
120 However, there are only a few basic configurations
122 for which standard configuration files have been supplied.
123 Most other configurations
124 can be built by adjusting an existing configuration file
129 RFC 821 (Simple Mail Transport Protocol),
130 RFC 822 (Internet Mail Headers Format),
131 RFC 974 (MX routing),
132 RFC 1123 (Internet Host Requirements),
133 RFC 1413 (Identification server),
134 RFC 1652 (SMTP 8BITMIME Extension),
135 RFC 1869 (SMTP Service Extensions),
136 RFC 1870 (SMTP SIZE Extension),
137 RFC 1891 (SMTP Delivery Status Notifications),
138 RFC 1892 (Multipart/Report),
139 RFC 1893 (Enhanced Mail System Status Codes),
140 RFC 1894 (Delivery Status Notifications),
141 RFC 1985 (SMTP Service Extension for Remote Message Queue Starting),
142 RFC 2033 (Local Message Transmission Protocol),
143 RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes),
145 RFC 2476 (Message Submission),
146 RFC 2487 (SMTP Service Extension for Secure SMTP over TLS),
147 RFC 2554 (SMTP Service Extension for Authentication),
148 RFC 2821 (Simple Mail Transfer Protocol),
149 RFC 2822 (Internet Message Format),
150 RFC 2852 (Deliver By SMTP Service Extension),
151 RFC 2920 (SMTP Service Extension for Command Pipelining),
153 RFC 7505 (A "Null MX" No Service Resource Record for Domains That Accept No Mail).
156 is designed to work in a wider world,
157 in many cases it can be configured to exceed these protocols.
158 These cases are described herein.
163 without the need for monitoring,
164 it has a number of features
165 that may be used to monitor or adjust the operation
166 under unusual circumstances.
167 These features are described.
169 Section one describes how to do a basic
173 explains the day-to-day information you should know
174 to maintain your mail system.
175 If you have a relatively normal site,
176 these two sections should contain sufficient information
181 has information regarding the command line arguments.
183 describes some parameters that may be safely tweaked.
185 contains the nitty-gritty information about the configuration
187 This section is for masochists
188 and people who must write their own configuration file.
190 describes configuration that can be done at compile time.
191 The appendixes give a brief
192 but detailed explanation of a number of features
193 not described in the rest of the paper.
195 .sh 1 "BASIC INSTALLATION"
197 There are two basic steps to installing
199 First, you have to compile and install the binary.
202 has already been ported to your operating system
203 that should be simple.
204 Second, you must build a run-time configuration file.
207 reads when it starts up
208 that describes the mailers it knows about,
209 how to parse addresses,
210 how to rewrite the message header,
211 and the settings of various options.
212 Although the configuration file can be quite complex,
213 a configuration can usually be built
214 using an M4-based configuration language.
215 Assuming you have the standard
219 for further information.
221 The remainder of this section will describe the installation of
223 assuming you can use one of the existing configurations
224 and that the standard installation parameters are acceptable.
225 All pathnames and examples
226 are given from the root of the
230 .i /usr/src/usr.\*(SD/sendmail
231 on 4.4BSD-based systems.
233 Continue with the next section if you need/want to compile
236 If you have a running binary already on your system,
237 you should probably skip to section 1.2.
238 .sh 2 "Compiling Sendmail"
253 This will leave the binary in an appropriately named subdirectory,
256 It works for multiple object versions
257 compiled out of the same directory.
258 .sh 3 "Tweaking the Build Invocation"
260 You can give parameters on the
263 In most cases these are only used when the
265 directory is first created.
266 To restart from scratch, use
268 These commands include:
270 .ip "\-L \fIlibdirs\fP"
271 A list of directories to search for libraries.
272 .ip "\-I \fIincdirs\fP"
273 A list of directories to search for include files.
274 .ip "\-E \fIenvar\fP=\fIvalue\fP"
275 Set an environment variable to an indicated
282 .ip "\-f \fIsiteconfig\fP"
283 Read the indicated site configuration file.
284 If this parameter is not specified,
289 .i $BUILDTOOLS/Site/site.$oscf.m4
291 .i $BUILDTOOLS/Site/site.config.m4 ,
292 where $BUILDTOOLS is normally
294 and $oscf is the same name as used on the
297 See below for a description of the site configuration file.
299 Skip auto-configuration.
301 will avoid auto-detecting libraries if this is set.
302 All libraries and map definitions must be specified
303 in the site configuration file.
305 Most other parameters are passed to the
307 program; for details see
308 .i $BUILDTOOLS/README .
309 .sh 3 "Creating a Site Configuration File"
312 See sendmail/README for various compilation flags that can be set,
313 and devtools/README for details how to set them.
314 .sh 3 "Tweaking the Makefile"
316 .\" .b "XXX This should all be in the Site Configuration File section."
318 supports two different formats
319 for the local (on disk) version of databases,
323 At least one of these should be defined if at all possible.
326 Constant DataBase (tinycdb).
328 The ``new DBM'' format,
329 available on nearly all systems around today.
330 This was the preferred format prior to 4.4BSD.
331 It allows such complex things as multiple databases
332 and closing a currently open database.
334 The Berkeley DB package.
335 If you have this, use it.
338 multiple open databases,
339 real in-memory caching,
341 You can define this in conjunction with
344 old alias databases are read,
345 but when a new database is created it will be in NEWDB format.
347 if you have NEWDB, NDBM, and NIS defined,
348 and if the alias file name includes the substring
351 will create both new and old versions of the alias file
355 This is required because the Sun NIS/YP system
356 reads the DBM version of the alias file.
360 If neither of these are defined,
362 reads the alias file into memory on every invocation.
363 This can be slow and should be avoided.
364 There are also several methods for remote database access:
366 Lightweight Directory Access Protocol.
368 Sun's Network Information Services (formerly YP).
372 NeXT's NetInfo service.
374 Hesiod service (from Athena).
376 Other compilation flags are set in
378 and should be predefined for you
379 unless you are porting to a new environment.
382 .sh 3 "Compilation and installation"
384 After making the local system configuration described above,
385 You should be able to compile and install the system.
388 is the best approach on most systems:
394 to create a custom Makefile for your environment.
396 If you are installing in the standard places,
397 you should be able to install using
401 This should install the binary in
403 and create links from
404 /usr/\*(SB/newaliases
409 On most systems it will also format and install man pages.
410 Notice: as of version 8.12
412 will no longer be installed set-user-ID root by default.
413 If you really want to use the old method, you can specify it as target:
415 \&./Build install-set-user-id
417 .sh 2 "Configuration Files"
420 cannot operate without a configuration file.
421 The configuration defines the mail delivery mechanisms understood at this site,
423 how to forward email to remote mail systems,
424 and a number of tuning parameters.
425 This configuration file is detailed
426 in the later portion of this document.
430 configuration can be daunting at first.
431 The world is complex,
432 and the mail configuration reflects that.
433 The distribution includes an m4-based configuration package
434 that hides a lot of the complexity.
439 Our configuration files are processed by
441 to facilitate local customization;
446 distribution directory
447 contains the source files.
448 This directory contains several subdirectories:
451 Both site-dependent and site-independent descriptions of hosts.
452 These can be literal host names
455 when the hosts are gateways
456 or more general descriptions
458 .q "generic-solaris2.mc"
459 as a general description of an SMTP-connected host
463 (``M4 Configuration'')
464 are the input descriptions;
465 the output is in the corresponding
468 The general structure of these files is described below.
470 Site-dependent subdomain descriptions.
471 These are tied to the way your organization wants to do addressing.
473 .b domain/CS.Berkeley.EDU.m4
474 is our description for hosts in the CS.Berkeley.EDU subdomain.
475 These are referenced using the
482 Definitions of specific features that some particular host in your site
484 These are referenced using the
488 An example feature is
492 to read an /etc/mail/local-host-names file on startup
493 to find the set of local names).
495 Local hacks, referenced using the
500 The point of having them here is to make it clear that they smell.
504 include files that have information common to all configuration files.
505 This can be thought of as a
509 Definitions of mailers,
514 The mailer types that are known in this distribution are
520 For example, to include support for the UUCP-based mailers,
524 Definitions describing various operating system environments
525 (such as the location of support files).
526 These are referenced using the
531 Shell files used by the
534 You shouldn't have to mess with these.
536 Local UUCP connectivity information.
537 This directory has been supplanted by the mailertable feature;
538 any new configurations should use that feature to do UUCP
540 The use of this directory is deprecated.
542 If you are in a new domain
544 you will probably want to create a
546 file for your domain.
547 This consists primarily of relay definitions
548 and features you want enabled site-wide:
549 for example, Berkeley's domain definition
553 These are specific to Berkeley,
554 and should be fully-qualified internet-style domain names.
555 Please check to make certain they are reasonable for your domain.
557 Subdomains at Berkeley are also represented in the
563 is the Computer Science subdomain,
565 is the Electrical Engineering and Computer Sciences subdomain,
568 is the Sequoia 2000 subdomain.
569 You will probably have to add an entry to this directory
570 to be appropriate for your domain.
572 You will have to use or create
576 subdirectory for your hosts.
577 This is detailed in the
580 .sh 2 "Details of Installation Files"
582 This subsection describes the files that
586 .sh 3 "/usr/\*(SD/sendmail"
590 is located in /usr/\*(SD\**.
594 on 4.4BSD and newer systems;
595 many systems install it in
597 I understand it is in /usr/ucblib
598 on System V Release 4.
600 It should be set-group-ID smmsp as described in
602 For security reasons,
603 /, /usr, and /usr/\*(SD
604 should be owned by root, mode 0755\**.
606 \**Some vendors ship them owned by bin;
607 this creates a security hole that is not actually related to
609 Other important directories that should have restrictive ownerships
611 /bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib.
613 .sh 3 "/etc/mail/sendmail.cf"
615 This is the main configuration file for
618 \**Actually, the pathname varies depending on the operating system;
619 /etc/mail is the preferred directory.
620 Some older systems install it in
621 .b /usr/lib/sendmail.cf ,
622 and I've also seen it in
624 If you want to move this file,
625 add -D_PATH_SENDMAILCF=\e"/file/name\e"
626 to the flags passed to the C compiler.
627 Moving this file is not recommended:
628 other programs and scripts know of this location.
630 This is one of the two non-library file names compiled into
632 the other is /etc/mail/submit.cf.
634 \**The system libraries can reference other files;
635 in particular, system library subroutines that
637 calls probably reference
640 .i /etc/resolv.conf .
643 The configuration file is normally created
644 using the distribution files described above.
645 If you have a particularly unusual system configuration
646 you may need to create a special version.
647 The format of this file is detailed in later sections
649 .sh 3 "/etc/mail/submit.cf"
651 This is the configuration file for
653 when it is used for initial mail submission, in which case
654 it is also called ``Mail Submission Program'' (MSP)
655 in contrast to ``Mail Transfer Agent'' (MTA).
656 Starting with version 8.12,
658 uses one of two different configuration files based on its operation mode
662 For initial mail submission, i.e., if one of the options
668 is specified, submit.cf is used (if available),
669 for other operations sendmail.cf is used.
670 Details can be found in
671 .i sendmail/SECURITY .
672 submit.cf is shipped with sendmail (in cf/cf/) and is installed by default.
673 If changes to the configuration need to be made, start with
674 cf/cf/submit.mc and follow the instruction in cf/README.
675 .sh 3 "/usr/\*(SB/newaliases"
679 command should just be a link to
682 rm \-f /usr/\*(SB/newaliases
683 ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
685 This can be installed in whatever search path you prefer
687 .sh 3 "/usr/\*(SB/hoststat"
691 command should just be a link to
693 in a fashion similar to
695 This command lists the status of the last mail transaction
696 with all remote hosts. The
698 flag will prevent the status display from being truncated.
699 It functions only when the
700 .b HostStatusDirectory
702 .sh 3 "/usr/\*(SB/purgestat"
704 This command is also a link to
706 It flushes expired (Timeout.hoststatus) information that is stored in the
707 .b HostStatusDirectory
709 .sh 3 "/var/spool/mqueue"
713 should be created to hold the mail queue.
714 This directory should be mode 0700
717 The actual path of this directory
723 To use multiple queues,
724 supply a value ending with an asterisk.
726 .i /var/spool/mqueue/qd*
727 will use all of the directories or symbolic links to directories
728 beginning with `qd' in
730 as queue directories.
731 Do not change the queue directory structure
732 while sendmail is running.
734 If these directories have subdirectories or symbolic links to directories
735 named `qf', `df', and `xf', then these will be used for the different
737 That is, the data files are stored in the `df' subdirectory,
738 the transcript files are stored in the `xf' subdirectory, and
739 all others are stored in the `qf' subdirectory.
741 If shared memory support is compiled in,
743 stores the available diskspace in a shared memory segment
744 to make the values readily available to all children without
745 incurring system overhead.
746 In this case, only the daemon updates the data;
747 i.e., the sendmail daemon creates the shared memory segment
748 and deletes it if it is terminated.
751 must have been compiled with support for shared memory
756 Notice: do not use the same key for
758 invocations with different queue directories
759 or different queue group declarations.
760 Access to shared memory is not controlled by locks,
761 i.e., there is a race condition when data in the shared memory is updated.
762 However, since operation of
764 does not rely on the data in the shared memory, this does not negatively
765 influence the behavior.
766 .sh 3 "/var/spool/clientmqueue"
769 .i /var/spool/clientmqueue
770 should be created to hold the mail queue.
771 This directory should be mode 0770
772 and owned by user smmsp, group smmsp.
774 The actual path of this directory
780 .sh 3 "/var/spool/mqueue/.hoststat"
782 This is a typical value for the
783 .b HostStatusDirectory
785 containing one file per host
786 that this sendmail has chatted with recently.
787 It is normally a subdirectory of
789 .sh 3 "/etc/mail/aliases*"
791 The system aliases are held in
792 .q /etc/mail/aliases .
795 which includes some aliases which
799 cp sendmail/aliases /etc/mail/aliases
800 .i "edit /etc/mail/aliases"
802 You should extend this file with any aliases that are apropos to your system.
806 looks at a database version of the files,
808 .q /etc/mail/aliases.dir
810 .q /etc/mail/aliases.pag
812 .q /etc/mail/aliases.db
813 depending on which database package you are using.
814 The actual path of this file
821 The permissions of the alias file and the database versions
822 should be 0640 to prevent local denial of service attacks
823 as explained in the top level
825 in the sendmail distribution.
826 If the permissions 0640 are used, be sure that only trusted users belong
827 to the group assigned to those files. Otherwise, files should not even
829 .sh 3 "/etc/rc or /etc/init.d/sendmail"
831 It will be necessary to start up the
833 daemon when your system reboots.
834 This daemon performs two functions:
835 it listens on the SMTP socket for connections
836 (to receive mail from a remote system)
837 and it processes the queue periodically
838 to insure that mail gets delivered when hosts come up.
840 If necessary, add the following lines to
845 in the area where it is starting up the daemons
846 on a BSD-base system,
847 or on a System-V-based system
848 in one of the startup files, typically
849 .q /etc/init.d/sendmail :
851 if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
852 (cd /var/spool/mqueue; rm \-f xf*)
853 /usr/\*(SD/sendmail \-bd \-q30m &
854 echo \-n ' sendmail' >/dev/console
861 commands insure that all transcript files have been removed;
862 extraneous transcript files may be left around
863 if the system goes down in the middle of processing a message.
864 The line that actually invokes
868 causes it to listen on the SMTP port,
871 causes it to run the queue every half hour.
873 Some people use a more complex startup script,
874 removing zero length qf/hf/Qf files and df files for which there is no
876 Note this is not advisable.
877 For example, see Figure 1
878 for an example of a complex script which does this clean up.
882 # remove zero length qf/hf/Qf files
883 for qffile in qf* hf* Qf*
889 echo \-n " <zero: $qffile>" > /dev/console
894 # rename tf files to be qf if the qf does not exist
897 qffile=`echo $tffile | sed 's/t/q/'`
898 if [ \-r $tffile \-a ! \-f $qffile ]
900 echo \-n " <recovering: $tffile>" > /dev/console
905 echo \-n " <extra: $tffile>" > /dev/console
910 # remove df files with no corresponding qf/hf/Qf files
913 qffile=`echo $dffile | sed 's/d/q/'`
914 hffile=`echo $dffile | sed 's/d/h/'`
915 Qffile=`echo $dffile | sed 's/d/Q/'`
916 if [ \-r $dffile \-a ! \-f $qffile \-a ! \-f $hffile \-a ! \-f $Qffile ]
918 echo \-n " <incomplete: $dffile>" > /dev/console
919 mv $dffile `echo $dffile | sed 's/d/D/'`
922 # announce files that have been saved during disaster recovery
923 for xffile in [A-Z]f*
927 echo \-n " <panic: $xffile>" > /dev/console
932 Figure 1 \(em A complex startup script
935 .sh 3 "/etc/mail/helpfile"
937 This is the help file used by the SMTP
940 It should be copied from
941 .q sendmail/helpfile :
943 cp sendmail/helpfile /etc/mail/helpfile
945 The actual path of this file
951 .sh 3 "/etc/mail/statistics"
953 If you wish to collect statistics
954 about your mail traffic,
955 you should create the file
956 .q /etc/mail/statistics :
958 cp /dev/null /etc/mail/statistics
959 chmod 0600 /etc/mail/statistics
961 This file does not grow.
962 It is printed with the program
963 .q mailstats/mailstats.c.
964 The actual path of this file
970 .sh 3 "/usr/\*(SB/mailq"
981 will print the contents of the mail queue;
983 This should be a link to /usr/\*(SD/sendmail.
987 stores its current pid in the file specified by the
989 option (default is _PATH_SENDMAILPID).
993 (which defaults to 0600) as
994 the permissions of that file
995 to prevent local denial of service attacks
996 as explained in the top level
998 in the sendmail distribution.
999 If the file already exists, then it might be necessary to
1000 change the permissions accordingly, e.g.,
1002 chmod 0600 /var/run/sendmail.pid
1004 Note that as of version 8.13, this file is unlinked when
1007 As a result of this change, a script such as the following,
1008 which may have worked prior to 8.13, will no longer work:
1010 # stop & start sendmail
1011 PIDFILE=/var/run/sendmail.pid
1012 kill `head -1 $PIDFILE`
1015 because it assumes that the pidfile will still exist even
1016 after killing the process to which it refers.
1017 Below is a script which will work correctly
1018 on both newer and older versions:
1020 # stop & start sendmail
1021 PIDFILE=/var/run/sendmail.pid
1022 pid=`head -1 $PIDFILE`
1023 cmd=`tail -1 $PIDFILE`
1027 This is just an example script, it does not perform any error checks,
1028 e.g., whether the pidfile exists at all.
1031 To prevent local denial of service attacks
1032 as explained in the top level
1034 in the sendmail distribution,
1035 the permissions of map files created by
1038 The use of 0640 implies that only trusted users belong to the group
1039 assigned to those files.
1040 If those files already exist, then it might be necessary to
1041 change the permissions accordingly, e.g.,
1044 chmod 0640 *.db *.pag *.dir
1046 .sh 1 "NORMAL OPERATIONS"
1047 .sh 2 "The System Log"
1049 The system log is supported by the
1054 are logged under the
1058 \**Except on Ultrix,
1059 which does not support facilities in the syslog.
1063 Each line in the system log
1064 consists of a timestamp,
1065 the name of the machine that generated it
1066 (for logging from several machines
1067 over the local area network),
1072 \**This format may vary slightly if your vendor has changed
1075 Most messages are a sequence of
1081 The two most common lines are logged when a message is processed.
1082 The first logs the receipt of a message;
1083 there will be exactly one of these per message.
1084 Some fields may be omitted if they do not contain interesting information.
1087 The envelope sender address.
1089 The size of the message in bytes.
1091 The class (i.e., numeric precedence) of the message.
1093 The initial message priority (used for queue sorting).
1095 The number of envelope recipients for this message
1096 (after aliasing and forwarding).
1098 The message id of the message (from the header).
1100 The message body type (7BIT or 8BITMIME),
1101 as determined from the envelope.
1103 The protocol used to receive this message (e.g., ESMTP or UUCP)
1105 The daemon name from the
1106 .b DaemonPortOptions
1109 The machine from which it was received.
1111 There is also one line logged per delivery attempt
1112 (so there can be several per message if delivery is deferred
1113 or there are multiple recipients).
1116 A comma-separated list of the recipients to this mailer.
1118 The ``controlling user'', that is, the name of the user
1119 whose credentials we use for delivery.
1121 The total delay between the time this message was received
1122 and the current delivery attempt.
1124 The amount of time needed in this delivery attempt
1125 (normally indicative of the speed of the connection).
1127 The name of the mailer used to deliver to this recipient.
1129 The name of the host that actually accepted (or rejected) this recipient.
1131 The enhanced error code (RFC 2034) if available.
1133 The delivery status.
1135 Not all fields are present in all messages;
1136 for example, the relay is usually not listed for local deliveries.
1141 or an equivalent installed,
1142 you will be able to do logging.
1143 There is a large amount of information that can be logged.
1144 The log is arranged as a succession of levels.
1146 only extremely strange situations are logged.
1147 At the highest level,
1148 even the most mundane and uninteresting events
1149 are recorded for posterity.
1151 log levels under ten
1152 are considered generally
1155 are reserved for debugging purposes.
1156 Levels from 11\-64 are reserved for verbose information
1157 that some sites might want.
1159 A complete description of the log levels
1160 is given in section ``Log Level''.
1161 .sh 2 "Dumping State"
1165 to log a dump of the open files
1166 and the connection cache
1170 The results are logged at
1173 .sh 2 "The Mail Queues"
1175 Mail messages may either be delivered immediately or be held for later
1177 Held messages are placed into a holding directory called a mail queue.
1179 A mail message may be queued for these reasons:
1181 If a mail message is temporarily undeliverable, it is queued
1182 and delivery is attempted later.
1183 If the message is addressed to multiple recipients, it is queued
1184 only for those recipients to whom delivery is not immediately possible.
1186 If the SuperSafe option is set to true,
1187 all mail messages are queued while delivery is attempted.
1189 If the DeliveryMode option is set to queue-only or defer,
1190 all mail is queued, and no immediate delivery is attempted.
1192 If the load average becomes higher than the value of the QueueLA option
1197 option divided by the difference in the current load average and the
1200 is less than the priority of the message,
1201 messages are queued rather than immediately delivered.
1203 One or more addresses are marked as expensive and delivery is postponed
1204 until the next queue run or one or more address are marked as held via
1205 mailer which uses the hold mailer flag.
1207 The mail message has been marked as quarantined via a mail filter or
1209 .sh 3 "Queue Groups and Queue Directories"
1211 There are one or more mail queues.
1212 Each mail queue belongs to a queue group.
1213 There is always a default queue group that is called ``mqueue''
1214 (which is where messages go by default unless otherwise specified).
1215 The directory or directories which comprise the default queue group
1216 are specified by the QueueDirectory option.
1217 There are zero or more
1218 additional named queue groups declared using the
1220 command in the configuration file.
1222 By default, a queued message is placed in the queue group
1223 associated with the first recipient in the recipient list.
1224 A recipient address is mapped to a queue group as follows.
1225 First, if there is a ruleset called ``queuegroup'',
1226 and if this ruleset maps the address to a queue group name,
1227 then that queue group is chosen.
1228 That is, the argument for the ruleset is
1229 the recipient address
1230 (i.e., the address part of the resolved triple)
1231 and the result should be
1233 followed by the name of a queue group.
1234 Otherwise, if the mailer associated with the address specifies
1235 a queue group, then that queue group is chosen.
1236 Otherwise, the default queue group is chosen.
1238 A message with multiple recipients will be split
1239 if different queue groups are chosen
1240 by the mapping of recipients to queue groups.
1242 When a message is placed in a queue group, and the queue group has
1243 more than one queue, a queue is selected randomly.
1245 If a message with multiple recipients is placed into a queue group
1246 with the 'r' option (maximum number of recipients per message)
1247 set to a positive value
1249 and if there are more than
1252 in the message, then the message will be split into multiple messages,
1253 each of which have at most
1257 Notice: if multiple queue groups are used, do
1259 move queue files around, e.g., into a different queue directory.
1260 This may have weird effects and can cause mail not to be delivered.
1261 Queue files and directories should be treated as opaque
1262 and should not be manipulated directly.
1266 has two different ways to process the queue(s).
1267 The first one is to start queue runners after certain intervals
1268 (``normal'' queue runners),
1269 the second one is to keep queue runner processes around
1270 (``persistent'' queue runners).
1271 How to select either of these types is discussed in the appendix
1272 ``COMMAND LINE FLAGS''.
1273 Persistent queue runners have the advantage that no new processes
1274 need to be spawned at certain intervals; they just sleep for
1275 a specified time after they finished a queue run.
1276 Another advantage of persistent queue runners is that only one process
1277 belonging to a workgroup (a workgroup is a set of queue groups)
1278 collects the data for a queue run
1279 and then multiple queue runner may go ahead using that data.
1280 This can significantly reduce the disk I/O necessary to read the
1281 queue files compared to starting multiple queue runners directly.
1282 Their disadvantage is that a new queue run is only started
1283 after all queue runners belonging to a group finished their tasks.
1284 In case one of the queue runners tries delivery to a slow recipient site
1285 at the end of a queue run, the next queue run may be substantially delayed.
1286 In general this should be smoothed out due to the distribution of
1287 those slow jobs, however, for sites with small number of
1288 queue entries this might introduce noticeable delays.
1289 In general, persistent queue runners are only useful for
1290 sites with big queues.
1291 .sh 3 "Manual Intervention"
1293 Under normal conditions the mail queue will be processed transparently.
1294 However, you may find that manual intervention is sometimes necessary.
1296 if a major host is down for a period of time
1297 the queue may become clogged.
1300 ought to recover gracefully when the host comes up,
1301 you may find performance unacceptably bad in the meantime.
1302 In that case you want to check the content of the queue
1303 and manipulate it as explained in the next two sections.
1304 .sh 3 "Printing the queue"
1306 The contents of the queue(s) can be printed
1310 (or by specifying the
1317 This will produce a listing of the queue id's,
1318 the size of the message,
1319 the date the message entered the queue,
1320 and the sender and recipients.
1321 If shared memory support is compiled in,
1324 can be used to print the number of entries in the queue(s),
1325 provided a process updates the data.
1326 However, as explained earlier, the output might be slightly wrong,
1327 since access to the shared memory is not locked.
1329 ``unknown number of entries''
1331 The internal counters are updated after each queue run
1332 to the correct value again.
1333 .sh 3 "Forcing the queue"
1336 should run the queue automatically at intervals.
1337 When using multiple queues,
1338 a separate process will by default be created to
1339 run each of the queues
1340 unless the queue run is initiated by a user
1341 with the verbose flag.
1342 The algorithm is to read and sort the queue,
1343 and then to attempt to process all jobs in order.
1344 When it attempts to run the job,
1346 first checks to see if the job is locked.
1347 If so, it ignores the job.
1349 There is no attempt to insure that only one queue processor
1351 since there is no guarantee that a job cannot take forever
1355 does include heuristics to try to abort jobs
1356 that are taking absurd amounts of time;
1357 technically, this violates RFC 821, but is blessed by RFC 1123).
1358 Due to the locking algorithm,
1359 it is impossible for one job to freeze the entire queue.
1361 an uncooperative recipient host
1362 or a program recipient
1364 can accumulate many processes in your system.
1366 there is no completely general way to solve this.
1369 you may find that a major host going down
1370 for a couple of days
1371 may create a prohibitively large queue.
1374 spending an inordinate amount of time
1376 This situation can be fixed by moving the queue to a temporary place
1377 and creating a new queue.
1378 The old queue can be run later when the offending host returns to service.
1381 it is acceptable to move the entire queue directory:
1384 mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue
1386 You should then kill the existing daemon
1387 (since it will still be processing in the old queue directory)
1388 and create a new daemon.
1390 To run the old mail queue, issue the following command:
1392 /usr/\*(SD/sendmail \-C /etc/mail/queue.cf \-q
1396 flag specifies an alternate configuration file
1398 which should refer to the moved queue directory
1400 O QueueDirectory=/var/spool/omqueue
1404 flag says to just run every job in the queue.
1405 You can also specify the moved queue directory on the command line
1407 /usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
1409 but this requires that you do not have
1410 queue groups in the configuration file,
1411 because those are not subdirectories of the moved directory.
1412 See the section about ``Queue Group Declaration'' for details;
1413 you most likely need a different configuration file to correctly deal
1415 However, a proper configuration of queue groups should avoid
1416 filling up queue directories, so you shouldn't run into
1418 If you have a tendency toward voyeurism,
1421 flag to watch what is going on.
1423 When the queue is finally emptied,
1424 you can remove the directory:
1426 rmdir /var/spool/omqueue
1428 .sh 3 "Quarantined Queue Items"
1430 It is possible to "quarantine" mail messages,
1431 otherwise known as envelopes.
1432 Envelopes (queue files) are stored but not considered for delivery or
1433 display unless the "quarantine" state of the envelope is undone or
1434 delivery or display of quarantined items is requested.
1435 Quarantined messages are tagged by using a different name for the queue
1436 file, 'hf' instead of 'qf', and by adding the quarantine reason to the
1439 Delivery or display of quarantined items can be requested using the
1445 Additionally, messages already in the queue can be quarantined or
1446 unquarantined using the new
1451 sendmail -Qreason -q[!][I|R|S][matchstring]
1453 Quarantines the normal queue items matching the criteria specified by the
1454 .b "-q[!][I|R|S][matchstring]"
1455 using the reason given on the
1460 sendmail -qQ -Q[reason] -q[!][I|R|S|Q][matchstring]
1462 Change the quarantine reason for the quarantined items matching the
1463 criteria specified by the
1464 .b "-q[!][I|R|S|Q][matchstring]"
1465 using the reason given on the
1468 If there is no reason,
1469 unquarantine the matching items and make them normal queue items.
1472 flag tells sendmail to operate on quarantined items instead of normal items.
1473 .sh 2 "Disk Based Connection Information"
1476 stores a large amount of information about each remote system it
1477 has connected to in memory. It is possible to preserve some
1478 of this information on disk as well, by using the
1479 .b HostStatusDirectory
1480 option, so that it may be shared between several invocations of
1482 This allows mail to be queued immediately or skipped during a queue run if
1483 there has been a recent failure in connecting to a remote machine.
1484 Note: information about a remote system is stored in a file
1485 whose pathname consists of the components of the hostname in reverse order.
1486 For example, the information for
1489 .b com./example./host .
1490 For top-level domains like
1492 this can create a large number of subdirectories
1493 which on some filesystems can exhaust some limits.
1494 Moreover, the performance of lookups in directory with thousands of entries
1495 can be fairly slow depending on the filesystem implementation.
1497 Additionally enabling
1498 .b SingleThreadDelivery
1499 has the added effect of single-threading mail delivery to a destination.
1500 This can be quite helpful
1501 if the remote machine is running an SMTP server that is easily overloaded
1502 or cannot accept more than a single connection at a time,
1503 but can cause some messages to be punted to a future queue run.
1506 hosts, so setting this because you have one machine on site
1507 that runs some software that is easily overrun
1508 can cause mail to other hosts to be slowed down.
1509 If this option is set,
1510 you probably want to set the
1512 option as well and run the queue fairly frequently;
1513 this way jobs that are skipped because another
1515 is talking to the same host will be tried again quickly
1516 rather than being delayed for a long time.
1518 The disk based host information is stored in a subdirectory of the
1523 \**This is the usual value of the
1524 .b HostStatusDirectory
1526 it can, of course, go anywhere you like in your filesystem.
1528 Removing this directory and its subdirectories has an effect similar to
1531 command and is completely safe.
1534 only removes expired (Timeout.hoststatus) data.
1535 The information in these directories can
1538 command, which will indicate the host name, the last access, and the
1539 status of that access.
1540 An asterisk in the left most column indicates that a
1542 process currently has the host locked for mail delivery.
1544 The disk based connection information is treated the same way as memory based
1545 connection information for the purpose of timeouts.
1546 By default, information about host failures is valid for 30 minutes.
1547 This can be adjusted with
1549 .b Timeout.hoststatus
1552 The connection information stored on disk may be expired at any time
1555 command or by invoking sendmail with the
1558 The connection information may be viewed with the
1560 command or by invoking sendmail with the
1563 .sh 2 "The Service Switch"
1565 The implementation of certain system services
1566 such as host and user name lookup
1567 is controlled by the service switch.
1568 If the host operating system supports such a switch,
1569 and sendmail knows about it,
1571 will use the native version.
1572 Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**.
1574 \**HP-UX 10 has service switch support,
1575 but since the APIs are apparently not available in the libraries
1577 does not use the native service switch in this release.
1580 If the underlying operating system does not support a service switch
1581 (e.g., SunOS 4.X, HP-UX, BSD)
1584 will provide a stub implementation.
1586 .b ServiceSwitchFile
1587 option points to the name of a file that has the service definitions.
1588 Each line has the name of a service
1589 and the possible implementations of that service.
1590 For example, the file:
1597 to look for hosts in the Domain Name System first.
1598 If the requested host name is not found, it tries local files,
1599 and if that fails it tries NIS.
1600 Similarly, when looking for aliases
1601 it will try the local files first followed by NIS.
1605 must access MX records for correct operation, it will use
1606 DNS if it is configured in the
1607 .b ServiceSwitchFile
1613 will not avoid DNS lookups even if a host can be found
1616 Note: in contrast to the
1619 some operating systems do not preserve temporary failures.
1620 For example, if DNS returns a TRY_AGAIN status for this setup
1622 hosts files dns myhostname
1624 but myhostname does not find the requested entry,
1625 then a permanent error is returned to
1627 which obviously can cause problems,
1628 e.g., an immediate bounce instead of a deferral.
1630 Service switches are not completely integrated.
1631 For example, despite the fact that the host entry listed in the above example
1632 specifies to look in NIS,
1633 on SunOS this won't happen because the system implementation of
1634 .i gethostbyname \|(3)
1635 doesn't understand this.
1636 .sh 2 "The Alias Database"
1638 After recipient addresses are read from the SMTP connection
1640 they are parsed by ruleset 0,
1641 which must resolve to a
1647 If the flags selected by the
1654 part of the triple is looked up as the key
1655 (i.e., the left hand side)
1656 in the alias database.
1657 If there is a match, the address is deleted from the send queue
1658 and all addresses on the right hand side of the alias
1659 are added in place of the alias that was found.
1660 This is a recursive operation,
1661 so aliases found in the right hand side of the alias
1662 are similarly expanded.
1664 The alias database exists in two forms.
1666 maintained in the file
1667 .i /etc/mail/aliases.
1668 The aliases are of the form
1670 name: name1, name2, ...
1672 Only local names may be aliased;
1675 eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU
1677 will not have the desired effect
1678 (except on prep.ai.MIT.EDU,
1679 and they probably don't want me)\**.
1681 \**Actually, any mailer that has the `A' mailer flag set
1682 will permit aliasing;
1683 this is normally limited to the local mailer.
1685 Aliases may be continued by starting any continuation lines
1686 with a space or a tab or by putting a backslash directly before
1688 Blank lines and lines beginning with a sharp sign
1693 The second form is processed by one of the available map types,
1699 package does not work.
1701 the Berkeley DB library,
1704 This is the form that
1706 actually uses to resolve aliases.
1707 This technique is used to improve performance.
1709 The control of search order is actually set by the service switch.
1710 Essentially, the entry
1712 O AliasFile=switch:aliases
1714 is always added as the first alias entry;
1715 also, the first alias file name without a class
1719 will be used as the name of the file for a ``files'' entry
1720 in the aliases switch.
1721 For example, if the configuration file contains
1723 O AliasFile=/etc/mail/aliases
1725 and the service switch contains
1727 aliases nis files nisplus
1729 then aliases will first be searched in the NIS database,
1730 then in /etc/mail/aliases,
1731 then in the NIS+ database.
1736 For example, the specification:
1738 O AliasFile=/etc/mail/aliases
1739 O AliasFile=nis:mail.aliases@my.nis.domain
1741 will first search the /etc/mail/aliases file
1742 and then the map named
1746 Warning: if you build your own
1749 be sure to provide the
1753 to map upper case letters in the keys to lower case;
1754 otherwise, aliases with upper case letters in their names
1755 won't match incoming addresses.
1757 Additional flags can be added after the colon
1760 line \(em for example:
1762 O AliasFile=nis:\-N mail.aliases@my.nis.domain
1764 will search the appropriate NIS map and always include null bytes in the key.
1767 O AliasFile=nis:\-f mail.aliases@my.nis.domain
1769 will prevent sendmail from downcasing the key before the alias lookup.
1770 .sh 3 "Rebuilding the alias database"
1776 version of the database
1777 may be rebuilt explicitly by executing the command
1781 This is equivalent to giving
1787 /usr/\*(SD/sendmail \-bi
1790 If you have multiple aliases databases specified,
1793 flag rebuilds all the database types it understands
1794 (for example, it can rebuild NDBM databases but not NIS databases).
1795 .sh 3 "Potential problems"
1797 There are a number of problems that can occur
1798 with the alias database.
1799 They all result from a
1801 process accessing the DBM version
1802 while it is only partially built.
1803 This can happen under two circumstances:
1804 One process accesses the database
1805 while another process is rebuilding it,
1806 or the process rebuilding the database dies
1807 (due to being killed or a system crash)
1808 before completing the rebuild.
1810 Sendmail has three techniques to try to relieve these problems.
1811 First, it ignores interrupts while rebuilding the database;
1812 this avoids the problem of someone aborting the process
1813 leaving a partially rebuilt database.
1815 it locks the database source file during the rebuild \(em
1816 but that may not work over NFS or if the file is unwritable.
1818 at the end of the rebuild
1819 it adds an alias of the form
1823 (which is not normally legal).
1826 will access the database,
1827 it checks to insure that this entry exists\**.
1831 option is required in the configuration
1832 for this action to occur.
1833 This should normally be specified.
1837 If an error occurs on sending to a certain address,
1841 will look for an alias
1844 to receive the errors.
1845 This is typically useful
1847 where the submitter of the list
1848 has no control over the maintenance of the list itself;
1849 in this case the list maintainer would be the owner of the list.
1852 unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
1854 owner-unix-wizards: unix-wizards-request
1855 unix-wizards-request: eric@ucbarpa
1859 to get the error that will occur
1860 when someone sends to
1862 due to the inclusion of
1866 List owners also cause the envelope sender address to be modified.
1867 The contents of the owner alias are used if they point to a single user,
1868 otherwise the name of the alias itself is used.
1869 For this reason, and to obey Internet conventions,
1872 address normally points at the
1874 address; this causes messages to go out with the typical Internet convention
1877 as the return address.
1878 .sh 2 "User Information Database"
1880 This option is deprecated, use virtusertable and genericstable instead
1883 If you have a version of
1885 with the user information database
1887 and you have specified one or more databases using the
1890 the databases will be searched for a
1893 If found, the mail will be sent to the specified address.
1894 .sh 2 "Per-User Forwarding (.forward Files)"
1896 As an alternative to the alias database,
1897 any user may put a file with the name
1899 in his or her home directory.
1900 If this file exists,
1902 redirects mail for that user
1903 to the list of addresses listed in the .forward file.
1904 Note that aliases are fully expanded before forward files are referenced.
1905 For example, if the home directory for user
1907 has a .forward file with contents:
1912 then any mail arriving for
1914 will be redirected to the specified accounts.
1916 Actually, the configuration file defines a sequence of filenames to check.
1917 By default, this is the user's .forward file,
1918 but can be defined to be more generally using the
1922 you will have to inform your user base of the change;
1923 \&.forward is pretty well incorporated into the collective subconscious.
1924 .sh 2 "Special Header Lines"
1926 Several header lines have special interpretations
1927 defined by the configuration file.
1928 Others have interpretations built into
1930 that cannot be changed without changing the code.
1931 These built-ins are described here.
1934 If errors occur anywhere during processing,
1935 this header will cause error messages to go to
1936 the listed addresses.
1937 This is intended for mailing lists.
1939 The Errors-To: header was created in the bad old days
1940 when UUCP didn't understand the distinction between an envelope and a header;
1941 this was a hack to provide what should now be passed
1942 as the envelope sender address.
1944 It is only used if the
1948 The Errors-To: header is officially deprecated
1949 and will go away in a future release.
1950 .sh 3 "Apparently-To:"
1952 RFC 822 requires at least one recipient field
1953 (To:, Cc:, or Bcc: line)
1955 If a message comes in with no recipients listed in the message
1958 will adjust the header based on the
1959 .q NoRecipientAction
1961 One of the possible actions is to add an
1963 header line for any recipients it is aware of.
1965 The Apparently-To: header is non-standard
1966 and is both deprecated and strongly discouraged.
1969 The Precedence: header can be used as a crude control of message priority.
1970 It tweaks the sort order in the queue
1971 and can be configured to change the message timeout values.
1972 The precedence of a message also controls how
1973 delivery status notifications (DSNs)
1974 are processed for that message.
1975 .sh 2 "IDENT Protocol Support"
1978 supports the IDENT protocol as defined in RFC 1413.
1979 Note that the RFC states
1980 a client should wait at least 30 seconds for a response.
1981 The default Timeout.ident is 5 seconds
1982 as many sites have adopted the practice of dropping IDENT queries.
1983 This has lead to delays processing mail.
1984 Although this enhances identification
1985 of the author of an email message
1986 by doing a ``call back'' to the originating system to include
1987 the owner of a particular TCP connection
1989 it is in no sense perfect;
1990 a determined forger can easily spoof the IDENT protocol.
1991 The following description is excerpted from RFC 1413:
1994 6. Security Considerations
1996 The information returned by this protocol is at most as trustworthy
1997 as the host providing it OR the organization operating the host. For
1998 example, a PC in an open lab has few if any controls on it to prevent
1999 a user from having this protocol return any identifier the user
2000 wants. Likewise, if the host has been compromised the information
2001 returned may be completely erroneous and misleading.
2003 The Identification Protocol is not intended as an authorization or
2004 access control protocol. At best, it provides some additional
2005 auditing information with respect to TCP connections. At worst, it
2006 can provide misleading, incorrect, or maliciously incorrect
2009 The use of the information returned by this protocol for other than
2010 auditing is strongly discouraged. Specifically, using Identification
2011 Protocol information to make access control decisions - either as the
2012 primary method (i.e., no other checks) or as an adjunct to other
2013 methods may result in a weakening of normal host security.
2015 An Identification server may reveal information about users,
2016 entities, objects or processes which might normally be considered
2017 private. An Identification server provides service which is a rough
2018 analog of the CallerID services provided by some phone companies and
2019 many of the same privacy considerations and arguments that apply to
2020 the CallerID service apply to Identification. If you wouldn't run a
2021 "finger" server due to privacy considerations you may not want to run
2025 In some cases your system may not work properly with IDENT support
2026 due to a bug in the TCP/IP implementation.
2027 The symptoms will be that for some hosts
2028 the SMTP connection will be closed
2030 If this is true or if you do not want to use IDENT,
2031 you should set the IDENT timeout to zero;
2032 this will disable the IDENT protocol.
2035 The complete list of arguments to
2037 is described in detail in Appendix A.
2038 Some important arguments are described here.
2039 .sh 2 "Queue Interval"
2041 The amount of time between forking a process
2042 to run through the queue is defined by the
2045 If you run with delivery mode set to
2049 this can be relatively large, since it will only be relevant
2050 when a host that was down comes back up.
2053 mode it should be relatively short,
2054 since it defines the maximum amount of time that a message
2055 may sit in the queue.
2056 (See also the MinQueueAge option.)
2058 RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
2059 (although that probably doesn't make sense if you use ``queue-only'' mode).
2061 Notice: the meaning of the interval time depends on whether normal
2062 queue runners or persistent queue runners are used.
2063 For the former, it is the time between subsequent starts of a queue run.
2064 For the latter, it is the time sendmail waits after a persistent queue
2065 runner has finished its work to start the next one.
2066 Hence for persistent queue runners this interval should be very low,
2067 typically no more than two minutes.
2070 If you allow incoming mail over an IPC connection,
2071 you should have a daemon running.
2072 This should be set by your
2081 flag may be combined in one call:
2083 /usr/\*(SD/sendmail \-bd \-q30m
2086 An alternative approach is to invoke sendmail from
2090 flags to ask sendmail to speak SMTP on its standard input and output
2092 This works and allows you to wrap
2094 in a TCP wrapper program,
2095 but may be a bit slower since the configuration file
2096 has to be re-read on every message that comes in.
2097 If you do this, you still need to have a
2099 running to flush the queue:
2101 /usr/\*(SD/sendmail \-q30m
2103 .sh 2 "Forcing the Queue"
2105 In some cases you may find that the queue has gotten clogged for some reason.
2106 You can force a queue run
2109 flag (with no value).
2110 It is entertaining to use the
2113 when this is done to watch what happens:
2115 /usr/\*(SD/sendmail \-q \-v
2118 You can also limit the jobs to those with a particular queue identifier,
2119 recipient, sender, quarantine reason, or queue group
2120 using one of the queue modifiers.
2123 restricts the queue run to jobs that have the string
2125 somewhere in one of the recipient addresses.
2128 limits the run to particular senders,
2130 limits it to particular queue identifiers, and
2132 limits it to particular quarantined reasons and only operated on
2133 quarantined queue items, and
2135 limits it to a particular queue group.
2136 The named queue group will be run even if it is set to have 0 runners.
2137 You may also place an
2147 to indicate that jobs are limited to not including a particular queue
2148 identifier, recipient or sender.
2151 limits the queue run to jobs that do not have the string
2153 somewhere in one of the recipient addresses.
2154 Should you need to terminate the queue jobs currently active then a SIGTERM
2155 to the parent of the process (or processes) will cleanly stop the jobs.
2158 There are a fairly large number of debug flags
2161 Each debug flag has a category and a level.
2162 Higher levels increase the level of debugging activity;
2163 in most cases, this means to print out more information.
2164 The convention is that levels greater than nine are
2167 they print out so much information that you wouldn't normally
2168 want to see them except for debugging that particular piece of code.
2172 run a production sendmail server in debug mode.
2173 Many of the debug flags will result in debug output being sent over the
2174 SMTP channel unless the option
2177 This will confuse many mail programs.
2178 However, for testing purposes, it can be useful
2179 when sending mail manually via
2180 telnet to the port you are using while debugging.
2182 A debug category is either an integer, like 42,
2183 or a name, like ANSI.
2184 You can specify a range of numeric debug categories
2185 using the syntax 17-42.
2186 You can specify a set of named debug categories using
2193 are supported in these glob patterns.
2195 Debug flags are set using the
2200 .ta \w'debug-categories:M 'u
2201 debug-flag: \fB\-d\fP debug-list
2202 debug-list: debug-option [ , debug-option ]*
2203 debug-option: debug-categories [ . debug-level ]
2204 debug-categories: integer | integer \- integer | category-pattern
2205 category-pattern: [a-zA-Z_*?][a-zA-Z0-9_*?]*
2206 debug-level: integer
2208 where spaces are for reading ease only.
2211 \-d12 Set category 12 to level 1
2212 \-d12.3 Set category 12 to level 3
2213 \-d3\-17 Set categories 3 through 17 to level 1
2214 \-d3\-17.4 Set categories 3 through 17 to level 4
2215 \-dANSI Set category ANSI to level 1
2216 \-dsm_trace_*.3 Set all named categories matching sm_trace_* to level 3
2218 For a complete list of the available debug flags
2219 you will have to look at the code
2222 file in the sendmail distribution
2223 (they are too dynamic to keep this document up to date).
2224 For a list of named debug categories in the sendmail binary, use
2226 ident /usr/sbin/sendmail | grep Debug
2228 .sh 2 "Changing the Values of Options"
2230 Options can be overridden using the
2237 /usr/\*(SD/sendmail \-oT2m
2241 (timeout) option to two minutes
2243 the equivalent line using the long option name is
2245 /usr/\*(SD/sendmail -OTimeout.queuereturn=2m
2248 Some options have security implications.
2249 Sendmail allows you to set these,
2250 but relinquishes its set-user-ID or set-group-ID permissions thereafter\**.
2252 \**That is, it sets its effective uid to the real uid;
2253 thus, if you are executing as root,
2254 as from root's crontab file or during system startup
2255 the root permissions will still be honored.
2257 .sh 2 "Trying a Different Configuration File"
2259 An alternative configuration file
2260 can be specified using the
2264 /usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
2266 uses the configuration file
2268 instead of the default
2269 .i /etc/mail/sendmail.cf.
2275 in the current directory.
2278 gives up set-user-ID root permissions
2279 (if it has been installed set-user-ID root)
2280 when you use this flag, so it is common to use a publicly writable directory
2282 as the queue directory (QueueDirectory or Q option) while testing.
2283 .sh 2 "Logging Traffic"
2285 Many SMTP implementations do not fully implement the protocol.
2286 For example, some personal computer based SMTPs
2287 do not understand continuation lines in reply codes.
2288 These can be very hard to trace.
2289 If you suspect such a problem, you can set traffic logging using the
2294 /usr/\*(SD/sendmail \-X /tmp/traffic \-bd
2296 will log all traffic in the file
2299 This logs a lot of data very quickly and should
2302 during normal operations.
2303 After starting up such a daemon,
2304 force the errant implementation to send a message to your host.
2305 All message traffic in and out of
2307 including the incoming SMTP traffic,
2308 will be logged in this file.
2309 .sh 2 "Testing Configuration Files"
2311 When you build a configuration table,
2312 you can do a certain amount of testing
2322 sendmail \-bt \-Ctest.cf
2324 which would read the configuration file
2326 and enter test mode.
2328 you enter lines of the form:
2334 is the rewriting set you want to use
2337 is an address to apply the set to.
2338 Test mode shows you the steps it takes
2340 finally showing you the address it ends up with.
2341 You may use a comma separated list of rwsets
2342 for sequential application of rules to an input.
2345 3,1,21,4 monet:bollard
2347 first applies ruleset three to the input
2349 Ruleset one is then applied to the output of ruleset three,
2350 followed similarly by rulesets twenty-one and four.
2352 If you need more detail,
2353 you can also use the
2355 flag to turn on more debugging.
2358 sendmail \-bt \-d21.99
2360 turns on an incredible amount of information;
2361 a single word address
2362 is probably going to print out several pages worth of information.
2364 You should be warned that internally,
2366 applies ruleset 3 to all addresses.
2368 you will have to do that manually.
2369 For example, older versions allowed you to use
2371 0 bruce@broadcast.sony.com
2373 This version requires that you use:
2375 3,0 bruce@broadcast.sony.com
2379 some other syntaxes are available in test mode:
2384 to have the indicated
2386 This is useful when debugging rules that use the
2396 dumps the contents of the indicated ruleset.
2398 is equivalent to the command-line flag.
2400 Version 8.9 introduced more features:
2403 shows a help message.
2405 display the known mailers.
2407 print the value of macro m.
2409 print the contents of class c.
2411 returns the MX records for `host'.
2413 parse address, returning the value of
2415 and the parsed address.
2416 .ip /try\ mailer\ addr
2417 rewrite address into the form it will have when
2418 presented to the indicated mailer.
2419 .ip /tryflags\ flags
2420 set flags used by parsing. The flags can be `H' for
2421 Header or `E' for Envelope, and `S' for Sender or `R'
2422 for Recipient. These can be combined, `HR' sets
2423 flags for header recipients.
2424 .ip /canon\ hostname
2425 try to canonify hostname.
2426 .ip /map\ mapname\ key
2427 look up `key' in the indicated `mapname'.
2429 quit address test mode.
2431 .sh 2 "Persistent Host Status Information"
2434 .b HostStatusDirectory
2436 information about the status of hosts is maintained on disk
2437 and can thus be shared between different instantiations of
2439 The status of the last connection with each remote host
2440 may be viewed with the command:
2444 This information may be flushed with the command:
2448 Flushing the information prevents new
2450 processes from loading it,
2451 but does not prevent existing processes from using the status information
2452 that they already have.
2455 There are a number of configuration parameters
2456 you may want to change,
2457 depending on the requirements of your site.
2458 Most of these are set
2459 using an option in the configuration file.
2462 .q "O Timeout.queuereturn=5d"
2464 .q Timeout.queuereturn
2469 Most of these options have appropriate defaults for most sites.
2471 sites having very high mail loads may find they need to tune them
2472 as appropriate for their mail load.
2474 sites experiencing a large number of small messages,
2475 many of which are delivered to many recipients,
2476 may find that they need to adjust the parameters
2477 dealing with queue priorities.
2482 had single character option names.
2484 options have long (multi-character names).
2485 Although old short names are still accepted,
2486 most new options do not have short equivalents.
2488 This section only describes the options you are most likely
2496 All time intervals are set
2497 using a scaled syntax.
2500 represents ten minutes, whereas
2502 represents two and a half hours.
2503 The full set of scales is:
2512 .sh 3 "Queue interval"
2516 flag specifies how often a sub-daemon will run the queue.
2517 This is typically set to between fifteen minutes and one hour.
2518 If not set, or set to zero,
2519 the queue will not be run automatically.
2520 RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
2521 Should you need to terminate the queue jobs currently active then a SIGTERM
2522 to the parent of the process (or processes) will cleanly stop the jobs.
2523 .sh 3 "Read timeouts"
2525 Timeouts all have option names
2526 .q Timeout.\fIsuboption\fP .
2527 Most of these control SMTP operations.
2530 their default values, and the minimum values
2531 allowed by RFC 2821 section 4.5.3.2 (or RFC 1123 section 5.3.2) are:
2534 The time to wait for an SMTP connection to open
2539 If zero, uses the kernel default.
2540 In no case can this option extend the timeout
2541 longer than the kernel provides, but it can shorten it.
2542 This is to get around kernels that provide an absurdly long connection timeout
2543 (90 minutes in one case).
2547 except it applies only to the initial attempt to connect to a host
2550 The concept is that this should be very short (a few seconds);
2551 hosts that are well connected and responsive will thus be serviced immediately.
2552 Hosts that are slow will not hold up other deliveries in the initial
2556 The overall timeout waiting for all connection for a single delivery
2558 If 0, no overall limit is applied.
2559 This can be used to restrict the total amount of time trying to connect to
2560 a long list of host that could accept an e-mail for the recipient.
2561 This timeout does not apply to
2563 i.e., if the time is exhausted, the
2567 The wait for the initial 220 greeting message
2570 The wait for a reply from a HELO or EHLO command
2572 This may require a host name lookup, so
2573 five minutes is probably a reasonable minimum.
2575 The wait for a reply from a MAIL command
2578 The wait for a reply from a RCPT command
2581 because it could be pointing at a list
2582 that takes a long time to expand
2585 The wait for a reply from a DATA command
2587 .ip datablock\(dg\(dd
2588 The wait for reading a data block
2589 (that is, the body of the message).
2591 This should be long because it also applies to programs
2594 which have no guarantee of promptness.
2596 The wait for a reply from the dot terminating a message.
2598 If this is shorter than the time actually needed
2599 for the receiver to deliver the message,
2600 duplicates will be generated.
2601 This is discussed in RFC 1047.
2603 The wait for a reply from a RSET command
2606 The wait for a reply from a QUIT command
2609 The wait for a reply from miscellaneous (but short) commands
2610 such as NOOP (no-operation) and VERB (go into verbose mode).
2614 the time to wait for another command.
2617 The timeout waiting for a reply to an IDENT query
2618 [5s\**, unspecified].
2620 \**On some systems the default is zero to turn the protocol off entirely.
2623 The wait for a reply to an LMTP LHLO command
2626 The timeout for a reply in an SMTP AUTH dialogue
2629 The timeout for a reply to an SMTP STARTTLS command and the TLS handshake
2632 The timeout for opening .forward and :include: files [60s, none].
2634 The timeout for a complete control socket transaction to complete [2m, none].
2636 How long status information about a host
2638 will be cached before it is considered stale
2640 .ip resolver.retrans\(dd
2642 retransmission time interval
2646 .i Timeout.resolver.retrans.first
2648 .i Timeout.resolver.retrans.normal .
2649 .ip resolver.retrans.first\(dd
2651 retransmission time interval
2653 for the first attempt to
2656 .ip resolver.retrans.normal\(dd
2658 retransmission time interval
2660 for all resolver lookups
2661 except the first delivery attempt
2663 .ip resolver.retry\(dd
2665 to retransmit a resolver query.
2667 .i Timeout.resolver.retry.first
2669 .i Timeout.resolver.retry.normal
2671 .ip resolver.retry.first\(dd
2673 to retransmit a resolver query
2674 for the first attempt
2675 to deliver a message
2677 .ip resolver.retry.normal\(dd
2679 to retransmit a resolver query
2680 for all resolver lookups
2681 except the first delivery attempt
2684 For compatibility with old configuration files,
2688 all the timeouts marked with
2690 (\(dg) are set to the indicated value.
2691 All but those marked with
2693 (\(dd) apply to client SMTP.
2695 For example, the lines:
2697 O Timeout.command=25m
2698 O Timeout.datablock=3h
2700 sets the server SMTP command timeout to 25 minutes
2701 and the input data block timeout to three hours.
2702 .sh 3 "Message timeouts"
2704 After sitting in the queue for a few days,
2705 an undeliverable message will time out.
2706 This is to insure that at least the sender is aware
2707 of the inability to send a message.
2708 The timeout is typically set to five days.
2709 It is sometimes considered convenient to also send a warning message
2710 if the message is in the queue longer than a few hours
2711 (assuming you normally have good connectivity;
2712 if your messages normally took several hours to send
2713 you wouldn't want to do this because it wouldn't be an unusual event).
2714 These timeouts are set using the
2715 .b Timeout.queuereturn
2717 .b Timeout.queuewarn
2718 options in the configuration file
2719 (previously both were set using the
2723 If the message is submitted using the
2727 warning messages will only be sent if
2730 The queuereturn and queuewarn timeouts
2731 can be further qualified with a tag based on the Precedence: field
2735 (indicating a positive non-zero precedence),
2737 (indicating a zero precedence), or
2739 (indicating negative precedences).
2740 For example, setting
2741 .q Timeout.queuewarn.urgent=1h
2742 sets the warning timeout for urgent messages only
2744 The default if no precedence is indicated
2745 is to set the timeout for all precedences.
2746 If the message has a normal (default) precedence
2747 and it is a delivery status notification (DSN),
2748 .b Timeout.queuereturn.dsn
2750 .b Timeout.queuewarn.dsn
2751 can be used to give an alternative warn and return time
2753 The value "now" can be used for
2754 -O Timeout.queuereturn
2755 to return entries immediately during a queue run,
2756 e.g., to bounce messages independent of their time in the queue.
2758 Since these options are global,
2759 and since you cannot know
2761 how long another host outside your domain will be down,
2762 a five day timeout is recommended.
2763 This allows a recipient to fix the problem even if it occurs
2764 at the beginning of a long weekend.
2765 RFC 1123 section 5.3.1.1 says that this parameter
2766 should be ``at least 4\-5 days''.
2769 .b Timeout.queuewarn
2770 value can be piggybacked on the
2772 option by indicating a time after which
2773 a warning message should be sent;
2774 the two timeouts are separated by a slash.
2775 For example, the line
2779 causes email to fail after five days,
2780 but a warning message will be sent after four hours.
2781 This should be large enough that the message will have been tried
2783 .sh 2 "Forking During Queue Runs"
2791 will fork before each individual message
2792 while running the queue.
2793 This option was used with earlier releases to prevent
2795 from consuming large amounts of memory.
2796 It should no longer be necessary with
2803 will keep track of hosts that are down during a queue run,
2804 which can improve performance dramatically.
2810 cannot use connection caching.
2811 .sh 2 "Queue Priorities"
2813 Every message is assigned a priority when it is first instantiated,
2814 consisting of the message size (in bytes)
2815 offset by the message class
2816 (which is determined from the Precedence: header)
2818 .q "work class factor"
2819 and the number of recipients times the
2820 .q "work recipient factor."
2821 The priority is used to order the queue.
2822 Higher numbers for the priority mean that the message will be processed later
2823 when running the queue.
2825 The message size is included so that large messages are penalized
2826 relative to small messages.
2827 The message class allows users to send
2829 messages by including a
2831 field in their message;
2832 the value of this field is looked up in the
2834 lines of the configuration file.
2835 Since the number of recipients affects the amount of load a message presents
2837 this is also included into the priority.
2839 The recipient and class factors
2840 can be set in the configuration file using the
2848 options respectively.
2849 They default to 30000 (for the recipient factor)
2851 (for the class factor).
2852 The initial priority is:
2854 pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
2856 (Remember, higher values for this parameter actually mean
2857 that the job will be treated with lower priority.)
2859 The priority of a job can also be adjusted each time it is processed
2860 (that is, each time an attempt is made to deliver it)
2862 .q "work time factor,"
2868 This is added to the priority,
2869 so it normally decreases the precedence of the job,
2870 on the grounds that jobs that have failed many times
2871 will tend to fail again in the future.
2874 option defaults to 90000.
2875 .sh 2 "Load Limiting"
2878 can be asked to queue (but not deliver) mail
2879 if the system load average gets too high using the
2884 When the load average exceeds the value of the
2886 option, the delivery mode is set to
2892 option divided by the difference in the current load average and the
2895 is less than the priority of the message \(em
2896 that is, the message is queued iff:
2898 pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
2902 option defaults to 600000,
2903 so each point of load average is worth 600000 priority points
2904 (as described above).
2906 For drastic cases, the
2910 option defines a load average at which
2912 will refuse to accept network connections.
2913 Locally generated mail, i.e., mail which is not submitted via SMTP
2914 (including incoming UUCP mail),
2916 Notice that the MSP submits mail to the MTA via SMTP, and hence
2917 mail will be queued in the client queue in such a case.
2918 Therefore it is necessary to run the client mail queue periodically.
2919 .sh 2 "Resource Limits"
2922 has several parameters to control resource usage.
2923 Besides those mentioned in the previous section, there are at least
2924 .b MaxDaemonChildren ,
2925 .b ConnectionRateThrottle ,
2926 .b MaxQueueChildren ,
2928 .b MaxRunnersPerQueue .
2929 The latter two limit the number of
2931 processes that operate on the queue.
2932 These are discussed in the section
2933 ``Queue Group Declaration''.
2934 The former two can be used to limit the number of incoming connections.
2935 Their appropriate values depend on the host operating system and
2936 the hardware, e.g., amount of memory.
2937 In many situations it might be useful to set limits to prevent
2940 processes, however, these limits can be abused to mount a
2941 denial of service attack.
2943 .b MaxDaemonChildren=10
2944 then an attacker needs to open only 10 SMTP sessions to the server,
2945 leave them idle for most of the time,
2946 and no more connections will be accepted.
2947 If this option is set then the timeouts used in a SMTP session
2948 should be lowered from their default values to
2949 their minimum values as specified in RFC 2821 and listed in
2953 .sh 2 "Measures against Denial of Service Attacks"
2956 has some built-in measures against simple denial of service (DoS) attacks.
2957 The SMTP server by default slows down if too many bad commands are
2958 issued or if some commands are repeated too often within a session.
2959 Details can be found in the source file
2960 .b sendmail/srvrsmtp.c
2961 by looking for the macro definitions of
2963 .b MAXNOOPCOMMANDS ,
2964 .b MAXHELOCOMMANDS ,
2965 .b MAXVRFYCOMMANDS ,
2967 .b MAXETRNCOMMANDS .
2968 If an SMTP command is issued more often than the corresponding
2970 value, then the response is delayed exponentially,
2971 starting with a sleep time of one second,
2972 up to a maximum of four minutes (as defined by
2975 .b MaxDaemonChildren
2976 is set to a value greater than zero,
2977 then this could make a DoS attack even worse since it
2978 keeps a connection open longer than necessary.
2979 Therefore a connection is terminated with a 421 SMTP reply code
2980 if the number of commands exceeds the limit by a factor of two and
2982 is set to a value greater than zero (the default is 25).
2983 .sh 2 "Delivery Mode"
2985 There are a number of delivery modes that
2992 configuration option.
2994 specify how quickly mail will be delivered.
2998 i deliver interactively (synchronously)
2999 b deliver in background (asynchronously)
3000 q queue only (don't deliver)
3001 d defer delivery attempts (don't deliver)
3003 There are tradeoffs.
3006 gives the sender the quickest feedback,
3007 but may slow down some mailers and
3008 is hardly ever necessary.
3011 delivers promptly but
3012 can cause large numbers of processes
3013 if you have a mailer that takes a long time to deliver a message.
3016 minimizes the load on your machine,
3017 but means that delivery may be delayed for up to the queue interval.
3020 is identical to mode
3022 except that it also prevents lookups in maps including the
3024 flag from working during the initial queue phase;
3025 it is intended for ``dial on demand'' sites where DNS lookups
3026 might cost real money.
3027 Some simple error messages
3028 (e.g., host unknown during the SMTP protocol)
3029 will be delayed using this mode.
3032 is the usual default.
3041 (deliver in background)
3043 will not expand aliases and follow .forward files
3044 upon initial receipt of the mail.
3045 This speeds up the response to RCPT commands.
3048 should not be used by the SMTP server.
3051 The level of logging can be set for
3053 The default using a standard configuration is level 9.
3054 The levels are approximately as follows
3055 (some log types are using different level depending on various factors):
3060 Serious system failures and potential security problems.
3062 Lost communications (network problems) and protocol failures.
3064 Other serious failures, malformed addresses, transient forward/include
3065 errors, connection timeouts.
3067 Minor failures, out of date alias databases, connection rejections
3068 via check_ rulesets.
3070 Message collection statistics.
3072 Creation of error messages,
3073 VRFY and EXPN commands.
3075 Delivery failures (host or user unknown, etc.).
3077 Successful deliveries and alias database rebuilds.
3079 Messages being deferred
3080 (due to a host being down, etc.).
3082 Database expansion (alias, forward, and userdb lookups)
3083 and authentication information.
3085 NIS errors and end of job processing.
3087 Logs all SMTP connections.
3089 Log bad user shells, files with improper permissions, and other
3090 questionable situations.
3092 Logs refused connections.
3094 Log all incoming SMTP commands.
3096 Logs attempts to run locked queue files.
3097 These are not errors,
3098 but can be useful to note if your queue appears to be clogged.
3100 Lost locks (only if using lockf instead of flock).
3103 values above 64 are reserved for extremely verbose debugging output.
3104 No normal site would ever set these.
3107 The modes used for files depend on what functionality you want
3108 and the level of security you require.
3111 does careful checking of the modes
3112 of files and directories
3113 to avoid accidental compromise;
3114 if you want to make it possible to have group-writable support files
3115 you may need to use the
3116 .b DontBlameSendmail
3117 option to turn off some of these checks.
3118 .sh 3 "To suid or not to suid?"
3121 is no longer installed
3122 set-user-ID to root.
3124 explains how to configure and install
3126 without set-user-ID to root but set-group-ID
3127 which is the default configuration starting with 8.12.
3129 The daemon usually runs as root, unless other measures are taken.
3135 it checks to see if the userid is zero (root);
3137 it resets the userid and groupid to a default
3140 equate in the mailer line;
3141 if that is not set, the
3144 This can be overridden
3148 for mailers that are trusted
3149 and must be called as root.
3151 this will cause mail processing
3156 rather than to the user sending the mail.
3158 A middle ground is to set the
3163 to become the indicated user as soon as it has done the startup
3164 that requires root privileges
3165 (primarily, opening the
3172 .i /var/spool/mqueue )
3173 should be owned by that user,
3174 and all files and databases
3180 and external databases)
3181 must be readable by that user.
3182 Also, since sendmail will not be able to change its uid,
3183 delivery to programs or files will be marked as unsafe,
3184 e.g., undeliverable,
3188 and :include: files.
3189 Administrators can override this by setting the
3190 .b DontBlameSendmail
3191 option to the setting
3192 .b NonRootSafeAddr .
3194 is probably best suited for firewall configurations
3195 that don't have regular user logins.
3196 If the option is used on a system which performs local delivery,
3197 then the local delivery agent must have the proper permissions
3198 (i.e., usually set-user-ID root)
3199 since it will be invoked by the
3202 .sh 3 "Turning off security checks"
3205 is very particular about the modes of files that it reads or writes.
3206 For example, by default it will refuse to read most files
3207 that are group writable
3208 on the grounds that they might have been tampered with
3209 by someone other than the owner;
3210 it will even refuse to read files in group writable directories.
3211 Also, sendmail will refuse to create a new aliases database in an
3212 unsafe directory. You can get around this by manually creating the
3213 database file as a trusted user ahead of time and then rebuilding the
3214 aliases database with
3219 sure that your configuration is safe and you want
3221 to avoid these security checks,
3222 you can turn off certain checks using the
3223 .b DontBlameSendmail
3225 This option takes one or more names that disable checks.
3226 In the descriptions that follow,
3227 .q "unsafe directory"
3228 means a directory that is writable by anyone other than the owner.
3232 No special handling.
3236 system call is restricted to root.
3237 Since some versions of UNIX permit regular users
3238 to give away their files to other users on some filesystems,
3240 often cannot assume that a given file was created by the owner,
3241 particularly when it is in a writable directory.
3242 You can set this flag if you know that file giveaway is restricted
3245 Accept certificate public and private key files
3246 which are not owned by RunAsUser for STARTTLS.
3247 .ip ClassFileInUnsafeDirPath
3248 When reading class files (using the
3250 line in the configuration file),
3251 allow files that are in unsafe directories.
3252 .ip DontWarnForwardFileInUnsafeDirPath
3254 unsafe directory path warnings
3255 for non-existent forward files.
3256 .ip ErrorHeaderInUnsafeDirPath
3257 Allow the file named in the
3259 option to be in an unsafe directory.
3260 .ip FileDeliveryToHardLink
3261 Allow delivery to files that are hard links.
3262 .ip FileDeliveryToSymLink
3263 Allow delivery to files that are symbolic links.
3264 .ip ForwardFileInGroupWritableDirPath
3267 files in group writable directories.
3268 .ip ForwardFileInUnsafeDirPath
3271 files in unsafe directories.
3272 .ip ForwardFileInUnsafeDirPathSafe
3275 file that is in an unsafe directory to include references
3276 to program and files.
3277 .ip GroupReadableKeyFile
3278 Accept a group-readable key file for STARTTLS.
3279 .ip GroupReadableSASLDBFile
3280 Accept a group-readable Cyrus SASL password file.
3281 .ip GroupReadableDefaultAuthInfoFile
3282 Accept a group-readable DefaultAuthInfo file for SASL.
3283 .ip GroupWritableAliasFile
3284 Allow group-writable alias files.
3285 .ip GroupWritableDirPathSafe
3286 Change the definition of
3287 .q "unsafe directory"
3288 to consider group-writable directories to be safe.
3289 World-writable directories are always unsafe.
3290 .ip GroupWritableForwardFile
3291 Allow group writable
3294 .ip GroupWritableForwardFileSafe
3295 Accept group-writable
3297 files as safe for program and file delivery.
3298 .ip GroupWritableIncludeFile
3299 Allow group writable
3302 .ip GroupWritableIncludeFileSafe
3303 Accept group-writable
3305 files as safe for program and file delivery.
3306 .ip GroupWritableSASLDBFile
3307 Accept a group-writable Cyrus SASL password file.
3308 .ip HelpFileInUnsafeDirPath
3309 Allow the file named in the
3311 option to be in an unsafe directory.
3312 .ip IncludeFileInGroupWritableDirPath
3315 files in group writable directories.
3316 .ip IncludeFileInUnsafeDirPath
3319 files in unsafe directories.
3320 .ip IncludeFileInUnsafeDirPathSafe
3323 file that is in an unsafe directory to include references
3324 to program and files.
3325 .ip InsufficientEntropy
3326 Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded
3327 despite the security problems.
3328 .ip LinkedAliasFileInWritableDir
3329 Allow an alias file that is a link in a writable directory.
3330 .ip LinkedClassFileInWritableDir
3331 Allow class files that are links in writable directories.
3332 .ip LinkedForwardFileInWritableDir
3335 files that are links in writable directories.
3336 .ip LinkedIncludeFileInWritableDir
3339 files that are links in writable directories.
3340 .ip LinkedMapInWritableDir
3341 Allow map files that are links in writable directories.
3342 This includes alias database files.
3343 .ip LinkedServiceSwitchFileInWritableDir
3344 Allow the service switch file to be a link
3345 even if the directory is writable.
3346 .ip MapInUnsafeDirPath
3353 in unsafe directories.
3354 This includes alias database files.
3356 Do not mark file and program deliveries as unsafe
3357 if sendmail is not running with root privileges.
3358 .ip RunProgramInUnsafeDirPath
3359 Run programs that are in writable directories without logging a warning.
3360 .ip RunWritableProgram
3361 Run programs that are group- or world-writable without logging a warning.
3363 Allow group or world writable directories
3364 if the sticky bit is set on the directory.
3365 Do not set this on systems which do not honor
3366 the sticky bit on directories.
3367 .ip WorldWritableAliasFile
3368 Accept world-writable alias files.
3369 .ip WorldWritableForwardfile
3370 Allow world writable
3373 .ip WorldWritableIncludefile
3374 Allow world writable
3377 .ip WriteMapToHardLink
3378 Allow writes to maps that are hard links.
3379 .ip WriteMapToSymLink
3380 Allow writes to maps that are symbolic links.
3381 .ip WriteStatsToHardLink
3382 Allow the status file to be a hard link.
3383 .ip WriteStatsToSymLink
3384 Allow the status file to be a symbolic link.
3385 .sh 2 "Connection Caching"
3387 When processing the queue,
3389 will try to keep the last few open connections open
3390 to avoid startup and shutdown costs.
3391 This only applies to IPC and LPC connections.
3393 When trying to open a connection
3394 the cache is first searched.
3395 If an open connection is found, it is probed to see if it is still active
3399 It is not an error if this fails;
3400 instead, the connection is closed and reopened.
3402 Two parameters control the connection cache.
3404 .b ConnectionCacheSize
3407 option defines the number of simultaneous open connections
3408 that will be permitted.
3409 If it is set to zero,
3410 connections will be closed as quickly as possible.
3412 This should be set as appropriate for your system size;
3413 it will limit the amount of system resources that
3415 will use during queue runs.
3416 Never set this higher than 4.
3419 .b ConnectionCacheTimeout
3422 option specifies the maximum time that any cached connection
3423 will be permitted to idle.
3424 When the idle time exceeds this value
3425 the connection is closed.
3426 This number should be small
3428 to prevent you from grabbing too many resources
3430 The default is five minutes.
3431 .sh 2 "Name Server Access"
3433 Control of host address lookups is set by the
3435 service entry in your service switch file.
3436 If you are on a system that has built-in service switch support
3437 (e.g., Ultrix, Solaris, or DEC OSF/1)
3438 then your system is probably configured properly already.
3441 will consult the file
3442 .b /etc/mail/service.switch ,
3443 which should be created.
3445 only uses two entries:
3449 although system routines may use other services
3452 service for user name lookups by
3455 However, some systems (such as SunOS 4.X)
3457 regardless of the setting of the service switch entry.
3458 In particular, the system routine
3459 .i gethostbyname (3)
3460 is used to look up host names,
3461 and many vendor versions try some combination of DNS, NIS,
3462 and file lookup in /etc/hosts
3463 without consulting a service switch.
3465 makes no attempt to work around this problem,
3466 and the DNS lookup will be done anyway.
3467 If you do not have a nameserver configured at all,
3468 such as at a UUCP-only site,
3471 .q "connection refused"
3472 message when it tries to connect to the name server.
3475 switch entry has the service
3477 listed somewhere in the list,
3479 will interpret this to mean a temporary failure
3480 and will queue the mail for later processing;
3481 otherwise, it ignores the name server data.
3483 The same technique is used to decide whether to do MX lookups.
3484 If you want MX support, you
3488 listed as a service in the
3496 option allows you to tweak name server options.
3497 The command line takes a series of flags as documented in
3502 Each can be preceded by an optional `+' or `\(mi'.
3503 For example, the line
3505 O ResolverOptions=+AAONLY \(miDNSRCH
3507 turns on the AAONLY (accept authoritative answers only)
3508 and turns off the DNSRCH (search the domain path) options.
3509 Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
3510 flags on and all others off.
3511 If NETINET6 is enabled, most libraries default to USE_INET6 as well.
3512 You can also include
3514 to specify that there is a wildcard MX record matching your domain;
3515 this turns off MX matching when canonifying names,
3516 which can lead to inappropriate canonifications.
3518 .q WorkAroundBrokenAAAA
3519 when faced with a broken nameserver that returns SERVFAIL
3520 (a temporary failure)
3521 on T_AAAA (IPv6) lookups
3522 during hostname canonification.
3523 Notice: it might be necessary to apply the same (or similar) options to
3527 Version level 1 configurations (see the section about
3528 ``Configuration Version Level'')
3529 turn DNSRCH and DEFNAMES off when doing delivery lookups,
3530 but leave them on everywhere else.
3533 ignores them when doing canonification lookups
3534 (that is, when using $[ ... $]),
3535 and always does the search.
3536 If you don't want to do automatic name extension,
3537 don't call $[ ... $].
3539 The search rules for $[ ... $] are somewhat different than usual.
3540 If the name being looked up
3541 has at least one dot, it always tries the unmodified name first.
3542 If that fails, it tries the reduced search path,
3543 and lastly tries the unmodified name
3544 (but only for names without a dot,
3545 since names with a dot have already been tried).
3546 This allows names such as
3548 to match the site in Czechoslovakia
3549 rather than the site in your local Computer Science department.
3550 It also prefers A and CNAME records over MX records \*-
3551 that is, if it finds an MX record it makes note of it,
3553 This way, if you have a wildcard MX record matching your domain,
3554 it will not assume that all names match.
3556 To completely turn off all name server access
3557 on systems without service switch support
3559 you will have to recompile with
3561 and remove \-lresolv from the list of libraries to be searched
3563 .sh 2 "Moving the Per-User Forward Files"
3565 Some sites mount each user's home directory
3566 from a local disk on their workstation,
3567 so that local access is fast.
3568 However, the result is that .forward file lookups
3569 from a central mail server are slow.
3571 mail can even be delivered on machines inappropriately
3572 because of a file server being down.
3573 The performance can be especially bad if you run the automounter.
3579 option allows you to set a path of forward files.
3580 For example, the config file line
3582 O ForwardPath=/var/forward/$u:$z/.forward.$w
3584 would first look for a file with the same name as the user's login
3586 if that is not found (or is inaccessible)
3590 in the user's home directory is searched.
3591 A truly perverse site could also search by sender
3592 by using $r, $s, or $f.
3594 If you create a directory such as /var/forward,
3595 it should be mode 1777
3596 (that is, the sticky bit should be set).
3597 Users should create the files mode 0644.
3598 Note that you must use the
3599 ForwardFileInUnsafeDirPath and
3600 ForwardFileInUnsafeDirPathSafe
3602 .b DontBlameSendmail
3603 option to allow forward files in a world writable directory.
3604 This might also be used as a denial of service attack
3605 (users could create forward files for other users);
3606 a better approach might be to create
3609 and create empty files for each user,
3612 If you do this, you don't have to set the DontBlameSendmail options
3616 On systems that have one of the system calls in the
3623 you can specify a minimum number of free blocks on the queue filesystem
3629 If there are fewer than the indicated number of blocks free
3630 on the filesystem on which the queue is mounted
3631 the SMTP server will reject mail
3634 This invites the SMTP client to try again later.
3636 Beware of setting this option too high;
3637 it can cause rejection of email
3638 when that mail would be processed without difficulty.
3639 .sh 2 "Maximum Message Size"
3641 To avoid overflowing your system with a large message,
3644 option can be set to set an absolute limit
3645 on the size of any one message.
3646 This will be advertised in the ESMTP dialogue
3647 and checked during message collection.
3648 .sh 2 "Privacy Flags"
3654 option allows you to set certain
3657 Actually, many of them don't give you any extra privacy,
3658 rather just insisting that client SMTP servers
3659 use the HELO command
3660 before using certain commands
3661 or adding extra headers to indicate possible spoof attempts.
3663 The option takes a series of flag names;
3664 the final privacy is the inclusive or of those flags.
3667 O PrivacyOptions=needmailhelo, noexpn
3669 insists that the HELO or EHLO command be used before a MAIL command is accepted
3670 and disables the EXPN command.
3672 The flags are detailed in section
3675 .sh 2 "Send to Me Too"
3677 Beginning with version 8.10,
3679 includes by default the (envelope) sender in any list expansions.
3682 sends to a list that contains
3684 as one of the members he will get a copy of the message.
3689 (in the configuration file or via the command line),
3690 this behavior is changed, i.e.,
3691 the (envelope) sender is excluded in list expansions.
3692 .sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
3694 This section describes the configuration file
3697 There is one point that should be made clear immediately:
3698 the syntax of the configuration file
3699 is designed to be reasonably easy to parse,
3700 since this is done every time
3703 rather than easy for a human to read or write.
3704 The configuration file should be generated via the method described in
3706 it should not be edited directly unless someone is familiar
3707 with the internals of the syntax described here and it is
3708 not possible to achieve the desired result via the default method.
3710 The configuration file is organized as a series of lines,
3711 each of which begins with a single character
3712 defining the semantics for the rest of the line.
3713 Lines beginning with a space or a tab
3714 are continuation lines
3715 (although the semantics are not well defined in many places).
3716 Blank lines and lines beginning with a sharp symbol
3719 .sh 2 "R and S \*- Rewriting Rules"
3721 The core of address parsing
3722 are the rewriting rules.
3723 These are an ordered production system.
3725 scans through the set of rewriting rules
3726 looking for a match on the left hand side
3729 When a rule matches,
3730 the address is replaced by the right hand side
3734 There are several sets of rewriting rules.
3735 Some of the rewriting sets are used internally
3736 and must have specific semantics.
3737 Other rewriting sets
3738 do not have specifically assigned semantics,
3739 and may be referenced by the mailer definitions
3740 or by other rewriting sets.
3742 The syntax of these two commands are:
3747 Sets the current ruleset being collected to
3749 If you begin a ruleset more than once
3750 it appends to the old definition.
3758 fields must be separated
3759 by at least one tab character;
3760 there may be embedded spaces
3764 is a pattern that is applied to the input.
3766 the input is rewritten to the
3772 Macro expansions of the form
3775 are performed when the configuration file is read.
3778 can be included using
3780 Expansions of the form
3783 are performed at run time using a somewhat less general algorithm.
3784 This is intended only for referencing internally defined macros
3787 that are changed at runtime.
3788 .sh 3 "The left hand side"
3790 The left hand side of rewriting rules contains a pattern.
3791 Normal words are simply matched directly.
3792 Metasyntax is introduced using a dollar sign.
3793 The metasymbols are:
3795 .ta \w'\fB$=\fP\fIx\fP 'u
3796 \fB$*\fP Match zero or more tokens
3797 \fB$+\fP Match one or more tokens
3798 \fB$\-\fP Match exactly one token
3799 \fB$=\fP\fIx\fP Match any phrase in class \fIx\fP
3800 \fB$~\fP\fIx\fP Match any word not in class \fIx\fP
3802 If any of these match,
3803 they are assigned to the symbol
3806 for replacement on the right hand side,
3809 is the index in the LHS.
3815 is applied to the input:
3819 the rule will match, and the values passed to the RHS will be:
3826 Additionally, the LHS can include
3828 to match zero tokens.
3834 on the RHS, and is normally only used when it stands alone
3835 in order to match the null input.
3836 .sh 3 "The right hand side"
3838 When the left hand side of a rewriting rule matches,
3839 the input is deleted and replaced by the right hand side.
3840 Tokens are copied directly from the RHS
3841 unless they begin with a dollar sign.
3844 .ta \w'$#mailer\0\0\0'u
3845 \fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS
3846 \fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP
3847 \fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP
3848 Generalized keyed mapping function
3849 \fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP
3850 \fB$#\fP\fImailer\fP Resolve to \fImailer\fP
3851 \fB$@\fP\fIhost\fP Specify \fIhost\fP
3852 \fB$:\fP\fIuser\fP Specify \fIuser\fP
3858 syntax substitutes the corresponding value from a
3866 It may be used anywhere.
3868 A host name enclosed between
3872 is looked up in the host database(s)
3873 and replaced by the canonical name\**.
3876 completely equivalent
3877 to $(host \fIhostname\fP$).
3880 default can be used.
3885 .q ftp.CS.Berkeley.EDU
3887 .q $[[128.32.130.2]$]
3889 .q vangogh.CS.Berkeley.EDU.
3891 recognizes its numeric IP address
3892 without calling the name server
3893 and replaces it with its canonical name.
3899 syntax is a more general form of lookup;
3900 it uses a named map instead of an implicit map.
3901 If no lookup is found, the indicated
3904 if no default is specified and no lookup matches,
3905 the value is left unchanged.
3908 are passed to the map for possible use.
3914 causes the remainder of the line to be substituted as usual
3915 and then passed as the argument to ruleset
3917 The final value of ruleset
3920 the substitution for this rule.
3923 syntax expands everything after the ruleset name
3924 to the end of the replacement string
3925 and then passes that as the initial input to the ruleset.
3926 Recursive calls are allowed.
3931 expands $1, passes that to ruleset 3, and then passes the result
3932 of ruleset 3 to ruleset 0.
3938 be used in ruleset zero,
3939 a subroutine of ruleset zero,
3940 or rulesets that return decisions (e.g., check_rcpt).
3941 It causes evaluation of the ruleset to terminate immediately,
3944 that the address has completely resolved.
3945 The complete syntax for ruleset 0 is:
3947 \fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
3950 {mailer, host, user}
3951 3-tuple (triple) necessary to direct the mailer.
3952 Note: the third element (
3954 ) is often also called
3957 If the mailer is local
3958 the host part may be omitted\**.
3960 \**You may want to use it for special
3963 For example, in the address
3964 .q jgm+foo@CMU.EDU ;
3967 part is not part of the user name,
3968 and is passed to the local mailer for local use.
3972 must be a single word,
3980 is the built-in IPC mailer,
3983 may be a colon (or comma) separated list of hosts.
3984 Each is separately MX expanded and the results are concatenated
3985 to make (essentially) one long MX list.
3986 Hosts separated by a comma have the same MX preference,
3987 and for each colon separated host the MX preference is increased.
3990 is later rewritten by the mailer-specific envelope rewriting set
3994 As a special case, if the mailer specified has the
3997 and the first character of the
4003 is stripped off, and a flag is set in the address descriptor
4004 that causes sendmail to not do ruleset 5 processing.
4006 Normally, a rule that matches is retried,
4008 the rule loops until it fails.
4009 A RHS may also be preceded by a
4013 to change this behavior.
4016 prefix causes the ruleset to return with the remainder of the RHS
4020 prefix causes the rule to terminate immediately,
4021 but the ruleset to continue;
4022 this can be used to avoid continued application of a rule.
4023 The prefix is stripped before continuing.
4029 prefixes may precede a
4038 passes that to ruleset seven,
4042 is necessary to avoid an infinite loop.
4044 Substitution occurs in the order described,
4046 parameters from the LHS are substituted,
4047 hostnames are canonicalized,
4056 .sh 3 "Semantics of rewriting rule sets"
4058 There are six rewriting sets
4059 that have specific semantics.
4060 Five of these are related as depicted by figure 1.
4066 -->| 0 |-->resolved address
4069 / ---->| 1 |-->| S |--
4070 +---+ / +---+ / +---+ +---+ \e +---+
4071 addr-->| 3 |-->| D |-- --->| 4 |-->msg
4072 +---+ +---+ \e +---+ +---+ / +---+
4088 box invis "addr"; arrow
4091 BoxD: box "D"; line; L1: Here
4093 C1: arrow; box "1"; arrow; box "S"; line; E1: Here
4094 move to C1 down 0.5; right
4095 C2: arrow; box "2"; arrow; box "R"; line; E2: Here
4096 ] with .w at L1 + (0.5, 0)
4097 move to C.e right 0.5
4098 L4: arrow; box "4"; arrow; box invis "msg"
4099 line from L1 to C.C1
4100 line from L1 to C.C2
4101 line from C.E1 to L4
4102 line from C.E2 to L4
4103 move to BoxD.n up 0.6; right
4104 Box0: arrow; box "0"
4105 arrow; box invis "resolved address" width 1.3
4106 line from 1/3 of the way between A1 and BoxD.w to Box0
4112 Figure 1 \*- Rewriting set semantics
4114 D \*- sender domain addition
4115 S \*- mailer-specific sender rewriting
4116 R \*- mailer-specific recipient rewriting
4122 should turn the address into
4123 .q "canonical form."
4124 This form should have the basic syntax:
4126 local-part@host-domain-spec
4131 before doing anything with any address.
4146 flag is set in the mailer definition
4147 corresponding to the
4152 is applied after ruleset three
4153 to addresses that are going to actually specify recipients.
4154 It must resolve to a
4155 .i "{mailer, host, address}"
4159 must be defined in the mailer definitions
4160 from the configuration file.
4166 for use in the argv expansion of the specified mailer.
4167 Notice: since the envelope sender address will be used if
4168 a delivery status notification must be send,
4169 i.e., it may specify a recipient,
4170 it is also run through ruleset zero.
4171 If ruleset zero returns a temporary error
4173 then delivery is deferred.
4174 This can be used to temporarily disable delivery,
4175 e.g., based on the time of the day or other varying parameters.
4176 It should not be used to quarantine e-mails.
4178 Rulesets one and two
4179 are applied to all sender and recipient addresses respectively.
4180 They are applied before any specification
4181 in the mailer definition.
4182 They must never resolve.
4184 Ruleset four is applied to all addresses
4186 It is typically used
4187 to translate internal to external form.
4190 ruleset 5 is applied to all local addresses
4191 (specifically, those that resolve to a mailer with the `F=5'
4193 that do not have aliases.
4194 This allows a last minute hook for local names.
4195 .sh 3 "Ruleset hooks"
4197 A few extra rulesets are defined as
4199 that can be defined to get special features.
4200 They are all named rulesets.
4203 forms all give accept/reject status;
4204 falling off the end or returning normally is an accept,
4207 is a reject or quarantine.
4208 Quarantining is chosen by specifying
4210 in the second part of the mailer triplet:
4212 $#error $@ quarantine $: Reason for quarantine
4214 Many of these can also resolve to the special mailer name
4216 this accepts the message as though it were successful
4217 but then discards it without delivery.
4219 this mailer cannot be chosen as a mailer in ruleset 0.
4222 rulesets have to deal with temporary failures, especially for map lookups,
4223 themselves, i.e., they should return a temporary error code
4224 or at least they should make a proper decision in those cases.
4229 ruleset is called after a connection is accepted by the daemon.
4230 It is not called when sendmail is started using the
4235 client.host.name $| client.host.address
4239 is a metacharacter separating the two parts.
4240 This ruleset can reject connections from various locations.
4241 Note that it only checks the connecting SMTP client IP address and hostname.
4242 It does not check for third party message relaying.
4245 ruleset discussed below usually does third party message relay checking.
4250 ruleset is passed the user name parameter of the
4253 It can accept or reject the address.
4258 ruleset is passed the user name parameter of the
4261 It can accept or reject the address.
4266 ruleset is called after the
4268 command, its parameter is the number of recipients.
4269 It can accept or reject the command.
4274 ruleset is invoked for all unknown SMTP commands
4275 and for commands which do not have specific rulesets,
4276 e.g., NOOP and VERB.
4277 Internal checks, e.g., those explained in
4278 "Measures against Denial of Service Attacks",
4279 are performed first.
4280 The ruleset is passed
4282 entire-SMTP-command $| SMTP-reply-first-digit
4286 is a metacharacter separating the two parts.
4291 reflects receiving the "VERB" SMTP command and the
4292 intent to return a "2XX" SMTP success reply.
4297 reflects receiving the unknown "JUNK TYPE=I" SMTP command
4298 and the intent to return a "5XX" SMTP failure reply.
4299 If the ruleset returns the SMTP reply code 421:
4301 $#error $@ 4.7.0 $: 421 bad command
4303 the session is terminated.
4304 Note: it is a bad idea to return the original command in the error text
4305 to the client as that might be abused for certain attacks.
4306 The ruleset cannot override a rejection triggered by the built-in rules.
4307 .sh 4 "check_compat"
4313 sender-address $| recipient-address
4317 is a metacharacter separating the addresses.
4318 It can accept or reject mail transfer between these two addresses
4325 rulesets are invoked during the SMTP mail receiption stage
4326 (i.e., in the SMTP server),
4328 is invoked during the mail delivery stage.
4335 number-of-headers $| size-of-headers
4339 is a metacharacter separating the numbers.
4340 These numbers can be used for size comparisons with the
4343 The ruleset is triggered after
4344 all of the headers have been read.
4345 It can be used to correlate information gathered
4346 from those headers using the
4349 One possible use is to check for a missing header.
4354 HMessage-Id: $>CheckMessageId
4357 # Record the presence of the header
4358 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
4360 R$* $#error $: 553 Header Error
4364 R$* $: < $&{MessageIdCheck} >
4365 # Clear the macro for the next message
4366 R$* $: $(storage {MessageIdCheck} $) $1
4367 # Has a Message-Id: header
4369 # Allow missing Message-Id: from local mail
4370 R$* $: < $&{client_name} >
4373 # Otherwise, reject the mail
4374 R$* $#error $: 553 Header Error
4376 Keep in mind the Message-Id: header is not a required header and
4377 is not a guaranteed spam indicator.
4378 This ruleset is an example and
4379 should probably not be used in production.
4384 ruleset is called after the end of a message,
4385 its parameter is the message size.
4386 It can accept or reject the message.
4391 ruleset is passed the parameter of the
4394 It can accept or reject the command.
4399 ruleset is passed the user name parameter of the
4402 It can accept or reject the address.
4407 ruleset is passed the user name parameter of the
4410 It can accept or reject the command.
4411 .sh 4 "clt_features"
4415 ruleset is called with the server's host name
4416 before sendmail connects to it
4417 (only if sendmail is compiled with STARTTLS or SASL).
4418 This ruleset should return
4420 followed by a list of options
4421 (in general, single characters delimited by white space).
4422 If the return value starts with anything else it is silently ignored.
4423 Generally upper case characters turn off a feature
4424 while lower case characters turn it on.
4425 Options `D'/`M' cause the client to not use DANE/MTA-STS,
4427 which is useful to interact with MTAs that have broken
4428 DANE/MTA-STS setups by simply not using it.
4434 to turn off DANE does not work when the server does not
4435 even offer STARTTLS.
4440 ruleset is passed the AUTH= parameter of the
4443 It is used to determine whether this value should be
4444 trusted. In order to make this decision, the ruleset
4445 may make use of the various
4448 If the ruleset does resolve to the
4450 mailer the AUTH= parameter is not trusted and hence
4451 not passed on to the next relay.
4456 ruleset is called when sendmail acts as server:
4457 after a STARTTLS command has been issued and the TLS handshake
4461 The parameter is the value of
4463 and STARTTLS or MAIL, respectively.
4464 If the ruleset does resolve to the
4466 mailer, the appropriate error code is returned to the client,
4467 for STARTTLS this happens for (most) subsequent commands.
4472 ruleset is called when sendmail acts as client after a STARTTLS command
4473 (should) have been issued.
4474 The parameter is the value of
4476 If the ruleset does resolve to the
4478 mailer, the connection is aborted
4479 (treated as non-deliverable with a permanent or temporary error).
4484 ruleset is called each time before a RCPT command is sent.
4485 The parameter is the current recipient.
4486 If the ruleset does resolve to the
4488 mailer, the RCPT command is suppressed
4489 (treated as non-deliverable with a permanent or temporary error).
4490 This ruleset allows to require encryption or verification of
4491 the recipient's MTA even if the mail is somehow redirected
4493 For example, sending mail to
4495 may get redirected to a host named
4497 and hence the tls_server ruleset won't apply.
4498 By introducing per recipient restrictions such attacks
4499 (e.g., via DNS spoofing) can be made impossible.
4502 how this ruleset can be used.
4503 .sh 4 "srv_features"
4507 ruleset is called with the connecting client's host name
4508 when a client connects to sendmail.
4509 This ruleset should return
4511 followed by a list of options
4512 (in general, single characters delimited by white space).
4513 If the return value starts with anything else it is silently ignored.
4514 Generally upper case characters turn off a feature
4515 while lower case characters turn it on.
4516 Option `S' causes the server not to offer STARTTLS,
4517 which is useful to interact with MTAs/MUAs that have broken
4518 STARTTLS implementations by simply not offering it.
4519 `V' turns off the request for a client certificate during the TLS handshake.
4520 Options `A' and `P' suppress SMTP AUTH and PIPELINING, respectively.
4521 `c' is the equivalent to AuthOptions=p, i.e.,
4522 it doesn't permit mechanisms susceptible to simple
4523 passive attack (e.g., PLAIN, LOGIN), unless a security layer is active.
4524 Option `l' requires SMTP AUTH for a connection.
4525 Options 'B', 'D', 'E', and 'X' suppress SMTP VERB, DSN, ETRN, and EXPN,
4527 If a client sends one of the (HTTP) commands GET, POST, CONNECT, or USER
4528 the connection is immediately terminated in the following cases:
4529 if sent as first command, if sent as first command after STARTTLS,
4530 or if the 'h' option is set.
4531 Option 'F' disables SMTP transaction stuffing protection which is
4533 The protection checks for clients which try to send commands
4534 without waiting for the server HELO/EHLO and DATA response.
4535 Option 'o' causes the server to accept only
4537 as end of an SMTP message as required by the RFCs
4538 which is also a defense against SMTP smuggling (CVE-2023-51765).
4539 Option 'O' allows the server to accept a single dot on a line by itself
4540 as end of an SMTP message.
4541 Option 'g' instructs the server to fail SMTP messages
4542 which have a LF without a CR directly before it ("bare LF")
4543 by dropping the session with a 421 error.
4544 Option 'G' accepts SMTP messages which have a "bare LF".
4545 Option 'u' instructs the server to fail SMTP messages
4546 which have a CR without a LF directly after it ("bare CR")
4547 by dropping the session with a 421 error.
4548 Option 'U' accepts SMTP messages which have a "bare CR".
4549 There is a variant for the options 'u' and 'g':
4550 a '2' can be appended to the single character,
4551 in which case the server will replace the offending bare CR
4552 or bare LF with a space.
4553 This allows to accept mail from broken systems,
4554 but the message is modified to avoid SMTP smuggling.
4555 If needed, systems with broken SMTP implementations
4556 can be allowed some violations, e.g., a combination of
4562 egrep 'Bare.*(CR|LF).*not allowed' $MAILLOG
4564 can be used to find hosts which send bare CR or LF.
4568 a Offer AUTH (default)
4570 b Offer VERB (default)
4571 C Do not require security layer for
4572 plaintext AUTH (default)
4573 c Require security layer for plaintext AUTH
4575 d Offer DSN (default)
4577 e Offer ETRN (default)
4578 F Disable transaction stuffing protection
4579 f Enforce transaction stuffing protection (default)
4580 G Accept "bare LF"s in a message
4581 g Do not accept "bare LF"s in a message (default)
4582 g2 Replace "bare LF" in a message with space
4583 h Terminate session after HTTP commands
4584 L Do not require AUTH (default)
4586 O Accept a single dot on a line by itself
4587 as end of an SMTP message
4588 o Require CRLF . CRLF as end of an SMTP message (default)
4589 P Do not offer PIPELINING
4590 p Offer PIPELINING (default)
4591 S Do not offer STARTTLS
4592 s Offer STARTTLS (default)
4593 U Accept "bare CR"s in a message
4594 u Do not accept "bare CR"s in a message (default)
4595 u2 Replace "bare CR" in a message with space
4596 V Do not request a client certificate
4597 v Request a client certificate (default)
4599 x Offer EXPN (default)
4601 Note: the entries marked as ``(default)'' may require that some
4602 configuration has been made, e.g., SMTP AUTH is only available if
4603 properly configured.
4604 Moreover, many options can be changed on a global basis via other
4605 settings as explained in this document, e.g., via DaemonPortOptions.
4607 The ruleset may return `$#temp' to indicate that there is a temporary
4608 problem determining the correct features, e.g., if a map is unavailable.
4609 In that case, the SMTP server issues a temporary failure and does not
4615 ruleset is called when sendmail connects to another MTA.
4616 The argument for the ruleset is the name of the server.
4617 If the ruleset does resolve to the
4619 mailer, sendmail does not try STARTTLS even if it is offered.
4620 This is useful to deal with STARTTLS interoperability issues
4621 by simply not using it.
4622 .sh 4 "tls_srv_features and tls_clt_features"
4626 ruleset is called right before sendmail issues the
4628 command to another MTA
4631 ruleset is called when a client sends the
4635 The arguments for the rulesets are the host name and IP address
4636 of the other side separated by
4638 (which is a metacharacter).
4639 They should return a list of
4641 pairs separated by semicolons;
4642 the list can be empty if no options should be applied to the connection.
4643 Available keys are and their allowed values are:
4646 A comma separated list of SSL related options.
4651 for details, as well as
4652 .i SSL_set_options (3)
4653 and note this warning:
4654 Options already set before are not cleared!
4656 Specify cipher list for STARTTLS (does not apply to TLSv1.3),
4659 for possible values.
4660 This overrides the global
4664 File containing a certificate.
4666 File containing the private key for the certificate.
4668 Currently the only valid flags are
4671 to require a CRL for each encountered certificate during verification
4672 (by default a missing CRL is ignored),
4677 which basically clears/sets the option
4678 .i TLSFallbacktoClear
4679 for just this session, respectively,
4682 to turn off DANE which is obviously only valid for
4684 and requires DANE to be compiled in.
4685 This might be needed in case of a misconfiguration,
4687 specifying invalid TLSA RRs.
4695 R$* $| 10.$+ $: cipherlist=HIGH
4700 Errors in these features (e.g., unknown keys or invalid values)
4702 and the current session is aborted to avoid using STARTTLS
4703 with features that should have been changed.
4705 The keys are case-insensitive.
4711 must be specified together;
4712 specifying only one is an error.
4717 ruleset is called when sendmail tries to authenticate to another MTA.
4718 The arguments for the ruleset are the host name and IP address
4719 of the server separated by
4721 (which is a metacharacter).
4724 followed by a list of tokens that are used for SMTP AUTH.
4725 If the return value starts with anything else it is silently ignored.
4726 Each token is a tagged string of the form:
4728 (including the quotes), where
4731 T Tag which describes the item
4732 D Delimiter: ':' simple text follows
4733 '=' string is base64 encoded
4734 string Value of the item
4736 Valid values for the tag are:
4739 U user (authorization) id
4743 M list of mechanisms delimited by spaces
4745 If this ruleset is defined, the option
4747 is ignored (even if the ruleset does not return a ``useful'' result).
4752 ruleset is used to map a recipient address to a queue group name.
4753 The input for the ruleset is
4754 the recipient address
4755 (i.e., the address part of the resolved triple)
4756 The ruleset should return
4758 followed by the name of a queue group.
4759 If the return value starts with anything else it is silently ignored.
4760 See the section about ``Queue Groups and Queue Directories''
4761 for further information.
4766 ruleset is used to specify the amount of time to pause before sending the
4767 initial SMTP 220 greeting.
4768 The arguments for the ruleset are the host name and IP address
4769 of the client separated by
4771 (which is a metacharacter).
4772 If any traffic is received during that pause, an SMTP 554 rejection
4773 response is given instead of the 220 greeting and all SMTP commands are
4774 rejected during that connection.
4775 This helps protect sites from open proxies and SMTP slammers.
4776 The ruleset should return
4778 followed by the number of milliseconds (thousandths of a second) to
4780 If the return value starts with anything else or is not a number,
4781 it is silently ignored.
4782 Note: this ruleset is not invoked (and hence the feature is disabled)
4783 when smtps (SMTP over SSL) is used, i.e.,
4786 modifier is set for the daemon via
4787 .b DaemonPortOptions ,
4788 because in this case the SSL handshake is performed before
4789 the greeting is sent.
4792 Some special processing occurs
4793 if the ruleset zero resolves to an IPC mailer
4794 (that is, a mailer that has
4796 listed as the Path in the
4799 The host name passed after
4801 has MX expansion performed if not delivering via a named socket;
4802 this looks the name up in DNS to find alternate delivery sites.
4804 The host name can also be provided as a dotted quad
4805 or an IPv6 address in square brackets;
4812 [IPv6:2002:c0a8:51d2::23f4]
4814 This causes direct conversion of the numeric value
4815 to an IP host address.
4817 The host name passed in after the
4819 may also be a colon or comma separated list of hosts.
4820 Each is separately MX expanded and the results are concatenated
4821 to make (essentially) one long MX list.
4822 Hosts separated by a comma have the same MX preference,
4823 and for each colon separated host the MX preference is increased.
4824 The intent here is to create
4826 MX records that are not published in DNS
4827 for private internal networks.
4829 As a final special case, the host name can be passed in
4833 [ucbvax.berkeley.edu]
4835 This form avoids the MX mapping.
4838 This is intended only for situations where you have a network firewall
4839 or other host that will do special processing for all your mail,
4840 so that your MX record points to a gateway machine;
4841 this machine could then do direct delivery to machines
4842 within your local domain.
4843 Use of this feature directly violates RFC 1123 section 5.3.5:
4844 it should not be used lightly.
4846 .sh 2 "D \*- Define Macro"
4848 Macros are named with a single character
4849 or with a word in {braces}.
4850 The names ``x'' and ``{x}'' denote the same macro
4851 for every single character ``x''.
4852 Single character names may be selected from the entire ASCII set,
4853 but user-defined macros
4854 should be selected from the set of upper case letters only.
4857 are used internally.
4858 Long names beginning with a lower case letter or a punctuation character
4859 are reserved for use by sendmail,
4860 so user-defined long macro names should begin with an upper case letter.
4862 The syntax for macro definitions is:
4869 is the name of the macro
4870 (which may be a single character
4871 or a word in braces)
4874 is the value it should have.
4875 There should be no spaces given
4876 that do not actually belong in the macro value.
4878 Macros are interpolated
4884 is the name of the macro to be interpolated.
4885 This interpolation is done when the configuration file is read,
4889 The special construct
4894 lines to get deferred interpolation.
4896 Conditionals can be specified using the syntax:
4898 $?x text1 $| text2 $.
4904 is set and non-null,
4912 clause may be omitted.
4914 The following macros are defined and/or used internally by
4916 for interpolation into argv's for mailers
4917 or for other contexts.
4918 The ones marked \(dg are information passed into sendmail\**,
4920 \**As of version 8.6,
4921 all of these macros have reasonable defaults.
4922 Previous versions required that they be defined.
4924 the ones marked \(dd are information passed both in and out of sendmail,
4925 and the unmarked macros are passed out of sendmail
4926 but are not otherwise used internally.
4930 The origination date in RFC 822 format.
4931 This is extracted from the Date: line.
4933 The current date in RFC 822 format.
4936 This is a count of the number of Received: lines
4937 plus the value of the
4941 The current date in UNIX (ctime) format.
4943 (Obsolete; use SmtpGreetingMessage option instead.)
4944 The SMTP entry message.
4945 This is printed out when SMTP starts up.
4946 The first word must be the
4948 macro as specified by RFC 821.
4950 .q "$j Sendmail $v ready at $b" .
4951 Commonly redefined to include the configuration version number, e.g.,
4952 .q "$j Sendmail $v/$Z ready at $b"
4954 The envelope sender (from) address.
4956 The sender address relative to the recipient.
4964 .q foo@host.domain ,
4965 or whatever is appropriate for the receiving mailer.
4968 This is set in ruleset 0 from the $@ field of a parsed address.
4974 The \*(lqofficial\*(rq domain name for this site.
4975 This is fully qualified if the full qualification can be found.
4978 be redefined to be the fully qualified domain name
4979 if your system is not configured so that information can find
4982 The UUCP node name (from the uname system call).
4984 (Obsolete; use UnixFromLine option instead.)
4985 The format of the UNIX from line.
4986 Unless you have changed the UNIX mailbox format,
4987 you should not change the default,
4991 The domain part of the \fIgethostname\fP return value.
4992 Under normal circumstances,
4997 The name of the daemon (for error messages).
5001 (Obsolete: use OperatorChars option instead.)
5002 The set of \*(lqoperators\*(rq in addresses.
5003 A list of characters
5004 which will be considered tokens
5005 and which will separate tokens
5011 macro, then the input
5013 would be scanned as three tokens:
5020 which is the minimum set necessary to do RFC 822 parsing;
5021 a richer set of operators is
5023 which adds support for UUCP, the %-hack, and X.400 addresses.
5025 Sendmail's process id.
5027 Protocol used to receive the message.
5030 command line flag or by the SMTP server code.
5035 command line flag or by the SMTP server code
5036 (in which case it is set to the EHLO/HELO parameter).
5038 A numeric representation of the current time in the format YYYYMMDDHHmm
5039 (4 digit year 1900-9999, 2 digit month 01-12, 2 digit day 01-31,
5040 2 digit hours 00-23, 2 digit minutes 00-59).
5044 The version number of the
5048 The hostname of this site.
5049 This is the root name of this host (but see below for caveats).
5051 The full name of the sender.
5053 The home directory of the recipient.
5055 The validated sender address.
5057 .b ${client_resolve} .
5059 The type of the address which is currently being rewritten.
5060 This macro contains up to three characters, the first
5061 is either `e' or `h' for envelope/header address,
5062 the second is a space,
5063 and the third is either `s' or `r' for sender/recipient address.
5065 The maximum keylength (in bits) of the symmetric encryption algorithm
5066 used for a TLS connection.
5067 This may be less than the effective keylength,
5070 for ``export controlled'' algorithms.
5072 The client's authentication credentials as determined by authentication
5073 (only set if successful).
5074 The format depends on the mechanism used, it might be just `user',
5075 or `user@realm', or something similar (SMTP AUTH only).
5077 The authorization identity, i.e. the AUTH= parameter of the
5079 command if supplied.
5081 The mechanism used for SMTP authentication
5082 (only set if successful).
5084 The keylength (in bits) of the symmetric encryption algorithm
5085 used for the security layer of a SASL mechanism.
5087 The message body type
5089 as determined from the envelope.
5091 The fingerprint of the presented certificate (STARTTLS only).
5092 Note: this macro is only defined if the option
5093 .b CertFingerprintAlgorithm
5095 in which case the specified fingerprint algorithm is used.
5096 The valid algorithms depend on the OpenSSL version,
5097 but usually md5, sha1, and sha256 are available.
5104 The DN (distinguished name) of the CA (certificate authority)
5105 that signed the presented certificate (the cert issuer)
5108 The MD5 hash of the presented certificate (STARTTLS only).
5109 Note: this macro is only defined if the option
5110 .b CertFingerprintAlgorithm
5113 The DN of the presented certificate (called the cert subject)
5116 The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
5117 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA
5120 The effective keylength (in bits) of the symmetric encryption algorithm
5121 used for a TLS connection.
5123 The IP address of the SMTP client.
5124 IPv6 addresses are tagged with "IPv6:" before the address.
5125 Defined in the SMTP server only.
5126 .ip ${client_connections}
5127 The number of open connections in the SMTP server for the client IP address.
5129 The flags specified by the
5131 .b ClientPortOptions
5132 where flags are separated from each other by spaces
5133 and upper case flags are doubled.
5136 will be represented as
5138 .b ${client_flags} ,
5139 which is required for testing the flags in rulesets.
5141 The host name of the SMTP client.
5142 This may be the client's bracketed IP address
5143 in the form [ nnn.nnn.nnn.nnn ] for IPv4
5144 and [ IPv6:nnnn:...:nnnn ] for IPv6
5146 IP address is not resolvable, or if it is resolvable
5147 but the IP address of the resolved hostname
5148 doesn't match the original IP address.
5149 Defined in the SMTP server only.
5151 .b ${client_resolve} .
5153 The port number of the SMTP client.
5154 Defined in the SMTP server only.
5156 The result of the PTR lookup for the client IP address.
5157 Note: this is the same as
5160 .b ${client_resolve}
5162 Defined in the SMTP server only.
5164 The number of incoming connections for the client IP address
5165 over the time interval specified by ConnectionRateWindowSize.
5166 .ip ${client_resolve}
5167 Holds the result of the resolve call for
5169 Possible values are:
5172 OK resolved successfully
5173 FAIL permanent lookup failure
5174 FORGED forward lookup doesn't match reverse lookup
5175 TEMP temporary lookup failure
5177 Defined in the SMTP server only.
5179 performs a hostname lookup on the IP address of the connecting client.
5180 Next the IP addresses of that hostname are looked up.
5181 If the client IP address does not appear in that list,
5182 then the hostname is maybe forged.
5183 This is reflected as the value FORGED for
5184 .b ${client_resolve}
5185 and it also shows up in
5187 as "(may be forged)".
5189 The CN (common name) of the CA that signed the presented certificate
5191 Note: if the CN cannot be extracted properly it will be replaced by
5192 one of these strings based on the encountered error:
5195 BadCertificateContainsNUL CN contains a NUL character
5196 BadCertificateTooLong CN is too long
5197 BadCertificateUnknown CN could not be extracted
5199 In the last case, some other (unspecific) error occurred.
5201 The CN (common name) of the presented certificate
5205 for possible replacements.
5207 Header value as quoted string
5208 (possibly truncated to
5210 This macro is only available in header check rulesets.
5212 The IP address the daemon is listening on for connections.
5213 .ip ${daemon_family}
5215 if the daemon is accepting network connections.
5216 Possible values include
5223 The flags for the daemon as specified by the
5225 .b DaemonPortOptions
5226 whereby the flags are separated from each other by spaces,
5227 and upper case flags are doubled.
5230 will be represented as
5232 .b ${daemon_flags} ,
5233 which is required for testing the flags in rulesets.
5235 Some information about a daemon as a text string.
5237 .q SMTP+queueing@00:30:00 .
5239 The name of the daemon from
5240 .b DaemonPortOptions
5242 If this suboption is not set,
5244 where # is the daemon number,
5247 The port the daemon is accepting connection on.
5249 .b DaemonPortOptions
5250 is set, this will most likely be
5253 The current delivery mode sendmail is using.
5254 It is initially set to the value of the
5258 The envelope id parameter (ENVID=) passed to sendmail as part of the envelope.
5260 Value of DSN NOTIFY= parameter
5261 (never, success, failure, delay, or empty string).
5263 Value of DSN RET= parameter (hdrs, full, or empty string).
5265 The envelope id parameter (ENVID=) passed to sendmail as part of the envelope.
5267 The length of the header value which is stored in
5268 ${currHeader} (before possible truncation).
5269 If this value is greater than or equal to
5271 the header has been truncated.
5273 The name of the header field for which the current header
5274 check ruleset has been called.
5275 This is useful for a default header check ruleset to get
5276 the name of the header;
5277 the macro is only available in header check rulesets.
5279 The IP address of the interface of an incoming connection
5280 unless it is in the loopback net.
5281 IPv6 addresses are tagged with "IPv6:" before the address.
5283 The IP address of the interface of an outgoing connection
5284 unless it is in the loopback net.
5285 IPv6 addresses are tagged with "IPv6:" before the address.
5287 The IP family of the interface of an incoming connection
5288 unless it is in the loopback net.
5289 .ip ${if_family_out}
5290 The IP family of the interface of an outgoing connection
5291 unless it is in the loopback net.
5293 The hostname associated with the interface of an incoming connection.
5294 This macro can be used for
5295 SmtpGreetingMessage and HReceived for virtual hosting.
5298 O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA
5301 The name of the interface of an outgoing connection.
5303 The current load average.
5305 The address part of the resolved triple of the address given for the
5308 Defined in the SMTP server only.
5310 The host from the resolved triple of the address given for the
5313 Defined in the SMTP server only.
5315 The mailer from the resolved triple of the address given for the
5318 Defined in the SMTP server only.
5320 The value of the Message-Id: header.
5322 The value of the SIZE= parameter,
5323 i.e., usually the size of the message (in an ESMTP dialogue),
5324 before the message has been collected, thereafter
5325 the message size as computed by
5327 (and can be used in check_compat).
5329 The number of bad recipients for a single message.
5331 The number of validated recipients for a single message.
5332 Note: since recipient validation happens after
5334 has been called, the value in this ruleset
5335 is one less than what might be expected.
5337 The number of delivery attempts.
5339 The current operation mode (from the
5343 The quarantine reason for the envelope,
5344 if it is quarantined.
5345 .ip ${queue_interval}
5346 The queue run interval given by the
5352 .b ${queue_interval}
5356 The address part of the resolved triple of the address given for the
5359 Defined in the SMTP server only after a RCPT command.
5361 The host from the resolved triple of the address given for the
5364 Defined in the SMTP server only after a RCPT command.
5366 The mailer from the resolved triple of the address given for the
5369 Defined in the SMTP server only after a RCPT command.
5371 The address of the server of the current outgoing SMTP connection.
5372 For LMTP delivery the macro is set to the name of the mailer.
5373 (only if sendmail is compiled with STARTTLS or SASL.)
5375 The name of the server of the current outgoing SMTP or LMTP connection.
5376 (only if sendmail is compiled with STARTTLS or SASL.)
5380 function, i.e., the number of seconds since 0 hours, 0 minutes,
5381 0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
5383 The TLS/SSL version used for the connection, e.g., TLSv1.2, TLSv1;
5384 defined after STARTTLS has been used.
5386 The total number of incoming connections over the time interval specified
5387 by ConnectionRateWindowSize.
5389 The result of the verification of the presented cert;
5390 only defined after STARTTLS has been used (or attempted).
5391 Possible values are:
5394 TRUSTED verification via DANE succeeded.
5395 DANE_FAIL verification via DANE failed.
5396 DANE_TEMP verification via DANE failed temporarily.
5397 DANE_NOTLS DANE required but STARTTLS was not available.
5398 OK verification succeeded.
5399 NO no cert presented.
5400 NOT no cert requested.
5401 FAIL cert presented but could not be verified,
5402 e.g., the signing CA is missing.
5403 NONE STARTTLS has not been performed.
5404 CLEAR STARTTLS has been disabled internally
5405 for a clear text delivery attempt.
5406 TEMP temporary error occurred.
5407 PROTOCOL some protocol error occurred
5408 at the ESMTP level (not TLS).
5409 CONFIG tls_*_features failed due to a syntax error.
5410 SOFTWARE STARTTLS handshake failed,
5411 which is a fatal error for this session,
5412 the e-mail will be queued.
5415 There are three types of dates that can be used.
5420 macros are in RFC 822 format;
5422 is the time as extracted from the
5428 is the current date and time
5429 (used for postmarks).
5432 line is found in the incoming message,
5434 is set to the current time also.
5437 macro is equivalent to the
5448 are set to the identity of this host.
5450 tries to find the fully qualified name of the host
5452 it does this by calling
5454 to get the current hostname
5455 and then passing that to
5456 .i gethostbyname (3)
5457 which is supposed to return the canonical version of that host name.\**
5459 \**For example, on some systems
5463 which would be mapped to
5468 Assuming this is successful,
5470 is set to the fully qualified name
5473 is set to the domain part of the name
5474 (everything after the first dot).
5477 macro is set to the first word
5478 (everything before the first dot)
5479 if you have a level 5 or higher configuration file;
5480 otherwise, it is set to the same value as
5482 If the canonification is not successful,
5483 it is imperative that the config file set
5485 to the fully qualified domain name\**.
5487 \**Older versions of sendmail didn't pre-define
5489 at all, so up until 8.6,
5498 macro is the id of the sender
5499 as originally determined;
5500 when mailing to a specific host
5503 macro is set to the address of the sender
5505 relative to the recipient.
5508 .q bollard@matisse.CS.Berkeley.EDU
5510 .q vangogh.CS.Berkeley.EDU
5518 .q eric@vangogh.CS.Berkeley.EDU.
5522 macro is set to the full name of the sender.
5523 This can be determined in several ways.
5524 It can be passed as flag to
5526 It can be defined in the
5528 environment variable.
5529 The third choice is the value of the
5531 line in the header if it exists,
5532 and the fourth choice is the comment field
5536 If all of these fail,
5537 and if the message is being originated locally,
5538 the full name is looked up in the
5548 macros get set to the host, user, and home directory
5551 The first two are set from the
5555 part of the rewriting rules, respectively.
5561 macros are used to create unique strings
5567 macro is set to the queue id on this host;
5568 if put into the timestamp line
5569 it can be extremely useful for tracking messages.
5572 macro is set to be the version number of
5574 this is normally put in timestamps
5575 and has been proven extremely useful for debugging.
5581 i.e., the number of times this message has been processed.
5582 This can be determined
5585 flag on the command line
5586 or by counting the timestamps in the message.
5592 fields are set to the protocol used to communicate with
5594 and the sending hostname.
5595 They can be set together using the
5597 command line flag or separately using the
5605 is set to a validated sender host name.
5606 If the sender is running an RFC 1413 compliant IDENT server
5607 and the receiver has the IDENT protocol turned on,
5608 it will include the user name on that host.
5616 are set to the name, address, and port number of the SMTP client
5620 These can be used in the
5624 deferred evaluation form, of course!).
5625 .sh 2 "C and F \*- Define Classes"
5627 Classes of phrases may be defined
5628 to match on the left hand side of rewriting rules,
5631 is a sequence of characters that does not contain space characters.
5633 a class of all local names for this site
5635 so that attempts to send to oneself
5637 These can either be defined directly in the configuration file
5638 or read in from another file.
5639 Classes are named as a single letter or a word in {braces}.
5640 Class names beginning with lower case letters
5641 and special characters are reserved for system use.
5642 Classes defined in config files may be given names
5643 from the set of upper case letters for short names
5644 or beginning with an upper case letter for long names.
5659 .i c\|[mapkey]@mapclass:mapspec
5661 The first form defines the class
5663 to match any of the named words.
5671 the contents of class
5675 It is permissible to split them among multiple lines;
5676 for example, the two forms:
5687 read the elements of the class
5693 .i "map specification" .
5694 Each element should be listed on a separate line.
5695 To specify an optional file, use ``\-o'' between the class
5696 name and the file name, e.g.,
5698 Fc \-o /path/to/file
5700 If the file can't be used,
5702 will not complain but silently ignore it.
5703 The map form should be an optional map key, an at sign,
5704 and a map class followed by the specification for that map.
5707 F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=*)) \-v host
5708 F{MyClass}foo@hash:/etc/mail/classes
5712 from an LDAP map lookup and
5714 from a hash database map lookup of the key
5716 There is also a built-in schema that can be accessed by only specifying:
5721 This will tell sendmail to use the default schema:
5723 \-k (&(objectClass=sendmailMTAClass)
5724 (sendmailMTAClassName=\c
5726 (|(sendmailMTACluster=${sendmailMTACluster})
5727 (sendmailMTAHost=$j)))
5728 \-v sendmailMTAClassValue
5730 Note that the lookup is only done when sendmail is initially started.
5732 Elements of classes can be accessed in rules using
5738 (match entries not in class)
5739 only matches a single word;
5740 multi-word entries in the class are ignored in this context.
5742 Some classes have internal meaning to
5746 .\"A set of Content-Types that will not have the newline character
5747 .\"translated to CRLF before encoding into base64 MIME.
5748 .\"The class can have major times
5753 .\".q application/octet-stream ).
5754 .\"The class is initialized with
5755 .\".q application/octet-stream ,
5761 contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
5762 It is predefined to contain
5768 set to be the same as
5770 that is, the UUCP node name.
5772 set to the set of domains by which this host is known,
5776 can be set to the set of MIME body types
5777 that can never be eight to seven bit encoded.
5779 .q multipart/signed .
5784 are never encoded directly.
5785 Multipart messages are always handled recursively.
5786 The handling of message/* messages
5787 are controlled by class
5790 A set of Content-Types that will never be encoded as base64
5791 (if they have to be encoded, they will be encoded as quoted-printable).
5792 It can have primary types
5799 contains the set of subtypes of message that can be treated recursively.
5800 By default it contains only
5804 types cannot be 8\(->7 bit encoded.
5805 If a message containing eight bit data is sent to a seven bit host,
5806 and that message cannot be encoded into seven bits,
5807 it will be stripped to 7 bits.
5809 set to the set of trusted users by the
5812 If you want to read trusted users from a file, use
5816 set to be the set of all names
5817 this host is known by.
5818 This can be used to match local hostnames.
5819 .ip $={persistentMacros}
5820 set to the macros that should be saved across queue runs.
5821 Care should be taken when adding macro names to this class.
5824 can be compiled to allow a
5829 This lets you do simplistic parsing of text files.
5830 For example, to read all the user names in your system
5832 file into a class, use
5836 which reads every line up to the first colon.
5837 .sh 2 "E \*- Set or Propagate Environment Variables"
5840 configuration lines set or propagate environment variables into children.
5845 will propagate the named variable from the environment when
5847 was invoked into any children it calls;
5853 sets the named variable to the indicated value.
5854 Any variables not explicitly named will not be in the child environment.
5855 .sh 2 "M \*- Define Mailer"
5857 Programs and interfaces to mailers
5858 are defined in this line.
5869 is the name of the mailer
5870 (used internally only)
5873 pairs define attributes of the mailer.
5877 Path The pathname of the mailer
5878 Flags Special flags for this mailer
5879 Sender Rewriting set(s) for sender addresses
5880 Recipient Rewriting set(s) for recipient addresses
5881 recipients Maximum number of recipients per envelope
5882 Argv An argument vector to pass to this mailer
5883 Eol The end-of-line string for this mailer
5884 Maxsize The maximum message length to this mailer
5885 maxmessages The maximum message deliveries per connection
5886 Linelimit The maximum line length in the message body
5887 Directory The working directory for the mailer
5888 Userid The default user and group id to run as
5889 Nice The nice(2) increment for the mailer
5890 Charset The default character set for 8-bit characters
5891 Type Type information for DSN diagnostics
5892 Wait The maximum time to wait for the mailer
5893 Queuegroup The default queue group for the mailer
5894 / The root directory for the mailer
5896 Only the first character of the field name is checked
5897 (it's case-sensitive).
5899 The following flags may be set in the mailer description.
5900 Any other flags may be used freely
5901 to conditionally assign headers to messages
5902 destined for particular mailers.
5903 Flags marked with \(dg
5904 are not interpreted by the
5907 these are the conventionally used to correlate to the flags portion
5911 Flags marked with \(dd
5912 apply to the mailers for the sender address
5913 rather than the usual recipient mailers.
5916 Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870).
5917 This flag defaults on if the SMTP greeting message includes the word
5920 Look up the user (address) part of the resolved mailer triple,
5921 in the alias database.
5922 Normally this is only set for local mailers.
5924 Force a blank line on the end of a message.
5925 This is intended to work around some stupid versions of
5927 that require a blank line, but do not provide it themselves.
5928 It would not normally be used on network mail.
5930 Strip leading backslashes (\e) off of the address;
5931 this is a subset of the functionality of the
5935 Do not include comments in addresses.
5936 This should only be used if you have to work around
5937 a remote mailer that gets confused by comments.
5938 This strips addresses of the form
5939 .q "Phrase <address>"
5941 .q "address (Comment)"
5947 from a mailer with this flag set,
5948 any addresses in the header that do not have an at sign
5951 after being rewritten by ruleset three
5954 clause from the sender envelope address
5956 This allows mail with headers of the form:
5959 To: userb@hostb, userc
5964 To: userb@hostb, userc@hosta
5967 However, it doesn't really work reliably.
5969 Do not include angle brackets around route-address syntax addresses.
5970 This is useful on mailers that are going to pass addresses to a shell
5971 that might interpret angle brackets as I/O redirection.
5972 However, it does not protect against other shell metacharacters.
5973 Therefore, passing addresses to a shell should not be considered secure.
5979 This mailer is expensive to connect to,
5980 so try to avoid connecting normally;
5981 any necessary connection will occur during a queue run.
5985 Escape lines beginning with
5987 in the message with a `>' sign.
5993 but only if this is a network forward operation
5995 the mailer will give an error
5996 if the executing user
5997 does not have special permissions).
6005 sends internally generated email (e.g., error messages)
6006 using the null return address
6007 as required by RFC 1123.
6008 However, some mailers don't accept a null return address.
6014 from obeying the standards;
6015 error messages will be sent as from the MAILER-DAEMON
6016 (actually, the value of the
6020 Upper case should be preserved in host names
6021 (the $@ portion of the mailer triplet resolved from ruleset 0)
6024 Do User Database rewriting on envelope sender address.
6026 This flag is deprecated
6027 and will be removed from a future version.
6028 This mailer will be speaking SMTP
6032 as such it can use special protocol features.
6033 This flag should not be used except for debugging purposes
6038 Do User Database rewriting on recipients as well as senders.
6042 connects to a host via SMTP,
6043 it checks to make sure that this isn't accidentally the same host name
6046 is misconfigured or if a long-haul network interface is set in loopback mode.
6047 This flag disables the loopback check.
6048 It should only be used under very unusual circumstances.
6050 Currently unimplemented.
6051 Reserved for chunking.
6053 This mailer is local
6055 final delivery will be performed).
6057 Limit the line lengths as specified in RFC 821.
6058 This deprecated option should be replaced by the
6061 For historic reasons, the
6067 This mailer can send to multiple users
6074 part of the mailer definition,
6075 that field will be repeated as necessary
6076 for all qualifying users.
6077 Removing this flag can defeat duplicate suppression on a remote site
6078 as each recipient is sent in a separate transaction.
6084 Do not insert a UNIX-style
6086 line on the front of the message.
6088 Always run as the owner of the recipient mailbox.
6091 runs as the sender for locally generated mail
6094 (actually, the user specified in the
6097 when delivering network mail.
6098 The normal behavior is required by most local mailers,
6099 which will not allow the envelope sender address
6100 to be set unless the mailer is running as daemon.
6101 This flag is ignored if the
6105 Use the route-addr style reverse-path in the SMTP
6108 rather than just the return address;
6109 although this is required in RFC 821 section 3.1,
6110 many hosts do not process reverse-paths properly.
6111 Reverse-paths are officially discouraged by RFC 1123.
6117 When an address that resolves to this mailer is verified
6118 (SMTP VRFY command),
6119 generate 250 responses instead of 252 responses.
6120 This will imply that the address is local.
6128 Open SMTP connections from a
6133 except on UNIX machines,
6134 so it is unclear that this adds anything.
6136 must be running as root to be able to use this flag.
6138 Strip quote characters (" and \e) off of the address
6139 before calling the mailer.
6141 Don't reset the userid
6142 before calling the mailer.
6143 This would be used in a secure environment
6147 This could be used to avoid forged addresses.
6150 field is also specified,
6151 this flag causes the effective user id to be set to that user.
6153 Upper case should be preserved in user names for this mailer. Standards
6154 require preservation of case in the local part of addresses, except for
6155 those address for which your system accepts responsibility.
6156 RFC 2142 provides a long list of addresses which should be case
6158 If you use this flag, you may be violating RFC 2142.
6159 Note that postmaster is always treated as a case insensitive address
6160 regardless of this flag.
6162 This mailer wants UUCP-style
6165 .q "remote from <host>"
6168 The user must have a valid account on this machine,
6172 If not, the mail is bounced.
6176 This is required to get
6180 Ignore long term host status information (see Section
6181 "Persistent Host Status Information").
6187 This mailer wants to use the hidden dot algorithm as specified in RFC 821;
6188 basically, any line beginning with a dot will have an extra dot prepended
6189 (to be stripped at the other end).
6190 This insures that lines in the message containing a dot
6191 will not terminate the message prematurely.
6193 Run Local Mail Transfer Protocol (LMTP)
6196 and the local mailer.
6197 This is a variant on SMTP
6199 that is specifically designed for delivery to a local mailbox.
6201 Apply DialDelay (if set) to this mailer.
6203 Don't look up MX records for hosts sent via SMTP/LMTP.
6208 Strip null characters ('\\0') when sending to this mailer.
6210 Don't use ESMTP even if offered; this is useful for broken
6211 systems that offer ESMTP but fail on EHLO (without recovering
6212 when HELO is tried next).
6214 Extend the list of characters converted to =XX notation
6215 when converting to Quoted-Printable
6216 to include those that don't map cleanly between ASCII and EBCDIC.
6217 Useful if you have IBM mainframes on site.
6219 If no aliases are found for this address,
6220 pass the address through ruleset 5 for possible alternate resolution.
6221 This is intended to forward the mail to an alternate delivery spot.
6223 Strip headers to seven bits.
6225 Strip all output to seven bits.
6226 This is the default if the
6229 Note that clearing this option is not
6230 sufficient to get full eight bit data passed through
6234 option is set, this is essentially always set,
6235 since the eighth bit was stripped on input.
6236 Note that this option will only impact messages
6237 that didn't have 8\(->7 bit MIME conversions performed.
6240 it is acceptable to send eight bit data to this mailer;
6241 the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
6246 7\(->8 bit MIME conversions.
6247 These conversions are limited to text/plain data.
6249 Check addresses to see if they begin with
6251 if they do, convert them to the
6255 Check addresses to see if they begin with a `|';
6256 if they do, convert them to the
6260 Check addresses to see if they begin with a `/';
6261 if they do, convert them to the
6265 Look up addresses in the user database.
6267 Do not attempt delivery on initial receipt of a message
6269 unless the queued message is selected
6270 using one of the -qI/-qR/-qS queue run modifiers
6273 Disable an MH hack that drops an explicit
6275 if it is the same as what sendmail would generate.
6277 Configuration files prior to level 6
6278 assume the `A', `w', `5', `:', `|', `/', and `@' options
6282 The mailer with the special name
6284 can be used to generate a user error.
6285 The (optional) host field is an exit status to be returned,
6286 and the user field is a message to be printed.
6287 The exit status may be numeric or one of the values
6288 USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG
6289 to return the corresponding EX_ exit code,
6290 or an enhanced error code as described in RFC 1893,
6292 Enhanced Mail System Status Codes.
6293 For example, the entry:
6295 $#error $@ NOHOST $: Host unknown in this domain
6297 on the RHS of a rule
6298 will cause the specified error to be generated
6301 exit status to be returned
6303 This mailer is only functional in rulesets 0, 5,
6304 or one of the check_* rulesets.
6305 The host field can also contain the special token
6307 which instructs sendmail to quarantine the current message.
6309 The mailer with the special name
6311 causes any mail sent to it to be discarded
6312 but otherwise treated as though it were successfully delivered.
6313 This mailer cannot be used in ruleset 0,
6314 only in the various address checking rulesets.
6319 be defined in every configuration file.
6320 This is used to deliver local mail,
6321 and is treated specially in several ways.
6322 Additionally, three other mailers named
6327 may be defined to tune the delivery of messages to programs,
6329 and :include: lists respectively.
6332 Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
6333 M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
6334 M*include*, P=/dev/null, F=su, A=INCLUDE $u
6337 Builtin pathnames are [FILE] and [IPC], the former is used for
6338 delivery to files, the latter for delivery via interprocess communication.
6339 For mailers that use [IPC] as pathname the argument vector (A=)
6340 must start with TCP or FILE for delivery via a TCP or a Unix domain socket.
6341 If TCP is used, the second argument must be the name of the host
6343 Optionally a third argument can be used to specify a port,
6344 the default is smtp (port 25).
6345 If FILE is used, the second argument must be the name of
6346 the Unix domain socket.
6348 If the argument vector does not contain $u then
6350 will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer.
6352 If no Eol field is defined, then the default is "\\r\\n" for
6353 SMTP mailers and "\\n" of others.
6355 The Sender and Recipient rewriting sets
6356 may either be a simple ruleset id
6357 or may be two ids separated by a slash;
6358 if so, the first rewriting set is applied to envelope
6360 and the second is applied to headers.
6361 Setting any value to zero disables corresponding mailer-specific rewriting.
6364 is actually a colon-separated path of directories to try.
6365 For example, the definition
6367 first tries to execute in the recipient's home directory;
6368 if that is not available,
6369 it tries to execute in the root of the filesystem.
6370 This is intended to be used only on the
6373 since some shells (such as
6375 refuse to execute if they cannot read the current directory.
6376 Since the queue directory is not normally readable by unprivileged users
6378 scripts as recipients can fail.
6381 specifies the default user and group id to run as,
6387 mailer flag is also specified,
6388 this user and group will be set as the
6389 effective uid and gid for the process.
6390 This may be given as
6392 to set both the user and group id;
6393 either may be an integer or a symbolic name to be looked up
6399 If only a symbolic user name is specified,
6402 file for that user is used as the group id.
6405 is used when converting a message to MIME;
6406 this is the character set used in the
6407 Content-Type: header.
6408 If this is not set, the
6411 and if that is not set, the value
6415 this field applies to the sender's mailer,
6416 not the recipient's mailer.
6417 For example, if the envelope sender address
6418 lists an address on the local network
6419 and the recipient is on an external network,
6420 the character set will be set from the Charset= field
6421 for the local network mailer,
6422 not that of the external network mailer.
6425 sets the type information
6426 used in MIME error messages
6429 It is actually three values separated by slashes:
6430 the MTA-type (that is, the description of how hosts are named),
6431 the address type (the description of e-mail addresses),
6432 and the diagnostic type (the description of error diagnostic codes).
6433 Each of these must be a registered value
6437 .q dns/rfc822/smtp .
6439 The m= field specifies the maximum number of messages
6440 to attempt to deliver on a single SMTP or LMTP connection.
6441 The default is infinite.
6443 The r= field specifies the maximum number of recipients
6444 to attempt to deliver in a single envelope.
6447 The /= field specifies a new root directory for the mailer. The path is
6448 macro expanded and then passed to the
6450 system call. The root directory is changed before the Directory field is
6451 consulted or the uid is changed.
6453 The Wait= field specifies the maximum time to wait for the
6454 mailer to return after sending all data to it.
6455 This applies to mailers that have been forked by
6458 The Queuegroup= field specifies the default queue group in which
6459 received mail should be queued.
6460 This can be overridden by other means as explained in section
6461 ``Queue Groups and Queue Directories''.
6462 .sh 2 "H \*- Define Header"
6464 The format of the header lines that
6466 inserts into the message
6470 The syntax of this line is one of the following:
6497 Continuation lines in this spec
6498 are reflected directly into the outgoing message.
6501 is macro-expanded before insertion into the message.
6504 (surrounded by question marks)
6506 at least one of the specified flags
6507 must be stated in the mailer definition
6508 for this header to be automatically output.
6511 (surrounded by question marks)
6513 the header will be automatically output
6514 if the macro is set.
6515 The macro may be set using any of the normal methods,
6518 storage map in a ruleset.
6519 If one of these headers is in the input
6520 it is reflected to the output
6521 regardless of these flags or macros.
6525 is used to set a header, then it is useful to add that macro to class
6526 .i $={persistentMacros}
6527 which consists of the macros that should be saved across queue runs.
6529 Some headers have special semantics
6530 that will be described later.
6532 A secondary syntax allows validation of headers as they are being read.
6533 To enable validation, use:
6546 is called for the specified
6550 to reject or quarantine the message or
6552 to discard the message
6556 The ruleset receives the header field-body as argument,
6557 i.e., not the header field-name; see also
6558 ${hdr_name} and ${currHeader}.
6559 The header is treated as a structured field,
6561 text in parentheses is deleted before processing,
6562 unless the second form
6565 Note: only one ruleset can be associated with a header;
6567 will silently ignore multiple entries.
6569 For example, the configuration lines:
6571 HMessage-Id: $>CheckMessageId
6575 R$* $#error $: Illegal Message-Id header
6577 would refuse any message that had a Message-Id: header of any of the
6581 Message-Id: some text
6582 Message-Id: <legal text@domain> extra crud
6584 A default ruleset that is called for headers which don't have a
6585 specific ruleset defined for them can be specified by:
6599 .sh 2 "O \*- Set Option"
6601 There are a number of global options that
6602 can be set from a configuration file.
6603 Options are represented by full words;
6604 some are also representable as single characters for back compatibility.
6605 The syntax of this line is:
6618 be a space between the letter `O' and the name of the option.
6619 An older version is:
6626 is a single character.
6627 Depending on the option,
6629 may be a string, an integer,
6637 the default is TRUE),
6641 All filenames used in options should be absolute paths,
6642 i.e., starting with '/'.
6643 Relative filenames most likely cause surprises during operation
6644 (unless otherwise noted).
6646 The options supported (with the old, one character names in brackets) are:
6648 .ip "AliasFile=\fIspec, spec, ...\fP"
6650 Specify possible alias file(s).
6653 should be in the format
6661 is optional and defaults to ``implicit''.
6676 value is used as follows:
6678 \-k (&(objectClass=sendmailMTAAliasObject)
6679 (sendmailMTAAliasName=aliases)
6680 (|(sendmailMTACluster=${sendmailMTACluster})
6681 (sendmailMTAHost=$j))
6682 (sendmailMTAKey=%0))
6683 \-v sendmailMTAAliasValue
6687 is compiled, valid classes are
6689 (search through a compiled-in list of alias file types,
6690 for back compatibility),
6708 (internal symbol table \*- not normally used
6709 unless you have no other database lookup),
6711 (use a sequence of maps
6712 previously declared),
6726 searches them in order.
6727 .ip AliasWait=\fItimeout\fP
6732 (units default to minutes)
6735 entry to exist in the alias database
6737 If it does not appear in the
6739 interval issue a warning.
6741 If set, allow HELO SMTP commands that don't include a host name.
6742 Setting this violates RFC 1123 section 5.2.5,
6743 but is necessary to interoperate with several SMTP clients.
6744 If there is a value, it is still checked for legitimacy.
6745 .ip AuthMaxBits=\fIN\fP
6746 Limit the maximum encryption strength for the security layer in
6747 SMTP AUTH (SASL). Default is essentially unlimited.
6748 This allows to turn off additional encryption in SASL if
6749 STARTTLS is already encrypting the communication, because the
6750 existing encryption strength is taken into account when choosing
6751 an algorithm for the security layer.
6752 For example, if STARTTLS is used and the symmetric cipher is 3DES,
6753 then the keylength (in bits) is 168.
6756 to 168 will disable any encryption in SASL.
6758 List of authentication mechanisms for AUTH (separated by spaces).
6759 The advertised list of authentication mechanisms will be the
6760 intersection of this list and the list of available mechanisms as
6761 determined by the Cyrus SASL library.
6762 If STARTTLS is active, EXTERNAL will be added to this list.
6763 In that case, the value of {cert_subject} is used as authentication id.
6765 List of options for SMTP AUTH consisting of single characters
6766 with intervening white space or commas.
6769 A Use the AUTH= parameter for the MAIL
6770 command only when authentication succeeded.
6771 This can be used as a workaround for broken
6772 MTAs that do not implement RFC 2554 correctly.
6773 a protection from active (non-dictionary) attacks
6774 during authentication exchange.
6775 c require mechanisms which pass client credentials,
6776 and allow mechanisms which can pass credentials
6778 d don't permit mechanisms susceptible to passive
6780 f require forward secrecy between sessions
6781 (breaking one won't help break next).
6782 m require mechanisms which provide mutual authentication
6783 (only available if using Cyrus SASL v2 or later).
6784 p don't permit mechanisms susceptible to simple
6785 passive attack (e.g., PLAIN, LOGIN), unless a
6786 security layer is active.
6787 y don't permit mechanisms that allow anonymous login.
6789 The first option applies to sendmail as a client, the others to a server.
6794 would disallow ANONYMOUS as AUTH mechanism and would
6795 allow PLAIN and LOGIN only if a security layer (e.g.,
6796 provided by STARTTLS) is already active.
6797 The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the
6798 selected SASL mechanisms.
6799 Explanations of these properties can be found in the Cyrus SASL documentation.
6801 The authentication realm that is passed to the Cyrus SASL library.
6802 If no realm is specified,
6806 .ip BadRcptThrottle=\fIN\fP
6807 If set and the specified number of recipients in a single SMTP
6808 transaction have been rejected, sleep for one second after each subsequent
6809 RCPT command in that transaction.
6810 .ip BlankSub=\fIc\fP
6812 Set the blank substitution character to
6814 Unquoted spaces in addresses are replaced by this character.
6815 Defaults to space (i.e., no change is made).
6817 Path to directory with certificates of CAs.
6818 This directory directory must contain the hashes of each CA certificate
6819 as filenames (or as links to them).
6821 File containing one or more CA certificates;
6822 see section about STARTTLS for more information.
6823 .ip CertFingerprintAlgorithm
6824 Specify the fingerprint algorithm (digest) to use for the presented cert.
6825 If the option is not set,
6826 md5 is used and the macro
6828 contains the cert fingerprint.
6829 If the option is explicitly set,
6830 the specified algorithm (e.g., sha1) is used
6833 contains the cert fingerprint.
6835 Specify cipher list for STARTTLS (does not apply to TLSv1.3).
6838 for possible values.
6841 Validate the RHS of aliases when rebuilding the alias database.
6842 .ip CheckpointInterval=\fIN\fP
6844 Checkpoints the queue every
6848 If your system crashes during delivery to a large list,
6849 this prevents retransmission to any but the last
6852 .ip ClassFactor=\fIfact\fP
6856 is multiplied by the message class
6857 (determined by the Precedence: field in the user header
6860 lines in the configuration file)
6861 and subtracted from the priority.
6862 Thus, messages with a higher Priority: will be favored.
6865 File containing the certificate of the client, i.e., this certificate
6868 acts as client (for STARTTLS).
6870 File containing the private key belonging to the client certificate
6874 .ip ClientPortOptions=\fIoptions\fP
6875 Set client SMTP options.
6878 pairs separated by commas.
6882 Port Name/number of source port for connection (defaults to any free port)
6883 Addr Address mask (defaults INADDR_ANY)
6884 Family Address family (defaults to INET)
6885 SndBufSize Size of TCP send buffer
6886 RcvBufSize Size of TCP receive buffer
6887 Modifier Options (flags) for the client
6891 mask may be a numeric address in IPv4 dot notation or IPv6 colon notation
6893 Note that if a network name is specified,
6894 only the first IP address returned for it will be used.
6895 This may cause indeterminate behavior for network names
6896 that resolve to multiple addresses.
6897 Therefore, use of an address is recommended.
6899 can be the following character:
6902 h use name of interface for HELO command
6903 A don't use AUTH when sending e-mail
6904 S don't use STARTTLS when sending e-mail
6906 If ``h'' is set, the name corresponding to the outgoing interface
6907 address (whether chosen via the Connection parameter or
6908 the default) is used for the HELO/EHLO command.
6909 However, the name must not start with a square bracket
6910 and it must contain at least one dot.
6911 This is a simple test whether the name is not
6912 an IP address (in square brackets) but a qualified hostname.
6913 Note that multiple ClientPortOptions settings are allowed
6914 in order to give settings for each protocol family
6915 (e.g., one for Family=inet and one for Family=inet6).
6916 A restriction placed on one family only affects
6917 outgoing connections on that particular family.
6918 .ip ClientSSLOptions
6919 A space or comma separated list of SSL related options for the client side.
6921 .i SSL_CTX_set_options (3)
6923 the available values depend on the OpenSSL version against which
6930 .i -SSL_OP_TLSEXT_PADDING
6932 (if those options are available).
6933 Options can be cleared by preceding them with a minus sign.
6934 It is also possible to specify numerical values, e.g.,
6937 If set, colons are acceptable in e-mail addresses
6940 If not set, colons indicate the beginning of a RFC 822 group construct
6942 .q "groupname: member1, member2, ... memberN;" ).
6943 Doubled colons are always acceptable
6946 and proper route-addr nesting is understood
6948 .q <@relay:user@host> ).
6949 Furthermore, this option defaults on if the configuration version level
6950 is less than 6 (for back compatibility).
6951 However, it must be off for full compatibility with RFC 822.
6952 .ip ConnectionCacheSize=\fIN\fP
6954 The maximum number of open connections that will be cached at a time.
6956 This delays closing the current connection until
6957 either this invocation of
6959 needs to connect to another host
6961 Setting it to zero defaults to the old behavior,
6962 that is, connections are closed immediately.
6963 Since this consumes file descriptors,
6964 the connection cache should be kept small:
6965 4 is probably a practical maximum.
6966 .ip ConnectionCacheTimeout=\fItimeout\fP
6968 The maximum amount of time a cached connection will be permitted to idle
6970 If this time is exceeded,
6971 the connection is immediately closed.
6972 This value should be small (on the order of ten minutes).
6975 uses a cached connection,
6976 it always sends a RSET command
6977 to check the connection;
6978 if this fails, it reopens the connection.
6979 This keeps your end from failing if the other end times out.
6980 The point of this option is to be a good network neighbor
6981 and avoid using up excessive resources
6983 The default is five minutes.
6984 .ip ConnectOnlyTo=\fIaddress\fP
6986 override the connection address (for testing purposes).
6987 .ip ConnectionRateThrottle=\fIN\fP
6988 If set to a positive value,
6991 incoming connections in a one second period per daemon.
6992 This is intended to flatten out peaks
6993 and allow the load average checking to cut in.
6994 Defaults to zero (no limits).
6995 .ip ConnectionRateWindowSize=\fIN\fP
6996 Define the length of the interval for which
6997 the number of incoming connections is maintained.
6998 The default is 60 seconds.
6999 .ip ControlSocketName=\fIname\fP
7000 Name of the control socket for daemon management.
7003 daemon can be controlled through this named socket.
7004 Available commands are:
7013 command returns the current number of daemon children,
7014 the maximum number of daemon children,
7015 the free disk space (in blocks) of the queue directory,
7016 and the load average of the machine expressed as an integer.
7017 If not set, no control socket will be available.
7018 Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
7019 .ip CRLFile=\fIname\fP
7020 Name of file that contains certificate
7021 revocation status, useful for X.509v3 authentication.
7022 Note: if a CRLFile is specified but the file is unusable,
7023 STARTTLS is disabled.
7024 .ip CRLPath=\fIname\fP
7025 Name of directory that contains hashes pointing to
7026 certificate revocation status files.
7027 Symbolic links can be generated with the following
7028 two (Bourne) shell commands:
7031 ln -s $C `openssl crl -noout -hash < $C`.r0
7034 This option applies to the server side only.
7035 Possible values are:
7038 5 use precomputed 512 bit prime.
7039 1 generate 1024 bit prime
7040 2 generate 2048 bit prime.
7041 i use included precomputed 2048 bit prime (default).
7042 none do not use Diffie-Hellman.
7043 /path/to/file load prime from file.
7045 This is only required if a ciphersuite containing DSA/DH is used.
7046 The default is ``i'' which selects a precomputed, fixed 2048 bit prime.
7047 If ``5'' is selected, then precomputed, fixed primes are used.
7048 Note: this option should not be used
7049 (unless necessary for compatibility with old implementations).
7050 If ``1'' or ``2'' is selected, then prime values are computed during startup.
7051 Note: this operation can take a significant amount of time on a
7052 slow machine (several seconds), but it is only done once at startup.
7053 If ``none'' is selected, then TLS ciphersuites containing DSA/DH
7055 If a file name is specified (which must be an absolute path),
7056 then the primes are read from it.
7057 It is recommended to generate such a file using a command like this:
7059 openssl dhparam -out /etc/mail/dhparams.pem 2048
7061 If the file is not readable or contains unusable data,
7062 the default ``i'' is used instead.
7063 .ip DaemonPortOptions=\fIoptions\fP
7065 Set server SMTP options.
7067 .b DaemonPortOptions
7068 leads to an additional incoming socket.
7075 Name User-definable name for the daemon (defaults to "Daemon#")
7076 Port Name/number of listening port (defaults to "smtp")
7077 Addr Address mask (defaults INADDR_ANY)
7078 Family Address family (defaults to INET)
7079 InputMailFilters List of input mail filters for the daemon
7080 Listen Size of listen queue (defaults to 10)
7081 Modifier Options (flags) for the daemon
7082 SndBufSize Size of TCP send buffer
7083 RcvBufSize Size of TCP receive buffer
7084 children maximum number of children per daemon, see \fBMaxDaemonChildren\fP.
7085 DeliveryMode Delivery mode per daemon, see \fBDeliveryMode\fP.
7086 refuseLA RefuseLA per daemon
7087 delayLA DelayLA per daemon
7088 queueLA QueueLA per daemon
7092 key is used for error messages and logging.
7096 a numeric address in IPv4 dot notation or IPv6 colon notation,
7098 or a path to a local socket.
7099 Note that if a network name is specified,
7100 only the first IP address returned for it will be used.
7101 This may cause indeterminate behavior for network names
7102 that resolve to multiple addresses.
7103 Therefore, use of an address is recommended.
7106 key defaults to INET (IPv4).
7107 IPv6 users who wish to also accept IPv6 connections
7108 should add additional Family=inet6
7109 .b DaemonPortOptions
7111 For a local socket, use
7117 key overrides the default list of input mail filters listed in the
7120 If multiple input mail filters are required, they must be separated
7121 by semicolons (not commas).
7123 can be a sequence (without any delimiters)
7124 of the following characters:
7127 a always require AUTH
7128 b bind to interface through which mail has been received
7129 c perform hostname canonification (.cf)
7130 f require fully qualified hostname (.cf)
7131 s Run smtps (SMTP over SSL) instead of smtp
7132 u allow unqualified addresses (.cf)
7133 A disable AUTH (overrides 'a' modifier)
7134 C don't perform hostname canonification
7135 E disallow ETRN (see RFC 2476)
7136 O optional; if opening the socket fails ignore it
7137 S don't offer STARTTLS
7139 That is, one way to specify a message submission agent (MSA) that
7140 always requires AUTH is:
7142 O DaemonPortOptions=Name=MSA, Port=587, M=Ea
7144 The modifiers that are marked with "(.cf)" have only
7145 effect in the standard configuration file, in which
7146 they are available via
7147 .b ${daemon_flags} .
7150 use the ``a'' modifier on a public accessible MTA!
7151 It should only be used for a MSA that is accessed by authorized
7152 users for initial mail submission.
7153 Users must authenticate to use a MSA which has this option turned on.
7154 The flags ``c'' and ``C'' can change the default for
7155 hostname canonification in the
7158 See the relevant documentation for
7159 .sm FEATURE(nocanonify) .
7160 The modifier ``f'' disallows addresses of the form
7162 unless they are submitted directly.
7163 The flag ``u'' allows unqualified sender addresses,
7164 i.e., those without @host.
7165 ``b'' forces sendmail to bind to the interface
7166 through which the e-mail has been
7167 received for the outgoing connection.
7170 only if outgoing mail can be routed through the incoming connection's
7171 interface to its destination. No attempt is made to catch problems due to a
7172 misconfiguration of this parameter, use it only for virtual hosting
7173 where each virtual interface can connect to every possible location.
7174 This will also override possible settings via
7175 .b ClientPortOptions.
7178 will listen on a new socket
7179 for each occurrence of the
7180 .b DaemonPortOptions
7181 option in a configuration file.
7182 The modifier ``O'' causes sendmail to ignore a socket
7183 if it can't be opened.
7184 This applies to failures from the socket(2) and bind(2) calls.
7186 Filename that contains default authentication information for outgoing
7187 connections. This file must contain the user id, the authorization id,
7188 the password (plain text), the realm and the list of mechanisms to use
7189 on separate lines and must be readable by
7190 root (or the trusted user) only.
7191 If no realm is specified,
7194 If no mechanisms are specified, the list given by
7197 Notice: this option is deprecated and will be removed in future versions.
7198 Moreover, it doesn't work for the MSP since it can't read the file
7199 (the file must not be group/world-readable otherwise
7202 Use the authinfo ruleset instead which provides more control over
7203 the usage of the data anyway.
7204 .ip DefaultCharSet=\fIcharset\fP
7205 When a message that has 8-bit characters but is not in MIME format
7206 is converted to MIME
7207 (see the EightBitMode option)
7208 a character set must be included in the Content-Type: header.
7209 This character set is normally set from the Charset= field
7210 of the mailer descriptor.
7211 If that is not set, the value of this option is used.
7212 If this option is not set, the value
7215 .ip DataFileBufferSize=\fIthreshold\fP
7219 before a memory-based
7222 The default is 4096 bytes.
7223 .ip DeadLetterDrop=\fIfile\fP
7224 Defines the location of the system-wide dead.letter file,
7225 formerly hardcoded to /usr/tmp/dead.letter.
7226 If this option is not set (the default),
7227 sendmail will not attempt to save to a system-wide dead.letter file
7229 it cannot bounce the mail to the user or postmaster.
7230 Instead, it will rename the qf file
7231 as it has in the past
7232 when the dead.letter file could not be opened.
7233 .ip DefaultUser=\fIuser:group\fP
7235 Set the default userid for mailers to
7242 (as opposed to a numeric user id)
7243 the default group listed in the /etc/passwd file for that user is used
7244 as the default group.
7252 flag in the mailer definition
7253 will run as this user.
7255 The value can also be given as a symbolic user name.\**
7259 option has been combined into the
7263 .ip DelayLA=\fILA\fP
7264 When the system load average exceeds
7267 will sleep for one second on most SMTP commands and
7268 before accepting connections.
7269 .ip DeliverByMin=\fItime\fP
7270 Set minimum time for Deliver By SMTP Service Extension (RFC 2852).
7271 If 0, no time is listed, if less than 0, the extension is not offered,
7272 if greater than 0, it is listed as minimum time
7273 for the EHLO keyword DELIVERBY.
7274 .ip DeliveryMode=\fIx\fP
7281 i Deliver interactively (synchronously)
7282 b Deliver in background (asynchronously)
7283 q Just queue the message (deliver during queue run)
7284 d Defer delivery and all map lookups (deliver during queue run)
7286 Defaults to ``b'' if no option is specified,
7287 ``i'' if it is specified but given no argument
7288 (i.e., ``Od'' is equivalent to ``Odi'').
7291 command line flag sets this to
7293 Note: for internal reasons,
7295 if a milter is enabled which can reject or delete recipients.
7296 In that case the mode will be changed to ``b''.
7297 .ip DialDelay=\fIsleeptime\fP
7298 Dial-on-demand network connections can see timeouts
7299 if a connection is opened before the call is set up.
7300 If this is set to an interval and a connection times out
7301 on the first connection being attempted
7303 will sleep for this amount of time and try again.
7304 This should give your system time to establish the connection
7305 to your service provider.
7306 Units default to seconds, so
7308 uses a five second delay.
7311 This delay only applies to mailers which have the
7313 .ip DirectSubmissionModifiers=\fImodifiers\fP
7316 for direct (command line) submissions.
7319 is either "CC f" if the option
7321 is used or "c u" otherwise.
7322 Note that only the "CC", "c", "f", and "u" flags are checked.
7323 .ip DontBlameSendmail=\fIoption,option,...\fP
7324 In order to avoid possible cracking attempts
7325 caused by world- and group-writable files and directories,
7327 does paranoid checking when opening most of its support files.
7328 If for some reason you absolutely must run with,
7333 then you will have to turn off this checking
7334 (at the cost of making your system more vulnerable to attack).
7335 The possible arguments have been described earlier.
7336 The details of these flags are described above.
7337 .\"XXX should have more here!!! XXX
7338 .b "Use of this option is not recommended."
7339 .ip DontExpandCnames
7340 The standards say that all host addresses used in a mail message
7341 must be fully canonical.
7342 For example, if your host is named
7344 and also has an alias of
7346 the former name must be used at all times.
7347 This is enforced during host name canonification
7348 ($[ ... $] lookups).
7349 If this option is set, the protocols are ignored and the
7352 However, the IETF is moving toward changing this standard,
7353 so the behavior may become acceptable.
7354 Please note that hosts downstream may still rewrite the address
7355 to be the true canonical name however.
7359 will avoid using the initgroups(3) call.
7360 If you are running NIS,
7361 this causes a sequential scan of the groups.byname map,
7362 which can cause your NIS server to be badly overloaded in a large domain.
7363 The cost of this is that the only group found for users
7364 will be their primary group (the one in the password file),
7365 which will make file access permissions somewhat more restrictive.
7366 Has no effect on systems that don't have group lists.
7367 .ip DontProbeInterfaces
7369 normally finds the names of all interfaces active on your machine
7371 and adds their name to the
7373 class of known host aliases.
7374 If you have a large number of virtual interfaces
7375 or if your DNS inverse lookups are slow
7376 this can be time consuming.
7377 This option turns off that probing.
7378 However, you will need to be certain to include all variant names
7381 class by some other mechanism.
7384 loopback interfaces (e.g., lo0) will not be probed.
7389 tries to eliminate any unnecessary explicit routes
7390 when sending an error message
7391 (as discussed in RFC 1123 \(sc 5.2.6).
7393 when sending an error message to
7395 <@known1,@known2,@known3:user@unknown>
7400 in order to make the route as direct as possible.
7403 option is set, this will be disabled,
7404 and the mail will be sent to the first address in the route,
7405 even if later addresses are known.
7406 This may be useful if you are caught behind a firewall.
7407 .ip DoubleBounceAddress=\fIerror-address\fP
7408 If an error occurs when sending an error message,
7409 send the error report
7412 because it is an error
7414 that occurs when trying to send another error
7416 to the indicated address.
7417 The address is macro expanded
7418 at the time of delivery.
7419 If not set, defaults to
7421 If set to an empty string, double bounces are dropped.
7422 .ip EightBitMode=\fIaction\fP
7424 Set handling of eight-bit data.
7425 There are two kinds of eight-bit data:
7426 that declared as such using the
7428 ESMTP declaration or the
7431 and undeclared 8-bit data, that is,
7432 input that just happens to be eight bits.
7433 There are three basic operations that can happen:
7434 undeclared 8-bit data can be automatically converted to 8BITMIME,
7435 undeclared 8-bit data can be passed as-is without conversion to MIME
7437 and declared 8-bit data can be converted to 7-bits
7438 for transmission to a non-8BITMIME mailer.
7443 .\" r Reject undeclared 8-bit data;
7444 .\" don't convert 8BITMIME\(->7BIT (``reject'')
7445 s Reject undeclared 8-bit data (``strict'')
7446 .\" do convert 8BITMIME\(->7BIT (``strict'')
7447 .\" c Convert undeclared 8-bit data to MIME;
7448 .\" don't convert 8BITMIME\(->7BIT (``convert'')
7449 m Convert undeclared 8-bit data to MIME (``mime'')
7450 .\" do convert 8BITMIME\(->7BIT (``mime'')
7451 .\" j Pass undeclared 8-bit data;
7452 .\" don't convert 8BITMIME\(->7BIT (``just send 8'')
7453 p Pass undeclared 8-bit data (``pass'')
7454 .\" do convert 8BITMIME\(->7BIT (``pass'')
7455 .\" a Adaptive algorithm: see below
7457 .\"The adaptive algorithm is to accept 8-bit data,
7458 .\"converting it to 8BITMIME only if the receiver understands that,
7459 .\"otherwise just passing it as undeclared 8-bit data;
7460 .\"8BITMIME\(->7BIT conversions are done.
7461 In all cases properly declared 8BITMIME data will be converted to 7BIT
7464 Note: if an automatic conversion is performed, a header with
7465 the following format will be added:
7467 X-MIME-Autoconverted: from OLD to NEW by $j id $i
7474 describe the original format and the converted format, respectively.
7475 .ip ErrorHeader=\fIfile-or-message\fP
7477 Prepend error messages with the indicated message.
7478 If it begins with a slash,
7479 it is assumed to be the pathname of a file
7480 containing a message (this is the recommended setting).
7481 Otherwise, it is a literal message.
7482 The error file might contain the name, email address, and/or phone number
7483 of a local postmaster who could provide assistance
7485 If the option is missing or null,
7486 or if it names a file which does not exist or which is not readable,
7487 no message is printed.
7488 .ip ErrorMode=\fIx\fP
7490 Dispose of errors using mode
7496 p Print error messages (default)
7497 q No messages, just give exit status
7499 w Write back errors (mail if user not logged in)
7500 e Mail back errors (when applicable) and give zero exit stat always
7502 Note that the last mode,
7504 is for Berknet error processing and
7505 should not be used in normal circumstances.
7506 Note, too, that mode
7508 only applies to errors recognized before sendmail forks for
7509 background delivery.
7510 .ip FallbackMXhost=\fIfallbackhost\fP
7514 acts like a very low priority MX
7516 MX records will be looked up for this host,
7517 unless the name is surrounded by square brackets.
7518 This is intended to be used by sites with poor network connectivity.
7519 Messages which are undeliverable due to temporary address failures
7521 also go to the FallbackMXhost.
7522 .ip FallBackSmartHost=\fIhostname\fP
7524 .i FallBackSmartHost
7525 will be used in a last-ditch effort for a host.
7526 This is intended to be used by sites with "fake internal DNS",
7527 e.g., a company whose DNS accurately reflects the world
7528 inside that company's domain but not outside.
7530 If set to a value greater than zero (the default is one),
7531 it suppresses the MX lookups on addresses
7532 when they are initially sorted, i.e., for the first delivery attempt.
7533 This usually results in faster envelope splitting unless the MX records
7534 are readily available in a local DNS cache.
7535 To enforce initial sorting based on MX records set
7538 If the mail is submitted directly from the command line, then
7539 the value also limits the number of processes to deliver the envelopes;
7540 if more envelopes are created they are only queued up
7541 and must be taken care of by a queue run.
7542 Since the default submission method is via SMTP (either from a MUA
7543 or via the MSP), the value of
7545 is seldom used to limit the number of processes to deliver the envelopes.
7549 deliver each job that is run from the queue in a separate process.
7550 .ip ForwardPath=\fIpath\fP
7552 Set the path for searching for users' .forward files.
7555 Some sites that use the automounter may prefer to change this to
7557 to search a file with the same name as the user in a system directory.
7558 It can also be set to a sequence of paths separated by colons;
7560 stops at the first file it can successfully and safely open.
7562 .q /var/forward/$u:$z/.forward
7563 will search first in /var/forward/\c
7566 .i ~username /.forward
7567 (but only if the first file does not exist).
7568 .ip HeloName=\fIname\fP
7569 Set the name to be used for HELO/EHLO (instead of $j).
7570 .ip HelpFile=\fIfile\fP
7572 Specify the help file for SMTP.
7573 If no file name is specified, "helpfile" is used.
7574 If the help file does not exist (cannot be opened for reading)
7576 will print a note including its version in response to a
7579 To avoid providing this information to a client specify an empty file.
7582 If an outgoing mailer is marked as being expensive,
7583 don't connect immediately.
7584 .ip HostsFile=\fIpath\fP
7585 The path to the hosts database,
7588 This option is only consulted when sendmail
7589 is canonifying addresses,
7594 service switch entry.
7595 In particular, this file is
7597 used when looking up host addresses;
7598 that is under the control of the system
7599 .i gethostbyname (3)
7601 .ip HostStatusDirectory=\fIpath\fP
7602 The location of the long term host status information.
7604 information about the status of hosts
7605 (e.g., host down or not accepting connections)
7606 will be shared between all
7609 normally, this information is only held within a single queue run.
7610 This option requires a connection cache of at least 1 to function.
7611 If the option begins with a leading `/',
7612 it is an absolute pathname;
7614 it is relative to the mail queue directory.
7615 A suggested value for sites desiring persistent host status is
7617 (i.e., a subdirectory of the queue directory).
7620 Do not treat leading dots in incoming messages in a special way,
7621 e.g., as end of a message if it is the only character in a line.
7622 This is always disabled when reading SMTP mail.
7623 .ip InputMailFilters=\fIname,name,...\fP
7624 A comma separated list of filters which determines which filters
7625 (see the "X \*- Mail Filter (Milter) Definitions" section)
7626 and the invocation sequence are contacted for incoming SMTP messages.
7627 If none are set, no filters will be contacted.
7628 .ip LDAPDefaultSpec=\fIspec\fP
7629 Sets a default map specification for LDAP maps.
7630 The value should only contain LDAP specific settings
7632 .q "-h host -p port -d bindDN" .
7633 The settings will be used for all LDAP maps
7634 unless the individual map specification overrides a setting.
7635 This option should be set before any LDAP maps are defined.
7636 .ip LogLevel=\fIn\fP
7638 Set the log level to
7647 This is intended only for use from the command line.
7652 Type of lookup to find information about local mailboxes,
7653 defaults to ``pw'' which uses
7655 Other types can be introduced by adding them to the source code,
7656 see libsm/mbdb.c for details.
7658 Use as mail submission program, i.e.,
7659 allow group writable queue files
7660 if the group is the same as that of a set-group-ID sendmail binary.
7662 .b sendmail/SECURITY
7663 in the distribution tarball.
7666 Allow fuzzy matching on the GECOS field.
7667 If this flag is set,
7668 and the usual user name lookups fail
7669 (that is, there is no alias with this name and a
7672 sequentially search the password file
7673 for a matching entry in the GECOS field.
7674 This also requires that MATCHGECOS
7675 be turned on during compilation.
7676 This option is not recommended.
7677 .ip MaxAliasRecursion=\fIN\fP
7678 The maximum depth of alias recursion (default: 10).
7679 .ip MaxDaemonChildren=\fIN\fP
7682 will refuse connections when it has more than
7684 children processing incoming mail or automatic queue runs.
7685 This does not limit the number of outgoing connections.
7688 (background) is used, then
7690 may create an almost unlimited number of children
7691 (depending on the number of transactions and the
7692 relative execution times of mail receiption and mail delivery).
7693 If the limit should be enforced, then a
7695 other than background must be used.
7696 If not set, there is no limit to the number of children --
7697 that is, the system load average controls this.
7698 .ip MaxHeadersLength=\fIN\fP
7699 If set to a value greater than zero it specifies
7700 the maximum length of the sum of all headers.
7701 This can be used to prevent a denial of service attack.
7703 .ip MaxHopCount=\fIN\fP
7705 The maximum hop count.
7706 Messages that have been processed more than
7708 times are assumed to be in a loop and are rejected.
7710 .ip MaxMessageSize=\fIN\fP
7711 Specify the maximum message size
7712 to be advertised in the ESMTP EHLO response.
7713 Messages larger than this will be rejected.
7714 If set to a value greater than zero,
7715 that value will be listed in the SIZE response,
7716 otherwise SIZE is advertised in the ESMTP EHLO response
7717 without a parameter.
7718 .ip MaxMimeHeaderLength=\fIN[/M]\fP
7719 Sets the maximum length of certain MIME header field values to
7722 These MIME header fields are determined by being a member of
7723 class {checkMIMETextHeaders}, which currently contains only
7724 the header Content-Description.
7725 For some of these headers which take parameters,
7726 the maximum length of each parameter is set to
7730 is not specified, one half of
7734 these values are 2048 and 1024, respectively.
7735 To allow any length, a value of 0 can be specified.
7736 .ip MaxNOOPCommands=\fIN\fP
7737 Override the default of
7741 commands, see Section
7742 "Measures against Denial of Service Attacks".
7743 .ip MaxQueueChildren=\fIN\fP
7744 When set, this limits the number of concurrent queue runner processes to
7746 This helps to control the amount of system resources used when processing
7747 the queue. When there are multiple queue groups defined and the total number
7748 of queue runners for these queue groups would exceed
7750 then the queue groups will not all run concurrently. That is, some portion
7751 of the queue groups will run concurrently such that
7753 will not be exceeded, while the remaining queue groups will be run later (in
7754 round robin order). See also
7755 .i MaxRunnersPerQueue
7756 and the section \fBQueue Group Declaration\fP.
7759 does not count individual queue runners, but only sets of processes
7760 that act on a workgroup.
7761 Hence the actual number of queue runners may be lower than the limit
7763 .i MaxQueueChildren .
7764 This discrepancy can be large if some queue runners have to wait
7765 for a slow server and if short intervals are used.
7766 .ip MaxQueueRunSize=\fIN\fP
7767 The maximum number of jobs that will be processed
7768 in a single queue run.
7769 If not set, there is no limit on the size.
7770 If you have very large queues or a very short queue run interval
7771 this could be unstable.
7772 However, since the first
7774 jobs in queue directory order are run (rather than the
7776 highest priority jobs)
7777 this should be set as high as possible to avoid
7779 jobs that happen to fall late in the queue directory.
7780 Note: this option also restricts the number of entries printed by
7789 entries are printed per queue group.
7790 .ip MaxRecipientsPerMessage=\fIN\fP
7791 The maximum number of recipients that will be accepted per message
7792 in an SMTP transaction.
7793 Note: setting this too low can interfere with sending mail from
7794 MUAs that use SMTP for initial submission.
7795 If not set, there is no limit on the number of recipients per envelope.
7796 .ip MaxRunnersPerQueue=\fIN\fP
7797 This sets the default maximum number of queue runners for queue groups.
7800 queue runners will work in parallel on a queue group's messages.
7801 This is useful where the processing of a message in the queue might
7802 delay the processing of subsequent messages. Such a delay may be the result
7803 of non-erroneous situations such as a low bandwidth connection.
7804 May be overridden on a per queue group basis by setting the
7806 option; see the section \fBQueue Group Declaration\fP.
7807 The default is 1 when not set.
7811 even if I am in an alias expansion.
7812 This option is deprecated
7813 and will be removed from a future version.
7815 This option has several sub(sub)options.
7816 The names of the suboptions are separated by dots.
7817 At the first level the following options are available:
7819 .ta \w'LogLevel'u+3n
7820 LogLevel Log level for input mail filter actions, defaults to LogLevel.
7821 macros Specifies list of macro to transmit to filters.
7824 The ``macros'' option has the following suboptions
7825 which specify the list of macro to transmit to milters
7826 after a certain event occurred.
7829 connect After session connection start
7830 helo After EHLO/HELO command
7831 envfrom After MAIL command
7832 envrcpt After RCPT command
7833 data After DATA command.
7834 eoh After DATA command and header
7835 eom After DATA command and terminating ``.''
7837 By default the lists of macros are empty.
7840 O Milter.LogLevel=12
7841 O Milter.macros.connect=j, _, {daemon_name}
7843 .ip MinFreeBlocks=\fIN\fP
7847 blocks free on the filesystem that holds the queue files
7848 before accepting email via SMTP.
7849 If there is insufficient space
7851 gives a 452 response
7852 to the MAIL command.
7853 This invites the sender to try again later.
7854 .ip MaxQueueAge=\fIage\fP
7855 If this is set to a value greater than zero,
7856 entries in the queue will be retried during a queue run
7857 only if the individual retry time has been reached
7858 which is doubled for each attempt.
7859 The maximum retry time is limited by the specified value.
7860 .ip MinQueueAge=\fIage\fP
7861 Don't process any queued jobs
7862 that have been in the queue less than the indicated time interval.
7863 This is intended to allow you to get responsiveness
7864 by processing the queue fairly frequently
7865 without thrashing your system by trying jobs too often.
7866 The default units are minutes.
7868 This option is ignored for queue runs that select a subset
7870 .q \-q[!][I|R|S|Q][string]
7871 .ip MustQuoteChars=\fIs\fP
7872 Sets the list of characters that must be quoted if used in a full name
7873 that is in the phrase part of a ``phrase <address>'' syntax.
7874 The default is ``\'.''.
7875 The characters ``@,;:\e()[]'' are always added to this list.
7876 Note: To avoid potential breakage of
7877 DKIM signatures it is useful to set
7881 Moreover, relaxed header signing should be used for DKIM signatures.
7883 The priority of queue runners (nice(3)).
7884 This value must be greater or equal zero.
7885 .ip NoRecipientAction
7886 The action to take when you receive a message that has no valid
7887 recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
7888 the last included for back compatibility with old
7892 to pass the message on unmodified,
7893 which violates the protocol,
7895 to add a To: header with any recipients it can find in the envelope
7896 (which might expose Bcc: recipients),
7897 .b Add-Apparently-To
7898 to add an Apparently-To: header
7899 (this is only for back-compatibility
7900 and is officially deprecated),
7901 .b Add-To-Undisclosed
7903 .q "To: undisclosed-recipients:;"
7904 to make the header legal without disclosing anything,
7907 to add an empty Bcc: header.
7910 Assume that the headers may be in old format,
7912 spaces delimit names.
7913 This actually turns on
7914 an adaptive algorithm:
7915 if any recipient address contains a comma, parenthesis,
7917 it will be assumed that commas already exist.
7918 If this flag is not on,
7919 only commas delimit names.
7920 Headers are always output with commas between the names.
7922 .ip OperatorChars=\fIcharlist\fP
7924 The list of characters that are considered to be
7926 that is, characters that delimit tokens.
7927 All operator characters are tokens by themselves;
7928 sequences of non-operator characters are also tokens.
7929 White space characters separate tokens
7930 but are not tokens themselves \(em for example,
7932 has three tokens, but
7935 If not set, OperatorChars defaults to
7936 .q \&.\|:\|@\|[\|] ;
7937 additionally, the characters
7939 are always operators.
7940 Note that OperatorChars must be set in the
7941 configuration file before any rulesets.
7942 .ip PidFile=\fIfilename\fP
7943 Filename of the pid file.
7944 (default is _PATH_SENDMAILPID).
7947 is macro-expanded before it is opened, and unlinked when
7950 .ip PostmasterCopy=\fIpostmaster\fP
7953 copies of error messages will be sent to the named
7955 Only the header of the failed message is sent.
7956 Errors resulting from messages with a negative precedence will not be sent.
7957 Since most errors are user problems,
7958 this is probably not a good idea on large sites,
7959 and arguably contains all sorts of privacy violations,
7960 but it seems to be popular with certain operating systems vendors.
7961 The address is macro expanded
7962 at the time of delivery.
7963 Defaults to no postmaster copies.
7964 .ip PrivacyOptions=\fI\|opt,opt,...\fP
7968 ``Privacy'' is really a misnomer;
7969 many of these are just a way of insisting on stricter adherence
7970 to the SMTP protocol.
7973 can be selected from:
7975 .ta \w'noactualrecipient'u+3n
7976 public Allow open access
7977 needmailhelo Insist on HELO or EHLO command before MAIL
7978 needexpnhelo Insist on HELO or EHLO command before EXPN
7979 noexpn Disallow EXPN entirely, implies noverb.
7980 needvrfyhelo Insist on HELO or EHLO command before VRFY
7981 novrfy Disallow VRFY entirely
7982 noetrn Disallow ETRN entirely
7983 noverb Disallow VERB entirely
7984 restrictmailq Restrict mailq command
7985 restrictqrun Restrict \-q command line flag
7986 restrictexpand Restrict \-bv and \-v command line flags
7987 noreceipts Don't return success DSNs\**
7988 nobodyreturn Don't return the body of a message with DSNs
7989 goaway Disallow essentially all SMTP status queries
7990 authwarnings Put X-Authentication-Warning: headers in messages
7992 noactualrecipient Don't put X-Actual-Recipient lines in DSNs
7993 which reveal the actual account that addresses map to.
7999 flag turns off support for RFC 1891
8000 (Delivery Status Notification).
8004 pseudo-flag sets all flags except
8012 If mailq is restricted,
8013 only people in the same group as the queue directory
8014 can print the queue.
8015 If queue runs are restricted,
8016 only root and the owner of the queue directory
8020 pseudo-flag instructs
8022 to drop privileges when the
8024 option is given by users who are neither root nor the TrustedUser
8025 so users cannot read private aliases, forwards, or :include: files.
8029 .q DontBlameSendmail
8030 option to prevent misleading unsafe address warnings.
8031 It also overrides the
8033 (verbose) command line option to prevent information leakage.
8034 Authentication Warnings add warnings about various conditions
8035 that may indicate attempts to spoof the mail system,
8036 such as using a non-standard queue directory.
8037 .ip ProcessTitlePrefix=\fIstring\fP
8038 Prefix the process title shown on 'ps' listings with
8042 will be macro processed.
8043 .ip QueueDirectory=\fIdir\fP
8045 The QueueDirectory option serves two purposes.
8046 First, it specifies the directory or set of directories that comprise
8047 the default queue group.
8048 Second, it specifies the directory D which is the ancestor of all queue
8049 directories, and which sendmail uses as its current working directory.
8050 When sendmail dumps core, it leaves its core files in D.
8051 There are two cases.
8052 If \fIdir\fR ends with an asterisk (eg, \fI/var/spool/mqueue/qd*\fR),
8053 then all of the directories or symbolic links to directories
8054 beginning with `qd' in
8055 .i /var/spool/mqueue
8056 will be used as queue directories of the default queue group,
8058 .i /var/spool/mqueue
8059 will be used as the working directory D.
8061 \fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR):
8062 the default queue group consists of the single queue directory \fIdir\fR,
8063 and the working directory D is set to \fIdir\fR.
8064 To define additional groups of queue directories,
8065 use the configuration file `Q' command.
8066 Do not change the queue directory structure
8067 while sendmail is running.
8068 .ip QueueFactor=\fIfactor\fP
8072 as the multiplier in the map function
8073 to decide when to just queue up jobs rather than run them.
8074 This value is divided by the difference between the current load average
8075 and the load average limit
8079 to determine the maximum message priority
8082 .ip QueueLA=\fILA\fP
8084 When the system load average exceeds
8090 option divided by the difference in the current load average and the
8093 is less than the priority of the message,
8095 (i.e., don't try to send them).
8096 Defaults to 8 multiplied by
8097 the number of processors online on the system
8098 (if that can be determined).
8099 .ip QueueFileMode=\fImode\fP
8100 Default permissions for queue files (octal).
8101 If not set, sendmail uses 0600 unless its real
8102 and effective uid are different in which case it uses 0644.
8103 .ip QueueSortOrder=\fIalgorithm\fP
8106 used for sorting the queue.
8107 Only the first character of the value is used.
8110 (to order by the name of the first host name of the first recipient),
8112 (to order by the name of the queue file name),
8114 (to order by the submission/creation time),
8116 (to order randomly),
8118 (to order by the modification time of the qf file (older entries first)),
8123 (to order by message priority).
8124 Host ordering makes better use of the connection cache,
8125 but may tend to process low priority messages
8126 that go to a single host
8127 over high priority messages that go to several hosts;
8128 it probably shouldn't be used on slow network links.
8129 Filename and modification time ordering saves the overhead of
8130 reading all of the queued items
8131 before starting the queue run.
8132 Creation (submission) time ordering is almost always a bad idea,
8133 since it allows large, bulk mail to go out
8134 before smaller, personal mail,
8135 but may have applicability on some hosts with very fast connections.
8136 Random is useful if several queue runners are started by hand
8137 which try to drain the same queue since odds are they will be working
8138 on different parts of the queue at the same time.
8139 Priority ordering is the default.
8140 .ip QueueTimeout=\fItimeout\fP
8143 .q Timeout.queuereturn .
8144 Use that form instead of the
8148 Name of file containing random data or the name of the UNIX socket
8150 A (required) prefix "egd:" or "file:" specifies the type.
8151 STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set
8152 (see sendmail/README).
8153 .ip ResolverOptions=\fIoptions\fP
8155 Set resolver options.
8156 Values can be set using
8182 can be specified to turn off matching against MX records
8183 when doing name canonifications.
8185 .q WorkAroundBrokenAAAA
8190 can be specified to work around some broken nameservers
8191 which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.
8192 Notice: it might be necessary to apply the same (or similar) options to
8195 .ip RequiresDirfsync
8196 This option can be used to override the compile time flag
8197 .b REQUIRES_DIR_FSYNC
8198 at runtime by setting it to
8200 If the compile time flag is not set, the option is ignored.
8201 The flag turns on support for file systems that require to call
8203 for a directory if the meta-data in it has been changed.
8204 This should be turned on at least for older versions of ReiserFS;
8205 it is enabled by default for Linux.
8206 According to some information this flag is not needed
8207 anymore for kernel 2.4.16 and newer.
8209 If this option is set, a
8210 .q Return-Receipt-To:
8211 header causes the request of a DSN, which is sent to
8212 the envelope sender as required by RFC 1891,
8213 not to the address given in the header.
8214 .ip RunAsUser=\fIuser\fP
8217 parameter may be a user name
8220 or a numeric user id;
8221 either form can have
8224 (where group can be numeric or symbolic).
8225 If set to a non-zero (non-root) value,
8227 will change to this user id shortly after startup\**.
8229 \**When running as a daemon,
8230 it changes to this user after accepting a connection
8231 but before reading any
8235 This avoids a certain class of security problems.
8236 However, this means that all
8240 files must be readable by the indicated
8242 and all files to be written must be writable by
8244 Also, all file and program deliveries will be marked unsafe
8246 .b DontBlameSendmail=NonRootSafeAddr
8248 in which case the delivery will be done as
8250 It is also incompatible with the
8251 .b SafeFileEnvironment
8253 In other words, it may not actually add much to security on an average system,
8254 and may in fact detract from security
8255 (because other file permissions must be loosened).
8256 However, it should be useful on firewalls and other
8257 places where users don't have accounts and the aliases file is
8259 .ip RecipientFactor=\fIfact\fP
8263 is added to the priority (thus
8265 the priority of the job)
8267 i.e., this value penalizes jobs with large numbers of recipients.
8269 .ip RefuseLA=\fILA\fP
8271 When the system load average exceeds
8273 refuse incoming SMTP connections.
8274 Defaults to 12 multiplied by
8275 the number of processors online on the system
8276 (if that can be determined).
8277 .ip RejectLogInterval=\fItimeout\fP
8278 Log interval when refusing connections for this long
8280 .ip RetryFactor=\fIfact\fP
8284 is added to the priority
8285 every time a job is processed.
8287 each time a job is processed,
8288 its priority will be decreased by the indicated value.
8289 In most environments this should be positive,
8290 since hosts that are down are all too often down for a long time.
8292 .ip SafeFileEnvironment=\fIdir\fP
8293 If this option is set,
8297 call into the indicated
8299 before doing any file writes.
8300 If the file name specified by the user begins with
8302 that partial path name will be stripped off before writing,
8304 if the SafeFileEnvironment variable is set to
8310 actually indicate the same file.
8311 Additionally, if this option is set,
8313 refuses to deliver to symbolic links.
8319 lines at the front of headers.
8320 Normally they are assumed redundant
8324 If set, send error messages in MIME format
8325 (see RFC 2045 and RFC 1344 for details).
8328 will not return the DSN keyword in response to an EHLO
8329 and will not do Delivery Status Notification processing as described in
8332 File containing the certificate of the server, i.e., this certificate
8333 is used when sendmail acts as server
8334 (used for STARTTLS).
8336 File containing the private key belonging to the server certificate
8337 (used for STARTTLS).
8338 .ip ServerSSLOptions
8339 A space or comma separated list of SSL related options for the server side.
8341 .i SSL_CTX_set_options (3)
8343 the available values depend on the OpenSSL version against which
8348 .i -SSL_OP_TLSEXT_PADDING
8350 (if those options are available).
8351 Options can be cleared by preceding them with a minus sign.
8352 It is also possible to specify numerical values, e.g.,
8354 .ip ServiceSwitchFile=\fIfilename\fP
8355 If your host operating system has a service switch abstraction
8356 (e.g., /etc/nsswitch.conf on Solaris
8357 or /etc/svc.conf on Ultrix and DEC OSF/1)
8358 that service will be consulted and this option is ignored.
8359 Otherwise, this is the name of a file
8360 that provides the list of methods used to implement particular services.
8361 The syntax is a series of lines,
8362 each of which is a sequence of words.
8363 The first word is the service name,
8364 and following words are service types.
8367 consults directly are
8371 Service types can be
8377 (with the caveat that the appropriate support
8379 before the service can be referenced).
8380 If ServiceSwitchFile is not specified, it defaults to
8381 /etc/mail/service.switch.
8382 If that file does not exist, the default switch is:
8388 .q /etc/mail/service.switch .
8391 Strip input to seven bits for compatibility with old systems.
8392 This shouldn't be necessary.
8394 Key to use for shared memory segment;
8395 if not set (or 0), shared memory will not be used.
8399 can select a key itself provided that also
8400 .b SharedMemoryKeyFile
8402 Requires support for shared memory to be compiled into
8404 If this option is set,
8406 can share some data between different instances.
8407 For example, the number of entries in a queue directory
8408 or the available space in a file system.
8409 This allows for more efficient program execution, since only
8410 one process needs to update the data instead of each individual
8411 process gathering the data each time it is required.
8412 .ip SharedMemoryKeyFile
8417 then the automatically selected shared memory key will be stored
8418 in the specified file.
8419 .ip SingleLineFromHeader
8420 If set, From: lines that have embedded newlines are unwrapped
8422 This is to get around a botch in Lotus Notes
8423 that apparently cannot understand legally wrapped RFC 822 headers.
8424 .ip SingleThreadDelivery
8425 If set, a client machine will never try to open two SMTP connections
8426 to a single server machine at the same time,
8427 even in different processes.
8430 is already talking to some host a new
8432 will not open another connection.
8433 This property is of mixed value;
8434 although this reduces the load on the other machine,
8435 it can cause mail to be delayed
8436 (for example, if one
8438 is delivering a huge message, other
8440 won't be able to send even small messages).
8441 Also, it requires another file descriptor
8443 per connection, so you may have to reduce the
8444 .b ConnectionCacheSize
8445 option to avoid running out of per-process file descriptors.
8447 .b HostStatusDirectory
8449 .ip SmtpGreetingMessage=\fImessage\fP
8451 The message printed when the SMTP server starts up.
8453 .q "$j Sendmail $v ready at $b".
8455 Enable runtime support for SMTPUTF8.
8457 If set, issue temporary errors (4xy) instead of permanent errors (5xy).
8458 This can be useful during testing of a new configuration to avoid
8459 erroneous bouncing of mails.
8461 Name of SSL engine to use.
8462 The available values depend on the OpenSSL version against which
8469 for some information.
8471 Path to dynamic library for SSL engine.
8472 This option is only useful if
8475 If both are set, the engine will be loaded dynamically at runtime
8476 using the concatenation of the path,
8481 and the string ".so".
8484 is set then the static version of the engine is used.
8485 .ip StatusFile=\fIfile\fP
8487 Log summary statistics in the named
8489 If no file name is specified, "statistics" is used.
8491 no summary statistics are saved.
8492 This file does not grow in size.
8493 It can be printed using the
8498 This option can be set to True, False, Interactive, or PostMilter.
8501 will be super-safe when running things,
8502 i.e., always instantiate the queue file,
8503 even if you are going to attempt immediate delivery.
8505 always instantiates the queue file
8506 before returning control to the client
8507 under any circumstances.
8511 The Interactive value has been introduced in 8.12 and can
8512 be used together with
8514 It skips some synchronization calls which are effectively
8515 doubled in the code execution path for this mode.
8516 If set to PostMilter,
8518 defers synchronizing the queue file until any milters have
8519 signaled acceptance of the message.
8520 PostMilter is useful only when
8522 is running as an SMTP server; in all other situations it
8523 acts the same as True.
8524 .ip TLSFallbacktoClear
8527 immediately tries an outbound connection again without STARTTLS
8528 after a TLS handshake failure.
8530 this applies to all connections even if TLS specific requirements are set
8536 Hence such requirements will cause an error on a retry without STARTTLS.
8537 Therefore they should only trigger a temporary failure so the connection
8538 is later on tried again.
8540 List of options for SMTP STARTTLS for the server
8541 consisting of single characters
8542 with intervening white space or commas.
8543 The flag ``V'' disables client verification, and hence
8544 it is not possible to use a client certificate for relaying.
8545 The flag ``C'' removes the requirement for the TLS server
8547 This only works under very specific circumstances
8548 and should only be used if the consequences are understood,
8549 e.g., clients may not work with a server using this.
8550 .ip TempFileMode=\fImode\fP
8552 The file mode for transcript files, files to which
8554 delivers directly, files in the
8555 .b HostStatusDirectory ,
8558 It is interpreted in octal by default.
8560 .ip Timeout.\fItype\fP=\|\fItimeout\fP
8561 [r; subsumes old T option as well]
8563 For more information,
8567 .ip TimeZoneSpec=\fItzinfo\fP
8569 Set the local time zone info to
8573 Actually, if this is not set,
8574 the TZ environment variable is cleared (so the system default is used);
8575 if set but null, the user's TZ variable is used,
8576 and if set and non-null the TZ variable is set to this value.
8577 .ip TrustedUser=\fIuser\fP
8580 parameter may be a user name
8583 or a numeric user id.
8584 Trusted user for file ownership and starting the daemon. If set, generated
8585 alias databases and the control socket (if configured) will automatically
8586 be owned by this user.
8589 If this system is the
8591 (that is, lowest preference)
8592 MX for a given host,
8593 its configuration rules should normally detect this situation
8594 and treat that condition specially
8595 by forwarding the mail to a UUCP feed,
8596 treating it as local,
8598 However, in some cases (such as Internet firewalls)
8599 you may want to try to connect directly to that host
8600 as though it had no MX records at all.
8601 Setting this option causes
8604 The downside is that errors in your configuration
8605 are likely to be diagnosed as
8608 .q "message timed out"
8609 instead of something more meaningful.
8610 This option is disrecommended.
8611 .ip UnixFromLine=\fIfromline\fP
8613 Defines the format used when
8615 must add a UNIX-style From_ line
8616 (that is, a line beginning
8617 .q From<space>user ).
8620 Don't change this unless your system uses a different UNIX mailbox format
8622 .ip UnsafeGroupWrites
8624 :include: and .forward files that are group writable are considered
8627 they cannot reference programs or write directly to files.
8628 World writable :include: and .forward files
8631 .b DontBlameSendmail
8632 instead; this option is deprecated.
8633 .ip UseCompressedIPv6Addresses
8634 If set, the compressed format of IPv6 addresses,
8635 such as IPV6:::1, will be used,
8636 instead of the uncompressed format,
8637 such as IPv6:0:0:0:0:0:0:0:1.
8642 header, send error messages to the addresses listed there.
8643 They normally go to the envelope sender.
8644 Use of this option causes
8646 to violate RFC 1123.
8647 This option is disrecommended and deprecated.
8648 .ip UserDatabaseSpec=\fIudbspec\fP
8650 The user database specification.
8653 Run in verbose mode.
8664 so that all mail is delivered completely
8666 so that you can see the entire delivery process.
8671 be set in the configuration file;
8672 it is intended for command line use only.
8673 Note that the use of option
8675 can cause authentication information to leak, if you use a
8676 sendmail client to authenticate to a server.
8677 If the authentication mechanism uses plain text passwords
8678 (as with LOGIN or PLAIN),
8679 then the password could be compromised.
8680 To avoid this, do not install sendmail set-user-ID root,
8683 SMTP command with a suitable
8686 .ip XscriptFileBufferSize=\fIthreshold\fP
8690 before a memory-based
8691 queue transcript file
8693 The default is 4096 bytes.
8695 All options can be specified on the command line using the
8699 to relinquish its set-user-ID permissions.
8700 The options that will not cause this are
8704 CheckpointInterval [C],
8711 OldStyleHeaders [o],
8722 SingleLineFromHeader,
8725 Actually, PrivacyOptions [p] given on the command line
8726 are added to those already specified in the
8728 file, i.e., they can't be reset.
8729 Also, M (define macro) when defining the r or s macros
8732 .sh 2 "P \*- Precedence Definitions"
8736 field may be defined using the
8739 The syntax of this field is:
8741 \fBP\fP\fIname\fP\fB=\fP\fInum\fP
8748 the message class is set to
8750 Higher numbers mean higher precedence.
8751 Numbers less than zero
8752 have the special property
8753 that if an error occurs during processing
8754 the body of the message will not be returned;
8755 this is expected to be used for
8757 mail such as through mailing lists.
8758 The default precedence is zero.
8760 our list of precedences is:
8763 Pspecial-delivery=100
8768 People writing mailing list exploders
8769 are encouraged to use
8770 .q "Precedence: list" .
8773 (which discarded all error returns for negative precedences)
8774 didn't recognize this name, giving it a default precedence of zero.
8775 This allows list maintainers to see error returns
8776 on both old and new versions of
8778 .sh 2 "V \*- Configuration Version Level"
8780 To provide compatibility with old configuration files,
8783 line has been added to define some very basic semantics
8784 of the configuration file.
8785 These are not intended to be long term supports;
8786 rather, they describe compatibility features
8787 which will probably be removed in future releases.
8793 to do with the version
8798 version 10 config files
8799 (specifically, 8.10)
8800 used version level 9 configurations.
8803 configuration files are defined as version level one.
8804 Version level two files make the following changes:
8806 Host name canonification ($[ ... $])
8807 appends a dot if the name is recognized;
8808 this gives the config file a way of finding out if anything matched.
8809 (Actually, this just initializes the
8813 flag \*- you can reset it to anything you prefer
8814 by declaring the map explicitly.)
8816 Default host name extension is consistent throughout processing;
8817 version level one configurations turned off domain extension
8818 (that is, adding the local domain name)
8819 during certain points in processing.
8820 Version level two configurations are expected to include a trailing dot
8821 to indicate that the name is already canonical.
8823 Local names that are not aliases
8824 are passed through a new distinguished ruleset five;
8825 this can be used to append a local relay.
8826 This behavior can be prevented by resolving the local name
8827 with an initial `@'.
8828 That is, something that resolves to a local mailer and a user name of
8830 will be passed through ruleset five,
8833 will have the `@' stripped,
8834 will not be passed through ruleset five,
8835 but will otherwise be treated the same as the prior example.
8836 The expectation is that this might be used to implement a policy
8839 was handled by a central hub,
8842 was delivered directly.
8844 Version level three files
8845 allow # initiated comments on all lines.
8846 Exceptions are backslash escaped # marks
8849 Version level four configurations
8850 are completely equivalent to level three
8851 for historical reasons.
8853 Version level five configuration files
8854 change the default definition of
8856 to be just the first component of the hostname.
8858 Version level six configuration files
8859 change many of the local processing options
8860 (such as aliasing and matching the beginning of the address for
8863 this allows fine-grained control over the special local processing.
8864 Level six configuration files may also use long option names.
8867 option (to allow colons in the local-part of addresses)
8870 for lower numbered configuration files;
8871 the configuration file requires some additional intelligence
8872 to properly handle the RFC 822 group construct.
8874 Version level seven configuration files
8875 used new option names to replace old macros
8879 .b SmtpGreetingMessage ,
8887 Also, prior to version seven,
8890 flag (use 250 instead of 252 return value for
8895 Version level eight configuration files allow
8897 on the left hand side of ruleset lines.
8899 Version level nine configuration files allow
8900 parentheses in rulesets, i.e. they are not treated
8901 as comments and hence removed.
8903 Version level ten configuration files allow
8904 queue group definitions.
8908 line may have an optional
8911 to indicate that this configuration file uses modifications
8912 specific to a particular vendor\**.
8914 \**And of course, vendors are encouraged to add themselves
8915 to the list of recognized vendors by editing the routine
8919 Please send e-mail to sendmail@Sendmail.ORG
8920 to register your vendor dialect.
8924 to emphasize that this configuration file
8925 uses the Berkeley dialect of
8927 .sh 2 "K \*- Key File Declaration"
8929 Special maps can be defined using the line:
8931 Kmapname mapclass arguments
8935 is the handle by which this map is referenced in the rewriting rules.
8938 is the name of a type of map;
8939 these are compiled in to
8943 are interpreted depending on the class;
8945 there would be a single argument naming the file containing the map.
8947 Maps are referenced using the syntax:
8949 $( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $)
8951 where either or both of the
8955 portion may be omitted.
8958 may appear more than once.
8963 are passed to the appropriate mapping function.
8964 If it returns a value, it replaces the input.
8965 If it does not return a value and the
8970 Otherwise, the input is unchanged.
8974 are passed to the map for arbitrary use.
8975 Most map classes can interpolate these arguments
8976 into their values using the syntax
8981 to indicate the corresponding
8985 indicates the database key.
8986 For example, the rule
8989 R$\- ! $+ $: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $)
8991 looks up the UUCP name in a (user defined) UUCP map;
8992 if not found it turns it into
8995 The database might contain records like:
8997 decvax %1@%0.DEC.COM
8998 research %1@%0.ATT.COM
9002 clauses never do this mapping.
9004 The built-in map with both name and class
9006 is the host name canonicalization lookup.
9010 $(host \fIhostname\fP$)
9017 There are many defined classes.
9019 Database lookups using the cdb(3) library.
9021 must be compiled with
9025 Database lookups using the ndbm(3) library.
9027 must be compiled with
9031 Database lookups using the btree interface to the Berkeley DB
9034 must be compiled with
9038 Database lookups using the hash interface to the Berkeley DB
9041 must be compiled with
9047 must be compiled with
9053 must be compiled with
9056 The argument is the name of the table to use for lookups,
9061 flags may be used to set the key and value columns respectively.
9065 must be compiled with
9069 LDAP X500 directory lookups.
9071 must be compiled with
9074 The map supports most of the standard arguments
9075 and most of the command line arguments of the
9080 if a single query matches multiple values,
9081 only the first value will be returned
9088 map flag will treat a multiple value return
9089 as if there were no matches.
9091 NeXT NetInfo lookups.
9093 must be compiled with
9098 The format of the text file is defined by the
9102 (value field number),
9109 Contributed and supported by
9110 Mark Roth, roth@uiuc.edu.
9112 nsd map for IRIX 6.5 and later.
9113 Contributed and supported by Bob Mende of SGI,
9116 Internal symbol table lookups.
9117 Used internally for aliasing.
9119 Sequentially try a list of available map types:
9124 It is the default for alias files if no class is specified.
9125 If is no matching map type is found,
9126 the text version is used for the alias file,
9127 but other maps fail to open.
9129 Looks up users using
9133 flag can be used to specify the name of the field to return
9134 (although this is normally used only to check the existence
9137 Canonifies host domain names.
9138 Given a host name it calls the name server
9139 to find the canonical name for that host.
9141 Returns the best MX record for a host name given as the key.
9142 The current machine is always preferred \*-
9143 that is, if the current machine is one of the hosts listed as a
9144 lowest-preference MX record, then it will be guaranteed to be returned.
9145 This can be used to find out if this machine is the target for an MX record,
9146 and mail can be accepted on that basis.
9149 option is given, then all MX names are returned,
9150 separated by the given delimiter.
9151 Note: the return value is deterministic,
9152 i.e., even if multiple MX records have the same preference,
9153 they will be returned in the same order.
9155 This map requires the option -R to specify the DNS resource record
9157 The following types are supported:
9158 A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
9159 A map lookup will return only one record
9164 Hence for some types, e.g., MX records, the return value might be a random
9165 element of the results due to randomizing in the DNS resolver,
9166 if only one element is returned.
9168 Returns the ``reverse'' for the given IP (IPv4 or IPv6) address,
9169 i.e., the string for the PTR lookup,
9170 but without trailing
9174 For example, the following configuration lines:
9180 work like this in test mode:
9183 ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
9184 Enter <ruleset> <address>
9185 > Arpa IPv6:1:2:dead:beef:9876:0:0:1
9186 Arpa input: IPv6 : 1 : 2 : dead : beef : 9876 : 0 : 0 : 1
9187 Arpa returns: 1 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 6 . 7 . 8 . 9 . f . e . e . b . d . a . e . d . 2 . 0 . 0 . 0 . 1 . 0 . 0 . 0
9189 Arpa input: 1 . 2 . 3 . 4
9190 Arpa returns: 4 . 3 . 2 . 1
9193 The arguments on the `K' line are a list of maps;
9194 the resulting map searches the argument maps in order
9195 until it finds a match for the indicated key.
9196 For example, if the key definition is:
9200 Kseqmap sequence map1 map2
9202 then a lookup against
9204 first does a lookup in map1.
9205 If that is found, it returns immediately.
9206 Otherwise, the same key is used for map2.
9208 the key is logged via
9210 The lookup returns the empty string.
9214 map except that the order of maps is determined by the service switch.
9215 The argument is the name of the service to be looked up;
9216 the values from the service switch are appended to the map name
9217 to create new map names.
9218 For example, consider the key definition:
9222 together with the service switch entry:
9226 This causes a query against the map
9228 to search maps named
9234 Strip double quotes (") from a name.
9235 It does not strip backslashes,
9236 and will not strip quotes if the resulting string
9237 would contain unscannable syntax
9238 (that is, basic errors like unbalanced angle brackets;
9239 more sophisticated errors such as unknown hosts are not checked).
9240 The intent is for use when trying to accept mail from systems such as
9242 that routinely quote odd syntax such as
9246 A typical usage is probably something like:
9252 R$\- $: $(dequote $1 $)
9253 R$\- $+ $: $>3 $1 $2
9255 Care must be taken to prevent unexpected results;
9258 "|someprogram < input > output"
9260 will have quotes stripped,
9261 but the result is probably not what you had in mind.
9262 Fortunately these cases are rare.
9264 The map definition on the
9266 line contains a regular expression.
9267 Any key input is compared to that expression using the
9268 POSIX regular expressions routines regcomp(), regerr(), and regexec().
9269 Refer to the documentation for those routines for more information
9270 about the regular expression matching.
9271 No rewriting of the key is done if the
9273 flag is used. Without it, the key is discarded or if
9275 if used, it is substituted by the substring matches, delimited by
9277 or the string specified with the
9280 The options available for the map are
9285 -b basic regular expressions (default is extended)
9287 -d set the delimiter string used for -s
9288 -a append string to key
9289 -m match only, do not replace/discard value
9290 -D perform no lookup in deferred delivery mode.
9294 option can include an optional parameter which can be used
9295 to select the substrings in the result of the lookup.
9300 The delimiter string specified via the
9302 option is the sequence of characters after
9304 ending at the first space.
9305 Hence it isn't possible to specify a space as delimiter,
9306 so if the option is immediately followed by a space
9307 the delimiter string is empty,
9308 which means the substrings are joined.
9315 If the pattern contains spaces,
9316 they must be replaced with the blank substitution character,
9317 unless it is space itself.
9319 The arguments on the
9321 line are the pathname to a program and any initial parameters to be passed.
9322 When the map is called,
9323 the key is added to the initial parameters
9324 and the program is invoked
9325 as the default user/group id.
9326 The first line of standard output is returned as the value of the lookup.
9327 This has many potential security problems,
9328 and has terrible performance;
9329 it should be used only when absolutely necessary.
9331 Set or clear a macro value.
9333 pass the value as the first argument in the map lookup.
9335 do not pass an argument in the map lookup.
9336 The map always returns the empty string.
9337 Example of typical usage include:
9343 # set macro ${MyMacro} to the ruleset match
9344 R$+ $: $(storage {MyMacro} $@ $1 $) $1
9345 # set macro ${MyMacro} to an empty string
9346 R$* $: $(storage {MyMacro} $@ $) $1
9347 # clear macro ${MyMacro}
9348 R$\- $: $(storage {MyMacro} $) $1
9351 Perform simple arithmetic operations.
9352 The operation is given as key, currently
9354 |, & (bitwise OR, AND),
9355 l (for less than), =,
9356 and r (for random) are supported.
9357 The two operands are given as arguments.
9358 The lookup returns the result of the computation,
9363 for comparisons, integer values otherwise.
9364 The r operator returns a pseudo-random number whose value
9365 lies between the first and second operand
9366 (which requires that the first operand is smaller than the second).
9367 All options which are possible for maps are ignored.
9368 A simple example is:
9375 R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1
9376 RFALSE $# error \&...
9379 The socket map uses a simple request/reply protocol over TCP or UNIX domain
9380 sockets to query an external server.
9381 Both requests and replies are text based and encoded as netstrings,
9382 i.e., a string "hello there" becomes:
9386 Note: neither requests nor replies end with CRLF.
9388 The request consists of the database map name and the lookup key separated
9389 by a space character:
9395 The server responds with a status indicator and the result (if any):
9398 <status> ' ' <result>
9401 The status indicator specifies the result of the lookup operation itself
9402 and is one of the following upper case words:
9405 OK the key was found, result contains the looked up value
9406 NOTFOUND the key was not found, the result is empty
9407 TEMP a temporary failure occurred
9408 TIMEOUT a timeout occurred on the server side
9409 PERM a permanent failure occurred
9412 In case of errors (status TEMP, TIMEOUT or PERM) the result field may
9413 contain an explanatory message.
9414 However, the explanatory message is not used any further by
9419 31:OK resolved.address@example.com,
9423 56:OK error:550 5.7.1 User does not accept mail from sender,
9426 in case of successful lookups, or:
9431 in case the key was not found, or:
9433 55:TEMP this text explains that we had a temporary failure,
9436 in case of a temporary map lookup failure.
9438 The socket map uses the same syntax as milters
9439 (see Section "X \*- Mail Filter (Milter) Definitions")
9440 to specify the remote endpoint, e.g.,
9442 Ksocket mySocketMap inet:12345@127.0.0.1
9445 If multiple socket maps define the same remote endpoint, they will share
9446 a single connection to this endpoint.
9448 Most of these accept as arguments the same optional flags
9450 (or a mapname for NIS;
9451 the filename is the root of the database path,
9454 or some other extension appropriate for the database type
9455 will be added to get the actual database name).
9458 Indicates that this map is optional \*- that is,
9459 if it cannot be opened,
9460 no error is produced,
9463 will behave as if the map existed but was empty.
9471 uses an adaptive algorithm to decide whether or not to look for null bytes
9473 It starts by trying both;
9474 if it finds any key with a null byte it never tries again without a null byte
9478 is specified it never tries without a null byte and
9481 is specified it never tries with a null byte.
9483 these can speed matches but are never necessary.
9490 will never try any matches at all \(em
9491 that is, everything will appear to fail.
9495 on successful matches.
9496 For example, the default
9498 map appends a dot on successful matches.
9502 on temporary failures.
9505 would be appended if a DNS lookup returned
9507 or an NIS lookup could not locate a server.
9512 Do not fold upper to lower case before looking up the key.
9514 Match only (without replacing the value).
9515 If you only care about the existence of a key and not the value
9516 (as you might when searching the NIS map
9519 this flag prevents the map from substituting the value.
9521 The \-a argument is still appended on a match,
9522 and the default is still taken if the match fails.
9523 .ip "\-k\fIkeycol\fP"
9524 The key column name (for NIS+) or number
9526 For LDAP maps this is an LDAP filter string
9527 in which %s is replaced with the literal contents of the lookup key
9528 and %0 is replaced with the LDAP escaped contents of the lookup key
9529 according to RFC 2254.
9532 is used, then %1 through %9 are replaced with the LDAP escaped contents
9533 of the arguments specified in the map lookup.
9534 .ip "\-v\fIvalcol\fP"
9535 The value column name (for NIS+) or number
9537 For LDAP maps this is the name of one or more
9538 attributes to be returned;
9539 multiple attributes can be separated by commas.
9540 If not specified, all attributes found in the match
9542 The attributes listed can also include a type and one or more
9543 objectClass values for matching as described in the LDAP section.
9544 .ip "\-z\fIdelim\fP"
9545 The column delimiter (for text lookups).
9546 It can be a single character or one of the special strings
9550 to indicate newline or tab respectively.
9551 If omitted entirely,
9552 the column separator is any sequence of white space.
9553 For LDAP and some other maps this is the separator character
9554 to combine multiple values
9555 into a single return string.
9557 the LDAP lookup will only return the first match found.
9558 For DNS maps this is the separator character at which
9559 the result of a query is cut off if is too long.
9561 Normally, when a map attempts to do a lookup
9562 and the server fails
9565 couldn't contact any name server;
9568 the same as an entry not being found in the map),
9569 the message being processed is queued for future processing.
9572 flag turns off this behavior,
9573 letting the temporary failure (server down)
9574 act as though it were a permanent failure (entry not found).
9575 It is particularly useful for DNS lookups,
9576 where someone else's misconfigured name server can cause problems
9578 However, care must be taken to ensure that you don't bounce mail
9579 that would be resolved correctly if you tried again.
9580 A common strategy is to forward such mail
9581 to another, possibly better connected, mail server.
9583 Perform no lookup in deferred delivery mode.
9584 This flag is set by default for the
9587 .ip "\-S\fIspacesub\fP
9588 The character to use to replace space characters
9589 after a successful map lookup (esp. useful for regex
9591 .ip "\-s\fIspacesub\fP
9592 For the dequote map only,
9593 the character to use to replace space characters
9594 after a successful dequote.
9596 Don't dequote the key before lookup.
9598 For the syslog map only, it specifies the level
9599 to use for the syslog call.
9601 When rebuilding an alias file,
9604 flag causes duplicate entries in the text version
9606 For example, two entries:
9611 would be treated as though it were the single entry
9613 list: user1, user2, user3
9615 in the presence of the
9619 Some additional flags are available for the host and dns maps:
9621 delay: specify the resolver's retransmission time interval (in seconds).
9623 retry: specify the number of times to retransmit a resolver query.
9625 The dns map has another flag:
9627 basedomain: specify a domain that is always appended to queries.
9629 Socket maps have an optional flag:
9631 timeout: specify the timeout (in seconds) for communication
9632 with the socket map server.
9634 The following additional flags are present in the ldap map only:
9635 .ip "\-c\fItimeout\fP"
9636 Set the LDAP network timeout.
9637 sendmail must be compiled with
9638 .b \-DLDAP_OPT_NETWORK_TIMEOUT
9641 Do not auto chase referrals. sendmail must be compiled with
9642 .b \-DLDAP_REFERRALS
9645 Retrieve attribute names only.
9647 Retrieve both attributes name and value(s),
9650 .ip "\-r\fIderef\fP"
9651 Set the alias dereference option to one of never, always, search, or find.
9652 .ip "\-s\fIscope\fP"
9653 Set search scope to one of base, one (one level), or sub (subtree).
9655 LDAP server hostname.
9656 Some LDAP libraries allow you to specify multiple, space-separated hosts for
9658 In addition, each of the hosts listed can be followed by a colon and a port
9659 number to override the default LDAP port.
9662 .ip "\-H \fILDAPURI\fP"
9663 Use the specified LDAP URI instead of specifying the hostname and port
9668 options shown above.
9671 -h server.example.com -p 389 -b dc=example,dc=com
9675 -H ldap://server.example.com:389 -b dc=example,dc=com
9677 If the LDAP library supports it,
9678 the LDAP URI format however can also request LDAP over SSL by using
9684 O LDAPDefaultSpec=-H ldaps://ldap.example.com -b dc=example,dc=com
9686 Similarly, if the LDAP library supports it,
9687 It can also be used to specify a UNIX domain socket using
9690 O LDAPDefaultSpec=-H ldapi://socketfile -b dc=example,dc=com
9694 .ip "\-l\fItimelimit\fP"
9695 Time limit for LDAP queries.
9696 .ip "\-Z\fIsizelimit\fP"
9697 Size (number of matches) limit for LDAP or DNS queries.
9698 .ip "\-d\fIdistinguished_name\fP"
9699 The distinguished name to use to login to the LDAP server.
9700 .ip "\-M\fImethod\fP"
9701 The method to authenticate to the LDAP server.
9704 .b LDAP_AUTH_SIMPLE ,
9706 .b LDAP_AUTH_KRBV4 .
9709 can be omitted and the value is case-insensitive.
9710 .ip "\-P\fIpasswordfile\fP"
9711 The file containing the secret key for the
9713 authentication method
9714 or the name of the Kerberos ticket file for
9715 .b LDAP_AUTH_KRBV4 .
9717 Force LDAP searches to only succeed if a single match is found.
9718 If multiple values are found,
9719 the search is treated as if no match was found.
9720 .ip "\-w\fIversion\fP"
9721 Set the LDAP API/protocol version to use.
9722 The default depends on the LDAP client libraries in use.
9727 to use LDAPv3 when communicating with the LDAP server.
9729 Treat the LDAP search key as multi-argument and
9730 replace %1 through %9 in the key with
9731 the LDAP escaped contents of the lookup arguments specified in the map lookup.
9735 map appends the strings
9739 to the given filename;
9746 For example, the map specification
9748 Kuucp dbm \-o \-N /etc/mail/uucpmap
9750 specifies an optional map named
9754 it always has null bytes at the end of every string,
9755 and the data is located in
9756 /etc/mail/uucpmap.{dir,pag}.
9760 can be used to build database-oriented maps.
9761 It takes at least the following flags
9762 (for a complete list see its man page):
9764 Do not fold upper to lower case in the map.
9766 Include null bytes in keys.
9768 Append to an existing (old) file.
9770 Allow replacement of existing keys;
9771 normally, re-inserting an existing key is an error.
9773 Print what is happening.
9777 daemon does not have to be restarted to read the new maps
9778 as long as you change them in place;
9779 file locking is used so that the maps won't be read
9780 while they are being updated.
9782 New classes can be added in the routine
9786 .sh 2 "Q \*- Queue Group Declaration"
9788 In addition to the option
9790 queue groups can be declared that define a (group of) queue directories
9791 under a common name.
9792 The syntax is as follows:
9802 is the symbolic name of the queue group under which
9803 it can be referenced in various places
9806 pairs define attributes of the queue group.
9807 The name must only consist of alphanumeric characters.
9810 Flags for this queue group.
9812 The nice(2) increment for the queue group.
9813 This value must be greater or equal zero.
9815 The time between two queue runs.
9817 The queue directory of the group (required).
9819 The number of parallel runners processing the queue.
9822 must be set if this value is greater than one.
9824 The maximum number of jobs (messages delivered) per queue run.
9826 The maximum number of recipients per envelope.
9827 Envelopes with more than this number of recipients will be split
9828 into multiple envelopes in the same queue directory.
9829 The default value 0 means no limit.
9831 Only the first character of the field name is checked.
9833 By default, a queue group named
9835 is defined that uses the value of the
9838 Notice: all paths that are used for queue groups must
9839 be subdirectories of
9841 Since they can be symbolic links, this isn't a real restriction,
9844 uses a wildcard, then the directory one level up is considered
9845 the ``base'' directory which all other queue directories must share.
9846 Please make sure that the queue directories do not overlap,
9847 e.g., do not specify
9849 O QueueDirectory=/var/spool/mqueue/*
9850 Qone, P=/var/spool/mqueue/dir1
9851 Qtwo, P=/var/spool/mqueue/dir2
9853 because this also includes
9857 in the default queue group.
9860 O QueueDirectory=/var/spool/mqueue/main*
9861 Qone, P=/var/spool/mqueue/dir
9862 Qtwo, P=/var/spool/mqueue/other*
9864 is a valid queue group specification.
9866 Options listed in the ``Flags'' field can be used to modify
9867 the behavior of a queue group.
9868 The ``f'' flag must be set if multiple queue runners are
9869 supposed to work on the entries in a queue group.
9872 will work on the entries strictly sequentially.
9874 The ``Interval'' field sets the time between queue runs.
9875 If no queue group specific interval is set, then the parameter of the
9877 option from the command line is used.
9879 To control the overall number of concurrently active queue runners
9883 This limits the number of processes used for running the queues to
9884 .b MaxQueueChildren ,
9885 though at any one time fewer processes may be active
9886 as a result of queue options, completed queue runs, system load, etc.
9888 The maximum number of queue runners for an individual queue group can be
9892 If set to 0, entries in the queue will not be processed, which
9893 is useful to ``quarantine'' queue files.
9894 The number of runners per queue group may also be set with the option
9895 .b MaxRunnersPerQueue ,
9896 which applies to queue groups that have no individual limit.
9897 That is, the default value for
9900 .b MaxRunnersPerQueue
9901 if set, otherwise 1.
9903 The field Jobs describes the maximum number of jobs
9904 (messages delivered) per queue run, which is the queue group specific
9906 .b MaxQueueRunSize .
9908 Notice: queue groups should be declared after all queue related options
9909 have been set because queue groups take their defaults from those options.
9910 If an option is set after a queue group declaration, the values of
9911 options in the queue group are set to the defaults of
9913 unless explicitly set in the declaration.
9915 Each envelope is assigned to a queue group based on the algorithm
9916 described in section
9917 ``Queue Groups and Queue Directories''.
9918 .sh 2 "X \*- Mail Filter (Milter) Definitions"
9922 Mail Filter API (Milter) is designed to allow third-party programs access
9923 to mail messages as they are being processed in order to filter
9924 meta-information and content.
9925 They are declared in the configuration file as:
9935 is the name of the filter
9936 (used internally only)
9939 pairs define attributes of the filter.
9940 Also see the documentation for the
9942 option for more information.
9947 Socket The socket specification
9948 Flags Special flags for this filter
9949 Timeouts Timeouts for this filter
9951 Only the first character of the field name is checked
9952 (it's case-sensitive).
9954 The socket specification is one of the following forms:
9977 The first two describe an IPv4 or IPv6 socket listening on a certain
9982 The final form describes a named socket on the filesystem at the given
9985 The following flags may be set in the filter description.
9988 Reject connection if filter unavailable.
9990 Temporary fail connection if filter unavailable.
9992 If neither F=R nor F=T is specified, the message is passed through
9994 in case of filter errors as if the failing filters were not present.
9996 The timeouts can be set using the four fields inside of the
10001 Timeout for connecting to a filter.
10002 If set to 0, the system's
10004 timeout will be used.
10006 Timeout for sending information from the MTA to a filter.
10008 Timeout for reading reply from the filter.
10010 Overall timeout between sending end-of-message to filter and waiting for
10011 the final acknowledgment.
10013 Note the separator between each timeout field is a
10015 The default values (if not set) are:
10016 .b T=C:5m;S:10s;R:10s;E:5m
10025 Xfilter1, S=local:/var/run/f1.sock, F=R
10026 Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m
10027 Xfilter3, S=inet:3333@localhost, T=C:2m
10029 .sh 2 "The User Database"
10031 The user database is deprecated in favor of ``virtusertable''
10032 and ``genericstable'' as explained in the file
10034 If you have a version of
10036 with the user database package
10038 the handling of sender and recipient addresses
10041 The location of this database is controlled with the
10042 .b UserDatabaseSpec
10044 .sh 3 "Structure of the user database"
10046 The database is a sorted (BTree-based) structure.
10047 User records are stored with the key:
10049 \fIuser-name\fP\fB:\fP\fIfield-name\fP
10051 The sorted database format ensures that user records are clustered together.
10052 Meta-information is always stored with a leading colon.
10054 Field names define both the syntax and semantics of the value.
10055 Defined fields include:
10058 The delivery address for this user.
10059 There may be multiple values of this record.
10061 mailing lists will have one
10063 record for each user on the list.
10065 The outgoing mailname for this user.
10066 For each outgoing name,
10067 there should be an appropriate
10069 record for that name to allow return mail.
10071 .i :default:mailname .
10073 Changes any mail sent to this address to have the indicated envelope sender.
10074 This is intended for mailing lists,
10075 and will normally be the name of an appropriate -request address.
10076 It is very similar to the owner-\c
10078 syntax in the alias file.
10080 The full name of the user.
10082 The office address for this user.
10084 The office phone number for this user.
10086 The office FAX number for this user.
10088 The home address for this user.
10090 The home phone number for this user.
10092 The home FAX number for this user.
10094 A (short) description of the project this person is affiliated with.
10095 In the University this is often just the name of their graduate advisor.
10097 A pointer to a file from which plan information can be gathered.
10099 As of this writing,
10100 only a few of these fields are actually being used by
10107 program that uses the other fields is planned.
10108 .sh 3 "User database semantics"
10110 When the rewriting rules submit an address to the local mailer,
10111 the user name is passed through the alias file.
10112 If no alias is found (or if the alias points back to the same address),
10116 is then used as a key in the user database.
10117 If no match occurs (or if the maildrop points at the same address),
10118 forwarding is tried.
10120 If the first token of the user name returned by ruleset 0
10123 sign, the user database lookup is skipped.
10124 The intent is that the user database will act as a set of defaults
10125 for a cluster (in our case, the Computer Science Division);
10126 mail sent to a specific machine should ignore these defaults.
10129 the name of the sending user is looked up in the database.
10133 the value of that record is used as their outgoing name.
10134 For example, I might have a record:
10136 eric:mailname Eric.Allman@CS.Berkeley.EDU
10138 This would cause my outgoing mail to be sent as Eric.Allman.
10142 is found for the user,
10143 but no corresponding
10147 .q :default:mailname
10149 If present, this is the name of a host to override the local host.
10150 For example, in our case we would set it to
10151 .q CS.Berkeley.EDU .
10152 The effect is that anyone known in the database
10153 gets their outgoing mail stamped as
10154 .q user@CS.Berkeley.EDU ,
10155 but people not listed in the database use the local hostname.
10156 .sh 3 "Creating the database\**"
10158 \**These instructions are known to be incomplete.
10159 Other features are available which provide similar functionality,
10160 e.g., virtual hosting and mapping local addresses into a
10161 generic form as explained in cf/README.
10164 The user database is built from a text file
10168 (in the distribution in the makemap subdirectory).
10169 The text file is a series of lines corresponding to userdb records;
10170 each line has a key and a value separated by white space.
10171 The key is always in the format described above \*-
10176 This file is normally installed in a system directory;
10177 for example, it might be called
10178 .i /etc/mail/userdb .
10179 To make the database version of the map, run the program:
10181 makemap btree /etc/mail/userdb < /etc/mail/userdb
10183 Then create a config file that uses this.
10184 For example, using the V8 M4 configuration, include the
10185 following line in your .mc file:
10187 define(\`confUSERDB_SPEC\', /etc/mail/userdb)
10189 .sh 1 "OTHER CONFIGURATION"
10191 There are some configuration changes that can be made by
10194 This section describes what changes can be made
10195 and what has to be modified to make them.
10196 In most cases this should be unnecessary
10197 unless you are porting
10199 to a new environment.
10200 .sh 2 "Parameters in devtools/OS/$oscf"
10202 These parameters are intended to describe the compilation environment,
10204 and should normally be defined in the operating system
10205 configuration file.
10206 .b "This section needs a complete rewrite."
10209 the new version of the DBM library
10210 that allows multiple databases will be used.
10211 If neither CDB, NDBM, nor NEWDB are set,
10212 a much less efficient method of alias lookup is used.
10214 If set, use the cdb (tinycdb) package.
10216 If set, use the new database package from Berkeley (from 4.4BSD).
10217 This package is substantially faster than DBM or NDBM.
10218 If NEWDB and NDBM are both set,
10220 will read DBM files,
10221 but will create and use NEWDB files.
10223 Include support for NIS.
10224 If set together with
10228 will create both DBM and NEWDB files if and only if
10229 an alias file includes the substring
10232 This is intended for compatibility with Sun Microsystems'
10234 program used on YP masters.
10236 Compile in support for NIS+.
10238 Compile in support for NetInfo (NeXT stations).
10240 Compile in support for LDAP X500 queries.
10241 Requires libldap and liblber
10242 from the Umich LDAP 3.2 or 3.3 release
10243 or equivalent libraries for other LDAP libraries
10246 Compile in support for Hesiod.
10248 Compile in support for IRIX NSD lookups.
10250 Compile in support for regular expression matching.
10252 Compile in support for DNS map lookups in the
10256 Compile in support for ph lookups.
10258 Compile in support for SASL,
10259 a required component for SMTP Authentication support.
10261 Compile in support for STARTTLS.
10263 Compile in support for the "Entropy Gathering Daemon"
10264 to provide better random data for TLS.
10266 Compile in support for TCP Wrappers.
10267 .ip _PATH_SENDMAILCF
10268 The pathname of the sendmail.cf file.
10269 .ip _PATH_SENDMAILPID
10270 The pathname of the sendmail.pid file.
10272 Compile in support for shared memory, see section about
10273 "/var/spool/mqueue".
10275 Compile in support for contacting external mail filters built with the
10278 There are also several compilation flags to indicate the environment
10283 See the sendmail/README
10284 file for the latest scoop on these flags.
10285 .sh 3 "For Future Releases"
10288 often contains compile time options
10289 .i "For Future Releases"
10291 which might be enabled in a subsequent version
10292 or might simply be removed as they turned out not to be really useful.
10293 These features are usually not documented but if they are,
10294 then the required (FFR) compile
10295 time options are listed here for rulesets and macros,
10299 FFR compile times options must be enabled when the sendmail binary
10300 is built from source.
10301 Enabled FFRs in a binary can be listed with
10303 sendmail -d0.13 < /dev/null | grep FFR
10305 .sh 2 "Parameters in sendmail/conf.h"
10307 Parameters and compilation options
10308 are defined in conf.h.
10309 Most of these need not normally be tweaked;
10310 common parameters are all in sendmail.cf.
10311 However, the sizes of certain primitive vectors, etc.,
10312 are included in this file.
10313 The numbers following the parameters
10314 are their default value.
10316 This document is not the best source of information
10317 for compilation flags in conf.h \(em
10318 see sendmail/README or sendmail/conf.h itself.
10320 .ip "MAXLINE [2048]"
10321 The maximum line length of any input line.
10322 If message lines exceed this length
10323 they will still be processed correctly;
10324 however, header lines,
10325 configuration file lines,
10328 must fit within this limit.
10329 .ip "MAXNAME [256]"
10330 The maximum length of any name,
10331 such as a host or a user name.
10333 The maximum number of parameters to any mailer.
10334 This limits the number of recipients that may be passed in one transaction.
10335 It can be set to any arbitrary number above about 10,
10338 will break up a delivery into smaller batches as needed.
10339 A higher number may reduce load on your system, however.
10340 .ip "MAXQUEUEGROUPS [50]"
10341 The maximum number of queue groups.
10342 .ip "MAXATOM [1000]"
10343 The maximum number of atoms
10345 in a single address.
10348 .q "eric@CS.Berkeley.EDU"
10350 .ip "MAXMAILERS [25]"
10351 The maximum number of mailers that may be defined
10352 in the configuration file.
10353 This value is defined in include/sendmail/sendmail.h.
10354 .ip "MAXRWSETS [200]"
10355 The maximum number of rewriting sets
10356 that may be defined.
10357 The first half of these are reserved for numeric specification
10359 while the upper half are reserved for auto-numbering
10361 Thus, with a value of 200 an attempt to use ``S99'' will succeed,
10362 but ``S100'' will fail.
10363 .ip "MAXPRIORITIES [25]"
10364 The maximum number of values for the
10366 field that may be defined
10369 line in sendmail.cf).
10370 .ip "MAXUSERENVIRON [100]"
10371 The maximum number of items in the user environment
10372 that will be passed to subordinate mailers.
10373 .ip "MAXMXHOSTS [100]"
10374 The maximum number of MX records we will accept for any single host.
10375 .ip "MAXMAPSTACK [12]"
10376 The maximum number of maps that may be "stacked" in a
10379 .ip "MAXMIMEARGS [20]"
10380 The maximum number of arguments in a MIME Content-Type: header;
10381 additional arguments will be ignored.
10382 .ip "MAXMIMENESTING [20]"
10383 The maximum depth to which MIME messages may be nested
10384 (that is, nested Message or Multipart documents;
10385 this does not limit the number of components in a single Multipart document).
10386 .ip "MAXDAEMONS [10]"
10387 The maximum number of sockets sendmail will open for accepting connections
10388 on different ports.
10389 .ip "MAXMACNAMELEN [25]"
10390 The maximum length of a macro name.
10392 A number of other compilation options exist.
10393 These specify whether or not specific code should be compiled in.
10394 Ones marked with \(dg
10399 support for Internet protocol networking is compiled in.
10400 Previous versions of
10402 referred to this as
10404 this old usage is now incorrect.
10406 turn it off in the Makefile
10407 if your system doesn't support the Internet protocols.
10410 support for IPv6 networking is compiled in.
10411 It must be separately enabled by adding
10412 .b DaemonPortOptions
10416 support for ISO protocol networking is compiled in
10417 (it may be appropriate to #define this in the Makefile instead of conf.h).
10420 support for UNIX domain sockets is compiled in.
10421 This is used for control socket support.
10426 routine in use at some sites is used.
10427 This makes an informational log record
10428 for each message processed,
10429 and makes a higher priority log record
10430 for internal system errors.
10431 .b "STRONGLY RECOMMENDED"
10432 \(em if you want no logging, turn it off in the configuration file.
10434 Compile in the code to do ``fuzzy matching'' on the GECOS field
10436 This also requires that the
10438 option be turned on.
10440 Compile in code to use the
10441 Berkeley Internet Name Domain (BIND) server
10442 to resolve TCP/IP host names.
10444 If you are using a non-UNIX mail format,
10445 you can set this flag to turn off special processing
10452 Berkeley user information database package.
10453 This adds a new level of local name expansion
10454 between aliasing and forwarding.
10455 It also uses the NEWDB package.
10456 This may change in future releases.
10458 The following options are normally turned on
10459 in per-operating-system clauses in conf.h.
10461 Compile in the IDENT protocol as defined in RFC 1413.
10462 This defaults on for all systems except Ultrix,
10463 which apparently has the interesting
10465 that when it receives a
10466 .q "host unreachable"
10467 message it closes all open connections to that host.
10468 Since some firewall gateways send this error code
10469 when you access an unauthorized port (such as 113, used by IDENT),
10470 Ultrix cannot receive email from such hosts.
10472 Set all of the compilation parameters appropriate for System V.
10476 instead of System V
10478 to do file locking.
10479 Due to the highly unusual semantics of locks
10482 this should always be used if at all possible.
10484 Set this if your system has the
10487 (if you have multiple group support).
10488 This is the default if SYSTEM5 is
10490 defined or if you are on HPUX.
10492 Set this if you have the
10494 system call (or corresponding library routine).
10498 .ip HASGETDTABLESIZE
10499 Set this if you have the
10500 .i getdtablesize (2)
10503 Set this if you have the
10506 .ip FAST_PID_RECYCLE
10507 Set this if your system can possibly
10508 reuse the same pid in the same second of time.
10510 The mechanism that can be used to get file system capacity information.
10511 The values can be one of
10512 SFS_USTAT (use the ustat(2) syscall),
10513 SFS_4ARGS (use the four argument statfs(2) syscall),
10514 SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>),
10515 SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>),
10516 SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>),
10517 SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>),
10519 SFS_NONE (no way to get this information).
10521 The load average type.
10522 Details are described below.
10524 The are several built-in ways of computing the load average.
10526 tries to auto-configure them based on imperfect guesses;
10527 you can select one using the
10536 The kernel stores the load average in the kernel as an array of long integers.
10537 The actual values are scaled by a factor FSCALE
10540 The kernel stores the load average in the kernel as an array of short integers.
10541 The actual values are scaled by a factor FSCALE
10544 The kernel stores the load average in the kernel as an array of
10545 double precision floats.
10547 Use MACH-style load averages.
10551 routine to get the load average as an array of doubles.
10553 Always return zero as the load average.
10554 This is the fallback case.
10562 you may also need to specify
10564 (the path to your system binary)
10567 (the name of the variable containing the load average in the kernel;
10572 .sh 2 "Configuration in sendmail/conf.c"
10574 The following changes can be made in conf.c.
10575 .sh 3 "Built-in Header Semantics"
10577 Not all header semantics are defined in the configuration file.
10578 Header lines that should only be included by certain mailers
10579 (as well as other more obscure semantics)
10580 must be specified in the
10584 This table contains the header name
10585 (which should be in all lower case)
10586 and a set of header control flags (described below),
10589 Normally when the check is made to see if a header line is compatible
10592 will not delete an existing line.
10593 If this flag is set,
10596 even existing header lines.
10598 if this bit is set and the mailer does not have flag bits set
10599 that intersect with the required mailer flags
10600 in the header definition in
10606 If this header field is set,
10607 treat it like a blank line,
10609 it will signal the end of the header
10610 and the beginning of the message text.
10612 Add this header entry
10613 even if one existed in the message before.
10614 If a header entry does not have this bit set,
10616 will not add another header line if a header line
10617 of this name already existed.
10618 This would normally be used to stamp the message
10619 by everyone who handled it.
10622 this is a timestamp
10625 If the number of trace fields in a message
10626 exceeds a preset amount
10627 the message is returned
10628 on the assumption that it has an aliasing loop.
10631 this field contains recipient addresses.
10632 This is used by the
10634 flag to determine who to send to
10635 when it is collecting recipients from the message.
10637 This flag indicates that this field
10638 specifies a sender.
10639 The order of these fields in the
10644 for which field to return error messages to.
10646 Addresses in this header should receive error messages.
10648 This header is a Content-Transfer-Encoding header.
10650 This header is a Content-Type header.
10652 Strip the value from the header (for Bcc:).
10655 Let's look at a sample
10659 .ta 4n +\w'"content-transfer-encoding", 'u
10660 struct hdrinfo HdrInfo[] =
10662 /* originator fields, most to least significant */
10663 "resent-sender", H_FROM,
10664 "resent-from", H_FROM,
10667 "full-name", H_ACHECK,
10668 "errors-to", H_FROM\^|\^H_ERRORSTO,
10669 /* destination fields */
10671 "resent-to", H_RCPT,
10673 "bcc", H_RCPT\^|\^H_BCC,
10674 /* message identification and control */
10678 "received", H_TRACE\^|\^H_FORCE,
10679 /* miscellaneous fields */
10680 "content-transfer-encoding", H_CTE,
10681 "content-type", H_CTYPE,
10686 This structure indicates that the
10692 all specify recipient addresses.
10695 field will be deleted unless the required mailer flag
10696 (indicated in the configuration file)
10702 fields will terminate the header;
10703 these are used by random dissenters around the network world.
10706 field will always be added,
10707 and can be used to trace messages.
10709 There are a number of important points here.
10711 header fields are not added automatically just because they are in the
10714 they must be specified in the configuration file
10715 in order to be added to the message.
10716 Any header fields mentioned in the configuration file but not
10719 structure have default processing performed;
10721 they are added unless they were in the message already.
10725 structure only specifies cliched processing;
10726 certain headers are processed specially by ad hoc code
10727 regardless of the status specified in
10734 fields are always scanned on ARPANET mail
10735 to determine the sender\**;
10737 \**Actually, this is no longer true in SMTP;
10738 this information is contained in the envelope.
10739 The older ARPANET protocols did not completely distinguish
10740 envelope from header.
10742 this is used to perform the
10743 .q "return to sender"
10749 fields are used to determine the full name of the sender
10751 this is stored in the macro
10753 and used in a number of ways.
10754 .sh 3 "Restricting Use of Email"
10756 If it is necessary to restrict mail through a relay,
10759 routine can be modified.
10760 This routine is called for every recipient address.
10761 It returns an exit status
10762 indicating the status of the message.
10765 accepts the address,
10767 queues the message for a later try,
10770 .sm EX_UNAVAILABLE )
10771 reject the message.
10774 to print an error message
10777 if the message is rejected.
10784 .ta 4n +4n +4n +4n +4n +4n +4n
10787 register ADDRESS *to;
10788 register ENVELOPE *e;
10792 s = stab("private", ST_MAILER, ST_FIND);
10793 if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
10794 to->q_mailer == s->s_mailer)
10796 usrerr("No private net mail allowed through this machine");
10797 return (EX_UNAVAILABLE);
10799 if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
10801 usrerr("Message too large for non-local delivery");
10802 e\->e_flags |= EF_NORETURN;
10803 return (EX_UNAVAILABLE);
10809 This would reject messages greater than 50000 bytes
10810 unless they were local.
10815 to suppress the return of the actual body
10816 of the message in the error return.
10817 The actual use of this routine is highly dependent on the
10819 and use should be limited.
10820 .sh 3 "New Database Map Classes"
10822 New key maps can be added by creating a class initialization function
10823 and a lookup function.
10824 These are then added to the routine
10827 The initialization function is called as
10829 \fIxxx\fP_map_init(MAP *map, char *args)
10833 is an internal data structure.
10836 is a pointer to the portion of the configuration file line
10837 following the map class name;
10838 flags and filenames can be extracted from this line.
10839 The initialization function must return
10841 if it successfully opened the map,
10845 The lookup function is called as
10847 \fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp)
10851 defines the map internally.
10855 This may be (and often is) used destructively.
10858 is a list of arguments passed in from the rewrite line.
10859 The lookup function should return a pointer to the new value.
10860 If the map lookup fails,
10862 should be set to an exit status code;
10863 in particular, it should be set to
10865 if recovery is to be attempted by the higher level code.
10866 .sh 3 "Queueing Function"
10870 is called to decide if a message should be queued
10871 or processed immediately.
10872 Typically this compares the message priority to the current load average.
10873 The default definition is:
10876 shouldqueue(pri, ctime)
10880 if (CurrentLA < QueueLA)
10882 return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
10885 If the current load average
10888 which is set before this function is called)
10889 is less than the low threshold load average
10898 (that is, it should
10901 If the current load average exceeds the high threshold load average
10910 Otherwise, it computes the function based on the message priority,
10916 and the current and threshold load averages.
10918 An implementation wishing to take the actual age of the message into account
10922 which is the time that the message was first submitted to
10926 parameter is already weighted
10927 by the number of times the message has been tried
10928 (although this tends to lower the priority of the message with time);
10929 the expectation is that the
10931 would be used as an
10933 to ensure that messages are eventually processed.
10934 .sh 3 "Refusing Incoming SMTP Connections"
10937 .i refuseconnections
10940 if incoming SMTP connections should be refused.
10941 The current implementation is based exclusively on the current load average
10942 and the refuse load average option
10949 refuseconnections()
10951 return (RefuseLA > 0 && CurrentLA >= RefuseLA);
10954 A more clever implementation
10955 could look at more system resources.
10956 .sh 3 "Load Average Computation"
10960 returns the current load average (as a rounded integer).
10961 The distribution includes several possible implementations.
10962 If you are porting to a new environment
10963 you may need to add some new tweaks.\**
10965 \**If you do, please send updates to
10966 sendmail@Sendmail.ORG.
10968 .sh 2 "Configuration in sendmail/daemon.c"
10971 .i sendmail/daemon.c
10972 contains a number of routines that are dependent
10973 on the local networking environment.
10974 The version supplied assumes you have BSD style sockets.
10976 In previous releases,
10977 we recommended that you modify the routine
10979 if you wanted to generalize
10984 We now recommend that you create a new keyed map instead.
10987 In this section we assume that
10989 has been compiled with support for LDAP.
10990 .sh 3 "LDAP Recursion"
10992 LDAP Recursion allows you to add types to the search attributes on an
10993 LDAP map specification.
10995 .ip "\-v \fIATTRIBUTE\fP[:\fITYPE\fP[:\fIOBJECTCLASS\fP[|\fIOBJECTCLASS\fP|...]]]
10997 The new \fITYPE\fPs are:
11000 This attribute type specifies the attribute to add to the results string.
11001 This is the default.
11003 Any matches for this attribute are expected to have a value of a
11004 fully qualified distinguished name.
11006 will lookup that DN and apply the attributes requested to the
11007 returned DN record.
11009 Any matches for this attribute are expected to have a value of an
11010 LDAP search filter.
11012 will perform a lookup with the same parameters as the original
11013 search but replaces the search filter with the one specified here.
11015 Any matches for this attribute are expected to have a value of an LDAP URL.
11017 will perform a lookup of that URL and use the results from the attributes
11019 Note however that the search is done using the current LDAP connection,
11020 regardless of what is specified as the scheme, LDAP host, and LDAP
11021 port in the LDAP URL.
11023 Any untyped attributes are considered
11025 attributes as described above.
11027 The optional \fIOBJECTCLASS\fP (| separated) list contains the
11028 objectClass values for which that attribute applies.
11029 If the list is given,
11030 the attribute named will only be used if the LDAP record being returned is a
11031 member of that object class.
11032 Note that if these new value attribute \fITYPE\fPs are used in an
11034 option setting, it will need to be double quoted to prevent
11036 from misparsing the colons.
11038 Note that LDAP recursion attributes which do not ultimately point to an
11039 LDAP record are not considered an error.
11042 Since examples usually help clarify, here is an example which uses all
11043 four of the new types:
11045 O LDAPDefaultSpec=-h ldap.example.com -b dc=example,dc=com
11049 -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=%0))
11050 -v sendmailMTAAliasValue,mail:NORMAL:inetOrgPerson,
11051 uniqueMember:DN:groupOfUniqueNames,
11052 sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,
11053 sendmailMTAAliasURL:URL:sendmailMTAAliasObject
11056 That definition specifies that:
11059 .sm sendmailMTAAliasValue
11060 attribute will be added to the result string regardless of object class.
11064 attribute will be added to the result string if
11065 the LDAP record is a member of the
11071 attribute is a recursive attribute, used only in
11072 .sm groupOfUniqueNames
11073 records, and should contain an LDAP DN pointing to another LDAP record.
11074 The desire here is to return the
11076 attribute from those DNs.
11079 .sm sendmailMTAAliasSearch
11081 .sm sendmailMTAAliasURL
11082 are both used only if referenced in a
11083 .sm sendmailMTAAliasObject .
11084 They are both recursive, the first for a new LDAP search string and the
11085 latter for an LDAP URL.
11088 In this section we assume that
11090 has been compiled with support for STARTTLS.
11091 To properly understand the use of STARTTLS in
11093 it is necessary to understand at least some basics about X.509 certificates
11094 and public key cryptography.
11095 This information can be found in books about SSL/TLS
11096 or on WWW sites, e.g.,
11097 .q https://www.OpenSSL.org/ .
11098 .sh 3 "Certificates for STARTTLS"
11100 When acting as a server,
11102 requires X.509 certificates to support STARTTLS:
11103 one as certificate for the server (ServerCertFile and corresponding
11104 private ServerKeyFile)
11105 at least one root CA (CACertFile),
11106 i.e., a certificate that is used to sign other certificates,
11107 and a path to a directory which contains (zero or more) other CAs (CACertPath).
11108 The file specified via
11110 can contain several certificates of CAs.
11111 The DNs of these certificates are sent
11112 to the client during the TLS handshake (as part of the
11113 CertificateRequest) as the list of acceptable CAs.
11114 However, do not list too many root CAs in that file, otherwise
11115 the TLS handshake may fail; e.g.,
11117 error:14094417:SSL routines:SSL3_READ_BYTES:
11118 sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47
11120 You should probably put only the CA cert into that file
11121 that signed your own cert(s), or at least only those you trust.
11122 The CACertPath directory must contain the hashes of each CA certificate
11123 as filenames (or as links to them).
11124 Symbolic links can be generated with the following
11125 two (Bourne) shell commands:
11127 C=FileName_of_CA_Certificate
11128 ln -s $C `openssl x509 -noout -hash < $C`.0
11130 A better way to do this is to use the
11132 command that is part of the OpenSSL distribution
11133 because it handles subject hash collisions
11134 by incrementing the number in the suffix of the filename of the symbolic link,
11140 An X.509 certificate is also required for authentication in client mode
11141 (ClientCertFile and corresponding private ClientKeyFile), however,
11143 will always use STARTTLS when offered by a server.
11144 The client and server certificates can be identical.
11145 Certificates can be obtained from a certificate authority
11146 or created with the help of OpenSSL.
11147 The required format for certificates and private keys is PEM.
11148 To allow for automatic startup of sendmail, private keys
11149 (ServerKeyFile, ClientKeyFile)
11150 must be stored unencrypted.
11151 The keys are only protected by the permissions of the file system.
11152 Never make a private key available to a third party.
11155 .i ClientCertFile ,
11157 .i ServerCertFile ,
11160 can take a second file name,
11161 which must be separated from the first with a comma
11162 (note: do not use any spaces)
11163 to set up a second cert/key pair.
11164 This can be used to have certs of different types,
11166 .sh 3 "PRNG for STARTTLS"
11168 STARTTLS requires a strong pseudo random number generator (PRNG)
11169 to operate properly.
11170 Depending on the TLS library you use, it may be required to explicitly
11171 initialize the PRNG with random data.
11172 OpenSSL makes use of
11174 if available (this corresponds to the compile flag HASURANDOMDEV).
11175 On systems which lack this support, a random file must be specified in the
11177 file using the option RandFile.
11180 advised to use the "Entropy Gathering Daemon" EGD
11181 from Brian Warner on those systems to provide useful random data.
11184 must be compiled with the flag EGD, and the
11185 RandFile option must point to the EGD socket.
11188 nor EGD are available, you have to make sure
11189 that useful random data is available all the time in RandFile.
11190 If the file hasn't been modified in the last 10 minutes before
11191 it is supposed to be used by
11193 the content is considered obsolete.
11194 One method for generating this file is:
11196 openssl rand -out /etc/mail/randfile -rand \c
11197 .i /path/to/file:... \c
11200 See the OpenSSL documentation for more information.
11201 In this case, the PRNG for TLS is only
11202 seeded with other random data if the
11203 .b DontBlameSendmail
11205 .b InsufficientEntropy
11207 This is most likely not sufficient for certain actions, e.g.,
11208 generation of (temporary) keys.
11210 Please see the OpenSSL documentation or other sources
11211 for further information about certificates, their creation and their usage,
11212 the importance of a good PRNG, and other aspects of TLS.
11213 .sh 2 "Encoding of STARTTLS and AUTH related Macros"
11215 Macros that contain STARTTLS and AUTH related data which comes from outside
11216 sources, e.g., all macros containing information from certificates,
11217 are encoded to avoid problems with non-printable or special characters.
11218 The latter are '\\', '<', '>', '(', ')', '"', '+', and ' '.
11219 All of these characters are replaced by their value in hexadecimal
11220 with a leading '+'.
11223 /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/
11224 Email=darth+cert@endmail.org
11228 /C=US/ST=California/O=endmail.org/OU=private/
11229 CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
11231 (line breaks have been inserted for readability).
11232 The macros which are subject to this encoding are
11233 {cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer},
11235 {auth_authen} and {auth_author}.
11238 Support for DANE (see RFC 7672 et.al.)
11241 is compiled with the option
11243 If OpenSSL 1.1.1 or at least 3.0.0 are used,
11244 then full DANE support for DANE-EE and DANE-TA
11245 (as required by RFC 7672)
11246 is available via the functions
11247 provided by those OpenSSL versions
11250 sendmail -bt -d0.3 < /dev/null
11252 and check that HAVE_SSL_CTX_dane_enable is in the output),
11253 otherwise support for TLSA RR 3-1-x
11254 is implemented directly in
11256 Note: if OpenSSL functions related to DANE cause a failure,
11261 This also applies if TLS cannot be initialized at all.
11266 enables this feature at run time
11267 and it automatically adds
11275 This requires a DNSSEC-validating recursive resolver
11276 which supports those options.
11277 The resolver must be reachable via a trusted connection,
11278 hence it is best to run it locally.
11280 If the client finds a usable TLSA RR and the check
11285 All non-DNS maps are considered
11287 just like DNS lookups with DNSSEC.
11289 TLSA RRs are not looked up for some features,
11291 .i FallBackSmartHost .
11294 Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
11296 the compile time option
11299 .i devtools/Site/site.config.m4.sample
11300 for other settings that might be needed),
11304 This allows the use of UTF-8 for envelope addresses
11305 as well as the entire message.
11306 DNS lookups are done using the A-label format (Punycode)
11307 as required by the RFCs.
11308 For all other interactions with external programs and maps,
11309 the actual value are used,
11310 i.e., no conversions between UTF-8 and ASCII encodings are made.
11312 .\" how to make a list?
11314 the keys in map lookups, which might require to specify both versions in a map;
11315 the data exchanged with a milter, i.e., each milter must be "8 bit clean";
11316 mail delivery agents which must be able to handle 8 bit addresses.
11318 Some values must be ASCII as those are used before SMTPUTF8 support
11319 can be requested, e.g.,
11324 Please test and provide feedback.
11327 Experimental support for SMTP MTA Strict Transport Security
11328 (MTA-STS, see RFC 8461)
11329 is available when using
11330 the compile time option _FFR_MTA_STS
11331 (as well as some others, e.g., _FFR_TLS_ALTNAMES and obviously STARTTLS),
11332 .\"(which requires in a default setting
11333 .\"MAP_REGEX, SOCKETMAP, _FFR_TLS_ALTNAMES, and obviously STARTTLS),
11335 (which implicitly sets the cf option StrictTransportSecurity),
11337 postfix-mta-sts-resolver
11338 (see https://github.com/Snawoot/postfix-mta-sts-resolver.git).
11340 Note: this implementation uses a socket map to communicate with
11341 postfix-mta-sts-resolver
11342 and handles only the values returned by that program,
11343 which might not fully implement MTA-STS.
11345 If both DANE and MTA-STS are enabled and available for the receiving domain,
11346 DANE is used because it offers a much higher level of security.
11347 .sh 1 "ACKNOWLEDGEMENTS"
11352 and many employers have been remarkably patient
11353 about letting me work on a large project
11354 that was not part of my official job.
11355 This includes time on the INGRES Project at
11356 the University of California at Berkeley,
11358 and again on the Mammoth and Titan Projects at Berkeley.
11360 Much of the second wave of improvements
11361 resulting in version 8.1
11362 should be credited to Bryan Costales of the
11363 International Computer Science Institute.
11364 As he passed me drafts of his book on
11366 I was inspired to start working on things again.
11367 Bryan was also available to bounce ideas off of.
11369 Gregory Neil Shapiro
11370 of Worcester Polytechnic Institute
11371 has become instrumental in all phases of
11373 support and development,
11374 and was largely responsible for getting versions 8.8 and 8.9
11377 Many, many people contributed chunks of code and ideas to
11379 It has proven to be a group network effort.
11380 Version 8 in particular was a group project.
11381 The following people and organizations made notable contributions:
11384 John Beck, Hewlett-Packard & Sun Microsystems
11385 Keith Bostic, CSRG, University of California, Berkeley
11386 Andrew Cheng, Sun Microsystems
11387 Michael J. Corrigan, University of California, San Diego
11388 Bryan Costales, International Computer Science Institute & InfoBeat
11389 Pa\*:r (Pell) Emanuelsson
11390 Craig Everhart, Transarc Corporation
11391 Per Hedeland, Ericsson
11392 Tom Ivar Helbekkmo, Norwegian School of Economics
11393 Kari Hurtta, Finnish Meteorological Institute
11394 Allan E. Johannesen, WPI
11395 Jonathan Kamens, OpenVision Technologies, Inc.
11396 Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd.
11397 Brian Kantor, University of California, San Diego
11398 John Kennedy, Cal State University, Chico
11399 Murray S. Kucherawy, HookUp Communication Corp.
11400 Bruce Lilly, Sony U.S.
11402 Motonori Nakamura, Ritsumeikan University & Kyoto University
11403 John Gardiner Myers, Carnegie Mellon University
11404 Neil Rickert, Northern Illinois University
11405 Gregory Neil Shapiro, WPI
11406 Eric Schnoebelen, Convex Computer Corp.
11407 Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
11408 Randall Winchester, University of Maryland
11409 Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris)
11412 I apologize for anyone I have omitted, misspelled, misattributed, or
11414 At this point, I suspect that at least a hundred people
11415 have contributed code,
11416 and many more have contributed ideas, comments, and encouragement.
11417 I've tried to list them in the RELEASE_NOTES in the distribution directory.
11418 I appreciate their contribution as well.
11420 Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel,
11421 who besides being wonderful guinea pigs and contributors
11422 have also consented to be added to the ``sendmail@Sendmail.ORG'' list
11423 and, by answering the bulk of the questions sent to that list,
11424 have freed me up to do other work.
11426 .+c "COMMAND LINE FLAGS"
11430 Arguments must be presented with flags before addresses.
11433 Select an alternative .cf file which is either
11441 By default the .cf file is chosen based on the operation mode.
11450 if it exists, for all others it is
11453 Set operation mode to
11455 Operation modes are:
11458 m Deliver mail (default)
11459 s Speak SMTP on input side
11460 a\(dg ``Arpanet'' mode (get envelope sender information from header)
11461 C Check the configuration file
11462 d Run as a daemon in background
11463 D Run as a daemon in foreground
11465 v Just verify addresses, don't collect or deliver
11466 i Initialize the alias database
11467 p Print the mail queue
11468 P Print overview over the mail queue (requires shared memory)
11469 h Print the persistent host status database
11470 H Purge expired entries from the persistent host status database
11476 Indicate body type.
11478 Use a different configuration file.
11480 runs as the invoking user (rather than root)
11481 when this flag is specified.
11482 .ip "\-D \fIlogfile\fP"
11483 Send debugging output to the indicated
11487 Set debugging level.
11488 .ip "\-f\ \fIaddr\fP"
11489 The envelope sender address is set to
11491 This address may also be used in the From: header
11492 if that header is missing during initial submission.
11493 The envelope sender address is used as the recipient
11494 for delivery status notifications
11495 and may also appear in a Return-Path: header.
11496 .ip \-F\ \fIname\fP
11497 Sets the full name of this user to
11500 When accepting messages via the command line,
11501 indicate that they are for relay (gateway) submission.
11502 sendmail may complain about syntactically invalid messages,
11503 e.g., unqualified host names,
11504 rather than fixing them when this flag is set.
11505 sendmail will not do any canonicalization in this mode.
11506 .ip "\-h\ \fIcnt\fP"
11511 This represents the number of times this message has been processed
11514 (to the extent that it is supported by the underlying networks).
11516 is incremented during processing,
11521 throws away the message with an error.
11522 .ip "\-L \fItag\fP"
11523 Sets the identifier used for syslog.
11524 Note that this identifier is set
11525 as early as possible.
11530 before the command line arguments
11533 Don't do aliasing or forwarding.
11534 .ip "\-N \fInotifications\fP"
11535 Tag all addresses being sent as wanting the indicated
11537 which consists of the word
11539 or a comma-separated list of
11544 for successful delivery,
11546 and a message that is stuck in a queue somewhere.
11549 .ip "\-r\ \fIaddr\fP"
11550 An obsolete form of
11552 .ip \-o\fIx\|value\fP
11557 These options are described in Section 5.6.
11558 .ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
11563 (for long form option names).
11564 These options are described in Section 5.6.
11565 .ip \-M\fIx\|value\fP
11570 .ip \-p\fIprotocol\fP
11571 Set the sending protocol.
11572 Programs are encouraged to set this.
11573 The protocol field can be in the form
11577 to set both the sending protocol and sending host.
11580 sets the sending protocol to UUCP
11581 and the sending host to uunet.
11582 (Some existing programs use \-oM to set the r and s macros;
11583 this is equivalent to using \-p.)
11585 Try to process the queued up mail.
11586 If the time is given,
11588 will start one or more processes to run through the queue(s) at the specified
11589 time interval to deliver queued mail; otherwise, it only runs once.
11590 Each of these processes acts on a workgroup.
11591 These processes are also known as workgroup processes or WGP's for short.
11592 Each workgroup is responsible for controlling the processing of one or
11593 more queues; workgroups help manage the use of system resources by sendmail.
11594 Each workgroup may have one or more children concurrently processing
11595 queues depending on the setting of \fIMaxQueueChildren\fP.
11597 Similar to \-q with a time argument,
11598 except that instead of periodically starting WGP's
11599 sendmail starts persistent WGP's
11600 that alternate between processing queues and sleeping.
11601 The sleep time is specified by the time argument; it defaults to 1 second,
11602 except that a WGP always sleeps at least 5 seconds if their queues were
11603 empty in the previous run.
11604 Persistent processes are managed by a queue control process (QCP).
11605 The QCP is the parent process of the WGP's.
11606 Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD)
11607 or a special process (named Queue control) (when started without \-bd or \-bD).
11608 If a persistent WGP ceases to be active for some reason
11609 another WGP will be started by the QCP for the same workgroup
11610 in most cases. When a persistent WGP has core dumped, the debug flag
11611 \fIno_persistent_restart\fP is set or the specific persistent WGP has been
11612 restarted too many times already then the WGP will not be started again
11613 and a message will be logged to this effect.
11614 To stop (SIGTERM) or restart (SIGHUP) persistent WGP's the appropriate
11615 signal should be sent to the QCP. The QCP will propagate the signal to all of
11616 the WGP's and if appropriate restart the persistent WGP's.
11618 Run the jobs in the queue group
11621 .ip \-q[!]\fIXstring\fP
11622 Run the queue once,
11623 limiting the jobs to those matching
11629 to limit based on queue identifier,
11631 to limit based on recipient,
11633 to limit based on sender,
11636 to limit based on quarantine reason for quarantined jobs.
11637 A particular queued job is accepted if one of the corresponding attributes
11638 contains the indicated
11640 The optional ! character negates the condition tested.
11643 flags are permitted,
11644 with items with the same key letter
11646 together, and items with different key letters
11650 Quarantine normal queue items with the given reason or
11651 unquarantine quarantined queue items if no reason is given.
11652 This should only be used with some sort of item matching using
11653 .b \-q[!]\fIXstring\fP
11654 as described above.
11656 What information you want returned if the message bounces;
11660 for headers only or
11662 for headers plus body.
11663 This is a request only;
11664 the other end is not required to honor the parameter.
11667 is specified local bounces also return only the headers.
11669 Read the header for
11674 lines, and send to everyone listed in those lists.
11677 line will be deleted before sending.
11678 Any addresses in the argument vector will be deleted
11679 from the send list.
11681 This option is required when sending mail using UTF-8;
11689 support is enabled,
11696 is passed with the envelope of the message
11697 and returned if the message bounces.
11698 .ip "\-X \fIlogfile\fP"
11699 Log all traffic in and out of
11703 for debugging mailer problems.
11704 This produces a lot of data very quickly and should be used sparingly.
11706 There are a number of options that may be specified as
11708 These are the e, i, m, and v options.
11711 may be specified as the
11714 The DSN related options
11722 .+c "QUEUE FILE FORMATS"
11724 This appendix describes the format of the queue files.
11725 These files live in a queue directory.
11726 The individual qf, hf, Qf, df, and xf files
11727 may be stored in separate
11733 if they are present in the queue directory.
11735 All queue files have the name
11745 The individual letters in the
11762 Encoded envelope number
11764 At least five decimal digits of the process ID
11766 All files with the same id collectively define one message.
11767 Due to the use of memory-buffered files,
11768 some of these files may never appear on disk.
11773 The queue control file.
11774 This file contains the information necessary to process the job.
11776 The same as a queue control file, but for a quarantined queue job.
11779 The message body (excluding the header) is kept in this file.
11780 Sometimes the df file is not stored in the same directory as the qf file;
11782 the qf file contains a `d' record which names the queue directory
11783 that contains the df file.
11786 This is an image of the
11788 file when it is being rebuilt.
11789 It should be renamed to a
11794 existing during the life of a session
11795 showing everything that happens
11796 during that session.
11797 Sometimes the xf file must be generated before a queue group has been selected;
11799 the xf file will be stored in a directory of the default queue group.
11801 A ``lost'' queue control file.
11807 if there is a severe (configuration) problem that cannot be solved without
11808 human intervention.
11809 Search the logfile for the queue file id to figure out what happened.
11810 After you resolved the problem, you can rename the
11816 The queue control file is structured as a series of lines
11817 each beginning with a code letter;
11818 the file must end with a line containing only a single dot.
11819 The lines are as follows:
11821 The version number of the queue file format,
11824 binaries to read queue files created by older versions.
11825 Defaults to version zero.
11826 Must be the first line of the file if present.
11827 For 8.13 and later the version number is 8.
11829 The information given by the AUTH= parameter of the
11832 if sendmail has been called directly.
11834 A header definition.
11835 There may be any number of these lines.
11836 The order is important:
11837 they represent the order in the final message.
11838 These use the same syntax
11839 as header definitions in the configuration file.
11841 The controlling address.
11843 .q localuser:aliasname .
11844 Recipient addresses following this line
11845 will be flagged so that deliveries will be run as the
11847 (a user name from the /etc/passwd file);
11849 is the name of the alias that expanded to this address
11850 (used for printing messages).
11852 The quarantine reason for quarantined queue items.
11854 The ``original recipient'',
11855 specified by the ORCPT= field in an ESMTP transaction.
11856 Used exclusively for Delivery Status Notifications.
11857 It applies only to the following `R' line.
11859 The ``final recipient''
11860 used for Delivery Status Notifications.
11861 It applies only to the following `R' line.
11863 A recipient address.
11864 This will normally be completely aliased,
11865 but is actually realiased when the job is processed.
11866 There will be one line for each recipient.
11868 also include a leading colon-terminated list of flags,
11870 `S' to return a message on successful final delivery,
11871 `F' to return a message on failure,
11872 `D' to return a message if the message is delayed,
11873 `N' to suppress returning the body,
11875 `P' to declare this as a ``primary'' (command line or SMTP-session) address.
11877 The sender address.
11878 There may only be one of these lines.
11880 The job creation time.
11881 This is used to compute when to time out the job.
11883 The current message priority.
11884 This is used to order the queue.
11885 Higher numbers mean lower priorities.
11886 The priority changes
11887 as the message sits in the queue.
11888 The initial priority depends on the message class
11889 and the size of the message.
11892 This line is printed by the
11895 and is generally used to store status information.
11896 It can contain any text.
11898 Flag bits, represented as one letter per flag.
11899 Defined flag bits are
11901 indicating that this is a response message
11904 indicating that a warning message has been sent
11905 announcing that the mail has been delayed.
11906 Other flag bits are:
11908 the body contains 8bit data,
11910 a Bcc: header should be removed,
11912 the mail has RET parameters (see RFC 1894),
11914 the body of the message should not be returned
11915 in case of an error,
11917 the envelope has been split.
11919 The total number of delivery attempts.
11921 The time (as seconds since January 1, 1970)
11922 of the last delivery attempt.
11924 If the df file is in a different directory than the qf file,
11925 then a `d' record is present,
11926 specifying the directory in which the df file resides.
11928 The i-number of the data file;
11929 this can be used to recover your mail queue
11930 after a disastrous disk crash.
11932 A macro definition.
11933 The values of certain macros
11934 are passed through to the queue run phase.
11937 The remainder of the line is a text string defining the body type.
11938 If this field is missing,
11939 the body type is assumed to be
11941 and no special processing is attempted.
11947 The original envelope id (from the ESMTP transaction).
11948 For Deliver Status Notifications only.
11950 Information for Deliver-By SMTP extension.
11953 the following is a queue file sent to
11954 .q eric@mammoth.Berkeley.EDU
11956 .q bostic@okeeffe.CS.Berkeley.EDU \**:
11958 \**This example is contrived and probably inaccurate for your environment.
11959 Glance over it to get an idea;
11960 nothing can replace looking at what your own system generates.
11971 Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU
11972 RPFD:eric@mammoth.Berkeley.EDU
11973 RPFD:bostic@okeeffe.CS.Berkeley.EDU
11974 H?P?Return-path: <^g>
11975 H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
11976 Fri, 17 Jul 1992 00:28:55 -0700
11977 H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
11978 id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
11979 H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
11980 id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
11981 H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
11982 id AA22757; Fri, 17 Jul 1992 09:31:25 GMT
11983 H?F?From: eric@foo.bar.baz.de (Eric Allman)
11984 H?x?Full-name: Eric Allman
11985 H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
11986 H??To: sendmail@vangogh.CS.Berkeley.EDU
11987 H??Subject: this is an example message
11993 the person who sent the message,
11994 the submission time
11995 (in seconds since January 1, 1970),
11996 the message priority,
11999 and the headers for the message.
12000 .+c "SUMMARY OF SUPPORT FILES"
12002 This is a summary of the support files
12005 creates or generates.
12006 Many of these can be changed by editing the sendmail.cf file;
12007 check there to find the actual pathnames.
12009 .ip "/usr/\*(SD/sendmail"
12012 .ip /usr/\*(SB/newaliases
12013 A link to /usr/\*(SD/sendmail;
12014 causes the alias database to be rebuilt.
12015 Running this program is completely equivalent to giving
12020 .ip /usr/\*(SB/mailq
12021 Prints a listing of the mail queue.
12022 This program is equivalent to using the
12026 .ip /etc/mail/sendmail.cf
12027 The configuration file,
12029 .ip /etc/mail/helpfile
12030 The SMTP help file.
12031 .ip /etc/mail/statistics
12032 A statistics file; need not be present.
12033 .ip /etc/mail/sendmail.pid
12034 Created in daemon mode;
12035 it contains the process id of the current SMTP daemon.
12036 If you use this in scripts;
12037 use ``head \-1'' to get just the first line;
12038 the second line contains the command line used to invoke the daemon,
12039 and later versions of
12041 may add more information to subsequent lines.
12042 .ip /etc/mail/aliases
12043 The textual version of the alias file.
12044 .ip /etc/mail/aliases.db
12048 .ip /etc/mail/aliases.{pag,dir}
12052 .ip /var/spool/mqueue
12053 The directory in which the mail queue(s)
12054 and temporary files reside.
12055 .ip /var/spool/mqueue/qf*
12056 Control (queue) files for messages.
12057 .ip /var/spool/mqueue/df*
12059 .ip /var/spool/mqueue/tf*
12060 Temporary versions of the qf files,
12061 used during queue file rebuild.
12062 .ip /var/spool/mqueue/xf*
12063 A transcript of the current session.
12070 This page intentionally left blank;
12071 replace it with a blank sheet for double-sided output.
12083 .\"INSTALLATION AND OPERATION GUIDE
12095 .\" remove some things to avoid "out of temp file space" problem
12115 This page intentionally left blank;
12116 replace it with a blank sheet for double-sided output.