1 .\" Copyright (c) 1998 Sendmail, Inc. All rights reserved.
2 .\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
3 .\" Copyright (c) 1983, 1993
4 .\" The Regents of the University of California. All rights reserved.
6 .\" By using this file, you agree to the terms and conditions set
7 .\" forth in the LICENSE file which can be found at the top level of
8 .\" the sendmail distribution.
11 .\" @(#)op.me 8.135 (Berkeley) 1/16/1999
13 .\" eqn op.me | pic | troff -me
14 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
15 .oh 'Sendmail Installation and Operation Guide''SMM:08-%'
16 .\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin
18 .\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb
38 .b SENDMAIL\u\s-6TM\s0\d
41 .b "INSTALLATION AND OPERATION GUIDE"
51 For Sendmail Version 8.9
54 Sendmail is a trademark of Sendmail, Inc.
58 .i Sendmail \u\s-2TM\s0\d
59 implements a general purpose internetwork mail routing facility
62 It is not tied to any one transport protocol \*-
63 its function may be likened to a crossbar switch,
64 relaying messages from one domain into another.
66 it can do a limited amount of message header editing
67 to put the message into a format that is appropriate
68 for the receiving domain.
69 All of this is done under the control of a configuration file.
71 Due to the requirements of flexibility
74 the configuration file can seem somewhat unapproachable.
75 However, there are only a few basic configurations
77 for which standard configuration files have been supplied.
78 Most other configurations
79 can be built by adjusting an existing configuration file
84 RFC821 (Simple Mail Transport Protocol),
85 RFC822 (Internet Mail Headers Format),
86 RFC1123 (Internet Host Requirements),
88 RFC1869 (SMTP Service Extensions),
89 RFC1652 (SMTP 8BITMIME Extension),
90 RFC1870 (SMTP SIZE Extension),
91 RFC1891 (SMTP Delivery Status Notifications),
92 RFC1892 (Multipart/Report),
93 RFC1893 (Mail System Status Codes),
94 RFC1894 (Delivery Status Notifications),
95 RFC1985 (SMTP Service Extension for Remote Message Queue Starting),
97 RFC2033 (Local Message Transmission Protocol).
100 is designed to work in a wider world,
101 in many cases it can be configured to exceed these protocols.
102 These cases are described herein.
107 without the need for monitoring,
108 it has a number of features
109 that may be used to monitor or adjust the operation
110 under unusual circumstances.
111 These features are described.
113 Section one describes how to do a basic
117 explains the day-to-day information you should know
118 to maintain your mail system.
119 If you have a relatively normal site,
120 these two sections should contain sufficient information
125 describes some parameters that may be safely tweaked.
127 has information regarding the command line arguments.
129 contains the nitty-gritty information about the configuration
131 This section is for masochists
132 and people who must write their own configuration file.
134 describes configuration that can be done at compile time.
135 The appendixes give a brief
136 but detailed explanation of a number of features
137 not described in the rest of the paper.
141 This documentation is under modification.
146 This page intentionally left blank;
147 replace it with a blank sheet for double-sided output.
149 .sh 1 "BASIC INSTALLATION"
151 There are two basic steps to installing
153 First, you have to compile and install the binary.
156 has already been ported to your operating system
157 that should be simple.
158 Second, you must build a run-time configuration file.
161 reads when it starts up
162 that describes the mailers it knows about,
163 how to parse addresses,
164 how to rewrite the message header,
165 and the settings of various options.
166 Although the configuration file can be quite complex,
167 a configuration can usually be built
168 using an M4-based configuration language.
170 The remainder of this section will describe the installation of
172 assuming you can use one of the existing configurations
173 and that the standard installation parameters are acceptable.
174 All pathnames and examples
175 are given from the root of the
179 .i /usr/src/usr.\*(SD/sendmail
182 If you are loading this off the tape,
183 continue with the next section.
184 If you have a running binary already on your system,
185 you should probably skip to section 1.2.
186 .sh 2 "Compiling Sendmail"
201 This will leave the binary in an appropriately named subdirectory,
204 It works for multiple object versions
205 compiled out of the same directory.
206 .sh 3 "Tweaking the Build Invocation"
208 You can give parameters on the
211 In most cases these are only used when the
213 directory is first created.
214 These commands include:
216 .ip "\-L \fIlibdirs\fP"
217 A list of directories to search for libraries.
218 .ip "\-I \fIincdirs\fP"
219 A list of directories to search for include files.
220 .ip "\-E \fIenvar\fP=\fIvalue\fP"
221 Set an environment variable to an indicated
224 This is normally used to set an ABI on Irix.
229 .ip "\-f \fIsiteconfig\fP"
230 Read the indicated site configuration file.
231 If this parameter is not specified,
236 .i $BUILDTOOLS/Site/site.$oscf.m4
238 .i $BUILDTOOLS/Site/site.config.m4 ,
239 where $BUILDTOOLS is normally
241 and $oscf is the same name as used on the
244 See below for a description of the site configuration file.
246 Skip auto-configuration.
248 will avoid auto-detecting libraries if this is set.
249 All libraries and map definitions must be specified
250 in the site configuration file.
252 Any other parameters are passed to the
255 .sh 3 "Creating a Site Configuration File"
258 (This section is not yet complete.
259 For now, see the file BuildTools/README for details.)
260 .sh 3 "Tweaking the Makefile"
262 .\" .b "XXX This should all be in the Site Configuration File section."
264 supports two different formats
265 for the local (on disk) version of databases,
269 At least one of these should be defined if at all possible.
272 The ``new DBM'' format,
273 available on nearly all systems around today.
274 This was the preferred format prior to 4.4BSD.
275 It allows such complex things as multiple databases
276 and closing a currently open database.
278 The Berkeley DB package.
279 If you have this, use it.
282 multiple open databases,
283 real in-memory caching,
285 You can define this in conjunction with
288 old alias databases are read,
289 but when a new database is created it will be in NEWDB format.
291 if you have NEWDB, NDBM, and NIS defined,
292 and if the alias file name includes the substring
295 will create both new and old versions of the alias file
299 This is required because the Sun NIS/YP system
300 reads the DBM version of the alias file.
304 If neither of these are defined,
306 reads the alias file into memory on every invocation.
307 This can be slow and should be avoided.
308 There are also several methods for remote database access:
310 Sun's Network Information Services (formerly YP).
314 NeXT's NetInfo service.
316 Hesiod service (from Athena).
318 Other compilation flags are set in conf.h
319 and should be predefined for you
320 unless you are porting to a new environment.
321 .sh 3 "Compilation and installation"
323 After making the local system configuration described above,
324 You should be able to compile and install the system.
327 is the best approach on most systems:
333 to create a custom Makefile for your environment.
335 If you are installing in the standard places,
336 you should be able to install using
340 This should install the binary in
342 and create links from
343 /usr/\*(SB/newaliases
348 On 4.4BSD systems it will also format and install man pages.
349 .sh 2 "Configuration Files"
352 cannot operate without a configuration file.
353 The configuration defines the mail delivery mechanisms understood at this site,
355 how to forward email to remote mail systems,
356 and a number of tuning parameters.
357 This configuration file is detailed
358 in the later portion of this document.
362 configuration can be daunting at first.
363 The world is complex,
364 and the mail configuration reflects that.
365 The distribution includes an m4-based configuration package
366 that hides a lot of the complexity.
368 These configuration files are simpler than old versions
369 largely because the world has become simpler;
371 text-based host files are officially eliminated,
372 obviating the need to
374 hosts behind a registered internet gateway.
376 These files also assume that most of your neighbors
377 use domain-based UUCP addressing;
379 instead of naming hosts as
382 .q host.domain!user .
383 The configuration files can be customized to work around this,
384 but it is more complex.
386 Our configuration files are processed by
388 to facilitate local customization;
393 distribution directory
394 contains the source files.
395 This directory contains several subdirectories:
398 Both site-dependent and site-independent descriptions of hosts.
399 These can be literal host names
402 when the hosts are gateways
403 or more general descriptions
405 .q "generic-solaris2.mc"
406 as a general description of an SMTP-connected host
410 (``Master Configuration'')
411 are the input descriptions;
412 the output is in the corresponding
415 The general structure of these files is described below.
417 Site-dependent subdomain descriptions.
418 These are tied to the way your organization wants to do addressing.
420 .b domain/CS.Berkeley.EDU.m4
421 is our description for hosts in the CS.Berkeley.EDU subdomain.
422 These are referenced using the
429 Definitions of specific features that some particular host in your site
431 These are referenced using the
435 An example feature is
439 to read an /etc/sendmail.cw file on startup
440 to find the set of local names).
442 Local hacks, referenced using the
447 The point of having them here is to make it clear that they smell.
451 include files that have information common to all configuration files.
452 This can be thought of as a
456 Definitions of mailers,
461 The mailer types that are known in this distribution are
467 For example, to include support for the UUCP-based mailers,
471 Definitions describing various operating system environments
472 (such as the location of support files).
473 These are referenced using the
478 Shell files used by the
481 You shouldn't have to mess with these.
483 Local UUCP connectivity information.
484 This directory has been supplanted by the mailertable feature;
485 any new configurations should use that feature to do UUCP
488 If you are in a new domain
490 you will probably want to create a
492 file for your domain.
493 This consists primarily of relay definitions
494 and features you want enabled site-wide:
495 for example, Berkeley's domain definition
499 These are specific to Berkeley,
500 and should be fully-qualified internet-style domain names.
501 Please check to make certain they are reasonable for your domain.
503 Subdomains at Berkeley are also represented in the
509 is the Computer Science subdomain,
511 is the Electrical Engineering and Computer Sciences subdomain,
514 is the Sequoia 2000 subdomain.
515 You will probably have to add an entry to this directory
516 to be appropriate for your domain.
518 You will have to use or create
522 subdirectory for your hosts.
523 This is detailed in the
526 .sh 2 "Details of Installation Files"
528 This subsection describes the files that
532 .sh 3 "/usr/\*(SD/sendmail"
536 is located in /usr/\*(SD\**.
540 on 4.4BSD and newer systems;
541 many systems install it in
543 I understand it is in /usr/ucblib
544 on System V Release 4.
546 It should be setuid root.
547 For security reasons,
548 /, /usr, and /usr/\*(SD
549 should be owned by root, mode 755\**.
551 \**Some vendors ship them owned by bin;
552 this creates a security hole that is not actually related to
554 Other important directories that should have restrictive ownerships
556 /bin, /usr/bin, /etc, /usr/etc, /lib, and /usr/lib.
558 .sh 3 "/etc/sendmail.cf"
560 This is the configuration file for
563 \**Actually, the pathname varies depending on the operating system;
564 /etc is the preferred directory.
565 Some older systems install it in
566 .b /usr/lib/sendmail.cf ,
567 and I've also seen it in
571 If you want to move this file,
572 add -D_PATH_SENDMAILCF=\e"/file/name\e"
573 to the flags passed to the C compiler.
574 Moving this file is not recommended:
575 other programs and scripts know of this location.
577 This is the only non-library file name compiled into
580 \**The system libraries can reference other files;
581 in particular, system library subroutines that
583 calls probably reference
586 .i /etc/resolv.conf .
589 The configuration file is normally created
590 using the distribution files described above.
591 If you have a particularly unusual system configuration
592 you may need to create a special version.
593 The format of this file is detailed in later sections
595 .sh 3 "/usr/\*(SB/newaliases"
599 command should just be a link to
602 rm \-f /usr/\*(SB/newaliases
603 ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
605 This can be installed in whatever search path you prefer
607 .sh 3 "/usr/\*(SB/hoststat"
611 command should just be a link to
613 in a fashion similar to
615 This command lists the status of the last mail transaction
616 with all remote hosts. The
618 flag will prevent the status display from being truncated.
619 It functions only when the
620 .b HostStatusDirectory
622 .sh 3 "/usr/\*(SB/purgestat"
624 This command is also a link to
626 It flushes all information that is stored in the
627 .b HostStatusDirectory
629 .sh 3 "/var/spool/mqueue"
633 should be created to hold the mail queue.
634 This directory should be mode 700
637 The actual path of this directory
643 .sh 3 "/var/spool/mqueue/.hoststat"
645 This is a typical value for the
646 .b HostStatusDirectory
648 containing one file per host
649 that this sendmail has chatted with recently.
650 It is normally a subdirectory of
652 .sh 3 "/etc/aliases*"
654 The system aliases are held in
658 which includes some aliases which
662 cp lib/aliases /etc/aliases
663 .i "edit /etc/aliases"
665 You should extend this file with any aliases that are apropos to your system.
669 looks at a database version of the files,
676 depending on which database package you are using.
677 The actual path of this file
683 .sh 3 "/etc/rc or /etc/init.d/sendmail"
685 It will be necessary to start up the
687 daemon when your system reboots.
688 This daemon performs two functions:
689 it listens on the SMTP socket for connections
690 (to receive mail from a remote system)
691 and it processes the queue periodically
692 to insure that mail gets delivered when hosts come up.
694 Add the following lines to
699 in the area where it is starting up the daemons
700 on a BSD-base system,
701 or on a System-V-based system
702 in one of the startup files, typically
703 .q /etc/init.d/sendmail :
705 if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/sendmail.cf ]; then
706 (cd /var/spool/mqueue; rm \-f [lnx]f*)
707 /usr/\*(SD/sendmail \-bd \-q30m &
708 echo \-n ' sendmail' >/dev/console
715 commands insure that all lock files have been removed;
716 extraneous lock files may be left around
717 if the system goes down in the middle of processing a message.
718 The line that actually invokes
722 causes it to listen on the SMTP port,
725 causes it to run the queue every half hour.
727 Some people use a more complex startup script,
728 removing zero length qf files and df files for which there is no qf file.
729 For example, see Figure 1
730 for an example of a complex script which does this clean up.
734 # remove zero length qf files
741 echo \-n " <zero: $qffile>" > /dev/console
746 # rename tf files to be qf if the qf does not exist
749 qffile=`echo $tffile | sed 's/t/q/'`
750 if [ \-r $tffile \-a ! \-f $qffile ]
752 echo \-n " <recovering: $tffile>" > /dev/console
757 echo \-n " <extra: $tffile>" > /dev/console
762 # remove df files with no corresponding qf files
765 qffile=`echo $dffile | sed 's/d/q/'`
766 if [ \-r $dffile \-a ! \-f $qffile ]
768 echo \-n " <incomplete: $dffile>" > /dev/console
769 mv $dffile `echo $dffile | sed 's/d/D/'`
772 # announce files that have been saved during disaster recovery
773 for xffile in [A-Z]f*
777 echo \-n " <panic: $xffile>" > /dev/console
782 Figure 1 \(em A complex startup script
786 If you are not running a version of UNIX
787 that supports Berkeley TCP/IP,
791 .sh 3 "/usr/lib/sendmail.hf"
793 This is the help file used by the SMTP
796 It should be copied from
799 cp lib/sendmail.hf /usr/lib
801 The actual path of this file
807 .sh 3 "/etc/sendmail.st"
809 If you wish to collect statistics
810 about your mail traffic,
811 you should create the file
812 .q /etc/sendmail.st :
814 cp /dev/null /etc/sendmail.st
815 chmod 644 /etc/sendmail.st
817 This file does not grow.
818 It is printed with the program
819 .q mailstats/mailstats.c.
820 The actual path of this file
826 .sh 3 "/usr/\*(SB/mailq"
837 will print the contents of the mail queue;
839 This should be a link to /usr/\*(SD/sendmail.
840 .sh 1 "NORMAL OPERATIONS"
841 .sh 2 "The System Log"
843 The system log is supported by the
853 which does not support facilities in the syslog.
857 Each line in the system log
858 consists of a timestamp,
859 the name of the machine that generated it
860 (for logging from several machines
861 over the local area network),
866 \**This format may vary slightly if your vendor has changed
869 Most messages are a sequence of
875 The two most common lines are logged when a message is processed.
876 The first logs the receipt of a message;
877 there will be exactly one of these per message.
878 Some fields may be omitted if they do not contain interesting information.
881 The envelope sender address.
883 The size of the message in bytes.
885 The class (i.e., numeric precedence) of the message.
887 The initial message priority (used for queue sorting).
889 The number of envelope recipients for this message
890 (after aliasing and forwarding).
892 The message id of the message (from the header).
894 The protocol used to receive this message (e.g., ESMTP or UUCP)
896 The machine from which it was received.
898 There is also one line logged per delivery attempt
899 (so there can be several per message if delivery is deferred
900 or there are multiple recipients).
903 A comma-separated list of the recipients to this mailer.
905 The ``controlling user'', that is, the name of the user
906 whose credentials we use for delivery.
908 The total delay between the time this message was received
909 and the time it was delivered.
911 The amount of time needed in this delivery attempt
912 (normally indicative of the speed of the connection).
914 The name of the mailer used to deliver to this recipient.
916 The name of the host that actually accepted (or rejected) this recipient.
920 Not all fields are present in all messages;
921 for example, the relay is not listed for local deliveries.
926 or an equivalent installed,
927 you will be able to do logging.
928 There is a large amount of information that can be logged.
929 The log is arranged as a succession of levels.
931 only extremely strange situations are logged.
932 At the highest level,
933 even the most mundane and uninteresting events
934 are recorded for posterity.
937 are considered generally
940 are reserved for debugging purposes.
941 Levels from 11\-64 are reserved for verbose information
942 that some sites might want.
944 A complete description of the log levels
948 .sh 2 "Dumping State"
952 to log a dump of the open files
953 and the connection cache
957 The results are logged at
960 .sh 2 "The Mail Queue"
962 Sometimes a host cannot handle a message immediately.
963 For example, it may be down or overloaded, causing it to refuse connections.
964 The sending host is then expected to save this message in
966 and attempt to deliver it later.
968 Under normal conditions the mail queue will be processed transparently.
969 However, you may find that manual intervention is sometimes necessary.
971 if a major host is down for a period of time
972 the queue may become clogged.
975 ought to recover gracefully when the host comes up,
976 you may find performance unacceptably bad in the meantime.
977 .sh 3 "Printing the queue"
979 The contents of the queue can be printed
983 (or by specifying the
990 This will produce a listing of the queue id's,
991 the size of the message,
992 the date the message entered the queue,
993 and the sender and recipients.
994 .sh 3 "Forcing the queue"
997 should run the queue automatically
999 The algorithm is to read and sort the queue,
1000 and then to attempt to process all jobs in order.
1001 When it attempts to run the job,
1003 first checks to see if the job is locked.
1004 If so, it ignores the job.
1006 There is no attempt to insure that only one queue processor
1008 since there is no guarantee that a job cannot take forever
1012 does include heuristics to try to abort jobs
1013 that are taking absurd amounts of time;
1014 technically, this violates RFC 821, but is blessed by RFC 1123).
1015 Due to the locking algorithm,
1016 it is impossible for one job to freeze the entire queue.
1018 an uncooperative recipient host
1019 or a program recipient
1021 can accumulate many processes in your system.
1023 there is no completely general way to solve this.
1026 you may find that a major host going down
1027 for a couple of days
1028 may create a prohibitively large queue.
1031 spending an inordinate amount of time
1033 This situation can be fixed by moving the queue to a temporary place
1034 and creating a new queue.
1035 The old queue can be run later when the offending host returns to service.
1038 it is acceptable to move the entire queue directory:
1041 mv mqueue omqueue; mkdir mqueue; chmod 700 mqueue
1043 You should then kill the existing daemon
1044 (since it will still be processing in the old queue directory)
1045 and create a new daemon.
1047 To run the old mail queue,
1048 run the following command:
1050 /usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
1054 flag specifies an alternate queue directory
1057 flag says to just run every job in the queue.
1058 If you have a tendency toward voyeurism,
1061 flag to watch what is going on.
1063 When the queue is finally emptied,
1064 you can remove the directory:
1066 rmdir /var/spool/omqueue
1068 .sh 2 "Disk Based Connection Information"
1071 stores a large amount of information about each remote system it
1072 has connected to in memory. It is now possible to preserve some
1073 of this information on disk as well, by using the
1074 .b HostStatusDirectory
1075 option, so that it may be shared between several invocations of
1077 This allows mail to be queued immediately or skipped during a queue run if
1078 there has been a recent failure in connecting to a remote machine.
1080 Additionally enabling
1081 .b SingleThreadDelivery
1082 has the added effect of single-threading mail delivery to a destination.
1083 This can be quite helpful
1084 if the remote machine is running an SMTP server that is easily overloaded
1085 or cannot accept more than a single connection at a time,
1086 but can cause some messages to be punted to a future queue run.
1089 hosts, so setting this because you have one machine on site
1090 that runs some software that is easily overrun
1091 can cause mail to other hosts to be slowed down.
1092 If this option is set,
1093 you probably want to set the
1095 option as well and run the queue fairly frequently;
1096 this way jobs that are skipped because another
1098 is talking to the same host will be tried again quickly
1099 rather than being delayed for a long time.
1101 The disk based host information is stored in a subdirectory of the
1106 \**This is the usual value of the
1107 .b HostStatusDirectory
1109 it can, of course, go anywhere you like in your filesystem.
1111 Removing this directory and its subdirectories has an effect similar to
1114 command and is completely safe.
1115 The information in these directories can
1118 command, which will indicate the host name, the last access, and the
1119 status of that access.
1120 An asterisk in the left most column indicates that a
1122 process currently has the host locked for mail delivery.
1124 The disk based connection information is treated the same way as memory based
1125 connection information for the purpose of timeouts.
1126 By default, information about host failures is valid for 30 minutes.
1127 This can be adjusted with
1129 .b Timeout.hoststatus
1132 The connection information stored on disk may be purged at any time
1135 command or by invoking sendmail with the
1138 The connection information may be viewed with the
1140 command or by invoking sendmail with the
1143 .sh 2 "The Service Switch"
1145 The implementation of certain system services
1146 such as host and user name lookup
1147 is controlled by the service switch.
1148 If the host operating system supports such a switch
1150 will use the native version.
1151 Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**.
1153 \**HP-UX 10 has service switch support,
1154 but since the APIs are apparently not available in the libraries
1156 does not use the native service switch in this release.
1159 If the underlying operating system does not support a service switch
1160 (e.g., SunOS 4.X, HP-UX, BSD)
1163 will provide a stub implementation.
1165 .b ServiceSwitchFile
1166 option points to the name of a file that has the service definitions.
1167 Each line has the name of a service
1168 and the possible implementations of that service.
1169 For example, the file:
1176 to look for hosts in the Domain Name System first.
1177 If the requested host name is not found,
1178 it tries local files,
1179 and if that fails it tries NIS.
1181 when looking for aliases
1182 it will try the local files first
1185 Service switches are not completely integrated.
1186 For example, despite the fact that the host entry listed in the above example
1187 specifies to look in NIS,
1188 on SunOS this won't happen because the system implementation of
1189 .i gethostbyname \|(3)
1190 doesn't understand this.
1191 If there is enough demand
1194 .i gethostbyname \|(3),
1195 .i gethostbyaddr \|(3),
1197 and the other system routines that would be necessary
1198 to make this work seamlessly.
1199 .sh 2 "The Alias Database"
1201 After recipient addresses are read from the SMTP connection
1203 they are parsed by ruleset 0,
1204 which must resolve to a
1210 If the flags selected by the
1217 part of the triple is looked up as the key
1218 (i.e., the left hand side)
1219 into the alias database.
1220 If there is a match, the address is deleted from the send queue
1221 and all addresses on the right hand side of the alias
1222 are added in place of the alias that was found.
1223 This is a recursive operation,
1224 so aliases found in the right hand side of the alias
1225 are similarly expanded.
1227 The alias database exists in two forms.
1229 maintained in the file
1231 The aliases are of the form
1233 name: name1, name2, ...
1235 Only local names may be aliased;
1238 eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU
1240 will not have the desired effect
1241 (except on prep.ai.MIT.EDU,
1242 and they probably don't want me)\**.
1244 \**Actually, any mailer that has the `A' mailer flag set
1245 will permit aliasing;
1246 this is normally limited to the local mailer.
1248 Aliases may be continued by starting any continuation lines
1249 with a space or a tab.
1250 Blank lines and lines beginning with a sharp sign
1255 The second form is processed by the
1260 package does not work.
1262 or the Berkeley DB library.
1263 This form is in the file
1271 This is the form that
1273 actually uses to resolve aliases.
1274 This technique is used to improve performance.
1276 The control of search order is actually set by the service switch.
1277 Essentially, the entry
1279 O AliasFile=switch:aliases
1281 is always added as the first alias entry;
1282 also, the first alias file name without a class
1286 will be used as the name of the file for a ``files'' entry
1287 in the aliases switch.
1288 For example, if the configuration file contains
1290 O AliasFile=/etc/aliases
1292 and the service switch contains
1294 aliases nis files nisplus
1296 then aliases will first be searched in the NIS database,
1297 then in /etc/aliases,
1298 then in the NIS+ database.
1303 For example, the specification:
1305 O AliasFile=/etc/aliases
1306 O AliasFile=nis:mail.aliases@my.nis.domain
1308 will first search the /etc/aliases file
1309 and then the map named
1313 Warning: if you build your own
1316 be sure to provide the
1320 to map upper case letters in the keys to lower case;
1321 otherwise, aliases with upper case letters in their names
1322 won't match incoming addresses.
1324 Additional flags can be added after the colon
1327 line \(em for example:
1329 O AliasFile=nis:\-N mail.aliases@my.nis.domain
1331 will search the appropriate NIS map and always include null bytes in the key.
1334 O AliasFile=nis:\-f mail.aliases@my.nis.domain
1336 will prevent sendmail from downcasing the key before the alias lookup.
1337 .sh 3 "Rebuilding the alias database"
1343 version of the database
1344 may be rebuilt explicitly by executing the command
1348 This is equivalent to giving
1354 /usr/\*(SD/sendmail \-bi
1361 option is specified in the configuration,
1363 will rebuild the alias database automatically
1365 when it is out of date.
1366 Auto-rebuild can be dangerous
1367 on heavily loaded machines
1368 with large alias files;
1369 if it might take more than the rebuild timeout
1374 which is normally five minutes)
1375 to rebuild the database,
1376 there is a chance that several processes will start the rebuild process
1379 If you have multiple aliases databases specified,
1382 flag rebuilds all the database types it understands
1383 (for example, it can rebuild NDBM databases but not NIS databases).
1384 .sh 3 "Potential problems"
1386 There are a number of problems that can occur
1387 with the alias database.
1388 They all result from a
1390 process accessing the DBM version
1391 while it is only partially built.
1392 This can happen under two circumstances:
1393 One process accesses the database
1394 while another process is rebuilding it,
1395 or the process rebuilding the database dies
1396 (due to being killed or a system crash)
1397 before completing the rebuild.
1399 Sendmail has three techniques to try to relieve these problems.
1400 First, it ignores interrupts while rebuilding the database;
1401 this avoids the problem of someone aborting the process
1402 leaving a partially rebuilt database.
1404 it locks the database source file during the rebuild \(em
1405 but that may not work over NFS or if the file is unwritable.
1407 at the end of the rebuild
1408 it adds an alias of the form
1412 (which is not normally legal).
1415 will access the database,
1416 it checks to insure that this entry exists\**.
1420 option is required in the configuration
1421 for this action to occur.
1422 This should normally be specified.
1426 If an error occurs on sending to a certain address,
1430 will look for an alias
1433 to receive the errors.
1434 This is typically useful
1436 where the submitter of the list
1437 has no control over the maintenance of the list itself;
1438 in this case the list maintainer would be the owner of the list.
1441 unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
1443 owner-unix-wizards: unix-wizards-request
1444 unix-wizards-request: eric@ucbarpa
1448 to get the error that will occur
1449 when someone sends to
1451 due to the inclusion of
1455 List owners also cause the envelope sender address to be modified.
1456 The contents of the owner alias are used if they point to a single user,
1457 otherwise the name of the alias itself is used.
1458 For this reason, and to obey Internet conventions,
1461 address normally points at the
1463 address; this causes messages to go out with the typical Internet convention
1466 as the return address.
1467 .sh 2 "User Information Database"
1469 If you have a version of
1471 with the user information database
1473 and you have specified one or more databases using the
1476 the databases will be searched for a
1479 If found, the mail will be sent to the specified address.
1480 .sh 2 "Per-User Forwarding (.forward Files)"
1482 As an alternative to the alias database,
1483 any user may put a file with the name
1485 in his or her home directory.
1486 If this file exists,
1488 redirects mail for that user
1489 to the list of addresses listed in the .forward file.
1490 For example, if the home directory for user
1492 has a .forward file with contents:
1497 then any mail arriving for
1499 will be redirected to the specified accounts.
1501 Actually, the configuration file defines a sequence of filenames to check.
1502 By default, this is the user's .forward file,
1503 but can be defined to be more generally using the
1507 you will have to inform your user base of the change;
1508 \&.forward is pretty well incorporated into the collective subconscious.
1509 .sh 2 "Special Header Lines"
1511 Several header lines have special interpretations
1512 defined by the configuration file.
1513 Others have interpretations built into
1515 that cannot be changed without changing the code.
1516 These builtins are described here.
1519 If errors occur anywhere during processing,
1520 this header will cause error messages to go to
1521 the listed addresses.
1522 This is intended for mailing lists.
1524 The Errors-To: header was created in the bad old days
1525 when UUCP didn't understand the distinction between an envelope and a header;
1526 this was a hack to provide what should now be passed
1527 as the envelope sender address.
1529 It is only used if the
1533 The Errors-To: header is officially deprecated
1534 and will go away in a future release.
1535 .sh 3 "Apparently-To:"
1537 RFC 822 requires at least one recipient field
1538 (To:, Cc:, or Bcc: line)
1540 If a message comes in with no recipients listed in the message
1543 will adjust the header based on the
1544 .q NoRecipientAction
1546 One of the possible actions is to add an
1548 header line for any recipients it is aware of.
1550 The Apparently-To: header is non-standard
1554 The Precedence: header can be used as a crude control of message priority.
1555 It tweaks the sort order in the queue
1556 and can be configured to change the message timeout values.
1557 .sh 2 "IDENT Protocol Support"
1560 supports the IDENT protocol as defined in RFC 1413.
1561 Although this enhances identification
1562 of the author of an email message
1563 by doing a ``call back'' to the originating system to include
1564 the owner of a particular TCP connection
1566 it is in no sense perfect;
1567 a determined forger can easily spoof the IDENT protocol.
1568 The following description is excerpted from RFC 1413:
1571 6. Security Considerations
1573 The information returned by this protocol is at most as trustworthy
1574 as the host providing it OR the organization operating the host. For
1575 example, a PC in an open lab has few if any controls on it to prevent
1576 a user from having this protocol return any identifier the user
1577 wants. Likewise, if the host has been compromised the information
1578 returned may be completely erroneous and misleading.
1580 The Identification Protocol is not intended as an authorization or
1581 access control protocol. At best, it provides some additional
1582 auditing information with respect to TCP connections. At worst, it
1583 can provide misleading, incorrect, or maliciously incorrect
1586 The use of the information returned by this protocol for other than
1587 auditing is strongly discouraged. Specifically, using Identification
1588 Protocol information to make access control decisions - either as the
1589 primary method (i.e., no other checks) or as an adjunct to other
1590 methods may result in a weakening of normal host security.
1592 An Identification server may reveal information about users,
1593 entities, objects or processes which might normally be considered
1594 private. An Identification server provides service which is a rough
1595 analog of the CallerID services provided by some phone companies and
1596 many of the same privacy considerations and arguments that apply to
1597 the CallerID service apply to Identification. If you wouldn't run a
1598 "finger" server due to privacy considerations you may not want to run
1602 In some cases your system may not work properly with IDENT support
1603 due to a bug in the TCP/IP implementation.
1604 The symptoms will be that for some hosts
1605 the SMTP connection will be closed
1607 If this is true or if you do not want to use IDENT,
1608 you should set the IDENT timeout to zero;
1609 this will disable the IDENT protocol.
1612 The complete list of arguments to
1614 is described in detail in Appendix A.
1615 Some important arguments are described here.
1616 .sh 2 "Queue Interval"
1618 The amount of time between forking a process
1619 to run through the queue
1623 If you run with delivery mode set to
1627 this can be relatively large,
1628 since it will only be relevant
1629 when a host that was down comes back up.
1633 it should be relatively short,
1634 since it defines the maximum amount of time that a message
1635 may sit in the queue.
1636 (See also the MinQueueAge option.)
1638 RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
1639 (although that probably doesn't make sense if you use ``queue-only'' mode).
1642 If you allow incoming mail over an IPC connection,
1643 you should have a daemon running.
1644 This should be set by your
1653 flag may be combined in one call:
1655 /usr/\*(SD/sendmail \-bd \-q30m
1658 An alternative approach is to invoke sendmail from
1662 flag to ask sendmail to speak SMTP on its standard input and output).
1663 This works and allows you to wrap
1665 in a TCP wrapper program,
1666 but may be a bit slower since the configuration file
1667 has to be re-read on every message that comes in.
1668 If you do this, you still need to have a
1670 running to flush the queue:
1672 /usr/\*(SD/sendmail \-q30m
1674 .sh 2 "Forcing the Queue"
1676 In some cases you may find that the queue has gotten clogged for some reason.
1677 You can force a queue run
1680 flag (with no value).
1681 It is entertaining to use the
1684 when this is done to watch what happens:
1686 /usr/\*(SD/sendmail \-q \-v
1689 You can also limit the jobs to those with a particular queue identifier,
1690 sender, or recipient
1691 using one of the queue modifiers.
1694 restricts the queue run to jobs that have the string
1696 somewhere in one of the recipient addresses.
1699 limits the run to particular senders and
1701 limits it to particular queue identifiers.
1704 There are a fairly large number of debug flags
1707 Each debug flag has a number and a level,
1708 where higher levels means to print out more information.
1709 The convention is that levels greater than nine are
1712 they print out so much information that you wouldn't normally
1713 want to see them except for debugging that particular piece of code.
1714 Debug flags are set using the
1719 .ta \w'debug-option 'u
1720 debug-flag: \fB\-d\fP debug-list
1721 debug-list: debug-option [ , debug-option ]*
1722 debug-option: debug-range [ . debug-level ]
1723 debug-range: integer | integer \- integer
1724 debug-level: integer
1726 where spaces are for reading ease only.
1729 \-d12 Set flag 12 to level 1
1730 \-d12.3 Set flag 12 to level 3
1731 \-d3\-17 Set flags 3 through 17 to level 1
1732 \-d3\-17.4 Set flags 3 through 17 to level 4
1734 For a complete list of the available debug flags
1735 you will have to look at the code
1736 (they are too dynamic to keep this documentation up to date).
1737 .sh 2 "Changing the Values of Options"
1739 Options can be overridden using the
1746 /usr/\*(SD/sendmail \-oT2m
1750 (timeout) option to two minutes
1752 the equivalent line using the long option name is
1754 /usr/\*(SD/sendmail -OTimeout.queuereturn=2m
1757 Some options have security implications.
1758 Sendmail allows you to set these,
1759 but relinquishes its setuid root permissions thereafter\**.
1761 \**That is, it sets its effective uid to the real uid;
1762 thus, if you are executing as root,
1763 as from root's crontab file or during system startup
1764 the root permissions will still be honored.
1766 .sh 2 "Trying a Different Configuration File"
1768 An alternative configuration file
1769 can be specified using the
1773 /usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
1775 uses the configuration file
1777 instead of the default
1778 .i /etc/sendmail.cf.
1784 in the current directory.
1787 gives up its setuid root permissions
1788 when you use this flag, so it is common to use a publicly writable directory
1790 as the spool directory (QueueDirectory or Q option) while testing.
1791 .sh 2 "Logging Traffic"
1793 Many SMTP implementations do not fully implement the protocol.
1794 For example, some personal computer based SMTPs
1795 do not understand continuation lines in reply codes.
1796 These can be very hard to trace.
1797 If you suspect such a problem, you can set traffic logging using the
1802 /usr/\*(SD/sendmail \-X /tmp/traffic \-bd
1804 will log all traffic in the file
1807 This logs a lot of data very quickly and should
1810 during normal operations.
1811 After starting up such a daemon,
1812 force the errant implementation to send a message to your host.
1813 All message traffic in and out of
1815 including the incoming SMTP traffic,
1816 will be logged in this file.
1817 .sh 2 "Testing Configuration Files"
1819 When you build a configuration table,
1820 you can do a certain amount of testing
1830 sendmail \-bt \-Ctest.cf
1832 which would read the configuration file
1834 and enter test mode.
1836 you enter lines of the form:
1842 is the rewriting set you want to use
1845 is an address to apply the set to.
1846 Test mode shows you the steps it takes
1848 finally showing you the address it ends up with.
1849 You may use a comma separated list of rwsets
1850 for sequential application of rules to an input.
1853 3,1,21,4 monet:bollard
1855 first applies ruleset three to the input
1857 Ruleset one is then applied to the output of ruleset three,
1858 followed similarly by rulesets twenty-one and four.
1860 If you need more detail,
1861 you can also use the
1863 flag to turn on more debugging.
1866 sendmail \-bt \-d21.99
1868 turns on an incredible amount of information;
1869 a single word address
1870 is probably going to print out several pages worth of information.
1872 You should be warned that internally,
1874 applies ruleset 3 to all addresses.
1876 you will have to do that manually.
1877 For example, older versions allowed you to use
1879 0 bruce@broadcast.sony.com
1881 This version requires that you use:
1883 3,0 bruce@broadcast.sony.com
1887 some other syntaxes are available in test mode:
1892 to have the indicated
1894 This is useful when debugging rules that use the
1906 dumps the contents of the indicated ruleset.
1909 is equivalent to the command-line flag.
1910 .sh 2 "Persistent Host Status Information"
1913 .b HostStatusDirectory
1915 information about the status of hosts is maintained on disk
1916 and can thus be shared between different instantiations of
1918 The status of the last connection with each remote host
1919 may be viewed with the command:
1923 This information may be flushed with the command:
1927 Flushing the information prevents new
1929 processes from loading it,
1930 but does not prevent existing processes from using the status information
1931 that they already have.
1934 There are a number of configuration parameters
1935 you may want to change,
1936 depending on the requirements of your site.
1937 Most of these are set
1938 using an option in the configuration file.
1941 .q "O Timeout.queuereturn=5d"
1943 .q Timeout.queuereturn
1948 Most of these options have appropriate defaults for most sites.
1950 sites having very high mail loads may find they need to tune them
1951 as appropriate for their mail load.
1953 sites experiencing a large number of small messages,
1954 many of which are delivered to many recipients,
1955 may find that they need to adjust the parameters
1956 dealing with queue priorities.
1961 had single character option names.
1963 options have long (multi-character names).
1964 Although old short names are still accepted,
1965 most new options do not have short equivalents.
1967 This section only describes the options you are most likely
1975 All time intervals are set
1976 using a scaled syntax.
1979 represents ten minutes, whereas
1981 represents two and a half hours.
1982 The full set of scales is:
1991 .sh 3 "Queue interval"
1996 specifies how often a sub-daemon will run the queue.
1997 This is typically set to between fifteen minutes
1999 RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
2000 .sh 3 "Read timeouts"
2002 Timeouts all have option names
2003 .q Timeout.\fIsuboption\fP .
2006 their default values, and the minimum values
2007 allowed by RFC 1123 section 5.3.2 are:
2010 The time to wait for an SMTP connection to open
2015 If zero, uses the kernel default.
2016 In no case can this option extend the timeout
2017 longer than the kernel provides, but it can shorten it.
2018 This is to get around kernels that provide an absurdly long connection timeout
2019 (90 minutes in one case).
2023 except it applies only to the initial attempt to connect to a host
2026 The concept is that this should be very short (a few seconds);
2027 hosts that are well connected and responsive will thus be serviced immediately.
2028 Hosts that are slow will not hold up other deliveries in the initial
2031 The wait for the initial 220 greeting message
2034 The wait for a reply from a HELO or EHLO command
2036 This may require a host name lookup, so
2037 five minutes is probably a reasonable minimum.
2039 The wait for a reply from a MAIL command
2042 The wait for a reply from a RCPT command
2045 because it could be pointing at a list
2046 that takes a long time to expand
2049 The wait for a reply from a DATA command
2052 The wait for reading a data block
2053 (that is, the body of the message).
2055 This should be long because it also applies to programs
2058 which have no guarantee of promptness.
2060 The wait for a reply from the dot terminating a message.
2062 If this is shorter than the time actually needed
2063 for the receiver to deliver the message,
2064 duplicates will be generated.
2065 This is discussed in RFC 1047.
2067 The wait for a reply from a RSET command
2070 The wait for a reply from a QUIT command
2073 The wait for a reply from miscellaneous (but short) commands
2074 such as NOOP (no-operation) and VERB (go into verbose mode).
2078 the time to wait for another command.
2081 The timeout waiting for a reply to an IDENT query
2082 [30s\**, unspecified].
2084 \**On some systems the default is zero to turn the protocol off entirely.
2087 The timeout for opening .forward and :include: files [60s, none].
2089 How long status information about a host
2091 will be cached before it is considered stale
2094 For compatibility with old configuration files,
2098 all the timeouts marked with \(dg are set to the indicated value.
2100 Many of the RFC 1123 minimum values
2101 may well be too short.
2103 was designed to the RFC 822 protocols,
2104 which did not specify read timeouts;
2107 prior to version 8.1 did not guarantee to reply to messages promptly.
2110 command specifying a mailing list
2111 will expand and verify the entire list;
2112 a large list on a slow system
2113 may easily take more than five minutes\**.
2115 \**This verification includes looking up every address
2116 with the name server;
2117 this involves network delays,
2118 and can in some cases can be considerable.
2120 I recommend a one hour timeout \*-
2121 since a communications failure during the RCPT phase is rare,
2122 a long timeout is not onerous
2123 and may ultimately help reduce network load
2124 and duplicated messages.
2126 For example, the lines:
2128 O Timeout.command=25m
2129 O Timeout.datablock=3h
2131 sets the server SMTP command timeout to 25 minutes
2132 and the input data block timeout to three hours.
2133 .sh 3 "Message timeouts"
2135 After sitting in the queue for a few days,
2136 a message will time out.
2137 This is to insure that at least the sender is aware
2138 of the inability to send a message.
2139 The timeout is typically set to five days.
2140 It is sometimes considered convenient to also send a warning message
2141 if the message is in the queue longer than a few hours
2142 (assuming you normally have good connectivity;
2143 if your messages normally took several hours to send
2144 you wouldn't want to do this because it wouldn't be an unusual event).
2145 These timeouts are set using the
2146 .b Timeout.queuereturn
2148 .b Timeout.queuewarn
2149 options in the configuration file
2150 (previously both were set using the
2154 Since these options are global,
2155 and since you can not know
2157 how long another host outside your domain will be down,
2158 a five day timeout is recommended.
2159 This allows a recipient to fix the problem even if it occurs
2160 at the beginning of a long weekend.
2161 RFC 1123 section 5.3.1.1 says that this parameter
2162 should be ``at least 4\-5 days''.
2165 .b Timeout.queuewarn
2166 value can be piggybacked on the
2168 option by indicating a time after which
2169 a warning message should be sent;
2170 the two timeouts are separated by a slash.
2171 For example, the line
2175 causes email to fail after five days,
2176 but a warning message will be sent after four hours.
2177 This should be large enough that the message will have been tried
2179 .sh 2 "Forking During Queue Runs"
2187 will fork before each individual message
2188 while running the queue.
2191 from consuming large amounts of memory,
2192 so it may be useful in memory-poor environments.
2197 will keep track of hosts that are down during a queue run,
2198 which can improve performance dramatically.
2204 can not use connection caching.
2205 .sh 2 "Queue Priorities"
2207 Every message is assigned a priority when it is first instantiated,
2208 consisting of the message size (in bytes)
2209 offset by the message class
2210 (which is determined from the Precedence: header)
2212 .q "work class factor"
2213 and the number of recipients times the
2214 .q "work recipient factor."
2215 The priority is used to order the queue.
2216 Higher numbers for the priority mean that the message will be processed later
2217 when running the queue.
2219 The message size is included so that large messages are penalized
2220 relative to small messages.
2221 The message class allows users to send
2223 messages by including a
2225 field in their message;
2226 the value of this field is looked up in the
2228 lines of the configuration file.
2229 Since the number of recipients affects the amount of load a message presents
2231 this is also included into the priority.
2233 The recipient and class factors
2234 can be set in the configuration file using the
2242 options respectively.
2243 They default to 30000 (for the recipient factor)
2245 (for the class factor).
2246 The initial priority is:
2248 pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
2250 (Remember, higher values for this parameter actually mean
2251 that the job will be treated with lower priority.)
2253 The priority of a job can also be adjusted each time it is processed
2254 (that is, each time an attempt is made to deliver it)
2256 .q "work time factor,"
2262 This is added to the priority,
2263 so it normally decreases the precedence of the job,
2264 on the grounds that jobs that have failed many times
2265 will tend to fail again in the future.
2268 option defaults to 90000.
2269 .sh 2 "Load Limiting"
2272 can be asked to queue (but not deliver)
2273 mail if the system load average gets too high
2279 When the load average exceeds the value of the
2282 the delivery mode is set to
2289 option divided by the difference in the current load average and the
2293 exceeds the priority of the message \(em
2294 that is, the message is queued iff:
2296 pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
2300 option defaults to 600000,
2301 so each point of load average is worth 600000
2303 (as described above).
2310 option defines a load average at which
2313 to accept network connections.
2314 Locally generated mail
2315 (including incoming UUCP mail)
2317 .sh 2 "Delivery Mode"
2319 There are a number of delivery modes that
2326 configuration option.
2328 specify how quickly mail will be delivered.
2332 i deliver interactively (synchronously)
2333 b deliver in background (asynchronously)
2334 q queue only (don't deliver)
2335 d defer delvery attempts (don't deliver)
2337 There are tradeoffs.
2340 gives the sender the quickest feedback,
2341 but may slow down some mailers and
2342 is hardly ever necessary.
2345 delivers promptly but
2346 can cause large numbers of processes
2347 if you have a mailer that takes a long time to deliver a message.
2350 minimizes the load on your machine,
2351 but means that delivery may be delayed for up to the queue interval.
2354 is identical to mode
2356 except that it also prevents all the early map lookups from working;
2357 it is intended for ``dial on demand'' sites where DNS lookups
2358 might cost real money.
2359 Some simple error messages
2360 (e.g., host unknown during the SMTP protocol)
2361 will be delayed using this mode.
2364 is the usual default.
2373 (deliver in background)
2375 will not expand aliases and follow .forward files
2376 upon initial receipt of the mail.
2377 This speeds up the response to RCPT commands.
2380 cannot be used by the SMTP server.
2383 The level of logging can be set for
2385 The default using a standard configuration table is level 9.
2386 The levels are as follows:
2391 Serious system failures and potential security problems.
2393 Lost communications (network problems) and protocol failures.
2395 Other serious failures, malformed addresses, transient forward/include
2396 errors, connection timeouts.
2398 Minor failures, out of date alias databases, connection rejections
2399 via check_ rulesets.
2401 Message collection statistics.
2403 Creation of error messages,
2404 VRFY and EXPN commands.
2406 Delivery failures (host or user unknown, etc.).
2408 Successful deliveries and alias database rebuilds.
2410 Messages being deferred
2411 (due to a host being down, etc.).
2413 Database expansion (alias, forward, and userdb lookups).
2415 NIS errors and end of job processing.
2417 Logs all SMTP connections.
2419 Log bad user shells, files with improper permissions, and other
2420 questionable situations.
2422 Logs refused connections.
2424 Log all incoming and outgoing SMTP commands.
2426 Logs attempts to run locked queue files.
2427 These are not errors,
2428 but can be useful to note if your queue appears to be clogged.
2430 Lost locks (only if using lockf instead of flock).
2433 values above 64 are reserved for extremely verbose debugging output.
2434 No normal site would ever set these.
2437 The modes used for files depend on what functionality you want
2438 and the level of security you require.
2441 does careful checking of the modes
2442 of files and directories
2443 to avoid accidental compromise;
2444 if you want to make it possible to have group-writable support files
2445 you may need to use the
2446 .b DontBlameSendmail
2447 option to turn off some of these checks.
2448 .sh 3 "To suid or not to suid?"
2451 is normally installed
2453 At the point where it is about to
2456 it checks to see if the userid is zero (root);
2458 it resets the userid and groupid to a default
2461 equate in the mailer line;
2462 if that is not set, the
2465 This can be overridden
2469 for mailers that are trusted
2470 and must be called as root.
2472 this will cause mail processing
2477 rather than to the user sending the mail.
2481 setuid to root, it will still run but you lose a lot of functionality
2482 and a lot of privacy, since you'll have to make the queue directory
2486 setuid to some pseudo-user
2487 (e.g., create a user called
2492 which will fix the privacy problems
2493 but not the functionality issues.
2494 Also, this isn't a guarantee of security:
2496 root occasionally sends mail,
2497 and the daemon often runs as root.
2500 must run as root in order to create the SMTP listener socket.
2502 A middle ground is to make
2510 to become the indicated user as soon as it has done the startup
2511 that requires root privileges
2512 (primarily, opening the
2519 .i /var/spool/mqueue )
2520 should be owned by that user,
2521 and all files and databases
2527 and external databases)
2528 must be readable by that user.
2530 is probably best suited for firewall configurations
2531 that don't have regular user logins.
2532 .sh 3 "Turning off security checks"
2535 is very particular about the modes of files that it reads or writes.
2536 For example, by default it will refuse to read most files
2537 that are group writable
2538 on the grounds that they might have been tampered with
2539 by someone other than the owner;
2540 it will even refuse to read files in group writable directories.
2544 sure that your configuration is safe and you want
2546 to avoid these security checks,
2547 you can turn off certain checks using the
2548 .b DontBlameSendmail
2550 This option takes one or more names that disable checks.
2551 In the descriptions that follow,
2552 .q "unsafe directory"
2553 means a directory that is writable by anyone other than the owner.
2557 No special handling.
2561 system call is restricted to root.
2562 Since some versions of Unix permit regular users
2563 to give away their files to other users on some filesystems,
2565 often cannot assume that a given file was created by the owner,
2566 particularly when it is in a writable directory.
2567 You can set this flag if you know that file giveaway is restricted
2569 .ip ClassFileInUnsafeDirPath
2570 When reading class files (using the
2572 line in the configuration file),
2573 allow files that are in unsafe directories.
2574 .ip ErrorHeaderInUnsafeDirPath
2575 Allow the file named in the
2577 option to be in an unsafe directory.
2578 .ip GroupWritableDirPathSafe
2579 Change the definition of
2580 .q "unsafe directory"
2581 to consider group-writable directories to be safe.
2582 World-writable directories are always unsafe.
2583 .ip GroupWritableForwardFileSafe
2584 Accept group-writable
2587 .ip GroupWritableIncludeFileSafe
2588 Accept group-writable
2591 .ip GroupWritableAliasFile
2592 Allow group-writable alias files.
2593 .ip HelpFileInUnsafeDirPath
2594 Allow the file named in the
2596 option to be in an unsafe directory.
2597 .ip WorldWritableAliasFile
2598 Accept world-writable alias files.
2599 .ip ForwardFileInGroupWritableDirPath
2602 files in group writable directories.
2603 .ip IncludeFileInGroupWritableDirPath
2606 files in group writable directories.
2607 .ip ForwardFileInUnsafeDirPath
2610 files in unsafe directories.
2611 .ip IncludeFileInUnsafeDirPath
2614 files in unsafe directories.
2615 .ip ForwardFileInUnsafeDirPathSafe
2618 file that is in an unsafe directory to include references
2619 to program and files.
2620 .ip IncludeFileInUnsafeDirPathSafe
2623 file that is in an unsafe directory to include references
2624 to program and files.
2625 .ip MapInUnsafeDirPath
2632 in unsafe directories.
2633 .ip LinkedAliasFileInWritableDir
2634 Allow an alias file that is a link in a writable directory.
2635 .ip LinkedClassFileInWritableDir
2636 Allow class files that are links in writable directories.
2637 .ip LinkedForwardFileInWritableDir
2640 files that are links in writable directories.
2641 .ip LinkedIncludeFileInWritableDir
2644 files that are links in writable directories.
2645 .ip LinkedMapInWritableDir
2646 Allow map files that are links in writable directories.
2647 .ip LinkedServiceSwitchFileInWritableDir
2648 Allow the service switch file to be a link
2649 even if the directory is writable.
2650 .ip FileDeliveryToHardLink
2651 Allow delivery to files that are hard links.
2652 .ip FileDeliveryToSymLink
2653 Allow delivery to files that are symbolic links.
2654 .ip RunProgramInUnsafeDirPath
2655 Go ahead and run programs that are in writable directories.
2656 .ip RunWritableProgram
2657 Go ahead and run programs that are group- or world-writable.
2658 .ip WriteMapToHardLink
2659 Allow writes to maps that are hard links.
2660 .ip WriteMapToSymLink
2661 Allow writes to maps that are symbolic links.
2662 .ip WriteStatsToHardLink
2663 Allow the status file to be a hard link.
2664 .ip WriteStatsToSymLink
2665 Allow the status file to be a symbolic link.
2666 .sh 2 "Connection Caching"
2668 When processing the queue,
2670 will try to keep the last few open connections open
2671 to avoid startup and shutdown costs.
2672 This only applies to IPC connections.
2674 When trying to open a connection
2675 the cache is first searched.
2676 If an open connection is found, it is probed to see if it is still active
2680 It is not an error if this fails;
2681 instead, the connection is closed and reopened.
2683 Two parameters control the connection cache.
2685 .b ConnectionCacheSize
2688 option defines the number of simultaneous open connections
2689 that will be permitted.
2690 If it is set to zero,
2691 connections will be closed as quickly as possible.
2693 This should be set as appropriate for your system size;
2694 it will limit the amount of system resources that
2696 will use during queue runs.
2697 Never set this higher than 4.
2700 .b ConnectionCacheTimeout
2703 option specifies the maximum time that any cached connection
2704 will be permitted to idle.
2705 When the idle time exceeds this value
2706 the connection is closed.
2707 This number should be small
2709 to prevent you from grabbing too many resources
2711 The default is five minutes.
2712 .sh 2 "Name Server Access"
2714 Control of host address lookups is set by the
2716 service entry in your service switch file.
2717 If you are on a system that has built-in service switch support
2718 (e.g., Ultrix, Solaris, or DEC OSF/1)
2719 then your system is probably configured properly already.
2722 will consult the file
2723 .b /etc/service.switch ,
2724 which should be created.
2726 only uses two entries:
2730 although system routines may use other services
2733 service for user name lookups by
2736 However, some systems (such as SunOS 4.X)
2738 regardless of the setting of the service switch entry.
2739 In particular, the system routine
2740 .i gethostbyname (3)
2741 is used to look up host names,
2742 and many vendor versions try some combination of DNS, NIS,
2743 and file lookup in /etc/hosts
2744 without consulting a service switch.
2746 makes no attempt to work around this problem,
2747 and the DNS lookup will be done anyway.
2748 If you do not have a nameserver configured at all,
2749 such as at a UUCP-only site,
2752 .q "connection refused"
2753 message when it tries to connect to the name server.
2756 switch entry has the service
2758 listed somewhere in the list,
2760 will interpret this to mean a temporary failure
2761 and will queue the mail for later processing;
2762 otherwise, it ignores the name server data.
2764 The same technique is used to decide whether to do MX lookups.
2765 If you want MX support, you
2769 listed as a service in the
2777 option allows you to tweak name server options.
2778 The command line takes a series of flags as documented in
2783 Each can be preceded by an optional `+' or `\(mi'.
2784 For example, the line
2786 O ResolverOptions=+AAONLY \(miDNSRCH
2788 turns on the AAONLY (accept authoritative answers only)
2789 and turns off the DNSRCH (search the domain path) options.
2790 Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
2791 flags on and all others off.
2792 You can also include
2794 to specify that there is a wildcard MX record matching your domain;
2795 this turns off MX matching when canonifying names,
2796 which can lead to inappropriate canonifications.
2798 Version level 1 configurations
2799 turn DNSRCH and DEFNAMES off when doing delivery lookups,
2800 but leave them on everywhere else.
2803 ignores them when doing canonification lookups
2804 (that is, when using $[ ... $]),
2805 and always does the search.
2806 If you don't want to do automatic name extension,
2807 don't call $[ ... $].
2809 The search rules for $[ ... $] are somewhat different than usual.
2810 If the name being looked up
2811 has at least one dot, it always tries the unmodified name first.
2812 If that fails, it tries the reduced search path,
2813 and lastly tries the unmodified name
2814 (but only for names without a dot,
2815 since names with a dot have already been tried).
2816 This allows names such as
2818 to match the site in Czechoslovakia
2819 rather than the site in your local Computer Science department.
2820 It also prefers A and CNAME records over MX records \*-
2821 that is, if it finds an MX record it makes note of it,
2823 This way, if you have a wildcard MX record matching your domain,
2824 it will not assume that all names match.
2826 To completely turn off all name server access
2827 on systems without service switch support
2829 you will have to recompile with
2831 and remove \-lresolv from the list of libraries to be searched
2833 .sh 2 "Moving the Per-User Forward Files"
2835 Some sites mount each user's home directory
2836 from a local disk on their workstation,
2837 so that local access is fast.
2838 However, the result is that .forward file lookups are slow.
2840 mail can even be delivered on machines inappropriately
2841 because of a file server being down.
2842 The performance can be especially bad if you run the automounter.
2848 option allows you to set a path of forward files.
2849 For example, the config file line
2851 O ForwardPath=/var/forward/$u:$z/.forward.$w
2853 would first look for a file with the same name as the user's login
2855 if that is not found (or is inaccessible)
2859 in the user's home directory is searched.
2860 A truly perverse site could also search by sender
2861 by using $r, $s, or $f.
2863 If you create a directory such as /var/forward,
2864 it should be mode 1777
2865 (that is, the sticky bit should be set).
2866 Users should create the files mode 644.
2867 Note that you must use the
2868 forwardfileinunsafedirpath and
2869 forwardfileinunsafedirpathsafe
2870 flags with the DontBlameSendmail option
2871 to allow forward files in a world
2873 This might also be used as a
2875 attack (users could create forward files for other users);
2876 a better approach might be to create
2879 and create empty files for each user,
2882 If you do this, you don't have to set the DontBlameSendmail options
2886 On systems that have one of the system calls in the
2893 you can specify a minimum number of free blocks on the queue filesystem
2899 If there are fewer than the indicated number of blocks free
2900 on the filesystem on which the queue is mounted
2901 the SMTP server will reject mail
2904 This invites the SMTP client to try again later.
2906 Beware of setting this option too high;
2907 it can cause rejection of email
2908 when that mail would be processed without difficulty.
2909 .sh 2 "Maximum Message Size"
2911 To avoid overflowing your system with a large message,
2914 option can be set to set an absolute limit
2915 on the size of any one message.
2916 This will be advertised in the ESMTP dialogue
2917 and checked during message collection.
2918 .sh 2 "Privacy Flags"
2924 option allows you to set certain
2927 Actually, many of them don't give you any extra privacy,
2928 rather just insisting that client SMTP servers
2929 use the HELO command
2930 before using certain commands
2931 or adding extra headers to indicate possible spoof attempts.
2933 The option takes a series of flag names;
2934 the final privacy is the inclusive or of those flags.
2937 O PrivacyOptions=needmailhelo, noexpn
2939 insists that the HELO or EHLO command be used before a MAIL command is accepted
2940 and disables the EXPN command.
2942 The flags are detailed in section
2945 .sh 2 "Send to Me Too"
2949 deletes the (envelope) sender from any list expansions.
2952 sends to a list that contains
2954 as one of the members he won't get a copy of the message.
2958 command line flag, or if the
2962 option is set in the configuration file,
2963 this behaviour is suppressed.
2964 Some sites like to run the
2968 .sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
2970 This section describes the configuration file
2973 There is one point that should be made clear immediately:
2974 the syntax of the configuration file
2975 is designed to be reasonably easy to parse,
2976 since this is done every time
2979 rather than easy for a human to read or write.
2983 configuration-file compiler.
2985 The configuration file is organized as a series of lines,
2986 each of which begins with a single character
2987 defining the semantics for the rest of the line.
2988 Lines beginning with a space or a tab
2989 are continuation lines
2990 (although the semantics are not well defined in many places).
2991 Blank lines and lines beginning with a sharp symbol
2994 .sh 2 "R and S \*- Rewriting Rules"
2996 The core of address parsing
2997 are the rewriting rules.
2998 These are an ordered production system.
3000 scans through the set of rewriting rules
3001 looking for a match on the left hand side
3004 When a rule matches,
3005 the address is replaced by the right hand side
3009 There are several sets of rewriting rules.
3010 Some of the rewriting sets are used internally
3011 and must have specific semantics.
3012 Other rewriting sets
3013 do not have specifically assigned semantics,
3014 and may be referenced by the mailer definitions
3015 or by other rewriting sets.
3017 The syntax of these two commands are:
3022 Sets the current ruleset being collected to
3024 If you begin a ruleset more than once
3025 it appends to the old definition.
3033 fields must be separated
3034 by at least one tab character;
3035 there may be embedded spaces
3039 is a pattern that is applied to the input.
3041 the input is rewritten to the
3047 Macro expansions of the form
3050 are performed when the configuration file is read.
3051 Expansions of the form
3054 are performed at run time using a somewhat less general algorithm.
3055 This is intended only for referencing internally defined macros
3058 that are changed at runtime.
3059 .sh 3 "The left hand side"
3061 The left hand side of rewriting rules contains a pattern.
3062 Normal words are simply matched directly.
3063 Metasyntax is introduced using a dollar sign.
3064 The metasymbols are:
3066 .ta \w'\fB$=\fP\fIx\fP 'u
3067 \fB$*\fP Match zero or more tokens
3068 \fB$+\fP Match one or more tokens
3069 \fB$\-\fP Match exactly one token
3070 \fB$=\fP\fIx\fP Match any phrase in class \fIx\fP
3071 \fB$~\fP\fIx\fP Match any word not in class \fIx\fP
3073 If any of these match,
3074 they are assigned to the symbol
3077 for replacement on the right hand side,
3080 is the index in the LHS.
3086 is applied to the input:
3090 the rule will match, and the values passed to the RHS will be:
3097 Additionally, the LHS can include
3099 to match zero tokens.
3105 on the RHS, and is normally only used when it stands alone
3106 in order to match the null input.
3107 .sh 3 "The right hand side"
3109 When the left hand side of a rewriting rule matches,
3110 the input is deleted and replaced by the right hand side.
3111 Tokens are copied directly from the RHS
3112 unless they begin with a dollar sign.
3115 .ta \w'$#mailer\0\0\0'u
3116 \fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS
3117 \fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP
3118 \fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP
3119 Generalized keyed mapping function
3120 \fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP
3121 \fB$#\fP\fImailer\fP Resolve to \fImailer\fP
3122 \fB$@\fP\fIhost\fP Specify \fIhost\fP
3123 \fB$:\fP\fIuser\fP Specify \fIuser\fP
3129 syntax substitutes the corresponding value from a
3137 It may be used anywhere.
3139 A host name enclosed between
3143 is looked up in the host database(s)
3144 and replaced by the canonical name\**.
3147 completely equivalent
3148 to $(host \fIhostname\fP$).
3151 default can be used.
3156 .q ftp.CS.Berkeley.EDU
3158 .q $[[128.32.130.2]$]
3160 .q vangogh.CS.Berkeley.EDU.
3162 recognizes its numeric IP address
3163 without calling the name server
3164 and replaces it with its canonical name.
3170 syntax is a more general form of lookup;
3171 it uses a named map instead of an implicit map.
3172 If no lookup is found, the indicated
3175 if no default is specified and no lookup matches,
3176 the value is left unchanged.
3179 are passed to the map for possible use.
3185 causes the remainder of the line to be substituted as usual
3186 and then passed as the argument to ruleset
3188 The final value of ruleset
3191 the substitution for this rule.
3194 syntax expands everything after the ruleset name
3195 to the end of the replacement string
3196 and then passes that as the initial input to the ruleset.
3197 Recursive calls are allowed.
3202 expands $1, passes that to ruleset 3, and then passes the result
3203 of ruleset 3 to ruleset 0.
3209 be used in ruleset zero
3210 or a subroutine of ruleset zero.
3211 It causes evaluation of the ruleset to terminate immediately,
3214 that the address has completely resolved.
3215 The complete syntax is:
3217 \fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
3220 {mailer, host, user}
3221 3-tuple necessary to direct the mailer.
3222 If the mailer is local
3223 the host part may be omitted\**.
3225 \**You may want to use it for special
3228 For example, in the address
3229 .q jgm+foo@CMU.EDU ;
3232 part is not part of the user name,
3233 and is passed to the local mailer for local use.
3237 must be a single word,
3245 is the builtin IPC mailer,
3248 may be a colon-separated list of hosts
3249 that are searched in order for the first working address
3250 (exactly like MX records).
3253 is later rewritten by the mailer-specific envelope rewriting set
3257 As a special case, if the mailer specified has the
3260 and the first character of the
3266 is stripped off, and a flag is set in the address descriptor
3267 that causes sendmail to not do ruleset 5 processing.
3269 Normally, a rule that matches is retried,
3271 the rule loops until it fails.
3272 A RHS may also be preceded by a
3276 to change this behavior.
3279 prefix causes the ruleset to return with the remainder of the RHS
3283 prefix causes the rule to terminate immediately,
3284 but the ruleset to continue;
3285 this can be used to avoid continued application of a rule.
3286 The prefix is stripped before continuing.
3292 prefixes may precede a
3301 passes that to ruleset seven,
3305 is necessary to avoid an infinite loop.
3307 Substitution occurs in the order described,
3309 parameters from the LHS are substituted,
3310 hostnames are canonicalized,
3319 .sh 3 "Semantics of rewriting rule sets"
3321 There are six rewriting sets
3322 that have specific semantics.
3323 Five of these are related as depicted by figure 1.
3329 -->| 0 |-->resolved address
3332 / ---->| 1 |-->| S |--
3333 +---+ / +---+ / +---+ +---+ \e +---+
3334 addr-->| 3 |-->| D |-- --->| 4 |-->msg
3335 +---+ +---+ \e +---+ +---+ / +---+
3351 box invis "addr"; arrow
3354 BoxD: box "D"; line; L1: Here
3356 C1: arrow; box "1"; arrow; box "S"; line; E1: Here
3357 move to C1 down 0.5; right
3358 C2: arrow; box "2"; arrow; box "R"; line; E2: Here
3359 ] with .w at L1 + (0.5, 0)
3360 move to C.e right 0.5
3361 L4: arrow; box "4"; arrow; box invis "msg"
3362 line from L1 to C.C1
3363 line from L1 to C.C2
3364 line from C.E1 to L4
3365 line from C.E2 to L4
3366 move to BoxD.n up 0.6; right
3367 Box0: arrow; box "0"
3368 arrow; box invis "resolved address" width 1.3
3369 line from 1/3 of the way between A1 and BoxD.w to Box0
3374 Figure 1 \*- Rewriting set semantics
3376 D \*- sender domain addition
3377 S \*- mailer-specific sender rewriting
3378 R \*- mailer-specific recipient rewriting
3384 should turn the address into
3385 .q "canonical form."
3386 This form should have the basic syntax:
3388 local-part@host-domain-spec
3393 before doing anything with any address.
3408 flag is set in the mailer definition
3409 corresponding to the
3414 is applied after ruleset three
3415 to addresses that are going to actually specify recipients.
3416 It must resolve to a
3417 .i "{mailer, host, user}"
3421 must be defined in the mailer definitions
3422 from the configuration file.
3428 for use in the argv expansion of the specified mailer.
3430 Rulesets one and two
3431 are applied to all sender and recipient addresses respectively.
3432 They are applied before any specification
3433 in the mailer definition.
3434 They must never resolve.
3436 Ruleset four is applied to all addresses
3438 It is typically used
3439 to translate internal to external form.
3442 ruleset 5 is applied to all local addresses
3443 (specifically, those that resolve to a mailer with the `F=5'
3445 that do not have aliases.
3446 This allows a last minute hook for local names.
3447 .sh 3 "Ruleset hooks"
3449 A few extra rulesets are defined as
3451 that can be defined to get special features.
3452 They are all named rulesets.
3455 forms all give accept/reject status;
3456 falling off the end or returning normally is an accept,
3460 Many of these can also resolve to the special mailer
3462 this accepts the message as though it were successful
3463 but then discards it without delivery.
3468 ruleset is called after a connection is accepted.
3471 client.host.name $| client.host.address
3475 is a metacharacter separating the two parts.
3476 This ruleset can reject connections from various locations.
3481 ruleset is passed the user name parameter of the
3484 It can accept or reject the address.
3489 ruleset is passed the user name parameter of the
3492 It can accept or reject the address.
3493 .sh 4 "check_compat"
3499 sender-address $| recipient-address
3503 is a metacharacter separating the addresses.
3504 It can accept or reject mail transfer between these two addresses
3510 Some special processing occurs
3511 if the ruleset zero resolves to an IPC mailer
3512 (that is, a mailer that has
3514 listed as the Path in the
3517 The host name passed after
3519 has MX expansion performed;
3520 this looks the name up in DNS to find alternate delivery sites.
3522 The host name can also be provided as a dotted quad in square brackets;
3527 This causes direct conversion of the numeric value
3528 to an IP host address.
3530 The host name passed in after the
3532 may also be a colon-separated list of hosts.
3533 Each is separately MX expanded and the results are concatenated
3534 to make (essentially) one long MX list.
3535 The intent here is to create
3537 MX records that are not published in DNS
3538 for private internal networks.
3540 As a final special case, the host name can be passed in
3544 [ucbvax.berkeley.edu]
3546 This form avoids the MX mapping.
3549 This is intended only for situations where you have a network firewall
3550 or other host that will do special processing for all your mail,
3551 so that your MX record points to a gateway machine;
3552 this machine could then do direct delivery to machines
3553 within your local domain.
3554 Use of this feature directly violates RFC 1123 section 5.3.5:
3555 it should not be used lightly.
3557 .sh 2 "D \*- Define Macro"
3559 Macros are named with a single character
3560 or with a word in {braces}.
3561 Single character names may be selected from the entire ASCII set,
3562 but user-defined macros
3563 should be selected from the set of upper case letters only.
3566 are used internally.
3567 Long names beginning with a lower case letter or a punctuation character
3568 are reserved for use by sendmail,
3569 so user-defined long macro names should begin with an upper case letter.
3571 The syntax for macro definitions is:
3578 is the name of the macro
3579 (which may be a single character
3580 or a word in braces)
3583 is the value it should have.
3584 There should be no spaces given
3585 that do not actually belong in the macro value.
3587 Macros are interpolated
3593 is the name of the macro to be interpolated.
3594 This interpolation is done when the configuration file is read,
3598 The special construct
3603 lines to get deferred interpolation.
3605 Conditionals can be specified using the syntax:
3607 $?x text1 $| text2 $.
3621 clause may be omitted.
3623 Lower case macro names are reserved to have
3625 used to pass information in or out of
3627 and special characters are reserved to
3628 provide conditionals, etc.
3634 are specifically reserved for configuration file authors.
3636 The following macros are defined and/or used internally by
3638 for interpolation into argv's for mailers
3639 or for other contexts.
3640 The ones marked \(dg are information passed into sendmail\**,
3642 \**As of version 8.6,
3643 all of these macros have reasonable defaults.
3644 Previous versions required that they be defined.
3646 the ones marked \(dd are information passed both in and out of sendmail,
3647 and the unmarked macros are passed out of sendmail
3648 but are not otherwise used internally.
3652 The origination date in RFC 822 format.
3653 This is extracted from the Date: line.
3655 The current date in RFC 822 format.
3658 This is a count of the number of Received: lines
3659 plus the value of the
3663 The current date in UNIX (ctime) format.
3665 (Obsolete; use SmtpGreetingMessage option instead.)
3666 The SMTP entry message.
3667 This is printed out when SMTP starts up.
3668 The first word must be the
3670 macro as specified by RFC821.
3672 .q "$j Sendmail $v ready at $b" .
3673 Commonly redefined to include the configuration version number, e.g.,
3674 .q "$j Sendmail $v/$Z ready at $b"
3676 The envelope sender (from) address.
3678 The sender address relative to the recipient.
3686 .q foo@host.domain ,
3687 or whatever is appropriate for the receiving mailer.
3690 This is set in ruleset 0 from the $@ field of a parsed address.
3696 The \*(lqofficial\*(rq domain name for this site.
3697 This is fully qualified if the full qualification can be found.
3700 be redefined to be the fully qualified domain name
3701 if your system is not configured so that information can find
3704 The UUCP node name (from the uname system call).
3706 (Obsolete; use UnixFromLine option instead.)
3707 The format of the UNIX from line.
3708 Unless you have changed the UNIX mailbox format,
3709 you should not change the default,
3713 The domain part of the \fIgethostname\fP return value.
3714 Under normal circumstances,
3719 The name of the daemon (for error messages).
3723 (Obsolete: use OperatorChars option instead.)
3724 The set of \*(lqoperators\*(rq in addresses.
3725 A list of characters
3726 which will be considered tokens
3727 and which will separate tokens
3733 macro, then the input
3735 would be scanned as three tokens:
3742 which is the minimum set necessary to do RFC 822 parsing;
3743 a richer set of operators is
3745 which adds support for UUCP, the %-hack, and X.400 addresses.
3747 Sendmail's process id.
3749 Default format of sender address.
3752 macro specifies how an address should appear in a message
3753 when it is defaulted.
3756 It is commonly redefined to be
3757 .q "$?x$x <$g>$|$g$."
3760 corresponding to the following two formats:
3762 Eric Allman <eric@CS.Berkeley.EDU>
3763 eric@CS.Berkeley.EDU (Eric Allman)
3766 properly quotes names that have special characters
3767 if the first form is used.
3769 Protocol used to receive the message.
3772 command line flag or by the SMTP server code.
3777 command line flag or by the SMTP server code.
3779 A numeric representation of the current time.
3783 The version number of the
3787 The hostname of this site.
3788 This is the root name of this host (but see below for caveats).
3790 The full name of the sender.
3792 The home directory of the recipient.
3794 The validated sender address.
3796 The message body type
3798 as determined from the envelope.
3800 The IP address of the SMTP client.
3801 Defined in the SMTP server only.
3803 The host name of the SMTP client.
3804 This may be the client's bracketed IP address
3805 in the form [ nnn.nnn.nnn.nnn ] if the client's
3806 IP address is not resolvable.
3807 Defined in the SMTP server only.
3809 The port number of the SMTP client.
3810 Defined in the SMTP server only.
3812 The envelope id passed to sendmail as part of the envelope.
3814 The current operation mode (from the
3818 The current delivery mode
3823 There are three types of dates that can be used.
3828 macros are in RFC 822 format;
3830 is the time as extracted from the
3836 is the current date and time
3837 (used for postmarks).
3840 line is found in the incoming message,
3842 is set to the current time also.
3845 macro is equivalent to the
3856 are set to the identity of this host.
3858 tries to find the fully qualified name of the host
3860 it does this by calling
3862 to get the current hostname
3863 and then passing that to
3864 .i gethostbyname (3)
3865 which is supposed to return the canonical version of that host name.\**
3867 \**For example, on some systems
3871 which would be mapped to
3876 Assuming this is successful,
3878 is set to the fully qualified name
3881 is set to the domain part of the name
3882 (everything after the first dot).
3885 macro is set to the first word
3886 (everything before the first dot)
3887 if you have a level 5 or higher configuration file;
3888 otherwise, it is set to the same value as
3890 If the canonification is not successful,
3891 it is imperative that the config file set
3893 to the fully qualified domain name\**.
3895 \**Older versions of sendmail didn't pre-define
3897 at all, so up until 8.6,
3906 macro is the id of the sender
3907 as originally determined;
3908 when mailing to a specific host
3911 macro is set to the address of the sender
3913 relative to the recipient.
3916 .q bollard@matisse.CS.Berkeley.EDU
3918 .q vangogh.CS.Berkeley.EDU
3926 .q eric@vangogh.CS.Berkeley.EDU.
3930 macro is set to the full name of the sender.
3931 This can be determined in several ways.
3932 It can be passed as flag to
3934 It can be defined in the
3936 environment variable.
3937 The third choice is the value of the
3939 line in the header if it exists,
3940 and the fourth choice is the comment field
3944 If all of these fail,
3945 and if the message is being originated locally,
3946 the full name is looked up in the
3956 macros get set to the host, user, and home directory
3959 The first two are set from the
3963 part of the rewriting rules, respectively.
3969 macros are used to create unique strings
3975 macro is set to the queue id on this host;
3976 if put into the timestamp line
3977 it can be extremely useful for tracking messages.
3980 macro is set to be the version number of
3982 this is normally put in timestamps
3983 and has been proven extremely useful for debugging.
3989 i.e., the number of times this message has been processed.
3990 This can be determined
3993 flag on the command line
3994 or by counting the timestamps in the message.
4000 fields are set to the protocol used to communicate with
4002 and the sending hostname.
4003 They can be set together using the
4005 command line flag or separately using the
4013 is set to a validated sender host name.
4014 If the sender is running an RFC 1413 compliant IDENT server
4015 and the receiver has the IDENT protocol turned on,
4016 it will include the user name on that host.
4024 are set to the name, address, and port number of the SMTP client
4028 These can be used in the
4032 deferred evaluation form, of course!).
4033 .sh 2 "C and F \*- Define Classes"
4035 Classes of phrases may be defined
4036 to match on the left hand side of rewriting rules,
4039 is a sequence of characters that does not contain space characters.
4041 a class of all local names for this site
4043 so that attempts to send to oneself
4045 These can either be defined directly in the configuration file
4046 or read in from another file.
4047 Classes are named as a single letter or a word in {braces}.
4048 Class names beginning with lower case letters
4049 and special characters are reserved for system use.
4050 Classes defined in config files may be given names
4051 from the set of upper case letters for short names
4052 or beginning with an upper case letter for long names.
4063 The first form defines the class
4065 to match any of the named words.
4066 It is permissible to split them among multiple lines;
4067 for example, the two forms:
4078 reads the elements of the class
4083 Elements of classes can be accessed in rules using
4089 (match entries not in class)
4090 only matches a single word;
4091 multi-word entries in the class are ignored in this context.
4093 Some classes have internal meaning to
4097 .\"A set of Content-Types that will not have the newline character
4098 .\"translated to CR-LF before encoding into base64 MIME.
4099 .\"The class can have major times
4104 .\".q application/octet-stream ).
4105 .\"The class is initialized with
4106 .\".q application/octet-stream ,
4112 contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
4113 It is predefined to contain
4119 set to be the same as
4121 that is, the UUCP node name.
4123 set to the set of domains by which this host is known,
4127 can be set to the set of MIME body types
4128 that can never be eight to seven bit encoded.
4130 .q multipart/signed .
4135 are never encoded directly.
4136 Multipart messages are always handled recursively.
4137 The handling of message/* messages
4138 are controlled by class
4141 A set of Content-Types that will never be encoded as base64
4142 (if they have to be encoded, they will be encoded as quoted-printable).
4143 It can have primary types
4149 The class is initialized to have
4153 contains the set of subtypes of message that can be treated recursively.
4154 By default it contains only
4158 types cannot be 8\(->7 bit encoded.
4159 If a message containing eight bit data is sent to a seven bit host,
4160 and that message cannot be encoded into seven bits,
4161 it will be stripped to 7 bits.
4163 set to the set of trusted users by the
4166 If you want to read trusted users from a file, use
4170 set to be the set of all names
4171 this host is known by.
4172 This can be used to match local hostnames.
4175 can be compiled to allow a
4180 This lets you do simplistic parsing of text files.
4181 For example, to read all the user names in your system
4183 file into a class, use
4187 which reads every line up to the first colon.
4188 .sh 2 "M \*- Define Mailer"
4190 Programs and interfaces to mailers
4191 are defined in this line.
4202 is the name of the mailer
4203 (used internally only)
4206 pairs define attributes of the mailer.
4210 Path The pathname of the mailer
4211 Flags Special flags for this mailer
4212 Sender Rewriting set(s) for sender addresses
4213 Recipient Rewriting set(s) for recipient addresses
4214 Argv An argument vector to pass to this mailer
4215 Eol The end-of-line string for this mailer
4216 Maxsize The maximum message length to this mailer
4217 Linelimit The maximum line length in the message body
4218 Directory The working directory for the mailer
4219 Userid The default user and group id to run as
4220 Nice The nice(2) increment for the mailer
4221 Charset The default character set for 8-bit characters
4222 Type The MTS type information (used for error messages)
4224 Only the first character of the field name is checked.
4226 The following flags may be set in the mailer description.
4227 Any other flags may be used freely
4228 to conditionally assign headers to messages
4229 destined for particular mailers.
4230 Flags marked with \(dg
4231 are not interpreted by the
4234 these are the conventionally used to correlate to the flags portion
4238 Flags marked with \(dd
4239 apply to the mailers for the sender address
4240 rather than the usual recipient mailers.
4243 Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870).
4244 This flag defaults on if the SMTP greeting message includes the word
4247 Look up the user part of the address in the alias database.
4248 Normally this is only set for local mailers.
4250 Force a blank line on the end of a message.
4251 This is intended to work around some stupid versions of
4253 that require a blank line, but do not provide it themselves.
4254 It would not normally be used on network mail.
4256 Do not include comments in addresses.
4257 This should only be used if you have to work around
4258 a remote mailer that gets confused by comments.
4259 This strips addresses of the form
4260 .q "Phrase <address>"
4262 .q "address (Comment)"
4268 from a mailer with this flag set,
4269 any addresses in the header that do not have an at sign
4272 after being rewritten by ruleset three
4275 clause from the sender envelope address
4277 This allows mail with headers of the form:
4280 To: userb@hostb, userc
4285 To: userb@hostb, userc@hosta
4288 However, it doesn't really work reliably.
4290 Do not include angle brackets around route-address syntax addresses.
4291 This is useful on mailers that are going to pass addresses to a shell
4292 that might interpret angle brackets as I/O redirection.
4298 This mailer is expensive to connect to,
4299 so try to avoid connecting normally;
4300 any necessary connection will occur during a queue run.
4302 Escape lines beginning with
4304 in the message with a `>' sign.
4310 but only if this is a network forward operation
4312 the mailer will give an error
4313 if the executing user
4314 does not have special permissions).
4322 sends internally generated email (e.g., error messages)
4323 using the null return address
4324 as required by RFC 1123.
4325 However, some mailers don't accept a null return address.
4331 from obeying the standards;
4332 error messages will be sent as from the MAILER-DAEMON
4333 (actually, the value of the
4337 Upper case should be preserved in host names
4340 Do User Database rewriting on envelope sender address.
4342 This mailer will be speaking SMTP
4346 as such it can use special protocol features.
4347 This option is not required
4349 if this option is omitted the transmission will still operate successfully,
4350 although perhaps not as efficiently as possible).
4352 Do User Database rewriting on recipients as well as senders.
4356 connects to a host via SMTP,
4357 it checks to make sure that this isn't accidently the same host name
4360 is misconfigured or if a long-haul network interface is set in loopback mode.
4361 This flag disables the loopback check.
4362 It should only be used under very unusual circumstances.
4364 Currently unimplemented.
4365 Reserved for chunking.
4367 This mailer is local
4369 final delivery will be performed).
4371 Limit the line lengths as specified in RFC821.
4372 This deprecated option should be replaced by the
4375 For historic reasons, the
4381 This mailer can send to multiple users
4388 part of the mailer definition,
4389 that field will be repeated as necessary
4390 for all qualifying users.
4396 Do not insert a UNIX-style
4398 line on the front of the message.
4400 Always run as the owner of the recipient mailbox.
4403 runs as the sender for locally generated mail
4406 (actually, the user specified in the
4409 when delivering network mail.
4410 The normal behaviour is required by most local mailers,
4411 which will not allow the envelope sender address
4412 to be set unless the mailer is running as daemon.
4413 This flag is ignored if the
4417 Use the route-addr style reverse-path in the SMTP
4420 rather than just the return address;
4421 although this is required in RFC821 section 3.1,
4422 many hosts do not process reverse-paths properly.
4423 Reverse-paths are officially discouraged by RFC 1123.
4429 When an address that resolves to this mailer is verified
4430 (SMTP VRFY command),
4431 generate 250 responses instead of 252 responses.
4432 This will imply that the address is local.
4440 Open SMTP connections from a
4445 except on UNIX machines,
4446 so it is unclear that this adds anything.
4448 Strip quote characters (" and \e) off of the address
4449 before calling the mailer.
4451 Don't reset the userid
4452 before calling the mailer.
4453 This would be used in a secure environment
4457 This could be used to avoid forged addresses.
4460 field is also specified,
4461 this flag causes the user id to always be set to that user and group
4462 (instead of leaving it as root).
4464 Upper case should be preserved in user names
4467 This mailer wants UUCP-style
4470 .q "remote from <host>"
4473 The user must have a valid account on this machine,
4478 the mail is bounced.
4479 This is required to get
4487 This mailer want to use the hidden dot algorithm
4488 as specified in RFC821;
4490 any line beginning with a dot
4491 will have an extra dot prepended
4492 (to be stripped at the other end).
4493 This insures that lines in the message containing a dot
4494 will not terminate the message prematurely.
4496 Run Local Mail Transfer Protocol (LMTP)
4499 and the local mailer.
4500 This is a variant on SMTP
4502 that is specifically designed for delivery to a local mailbox.
4504 Don't look up MX records for hosts sent via SMTP.
4506 Extend the list of characters converted to =XX notation
4507 when converting to Quoted-Printable
4508 to include those that don't map cleanly between ASCII and EBCDIC.
4509 Useful if you have IBM mainframes on site.
4511 If no aliases are found for this address,
4512 pass the address through ruleset 5 for possible alternate resolution.
4513 This is intended to forward the mail to an alternate delivery spot.
4515 Strip all output to seven bits.
4516 This is the default if the
4519 Note that clearing this option is not
4520 sufficient to get full eight bit data passed through
4524 option is set, this is essentially always set,
4525 since the eighth bit was stripped on input.
4526 Note that this option will only impact messages
4527 that didn't have 8\(->7 bit MIME conversions performed.
4530 it is acceptable to send eight bit data to this mailer;
4531 the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
4536 7\(->8 bit MIME conversions.
4537 These conversions are limited to text/plain data.
4539 Check addresses to see if they begin
4541 if they do, convert them to the
4545 Check addresses to see if they begin with a `|';
4546 if they do, convert them to the
4550 Check addresses to see if they begin with a `/';
4551 if they do, convert them to the
4555 Look up addresses in the user database.
4557 Configuration files prior to level 6
4558 assume the `A', `w', `5', `:', `|', `/', and `@' options
4562 The mailer with the special name
4564 can be used to generate a user error.
4565 The (optional) host field is an exit status to be returned,
4566 and the user field is a message to be printed.
4567 The exit status may be numeric or one of the values
4568 USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG
4569 to return the corresponding EX_ exit code,
4570 or an enhanced error code as described in RFC 1893,
4572 Enhanced Mail System Status Codes.
4573 For example, the entry:
4575 $#error $@ NOHOST $: Host unknown in this domain
4577 on the RHS of a rule
4578 will cause the specified error to be generated
4581 exit status to be returned
4583 This mailer is only functional in rulesets 0, 5,
4584 or one of the check_* rulesets.
4586 The mailer with the special name
4588 causes any mail sent to it to be discarded
4589 but otherwise treated as though it were successfully delivered.
4594 be defined in every configuration file.
4595 This is used to deliver local mail,
4596 and is treated specially in several ways.
4597 Additionally, three other mailers named
4602 may be defined to tune the delivery of messages to programs,
4604 and :include: lists respectively.
4607 Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
4608 M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
4609 M*include*, P=/dev/null, F=su, A=INCLUDE $u
4612 The Sender and Recipient rewriting sets
4613 may either be a simple ruleset id
4614 or may be two ids separated by a slash;
4615 if so, the first rewriting set is applied to envelope
4617 and the second is applied to headers.
4618 Setting any value zero disables corresponding mailer-specific rewriting.
4621 is actually a colon-separated path of directories to try.
4622 For example, the definition
4624 first tries to execute in the recipient's home directory;
4625 if that is not available,
4626 it tries to execute in the root of the filesystem.
4627 This is intended to be used only on the
4630 since some shells (such as
4632 refuse to execute if they cannot read the home directory.
4633 Since the queue directory is not normally readable by unprivileged users
4635 scripts as recipients can fail.
4638 specifies the default user and group id to run as,
4644 mailer flag is also specified,
4645 this is the user and group to run as in all circumstances.
4646 This may be given as
4648 to set both the user and group id;
4649 either may be an integer or a symbolic name to be looked up
4655 If only a symbolic user name is specified,
4658 file for that user is used as the group id.
4661 is used when converting a message to MIME;
4662 this is the character set used in the
4663 Content-Type: header.
4664 If this is not set, the
4667 and if that is not set, the value
4671 this field applies to the sender's mailer,
4672 not the recipient's mailer.
4673 For example, if the envelope sender address
4674 lists an address on the local network
4675 and the recipient is on an external network,
4676 the character set will be set from the Charset= field
4677 for the local network mailer,
4678 not that of the external network mailer.
4681 sets the type information
4682 used in MIME error messages
4685 It is actually three values separated by slashes:
4686 the MTA-type (that is, the description of how hosts are named),
4687 the address type (the description of e-mail addresses),
4688 and the diagnostic type (the description of error diagnostic codes).
4689 Each of these must be a registered value
4693 .q dns/rfc822/smtp .
4694 .sh 2 "H \*- Define Header"
4696 The format of the header lines that
4698 inserts into the message
4702 The syntax of this line is:
4712 Continuation lines in this spec
4713 are reflected directly into the outgoing message.
4716 is macro-expanded before insertion into the message.
4719 (surrounded by question marks)
4721 at least one of the specified flags
4722 must be stated in the mailer definition
4723 for this header to be automatically output.
4724 If one of these headers is in the input
4725 it is reflected to the output
4726 regardless of these flags.
4728 Some headers have special semantics
4729 that will be described later.
4731 A secondary syntax allows validation of headers as they are being read.
4732 To enable validation, use:
4741 is called for the specified
4745 to reject the message or
4747 to discard the message
4751 The header is treated as a structured field,
4753 comments (in parentheses) are deleted before processing.
4755 For example, the configuration lines:
4757 HMessage-Id: $>CheckMessageId
4761 R$* $#error $: Illegal Message-Id header
4763 would refuse any message that had a Message-Id: header of any of the
4767 Message-Id: some text
4768 Message-Id: <legal text@domain> extra crud
4770 .sh 2 "O \*- Set Option"
4772 There are a number of
4775 can be set from a configuration file.
4776 Options are represented by full words;
4777 some are also representable as single characters
4778 for back compatibility.
4779 The syntax of this line is:
4792 be a space between the letter `O' and the name of the option.
4793 An older version is:
4800 is a single character.
4801 Depending on the option,
4803 may be a string, an integer,
4811 the default is TRUE),
4815 The options supported (with the old, one character names in brackets) are:
4817 .ip "AliasFile=\fIspec, spec, ...\fP"
4819 Specify possible alias file(s).
4822 should be in the format
4830 is optional and defaults to ``implicit''.
4833 is compiled, valid classes are
4835 (search through a compiled-in list of alias file types,
4836 for back compatibility),
4846 (internal symbol table \*- not normally used
4847 unless you have no other database lookup),
4857 searches them in order.
4858 .ip AliasWait=\fItimeout\fP
4863 (units default to minutes)
4866 entry to exist in the alias database
4868 If it does not appear in the
4871 rebuild the database
4873 .b AutoRebuildAliases
4878 If set, allow HELO SMTP commands that don't include a host name.
4879 Setting this violates RFC 1123 section 5.2.5,
4880 but is necessary to interoperate with several SMTP clients.
4881 If there is a value, it is still checked for legitimacy.
4882 .ip AutoRebuildAliases
4885 rebuild the alias database if necessary and possible.
4886 If this option is not set,
4888 will never rebuild the alias database
4889 unless explicitly requested
4892 Not recommended \(em can cause thrashing.
4893 .ip BlankSub=\fIc\fP
4895 Set the blank substitution character to
4897 Unquoted spaces in addresses are replaced by this character.
4898 Defaults to space (i.e., no change is made).
4901 Validate the RHS of aliases when rebuilding the alias database.
4902 .ip CheckpointInterval=\fIN\fP
4904 Checkpoints the queue every
4908 If your system crashes during delivery to a large list,
4909 this prevents retransmission to any but the last
4912 .ip ClassFactor=\fIfact\fP
4916 is multiplied by the message class
4917 (determined by the Precedence: field in the user header
4920 lines in the configuration file)
4921 and subtracted from the priority.
4922 Thus, messages with a higher Priority: will be favored.
4926 If set, colons are acceptable in e-mail addresses
4929 If not set, colons indicate the beginning of a RFC 822 group construct
4931 .q "groupname: member1, member2, ... memberN;" ).
4932 Doubled colons are always acceptable
4935 and proper route-addr nesting is understood
4937 .q <@relay:user@host> ).
4938 Furthermore, this option defaults on if the configuration version level
4939 is less than 6 (for back compatibility).
4940 However, it must be off for full compatibility with RFC 822.
4941 .ip ConnectionCacheSize=\fIN\fP
4943 The maximum number of open connections that will be cached at a time.
4945 This delays closing the current connection until
4946 either this invocation of
4948 needs to connect to another host
4950 Setting it to zero defaults to the old behavior,
4951 that is, connections are closed immediately.
4952 Since this consumes file descriptors,
4953 the connection cache should be kept small:
4954 4 is probably a practical maximum.
4955 .ip ConnectionCacheTimeout=\fItimeout\fP
4957 The maximum amount of time a cached connection will be permitted to idle
4959 If this time is exceeded,
4960 the connection is immediately closed.
4961 This value should be small (on the order of ten minutes).
4964 uses a cached connection,
4965 it always sends a RSET command
4966 to check the connection;
4967 if this fails, it reopens the connection.
4968 This keeps your end from failing if the other end times out.
4969 The point of this option is to be a good network neighbor
4970 and avoid using up excessive resources
4972 The default is five minutes.
4973 .ip ConnectionRateThrottle=\fIN\fP
4975 If set to a positive value,
4978 incoming daemon connections in a one second period.
4979 This is intended to flatten out peaks
4980 and allow the load average checking to cut in.
4981 Defaults to zero (no limits).
4982 .ip DaemonPortOptions=\fIoptions\fP
4984 Set server SMTP options.
4991 Port Name/number of listening port (defaults to "smtp")
4992 Addr Address mask (defaults INADDR_ANY)
4993 Family Address family (defaults to INET)
4994 Listen Size of listen queue (defaults to 10)
4995 SndBufSize Size of TCP send buffer
4996 RcvBufSize Size of TCP receive buffer
5000 mask may be a numeric address in dot notation
5002 .ip DefaultCharSet=\fIcharset\fP
5004 When a message that has 8-bit characters but is not in MIME format
5005 is converted to MIME
5006 (see the EightBitMode option)
5007 a character set must be included in the Content-Type: header.
5008 This character set is normally set from the Charset= field
5009 of the mailer descriptor.
5010 If that is not set, the value of this option is used.
5011 If this option is not set, the value
5014 .ip DefaultUser=\fIuser:group\fP
5016 Set the default userid for mailers to
5023 (as opposed to a numeric user id)
5024 the default group listed in the /etc/passwd file for that user is used
5025 as the default group.
5033 flag in the mailer definition
5034 will run as this user.
5036 The value can also be given as a symbolic user name.\**
5040 option has been combined into the
5044 .ip DeliveryMode=\fIx\fP
5051 i Deliver interactively (synchronously)
5052 b Deliver in background (asynchronously)
5053 q Just queue the message (deliver during queue run)
5054 d Defer delivery and all map lookups (deliver during queue run)
5056 Defaults to ``b'' if no option is specified,
5057 ``i'' if it is specified but given no argument
5058 (i.e., ``Od'' is equivalent to ``Odi'').
5061 command line flag sets this to
5063 .ip DialDelay=\fIsleeptime\fP
5065 Dial-on-demand network connections can see timeouts
5066 if a connection is opened before the call is set up.
5067 If this is set to an interval and a connection times out
5068 on the first connection being attempted
5070 will sleep for this amount of time and try again.
5071 This should give your system time to establish the connection
5072 to your service provider.
5073 Units default to seconds, so
5075 uses a five second delay.
5078 .ip DontBlameSendmail=\fIoption,option,...\fP
5080 In order to avoid possible cracking attempts
5081 caused by world- and group-writable files and directories,
5083 does paranoid checking when opening most of its support files.
5084 If for some reason you absolutely must run with,
5089 then you will have to turn off this checking
5090 (at the cost of making your system more vulnerable to attack).
5091 The arguments are individual options that turn off checking:
5095 ClassFileInUnsafeDirPath
5096 ErrorHeaderInUnsafeDirPath
5097 FileDeliveryToHardLink
5098 FileDeliveryToSymLink
5099 ForwardFileInUnsafeDirPath
5100 ForwardFileInUnsafeDirPathSafe
5101 ForwardFileIngroupWritableDirPath
5102 GroupWritableAliasFile
5103 GroupWritableDirPathSafe
5104 GroupWritableForwardFileSafe
5105 GroupWritableIncludeFileSafe
5106 HelpFileinUnsafeDirPath
5107 IncludeFileInUnsafeDirPath
5108 IncludeFileInUnsafeDirPathSafe
5109 IncludeFileIngroupWritableDirPath
5110 LinkedAliasFileInWritableDir
5111 LinkedClassFileInWritableDir
5112 LinkedForwardFileInWritableDir
5113 LinkedIncludeFileInWritableDir
5114 LinkedMapInWritableDir
5115 LinkedServiceSwitchFileInWritableDir
5117 RunProgramInUnsafeDirPath
5119 WorldWritableAliasFile
5122 WriteStatsToHardLink
5127 The details of these flags are described above.
5128 .\"XXX should have more here!!! XXX
5129 .b "Use of this option is not recommended."
5130 .ip DontExpandCnames
5132 The standards say that all host addresses used in a mail message
5133 must be fully canonical.
5134 For example, if your host is named
5136 and also has an alias of
5138 the former name must be used at all times.
5139 This is enforced during host name canonification
5140 ($[ ... $] lookups).
5141 If this option is set, the protocols are ignored and the
5144 However, the IETF is moving toward changing this standard,
5145 so the behaviour may become acceptable.
5146 Please note that hosts downstream may still rewrite the address
5147 to be the true canonical name however.
5152 will avoid using the initgroups(3) call.
5153 If you are running NIS,
5154 this causes a sequential scan of the groups.byname map,
5155 which can cause your NIS server to be badly overloaded in a large domain.
5156 The cost of this is that the only group found for users
5157 will be their primary group (the one in the password file),
5158 which will make file access permissions somewhat more restrictive.
5159 Has no effect on systems that don't have group lists.
5160 .ip DontProbeInterfaces
5163 normally finds the names of all interfaces active on your machine
5165 and adds their name to the
5167 class of known host aliases.
5168 If you have a large number of virtual interfaces
5169 or if your DNS inverse lookups are slow
5170 this can be time consuming.
5171 This option turns off that probing.
5172 However, you will need to be certain to include all variant names
5175 class by some other mechanism.
5180 tries to eliminate any unnecessary explicit routes
5181 when sending an error message
5182 (as discussed in RFC 1123 \(sc 5.2.6).
5184 when sending an error message to
5186 <@known1,@known2,@known3:user@unknown>
5191 in order to make the route as direct as possible.
5194 option is set, this will be disabled,
5195 and the mail will be sent to the first address in the route,
5196 even if later addresses are known.
5197 This may be useful if you are caught behind a firewall.
5198 .ip DoubleBounceAddress=\fIerror-address\fP
5200 If an error occurs when sending an error message,
5201 send the error report
5204 because it is an error
5206 that occurs when trying to send another error
5208 to the indicated address.
5209 If not set, defaults to
5211 .ip EightBitMode=\fIaction\fP
5213 Set handling of eight-bit data.
5214 There are two kinds of eight-bit data:
5215 that declared as such using the
5217 ESMTP declaration or the
5220 and undeclared 8-bit data, that is,
5221 input that just happens to be eight bits.
5222 There are three basic operations that can happen:
5223 undeclared 8-bit data can be automatically converted to 8BITMIME,
5224 undeclared 8-bit data can be passed as-is without conversion to MIME
5226 and declared 8-bit data can be converted to 7-bits
5227 for transmission to a non-8BITMIME mailer.
5232 .\" r Reject undeclared 8-bit data;
5233 .\" don't convert 8BITMIME\(->7BIT (``reject'')
5234 s Reject undeclared 8-bit data (``strict'')
5235 .\" do convert 8BITMIME\(->7BIT (``strict'')
5236 .\" c Convert undeclared 8-bit data to MIME;
5237 .\" don't convert 8BITMIME\(->7BIT (``convert'')
5238 m Convert undeclared 8-bit data to MIME (``mime'')
5239 .\" do convert 8BITMIME\(->7BIT (``mime'')
5240 .\" j Pass undeclared 8-bit data;
5241 .\" don't convert 8BITMIME\(->7BIT (``just send 8'')
5242 p Pass undeclared 8-bit data (``pass'')
5243 .\" do convert 8BITMIME\(->7BIT (``pass'')
5244 .\" a Adaptive algorithm: see below
5246 .\"The adaptive algorithm is to accept 8-bit data,
5247 .\"converting it to 8BITMIME only if the receiver understands that,
5248 .\"otherwise just passing it as undeclared 8-bit data;
5249 .\"8BITMIME\(->7BIT conversions are done.
5250 In all cases properly declared 8BITMIME data will be converted to 7BIT
5252 .ip ErrorHeader=\fIfile-or-message\fP
5254 Prepend error messages with the indicated message.
5255 If it begins with a slash,
5256 it is assumed to be the pathname of a file
5257 containing a message (this is the recommended setting).
5258 Otherwise, it is a literal message.
5259 The error file might contain the name, email address, and/or phone number
5260 of a local postmaster who could provide assistance
5262 If the option is missing or null,
5263 or if it names a file which does not exist or which is not readable,
5264 no message is printed.
5265 .ip ErrorMode=\fIx\fP
5267 Dispose of errors using mode
5273 p Print error messages (default)
5274 q No messages, just give exit status
5276 w Write back errors (mail if user not logged in)
5277 e Mail back errors and give zero exit stat always
5279 .ip FallbackMXhost=\fIfallbackhost\fP
5283 acts like a very low priority MX
5285 This is intended to be used by sites with poor network connectivity.
5289 deliver each job that is run from the queue in a separate process.
5290 Use this option if you are short of memory,
5291 since the default tends to consume considerable amounts of memory
5292 while the queue is being processed.
5293 .ip ForwardPath=\fIpath\fP
5295 Set the path for searching for users' .forward files.
5298 Some sites that use the automounter may prefer to change this to
5300 to search a file with the same name as the user in a system directory.
5301 It can also be set to a sequence of paths separated by colons;
5303 stops at the first file it can successfully and safely open.
5305 .q /var/forward/$u:$z/.forward
5306 will search first in /var/forward/\c
5309 .i ~username /.forward
5310 (but only if the first file does not exist).
5311 .ip HelpFile=\fIfile\fP
5313 Specify the help file
5317 If an outgoing mailer is marked as being expensive,
5318 don't connect immediately.
5319 This requires that queueing be compiled in,
5320 since it will depend on a queue run process to
5321 actually send the mail.
5322 .ip HostsFile=\fIpath\fP
5324 The path to the hosts database,
5327 This option is only consulted when sendmail
5328 is canonifying addresses,
5333 service switch entry.
5334 In particular, this file is
5336 used when looking up host addresses;
5337 that is under the control of the system
5338 .i gethostbyname (3)
5340 .ip HostStatusDirectory=\fIpath\fP
5342 The location of the long term host status information.
5344 information about the status of hosts
5345 (e.g., host down or not accepting connections)
5346 will be shared between all
5349 normally, this information is only held within a single queue run.
5350 This option requires a connection cache of at least 1 to function.
5351 If the option begins with a leading `/',
5352 it is an absolute pathname;
5354 it is relative to the mail queue directory.
5355 A suggested value for sites desiring persistent host status is
5357 (i.e., a subdirectory of the queue directory).
5360 Ignore dots in incoming messages.
5361 This is always disabled (that is, dots are always accepted)
5362 when reading SMTP mail.
5363 .ip LogLevel=\fIn\fP
5365 Set the log level to
5374 This is intended only for use from the command line.
5380 Allow fuzzy matching on the GECOS field.
5381 If this flag is set,
5382 and the usual user name lookups fail
5383 (that is, there is no alias with this name and a
5386 sequentially search the password file
5387 for a matching entry in the GECOS field.
5388 This also requires that MATCHGECOS
5389 be turned on during compilation.
5390 This option is not recommended.
5391 .ip MaxDaemonChildren=\fIN\fP
5395 will refuse connections when it has more than
5397 children processing incoming mail.
5398 This does not limit the number of outgoing connections.
5399 If not set, there is no limit to the number of children --
5400 that is, the system load averaging controls this.
5401 .ip MaxHopCount=\fIN\fP
5403 The maximum hop count.
5404 Messages that have been processed more than
5406 times are assumed to be in a loop and are rejected.
5408 .ip MaxHostStatAge=\fIage\fP
5410 Not yet implemented.
5411 This option specifies how long host status information will be retained.
5412 For example, if a host is found to be down,
5413 connections to that host will not be retried for this interval.
5414 The units default to minutes.
5415 .ip MaxMessageSize=\fIN\fP
5417 Specify the maximum message size
5418 to be advertised in the ESMTP EHLO response.
5419 Messages larger than this will be rejected.
5420 .ip MaxQueueRunSize=\fIN\fP
5422 The maximum number of jobs that will be processed
5423 in a single queue run.
5424 If not set, there is no limit on the size.
5425 If you have very large queues or a very short queue run interval
5426 this could be unstable.
5427 However, since the first
5429 jobs in queue directory order are run (rather than the
5431 highest priority jobs)
5432 this should be set as high as possible to avoid
5434 jobs that happen to fall late in the queue directory.
5435 .ip MaxRecipientsPerMessage=\fIN\fP
5437 The maximum number of recipients that will be accepted per message
5438 in an SMTP transaction.
5439 Note: setting this too low can interfere with sending mail from
5440 MUAs that use SMTP for initial submission.
5441 If not set, there is no limit on the number of recipients per envelope.
5445 even if I am in an alias expansion.
5446 .ip MinFreeBlocks=\fIN\fP
5450 blocks free on the filesystem that holds the queue files
5451 before accepting email via SMTP.
5452 If there is insufficient space
5454 gives a 452 response
5455 to the MAIL command.
5456 This invites the sender to try again later.
5457 .ip MinQueueAge=\fPage\fP
5459 Don't process any queued jobs
5460 that have been in the queue less than the indicated time interval.
5461 This is intended to allow you to get responsiveness
5462 by processing the queue fairly frequently
5463 without thrashing your system by trying jobs too often.
5464 The default units are minutes.
5465 .ip MustQuoteChars=\fIs\fP
5467 Sets the list of characters that must be quoted if used in a full name
5468 that is in the phrase part of a ``phrase <address>'' syntax.
5469 The default is ``\'.''.
5470 The characters ``@,;:\e()[]'' are always added to this list.
5471 .ip NoRecipientAction
5473 The action to take when you receive a message that has no valid
5474 recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
5475 the last included for back compatibility with old
5479 to pass the message on unmodified,
5480 which violates the protocol,
5482 to add a To: header with any recipients it can find in the envelope
5483 (which might expose Bcc: recipients),
5484 .b Add-Apparently-To
5485 to add an Apparently-To: header
5486 (this is only for back-compatibility
5487 and is officially deprecated),
5488 .b Add-To-Undisclosed
5490 .q "To: undisclosed-recipients:;"
5491 to make the header legal without disclosing anything,
5494 to add an empty Bcc: header.
5497 Assume that the headers may be in old format,
5499 spaces delimit names.
5500 This actually turns on
5501 an adaptive algorithm:
5502 if any recipient address contains a comma, parenthesis,
5504 it will be assumed that commas already exist.
5505 If this flag is not on,
5506 only commas delimit names.
5507 Headers are always output with commas between the names.
5509 .ip OperatorChars=\fIcharlist\fP
5511 The list of characters that are considered to be
5513 that is, characters that delimit tokens.
5514 All operator characters are tokens by themselves;
5515 sequences of non-operator characters are also tokens.
5516 White space characters separate tokens
5517 but are not tokens themselves \(em for example,
5519 has three tokens, but
5522 If not set, OperatorChars defaults to
5523 .q \&.\|:\|@\|[\|] ;
5524 additionally, the characters
5526 are always operators.
5527 .ip PostmasterCopy=\fIpostmaster\fP
5530 copies of error messages will be sent to the named
5532 Only the header of the failed message is sent.
5533 Since most errors are user problems,
5534 this is probably not a good idea on large sites,
5535 and arguably contains all sorts of privacy violations,
5536 but it seems to be popular with certain operating systems vendors.
5537 Defaults to no postmaster copies.
5538 .ip PrivacyOptions=\fI\|opt,opt,...\fP
5542 ``Privacy'' is really a misnomer;
5543 many of these are just a way of insisting on stricter adherence
5544 to the SMTP protocol.
5547 can be selected from:
5549 .ta \w'needvrfyhelo'u+3n
5550 public Allow open access
5551 needmailhelo Insist on HELO or EHLO command before MAIL
5552 needexpnhelo Insist on HELO or EHLO command before EXPN
5553 noexpn Disallow EXPN entirely
5554 needvrfyhelo Insist on HELO or EHLO command before VRFY
5555 novrfy Disallow VRFY entirely
5556 noetrn Disallow ETRN entirely
5557 noverb Disallow VERB entirely
5558 restrictmailq Restrict mailq command
5559 restrictqrun Restrict \-q command line flag
5560 noreceipts Don't return success DSNs\**
5561 goaway Disallow essentially all SMTP status queries
5562 authwarnings Put X-Authentication-Warning: headers in messages
5570 to violate RFC 1891,
5571 which requires that return receipts be provided
5572 if Delivery Status Notifications are supported.
5576 pseudo-flag sets all flags except
5580 If mailq is restricted,
5581 only people in the same group as the queue directory
5582 can print the queue.
5583 If queue runs are restricted,
5584 only root and the owner of the queue directory
5586 Authentication Warnings add warnings about various conditions
5587 that may indicate attempts to spoof the mail system,
5588 such as using an non-standard queue directory.
5589 .ip QueueDirectory=\fIdir\fP
5593 as the queue directory.
5594 .ip QueueFactor=\fIfactor\fP
5598 as the multiplier in the map function
5599 to decide when to just queue up jobs rather than run them.
5600 This value is divided by the difference between the current load average
5601 and the load average limit
5605 to determine the maximum message priority
5608 .ip QueueLA=\fILA\fP
5610 When the system load average exceeds
5613 (i.e., don't try to send them).
5615 .ip QueueSortOrder=\fIalgorithm\fP
5619 used for sorting the queue.
5620 Only the first character of the value is used.
5623 (to order by the name of the first host name of the first recipient),
5625 (to order by the submission time),
5628 (to order by message priority).
5629 Host ordering makes better use of the connection cache,
5630 but may tend to process low priority messages
5631 that go to a single host
5632 over high priority messages that go to several hosts;
5633 it probably shouldn't be used on slow network links.
5634 Time ordering is almost always a bad idea,
5635 since it allows large, bulk mail to go out
5636 before smaller, personal mail,
5637 but may have applicability on some hosts with very fast connections.
5638 Priority ordering is the default.
5639 .ip QueueTimeout=\fItimeout\fP
5642 .q Timeout.queuereturn .
5643 Use that form instead of the
5646 .ip ResolverOptions=\fIoptions\fP
5648 Set resolver options.
5649 Values can be set using
5674 can be specified to turn off matching against MX records
5675 when doing name canonifications.
5678 this option indicated that the name server be responding
5679 in order to accept addresses.
5680 This has been replaced by checking to see
5683 method is listed in the service switch entry for the
5686 .ip RunAsUser=\fIuser\fP
5690 parameter may be a user name
5693 or a numeric user id;
5694 either form can have
5697 (where group can be numeric or symbolic).
5698 If set to a non-zero (non-root) value,
5700 will change to this user id shortly after startup\**.
5702 \**When running as a daemon,
5703 it changes to this user after accepting a connection
5704 but before reading any
5708 This avoids a certain class of security problems.
5709 However, this means that all
5713 files must be readable by the indicated
5715 and on systems that don't support the saved uid bit properly,
5716 all files to be written must be writable by
5718 and all programs will be executed by
5720 It is also incompatible with the
5721 .b SafeFileEnvironment
5723 In other words, it may not actually add much to security on an average system,
5724 and may in fact detract from security
5725 (because other file permissions must be loosened).
5726 However, it should be useful on firewalls and other
5727 places where users don't have accounts and the aliases file is
5729 .ip RecipientFactor=\fIfact\fP
5733 is added to the priority (thus
5735 the priority of the job)
5737 i.e., this value penalizes jobs with large numbers of recipients.
5739 .ip RefuseLA=\fILA\fP
5741 When the system load average exceeds
5743 refuse incoming SMTP connections.
5745 .ip RetryFactor=\fIfact\fP
5749 is added to the priority
5750 every time a job is processed.
5752 each time a job is processed,
5753 its priority will be decreased by the indicated value.
5754 In most environments this should be positive,
5755 since hosts that are down are all too often down for a long time.
5757 .ip SafeFileEnvironment=\fIdir\fP
5759 If this option is set,
5763 call into the indicated
5765 before doing any file writes.
5766 If the file name specified by the user begins with
5768 that partial path name will be stripped off before writing,
5770 if the SafeFileEnvironment variable is set to
5776 actually indicate the same file.
5777 Additionally, if this option is set,
5779 refuses to deliver to symbolic links.
5785 lines at the front of headers.
5786 Normally they are assumed redundant
5790 If set, send error messages in MIME format
5791 (see RFC2045 and RFC1344 for details).
5794 will not return the DSN keyword in response to an EHLO
5795 and will not do Delivery Status Notification processing as described in
5797 .ip ServiceSwitchFile=\fIfilename\fP
5799 If your host operating system has a service switch abstraction
5800 (e.g., /etc/nsswitch.conf on Solaris
5801 or /etc/svc.conf on Ultrix and DEC OSF/1)
5802 that service will be consulted and this option is ignored.
5803 Otherwise, this is the name of a file
5804 that provides the list of methods used to implement particular services.
5805 The syntax is a series of lines,
5806 each of which is a sequence of words.
5807 The first word is the service name,
5808 and following words are service types.
5811 consults directly are
5815 Service types can be
5821 (with the caveat that the appropriate support
5823 before the service can be referenced).
5824 If ServiceSwitchFile is not specified, it defaults to /etc/service.switch.
5825 If that file does not exist, the default switch is:
5831 .q /etc/service.switch .
5834 Strip input to seven bits for compatibility with old systems.
5835 This shouldn't be necessary.
5836 .ip SingleLineFromHeader
5838 If set, From: lines that have embedded newlines are unwrapped
5840 This is to get around a botch in Lotus Notes
5841 that apparently cannot understand legally wrapped RFC822 headers.
5842 .ip SingleThreadDelivery
5844 If set, a client machine will never try to open two SMTP connections
5845 to a single server machine at the same time,
5846 even in different processes.
5849 is already talking to some host a new
5851 will not open another connection.
5852 This property is of mixed value;
5853 although this reduces the load on the other machine,
5854 it can cause mail to be delayed
5855 (for example, if one
5857 is delivering a huge message, other
5859 won't be able to send even small messages).
5860 Also, it requires another file descriptor
5862 per connection, so you may have to reduce the
5863 .b ConnectionCacheSize
5864 option to avoid running out of per-process file descriptors.
5866 .b HostStatusDirectory
5868 .ip SmtpGreetingMessage=\fImessage\fP
5870 The message printed when the SMTP server starts up.
5872 .q "$j Sendmail $v ready at $b".
5873 .ip StatusFile=\fIfile\fP
5875 Log summary statistics in the named
5878 no summary statistics are saved.
5879 This file does not grow in size.
5880 It can be printed using the
5885 Be super-safe when running things,
5887 always instantiate the queue file,
5888 even if you are going to attempt immediate delivery.
5890 always instantiates the queue file
5891 before returning control to the client
5892 under any circumstances.
5896 .ip TempFileMode=\fImode\fP
5898 The file mode for queue files.
5899 It is interpreted in octal by default.
5901 .ip Timeout.\fItype\fP=\|\fItimeout\fP
5902 [r; subsumes old T option as well]
5904 The actual timeout is indicated by the
5906 The recognized timeouts and their default values, and their
5907 minimum values specified in RFC 1123 section 5.3.2 are:
5909 .ta \w'datafinal'u+3n
5910 initial wait for initial greeting message [5m, 5m]
5911 helo reply to HELO or EHLO command [5m, none]
5912 mail reply to MAIL command [10m, 5m]
5913 rcpt reply to RCPT command [1h, 5m]
5914 datainit reply to DATA command [5m, 2m]
5915 datablock data block read [1h, 3m]
5916 datafinal reply to final ``.'' in data [1h, 10m]
5917 rset reply to RSET command [5m, none]
5918 quit reply to QUIT command [2m, none]
5919 misc reply to NOOP and VERB commands [2m, none]
5920 ident IDENT protocol timeout [30s, none]
5921 fileopen\(dg timeout on opening .forward and :include: files [60s, none]
5922 command\(dg command read [1h, 5m]
5923 queuereturn\(dg how long until a message is returned [5d, 5d]
5924 queuewarn\(dg how long until a warning is sent [none, none]
5925 hoststatus\(dg how long until host status is ``stale'' [30m, none]
5927 All but those marked with a dagger (\(dg)
5928 apply to client SMTP.
5929 If the message is submitted using the
5933 warning messages will only be sent if
5936 The queuereturn and queuewarn timeouts
5937 can be further qualified with a tag based on the Precedence: field
5941 (indicating a positive non-zero precedence)
5943 (indicating a zero precedence), or
5945 (indicating negative precedences).
5946 For example, setting
5947 .q Timeout.queuewarn.urgent=1h
5948 sets the warning timeout for urgent messages only
5950 The default if no precedence is indicated
5951 is to set the timeout for all precedences.
5952 .ip TimeZoneSpec=\fItzinfo\fP
5954 Set the local time zone info to
5958 Actually, if this is not set,
5959 the TZ environment variable is cleared (so the system default is used);
5960 if set but null, the user's TZ variable is used,
5961 and if set and non-null the TZ variable is set to this value.
5964 If this system is the
5966 (that is, lowest preference)
5967 MX for a given host,
5968 its configuration rules should normally detect this situation
5969 and treat that condition specially
5970 by forwarding the mail to a UUCP feed,
5971 treating it as local,
5973 However, in some cases (such as Internet firewalls)
5974 you may want to try to connect directly to that host
5975 as though it had no MX records at all.
5976 Setting this option causes
5979 The downside is that errors in your configuration
5980 are likely to be diagnosed as
5983 .q "message timed out"
5984 instead of something more meaningful.
5985 This option is disrecommended.
5986 .ip UnixFromLine=\fIfromline\fP
5988 Defines the format used when
5990 must add a UNIX-style From_ line
5991 (that is, a line beginning
5992 .q From<space>user ).
5995 Don't change this unless your system uses a different UNIX mailbox format
5997 .ip UnsafeGroupWrites
6000 :include: and .forward files that are group writable are considered
6003 they cannot reference programs or write directly to files.
6004 World writable :include: and .forward files
6010 header, send error messages to the addresses listed there.
6011 They normally go to the envelope sender.
6012 Use of this option causes
6014 to violate RFC 1123.
6015 This option is disrecommended and deprecated.
6016 .ip UserDatabaseSpec=\fIudbspec\fP
6018 The user database specification.
6021 This is an initial submission directly from a Mail User Agent.
6022 This can be set in the configuration file if you have
6023 MUAs that don't pass the
6028 but some relayed mail may get inappropriately rewritten if you do.
6031 Run in verbose mode.
6042 so that all mail is delivered completely
6044 so that you can see the entire delivery process.
6049 be set in the configuration file;
6050 it is intended for command line use only.
6052 All options can be specified on the command line using the
6056 to relinquish its setuid permissions.
6057 The options that will not cause this are
6064 OldStyleHeaders [o],
6069 CheckpointInterval [C],
6072 Also, M (define macro) when defining the r or s macros
6075 .sh 2 "P \*- Precedence Definitions"
6079 field may be defined using the
6082 The syntax of this field is:
6084 \fBP\fP\fIname\fP\fB=\fP\fInum\fP
6091 the message class is set to
6093 Higher numbers mean higher precedence.
6094 Numbers less than zero
6095 have the special property
6096 that if an error occurs during processing
6097 the body of the message will not be returned;
6098 this is expected to be used for
6100 mail such as through mailing lists.
6101 The default precedence is zero.
6103 our list of precedences is:
6106 Pspecial-delivery=100
6111 People writing mailing list exploders
6112 are encouraged to use
6113 .q "Precedence: list" .
6116 (which discarded all error returns for negative precedences)
6117 didn't recognize this name, giving it a default precedence of zero.
6118 This allows list maintainers to see error returns
6119 on both old and new versions of
6121 .sh 2 "V \*- Configuration Version Level"
6123 To provide compatibility with old configuration files,
6126 line has been added to define some very basic semantics
6127 of the configuration file.
6128 These are not intended to be long term supports;
6129 rather, they describe compatibility features
6130 which will probably be removed in future releases.
6136 to do with the version
6141 version 8 config files
6143 used version level 8 configurations.
6146 configuration files are defined as version level one.
6147 Version level two files make the following changes:
6149 Host name canonification ($[ ... $])
6150 appends a dot if the name is recognized;
6151 this gives the config file a way of finding out if anything matched.
6152 (Actually, this just initializes the
6156 flag \*- you can reset it to anything you prefer
6157 by declaring the map explicitly.)
6159 Default host name extension is consistent throughout processing;
6160 version level one configurations turned off domain extension
6161 (that is, adding the local domain name)
6162 during certain points in processing.
6163 Version level two configurations are expected to include a trailing dot
6164 to indicate that the name is already canonical.
6166 Local names that are not aliases
6167 are passed through a new distinguished ruleset five;
6168 this can be used to append a local relay.
6169 This behaviour can be prevented by resolving the local name
6170 with an initial `@'.
6171 That is, something that resolves to a local mailer and a user name of
6173 will be passed through ruleset five,
6176 will have the `@' stripped,
6177 will not be passed through ruleset five,
6178 but will otherwise be treated the same as the prior example.
6179 The expectation is that this might be used to implement a policy
6182 was handled by a central hub,
6185 was delivered directly.
6187 Version level three files
6188 allow # initiated comments on all lines.
6189 Exceptions are backslash escaped # marks
6192 Version level four configurations
6193 are completely equivalent to level three
6194 for historical reasons.
6196 Version level five configuration files
6197 change the default definition of
6199 to be just the first component of the hostname.
6201 Version level six configuration files
6202 change many of the local processing options
6203 (such as aliasing and matching the beginning of the address for
6206 this allows fine-grained control over the special local processing.
6207 Level six configuration files may also use long option names.
6210 option (to allow colons in the local-part of addresses)
6213 for lower numbered configuration files;
6214 the configuration file requires some additional intelligence
6215 to properly handle the RFC 822 group construct.
6217 Version level seven configuration files
6218 used new option names to replace old macros
6222 .b SmtpGreeetingMessage ,
6230 Also, prior to version seven,
6233 flag (use 250 instead of 252 return value for
6238 Version level eight configuration files allow
6240 on the left hand side of ruleset lines.
6244 line may have an optional
6247 to indicate that this configuration file uses modifications
6248 specific to a particular vendor\**.
6250 \**And of course, vendors are encouraged to add themselves
6251 to the list of recognized vendors by editing the routine
6255 Please send e-mail to sendmail@Sendmail.ORG
6256 to register your vendor dialect.
6260 to emphasize that this configuration file
6261 uses the Berkeley dialect of
6263 .sh 2 "K \*- Key File Declaration"
6265 Special maps can be defined using the line:
6267 Kmapname mapclass arguments
6271 is the handle by which this map is referenced in the rewriting rules.
6274 is the name of a type of map;
6275 these are compiled in to
6279 are interpreted depending on the class;
6281 there would be a single argument naming the file containing the map.
6283 Maps are referenced using the syntax:
6285 $( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $)
6287 where either or both of the
6291 portion may be omitted.
6294 may appear more than once.
6299 are passed to the appropriate mapping function.
6300 If it returns a value, it replaces the input.
6301 If it does not return a value and the
6306 Otherwise, the input is unchanged.
6310 are passed to the map for arbitrary use.
6311 Most map classes can interpolate these arguments
6312 into their values using the syntax
6317 to indicate the corresponding
6321 indicates the database key.
6322 For example, the rule
6325 R$\- ! $+ $: $(uucp $1 $@ $2 $: %1 @ %0 . UUCP $)
6327 Looks up the UUCP name in a (user defined) UUCP map;
6328 if not found it turns it into
6331 The database might contain records like:
6333 decvax %1@%0.DEC.COM
6334 research %1@%0.ATT.COM
6338 clauses never do this mapping.
6340 The built in map with both name and class
6342 is the host name canonicalization lookup.
6346 $(host \fIhostname\fP$)
6353 There are many defined classes.
6355 Database lookups using the ndbm(3) library.
6357 must be compiled with
6361 Database lookups using the btree interface to the Berkeley DB
6364 must be compiled with
6368 Database lookups using the hash interface to the Berkeley DB
6371 must be compiled with
6377 must be compiled with
6383 must be compiled with
6386 The argument is the name of the table to use for lookups,
6391 flags may be used to set the key and value columns respectively.
6395 must be compiled with
6399 LDAP X500 directory lookups.
6401 must be compiled with
6404 The map supports most of the standard arguments
6405 and most of the command line arguments of the
6409 NeXT NetInfo lookups.
6411 must be compiled with
6416 The format of the text file is defined by the
6420 (value field number),
6426 Internal symbol table lookups.
6427 Used internally for aliasing.
6429 Really should be called
6431 \(em this is used to get the default lookups
6433 and is the default if no class is specified for alias files.
6435 Looks up users using
6439 flag can be used to specify the name of the field to return
6440 (although this is normally used only to check the existence
6443 Canonifies host domain names.
6444 Given a host name it calls the name server
6445 to find the canonical name for that host.
6447 Returns the best MX record for a host name given as the key.
6448 The current machine is always preferred \*-
6449 that is, if the current machine is one of the hosts listed as a
6450 lowest-preference MX record, then it will be guaranteed to be returned.
6451 This can be used to find out if this machine is the target for an MX record,
6452 and mail can be accepted on that basis.
6455 flag is given, then all MX names are returned,
6456 separated by the given delimiter.
6458 The arguments on the `K' line are a list of maps;
6459 the resulting map searches the argument maps in order
6460 until it finds a match for the indicated key.
6461 For example, if the key definition is:
6465 Kseqmap sequence map1 map2
6467 then a lookup against
6469 first does a lookup in map1.
6470 If that is found, it returns immediately.
6471 Otherwise, the same key is used for map2.
6475 map except that the order of maps is determined by the service switch.
6476 The argument is the name of the service to be looked up;
6477 the values from the service switch are appended to the map name
6478 to create new map names.
6479 For example, consider the key definition:
6483 together with the service switch entry:
6487 This causes a query against the map
6489 to search maps named
6495 Strip double quotes (") from a name.
6496 It does not strip backslashes,
6497 and will not strip quotes if the resulting string
6498 would contain unscannable syntax
6499 (that is, basic errors like unbalanced angle brackets;
6500 more sophisticated errors such as unknown hosts are not checked).
6501 The intent is for use when trying to accept mail from systems such as
6503 that routinely quote odd syntax such as
6507 A typical usage is probably something like:
6513 R$\- $: $(dequote $1 $)
6514 R$\- $+ $: $>3 $1 $2
6516 Care must be taken to prevent unexpected results;
6519 "|someprogram < input > output"
6521 will have quotes stripped,
6522 but the result is probably not what you had in mind.
6523 Fortunately these cases are rare.
6525 The map definition on the
6527 line contains a regular expression.
6528 Any key input is compared to that expression using the
6529 POSIX regular expressions routines regcomp(), regerr(), and regexec().
6530 Refer to the documentation for those routines for more information
6531 about the regular expression matching.
6532 No rewriting of the key is done if the
6534 flag is used. Without it, the key is discarded or if
6536 if used, it is substituted by the substring matches, delimited by
6538 or the string specified with the the
6540 flag. The flags available for the map are
6544 -b basic regular expressions
6545 (default is extended)
6547 -d set the delimiter used for -s
6548 -a append string to key
6549 -m match only, do not
6550 replace/discard value
6554 flag can include an optional parameter which can be used
6555 to select the substrings in the result of the lookup. For example,
6560 The arguments on the
6562 line are the pathname to a program and any initial parameters to be passed.
6563 When the map is called,
6564 the key is added to the initial parameters
6565 and the program is invoked
6566 as the default user/group id.
6567 The first line of standard output is returned as the value of the lookup.
6568 This has many potential security problems,
6569 and has terrible performance;
6570 it should be used only when absolutely necessary.
6572 Most of these accept as arguments the same optional flags
6574 (or a mapname for NIS;
6575 the filename is the root of the database path,
6578 or some other extension appropriate for the database type
6579 will be added to get the actual database name).
6582 Indicates that this map is optional \*- that is,
6583 if it cannot be opened,
6584 no error is produced,
6587 will behave as if the map existed but was empty.
6595 uses an adaptive algorithm to decide whether or not to look for null bytes
6597 It starts by trying both;
6598 if it finds any key with a null byte it never tries again without a null byte
6602 is specified it never tries without a null byte and
6605 is specified it never tries with a null byte.
6607 these can speed matches but are never necessary.
6614 will never try any matches at all \(em
6615 that is, everything will appear to fail.
6619 on successful matches.
6620 For example, the default
6622 map appends a dot on successful matches.
6626 on temporary failures.
6629 would be appended if a DNS lookup returned
6631 or an NIS lookup could not locate a server.
6636 Do not fold upper to lower case before looking up the key.
6638 Match only (without replacing the value).
6639 If you only care about the existence of a key and not the value
6640 (as you might when searching the NIS map
6643 this flag prevents the map from substituting the value.
6645 The \-a argument is still appended on a match,
6646 and the default is still taken if the match fails.
6647 .ip "\-k\fIkeycol\fP"
6648 The key column name (for NIS+) or number
6650 For LDAP maps this is a filter string
6651 passed to printf with a %s where the string to be
6654 .ip "\-v\fIvalcol\fP"
6655 The value column name (for NIS+) or number
6657 For LDAP maps this is the name of the
6658 attribute to be returned.
6659 .ip "\-z\fIdelim\fP"
6660 The column delimiter (for text lookups).
6661 It can be a single character or one of the special strings
6665 to indicate newline or tab respectively.
6666 If omitted entirely,
6667 the column separator is any sequence of whitespace.
6669 Normally, when a map attempts to do a lookup
6670 and the server fails
6673 couldn't contact any name server;
6676 the same as an entry not being found in the map),
6677 the message being processed is queued for future processing.
6680 flag turns off this behaviour,
6681 letting the temporary failure (server down)
6682 act as though it were a permanent failure (entry not found).
6683 It is particularly useful for DNS lookups,
6684 where someone else's misconfigured name server can cause problems
6686 However, care must be taken to ensure that you don't bounce mail
6687 that would be resolved correctly if you tried again.
6688 A common strategy is to forward such mail
6689 to another, possibly better connected, mail server.
6690 .ip "\-s\fIspacesub\fP
6691 For the dequote map only,
6692 the character to use to replace space characters
6693 after a successful dequote.
6695 Don't dequote the key before lookup.
6697 When rebuilding an alias file,
6700 flag causes duplicate entries in the text version
6702 For example, two entries:
6707 would be treated as though it were the single entry
6709 list: user1, user2, user3
6711 in the presence of the
6717 map appends the strings
6721 to the given filename;
6728 For example, the map specification
6730 Kuucp dbm \-o \-N /usr/lib/uucpmap
6732 specifies an optional map named
6736 it always has null bytes at the end of every string,
6737 and the data is located in
6738 /usr/lib/uucpmap.{dir,pag}.
6742 can be used to build any of the three database-oriented maps.
6743 It takes the following flags:
6745 Do not fold upper to lower case in the map.
6747 Include null bytes in keys.
6749 Append to an existing (old) file.
6751 Allow replacement of existing keys;
6752 normally, re-inserting an existing key is an error.
6754 Print what is happening.
6758 daemon does not have to be restarted to read the new maps
6759 as long as you change them in place;
6760 file locking is used so that the maps won't be read
6761 while they are being updated.\**
6763 \**That is, don't create new maps and then use
6765 to move them into place.
6766 Since the maps are already open
6767 the new maps will never be seen.
6770 New classes can be added in the routine
6774 .sh 2 "The User Database"
6776 If you have a version of
6778 with the user database package
6780 the handling of sender and recipient addresses
6783 The location of this database is controlled with the
6786 .sh 3 "Structure of the user database"
6788 The database is a sorted (BTree-based) structure.
6789 User records are stored with the key:
6791 \fIuser-name\fP\fB:\fP\fIfield-name\fP
6793 The sorted database format ensures that user records are clustered together.
6794 Meta-information is always stored with a leading colon.
6796 Field names define both the syntax and semantics of the value.
6797 Defined fields include:
6800 The delivery address for this user.
6801 There may be multiple values of this record.
6803 mailing lists will have one
6805 record for each user on the list.
6807 The outgoing mailname for this user.
6808 For each outgoing name,
6809 there should be an appropriate
6811 record for that name to allow return mail.
6813 .i :default:mailname .
6815 Changes any mail sent to this address to have the indicated envelope sender.
6816 This is intended for mailing lists,
6817 and will normally be the name of an appropriate -request address.
6818 It is very similar to the owner-\c
6820 syntax in the alias file.
6822 The full name of the user.
6824 The office address for this user.
6826 The office phone number for this user.
6828 The office FAX number for this user.
6830 The home address for this user.
6832 The home phone number for this user.
6834 The home FAX number for this user.
6836 A (short) description of the project this person is affiliated with.
6837 In the University this is often just the name of their graduate advisor.
6839 A pointer to a file from which plan information can be gathered.
6842 only a few of these fields are actually being used by
6849 program that uses the other fields is planned.
6850 .sh 3 "User database semantics"
6852 When the rewriting rules submit an address to the local mailer,
6853 the user name is passed through the alias file.
6854 If no alias is found (or if the alias points back to the same address),
6858 is then used as a key in the user database.
6859 If no match occurs (or if the maildrop points at the same address),
6860 forwarding is tried.
6862 If the first token of the user name returned by ruleset 0
6865 sign, the user database lookup is skipped.
6866 The intent is that the user database will act as a set of defaults
6867 for a cluster (in our case, the Computer Science Division);
6868 mail sent to a specific machine should ignore these defaults.
6871 the name of the sending user is looked up in the database.
6875 the value of that record is used as their outgoing name.
6876 For example, I might have a record:
6878 eric:mailname Eric.Allman@CS.Berkeley.EDU
6880 This would cause my outgoing mail to be sent as Eric.Allman.
6884 is found for the user,
6885 but no corresponding
6889 .q :default:mailname
6891 If present, this is the name of a host to override the local host.
6892 For example, in our case we would set it to
6893 .q CS.Berkeley.EDU .
6894 The effect is that anyone known in the database
6895 gets their outgoing mail stamped as
6896 .q user@CS.Berkeley.EDU ,
6897 but people not listed in the database use the local hostname.
6898 .sh 3 "Creating the database\**"
6900 \**These instructions are known to be incomplete.
6901 A future version of the user database is planned
6902 including things such as finger service \*- and good documentation.
6905 The user database is built from a text file
6909 (in the distribution in the makemap subdirectory).
6910 The text file is a series of lines corresponding to userdb records;
6911 each line has a key and a value separated by white space.
6912 The key is always in the format described above \*-
6917 This file is normally installed in a system directory;
6918 for example, it might be called
6920 To make the database version of the map, run the program:
6922 makemap btree /etc/userdb.db < /etc/userdb
6924 Then create a config file that uses this.
6925 For example, using the V8 M4 configuration, include the
6926 following line in your .mc file:
6928 define(\`confUSERDB_SPEC\', /etc/userdb.db)
6930 .sh 1 "OTHER CONFIGURATION"
6932 There are some configuration changes that can be made by
6935 This section describes what changes can be made
6936 and what has to be modified to make them.
6937 In most cases this should be unnecessary
6938 unless you are porting
6940 to a new environment.
6941 .sh 2 "Parameters in BuildTools/OS/$oscf"
6943 These parameters are intended to describe the compilation environment,
6945 and should normally be defined in the operating system
6947 .b "This section needs a complete rewrite."
6950 the new version of the DBM library
6951 that allows multiple databases will be used.
6952 If neither NDBM nor NEWDB are set,
6953 a much less efficient method of alias lookup is used.
6955 If set, use the new database package from Berkeley (from 4.4BSD).
6956 This package is substantially faster than DBM or NDBM.
6957 If NEWDB and NDBM are both set,
6959 will read DBM files,
6960 but will create and use NEWDB files.
6962 Include support for NIS.
6963 If set together with
6967 will create both DBM and NEWDB files if and only if
6968 an alias file includes the substring
6971 This is intended for compatibility with Sun Microsystems'
6973 program used on YP masters.
6975 Compile in support for NIS+.
6977 Compile in support for NetInfo (NeXT stations).
6979 Compile in support for LDAP X500 queries.
6980 Requires libldap and liblber
6981 from the Umich LDAP 3.2 or 3.3 release.
6983 Compile in support for Hesiod.
6984 .ip _PATH_SENDMAILCF
6985 The pathname of the sendmail.cf file.
6986 .ip _PATH_SENDMAILPID
6987 The pathname of the sendmail.pid file.
6989 There are also several compilation flags to indicate the environment
6995 file for the latest scoop on these flags.
6996 .sh 2 "Parameters in src/conf.h"
6998 Parameters and compilation options
6999 are defined in conf.h.
7000 Most of these need not normally be tweaked;
7001 common parameters are all in sendmail.cf.
7002 However, the sizes of certain primitive vectors, etc.,
7003 are included in this file.
7004 The numbers following the parameters
7005 are their default value.
7007 This document is not the best source of information
7008 for compilation flags in conf.h \(em
7009 see src/README or src/conf.h itself.
7011 .ip "MAXLINE [2048]"
7012 The maximum line length of any input line.
7013 If message lines exceed this length
7014 they will still be processed correctly;
7015 however, header lines,
7016 configuration file lines,
7019 must fit within this limit.
7021 The maximum length of any name,
7022 such as a host or a user name.
7024 The maximum number of parameters to any mailer.
7025 This limits the number of recipients that may be passed in one transaction.
7026 It can be set to any arbitrary number above about 10,
7029 will break up a delivery into smaller batches as needed.
7030 A higher number may reduce load on your system, however.
7032 The maximum number of atoms
7034 in a single address.
7037 .q "eric@CS.Berkeley.EDU"
7039 .ip "MAXMAILERS [25]"
7040 The maximum number of mailers that may be defined
7041 in the configuration file.
7042 .ip "MAXRWSETS [200]"
7043 The maximum number of rewriting sets
7044 that may be defined.
7045 The first half of these are reserved for numeric specification
7047 while the upper half are reserved for auto-numbering
7049 Thus, with a value of 200 an attempt to use ``S99'' will succeed,
7050 but ``S100'' will fail.
7051 .ip "MAXPRIORITIES [25]"
7052 The maximum number of values for the
7054 field that may be defined
7057 line in sendmail.cf).
7058 .ip "MAXUSERENVIRON [100]"
7059 The maximum number of items in the user environment
7060 that will be passed to subordinate mailers.
7061 .ip "MAXMXHOSTS [100]"
7062 The maximum number of MX records we will accept for any single host.
7063 .ip "MAXALIASDB [12]"
7064 The maximum number of alias databases that can be open at any time.
7065 Note that there may also be an open file limit.
7066 .ip "MAXMAPSTACK [12]"
7067 The maximum number of maps that may be "stacked" in a
7070 .ip "MAXMIMEARGS [20]"
7071 The maximum number of arguments in a MIME Content-Type: header;
7072 additional arguments will be ignored.
7073 .ip "MAXMIMENESTING [20]"
7074 The maximum depth to which MIME messages may be nested
7075 (that is, nested Message or Multipart documents;
7076 this does not limit the number of components in a single Multipart document).
7078 A number of other compilation options exist.
7079 These specify whether or not specific code should be compiled in.
7080 Ones marked with \(dg
7085 support for Internet protocol networking is compiled in.
7086 Previous versions of
7090 this old usage is now incorrect.
7092 turn it off in the Makefile
7093 if your system doesn't support the Internet protocols.
7096 support for ISO protocol networking is compiled in
7097 (it may be appropriate to #define this in the Makefile instead of conf.h).
7102 routine in use at some sites is used.
7103 This makes an informational log record
7104 for each message processed,
7105 and makes a higher priority log record
7106 for internal system errors.
7107 .b "STRONGLY RECOMMENDED"
7108 \(em if you want no logging, turn it off in the configuration file.
7110 Compile in the code to do ``fuzzy matching'' on the GECOS field
7112 This also requires that the
7114 option be turned on.
7116 Compile in code to use the
7117 Berkeley Internet Name Domain (BIND) server
7118 to resolve TCP/IP host names.
7120 If you are using a non-UNIX mail format,
7121 you can set this flag to turn off special processing
7126 This flag should be set to compile in the queueing code.
7128 mailers must accept the mail immediately
7129 or it will be returned to the sender.
7132 the code to handle user and server SMTP will be compiled in.
7133 This is only necessary if your machine has some mailer
7135 (this means most machines everywhere).
7139 Berkeley user information database package.
7140 This adds a new level of local name expansion
7141 between aliasing and forwarding.
7142 It also uses the NEWDB package.
7143 This may change in future releases.
7145 The following options are normally turned on
7146 in per-operating-system clauses in conf.h.
7148 Compile in the IDENT protocol as defined in RFC 1413.
7149 This defaults on for all systems except Ultrix,
7150 which apparently has the interesting
7152 that when it receives a
7153 .q "host unreachable"
7154 message it closes all open connections to that host.
7155 Since some firewall gateways send this error code
7156 when you access an unauthorized port (such as 113, used by IDENT),
7157 Ultrix cannot receive email from such hosts.
7159 Set all of the compilation parameters appropriate for System V.
7166 Due to the highly unusual semantics of locks
7169 this should always be used if at all possible.
7171 Set this if your system has the
7174 (if you have multiple group support).
7175 This is the default if SYSTEM5 is
7177 defined or if you are on HPUX.
7179 Set this if you have the
7181 system call (or corresponding library routine).
7185 .ip HASGETDTABLESIZE
7186 Set this if you have the
7187 .i getdtablesize (2)
7190 Set this if you have the
7194 The mechanism that can be used to get file system capacity information.
7195 The values can be one of
7196 SFS_USTAT (use the ustat(2) syscall),
7197 SFS_4ARGS (use the four argument statfs(2) syscall),
7198 SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>),
7199 SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>),
7200 SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>),
7201 SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>),
7203 SFS_NONE (no way to get this information).
7205 The load average type.
7206 Details are described below.
7208 The are several built-in ways of computing the load average.
7210 tries to auto-configure them based on imperfect guesses;
7211 you can select one using the
7220 The kernel stores the load average in the kernel as an array of long integers.
7221 The actual values are scaled by a factor FSCALE
7224 The kernel stores the load average in the kernel as an array of short integers.
7225 The actual values are scaled by a factor FSCALE
7228 The kernel stores the load average in the kernel as an array of
7229 double precision floats.
7231 Use MACH-style load averages.
7235 routine to get the load average as an array of doubles.
7237 Always return zero as the load average.
7238 This is the fallback case.
7246 you may also need to specify
7248 (the path to your system binary)
7251 (the name of the variable containing the load average in the kernel;
7256 .sh 2 "Configuration in src/conf.c"
7258 The following changes can be made in conf.c.
7259 .sh 3 "Built-in Header Semantics"
7261 Not all header semantics are defined in the configuration file.
7262 Header lines that should only be included by certain mailers
7263 (as well as other more obscure semantics)
7264 must be specified in the
7268 This table contains the header name
7269 (which should be in all lower case)
7270 and a set of header control flags (described below),
7273 Normally when the check is made to see if a header line is compatible
7276 will not delete an existing line.
7277 If this flag is set,
7280 even existing header lines.
7282 if this bit is set and the mailer does not have flag bits set
7283 that intersect with the required mailer flags
7284 in the header definition in
7290 If this header field is set,
7291 treat it like a blank line,
7293 it will signal the end of the header
7294 and the beginning of the message text.
7296 Add this header entry
7297 even if one existed in the message before.
7298 If a header entry does not have this bit set,
7300 will not add another header line if a header line
7301 of this name already existed.
7302 This would normally be used to stamp the message
7303 by everyone who handled it.
7309 If the number of trace fields in a message
7310 exceeds a preset amount
7311 the message is returned
7312 on the assumption that it has an aliasing loop.
7315 this field contains recipient addresses.
7318 flag to determine who to send to
7319 when it is collecting recipients from the message.
7321 This flag indicates that this field
7323 The order of these fields in the
7328 for which field to return error messages to.
7330 Addresses in this header should receive error messages.
7332 This header is a Content-Transfer-Encoding header.
7334 This header is a Content-Type header.
7336 Strip the value from the header (for Bcc:).
7339 Let's look at a sample
7343 .ta 4n +\w'"content-transfer-encoding", 'u
7344 struct hdrinfo HdrInfo[] =
7346 /* originator fields, most to least significant */
7347 "resent-sender", H_FROM,
7348 "resent-from", H_FROM,
7351 "full-name", H_ACHECK,
7352 "errors-to", H_FROM\^|\^H_ERRORSTO,
7353 /* destination fields */
7355 "resent-to", H_RCPT,
7357 "bcc", H_RCPT\^|\^H_STRIPVAL,
7358 /* message identification and control */
7362 "received", H_TRACE\^|\^H_FORCE,
7363 /* miscellaneous fields */
7364 "content-transfer-encoding", H_CTE,
7365 "content-type", H_CTYPE,
7370 This structure indicates that the
7376 all specify recipient addresses.
7379 field will be deleted unless the required mailer flag
7380 (indicated in the configuration file)
7386 fields will terminate the header;
7387 these are used by random dissenters around the network world.
7390 field will always be added,
7391 and can be used to trace messages.
7393 There are a number of important points here.
7395 header fields are not added automatically just because they are in the
7398 they must be specified in the configuration file
7399 in order to be added to the message.
7400 Any header fields mentioned in the configuration file but not
7403 structure have default processing performed;
7405 they are added unless they were in the message already.
7409 structure only specifies cliched processing;
7410 certain headers are processed specially by ad hoc code
7411 regardless of the status specified in
7418 fields are always scanned on ARPANET mail
7419 to determine the sender\**;
7421 \**Actually, this is no longer true in SMTP;
7422 this information is contained in the envelope.
7423 The older ARPANET protocols did not completely distinguish
7424 envelope from header.
7426 this is used to perform the
7427 .q "return to sender"
7433 fields are used to determine the full name of the sender
7435 this is stored in the macro
7437 and used in a number of ways.
7438 .sh 3 "Restricting Use of Email"
7440 If it is necessary to restrict mail through a relay,
7443 routine can be modified.
7444 This routine is called for every recipient address.
7445 It returns an exit status
7446 indicating the status of the message.
7449 accepts the address,
7451 queues the message for a later try,
7454 .sm EX_UNAVAILABLE )
7458 to print an error message
7461 if the message is rejected.
7468 .ta 4n +4n +4n +4n +4n +4n +4n
7471 register ADDRESS *to;
7472 register ENVELOPE *e;
7476 s = stab("private", ST_MAILER, ST_FIND);
7477 if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
7478 to->q_mailer == s->s_mailer)
7480 usrerr("No private net mail allowed through this machine");
7481 return (EX_UNAVAILABLE);
7483 if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
7485 usrerr("Message too large for non-local delivery");
7486 e\->e_flags |= EF_NORETURN;
7487 return (EX_UNAVAILABLE);
7493 This would reject messages greater than 50000 bytes
7494 unless they were local.
7499 to suppress the return of the actual body
7500 of the message in the error return.
7501 The actual use of this routine is highly dependent on the
7503 and use should be limited.
7504 .sh 3 "New Database Map Classes"
7506 New key maps can be added by creating a class initialization function
7507 and a lookup function.
7508 These are then added to the routine
7511 The initialization function is called as
7513 \fIxxx\fP_map_init(MAP *map, char *args)
7517 is an internal data structure.
7520 is a pointer to the portion of the configuration file line
7521 following the map class name;
7522 flags and filenames can be extracted from this line.
7523 The initialization function must return
7525 if it successfully opened the map,
7529 The lookup function is called as
7531 \fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp)
7535 defines the map internally.
7539 This may be (and often is) used destructively.
7542 is a list of arguments passed in from the rewrite line.
7543 The lookup function should return a pointer to the new value.
7544 If the map lookup fails,
7546 should be set to an exit status code;
7547 in particular, it should be set to
7549 if recovery is to be attempted by the higher level code.
7550 .sh 3 "Queueing Function"
7554 is called to decide if a message should be queued
7555 or processed immediately.
7556 Typically this compares the message priority to the current load average.
7557 The default definition is:
7560 shouldqueue(pri, ctime)
7564 if (CurrentLA < QueueLA)
7566 return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
7569 If the current load average
7572 which is set before this function is called)
7573 is less than the low threshold load average
7585 If the current load average exceeds the high threshold load average
7594 Otherwise, it computes the function based on the message priority,
7600 and the current and threshold load averages.
7602 An implementation wishing to take the actual age of the message into account
7606 which is the time that the message was first submitted to
7610 parameter is already weighted
7611 by the number of times the message has been tried
7612 (although this tends to lower the priority of the message with time);
7613 the expectation is that the
7617 to ensure that messages are eventually processed.
7618 .sh 3 "Refusing Incoming SMTP Connections"
7621 .i refuseconnections
7624 if incoming SMTP connections should be refused.
7625 The current implementation is based exclusively on the current load average
7626 and the refuse load average option
7635 return (CurrentLA >= RefuseLA);
7638 A more clever implementation
7639 could look at more system resources.
7640 .sh 3 "Load Average Computation"
7644 returns the current load average (as a rounded integer).
7645 The distribution includes several possible implementations.
7646 If you are porting to a new environment
7647 you may need to add some new tweaks.\**
7649 \**If you do, please send updates to
7650 sendmail@Sendmail.ORG.
7652 .sh 2 "Configuration in src/daemon.c"
7656 contains a number of routines that are dependent
7657 on the local networking environment.
7658 The version supplied assumes you have BSD style sockets.
7660 In previous releases,
7661 we recommended that you modify the routine
7663 if you wanted to generalize
7668 We now recommend that you create a new keyed map instead.
7669 .sh 1 "ACKNOWLEDGEMENTS"
7674 and many employers have been remarkably patient
7675 about letting me work on a large project
7676 that was not part of my official job.
7677 This includes time on the INGRES Project at
7678 the University of California at Berkeley,
7680 and again on the Mammoth and Titan Projects at Berkeley.
7682 Much of the second wave of improvements
7683 resulting in version 8.1
7684 should be credited to Bryan Costales of the
7685 International Computer Science Institute.
7686 As he passed me drafts of his book on
7688 I was inspired to start working on things again.
7689 Bryan was also available to bounce ideas off of.
7691 Gregory Neil Shapiro
7692 of Worchester Polytechnic Institute
7693 has become instrumental in all phases of
7695 support and development,
7696 and was largely responsible for getting versions 8.8 and 8.9
7699 Many, many people contributed chunks of code and ideas to
7701 It has proven to be a group network effort.
7702 Version 8 in particular was a group project.
7703 The following people made notable contributions:
7705 John Beck, Hewlett-Packard & Sun Microsystems
7706 Keith Bostic, CSRG, University of California, Berkeley
7707 Andrew Cheng, Sun Microsystems
7708 Michael J. Corrigan, University of California, San Diego
7709 Bryan Costales, International Computer Science Institute & InfoBeat
7710 Pa\*:r (Pell) Emanuelsson
7711 Craig Everhart, Transarc Corporation
7712 Per Hedeland, Ericsson
7713 Tom Ivar Helbekkmo, Norwegian School of Economics
7714 Kari Hurtta, Finnish Meteorological Institute
7715 Allan E. Johannesen, WPI
7716 Jonathan Kamens, OpenVision Technologies, Inc.
7717 Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd.
7718 Brian Kantor, University of California, San Diego
7719 John Kennedy, Cal State University, Chico
7720 Murray S. Kucherawy, HookUp Communication Corp.
7721 Bruce Lilly, Sony U.S.
7723 Motonori Nakamura, Ritsumeikan University & Kyoto University
7724 John Gardiner Myers, Carnegie Mellon University
7725 Neil Rickert, Northern Illinois University
7726 Gregory Neil Shapiro, WPI
7727 Eric Schnoebelen, Convex Computer Corp.
7728 Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
7729 Randall Winchester, University of Maryland
7730 Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris)
7732 I apologize for anyone I have omitted, misspelled, misattributed, or
7734 At this point, I suspect that at least a hundred people
7735 have contributed code,
7736 and many more have contributed ideas, comments, and encouragement.
7737 I've tried to list them in the RELEASE_NOTES in the distribution directory.
7738 I appreciate their contribution as well.
7740 Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel,
7741 who besides being wonderful guinea pigs and contributors
7742 have also consented to be added to the ``sendmail@Sendmail.ORG'' list
7743 and, by answering the bulk of the questions sent to that list,
7744 have freed me up to do other work.
7746 .+c "COMMAND LINE FLAGS"
7750 Arguments must be presented with flags before addresses.
7753 Set operation mode to
7755 Operation modes are:
7758 m Deliver mail (default)
7759 s Speak SMTP on input side
7760 a\(dg ``Arpanet'' mode (get envelope sender information from header)
7761 d Run as a daemon in background
7762 D Run as a daemon in foreground
7764 v Just verify addresses, don't collect or deliver
7765 i Initialize the alias database
7766 p Print the mail queue
7774 Use a different configuration file.
7776 runs as the invoking user (rather than root)
7777 when this flag is specified.
7779 Set debugging level.
7780 .ip "\-f\ \fIaddr\fP"
7781 The sender's machine address is
7784 Sets the full name of this user to
7786 .ip "\-h\ \fIcnt\fP"
7791 This represents the number of times this message has been processed
7794 (to the extent that it is supported by the underlying networks).
7796 is incremented during processing,
7801 throws away the message with an error.
7803 Don't do aliasing or forwarding.
7804 .ip "\-N \fInotifications\fP"
7805 Tag all addresses being sent as wanting the indicated
7807 which consists of the word
7809 or a comma-separated list of
7814 for successful delivery,
7816 and a message that is stuck in a queue somewhere.
7819 .ip "\-r\ \fIaddr\fP"
7822 .ip \-o\fIx\|value\fP
7827 These options are described in Section 5.6.
7828 .ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
7833 (for long form option names).
7834 These options are described in Section 5.6.
7840 .ip \-p\fIprotocol\fP
7841 Set the sending protocol.
7842 Programs are encouraged to set this.
7843 The protocol field can be in the form
7847 to set both the sending protocol and sending host.
7850 sets the sending protocol to UUCP
7851 and the sending host to uunet.
7852 (Some existing programs use \-oM to set the r and s macros;
7853 this is equivalent to using \-p.)
7855 Try to process the queued up mail.
7856 If the time is given,
7859 will run through the queue at the specified interval
7860 to deliver queued mail;
7861 otherwise, it only runs once.
7862 .ip \-q\fIXstring\fP
7864 limiting the jobs to those matching
7870 to limit based on queue identifier,
7872 to limit based on recipient,
7875 to limit based on sender.
7876 A particular queued job is accepted if one of the corresponding addresses
7877 contains the indicated
7881 flags are permitted,
7882 with items with the same key letter
7884 together, and items with different key letters
7888 What information you want returned if the message bounces;
7894 for headers plus body.
7895 This is a request only;
7896 the other end is not required to honor the parameter.
7903 lines, and send to everyone listed in those lists.
7906 line will be deleted before sending.
7907 Any addresses in the argument vector will be deleted
7910 Indicate that this is an initial User Agent submission.
7911 In future releases, sendmail may complain about syntactically invalid messages
7912 rather than fixing them when this flag is not set.
7916 is passed with the envelope of the message
7917 and returned if the message bounces.
7918 .ip "\-X \fIlogfile\fP"
7919 Log all traffic in and out of
7923 for debugging mailer problems.
7924 This produces a lot of data very quickly and should be used sparingly.
7926 There are a number of options that may be specified as
7928 These are the e, i, m, and v options.
7931 may be specified as the
7934 .+c "QUEUE FILE FORMATS"
7936 This appendix describes the format of the queue files.
7937 These files live in the directory defined by the
7942 .i /var/spool/mqueue
7944 .i /usr/spool/mqueue .
7946 All queue files have the name
7947 \fIx\fP\|\fBf\fP\fIAAA99999\fP
7956 The first letter of the id encodes the hour of the day
7957 that the message was received by the system
7958 (with A being the hour between midnight and 1:00AM).
7959 All files with the same id collectively define one message.
7965 The message body (excluding the header) is kept in this file.
7967 The queue control file.
7968 This file contains the information necessary to process the job.
7971 These are an image of the
7973 file when it is being rebuilt.
7974 It should be renamed to a
7979 existing during the life of a session
7980 showing everything that happens
7981 during that session.
7985 file is structured as a series of lines
7986 each beginning with a code letter.
7987 The lines are as follows:
7989 The version number of the queue file format,
7992 binaries to read queue files created by older versions.
7993 Defaults to version zero.
7994 Must be the first line of the file if present.
7996 A header definition.
7997 There may be any number of these lines.
7998 The order is important:
7999 they represent the order in the final message.
8000 These use the same syntax
8001 as header definitions in the configuration file.
8003 The controlling address.
8005 .q localuser:aliasname .
8006 Recipient addresses following this line
8007 will be flagged so that deliveries will be run as the
8009 (a user name from the /etc/passwd file);
8011 is the name of the alias that expanded to this address
8012 (used for printing messages).
8014 The ``original recipient'',
8015 specified by the ORCPT= field in an ESMTP transaction.
8016 Used exclusively for Delivery Status Notifications.
8017 It applies only to the immediately following `R' line.
8019 A recipient address.
8020 This will normally be completely aliased,
8021 but is actually realiased when the job is processed.
8022 There will be one line
8025 also include a leading colon-terminated list of flags,
8027 `S' to return a message on successful final delivery,
8028 `F' to return a message on failure,
8029 `D' to return a message if the message is delayed,
8030 `B' to indicate that the body should be returned,
8031 `N' to suppress returning the body,
8033 `P' to declare this as a ``primary'' (command line or SMTP-session) address.
8036 There may only be one of these lines.
8038 The job creation time.
8039 This is used to compute when to time out the job.
8041 The current message priority.
8042 This is used to order the queue.
8043 Higher numbers mean lower priorities.
8044 The priority changes
8045 as the message sits in the queue.
8046 The initial priority depends on the message class
8047 and the size of the message.
8050 This line is printed by the
8053 and is generally used to store status information.
8054 It can contain any text.
8056 Flag bits, represented as one letter per flag.
8057 Defined flag bits are
8059 indicating that this is a response message
8062 indicating that a warning message has been sent
8063 announcing that the mail has been delayed.
8065 The total number of delivery attempts.
8067 The time (as seconds since January 1, 1970)
8068 of the last delivery attempt.
8070 The i-number of the data file;
8071 this can be used to recover your mail queue
8072 after a disastrous disk crash.
8075 The values of certain macros
8076 (as of this writing, only
8080 are passed through to the queue run phase.
8083 The remainder of the line is a text string defining the body type.
8084 If this field is missing,
8085 the body type is assumed to be
8087 and no special processing is attempted.
8093 The original MTS value (from the ESMTP transaction).
8094 For Deliver Status Notifications only.
8096 The original envelope id (from the ESMTP transaction).
8097 For Deliver Status Notifications only.
8100 the following is a queue file sent to
8101 .q eric@mammoth.Berkeley.EDU
8103 .q bostic@okeeffe.CS.Berkeley.EDU \**:
8105 \**This example is contrived and probably inaccurate for your environment.
8106 Glance over it to get an idea;
8107 nothing can replace looking at what your own system generates.
8113 Ceric:sendmail@vangogh.CS.Berkeley.EDU
8114 Reric@mammoth.Berkeley.EDU
8115 Rbostic@okeeffe.CS.Berkeley.EDU
8116 H?P?Return-path: <owner-sendmail@vangogh.CS.Berkeley.EDU>
8117 HReceived: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
8118 Fri, 17 Jul 1992 00:28:55 -0700
8119 HReceived: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
8120 id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
8121 HReceived: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
8122 id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
8123 HReceived: by foo.bar.baz.de (5.57/Ultrix3.0-C)
8124 id AA22757; Fri, 17 Jul 1992 09:31:25 GMT
8125 H?F?From: eric@foo.bar.baz.de (Eric Allman)
8126 H?x?Full-name: Eric Allman
8127 HMessage-id: <9207170931.AA22757@foo.bar.baz.de>
8128 HTo: sendmail@vangogh.CS.Berkeley.EDU
8129 HSubject: this is an example message
8132 the person who sent the message,
8134 (in seconds since January 1, 1970),
8135 the message priority,
8138 and the headers for the message.
8139 .+c "SUMMARY OF SUPPORT FILES"
8141 This is a summary of the support files
8144 creates or generates.
8145 Many of these can be changed by editing the sendmail.cf file;
8146 check there to find the actual pathnames.
8148 .ip "/usr/\*(SD/sendmail"
8151 .ip /usr/\*(SB/newaliases
8152 A link to /usr/\*(SD/sendmail;
8153 causes the alias database to be rebuilt.
8154 Running this program is completely equivalent to giving
8159 .ip /usr/\*(SB/mailq
8160 Prints a listing of the mail queue.
8161 This program is equivalent to using the
8165 .ip /etc/sendmail.cf
8166 The configuration file,
8168 .ip /usr/lib/sendmail.hf
8170 .ip /etc/sendmail.st
8171 A statistics file; need not be present.
8172 .ip /etc/sendmail.pid
8173 Created in daemon mode;
8174 it contains the process id of the current SMTP daemon.
8175 If you use this in scripts;
8176 use ``head \-1'' to get just the first line;
8177 the second line contains the command line used to invoke the daemon,
8178 and later versions of
8180 may add more information to subsequent lines.
8182 The textual version of the alias file.
8187 .ip /etc/aliases.{pag,dir}
8191 .ip /var/spool/mqueue
8192 The directory in which the mail queue
8193 and temporary files reside.
8194 .ip /var/spool/mqueue/qf*
8195 Control (queue) files for messages.
8196 .ip /var/spool/mqueue/df*
8198 .ip /var/spool/mqueue/tf*
8199 Temporary versions of the qf files,
8200 used during queue file rebuild.
8201 .ip /var/spool/mqueue/xf*
8202 A transcript of the current session.
8209 This page intentionally left blank;
8210 replace it with a blank sheet for double-sided output.
8222 .\"INSTALLATION AND OPERATION GUIDE
8235 .\" remove some things to avoid "out of temp file space" problem
8255 This page intentionally left blank;
8256 replace it with a blank sheet for double-sided output.