1 .\" Copyright (c) 1998-2013 Proofpoint, Inc. and its suppliers.
2 .\" All rights reserved.
3 .\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
4 .\" Copyright (c) 1983, 1993
5 .\" The Regents of the University of California. All rights reserved.
7 .\" By using this file, you agree to the terms and conditions set
8 .\" forth in the LICENSE file which can be found at the top level of
9 .\" the sendmail distribution.
12 .\" $Id: op.me,v 8.759 2014-01-13 14:40:05 ca Exp $
14 .\" eqn op.me | pic | troff -me
16 .\" Define \(sc if not defined (for text output)
18 .if !c \(sc .char \(sc S
20 .\" Define \(dg as "*" for text output and create a new .DG macro
21 .\" which describes the symbol.
37 .\" Define \(dd as "#" for text output and create a new .DD macro
38 .\" which describes the symbol.
51 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
52 .oh 'Sendmail Installation and Operation Guide''SMM:08-%'
53 .\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin
55 .\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb
74 .b SENDMAIL\u\s-6TM\s0\d
77 .b "INSTALLATION AND OPERATION GUIDE"
80 This documentation is under modification.
93 .Ve $Revision: 8.759 $
96 For Sendmail Version 8.15
99 Sendmail is a trademark of Proofpoint, Inc.
100 US Patent Numbers 6865671, 6986037.
104 .i Sendmail \u\s-2TM\s0\d
105 implements a general purpose internetwork mail routing facility
108 It is not tied to any one transport protocol \*-
109 its function may be likened to a crossbar switch,
110 relaying messages from one domain into another.
112 it can do a limited amount of message header editing
113 to put the message into a format that is appropriate
114 for the receiving domain.
115 All of this is done under the control of a configuration file.
117 Due to the requirements of flexibility
120 the configuration file can seem somewhat unapproachable.
121 However, there are only a few basic configurations
123 for which standard configuration files have been supplied.
124 Most other configurations
125 can be built by adjusting an existing configuration file
130 RFC 821 (Simple Mail Transport Protocol),
131 RFC 822 (Internet Mail Headers Format),
132 RFC 974 (MX routing),
133 RFC 1123 (Internet Host Requirements),
134 RFC 1413 (Identification server),
135 RFC 1652 (SMTP 8BITMIME Extension),
136 RFC 1869 (SMTP Service Extensions),
137 RFC 1870 (SMTP SIZE Extension),
138 RFC 1891 (SMTP Delivery Status Notifications),
139 RFC 1892 (Multipart/Report),
140 RFC 1893 (Enhanced Mail System Status Codes),
141 RFC 1894 (Delivery Status Notifications),
142 RFC 1985 (SMTP Service Extension for Remote Message Queue Starting),
143 RFC 2033 (Local Message Transmission Protocol),
144 RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes),
146 RFC 2476 (Message Submission),
147 RFC 2487 (SMTP Service Extension for Secure SMTP over TLS),
148 RFC 2554 (SMTP Service Extension for Authentication),
149 RFC 2821 (Simple Mail Transfer Protocol),
150 RFC 2822 (Internet Message Format),
151 RFC 2852 (Deliver By SMTP Service Extension),
153 RFC 2920 (SMTP Service Extension for Command Pipelining).
156 is designed to work in a wider world,
157 in many cases it can be configured to exceed these protocols.
158 These cases are described herein.
163 without the need for monitoring,
164 it has a number of features
165 that may be used to monitor or adjust the operation
166 under unusual circumstances.
167 These features are described.
169 Section one describes how to do a basic
173 explains the day-to-day information you should know
174 to maintain your mail system.
175 If you have a relatively normal site,
176 these two sections should contain sufficient information
181 has information regarding the command line arguments.
183 describes some parameters that may be safely tweaked.
185 contains the nitty-gritty information about the configuration
187 This section is for masochists
188 and people who must write their own configuration file.
190 describes configuration that can be done at compile time.
191 The appendixes give a brief
192 but detailed explanation of a number of features
193 not described in the rest of the paper.
195 .sh 1 "BASIC INSTALLATION"
197 There are two basic steps to installing
199 First, you have to compile and install the binary.
202 has already been ported to your operating system
203 that should be simple.
204 Second, you must build a run-time configuration file.
207 reads when it starts up
208 that describes the mailers it knows about,
209 how to parse addresses,
210 how to rewrite the message header,
211 and the settings of various options.
212 Although the configuration file can be quite complex,
213 a configuration can usually be built
214 using an M4-based configuration language.
215 Assuming you have the standard
219 for further information.
221 The remainder of this section will describe the installation of
223 assuming you can use one of the existing configurations
224 and that the standard installation parameters are acceptable.
225 All pathnames and examples
226 are given from the root of the
230 .i /usr/src/usr.\*(SD/sendmail
231 on 4.4BSD-based systems.
233 Continue with the next section if you need/want to compile
236 If you have a running binary already on your system,
237 you should probably skip to section 1.2.
238 .sh 2 "Compiling Sendmail"
253 This will leave the binary in an appropriately named subdirectory,
256 It works for multiple object versions
257 compiled out of the same directory.
258 .sh 3 "Tweaking the Build Invocation"
260 You can give parameters on the
263 In most cases these are only used when the
265 directory is first created.
266 To restart from scratch, use
268 These commands include:
270 .ip "\-L \fIlibdirs\fP"
271 A list of directories to search for libraries.
272 .ip "\-I \fIincdirs\fP"
273 A list of directories to search for include files.
274 .ip "\-E \fIenvar\fP=\fIvalue\fP"
275 Set an environment variable to an indicated
282 .ip "\-f \fIsiteconfig\fP"
283 Read the indicated site configuration file.
284 If this parameter is not specified,
289 .i $BUILDTOOLS/Site/site.$oscf.m4
291 .i $BUILDTOOLS/Site/site.config.m4 ,
292 where $BUILDTOOLS is normally
294 and $oscf is the same name as used on the
297 See below for a description of the site configuration file.
299 Skip auto-configuration.
301 will avoid auto-detecting libraries if this is set.
302 All libraries and map definitions must be specified
303 in the site configuration file.
305 Most other parameters are passed to the
307 program; for details see
308 .i $BUILDTOOLS/README .
309 .sh 3 "Creating a Site Configuration File"
312 (This section is not yet complete.
313 For now, see the file devtools/README for details.)
314 See sendmail/README for various compilation flags that can be set.
315 .sh 3 "Tweaking the Makefile"
317 .\" .b "XXX This should all be in the Site Configuration File section."
319 supports two different formats
320 for the local (on disk) version of databases,
324 At least one of these should be defined if at all possible.
327 The ``new DBM'' format,
328 available on nearly all systems around today.
329 This was the preferred format prior to 4.4BSD.
330 It allows such complex things as multiple databases
331 and closing a currently open database.
333 The Berkeley DB package.
334 If you have this, use it.
337 multiple open databases,
338 real in-memory caching,
340 You can define this in conjunction with
343 old alias databases are read,
344 but when a new database is created it will be in NEWDB format.
346 if you have NEWDB, NDBM, and NIS defined,
347 and if the alias file name includes the substring
350 will create both new and old versions of the alias file
354 This is required because the Sun NIS/YP system
355 reads the DBM version of the alias file.
359 If neither of these are defined,
361 reads the alias file into memory on every invocation.
362 This can be slow and should be avoided.
363 There are also several methods for remote database access:
365 Lightweight Directory Access Protocol.
367 Sun's Network Information Services (formerly YP).
371 NeXT's NetInfo service.
373 Hesiod service (from Athena).
375 Other compilation flags are set in
377 and should be predefined for you
378 unless you are porting to a new environment.
381 .sh 3 "Compilation and installation"
383 After making the local system configuration described above,
384 You should be able to compile and install the system.
387 is the best approach on most systems:
393 to create a custom Makefile for your environment.
395 If you are installing in the standard places,
396 you should be able to install using
400 This should install the binary in
402 and create links from
403 /usr/\*(SB/newaliases
408 On most systems it will also format and install man pages.
409 Notice: as of version 8.12
411 will no longer be installed set-user-ID root by default.
412 If you really want to use the old method, you can specify it as target:
414 \&./Build install-set-user-id
416 .sh 2 "Configuration Files"
419 cannot operate without a configuration file.
420 The configuration defines the mail delivery mechanisms understood at this site,
422 how to forward email to remote mail systems,
423 and a number of tuning parameters.
424 This configuration file is detailed
425 in the later portion of this document.
429 configuration can be daunting at first.
430 The world is complex,
431 and the mail configuration reflects that.
432 The distribution includes an m4-based configuration package
433 that hides a lot of the complexity.
438 Our configuration files are processed by
440 to facilitate local customization;
445 distribution directory
446 contains the source files.
447 This directory contains several subdirectories:
450 Both site-dependent and site-independent descriptions of hosts.
451 These can be literal host names
454 when the hosts are gateways
455 or more general descriptions
457 .q "generic-solaris2.mc"
458 as a general description of an SMTP-connected host
462 (``M4 Configuration'')
463 are the input descriptions;
464 the output is in the corresponding
467 The general structure of these files is described below.
469 Site-dependent subdomain descriptions.
470 These are tied to the way your organization wants to do addressing.
472 .b domain/CS.Berkeley.EDU.m4
473 is our description for hosts in the CS.Berkeley.EDU subdomain.
474 These are referenced using the
481 Definitions of specific features that some particular host in your site
483 These are referenced using the
487 An example feature is
491 to read an /etc/mail/local-host-names file on startup
492 to find the set of local names).
494 Local hacks, referenced using the
499 The point of having them here is to make it clear that they smell.
503 include files that have information common to all configuration files.
504 This can be thought of as a
508 Definitions of mailers,
513 The mailer types that are known in this distribution are
519 For example, to include support for the UUCP-based mailers,
523 Definitions describing various operating system environments
524 (such as the location of support files).
525 These are referenced using the
530 Shell files used by the
533 You shouldn't have to mess with these.
535 Local UUCP connectivity information.
536 This directory has been supplanted by the mailertable feature;
537 any new configurations should use that feature to do UUCP
539 The use of this directory is deprecated.
541 If you are in a new domain
543 you will probably want to create a
545 file for your domain.
546 This consists primarily of relay definitions
547 and features you want enabled site-wide:
548 for example, Berkeley's domain definition
552 These are specific to Berkeley,
553 and should be fully-qualified internet-style domain names.
554 Please check to make certain they are reasonable for your domain.
556 Subdomains at Berkeley are also represented in the
562 is the Computer Science subdomain,
564 is the Electrical Engineering and Computer Sciences subdomain,
567 is the Sequoia 2000 subdomain.
568 You will probably have to add an entry to this directory
569 to be appropriate for your domain.
571 You will have to use or create
575 subdirectory for your hosts.
576 This is detailed in the
579 .sh 2 "Details of Installation Files"
581 This subsection describes the files that
585 .sh 3 "/usr/\*(SD/sendmail"
589 is located in /usr/\*(SD\**.
593 on 4.4BSD and newer systems;
594 many systems install it in
596 I understand it is in /usr/ucblib
597 on System V Release 4.
599 It should be set-group-ID smmsp as described in
601 For security reasons,
602 /, /usr, and /usr/\*(SD
603 should be owned by root, mode 0755\**.
605 \**Some vendors ship them owned by bin;
606 this creates a security hole that is not actually related to
608 Other important directories that should have restrictive ownerships
610 /bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib.
612 .sh 3 "/etc/mail/sendmail.cf"
614 This is the main configuration file for
617 \**Actually, the pathname varies depending on the operating system;
618 /etc/mail is the preferred directory.
619 Some older systems install it in
620 .b /usr/lib/sendmail.cf ,
621 and I've also seen it in
623 If you want to move this file,
624 add -D_PATH_SENDMAILCF=\e"/file/name\e"
625 to the flags passed to the C compiler.
626 Moving this file is not recommended:
627 other programs and scripts know of this location.
629 This is one of the two non-library file names compiled into
631 the other is /etc/mail/submit.cf.
633 \**The system libraries can reference other files;
634 in particular, system library subroutines that
636 calls probably reference
639 .i /etc/resolv.conf .
642 The configuration file is normally created
643 using the distribution files described above.
644 If you have a particularly unusual system configuration
645 you may need to create a special version.
646 The format of this file is detailed in later sections
648 .sh 3 "/etc/mail/submit.cf"
650 This is the configuration file for
652 when it is used for initial mail submission, in which case
653 it is also called ``Mail Submission Program'' (MSP)
654 in contrast to ``Mail Transfer Agent'' (MTA).
655 Starting with version 8.12,
657 uses one of two different configuration files based on its operation mode
661 For initial mail submission, i.e., if one of the options
667 is specified, submit.cf is used (if available),
668 for other operations sendmail.cf is used.
669 Details can be found in
670 .i sendmail/SECURITY .
671 submit.cf is shipped with sendmail (in cf/cf/) and is installed by default.
672 If changes to the configuration need to be made, start with
673 cf/cf/submit.mc and follow the instruction in cf/README.
674 .sh 3 "/usr/\*(SB/newaliases"
678 command should just be a link to
681 rm \-f /usr/\*(SB/newaliases
682 ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
684 This can be installed in whatever search path you prefer
686 .sh 3 "/usr/\*(SB/hoststat"
690 command should just be a link to
692 in a fashion similar to
694 This command lists the status of the last mail transaction
695 with all remote hosts. The
697 flag will prevent the status display from being truncated.
698 It functions only when the
699 .b HostStatusDirectory
701 .sh 3 "/usr/\*(SB/purgestat"
703 This command is also a link to
705 It flushes expired (Timeout.hoststatus) information that is stored in the
706 .b HostStatusDirectory
708 .sh 3 "/var/spool/mqueue"
712 should be created to hold the mail queue.
713 This directory should be mode 0700
716 The actual path of this directory
722 To use multiple queues,
723 supply a value ending with an asterisk.
725 .i /var/spool/mqueue/qd*
726 will use all of the directories or symbolic links to directories
727 beginning with `qd' in
729 as queue directories.
730 Do not change the queue directory structure
731 while sendmail is running.
733 If these directories have subdirectories or symbolic links to directories
734 named `qf', `df', and `xf', then these will be used for the different
736 That is, the data files are stored in the `df' subdirectory,
737 the transcript files are stored in the `xf' subdirectory, and
738 all others are stored in the `qf' subdirectory.
740 If shared memory support is compiled in,
742 stores the available diskspace in a shared memory segment
743 to make the values readily available to all children without
744 incurring system overhead.
745 In this case, only the daemon updates the data;
746 i.e., the sendmail daemon creates the shared memory segment
747 and deletes it if it is terminated.
750 must have been compiled with support for shared memory
755 Notice: do not use the same key for
757 invocations with different queue directories
758 or different queue group declarations.
759 Access to shared memory is not controlled by locks,
760 i.e., there is a race condition when data in the shared memory is updated.
761 However, since operation of
763 does not rely on the data in the shared memory, this does not negatively
764 influence the behavior.
765 .sh 3 "/var/spool/clientmqueue"
768 .i /var/spool/clientmqueue
769 should be created to hold the mail queue.
770 This directory should be mode 0770
771 and owned by user smmsp, group smmsp.
773 The actual path of this directory
779 .sh 3 "/var/spool/mqueue/.hoststat"
781 This is a typical value for the
782 .b HostStatusDirectory
784 containing one file per host
785 that this sendmail has chatted with recently.
786 It is normally a subdirectory of
788 .sh 3 "/etc/mail/aliases*"
790 The system aliases are held in
791 .q /etc/mail/aliases .
794 which includes some aliases which
798 cp sendmail/aliases /etc/mail/aliases
799 .i "edit /etc/mail/aliases"
801 You should extend this file with any aliases that are apropos to your system.
805 looks at a database version of the files,
807 .q /etc/mail/aliases.dir
809 .q /etc/mail/aliases.pag
811 .q /etc/mail/aliases.db
812 depending on which database package you are using.
813 The actual path of this file
820 The permissions of the alias file and the database versions
821 should be 0640 to prevent local denial of service attacks
822 as explained in the top level
824 in the sendmail distribution.
825 If the permissions 0640 are used, be sure that only trusted users belong
826 to the group assigned to those files. Otherwise, files should not even
828 .sh 3 "/etc/rc or /etc/init.d/sendmail"
830 It will be necessary to start up the
832 daemon when your system reboots.
833 This daemon performs two functions:
834 it listens on the SMTP socket for connections
835 (to receive mail from a remote system)
836 and it processes the queue periodically
837 to insure that mail gets delivered when hosts come up.
839 If necessary, add the following lines to
844 in the area where it is starting up the daemons
845 on a BSD-base system,
846 or on a System-V-based system
847 in one of the startup files, typically
848 .q /etc/init.d/sendmail :
850 if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
851 (cd /var/spool/mqueue; rm \-f xf*)
852 /usr/\*(SD/sendmail \-bd \-q30m &
853 echo \-n ' sendmail' >/dev/console
860 commands insure that all transcript files have been removed;
861 extraneous transcript files may be left around
862 if the system goes down in the middle of processing a message.
863 The line that actually invokes
867 causes it to listen on the SMTP port,
870 causes it to run the queue every half hour.
872 Some people use a more complex startup script,
873 removing zero length qf/hf/Qf files and df files for which there is no
875 Note this is not advisable.
876 For example, see Figure 1
877 for an example of a complex script which does this clean up.
881 # remove zero length qf/hf/Qf files
882 for qffile in qf* hf* Qf*
888 echo \-n " <zero: $qffile>" > /dev/console
893 # rename tf files to be qf if the qf does not exist
896 qffile=`echo $tffile | sed 's/t/q/'`
897 if [ \-r $tffile \-a ! \-f $qffile ]
899 echo \-n " <recovering: $tffile>" > /dev/console
904 echo \-n " <extra: $tffile>" > /dev/console
909 # remove df files with no corresponding qf/hf/Qf files
912 qffile=`echo $dffile | sed 's/d/q/'`
913 hffile=`echo $dffile | sed 's/d/h/'`
914 Qffile=`echo $dffile | sed 's/d/Q/'`
915 if [ \-r $dffile \-a ! \-f $qffile \-a ! \-f $hffile \-a ! \-f $Qffile ]
917 echo \-n " <incomplete: $dffile>" > /dev/console
918 mv $dffile `echo $dffile | sed 's/d/D/'`
921 # announce files that have been saved during disaster recovery
922 for xffile in [A-Z]f*
926 echo \-n " <panic: $xffile>" > /dev/console
931 Figure 1 \(em A complex startup script
934 .sh 3 "/etc/mail/helpfile"
936 This is the help file used by the SMTP
939 It should be copied from
940 .q sendmail/helpfile :
942 cp sendmail/helpfile /etc/mail/helpfile
944 The actual path of this file
950 .sh 3 "/etc/mail/statistics"
952 If you wish to collect statistics
953 about your mail traffic,
954 you should create the file
955 .q /etc/mail/statistics :
957 cp /dev/null /etc/mail/statistics
958 chmod 0600 /etc/mail/statistics
960 This file does not grow.
961 It is printed with the program
962 .q mailstats/mailstats.c.
963 The actual path of this file
969 .sh 3 "/usr/\*(SB/mailq"
980 will print the contents of the mail queue;
982 This should be a link to /usr/\*(SD/sendmail.
986 stores its current pid in the file specified by the
988 option (default is _PATH_SENDMAILPID).
992 (which defaults to 0600) as
993 the permissions of that file
994 to prevent local denial of service attacks
995 as explained in the top level
997 in the sendmail distribution.
998 If the file already exists, then it might be necessary to
999 change the permissions accordingly, e.g.,
1001 chmod 0600 /var/run/sendmail.pid
1003 Note that as of version 8.13, this file is unlinked when
1006 As a result of this change, a script such as the following,
1007 which may have worked prior to 8.13, will no longer work:
1009 # stop & start sendmail
1010 PIDFILE=/var/run/sendmail.pid
1011 kill `head -1 $PIDFILE`
1014 because it assumes that the pidfile will still exist even
1015 after killing the process to which it refers.
1016 Below is a script which will work correctly
1017 on both newer and older versions:
1019 # stop & start sendmail
1020 PIDFILE=/var/run/sendmail.pid
1021 pid=`head -1 $PIDFILE`
1022 cmd=`tail -1 $PIDFILE`
1026 This is just an example script, it does not perform any error checks,
1027 e.g., whether the pidfile exists at all.
1030 To prevent local denial of service attacks
1031 as explained in the top level
1033 in the sendmail distribution,
1034 the permissions of map files created by
1037 The use of 0640 implies that only trusted users belong to the group
1038 assigned to those files.
1039 If those files already exist, then it might be necessary to
1040 change the permissions accordingly, e.g.,
1043 chmod 0640 *.db *.pag *.dir
1045 .sh 1 "NORMAL OPERATIONS"
1046 .sh 2 "The System Log"
1048 The system log is supported by the
1053 are logged under the
1057 \**Except on Ultrix,
1058 which does not support facilities in the syslog.
1062 Each line in the system log
1063 consists of a timestamp,
1064 the name of the machine that generated it
1065 (for logging from several machines
1066 over the local area network),
1071 \**This format may vary slightly if your vendor has changed
1074 Most messages are a sequence of
1080 The two most common lines are logged when a message is processed.
1081 The first logs the receipt of a message;
1082 there will be exactly one of these per message.
1083 Some fields may be omitted if they do not contain interesting information.
1086 The envelope sender address.
1088 The size of the message in bytes.
1090 The class (i.e., numeric precedence) of the message.
1092 The initial message priority (used for queue sorting).
1094 The number of envelope recipients for this message
1095 (after aliasing and forwarding).
1097 The message id of the message (from the header).
1099 The message body type (7BIT or 8BITMIME),
1100 as determined from the envelope.
1102 The protocol used to receive this message (e.g., ESMTP or UUCP)
1104 The daemon name from the
1105 .b DaemonPortOptions
1108 The machine from which it was received.
1110 There is also one line logged per delivery attempt
1111 (so there can be several per message if delivery is deferred
1112 or there are multiple recipients).
1115 A comma-separated list of the recipients to this mailer.
1117 The ``controlling user'', that is, the name of the user
1118 whose credentials we use for delivery.
1120 The total delay between the time this message was received
1121 and the current delivery attempt.
1123 The amount of time needed in this delivery attempt
1124 (normally indicative of the speed of the connection).
1126 The name of the mailer used to deliver to this recipient.
1128 The name of the host that actually accepted (or rejected) this recipient.
1130 The enhanced error code (RFC 2034) if available.
1132 The delivery status.
1134 Not all fields are present in all messages;
1135 for example, the relay is usually not listed for local deliveries.
1140 or an equivalent installed,
1141 you will be able to do logging.
1142 There is a large amount of information that can be logged.
1143 The log is arranged as a succession of levels.
1145 only extremely strange situations are logged.
1146 At the highest level,
1147 even the most mundane and uninteresting events
1148 are recorded for posterity.
1150 log levels under ten
1151 are considered generally
1154 are reserved for debugging purposes.
1155 Levels from 11\-64 are reserved for verbose information
1156 that some sites might want.
1158 A complete description of the log levels
1159 is given in section ``Log Level''.
1160 .sh 2 "Dumping State"
1164 to log a dump of the open files
1165 and the connection cache
1169 The results are logged at
1172 .sh 2 "The Mail Queues"
1174 Mail messages may either be delivered immediately or be held for later
1176 Held messages are placed into a holding directory called a mail queue.
1178 A mail message may be queued for these reasons:
1180 If a mail message is temporarily undeliverable, it is queued
1181 and delivery is attempted later.
1182 If the message is addressed to multiple recipients, it is queued
1183 only for those recipients to whom delivery is not immediately possible.
1185 If the SuperSafe option is set to true,
1186 all mail messages are queued while delivery is attempted.
1188 If the DeliveryMode option is set to queue-only or defer,
1189 all mail is queued, and no immediate delivery is attempted.
1191 If the load average becomes higher than the value of the QueueLA option
1196 option divided by the difference in the current load average and the
1199 is less than the priority of the message,
1200 messages are queued rather than immediately delivered.
1202 One or more addresses are marked as expensive and delivery is postponed
1203 until the next queue run or one or more address are marked as held via
1204 mailer which uses the hold mailer flag.
1206 The mail message has been marked as quarantined via a mail filter or
1208 .sh 3 "Queue Groups and Queue Directories"
1210 There are one or more mail queues.
1211 Each mail queue belongs to a queue group.
1212 There is always a default queue group that is called ``mqueue''
1213 (which is where messages go by default unless otherwise specified).
1214 The directory or directories which comprise the default queue group
1215 are specified by the QueueDirectory option.
1216 There are zero or more
1217 additional named queue groups declared using the
1219 command in the configuration file.
1221 By default, a queued message is placed in the queue group
1222 associated with the first recipient in the recipient list.
1223 A recipient address is mapped to a queue group as follows.
1224 First, if there is a ruleset called ``queuegroup'',
1225 and if this ruleset maps the address to a queue group name,
1226 then that queue group is chosen.
1227 That is, the argument for the ruleset is the recipient address
1228 and the result should be
1230 followed by the name of a queue group.
1231 Otherwise, if the mailer associated with the address specifies
1232 a queue group, then that queue group is chosen.
1233 Otherwise, the default queue group is chosen.
1235 A message with multiple recipients will be split
1236 if different queue groups are chosen
1237 by the mapping of recipients to queue groups.
1239 When a message is placed in a queue group, and the queue group has
1240 more than one queue, a queue is selected randomly.
1242 If a message with multiple recipients is placed into a queue group
1243 with the 'r' option (maximum number of recipients per message)
1244 set to a positive value
1246 and if there are more than
1249 in the message, then the message will be split into multiple messages,
1250 each of which have at most
1254 Notice: if multiple queue groups are used, do
1256 move queue files around, e.g., into a different queue directory.
1257 This may have weird effects and can cause mail not to be delivered.
1258 Queue files and directories should be treated as opaque
1259 and should not be manipulated directly.
1263 has two different ways to process the queue(s).
1264 The first one is to start queue runners after certain intervals
1265 (``normal'' queue runners),
1266 the second one is to keep queue runner processes around
1267 (``persistent'' queue runners).
1268 How to select either of these types is discussed in the appendix
1269 ``COMMAND LINE FLAGS''.
1270 Persistent queue runners have the advantage that no new processes
1271 need to be spawned at certain intervals; they just sleep for
1272 a specified time after they finished a queue run.
1273 Another advantage of persistent queue runners is that only one process
1274 belonging to a workgroup (a workgroup is a set of queue groups)
1275 collects the data for a queue run
1276 and then multiple queue runner may go ahead using that data.
1277 This can significantly reduce the disk I/O necessary to read the
1278 queue files compared to starting multiple queue runners directly.
1279 Their disadvantage is that a new queue run is only started
1280 after all queue runners belonging to a group finished their tasks.
1281 In case one of the queue runners tries delivery to a slow recipient site
1282 at the end of a queue run, the next queue run may be substantially delayed.
1283 In general this should be smoothed out due to the distribution of
1284 those slow jobs, however, for sites with small number of
1285 queue entries this might introduce noticable delays.
1286 In general, persistent queue runners are only useful for
1287 sites with big queues.
1288 .sh 3 "Manual Intervention"
1290 Under normal conditions the mail queue will be processed transparently.
1291 However, you may find that manual intervention is sometimes necessary.
1293 if a major host is down for a period of time
1294 the queue may become clogged.
1297 ought to recover gracefully when the host comes up,
1298 you may find performance unacceptably bad in the meantime.
1299 In that case you want to check the content of the queue
1300 and manipulate it as explained in the next two sections.
1301 .sh 3 "Printing the queue"
1303 The contents of the queue(s) can be printed
1307 (or by specifying the
1314 This will produce a listing of the queue id's,
1315 the size of the message,
1316 the date the message entered the queue,
1317 and the sender and recipients.
1318 If shared memory support is compiled in,
1321 can be used to print the number of entries in the queue(s),
1322 provided a process updates the data.
1323 However, as explained earlier, the output might be slightly wrong,
1324 since access to the shared memory is not locked.
1326 ``unknown number of entries''
1328 The internal counters are updated after each queue run
1329 to the correct value again.
1330 .sh 3 "Forcing the queue"
1333 should run the queue automatically at intervals.
1334 When using multiple queues,
1335 a separate process will by default be created to
1336 run each of the queues
1337 unless the queue run is initiated by a user
1338 with the verbose flag.
1339 The algorithm is to read and sort the queue,
1340 and then to attempt to process all jobs in order.
1341 When it attempts to run the job,
1343 first checks to see if the job is locked.
1344 If so, it ignores the job.
1346 There is no attempt to insure that only one queue processor
1348 since there is no guarantee that a job cannot take forever
1352 does include heuristics to try to abort jobs
1353 that are taking absurd amounts of time;
1354 technically, this violates RFC 821, but is blessed by RFC 1123).
1355 Due to the locking algorithm,
1356 it is impossible for one job to freeze the entire queue.
1358 an uncooperative recipient host
1359 or a program recipient
1361 can accumulate many processes in your system.
1363 there is no completely general way to solve this.
1366 you may find that a major host going down
1367 for a couple of days
1368 may create a prohibitively large queue.
1371 spending an inordinate amount of time
1373 This situation can be fixed by moving the queue to a temporary place
1374 and creating a new queue.
1375 The old queue can be run later when the offending host returns to service.
1378 it is acceptable to move the entire queue directory:
1381 mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue
1383 You should then kill the existing daemon
1384 (since it will still be processing in the old queue directory)
1385 and create a new daemon.
1387 To run the old mail queue, issue the following command:
1389 /usr/\*(SD/sendmail \-C /etc/mail/queue.cf \-q
1393 flag specifies an alternate configuration file
1395 which should refer to the moved queue directory
1397 O QueueDirectory=/var/spool/omqueue
1401 flag says to just run every job in the queue.
1402 You can also specify the moved queue directory on the command line
1404 /usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
1406 but this requires that you do not have
1407 queue groups in the configuration file,
1408 because those are not subdirectories of the moved directory.
1409 See the section about ``Queue Group Declaration'' for details;
1410 you most likely need a different configuration file to correctly deal
1412 However, a proper configuration of queue groups should avoid
1413 filling up queue directories, so you shouldn't run into
1415 If you have a tendency toward voyeurism,
1418 flag to watch what is going on.
1420 When the queue is finally emptied,
1421 you can remove the directory:
1423 rmdir /var/spool/omqueue
1425 .sh 3 "Quarantined Queue Items"
1427 It is possible to "quarantine" mail messages,
1428 otherwise known as envelopes.
1429 Envelopes (queue files) are stored but not considered for delivery or
1430 display unless the "quarantine" state of the envelope is undone or
1431 delivery or display of quarantined items is requested.
1432 Quarantined messages are tagged by using a different name for the queue
1433 file, 'hf' instead of 'qf', and by adding the quarantine reason to the
1436 Delivery or display of quarantined items can be requested using the
1442 Additionally, messages already in the queue can be quarantined or
1443 unquarantined using the new
1448 sendmail -Qreason -q[!][I|R|S][matchstring]
1450 Quarantines the normal queue items matching the criteria specified by the
1451 .b "-q[!][I|R|S][matchstring]"
1452 using the reason given on the
1457 sendmail -qQ -Q[reason] -q[!][I|R|S|Q][matchstring]
1459 Change the quarantine reason for the quarantined items matching the
1460 criteria specified by the
1461 .b "-q[!][I|R|S|Q][matchstring]"
1462 using the reason given on the
1465 If there is no reason,
1466 unquarantine the matching items and make them normal queue items.
1469 flag tells sendmail to operate on quarantined items instead of normal items.
1470 .sh 2 "Disk Based Connection Information"
1473 stores a large amount of information about each remote system it
1474 has connected to in memory. It is possible to preserve some
1475 of this information on disk as well, by using the
1476 .b HostStatusDirectory
1477 option, so that it may be shared between several invocations of
1479 This allows mail to be queued immediately or skipped during a queue run if
1480 there has been a recent failure in connecting to a remote machine.
1481 Note: information about a remote system is stored in a file
1482 whose pathname consists of the components of the hostname in reverse order.
1483 For example, the information for
1486 .b com./example./host .
1487 For top-level domains like
1489 this can create a large number of subdirectories
1490 which on some filesystems can exhaust some limits.
1491 Moreover, the performance of lookups in directory with thousands of entries
1492 can be fairly slow depending on the filesystem implementation.
1494 Additionally enabling
1495 .b SingleThreadDelivery
1496 has the added effect of single-threading mail delivery to a destination.
1497 This can be quite helpful
1498 if the remote machine is running an SMTP server that is easily overloaded
1499 or cannot accept more than a single connection at a time,
1500 but can cause some messages to be punted to a future queue run.
1503 hosts, so setting this because you have one machine on site
1504 that runs some software that is easily overrun
1505 can cause mail to other hosts to be slowed down.
1506 If this option is set,
1507 you probably want to set the
1509 option as well and run the queue fairly frequently;
1510 this way jobs that are skipped because another
1512 is talking to the same host will be tried again quickly
1513 rather than being delayed for a long time.
1515 The disk based host information is stored in a subdirectory of the
1520 \**This is the usual value of the
1521 .b HostStatusDirectory
1523 it can, of course, go anywhere you like in your filesystem.
1525 Removing this directory and its subdirectories has an effect similar to
1528 command and is completely safe.
1531 only removes expired (Timeout.hoststatus) data.
1532 The information in these directories can
1535 command, which will indicate the host name, the last access, and the
1536 status of that access.
1537 An asterisk in the left most column indicates that a
1539 process currently has the host locked for mail delivery.
1541 The disk based connection information is treated the same way as memory based
1542 connection information for the purpose of timeouts.
1543 By default, information about host failures is valid for 30 minutes.
1544 This can be adjusted with
1546 .b Timeout.hoststatus
1549 The connection information stored on disk may be expired at any time
1552 command or by invoking sendmail with the
1555 The connection information may be viewed with the
1557 command or by invoking sendmail with the
1560 .sh 2 "The Service Switch"
1562 The implementation of certain system services
1563 such as host and user name lookup
1564 is controlled by the service switch.
1565 If the host operating system supports such a switch,
1566 and sendmail knows about it,
1568 will use the native version.
1569 Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**.
1571 \**HP-UX 10 has service switch support,
1572 but since the APIs are apparently not available in the libraries
1574 does not use the native service switch in this release.
1577 If the underlying operating system does not support a service switch
1578 (e.g., SunOS 4.X, HP-UX, BSD)
1581 will provide a stub implementation.
1583 .b ServiceSwitchFile
1584 option points to the name of a file that has the service definitions.
1585 Each line has the name of a service
1586 and the possible implementations of that service.
1587 For example, the file:
1594 to look for hosts in the Domain Name System first.
1595 If the requested host name is not found, it tries local files,
1596 and if that fails it tries NIS.
1597 Similarly, when looking for aliases
1598 it will try the local files first followed by NIS.
1602 must access MX records for correct operation, it will use
1603 DNS if it is configured in the
1604 .b ServiceSwitchFile
1610 will not avoid DNS lookups even if a host can be found
1613 Service switches are not completely integrated.
1614 For example, despite the fact that the host entry listed in the above example
1615 specifies to look in NIS,
1616 on SunOS this won't happen because the system implementation of
1617 .i gethostbyname \|(3)
1618 doesn't understand this.
1619 .sh 2 "The Alias Database"
1621 After recipient addresses are read from the SMTP connection
1623 they are parsed by ruleset 0,
1624 which must resolve to a
1630 If the flags selected by the
1637 part of the triple is looked up as the key
1638 (i.e., the left hand side)
1639 in the alias database.
1640 If there is a match, the address is deleted from the send queue
1641 and all addresses on the right hand side of the alias
1642 are added in place of the alias that was found.
1643 This is a recursive operation,
1644 so aliases found in the right hand side of the alias
1645 are similarly expanded.
1647 The alias database exists in two forms.
1649 maintained in the file
1650 .i /etc/mail/aliases.
1651 The aliases are of the form
1653 name: name1, name2, ...
1655 Only local names may be aliased;
1658 eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU
1660 will not have the desired effect
1661 (except on prep.ai.MIT.EDU,
1662 and they probably don't want me)\**.
1664 \**Actually, any mailer that has the `A' mailer flag set
1665 will permit aliasing;
1666 this is normally limited to the local mailer.
1668 Aliases may be continued by starting any continuation lines
1669 with a space or a tab or by putting a backslash directly before
1671 Blank lines and lines beginning with a sharp sign
1676 The second form is processed by the
1681 package does not work.
1683 or the Berkeley DB library.
1684 This form is in the file
1685 .i /etc/mail/aliases.db
1688 .i /etc/mail/aliases.dir
1690 .i /etc/mail/aliases.pag
1692 This is the form that
1694 actually uses to resolve aliases.
1695 This technique is used to improve performance.
1697 The control of search order is actually set by the service switch.
1698 Essentially, the entry
1700 O AliasFile=switch:aliases
1702 is always added as the first alias entry;
1703 also, the first alias file name without a class
1707 will be used as the name of the file for a ``files'' entry
1708 in the aliases switch.
1709 For example, if the configuration file contains
1711 O AliasFile=/etc/mail/aliases
1713 and the service switch contains
1715 aliases nis files nisplus
1717 then aliases will first be searched in the NIS database,
1718 then in /etc/mail/aliases,
1719 then in the NIS+ database.
1724 For example, the specification:
1726 O AliasFile=/etc/mail/aliases
1727 O AliasFile=nis:mail.aliases@my.nis.domain
1729 will first search the /etc/mail/aliases file
1730 and then the map named
1734 Warning: if you build your own
1737 be sure to provide the
1741 to map upper case letters in the keys to lower case;
1742 otherwise, aliases with upper case letters in their names
1743 won't match incoming addresses.
1745 Additional flags can be added after the colon
1748 line \(em for example:
1750 O AliasFile=nis:\-N mail.aliases@my.nis.domain
1752 will search the appropriate NIS map and always include null bytes in the key.
1755 O AliasFile=nis:\-f mail.aliases@my.nis.domain
1757 will prevent sendmail from downcasing the key before the alias lookup.
1758 .sh 3 "Rebuilding the alias database"
1764 version of the database
1765 may be rebuilt explicitly by executing the command
1769 This is equivalent to giving
1775 /usr/\*(SD/sendmail \-bi
1778 If you have multiple aliases databases specified,
1781 flag rebuilds all the database types it understands
1782 (for example, it can rebuild NDBM databases but not NIS databases).
1783 .sh 3 "Potential problems"
1785 There are a number of problems that can occur
1786 with the alias database.
1787 They all result from a
1789 process accessing the DBM version
1790 while it is only partially built.
1791 This can happen under two circumstances:
1792 One process accesses the database
1793 while another process is rebuilding it,
1794 or the process rebuilding the database dies
1795 (due to being killed or a system crash)
1796 before completing the rebuild.
1798 Sendmail has three techniques to try to relieve these problems.
1799 First, it ignores interrupts while rebuilding the database;
1800 this avoids the problem of someone aborting the process
1801 leaving a partially rebuilt database.
1803 it locks the database source file during the rebuild \(em
1804 but that may not work over NFS or if the file is unwritable.
1806 at the end of the rebuild
1807 it adds an alias of the form
1811 (which is not normally legal).
1814 will access the database,
1815 it checks to insure that this entry exists\**.
1819 option is required in the configuration
1820 for this action to occur.
1821 This should normally be specified.
1825 If an error occurs on sending to a certain address,
1829 will look for an alias
1832 to receive the errors.
1833 This is typically useful
1835 where the submitter of the list
1836 has no control over the maintenance of the list itself;
1837 in this case the list maintainer would be the owner of the list.
1840 unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
1842 owner-unix-wizards: unix-wizards-request
1843 unix-wizards-request: eric@ucbarpa
1847 to get the error that will occur
1848 when someone sends to
1850 due to the inclusion of
1854 List owners also cause the envelope sender address to be modified.
1855 The contents of the owner alias are used if they point to a single user,
1856 otherwise the name of the alias itself is used.
1857 For this reason, and to obey Internet conventions,
1860 address normally points at the
1862 address; this causes messages to go out with the typical Internet convention
1865 as the return address.
1866 .sh 2 "User Information Database"
1868 This option is deprecated, use virtusertable and genericstable instead
1871 If you have a version of
1873 with the user information database
1875 and you have specified one or more databases using the
1878 the databases will be searched for a
1881 If found, the mail will be sent to the specified address.
1882 .sh 2 "Per-User Forwarding (.forward Files)"
1884 As an alternative to the alias database,
1885 any user may put a file with the name
1887 in his or her home directory.
1888 If this file exists,
1890 redirects mail for that user
1891 to the list of addresses listed in the .forward file.
1892 Note that aliases are fully expanded before forward files are referenced.
1893 For example, if the home directory for user
1895 has a .forward file with contents:
1900 then any mail arriving for
1902 will be redirected to the specified accounts.
1904 Actually, the configuration file defines a sequence of filenames to check.
1905 By default, this is the user's .forward file,
1906 but can be defined to be more generally using the
1910 you will have to inform your user base of the change;
1911 \&.forward is pretty well incorporated into the collective subconscious.
1912 .sh 2 "Special Header Lines"
1914 Several header lines have special interpretations
1915 defined by the configuration file.
1916 Others have interpretations built into
1918 that cannot be changed without changing the code.
1919 These built-ins are described here.
1922 If errors occur anywhere during processing,
1923 this header will cause error messages to go to
1924 the listed addresses.
1925 This is intended for mailing lists.
1927 The Errors-To: header was created in the bad old days
1928 when UUCP didn't understand the distinction between an envelope and a header;
1929 this was a hack to provide what should now be passed
1930 as the envelope sender address.
1932 It is only used if the
1936 The Errors-To: header is officially deprecated
1937 and will go away in a future release.
1938 .sh 3 "Apparently-To:"
1940 RFC 822 requires at least one recipient field
1941 (To:, Cc:, or Bcc: line)
1943 If a message comes in with no recipients listed in the message
1946 will adjust the header based on the
1947 .q NoRecipientAction
1949 One of the possible actions is to add an
1951 header line for any recipients it is aware of.
1953 The Apparently-To: header is non-standard
1954 and is both deprecated and strongly discouraged.
1957 The Precedence: header can be used as a crude control of message priority.
1958 It tweaks the sort order in the queue
1959 and can be configured to change the message timeout values.
1960 The precedence of a message also controls how
1961 delivery status notifications (DSNs)
1962 are processed for that message.
1963 .sh 2 "IDENT Protocol Support"
1966 supports the IDENT protocol as defined in RFC 1413.
1967 Note that the RFC states
1968 a client should wait at least 30 seconds for a response.
1969 The default Timeout.ident is 5 seconds
1970 as many sites have adopted the practice of dropping IDENT queries.
1971 This has lead to delays processing mail.
1972 Although this enhances identification
1973 of the author of an email message
1974 by doing a ``call back'' to the originating system to include
1975 the owner of a particular TCP connection
1977 it is in no sense perfect;
1978 a determined forger can easily spoof the IDENT protocol.
1979 The following description is excerpted from RFC 1413:
1982 6. Security Considerations
1984 The information returned by this protocol is at most as trustworthy
1985 as the host providing it OR the organization operating the host. For
1986 example, a PC in an open lab has few if any controls on it to prevent
1987 a user from having this protocol return any identifier the user
1988 wants. Likewise, if the host has been compromised the information
1989 returned may be completely erroneous and misleading.
1991 The Identification Protocol is not intended as an authorization or
1992 access control protocol. At best, it provides some additional
1993 auditing information with respect to TCP connections. At worst, it
1994 can provide misleading, incorrect, or maliciously incorrect
1997 The use of the information returned by this protocol for other than
1998 auditing is strongly discouraged. Specifically, using Identification
1999 Protocol information to make access control decisions - either as the
2000 primary method (i.e., no other checks) or as an adjunct to other
2001 methods may result in a weakening of normal host security.
2003 An Identification server may reveal information about users,
2004 entities, objects or processes which might normally be considered
2005 private. An Identification server provides service which is a rough
2006 analog of the CallerID services provided by some phone companies and
2007 many of the same privacy considerations and arguments that apply to
2008 the CallerID service apply to Identification. If you wouldn't run a
2009 "finger" server due to privacy considerations you may not want to run
2013 In some cases your system may not work properly with IDENT support
2014 due to a bug in the TCP/IP implementation.
2015 The symptoms will be that for some hosts
2016 the SMTP connection will be closed
2018 If this is true or if you do not want to use IDENT,
2019 you should set the IDENT timeout to zero;
2020 this will disable the IDENT protocol.
2023 The complete list of arguments to
2025 is described in detail in Appendix A.
2026 Some important arguments are described here.
2027 .sh 2 "Queue Interval"
2029 The amount of time between forking a process
2030 to run through the queue is defined by the
2033 If you run with delivery mode set to
2037 this can be relatively large, since it will only be relevant
2038 when a host that was down comes back up.
2041 mode it should be relatively short,
2042 since it defines the maximum amount of time that a message
2043 may sit in the queue.
2044 (See also the MinQueueAge option.)
2046 RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
2047 (although that probably doesn't make sense if you use ``queue-only'' mode).
2049 Notice: the meaning of the interval time depends on whether normal
2050 queue runners or persistent queue runners are used.
2051 For the former, it is the time between subsequent starts of a queue run.
2052 For the latter, it is the time sendmail waits after a persistent queue
2053 runner has finished its work to start the next one.
2054 Hence for persistent queue runners this interval should be very low,
2055 typically no more than two minutes.
2058 If you allow incoming mail over an IPC connection,
2059 you should have a daemon running.
2060 This should be set by your
2069 flag may be combined in one call:
2071 /usr/\*(SD/sendmail \-bd \-q30m
2074 An alternative approach is to invoke sendmail from
2078 flags to ask sendmail to speak SMTP on its standard input and output
2080 This works and allows you to wrap
2082 in a TCP wrapper program,
2083 but may be a bit slower since the configuration file
2084 has to be re-read on every message that comes in.
2085 If you do this, you still need to have a
2087 running to flush the queue:
2089 /usr/\*(SD/sendmail \-q30m
2091 .sh 2 "Forcing the Queue"
2093 In some cases you may find that the queue has gotten clogged for some reason.
2094 You can force a queue run
2097 flag (with no value).
2098 It is entertaining to use the
2101 when this is done to watch what happens:
2103 /usr/\*(SD/sendmail \-q \-v
2106 You can also limit the jobs to those with a particular queue identifier,
2107 recipient, sender, quarantine reason, or queue group
2108 using one of the queue modifiers.
2111 restricts the queue run to jobs that have the string
2113 somewhere in one of the recipient addresses.
2116 limits the run to particular senders,
2118 limits it to particular queue identifiers, and
2120 limits it to particular quarantined reasons and only operated on
2121 quarantined queue items, and
2123 limits it to a particular queue group.
2124 The named queue group will be run even if it is set to have 0 runners.
2125 You may also place an
2135 to indicate that jobs are limited to not including a particular queue
2136 identifier, recipient or sender.
2139 limits the queue run to jobs that do not have the string
2141 somewhere in one of the recipient addresses.
2142 Should you need to terminate the queue jobs currently active then a SIGTERM
2143 to the parent of the process (or processes) will cleanly stop the jobs.
2146 There are a fairly large number of debug flags
2149 Each debug flag has a category and a level.
2150 Higher levels increase the level of debugging activity;
2151 in most cases, this means to print out more information.
2152 The convention is that levels greater than nine are
2155 they print out so much information that you wouldn't normally
2156 want to see them except for debugging that particular piece of code.
2160 run a production sendmail server in debug mode.
2161 Many of the debug flags will result in debug output being sent over the
2162 SMTP channel unless the option
2165 This will confuse many mail programs.
2166 However, for testing purposes, it can be useful
2167 when sending mail manually via
2168 telnet to the port you are using while debugging.
2170 A debug category is either an integer, like 42,
2171 or a name, like ANSI.
2172 You can specify a range of numeric debug categories
2173 using the syntax 17-42.
2174 You can specify a set of named debug categories using
2181 are supported in these glob patterns.
2183 Debug flags are set using the
2188 .ta \w'debug-categories:M 'u
2189 debug-flag: \fB\-d\fP debug-list
2190 debug-list: debug-option [ , debug-option ]*
2191 debug-option: debug-categories [ . debug-level ]
2192 debug-categories: integer | integer \- integer | category-pattern
2193 category-pattern: [a-zA-Z_*?][a-zA-Z0-9_*?]*
2194 debug-level: integer
2196 where spaces are for reading ease only.
2199 \-d12 Set category 12 to level 1
2200 \-d12.3 Set category 12 to level 3
2201 \-d3\-17 Set categories 3 through 17 to level 1
2202 \-d3\-17.4 Set categories 3 through 17 to level 4
2203 \-dANSI Set category ANSI to level 1
2204 \-dsm_trace_*.3 Set all named categories matching sm_trace_* to level 3
2206 For a complete list of the available debug flags
2207 you will have to look at the code
2210 file in the sendmail distribution
2211 (they are too dynamic to keep this document up to date).
2212 For a list of named debug categories in the sendmail binary, use
2214 ident /usr/sbin/sendmail | grep Debug
2216 .sh 2 "Changing the Values of Options"
2218 Options can be overridden using the
2225 /usr/\*(SD/sendmail \-oT2m
2229 (timeout) option to two minutes
2231 the equivalent line using the long option name is
2233 /usr/\*(SD/sendmail -OTimeout.queuereturn=2m
2236 Some options have security implications.
2237 Sendmail allows you to set these,
2238 but relinquishes its set-user-ID or set-group-ID permissions thereafter\**.
2240 \**That is, it sets its effective uid to the real uid;
2241 thus, if you are executing as root,
2242 as from root's crontab file or during system startup
2243 the root permissions will still be honored.
2245 .sh 2 "Trying a Different Configuration File"
2247 An alternative configuration file
2248 can be specified using the
2252 /usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
2254 uses the configuration file
2256 instead of the default
2257 .i /etc/mail/sendmail.cf.
2263 in the current directory.
2266 gives up set-user-ID root permissions
2267 (if it has been installed set-user-ID root)
2268 when you use this flag, so it is common to use a publicly writable directory
2270 as the queue directory (QueueDirectory or Q option) while testing.
2271 .sh 2 "Logging Traffic"
2273 Many SMTP implementations do not fully implement the protocol.
2274 For example, some personal computer based SMTPs
2275 do not understand continuation lines in reply codes.
2276 These can be very hard to trace.
2277 If you suspect such a problem, you can set traffic logging using the
2282 /usr/\*(SD/sendmail \-X /tmp/traffic \-bd
2284 will log all traffic in the file
2287 This logs a lot of data very quickly and should
2290 during normal operations.
2291 After starting up such a daemon,
2292 force the errant implementation to send a message to your host.
2293 All message traffic in and out of
2295 including the incoming SMTP traffic,
2296 will be logged in this file.
2297 .sh 2 "Testing Configuration Files"
2299 When you build a configuration table,
2300 you can do a certain amount of testing
2310 sendmail \-bt \-Ctest.cf
2312 which would read the configuration file
2314 and enter test mode.
2316 you enter lines of the form:
2322 is the rewriting set you want to use
2325 is an address to apply the set to.
2326 Test mode shows you the steps it takes
2328 finally showing you the address it ends up with.
2329 You may use a comma separated list of rwsets
2330 for sequential application of rules to an input.
2333 3,1,21,4 monet:bollard
2335 first applies ruleset three to the input
2337 Ruleset one is then applied to the output of ruleset three,
2338 followed similarly by rulesets twenty-one and four.
2340 If you need more detail,
2341 you can also use the
2343 flag to turn on more debugging.
2346 sendmail \-bt \-d21.99
2348 turns on an incredible amount of information;
2349 a single word address
2350 is probably going to print out several pages worth of information.
2352 You should be warned that internally,
2354 applies ruleset 3 to all addresses.
2356 you will have to do that manually.
2357 For example, older versions allowed you to use
2359 0 bruce@broadcast.sony.com
2361 This version requires that you use:
2363 3,0 bruce@broadcast.sony.com
2367 some other syntaxes are available in test mode:
2372 to have the indicated
2374 This is useful when debugging rules that use the
2384 dumps the contents of the indicated ruleset.
2386 is equivalent to the command-line flag.
2388 Version 8.9 introduced more features:
2391 shows a help message.
2393 display the known mailers.
2395 print the value of macro m.
2397 print the contents of class c.
2399 returns the MX records for `host'.
2401 parse address, returning the value of
2403 and the parsed address.
2404 .ip /try\ mailer\ addr
2405 rewrite address into the form it will have when
2406 presented to the indicated mailer.
2407 .ip /tryflags\ flags
2408 set flags used by parsing. The flags can be `H' for
2409 Header or `E' for Envelope, and `S' for Sender or `R'
2410 for Recipient. These can be combined, `HR' sets
2411 flags for header recipients.
2412 .ip /canon\ hostname
2413 try to canonify hostname.
2414 .ip /map\ mapname\ key
2415 look up `key' in the indicated `mapname'.
2417 quit address test mode.
2419 .sh 2 "Persistent Host Status Information"
2422 .b HostStatusDirectory
2424 information about the status of hosts is maintained on disk
2425 and can thus be shared between different instantiations of
2427 The status of the last connection with each remote host
2428 may be viewed with the command:
2432 This information may be flushed with the command:
2436 Flushing the information prevents new
2438 processes from loading it,
2439 but does not prevent existing processes from using the status information
2440 that they already have.
2443 There are a number of configuration parameters
2444 you may want to change,
2445 depending on the requirements of your site.
2446 Most of these are set
2447 using an option in the configuration file.
2450 .q "O Timeout.queuereturn=5d"
2452 .q Timeout.queuereturn
2457 Most of these options have appropriate defaults for most sites.
2459 sites having very high mail loads may find they need to tune them
2460 as appropriate for their mail load.
2462 sites experiencing a large number of small messages,
2463 many of which are delivered to many recipients,
2464 may find that they need to adjust the parameters
2465 dealing with queue priorities.
2470 had single character option names.
2472 options have long (multi-character names).
2473 Although old short names are still accepted,
2474 most new options do not have short equivalents.
2476 This section only describes the options you are most likely
2484 All time intervals are set
2485 using a scaled syntax.
2488 represents ten minutes, whereas
2490 represents two and a half hours.
2491 The full set of scales is:
2500 .sh 3 "Queue interval"
2504 flag specifies how often a sub-daemon will run the queue.
2505 This is typically set to between fifteen minutes and one hour.
2506 If not set, or set to zero,
2507 the queue will not be run automatically.
2508 RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
2509 Should you need to terminate the queue jobs currently active then a SIGTERM
2510 to the parent of the process (or processes) will cleanly stop the jobs.
2511 .sh 3 "Read timeouts"
2513 Timeouts all have option names
2514 .q Timeout.\fIsuboption\fP .
2515 Most of these control SMTP operations.
2518 their default values, and the minimum values
2519 allowed by RFC 2821 section 4.5.3.2 (or RFC 1123 section 5.3.2) are:
2522 The time to wait for an SMTP connection to open
2527 If zero, uses the kernel default.
2528 In no case can this option extend the timeout
2529 longer than the kernel provides, but it can shorten it.
2530 This is to get around kernels that provide an absurdly long connection timeout
2531 (90 minutes in one case).
2535 except it applies only to the initial attempt to connect to a host
2538 The concept is that this should be very short (a few seconds);
2539 hosts that are well connected and responsive will thus be serviced immediately.
2540 Hosts that are slow will not hold up other deliveries in the initial
2544 The overall timeout waiting for all connection for a single delivery
2546 If 0, no overall limit is applied.
2547 This can be used to restrict the total amount of time trying to connect to
2548 a long list of host that could accept an e-mail for the recipient.
2549 This timeout does not apply to
2551 i.e., if the time is exhausted, the
2555 The wait for the initial 220 greeting message
2558 The wait for a reply from a HELO or EHLO command
2560 This may require a host name lookup, so
2561 five minutes is probably a reasonable minimum.
2563 The wait for a reply from a MAIL command
2566 The wait for a reply from a RCPT command
2569 because it could be pointing at a list
2570 that takes a long time to expand
2573 The wait for a reply from a DATA command
2575 .ip datablock\(dg\(dd
2576 The wait for reading a data block
2577 (that is, the body of the message).
2579 This should be long because it also applies to programs
2582 which have no guarantee of promptness.
2584 The wait for a reply from the dot terminating a message.
2586 If this is shorter than the time actually needed
2587 for the receiver to deliver the message,
2588 duplicates will be generated.
2589 This is discussed in RFC 1047.
2591 The wait for a reply from a RSET command
2594 The wait for a reply from a QUIT command
2597 The wait for a reply from miscellaneous (but short) commands
2598 such as NOOP (no-operation) and VERB (go into verbose mode).
2602 the time to wait for another command.
2605 The timeout waiting for a reply to an IDENT query
2606 [5s\**, unspecified].
2608 \**On some systems the default is zero to turn the protocol off entirely.
2611 The wait for a reply to an LMTP LHLO command
2614 The timeout for a reply in an SMTP AUTH dialogue
2617 The timeout for a reply to an SMTP STARTTLS command and the TLS handshake
2620 The timeout for opening .forward and :include: files [60s, none].
2622 The timeout for a complete control socket transaction to complete [2m, none].
2624 How long status information about a host
2626 will be cached before it is considered stale
2628 .ip resolver.retrans\(dd
2630 retransmission time interval
2634 .i Timeout.resolver.retrans.first
2636 .i Timeout.resolver.retrans.normal .
2637 .ip resolver.retrans.first\(dd
2639 retransmission time interval
2641 for the first attempt to
2644 .ip resolver.retrans.normal\(dd
2646 retransmission time interval
2648 for all resolver lookups
2649 except the first delivery attempt
2651 .ip resolver.retry\(dd
2653 to retransmit a resolver query.
2655 .i Timeout.resolver.retry.first
2657 .i Timeout.resolver.retry.normal
2659 .ip resolver.retry.first\(dd
2661 to retransmit a resolver query
2662 for the first attempt
2663 to deliver a message
2665 .ip resolver.retry.normal\(dd
2667 to retransmit a resolver query
2668 for all resolver lookups
2669 except the first delivery attempt
2672 For compatibility with old configuration files,
2676 all the timeouts marked with
2678 (\(dg) are set to the indicated value.
2679 All but those marked with
2681 (\(dd) apply to client SMTP.
2683 For example, the lines:
2685 O Timeout.command=25m
2686 O Timeout.datablock=3h
2688 sets the server SMTP command timeout to 25 minutes
2689 and the input data block timeout to three hours.
2690 .sh 3 "Message timeouts"
2692 After sitting in the queue for a few days,
2693 an undeliverable message will time out.
2694 This is to insure that at least the sender is aware
2695 of the inability to send a message.
2696 The timeout is typically set to five days.
2697 It is sometimes considered convenient to also send a warning message
2698 if the message is in the queue longer than a few hours
2699 (assuming you normally have good connectivity;
2700 if your messages normally took several hours to send
2701 you wouldn't want to do this because it wouldn't be an unusual event).
2702 These timeouts are set using the
2703 .b Timeout.queuereturn
2705 .b Timeout.queuewarn
2706 options in the configuration file
2707 (previously both were set using the
2711 If the message is submitted using the
2715 warning messages will only be sent if
2718 The queuereturn and queuewarn timeouts
2719 can be further qualified with a tag based on the Precedence: field
2723 (indicating a positive non-zero precedence),
2725 (indicating a zero precedence), or
2727 (indicating negative precedences).
2728 For example, setting
2729 .q Timeout.queuewarn.urgent=1h
2730 sets the warning timeout for urgent messages only
2732 The default if no precedence is indicated
2733 is to set the timeout for all precedences.
2734 If the message has a normal (default) precedence
2735 and it is a delivery status notification (DSN),
2736 .b Timeout.queuereturn.dsn
2738 .b Timeout.queuewarn.dsn
2739 can be used to give an alternative warn and return time
2741 The value "now" can be used for
2742 -O Timeout.queuereturn
2743 to return entries immediately during a queue run,
2744 e.g., to bounce messages independent of their time in the queue.
2746 Since these options are global,
2747 and since you cannot know
2749 how long another host outside your domain will be down,
2750 a five day timeout is recommended.
2751 This allows a recipient to fix the problem even if it occurs
2752 at the beginning of a long weekend.
2753 RFC 1123 section 5.3.1.1 says that this parameter
2754 should be ``at least 4\-5 days''.
2757 .b Timeout.queuewarn
2758 value can be piggybacked on the
2760 option by indicating a time after which
2761 a warning message should be sent;
2762 the two timeouts are separated by a slash.
2763 For example, the line
2767 causes email to fail after five days,
2768 but a warning message will be sent after four hours.
2769 This should be large enough that the message will have been tried
2771 .sh 2 "Forking During Queue Runs"
2779 will fork before each individual message
2780 while running the queue.
2781 This option was used with earlier releases to prevent
2783 from consuming large amounts of memory.
2784 It should no longer be necessary with
2791 will keep track of hosts that are down during a queue run,
2792 which can improve performance dramatically.
2798 cannot use connection caching.
2799 .sh 2 "Queue Priorities"
2801 Every message is assigned a priority when it is first instantiated,
2802 consisting of the message size (in bytes)
2803 offset by the message class
2804 (which is determined from the Precedence: header)
2806 .q "work class factor"
2807 and the number of recipients times the
2808 .q "work recipient factor."
2809 The priority is used to order the queue.
2810 Higher numbers for the priority mean that the message will be processed later
2811 when running the queue.
2813 The message size is included so that large messages are penalized
2814 relative to small messages.
2815 The message class allows users to send
2817 messages by including a
2819 field in their message;
2820 the value of this field is looked up in the
2822 lines of the configuration file.
2823 Since the number of recipients affects the amount of load a message presents
2825 this is also included into the priority.
2827 The recipient and class factors
2828 can be set in the configuration file using the
2836 options respectively.
2837 They default to 30000 (for the recipient factor)
2839 (for the class factor).
2840 The initial priority is:
2842 pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
2844 (Remember, higher values for this parameter actually mean
2845 that the job will be treated with lower priority.)
2847 The priority of a job can also be adjusted each time it is processed
2848 (that is, each time an attempt is made to deliver it)
2850 .q "work time factor,"
2856 This is added to the priority,
2857 so it normally decreases the precedence of the job,
2858 on the grounds that jobs that have failed many times
2859 will tend to fail again in the future.
2862 option defaults to 90000.
2863 .sh 2 "Load Limiting"
2866 can be asked to queue (but not deliver) mail
2867 if the system load average gets too high using the
2872 When the load average exceeds the value of the
2874 option, the delivery mode is set to
2880 option divided by the difference in the current load average and the
2883 is less than the priority of the message \(em
2884 that is, the message is queued iff:
2886 pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
2890 option defaults to 600000,
2891 so each point of load average is worth 600000 priority points
2892 (as described above).
2894 For drastic cases, the
2898 option defines a load average at which
2900 will refuse to accept network connections.
2901 Locally generated mail, i.e., mail which is not submitted via SMTP
2902 (including incoming UUCP mail),
2904 Notice that the MSP submits mail to the MTA via SMTP, and hence
2905 mail will be queued in the client queue in such a case.
2906 Therefore it is necessary to run the client mail queue periodically.
2907 .sh 2 "Resource Limits"
2910 has several parameters to control resource usage.
2911 Besides those mentionted in the previous section, there are at least
2912 .b MaxDaemonChildren ,
2913 .b ConnectionRateThrottle ,
2914 .b MaxQueueChildren ,
2916 .b MaxRunnersPerQueue .
2917 The latter two limit the number of
2919 processes that operate on the queue.
2920 These are discussed in the section
2921 ``Queue Group Declaration''.
2922 The former two can be used to limit the number of incoming connections.
2923 Their appropriate values depend on the host operating system and
2924 the hardware, e.g., amount of memory.
2925 In many situations it might be useful to set limits to prevent
2928 processes, however, these limits can be abused to mount a
2929 denial of service attack.
2931 .b MaxDaemonChildren=10
2932 then an attacker needs to open only 10 SMTP sessions to the server,
2933 leave them idle for most of the time,
2934 and no more connections will be accepted.
2935 If this option is set then the timeouts used in a SMTP session
2936 should be lowered from their default values to
2937 their minimum values as specified in RFC 2821 and listed in
2941 .sh 2 "Measures against Denial of Service Attacks"
2944 has some built-in measures against simple denial of service (DoS) attacks.
2945 The SMTP server by default slows down if too many bad commands are
2946 issued or if some commands are repeated too often within a session.
2947 Details can be found in the source file
2948 .b sendmail/srvrsmtp.c
2949 by looking for the macro definitions of
2951 .b MAXNOOPCOMMANDS ,
2952 .b MAXHELOCOMMANDS ,
2953 .b MAXVRFYCOMMANDS ,
2955 .b MAXETRNCOMMANDS .
2956 If an SMTP command is issued more often than the corresponding
2958 value, then the response is delayed exponentially,
2959 starting with a sleep time of one second,
2960 up to a maximum of four minutes (as defined by
2963 .b MaxDaemonChildren
2964 is set to a value greater than zero,
2965 then this could make a DoS attack even worse since it
2966 keeps a connection open longer than necessary.
2967 Therefore a connection is terminated with a 421 SMTP reply code
2968 if the number of commands exceeds the limit by a factor of two and
2970 is set to a value greater than zero (the default is 25).
2971 .sh 2 "Delivery Mode"
2973 There are a number of delivery modes that
2980 configuration option.
2982 specify how quickly mail will be delivered.
2986 i deliver interactively (synchronously)
2987 b deliver in background (asynchronously)
2988 q queue only (don't deliver)
2989 d defer delivery attempts (don't deliver)
2991 There are tradeoffs.
2994 gives the sender the quickest feedback,
2995 but may slow down some mailers and
2996 is hardly ever necessary.
2999 delivers promptly but
3000 can cause large numbers of processes
3001 if you have a mailer that takes a long time to deliver a message.
3004 minimizes the load on your machine,
3005 but means that delivery may be delayed for up to the queue interval.
3008 is identical to mode
3010 except that it also prevents lookups in maps including the
3012 flag from working during the initial queue phase;
3013 it is intended for ``dial on demand'' sites where DNS lookups
3014 might cost real money.
3015 Some simple error messages
3016 (e.g., host unknown during the SMTP protocol)
3017 will be delayed using this mode.
3020 is the usual default.
3029 (deliver in background)
3031 will not expand aliases and follow .forward files
3032 upon initial receipt of the mail.
3033 This speeds up the response to RCPT commands.
3036 should not be used by the SMTP server.
3039 The level of logging can be set for
3041 The default using a standard configuration table is level 9.
3042 The levels are as follows:
3047 Serious system failures and potential security problems.
3049 Lost communications (network problems) and protocol failures.
3051 Other serious failures, malformed addresses, transient forward/include
3052 errors, connection timeouts.
3054 Minor failures, out of date alias databases, connection rejections
3055 via check_ rulesets.
3057 Message collection statistics.
3059 Creation of error messages,
3060 VRFY and EXPN commands.
3062 Delivery failures (host or user unknown, etc.).
3064 Successful deliveries and alias database rebuilds.
3066 Messages being deferred
3067 (due to a host being down, etc.).
3069 Database expansion (alias, forward, and userdb lookups)
3070 and authentication information.
3072 NIS errors and end of job processing.
3074 Logs all SMTP connections.
3076 Log bad user shells, files with improper permissions, and other
3077 questionable situations.
3079 Logs refused connections.
3081 Log all incoming and outgoing SMTP commands.
3083 Logs attempts to run locked queue files.
3084 These are not errors,
3085 but can be useful to note if your queue appears to be clogged.
3087 Lost locks (only if using lockf instead of flock).
3090 values above 64 are reserved for extremely verbose debugging output.
3091 No normal site would ever set these.
3094 The modes used for files depend on what functionality you want
3095 and the level of security you require.
3098 does careful checking of the modes
3099 of files and directories
3100 to avoid accidental compromise;
3101 if you want to make it possible to have group-writable support files
3102 you may need to use the
3103 .b DontBlameSendmail
3104 option to turn off some of these checks.
3105 .sh 3 "To suid or not to suid?"
3108 is no longer installed
3109 set-user-ID to root.
3111 explains how to configure and install
3113 without set-user-ID to root but set-group-ID
3114 which is the default configuration starting with 8.12.
3116 The daemon usually runs as root, unless other measures are taken.
3122 it checks to see if the userid is zero (root);
3124 it resets the userid and groupid to a default
3127 equate in the mailer line;
3128 if that is not set, the
3131 This can be overridden
3135 for mailers that are trusted
3136 and must be called as root.
3138 this will cause mail processing
3143 rather than to the user sending the mail.
3145 A middle ground is to set the
3150 to become the indicated user as soon as it has done the startup
3151 that requires root privileges
3152 (primarily, opening the
3159 .i /var/spool/mqueue )
3160 should be owned by that user,
3161 and all files and databases
3167 and external databases)
3168 must be readable by that user.
3169 Also, since sendmail will not be able to change its uid,
3170 delivery to programs or files will be marked as unsafe,
3171 e.g., undeliverable,
3175 and :include: files.
3176 Administrators can override this by setting the
3177 .b DontBlameSendmail
3178 option to the setting
3179 .b NonRootSafeAddr .
3181 is probably best suited for firewall configurations
3182 that don't have regular user logins.
3183 If the option is used on a system which performs local delivery,
3184 then the local delivery agent must have the proper permissions
3185 (i.e., usually set-user-ID root)
3186 since it will be invoked by the
3189 .sh 3 "Turning off security checks"
3192 is very particular about the modes of files that it reads or writes.
3193 For example, by default it will refuse to read most files
3194 that are group writable
3195 on the grounds that they might have been tampered with
3196 by someone other than the owner;
3197 it will even refuse to read files in group writable directories.
3198 Also, sendmail will refuse to create a new aliases database in an
3199 unsafe directory. You can get around this by manually creating the
3200 database file as a trusted user ahead of time and then rebuilding the
3201 aliases database with
3206 sure that your configuration is safe and you want
3208 to avoid these security checks,
3209 you can turn off certain checks using the
3210 .b DontBlameSendmail
3212 This option takes one or more names that disable checks.
3213 In the descriptions that follow,
3214 .q "unsafe directory"
3215 means a directory that is writable by anyone other than the owner.
3219 No special handling.
3223 system call is restricted to root.
3224 Since some versions of UNIX permit regular users
3225 to give away their files to other users on some filesystems,
3227 often cannot assume that a given file was created by the owner,
3228 particularly when it is in a writable directory.
3229 You can set this flag if you know that file giveaway is restricted
3231 .ip ClassFileInUnsafeDirPath
3232 When reading class files (using the
3234 line in the configuration file),
3235 allow files that are in unsafe directories.
3236 .ip DontWarnForwardFileInUnsafeDirPath
3238 unsafe directory path warnings
3239 for non-existent forward files.
3240 .ip ErrorHeaderInUnsafeDirPath
3241 Allow the file named in the
3243 option to be in an unsafe directory.
3244 .ip FileDeliveryToHardLink
3245 Allow delivery to files that are hard links.
3246 .ip FileDeliveryToSymLink
3247 Allow delivery to files that are symbolic links.
3248 .ip ForwardFileInGroupWritableDirPath
3251 files in group writable directories.
3252 .ip ForwardFileInUnsafeDirPath
3255 files in unsafe directories.
3256 .ip ForwardFileInUnsafeDirPathSafe
3259 file that is in an unsafe directory to include references
3260 to program and files.
3261 .ip GroupReadableKeyFile
3262 Accept a group-readable key file for STARTTLS.
3263 .ip GroupReadableSASLDBFile
3264 Accept a group-readable Cyrus SASL password file.
3265 .ip GroupReadableDefaultAuthInfoFile
3266 Accept a group-readable DefaultAuthInfo file for SASL.
3267 .ip GroupWritableAliasFile
3268 Allow group-writable alias files.
3269 .ip GroupWritableDirPathSafe
3270 Change the definition of
3271 .q "unsafe directory"
3272 to consider group-writable directories to be safe.
3273 World-writable directories are always unsafe.
3274 .ip GroupWritableForwardFile
3275 Allow group writable
3278 .ip GroupWritableForwardFileSafe
3279 Accept group-writable
3281 files as safe for program and file delivery.
3282 .ip GroupWritableIncludeFile
3286 .ip GroupWritableIncludeFileSafe
3287 Accept group-writable
3289 files as safe for program and file delivery.
3290 .ip GroupWritableSASLDBFile
3291 Accept a group-writable Cyrus SASL password file.
3292 .ip HelpFileInUnsafeDirPath
3293 Allow the file named in the
3295 option to be in an unsafe directory.
3296 .ip IncludeFileInGroupWritableDirPath
3299 files in group writable directories.
3300 .ip IncludeFileInUnsafeDirPath
3303 files in unsafe directories.
3304 .ip IncludeFileInUnsafeDirPathSafe
3307 file that is in an unsafe directory to include references
3308 to program and files.
3309 .ip InsufficientEntropy
3310 Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded
3311 despite the security problems.
3312 .ip LinkedAliasFileInWritableDir
3313 Allow an alias file that is a link in a writable directory.
3314 .ip LinkedClassFileInWritableDir
3315 Allow class files that are links in writable directories.
3316 .ip LinkedForwardFileInWritableDir
3319 files that are links in writable directories.
3320 .ip LinkedIncludeFileInWritableDir
3323 files that are links in writable directories.
3324 .ip LinkedMapInWritableDir
3325 Allow map files that are links in writable directories.
3326 This includes alias database files.
3327 .ip LinkedServiceSwitchFileInWritableDir
3328 Allow the service switch file to be a link
3329 even if the directory is writable.
3330 .ip MapInUnsafeDirPath
3337 in unsafe directories.
3338 This includes alias database files.
3340 Do not mark file and program deliveries as unsafe
3341 if sendmail is not running with root privileges.
3342 .ip RunProgramInUnsafeDirPath
3343 Run programs that are in writable directories without logging a warning.
3344 .ip RunWritableProgram
3345 Run programs that are group- or world-writable without logging a warning.
3347 Allow group or world writable directories
3348 if the sticky bit is set on the directory.
3349 Do not set this on systems which do not honor
3350 the sticky bit on directories.
3351 .ip WorldWritableAliasFile
3352 Accept world-writable alias files.
3353 .ip WorldWritableForwardfile
3354 Allow world writable
3357 .ip WorldWritableIncludefile
3361 .ip WriteMapToHardLink
3362 Allow writes to maps that are hard links.
3363 .ip WriteMapToSymLink
3364 Allow writes to maps that are symbolic links.
3365 .ip WriteStatsToHardLink
3366 Allow the status file to be a hard link.
3367 .ip WriteStatsToSymLink
3368 Allow the status file to be a symbolic link.
3369 .sh 2 "Connection Caching"
3371 When processing the queue,
3373 will try to keep the last few open connections open
3374 to avoid startup and shutdown costs.
3375 This only applies to IPC and LPC connections.
3377 When trying to open a connection
3378 the cache is first searched.
3379 If an open connection is found, it is probed to see if it is still active
3383 It is not an error if this fails;
3384 instead, the connection is closed and reopened.
3386 Two parameters control the connection cache.
3388 .b ConnectionCacheSize
3391 option defines the number of simultaneous open connections
3392 that will be permitted.
3393 If it is set to zero,
3394 connections will be closed as quickly as possible.
3396 This should be set as appropriate for your system size;
3397 it will limit the amount of system resources that
3399 will use during queue runs.
3400 Never set this higher than 4.
3403 .b ConnectionCacheTimeout
3406 option specifies the maximum time that any cached connection
3407 will be permitted to idle.
3408 When the idle time exceeds this value
3409 the connection is closed.
3410 This number should be small
3412 to prevent you from grabbing too many resources
3414 The default is five minutes.
3415 .sh 2 "Name Server Access"
3417 Control of host address lookups is set by the
3419 service entry in your service switch file.
3420 If you are on a system that has built-in service switch support
3421 (e.g., Ultrix, Solaris, or DEC OSF/1)
3422 then your system is probably configured properly already.
3425 will consult the file
3426 .b /etc/mail/service.switch ,
3427 which should be created.
3429 only uses two entries:
3433 although system routines may use other services
3436 service for user name lookups by
3439 However, some systems (such as SunOS 4.X)
3441 regardless of the setting of the service switch entry.
3442 In particular, the system routine
3443 .i gethostbyname (3)
3444 is used to look up host names,
3445 and many vendor versions try some combination of DNS, NIS,
3446 and file lookup in /etc/hosts
3447 without consulting a service switch.
3449 makes no attempt to work around this problem,
3450 and the DNS lookup will be done anyway.
3451 If you do not have a nameserver configured at all,
3452 such as at a UUCP-only site,
3455 .q "connection refused"
3456 message when it tries to connect to the name server.
3459 switch entry has the service
3461 listed somewhere in the list,
3463 will interpret this to mean a temporary failure
3464 and will queue the mail for later processing;
3465 otherwise, it ignores the name server data.
3467 The same technique is used to decide whether to do MX lookups.
3468 If you want MX support, you
3472 listed as a service in the
3480 option allows you to tweak name server options.
3481 The command line takes a series of flags as documented in
3486 Each can be preceded by an optional `+' or `\(mi'.
3487 For example, the line
3489 O ResolverOptions=+AAONLY \(miDNSRCH
3491 turns on the AAONLY (accept authoritative answers only)
3492 and turns off the DNSRCH (search the domain path) options.
3493 Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
3494 flags on and all others off.
3495 If NETINET6 is enabled, most libraries default to USE_INET6 as well.
3496 You can also include
3498 to specify that there is a wildcard MX record matching your domain;
3499 this turns off MX matching when canonifying names,
3500 which can lead to inappropriate canonifications.
3502 .q WorkAroundBrokenAAAA
3503 when faced with a broken nameserver that returns SERVFAIL
3504 (a temporary failure)
3505 on T_AAAA (IPv6) lookups
3506 during hostname canonification.
3507 Notice: it might be necessary to apply the same (or similar) options to
3511 Version level 1 configurations (see the section about
3512 ``Configuration Version Level'')
3513 turn DNSRCH and DEFNAMES off when doing delivery lookups,
3514 but leave them on everywhere else.
3517 ignores them when doing canonification lookups
3518 (that is, when using $[ ... $]),
3519 and always does the search.
3520 If you don't want to do automatic name extension,
3521 don't call $[ ... $].
3523 The search rules for $[ ... $] are somewhat different than usual.
3524 If the name being looked up
3525 has at least one dot, it always tries the unmodified name first.
3526 If that fails, it tries the reduced search path,
3527 and lastly tries the unmodified name
3528 (but only for names without a dot,
3529 since names with a dot have already been tried).
3530 This allows names such as
3532 to match the site in Czechoslovakia
3533 rather than the site in your local Computer Science department.
3534 It also prefers A and CNAME records over MX records \*-
3535 that is, if it finds an MX record it makes note of it,
3537 This way, if you have a wildcard MX record matching your domain,
3538 it will not assume that all names match.
3540 To completely turn off all name server access
3541 on systems without service switch support
3543 you will have to recompile with
3545 and remove \-lresolv from the list of libraries to be searched
3547 .sh 2 "Moving the Per-User Forward Files"
3549 Some sites mount each user's home directory
3550 from a local disk on their workstation,
3551 so that local access is fast.
3552 However, the result is that .forward file lookups
3553 from a central mail server are slow.
3555 mail can even be delivered on machines inappropriately
3556 because of a file server being down.
3557 The performance can be especially bad if you run the automounter.
3563 option allows you to set a path of forward files.
3564 For example, the config file line
3566 O ForwardPath=/var/forward/$u:$z/.forward.$w
3568 would first look for a file with the same name as the user's login
3570 if that is not found (or is inaccessible)
3574 in the user's home directory is searched.
3575 A truly perverse site could also search by sender
3576 by using $r, $s, or $f.
3578 If you create a directory such as /var/forward,
3579 it should be mode 1777
3580 (that is, the sticky bit should be set).
3581 Users should create the files mode 0644.
3582 Note that you must use the
3583 ForwardFileInUnsafeDirPath and
3584 ForwardFileInUnsafeDirPathSafe
3586 .b DontBlameSendmail
3587 option to allow forward files in a world writable directory.
3588 This might also be used as a denial of service attack
3589 (users could create forward files for other users);
3590 a better approach might be to create
3593 and create empty files for each user,
3596 If you do this, you don't have to set the DontBlameSendmail options
3600 On systems that have one of the system calls in the
3607 you can specify a minimum number of free blocks on the queue filesystem
3613 If there are fewer than the indicated number of blocks free
3614 on the filesystem on which the queue is mounted
3615 the SMTP server will reject mail
3618 This invites the SMTP client to try again later.
3620 Beware of setting this option too high;
3621 it can cause rejection of email
3622 when that mail would be processed without difficulty.
3623 .sh 2 "Maximum Message Size"
3625 To avoid overflowing your system with a large message,
3628 option can be set to set an absolute limit
3629 on the size of any one message.
3630 This will be advertised in the ESMTP dialogue
3631 and checked during message collection.
3632 .sh 2 "Privacy Flags"
3638 option allows you to set certain
3641 Actually, many of them don't give you any extra privacy,
3642 rather just insisting that client SMTP servers
3643 use the HELO command
3644 before using certain commands
3645 or adding extra headers to indicate possible spoof attempts.
3647 The option takes a series of flag names;
3648 the final privacy is the inclusive or of those flags.
3651 O PrivacyOptions=needmailhelo, noexpn
3653 insists that the HELO or EHLO command be used before a MAIL command is accepted
3654 and disables the EXPN command.
3656 The flags are detailed in section
3659 .sh 2 "Send to Me Too"
3661 Beginning with version 8.10,
3663 includes by default the (envelope) sender in any list expansions.
3666 sends to a list that contains
3668 as one of the members he will get a copy of the message.
3673 (in the configuration file or via the command line),
3674 this behavior is changed, i.e.,
3675 the (envelope) sender is excluded in list expansions.
3676 .sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
3678 This section describes the configuration file
3681 There is one point that should be made clear immediately:
3682 the syntax of the configuration file
3683 is designed to be reasonably easy to parse,
3684 since this is done every time
3687 rather than easy for a human to read or write.
3688 The configuration file should be generated via the method described in
3690 it should not be edited directly unless someone is familiar
3691 with the internals of the syntax described here and it is
3692 not possible to achieve the desired result via the default method.
3694 The configuration file is organized as a series of lines,
3695 each of which begins with a single character
3696 defining the semantics for the rest of the line.
3697 Lines beginning with a space or a tab
3698 are continuation lines
3699 (although the semantics are not well defined in many places).
3700 Blank lines and lines beginning with a sharp symbol
3703 .sh 2 "R and S \*- Rewriting Rules"
3705 The core of address parsing
3706 are the rewriting rules.
3707 These are an ordered production system.
3709 scans through the set of rewriting rules
3710 looking for a match on the left hand side
3713 When a rule matches,
3714 the address is replaced by the right hand side
3718 There are several sets of rewriting rules.
3719 Some of the rewriting sets are used internally
3720 and must have specific semantics.
3721 Other rewriting sets
3722 do not have specifically assigned semantics,
3723 and may be referenced by the mailer definitions
3724 or by other rewriting sets.
3726 The syntax of these two commands are:
3731 Sets the current ruleset being collected to
3733 If you begin a ruleset more than once
3734 it appends to the old definition.
3742 fields must be separated
3743 by at least one tab character;
3744 there may be embedded spaces
3748 is a pattern that is applied to the input.
3750 the input is rewritten to the
3756 Macro expansions of the form
3759 are performed when the configuration file is read.
3762 can be included using
3764 Expansions of the form
3767 are performed at run time using a somewhat less general algorithm.
3768 This is intended only for referencing internally defined macros
3771 that are changed at runtime.
3772 .sh 3 "The left hand side"
3774 The left hand side of rewriting rules contains a pattern.
3775 Normal words are simply matched directly.
3776 Metasyntax is introduced using a dollar sign.
3777 The metasymbols are:
3779 .ta \w'\fB$=\fP\fIx\fP 'u
3780 \fB$*\fP Match zero or more tokens
3781 \fB$+\fP Match one or more tokens
3782 \fB$\-\fP Match exactly one token
3783 \fB$=\fP\fIx\fP Match any phrase in class \fIx\fP
3784 \fB$~\fP\fIx\fP Match any word not in class \fIx\fP
3786 If any of these match,
3787 they are assigned to the symbol
3790 for replacement on the right hand side,
3793 is the index in the LHS.
3799 is applied to the input:
3803 the rule will match, and the values passed to the RHS will be:
3810 Additionally, the LHS can include
3812 to match zero tokens.
3818 on the RHS, and is normally only used when it stands alone
3819 in order to match the null input.
3820 .sh 3 "The right hand side"
3822 When the left hand side of a rewriting rule matches,
3823 the input is deleted and replaced by the right hand side.
3824 Tokens are copied directly from the RHS
3825 unless they begin with a dollar sign.
3828 .ta \w'$#mailer\0\0\0'u
3829 \fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS
3830 \fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP
3831 \fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP
3832 Generalized keyed mapping function
3833 \fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP
3834 \fB$#\fP\fImailer\fP Resolve to \fImailer\fP
3835 \fB$@\fP\fIhost\fP Specify \fIhost\fP
3836 \fB$:\fP\fIuser\fP Specify \fIuser\fP
3842 syntax substitutes the corresponding value from a
3850 It may be used anywhere.
3852 A host name enclosed between
3856 is looked up in the host database(s)
3857 and replaced by the canonical name\**.
3860 completely equivalent
3861 to $(host \fIhostname\fP$).
3864 default can be used.
3869 .q ftp.CS.Berkeley.EDU
3871 .q $[[128.32.130.2]$]
3873 .q vangogh.CS.Berkeley.EDU.
3875 recognizes its numeric IP address
3876 without calling the name server
3877 and replaces it with its canonical name.
3883 syntax is a more general form of lookup;
3884 it uses a named map instead of an implicit map.
3885 If no lookup is found, the indicated
3888 if no default is specified and no lookup matches,
3889 the value is left unchanged.
3892 are passed to the map for possible use.
3898 causes the remainder of the line to be substituted as usual
3899 and then passed as the argument to ruleset
3901 The final value of ruleset
3904 the substitution for this rule.
3907 syntax expands everything after the ruleset name
3908 to the end of the replacement string
3909 and then passes that as the initial input to the ruleset.
3910 Recursive calls are allowed.
3915 expands $1, passes that to ruleset 3, and then passes the result
3916 of ruleset 3 to ruleset 0.
3922 be used in ruleset zero,
3923 a subroutine of ruleset zero,
3924 or rulesets that return decisions (e.g., check_rcpt).
3925 It causes evaluation of the ruleset to terminate immediately,
3928 that the address has completely resolved.
3929 The complete syntax for ruleset 0 is:
3931 \fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
3934 {mailer, host, user}
3935 3-tuple necessary to direct the mailer.
3936 Note: the third element (
3938 ) is often also called
3941 If the mailer is local
3942 the host part may be omitted\**.
3944 \**You may want to use it for special
3947 For example, in the address
3948 .q jgm+foo@CMU.EDU ;
3951 part is not part of the user name,
3952 and is passed to the local mailer for local use.
3956 must be a single word,
3964 is the built-in IPC mailer,
3967 may be a colon-separated list of hosts
3968 that are searched in order for the first working address
3969 (exactly like MX records).
3972 is later rewritten by the mailer-specific envelope rewriting set
3976 As a special case, if the mailer specified has the
3979 and the first character of the
3985 is stripped off, and a flag is set in the address descriptor
3986 that causes sendmail to not do ruleset 5 processing.
3988 Normally, a rule that matches is retried,
3990 the rule loops until it fails.
3991 A RHS may also be preceded by a
3995 to change this behavior.
3998 prefix causes the ruleset to return with the remainder of the RHS
4002 prefix causes the rule to terminate immediately,
4003 but the ruleset to continue;
4004 this can be used to avoid continued application of a rule.
4005 The prefix is stripped before continuing.
4011 prefixes may precede a
4020 passes that to ruleset seven,
4024 is necessary to avoid an infinite loop.
4026 Substitution occurs in the order described,
4028 parameters from the LHS are substituted,
4029 hostnames are canonicalized,
4038 .sh 3 "Semantics of rewriting rule sets"
4040 There are six rewriting sets
4041 that have specific semantics.
4042 Five of these are related as depicted by figure 1.
4048 -->| 0 |-->resolved address
4051 / ---->| 1 |-->| S |--
4052 +---+ / +---+ / +---+ +---+ \e +---+
4053 addr-->| 3 |-->| D |-- --->| 4 |-->msg
4054 +---+ +---+ \e +---+ +---+ / +---+
4070 box invis "addr"; arrow
4073 BoxD: box "D"; line; L1: Here
4075 C1: arrow; box "1"; arrow; box "S"; line; E1: Here
4076 move to C1 down 0.5; right
4077 C2: arrow; box "2"; arrow; box "R"; line; E2: Here
4078 ] with .w at L1 + (0.5, 0)
4079 move to C.e right 0.5
4080 L4: arrow; box "4"; arrow; box invis "msg"
4081 line from L1 to C.C1
4082 line from L1 to C.C2
4083 line from C.E1 to L4
4084 line from C.E2 to L4
4085 move to BoxD.n up 0.6; right
4086 Box0: arrow; box "0"
4087 arrow; box invis "resolved address" width 1.3
4088 line from 1/3 of the way between A1 and BoxD.w to Box0
4094 Figure 1 \*- Rewriting set semantics
4096 D \*- sender domain addition
4097 S \*- mailer-specific sender rewriting
4098 R \*- mailer-specific recipient rewriting
4104 should turn the address into
4105 .q "canonical form."
4106 This form should have the basic syntax:
4108 local-part@host-domain-spec
4113 before doing anything with any address.
4128 flag is set in the mailer definition
4129 corresponding to the
4134 is applied after ruleset three
4135 to addresses that are going to actually specify recipients.
4136 It must resolve to a
4137 .i "{mailer, host, address}"
4141 must be defined in the mailer definitions
4142 from the configuration file.
4148 for use in the argv expansion of the specified mailer.
4149 Notice: since the envelope sender address will be used if
4150 a delivery status notification must be send,
4151 i.e., is may specify a recipient,
4152 it is also run through ruleset zero.
4153 If ruleset zero returns a temporary error
4155 then delivery is deferred.
4156 This can be used to temporarily disable delivery,
4157 e.g., based on the time of the day or other varying parameters.
4158 It should not be used to quarantine e-mails.
4160 Rulesets one and two
4161 are applied to all sender and recipient addresses respectively.
4162 They are applied before any specification
4163 in the mailer definition.
4164 They must never resolve.
4166 Ruleset four is applied to all addresses
4168 It is typically used
4169 to translate internal to external form.
4172 ruleset 5 is applied to all local addresses
4173 (specifically, those that resolve to a mailer with the `F=5'
4175 that do not have aliases.
4176 This allows a last minute hook for local names.
4177 .sh 3 "Ruleset hooks"
4179 A few extra rulesets are defined as
4181 that can be defined to get special features.
4182 They are all named rulesets.
4185 forms all give accept/reject status;
4186 falling off the end or returning normally is an accept,
4189 is a reject or quarantine.
4190 Quarantining is chosen by specifying
4192 in the second part of the mailer triplet:
4194 $#error $@ quarantine $: Reason for quarantine
4196 Many of these can also resolve to the special mailer name
4198 this accepts the message as though it were successful
4199 but then discards it without delivery.
4201 this mailer cannot be chosen as a mailer in ruleset 0.
4204 rulesets have to deal with temporary failures, especially for map lookups,
4205 themselves, i.e., they should return a temporary error code
4206 or at least they should make a proper decision in those cases.
4211 ruleset is called after a connection is accepted by the daemon.
4212 It is not called when sendmail is started using the
4217 client.host.name $| client.host.address
4221 is a metacharacter separating the two parts.
4222 This ruleset can reject connections from various locations.
4223 Note that it only checks the connecting SMTP client IP address and hostname.
4224 It does not check for third party message relaying.
4227 ruleset discussed below usually does third party message relay checking.
4232 ruleset is passed the user name parameter of the
4235 It can accept or reject the address.
4240 ruleset is passed the user name parameter of the
4243 It can accept or reject the address.
4248 ruleset is called after the
4250 command, its parameter is the number of recipients.
4251 It can accept or reject the command.
4252 .sh 4 "check_compat"
4258 sender-address $| recipient-address
4262 is a metacharacter separating the addresses.
4263 It can accept or reject mail transfer between these two addresses
4270 rulesets are invoked during the SMTP mail receiption stage
4271 (i.e., in the SMTP server),
4273 is invoked during the mail delivery stage.
4280 number-of-headers $| size-of-headers
4284 is a metacharacter separating the numbers.
4285 These numbers can be used for size comparisons with the
4288 The ruleset is triggered after
4289 all of the headers have been read.
4290 It can be used to correlate information gathered
4291 from those headers using the
4294 One possible use is to check for a missing header.
4299 HMessage-Id: $>CheckMessageId
4302 # Record the presence of the header
4303 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
4305 R$* $#error $: 553 Header Error
4309 R$* $: < $&{MessageIdCheck} >
4310 # Clear the macro for the next message
4311 R$* $: $(storage {MessageIdCheck} $) $1
4312 # Has a Message-Id: header
4314 # Allow missing Message-Id: from local mail
4315 R$* $: < $&{client_name} >
4318 # Otherwise, reject the mail
4319 R$* $#error $: 553 Header Error
4321 Keep in mind the Message-Id: header is not a required header and
4322 is not a guaranteed spam indicator.
4323 This ruleset is an example and
4324 should probably not be used in production.
4329 ruleset is called after the end of a message,
4330 its parameter is the message size.
4331 It can accept or reject the message.
4336 ruleset is passed the parameter of the
4339 It can accept or reject the command.
4344 ruleset is passed the user name parameter of the
4347 It can accept or reject the address.
4352 ruleset is passed the user name parameter of the
4355 It can accept or reject the command.
4360 ruleset is passed the AUTH= parameter of the
4363 It is used to determine whether this value should be
4364 trusted. In order to make this decision, the ruleset
4365 may make use of the various
4368 If the ruleset does resolve to the
4370 mailer the AUTH= parameter is not trusted and hence
4371 not passed on to the next relay.
4376 ruleset is called when sendmail acts as server, after a STARTTLS command
4377 has been issued, and from
4379 The parameter is the value of
4381 and STARTTLS or MAIL, respectively.
4382 If the ruleset does resolve to the
4384 mailer, the appropriate error code is returned to the client.
4389 ruleset is called when sendmail acts as client after a STARTTLS command
4390 (should) have been issued.
4391 The parameter is the value of
4393 If the ruleset does resolve to the
4395 mailer, the connection is aborted
4396 (treated as non-deliverable with a permanent or temporary error).
4401 ruleset is called each time before a RCPT TO command is sent.
4402 The parameter is the current recipient.
4403 If the ruleset does resolve to the
4405 mailer, the RCPT TO command is suppressed
4406 (treated as non-deliverable with a permanent or temporary error).
4407 This ruleset allows to require encryption or verification of
4408 the recipient's MTA even if the mail is somehow redirected
4410 For example, sending mail to
4412 may get redirected to a host named
4414 and hence the tls_server ruleset won't apply.
4415 By introducing per recipient restrictions such attacks
4416 (e.g., via DNS spoofing) can be made impossible.
4419 how this ruleset can be used.
4420 .sh 4 "srv_features"
4424 ruleset is called with the connecting client's host name
4425 when a client connects to sendmail.
4426 This ruleset should return
4428 followed by a list of options (single characters
4429 delimited by white space).
4430 If the return value starts with anything else it is silently ignored.
4431 Generally upper case characters turn off a feature
4432 while lower case characters turn it on.
4433 Option `S' causes the server not to offer STARTTLS,
4434 which is useful to interact with MTAs/MUAs that have broken
4435 STARTTLS implementations by simply not offering it.
4436 `V' turns off the request for a client certificate during the TLS handshake.
4437 Options `A' and `P' suppress SMTP AUTH and PIPELINING, respectively.
4438 `c' is the equivalent to AuthOptions=p, i.e.,
4439 it doesn't permit mechanisms susceptible to simple
4440 passive attack (e.g., PLAIN, LOGIN), unless a security layer is active.
4441 Option `l' requires SMTP AUTH for a connection.
4442 Options 'B', 'D', 'E', and 'X' suppress SMTP VERB, DSN, ETRN, and EXPN,
4447 a Offer AUTH (default)
4449 b Offer VERB (default)
4450 C Do not require security layer for
4451 plaintext AUTH (default)
4452 c Require security layer for plaintext AUTH
4454 d Offer DSN (default)
4456 e Offer ETRN (default)
4457 L Do not require AUTH (default)
4459 P Do not offer PIPELINING
4460 p Offer PIPELINING (default)
4461 S Do not offer STARTTLS
4462 s Offer STARTTLS (default)
4463 V Do not request a client certificate
4464 v Request a client certificate (default)
4466 x Offer EXPN (default)
4468 Note: the entries marked as ``(default)'' may require that some
4469 configuration has been made, e.g., SMTP AUTH is only available if
4470 properly configured.
4471 Moreover, many options can be changed on a global basis via other
4472 settings as explained in this document, e.g., via DaemonPortOptions.
4474 The ruleset may return `$#temp' to indicate that there is a temporary
4475 problem determining the correct features, e.g., if a map is unavailable.
4476 In that case, the SMTP server issues a temporary failure and does not
4482 ruleset is called when sendmail connects to another MTA.
4483 If the ruleset does resolve to the
4485 mailer, sendmail does not try STARTTLS even if it is offered.
4486 This is useful to deal with STARTTLS interoperability issues
4487 by simply not using it.
4488 .sh 4 "tls_srv_features and tls_clt_features"
4492 ruleset is called when sendmail connects to another MTA
4495 ruleset is called when a client connects to
4497 The arguments for the rulesets are the host name and IP address
4498 of the other side separated by
4500 (which is a metacharacter).
4501 They should return a list of
4503 pairs separated by semicolons;
4504 the list can be empty if no options should be applied to the connection.
4505 Available keys are and their allowed values are:
4508 A comma separated list of SSL related options.
4513 for details, as well as
4514 .i SSL_set_options (3)
4515 and note this warning:
4516 Options already set before are not cleared!
4518 Specify cipher list for STARTTLS,
4521 for possible values.
4522 This overrides the global
4526 File containing a certificate.
4528 File containing the private key for the certificate.
4535 R$* $| 10.$+ $: cipherlist=HIGH
4540 Errors in these features (e.g., unknown keys or invalid values)
4542 and the current session is aborted to avoid using STARTTLS
4543 with features that should have been changed.
4545 The keys are case-insensitive.
4551 must be specified together;
4552 specifying only one is an error.
4554 These rulesets require the sendmail binary to be built with _FFR_TLS_SE_OPTS
4555 enabled (see the "For Future Release" section).
4560 ruleset is called when sendmail tries to authenticate to another MTA.
4563 followed by a list of tokens that are used for SMTP AUTH.
4564 If the return value starts with anything else it is silently ignored.
4565 Each token is a tagged string of the form:
4567 (including the quotes), where
4570 T Tag which describes the item
4571 D Delimiter: ':' simple text follows
4572 '=' string is base64 encoded
4573 string Value of the item
4575 Valid values for the tag are:
4578 U user (authorization) id
4582 M list of mechanisms delimited by spaces
4584 If this ruleset is defined, the option
4586 is ignored (even if the ruleset does not return a ``useful'' result).
4591 ruleset is used to map a recipient address to a queue group name.
4592 The input for the ruleset is a recipient address as specified by the
4595 The ruleset should return
4597 followed by the name of a queue group.
4598 If the return value starts with anything else it is silently ignored.
4599 See the section about ``Queue Groups and Queue Directories''
4600 for further information.
4605 ruleset is used to specify the amount of time to pause before sending the
4606 initial SMTP 220 greeting.
4607 If any traffic is received during that pause, an SMTP 554 rejection
4608 response is given instead of the 220 greeting and all SMTP commands are
4609 rejected during that connection.
4610 This helps protect sites from open proxies and SMTP slammers.
4611 The ruleset should return
4613 followed by the number of milliseconds (thousandths of a second) to
4615 If the return value starts with anything else or is not a number,
4616 it is silently ignored.
4617 Note: this ruleset is not invoked (and hence the feature is disabled)
4618 when the smtps (SMTP over SSL) is used, i.e.,
4621 modifier is set for the daemon via
4622 .b DaemonPortOptions ,
4623 because in this case the SSL handshake is performed before
4624 the greeting is sent.
4627 Some special processing occurs
4628 if the ruleset zero resolves to an IPC mailer
4629 (that is, a mailer that has
4631 listed as the Path in the
4634 The host name passed after
4636 has MX expansion performed if not delivering via a named socket;
4637 this looks the name up in DNS to find alternate delivery sites.
4639 The host name can also be provided as a dotted quad
4640 or an IPv6 address in square brackets;
4647 [IPv6:2002:c0a8:51d2::23f4]
4649 This causes direct conversion of the numeric value
4650 to an IP host address.
4652 The host name passed in after the
4654 may also be a colon-separated list of hosts.
4655 Each is separately MX expanded and the results are concatenated
4656 to make (essentially) one long MX list.
4657 The intent here is to create
4659 MX records that are not published in DNS
4660 for private internal networks.
4662 As a final special case, the host name can be passed in
4666 [ucbvax.berkeley.edu]
4668 This form avoids the MX mapping.
4671 This is intended only for situations where you have a network firewall
4672 or other host that will do special processing for all your mail,
4673 so that your MX record points to a gateway machine;
4674 this machine could then do direct delivery to machines
4675 within your local domain.
4676 Use of this feature directly violates RFC 1123 section 5.3.5:
4677 it should not be used lightly.
4679 .sh 2 "D \*- Define Macro"
4681 Macros are named with a single character
4682 or with a word in {braces}.
4683 The names ``x'' and ``{x}'' denote the same macro
4684 for every single character ``x''.
4685 Single character names may be selected from the entire ASCII set,
4686 but user-defined macros
4687 should be selected from the set of upper case letters only.
4690 are used internally.
4691 Long names beginning with a lower case letter or a punctuation character
4692 are reserved for use by sendmail,
4693 so user-defined long macro names should begin with an upper case letter.
4695 The syntax for macro definitions is:
4702 is the name of the macro
4703 (which may be a single character
4704 or a word in braces)
4707 is the value it should have.
4708 There should be no spaces given
4709 that do not actually belong in the macro value.
4711 Macros are interpolated
4717 is the name of the macro to be interpolated.
4718 This interpolation is done when the configuration file is read,
4722 The special construct
4727 lines to get deferred interpolation.
4729 Conditionals can be specified using the syntax:
4731 $?x text1 $| text2 $.
4737 is set and non-null,
4745 clause may be omitted.
4747 The following macros are defined and/or used internally by
4749 for interpolation into argv's for mailers
4750 or for other contexts.
4751 The ones marked \(dg are information passed into sendmail\**,
4753 \**As of version 8.6,
4754 all of these macros have reasonable defaults.
4755 Previous versions required that they be defined.
4757 the ones marked \(dd are information passed both in and out of sendmail,
4758 and the unmarked macros are passed out of sendmail
4759 but are not otherwise used internally.
4763 The origination date in RFC 822 format.
4764 This is extracted from the Date: line.
4766 The current date in RFC 822 format.
4769 This is a count of the number of Received: lines
4770 plus the value of the
4774 The current date in UNIX (ctime) format.
4776 (Obsolete; use SmtpGreetingMessage option instead.)
4777 The SMTP entry message.
4778 This is printed out when SMTP starts up.
4779 The first word must be the
4781 macro as specified by RFC 821.
4783 .q "$j Sendmail $v ready at $b" .
4784 Commonly redefined to include the configuration version number, e.g.,
4785 .q "$j Sendmail $v/$Z ready at $b"
4787 The envelope sender (from) address.
4789 The sender address relative to the recipient.
4797 .q foo@host.domain ,
4798 or whatever is appropriate for the receiving mailer.
4801 This is set in ruleset 0 from the $@ field of a parsed address.
4807 The \*(lqofficial\*(rq domain name for this site.
4808 This is fully qualified if the full qualification can be found.
4811 be redefined to be the fully qualified domain name
4812 if your system is not configured so that information can find
4815 The UUCP node name (from the uname system call).
4817 (Obsolete; use UnixFromLine option instead.)
4818 The format of the UNIX from line.
4819 Unless you have changed the UNIX mailbox format,
4820 you should not change the default,
4824 The domain part of the \fIgethostname\fP return value.
4825 Under normal circumstances,
4830 The name of the daemon (for error messages).
4834 (Obsolete: use OperatorChars option instead.)
4835 The set of \*(lqoperators\*(rq in addresses.
4836 A list of characters
4837 which will be considered tokens
4838 and which will separate tokens
4844 macro, then the input
4846 would be scanned as three tokens:
4853 which is the minimum set necessary to do RFC 822 parsing;
4854 a richer set of operators is
4856 which adds support for UUCP, the %-hack, and X.400 addresses.
4858 Sendmail's process id.
4860 Default format of sender address.
4863 macro specifies how an address should appear in a message
4864 when it is defaulted.
4867 It is commonly redefined to be
4868 .q "$?x$x <$g>$|$g$."
4871 corresponding to the following two formats:
4873 Eric Allman <eric@CS.Berkeley.EDU>
4874 eric@CS.Berkeley.EDU (Eric Allman)
4877 properly quotes names that have special characters
4878 if the first form is used.
4880 Protocol used to receive the message.
4883 command line flag or by the SMTP server code.
4888 command line flag or by the SMTP server code
4889 (in which case it is set to the EHLO/HELO parameter).
4891 A numeric representation of the current time in the format YYYYMMDDHHmm
4892 (4 digit year 1900-9999, 2 digit month 01-12, 2 digit day 01-31,
4893 2 digit hours 00-23, 2 digit minutes 00-59).
4897 The version number of the
4901 The hostname of this site.
4902 This is the root name of this host (but see below for caveats).
4904 The full name of the sender.
4906 The home directory of the recipient.
4908 The validated sender address.
4910 .b ${client_resolve} .
4912 The type of the address which is currently being rewritten.
4913 This macro contains up to three characters, the first
4914 is either `e' or `h' for envelope/header address,
4915 the second is a space,
4916 and the third is either `s' or `r' for sender/recipient address.
4918 The maximum keylength (in bits) of the symmetric encryption algorithm
4919 used for a TLS connection.
4920 This may be less than the effective keylength,
4923 for ``export controlled'' algorithms.
4925 The client's authentication credentials as determined by authentication
4926 (only set if successful).
4927 The format depends on the mechanism used, it might be just `user',
4928 or `user@realm', or something similar (SMTP AUTH only).
4930 The authorization identity, i.e. the AUTH= parameter of the
4932 command if supplied.
4934 The mechanism used for SMTP authentication
4935 (only set if successful).
4937 The keylength (in bits) of the symmetric encryption algorithm
4938 used for the security layer of a SASL mechanism.
4940 The message body type
4942 as determined from the envelope.
4944 The fingerprint of the presented certificate (STARTTLS only).
4945 Note: this macro is only defined if the option
4946 .b CertFingerprintAlgorithm
4948 in which case the specified fingerprint algorithm is used.
4949 The valid algorithms depend on the OpenSSL version,
4950 but usually md5, sha1, and sha256 are available.
4957 The DN (distinguished name) of the CA (certificate authority)
4958 that signed the presented certificate (the cert issuer)
4961 The MD5 hash of the presented certificate (STARTTLS only).
4962 Note: this macro is only defined if the option
4963 .b CertFingerprintAlgorithm
4966 The DN of the presented certificate (called the cert subject)
4969 The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
4970 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA
4973 The effective keylength (in bits) of the symmetric encryption algorithm
4974 used for a TLS connection.
4976 The IP address of the SMTP client.
4977 IPv6 addresses are tagged with "IPv6:" before the address.
4978 Defined in the SMTP server only.
4979 .ip ${client_connections}
4980 The number of open connections in the SMTP server for the client IP address.
4982 The flags specified by the
4984 .b ClientPortOptions
4985 where flags are separated from each other by spaces
4986 and upper case flags are doubled.
4989 will be represented as
4991 .b ${client_flags} ,
4992 which is required for testing the flags in rulesets.
4994 The host name of the SMTP client.
4995 This may be the client's bracketed IP address
4996 in the form [ nnn.nnn.nnn.nnn ] for IPv4
4997 and [ IPv6:nnnn:...:nnnn ] for IPv6
4999 IP address is not resolvable, or if it is resolvable
5000 but the IP address of the resolved hostname
5001 doesn't match the original IP address.
5002 Defined in the SMTP server only.
5004 .b ${client_resolve} .
5006 The port number of the SMTP client.
5007 Defined in the SMTP server only.
5009 The result of the PTR lookup for the client IP address.
5010 Note: this is the same as
5013 .b ${client_resolve}
5015 Defined in the SMTP server only.
5017 The number of incoming connections for the client IP address
5018 over the time interval specified by ConnectionRateWindowSize.
5019 .ip ${client_resolve}
5020 Holds the result of the resolve call for
5022 Possible values are:
5025 OK resolved successfully
5026 FAIL permanent lookup failure
5027 FORGED forward lookup doesn't match reverse lookup
5028 TEMP temporary lookup failure
5030 Defined in the SMTP server only.
5032 performs a hostname lookup on the IP address of the connecting client.
5033 Next the IP addresses of that hostname are looked up.
5034 If the client IP address does not appear in that list,
5035 then the hostname is maybe forged.
5036 This is reflected as the value FORGED for
5037 .b ${client_resolve}
5038 and it also shows up in
5040 as "(may be forged)".
5042 The CN (common name) of the CA that signed the presented certificate
5044 Note: if the CN cannot be extracted properly it will be replaced by
5045 one of these strings based on the encountered error:
5048 BadCertificateContainsNUL CN contains a NUL character
5049 BadCertificateTooLong CN is too long
5050 BadCertificateUnknown CN could not be extracted
5052 In the last case, some other (unspecific) error occurred.
5054 The CN (common name) of the presented certificate
5058 for possible replacements.
5060 Header value as quoted string
5061 (possibly truncated to
5063 This macro is only available in header check rulesets.
5065 The IP address the daemon is listening on for connections.
5066 .ip ${daemon_family}
5068 if the daemon is accepting network connections.
5069 Possible values include
5076 The flags for the daemon as specified by the
5078 .b DaemonPortOptions
5079 whereby the flags are separated from each other by spaces,
5080 and upper case flags are doubled.
5083 will be represented as
5085 .b ${daemon_flags} ,
5086 which is required for testing the flags in rulesets.
5088 Some information about a daemon as a text string.
5090 .q SMTP+queueing@00:30:00 .
5092 The name of the daemon from
5093 .b DaemonPortOptions
5095 If this suboption is not set,
5097 where # is the daemon number,
5100 The port the daemon is accepting connection on.
5102 .b DaemonPortOptions
5103 is set, this will most likely be
5106 The current delivery mode sendmail is using.
5107 It is initially set to the value of the
5111 The envelope id parameter (ENVID=) passed to sendmail as part of the envelope.
5113 The length of the header value which is stored in
5114 ${currHeader} (before possible truncation).
5115 If this value is greater than or equal to
5117 the header has been truncated.
5119 The name of the header field for which the current header
5120 check ruleset has been called.
5121 This is useful for a default header check ruleset to get
5122 the name of the header;
5123 the macro is only available in header check rulesets.
5125 The IP address of the interface of an incoming connection
5126 unless it is in the loopback net.
5127 IPv6 addresses are tagged with "IPv6:" before the address.
5129 The IP address of the interface of an outgoing connection
5130 unless it is in the loopback net.
5131 IPv6 addresses are tagged with "IPv6:" before the address.
5133 The IP family of the interface of an incoming connection
5134 unless it is in the loopback net.
5135 .ip ${if_family_out}
5136 The IP family of the interface of an outgoing connection
5137 unless it is in the loopback net.
5139 The hostname associated with the interface of an incoming connection.
5140 This macro can be used for
5141 SmtpGreetingMessage and HReceived for virtual hosting.
5144 O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA
5147 The name of the interface of an outgoing connection.
5149 The current load average.
5151 The address part of the resolved triple of the address given for the
5154 Defined in the SMTP server only.
5156 The host from the resolved triple of the address given for the
5159 Defined in the SMTP server only.
5161 The mailer from the resolved triple of the address given for the
5164 Defined in the SMTP server only.
5166 The value of the Message-Id: header.
5168 The value of the SIZE= parameter,
5169 i.e., usually the size of the message (in an ESMTP dialogue),
5170 before the message has been collected, thereafter
5171 the message size as computed by
5173 (and can be used in check_compat).
5175 The number of bad recipients for a single message.
5177 The number of validated recipients for a single message.
5178 Note: since recipient validation happens after
5180 has been called, the value in this ruleset
5181 is one less than what might be expected.
5183 The number of delivery attempts.
5185 The current operation mode (from the
5189 The quarantine reason for the envelope,
5190 if it is quarantined.
5191 .ip ${queue_interval}
5192 The queue run interval given by the
5198 .b ${queue_interval}
5202 The address part of the resolved triple of the address given for the
5205 Defined in the SMTP server only after a RCPT command.
5207 The host from the resolved triple of the address given for the
5210 Defined in the SMTP server only after a RCPT command.
5212 The mailer from the resolved triple of the address given for the
5215 Defined in the SMTP server only after a RCPT command.
5217 The address of the server of the current outgoing SMTP connection.
5218 For LMTP delivery the macro is set to the name of the mailer.
5220 The name of the server of the current outgoing SMTP or LMTP connection.
5224 function, i.e., the number of seconds since 0 hours, 0 minutes,
5225 0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
5227 The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2;
5228 defined after STARTTLS has been used.
5230 The total number of incoming connections over the time interval specified
5231 by ConnectionRateWindowSize.
5233 The result of the verification of the presented cert;
5234 only defined after STARTTLS has been used (or attempted).
5235 Possible values are:
5238 OK verification succeeded.
5239 NO no cert presented.
5240 NOT no cert requested.
5241 FAIL cert presented but could not be verified,
5242 e.g., the signing CA is missing.
5243 NONE STARTTLS has not been performed.
5244 TEMP temporary error occurred.
5245 PROTOCOL some protocol error occurred
5246 at the ESMTP level (not TLS).
5247 SOFTWARE STARTTLS handshake failed,
5248 which is a fatal error for this session,
5249 the e-mail will be queued.
5252 There are three types of dates that can be used.
5257 macros are in RFC 822 format;
5259 is the time as extracted from the
5265 is the current date and time
5266 (used for postmarks).
5269 line is found in the incoming message,
5271 is set to the current time also.
5274 macro is equivalent to the
5285 are set to the identity of this host.
5287 tries to find the fully qualified name of the host
5289 it does this by calling
5291 to get the current hostname
5292 and then passing that to
5293 .i gethostbyname (3)
5294 which is supposed to return the canonical version of that host name.\**
5296 \**For example, on some systems
5300 which would be mapped to
5305 Assuming this is successful,
5307 is set to the fully qualified name
5310 is set to the domain part of the name
5311 (everything after the first dot).
5314 macro is set to the first word
5315 (everything before the first dot)
5316 if you have a level 5 or higher configuration file;
5317 otherwise, it is set to the same value as
5319 If the canonification is not successful,
5320 it is imperative that the config file set
5322 to the fully qualified domain name\**.
5324 \**Older versions of sendmail didn't pre-define
5326 at all, so up until 8.6,
5335 macro is the id of the sender
5336 as originally determined;
5337 when mailing to a specific host
5340 macro is set to the address of the sender
5342 relative to the recipient.
5345 .q bollard@matisse.CS.Berkeley.EDU
5347 .q vangogh.CS.Berkeley.EDU
5355 .q eric@vangogh.CS.Berkeley.EDU.
5359 macro is set to the full name of the sender.
5360 This can be determined in several ways.
5361 It can be passed as flag to
5363 It can be defined in the
5365 environment variable.
5366 The third choice is the value of the
5368 line in the header if it exists,
5369 and the fourth choice is the comment field
5373 If all of these fail,
5374 and if the message is being originated locally,
5375 the full name is looked up in the
5385 macros get set to the host, user, and home directory
5388 The first two are set from the
5392 part of the rewriting rules, respectively.
5398 macros are used to create unique strings
5404 macro is set to the queue id on this host;
5405 if put into the timestamp line
5406 it can be extremely useful for tracking messages.
5409 macro is set to be the version number of
5411 this is normally put in timestamps
5412 and has been proven extremely useful for debugging.
5418 i.e., the number of times this message has been processed.
5419 This can be determined
5422 flag on the command line
5423 or by counting the timestamps in the message.
5429 fields are set to the protocol used to communicate with
5431 and the sending hostname.
5432 They can be set together using the
5434 command line flag or separately using the
5442 is set to a validated sender host name.
5443 If the sender is running an RFC 1413 compliant IDENT server
5444 and the receiver has the IDENT protocol turned on,
5445 it will include the user name on that host.
5453 are set to the name, address, and port number of the SMTP client
5457 These can be used in the
5461 deferred evaluation form, of course!).
5462 .sh 2 "C and F \*- Define Classes"
5464 Classes of phrases may be defined
5465 to match on the left hand side of rewriting rules,
5468 is a sequence of characters that does not contain space characters.
5470 a class of all local names for this site
5472 so that attempts to send to oneself
5474 These can either be defined directly in the configuration file
5475 or read in from another file.
5476 Classes are named as a single letter or a word in {braces}.
5477 Class names beginning with lower case letters
5478 and special characters are reserved for system use.
5479 Classes defined in config files may be given names
5480 from the set of upper case letters for short names
5481 or beginning with an upper case letter for long names.
5496 .i c\|[mapkey]@mapclass:mapspec
5498 The first form defines the class
5500 to match any of the named words.
5508 the contents of class
5512 It is permissible to split them among multiple lines;
5513 for example, the two forms:
5524 read the elements of the class
5530 .i "map specification" .
5531 Each element should be listed on a separate line.
5532 To specify an optional file, use ``\-o'' between the class
5533 name and the file name, e.g.,
5535 Fc \-o /path/to/file
5537 If the file can't be used,
5539 will not complain but silently ignore it.
5540 The map form should be an optional map key, an at sign,
5541 and a map class followed by the specification for that map.
5544 F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=*)) \-v host
5545 F{MyClass}foo@hash:/etc/mail/classes
5549 from an LDAP map lookup and
5551 from a hash database map lookup of the
5553 There is also a built-in schema that can be accessed by only specifying:
5558 This will tell sendmail to use the default schema:
5560 \-k (&(objectClass=sendmailMTAClass)
5561 (sendmailMTAClassName=\c
5563 (|(sendmailMTACluster=${sendmailMTACluster})
5564 (sendmailMTAHost=$j)))
5565 \-v sendmailMTAClassValue
5567 Note that the lookup is only done when sendmail is initially started.
5569 Elements of classes can be accessed in rules using
5575 (match entries not in class)
5576 only matches a single word;
5577 multi-word entries in the class are ignored in this context.
5579 Some classes have internal meaning to
5583 .\"A set of Content-Types that will not have the newline character
5584 .\"translated to CR-LF before encoding into base64 MIME.
5585 .\"The class can have major times
5590 .\".q application/octet-stream ).
5591 .\"The class is initialized with
5592 .\".q application/octet-stream ,
5598 contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
5599 It is predefined to contain
5605 set to be the same as
5607 that is, the UUCP node name.
5609 set to the set of domains by which this host is known,
5613 can be set to the set of MIME body types
5614 that can never be eight to seven bit encoded.
5616 .q multipart/signed .
5621 are never encoded directly.
5622 Multipart messages are always handled recursively.
5623 The handling of message/* messages
5624 are controlled by class
5627 A set of Content-Types that will never be encoded as base64
5628 (if they have to be encoded, they will be encoded as quoted-printable).
5629 It can have primary types
5636 contains the set of subtypes of message that can be treated recursively.
5637 By default it contains only
5641 types cannot be 8\(->7 bit encoded.
5642 If a message containing eight bit data is sent to a seven bit host,
5643 and that message cannot be encoded into seven bits,
5644 it will be stripped to 7 bits.
5646 set to the set of trusted users by the
5649 If you want to read trusted users from a file, use
5653 set to be the set of all names
5654 this host is known by.
5655 This can be used to match local hostnames.
5656 .ip $={persistentMacros}
5657 set to the macros that should be saved across queue runs.
5658 Care should be taken when adding macro names to this class.
5661 can be compiled to allow a
5666 This lets you do simplistic parsing of text files.
5667 For example, to read all the user names in your system
5669 file into a class, use
5673 which reads every line up to the first colon.
5674 .sh 2 "M \*- Define Mailer"
5676 Programs and interfaces to mailers
5677 are defined in this line.
5688 is the name of the mailer
5689 (used internally only)
5692 pairs define attributes of the mailer.
5696 Path The pathname of the mailer
5697 Flags Special flags for this mailer
5698 Sender Rewriting set(s) for sender addresses
5699 Recipient Rewriting set(s) for recipient addresses
5700 recipients Maximum number of recipients per connection
5701 Argv An argument vector to pass to this mailer
5702 Eol The end-of-line string for this mailer
5703 Maxsize The maximum message length to this mailer
5704 maxmessages The maximum message deliveries per connection
5705 Linelimit The maximum line length in the message body
5706 Directory The working directory for the mailer
5707 Userid The default user and group id to run as
5708 Nice The nice(2) increment for the mailer
5709 Charset The default character set for 8-bit characters
5710 Type Type information for DSN diagnostics
5711 Wait The maximum time to wait for the mailer
5712 Queuegroup The default queue group for the mailer
5713 / The root directory for the mailer
5715 Only the first character of the field name is checked
5716 (it's case-sensitive).
5718 The following flags may be set in the mailer description.
5719 Any other flags may be used freely
5720 to conditionally assign headers to messages
5721 destined for particular mailers.
5722 Flags marked with \(dg
5723 are not interpreted by the
5726 these are the conventionally used to correlate to the flags portion
5730 Flags marked with \(dd
5731 apply to the mailers for the sender address
5732 rather than the usual recipient mailers.
5735 Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870).
5736 This flag defaults on if the SMTP greeting message includes the word
5739 Look up the user (address) part of the resolved mailer triple,
5740 in the alias database.
5741 Normally this is only set for local mailers.
5743 Force a blank line on the end of a message.
5744 This is intended to work around some stupid versions of
5746 that require a blank line, but do not provide it themselves.
5747 It would not normally be used on network mail.
5749 Strip leading backslashes (\e) off of the address;
5750 this is a subset of the functionality of the
5754 Do not include comments in addresses.
5755 This should only be used if you have to work around
5756 a remote mailer that gets confused by comments.
5757 This strips addresses of the form
5758 .q "Phrase <address>"
5760 .q "address (Comment)"
5766 from a mailer with this flag set,
5767 any addresses in the header that do not have an at sign
5770 after being rewritten by ruleset three
5773 clause from the sender envelope address
5775 This allows mail with headers of the form:
5778 To: userb@hostb, userc
5783 To: userb@hostb, userc@hosta
5786 However, it doesn't really work reliably.
5788 Do not include angle brackets around route-address syntax addresses.
5789 This is useful on mailers that are going to pass addresses to a shell
5790 that might interpret angle brackets as I/O redirection.
5791 However, it does not protect against other shell metacharacters.
5792 Therefore, passing addresses to a shell should not be considered secure.
5798 This mailer is expensive to connect to,
5799 so try to avoid connecting normally;
5800 any necessary connection will occur during a queue run.
5804 Escape lines beginning with
5806 in the message with a `>' sign.
5812 but only if this is a network forward operation
5814 the mailer will give an error
5815 if the executing user
5816 does not have special permissions).
5824 sends internally generated email (e.g., error messages)
5825 using the null return address
5826 as required by RFC 1123.
5827 However, some mailers don't accept a null return address.
5833 from obeying the standards;
5834 error messages will be sent as from the MAILER-DAEMON
5835 (actually, the value of the
5839 Upper case should be preserved in host names
5840 (the $@ portion of the mailer triplet resolved from ruleset 0)
5843 Do User Database rewriting on envelope sender address.
5845 This flag is deprecated
5846 and will be removed from a future version.
5847 This mailer will be speaking SMTP
5851 as such it can use special protocol features.
5852 This flag should not be used except for debugging purposes
5857 Do User Database rewriting on recipients as well as senders.
5861 connects to a host via SMTP,
5862 it checks to make sure that this isn't accidently the same host name
5865 is misconfigured or if a long-haul network interface is set in loopback mode.
5866 This flag disables the loopback check.
5867 It should only be used under very unusual circumstances.
5869 Currently unimplemented.
5870 Reserved for chunking.
5872 This mailer is local
5874 final delivery will be performed).
5876 Limit the line lengths as specified in RFC 821.
5877 This deprecated option should be replaced by the
5880 For historic reasons, the
5886 This mailer can send to multiple users
5893 part of the mailer definition,
5894 that field will be repeated as necessary
5895 for all qualifying users.
5896 Removing this flag can defeat duplicate supression on a remote site
5897 as each recipient is sent in a separate transaction.
5903 Do not insert a UNIX-style
5905 line on the front of the message.
5907 Always run as the owner of the recipient mailbox.
5910 runs as the sender for locally generated mail
5913 (actually, the user specified in the
5916 when delivering network mail.
5917 The normal behavior is required by most local mailers,
5918 which will not allow the envelope sender address
5919 to be set unless the mailer is running as daemon.
5920 This flag is ignored if the
5924 Use the route-addr style reverse-path in the SMTP
5927 rather than just the return address;
5928 although this is required in RFC 821 section 3.1,
5929 many hosts do not process reverse-paths properly.
5930 Reverse-paths are officially discouraged by RFC 1123.
5936 When an address that resolves to this mailer is verified
5937 (SMTP VRFY command),
5938 generate 250 responses instead of 252 responses.
5939 This will imply that the address is local.
5947 Open SMTP connections from a
5952 except on UNIX machines,
5953 so it is unclear that this adds anything.
5955 must be running as root to be able to use this flag.
5957 Strip quote characters (" and \e) off of the address
5958 before calling the mailer.
5960 Don't reset the userid
5961 before calling the mailer.
5962 This would be used in a secure environment
5966 This could be used to avoid forged addresses.
5969 field is also specified,
5970 this flag causes the effective user id to be set to that user.
5972 Upper case should be preserved in user names for this mailer. Standards
5973 require preservation of case in the local part of addresses, except for
5974 those address for which your system accepts responsibility.
5975 RFC 2142 provides a long list of addresses which should be case
5977 If you use this flag, you may be violating RFC 2142.
5978 Note that postmaster is always treated as a case insensitive address
5979 regardless of this flag.
5981 This mailer wants UUCP-style
5984 .q "remote from <host>"
5987 The user must have a valid account on this machine,
5991 If not, the mail is bounced.
5995 This is required to get
5999 Ignore long term host status information (see Section
6000 "Persistent Host Status Information").
6006 This mailer wants to use the hidden dot algorithm as specified in RFC 821;
6007 basically, any line beginning with a dot will have an extra dot prepended
6008 (to be stripped at the other end).
6009 This insures that lines in the message containing a dot
6010 will not terminate the message prematurely.
6012 Run Local Mail Transfer Protocol (LMTP)
6015 and the local mailer.
6016 This is a variant on SMTP
6018 that is specifically designed for delivery to a local mailbox.
6020 Apply DialDelay (if set) to this mailer.
6022 Don't look up MX records for hosts sent via SMTP/LMTP.
6027 Don't send null characters ('\\0') to this mailer.
6029 Don't use ESMTP even if offered; this is useful for broken
6030 systems that offer ESMTP but fail on EHLO (without recovering
6031 when HELO is tried next).
6033 Extend the list of characters converted to =XX notation
6034 when converting to Quoted-Printable
6035 to include those that don't map cleanly between ASCII and EBCDIC.
6036 Useful if you have IBM mainframes on site.
6038 If no aliases are found for this address,
6039 pass the address through ruleset 5 for possible alternate resolution.
6040 This is intended to forward the mail to an alternate delivery spot.
6042 Strip headers to seven bits.
6044 Strip all output to seven bits.
6045 This is the default if the
6048 Note that clearing this option is not
6049 sufficient to get full eight bit data passed through
6053 option is set, this is essentially always set,
6054 since the eighth bit was stripped on input.
6055 Note that this option will only impact messages
6056 that didn't have 8\(->7 bit MIME conversions performed.
6059 it is acceptable to send eight bit data to this mailer;
6060 the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
6065 7\(->8 bit MIME conversions.
6066 These conversions are limited to text/plain data.
6068 Check addresses to see if they begin
6070 if they do, convert them to the
6074 Check addresses to see if they begin with a `|';
6075 if they do, convert them to the
6079 Check addresses to see if they begin with a `/';
6080 if they do, convert them to the
6084 Look up addresses in the user database.
6086 Do not attempt delivery on initial receipt of a message
6088 unless the queued message is selected
6089 using one of the -qI/-qR/-qS queue run modifiers
6092 Disable an MH hack that drops an explicit
6094 if it is the same as what sendmail would generate.
6096 Configuration files prior to level 6
6097 assume the `A', `w', `5', `:', `|', `/', and `@' options
6101 The mailer with the special name
6103 can be used to generate a user error.
6104 The (optional) host field is an exit status to be returned,
6105 and the user field is a message to be printed.
6106 The exit status may be numeric or one of the values
6107 USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG
6108 to return the corresponding EX_ exit code,
6109 or an enhanced error code as described in RFC 1893,
6111 Enhanced Mail System Status Codes.
6112 For example, the entry:
6114 $#error $@ NOHOST $: Host unknown in this domain
6116 on the RHS of a rule
6117 will cause the specified error to be generated
6120 exit status to be returned
6122 This mailer is only functional in rulesets 0, 5,
6123 or one of the check_* rulesets.
6124 The host field can also contain the special token
6126 which instructs sendmail to quarantine the current message.
6128 The mailer with the special name
6130 causes any mail sent to it to be discarded
6131 but otherwise treated as though it were successfully delivered.
6132 This mailer cannot be used in ruleset 0,
6133 only in the various address checking rulesets.
6138 be defined in every configuration file.
6139 This is used to deliver local mail,
6140 and is treated specially in several ways.
6141 Additionally, three other mailers named
6146 may be defined to tune the delivery of messages to programs,
6148 and :include: lists respectively.
6151 Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
6152 M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
6153 M*include*, P=/dev/null, F=su, A=INCLUDE $u
6156 Builtin pathnames are [FILE] and [IPC], the former is used for
6157 delivery to files, the latter for delivery via interprocess communication.
6158 For mailers that use [IPC] as pathname the argument vector (A=)
6159 must start with TCP or FILE for delivery via a TCP or a Unix domain socket.
6160 If TCP is used, the second argument must be the name of the host
6162 Optionally a third argument can be used to specify a port,
6163 the default is smtp (port 25).
6164 If FILE is used, the second argument must be the name of
6165 the Unix domain socket.
6167 If the argument vector does not contain $u then
6169 will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer.
6171 If no Eol field is defined, then the default is "\\r\\n" for
6172 SMTP mailers and "\\n" of others.
6174 The Sender and Recipient rewriting sets
6175 may either be a simple ruleset id
6176 or may be two ids separated by a slash;
6177 if so, the first rewriting set is applied to envelope
6179 and the second is applied to headers.
6180 Setting any value to zero disables corresponding mailer-specific rewriting.
6183 is actually a colon-separated path of directories to try.
6184 For example, the definition
6186 first tries to execute in the recipient's home directory;
6187 if that is not available,
6188 it tries to execute in the root of the filesystem.
6189 This is intended to be used only on the
6192 since some shells (such as
6194 refuse to execute if they cannot read the current directory.
6195 Since the queue directory is not normally readable by unprivileged users
6197 scripts as recipients can fail.
6200 specifies the default user and group id to run as,
6206 mailer flag is also specified,
6207 this user and group will be set as the
6208 effective uid and gid for the process.
6209 This may be given as
6211 to set both the user and group id;
6212 either may be an integer or a symbolic name to be looked up
6218 If only a symbolic user name is specified,
6221 file for that user is used as the group id.
6224 is used when converting a message to MIME;
6225 this is the character set used in the
6226 Content-Type: header.
6227 If this is not set, the
6230 and if that is not set, the value
6234 this field applies to the sender's mailer,
6235 not the recipient's mailer.
6236 For example, if the envelope sender address
6237 lists an address on the local network
6238 and the recipient is on an external network,
6239 the character set will be set from the Charset= field
6240 for the local network mailer,
6241 not that of the external network mailer.
6244 sets the type information
6245 used in MIME error messages
6248 It is actually three values separated by slashes:
6249 the MTA-type (that is, the description of how hosts are named),
6250 the address type (the description of e-mail addresses),
6251 and the diagnostic type (the description of error diagnostic codes).
6252 Each of these must be a registered value
6256 .q dns/rfc822/smtp .
6258 The m= field specifies the maximum number of messages
6259 to attempt to deliver on a single SMTP or LMTP connection.
6260 The default is infinite.
6262 The r= field specifies the maximum number of recipients
6263 to attempt to deliver in a single envelope.
6266 The /= field specifies a new root directory for the mailer. The path is
6267 macro expanded and then passed to the
6269 system call. The root directory is changed before the Directory field is
6270 consulted or the uid is changed.
6272 The Wait= field specifies the maximum time to wait for the
6273 mailer to return after sending all data to it.
6274 This applies to mailers that have been forked by
6277 The Queuegroup= field specifies the default queue group in which
6278 received mail should be queued.
6279 This can be overridden by other means as explained in section
6280 ``Queue Groups and Queue Directories''.
6281 .sh 2 "H \*- Define Header"
6283 The format of the header lines that
6285 inserts into the message
6289 The syntax of this line is one of the following:
6316 Continuation lines in this spec
6317 are reflected directly into the outgoing message.
6320 is macro-expanded before insertion into the message.
6323 (surrounded by question marks)
6325 at least one of the specified flags
6326 must be stated in the mailer definition
6327 for this header to be automatically output.
6330 (surrounded by question marks)
6332 the header will be automatically output
6333 if the macro is set.
6334 The macro may be set using any of the normal methods,
6337 storage map in a ruleset.
6338 If one of these headers is in the input
6339 it is reflected to the output
6340 regardless of these flags or macros.
6344 is used to set a header, then it is useful to add that macro to class
6345 .i $={persistentMacros}
6346 which consists of the macros that should be saved across queue runs.
6348 Some headers have special semantics
6349 that will be described later.
6351 A secondary syntax allows validation of headers as they are being read.
6352 To enable validation, use:
6365 is called for the specified
6369 to reject or quarantine the message or
6371 to discard the message
6375 The ruleset receives the header field-body as argument,
6376 i.e., not the header field-name; see also
6377 ${hdr_name} and ${currHeader}.
6378 The header is treated as a structured field,
6380 text in parentheses is deleted before processing,
6381 unless the second form
6384 Note: only one ruleset can be associated with a header;
6386 will silently ignore multiple entries.
6388 For example, the configuration lines:
6390 HMessage-Id: $>CheckMessageId
6394 R$* $#error $: Illegal Message-Id header
6396 would refuse any message that had a Message-Id: header of any of the
6400 Message-Id: some text
6401 Message-Id: <legal text@domain> extra crud
6403 A default ruleset that is called for headers which don't have a
6404 specific ruleset defined for them can be specified by:
6418 .sh 2 "O \*- Set Option"
6420 There are a number of global options that
6421 can be set from a configuration file.
6422 Options are represented by full words;
6423 some are also representable as single characters for back compatibility.
6424 The syntax of this line is:
6437 be a space between the letter `O' and the name of the option.
6438 An older version is:
6445 is a single character.
6446 Depending on the option,
6448 may be a string, an integer,
6456 the default is TRUE),
6460 All filenames used in options should be absolute paths,
6461 i.e., starting with '/'.
6462 Relative filenames most likely cause surprises during operation
6463 (unless otherwise noted).
6465 The options supported (with the old, one character names in brackets) are:
6467 .ip "AliasFile=\fIspec, spec, ...\fP"
6469 Specify possible alias file(s).
6472 should be in the format
6480 is optional and defaults to ``implicit''.
6495 value is used as follows:
6497 \-k (&(objectClass=sendmailMTAAliasObject)
6498 (sendmailMTAAliasName=aliases)
6499 (|(sendmailMTACluster=${sendmailMTACluster})
6500 (sendmailMTAHost=$j))
6501 (sendmailMTAKey=%0))
6502 \-v sendmailMTAAliasValue
6506 is compiled, valid classes are
6508 (search through a compiled-in list of alias file types,
6509 for back compatibility),
6523 (internal symbol table \*- not normally used
6524 unless you have no other database lookup),
6526 (use a sequence of maps
6527 previously declared),
6541 searches them in order.
6542 .ip AliasWait=\fItimeout\fP
6547 (units default to minutes)
6550 entry to exist in the alias database
6552 If it does not appear in the
6554 interval issue a warning.
6557 If set, allow HELO SMTP commands that don't include a host name.
6558 Setting this violates RFC 1123 section 5.2.5,
6559 but is necessary to interoperate with several SMTP clients.
6560 If there is a value, it is still checked for legitimacy.
6561 .ip AuthMaxBits=\fIN\fP
6563 Limit the maximum encryption strength for the security layer in
6564 SMTP AUTH (SASL). Default is essentially unlimited.
6565 This allows to turn off additional encryption in SASL if
6566 STARTTLS is already encrypting the communication, because the
6567 existing encryption strength is taken into account when choosing
6568 an algorithm for the security layer.
6569 For example, if STARTTLS is used and the symmetric cipher is 3DES,
6570 then the the keylength (in bits) is 168.
6573 to 168 will disable any encryption in SASL.
6576 List of authentication mechanisms for AUTH (separated by spaces).
6577 The advertised list of authentication mechanisms will be the
6578 intersection of this list and the list of available mechanisms as
6579 determined by the Cyrus SASL library.
6580 If STARTTLS is active, EXTERNAL will be added to this list.
6581 In that case, the value of {cert_subject} is used as authentication id.
6584 List of options for SMTP AUTH consisting of single characters
6585 with intervening white space or commas.
6588 A Use the AUTH= parameter for the MAIL FROM
6589 command only when authentication succeeded.
6590 This can be used as a workaround for broken
6591 MTAs that do not implement RFC 2554 correctly.
6592 a protection from active (non-dictionary) attacks
6593 during authentication exchange.
6594 c require mechanisms which pass client credentials,
6595 and allow mechanisms which can pass credentials
6597 d don't permit mechanisms susceptible to passive
6599 f require forward secrecy between sessions
6600 (breaking one won't help break next).
6601 m require mechanisms which provide mutual authentication
6602 (only available if using Cyrus SASL v2 or later).
6603 p don't permit mechanisms susceptible to simple
6604 passive attack (e.g., PLAIN, LOGIN), unless a
6605 security layer is active.
6606 y don't permit mechanisms that allow anonymous login.
6608 The first option applies to sendmail as a client, the others to a server.
6613 would disallow ANONYMOUS as AUTH mechanism and would
6614 allow PLAIN and LOGIN only if a security layer (e.g.,
6615 provided by STARTTLS) is already active.
6616 The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the
6617 selected SASL mechanisms.
6618 Explanations of these properties can be found in the Cyrus SASL documentation.
6621 The authentication realm that is passed to the Cyrus SASL library.
6622 If no realm is specified,
6626 .ip BadRcptThrottle=\fIN\fP
6628 If set and the specified number of recipients in a single SMTP
6629 transaction have been rejected, sleep for one second after each subsequent
6630 RCPT command in that transaction.
6631 .ip BlankSub=\fIc\fP
6633 Set the blank substitution character to
6635 Unquoted spaces in addresses are replaced by this character.
6636 Defaults to space (i.e., no change is made).
6639 Path to directory with certificates of CAs.
6640 This directory directory must contain the hashes of each CA certificate
6641 as filenames (or as links to them).
6644 File containing one or more CA certificates;
6645 see section about STARTTLS for more information.
6646 .ip CertFingerprintAlgorithm
6647 Specify the fingerprint algorithm (digest) to use for the presented cert.
6648 If the option is not set,
6649 md5 is used and the macro
6651 contains the cert fingerprint.
6652 If the option is explicitly set,
6653 the specified algorithm (e.g., sha1) is used
6656 contains the cert fingerprint.
6658 Specify cipher list for STARTTLS.
6661 for possible values.
6664 Validate the RHS of aliases when rebuilding the alias database.
6665 .ip CheckpointInterval=\fIN\fP
6667 Checkpoints the queue every
6671 If your system crashes during delivery to a large list,
6672 this prevents retransmission to any but the last
6675 .ip ClassFactor=\fIfact\fP
6679 is multiplied by the message class
6680 (determined by the Precedence: field in the user header
6683 lines in the configuration file)
6684 and subtracted from the priority.
6685 Thus, messages with a higher Priority: will be favored.
6689 File containing the certificate of the client, i.e., this certificate
6692 acts as client (for STARTTLS).
6695 File containing the private key belonging to the client certificate
6699 .ip ClientPortOptions=\fIoptions\fP
6701 Set client SMTP options.
6704 pairs separated by commas.
6708 Port Name/number of source port for connection (defaults to any free port)
6709 Addr Address mask (defaults INADDR_ANY)
6710 Family Address family (defaults to INET)
6711 SndBufSize Size of TCP send buffer
6712 RcvBufSize Size of TCP receive buffer
6713 Modifier Options (flags) for the client
6717 mask may be a numeric address in IPv4 dot notation or IPv6 colon notation
6719 Note that if a network name is specified,
6720 only the first IP address returned for it will be used.
6721 This may cause indeterminate behavior for network names
6722 that resolve to multiple addresses.
6723 Therefore, use of an address is recommended.
6725 can be the following character:
6728 h use name of interface for HELO command
6729 A don't use AUTH when sending e-mail
6730 S don't use STARTTLS when sending e-mail
6732 If ``h'' is set, the name corresponding to the outgoing interface
6733 address (whether chosen via the Connection parameter or
6734 the default) is used for the HELO/EHLO command.
6735 However, the name must not start with a square bracket
6736 and it must contain at least one dot.
6737 This is a simple test whether the name is not
6738 an IP address (in square brackets) but a qualified hostname.
6739 Note that multiple ClientPortOptions settings are allowed
6740 in order to give settings for each protocol family
6741 (e.g., one for Family=inet and one for Family=inet6).
6742 A restriction placed on one family only affects
6743 outgoing connections on that particular family.
6744 .ip ClientSSLOptions
6745 A space or comma separated list of SSL related options for the client side.
6747 .i SSL_CTX_set_options (3)
6749 the available values depend on the OpenSSL version against which
6756 .i -SSL_OP_TLSEXT_PADDING
6758 (if those options are available).
6759 Options can be cleared by preceeding them with a minus sign.
6760 It is also possible to specify numerical values, e.g.,
6764 If set, colons are acceptable in e-mail addresses
6767 If not set, colons indicate the beginning of a RFC 822 group construct
6769 .q "groupname: member1, member2, ... memberN;" ).
6770 Doubled colons are always acceptable
6773 and proper route-addr nesting is understood
6775 .q <@relay:user@host> ).
6776 Furthermore, this option defaults on if the configuration version level
6777 is less than 6 (for back compatibility).
6778 However, it must be off for full compatibility with RFC 822.
6779 .ip ConnectionCacheSize=\fIN\fP
6781 The maximum number of open connections that will be cached at a time.
6783 This delays closing the current connection until
6784 either this invocation of
6786 needs to connect to another host
6788 Setting it to zero defaults to the old behavior,
6789 that is, connections are closed immediately.
6790 Since this consumes file descriptors,
6791 the connection cache should be kept small:
6792 4 is probably a practical maximum.
6793 .ip ConnectionCacheTimeout=\fItimeout\fP
6795 The maximum amount of time a cached connection will be permitted to idle
6797 If this time is exceeded,
6798 the connection is immediately closed.
6799 This value should be small (on the order of ten minutes).
6802 uses a cached connection,
6803 it always sends a RSET command
6804 to check the connection;
6805 if this fails, it reopens the connection.
6806 This keeps your end from failing if the other end times out.
6807 The point of this option is to be a good network neighbor
6808 and avoid using up excessive resources
6810 The default is five minutes.
6811 .ip ConnectOnlyTo=\fIaddress\fP
6814 override the connection address (for testing purposes).
6815 .ip ConnectionRateThrottle=\fIN\fP
6817 If set to a positive value,
6820 incoming connections in a one second period per daemon.
6821 This is intended to flatten out peaks
6822 and allow the load average checking to cut in.
6823 Defaults to zero (no limits).
6824 .ip ConnectionRateWindowSize=\fIN\fP
6826 Define the length of the interval for which
6827 the number of incoming connections is maintained.
6828 The default is 60 seconds.
6829 .ip ControlSocketName=\fIname\fP
6831 Name of the control socket for daemon management.
6834 daemon can be controlled through this named socket.
6835 Available commands are:
6844 command returns the current number of daemon children,
6845 the maximum number of daemon children,
6846 the free disk space (in blocks) of the queue directory,
6847 and the load average of the machine expressed as an integer.
6848 If not set, no control socket will be available.
6849 Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
6850 .ip CRLFile=\fIname\fP
6852 Name of file that contains certificate
6853 revocation status, useful for X.509v3 authentication.
6854 CRL checking requires at least OpenSSL version 0.9.7.
6855 Note: if a CRLFile is specified but the file is unusable,
6856 STARTTLS is disabled.
6858 This option applies to the server side only.
6859 Possible values are:
6862 5 use precomputed 512 bit prime.
6863 1 generate 1024 bit prime
6864 2 generate 2048 bit prime.
6865 i use included precomputed 2048 bit prime (default).
6866 none do not use Diffie-Hellman.
6867 /path/to/file load prime from file.
6869 This is only required if a ciphersuite containing DSA/DH is used.
6870 The default is ``i'' which selects a precomputed, fixed 2048 bit prime.
6871 If ``5'' is selected, then precomputed, fixed primes are used.
6872 Note: this option should not be used
6873 (unless necessary for compatibility with old implementations).
6874 If ``1'' or ``2'' is selected, then prime values are computed during startup.
6875 Note: this operation can take a significant amount of time on a
6876 slow machine (several seconds), but it is only done once at startup.
6877 If ``none'' is selected, then TLS ciphersuites containing DSA/DH
6879 If a file name is specified (which must be an absolute path),
6880 then the primes are read from it.
6881 It is recommended to generate such a file using a command like this:
6883 openssl dhparam -out /etc/mail/dhparams.pem 2048
6885 If the file is not readable or contains unusable data,
6886 the default ``i'' is used instead.
6887 .ip DaemonPortOptions=\fIoptions\fP
6889 Set server SMTP options.
6891 .b DaemonPortOptions
6892 leads to an additional incoming socket.
6899 Name User-definable name for the daemon (defaults to "Daemon#")
6900 Port Name/number of listening port (defaults to "smtp")
6901 Addr Address mask (defaults INADDR_ANY)
6902 Family Address family (defaults to INET)
6903 InputMailFilters List of input mail filters for the daemon
6904 Listen Size of listen queue (defaults to 10)
6905 Modifier Options (flags) for the daemon
6906 SndBufSize Size of TCP send buffer
6907 RcvBufSize Size of TCP receive buffer
6908 children maximum number of children per daemon, see \fBMaxDaemonChildren\fP.
6909 DeliveryMode Delivery mode per daemon, see \fBDeliveryMode\fP.
6910 refuseLA RefuseLA per daemon
6911 delayLA DelayLA per daemon
6912 queueLA QueueLA per daemon
6916 key is used for error messages and logging.
6920 a numeric address in IPv4 dot notation or IPv6 colon notation,
6922 or a path to a local socket.
6923 Note that if a network name is specified,
6924 only the first IP address returned for it will be used.
6925 This may cause indeterminate behavior for network names
6926 that resolve to multiple addresses.
6927 Therefore, use of an address is recommended.
6930 key defaults to INET (IPv4).
6931 IPv6 users who wish to also accept IPv6 connections
6932 should add additional Family=inet6
6933 .b DaemonPortOptions
6935 For a local socket, use
6941 key overrides the default list of input mail filters listed in the
6944 If multiple input mail filters are required, they must be separated
6945 by semicolons (not commas).
6947 can be a sequence (without any delimiters)
6948 of the following characters:
6951 a always require authentication
6952 b bind to interface through which mail has been received
6953 c perform hostname canonification (.cf)
6954 f require fully qualified hostname (.cf)
6955 s Run smtps (SMTP over SSL) instead of smtp
6956 u allow unqualified addresses (.cf)
6957 A disable AUTH (overrides 'a' modifier)
6958 C don't perform hostname canonification
6959 E disallow ETRN (see RFC 2476)
6960 O optional; if opening the socket fails ignore it
6961 S don't offer STARTTLS
6963 That is, one way to specify a message submission agent (MSA) that
6964 always requires authentication is:
6966 O DaemonPortOptions=Name=MSA, Port=587, M=Ea
6968 The modifiers that are marked with "(.cf)" have only
6969 effect in the standard configuration file, in which
6970 they are available via
6971 .b ${daemon_flags} .
6974 use the ``a'' modifier on a public accessible MTA!
6975 It should only be used for a MSA that is accessed by authorized
6976 users for initial mail submission.
6977 Users must authenticate to use a MSA which has this option turned on.
6978 The flags ``c'' and ``C'' can change the default for
6979 hostname canonification in the
6982 See the relevant documentation for
6983 .sm FEATURE(nocanonify) .
6984 The modifier ``f'' disallows addresses of the form
6986 unless they are submitted directly.
6987 The flag ``u'' allows unqualified sender addresses,
6988 i.e., those without @host.
6989 ``b'' forces sendmail to bind to the interface
6990 through which the e-mail has been
6991 received for the outgoing connection.
6994 only if outgoing mail can be routed through the incoming connection's
6995 interface to its destination. No attempt is made to catch problems due to a
6996 misconfiguration of this parameter, use it only for virtual hosting
6997 where each virtual interface can connect to every possible location.
6998 This will also override possible settings via
6999 .b ClientPortOptions.
7002 will listen on a new socket
7003 for each occurence of the
7004 .b DaemonPortOptions
7005 option in a configuration file.
7006 The modifier ``O'' causes sendmail to ignore a socket
7007 if it can't be opened.
7008 This applies to failures from the socket(2) and bind(2) calls.
7011 Filename that contains default authentication information for outgoing
7012 connections. This file must contain the user id, the authorization id,
7013 the password (plain text), the realm and the list of mechanisms to use
7014 on separate lines and must be readable by
7015 root (or the trusted user) only.
7016 If no realm is specified,
7019 If no mechanisms are specified, the list given by
7022 Notice: this option is deprecated and will be removed in future versions.
7023 Moreover, it doesn't work for the MSP since it can't read the file
7024 (the file must not be group/world-readable otherwise
7027 Use the authinfo ruleset instead which provides more control over
7028 the usage of the data anyway.
7029 .ip DefaultCharSet=\fIcharset\fP
7031 When a message that has 8-bit characters but is not in MIME format
7032 is converted to MIME
7033 (see the EightBitMode option)
7034 a character set must be included in the Content-Type: header.
7035 This character set is normally set from the Charset= field
7036 of the mailer descriptor.
7037 If that is not set, the value of this option is used.
7038 If this option is not set, the value
7041 .ip DataFileBufferSize=\fIthreshold\fP
7046 before a memory-based
7049 The default is 4096 bytes.
7050 .ip DeadLetterDrop=\fIfile\fP
7052 Defines the location of the system-wide dead.letter file,
7053 formerly hardcoded to /usr/tmp/dead.letter.
7054 If this option is not set (the default),
7055 sendmail will not attempt to save to a system-wide dead.letter file
7057 it cannot bounce the mail to the user or postmaster.
7058 Instead, it will rename the qf file
7059 as it has in the past
7060 when the dead.letter file could not be opened.
7061 .ip DefaultUser=\fIuser:group\fP
7063 Set the default userid for mailers to
7070 (as opposed to a numeric user id)
7071 the default group listed in the /etc/passwd file for that user is used
7072 as the default group.
7080 flag in the mailer definition
7081 will run as this user.
7083 The value can also be given as a symbolic user name.\**
7087 option has been combined into the
7091 .ip DelayLA=\fILA\fP
7093 When the system load average exceeds
7096 will sleep for one second on most SMTP commands and
7097 before accepting connections.
7098 .ip DeliverByMin=\fItime\fP
7100 Set minimum time for Deliver By SMTP Service Extension (RFC 2852).
7101 If 0, no time is listed, if less than 0, the extension is not offered,
7102 if greater than 0, it is listed as minimum time
7103 for the EHLO keyword DELIVERBY.
7104 .ip DeliveryMode=\fIx\fP
7111 i Deliver interactively (synchronously)
7112 b Deliver in background (asynchronously)
7113 q Just queue the message (deliver during queue run)
7114 d Defer delivery and all map lookups (deliver during queue run)
7116 Defaults to ``b'' if no option is specified,
7117 ``i'' if it is specified but given no argument
7118 (i.e., ``Od'' is equivalent to ``Odi'').
7121 command line flag sets this to
7123 Note: for internal reasons,
7125 if a milter is enabled which can reject or delete recipients.
7126 In that case the mode will be changed to ``b''.
7127 .ip DialDelay=\fIsleeptime\fP
7129 Dial-on-demand network connections can see timeouts
7130 if a connection is opened before the call is set up.
7131 If this is set to an interval and a connection times out
7132 on the first connection being attempted
7134 will sleep for this amount of time and try again.
7135 This should give your system time to establish the connection
7136 to your service provider.
7137 Units default to seconds, so
7139 uses a five second delay.
7142 This delay only applies to mailers which have the
7144 .ip DirectSubmissionModifiers=\fImodifiers\fP
7147 for direct (command line) submissions.
7150 is either "CC f" if the option
7152 is used or "c u" otherwise.
7153 Note that only the the "CC", "c", "f", and "u" flags are checked.
7154 .ip DontBlameSendmail=\fIoption,option,...\fP
7156 In order to avoid possible cracking attempts
7157 caused by world- and group-writable files and directories,
7159 does paranoid checking when opening most of its support files.
7160 If for some reason you absolutely must run with,
7165 then you will have to turn off this checking
7166 (at the cost of making your system more vulnerable to attack).
7167 The possible arguments have been described earlier.
7168 The details of these flags are described above.
7169 .\"XXX should have more here!!! XXX
7170 .b "Use of this option is not recommended."
7171 .ip DontExpandCnames
7173 The standards say that all host addresses used in a mail message
7174 must be fully canonical.
7175 For example, if your host is named
7177 and also has an alias of
7179 the former name must be used at all times.
7180 This is enforced during host name canonification
7181 ($[ ... $] lookups).
7182 If this option is set, the protocols are ignored and the
7185 However, the IETF is moving toward changing this standard,
7186 so the behavior may become acceptable.
7187 Please note that hosts downstream may still rewrite the address
7188 to be the true canonical name however.
7193 will avoid using the initgroups(3) call.
7194 If you are running NIS,
7195 this causes a sequential scan of the groups.byname map,
7196 which can cause your NIS server to be badly overloaded in a large domain.
7197 The cost of this is that the only group found for users
7198 will be their primary group (the one in the password file),
7199 which will make file access permissions somewhat more restrictive.
7200 Has no effect on systems that don't have group lists.
7201 .ip DontProbeInterfaces
7204 normally finds the names of all interfaces active on your machine
7206 and adds their name to the
7208 class of known host aliases.
7209 If you have a large number of virtual interfaces
7210 or if your DNS inverse lookups are slow
7211 this can be time consuming.
7212 This option turns off that probing.
7213 However, you will need to be certain to include all variant names
7216 class by some other mechanism.
7219 loopback interfaces (e.g., lo0) will not be probed.
7224 tries to eliminate any unnecessary explicit routes
7225 when sending an error message
7226 (as discussed in RFC 1123 \(sc 5.2.6).
7228 when sending an error message to
7230 <@known1,@known2,@known3:user@unknown>
7235 in order to make the route as direct as possible.
7238 option is set, this will be disabled,
7239 and the mail will be sent to the first address in the route,
7240 even if later addresses are known.
7241 This may be useful if you are caught behind a firewall.
7242 .ip DoubleBounceAddress=\fIerror-address\fP
7244 If an error occurs when sending an error message,
7245 send the error report
7248 because it is an error
7250 that occurs when trying to send another error
7252 to the indicated address.
7253 The address is macro expanded
7254 at the time of delivery.
7255 If not set, defaults to
7257 If set to an empty string, double bounces are dropped.
7258 .ip EightBitMode=\fIaction\fP
7260 Set handling of eight-bit data.
7261 There are two kinds of eight-bit data:
7262 that declared as such using the
7264 ESMTP declaration or the
7267 and undeclared 8-bit data, that is,
7268 input that just happens to be eight bits.
7269 There are three basic operations that can happen:
7270 undeclared 8-bit data can be automatically converted to 8BITMIME,
7271 undeclared 8-bit data can be passed as-is without conversion to MIME
7273 and declared 8-bit data can be converted to 7-bits
7274 for transmission to a non-8BITMIME mailer.
7279 .\" r Reject undeclared 8-bit data;
7280 .\" don't convert 8BITMIME\(->7BIT (``reject'')
7281 s Reject undeclared 8-bit data (``strict'')
7282 .\" do convert 8BITMIME\(->7BIT (``strict'')
7283 .\" c Convert undeclared 8-bit data to MIME;
7284 .\" don't convert 8BITMIME\(->7BIT (``convert'')
7285 m Convert undeclared 8-bit data to MIME (``mime'')
7286 .\" do convert 8BITMIME\(->7BIT (``mime'')
7287 .\" j Pass undeclared 8-bit data;
7288 .\" don't convert 8BITMIME\(->7BIT (``just send 8'')
7289 p Pass undeclared 8-bit data (``pass'')
7290 .\" do convert 8BITMIME\(->7BIT (``pass'')
7291 .\" a Adaptive algorithm: see below
7293 .\"The adaptive algorithm is to accept 8-bit data,
7294 .\"converting it to 8BITMIME only if the receiver understands that,
7295 .\"otherwise just passing it as undeclared 8-bit data;
7296 .\"8BITMIME\(->7BIT conversions are done.
7297 In all cases properly declared 8BITMIME data will be converted to 7BIT
7299 .ip ErrorHeader=\fIfile-or-message\fP
7301 Prepend error messages with the indicated message.
7302 If it begins with a slash,
7303 it is assumed to be the pathname of a file
7304 containing a message (this is the recommended setting).
7305 Otherwise, it is a literal message.
7306 The error file might contain the name, email address, and/or phone number
7307 of a local postmaster who could provide assistance
7309 If the option is missing or null,
7310 or if it names a file which does not exist or which is not readable,
7311 no message is printed.
7312 .ip ErrorMode=\fIx\fP
7314 Dispose of errors using mode
7320 p Print error messages (default)
7321 q No messages, just give exit status
7323 w Write back errors (mail if user not logged in)
7324 e Mail back errors (when applicable) and give zero exit stat always
7326 Note that the last mode,
7328 is for Berknet error processing and
7329 should not be used in normal circumstances.
7330 Note, too, that mode
7332 only applies to errors recognized before sendmail forks for
7333 background delivery.
7334 .ip FallbackMXhost=\fIfallbackhost\fP
7338 acts like a very low priority MX
7340 MX records will be looked up for this host,
7341 unless the name is surrounded by square brackets.
7342 This is intended to be used by sites with poor network connectivity.
7343 Messages which are undeliverable due to temporary address failures
7345 also go to the FallbackMXhost.
7346 .ip FallBackSmartHost=\fIhostname\fP
7348 .i FallBackSmartHost
7349 will be used in a last-ditch effort for each host.
7350 This is intended to be used by sites with "fake internal DNS",
7351 e.g., a company whose DNS accurately reflects the world
7352 inside that company's domain but not outside.
7355 If set to a value greater than zero (the default is one),
7356 it suppresses the MX lookups on addresses
7357 when they are initially sorted, i.e., for the first delivery attempt.
7358 This usually results in faster envelope splitting unless the MX records
7359 are readily available in a local DNS cache.
7360 To enforce initial sorting based on MX records set
7363 If the mail is submitted directly from the command line, then
7364 the value also limits the number of processes to deliver the envelopes;
7365 if more envelopes are created they are only queued up
7366 and must be taken care of by a queue run.
7367 Since the default submission method is via SMTP (either from a MUA
7368 or via the MSP), the value of
7370 is seldom used to limit the number of processes to deliver the envelopes.
7374 deliver each job that is run from the queue in a separate process.
7375 .ip ForwardPath=\fIpath\fP
7377 Set the path for searching for users' .forward files.
7380 Some sites that use the automounter may prefer to change this to
7382 to search a file with the same name as the user in a system directory.
7383 It can also be set to a sequence of paths separated by colons;
7385 stops at the first file it can successfully and safely open.
7387 .q /var/forward/$u:$z/.forward
7388 will search first in /var/forward/\c
7391 .i ~username /.forward
7392 (but only if the first file does not exist).
7393 .ip HeloName=\fIname\fP
7395 Set the name to be used for HELO/EHLO (instead of $j).
7398 If an outgoing mailer is marked as being expensive,
7399 don't connect immediately.
7400 .ip HostsFile=\fIpath\fP
7402 The path to the hosts database,
7405 This option is only consulted when sendmail
7406 is canonifying addresses,
7411 service switch entry.
7412 In particular, this file is
7414 used when looking up host addresses;
7415 that is under the control of the system
7416 .i gethostbyname (3)
7418 .ip HostStatusDirectory=\fIpath\fP
7420 The location of the long term host status information.
7422 information about the status of hosts
7423 (e.g., host down or not accepting connections)
7424 will be shared between all
7427 normally, this information is only held within a single queue run.
7428 This option requires a connection cache of at least 1 to function.
7429 If the option begins with a leading `/',
7430 it is an absolute pathname;
7432 it is relative to the mail queue directory.
7433 A suggested value for sites desiring persistent host status is
7435 (i.e., a subdirectory of the queue directory).
7438 Ignore dots in incoming messages.
7439 This is always disabled (that is, dots are always accepted)
7440 when reading SMTP mail.
7441 .ip InputMailFilters=\fIname,name,...\fP
7442 A comma separated list of filters which determines which filters
7443 (see the "X \*- Mail Filter (Milter) Definitions" section)
7444 and the invocation sequence are contacted for incoming SMTP messages.
7445 If none are set, no filters will be contacted.
7446 .ip LDAPDefaultSpec=\fIspec\fP
7448 Sets a default map specification for LDAP maps.
7449 The value should only contain LDAP specific settings
7451 .q "-h host -p port -d bindDN" .
7452 The settings will be used for all LDAP maps
7453 unless the individual map specification overrides a setting.
7454 This option should be set before any LDAP maps are defined.
7455 .ip LogLevel=\fIn\fP
7457 Set the log level to
7466 This is intended only for use from the command line.
7472 Type of lookup to find information about local mailboxes,
7473 defaults to ``pw'' which uses
7475 Other types can be introduced by adding them to the source code,
7476 see libsm/mbdb.c for details.
7479 Use as mail submission program, i.e.,
7480 allow group writable queue files
7481 if the group is the same as that of a set-group-ID sendmail binary.
7483 .b sendmail/SECURITY
7484 in the distribution tarball.
7487 Allow fuzzy matching on the GECOS field.
7488 If this flag is set,
7489 and the usual user name lookups fail
7490 (that is, there is no alias with this name and a
7493 sequentially search the password file
7494 for a matching entry in the GECOS field.
7495 This also requires that MATCHGECOS
7496 be turned on during compilation.
7497 This option is not recommended.
7498 .ip MaxAliasRecursion=\fIN\fP
7500 The maximum depth of alias recursion (default: 10).
7501 .ip MaxDaemonChildren=\fIN\fP
7505 will refuse connections when it has more than
7507 children processing incoming mail or automatic queue runs.
7508 This does not limit the number of outgoing connections.
7511 (background) is used, then
7513 may create an almost unlimited number of children
7514 (depending on the number of transactions and the
7515 relative execution times of mail receiption and mail delivery).
7516 If the limit should be enforced, then a
7518 other than background must be used.
7519 If not set, there is no limit to the number of children --
7520 that is, the system load average controls this.
7521 .ip MaxHeadersLength=\fIN\fP
7523 The maximum length of the sum of all headers.
7524 This can be used to prevent a denial of service attack.
7525 The default is no limit.
7526 .ip MaxHopCount=\fIN\fP
7528 The maximum hop count.
7529 Messages that have been processed more than
7531 times are assumed to be in a loop and are rejected.
7533 .ip MaxMessageSize=\fIN\fP
7535 Specify the maximum message size
7536 to be advertised in the ESMTP EHLO response.
7537 Messages larger than this will be rejected.
7538 If set to a value greater than zero,
7539 that value will be listed in the SIZE response,
7540 otherwise SIZE is advertised in the ESMTP EHLO response
7541 without a parameter.
7542 .ip MaxMimeHeaderLength=\fIN[/M]\fP
7544 Sets the maximum length of certain MIME header field values to
7547 These MIME header fields are determined by being a member of
7548 class {checkMIMETextHeaders}, which currently contains only
7549 the header Content-Description.
7550 For some of these headers which take parameters,
7551 the maximum length of each parameter is set to
7555 is not specified, one half of
7559 these values are 2048 and 1024, respectively.
7560 To allow any length, a value of 0 can be specified.
7561 .ip MaxNOOPCommands=\fIN\fP
7562 Override the default of
7566 commands, see Section
7567 "Measures against Denial of Service Attacks".
7568 .ip MaxQueueChildren=\fIN\fP
7570 When set, this limits the number of concurrent queue runner processes to
7572 This helps to control the amount of system resources used when processing
7573 the queue. When there are multiple queue groups defined and the total number
7574 of queue runners for these queue groups would exceed
7576 then the queue groups will not all run concurrently. That is, some portion
7577 of the queue groups will run concurrently such that
7579 will not be exceeded, while the remaining queue groups will be run later (in
7580 round robin order). See also
7581 .i MaxRunnersPerQueue
7582 and the section \fBQueue Group Declaration\fP.
7585 does not count individual queue runners, but only sets of processes
7586 that act on a workgroup.
7587 Hence the actual number of queue runners may be lower than the limit
7589 .i MaxQueueChildren .
7590 This discrepancy can be large if some queue runners have to wait
7591 for a slow server and if short intervals are used.
7592 .ip MaxQueueRunSize=\fIN\fP
7594 The maximum number of jobs that will be processed
7595 in a single queue run.
7596 If not set, there is no limit on the size.
7597 If you have very large queues or a very short queue run interval
7598 this could be unstable.
7599 However, since the first
7601 jobs in queue directory order are run (rather than the
7603 highest priority jobs)
7604 this should be set as high as possible to avoid
7606 jobs that happen to fall late in the queue directory.
7607 Note: this option also restricts the number of entries printed by
7616 entries are printed per queue group.
7617 .ip MaxRecipientsPerMessage=\fIN\fP
7619 The maximum number of recipients that will be accepted per message
7620 in an SMTP transaction.
7621 Note: setting this too low can interfere with sending mail from
7622 MUAs that use SMTP for initial submission.
7623 If not set, there is no limit on the number of recipients per envelope.
7624 .ip MaxRunnersPerQueue=\fIN\fP
7626 This sets the default maximum number of queue runners for queue groups.
7629 queue runners will work in parallel on a queue group's messages.
7630 This is useful where the processing of a message in the queue might
7631 delay the processing of subsequent messages. Such a delay may be the result
7632 of non-erroneous situations such as a low bandwidth connection.
7633 May be overridden on a per queue group basis by setting the
7635 option; see the section \fBQueue Group Declaration\fP.
7636 The default is 1 when not set.
7640 even if I am in an alias expansion.
7641 This option is deprecated
7642 and will be removed from a future version.
7645 This option has several sub(sub)options.
7646 The names of the suboptions are separated by dots.
7647 At the first level the following options are available:
7649 .ta \w'LogLevel'u+3n
7650 LogLevel Log level for input mail filter actions, defaults to LogLevel.
7651 macros Specifies list of macro to transmit to filters.
7654 The ``macros'' option has the following suboptions
7655 which specify the list of macro to transmit to milters
7656 after a certain event occurred.
7659 connect After session connection start
7660 helo After EHLO/HELO command
7661 envfrom After MAIL From command
7662 envrcpt After RCPT To command
7663 data After DATA command.
7664 eoh After DATA command and header
7665 eom After DATA command and terminating ``.''
7667 By default the lists of macros are empty.
7670 O Milter.LogLevel=12
7671 O Milter.macros.connect=j, _, {daemon_name}
7673 .ip MinFreeBlocks=\fIN\fP
7677 blocks free on the filesystem that holds the queue files
7678 before accepting email via SMTP.
7679 If there is insufficient space
7681 gives a 452 response
7682 to the MAIL command.
7683 This invites the sender to try again later.
7684 .ip MaxQueueAge=\fIage\fP
7686 If this is set to a value greater than zero,
7687 entries in the queue will be retried during a queue run
7688 only if the individual retry time has been reached
7689 which is doubled for each attempt.
7690 The maximum retry time is limited by the specified value.
7691 .ip MinQueueAge=\fIage\fP
7693 Don't process any queued jobs
7694 that have been in the queue less than the indicated time interval.
7695 This is intended to allow you to get responsiveness
7696 by processing the queue fairly frequently
7697 without thrashing your system by trying jobs too often.
7698 The default units are minutes.
7700 This option is ignored for queue runs that select a subset
7702 .q \-q[!][I|R|S|Q][string]
7703 .ip MustQuoteChars=\fIs\fP
7705 Sets the list of characters that must be quoted if used in a full name
7706 that is in the phrase part of a ``phrase <address>'' syntax.
7707 The default is ``\'.''.
7708 The characters ``@,;:\e()[]'' are always added to this list.
7711 The priority of queue runners (nice(3)).
7712 This value must be greater or equal zero.
7713 .ip NoRecipientAction
7715 The action to take when you receive a message that has no valid
7716 recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
7717 the last included for back compatibility with old
7721 to pass the message on unmodified,
7722 which violates the protocol,
7724 to add a To: header with any recipients it can find in the envelope
7725 (which might expose Bcc: recipients),
7726 .b Add-Apparently-To
7727 to add an Apparently-To: header
7728 (this is only for back-compatibility
7729 and is officially deprecated),
7730 .b Add-To-Undisclosed
7732 .q "To: undisclosed-recipients:;"
7733 to make the header legal without disclosing anything,
7736 to add an empty Bcc: header.
7739 Assume that the headers may be in old format,
7741 spaces delimit names.
7742 This actually turns on
7743 an adaptive algorithm:
7744 if any recipient address contains a comma, parenthesis,
7746 it will be assumed that commas already exist.
7747 If this flag is not on,
7748 only commas delimit names.
7749 Headers are always output with commas between the names.
7751 .ip OperatorChars=\fIcharlist\fP
7753 The list of characters that are considered to be
7755 that is, characters that delimit tokens.
7756 All operator characters are tokens by themselves;
7757 sequences of non-operator characters are also tokens.
7758 White space characters separate tokens
7759 but are not tokens themselves \(em for example,
7761 has three tokens, but
7764 If not set, OperatorChars defaults to
7765 .q \&.\|:\|@\|[\|] ;
7766 additionally, the characters
7768 are always operators.
7769 Note that OperatorChars must be set in the
7770 configuration file before any rulesets.
7771 .ip PidFile=\fIfilename\fP
7773 Filename of the pid file.
7774 (default is _PATH_SENDMAILPID).
7777 is macro-expanded before it is opened, and unlinked when
7780 .ip PostmasterCopy=\fIpostmaster\fP
7783 copies of error messages will be sent to the named
7785 Only the header of the failed message is sent.
7786 Errors resulting from messages with a negative precedence will not be sent.
7787 Since most errors are user problems,
7788 this is probably not a good idea on large sites,
7789 and arguably contains all sorts of privacy violations,
7790 but it seems to be popular with certain operating systems vendors.
7791 The address is macro expanded
7792 at the time of delivery.
7793 Defaults to no postmaster copies.
7794 .ip PrivacyOptions=\fI\|opt,opt,...\fP
7798 ``Privacy'' is really a misnomer;
7799 many of these are just a way of insisting on stricter adherence
7800 to the SMTP protocol.
7803 can be selected from:
7805 .ta \w'noactualrecipient'u+3n
7806 public Allow open access
7807 needmailhelo Insist on HELO or EHLO command before MAIL
7808 needexpnhelo Insist on HELO or EHLO command before EXPN
7809 noexpn Disallow EXPN entirely, implies noverb.
7810 needvrfyhelo Insist on HELO or EHLO command before VRFY
7811 novrfy Disallow VRFY entirely
7812 noetrn Disallow ETRN entirely
7813 noverb Disallow VERB entirely
7814 restrictmailq Restrict mailq command
7815 restrictqrun Restrict \-q command line flag
7816 restrictexpand Restrict \-bv and \-v command line flags
7817 noreceipts Don't return success DSNs\**
7818 nobodyreturn Don't return the body of a message with DSNs
7819 goaway Disallow essentially all SMTP status queries
7820 authwarnings Put X-Authentication-Warning: headers in messages
7822 noactualrecipient Don't put X-Actual-Recipient lines in DSNs
7823 which reveal the actual account that addresses map to.
7829 flag turns off support for RFC 1891
7830 (Delivery Status Notification).
7834 pseudo-flag sets all flags except
7842 If mailq is restricted,
7843 only people in the same group as the queue directory
7844 can print the queue.
7845 If queue runs are restricted,
7846 only root and the owner of the queue directory
7850 pseudo-flag instructs
7852 to drop privileges when the
7854 option is given by users who are neither root nor the TrustedUser
7855 so users cannot read private aliases, forwards, or :include: files.
7859 .q DontBlameSendmail
7860 option to prevent misleading unsafe address warnings.
7861 It also overrides the
7863 (verbose) command line option to prevent information leakage.
7864 Authentication Warnings add warnings about various conditions
7865 that may indicate attempts to spoof the mail system,
7866 such as using a non-standard queue directory.
7867 .ip ProcessTitlePrefix=\fIstring\fP
7869 Prefix the process title shown on 'ps' listings with
7873 will be macro processed.
7874 .ip QueueDirectory=\fIdir\fP
7876 The QueueDirectory option serves two purposes.
7877 First, it specifies the directory or set of directories that comprise
7878 the default queue group.
7879 Second, it specifies the directory D which is the ancestor of all queue
7880 directories, and which sendmail uses as its current working directory.
7881 When sendmail dumps core, it leaves its core files in D.
7882 There are two cases.
7883 If \fIdir\fR ends with an asterisk (eg, \fI/var/spool/mqueue/qd*\fR),
7884 then all of the directories or symbolic links to directories
7885 beginning with `qd' in
7886 .i /var/spool/mqueue
7887 will be used as queue directories of the default queue group,
7889 .i /var/spool/mqueue
7890 will be used as the working directory D.
7892 \fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR):
7893 the default queue group consists of the single queue directory \fIdir\fR,
7894 and the working directory D is set to \fIdir\fR.
7895 To define additional groups of queue directories,
7896 use the configuration file `Q' command.
7897 Do not change the queue directory structure
7898 while sendmail is running.
7899 .ip QueueFactor=\fIfactor\fP
7903 as the multiplier in the map function
7904 to decide when to just queue up jobs rather than run them.
7905 This value is divided by the difference between the current load average
7906 and the load average limit
7910 to determine the maximum message priority
7913 .ip QueueLA=\fILA\fP
7915 When the system load average exceeds
7921 option divided by the difference in the current load average and the
7924 is less than the priority of the message,
7926 (i.e., don't try to send them).
7927 Defaults to 8 multiplied by
7928 the number of processors online on the system
7929 (if that can be determined).
7930 .ip QueueFileMode=\fImode\fP
7932 Default permissions for queue files (octal).
7933 If not set, sendmail uses 0600 unless its real
7934 and effective uid are different in which case it uses 0644.
7935 .ip QueueSortOrder=\fIalgorithm\fP
7939 used for sorting the queue.
7940 Only the first character of the value is used.
7943 (to order by the name of the first host name of the first recipient),
7945 (to order by the name of the queue file name),
7947 (to order by the submission/creation time),
7949 (to order randomly),
7951 (to order by the modification time of the qf file (older entries first)),
7956 (to order by message priority).
7957 Host ordering makes better use of the connection cache,
7958 but may tend to process low priority messages
7959 that go to a single host
7960 over high priority messages that go to several hosts;
7961 it probably shouldn't be used on slow network links.
7962 Filename and modification time ordering saves the overhead of
7963 reading all of the queued items
7964 before starting the queue run.
7965 Creation (submission) time ordering is almost always a bad idea,
7966 since it allows large, bulk mail to go out
7967 before smaller, personal mail,
7968 but may have applicability on some hosts with very fast connections.
7969 Random is useful if several queue runners are started by hand
7970 which try to drain the same queue since odds are they will be working
7971 on different parts of the queue at the same time.
7972 Priority ordering is the default.
7973 .ip QueueTimeout=\fItimeout\fP
7976 .q Timeout.queuereturn .
7977 Use that form instead of the
7982 Name of file containing random data or the name of the UNIX socket
7984 A (required) prefix "egd:" or "file:" specifies the type.
7985 STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set
7986 (see sendmail/README).
7987 .ip ResolverOptions=\fIoptions\fP
7989 Set resolver options.
7990 Values can be set using
8016 can be specified to turn off matching against MX records
8017 when doing name canonifications.
8019 .q WorkAroundBrokenAAAA
8024 can be specified to work around some broken nameservers
8025 which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.
8026 Notice: it might be necessary to apply the same (or similar) options to
8029 .ip RequiresDirfsync
8031 This option can be used to override the compile time flag
8032 .b REQUIRES_DIR_FSYNC
8033 at runtime by setting it to
8035 If the compile time flag is not set, the option is ignored.
8036 The flag turns on support for file systems that require to call
8038 for a directory if the meta-data in it has been changed.
8039 This should be turned on at least for older versions of ReiserFS;
8040 it is enabled by default for Linux.
8041 According to some information this flag is not needed
8042 anymore for kernel 2.4.16 and newer.
8045 If this option is set, a
8046 .q Return-Receipt-To:
8047 header causes the request of a DSN, which is sent to
8048 the envelope sender as required by RFC 1891,
8049 not to the address given in the header.
8050 .ip RunAsUser=\fIuser\fP
8054 parameter may be a user name
8057 or a numeric user id;
8058 either form can have
8061 (where group can be numeric or symbolic).
8062 If set to a non-zero (non-root) value,
8064 will change to this user id shortly after startup\**.
8066 \**When running as a daemon,
8067 it changes to this user after accepting a connection
8068 but before reading any
8072 This avoids a certain class of security problems.
8073 However, this means that all
8077 files must be readable by the indicated
8079 and all files to be written must be writable by
8081 Also, all file and program deliveries will be marked unsafe
8083 .b DontBlameSendmail=NonRootSafeAddr
8085 in which case the delivery will be done as
8087 It is also incompatible with the
8088 .b SafeFileEnvironment
8090 In other words, it may not actually add much to security on an average system,
8091 and may in fact detract from security
8092 (because other file permissions must be loosened).
8093 However, it should be useful on firewalls and other
8094 places where users don't have accounts and the aliases file is
8096 .ip RecipientFactor=\fIfact\fP
8100 is added to the priority (thus
8102 the priority of the job)
8104 i.e., this value penalizes jobs with large numbers of recipients.
8106 .ip RefuseLA=\fILA\fP
8108 When the system load average exceeds
8110 refuse incoming SMTP connections.
8111 Defaults to 12 multiplied by
8112 the number of processors online on the system
8113 (if that can be determined).
8114 .ip RejectLogInterval=\fItimeout\fP
8116 Log interval when refusing connections for this long
8118 .ip RetryFactor=\fIfact\fP
8122 is added to the priority
8123 every time a job is processed.
8125 each time a job is processed,
8126 its priority will be decreased by the indicated value.
8127 In most environments this should be positive,
8128 since hosts that are down are all too often down for a long time.
8130 .ip SafeFileEnvironment=\fIdir\fP
8132 If this option is set,
8136 call into the indicated
8138 before doing any file writes.
8139 If the file name specified by the user begins with
8141 that partial path name will be stripped off before writing,
8143 if the SafeFileEnvironment variable is set to
8149 actually indicate the same file.
8150 Additionally, if this option is set,
8152 refuses to deliver to symbolic links.
8158 lines at the front of headers.
8159 Normally they are assumed redundant
8163 If set, send error messages in MIME format
8164 (see RFC 2045 and RFC 1344 for details).
8167 will not return the DSN keyword in response to an EHLO
8168 and will not do Delivery Status Notification processing as described in
8172 File containing the certificate of the server, i.e., this certificate
8173 is used when sendmail acts as server
8174 (used for STARTTLS).
8177 File containing the private key belonging to the server certificate
8178 (used for STARTTLS).
8179 .ip ServerSSLOptions
8180 A space or comma separated list of SSL related options for the server side.
8182 .i SSL_CTX_set_options (3)
8184 the available values depend on the OpenSSL version against which
8189 .i -SSL_OP_TLSEXT_PADDING
8191 (if those options are available).
8192 Options can be cleared by preceeding them with a minus sign.
8193 It is also possible to specify numerical values, e.g.,
8195 .ip ServiceSwitchFile=\fIfilename\fP
8197 If your host operating system has a service switch abstraction
8198 (e.g., /etc/nsswitch.conf on Solaris
8199 or /etc/svc.conf on Ultrix and DEC OSF/1)
8200 that service will be consulted and this option is ignored.
8201 Otherwise, this is the name of a file
8202 that provides the list of methods used to implement particular services.
8203 The syntax is a series of lines,
8204 each of which is a sequence of words.
8205 The first word is the service name,
8206 and following words are service types.
8209 consults directly are
8213 Service types can be
8219 (with the caveat that the appropriate support
8221 before the service can be referenced).
8222 If ServiceSwitchFile is not specified, it defaults to
8223 /etc/mail/service.switch.
8224 If that file does not exist, the default switch is:
8230 .q /etc/mail/service.switch .
8233 Strip input to seven bits for compatibility with old systems.
8234 This shouldn't be necessary.
8237 Key to use for shared memory segment;
8238 if not set (or 0), shared memory will not be used.
8242 can select a key itself provided that also
8243 .b SharedMemoryKeyFile
8245 Requires support for shared memory to be compiled into
8247 If this option is set,
8249 can share some data between different instances.
8250 For example, the number of entries in a queue directory
8251 or the available space in a file system.
8252 This allows for more efficient program execution, since only
8253 one process needs to update the data instead of each individual
8254 process gathering the data each time it is required.
8255 .ip SharedMemoryKeyFile
8261 then the automatically selected shared memory key will be stored
8262 in the specified file.
8263 .ip SingleLineFromHeader
8265 If set, From: lines that have embedded newlines are unwrapped
8267 This is to get around a botch in Lotus Notes
8268 that apparently cannot understand legally wrapped RFC 822 headers.
8269 .ip SingleThreadDelivery
8271 If set, a client machine will never try to open two SMTP connections
8272 to a single server machine at the same time,
8273 even in different processes.
8276 is already talking to some host a new
8278 will not open another connection.
8279 This property is of mixed value;
8280 although this reduces the load on the other machine,
8281 it can cause mail to be delayed
8282 (for example, if one
8284 is delivering a huge message, other
8286 won't be able to send even small messages).
8287 Also, it requires another file descriptor
8289 per connection, so you may have to reduce the
8290 .b ConnectionCacheSize
8291 option to avoid running out of per-process file descriptors.
8293 .b HostStatusDirectory
8295 .ip SmtpGreetingMessage=\fImessage\fP
8297 The message printed when the SMTP server starts up.
8299 .q "$j Sendmail $v ready at $b".
8301 If set, issue temporary errors (4xy) instead of permanent errors (5xy).
8302 This can be useful during testing of a new configuration to avoid
8303 erroneous bouncing of mails.
8304 .ip StatusFile=\fIfile\fP
8306 Log summary statistics in the named
8308 If no file name is specified, "statistics" is used.
8310 no summary statistics are saved.
8311 This file does not grow in size.
8312 It can be printed using the
8317 This option can be set to True, False, Interactive, or PostMilter.
8320 will be super-safe when running things,
8321 i.e., always instantiate the queue file,
8322 even if you are going to attempt immediate delivery.
8324 always instantiates the queue file
8325 before returning control to the client
8326 under any circumstances.
8330 The Interactive value has been introduced in 8.12 and can
8331 be used together with
8333 It skips some synchronization calls which are effectively
8334 doubled in the code execution path for this mode.
8335 If set to PostMilter,
8337 defers synchronizing the queue file until any milters have
8338 signaled acceptance of the message.
8339 PostMilter is useful only when
8341 is running as an SMTP server; in all other situations it
8342 acts the same as True.
8345 List of options for SMTP STARTTLS for the server
8346 consisting of single characters
8347 with intervening white space or commas.
8348 The flag ``V'' disables client verification, and hence
8349 it is not possible to use a client certificate for relaying.
8350 The flag ``C'' removes the requirement for the TLS server
8352 This only works under very specific circumstances
8353 and should only be used if the consequences are understood,
8354 e.g., clients may not work with a server using this.
8355 .ip TempFileMode=\fImode\fP
8357 The file mode for transcript files, files to which
8359 delivers directly, files in the
8360 .b HostStatusDirectory ,
8363 It is interpreted in octal by default.
8365 .ip Timeout.\fItype\fP=\|\fItimeout\fP
8366 [r; subsumes old T option as well]
8368 For more information,
8372 .ip TimeZoneSpec=\fItzinfo\fP
8374 Set the local time zone info to
8378 Actually, if this is not set,
8379 the TZ environment variable is cleared (so the system default is used);
8380 if set but null, the user's TZ variable is used,
8381 and if set and non-null the TZ variable is set to this value.
8382 .ip TrustedUser=\fIuser\fP
8386 parameter may be a user name
8389 or a numeric user id.
8390 Trusted user for file ownership and starting the daemon. If set, generated
8391 alias databases and the control socket (if configured) will automatically
8392 be owned by this user.
8395 If this system is the
8397 (that is, lowest preference)
8398 MX for a given host,
8399 its configuration rules should normally detect this situation
8400 and treat that condition specially
8401 by forwarding the mail to a UUCP feed,
8402 treating it as local,
8404 However, in some cases (such as Internet firewalls)
8405 you may want to try to connect directly to that host
8406 as though it had no MX records at all.
8407 Setting this option causes
8410 The downside is that errors in your configuration
8411 are likely to be diagnosed as
8414 .q "message timed out"
8415 instead of something more meaningful.
8416 This option is disrecommended.
8417 .ip UnixFromLine=\fIfromline\fP
8419 Defines the format used when
8421 must add a UNIX-style From_ line
8422 (that is, a line beginning
8423 .q From<space>user ).
8426 Don't change this unless your system uses a different UNIX mailbox format
8428 .ip UnsafeGroupWrites
8431 :include: and .forward files that are group writable are considered
8434 they cannot reference programs or write directly to files.
8435 World writable :include: and .forward files
8438 .b DontBlameSendmail
8439 instead; this option is deprecated.
8440 .ip UseCompressedIPv6Addresses
8442 If set, the compressed format of IPv6 addresses,
8443 such as IPV6:::1, will be used,
8444 instead of the uncompressed format,
8445 such as IPv6:0:0:0:0:0:0:0:1.
8450 header, send error messages to the addresses listed there.
8451 They normally go to the envelope sender.
8452 Use of this option causes
8454 to violate RFC 1123.
8455 This option is disrecommended and deprecated.
8456 .ip UserDatabaseSpec=\fIudbspec\fP
8458 The user database specification.
8461 Run in verbose mode.
8472 so that all mail is delivered completely
8474 so that you can see the entire delivery process.
8479 be set in the configuration file;
8480 it is intended for command line use only.
8481 Note that the use of option
8483 can cause authentication information to leak, if you use a
8484 sendmail client to authenticate to a server.
8485 If the authentication mechanism uses plain text passwords
8486 (as with LOGIN or PLAIN),
8487 then the password could be compromised.
8488 To avoid this, do not install sendmail set-user-ID root,
8491 SMTP command with a suitable
8494 .ip XscriptFileBufferSize=\fIthreshold\fP
8499 before a memory-based
8500 queue transcript file
8502 The default is 4096 bytes.
8504 All options can be specified on the command line using the
8508 to relinquish its set-user-ID permissions.
8509 The options that will not cause this are
8513 CheckpointInterval [C],
8520 OldStyleHeaders [o],
8531 SingleLineFromHeader,
8534 Actually, PrivacyOptions [p] given on the command line
8535 are added to those already specified in the
8537 file, i.e., they can't be reset.
8538 Also, M (define macro) when defining the r or s macros
8541 .sh 2 "P \*- Precedence Definitions"
8545 field may be defined using the
8548 The syntax of this field is:
8550 \fBP\fP\fIname\fP\fB=\fP\fInum\fP
8557 the message class is set to
8559 Higher numbers mean higher precedence.
8560 Numbers less than zero
8561 have the special property
8562 that if an error occurs during processing
8563 the body of the message will not be returned;
8564 this is expected to be used for
8566 mail such as through mailing lists.
8567 The default precedence is zero.
8569 our list of precedences is:
8572 Pspecial-delivery=100
8577 People writing mailing list exploders
8578 are encouraged to use
8579 .q "Precedence: list" .
8582 (which discarded all error returns for negative precedences)
8583 didn't recognize this name, giving it a default precedence of zero.
8584 This allows list maintainers to see error returns
8585 on both old and new versions of
8587 .sh 2 "V \*- Configuration Version Level"
8589 To provide compatibility with old configuration files,
8592 line has been added to define some very basic semantics
8593 of the configuration file.
8594 These are not intended to be long term supports;
8595 rather, they describe compatibility features
8596 which will probably be removed in future releases.
8602 to do with the version
8607 version 10 config files
8608 (specifically, 8.10)
8609 used version level 9 configurations.
8612 configuration files are defined as version level one.
8613 Version level two files make the following changes:
8615 Host name canonification ($[ ... $])
8616 appends a dot if the name is recognized;
8617 this gives the config file a way of finding out if anything matched.
8618 (Actually, this just initializes the
8622 flag \*- you can reset it to anything you prefer
8623 by declaring the map explicitly.)
8625 Default host name extension is consistent throughout processing;
8626 version level one configurations turned off domain extension
8627 (that is, adding the local domain name)
8628 during certain points in processing.
8629 Version level two configurations are expected to include a trailing dot
8630 to indicate that the name is already canonical.
8632 Local names that are not aliases
8633 are passed through a new distinguished ruleset five;
8634 this can be used to append a local relay.
8635 This behavior can be prevented by resolving the local name
8636 with an initial `@'.
8637 That is, something that resolves to a local mailer and a user name of
8639 will be passed through ruleset five,
8642 will have the `@' stripped,
8643 will not be passed through ruleset five,
8644 but will otherwise be treated the same as the prior example.
8645 The expectation is that this might be used to implement a policy
8648 was handled by a central hub,
8651 was delivered directly.
8653 Version level three files
8654 allow # initiated comments on all lines.
8655 Exceptions are backslash escaped # marks
8658 Version level four configurations
8659 are completely equivalent to level three
8660 for historical reasons.
8662 Version level five configuration files
8663 change the default definition of
8665 to be just the first component of the hostname.
8667 Version level six configuration files
8668 change many of the local processing options
8669 (such as aliasing and matching the beginning of the address for
8672 this allows fine-grained control over the special local processing.
8673 Level six configuration files may also use long option names.
8676 option (to allow colons in the local-part of addresses)
8679 for lower numbered configuration files;
8680 the configuration file requires some additional intelligence
8681 to properly handle the RFC 822 group construct.
8683 Version level seven configuration files
8684 used new option names to replace old macros
8688 .b SmtpGreetingMessage ,
8696 Also, prior to version seven,
8699 flag (use 250 instead of 252 return value for
8704 Version level eight configuration files allow
8706 on the left hand side of ruleset lines.
8708 Version level nine configuration files allow
8709 parentheses in rulesets, i.e. they are not treated
8710 as comments and hence removed.
8712 Version level ten configuration files allow
8713 queue group definitions.
8717 line may have an optional
8720 to indicate that this configuration file uses modifications
8721 specific to a particular vendor\**.
8723 \**And of course, vendors are encouraged to add themselves
8724 to the list of recognized vendors by editing the routine
8728 Please send e-mail to sendmail@Sendmail.ORG
8729 to register your vendor dialect.
8733 to emphasize that this configuration file
8734 uses the Berkeley dialect of
8736 .sh 2 "K \*- Key File Declaration"
8738 Special maps can be defined using the line:
8740 Kmapname mapclass arguments
8744 is the handle by which this map is referenced in the rewriting rules.
8747 is the name of a type of map;
8748 these are compiled in to
8752 are interpreted depending on the class;
8754 there would be a single argument naming the file containing the map.
8756 Maps are referenced using the syntax:
8758 $( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $)
8760 where either or both of the
8764 portion may be omitted.
8767 may appear more than once.
8772 are passed to the appropriate mapping function.
8773 If it returns a value, it replaces the input.
8774 If it does not return a value and the
8779 Otherwise, the input is unchanged.
8783 are passed to the map for arbitrary use.
8784 Most map classes can interpolate these arguments
8785 into their values using the syntax
8790 to indicate the corresponding
8794 indicates the database key.
8795 For example, the rule
8798 R$\- ! $+ $: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $)
8800 Looks up the UUCP name in a (user defined) UUCP map;
8801 if not found it turns it into
8804 The database might contain records like:
8806 decvax %1@%0.DEC.COM
8807 research %1@%0.ATT.COM
8811 clauses never do this mapping.
8813 The built-in map with both name and class
8815 is the host name canonicalization lookup.
8819 $(host \fIhostname\fP$)
8826 There are many defined classes.
8828 Database lookups using the ndbm(3) library.
8830 must be compiled with
8834 Database lookups using the btree interface to the Berkeley DB
8837 must be compiled with
8841 Database lookups using the hash interface to the Berkeley DB
8844 must be compiled with
8850 must be compiled with
8856 must be compiled with
8859 The argument is the name of the table to use for lookups,
8864 flags may be used to set the key and value columns respectively.
8868 must be compiled with
8872 LDAP X500 directory lookups.
8874 must be compiled with
8877 The map supports most of the standard arguments
8878 and most of the command line arguments of the
8883 if a single query matches multiple values,
8884 only the first value will be returned
8891 map flag will treat a multiple value return
8892 as if there were no matches.
8894 NeXT NetInfo lookups.
8896 must be compiled with
8901 The format of the text file is defined by the
8905 (value field number),
8912 Contributed and supported by
8913 Mark Roth, roth@uiuc.edu.
8914 For more information,
8915 consult the web site
8916 .q http://www-dev.cites.uiuc.edu/sendmail/ .
8918 nsd map for IRIX 6.5 and later.
8919 Contributed and supported by Bob Mende of SGI,
8922 Internal symbol table lookups.
8923 Used internally for aliasing.
8925 Really should be called
8927 \(em this is used to get the default lookups
8929 and is the default if no class is specified for alias files.
8931 Looks up users using
8935 flag can be used to specify the name of the field to return
8936 (although this is normally used only to check the existence
8939 Canonifies host domain names.
8940 Given a host name it calls the name server
8941 to find the canonical name for that host.
8943 Returns the best MX record for a host name given as the key.
8944 The current machine is always preferred \*-
8945 that is, if the current machine is one of the hosts listed as a
8946 lowest-preference MX record, then it will be guaranteed to be returned.
8947 This can be used to find out if this machine is the target for an MX record,
8948 and mail can be accepted on that basis.
8951 flag is given, then all MX names are returned,
8952 separated by the given delimiter.
8954 This map requires the option -R to specify the DNS resource record
8955 type to lookup. The following types are supported:
8956 A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
8957 A map lookup will return only one record.
8958 Hence for some types, e.g., MX records, the return value might be a random
8959 element of the list due to randomizing in the DNS resolver.
8961 Returns the ``reverse'' for the given IP (IPv4 or IPv6) address,
8962 i.e., the string for the PTR lookup,
8963 but without trailing
8967 For example, the following configuration lines:
8973 work like this in test mode:
8976 ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
8977 Enter <ruleset> <address>
8978 > Arpa IPv6:1:2:dead:beef:9876:0:0:1
8979 Arpa input: IPv6 : 1 : 2 : dead : beef : 9876 : 0 : 0 : 1
8980 Arpa returns: 1 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 6 . 7 . 8 . 9 . f . e . e . b . d . a . e . d . 2 . 0 . 0 . 0 . 1 . 0 . 0 . 0
8982 Arpa input: 1 . 2 . 3 . 4
8983 Arpa returns: 4 . 3 . 2 . 1
8986 The arguments on the `K' line are a list of maps;
8987 the resulting map searches the argument maps in order
8988 until it finds a match for the indicated key.
8989 For example, if the key definition is:
8993 Kseqmap sequence map1 map2
8995 then a lookup against
8997 first does a lookup in map1.
8998 If that is found, it returns immediately.
8999 Otherwise, the same key is used for map2.
9001 the key is logged via
9003 The lookup returns the empty string.
9007 map except that the order of maps is determined by the service switch.
9008 The argument is the name of the service to be looked up;
9009 the values from the service switch are appended to the map name
9010 to create new map names.
9011 For example, consider the key definition:
9015 together with the service switch entry:
9019 This causes a query against the map
9021 to search maps named
9027 Strip double quotes (") from a name.
9028 It does not strip backslashes,
9029 and will not strip quotes if the resulting string
9030 would contain unscannable syntax
9031 (that is, basic errors like unbalanced angle brackets;
9032 more sophisticated errors such as unknown hosts are not checked).
9033 The intent is for use when trying to accept mail from systems such as
9035 that routinely quote odd syntax such as
9039 A typical usage is probably something like:
9045 R$\- $: $(dequote $1 $)
9046 R$\- $+ $: $>3 $1 $2
9048 Care must be taken to prevent unexpected results;
9051 "|someprogram < input > output"
9053 will have quotes stripped,
9054 but the result is probably not what you had in mind.
9055 Fortunately these cases are rare.
9057 The map definition on the
9059 line contains a regular expression.
9060 Any key input is compared to that expression using the
9061 POSIX regular expressions routines regcomp(), regerr(), and regexec().
9062 Refer to the documentation for those routines for more information
9063 about the regular expression matching.
9064 No rewriting of the key is done if the
9066 flag is used. Without it, the key is discarded or if
9068 if used, it is substituted by the substring matches, delimited by
9070 or the string specified with the the
9072 flag. The flags available for the map are
9077 -b basic regular expressions (default is extended)
9079 -d set the delimiter used for -s
9080 -a append string to key
9081 -m match only, do not replace/discard value
9082 -D perform no lookup in deferred delivery mode.
9086 flag can include an optional parameter which can be used
9087 to select the substrings in the result of the lookup. For example,
9096 If the pattern contains spaces, they must be replaced
9097 with the blank substitution character, unless it is
9100 The arguments on the
9102 line are the pathname to a program and any initial parameters to be passed.
9103 When the map is called,
9104 the key is added to the initial parameters
9105 and the program is invoked
9106 as the default user/group id.
9107 The first line of standard output is returned as the value of the lookup.
9108 This has many potential security problems,
9109 and has terrible performance;
9110 it should be used only when absolutely necessary.
9112 Set or clear a macro value.
9114 pass the value as the first argument in the map lookup.
9116 do not pass an argument in the map lookup.
9117 The map always returns the empty string.
9118 Example of typical usage include:
9124 # set macro ${MyMacro} to the ruleset match
9125 R$+ $: $(storage {MyMacro} $@ $1 $) $1
9126 # set macro ${MyMacro} to an empty string
9127 R$* $: $(storage {MyMacro} $@ $) $1
9128 # clear macro ${MyMacro}
9129 R$\- $: $(storage {MyMacro} $) $1
9132 Perform simple arithmetic operations.
9133 The operation is given as key, currently
9135 |, & (bitwise OR, AND),
9136 l (for less than), =,
9137 and r (for random) are supported.
9138 The two operands are given as arguments.
9139 The lookup returns the result of the computation,
9144 for comparisons, integer values otherwise.
9145 The r operator returns a pseudo-random number whose value
9146 lies between the first and second operand
9147 (which requires that the first operand is smaller than the second).
9148 All options which are possible for maps are ignored.
9149 A simple example is:
9156 R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1
9157 RFALSE $# error \&...
9160 The socket map uses a simple request/reply protocol over TCP or UNIX domain
9161 sockets to query an external server.
9162 Both requests and replies are text based and encoded as netstrings,
9163 i.e., a string "hello there" becomes:
9167 Note: neither requests nor replies end with CRLF.
9169 The request consists of the database map name and the lookup key separated
9170 by a space character:
9176 The server responds with a status indicator and the result (if any):
9179 <status> ' ' <result>
9182 The status indicator specifies the result of the lookup operation itself
9183 and is one of the following upper case words:
9186 OK the key was found, result contains the looked up value
9187 NOTFOUND the key was not found, the result is empty
9188 TEMP a temporary failure occured
9189 TIMEOUT a timeout occured on the server side
9190 PERM a permanent failure occured
9193 In case of errors (status TEMP, TIMEOUT or PERM) the result field may
9194 contain an explanatory message.
9195 However, the explanatory message is not used any further by
9200 31:OK resolved.address@example.com,
9204 56:OK error:550 5.7.1 User does not accept mail from sender,
9207 in case of successful lookups, or:
9212 in case the key was not found, or:
9214 55:TEMP this text explains that we had a temporary failure,
9217 in case of a temporary map lookup failure.
9219 The socket map uses the same syntax as milters
9220 (see Section "X \*- Mail Filter (Milter) Definitions")
9221 to specify the remote endpoint, e.g.,
9223 Ksocket mySocketMap inet:12345@127.0.0.1
9226 If multiple socket maps define the same remote endpoint, they will share
9227 a single connection to this endpoint.
9229 Most of these accept as arguments the same optional flags
9231 (or a mapname for NIS;
9232 the filename is the root of the database path,
9235 or some other extension appropriate for the database type
9236 will be added to get the actual database name).
9239 Indicates that this map is optional \*- that is,
9240 if it cannot be opened,
9241 no error is produced,
9244 will behave as if the map existed but was empty.
9252 uses an adaptive algorithm to decide whether or not to look for null bytes
9254 It starts by trying both;
9255 if it finds any key with a null byte it never tries again without a null byte
9259 is specified it never tries without a null byte and
9262 is specified it never tries with a null byte.
9264 these can speed matches but are never necessary.
9271 will never try any matches at all \(em
9272 that is, everything will appear to fail.
9276 on successful matches.
9277 For example, the default
9279 map appends a dot on successful matches.
9283 on temporary failures.
9286 would be appended if a DNS lookup returned
9288 or an NIS lookup could not locate a server.
9293 Do not fold upper to lower case before looking up the key.
9295 Match only (without replacing the value).
9296 If you only care about the existence of a key and not the value
9297 (as you might when searching the NIS map
9300 this flag prevents the map from substituting the value.
9302 The \-a argument is still appended on a match,
9303 and the default is still taken if the match fails.
9304 .ip "\-k\fIkeycol\fP"
9305 The key column name (for NIS+) or number
9307 For LDAP maps this is an LDAP filter string
9308 in which %s is replaced with the literal contents of the lookup key
9309 and %0 is replaced with the LDAP escaped contents of the lookup key
9310 according to RFC 2254.
9313 is used, then %1 through %9 are replaced with the LDAP escaped contents
9314 of the arguments specified in the map lookup.
9315 .ip "\-v\fIvalcol\fP"
9316 The value column name (for NIS+) or number
9318 For LDAP maps this is the name of one or more
9319 attributes to be returned;
9320 multiple attributes can be separated by commas.
9321 If not specified, all attributes found in the match
9323 The attributes listed can also include a type and one or more
9324 objectClass values for matching as described in the LDAP section.
9325 .ip "\-z\fIdelim\fP"
9326 The column delimiter (for text lookups).
9327 It can be a single character or one of the special strings
9331 to indicate newline or tab respectively.
9332 If omitted entirely,
9333 the column separator is any sequence of white space.
9334 For LDAP maps this is the separator character
9335 to combine multiple values
9336 into a single return string.
9338 the LDAP lookup will only return the first match found.
9339 For DNS maps this is the separator character at which
9340 the result of a query is cut off if is too long.
9342 Normally, when a map attempts to do a lookup
9343 and the server fails
9346 couldn't contact any name server;
9349 the same as an entry not being found in the map),
9350 the message being processed is queued for future processing.
9353 flag turns off this behavior,
9354 letting the temporary failure (server down)
9355 act as though it were a permanent failure (entry not found).
9356 It is particularly useful for DNS lookups,
9357 where someone else's misconfigured name server can cause problems
9359 However, care must be taken to ensure that you don't bounce mail
9360 that would be resolved correctly if you tried again.
9361 A common strategy is to forward such mail
9362 to another, possibly better connected, mail server.
9364 Perform no lookup in deferred delivery mode.
9365 This flag is set by default for the
9368 .ip "\-S\fIspacesub\fP
9369 The character to use to replace space characters
9370 after a successful map lookup (esp. useful for regex
9372 .ip "\-s\fIspacesub\fP
9373 For the dequote map only,
9374 the character to use to replace space characters
9375 after a successful dequote.
9377 Don't dequote the key before lookup.
9379 For the syslog map only, it specifies the level
9380 to use for the syslog call.
9382 When rebuilding an alias file,
9385 flag causes duplicate entries in the text version
9387 For example, two entries:
9392 would be treated as though it were the single entry
9394 list: user1, user2, user3
9396 in the presence of the
9400 Some additional flags are available for the host and dns maps:
9402 delay: specify the resolver's retransmission time interval (in seconds).
9404 retry: specify the number of times to retransmit a resolver query.
9406 The dns map has another flag:
9408 basedomain: specify a domain that is always appended to queries.
9410 Socket maps have an optional flag:
9412 timeout: specify the timeout (in seconds) for communication
9413 with the socket map server.
9415 The following additional flags are present in the ldap map only:
9417 Do not auto chase referrals. sendmail must be compiled with
9418 .b \-DLDAP_REFERRALS
9421 Retrieve attribute names only.
9423 Retrieve both attributes name and value(s),
9426 .ip "\-r\fIderef\fP"
9427 Set the alias dereference option to one of never, always, search, or find.
9428 .ip "\-s\fIscope\fP"
9429 Set search scope to one of base, one (one level), or sub (subtree).
9431 LDAP server hostname.
9432 Some LDAP libraries allow you to specify multiple, space-separated hosts for
9434 In addition, each of the hosts listed can be followed by a colon and a port
9435 number to override the default LDAP port.
9438 .ip "\-H \fILDAPURI\fP"
9439 Use the specified LDAP URI instead of specifying the hostname and port
9440 separately with the the
9444 options shown above.
9447 -h server.example.com -p 389 -b dc=example,dc=com
9451 -H ldap://server.example.com:389 -b dc=example,dc=com
9453 If the LDAP library supports it,
9454 the LDAP URI format however can also request LDAP over SSL by using
9460 O LDAPDefaultSpec=-H ldaps://ldap.example.com -b dc=example,dc=com
9462 Similarly, if the LDAP library supports it,
9463 It can also be used to specify a UNIX domain socket using
9466 O LDAPDefaultSpec=-H ldapi://socketfile -b dc=example,dc=com
9470 .ip "\-l\fItimelimit\fP"
9471 Time limit for LDAP queries.
9472 .ip "\-Z\fIsizelimit\fP"
9473 Size (number of matches) limit for LDAP or DNS queries.
9474 .ip "\-d\fIdistinguished_name\fP"
9475 The distinguished name to use to login to the LDAP server.
9476 .ip "\-M\fImethod\fP"
9477 The method to authenticate to the LDAP server.
9480 .b LDAP_AUTH_SIMPLE ,
9482 .b LDAP_AUTH_KRBV4 .
9483 .ip "\-P\fIpasswordfile\fP"
9484 The file containing the secret key for the
9486 authentication method
9487 or the name of the Kerberos ticket file for
9488 .b LDAP_AUTH_KRBV4 .
9490 Force LDAP searches to only succeed if a single match is found.
9491 If multiple values are found,
9492 the search is treated as if no match was found.
9493 .ip "\-w\fIversion\fP"
9494 Set the LDAP API/protocol version to use.
9495 The default depends on the LDAP client libraries in use.
9500 to use LDAPv3 when communicating with the LDAP server.
9502 Treat the LDAP search key as multi-argument and
9503 replace %1 through %9 in the key with
9504 the LDAP escaped contents of the lookup arguments specified in the map lookup.
9508 map appends the strings
9512 to the given filename;
9519 For example, the map specification
9521 Kuucp dbm \-o \-N /etc/mail/uucpmap
9523 specifies an optional map named
9527 it always has null bytes at the end of every string,
9528 and the data is located in
9529 /etc/mail/uucpmap.{dir,pag}.
9533 can be used to build any of the three database-oriented maps.
9534 It takes the following flags:
9536 Do not fold upper to lower case in the map.
9538 Include null bytes in keys.
9540 Append to an existing (old) file.
9542 Allow replacement of existing keys;
9543 normally, re-inserting an existing key is an error.
9545 Print what is happening.
9549 daemon does not have to be restarted to read the new maps
9550 as long as you change them in place;
9551 file locking is used so that the maps won't be read
9552 while they are being updated.
9554 New classes can be added in the routine
9558 .sh 2 "Q \*- Queue Group Declaration"
9560 In addition to the option
9562 queue groups can be declared that define a (group of) queue directories
9563 under a common name.
9564 The syntax is as follows:
9574 is the symbolic name of the queue group under which
9575 it can be referenced in various places
9578 pairs define attributes of the queue group.
9579 The name must only consist of alphanumeric characters.
9582 Flags for this queue group.
9584 The nice(2) increment for the queue group.
9585 This value must be greater or equal zero.
9587 The time between two queue runs.
9589 The queue directory of the group (required).
9591 The number of parallel runners processing the queue.
9594 must be set if this value is greater than one.
9596 The maximum number of jobs (messages delivered) per queue run.
9598 The maximum number of recipients per envelope.
9599 Envelopes with more than this number of recipients will be split
9600 into multiple envelopes in the same queue directory.
9601 The default value 0 means no limit.
9603 Only the first character of the field name is checked.
9605 By default, a queue group named
9607 is defined that uses the value of the
9610 Notice: all paths that are used for queue groups must
9611 be subdirectories of
9613 Since they can be symbolic links, this isn't a real restriction,
9616 uses a wildcard, then the directory one level up is considered
9617 the ``base'' directory which all other queue directories must share.
9618 Please make sure that the queue directories do not overlap,
9619 e.g., do not specify
9621 O QueueDirectory=/var/spool/mqueue/*
9622 Qone, P=/var/spool/mqueue/dir1
9623 Qtwo, P=/var/spool/mqueue/dir2
9625 because this also includes
9629 in the default queue group.
9632 O QueueDirectory=/var/spool/mqueue/main*
9633 Qone, P=/var/spool/mqueue/dir
9634 Qtwo, P=/var/spool/mqueue/other*
9636 is a valid queue group specification.
9638 Options listed in the ``Flags'' field can be used to modify
9639 the behavior of a queue group.
9640 The ``f'' flag must be set if multiple queue runners are
9641 supposed to work on the entries in a queue group.
9644 will work on the entries strictly sequentially.
9646 The ``Interval'' field sets the time between queue runs.
9647 If no queue group specific interval is set, then the parameter of the
9649 option from the command line is used.
9651 To control the overall number of concurrently active queue runners
9655 This limits the number of processes used for running the queues to
9656 .b MaxQueueChildren ,
9657 though at any one time fewer processes may be active
9658 as a result of queue options, completed queue runs, system load, etc.
9660 The maximum number of queue runners for an individual queue group can be
9664 If set to 0, entries in the queue will not be processed, which
9665 is useful to ``quarantine'' queue files.
9666 The number of runners per queue group may also be set with the option
9667 .b MaxRunnersPerQueue ,
9668 which applies to queue groups that have no individual limit.
9669 That is, the default value for
9672 .b MaxRunnersPerQueue
9673 if set, otherwise 1.
9675 The field Jobs describes the maximum number of jobs
9676 (messages delivered) per queue run, which is the queue group specific
9678 .b MaxQueueRunSize .
9680 Notice: queue groups should be declared after all queue related options
9681 have been set because queue groups take their defaults from those options.
9682 If an option is set after a queue group declaration, the values of
9683 options in the queue group are set to the defaults of
9685 unless explicitly set in the declaration.
9687 Each envelope is assigned to a queue group based on the algorithm
9688 described in section
9689 ``Queue Groups and Queue Directories''.
9690 .sh 2 "X \*- Mail Filter (Milter) Definitions"
9694 Mail Filter API (Milter) is designed to allow third-party programs access
9695 to mail messages as they are being processed in order to filter
9696 meta-information and content.
9697 They are declared in the configuration file as:
9707 is the name of the filter
9708 (used internally only)
9711 pairs define attributes of the filter.
9712 Also see the documentation for the
9714 option for more information.
9719 Socket The socket specification
9720 Flags Special flags for this filter
9721 Timeouts Timeouts for this filter
9723 Only the first character of the field name is checked
9724 (it's case-sensitive).
9726 The socket specification is one of the following forms:
9749 The first two describe an IPv4 or IPv6 socket listening on a certain
9754 The final form describes a named socket on the filesystem at the given
9757 The following flags may be set in the filter description.
9760 Reject connection if filter unavailable.
9762 Temporary fail connection if filter unavailable.
9764 If neither F=R nor F=T is specified, the message is passed through
9766 in case of filter errors as if the failing filters were not present.
9768 The timeouts can be set using the four fields inside of the
9773 Timeout for connecting to a filter.
9774 If set to 0, the system's
9776 timeout will be used.
9778 Timeout for sending information from the MTA to a filter.
9780 Timeout for reading reply from the filter.
9782 Overall timeout between sending end-of-message to filter and waiting for
9783 the final acknowledgment.
9785 Note the separator between each timeout field is a
9787 The default values (if not set) are:
9788 .b T=C:5m;S:10s;R:10s;E:5m
9797 Xfilter1, S=local:/var/run/f1.sock, F=R
9798 Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m
9799 Xfilter3, S=inet:3333@localhost, T=C:2m
9801 .sh 2 "The User Database"
9803 The user database is deprecated in favor of ``virtusertable''
9804 and ``genericstable'' as explained in the file
9806 If you have a version of
9808 with the user database package
9810 the handling of sender and recipient addresses
9813 The location of this database is controlled with the
9816 .sh 3 "Structure of the user database"
9818 The database is a sorted (BTree-based) structure.
9819 User records are stored with the key:
9821 \fIuser-name\fP\fB:\fP\fIfield-name\fP
9823 The sorted database format ensures that user records are clustered together.
9824 Meta-information is always stored with a leading colon.
9826 Field names define both the syntax and semantics of the value.
9827 Defined fields include:
9830 The delivery address for this user.
9831 There may be multiple values of this record.
9833 mailing lists will have one
9835 record for each user on the list.
9837 The outgoing mailname for this user.
9838 For each outgoing name,
9839 there should be an appropriate
9841 record for that name to allow return mail.
9843 .i :default:mailname .
9845 Changes any mail sent to this address to have the indicated envelope sender.
9846 This is intended for mailing lists,
9847 and will normally be the name of an appropriate -request address.
9848 It is very similar to the owner-\c
9850 syntax in the alias file.
9852 The full name of the user.
9854 The office address for this user.
9856 The office phone number for this user.
9858 The office FAX number for this user.
9860 The home address for this user.
9862 The home phone number for this user.
9864 The home FAX number for this user.
9866 A (short) description of the project this person is affiliated with.
9867 In the University this is often just the name of their graduate advisor.
9869 A pointer to a file from which plan information can be gathered.
9872 only a few of these fields are actually being used by
9879 program that uses the other fields is planned.
9880 .sh 3 "User database semantics"
9882 When the rewriting rules submit an address to the local mailer,
9883 the user name is passed through the alias file.
9884 If no alias is found (or if the alias points back to the same address),
9888 is then used as a key in the user database.
9889 If no match occurs (or if the maildrop points at the same address),
9890 forwarding is tried.
9892 If the first token of the user name returned by ruleset 0
9895 sign, the user database lookup is skipped.
9896 The intent is that the user database will act as a set of defaults
9897 for a cluster (in our case, the Computer Science Division);
9898 mail sent to a specific machine should ignore these defaults.
9901 the name of the sending user is looked up in the database.
9905 the value of that record is used as their outgoing name.
9906 For example, I might have a record:
9908 eric:mailname Eric.Allman@CS.Berkeley.EDU
9910 This would cause my outgoing mail to be sent as Eric.Allman.
9914 is found for the user,
9915 but no corresponding
9919 .q :default:mailname
9921 If present, this is the name of a host to override the local host.
9922 For example, in our case we would set it to
9923 .q CS.Berkeley.EDU .
9924 The effect is that anyone known in the database
9925 gets their outgoing mail stamped as
9926 .q user@CS.Berkeley.EDU ,
9927 but people not listed in the database use the local hostname.
9928 .sh 3 "Creating the database\**"
9930 \**These instructions are known to be incomplete.
9931 Other features are available which provide similar functionality,
9932 e.g., virtual hosting and mapping local addresses into a
9933 generic form as explained in cf/README.
9936 The user database is built from a text file
9940 (in the distribution in the makemap subdirectory).
9941 The text file is a series of lines corresponding to userdb records;
9942 each line has a key and a value separated by white space.
9943 The key is always in the format described above \*-
9948 This file is normally installed in a system directory;
9949 for example, it might be called
9950 .i /etc/mail/userdb .
9951 To make the database version of the map, run the program:
9953 makemap btree /etc/mail/userdb < /etc/mail/userdb
9955 Then create a config file that uses this.
9956 For example, using the V8 M4 configuration, include the
9957 following line in your .mc file:
9959 define(\`confUSERDB_SPEC\', /etc/mail/userdb)
9961 .sh 1 "OTHER CONFIGURATION"
9963 There are some configuration changes that can be made by
9966 This section describes what changes can be made
9967 and what has to be modified to make them.
9968 In most cases this should be unnecessary
9969 unless you are porting
9971 to a new environment.
9972 .sh 2 "Parameters in devtools/OS/$oscf"
9974 These parameters are intended to describe the compilation environment,
9976 and should normally be defined in the operating system
9978 .b "This section needs a complete rewrite."
9981 the new version of the DBM library
9982 that allows multiple databases will be used.
9983 If neither NDBM nor NEWDB are set,
9984 a much less efficient method of alias lookup is used.
9986 If set, use the new database package from Berkeley (from 4.4BSD).
9987 This package is substantially faster than DBM or NDBM.
9988 If NEWDB and NDBM are both set,
9990 will read DBM files,
9991 but will create and use NEWDB files.
9993 Include support for NIS.
9994 If set together with
9998 will create both DBM and NEWDB files if and only if
9999 an alias file includes the substring
10002 This is intended for compatibility with Sun Microsystems'
10004 program used on YP masters.
10006 Compile in support for NIS+.
10008 Compile in support for NetInfo (NeXT stations).
10010 Compile in support for LDAP X500 queries.
10011 Requires libldap and liblber
10012 from the Umich LDAP 3.2 or 3.3 release
10013 or equivalent libraries for other LDAP libraries
10016 Compile in support for Hesiod.
10018 Compile in support for IRIX NSD lookups.
10020 Compile in support for regular expression matching.
10022 Compile in support for DNS map lookups in the
10026 Compile in support for ph lookups.
10028 Compile in support for SASL,
10029 a required component for SMTP Authentication support.
10031 Compile in support for STARTTLS.
10033 Compile in support for the "Entropy Gathering Daemon"
10034 to provide better random data for TLS.
10036 Compile in support for TCP Wrappers.
10037 .ip _PATH_SENDMAILCF
10038 The pathname of the sendmail.cf file.
10039 .ip _PATH_SENDMAILPID
10040 The pathname of the sendmail.pid file.
10042 Compile in support for shared memory, see section about
10043 "/var/spool/mqueue".
10045 Compile in support for contacting external mail filters built with the
10048 There are also several compilation flags to indicate the environment
10053 See the sendmail/README
10054 file for the latest scoop on these flags.
10055 .sh 3 "For Future Releases"
10058 often contains compile time options
10059 .i "For Future Releases"
10061 which might be enabled in a subsequent version
10062 or might simply be removed as they turned out not to be really useful.
10063 These features are usually not documented but if they are,
10064 then the required (FFR) compile
10065 time options are listed here for rulesets and macros,
10069 FFR compile times options must be enabled when the sendmail binary
10070 is built from source.
10071 Enabled FFRs in a binary can be listed with
10073 sendmail -d0.13 < /dev/null | grep FFR
10075 .sh 2 "Parameters in sendmail/conf.h"
10077 Parameters and compilation options
10078 are defined in conf.h.
10079 Most of these need not normally be tweaked;
10080 common parameters are all in sendmail.cf.
10081 However, the sizes of certain primitive vectors, etc.,
10082 are included in this file.
10083 The numbers following the parameters
10084 are their default value.
10086 This document is not the best source of information
10087 for compilation flags in conf.h \(em
10088 see sendmail/README or sendmail/conf.h itself.
10090 .ip "MAXLINE [2048]"
10091 The maximum line length of any input line.
10092 If message lines exceed this length
10093 they will still be processed correctly;
10094 however, header lines,
10095 configuration file lines,
10098 must fit within this limit.
10099 .ip "MAXNAME [256]"
10100 The maximum length of any name,
10101 such as a host or a user name.
10103 The maximum number of parameters to any mailer.
10104 This limits the number of recipients that may be passed in one transaction.
10105 It can be set to any arbitrary number above about 10,
10108 will break up a delivery into smaller batches as needed.
10109 A higher number may reduce load on your system, however.
10110 .ip "MAXQUEUEGROUPS [50]"
10111 The maximum number of queue groups.
10112 .ip "MAXATOM [1000]"
10113 The maximum number of atoms
10115 in a single address.
10118 .q "eric@CS.Berkeley.EDU"
10120 .ip "MAXMAILERS [25]"
10121 The maximum number of mailers that may be defined
10122 in the configuration file.
10123 This value is defined in include/sendmail/sendmail.h.
10124 .ip "MAXRWSETS [200]"
10125 The maximum number of rewriting sets
10126 that may be defined.
10127 The first half of these are reserved for numeric specification
10129 while the upper half are reserved for auto-numbering
10131 Thus, with a value of 200 an attempt to use ``S99'' will succeed,
10132 but ``S100'' will fail.
10133 .ip "MAXPRIORITIES [25]"
10134 The maximum number of values for the
10136 field that may be defined
10139 line in sendmail.cf).
10140 .ip "MAXUSERENVIRON [100]"
10141 The maximum number of items in the user environment
10142 that will be passed to subordinate mailers.
10143 .ip "MAXMXHOSTS [100]"
10144 The maximum number of MX records we will accept for any single host.
10145 .ip "MAXMAPSTACK [12]"
10146 The maximum number of maps that may be "stacked" in a
10149 .ip "MAXMIMEARGS [20]"
10150 The maximum number of arguments in a MIME Content-Type: header;
10151 additional arguments will be ignored.
10152 .ip "MAXMIMENESTING [20]"
10153 The maximum depth to which MIME messages may be nested
10154 (that is, nested Message or Multipart documents;
10155 this does not limit the number of components in a single Multipart document).
10156 .ip "MAXDAEMONS [10]"
10157 The maximum number of sockets sendmail will open for accepting connections
10158 on different ports.
10159 .ip "MAXMACNAMELEN [25]"
10160 The maximum length of a macro name.
10162 A number of other compilation options exist.
10163 These specify whether or not specific code should be compiled in.
10164 Ones marked with \(dg
10169 support for Internet protocol networking is compiled in.
10170 Previous versions of
10172 referred to this as
10174 this old usage is now incorrect.
10176 turn it off in the Makefile
10177 if your system doesn't support the Internet protocols.
10180 support for IPv6 networking is compiled in.
10181 It must be separately enabled by adding
10182 .b DaemonPortOptions
10186 support for ISO protocol networking is compiled in
10187 (it may be appropriate to #define this in the Makefile instead of conf.h).
10190 support for UNIX domain sockets is compiled in.
10191 This is used for control socket support.
10196 routine in use at some sites is used.
10197 This makes an informational log record
10198 for each message processed,
10199 and makes a higher priority log record
10200 for internal system errors.
10201 .b "STRONGLY RECOMMENDED"
10202 \(em if you want no logging, turn it off in the configuration file.
10204 Compile in the code to do ``fuzzy matching'' on the GECOS field
10206 This also requires that the
10208 option be turned on.
10210 Compile in code to use the
10211 Berkeley Internet Name Domain (BIND) server
10212 to resolve TCP/IP host names.
10214 If you are using a non-UNIX mail format,
10215 you can set this flag to turn off special processing
10222 Berkeley user information database package.
10223 This adds a new level of local name expansion
10224 between aliasing and forwarding.
10225 It also uses the NEWDB package.
10226 This may change in future releases.
10228 The following options are normally turned on
10229 in per-operating-system clauses in conf.h.
10231 Compile in the IDENT protocol as defined in RFC 1413.
10232 This defaults on for all systems except Ultrix,
10233 which apparently has the interesting
10235 that when it receives a
10236 .q "host unreachable"
10237 message it closes all open connections to that host.
10238 Since some firewall gateways send this error code
10239 when you access an unauthorized port (such as 113, used by IDENT),
10240 Ultrix cannot receive email from such hosts.
10242 Set all of the compilation parameters appropriate for System V.
10246 instead of System V
10248 to do file locking.
10249 Due to the highly unusual semantics of locks
10252 this should always be used if at all possible.
10254 Set this if your system has the
10257 (if you have multiple group support).
10258 This is the default if SYSTEM5 is
10260 defined or if you are on HPUX.
10262 Set this if you have the
10264 system call (or corresponding library routine).
10268 .ip HASGETDTABLESIZE
10269 Set this if you have the
10270 .i getdtablesize (2)
10273 Set this if you have the
10276 .ip FAST_PID_RECYCLE
10277 Set this if your system can possibly
10278 reuse the same pid in the same second of time.
10280 The mechanism that can be used to get file system capacity information.
10281 The values can be one of
10282 SFS_USTAT (use the ustat(2) syscall),
10283 SFS_4ARGS (use the four argument statfs(2) syscall),
10284 SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>),
10285 SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>),
10286 SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>),
10287 SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>),
10289 SFS_NONE (no way to get this information).
10291 The load average type.
10292 Details are described below.
10294 The are several built-in ways of computing the load average.
10296 tries to auto-configure them based on imperfect guesses;
10297 you can select one using the
10306 The kernel stores the load average in the kernel as an array of long integers.
10307 The actual values are scaled by a factor FSCALE
10310 The kernel stores the load average in the kernel as an array of short integers.
10311 The actual values are scaled by a factor FSCALE
10314 The kernel stores the load average in the kernel as an array of
10315 double precision floats.
10317 Use MACH-style load averages.
10321 routine to get the load average as an array of doubles.
10323 Always return zero as the load average.
10324 This is the fallback case.
10332 you may also need to specify
10334 (the path to your system binary)
10337 (the name of the variable containing the load average in the kernel;
10342 .sh 2 "Configuration in sendmail/conf.c"
10344 The following changes can be made in conf.c.
10345 .sh 3 "Built-in Header Semantics"
10347 Not all header semantics are defined in the configuration file.
10348 Header lines that should only be included by certain mailers
10349 (as well as other more obscure semantics)
10350 must be specified in the
10354 This table contains the header name
10355 (which should be in all lower case)
10356 and a set of header control flags (described below),
10359 Normally when the check is made to see if a header line is compatible
10362 will not delete an existing line.
10363 If this flag is set,
10366 even existing header lines.
10368 if this bit is set and the mailer does not have flag bits set
10369 that intersect with the required mailer flags
10370 in the header definition in
10376 If this header field is set,
10377 treat it like a blank line,
10379 it will signal the end of the header
10380 and the beginning of the message text.
10382 Add this header entry
10383 even if one existed in the message before.
10384 If a header entry does not have this bit set,
10386 will not add another header line if a header line
10387 of this name already existed.
10388 This would normally be used to stamp the message
10389 by everyone who handled it.
10392 this is a timestamp
10395 If the number of trace fields in a message
10396 exceeds a preset amount
10397 the message is returned
10398 on the assumption that it has an aliasing loop.
10401 this field contains recipient addresses.
10402 This is used by the
10404 flag to determine who to send to
10405 when it is collecting recipients from the message.
10407 This flag indicates that this field
10408 specifies a sender.
10409 The order of these fields in the
10414 for which field to return error messages to.
10416 Addresses in this header should receive error messages.
10418 This header is a Content-Transfer-Encoding header.
10420 This header is a Content-Type header.
10422 Strip the value from the header (for Bcc:).
10425 Let's look at a sample
10429 .ta 4n +\w'"content-transfer-encoding", 'u
10430 struct hdrinfo HdrInfo[] =
10432 /* originator fields, most to least significant */
10433 "resent-sender", H_FROM,
10434 "resent-from", H_FROM,
10437 "full-name", H_ACHECK,
10438 "errors-to", H_FROM\^|\^H_ERRORSTO,
10439 /* destination fields */
10441 "resent-to", H_RCPT,
10443 "bcc", H_RCPT\^|\^H_STRIPVAL,
10444 /* message identification and control */
10448 "received", H_TRACE\^|\^H_FORCE,
10449 /* miscellaneous fields */
10450 "content-transfer-encoding", H_CTE,
10451 "content-type", H_CTYPE,
10456 This structure indicates that the
10462 all specify recipient addresses.
10465 field will be deleted unless the required mailer flag
10466 (indicated in the configuration file)
10472 fields will terminate the header;
10473 these are used by random dissenters around the network world.
10476 field will always be added,
10477 and can be used to trace messages.
10479 There are a number of important points here.
10481 header fields are not added automatically just because they are in the
10484 they must be specified in the configuration file
10485 in order to be added to the message.
10486 Any header fields mentioned in the configuration file but not
10489 structure have default processing performed;
10491 they are added unless they were in the message already.
10495 structure only specifies cliched processing;
10496 certain headers are processed specially by ad hoc code
10497 regardless of the status specified in
10504 fields are always scanned on ARPANET mail
10505 to determine the sender\**;
10507 \**Actually, this is no longer true in SMTP;
10508 this information is contained in the envelope.
10509 The older ARPANET protocols did not completely distinguish
10510 envelope from header.
10512 this is used to perform the
10513 .q "return to sender"
10519 fields are used to determine the full name of the sender
10521 this is stored in the macro
10523 and used in a number of ways.
10524 .sh 3 "Restricting Use of Email"
10526 If it is necessary to restrict mail through a relay,
10529 routine can be modified.
10530 This routine is called for every recipient address.
10531 It returns an exit status
10532 indicating the status of the message.
10535 accepts the address,
10537 queues the message for a later try,
10540 .sm EX_UNAVAILABLE )
10541 reject the message.
10544 to print an error message
10547 if the message is rejected.
10554 .ta 4n +4n +4n +4n +4n +4n +4n
10557 register ADDRESS *to;
10558 register ENVELOPE *e;
10562 s = stab("private", ST_MAILER, ST_FIND);
10563 if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
10564 to->q_mailer == s->s_mailer)
10566 usrerr("No private net mail allowed through this machine");
10567 return (EX_UNAVAILABLE);
10569 if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
10571 usrerr("Message too large for non-local delivery");
10572 e\->e_flags |= EF_NORETURN;
10573 return (EX_UNAVAILABLE);
10579 This would reject messages greater than 50000 bytes
10580 unless they were local.
10585 to suppress the return of the actual body
10586 of the message in the error return.
10587 The actual use of this routine is highly dependent on the
10589 and use should be limited.
10590 .sh 3 "New Database Map Classes"
10592 New key maps can be added by creating a class initialization function
10593 and a lookup function.
10594 These are then added to the routine
10597 The initialization function is called as
10599 \fIxxx\fP_map_init(MAP *map, char *args)
10603 is an internal data structure.
10606 is a pointer to the portion of the configuration file line
10607 following the map class name;
10608 flags and filenames can be extracted from this line.
10609 The initialization function must return
10611 if it successfully opened the map,
10615 The lookup function is called as
10617 \fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp)
10621 defines the map internally.
10625 This may be (and often is) used destructively.
10628 is a list of arguments passed in from the rewrite line.
10629 The lookup function should return a pointer to the new value.
10630 If the map lookup fails,
10632 should be set to an exit status code;
10633 in particular, it should be set to
10635 if recovery is to be attempted by the higher level code.
10636 .sh 3 "Queueing Function"
10640 is called to decide if a message should be queued
10641 or processed immediately.
10642 Typically this compares the message priority to the current load average.
10643 The default definition is:
10646 shouldqueue(pri, ctime)
10650 if (CurrentLA < QueueLA)
10652 return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
10655 If the current load average
10658 which is set before this function is called)
10659 is less than the low threshold load average
10668 (that is, it should
10671 If the current load average exceeds the high threshold load average
10680 Otherwise, it computes the function based on the message priority,
10686 and the current and threshold load averages.
10688 An implementation wishing to take the actual age of the message into account
10692 which is the time that the message was first submitted to
10696 parameter is already weighted
10697 by the number of times the message has been tried
10698 (although this tends to lower the priority of the message with time);
10699 the expectation is that the
10701 would be used as an
10703 to ensure that messages are eventually processed.
10704 .sh 3 "Refusing Incoming SMTP Connections"
10707 .i refuseconnections
10710 if incoming SMTP connections should be refused.
10711 The current implementation is based exclusively on the current load average
10712 and the refuse load average option
10719 refuseconnections()
10721 return (RefuseLA > 0 && CurrentLA >= RefuseLA);
10724 A more clever implementation
10725 could look at more system resources.
10726 .sh 3 "Load Average Computation"
10730 returns the current load average (as a rounded integer).
10731 The distribution includes several possible implementations.
10732 If you are porting to a new environment
10733 you may need to add some new tweaks.\**
10735 \**If you do, please send updates to
10736 sendmail@Sendmail.ORG.
10738 .sh 2 "Configuration in sendmail/daemon.c"
10741 .i sendmail/daemon.c
10742 contains a number of routines that are dependent
10743 on the local networking environment.
10744 The version supplied assumes you have BSD style sockets.
10746 In previous releases,
10747 we recommended that you modify the routine
10749 if you wanted to generalize
10754 We now recommend that you create a new keyed map instead.
10757 In this section we assume that
10759 has been compiled with support for LDAP.
10760 .sh 3 "LDAP Recursion"
10762 LDAP Recursion allows you to add types to the search attributes on an
10763 LDAP map specification.
10765 .ip "\-v \fIATTRIBUTE\fP[:\fITYPE\fP[:\fIOBJECTCLASS\fP[|\fIOBJECTCLASS\fP|...]]]
10767 The new \fITYPE\fPs are:
10770 This attribute type specifies the attribute to add to the results string.
10771 This is the default.
10773 Any matches for this attribute are expected to have a value of a
10774 fully qualified distinguished name.
10776 will lookup that DN and apply the attributes requested to the
10777 returned DN record.
10779 Any matches for this attribute are expected to have a value of an
10780 LDAP search filter.
10782 will perform a lookup with the same parameters as the original
10783 search but replaces the search filter with the one specified here.
10785 Any matches for this attribute are expected to have a value of an LDAP URL.
10787 will perform a lookup of that URL and use the results from the attributes
10789 Note however that the search is done using the current LDAP connection,
10790 regardless of what is specified as the scheme, LDAP host, and LDAP
10791 port in the LDAP URL.
10793 Any untyped attributes are considered
10795 attributes as described above.
10797 The optional \fIOBJECTCLASS\fP (| separated) list contains the
10798 objectClass values for which that attribute applies.
10799 If the list is given,
10800 the attribute named will only be used if the LDAP record being returned is a
10801 member of that object class.
10802 Note that if these new value attribute \fITYPE\fPs are used in an
10804 option setting, it will need to be double quoted to prevent
10806 from misparsing the colons.
10808 Note that LDAP recursion attributes which do not ultimately point to an
10809 LDAP record are not considered an error.
10812 Since examples usually help clarify, here is an example which uses all
10813 four of the new types:
10815 O LDAPDefaultSpec=-h ldap.example.com -b dc=example,dc=com
10819 -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=%0))
10820 -v sendmailMTAAliasValue,mail:NORMAL:inetOrgPerson,
10821 uniqueMember:DN:groupOfUniqueNames,
10822 sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,
10823 sendmailMTAAliasURL:URL:sendmailMTAAliasObject
10826 That definition specifies that:
10829 .sm sendmailMTAAliasValue
10830 attribute will be added to the result string regardless of object class.
10834 attribute will be added to the result string if
10835 the LDAP record is a member of the
10841 attribute is a recursive attribute, used only in
10842 .sm groupOfUniqueNames
10843 records, and should contain an LDAP DN pointing to another LDAP record.
10844 The desire here is to return the
10846 attribute from those DNs.
10849 .sm sendmailMTAAliasSearch
10851 .sm sendmailMTAAliasURL
10852 are both used only if referenced in a
10853 .sm sendmailMTAAliasObject .
10854 They are both recursive, the first for a new LDAP search string and the
10855 latter for an LDAP URL.
10858 In this section we assume that
10860 has been compiled with support for STARTTLS.
10861 To properly understand the use of STARTTLS in
10863 it is necessary to understand at least some basics about X.509 certificates
10864 and public key cryptography.
10865 This information can be found in books about SSL/TLS
10866 or on WWW sites, e.g.,
10867 .q http://www.OpenSSL.org/ .
10868 .sh 3 "Certificates for STARTTLS"
10870 When acting as a server,
10872 requires X.509 certificates to support STARTTLS:
10873 one as certificate for the server (ServerCertFile and corresponding
10874 private ServerKeyFile)
10875 at least one root CA (CACertFile),
10876 i.e., a certificate that is used to sign other certificates,
10877 and a path to a directory which contains (zero or more) other CAs (CACertPath).
10878 The file specified via
10880 can contain several certificates of CAs.
10881 The DNs of these certificates are sent
10882 to the client during the TLS handshake (as part of the
10883 CertificateRequest) as the list of acceptable CAs.
10884 However, do not list too many root CAs in that file, otherwise
10885 the TLS handshake may fail; e.g.,
10887 error:14094417:SSL routines:SSL3_READ_BYTES:
10888 sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47
10890 You should probably put only the CA cert into that file
10891 that signed your own cert(s), or at least only those you trust.
10892 The CACertPath directory must contain the hashes of each CA certificate
10893 as filenames (or as links to them).
10894 Symbolic links can be generated with the following
10895 two (Bourne) shell commands:
10897 C=FileName_of_CA_Certificate
10898 ln -s $C `openssl x509 -noout -hash < $C`.0
10900 A better way to do this is to use the
10902 command that is part of the OpenSSL distribution
10903 because it handles subject hash collisions
10904 by incrementing the number in the suffix of the filename of the symbolic link,
10910 An X.509 certificate is also required for authentication in client mode
10911 (ClientCertFile and corresponding private ClientKeyFile), however,
10913 will always use STARTTLS when offered by a server.
10914 The client and server certificates can be identical.
10915 Certificates can be obtained from a certificate authority
10916 or created with the help of OpenSSL.
10917 The required format for certificates and private keys is PEM.
10918 To allow for automatic startup of sendmail, private keys
10919 (ServerKeyFile, ClientKeyFile)
10920 must be stored unencrypted.
10921 The keys are only protected by the permissions of the file system.
10922 Never make a private key available to a third party.
10925 .i ClientCertFile ,
10927 .i ServerCertFile ,
10930 can take a second file name,
10931 which must be separated from the first with a comma
10932 (note: do not use any spaces)
10933 to set up a second cert/key pair.
10934 This can be used to have certs of different types,
10936 .sh 3 "PRNG for STARTTLS"
10938 STARTTLS requires a strong pseudo random number generator (PRNG)
10939 to operate properly.
10940 Depending on the TLS library you use, it may be required to explicitly
10941 initialize the PRNG with random data.
10942 OpenSSL makes use of
10944 if available (this corresponds to the compile flag HASURANDOMDEV).
10945 On systems which lack this support, a random file must be specified in the
10947 file using the option RandFile.
10950 advised to use the "Entropy Gathering Daemon" EGD
10951 from Brian Warner on those systems to provide useful random data.
10954 must be compiled with the flag EGD, and the
10955 RandFile option must point to the EGD socket.
10958 nor EGD are available, you have to make sure
10959 that useful random data is available all the time in RandFile.
10960 If the file hasn't been modified in the last 10 minutes before
10961 it is supposed to be used by
10963 the content is considered obsolete.
10964 One method for generating this file is:
10966 openssl rand -out /etc/mail/randfile -rand \c
10967 .i /path/to/file:... \c
10970 See the OpenSSL documentation for more information.
10971 In this case, the PRNG for TLS is only
10972 seeded with other random data if the
10973 .b DontBlameSendmail
10975 .b InsufficientEntropy
10977 This is most likely not sufficient for certain actions, e.g.,
10978 generation of (temporary) keys.
10980 Please see the OpenSSL documentation or other sources
10981 for further information about certificates, their creation and their usage,
10982 the importance of a good PRNG, and other aspects of TLS.
10983 .sh 2 "Encoding of STARTTLS and AUTH related Macros"
10985 Macros that contain STARTTLS and AUTH related data which comes from outside
10986 sources, e.g., all macros containing information from certificates,
10987 are encoded to avoid problems with non-printable or special characters.
10988 The latter are '\\', '<', '>', '(', ')', '"', '+', and ' '.
10989 All of these characters are replaced by their value in hexadecimal
10990 with a leading '+'.
10993 /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/
10994 Email=darth+cert@endmail.org
10998 /C=US/ST=California/O=endmail.org/OU=private/
10999 CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
11001 (line breaks have been inserted for readability).
11002 The macros which are subject to this encoding are
11003 {cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer},
11005 {auth_authen} and {auth_author}.
11006 .sh 1 "ACKNOWLEDGEMENTS"
11011 and many employers have been remarkably patient
11012 about letting me work on a large project
11013 that was not part of my official job.
11014 This includes time on the INGRES Project at
11015 the University of California at Berkeley,
11017 and again on the Mammoth and Titan Projects at Berkeley.
11019 Much of the second wave of improvements
11020 resulting in version 8.1
11021 should be credited to Bryan Costales of the
11022 International Computer Science Institute.
11023 As he passed me drafts of his book on
11025 I was inspired to start working on things again.
11026 Bryan was also available to bounce ideas off of.
11028 Gregory Neil Shapiro
11029 of Worcester Polytechnic Institute
11030 has become instrumental in all phases of
11032 support and development,
11033 and was largely responsible for getting versions 8.8 and 8.9
11036 Many, many people contributed chunks of code and ideas to
11038 It has proven to be a group network effort.
11039 Version 8 in particular was a group project.
11040 The following people and organizations made notable contributions:
11043 John Beck, Hewlett-Packard & Sun Microsystems
11044 Keith Bostic, CSRG, University of California, Berkeley
11045 Andrew Cheng, Sun Microsystems
11046 Michael J. Corrigan, University of California, San Diego
11047 Bryan Costales, International Computer Science Institute & InfoBeat
11048 Pa\*:r (Pell) Emanuelsson
11049 Craig Everhart, Transarc Corporation
11050 Per Hedeland, Ericsson
11051 Tom Ivar Helbekkmo, Norwegian School of Economics
11052 Kari Hurtta, Finnish Meteorological Institute
11053 Allan E. Johannesen, WPI
11054 Jonathan Kamens, OpenVision Technologies, Inc.
11055 Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd.
11056 Brian Kantor, University of California, San Diego
11057 John Kennedy, Cal State University, Chico
11058 Murray S. Kucherawy, HookUp Communication Corp.
11059 Bruce Lilly, Sony U.S.
11061 Motonori Nakamura, Ritsumeikan University & Kyoto University
11062 John Gardiner Myers, Carnegie Mellon University
11063 Neil Rickert, Northern Illinois University
11064 Gregory Neil Shapiro, WPI
11065 Eric Schnoebelen, Convex Computer Corp.
11066 Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
11067 Randall Winchester, University of Maryland
11068 Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris)
11071 I apologize for anyone I have omitted, misspelled, misattributed, or
11073 At this point, I suspect that at least a hundred people
11074 have contributed code,
11075 and many more have contributed ideas, comments, and encouragement.
11076 I've tried to list them in the RELEASE_NOTES in the distribution directory.
11077 I appreciate their contribution as well.
11079 Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel,
11080 who besides being wonderful guinea pigs and contributors
11081 have also consented to be added to the ``sendmail@Sendmail.ORG'' list
11082 and, by answering the bulk of the questions sent to that list,
11083 have freed me up to do other work.
11085 .+c "COMMAND LINE FLAGS"
11089 Arguments must be presented with flags before addresses.
11092 Select an alternative .cf file which is either
11100 By default the .cf file is chosen based on the operation mode.
11109 if it exists, for all others it is
11112 Set operation mode to
11114 Operation modes are:
11117 m Deliver mail (default)
11118 s Speak SMTP on input side
11119 a\(dg ``Arpanet'' mode (get envelope sender information from header)
11120 C Check the configuration file
11121 d Run as a daemon in background
11122 D Run as a daemon in foreground
11124 v Just verify addresses, don't collect or deliver
11125 i Initialize the alias database
11126 p Print the mail queue
11127 P Print overview over the mail queue (requires shared memory)
11128 h Print the persistent host status database
11129 H Purge expired entries from the persistent host status database
11135 Indicate body type.
11137 Use a different configuration file.
11139 runs as the invoking user (rather than root)
11140 when this flag is specified.
11141 .ip "\-D \fIlogfile\fP"
11142 Send debugging output to the indicated
11146 Set debugging level.
11147 .ip "\-f\ \fIaddr\fP"
11148 The envelope sender address is set to
11150 This address may also be used in the From: header
11151 if that header is missing during initial submission.
11152 The envelope sender address is used as the recipient
11153 for delivery status notifications
11154 and may also appear in a Return-Path: header.
11155 .ip \-F\ \fIname\fP
11156 Sets the full name of this user to
11159 When accepting messages via the command line,
11160 indicate that they are for relay (gateway) submission.
11161 sendmail may complain about syntactically invalid messages,
11162 e.g., unqualified host names,
11163 rather than fixing them when this flag is set.
11164 sendmail will not do any canonicalization in this mode.
11165 .ip "\-h\ \fIcnt\fP"
11170 This represents the number of times this message has been processed
11173 (to the extent that it is supported by the underlying networks).
11175 is incremented during processing,
11180 throws away the message with an error.
11181 .ip "\-L \fItag\fP"
11182 Sets the identifier used for syslog.
11183 Note that this identifier is set
11184 as early as possible.
11189 before the command line arguments
11192 Don't do aliasing or forwarding.
11193 .ip "\-N \fInotifications\fP"
11194 Tag all addresses being sent as wanting the indicated
11196 which consists of the word
11198 or a comma-separated list of
11203 for successful delivery,
11205 and a message that is stuck in a queue somewhere.
11208 .ip "\-r\ \fIaddr\fP"
11209 An obsolete form of
11211 .ip \-o\fIx\|value\fP
11216 These options are described in Section 5.6.
11217 .ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
11222 (for long form option names).
11223 These options are described in Section 5.6.
11224 .ip \-M\fIx\|value\fP
11229 .ip \-p\fIprotocol\fP
11230 Set the sending protocol.
11231 Programs are encouraged to set this.
11232 The protocol field can be in the form
11236 to set both the sending protocol and sending host.
11239 sets the sending protocol to UUCP
11240 and the sending host to uunet.
11241 (Some existing programs use \-oM to set the r and s macros;
11242 this is equivalent to using \-p.)
11244 Try to process the queued up mail.
11245 If the time is given,
11248 will start one or more processes to run through the queue(s) at the specified
11249 time interval to deliver queued mail; otherwise, it only runs once.
11250 Each of these processes acts on a workgroup.
11251 These processes are also known as workgroup processes or WGP's for short.
11252 Each workgroup is responsible for controlling the processing of one or
11253 more queues; workgroups help manage the use of system resources by sendmail.
11254 Each workgroup may have one or more children concurrently processing
11255 queues depending on the setting of \fIMaxQueueChildren\fP.
11257 Similar to \-q with a time argument,
11258 except that instead of periodically starting WGP's
11259 sendmail starts persistent WGP's
11260 that alternate between processing queues and sleeping.
11261 The sleep time is specified by the time argument; it defaults to 1 second,
11262 except that a WGP always sleeps at least 5 seconds if their queues were
11263 empty in the previous run.
11264 Persistent processes are managed by a queue control process (QCP).
11265 The QCP is the parent process of the WGP's.
11266 Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD)
11267 or a special process (named Queue control) (when started without \-bd or \-bD).
11268 If a persistent WGP ceases to be active for some reason
11269 another WGP will be started by the QCP for the same workgroup
11270 in most cases. When a persistent WGP has core dumped, the debug flag
11271 \fIno_persistent_restart\fP is set or the specific persistent WGP has been
11272 restarted too many times already then the WGP will not be started again
11273 and a message will be logged to this effect.
11274 To stop (SIGTERM) or restart (SIGHUP) persistent WGP's the appropriate
11275 signal should be sent to the QCP. The QCP will propagate the signal to all of
11276 the WGP's and if appropriate restart the persistent WGP's.
11278 Run the jobs in the queue group
11281 .ip \-q[!]\fIXstring\fP
11282 Run the queue once,
11283 limiting the jobs to those matching
11289 to limit based on queue identifier,
11291 to limit based on recipient,
11293 to limit based on sender,
11296 to limit based on quarantine reason for quarantined jobs.
11297 A particular queued job is accepted if one of the corresponding attributes
11298 contains the indicated
11300 The optional ! character negates the condition tested.
11303 flags are permitted,
11304 with items with the same key letter
11306 together, and items with different key letters
11310 Quarantine a normal queue items with the given reason or
11311 unquarantine quarantined queue items if no reason is given.
11312 This should only be used with some sort of item matching using
11313 .b \-q[!]\fIXstring\fP
11314 as described above.
11316 What information you want returned if the message bounces;
11320 for headers only or
11322 for headers plus body.
11323 This is a request only;
11324 the other end is not required to honor the parameter.
11327 is specified local bounces also return only the headers.
11329 Read the header for
11334 lines, and send to everyone listed in those lists.
11337 line will be deleted before sending.
11338 Any addresses in the argument vector will be deleted
11339 from the send list.
11343 is passed with the envelope of the message
11344 and returned if the message bounces.
11345 .ip "\-X \fIlogfile\fP"
11346 Log all traffic in and out of
11350 for debugging mailer problems.
11351 This produces a lot of data very quickly and should be used sparingly.
11353 There are a number of options that may be specified as
11355 These are the e, i, m, and v options.
11358 may be specified as the
11361 The DSN related options
11369 .+c "QUEUE FILE FORMATS"
11371 This appendix describes the format of the queue files.
11372 These files live in a queue directory.
11373 The individual qf, hf, Qf, df, and xf files
11374 may be stored in separate
11380 if they are present in the queue directory.
11382 All queue files have the name
11392 The individual letters in the
11409 Encoded envelope number
11411 At least five decimal digits of the process ID
11413 All files with the same id collectively define one message.
11414 Due to the use of memory-buffered files,
11415 some of these files may never appear on disk.
11420 The queue control file.
11421 This file contains the information necessary to process the job.
11423 The same as a queue control file, but for a quarantined queue job.
11426 The message body (excluding the header) is kept in this file.
11427 Sometimes the df file is not stored in the same directory as the qf file;
11429 the qf file contains a `d' record which names the queue directory
11430 that contains the df file.
11433 This is an image of the
11435 file when it is being rebuilt.
11436 It should be renamed to a
11441 existing during the life of a session
11442 showing everything that happens
11443 during that session.
11444 Sometimes the xf file must be generated before a queue group has been selected;
11446 the xf file will be stored in a directory of the default queue group.
11448 A ``lost'' queue control file.
11454 if there is a severe (configuration) problem that cannot be solved without
11455 human intervention.
11456 Search the logfile for the queue file id to figure out what happened.
11457 After you resolved the problem, you can rename the
11463 The queue control file is structured as a series of lines
11464 each beginning with a code letter.
11465 The lines are as follows:
11467 The version number of the queue file format,
11470 binaries to read queue files created by older versions.
11471 Defaults to version zero.
11472 Must be the first line of the file if present.
11473 For 8.12 the version number is 6.
11475 The information given by the AUTH= parameter of the
11478 if sendmail has been called directly.
11480 A header definition.
11481 There may be any number of these lines.
11482 The order is important:
11483 they represent the order in the final message.
11484 These use the same syntax
11485 as header definitions in the configuration file.
11487 The controlling address.
11489 .q localuser:aliasname .
11490 Recipient addresses following this line
11491 will be flagged so that deliveries will be run as the
11493 (a user name from the /etc/passwd file);
11495 is the name of the alias that expanded to this address
11496 (used for printing messages).
11498 The quarantine reason for quarantined queue items.
11500 The ``original recipient'',
11501 specified by the ORCPT= field in an ESMTP transaction.
11502 Used exclusively for Delivery Status Notifications.
11503 It applies only to the following `R' line.
11505 The ``final recipient''
11506 used for Delivery Status Notifications.
11507 It applies only to the following `R' line.
11509 A recipient address.
11510 This will normally be completely aliased,
11511 but is actually realiased when the job is processed.
11512 There will be one line for each recipient.
11514 also include a leading colon-terminated list of flags,
11516 `S' to return a message on successful final delivery,
11517 `F' to return a message on failure,
11518 `D' to return a message if the message is delayed,
11519 `B' to indicate that the body should be returned,
11520 `N' to suppress returning the body,
11522 `P' to declare this as a ``primary'' (command line or SMTP-session) address.
11524 The sender address.
11525 There may only be one of these lines.
11527 The job creation time.
11528 This is used to compute when to time out the job.
11530 The current message priority.
11531 This is used to order the queue.
11532 Higher numbers mean lower priorities.
11533 The priority changes
11534 as the message sits in the queue.
11535 The initial priority depends on the message class
11536 and the size of the message.
11539 This line is printed by the
11542 and is generally used to store status information.
11543 It can contain any text.
11545 Flag bits, represented as one letter per flag.
11546 Defined flag bits are
11548 indicating that this is a response message
11551 indicating that a warning message has been sent
11552 announcing that the mail has been delayed.
11553 Other flag bits are:
11555 the body contains 8bit data,
11557 a Bcc: header should be removed,
11559 the mail has RET parameters (see RFC 1894),
11561 the body of the message should not be returned
11562 in case of an error,
11564 the envelope has been split.
11566 The total number of delivery attempts.
11568 The time (as seconds since January 1, 1970)
11569 of the last delivery attempt.
11571 If the df file is in a different directory than the qf file,
11572 then a `d' record is present,
11573 specifying the directory in which the df file resides.
11575 The i-number of the data file;
11576 this can be used to recover your mail queue
11577 after a disastrous disk crash.
11579 A macro definition.
11580 The values of certain macros
11581 are passed through to the queue run phase.
11584 The remainder of the line is a text string defining the body type.
11585 If this field is missing,
11586 the body type is assumed to be
11588 and no special processing is attempted.
11594 The original envelope id (from the ESMTP transaction).
11595 For Deliver Status Notifications only.
11598 the following is a queue file sent to
11599 .q eric@mammoth.Berkeley.EDU
11601 .q bostic@okeeffe.CS.Berkeley.EDU \**:
11603 \**This example is contrived and probably inaccurate for your environment.
11604 Glance over it to get an idea;
11605 nothing can replace looking at what your own system generates.
11616 Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU
11617 RPFD:eric@mammoth.Berkeley.EDU
11618 RPFD:bostic@okeeffe.CS.Berkeley.EDU
11619 H?P?Return-path: <^g>
11620 H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
11621 Fri, 17 Jul 1992 00:28:55 -0700
11622 H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
11623 id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
11624 H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
11625 id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
11626 H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
11627 id AA22757; Fri, 17 Jul 1992 09:31:25 GMT
11628 H?F?From: eric@foo.bar.baz.de (Eric Allman)
11629 H?x?Full-name: Eric Allman
11630 H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
11631 H??To: sendmail@vangogh.CS.Berkeley.EDU
11632 H??Subject: this is an example message
11635 the person who sent the message,
11636 the submission time
11637 (in seconds since January 1, 1970),
11638 the message priority,
11641 and the headers for the message.
11642 .+c "SUMMARY OF SUPPORT FILES"
11644 This is a summary of the support files
11647 creates or generates.
11648 Many of these can be changed by editing the sendmail.cf file;
11649 check there to find the actual pathnames.
11651 .ip "/usr/\*(SD/sendmail"
11654 .ip /usr/\*(SB/newaliases
11655 A link to /usr/\*(SD/sendmail;
11656 causes the alias database to be rebuilt.
11657 Running this program is completely equivalent to giving
11662 .ip /usr/\*(SB/mailq
11663 Prints a listing of the mail queue.
11664 This program is equivalent to using the
11668 .ip /etc/mail/sendmail.cf
11669 The configuration file,
11671 .ip /etc/mail/helpfile
11672 The SMTP help file.
11673 .ip /etc/mail/statistics
11674 A statistics file; need not be present.
11675 .ip /etc/mail/sendmail.pid
11676 Created in daemon mode;
11677 it contains the process id of the current SMTP daemon.
11678 If you use this in scripts;
11679 use ``head \-1'' to get just the first line;
11680 the second line contains the command line used to invoke the daemon,
11681 and later versions of
11683 may add more information to subsequent lines.
11684 .ip /etc/mail/aliases
11685 The textual version of the alias file.
11686 .ip /etc/mail/aliases.db
11690 .ip /etc/mail/aliases.{pag,dir}
11694 .ip /var/spool/mqueue
11695 The directory in which the mail queue(s)
11696 and temporary files reside.
11697 .ip /var/spool/mqueue/qf*
11698 Control (queue) files for messages.
11699 .ip /var/spool/mqueue/df*
11701 .ip /var/spool/mqueue/tf*
11702 Temporary versions of the qf files,
11703 used during queue file rebuild.
11704 .ip /var/spool/mqueue/xf*
11705 A transcript of the current session.
11712 This page intentionally left blank;
11713 replace it with a blank sheet for double-sided output.
11725 .\"INSTALLATION AND OPERATION GUIDE
11730 .\"Version $Revision: 8.759 $
11738 .\" remove some things to avoid "out of temp file space" problem
11758 This page intentionally left blank;
11759 replace it with a blank sheet for double-sided output.