1 .\" Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
2 .\" All rights reserved.
3 .\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
4 .\" Copyright (c) 1983, 1993
5 .\" The Regents of the University of California. All rights reserved.
7 .\" By using this file, you agree to the terms and conditions set
8 .\" forth in the LICENSE file which can be found at the top level of
9 .\" the sendmail distribution.
12 .\" $Id: op.me,v 8.751 2013/04/08 21:41:25 ca Exp $
14 .\" eqn op.me | pic | troff -me
16 .\" Define \(sc if not defined (for text output)
18 .if !c \(sc .char \(sc S
20 .\" Define \(dg as "*" for text output and create a new .DG macro
21 .\" which describes the symbol.
37 .\" Define \(dd as "#" for text output and create a new .DD macro
38 .\" which describes the symbol.
51 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
52 .oh 'Sendmail Installation and Operation Guide''SMM:08-%'
53 .\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin
55 .\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb
74 .b SENDMAIL\u\s-6TM\s0\d
77 .b "INSTALLATION AND OPERATION GUIDE"
80 This documentation is under modification.
93 .Ve $Revision: 8.751 $
96 For Sendmail Version 8.14
99 Sendmail is a trademark of Sendmail, Inc.
100 US Patent Numbers 6865671, 6986037.
104 .i Sendmail \u\s-2TM\s0\d
105 implements a general purpose internetwork mail routing facility
108 It is not tied to any one transport protocol \*-
109 its function may be likened to a crossbar switch,
110 relaying messages from one domain into another.
112 it can do a limited amount of message header editing
113 to put the message into a format that is appropriate
114 for the receiving domain.
115 All of this is done under the control of a configuration file.
117 Due to the requirements of flexibility
120 the configuration file can seem somewhat unapproachable.
121 However, there are only a few basic configurations
123 for which standard configuration files have been supplied.
124 Most other configurations
125 can be built by adjusting an existing configuration file
130 RFC 821 (Simple Mail Transport Protocol),
131 RFC 822 (Internet Mail Headers Format),
132 RFC 974 (MX routing),
133 RFC 1123 (Internet Host Requirements),
134 RFC 1413 (Identification server),
135 RFC 1652 (SMTP 8BITMIME Extension),
136 RFC 1869 (SMTP Service Extensions),
137 RFC 1870 (SMTP SIZE Extension),
138 RFC 1891 (SMTP Delivery Status Notifications),
139 RFC 1892 (Multipart/Report),
140 RFC 1893 (Enhanced Mail System Status Codes),
141 RFC 1894 (Delivery Status Notifications),
142 RFC 1985 (SMTP Service Extension for Remote Message Queue Starting),
143 RFC 2033 (Local Message Transmission Protocol),
144 RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes),
146 RFC 2476 (Message Submission),
147 RFC 2487 (SMTP Service Extension for Secure SMTP over TLS),
148 RFC 2554 (SMTP Service Extension for Authentication),
149 RFC 2821 (Simple Mail Transfer Protocol),
150 RFC 2822 (Internet Message Format),
151 RFC 2852 (Deliver By SMTP Service Extension),
153 RFC 2920 (SMTP Service Extension for Command Pipelining).
156 is designed to work in a wider world,
157 in many cases it can be configured to exceed these protocols.
158 These cases are described herein.
163 without the need for monitoring,
164 it has a number of features
165 that may be used to monitor or adjust the operation
166 under unusual circumstances.
167 These features are described.
169 Section one describes how to do a basic
173 explains the day-to-day information you should know
174 to maintain your mail system.
175 If you have a relatively normal site,
176 these two sections should contain sufficient information
181 has information regarding the command line arguments.
183 describes some parameters that may be safely tweaked.
185 contains the nitty-gritty information about the configuration
187 This section is for masochists
188 and people who must write their own configuration file.
190 describes configuration that can be done at compile time.
191 The appendixes give a brief
192 but detailed explanation of a number of features
193 not described in the rest of the paper.
195 .sh 1 "BASIC INSTALLATION"
197 There are two basic steps to installing
199 First, you have to compile and install the binary.
202 has already been ported to your operating system
203 that should be simple.
204 Second, you must build a run-time configuration file.
207 reads when it starts up
208 that describes the mailers it knows about,
209 how to parse addresses,
210 how to rewrite the message header,
211 and the settings of various options.
212 Although the configuration file can be quite complex,
213 a configuration can usually be built
214 using an M4-based configuration language.
215 Assuming you have the standard
219 for further information.
221 The remainder of this section will describe the installation of
223 assuming you can use one of the existing configurations
224 and that the standard installation parameters are acceptable.
225 All pathnames and examples
226 are given from the root of the
230 .i /usr/src/usr.\*(SD/sendmail
231 on 4.4BSD-based systems.
233 Continue with the next section if you need/want to compile
236 If you have a running binary already on your system,
237 you should probably skip to section 1.2.
238 .sh 2 "Compiling Sendmail"
253 This will leave the binary in an appropriately named subdirectory,
256 It works for multiple object versions
257 compiled out of the same directory.
258 .sh 3 "Tweaking the Build Invocation"
260 You can give parameters on the
263 In most cases these are only used when the
265 directory is first created.
266 To restart from scratch, use
268 These commands include:
270 .ip "\-L \fIlibdirs\fP"
271 A list of directories to search for libraries.
272 .ip "\-I \fIincdirs\fP"
273 A list of directories to search for include files.
274 .ip "\-E \fIenvar\fP=\fIvalue\fP"
275 Set an environment variable to an indicated
282 .ip "\-f \fIsiteconfig\fP"
283 Read the indicated site configuration file.
284 If this parameter is not specified,
289 .i $BUILDTOOLS/Site/site.$oscf.m4
291 .i $BUILDTOOLS/Site/site.config.m4 ,
292 where $BUILDTOOLS is normally
294 and $oscf is the same name as used on the
297 See below for a description of the site configuration file.
299 Skip auto-configuration.
301 will avoid auto-detecting libraries if this is set.
302 All libraries and map definitions must be specified
303 in the site configuration file.
305 Most other parameters are passed to the
307 program; for details see
308 .i $BUILDTOOLS/README .
309 .sh 3 "Creating a Site Configuration File"
312 (This section is not yet complete.
313 For now, see the file devtools/README for details.)
314 See sendmail/README for various compilation flags that can be set.
315 .sh 3 "Tweaking the Makefile"
317 .\" .b "XXX This should all be in the Site Configuration File section."
319 supports two different formats
320 for the local (on disk) version of databases,
324 At least one of these should be defined if at all possible.
327 The ``new DBM'' format,
328 available on nearly all systems around today.
329 This was the preferred format prior to 4.4BSD.
330 It allows such complex things as multiple databases
331 and closing a currently open database.
333 The Berkeley DB package.
334 If you have this, use it.
337 multiple open databases,
338 real in-memory caching,
340 You can define this in conjunction with
343 old alias databases are read,
344 but when a new database is created it will be in NEWDB format.
346 if you have NEWDB, NDBM, and NIS defined,
347 and if the alias file name includes the substring
350 will create both new and old versions of the alias file
354 This is required because the Sun NIS/YP system
355 reads the DBM version of the alias file.
359 If neither of these are defined,
361 reads the alias file into memory on every invocation.
362 This can be slow and should be avoided.
363 There are also several methods for remote database access:
365 Lightweight Directory Access Protocol.
367 Sun's Network Information Services (formerly YP).
371 NeXT's NetInfo service.
373 Hesiod service (from Athena).
375 Other compilation flags are set in
377 and should be predefined for you
378 unless you are porting to a new environment.
381 .sh 3 "Compilation and installation"
383 After making the local system configuration described above,
384 You should be able to compile and install the system.
387 is the best approach on most systems:
393 to create a custom Makefile for your environment.
395 If you are installing in the standard places,
396 you should be able to install using
400 This should install the binary in
402 and create links from
403 /usr/\*(SB/newaliases
408 On most systems it will also format and install man pages.
409 Notice: as of version 8.12
411 will no longer be installed set-user-ID root by default.
412 If you really want to use the old method, you can specify it as target:
414 \&./Build install-set-user-id
416 .sh 2 "Configuration Files"
419 cannot operate without a configuration file.
420 The configuration defines the mail delivery mechanisms understood at this site,
422 how to forward email to remote mail systems,
423 and a number of tuning parameters.
424 This configuration file is detailed
425 in the later portion of this document.
429 configuration can be daunting at first.
430 The world is complex,
431 and the mail configuration reflects that.
432 The distribution includes an m4-based configuration package
433 that hides a lot of the complexity.
438 Our configuration files are processed by
440 to facilitate local customization;
445 distribution directory
446 contains the source files.
447 This directory contains several subdirectories:
450 Both site-dependent and site-independent descriptions of hosts.
451 These can be literal host names
454 when the hosts are gateways
455 or more general descriptions
457 .q "generic-solaris2.mc"
458 as a general description of an SMTP-connected host
462 (``M4 Configuration'')
463 are the input descriptions;
464 the output is in the corresponding
467 The general structure of these files is described below.
469 Site-dependent subdomain descriptions.
470 These are tied to the way your organization wants to do addressing.
472 .b domain/CS.Berkeley.EDU.m4
473 is our description for hosts in the CS.Berkeley.EDU subdomain.
474 These are referenced using the
481 Definitions of specific features that some particular host in your site
483 These are referenced using the
487 An example feature is
491 to read an /etc/mail/local-host-names file on startup
492 to find the set of local names).
494 Local hacks, referenced using the
499 The point of having them here is to make it clear that they smell.
503 include files that have information common to all configuration files.
504 This can be thought of as a
508 Definitions of mailers,
513 The mailer types that are known in this distribution are
519 For example, to include support for the UUCP-based mailers,
523 Definitions describing various operating system environments
524 (such as the location of support files).
525 These are referenced using the
530 Shell files used by the
533 You shouldn't have to mess with these.
535 Local UUCP connectivity information.
536 This directory has been supplanted by the mailertable feature;
537 any new configurations should use that feature to do UUCP
539 The use of this directory is deprecated.
541 If you are in a new domain
543 you will probably want to create a
545 file for your domain.
546 This consists primarily of relay definitions
547 and features you want enabled site-wide:
548 for example, Berkeley's domain definition
552 These are specific to Berkeley,
553 and should be fully-qualified internet-style domain names.
554 Please check to make certain they are reasonable for your domain.
556 Subdomains at Berkeley are also represented in the
562 is the Computer Science subdomain,
564 is the Electrical Engineering and Computer Sciences subdomain,
567 is the Sequoia 2000 subdomain.
568 You will probably have to add an entry to this directory
569 to be appropriate for your domain.
571 You will have to use or create
575 subdirectory for your hosts.
576 This is detailed in the
579 .sh 2 "Details of Installation Files"
581 This subsection describes the files that
585 .sh 3 "/usr/\*(SD/sendmail"
589 is located in /usr/\*(SD\**.
593 on 4.4BSD and newer systems;
594 many systems install it in
596 I understand it is in /usr/ucblib
597 on System V Release 4.
599 It should be set-group-ID smmsp as described in
601 For security reasons,
602 /, /usr, and /usr/\*(SD
603 should be owned by root, mode 0755\**.
605 \**Some vendors ship them owned by bin;
606 this creates a security hole that is not actually related to
608 Other important directories that should have restrictive ownerships
610 /bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib.
612 .sh 3 "/etc/mail/sendmail.cf"
614 This is the main configuration file for
617 \**Actually, the pathname varies depending on the operating system;
618 /etc/mail is the preferred directory.
619 Some older systems install it in
620 .b /usr/lib/sendmail.cf ,
621 and I've also seen it in
623 If you want to move this file,
624 add -D_PATH_SENDMAILCF=\e"/file/name\e"
625 to the flags passed to the C compiler.
626 Moving this file is not recommended:
627 other programs and scripts know of this location.
629 This is one of the two non-library file names compiled into
631 the other is /etc/mail/submit.cf.
633 \**The system libraries can reference other files;
634 in particular, system library subroutines that
636 calls probably reference
639 .i /etc/resolv.conf .
642 The configuration file is normally created
643 using the distribution files described above.
644 If you have a particularly unusual system configuration
645 you may need to create a special version.
646 The format of this file is detailed in later sections
648 .sh 3 "/etc/mail/submit.cf"
650 This is the configuration file for
652 when it is used for initial mail submission, in which case
653 it is also called ``Mail Submission Program'' (MSP)
654 in contrast to ``Mail Transfer Agent'' (MTA).
655 Starting with version 8.12,
657 uses one of two different configuration files based on its operation mode
661 For initial mail submission, i.e., if one of the options
667 is specified, submit.cf is used (if available),
668 for other operations sendmail.cf is used.
669 Details can be found in
670 .i sendmail/SECURITY .
671 submit.cf is shipped with sendmail (in cf/cf/) and is installed by default.
672 If changes to the configuration need to be made, start with
673 cf/cf/submit.mc and follow the instruction in cf/README.
674 .sh 3 "/usr/\*(SB/newaliases"
678 command should just be a link to
681 rm \-f /usr/\*(SB/newaliases
682 ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
684 This can be installed in whatever search path you prefer
686 .sh 3 "/usr/\*(SB/hoststat"
690 command should just be a link to
692 in a fashion similar to
694 This command lists the status of the last mail transaction
695 with all remote hosts. The
697 flag will prevent the status display from being truncated.
698 It functions only when the
699 .b HostStatusDirectory
701 .sh 3 "/usr/\*(SB/purgestat"
703 This command is also a link to
705 It flushes expired (Timeout.hoststatus) information that is stored in the
706 .b HostStatusDirectory
708 .sh 3 "/var/spool/mqueue"
712 should be created to hold the mail queue.
713 This directory should be mode 0700
716 The actual path of this directory
722 To use multiple queues,
723 supply a value ending with an asterisk.
725 .i /var/spool/mqueue/qd*
726 will use all of the directories or symbolic links to directories
727 beginning with `qd' in
729 as queue directories.
730 Do not change the queue directory structure
731 while sendmail is running.
733 If these directories have subdirectories or symbolic links to directories
734 named `qf', `df', and `xf', then these will be used for the different
736 That is, the data files are stored in the `df' subdirectory,
737 the transcript files are stored in the `xf' subdirectory, and
738 all others are stored in the `qf' subdirectory.
740 If shared memory support is compiled in,
742 stores the available diskspace in a shared memory segment
743 to make the values readily available to all children without
744 incurring system overhead.
745 In this case, only the daemon updates the data;
746 i.e., the sendmail daemon creates the shared memory segment
747 and deletes it if it is terminated.
750 must have been compiled with support for shared memory
755 Notice: do not use the same key for
757 invocations with different queue directories
758 or different queue group declarations.
759 Access to shared memory is not controlled by locks,
760 i.e., there is a race condition when data in the shared memory is updated.
761 However, since operation of
763 does not rely on the data in the shared memory, this does not negatively
764 influence the behavior.
765 .sh 3 "/var/spool/clientmqueue"
768 .i /var/spool/clientmqueue
769 should be created to hold the mail queue.
770 This directory should be mode 0770
771 and owned by user smmsp, group smmsp.
773 The actual path of this directory
779 .sh 3 "/var/spool/mqueue/.hoststat"
781 This is a typical value for the
782 .b HostStatusDirectory
784 containing one file per host
785 that this sendmail has chatted with recently.
786 It is normally a subdirectory of
788 .sh 3 "/etc/mail/aliases*"
790 The system aliases are held in
791 .q /etc/mail/aliases .
794 which includes some aliases which
798 cp sendmail/aliases /etc/mail/aliases
799 .i "edit /etc/mail/aliases"
801 You should extend this file with any aliases that are apropos to your system.
805 looks at a database version of the files,
807 .q /etc/mail/aliases.dir
809 .q /etc/mail/aliases.pag
811 .q /etc/mail/aliases.db
812 depending on which database package you are using.
813 The actual path of this file
820 The permissions of the alias file and the database versions
821 should be 0640 to prevent local denial of service attacks
822 as explained in the top level
824 in the sendmail distribution.
825 If the permissions 0640 are used, be sure that only trusted users belong
826 to the group assigned to those files. Otherwise, files should not even
828 .sh 3 "/etc/rc or /etc/init.d/sendmail"
830 It will be necessary to start up the
832 daemon when your system reboots.
833 This daemon performs two functions:
834 it listens on the SMTP socket for connections
835 (to receive mail from a remote system)
836 and it processes the queue periodically
837 to insure that mail gets delivered when hosts come up.
839 If necessary, add the following lines to
844 in the area where it is starting up the daemons
845 on a BSD-base system,
846 or on a System-V-based system
847 in one of the startup files, typically
848 .q /etc/init.d/sendmail :
850 if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
851 (cd /var/spool/mqueue; rm \-f xf*)
852 /usr/\*(SD/sendmail \-bd \-q30m &
853 echo \-n ' sendmail' >/dev/console
860 commands insure that all transcript files have been removed;
861 extraneous transcript files may be left around
862 if the system goes down in the middle of processing a message.
863 The line that actually invokes
867 causes it to listen on the SMTP port,
870 causes it to run the queue every half hour.
872 Some people use a more complex startup script,
873 removing zero length qf/hf/Qf files and df files for which there is no
875 Note this is not advisable.
876 For example, see Figure 1
877 for an example of a complex script which does this clean up.
881 # remove zero length qf/hf/Qf files
882 for qffile in qf* hf* Qf*
888 echo \-n " <zero: $qffile>" > /dev/console
893 # rename tf files to be qf if the qf does not exist
896 qffile=`echo $tffile | sed 's/t/q/'`
897 if [ \-r $tffile \-a ! \-f $qffile ]
899 echo \-n " <recovering: $tffile>" > /dev/console
904 echo \-n " <extra: $tffile>" > /dev/console
909 # remove df files with no corresponding qf/hf/Qf files
912 qffile=`echo $dffile | sed 's/d/q/'`
913 hffile=`echo $dffile | sed 's/d/h/'`
914 Qffile=`echo $dffile | sed 's/d/Q/'`
915 if [ \-r $dffile \-a ! \-f $qffile \-a ! \-f $hffile \-a ! \-f $Qffile ]
917 echo \-n " <incomplete: $dffile>" > /dev/console
918 mv $dffile `echo $dffile | sed 's/d/D/'`
921 # announce files that have been saved during disaster recovery
922 for xffile in [A-Z]f*
926 echo \-n " <panic: $xffile>" > /dev/console
931 Figure 1 \(em A complex startup script
934 .sh 3 "/etc/mail/helpfile"
936 This is the help file used by the SMTP
939 It should be copied from
940 .q sendmail/helpfile :
942 cp sendmail/helpfile /etc/mail/helpfile
944 The actual path of this file
950 .sh 3 "/etc/mail/statistics"
952 If you wish to collect statistics
953 about your mail traffic,
954 you should create the file
955 .q /etc/mail/statistics :
957 cp /dev/null /etc/mail/statistics
958 chmod 0600 /etc/mail/statistics
960 This file does not grow.
961 It is printed with the program
962 .q mailstats/mailstats.c.
963 The actual path of this file
969 .sh 3 "/usr/\*(SB/mailq"
980 will print the contents of the mail queue;
982 This should be a link to /usr/\*(SD/sendmail.
986 stores its current pid in the file specified by the
988 option (default is _PATH_SENDMAILPID).
992 (which defaults to 0600) as
993 the permissions of that file
994 to prevent local denial of service attacks
995 as explained in the top level
997 in the sendmail distribution.
998 If the file already exists, then it might be necessary to
999 change the permissions accordingly, e.g.,
1001 chmod 0600 /var/run/sendmail.pid
1003 Note that as of version 8.13, this file is unlinked when
1006 As a result of this change, a script such as the following,
1007 which may have worked prior to 8.13, will no longer work:
1009 # stop & start sendmail
1010 PIDFILE=/var/run/sendmail.pid
1011 kill `head -1 $PIDFILE`
1014 because it assumes that the pidfile will still exist even
1015 after killing the process to which it refers.
1016 Below is a script which will work correctly
1017 on both newer and older versions:
1019 # stop & start sendmail
1020 PIDFILE=/var/run/sendmail.pid
1021 pid=`head -1 $PIDFILE`
1022 cmd=`tail -1 $PIDFILE`
1026 This is just an example script, it does not perform any error checks,
1027 e.g., whether the pidfile exists at all.
1030 To prevent local denial of service attacks
1031 as explained in the top level
1033 in the sendmail distribution,
1034 the permissions of map files created by
1037 The use of 0640 implies that only trusted users belong to the group
1038 assigned to those files.
1039 If those files already exist, then it might be necessary to
1040 change the permissions accordingly, e.g.,
1043 chmod 0640 *.db *.pag *.dir
1045 .sh 1 "NORMAL OPERATIONS"
1046 .sh 2 "The System Log"
1048 The system log is supported by the
1053 are logged under the
1057 \**Except on Ultrix,
1058 which does not support facilities in the syslog.
1062 Each line in the system log
1063 consists of a timestamp,
1064 the name of the machine that generated it
1065 (for logging from several machines
1066 over the local area network),
1071 \**This format may vary slightly if your vendor has changed
1074 Most messages are a sequence of
1080 The two most common lines are logged when a message is processed.
1081 The first logs the receipt of a message;
1082 there will be exactly one of these per message.
1083 Some fields may be omitted if they do not contain interesting information.
1086 The envelope sender address.
1088 The size of the message in bytes.
1090 The class (i.e., numeric precedence) of the message.
1092 The initial message priority (used for queue sorting).
1094 The number of envelope recipients for this message
1095 (after aliasing and forwarding).
1097 The message id of the message (from the header).
1099 The message body type (7BIT or 8BITMIME),
1100 as determined from the envelope.
1102 The protocol used to receive this message (e.g., ESMTP or UUCP)
1104 The daemon name from the
1105 .b DaemonPortOptions
1108 The machine from which it was received.
1110 There is also one line logged per delivery attempt
1111 (so there can be several per message if delivery is deferred
1112 or there are multiple recipients).
1115 A comma-separated list of the recipients to this mailer.
1117 The ``controlling user'', that is, the name of the user
1118 whose credentials we use for delivery.
1120 The total delay between the time this message was received
1121 and the current delivery attempt.
1123 The amount of time needed in this delivery attempt
1124 (normally indicative of the speed of the connection).
1126 The name of the mailer used to deliver to this recipient.
1128 The name of the host that actually accepted (or rejected) this recipient.
1130 The enhanced error code (RFC 2034) if available.
1132 The delivery status.
1134 Not all fields are present in all messages;
1135 for example, the relay is usually not listed for local deliveries.
1140 or an equivalent installed,
1141 you will be able to do logging.
1142 There is a large amount of information that can be logged.
1143 The log is arranged as a succession of levels.
1145 only extremely strange situations are logged.
1146 At the highest level,
1147 even the most mundane and uninteresting events
1148 are recorded for posterity.
1150 log levels under ten
1151 are considered generally
1154 are reserved for debugging purposes.
1155 Levels from 11\-64 are reserved for verbose information
1156 that some sites might want.
1158 A complete description of the log levels
1159 is given in section ``Log Level''.
1160 .sh 2 "Dumping State"
1164 to log a dump of the open files
1165 and the connection cache
1169 The results are logged at
1172 .sh 2 "The Mail Queues"
1174 Mail messages may either be delivered immediately or be held for later
1176 Held messages are placed into a holding directory called a mail queue.
1178 A mail message may be queued for these reasons:
1180 If a mail message is temporarily undeliverable, it is queued
1181 and delivery is attempted later.
1182 If the message is addressed to multiple recipients, it is queued
1183 only for those recipients to whom delivery is not immediately possible.
1185 If the SuperSafe option is set to true,
1186 all mail messages are queued while delivery is attempted.
1188 If the DeliveryMode option is set to queue-only or defer,
1189 all mail is queued, and no immediate delivery is attempted.
1191 If the load average becomes higher than the value of the QueueLA option
1196 option divided by the difference in the current load average and the
1199 is less than the priority of the message,
1200 messages are queued rather than immediately delivered.
1202 One or more addresses are marked as expensive and delivery is postponed
1203 until the next queue run or one or more address are marked as held via
1204 mailer which uses the hold mailer flag.
1206 The mail message has been marked as quarantined via a mail filter or
1209 .sh 3 "Queue Groups and Queue Directories"
1211 There are one or more mail queues.
1212 Each mail queue belongs to a queue group.
1213 There is always a default queue group that is called ``mqueue''
1214 (which is where messages go by default unless otherwise specified).
1215 The directory or directories which comprise the default queue group
1216 are specified by the QueueDirectory option.
1217 There are zero or more
1218 additional named queue groups declared using the
1220 command in the configuration file.
1222 By default, a queued message is placed in the queue group
1223 associated with the first recipient in the recipient list.
1224 A recipient address is mapped to a queue group as follows.
1225 First, if there is a ruleset called ``queuegroup'',
1226 and if this ruleset maps the address to a queue group name,
1227 then that queue group is chosen.
1228 That is, the argument for the ruleset is the recipient address
1229 and the result should be
1231 followed by the name of a queue group.
1232 Otherwise, if the mailer associated with the address specifies
1233 a queue group, then that queue group is chosen.
1234 Otherwise, the default queue group is chosen.
1236 A message with multiple recipients will be split
1237 if different queue groups are chosen
1238 by the mapping of recipients to queue groups.
1240 When a message is placed in a queue group, and the queue group has
1241 more than one queue, a queue is selected randomly.
1243 If a message with multiple recipients is placed into a queue group
1244 with the 'r' option (maximum number of recipients per message)
1245 set to a positive value
1247 and if there are more than
1250 in the message, then the message will be split into multiple messages,
1251 each of which have at most
1255 Notice: if multiple queue groups are used, do
1257 move queue files around, e.g., into a different queue directory.
1258 This may have weird effects and can cause mail not to be delivered.
1259 Queue files and directories should be treated as opaque
1260 and should not be manipulated directly.
1264 has two different ways to process the queue(s).
1265 The first one is to start queue runners after certain intervals
1266 (``normal'' queue runners),
1267 the second one is to keep queue runner processes around
1268 (``persistent'' queue runners).
1269 How to select either of these types is discussed in the appendix
1270 ``COMMAND LINE FLAGS''.
1271 Persistent queue runners have the advantage that no new processes
1272 need to be spawned at certain intervals; they just sleep for
1273 a specified time after they finished a queue run.
1274 Another advantage of persistent queue runners is that only one process
1275 belonging to a workgroup (a workgroup is a set of queue groups)
1276 collects the data for a queue run
1277 and then multiple queue runner may go ahead using that data.
1278 This can significantly reduce the disk I/O necessary to read the
1279 queue files compared to starting multiple queue runners directly.
1280 Their disadvantage is that a new queue run is only started
1281 after all queue runners belonging to a group finished their tasks.
1282 In case one of the queue runners tries delivery to a slow recipient site
1283 at the end of a queue run, the next queue run may be substantially delayed.
1284 In general this should be smoothed out due to the distribution of
1285 those slow jobs, however, for sites with small number of
1286 queue entries this might introduce noticable delays.
1287 In general, persistent queue runners are only useful for
1288 sites with big queues.
1289 .sh 3 "Manual Intervention"
1291 Under normal conditions the mail queue will be processed transparently.
1292 However, you may find that manual intervention is sometimes necessary.
1294 if a major host is down for a period of time
1295 the queue may become clogged.
1298 ought to recover gracefully when the host comes up,
1299 you may find performance unacceptably bad in the meantime.
1300 In that case you want to check the content of the queue
1301 and manipulate it as explained in the next two sections.
1302 .sh 3 "Printing the queue"
1304 The contents of the queue(s) can be printed
1308 (or by specifying the
1315 This will produce a listing of the queue id's,
1316 the size of the message,
1317 the date the message entered the queue,
1318 and the sender and recipients.
1319 If shared memory support is compiled in,
1322 can be used to print the number of entries in the queue(s),
1323 provided a process updates the data.
1324 However, as explained earlier, the output might be slightly wrong,
1325 since access to the shared memory is not locked.
1327 ``unknown number of entries''
1329 The internal counters are updated after each queue run
1330 to the correct value again.
1331 .sh 3 "Forcing the queue"
1334 should run the queue automatically at intervals.
1335 When using multiple queues,
1336 a separate process will by default be created to
1337 run each of the queues
1338 unless the queue run is initiated by a user
1339 with the verbose flag.
1340 The algorithm is to read and sort the queue,
1341 and then to attempt to process all jobs in order.
1342 When it attempts to run the job,
1344 first checks to see if the job is locked.
1345 If so, it ignores the job.
1347 There is no attempt to insure that only one queue processor
1349 since there is no guarantee that a job cannot take forever
1353 does include heuristics to try to abort jobs
1354 that are taking absurd amounts of time;
1355 technically, this violates RFC 821, but is blessed by RFC 1123).
1356 Due to the locking algorithm,
1357 it is impossible for one job to freeze the entire queue.
1359 an uncooperative recipient host
1360 or a program recipient
1362 can accumulate many processes in your system.
1364 there is no completely general way to solve this.
1367 you may find that a major host going down
1368 for a couple of days
1369 may create a prohibitively large queue.
1372 spending an inordinate amount of time
1374 This situation can be fixed by moving the queue to a temporary place
1375 and creating a new queue.
1376 The old queue can be run later when the offending host returns to service.
1379 it is acceptable to move the entire queue directory:
1382 mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue
1384 You should then kill the existing daemon
1385 (since it will still be processing in the old queue directory)
1386 and create a new daemon.
1388 To run the old mail queue, issue the following command:
1390 /usr/\*(SD/sendmail \-C /etc/mail/queue.cf \-q
1394 flag specifies an alternate configuration file
1396 which should refer to the moved queue directory
1398 O QueueDirectory=/var/spool/omqueue
1402 flag says to just run every job in the queue.
1403 You can also specify the moved queue directory on the command line
1405 /usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
1407 but this requires that you do not have
1408 queue groups in the configuration file,
1409 because those are not subdirectories of the moved directory.
1410 See the section about ``Queue Group Declaration'' for details;
1411 you most likely need a different configuration file to correctly deal
1413 However, a proper configuration of queue groups should avoid
1414 filling up queue directories, so you shouldn't run into
1416 If you have a tendency toward voyeurism,
1419 flag to watch what is going on.
1421 When the queue is finally emptied,
1422 you can remove the directory:
1424 rmdir /var/spool/omqueue
1426 .sh 3 "Quarantined Queue Items"
1428 It is possible to "quarantine" mail messages,
1429 otherwise known as envelopes.
1430 Envelopes (queue files) are stored but not considered for delivery or
1431 display unless the "quarantine" state of the envelope is undone or
1432 delivery or display of quarantined items is requested.
1433 Quarantined messages are tagged by using a different name for the queue
1434 file, 'hf' instead of 'qf', and by adding the quarantine reason to the
1437 Delivery or display of quarantined items can be requested using the
1443 Additionally, messages already in the queue can be quarantined or
1444 unquarantined using the new
1449 sendmail -Qreason -q[!][I|R|S][matchstring]
1451 Quarantines the normal queue items matching the criteria specified by the
1452 .b "-q[!][I|R|S][matchstring]"
1453 using the reason given on the
1458 sendmail -qQ -Q[reason] -q[!][I|R|S|Q][matchstring]
1460 Change the quarantine reason for the quarantined items matching the
1461 criteria specified by the
1462 .b "-q[!][I|R|S|Q][matchstring]"
1463 using the reason given on the
1466 If there is no reason,
1467 unquarantine the matching items and make them normal queue items.
1470 flag tells sendmail to operate on quarantined items instead of normal items.
1471 .sh 2 "Disk Based Connection Information"
1474 stores a large amount of information about each remote system it
1475 has connected to in memory. It is possible to preserve some
1476 of this information on disk as well, by using the
1477 .b HostStatusDirectory
1478 option, so that it may be shared between several invocations of
1480 This allows mail to be queued immediately or skipped during a queue run if
1481 there has been a recent failure in connecting to a remote machine.
1482 Note: information about a remote system is stored in a file
1483 whose pathname consists of the components of the hostname in reverse order.
1484 For example, the information for
1487 .b com./example./host .
1488 For top-level domains like
1490 this can create a large number of subdirectories
1491 which on some filesystems can exhaust some limits.
1492 Moreover, the performance of lookups in directory with thousands of entries
1493 can be fairly slow depending on the filesystem implementation.
1495 Additionally enabling
1496 .b SingleThreadDelivery
1497 has the added effect of single-threading mail delivery to a destination.
1498 This can be quite helpful
1499 if the remote machine is running an SMTP server that is easily overloaded
1500 or cannot accept more than a single connection at a time,
1501 but can cause some messages to be punted to a future queue run.
1504 hosts, so setting this because you have one machine on site
1505 that runs some software that is easily overrun
1506 can cause mail to other hosts to be slowed down.
1507 If this option is set,
1508 you probably want to set the
1510 option as well and run the queue fairly frequently;
1511 this way jobs that are skipped because another
1513 is talking to the same host will be tried again quickly
1514 rather than being delayed for a long time.
1516 The disk based host information is stored in a subdirectory of the
1521 \**This is the usual value of the
1522 .b HostStatusDirectory
1524 it can, of course, go anywhere you like in your filesystem.
1526 Removing this directory and its subdirectories has an effect similar to
1529 command and is completely safe.
1532 only removes expired (Timeout.hoststatus) data.
1533 The information in these directories can
1536 command, which will indicate the host name, the last access, and the
1537 status of that access.
1538 An asterisk in the left most column indicates that a
1540 process currently has the host locked for mail delivery.
1542 The disk based connection information is treated the same way as memory based
1543 connection information for the purpose of timeouts.
1544 By default, information about host failures is valid for 30 minutes.
1545 This can be adjusted with
1547 .b Timeout.hoststatus
1550 The connection information stored on disk may be expired at any time
1553 command or by invoking sendmail with the
1556 The connection information may be viewed with the
1558 command or by invoking sendmail with the
1561 .sh 2 "The Service Switch"
1563 The implementation of certain system services
1564 such as host and user name lookup
1565 is controlled by the service switch.
1566 If the host operating system supports such a switch,
1567 and sendmail knows about it,
1569 will use the native version.
1570 Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**.
1572 \**HP-UX 10 has service switch support,
1573 but since the APIs are apparently not available in the libraries
1575 does not use the native service switch in this release.
1578 If the underlying operating system does not support a service switch
1579 (e.g., SunOS 4.X, HP-UX, BSD)
1582 will provide a stub implementation.
1584 .b ServiceSwitchFile
1585 option points to the name of a file that has the service definitions.
1586 Each line has the name of a service
1587 and the possible implementations of that service.
1588 For example, the file:
1595 to look for hosts in the Domain Name System first.
1596 If the requested host name is not found, it tries local files,
1597 and if that fails it tries NIS.
1598 Similarly, when looking for aliases
1599 it will try the local files first followed by NIS.
1603 must access MX records for correct operation, it will use
1604 DNS if it is configured in the
1605 .b ServiceSwitchFile
1611 will not avoid DNS lookups even if a host can be found
1614 Service switches are not completely integrated.
1615 For example, despite the fact that the host entry listed in the above example
1616 specifies to look in NIS,
1617 on SunOS this won't happen because the system implementation of
1618 .i gethostbyname \|(3)
1619 doesn't understand this.
1620 .sh 2 "The Alias Database"
1622 After recipient addresses are read from the SMTP connection
1624 they are parsed by ruleset 0,
1625 which must resolve to a
1631 If the flags selected by the
1638 part of the triple is looked up as the key
1639 (i.e., the left hand side)
1640 in the alias database.
1641 If there is a match, the address is deleted from the send queue
1642 and all addresses on the right hand side of the alias
1643 are added in place of the alias that was found.
1644 This is a recursive operation,
1645 so aliases found in the right hand side of the alias
1646 are similarly expanded.
1648 The alias database exists in two forms.
1650 maintained in the file
1651 .i /etc/mail/aliases.
1652 The aliases are of the form
1654 name: name1, name2, ...
1656 Only local names may be aliased;
1659 eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU
1661 will not have the desired effect
1662 (except on prep.ai.MIT.EDU,
1663 and they probably don't want me)\**.
1665 \**Actually, any mailer that has the `A' mailer flag set
1666 will permit aliasing;
1667 this is normally limited to the local mailer.
1669 Aliases may be continued by starting any continuation lines
1670 with a space or a tab or by putting a backslash directly before
1672 Blank lines and lines beginning with a sharp sign
1677 The second form is processed by the
1682 package does not work.
1684 or the Berkeley DB library.
1685 This form is in the file
1686 .i /etc/mail/aliases.db
1689 .i /etc/mail/aliases.dir
1691 .i /etc/mail/aliases.pag
1693 This is the form that
1695 actually uses to resolve aliases.
1696 This technique is used to improve performance.
1698 The control of search order is actually set by the service switch.
1699 Essentially, the entry
1701 O AliasFile=switch:aliases
1703 is always added as the first alias entry;
1704 also, the first alias file name without a class
1708 will be used as the name of the file for a ``files'' entry
1709 in the aliases switch.
1710 For example, if the configuration file contains
1712 O AliasFile=/etc/mail/aliases
1714 and the service switch contains
1716 aliases nis files nisplus
1718 then aliases will first be searched in the NIS database,
1719 then in /etc/mail/aliases,
1720 then in the NIS+ database.
1725 For example, the specification:
1727 O AliasFile=/etc/mail/aliases
1728 O AliasFile=nis:mail.aliases@my.nis.domain
1730 will first search the /etc/mail/aliases file
1731 and then the map named
1735 Warning: if you build your own
1738 be sure to provide the
1742 to map upper case letters in the keys to lower case;
1743 otherwise, aliases with upper case letters in their names
1744 won't match incoming addresses.
1746 Additional flags can be added after the colon
1749 line \(em for example:
1751 O AliasFile=nis:\-N mail.aliases@my.nis.domain
1753 will search the appropriate NIS map and always include null bytes in the key.
1756 O AliasFile=nis:\-f mail.aliases@my.nis.domain
1758 will prevent sendmail from downcasing the key before the alias lookup.
1759 .sh 3 "Rebuilding the alias database"
1765 version of the database
1766 may be rebuilt explicitly by executing the command
1770 This is equivalent to giving
1776 /usr/\*(SD/sendmail \-bi
1779 If you have multiple aliases databases specified,
1782 flag rebuilds all the database types it understands
1783 (for example, it can rebuild NDBM databases but not NIS databases).
1784 .sh 3 "Potential problems"
1786 There are a number of problems that can occur
1787 with the alias database.
1788 They all result from a
1790 process accessing the DBM version
1791 while it is only partially built.
1792 This can happen under two circumstances:
1793 One process accesses the database
1794 while another process is rebuilding it,
1795 or the process rebuilding the database dies
1796 (due to being killed or a system crash)
1797 before completing the rebuild.
1799 Sendmail has three techniques to try to relieve these problems.
1800 First, it ignores interrupts while rebuilding the database;
1801 this avoids the problem of someone aborting the process
1802 leaving a partially rebuilt database.
1804 it locks the database source file during the rebuild \(em
1805 but that may not work over NFS or if the file is unwritable.
1807 at the end of the rebuild
1808 it adds an alias of the form
1812 (which is not normally legal).
1815 will access the database,
1816 it checks to insure that this entry exists\**.
1820 option is required in the configuration
1821 for this action to occur.
1822 This should normally be specified.
1826 If an error occurs on sending to a certain address,
1830 will look for an alias
1833 to receive the errors.
1834 This is typically useful
1836 where the submitter of the list
1837 has no control over the maintenance of the list itself;
1838 in this case the list maintainer would be the owner of the list.
1841 unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
1843 owner-unix-wizards: unix-wizards-request
1844 unix-wizards-request: eric@ucbarpa
1848 to get the error that will occur
1849 when someone sends to
1851 due to the inclusion of
1855 List owners also cause the envelope sender address to be modified.
1856 The contents of the owner alias are used if they point to a single user,
1857 otherwise the name of the alias itself is used.
1858 For this reason, and to obey Internet conventions,
1861 address normally points at the
1863 address; this causes messages to go out with the typical Internet convention
1866 as the return address.
1867 .sh 2 "User Information Database"
1869 This option is deprecated, use virtusertable and genericstable instead
1872 If you have a version of
1874 with the user information database
1876 and you have specified one or more databases using the
1879 the databases will be searched for a
1882 If found, the mail will be sent to the specified address.
1883 .sh 2 "Per-User Forwarding (.forward Files)"
1885 As an alternative to the alias database,
1886 any user may put a file with the name
1888 in his or her home directory.
1889 If this file exists,
1891 redirects mail for that user
1892 to the list of addresses listed in the .forward file.
1893 Note that aliases are fully expanded before forward files are referenced.
1894 For example, if the home directory for user
1896 has a .forward file with contents:
1901 then any mail arriving for
1903 will be redirected to the specified accounts.
1905 Actually, the configuration file defines a sequence of filenames to check.
1906 By default, this is the user's .forward file,
1907 but can be defined to be more generally using the
1911 you will have to inform your user base of the change;
1912 \&.forward is pretty well incorporated into the collective subconscious.
1913 .sh 2 "Special Header Lines"
1915 Several header lines have special interpretations
1916 defined by the configuration file.
1917 Others have interpretations built into
1919 that cannot be changed without changing the code.
1920 These built-ins are described here.
1923 If errors occur anywhere during processing,
1924 this header will cause error messages to go to
1925 the listed addresses.
1926 This is intended for mailing lists.
1928 The Errors-To: header was created in the bad old days
1929 when UUCP didn't understand the distinction between an envelope and a header;
1930 this was a hack to provide what should now be passed
1931 as the envelope sender address.
1933 It is only used if the
1937 The Errors-To: header is officially deprecated
1938 and will go away in a future release.
1939 .sh 3 "Apparently-To:"
1941 RFC 822 requires at least one recipient field
1942 (To:, Cc:, or Bcc: line)
1944 If a message comes in with no recipients listed in the message
1947 will adjust the header based on the
1948 .q NoRecipientAction
1950 One of the possible actions is to add an
1952 header line for any recipients it is aware of.
1954 The Apparently-To: header is non-standard
1955 and is both deprecated and strongly discouraged.
1958 The Precedence: header can be used as a crude control of message priority.
1959 It tweaks the sort order in the queue
1960 and can be configured to change the message timeout values.
1961 The precedence of a message also controls how
1962 delivery status notifications (DSNs)
1963 are processed for that message.
1964 .sh 2 "IDENT Protocol Support"
1967 supports the IDENT protocol as defined in RFC 1413.
1968 Note that the RFC states
1969 a client should wait at least 30 seconds for a response.
1970 The default Timeout.ident is 5 seconds
1971 as many sites have adopted the practice of dropping IDENT queries.
1972 This has lead to delays processing mail.
1973 Although this enhances identification
1974 of the author of an email message
1975 by doing a ``call back'' to the originating system to include
1976 the owner of a particular TCP connection
1978 it is in no sense perfect;
1979 a determined forger can easily spoof the IDENT protocol.
1980 The following description is excerpted from RFC 1413:
1983 6. Security Considerations
1985 The information returned by this protocol is at most as trustworthy
1986 as the host providing it OR the organization operating the host. For
1987 example, a PC in an open lab has few if any controls on it to prevent
1988 a user from having this protocol return any identifier the user
1989 wants. Likewise, if the host has been compromised the information
1990 returned may be completely erroneous and misleading.
1992 The Identification Protocol is not intended as an authorization or
1993 access control protocol. At best, it provides some additional
1994 auditing information with respect to TCP connections. At worst, it
1995 can provide misleading, incorrect, or maliciously incorrect
1998 The use of the information returned by this protocol for other than
1999 auditing is strongly discouraged. Specifically, using Identification
2000 Protocol information to make access control decisions - either as the
2001 primary method (i.e., no other checks) or as an adjunct to other
2002 methods may result in a weakening of normal host security.
2004 An Identification server may reveal information about users,
2005 entities, objects or processes which might normally be considered
2006 private. An Identification server provides service which is a rough
2007 analog of the CallerID services provided by some phone companies and
2008 many of the same privacy considerations and arguments that apply to
2009 the CallerID service apply to Identification. If you wouldn't run a
2010 "finger" server due to privacy considerations you may not want to run
2014 In some cases your system may not work properly with IDENT support
2015 due to a bug in the TCP/IP implementation.
2016 The symptoms will be that for some hosts
2017 the SMTP connection will be closed
2019 If this is true or if you do not want to use IDENT,
2020 you should set the IDENT timeout to zero;
2021 this will disable the IDENT protocol.
2024 The complete list of arguments to
2026 is described in detail in Appendix A.
2027 Some important arguments are described here.
2028 .sh 2 "Queue Interval"
2030 The amount of time between forking a process
2031 to run through the queue is defined by the
2034 If you run with delivery mode set to
2038 this can be relatively large, since it will only be relevant
2039 when a host that was down comes back up.
2042 mode it should be relatively short,
2043 since it defines the maximum amount of time that a message
2044 may sit in the queue.
2045 (See also the MinQueueAge option.)
2047 RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
2048 (although that probably doesn't make sense if you use ``queue-only'' mode).
2050 Notice: the meaning of the interval time depends on whether normal
2051 queue runners or persistent queue runners are used.
2052 For the former, it is the time between subsequent starts of a queue run.
2053 For the latter, it is the time sendmail waits after a persistent queue
2054 runner has finished its work to start the next one.
2055 Hence for persistent queue runners this interval should be very low,
2056 typically no more than two minutes.
2059 If you allow incoming mail over an IPC connection,
2060 you should have a daemon running.
2061 This should be set by your
2070 flag may be combined in one call:
2072 /usr/\*(SD/sendmail \-bd \-q30m
2075 An alternative approach is to invoke sendmail from
2079 flags to ask sendmail to speak SMTP on its standard input and output
2081 This works and allows you to wrap
2083 in a TCP wrapper program,
2084 but may be a bit slower since the configuration file
2085 has to be re-read on every message that comes in.
2086 If you do this, you still need to have a
2088 running to flush the queue:
2090 /usr/\*(SD/sendmail \-q30m
2092 .sh 2 "Forcing the Queue"
2094 In some cases you may find that the queue has gotten clogged for some reason.
2095 You can force a queue run
2098 flag (with no value).
2099 It is entertaining to use the
2102 when this is done to watch what happens:
2104 /usr/\*(SD/sendmail \-q \-v
2107 You can also limit the jobs to those with a particular queue identifier,
2108 recipient, sender, quarantine reason, or queue group
2109 using one of the queue modifiers.
2112 restricts the queue run to jobs that have the string
2114 somewhere in one of the recipient addresses.
2117 limits the run to particular senders,
2119 limits it to particular queue identifiers, and
2121 limits it to particular quarantined reasons and only operated on
2122 quarantined queue items, and
2124 limits it to a particular queue group.
2125 The named queue group will be run even if it is set to have 0 runners.
2126 You may also place an
2136 to indicate that jobs are limited to not including a particular queue
2137 identifier, recipient or sender.
2140 limits the queue run to jobs that do not have the string
2142 somewhere in one of the recipient addresses.
2143 Should you need to terminate the queue jobs currently active then a SIGTERM
2144 to the parent of the process (or processes) will cleanly stop the jobs.
2147 There are a fairly large number of debug flags
2150 Each debug flag has a category and a level.
2151 Higher levels increase the level of debugging activity;
2152 in most cases, this means to print out more information.
2153 The convention is that levels greater than nine are
2156 they print out so much information that you wouldn't normally
2157 want to see them except for debugging that particular piece of code.
2161 run a production sendmail server in debug mode.
2162 Many of the debug flags will result in debug output being sent over the
2163 SMTP channel unless the option
2166 This will confuse many mail programs.
2167 However, for testing purposes, it can be useful
2168 when sending mail manually via
2169 telnet to the port you are using while debugging.
2171 A debug category is either an integer, like 42,
2172 or a name, like ANSI.
2173 You can specify a range of numeric debug categories
2174 using the syntax 17-42.
2175 You can specify a set of named debug categories using
2182 are supported in these glob patterns.
2184 Debug flags are set using the
2189 .ta \w'debug-categories:M 'u
2190 debug-flag: \fB\-d\fP debug-list
2191 debug-list: debug-option [ , debug-option ]*
2192 debug-option: debug-categories [ . debug-level ]
2193 debug-categories: integer | integer \- integer | category-pattern
2194 category-pattern: [a-zA-Z_*?][a-zA-Z0-9_*?]*
2195 debug-level: integer
2197 where spaces are for reading ease only.
2200 \-d12 Set category 12 to level 1
2201 \-d12.3 Set category 12 to level 3
2202 \-d3\-17 Set categories 3 through 17 to level 1
2203 \-d3\-17.4 Set categories 3 through 17 to level 4
2204 \-dANSI Set category ANSI to level 1
2205 \-dsm_trace_*.3 Set all named categories matching sm_trace_* to level 3
2207 For a complete list of the available debug flags
2208 you will have to look at the code
2211 file in the sendmail distribution
2212 (they are too dynamic to keep this document up to date).
2213 For a list of named debug categories in the sendmail binary, use
2215 ident /usr/sbin/sendmail | grep Debug
2217 .sh 2 "Changing the Values of Options"
2219 Options can be overridden using the
2226 /usr/\*(SD/sendmail \-oT2m
2230 (timeout) option to two minutes
2232 the equivalent line using the long option name is
2234 /usr/\*(SD/sendmail -OTimeout.queuereturn=2m
2237 Some options have security implications.
2238 Sendmail allows you to set these,
2239 but relinquishes its set-user-ID or set-group-ID permissions thereafter\**.
2241 \**That is, it sets its effective uid to the real uid;
2242 thus, if you are executing as root,
2243 as from root's crontab file or during system startup
2244 the root permissions will still be honored.
2246 .sh 2 "Trying a Different Configuration File"
2248 An alternative configuration file
2249 can be specified using the
2253 /usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
2255 uses the configuration file
2257 instead of the default
2258 .i /etc/mail/sendmail.cf.
2264 in the current directory.
2267 gives up set-user-ID root permissions
2268 (if it has been installed set-user-ID root)
2269 when you use this flag, so it is common to use a publicly writable directory
2271 as the queue directory (QueueDirectory or Q option) while testing.
2272 .sh 2 "Logging Traffic"
2274 Many SMTP implementations do not fully implement the protocol.
2275 For example, some personal computer based SMTPs
2276 do not understand continuation lines in reply codes.
2277 These can be very hard to trace.
2278 If you suspect such a problem, you can set traffic logging using the
2283 /usr/\*(SD/sendmail \-X /tmp/traffic \-bd
2285 will log all traffic in the file
2288 This logs a lot of data very quickly and should
2291 during normal operations.
2292 After starting up such a daemon,
2293 force the errant implementation to send a message to your host.
2294 All message traffic in and out of
2296 including the incoming SMTP traffic,
2297 will be logged in this file.
2298 .sh 2 "Testing Configuration Files"
2300 When you build a configuration table,
2301 you can do a certain amount of testing
2311 sendmail \-bt \-Ctest.cf
2313 which would read the configuration file
2315 and enter test mode.
2317 you enter lines of the form:
2323 is the rewriting set you want to use
2326 is an address to apply the set to.
2327 Test mode shows you the steps it takes
2329 finally showing you the address it ends up with.
2330 You may use a comma separated list of rwsets
2331 for sequential application of rules to an input.
2334 3,1,21,4 monet:bollard
2336 first applies ruleset three to the input
2338 Ruleset one is then applied to the output of ruleset three,
2339 followed similarly by rulesets twenty-one and four.
2341 If you need more detail,
2342 you can also use the
2344 flag to turn on more debugging.
2347 sendmail \-bt \-d21.99
2349 turns on an incredible amount of information;
2350 a single word address
2351 is probably going to print out several pages worth of information.
2353 You should be warned that internally,
2355 applies ruleset 3 to all addresses.
2357 you will have to do that manually.
2358 For example, older versions allowed you to use
2360 0 bruce@broadcast.sony.com
2362 This version requires that you use:
2364 3,0 bruce@broadcast.sony.com
2368 some other syntaxes are available in test mode:
2373 to have the indicated
2375 This is useful when debugging rules that use the
2385 dumps the contents of the indicated ruleset.
2387 is equivalent to the command-line flag.
2389 Version 8.9 introduced more features:
2392 shows a help message.
2394 display the known mailers.
2396 print the value of macro m.
2398 print the contents of class c.
2400 returns the MX records for `host'.
2402 parse address, returning the value of
2404 and the parsed address.
2405 .ip /try\ mailer\ addr
2406 rewrite address into the form it will have when
2407 presented to the indicated mailer.
2408 .ip /tryflags\ flags
2409 set flags used by parsing. The flags can be `H' for
2410 Header or `E' for Envelope, and `S' for Sender or `R'
2411 for Recipient. These can be combined, `HR' sets
2412 flags for header recipients.
2413 .ip /canon\ hostname
2414 try to canonify hostname.
2415 .ip /map\ mapname\ key
2416 look up `key' in the indicated `mapname'.
2418 quit address test mode.
2420 .sh 2 "Persistent Host Status Information"
2423 .b HostStatusDirectory
2425 information about the status of hosts is maintained on disk
2426 and can thus be shared between different instantiations of
2428 The status of the last connection with each remote host
2429 may be viewed with the command:
2433 This information may be flushed with the command:
2437 Flushing the information prevents new
2439 processes from loading it,
2440 but does not prevent existing processes from using the status information
2441 that they already have.
2444 There are a number of configuration parameters
2445 you may want to change,
2446 depending on the requirements of your site.
2447 Most of these are set
2448 using an option in the configuration file.
2451 .q "O Timeout.queuereturn=5d"
2453 .q Timeout.queuereturn
2458 Most of these options have appropriate defaults for most sites.
2460 sites having very high mail loads may find they need to tune them
2461 as appropriate for their mail load.
2463 sites experiencing a large number of small messages,
2464 many of which are delivered to many recipients,
2465 may find that they need to adjust the parameters
2466 dealing with queue priorities.
2471 had single character option names.
2473 options have long (multi-character names).
2474 Although old short names are still accepted,
2475 most new options do not have short equivalents.
2477 This section only describes the options you are most likely
2485 All time intervals are set
2486 using a scaled syntax.
2489 represents ten minutes, whereas
2491 represents two and a half hours.
2492 The full set of scales is:
2501 .sh 3 "Queue interval"
2505 flag specifies how often a sub-daemon will run the queue.
2506 This is typically set to between fifteen minutes and one hour.
2507 If not set, or set to zero,
2508 the queue will not be run automatically.
2509 RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
2510 Should you need to terminate the queue jobs currently active then a SIGTERM
2511 to the parent of the process (or processes) will cleanly stop the jobs.
2512 .sh 3 "Read timeouts"
2514 Timeouts all have option names
2515 .q Timeout.\fIsuboption\fP .
2516 Most of these control SMTP operations.
2519 their default values, and the minimum values
2520 allowed by RFC 2821 section 4.5.3.2 (or RFC 1123 section 5.3.2) are:
2523 The time to wait for an SMTP connection to open
2528 If zero, uses the kernel default.
2529 In no case can this option extend the timeout
2530 longer than the kernel provides, but it can shorten it.
2531 This is to get around kernels that provide an absurdly long connection timeout
2532 (90 minutes in one case).
2536 except it applies only to the initial attempt to connect to a host
2539 The concept is that this should be very short (a few seconds);
2540 hosts that are well connected and responsive will thus be serviced immediately.
2541 Hosts that are slow will not hold up other deliveries in the initial
2545 The overall timeout waiting for all connection for a single delivery
2547 If 0, no overall limit is applied.
2548 This can be used to restrict the total amount of time trying to connect to
2549 a long list of host that could accept an e-mail for the recipient.
2550 This timeout does not apply to
2552 i.e., if the time is exhausted, the
2556 The wait for the initial 220 greeting message
2559 The wait for a reply from a HELO or EHLO command
2561 This may require a host name lookup, so
2562 five minutes is probably a reasonable minimum.
2564 The wait for a reply from a MAIL command
2567 The wait for a reply from a RCPT command
2570 because it could be pointing at a list
2571 that takes a long time to expand
2574 The wait for a reply from a DATA command
2576 .ip datablock\(dg\(dd
2577 The wait for reading a data block
2578 (that is, the body of the message).
2580 This should be long because it also applies to programs
2583 which have no guarantee of promptness.
2585 The wait for a reply from the dot terminating a message.
2587 If this is shorter than the time actually needed
2588 for the receiver to deliver the message,
2589 duplicates will be generated.
2590 This is discussed in RFC 1047.
2592 The wait for a reply from a RSET command
2595 The wait for a reply from a QUIT command
2598 The wait for a reply from miscellaneous (but short) commands
2599 such as NOOP (no-operation) and VERB (go into verbose mode).
2603 the time to wait for another command.
2606 The timeout waiting for a reply to an IDENT query
2607 [5s\**, unspecified].
2609 \**On some systems the default is zero to turn the protocol off entirely.
2612 The wait for a reply to an LMTP LHLO command
2615 The timeout for a reply in an SMTP AUTH dialogue
2618 The timeout for a reply to an SMTP STARTTLS command and the TLS handshake
2621 The timeout for opening .forward and :include: files [60s, none].
2623 The timeout for a complete control socket transaction to complete [2m, none].
2625 How long status information about a host
2627 will be cached before it is considered stale
2629 .ip resolver.retrans\(dd
2631 retransmission time interval
2635 .i Timeout.resolver.retrans.first
2637 .i Timeout.resolver.retrans.normal .
2638 .ip resolver.retrans.first\(dd
2640 retransmission time interval
2642 for the first attempt to
2645 .ip resolver.retrans.normal\(dd
2647 retransmission time interval
2649 for all resolver lookups
2650 except the first delivery attempt
2652 .ip resolver.retry\(dd
2654 to retransmit a resolver query.
2656 .i Timeout.resolver.retry.first
2658 .i Timeout.resolver.retry.normal
2660 .ip resolver.retry.first\(dd
2662 to retransmit a resolver query
2663 for the first attempt
2664 to deliver a message
2666 .ip resolver.retry.normal\(dd
2668 to retransmit a resolver query
2669 for all resolver lookups
2670 except the first delivery attempt
2673 For compatibility with old configuration files,
2677 all the timeouts marked with
2679 (\(dg) are set to the indicated value.
2680 All but those marked with
2682 (\(dd) apply to client SMTP.
2684 For example, the lines:
2686 O Timeout.command=25m
2687 O Timeout.datablock=3h
2689 sets the server SMTP command timeout to 25 minutes
2690 and the input data block timeout to three hours.
2691 .sh 3 "Message timeouts"
2693 After sitting in the queue for a few days,
2694 an undeliverable message will time out.
2695 This is to insure that at least the sender is aware
2696 of the inability to send a message.
2697 The timeout is typically set to five days.
2698 It is sometimes considered convenient to also send a warning message
2699 if the message is in the queue longer than a few hours
2700 (assuming you normally have good connectivity;
2701 if your messages normally took several hours to send
2702 you wouldn't want to do this because it wouldn't be an unusual event).
2703 These timeouts are set using the
2704 .b Timeout.queuereturn
2706 .b Timeout.queuewarn
2707 options in the configuration file
2708 (previously both were set using the
2712 If the message is submitted using the
2716 warning messages will only be sent if
2719 The queuereturn and queuewarn timeouts
2720 can be further qualified with a tag based on the Precedence: field
2724 (indicating a positive non-zero precedence),
2726 (indicating a zero precedence), or
2728 (indicating negative precedences).
2729 For example, setting
2730 .q Timeout.queuewarn.urgent=1h
2731 sets the warning timeout for urgent messages only
2733 The default if no precedence is indicated
2734 is to set the timeout for all precedences.
2735 If the message has a normal (default) precedence
2736 and it is a delivery status notification (DSN),
2737 .b Timeout.queuereturn.dsn
2739 .b Timeout.queuewarn.dsn
2740 can be used to give an alternative warn and return time
2742 The value "now" can be used for
2743 -O Timeout.queuereturn
2744 to return entries immediately during a queue run,
2745 e.g., to bounce messages independent of their time in the queue.
2747 Since these options are global,
2748 and since you cannot know
2750 how long another host outside your domain will be down,
2751 a five day timeout is recommended.
2752 This allows a recipient to fix the problem even if it occurs
2753 at the beginning of a long weekend.
2754 RFC 1123 section 5.3.1.1 says that this parameter
2755 should be ``at least 4\-5 days''.
2758 .b Timeout.queuewarn
2759 value can be piggybacked on the
2761 option by indicating a time after which
2762 a warning message should be sent;
2763 the two timeouts are separated by a slash.
2764 For example, the line
2768 causes email to fail after five days,
2769 but a warning message will be sent after four hours.
2770 This should be large enough that the message will have been tried
2772 .sh 2 "Forking During Queue Runs"
2780 will fork before each individual message
2781 while running the queue.
2782 This option was used with earlier releases to prevent
2784 from consuming large amounts of memory.
2785 It should no longer be necessary with
2792 will keep track of hosts that are down during a queue run,
2793 which can improve performance dramatically.
2799 cannot use connection caching.
2800 .sh 2 "Queue Priorities"
2802 Every message is assigned a priority when it is first instantiated,
2803 consisting of the message size (in bytes)
2804 offset by the message class
2805 (which is determined from the Precedence: header)
2807 .q "work class factor"
2808 and the number of recipients times the
2809 .q "work recipient factor."
2810 The priority is used to order the queue.
2811 Higher numbers for the priority mean that the message will be processed later
2812 when running the queue.
2814 The message size is included so that large messages are penalized
2815 relative to small messages.
2816 The message class allows users to send
2818 messages by including a
2820 field in their message;
2821 the value of this field is looked up in the
2823 lines of the configuration file.
2824 Since the number of recipients affects the amount of load a message presents
2826 this is also included into the priority.
2828 The recipient and class factors
2829 can be set in the configuration file using the
2837 options respectively.
2838 They default to 30000 (for the recipient factor)
2840 (for the class factor).
2841 The initial priority is:
2843 pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
2845 (Remember, higher values for this parameter actually mean
2846 that the job will be treated with lower priority.)
2848 The priority of a job can also be adjusted each time it is processed
2849 (that is, each time an attempt is made to deliver it)
2851 .q "work time factor,"
2857 This is added to the priority,
2858 so it normally decreases the precedence of the job,
2859 on the grounds that jobs that have failed many times
2860 will tend to fail again in the future.
2863 option defaults to 90000.
2864 .sh 2 "Load Limiting"
2867 can be asked to queue (but not deliver) mail
2868 if the system load average gets too high using the
2873 When the load average exceeds the value of the
2875 option, the delivery mode is set to
2881 option divided by the difference in the current load average and the
2884 is less than the priority of the message \(em
2885 that is, the message is queued iff:
2887 pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
2891 option defaults to 600000,
2892 so each point of load average is worth 600000 priority points
2893 (as described above).
2895 For drastic cases, the
2899 option defines a load average at which
2901 will refuse to accept network connections.
2902 Locally generated mail, i.e., mail which is not submitted via SMTP
2903 (including incoming UUCP mail),
2905 Notice that the MSP submits mail to the MTA via SMTP, and hence
2906 mail will be queued in the client queue in such a case.
2907 Therefore it is necessary to run the client mail queue periodically.
2908 .sh 2 "Resource Limits"
2911 has several parameters to control resource usage.
2912 Besides those mentionted in the previous section, there are at least
2913 .b MaxDaemonChildren ,
2914 .b ConnectionRateThrottle ,
2915 .b MaxQueueChildren ,
2917 .b MaxRunnersPerQueue .
2918 The latter two limit the number of
2920 processes that operate on the queue.
2921 These are discussed in the section
2922 ``Queue Group Declaration''.
2923 The former two can be used to limit the number of incoming connections.
2924 Their appropriate values depend on the host operating system and
2925 the hardware, e.g., amount of memory.
2926 In many situations it might be useful to set limits to prevent
2929 processes, however, these limits can be abused to mount a
2930 denial of service attack.
2932 .b MaxDaemonChildren=10
2933 then an attacker needs to open only 10 SMTP sessions to the server,
2934 leave them idle for most of the time,
2935 and no more connections will be accepted.
2936 If this option is set then the timeouts used in a SMTP session
2937 should be lowered from their default values to
2938 their minimum values as specified in RFC 2821 and listed in
2942 .sh 2 "Measures against Denial of Service Attacks"
2945 has some built-in measures against simple denial of service (DoS) attacks.
2946 The SMTP server by default slows down if too many bad commands are
2947 issued or if some commands are repeated too often within a session.
2948 Details can be found in the source file
2949 .b sendmail/srvrsmtp.c
2950 by looking for the macro definitions of
2952 .b MAXNOOPCOMMANDS ,
2953 .b MAXHELOCOMMANDS ,
2954 .b MAXVRFYCOMMANDS ,
2956 .b MAXETRNCOMMANDS .
2957 If an SMTP command is issued more often than the corresponding
2959 value, then the response is delayed exponentially,
2960 starting with a sleep time of one second,
2961 up to a maximum of four minutes (as defined by
2964 .b MaxDaemonChildren
2965 is set to a value greater than zero,
2966 then this could make a DoS attack even worse since it
2967 keeps a connection open longer than necessary.
2968 Therefore a connection is terminated with a 421 SMTP reply code
2969 if the number of commands exceeds the limit by a factor of two and
2971 is set to a value greater than zero (the default is 25).
2972 .sh 2 "Delivery Mode"
2974 There are a number of delivery modes that
2981 configuration option.
2983 specify how quickly mail will be delivered.
2987 i deliver interactively (synchronously)
2988 b deliver in background (asynchronously)
2989 q queue only (don't deliver)
2990 d defer delivery attempts (don't deliver)
2992 There are tradeoffs.
2995 gives the sender the quickest feedback,
2996 but may slow down some mailers and
2997 is hardly ever necessary.
3000 delivers promptly but
3001 can cause large numbers of processes
3002 if you have a mailer that takes a long time to deliver a message.
3005 minimizes the load on your machine,
3006 but means that delivery may be delayed for up to the queue interval.
3009 is identical to mode
3011 except that it also prevents lookups in maps including the
3013 flag from working during the initial queue phase;
3014 it is intended for ``dial on demand'' sites where DNS lookups
3015 might cost real money.
3016 Some simple error messages
3017 (e.g., host unknown during the SMTP protocol)
3018 will be delayed using this mode.
3021 is the usual default.
3030 (deliver in background)
3032 will not expand aliases and follow .forward files
3033 upon initial receipt of the mail.
3034 This speeds up the response to RCPT commands.
3037 should not be used by the SMTP server.
3040 The level of logging can be set for
3042 The default using a standard configuration table is level 9.
3043 The levels are as follows:
3048 Serious system failures and potential security problems.
3050 Lost communications (network problems) and protocol failures.
3052 Other serious failures, malformed addresses, transient forward/include
3053 errors, connection timeouts.
3055 Minor failures, out of date alias databases, connection rejections
3056 via check_ rulesets.
3058 Message collection statistics.
3060 Creation of error messages,
3061 VRFY and EXPN commands.
3063 Delivery failures (host or user unknown, etc.).
3065 Successful deliveries and alias database rebuilds.
3067 Messages being deferred
3068 (due to a host being down, etc.).
3070 Database expansion (alias, forward, and userdb lookups)
3071 and authentication information.
3073 NIS errors and end of job processing.
3075 Logs all SMTP connections.
3077 Log bad user shells, files with improper permissions, and other
3078 questionable situations.
3080 Logs refused connections.
3082 Log all incoming and outgoing SMTP commands.
3084 Logs attempts to run locked queue files.
3085 These are not errors,
3086 but can be useful to note if your queue appears to be clogged.
3088 Lost locks (only if using lockf instead of flock).
3091 values above 64 are reserved for extremely verbose debugging output.
3092 No normal site would ever set these.
3095 The modes used for files depend on what functionality you want
3096 and the level of security you require.
3099 does careful checking of the modes
3100 of files and directories
3101 to avoid accidental compromise;
3102 if you want to make it possible to have group-writable support files
3103 you may need to use the
3104 .b DontBlameSendmail
3105 option to turn off some of these checks.
3106 .sh 3 "To suid or not to suid?"
3109 is no longer installed
3110 set-user-ID to root.
3112 explains how to configure and install
3114 without set-user-ID to root but set-group-ID
3115 which is the default configuration starting with 8.12.
3117 The daemon usually runs as root, unless other measures are taken.
3123 it checks to see if the userid is zero (root);
3125 it resets the userid and groupid to a default
3128 equate in the mailer line;
3129 if that is not set, the
3132 This can be overridden
3136 for mailers that are trusted
3137 and must be called as root.
3139 this will cause mail processing
3144 rather than to the user sending the mail.
3146 A middle ground is to set the
3151 to become the indicated user as soon as it has done the startup
3152 that requires root privileges
3153 (primarily, opening the
3160 .i /var/spool/mqueue )
3161 should be owned by that user,
3162 and all files and databases
3168 and external databases)
3169 must be readable by that user.
3170 Also, since sendmail will not be able to change its uid,
3171 delivery to programs or files will be marked as unsafe,
3172 e.g., undeliverable,
3176 and :include: files.
3177 Administrators can override this by setting the
3178 .b DontBlameSendmail
3179 option to the setting
3180 .b NonRootSafeAddr .
3182 is probably best suited for firewall configurations
3183 that don't have regular user logins.
3184 If the option is used on a system which performs local delivery,
3185 then the local delivery agent must have the proper permissions
3186 (i.e., usually set-user-ID root)
3187 since it will be invoked by the
3190 .sh 3 "Turning off security checks"
3193 is very particular about the modes of files that it reads or writes.
3194 For example, by default it will refuse to read most files
3195 that are group writable
3196 on the grounds that they might have been tampered with
3197 by someone other than the owner;
3198 it will even refuse to read files in group writable directories.
3199 Also, sendmail will refuse to create a new aliases database in an
3200 unsafe directory. You can get around this by manually creating the
3201 database file as a trusted user ahead of time and then rebuilding the
3202 aliases database with
3207 sure that your configuration is safe and you want
3209 to avoid these security checks,
3210 you can turn off certain checks using the
3211 .b DontBlameSendmail
3213 This option takes one or more names that disable checks.
3214 In the descriptions that follow,
3215 .q "unsafe directory"
3216 means a directory that is writable by anyone other than the owner.
3220 No special handling.
3224 system call is restricted to root.
3225 Since some versions of UNIX permit regular users
3226 to give away their files to other users on some filesystems,
3228 often cannot assume that a given file was created by the owner,
3229 particularly when it is in a writable directory.
3230 You can set this flag if you know that file giveaway is restricted
3232 .ip ClassFileInUnsafeDirPath
3233 When reading class files (using the
3235 line in the configuration file),
3236 allow files that are in unsafe directories.
3237 .ip DontWarnForwardFileInUnsafeDirPath
3239 unsafe directory path warnings
3240 for non-existent forward files.
3241 .ip ErrorHeaderInUnsafeDirPath
3242 Allow the file named in the
3244 option to be in an unsafe directory.
3245 .ip FileDeliveryToHardLink
3246 Allow delivery to files that are hard links.
3247 .ip FileDeliveryToSymLink
3248 Allow delivery to files that are symbolic links.
3249 .ip ForwardFileInGroupWritableDirPath
3252 files in group writable directories.
3253 .ip ForwardFileInUnsafeDirPath
3256 files in unsafe directories.
3257 .ip ForwardFileInUnsafeDirPathSafe
3260 file that is in an unsafe directory to include references
3261 to program and files.
3262 .ip GroupReadableKeyFile
3263 Accept a group-readable key file for STARTTLS.
3264 .ip GroupReadableSASLDBFile
3265 Accept a group-readable Cyrus SASL password file.
3266 .ip GroupWritableAliasFile
3267 Allow group-writable alias files.
3268 .ip GroupWritableDirPathSafe
3269 Change the definition of
3270 .q "unsafe directory"
3271 to consider group-writable directories to be safe.
3272 World-writable directories are always unsafe.
3273 .ip GroupWritableForwardFile
3274 Allow group writable
3277 .ip GroupWritableForwardFileSafe
3278 Accept group-writable
3280 files as safe for program and file delivery.
3281 .ip GroupWritableIncludeFile
3285 .ip GroupWritableIncludeFileSafe
3286 Accept group-writable
3288 files as safe for program and file delivery.
3289 .ip GroupWritableSASLDBFile
3290 Accept a group-writable Cyrus SASL password file.
3291 .ip HelpFileInUnsafeDirPath
3292 Allow the file named in the
3294 option to be in an unsafe directory.
3295 .ip IncludeFileInGroupWritableDirPath
3298 files in group writable directories.
3299 .ip IncludeFileInUnsafeDirPath
3302 files in unsafe directories.
3303 .ip IncludeFileInUnsafeDirPathSafe
3306 file that is in an unsafe directory to include references
3307 to program and files.
3308 .ip InsufficientEntropy
3309 Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded
3310 despite the security problems.
3311 .ip LinkedAliasFileInWritableDir
3312 Allow an alias file that is a link in a writable directory.
3313 .ip LinkedClassFileInWritableDir
3314 Allow class files that are links in writable directories.
3315 .ip LinkedForwardFileInWritableDir
3318 files that are links in writable directories.
3319 .ip LinkedIncludeFileInWritableDir
3322 files that are links in writable directories.
3323 .ip LinkedMapInWritableDir
3324 Allow map files that are links in writable directories.
3325 This includes alias database files.
3326 .ip LinkedServiceSwitchFileInWritableDir
3327 Allow the service switch file to be a link
3328 even if the directory is writable.
3329 .ip MapInUnsafeDirPath
3336 in unsafe directories.
3337 This includes alias database files.
3339 Do not mark file and program deliveries as unsafe
3340 if sendmail is not running with root privileges.
3341 .ip RunProgramInUnsafeDirPath
3342 Run programs that are in writable directories without logging a warning.
3343 .ip RunWritableProgram
3344 Run programs that are group- or world-writable without logging a warning.
3346 Allow group or world writable directories
3347 if the sticky bit is set on the directory.
3348 Do not set this on systems which do not honor
3349 the sticky bit on directories.
3350 .ip WorldWritableAliasFile
3351 Accept world-writable alias files.
3352 .ip WorldWritableForwardfile
3353 Allow world writable
3356 .ip WorldWritableIncludefile
3360 .ip WriteMapToHardLink
3361 Allow writes to maps that are hard links.
3362 .ip WriteMapToSymLink
3363 Allow writes to maps that are symbolic links.
3364 .ip WriteStatsToHardLink
3365 Allow the status file to be a hard link.
3366 .ip WriteStatsToSymLink
3367 Allow the status file to be a symbolic link.
3368 .sh 2 "Connection Caching"
3370 When processing the queue,
3372 will try to keep the last few open connections open
3373 to avoid startup and shutdown costs.
3374 This only applies to IPC and LPC connections.
3376 When trying to open a connection
3377 the cache is first searched.
3378 If an open connection is found, it is probed to see if it is still active
3382 It is not an error if this fails;
3383 instead, the connection is closed and reopened.
3385 Two parameters control the connection cache.
3387 .b ConnectionCacheSize
3390 option defines the number of simultaneous open connections
3391 that will be permitted.
3392 If it is set to zero,
3393 connections will be closed as quickly as possible.
3395 This should be set as appropriate for your system size;
3396 it will limit the amount of system resources that
3398 will use during queue runs.
3399 Never set this higher than 4.
3402 .b ConnectionCacheTimeout
3405 option specifies the maximum time that any cached connection
3406 will be permitted to idle.
3407 When the idle time exceeds this value
3408 the connection is closed.
3409 This number should be small
3411 to prevent you from grabbing too many resources
3413 The default is five minutes.
3414 .sh 2 "Name Server Access"
3416 Control of host address lookups is set by the
3418 service entry in your service switch file.
3419 If you are on a system that has built-in service switch support
3420 (e.g., Ultrix, Solaris, or DEC OSF/1)
3421 then your system is probably configured properly already.
3424 will consult the file
3425 .b /etc/mail/service.switch ,
3426 which should be created.
3428 only uses two entries:
3432 although system routines may use other services
3435 service for user name lookups by
3438 However, some systems (such as SunOS 4.X)
3440 regardless of the setting of the service switch entry.
3441 In particular, the system routine
3442 .i gethostbyname (3)
3443 is used to look up host names,
3444 and many vendor versions try some combination of DNS, NIS,
3445 and file lookup in /etc/hosts
3446 without consulting a service switch.
3448 makes no attempt to work around this problem,
3449 and the DNS lookup will be done anyway.
3450 If you do not have a nameserver configured at all,
3451 such as at a UUCP-only site,
3454 .q "connection refused"
3455 message when it tries to connect to the name server.
3458 switch entry has the service
3460 listed somewhere in the list,
3462 will interpret this to mean a temporary failure
3463 and will queue the mail for later processing;
3464 otherwise, it ignores the name server data.
3466 The same technique is used to decide whether to do MX lookups.
3467 If you want MX support, you
3471 listed as a service in the
3479 option allows you to tweak name server options.
3480 The command line takes a series of flags as documented in
3485 Each can be preceded by an optional `+' or `\(mi'.
3486 For example, the line
3488 O ResolverOptions=+AAONLY \(miDNSRCH
3490 turns on the AAONLY (accept authoritative answers only)
3491 and turns off the DNSRCH (search the domain path) options.
3492 Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
3493 flags on and all others off.
3494 If NETINET6 is enabled, most libraries default to USE_INET6 as well.
3495 You can also include
3497 to specify that there is a wildcard MX record matching your domain;
3498 this turns off MX matching when canonifying names,
3499 which can lead to inappropriate canonifications.
3501 .q WorkAroundBrokenAAAA
3502 when faced with a broken nameserver that returns SERVFAIL
3503 (a temporary failure)
3504 on T_AAAA (IPv6) lookups
3505 during hostname canonification.
3506 Notice: it might be necessary to apply the same (or similar) options to
3510 Version level 1 configurations (see the section about
3511 ``Configuration Version Level'')
3512 turn DNSRCH and DEFNAMES off when doing delivery lookups,
3513 but leave them on everywhere else.
3516 ignores them when doing canonification lookups
3517 (that is, when using $[ ... $]),
3518 and always does the search.
3519 If you don't want to do automatic name extension,
3520 don't call $[ ... $].
3522 The search rules for $[ ... $] are somewhat different than usual.
3523 If the name being looked up
3524 has at least one dot, it always tries the unmodified name first.
3525 If that fails, it tries the reduced search path,
3526 and lastly tries the unmodified name
3527 (but only for names without a dot,
3528 since names with a dot have already been tried).
3529 This allows names such as
3531 to match the site in Czechoslovakia
3532 rather than the site in your local Computer Science department.
3533 It also prefers A and CNAME records over MX records \*-
3534 that is, if it finds an MX record it makes note of it,
3536 This way, if you have a wildcard MX record matching your domain,
3537 it will not assume that all names match.
3539 To completely turn off all name server access
3540 on systems without service switch support
3542 you will have to recompile with
3544 and remove \-lresolv from the list of libraries to be searched
3546 .sh 2 "Moving the Per-User Forward Files"
3548 Some sites mount each user's home directory
3549 from a local disk on their workstation,
3550 so that local access is fast.
3551 However, the result is that .forward file lookups
3552 from a central mail server are slow.
3554 mail can even be delivered on machines inappropriately
3555 because of a file server being down.
3556 The performance can be especially bad if you run the automounter.
3562 option allows you to set a path of forward files.
3563 For example, the config file line
3565 O ForwardPath=/var/forward/$u:$z/.forward.$w
3567 would first look for a file with the same name as the user's login
3569 if that is not found (or is inaccessible)
3573 in the user's home directory is searched.
3574 A truly perverse site could also search by sender
3575 by using $r, $s, or $f.
3577 If you create a directory such as /var/forward,
3578 it should be mode 1777
3579 (that is, the sticky bit should be set).
3580 Users should create the files mode 0644.
3581 Note that you must use the
3582 ForwardFileInUnsafeDirPath and
3583 ForwardFileInUnsafeDirPathSafe
3585 .b DontBlameSendmail
3586 option to allow forward files in a world writable directory.
3587 This might also be used as a denial of service attack
3588 (users could create forward files for other users);
3589 a better approach might be to create
3592 and create empty files for each user,
3595 If you do this, you don't have to set the DontBlameSendmail options
3599 On systems that have one of the system calls in the
3606 you can specify a minimum number of free blocks on the queue filesystem
3612 If there are fewer than the indicated number of blocks free
3613 on the filesystem on which the queue is mounted
3614 the SMTP server will reject mail
3617 This invites the SMTP client to try again later.
3619 Beware of setting this option too high;
3620 it can cause rejection of email
3621 when that mail would be processed without difficulty.
3622 .sh 2 "Maximum Message Size"
3624 To avoid overflowing your system with a large message,
3627 option can be set to set an absolute limit
3628 on the size of any one message.
3629 This will be advertised in the ESMTP dialogue
3630 and checked during message collection.
3631 .sh 2 "Privacy Flags"
3637 option allows you to set certain
3640 Actually, many of them don't give you any extra privacy,
3641 rather just insisting that client SMTP servers
3642 use the HELO command
3643 before using certain commands
3644 or adding extra headers to indicate possible spoof attempts.
3646 The option takes a series of flag names;
3647 the final privacy is the inclusive or of those flags.
3650 O PrivacyOptions=needmailhelo, noexpn
3652 insists that the HELO or EHLO command be used before a MAIL command is accepted
3653 and disables the EXPN command.
3655 The flags are detailed in section
3658 .sh 2 "Send to Me Too"
3660 Beginning with version 8.10,
3662 includes by default the (envelope) sender in any list expansions.
3665 sends to a list that contains
3667 as one of the members he will get a copy of the message.
3672 (in the configuration file or via the command line),
3673 this behavior is changed, i.e.,
3674 the (envelope) sender is excluded in list expansions.
3675 .sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
3677 This section describes the configuration file
3680 There is one point that should be made clear immediately:
3681 the syntax of the configuration file
3682 is designed to be reasonably easy to parse,
3683 since this is done every time
3686 rather than easy for a human to read or write.
3687 The configuration file should be generated via the method described in
3689 it should not be edited directly unless someone is familiar
3690 with the internals of the syntax described here and it is
3691 not possible to achieve the desired result via the default method.
3693 The configuration file is organized as a series of lines,
3694 each of which begins with a single character
3695 defining the semantics for the rest of the line.
3696 Lines beginning with a space or a tab
3697 are continuation lines
3698 (although the semantics are not well defined in many places).
3699 Blank lines and lines beginning with a sharp symbol
3702 .sh 2 "R and S \*- Rewriting Rules"
3704 The core of address parsing
3705 are the rewriting rules.
3706 These are an ordered production system.
3708 scans through the set of rewriting rules
3709 looking for a match on the left hand side
3712 When a rule matches,
3713 the address is replaced by the right hand side
3717 There are several sets of rewriting rules.
3718 Some of the rewriting sets are used internally
3719 and must have specific semantics.
3720 Other rewriting sets
3721 do not have specifically assigned semantics,
3722 and may be referenced by the mailer definitions
3723 or by other rewriting sets.
3725 The syntax of these two commands are:
3730 Sets the current ruleset being collected to
3732 If you begin a ruleset more than once
3733 it appends to the old definition.
3741 fields must be separated
3742 by at least one tab character;
3743 there may be embedded spaces
3747 is a pattern that is applied to the input.
3749 the input is rewritten to the
3755 Macro expansions of the form
3758 are performed when the configuration file is read.
3761 can be included using
3763 Expansions of the form
3766 are performed at run time using a somewhat less general algorithm.
3767 This is intended only for referencing internally defined macros
3770 that are changed at runtime.
3771 .sh 3 "The left hand side"
3773 The left hand side of rewriting rules contains a pattern.
3774 Normal words are simply matched directly.
3775 Metasyntax is introduced using a dollar sign.
3776 The metasymbols are:
3778 .ta \w'\fB$=\fP\fIx\fP 'u
3779 \fB$*\fP Match zero or more tokens
3780 \fB$+\fP Match one or more tokens
3781 \fB$\-\fP Match exactly one token
3782 \fB$=\fP\fIx\fP Match any phrase in class \fIx\fP
3783 \fB$~\fP\fIx\fP Match any word not in class \fIx\fP
3785 If any of these match,
3786 they are assigned to the symbol
3789 for replacement on the right hand side,
3792 is the index in the LHS.
3798 is applied to the input:
3802 the rule will match, and the values passed to the RHS will be:
3809 Additionally, the LHS can include
3811 to match zero tokens.
3817 on the RHS, and is normally only used when it stands alone
3818 in order to match the null input.
3819 .sh 3 "The right hand side"
3821 When the left hand side of a rewriting rule matches,
3822 the input is deleted and replaced by the right hand side.
3823 Tokens are copied directly from the RHS
3824 unless they begin with a dollar sign.
3827 .ta \w'$#mailer\0\0\0'u
3828 \fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS
3829 \fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP
3830 \fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP
3831 Generalized keyed mapping function
3832 \fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP
3833 \fB$#\fP\fImailer\fP Resolve to \fImailer\fP
3834 \fB$@\fP\fIhost\fP Specify \fIhost\fP
3835 \fB$:\fP\fIuser\fP Specify \fIuser\fP
3841 syntax substitutes the corresponding value from a
3849 It may be used anywhere.
3851 A host name enclosed between
3855 is looked up in the host database(s)
3856 and replaced by the canonical name\**.
3859 completely equivalent
3860 to $(host \fIhostname\fP$).
3863 default can be used.
3868 .q ftp.CS.Berkeley.EDU
3870 .q $[[128.32.130.2]$]
3872 .q vangogh.CS.Berkeley.EDU.
3874 recognizes its numeric IP address
3875 without calling the name server
3876 and replaces it with its canonical name.
3882 syntax is a more general form of lookup;
3883 it uses a named map instead of an implicit map.
3884 If no lookup is found, the indicated
3887 if no default is specified and no lookup matches,
3888 the value is left unchanged.
3891 are passed to the map for possible use.
3897 causes the remainder of the line to be substituted as usual
3898 and then passed as the argument to ruleset
3900 The final value of ruleset
3903 the substitution for this rule.
3906 syntax expands everything after the ruleset name
3907 to the end of the replacement string
3908 and then passes that as the initial input to the ruleset.
3909 Recursive calls are allowed.
3914 expands $1, passes that to ruleset 3, and then passes the result
3915 of ruleset 3 to ruleset 0.
3921 be used in ruleset zero,
3922 a subroutine of ruleset zero,
3923 or rulesets that return decisions (e.g., check_rcpt).
3924 It causes evaluation of the ruleset to terminate immediately,
3927 that the address has completely resolved.
3928 The complete syntax for ruleset 0 is:
3930 \fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
3933 {mailer, host, user}
3934 3-tuple necessary to direct the mailer.
3935 Note: the third element (
3937 ) is often also called
3940 If the mailer is local
3941 the host part may be omitted\**.
3943 \**You may want to use it for special
3946 For example, in the address
3947 .q jgm+foo@CMU.EDU ;
3950 part is not part of the user name,
3951 and is passed to the local mailer for local use.
3955 must be a single word,
3963 is the built-in IPC mailer,
3966 may be a colon-separated list of hosts
3967 that are searched in order for the first working address
3968 (exactly like MX records).
3971 is later rewritten by the mailer-specific envelope rewriting set
3975 As a special case, if the mailer specified has the
3978 and the first character of the
3984 is stripped off, and a flag is set in the address descriptor
3985 that causes sendmail to not do ruleset 5 processing.
3987 Normally, a rule that matches is retried,
3989 the rule loops until it fails.
3990 A RHS may also be preceded by a
3994 to change this behavior.
3997 prefix causes the ruleset to return with the remainder of the RHS
4001 prefix causes the rule to terminate immediately,
4002 but the ruleset to continue;
4003 this can be used to avoid continued application of a rule.
4004 The prefix is stripped before continuing.
4010 prefixes may precede a
4019 passes that to ruleset seven,
4023 is necessary to avoid an infinite loop.
4025 Substitution occurs in the order described,
4027 parameters from the LHS are substituted,
4028 hostnames are canonicalized,
4037 .sh 3 "Semantics of rewriting rule sets"
4039 There are six rewriting sets
4040 that have specific semantics.
4041 Five of these are related as depicted by figure 1.
4047 -->| 0 |-->resolved address
4050 / ---->| 1 |-->| S |--
4051 +---+ / +---+ / +---+ +---+ \e +---+
4052 addr-->| 3 |-->| D |-- --->| 4 |-->msg
4053 +---+ +---+ \e +---+ +---+ / +---+
4069 box invis "addr"; arrow
4072 BoxD: box "D"; line; L1: Here
4074 C1: arrow; box "1"; arrow; box "S"; line; E1: Here
4075 move to C1 down 0.5; right
4076 C2: arrow; box "2"; arrow; box "R"; line; E2: Here
4077 ] with .w at L1 + (0.5, 0)
4078 move to C.e right 0.5
4079 L4: arrow; box "4"; arrow; box invis "msg"
4080 line from L1 to C.C1
4081 line from L1 to C.C2
4082 line from C.E1 to L4
4083 line from C.E2 to L4
4084 move to BoxD.n up 0.6; right
4085 Box0: arrow; box "0"
4086 arrow; box invis "resolved address" width 1.3
4087 line from 1/3 of the way between A1 and BoxD.w to Box0
4093 Figure 1 \*- Rewriting set semantics
4095 D \*- sender domain addition
4096 S \*- mailer-specific sender rewriting
4097 R \*- mailer-specific recipient rewriting
4103 should turn the address into
4104 .q "canonical form."
4105 This form should have the basic syntax:
4107 local-part@host-domain-spec
4112 before doing anything with any address.
4127 flag is set in the mailer definition
4128 corresponding to the
4133 is applied after ruleset three
4134 to addresses that are going to actually specify recipients.
4135 It must resolve to a
4136 .i "{mailer, host, address}"
4140 must be defined in the mailer definitions
4141 from the configuration file.
4147 for use in the argv expansion of the specified mailer.
4148 Notice: since the envelope sender address will be used if
4149 a delivery status notification must be send,
4150 i.e., is may specify a recipient,
4151 it is also run through ruleset zero.
4152 If ruleset zero returns a temporary error
4154 then delivery is deferred.
4155 This can be used to temporarily disable delivery,
4156 e.g., based on the time of the day or other varying parameters.
4157 It should not be used to quarantine e-mails.
4159 Rulesets one and two
4160 are applied to all sender and recipient addresses respectively.
4161 They are applied before any specification
4162 in the mailer definition.
4163 They must never resolve.
4165 Ruleset four is applied to all addresses
4167 It is typically used
4168 to translate internal to external form.
4171 ruleset 5 is applied to all local addresses
4172 (specifically, those that resolve to a mailer with the `F=5'
4174 that do not have aliases.
4175 This allows a last minute hook for local names.
4176 .sh 3 "Ruleset hooks"
4178 A few extra rulesets are defined as
4180 that can be defined to get special features.
4181 They are all named rulesets.
4184 forms all give accept/reject status;
4185 falling off the end or returning normally is an accept,
4188 is a reject or quarantine.
4189 Quarantining is chosen by specifying
4191 in the second part of the mailer triplet:
4193 $#error $@ quarantine $: Reason for quarantine
4195 Many of these can also resolve to the special mailer name
4197 this accepts the message as though it were successful
4198 but then discards it without delivery.
4200 this mailer cannot be chosen as a mailer in ruleset 0.
4203 rulesets have to deal with temporary failures, especially for map lookups,
4204 themselves, i.e., they should return a temporary error code
4205 or at least they should make a proper decision in those cases.
4210 ruleset is called after a connection is accepted by the daemon.
4211 It is not called when sendmail is started using the
4216 client.host.name $| client.host.address
4220 is a metacharacter separating the two parts.
4221 This ruleset can reject connections from various locations.
4222 Note that it only checks the connecting SMTP client IP address and hostname.
4223 It does not check for third party message relaying.
4226 ruleset discussed below usually does third party message relay checking.
4231 ruleset is passed the user name parameter of the
4234 It can accept or reject the address.
4239 ruleset is passed the user name parameter of the
4242 It can accept or reject the address.
4247 ruleset is called after the
4249 command, its parameter is the number of recipients.
4250 It can accept or reject the command.
4251 .sh 4 "check_compat"
4257 sender-address $| recipient-address
4261 is a metacharacter separating the addresses.
4262 It can accept or reject mail transfer between these two addresses
4269 rulesets are invoked during the SMTP mail receiption stage
4270 (i.e., in the SMTP server),
4272 is invoked during the mail delivery stage.
4279 number-of-headers $| size-of-headers
4283 is a metacharacter separating the numbers.
4284 These numbers can be used for size comparisons with the
4287 The ruleset is triggered after
4288 all of the headers have been read.
4289 It can be used to correlate information gathered
4290 from those headers using the
4293 One possible use is to check for a missing header.
4298 HMessage-Id: $>CheckMessageId
4301 # Record the presence of the header
4302 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
4304 R$* $#error $: 553 Header Error
4308 R$* $: < $&{MessageIdCheck} >
4309 # Clear the macro for the next message
4310 R$* $: $(storage {MessageIdCheck} $) $1
4311 # Has a Message-Id: header
4313 # Allow missing Message-Id: from local mail
4314 R$* $: < $&{client_name} >
4317 # Otherwise, reject the mail
4318 R$* $#error $: 553 Header Error
4320 Keep in mind the Message-Id: header is not a required header and
4321 is not a guaranteed spam indicator.
4322 This ruleset is an example and
4323 should probably not be used in production.
4328 ruleset is called after the end of a message,
4329 its parameter is the message size.
4330 It can accept or reject the message.
4335 ruleset is passed the parameter of the
4338 It can accept or reject the command.
4343 ruleset is passed the user name parameter of the
4346 It can accept or reject the address.
4351 ruleset is passed the user name parameter of the
4354 It can accept or reject the command.
4359 ruleset is passed the AUTH= parameter of the
4362 It is used to determine whether this value should be
4363 trusted. In order to make this decision, the ruleset
4364 may make use of the various
4367 If the ruleset does resolve to the
4369 mailer the AUTH= parameter is not trusted and hence
4370 not passed on to the next relay.
4375 ruleset is called when sendmail acts as server, after a STARTTLS command
4376 has been issued, and from
4378 The parameter is the value of
4380 and STARTTLS or MAIL, respectively.
4381 If the ruleset does resolve to the
4383 mailer, the appropriate error code is returned to the client.
4388 ruleset is called when sendmail acts as client after a STARTTLS command
4389 (should) have been issued.
4390 The parameter is the value of
4392 If the ruleset does resolve to the
4394 mailer, the connection is aborted
4395 (treated as non-deliverable with a permanent or temporary error).
4400 ruleset is called each time before a RCPT TO command is sent.
4401 The parameter is the current recipient.
4402 If the ruleset does resolve to the
4404 mailer, the RCPT TO command is suppressed
4405 (treated as non-deliverable with a permanent or temporary error).
4406 This ruleset allows to require encryption or verification of
4407 the recipient's MTA even if the mail is somehow redirected
4409 For example, sending mail to
4411 may get redirected to a host named
4413 and hence the tls_server ruleset won't apply.
4414 By introducing per recipient restrictions such attacks
4415 (e.g., via DNS spoofing) can be made impossible.
4418 how this ruleset can be used.
4419 .sh 4 "srv_features"
4423 ruleset is called with the connecting client's host name
4424 when a client connects to sendmail.
4425 This ruleset should return
4427 followed by a list of options (single characters
4428 delimited by white space).
4429 If the return value starts with anything else it is silently ignored.
4430 Generally upper case characters turn off a feature
4431 while lower case characters turn it on.
4432 Option `S' causes the server not to offer STARTTLS,
4433 which is useful to interact with MTAs/MUAs that have broken
4434 STARTTLS implementations by simply not offering it.
4435 `V' turns off the request for a client certificate during the TLS handshake.
4436 Options `A' and `P' suppress SMTP AUTH and PIPELINING, respectively.
4437 `c' is the equivalent to AuthOptions=p, i.e.,
4438 it doesn't permit mechanisms susceptible to simple
4439 passive attack (e.g., PLAIN, LOGIN), unless a security layer is active.
4440 Option `l' requires SMTP AUTH for a connection.
4441 Options 'B', 'D', 'E', and 'X' suppress SMTP VERB, DSN, ETRN, and EXPN,
4446 a Offer AUTH (default)
4448 b Offer VERB (default)
4449 C Do not require security layer for
4450 plaintext AUTH (default)
4451 c Require security layer for plaintext AUTH
4453 d Offer DSN (default)
4455 e Offer ETRN (default)
4456 L Do not require AUTH (default)
4458 P Do not offer PIPELINING
4459 p Offer PIPELINING (default)
4460 S Do not offer STARTTLS
4461 s Offer STARTTLS (default)
4462 V Do not request a client certificate
4463 v Request a client certificate (default)
4465 x Offer EXPN (default)
4467 Note: the entries marked as ``(default)'' may require that some
4468 configuration has been made, e.g., SMTP AUTH is only available if
4469 properly configured.
4470 Moreover, many options can be changed on a global basis via other
4471 settings as explained in this document, e.g., via DaemonPortOptions.
4473 The ruleset may return `$#temp' to indicate that there is a temporary
4474 problem determining the correct features, e.g., if a map is unavailable.
4475 In that case, the SMTP server issues a temporary failure and does not
4481 ruleset is called when sendmail connects to another MTA.
4482 If the ruleset does resolve to the
4484 mailer, sendmail does not try STARTTLS even if it is offered.
4485 This is useful to interact with MTAs that have broken
4486 STARTTLS implementations by simply not using it.
4491 ruleset is called when sendmail tries to authenticate to another MTA.
4494 followed by a list of tokens that are used for SMTP AUTH.
4495 If the return value starts with anything else it is silently ignored.
4496 Each token is a tagged string of the form:
4498 (including the quotes), where
4501 T Tag which describes the item
4502 D Delimiter: ':' simple text follows
4503 '=' string is base64 encoded
4504 string Value of the item
4506 Valid values for the tag are:
4509 U user (authorization) id
4513 M list of mechanisms delimited by spaces
4515 If this ruleset is defined, the option
4517 is ignored (even if the ruleset does not return a ``useful'' result).
4522 ruleset is used to map a recipient address to a queue group name.
4523 The input for the ruleset is a recipient address as specified by the
4526 The ruleset should return
4528 followed by the name of a queue group.
4529 If the return value starts with anything else it is silently ignored.
4530 See the section about ``Queue Groups and Queue Directories''
4531 for further information.
4536 ruleset is used to specify the amount of time to pause before sending the
4537 initial SMTP 220 greeting.
4538 If any traffic is received during that pause, an SMTP 554 rejection
4539 response is given instead of the 220 greeting and all SMTP commands are
4540 rejected during that connection.
4541 This helps protect sites from open proxies and SMTP slammers.
4542 The ruleset should return
4544 followed by the number of milliseconds (thousandths of a second) to
4546 If the return value starts with anything else or is not a number,
4547 it is silently ignored.
4548 Note: this ruleset is not invoked (and hence the feature is disabled)
4549 when the smtps (SMTP over SSL) is used, i.e.,
4552 modifier is set for the daemon via
4553 .b DaemonPortOptions ,
4554 because in this case the SSL handshake is performed before
4555 the greeting is sent.
4558 Some special processing occurs
4559 if the ruleset zero resolves to an IPC mailer
4560 (that is, a mailer that has
4562 listed as the Path in the
4565 The host name passed after
4567 has MX expansion performed if not delivering via a named socket;
4568 this looks the name up in DNS to find alternate delivery sites.
4570 The host name can also be provided as a dotted quad
4571 or an IPv6 address in square brackets;
4578 [IPv6:2002:c0a8:51d2::23f4]
4580 This causes direct conversion of the numeric value
4581 to an IP host address.
4583 The host name passed in after the
4585 may also be a colon-separated list of hosts.
4586 Each is separately MX expanded and the results are concatenated
4587 to make (essentially) one long MX list.
4588 The intent here is to create
4590 MX records that are not published in DNS
4591 for private internal networks.
4593 As a final special case, the host name can be passed in
4597 [ucbvax.berkeley.edu]
4599 This form avoids the MX mapping.
4602 This is intended only for situations where you have a network firewall
4603 or other host that will do special processing for all your mail,
4604 so that your MX record points to a gateway machine;
4605 this machine could then do direct delivery to machines
4606 within your local domain.
4607 Use of this feature directly violates RFC 1123 section 5.3.5:
4608 it should not be used lightly.
4610 .sh 2 "D \*- Define Macro"
4612 Macros are named with a single character
4613 or with a word in {braces}.
4614 The names ``x'' and ``{x}'' denote the same macro
4615 for every single character ``x''.
4616 Single character names may be selected from the entire ASCII set,
4617 but user-defined macros
4618 should be selected from the set of upper case letters only.
4621 are used internally.
4622 Long names beginning with a lower case letter or a punctuation character
4623 are reserved for use by sendmail,
4624 so user-defined long macro names should begin with an upper case letter.
4626 The syntax for macro definitions is:
4633 is the name of the macro
4634 (which may be a single character
4635 or a word in braces)
4638 is the value it should have.
4639 There should be no spaces given
4640 that do not actually belong in the macro value.
4642 Macros are interpolated
4648 is the name of the macro to be interpolated.
4649 This interpolation is done when the configuration file is read,
4653 The special construct
4658 lines to get deferred interpolation.
4660 Conditionals can be specified using the syntax:
4662 $?x text1 $| text2 $.
4668 is set and non-null,
4676 clause may be omitted.
4678 The following macros are defined and/or used internally by
4680 for interpolation into argv's for mailers
4681 or for other contexts.
4682 The ones marked \(dg are information passed into sendmail\**,
4684 \**As of version 8.6,
4685 all of these macros have reasonable defaults.
4686 Previous versions required that they be defined.
4688 the ones marked \(dd are information passed both in and out of sendmail,
4689 and the unmarked macros are passed out of sendmail
4690 but are not otherwise used internally.
4694 The origination date in RFC 822 format.
4695 This is extracted from the Date: line.
4697 The current date in RFC 822 format.
4700 This is a count of the number of Received: lines
4701 plus the value of the
4705 The current date in UNIX (ctime) format.
4707 (Obsolete; use SmtpGreetingMessage option instead.)
4708 The SMTP entry message.
4709 This is printed out when SMTP starts up.
4710 The first word must be the
4712 macro as specified by RFC 821.
4714 .q "$j Sendmail $v ready at $b" .
4715 Commonly redefined to include the configuration version number, e.g.,
4716 .q "$j Sendmail $v/$Z ready at $b"
4718 The envelope sender (from) address.
4720 The sender address relative to the recipient.
4728 .q foo@host.domain ,
4729 or whatever is appropriate for the receiving mailer.
4732 This is set in ruleset 0 from the $@ field of a parsed address.
4738 The \*(lqofficial\*(rq domain name for this site.
4739 This is fully qualified if the full qualification can be found.
4742 be redefined to be the fully qualified domain name
4743 if your system is not configured so that information can find
4746 The UUCP node name (from the uname system call).
4748 (Obsolete; use UnixFromLine option instead.)
4749 The format of the UNIX from line.
4750 Unless you have changed the UNIX mailbox format,
4751 you should not change the default,
4755 The domain part of the \fIgethostname\fP return value.
4756 Under normal circumstances,
4761 The name of the daemon (for error messages).
4765 (Obsolete: use OperatorChars option instead.)
4766 The set of \*(lqoperators\*(rq in addresses.
4767 A list of characters
4768 which will be considered tokens
4769 and which will separate tokens
4775 macro, then the input
4777 would be scanned as three tokens:
4784 which is the minimum set necessary to do RFC 822 parsing;
4785 a richer set of operators is
4787 which adds support for UUCP, the %-hack, and X.400 addresses.
4789 Sendmail's process id.
4791 Default format of sender address.
4794 macro specifies how an address should appear in a message
4795 when it is defaulted.
4798 It is commonly redefined to be
4799 .q "$?x$x <$g>$|$g$."
4802 corresponding to the following two formats:
4804 Eric Allman <eric@CS.Berkeley.EDU>
4805 eric@CS.Berkeley.EDU (Eric Allman)
4808 properly quotes names that have special characters
4809 if the first form is used.
4811 Protocol used to receive the message.
4814 command line flag or by the SMTP server code.
4819 command line flag or by the SMTP server code
4820 (in which case it is set to the EHLO/HELO parameter).
4822 A numeric representation of the current time in the format YYYYMMDDHHmm
4823 (4 digit year 1900-9999, 2 digit month 01-12, 2 digit day 01-31,
4824 2 digit hours 00-23, 2 digit minutes 00-59).
4828 The version number of the
4832 The hostname of this site.
4833 This is the root name of this host (but see below for caveats).
4835 The full name of the sender.
4837 The home directory of the recipient.
4839 The validated sender address.
4841 .b ${client_resolve} .
4843 The type of the address which is currently being rewritten.
4844 This macro contains up to three characters, the first
4845 is either `e' or `h' for envelope/header address,
4846 the second is a space,
4847 and the third is either `s' or `r' for sender/recipient address.
4849 The maximum keylength (in bits) of the symmetric encryption algorithm
4850 used for a TLS connection.
4851 This may be less than the effective keylength,
4854 for ``export controlled'' algorithms.
4856 The client's authentication credentials as determined by authentication
4857 (only set if successful).
4858 The format depends on the mechanism used, it might be just `user',
4859 or `user@realm', or something similar (SMTP AUTH only).
4861 The authorization identity, i.e. the AUTH= parameter of the
4863 command if supplied.
4865 The mechanism used for SMTP authentication
4866 (only set if successful).
4868 The keylength (in bits) of the symmetric encryption algorithm
4869 used for the security layer of a SASL mechanism.
4871 The message body type
4873 as determined from the envelope.
4875 The DN (distinguished name) of the CA (certificate authority)
4876 that signed the presented certificate (the cert issuer)
4879 The MD5 hash of the presented certificate (STARTTLS only).
4881 The DN of the presented certificate (called the cert subject)
4884 The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
4885 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA
4888 The effective keylength (in bits) of the symmetric encryption algorithm
4889 used for a TLS connection.
4891 The IP address of the SMTP client.
4892 IPv6 addresses are tagged with "IPv6:" before the address.
4893 Defined in the SMTP server only.
4894 .ip ${client_connections}
4895 The number of open connections in the SMTP server for the client IP address.
4897 The flags specified by the
4899 .b ClientPortOptions
4900 where flags are separated from each other by spaces
4901 and upper case flags are doubled.
4904 will be represented as
4906 .b ${client_flags} ,
4907 which is required for testing the flags in rulesets.
4909 The host name of the SMTP client.
4910 This may be the client's bracketed IP address
4911 in the form [ nnn.nnn.nnn.nnn ] for IPv4
4912 and [ IPv6:nnnn:...:nnnn ] for IPv6
4914 IP address is not resolvable, or if it is resolvable
4915 but the IP address of the resolved hostname
4916 doesn't match the original IP address.
4917 Defined in the SMTP server only.
4919 .b ${client_resolve} .
4921 The port number of the SMTP client.
4922 Defined in the SMTP server only.
4924 The result of the PTR lookup for the client IP address.
4925 Note: this is the same as
4928 .b ${client_resolve}
4930 Defined in the SMTP server only.
4932 The number of incoming connections for the client IP address
4933 over the time interval specified by ConnectionRateWindowSize.
4934 .ip ${client_resolve}
4935 Holds the result of the resolve call for
4937 Possible values are:
4940 OK resolved successfully
4941 FAIL permanent lookup failure
4942 FORGED forward lookup doesn't match reverse lookup
4943 TEMP temporary lookup failure
4945 Defined in the SMTP server only.
4947 performs a hostname lookup on the IP address of the connecting client.
4948 Next the IP addresses of that hostname are looked up.
4949 If the client IP address does not appear in that list,
4950 then the hostname is maybe forged.
4951 This is reflected as the value FORGED for
4952 .b ${client_resolve}
4953 and it also shows up in
4955 as "(may be forged)".
4957 The CN (common name) of the CA that signed the presented certificate
4959 Note: if the CN cannot be extracted properly it will be replaced by
4960 one of these strings based on the encountered error:
4963 BadCertificateContainsNUL CN contains a NUL character
4964 BadCertificateTooLong CN is too long
4965 BadCertificateUnknown CN could not be extracted
4967 In the last case, some other (unspecific) error occurred.
4969 The CN (common name) of the presented certificate
4973 for possible replacements.
4975 Header value as quoted string
4976 (possibly truncated to
4978 This macro is only available in header check rulesets.
4980 The IP address the daemon is listening on for connections.
4981 .ip ${daemon_family}
4983 if the daemon is accepting network connections.
4984 Possible values include
4991 The flags for the daemon as specified by the
4993 .b DaemonPortOptions
4994 whereby the flags are separated from each other by spaces,
4995 and upper case flags are doubled.
4998 will be represented as
5000 .b ${daemon_flags} ,
5001 which is required for testing the flags in rulesets.
5003 Some information about a daemon as a text string.
5005 .q SMTP+queueing@00:30:00 .
5007 The name of the daemon from
5008 .b DaemonPortOptions
5010 If this suboption is not set,
5012 where # is the daemon number,
5015 The port the daemon is accepting connection on.
5017 .b DaemonPortOptions
5018 is set, this will most likely be
5021 The current delivery mode sendmail is using.
5022 It is initially set to the value of the
5026 The envelope id parameter (ENVID=) passed to sendmail as part of the envelope.
5028 The length of the header value which is stored in
5029 ${currHeader} (before possible truncation).
5030 If this value is greater than or equal to
5032 the header has been truncated.
5034 The name of the header field for which the current header
5035 check ruleset has been called.
5036 This is useful for a default header check ruleset to get
5037 the name of the header;
5038 the macro is only available in header check rulesets.
5040 The IP address of the interface of an incoming connection
5041 unless it is in the loopback net.
5042 IPv6 addresses are tagged with "IPv6:" before the address.
5044 The IP address of the interface of an outgoing connection
5045 unless it is in the loopback net.
5046 IPv6 addresses are tagged with "IPv6:" before the address.
5048 The IP family of the interface of an incoming connection
5049 unless it is in the loopback net.
5050 .ip ${if_family_out}
5051 The IP family of the interface of an outgoing connection
5052 unless it is in the loopback net.
5054 The hostname associated with the interface of an incoming connection.
5055 This macro can be used for
5056 SmtpGreetingMessage and HReceived for virtual hosting.
5059 O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA
5062 The name of the interface of an outgoing connection.
5064 The current load average.
5066 The address part of the resolved triple of the address given for the
5069 Defined in the SMTP server only.
5071 The host from the resolved triple of the address given for the
5074 Defined in the SMTP server only.
5076 The mailer from the resolved triple of the address given for the
5079 Defined in the SMTP server only.
5081 The value of the Message-Id: header.
5083 The value of the SIZE= parameter,
5084 i.e., usually the size of the message (in an ESMTP dialogue),
5085 before the message has been collected, thereafter
5086 the message size as computed by
5088 (and can be used in check_compat).
5090 The number of bad recipients for a single message.
5092 The number of validated recipients for a single message.
5093 Note: since recipient validation happens after
5095 has been called, the value in this ruleset
5096 is one less than what might be expected.
5098 The number of delivery attempts.
5100 The current operation mode (from the
5104 The quarantine reason for the envelope,
5105 if it is quarantined.
5106 .ip ${queue_interval}
5107 The queue run interval given by the
5113 .b ${queue_interval}
5117 The address part of the resolved triple of the address given for the
5120 Defined in the SMTP server only after a RCPT command.
5122 The host from the resolved triple of the address given for the
5125 Defined in the SMTP server only after a RCPT command.
5127 The mailer from the resolved triple of the address given for the
5130 Defined in the SMTP server only after a RCPT command.
5132 The address of the server of the current outgoing SMTP connection.
5133 For LMTP delivery the macro is set to the name of the mailer.
5135 The name of the server of the current outgoing SMTP or LMTP connection.
5139 function, i.e., the number of seconds since 0 hours, 0 minutes,
5140 0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
5142 The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2;
5143 defined after STARTTLS has been used.
5145 The total number of incoming connections over the time interval specified
5146 by ConnectionRateWindowSize.
5148 The result of the verification of the presented cert;
5149 only defined after STARTTLS has been used (or attempted).
5150 Possible values are:
5153 OK verification succeeded.
5154 NO no cert presented.
5155 NOT no cert requested.
5156 FAIL cert presented but could not be verified,
5157 e.g., the signing CA is missing.
5158 NONE STARTTLS has not been performed.
5159 TEMP temporary error occurred.
5160 PROTOCOL some protocol error occurred
5161 at the ESMTP level (not TLS).
5162 SOFTWARE STARTTLS handshake failed,
5163 which is a fatal error for this session,
5164 the e-mail will be queued.
5167 There are three types of dates that can be used.
5172 macros are in RFC 822 format;
5174 is the time as extracted from the
5180 is the current date and time
5181 (used for postmarks).
5184 line is found in the incoming message,
5186 is set to the current time also.
5189 macro is equivalent to the
5200 are set to the identity of this host.
5202 tries to find the fully qualified name of the host
5204 it does this by calling
5206 to get the current hostname
5207 and then passing that to
5208 .i gethostbyname (3)
5209 which is supposed to return the canonical version of that host name.\**
5211 \**For example, on some systems
5215 which would be mapped to
5220 Assuming this is successful,
5222 is set to the fully qualified name
5225 is set to the domain part of the name
5226 (everything after the first dot).
5229 macro is set to the first word
5230 (everything before the first dot)
5231 if you have a level 5 or higher configuration file;
5232 otherwise, it is set to the same value as
5234 If the canonification is not successful,
5235 it is imperative that the config file set
5237 to the fully qualified domain name\**.
5239 \**Older versions of sendmail didn't pre-define
5241 at all, so up until 8.6,
5250 macro is the id of the sender
5251 as originally determined;
5252 when mailing to a specific host
5255 macro is set to the address of the sender
5257 relative to the recipient.
5260 .q bollard@matisse.CS.Berkeley.EDU
5262 .q vangogh.CS.Berkeley.EDU
5270 .q eric@vangogh.CS.Berkeley.EDU.
5274 macro is set to the full name of the sender.
5275 This can be determined in several ways.
5276 It can be passed as flag to
5278 It can be defined in the
5280 environment variable.
5281 The third choice is the value of the
5283 line in the header if it exists,
5284 and the fourth choice is the comment field
5288 If all of these fail,
5289 and if the message is being originated locally,
5290 the full name is looked up in the
5300 macros get set to the host, user, and home directory
5303 The first two are set from the
5307 part of the rewriting rules, respectively.
5313 macros are used to create unique strings
5319 macro is set to the queue id on this host;
5320 if put into the timestamp line
5321 it can be extremely useful for tracking messages.
5324 macro is set to be the version number of
5326 this is normally put in timestamps
5327 and has been proven extremely useful for debugging.
5333 i.e., the number of times this message has been processed.
5334 This can be determined
5337 flag on the command line
5338 or by counting the timestamps in the message.
5344 fields are set to the protocol used to communicate with
5346 and the sending hostname.
5347 They can be set together using the
5349 command line flag or separately using the
5357 is set to a validated sender host name.
5358 If the sender is running an RFC 1413 compliant IDENT server
5359 and the receiver has the IDENT protocol turned on,
5360 it will include the user name on that host.
5368 are set to the name, address, and port number of the SMTP client
5372 These can be used in the
5376 deferred evaluation form, of course!).
5377 .sh 2 "C and F \*- Define Classes"
5379 Classes of phrases may be defined
5380 to match on the left hand side of rewriting rules,
5383 is a sequence of characters that does not contain space characters.
5385 a class of all local names for this site
5387 so that attempts to send to oneself
5389 These can either be defined directly in the configuration file
5390 or read in from another file.
5391 Classes are named as a single letter or a word in {braces}.
5392 Class names beginning with lower case letters
5393 and special characters are reserved for system use.
5394 Classes defined in config files may be given names
5395 from the set of upper case letters for short names
5396 or beginning with an upper case letter for long names.
5411 .i c\|[mapkey]@mapclass:mapspec
5413 The first form defines the class
5415 to match any of the named words.
5423 the contents of class
5427 It is permissible to split them among multiple lines;
5428 for example, the two forms:
5439 read the elements of the class
5445 .i "map specification" .
5446 Each element should be listed on a separate line.
5447 To specify an optional file, use ``\-o'' between the class
5448 name and the file name, e.g.,
5450 Fc \-o /path/to/file
5452 If the file can't be used,
5454 will not complain but silently ignore it.
5455 The map form should be an optional map key, an at sign,
5456 and a map class followed by the specification for that map.
5459 F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=*)) \-v host
5460 F{MyClass}foo@hash:/etc/mail/classes
5464 from an LDAP map lookup and
5466 from a hash database map lookup of the
5468 There is also a built-in schema that can be accessed by only specifying:
5473 This will tell sendmail to use the default schema:
5475 \-k (&(objectClass=sendmailMTAClass)
5476 (sendmailMTAClassName=\c
5478 (|(sendmailMTACluster=${sendmailMTACluster})
5479 (sendmailMTAHost=$j)))
5480 \-v sendmailMTAClassValue
5482 Note that the lookup is only done when sendmail is initially started.
5484 Elements of classes can be accessed in rules using
5490 (match entries not in class)
5491 only matches a single word;
5492 multi-word entries in the class are ignored in this context.
5494 Some classes have internal meaning to
5498 .\"A set of Content-Types that will not have the newline character
5499 .\"translated to CR-LF before encoding into base64 MIME.
5500 .\"The class can have major times
5505 .\".q application/octet-stream ).
5506 .\"The class is initialized with
5507 .\".q application/octet-stream ,
5513 contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
5514 It is predefined to contain
5520 set to be the same as
5522 that is, the UUCP node name.
5524 set to the set of domains by which this host is known,
5528 can be set to the set of MIME body types
5529 that can never be eight to seven bit encoded.
5531 .q multipart/signed .
5536 are never encoded directly.
5537 Multipart messages are always handled recursively.
5538 The handling of message/* messages
5539 are controlled by class
5542 A set of Content-Types that will never be encoded as base64
5543 (if they have to be encoded, they will be encoded as quoted-printable).
5544 It can have primary types
5551 contains the set of subtypes of message that can be treated recursively.
5552 By default it contains only
5556 types cannot be 8\(->7 bit encoded.
5557 If a message containing eight bit data is sent to a seven bit host,
5558 and that message cannot be encoded into seven bits,
5559 it will be stripped to 7 bits.
5561 set to the set of trusted users by the
5564 If you want to read trusted users from a file, use
5568 set to be the set of all names
5569 this host is known by.
5570 This can be used to match local hostnames.
5571 .ip $={persistentMacros}
5572 set to the macros that should be saved across queue runs.
5573 Care should be taken when adding macro names to this class.
5576 can be compiled to allow a
5581 This lets you do simplistic parsing of text files.
5582 For example, to read all the user names in your system
5584 file into a class, use
5588 which reads every line up to the first colon.
5589 .sh 2 "M \*- Define Mailer"
5591 Programs and interfaces to mailers
5592 are defined in this line.
5603 is the name of the mailer
5604 (used internally only)
5607 pairs define attributes of the mailer.
5611 Path The pathname of the mailer
5612 Flags Special flags for this mailer
5613 Sender Rewriting set(s) for sender addresses
5614 Recipient Rewriting set(s) for recipient addresses
5615 recipients Maximum number of recipients per connection
5616 Argv An argument vector to pass to this mailer
5617 Eol The end-of-line string for this mailer
5618 Maxsize The maximum message length to this mailer
5619 maxmessages The maximum message deliveries per connection
5620 Linelimit The maximum line length in the message body
5621 Directory The working directory for the mailer
5622 Userid The default user and group id to run as
5623 Nice The nice(2) increment for the mailer
5624 Charset The default character set for 8-bit characters
5625 Type Type information for DSN diagnostics
5626 Wait The maximum time to wait for the mailer
5627 Queuegroup The default queue group for the mailer
5628 / The root directory for the mailer
5630 Only the first character of the field name is checked
5631 (it's case-sensitive).
5633 The following flags may be set in the mailer description.
5634 Any other flags may be used freely
5635 to conditionally assign headers to messages
5636 destined for particular mailers.
5637 Flags marked with \(dg
5638 are not interpreted by the
5641 these are the conventionally used to correlate to the flags portion
5645 Flags marked with \(dd
5646 apply to the mailers for the sender address
5647 rather than the usual recipient mailers.
5650 Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870).
5651 This flag defaults on if the SMTP greeting message includes the word
5654 Look up the user (address) part of the resolved mailer triple,
5655 in the alias database.
5656 Normally this is only set for local mailers.
5658 Force a blank line on the end of a message.
5659 This is intended to work around some stupid versions of
5661 that require a blank line, but do not provide it themselves.
5662 It would not normally be used on network mail.
5664 Strip leading backslashes (\e) off of the address;
5665 this is a subset of the functionality of the
5669 Do not include comments in addresses.
5670 This should only be used if you have to work around
5671 a remote mailer that gets confused by comments.
5672 This strips addresses of the form
5673 .q "Phrase <address>"
5675 .q "address (Comment)"
5681 from a mailer with this flag set,
5682 any addresses in the header that do not have an at sign
5685 after being rewritten by ruleset three
5688 clause from the sender envelope address
5690 This allows mail with headers of the form:
5693 To: userb@hostb, userc
5698 To: userb@hostb, userc@hosta
5701 However, it doesn't really work reliably.
5703 Do not include angle brackets around route-address syntax addresses.
5704 This is useful on mailers that are going to pass addresses to a shell
5705 that might interpret angle brackets as I/O redirection.
5706 However, it does not protect against other shell metacharacters.
5707 Therefore, passing addresses to a shell should not be considered secure.
5713 This mailer is expensive to connect to,
5714 so try to avoid connecting normally;
5715 any necessary connection will occur during a queue run.
5719 Escape lines beginning with
5721 in the message with a `>' sign.
5727 but only if this is a network forward operation
5729 the mailer will give an error
5730 if the executing user
5731 does not have special permissions).
5739 sends internally generated email (e.g., error messages)
5740 using the null return address
5741 as required by RFC 1123.
5742 However, some mailers don't accept a null return address.
5748 from obeying the standards;
5749 error messages will be sent as from the MAILER-DAEMON
5750 (actually, the value of the
5754 Upper case should be preserved in host names
5755 (the $@ portion of the mailer triplet resolved from ruleset 0)
5758 Do User Database rewriting on envelope sender address.
5760 This mailer will be speaking SMTP
5764 as such it can use special protocol features.
5765 This flag should not be used except for debugging purposes
5770 Do User Database rewriting on recipients as well as senders.
5774 connects to a host via SMTP,
5775 it checks to make sure that this isn't accidently the same host name
5778 is misconfigured or if a long-haul network interface is set in loopback mode.
5779 This flag disables the loopback check.
5780 It should only be used under very unusual circumstances.
5782 Currently unimplemented.
5783 Reserved for chunking.
5785 This mailer is local
5787 final delivery will be performed).
5789 Limit the line lengths as specified in RFC 821.
5790 This deprecated option should be replaced by the
5793 For historic reasons, the
5799 This mailer can send to multiple users
5806 part of the mailer definition,
5807 that field will be repeated as necessary
5808 for all qualifying users.
5809 Removing this flag can defeat duplicate supression on a remote site
5810 as each recipient is sent in a separate transaction.
5816 Do not insert a UNIX-style
5818 line on the front of the message.
5820 Always run as the owner of the recipient mailbox.
5823 runs as the sender for locally generated mail
5826 (actually, the user specified in the
5829 when delivering network mail.
5830 The normal behavior is required by most local mailers,
5831 which will not allow the envelope sender address
5832 to be set unless the mailer is running as daemon.
5833 This flag is ignored if the
5837 Use the route-addr style reverse-path in the SMTP
5840 rather than just the return address;
5841 although this is required in RFC 821 section 3.1,
5842 many hosts do not process reverse-paths properly.
5843 Reverse-paths are officially discouraged by RFC 1123.
5849 When an address that resolves to this mailer is verified
5850 (SMTP VRFY command),
5851 generate 250 responses instead of 252 responses.
5852 This will imply that the address is local.
5860 Open SMTP connections from a
5865 except on UNIX machines,
5866 so it is unclear that this adds anything.
5868 must be running as root to be able to use this flag.
5870 Strip quote characters (" and \e) off of the address
5871 before calling the mailer.
5873 Don't reset the userid
5874 before calling the mailer.
5875 This would be used in a secure environment
5879 This could be used to avoid forged addresses.
5882 field is also specified,
5883 this flag causes the effective user id to be set to that user.
5885 Upper case should be preserved in user names for this mailer. Standards
5886 require preservation of case in the local part of addresses, except for
5887 those address for which your system accepts responsibility.
5888 RFC 2142 provides a long list of addresses which should be case
5890 If you use this flag, you may be violating RFC 2142.
5891 Note that postmaster is always treated as a case insensitive address
5892 regardless of this flag.
5894 This mailer wants UUCP-style
5897 .q "remote from <host>"
5900 The user must have a valid account on this machine,
5904 If not, the mail is bounced.
5908 This is required to get
5912 Ignore long term host status information (see Section
5913 "Persistent Host Status Information").
5919 This mailer wants to use the hidden dot algorithm as specified in RFC 821;
5920 basically, any line beginning with a dot will have an extra dot prepended
5921 (to be stripped at the other end).
5922 This insures that lines in the message containing a dot
5923 will not terminate the message prematurely.
5925 Run Local Mail Transfer Protocol (LMTP)
5928 and the local mailer.
5929 This is a variant on SMTP
5931 that is specifically designed for delivery to a local mailbox.
5933 Apply DialDelay (if set) to this mailer.
5935 Don't look up MX records for hosts sent via SMTP/LMTP.
5940 Don't send null characters ('\\0') to this mailer.
5942 Don't use ESMTP even if offered; this is useful for broken
5943 systems that offer ESMTP but fail on EHLO (without recovering
5944 when HELO is tried next).
5946 Extend the list of characters converted to =XX notation
5947 when converting to Quoted-Printable
5948 to include those that don't map cleanly between ASCII and EBCDIC.
5949 Useful if you have IBM mainframes on site.
5951 If no aliases are found for this address,
5952 pass the address through ruleset 5 for possible alternate resolution.
5953 This is intended to forward the mail to an alternate delivery spot.
5955 Strip headers to seven bits.
5957 Strip all output to seven bits.
5958 This is the default if the
5961 Note that clearing this option is not
5962 sufficient to get full eight bit data passed through
5966 option is set, this is essentially always set,
5967 since the eighth bit was stripped on input.
5968 Note that this option will only impact messages
5969 that didn't have 8\(->7 bit MIME conversions performed.
5972 it is acceptable to send eight bit data to this mailer;
5973 the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
5978 7\(->8 bit MIME conversions.
5979 These conversions are limited to text/plain data.
5981 Check addresses to see if they begin
5983 if they do, convert them to the
5987 Check addresses to see if they begin with a `|';
5988 if they do, convert them to the
5992 Check addresses to see if they begin with a `/';
5993 if they do, convert them to the
5997 Look up addresses in the user database.
5999 Do not attempt delivery on initial receipt of a message
6001 unless the queued message is selected
6002 using one of the -qI/-qR/-qS queue run modifiers
6005 Configuration files prior to level 6
6006 assume the `A', `w', `5', `:', `|', `/', and `@' options
6010 The mailer with the special name
6012 can be used to generate a user error.
6013 The (optional) host field is an exit status to be returned,
6014 and the user field is a message to be printed.
6015 The exit status may be numeric or one of the values
6016 USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG
6017 to return the corresponding EX_ exit code,
6018 or an enhanced error code as described in RFC 1893,
6020 Enhanced Mail System Status Codes.
6021 For example, the entry:
6023 $#error $@ NOHOST $: Host unknown in this domain
6025 on the RHS of a rule
6026 will cause the specified error to be generated
6029 exit status to be returned
6031 This mailer is only functional in rulesets 0, 5,
6032 or one of the check_* rulesets.
6033 The host field can also contain the special token
6035 which instructs sendmail to quarantine the current message.
6037 The mailer with the special name
6039 causes any mail sent to it to be discarded
6040 but otherwise treated as though it were successfully delivered.
6041 This mailer cannot be used in ruleset 0,
6042 only in the various address checking rulesets.
6047 be defined in every configuration file.
6048 This is used to deliver local mail,
6049 and is treated specially in several ways.
6050 Additionally, three other mailers named
6055 may be defined to tune the delivery of messages to programs,
6057 and :include: lists respectively.
6060 Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
6061 M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
6062 M*include*, P=/dev/null, F=su, A=INCLUDE $u
6065 Builtin pathnames are [FILE] and [IPC], the former is used for
6066 delivery to files, the latter for delivery via interprocess communication.
6067 For mailers that use [IPC] as pathname the argument vector (A=)
6068 must start with TCP or FILE for delivery via a TCP or a Unix domain socket.
6069 If TCP is used, the second argument must be the name of the host
6071 Optionally a third argument can be used to specify a port,
6072 the default is smtp (port 25).
6073 If FILE is used, the second argument must be the name of
6074 the Unix domain socket.
6076 If the argument vector does not contain $u then
6078 will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer.
6080 If no Eol field is defined, then the default is "\\r\\n" for
6081 SMTP mailers and "\\n" of others.
6083 The Sender and Recipient rewriting sets
6084 may either be a simple ruleset id
6085 or may be two ids separated by a slash;
6086 if so, the first rewriting set is applied to envelope
6088 and the second is applied to headers.
6089 Setting any value to zero disables corresponding mailer-specific rewriting.
6092 is actually a colon-separated path of directories to try.
6093 For example, the definition
6095 first tries to execute in the recipient's home directory;
6096 if that is not available,
6097 it tries to execute in the root of the filesystem.
6098 This is intended to be used only on the
6101 since some shells (such as
6103 refuse to execute if they cannot read the current directory.
6104 Since the queue directory is not normally readable by unprivileged users
6106 scripts as recipients can fail.
6109 specifies the default user and group id to run as,
6115 mailer flag is also specified,
6116 this user and group will be set as the
6117 effective uid and gid for the process.
6118 This may be given as
6120 to set both the user and group id;
6121 either may be an integer or a symbolic name to be looked up
6127 If only a symbolic user name is specified,
6130 file for that user is used as the group id.
6133 is used when converting a message to MIME;
6134 this is the character set used in the
6135 Content-Type: header.
6136 If this is not set, the
6139 and if that is not set, the value
6143 this field applies to the sender's mailer,
6144 not the recipient's mailer.
6145 For example, if the envelope sender address
6146 lists an address on the local network
6147 and the recipient is on an external network,
6148 the character set will be set from the Charset= field
6149 for the local network mailer,
6150 not that of the external network mailer.
6153 sets the type information
6154 used in MIME error messages
6157 It is actually three values separated by slashes:
6158 the MTA-type (that is, the description of how hosts are named),
6159 the address type (the description of e-mail addresses),
6160 and the diagnostic type (the description of error diagnostic codes).
6161 Each of these must be a registered value
6165 .q dns/rfc822/smtp .
6167 The m= field specifies the maximum number of messages
6168 to attempt to deliver on a single SMTP or LMTP connection.
6169 The default is infinite.
6171 The r= field specifies the maximum number of recipients
6172 to attempt to deliver in a single envelope.
6175 The /= field specifies a new root directory for the mailer. The path is
6176 macro expanded and then passed to the
6178 system call. The root directory is changed before the Directory field is
6179 consulted or the uid is changed.
6181 The Wait= field specifies the maximum time to wait for the
6182 mailer to return after sending all data to it.
6183 This applies to mailers that have been forked by
6186 The Queuegroup= field specifies the default queue group in which
6187 received mail should be queued.
6188 This can be overridden by other means as explained in section
6189 ``Queue Groups and Queue Directories''.
6190 .sh 2 "H \*- Define Header"
6192 The format of the header lines that
6194 inserts into the message
6198 The syntax of this line is one of the following:
6225 Continuation lines in this spec
6226 are reflected directly into the outgoing message.
6229 is macro-expanded before insertion into the message.
6232 (surrounded by question marks)
6234 at least one of the specified flags
6235 must be stated in the mailer definition
6236 for this header to be automatically output.
6239 (surrounded by question marks)
6241 the header will be automatically output
6242 if the macro is set.
6243 The macro may be set using any of the normal methods,
6246 storage map in a ruleset.
6247 If one of these headers is in the input
6248 it is reflected to the output
6249 regardless of these flags or macros.
6253 is used to set a header, then it is useful to add that macro to class
6254 .i $={persistentMacros}
6255 which consists of the macros that should be saved across queue runs.
6257 Some headers have special semantics
6258 that will be described later.
6260 A secondary syntax allows validation of headers as they are being read.
6261 To enable validation, use:
6274 is called for the specified
6278 to reject or quarantine the message or
6280 to discard the message
6284 The ruleset receives the header field-body as argument,
6285 i.e., not the header field-name; see also
6286 ${hdr_name} and ${currHeader}.
6287 The header is treated as a structured field,
6289 text in parentheses is deleted before processing,
6290 unless the second form
6293 Note: only one ruleset can be associated with a header;
6295 will silently ignore multiple entries.
6297 For example, the configuration lines:
6299 HMessage-Id: $>CheckMessageId
6303 R$* $#error $: Illegal Message-Id header
6305 would refuse any message that had a Message-Id: header of any of the
6309 Message-Id: some text
6310 Message-Id: <legal text@domain> extra crud
6312 A default ruleset that is called for headers which don't have a
6313 specific ruleset defined for them can be specified by:
6327 .sh 2 "O \*- Set Option"
6329 There are a number of global options that
6330 can be set from a configuration file.
6331 Options are represented by full words;
6332 some are also representable as single characters for back compatibility.
6333 The syntax of this line is:
6346 be a space between the letter `O' and the name of the option.
6347 An older version is:
6354 is a single character.
6355 Depending on the option,
6357 may be a string, an integer,
6365 the default is TRUE),
6369 All filenames used in options should be absolute paths,
6370 i.e., starting with '/'.
6371 Relative filenames most likely cause surprises during operation
6372 (unless otherwise noted).
6374 The options supported (with the old, one character names in brackets) are:
6376 .ip "AliasFile=\fIspec, spec, ...\fP"
6378 Specify possible alias file(s).
6381 should be in the format
6389 is optional and defaults to ``implicit''.
6404 value is used as follows:
6406 \-k (&(objectClass=sendmailMTAAliasObject)
6407 (sendmailMTAAliasName=aliases)
6408 (|(sendmailMTACluster=${sendmailMTACluster})
6409 (sendmailMTAHost=$j))
6410 (sendmailMTAKey=%0))
6411 \-v sendmailMTAAliasValue
6415 is compiled, valid classes are
6417 (search through a compiled-in list of alias file types,
6418 for back compatibility),
6432 (internal symbol table \*- not normally used
6433 unless you have no other database lookup),
6435 (use a sequence of maps
6436 previously declared),
6450 searches them in order.
6451 .ip AliasWait=\fItimeout\fP
6456 (units default to minutes)
6459 entry to exist in the alias database
6461 If it does not appear in the
6463 interval issue a warning.
6466 If set, allow HELO SMTP commands that don't include a host name.
6467 Setting this violates RFC 1123 section 5.2.5,
6468 but is necessary to interoperate with several SMTP clients.
6469 If there is a value, it is still checked for legitimacy.
6470 .ip AuthMaxBits=\fIN\fP
6472 Limit the maximum encryption strength for the security layer in
6473 SMTP AUTH (SASL). Default is essentially unlimited.
6474 This allows to turn off additional encryption in SASL if
6475 STARTTLS is already encrypting the communication, because the
6476 existing encryption strength is taken into account when choosing
6477 an algorithm for the security layer.
6478 For example, if STARTTLS is used and the symmetric cipher is 3DES,
6479 then the the keylength (in bits) is 168.
6482 to 168 will disable any encryption in SASL.
6485 List of authentication mechanisms for AUTH (separated by spaces).
6486 The advertised list of authentication mechanisms will be the
6487 intersection of this list and the list of available mechanisms as
6488 determined by the Cyrus SASL library.
6489 If STARTTLS is active, EXTERNAL will be added to this list.
6490 In that case, the value of {cert_subject} is used as authentication id.
6493 List of options for SMTP AUTH consisting of single characters
6494 with intervening white space or commas.
6497 A Use the AUTH= parameter for the MAIL FROM
6498 command only when authentication succeeded.
6499 This can be used as a workaround for broken
6500 MTAs that do not implement RFC 2554 correctly.
6501 a protection from active (non-dictionary) attacks
6502 during authentication exchange.
6503 c require mechanisms which pass client credentials,
6504 and allow mechanisms which can pass credentials
6506 d don't permit mechanisms susceptible to passive
6508 f require forward secrecy between sessions
6509 (breaking one won't help break next).
6510 m require mechanisms which provide mutual authentication
6511 (only available if using Cyrus SASL v2 or later).
6512 p don't permit mechanisms susceptible to simple
6513 passive attack (e.g., PLAIN, LOGIN), unless a
6514 security layer is active.
6515 y don't permit mechanisms that allow anonymous login.
6517 The first option applies to sendmail as a client, the others to a server.
6522 would disallow ANONYMOUS as AUTH mechanism and would
6523 allow PLAIN and LOGIN only if a security layer (e.g.,
6524 provided by STARTTLS) is already active.
6525 The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the
6526 selected SASL mechanisms.
6527 Explanations of these properties can be found in the Cyrus SASL documentation.
6530 The authentication realm that is passed to the Cyrus SASL library.
6531 If no realm is specified,
6534 .ip BadRcptThrottle=\fIN\fP
6536 If set and the specified number of recipients in a single SMTP
6537 transaction have been rejected, sleep for one second after each subsequent
6538 RCPT command in that transaction.
6539 .ip BlankSub=\fIc\fP
6541 Set the blank substitution character to
6543 Unquoted spaces in addresses are replaced by this character.
6544 Defaults to space (i.e., no change is made).
6547 Path to directory with certificates of CAs.
6548 This directory directory must contain the hashes of each CA certificate
6549 as filenames (or as links to them).
6552 File containing one or more CA certificates;
6553 see section about STARTTLS for more information.
6556 Validate the RHS of aliases when rebuilding the alias database.
6557 .ip CheckpointInterval=\fIN\fP
6559 Checkpoints the queue every
6563 If your system crashes during delivery to a large list,
6564 this prevents retransmission to any but the last
6567 .ip ClassFactor=\fIfact\fP
6571 is multiplied by the message class
6572 (determined by the Precedence: field in the user header
6575 lines in the configuration file)
6576 and subtracted from the priority.
6577 Thus, messages with a higher Priority: will be favored.
6581 File containing the certificate of the client, i.e., this certificate
6584 acts as client (for STARTTLS).
6587 File containing the private key belonging to the client certificate
6591 .ip ClientPortOptions=\fIoptions\fP
6593 Set client SMTP options.
6596 pairs separated by commas.
6600 Port Name/number of source port for connection (defaults to any free port)
6601 Addr Address mask (defaults INADDR_ANY)
6602 Family Address family (defaults to INET)
6603 SndBufSize Size of TCP send buffer
6604 RcvBufSize Size of TCP receive buffer
6605 Modifier Options (flags) for the client
6609 mask may be a numeric address in IPv4 dot notation or IPv6 colon notation
6611 Note that if a network name is specified,
6612 only the first IP address returned for it will be used.
6613 This may cause indeterminate behavior for network names
6614 that resolve to multiple addresses.
6615 Therefore, use of an address is recommended.
6617 can be the following character:
6620 h use name of interface for HELO command
6621 A don't use AUTH when sending e-mail
6622 S don't use STARTTLS when sending e-mail
6624 If ``h'' is set, the name corresponding to the outgoing interface
6625 address (whether chosen via the Connection parameter or
6626 the default) is used for the HELO/EHLO command.
6627 However, the name must not start with a square bracket
6628 and it must contain at least one dot.
6629 This is a simple test whether the name is not
6630 an IP address (in square brackets) but a qualified hostname.
6631 Note that multiple ClientPortOptions settings are allowed
6632 in order to give settings for each protocol family
6633 (e.g., one for Family=inet and one for Family=inet6).
6634 A restriction placed on one family only affects
6635 outgoing connections on that particular family.
6638 If set, colons are acceptable in e-mail addresses
6641 If not set, colons indicate the beginning of a RFC 822 group construct
6643 .q "groupname: member1, member2, ... memberN;" ).
6644 Doubled colons are always acceptable
6647 and proper route-addr nesting is understood
6649 .q <@relay:user@host> ).
6650 Furthermore, this option defaults on if the configuration version level
6651 is less than 6 (for back compatibility).
6652 However, it must be off for full compatibility with RFC 822.
6653 .ip ConnectionCacheSize=\fIN\fP
6655 The maximum number of open connections that will be cached at a time.
6657 This delays closing the current connection until
6658 either this invocation of
6660 needs to connect to another host
6662 Setting it to zero defaults to the old behavior,
6663 that is, connections are closed immediately.
6664 Since this consumes file descriptors,
6665 the connection cache should be kept small:
6666 4 is probably a practical maximum.
6667 .ip ConnectionCacheTimeout=\fItimeout\fP
6669 The maximum amount of time a cached connection will be permitted to idle
6671 If this time is exceeded,
6672 the connection is immediately closed.
6673 This value should be small (on the order of ten minutes).
6676 uses a cached connection,
6677 it always sends a RSET command
6678 to check the connection;
6679 if this fails, it reopens the connection.
6680 This keeps your end from failing if the other end times out.
6681 The point of this option is to be a good network neighbor
6682 and avoid using up excessive resources
6684 The default is five minutes.
6685 .ip ConnectOnlyTo=\fIaddress\fP
6688 override the connection address (for testing purposes).
6689 .ip ConnectionRateThrottle=\fIN\fP
6691 If set to a positive value,
6694 incoming connections in a one second period per daemon.
6695 This is intended to flatten out peaks
6696 and allow the load average checking to cut in.
6697 Defaults to zero (no limits).
6698 .ip ConnectionRateWindowSize=\fIN\fP
6700 Define the length of the interval for which
6701 the number of incoming connections is maintained.
6702 The default is 60 seconds.
6703 .ip ControlSocketName=\fIname\fP
6705 Name of the control socket for daemon management.
6708 daemon can be controlled through this named socket.
6709 Available commands are:
6718 command returns the current number of daemon children,
6719 the maximum number of daemon children,
6720 the free disk space (in blocks) of the queue directory,
6721 and the load average of the machine expressed as an integer.
6722 If not set, no control socket will be available.
6723 Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
6724 .ip CRLFile=\fIname\fP
6726 Name of file that contains certificate
6727 revocation status, useful for X.509v3 authentication.
6728 CRL checking requires at least OpenSSL version 0.9.7.
6729 Note: if a CRLFile is specified but the file is unusable,
6730 STARTTLS is disabled.
6732 Possible values are:
6736 1 use 1024 bit prime
6737 none do not use Diffie-Hellman
6738 NAME load prime from file
6740 This is only required if a ciphersuite containing DSA/DH is used.
6741 If ``5'' is selected, then precomputed, fixed primes are used.
6742 This is the default for the client side.
6743 If ``1'' is selected, then prime values are computed during startup.
6744 This is the default for the server side.
6745 Note: this operation can take a significant amount of time on a
6746 slow machine (several seconds), but it is only done once at startup.
6747 If ``none'' is selected, then TLS ciphersuites containing DSA/DH
6749 If a file name is specified (which must be an absolute path),
6750 then the primes are read from it.
6751 .ip DaemonPortOptions=\fIoptions\fP
6753 Set server SMTP options.
6755 .b DaemonPortOptions
6756 leads to an additional incoming socket.
6763 Name User-definable name for the daemon (defaults to "Daemon#")
6764 Port Name/number of listening port (defaults to "smtp")
6765 Addr Address mask (defaults INADDR_ANY)
6766 Family Address family (defaults to INET)
6767 InputMailFilters List of input mail filters for the daemon
6768 Listen Size of listen queue (defaults to 10)
6769 Modifier Options (flags) for the daemon
6770 SndBufSize Size of TCP send buffer
6771 RcvBufSize Size of TCP receive buffer
6772 children maximum number of children per daemon, see \fBMaxDaemonChildren\fP.
6773 DeliveryMode Delivery mode per daemon, see \fBDeliveryMode\fP.
6774 refuseLA RefuseLA per daemon
6775 delayLA DelayLA per daemon
6776 queueLA QueueLA per daemon
6780 key is used for error messages and logging.
6783 mask may be a numeric address in IPv4 dot notation or IPv6 colon notation
6785 Note that if a network name is specified,
6786 only the first IP address returned for it will be used.
6787 This may cause indeterminate behavior for network names
6788 that resolve to multiple addresses.
6789 Therefore, use of an address is recommended.
6792 key defaults to INET (IPv4).
6793 IPv6 users who wish to also accept IPv6 connections
6794 should add additional Family=inet6
6795 .b DaemonPortOptions
6799 key overrides the default list of input mail filters listed in the
6802 If multiple input mail filters are required, they must be separated
6803 by semicolons (not commas).
6805 can be a sequence (without any delimiters)
6806 of the following characters:
6809 a always require authentication
6810 b bind to interface through which mail has been received
6811 c perform hostname canonification (.cf)
6812 f require fully qualified hostname (.cf)
6813 s Run smtps (SMTP over SSL) instead of smtp
6814 u allow unqualified addresses (.cf)
6815 A disable AUTH (overrides 'a' modifier)
6816 C don't perform hostname canonification
6817 E disallow ETRN (see RFC 2476)
6818 O optional; if opening the socket fails ignore it
6819 S don't offer STARTTLS
6821 That is, one way to specify a message submission agent (MSA) that
6822 always requires authentication is:
6824 O DaemonPortOptions=Name=MSA, Port=587, M=Ea
6826 The modifiers that are marked with "(.cf)" have only
6827 effect in the standard configuration file, in which
6828 they are available via
6829 .b ${daemon_flags} .
6832 use the ``a'' modifier on a public accessible MTA!
6833 It should only be used for a MSA that is accessed by authorized
6834 users for initial mail submission.
6835 Users must authenticate to use a MSA which has this option turned on.
6836 The flags ``c'' and ``C'' can change the default for
6837 hostname canonification in the
6840 See the relevant documentation for
6841 .sm FEATURE(nocanonify) .
6842 The modifier ``f'' disallows addresses of the form
6844 unless they are submitted directly.
6845 The flag ``u'' allows unqualified sender addresses,
6846 i.e., those without @host.
6847 ``b'' forces sendmail to bind to the interface
6848 through which the e-mail has been
6849 received for the outgoing connection.
6852 only if outgoing mail can be routed through the incoming connection's
6853 interface to its destination. No attempt is made to catch problems due to a
6854 misconfiguration of this parameter, use it only for virtual hosting
6855 where each virtual interface can connect to every possible location.
6856 This will also override possible settings via
6857 .b ClientPortOptions.
6860 will listen on a new socket
6861 for each occurence of the
6862 .b DaemonPortOptions
6863 option in a configuration file.
6864 The modifier ``O'' causes sendmail to ignore a socket
6865 if it can't be opened.
6866 This applies to failures from the socket(2) and bind(2) calls.
6869 Filename that contains default authentication information for outgoing
6870 connections. This file must contain the user id, the authorization id,
6871 the password (plain text), the realm and the list of mechanisms to use
6872 on separate lines and must be readable by
6873 root (or the trusted user) only.
6874 If no realm is specified,
6877 If no mechanisms are specified, the list given by
6880 Notice: this option is deprecated and will be removed in future versions.
6881 Moreover, it doesn't work for the MSP since it can't read the file
6882 (the file must not be group/world-readable otherwise
6885 Use the authinfo ruleset instead which provides more control over
6886 the usage of the data anyway.
6887 .ip DefaultCharSet=\fIcharset\fP
6889 When a message that has 8-bit characters but is not in MIME format
6890 is converted to MIME
6891 (see the EightBitMode option)
6892 a character set must be included in the Content-Type: header.
6893 This character set is normally set from the Charset= field
6894 of the mailer descriptor.
6895 If that is not set, the value of this option is used.
6896 If this option is not set, the value
6899 .ip DataFileBufferSize=\fIthreshold\fP
6904 before a memory-based
6907 The default is 4096 bytes.
6908 .ip DeadLetterDrop=\fIfile\fP
6910 Defines the location of the system-wide dead.letter file,
6911 formerly hardcoded to /usr/tmp/dead.letter.
6912 If this option is not set (the default),
6913 sendmail will not attempt to save to a system-wide dead.letter file
6915 it cannot bounce the mail to the user or postmaster.
6916 Instead, it will rename the qf file
6917 as it has in the past
6918 when the dead.letter file could not be opened.
6919 .ip DefaultUser=\fIuser:group\fP
6921 Set the default userid for mailers to
6928 (as opposed to a numeric user id)
6929 the default group listed in the /etc/passwd file for that user is used
6930 as the default group.
6938 flag in the mailer definition
6939 will run as this user.
6941 The value can also be given as a symbolic user name.\**
6945 option has been combined into the
6949 .ip DelayLA=\fILA\fP
6951 When the system load average exceeds
6954 will sleep for one second on most SMTP commands and
6955 before accepting connections.
6956 .ip DeliverByMin=\fItime\fP
6958 Set minimum time for Deliver By SMTP Service Extension (RFC 2852).
6959 If 0, no time is listed, if less than 0, the extension is not offered,
6960 if greater than 0, it is listed as minimum time
6961 for the EHLO keyword DELIVERBY.
6962 .ip DeliveryMode=\fIx\fP
6969 i Deliver interactively (synchronously)
6970 b Deliver in background (asynchronously)
6971 q Just queue the message (deliver during queue run)
6972 d Defer delivery and all map lookups (deliver during queue run)
6974 Defaults to ``b'' if no option is specified,
6975 ``i'' if it is specified but given no argument
6976 (i.e., ``Od'' is equivalent to ``Odi'').
6979 command line flag sets this to
6981 Note: for internal reasons,
6983 if a milter is enabled which can reject or delete recipients.
6984 In that case the mode will be changed to ``b''.
6985 .ip DialDelay=\fIsleeptime\fP
6987 Dial-on-demand network connections can see timeouts
6988 if a connection is opened before the call is set up.
6989 If this is set to an interval and a connection times out
6990 on the first connection being attempted
6992 will sleep for this amount of time and try again.
6993 This should give your system time to establish the connection
6994 to your service provider.
6995 Units default to seconds, so
6997 uses a five second delay.
7000 This delay only applies to mailers which have the
7002 .ip DirectSubmissionModifiers=\fImodifiers\fP
7005 for direct (command line) submissions.
7008 is either "CC f" if the option
7010 is used or "c u" otherwise.
7011 Note that only the the "CC", "c", "f", and "u" flags are checked.
7012 .ip DontBlameSendmail=\fIoption,option,...\fP
7014 In order to avoid possible cracking attempts
7015 caused by world- and group-writable files and directories,
7017 does paranoid checking when opening most of its support files.
7018 If for some reason you absolutely must run with,
7023 then you will have to turn off this checking
7024 (at the cost of making your system more vulnerable to attack).
7025 The possible arguments have been described earlier.
7026 The details of these flags are described above.
7027 .\"XXX should have more here!!! XXX
7028 .b "Use of this option is not recommended."
7029 .ip DontExpandCnames
7031 The standards say that all host addresses used in a mail message
7032 must be fully canonical.
7033 For example, if your host is named
7035 and also has an alias of
7037 the former name must be used at all times.
7038 This is enforced during host name canonification
7039 ($[ ... $] lookups).
7040 If this option is set, the protocols are ignored and the
7043 However, the IETF is moving toward changing this standard,
7044 so the behavior may become acceptable.
7045 Please note that hosts downstream may still rewrite the address
7046 to be the true canonical name however.
7051 will avoid using the initgroups(3) call.
7052 If you are running NIS,
7053 this causes a sequential scan of the groups.byname map,
7054 which can cause your NIS server to be badly overloaded in a large domain.
7055 The cost of this is that the only group found for users
7056 will be their primary group (the one in the password file),
7057 which will make file access permissions somewhat more restrictive.
7058 Has no effect on systems that don't have group lists.
7059 .ip DontProbeInterfaces
7062 normally finds the names of all interfaces active on your machine
7064 and adds their name to the
7066 class of known host aliases.
7067 If you have a large number of virtual interfaces
7068 or if your DNS inverse lookups are slow
7069 this can be time consuming.
7070 This option turns off that probing.
7071 However, you will need to be certain to include all variant names
7074 class by some other mechanism.
7077 loopback interfaces (e.g., lo0) will not be probed.
7082 tries to eliminate any unnecessary explicit routes
7083 when sending an error message
7084 (as discussed in RFC 1123 \(sc 5.2.6).
7086 when sending an error message to
7088 <@known1,@known2,@known3:user@unknown>
7093 in order to make the route as direct as possible.
7096 option is set, this will be disabled,
7097 and the mail will be sent to the first address in the route,
7098 even if later addresses are known.
7099 This may be useful if you are caught behind a firewall.
7100 .ip DoubleBounceAddress=\fIerror-address\fP
7102 If an error occurs when sending an error message,
7103 send the error report
7106 because it is an error
7108 that occurs when trying to send another error
7110 to the indicated address.
7111 The address is macro expanded
7112 at the time of delivery.
7113 If not set, defaults to
7115 If set to an empty string, double bounces are dropped.
7116 .ip EightBitMode=\fIaction\fP
7118 Set handling of eight-bit data.
7119 There are two kinds of eight-bit data:
7120 that declared as such using the
7122 ESMTP declaration or the
7125 and undeclared 8-bit data, that is,
7126 input that just happens to be eight bits.
7127 There are three basic operations that can happen:
7128 undeclared 8-bit data can be automatically converted to 8BITMIME,
7129 undeclared 8-bit data can be passed as-is without conversion to MIME
7131 and declared 8-bit data can be converted to 7-bits
7132 for transmission to a non-8BITMIME mailer.
7137 .\" r Reject undeclared 8-bit data;
7138 .\" don't convert 8BITMIME\(->7BIT (``reject'')
7139 s Reject undeclared 8-bit data (``strict'')
7140 .\" do convert 8BITMIME\(->7BIT (``strict'')
7141 .\" c Convert undeclared 8-bit data to MIME;
7142 .\" don't convert 8BITMIME\(->7BIT (``convert'')
7143 m Convert undeclared 8-bit data to MIME (``mime'')
7144 .\" do convert 8BITMIME\(->7BIT (``mime'')
7145 .\" j Pass undeclared 8-bit data;
7146 .\" don't convert 8BITMIME\(->7BIT (``just send 8'')
7147 p Pass undeclared 8-bit data (``pass'')
7148 .\" do convert 8BITMIME\(->7BIT (``pass'')
7149 .\" a Adaptive algorithm: see below
7151 .\"The adaptive algorithm is to accept 8-bit data,
7152 .\"converting it to 8BITMIME only if the receiver understands that,
7153 .\"otherwise just passing it as undeclared 8-bit data;
7154 .\"8BITMIME\(->7BIT conversions are done.
7155 In all cases properly declared 8BITMIME data will be converted to 7BIT
7157 .ip ErrorHeader=\fIfile-or-message\fP
7159 Prepend error messages with the indicated message.
7160 If it begins with a slash,
7161 it is assumed to be the pathname of a file
7162 containing a message (this is the recommended setting).
7163 Otherwise, it is a literal message.
7164 The error file might contain the name, email address, and/or phone number
7165 of a local postmaster who could provide assistance
7167 If the option is missing or null,
7168 or if it names a file which does not exist or which is not readable,
7169 no message is printed.
7170 .ip ErrorMode=\fIx\fP
7172 Dispose of errors using mode
7178 p Print error messages (default)
7179 q No messages, just give exit status
7181 w Write back errors (mail if user not logged in)
7182 e Mail back errors (when applicable) and give zero exit stat always
7184 Note that the last mode,
7186 is for Berknet error processing and
7187 should not be used in normal circumstances.
7188 Note, too, that mode
7190 only applies to errors recognized before sendmail forks for
7191 background delivery.
7192 .ip FallbackMXhost=\fIfallbackhost\fP
7196 acts like a very low priority MX
7198 MX records will be looked up for this host,
7199 unless the name is surrounded by square brackets.
7200 This is intended to be used by sites with poor network connectivity.
7201 Messages which are undeliverable due to temporary address failures
7203 also go to the FallbackMXhost.
7204 .ip FallBackSmartHost=\fIhostname\fP
7206 .i FallBackSmartHost
7207 will be used in a last-ditch effort for each host.
7208 This is intended to be used by sites with "fake internal DNS",
7209 e.g., a company whose DNS accurately reflects the world
7210 inside that company's domain but not outside.
7213 If set to a value greater than zero (the default is one),
7214 it suppresses the MX lookups on addresses
7215 when they are initially sorted, i.e., for the first delivery attempt.
7216 This usually results in faster envelope splitting unless the MX records
7217 are readily available in a local DNS cache.
7218 To enforce initial sorting based on MX records set
7221 If the mail is submitted directly from the command line, then
7222 the value also limits the number of processes to deliver the envelopes;
7223 if more envelopes are created they are only queued up
7224 and must be taken care of by a queue run.
7225 Since the default submission method is via SMTP (either from a MUA
7226 or via the MSP), the value of
7228 is seldom used to limit the number of processes to deliver the envelopes.
7232 deliver each job that is run from the queue in a separate process.
7233 .ip ForwardPath=\fIpath\fP
7235 Set the path for searching for users' .forward files.
7238 Some sites that use the automounter may prefer to change this to
7240 to search a file with the same name as the user in a system directory.
7241 It can also be set to a sequence of paths separated by colons;
7243 stops at the first file it can successfully and safely open.
7245 .q /var/forward/$u:$z/.forward
7246 will search first in /var/forward/\c
7249 .i ~username /.forward
7250 (but only if the first file does not exist).
7251 .ip HeloName=\fIname\fP
7253 Set the name to be used for HELO/EHLO (instead of $j).
7256 If an outgoing mailer is marked as being expensive,
7257 don't connect immediately.
7258 .ip HostsFile=\fIpath\fP
7260 The path to the hosts database,
7263 This option is only consulted when sendmail
7264 is canonifying addresses,
7269 service switch entry.
7270 In particular, this file is
7272 used when looking up host addresses;
7273 that is under the control of the system
7274 .i gethostbyname (3)
7276 .ip HostStatusDirectory=\fIpath\fP
7278 The location of the long term host status information.
7280 information about the status of hosts
7281 (e.g., host down or not accepting connections)
7282 will be shared between all
7285 normally, this information is only held within a single queue run.
7286 This option requires a connection cache of at least 1 to function.
7287 If the option begins with a leading `/',
7288 it is an absolute pathname;
7290 it is relative to the mail queue directory.
7291 A suggested value for sites desiring persistent host status is
7293 (i.e., a subdirectory of the queue directory).
7296 Ignore dots in incoming messages.
7297 This is always disabled (that is, dots are always accepted)
7298 when reading SMTP mail.
7299 .ip InputMailFilters=\fIname,name,...\fP
7300 A comma separated list of filters which determines which filters
7301 (see the "X \*- Mail Filter (Milter) Definitions" section)
7302 and the invocation sequence are contacted for incoming SMTP messages.
7303 If none are set, no filters will be contacted.
7304 .ip LDAPDefaultSpec=\fIspec\fP
7306 Sets a default map specification for LDAP maps.
7307 The value should only contain LDAP specific settings
7309 .q "-h host -p port -d bindDN" .
7310 The settings will be used for all LDAP maps
7311 unless the individual map specification overrides a setting.
7312 This option should be set before any LDAP maps are defined.
7313 .ip LogLevel=\fIn\fP
7315 Set the log level to
7324 This is intended only for use from the command line.
7330 Type of lookup to find information about local mailboxes,
7331 defaults to ``pw'' which uses
7333 Other types can be introduced by adding them to the source code,
7334 see libsm/mbdb.c for details.
7337 Use as mail submission program, i.e.,
7338 allow group writable queue files
7339 if the group is the same as that of a set-group-ID sendmail binary.
7341 .b sendmail/SECURITY
7342 in the distribution tarball.
7345 Allow fuzzy matching on the GECOS field.
7346 If this flag is set,
7347 and the usual user name lookups fail
7348 (that is, there is no alias with this name and a
7351 sequentially search the password file
7352 for a matching entry in the GECOS field.
7353 This also requires that MATCHGECOS
7354 be turned on during compilation.
7355 This option is not recommended.
7356 .ip MaxAliasRecursion=\fIN\fP
7358 The maximum depth of alias recursion (default: 10).
7359 .ip MaxDaemonChildren=\fIN\fP
7363 will refuse connections when it has more than
7365 children processing incoming mail or automatic queue runs.
7366 This does not limit the number of outgoing connections.
7369 (background) is used, then
7371 may create an almost unlimited number of children
7372 (depending on the number of transactions and the
7373 relative execution times of mail receiption and mail delivery).
7374 If the limit should be enforced, then a
7376 other than background must be used.
7377 If not set, there is no limit to the number of children --
7378 that is, the system load average controls this.
7379 .ip MaxHeadersLength=\fIN\fP
7381 The maximum length of the sum of all headers.
7382 This can be used to prevent a denial of service attack.
7383 The default is no limit.
7384 .ip MaxHopCount=\fIN\fP
7386 The maximum hop count.
7387 Messages that have been processed more than
7389 times are assumed to be in a loop and are rejected.
7391 .ip MaxMessageSize=\fIN\fP
7393 Specify the maximum message size
7394 to be advertised in the ESMTP EHLO response.
7395 Messages larger than this will be rejected.
7396 If set to a value greater than zero,
7397 that value will be listed in the SIZE response,
7398 otherwise SIZE is advertised in the ESMTP EHLO response
7399 without a parameter.
7400 .ip MaxMimeHeaderLength=\fIN[/M]\fP
7402 Sets the maximum length of certain MIME header field values to
7405 These MIME header fields are determined by being a member of
7406 class {checkMIMETextHeaders}, which currently contains only
7407 the header Content-Description.
7408 For some of these headers which take parameters,
7409 the maximum length of each parameter is set to
7413 is not specified, one half of
7417 these values are 2048 and 1024, respectively.
7418 To allow any length, a value of 0 can be specified.
7419 .ip MaxNOOPCommands=\fIN\fP
7420 Override the default of
7424 commands, see Section
7425 "Measures against Denial of Service Attacks".
7426 .ip MaxQueueChildren=\fIN\fP
7428 When set, this limits the number of concurrent queue runner processes to
7430 This helps to control the amount of system resources used when processing
7431 the queue. When there are multiple queue groups defined and the total number
7432 of queue runners for these queue groups would exceed
7434 then the queue groups will not all run concurrently. That is, some portion
7435 of the queue groups will run concurrently such that
7437 will not be exceeded, while the remaining queue groups will be run later (in
7438 round robin order). See also
7439 .i MaxRunnersPerQueue
7440 and the section \fBQueue Group Declaration\fP.
7443 does not count individual queue runners, but only sets of processes
7444 that act on a workgroup.
7445 Hence the actual number of queue runners may be lower than the limit
7447 .i MaxQueueChildren .
7448 This discrepancy can be large if some queue runners have to wait
7449 for a slow server and if short intervals are used.
7450 .ip MaxQueueRunSize=\fIN\fP
7452 The maximum number of jobs that will be processed
7453 in a single queue run.
7454 If not set, there is no limit on the size.
7455 If you have very large queues or a very short queue run interval
7456 this could be unstable.
7457 However, since the first
7459 jobs in queue directory order are run (rather than the
7461 highest priority jobs)
7462 this should be set as high as possible to avoid
7464 jobs that happen to fall late in the queue directory.
7465 Note: this option also restricts the number of entries printed by
7474 entries are printed per queue group.
7475 .ip MaxRecipientsPerMessage=\fIN\fP
7477 The maximum number of recipients that will be accepted per message
7478 in an SMTP transaction.
7479 Note: setting this too low can interfere with sending mail from
7480 MUAs that use SMTP for initial submission.
7481 If not set, there is no limit on the number of recipients per envelope.
7482 .ip MaxRunnersPerQueue=\fIN\fP
7484 This sets the default maximum number of queue runners for queue groups.
7487 queue runners will work in parallel on a queue group's messages.
7488 This is useful where the processing of a message in the queue might
7489 delay the processing of subsequent messages. Such a delay may be the result
7490 of non-erroneous situations such as a low bandwidth connection.
7491 May be overridden on a per queue group basis by setting the
7493 option; see the section \fBQueue Group Declaration\fP.
7494 The default is 1 when not set.
7498 even if I am in an alias expansion.
7499 This option is deprecated
7500 and will be removed from a future version.
7503 This option has several sub(sub)options.
7504 The names of the suboptions are separated by dots.
7505 At the first level the following options are available:
7507 .ta \w'LogLevel'u+3n
7508 LogLevel Log level for input mail filter actions, defaults to LogLevel.
7509 macros Specifies list of macro to transmit to filters.
7512 The ``macros'' option has the following suboptions
7513 which specify the list of macro to transmit to milters
7514 after a certain event occurred.
7517 connect After session connection start
7518 helo After EHLO/HELO command
7519 envfrom After MAIL From command
7520 envrcpt After RCPT To command
7521 data After DATA command.
7522 eoh After DATA command and header
7523 eom After DATA command and terminating ``.''
7525 By default the lists of macros are empty.
7528 O Milter.LogLevel=12
7529 O Milter.macros.connect=j, _, {daemon_name}
7531 .ip MinFreeBlocks=\fIN\fP
7535 blocks free on the filesystem that holds the queue files
7536 before accepting email via SMTP.
7537 If there is insufficient space
7539 gives a 452 response
7540 to the MAIL command.
7541 This invites the sender to try again later.
7542 .ip MinQueueAge=\fIage\fP
7544 Don't process any queued jobs
7545 that have been in the queue less than the indicated time interval.
7546 This is intended to allow you to get responsiveness
7547 by processing the queue fairly frequently
7548 without thrashing your system by trying jobs too often.
7549 The default units are minutes.
7551 This option is ignored for queue runs that select a subset
7553 .q \-q[!][I|R|S|Q][string]
7554 .ip MustQuoteChars=\fIs\fP
7556 Sets the list of characters that must be quoted if used in a full name
7557 that is in the phrase part of a ``phrase <address>'' syntax.
7558 The default is ``\'.''.
7559 The characters ``@,;:\e()[]'' are always added to this list.
7562 The priority of queue runners (nice(3)).
7563 This value must be greater or equal zero.
7564 .ip NoRecipientAction
7566 The action to take when you receive a message that has no valid
7567 recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
7568 the last included for back compatibility with old
7572 to pass the message on unmodified,
7573 which violates the protocol,
7575 to add a To: header with any recipients it can find in the envelope
7576 (which might expose Bcc: recipients),
7577 .b Add-Apparently-To
7578 to add an Apparently-To: header
7579 (this is only for back-compatibility
7580 and is officially deprecated),
7581 .b Add-To-Undisclosed
7583 .q "To: undisclosed-recipients:;"
7584 to make the header legal without disclosing anything,
7587 to add an empty Bcc: header.
7590 Assume that the headers may be in old format,
7592 spaces delimit names.
7593 This actually turns on
7594 an adaptive algorithm:
7595 if any recipient address contains a comma, parenthesis,
7597 it will be assumed that commas already exist.
7598 If this flag is not on,
7599 only commas delimit names.
7600 Headers are always output with commas between the names.
7602 .ip OperatorChars=\fIcharlist\fP
7604 The list of characters that are considered to be
7606 that is, characters that delimit tokens.
7607 All operator characters are tokens by themselves;
7608 sequences of non-operator characters are also tokens.
7609 White space characters separate tokens
7610 but are not tokens themselves \(em for example,
7612 has three tokens, but
7615 If not set, OperatorChars defaults to
7616 .q \&.\|:\|@\|[\|] ;
7617 additionally, the characters
7619 are always operators.
7620 Note that OperatorChars must be set in the
7621 configuration file before any rulesets.
7622 .ip PidFile=\fIfilename\fP
7624 Filename of the pid file.
7625 (default is _PATH_SENDMAILPID).
7628 is macro-expanded before it is opened, and unlinked when
7631 .ip PostmasterCopy=\fIpostmaster\fP
7634 copies of error messages will be sent to the named
7636 Only the header of the failed message is sent.
7637 Errors resulting from messages with a negative precedence will not be sent.
7638 Since most errors are user problems,
7639 this is probably not a good idea on large sites,
7640 and arguably contains all sorts of privacy violations,
7641 but it seems to be popular with certain operating systems vendors.
7642 The address is macro expanded
7643 at the time of delivery.
7644 Defaults to no postmaster copies.
7645 .ip PrivacyOptions=\fI\|opt,opt,...\fP
7649 ``Privacy'' is really a misnomer;
7650 many of these are just a way of insisting on stricter adherence
7651 to the SMTP protocol.
7654 can be selected from:
7656 .ta \w'noactualrecipient'u+3n
7657 public Allow open access
7658 needmailhelo Insist on HELO or EHLO command before MAIL
7659 needexpnhelo Insist on HELO or EHLO command before EXPN
7660 noexpn Disallow EXPN entirely, implies noverb.
7661 needvrfyhelo Insist on HELO or EHLO command before VRFY
7662 novrfy Disallow VRFY entirely
7663 noetrn Disallow ETRN entirely
7664 noverb Disallow VERB entirely
7665 restrictmailq Restrict mailq command
7666 restrictqrun Restrict \-q command line flag
7667 restrictexpand Restrict \-bv and \-v command line flags
7668 noreceipts Don't return success DSNs\**
7669 nobodyreturn Don't return the body of a message with DSNs
7670 goaway Disallow essentially all SMTP status queries
7671 authwarnings Put X-Authentication-Warning: headers in messages
7673 noactualrecipient Don't put X-Actual-Recipient lines in DSNs
7674 which reveal the actual account that addresses map to.
7680 flag turns off support for RFC 1891
7681 (Delivery Status Notification).
7685 pseudo-flag sets all flags except
7693 If mailq is restricted,
7694 only people in the same group as the queue directory
7695 can print the queue.
7696 If queue runs are restricted,
7697 only root and the owner of the queue directory
7701 pseudo-flag instructs
7703 to drop privileges when the
7705 option is given by users who are neither root nor the TrustedUser
7706 so users cannot read private aliases, forwards, or :include: files.
7710 .q DontBlameSendmail
7711 option to prevent misleading unsafe address warnings.
7712 It also overrides the
7714 (verbose) command line option to prevent information leakage.
7715 Authentication Warnings add warnings about various conditions
7716 that may indicate attempts to spoof the mail system,
7717 such as using a non-standard queue directory.
7718 .ip ProcessTitlePrefix=\fIstring\fP
7720 Prefix the process title shown on 'ps' listings with
7724 will be macro processed.
7725 .ip QueueDirectory=\fIdir\fP
7727 The QueueDirectory option serves two purposes.
7728 First, it specifies the directory or set of directories that comprise
7729 the default queue group.
7730 Second, it specifies the directory D which is the ancestor of all queue
7731 directories, and which sendmail uses as its current working directory.
7732 When sendmail dumps core, it leaves its core files in D.
7733 There are two cases.
7734 If \fIdir\fR ends with an asterisk (eg, \fI/var/spool/mqueue/qd*\fR),
7735 then all of the directories or symbolic links to directories
7736 beginning with `qd' in
7737 .i /var/spool/mqueue
7738 will be used as queue directories of the default queue group,
7740 .i /var/spool/mqueue
7741 will be used as the working directory D.
7743 \fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR):
7744 the default queue group consists of the single queue directory \fIdir\fR,
7745 and the working directory D is set to \fIdir\fR.
7746 To define additional groups of queue directories,
7747 use the configuration file `Q' command.
7748 Do not change the queue directory structure
7749 while sendmail is running.
7750 .ip QueueFactor=\fIfactor\fP
7754 as the multiplier in the map function
7755 to decide when to just queue up jobs rather than run them.
7756 This value is divided by the difference between the current load average
7757 and the load average limit
7761 to determine the maximum message priority
7764 .ip QueueLA=\fILA\fP
7766 When the system load average exceeds
7772 option divided by the difference in the current load average and the
7775 is less than the priority of the message,
7777 (i.e., don't try to send them).
7778 Defaults to 8 multiplied by
7779 the number of processors online on the system
7780 (if that can be determined).
7781 .ip QueueFileMode=\fImode\fP
7783 Default permissions for queue files (octal).
7784 If not set, sendmail uses 0600 unless its real
7785 and effective uid are different in which case it uses 0644.
7786 .ip QueueSortOrder=\fIalgorithm\fP
7790 used for sorting the queue.
7791 Only the first character of the value is used.
7794 (to order by the name of the first host name of the first recipient),
7796 (to order by the name of the queue file name),
7798 (to order by the submission/creation time),
7800 (to order randomly),
7802 (to order by the modification time of the qf file (older entries first)),
7807 (to order by message priority).
7808 Host ordering makes better use of the connection cache,
7809 but may tend to process low priority messages
7810 that go to a single host
7811 over high priority messages that go to several hosts;
7812 it probably shouldn't be used on slow network links.
7813 Filename and modification time ordering saves the overhead of
7814 reading all of the queued items
7815 before starting the queue run.
7816 Creation (submission) time ordering is almost always a bad idea,
7817 since it allows large, bulk mail to go out
7818 before smaller, personal mail,
7819 but may have applicability on some hosts with very fast connections.
7820 Random is useful if several queue runners are started by hand
7821 which try to drain the same queue since odds are they will be working
7822 on different parts of the queue at the same time.
7823 Priority ordering is the default.
7824 .ip QueueTimeout=\fItimeout\fP
7827 .q Timeout.queuereturn .
7828 Use that form instead of the
7833 Name of file containing random data or the name of the UNIX socket
7835 A (required) prefix "egd:" or "file:" specifies the type.
7836 STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set
7837 (see sendmail/README).
7838 .ip ResolverOptions=\fIoptions\fP
7840 Set resolver options.
7841 Values can be set using
7867 can be specified to turn off matching against MX records
7868 when doing name canonifications.
7870 .q WorkAroundBrokenAAAA
7875 can be specified to work around some broken nameservers
7876 which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.
7877 Notice: it might be necessary to apply the same (or similar) options to
7880 .ip RequiresDirfsync
7882 This option can be used to override the compile time flag
7883 .b REQUIRES_DIR_FSYNC
7884 at runtime by setting it to
7886 If the compile time flag is not set, the option is ignored.
7887 The flag turns on support for file systems that require to call
7889 for a directory if the meta-data in it has been changed.
7890 This should be turned on at least for older versions of ReiserFS;
7891 it is enabled by default for Linux.
7892 According to some information this flag is not needed
7893 anymore for kernel 2.4.16 and newer.
7896 If this option is set, a
7897 .q Return-Receipt-To:
7898 header causes the request of a DSN, which is sent to
7899 the envelope sender as required by RFC 1891,
7900 not to the address given in the header.
7901 .ip RunAsUser=\fIuser\fP
7905 parameter may be a user name
7908 or a numeric user id;
7909 either form can have
7912 (where group can be numeric or symbolic).
7913 If set to a non-zero (non-root) value,
7915 will change to this user id shortly after startup\**.
7917 \**When running as a daemon,
7918 it changes to this user after accepting a connection
7919 but before reading any
7923 This avoids a certain class of security problems.
7924 However, this means that all
7928 files must be readable by the indicated
7930 and all files to be written must be writable by
7932 Also, all file and program deliveries will be marked unsafe
7934 .b DontBlameSendmail=NonRootSafeAddr
7936 in which case the delivery will be done as
7938 It is also incompatible with the
7939 .b SafeFileEnvironment
7941 In other words, it may not actually add much to security on an average system,
7942 and may in fact detract from security
7943 (because other file permissions must be loosened).
7944 However, it should be useful on firewalls and other
7945 places where users don't have accounts and the aliases file is
7947 .ip RecipientFactor=\fIfact\fP
7951 is added to the priority (thus
7953 the priority of the job)
7955 i.e., this value penalizes jobs with large numbers of recipients.
7957 .ip RefuseLA=\fILA\fP
7959 When the system load average exceeds
7961 refuse incoming SMTP connections.
7962 Defaults to 12 multiplied by
7963 the number of processors online on the system
7964 (if that can be determined).
7965 .ip RejectLogInterval=\fItimeout\fP
7967 Log interval when refusing connections for this long
7969 .ip RetryFactor=\fIfact\fP
7973 is added to the priority
7974 every time a job is processed.
7976 each time a job is processed,
7977 its priority will be decreased by the indicated value.
7978 In most environments this should be positive,
7979 since hosts that are down are all too often down for a long time.
7981 .ip SafeFileEnvironment=\fIdir\fP
7983 If this option is set,
7987 call into the indicated
7989 before doing any file writes.
7990 If the file name specified by the user begins with
7992 that partial path name will be stripped off before writing,
7994 if the SafeFileEnvironment variable is set to
8000 actually indicate the same file.
8001 Additionally, if this option is set,
8003 refuses to deliver to symbolic links.
8009 lines at the front of headers.
8010 Normally they are assumed redundant
8014 If set, send error messages in MIME format
8015 (see RFC 2045 and RFC 1344 for details).
8018 will not return the DSN keyword in response to an EHLO
8019 and will not do Delivery Status Notification processing as described in
8023 File containing the certificate of the server, i.e., this certificate
8024 is used when sendmail acts as server
8025 (used for STARTTLS).
8028 File containing the private key belonging to the server certificate
8029 (used for STARTTLS).
8030 .ip ServiceSwitchFile=\fIfilename\fP
8032 If your host operating system has a service switch abstraction
8033 (e.g., /etc/nsswitch.conf on Solaris
8034 or /etc/svc.conf on Ultrix and DEC OSF/1)
8035 that service will be consulted and this option is ignored.
8036 Otherwise, this is the name of a file
8037 that provides the list of methods used to implement particular services.
8038 The syntax is a series of lines,
8039 each of which is a sequence of words.
8040 The first word is the service name,
8041 and following words are service types.
8044 consults directly are
8048 Service types can be
8054 (with the caveat that the appropriate support
8056 before the service can be referenced).
8057 If ServiceSwitchFile is not specified, it defaults to
8058 /etc/mail/service.switch.
8059 If that file does not exist, the default switch is:
8065 .q /etc/mail/service.switch .
8068 Strip input to seven bits for compatibility with old systems.
8069 This shouldn't be necessary.
8072 Key to use for shared memory segment;
8073 if not set (or 0), shared memory will not be used.
8077 can select a key itself provided that also
8078 .b SharedMemoryKeyFile
8080 Requires support for shared memory to be compiled into
8082 If this option is set,
8084 can share some data between different instances.
8085 For example, the number of entries in a queue directory
8086 or the available space in a file system.
8087 This allows for more efficient program execution, since only
8088 one process needs to update the data instead of each individual
8089 process gathering the data each time it is required.
8090 .ip SharedMemoryKeyFile
8096 then the automatically selected shared memory key will be stored
8097 in the specified file.
8098 .ip SingleLineFromHeader
8100 If set, From: lines that have embedded newlines are unwrapped
8102 This is to get around a botch in Lotus Notes
8103 that apparently cannot understand legally wrapped RFC 822 headers.
8104 .ip SingleThreadDelivery
8106 If set, a client machine will never try to open two SMTP connections
8107 to a single server machine at the same time,
8108 even in different processes.
8111 is already talking to some host a new
8113 will not open another connection.
8114 This property is of mixed value;
8115 although this reduces the load on the other machine,
8116 it can cause mail to be delayed
8117 (for example, if one
8119 is delivering a huge message, other
8121 won't be able to send even small messages).
8122 Also, it requires another file descriptor
8124 per connection, so you may have to reduce the
8125 .b ConnectionCacheSize
8126 option to avoid running out of per-process file descriptors.
8128 .b HostStatusDirectory
8130 .ip SmtpGreetingMessage=\fImessage\fP
8132 The message printed when the SMTP server starts up.
8134 .q "$j Sendmail $v ready at $b".
8136 If set, issue temporary errors (4xy) instead of permanent errors (5xy).
8137 This can be useful during testing of a new configuration to avoid
8138 erroneous bouncing of mails.
8139 .ip StatusFile=\fIfile\fP
8141 Log summary statistics in the named
8143 If no file name is specified, "statistics" is used.
8145 no summary statistics are saved.
8146 This file does not grow in size.
8147 It can be printed using the
8152 This option can be set to True, False, Interactive, or PostMilter.
8155 will be super-safe when running things,
8156 i.e., always instantiate the queue file,
8157 even if you are going to attempt immediate delivery.
8159 always instantiates the queue file
8160 before returning control to the client
8161 under any circumstances.
8165 The Interactive value has been introduced in 8.12 and can
8166 be used together with
8168 It skips some synchronization calls which are effectively
8169 doubled in the code execution path for this mode.
8170 If set to PostMilter,
8172 defers synchronizing the queue file until any milters have
8173 signaled acceptance of the message.
8174 PostMilter is useful only when
8176 is running as an SMTP server; in all other situations it
8177 acts the same as True.
8180 List of options for SMTP STARTTLS for the server
8181 consisting of single characters
8182 with intervening white space or commas.
8183 The flag ``V'' disables client verification, and hence
8184 it is not possible to use a client certificate for relaying.
8185 Currently there are no other flags available.
8186 .ip TempFileMode=\fImode\fP
8188 The file mode for transcript files, files to which
8190 delivers directly, files in the
8191 .b HostStatusDirectory ,
8194 It is interpreted in octal by default.
8196 .ip Timeout.\fItype\fP=\|\fItimeout\fP
8197 [r; subsumes old T option as well]
8199 For more information,
8203 .ip TimeZoneSpec=\fItzinfo\fP
8205 Set the local time zone info to
8209 Actually, if this is not set,
8210 the TZ environment variable is cleared (so the system default is used);
8211 if set but null, the user's TZ variable is used,
8212 and if set and non-null the TZ variable is set to this value.
8213 .ip TrustedUser=\fIuser\fP
8217 parameter may be a user name
8220 or a numeric user id.
8221 Trusted user for file ownership and starting the daemon. If set, generated
8222 alias databases and the control socket (if configured) will automatically
8223 be owned by this user.
8226 If this system is the
8228 (that is, lowest preference)
8229 MX for a given host,
8230 its configuration rules should normally detect this situation
8231 and treat that condition specially
8232 by forwarding the mail to a UUCP feed,
8233 treating it as local,
8235 However, in some cases (such as Internet firewalls)
8236 you may want to try to connect directly to that host
8237 as though it had no MX records at all.
8238 Setting this option causes
8241 The downside is that errors in your configuration
8242 are likely to be diagnosed as
8245 .q "message timed out"
8246 instead of something more meaningful.
8247 This option is disrecommended.
8248 .ip UnixFromLine=\fIfromline\fP
8250 Defines the format used when
8252 must add a UNIX-style From_ line
8253 (that is, a line beginning
8254 .q From<space>user ).
8257 Don't change this unless your system uses a different UNIX mailbox format
8259 .ip UnsafeGroupWrites
8262 :include: and .forward files that are group writable are considered
8265 they cannot reference programs or write directly to files.
8266 World writable :include: and .forward files
8269 .b DontBlameSendmail
8270 instead; this option is deprecated.
8275 header, send error messages to the addresses listed there.
8276 They normally go to the envelope sender.
8277 Use of this option causes
8279 to violate RFC 1123.
8280 This option is disrecommended and deprecated.
8281 .ip UserDatabaseSpec=\fIudbspec\fP
8283 The user database specification.
8286 Run in verbose mode.
8297 so that all mail is delivered completely
8299 so that you can see the entire delivery process.
8304 be set in the configuration file;
8305 it is intended for command line use only.
8306 Note that the use of option
8308 can cause authentication information to leak, if you use a
8309 sendmail client to authenticate to a server.
8310 If the authentication mechanism uses plain text passwords
8311 (as with LOGIN or PLAIN),
8312 then the password could be compromised.
8313 To avoid this, do not install sendmail set-user-ID root,
8316 SMTP command with a suitable
8319 .ip XscriptFileBufferSize=\fIthreshold\fP
8324 before a memory-based
8325 queue transcript file
8327 The default is 4096 bytes.
8329 All options can be specified on the command line using the
8333 to relinquish its set-user-ID permissions.
8334 The options that will not cause this are
8338 CheckpointInterval [C],
8345 OldStyleHeaders [o],
8356 SingleLineFromHeader,
8359 Actually, PrivacyOptions [p] given on the command line
8360 are added to those already specified in the
8362 file, i.e., they can't be reset.
8363 Also, M (define macro) when defining the r or s macros
8366 .sh 2 "P \*- Precedence Definitions"
8370 field may be defined using the
8373 The syntax of this field is:
8375 \fBP\fP\fIname\fP\fB=\fP\fInum\fP
8382 the message class is set to
8384 Higher numbers mean higher precedence.
8385 Numbers less than zero
8386 have the special property
8387 that if an error occurs during processing
8388 the body of the message will not be returned;
8389 this is expected to be used for
8391 mail such as through mailing lists.
8392 The default precedence is zero.
8394 our list of precedences is:
8397 Pspecial-delivery=100
8402 People writing mailing list exploders
8403 are encouraged to use
8404 .q "Precedence: list" .
8407 (which discarded all error returns for negative precedences)
8408 didn't recognize this name, giving it a default precedence of zero.
8409 This allows list maintainers to see error returns
8410 on both old and new versions of
8412 .sh 2 "V \*- Configuration Version Level"
8414 To provide compatibility with old configuration files,
8417 line has been added to define some very basic semantics
8418 of the configuration file.
8419 These are not intended to be long term supports;
8420 rather, they describe compatibility features
8421 which will probably be removed in future releases.
8427 to do with the version
8432 version 10 config files
8433 (specifically, 8.10)
8434 used version level 9 configurations.
8437 configuration files are defined as version level one.
8438 Version level two files make the following changes:
8440 Host name canonification ($[ ... $])
8441 appends a dot if the name is recognized;
8442 this gives the config file a way of finding out if anything matched.
8443 (Actually, this just initializes the
8447 flag \*- you can reset it to anything you prefer
8448 by declaring the map explicitly.)
8450 Default host name extension is consistent throughout processing;
8451 version level one configurations turned off domain extension
8452 (that is, adding the local domain name)
8453 during certain points in processing.
8454 Version level two configurations are expected to include a trailing dot
8455 to indicate that the name is already canonical.
8457 Local names that are not aliases
8458 are passed through a new distinguished ruleset five;
8459 this can be used to append a local relay.
8460 This behavior can be prevented by resolving the local name
8461 with an initial `@'.
8462 That is, something that resolves to a local mailer and a user name of
8464 will be passed through ruleset five,
8467 will have the `@' stripped,
8468 will not be passed through ruleset five,
8469 but will otherwise be treated the same as the prior example.
8470 The expectation is that this might be used to implement a policy
8473 was handled by a central hub,
8476 was delivered directly.
8478 Version level three files
8479 allow # initiated comments on all lines.
8480 Exceptions are backslash escaped # marks
8483 Version level four configurations
8484 are completely equivalent to level three
8485 for historical reasons.
8487 Version level five configuration files
8488 change the default definition of
8490 to be just the first component of the hostname.
8492 Version level six configuration files
8493 change many of the local processing options
8494 (such as aliasing and matching the beginning of the address for
8497 this allows fine-grained control over the special local processing.
8498 Level six configuration files may also use long option names.
8501 option (to allow colons in the local-part of addresses)
8504 for lower numbered configuration files;
8505 the configuration file requires some additional intelligence
8506 to properly handle the RFC 822 group construct.
8508 Version level seven configuration files
8509 used new option names to replace old macros
8513 .b SmtpGreetingMessage ,
8521 Also, prior to version seven,
8524 flag (use 250 instead of 252 return value for
8529 Version level eight configuration files allow
8531 on the left hand side of ruleset lines.
8533 Version level nine configuration files allow
8534 parentheses in rulesets, i.e. they are not treated
8535 as comments and hence removed.
8537 Version level ten configuration files allow
8538 queue group definitions.
8542 line may have an optional
8545 to indicate that this configuration file uses modifications
8546 specific to a particular vendor\**.
8548 \**And of course, vendors are encouraged to add themselves
8549 to the list of recognized vendors by editing the routine
8553 Please send e-mail to sendmail@Sendmail.ORG
8554 to register your vendor dialect.
8558 to emphasize that this configuration file
8559 uses the Berkeley dialect of
8561 .sh 2 "K \*- Key File Declaration"
8563 Special maps can be defined using the line:
8565 Kmapname mapclass arguments
8569 is the handle by which this map is referenced in the rewriting rules.
8572 is the name of a type of map;
8573 these are compiled in to
8577 are interpreted depending on the class;
8579 there would be a single argument naming the file containing the map.
8581 Maps are referenced using the syntax:
8583 $( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $)
8585 where either or both of the
8589 portion may be omitted.
8592 may appear more than once.
8597 are passed to the appropriate mapping function.
8598 If it returns a value, it replaces the input.
8599 If it does not return a value and the
8604 Otherwise, the input is unchanged.
8608 are passed to the map for arbitrary use.
8609 Most map classes can interpolate these arguments
8610 into their values using the syntax
8615 to indicate the corresponding
8619 indicates the database key.
8620 For example, the rule
8623 R$\- ! $+ $: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $)
8625 Looks up the UUCP name in a (user defined) UUCP map;
8626 if not found it turns it into
8629 The database might contain records like:
8631 decvax %1@%0.DEC.COM
8632 research %1@%0.ATT.COM
8636 clauses never do this mapping.
8638 The built-in map with both name and class
8640 is the host name canonicalization lookup.
8644 $(host \fIhostname\fP$)
8651 There are many defined classes.
8653 Database lookups using the ndbm(3) library.
8655 must be compiled with
8659 Database lookups using the btree interface to the Berkeley DB
8662 must be compiled with
8666 Database lookups using the hash interface to the Berkeley DB
8669 must be compiled with
8675 must be compiled with
8681 must be compiled with
8684 The argument is the name of the table to use for lookups,
8689 flags may be used to set the key and value columns respectively.
8693 must be compiled with
8697 LDAP X500 directory lookups.
8699 must be compiled with
8702 The map supports most of the standard arguments
8703 and most of the command line arguments of the
8708 if a single query matches multiple values,
8709 only the first value will be returned
8716 map flag will treat a multiple value return
8717 as if there were no matches.
8719 NeXT NetInfo lookups.
8721 must be compiled with
8726 The format of the text file is defined by the
8730 (value field number),
8737 Contributed and supported by
8738 Mark Roth, roth@uiuc.edu.
8739 For more information,
8740 consult the web site
8741 .q http://www-dev.cites.uiuc.edu/sendmail/ .
8743 nsd map for IRIX 6.5 and later.
8744 Contributed and supported by Bob Mende of SGI,
8747 Internal symbol table lookups.
8748 Used internally for aliasing.
8750 Really should be called
8752 \(em this is used to get the default lookups
8754 and is the default if no class is specified for alias files.
8756 Looks up users using
8760 flag can be used to specify the name of the field to return
8761 (although this is normally used only to check the existence
8764 Canonifies host domain names.
8765 Given a host name it calls the name server
8766 to find the canonical name for that host.
8768 Returns the best MX record for a host name given as the key.
8769 The current machine is always preferred \*-
8770 that is, if the current machine is one of the hosts listed as a
8771 lowest-preference MX record, then it will be guaranteed to be returned.
8772 This can be used to find out if this machine is the target for an MX record,
8773 and mail can be accepted on that basis.
8776 flag is given, then all MX names are returned,
8777 separated by the given delimiter.
8779 This map requires the option -R to specify the DNS resource record
8780 type to lookup. The following types are supported:
8781 A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
8782 A map lookup will return only one record.
8783 Hence for some types, e.g., MX records, the return value might be a random
8784 element of the list due to randomizing in the DNS resolver.
8786 The arguments on the `K' line are a list of maps;
8787 the resulting map searches the argument maps in order
8788 until it finds a match for the indicated key.
8789 For example, if the key definition is:
8793 Kseqmap sequence map1 map2
8795 then a lookup against
8797 first does a lookup in map1.
8798 If that is found, it returns immediately.
8799 Otherwise, the same key is used for map2.
8801 the key is logged via
8803 The lookup returns the empty string.
8807 map except that the order of maps is determined by the service switch.
8808 The argument is the name of the service to be looked up;
8809 the values from the service switch are appended to the map name
8810 to create new map names.
8811 For example, consider the key definition:
8815 together with the service switch entry:
8819 This causes a query against the map
8821 to search maps named
8827 Strip double quotes (") from a name.
8828 It does not strip backslashes,
8829 and will not strip quotes if the resulting string
8830 would contain unscannable syntax
8831 (that is, basic errors like unbalanced angle brackets;
8832 more sophisticated errors such as unknown hosts are not checked).
8833 The intent is for use when trying to accept mail from systems such as
8835 that routinely quote odd syntax such as
8839 A typical usage is probably something like:
8845 R$\- $: $(dequote $1 $)
8846 R$\- $+ $: $>3 $1 $2
8848 Care must be taken to prevent unexpected results;
8851 "|someprogram < input > output"
8853 will have quotes stripped,
8854 but the result is probably not what you had in mind.
8855 Fortunately these cases are rare.
8857 The map definition on the
8859 line contains a regular expression.
8860 Any key input is compared to that expression using the
8861 POSIX regular expressions routines regcomp(), regerr(), and regexec().
8862 Refer to the documentation for those routines for more information
8863 about the regular expression matching.
8864 No rewriting of the key is done if the
8866 flag is used. Without it, the key is discarded or if
8868 if used, it is substituted by the substring matches, delimited by
8870 or the string specified with the the
8872 flag. The flags available for the map are
8877 -b basic regular expressions (default is extended)
8879 -d set the delimiter used for -s
8880 -a append string to key
8881 -m match only, do not replace/discard value
8882 -D perform no lookup in deferred delivery mode.
8886 flag can include an optional parameter which can be used
8887 to select the substrings in the result of the lookup. For example,
8896 If the pattern contains spaces, they must be replaced
8897 with the blank substitution character, unless it is
8900 The arguments on the
8902 line are the pathname to a program and any initial parameters to be passed.
8903 When the map is called,
8904 the key is added to the initial parameters
8905 and the program is invoked
8906 as the default user/group id.
8907 The first line of standard output is returned as the value of the lookup.
8908 This has many potential security problems,
8909 and has terrible performance;
8910 it should be used only when absolutely necessary.
8912 Set or clear a macro value.
8914 pass the value as the first argument in the map lookup.
8916 do not pass an argument in the map lookup.
8917 The map always returns the empty string.
8918 Example of typical usage include:
8924 # set macro ${MyMacro} to the ruleset match
8925 R$+ $: $(storage {MyMacro} $@ $1 $) $1
8926 # set macro ${MyMacro} to an empty string
8927 R$* $: $(storage {MyMacro} $@ $) $1
8928 # clear macro ${MyMacro}
8929 R$\- $: $(storage {MyMacro} $) $1
8932 Perform simple arithmetic operations.
8933 The operation is given as key, currently
8935 |, & (bitwise OR, AND),
8936 l (for less than), =,
8937 and r (for random) are supported.
8938 The two operands are given as arguments.
8939 The lookup returns the result of the computation,
8944 for comparisons, integer values otherwise.
8945 The r operator returns a pseudo-random number whose value
8946 lies between the first and second operand
8947 (which requires that the first operand is smaller than the second).
8948 All options which are possible for maps are ignored.
8949 A simple example is:
8956 R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1
8957 RFALSE $# error \&...
8960 The socket map uses a simple request/reply protocol over TCP or UNIX domain
8961 sockets to query an external server.
8962 Both requests and replies are text based and encoded as netstrings,
8963 i.e., a string "hello there" becomes:
8967 Note: neither requests nor replies end with CRLF.
8969 The request consists of the database map name and the lookup key separated
8970 by a space character:
8976 The server responds with a status indicator and the result (if any):
8979 <status> ' ' <result>
8982 The status indicator specifies the result of the lookup operation itself
8983 and is one of the following upper case words:
8986 OK the key was found, result contains the looked up value
8987 NOTFOUND the key was not found, the result is empty
8988 TEMP a temporary failure occured
8989 TIMEOUT a timeout occured on the server side
8990 PERM a permanent failure occured
8993 In case of errors (status TEMP, TIMEOUT or PERM) the result field may
8994 contain an explanatory message.
8995 However, the explanatory message is not used any further by
9000 31:OK resolved.address@example.com,
9004 56:OK error:550 5.7.1 User does not accept mail from sender,
9007 in case of successful lookups, or:
9012 in case the key was not found, or:
9014 55:TEMP this text explains that we had a temporary failure,
9017 in case of a temporary map lookup failure.
9019 The socket map uses the same syntax as milters
9020 (see Section "X \*- Mail Filter (Milter) Definitions")
9021 to specify the remote endpoint, e.g.,
9023 Ksocket mySocketMap inet:12345@127.0.0.1
9026 If multiple socket maps define the same remote endpoint, they will share
9027 a single connection to this endpoint.
9029 Most of these accept as arguments the same optional flags
9031 (or a mapname for NIS;
9032 the filename is the root of the database path,
9035 or some other extension appropriate for the database type
9036 will be added to get the actual database name).
9039 Indicates that this map is optional \*- that is,
9040 if it cannot be opened,
9041 no error is produced,
9044 will behave as if the map existed but was empty.
9052 uses an adaptive algorithm to decide whether or not to look for null bytes
9054 It starts by trying both;
9055 if it finds any key with a null byte it never tries again without a null byte
9059 is specified it never tries without a null byte and
9062 is specified it never tries with a null byte.
9064 these can speed matches but are never necessary.
9071 will never try any matches at all \(em
9072 that is, everything will appear to fail.
9076 on successful matches.
9077 For example, the default
9079 map appends a dot on successful matches.
9083 on temporary failures.
9086 would be appended if a DNS lookup returned
9088 or an NIS lookup could not locate a server.
9093 Do not fold upper to lower case before looking up the key.
9095 Match only (without replacing the value).
9096 If you only care about the existence of a key and not the value
9097 (as you might when searching the NIS map
9100 this flag prevents the map from substituting the value.
9102 The \-a argument is still appended on a match,
9103 and the default is still taken if the match fails.
9104 .ip "\-k\fIkeycol\fP"
9105 The key column name (for NIS+) or number
9107 For LDAP maps this is an LDAP filter string
9108 in which %s is replaced with the literal contents of the lookup key
9109 and %0 is replaced with the LDAP escaped contents of the lookup key
9110 according to RFC 2254.
9113 is used, then %1 through %9 are replaced with the LDAP escaped contents
9114 of the arguments specified in the map lookup.
9115 .ip "\-v\fIvalcol\fP"
9116 The value column name (for NIS+) or number
9118 For LDAP maps this is the name of one or more
9119 attributes to be returned;
9120 multiple attributes can be separated by commas.
9121 If not specified, all attributes found in the match
9123 The attributes listed can also include a type and one or more
9124 objectClass values for matching as described in the LDAP section.
9125 .ip "\-z\fIdelim\fP"
9126 The column delimiter (for text lookups).
9127 It can be a single character or one of the special strings
9131 to indicate newline or tab respectively.
9132 If omitted entirely,
9133 the column separator is any sequence of white space.
9134 For LDAP maps this is the separator character
9135 to combine multiple values
9136 into a single return string.
9138 the LDAP lookup will only return the first match found.
9139 For DNS maps this is the separator character at which
9140 the result of a query is cut off if is too long.
9142 Normally, when a map attempts to do a lookup
9143 and the server fails
9146 couldn't contact any name server;
9149 the same as an entry not being found in the map),
9150 the message being processed is queued for future processing.
9153 flag turns off this behavior,
9154 letting the temporary failure (server down)
9155 act as though it were a permanent failure (entry not found).
9156 It is particularly useful for DNS lookups,
9157 where someone else's misconfigured name server can cause problems
9159 However, care must be taken to ensure that you don't bounce mail
9160 that would be resolved correctly if you tried again.
9161 A common strategy is to forward such mail
9162 to another, possibly better connected, mail server.
9164 Perform no lookup in deferred delivery mode.
9165 This flag is set by default for the
9168 .ip "\-S\fIspacesub\fP
9169 The character to use to replace space characters
9170 after a successful map lookup (esp. useful for regex
9172 .ip "\-s\fIspacesub\fP
9173 For the dequote map only,
9174 the character to use to replace space characters
9175 after a successful dequote.
9177 Don't dequote the key before lookup.
9179 For the syslog map only, it specifies the level
9180 to use for the syslog call.
9182 When rebuilding an alias file,
9185 flag causes duplicate entries in the text version
9187 For example, two entries:
9192 would be treated as though it were the single entry
9194 list: user1, user2, user3
9196 in the presence of the
9200 Some additional flags are available for the host and dns maps:
9202 delay: specify the resolver's retransmission time interval (in seconds).
9204 retry: specify the number of times to retransmit a resolver query.
9206 The dns map has another flag:
9208 basedomain: specify a domain that is always appended to queries.
9210 The following additional flags are present in the ldap map only:
9212 Do not auto chase referrals. sendmail must be compiled with
9213 .b \-DLDAP_REFERRALS
9216 Retrieve attribute names only.
9218 Retrieve both attributes name and value(s),
9221 .ip "\-r\fIderef\fP"
9222 Set the alias dereference option to one of never, always, search, or find.
9223 .ip "\-s\fIscope\fP"
9224 Set search scope to one of base, one (one level), or sub (subtree).
9226 LDAP server hostname.
9227 Some LDAP libraries allow you to specify multiple, space-separated hosts for
9229 In addition, each of the hosts listed can be followed by a colon and a port
9230 number to override the default LDAP port.
9233 .ip "\-H \fILDAPURI\fP"
9234 Use the specified LDAP URI instead of specifying the hostname and port
9235 separately with the the
9239 options shown above.
9242 -h server.example.com -p 389 -b dc=example,dc=com
9246 -H ldap://server.example.com:389 -b dc=example,dc=com
9248 If the LDAP library supports it,
9249 the LDAP URI format however can also request LDAP over SSL by using
9255 O LDAPDefaultSpec=-H ldaps://ldap.example.com -b dc=example,dc=com
9257 Similarly, if the LDAP library supports it,
9258 It can also be used to specify a UNIX domain socket using
9261 O LDAPDefaultSpec=-H ldapi://socketfile -b dc=example,dc=com
9265 .ip "\-l\fItimelimit\fP"
9266 Time limit for LDAP queries.
9267 .ip "\-Z\fIsizelimit\fP"
9268 Size (number of matches) limit for LDAP or DNS queries.
9269 .ip "\-d\fIdistinguished_name\fP"
9270 The distinguished name to use to login to the LDAP server.
9271 .ip "\-M\fImethod\fP"
9272 The method to authenticate to the LDAP server.
9275 .b LDAP_AUTH_SIMPLE ,
9277 .b LDAP_AUTH_KRBV4 .
9278 .ip "\-P\fIpasswordfile\fP"
9279 The file containing the secret key for the
9281 authentication method
9282 or the name of the Kerberos ticket file for
9283 .b LDAP_AUTH_KRBV4 .
9285 Force LDAP searches to only succeed if a single match is found.
9286 If multiple values are found,
9287 the search is treated as if no match was found.
9288 .ip "\-w\fIversion\fP"
9289 Set the LDAP API/protocol version to use.
9290 The default depends on the LDAP client libraries in use.
9295 to use LDAPv3 when communicating with the LDAP server.
9297 Treat the LDAP search key as multi-argument and
9298 replace %1 through %9 in the key with
9299 the LDAP escaped contents of the lookup arguments specified in the map lookup.
9303 map appends the strings
9307 to the given filename;
9314 For example, the map specification
9316 Kuucp dbm \-o \-N /etc/mail/uucpmap
9318 specifies an optional map named
9322 it always has null bytes at the end of every string,
9323 and the data is located in
9324 /etc/mail/uucpmap.{dir,pag}.
9328 can be used to build any of the three database-oriented maps.
9329 It takes the following flags:
9331 Do not fold upper to lower case in the map.
9333 Include null bytes in keys.
9335 Append to an existing (old) file.
9337 Allow replacement of existing keys;
9338 normally, re-inserting an existing key is an error.
9340 Print what is happening.
9344 daemon does not have to be restarted to read the new maps
9345 as long as you change them in place;
9346 file locking is used so that the maps won't be read
9347 while they are being updated.
9349 New classes can be added in the routine
9353 .sh 2 "Q \*- Queue Group Declaration"
9355 In addition to the option
9357 queue groups can be declared that define a (group of) queue directories
9358 under a common name.
9359 The syntax is as follows:
9369 is the symbolic name of the queue group under which
9370 it can be referenced in various places
9373 pairs define attributes of the queue group.
9374 The name must only consist of alphanumeric characters.
9377 Flags for this queue group.
9379 The nice(2) increment for the queue group.
9380 This value must be greater or equal zero.
9382 The time between two queue runs.
9384 The queue directory of the group (required).
9386 The number of parallel runners processing the queue.
9389 must be set if this value is greater than one.
9391 The maximum number of jobs (messages delivered) per queue run.
9393 The maximum number of recipients per envelope.
9394 Envelopes with more than this number of recipients will be split
9395 into multiple envelopes in the same queue directory.
9396 The default value 0 means no limit.
9398 Only the first character of the field name is checked.
9400 By default, a queue group named
9402 is defined that uses the value of the
9405 Notice: all paths that are used for queue groups must
9406 be subdirectories of
9408 Since they can be symbolic links, this isn't a real restriction,
9411 uses a wildcard, then the directory one level up is considered
9412 the ``base'' directory which all other queue directories must share.
9413 Please make sure that the queue directories do not overlap,
9414 e.g., do not specify
9416 O QueueDirectory=/var/spool/mqueue/*
9417 Qone, P=/var/spool/mqueue/dir1
9418 Qtwo, P=/var/spool/mqueue/dir2
9420 because this also includes
9424 in the default queue group.
9427 O QueueDirectory=/var/spool/mqueue/main*
9428 Qone, P=/var/spool/mqueue/dir
9429 Qtwo, P=/var/spool/mqueue/other*
9431 is a valid queue group specification.
9433 Options listed in the ``Flags'' field can be used to modify
9434 the behavior of a queue group.
9435 The ``f'' flag must be set if multiple queue runners are
9436 supposed to work on the entries in a queue group.
9439 will work on the entries strictly sequentially.
9441 The ``Interval'' field sets the time between queue runs.
9442 If no queue group specific interval is set, then the parameter of the
9444 option from the command line is used.
9446 To control the overall number of concurrently active queue runners
9450 This limits the number of processes used for running the queues to
9451 .b MaxQueueChildren ,
9452 though at any one time fewer processes may be active
9453 as a result of queue options, completed queue runs, system load, etc.
9455 The maximum number of queue runners for an individual queue group can be
9459 If set to 0, entries in the queue will not be processed, which
9460 is useful to ``quarantine'' queue files.
9461 The number of runners per queue group may also be set with the option
9462 .b MaxRunnersPerQueue ,
9463 which applies to queue groups that have no individual limit.
9464 That is, the default value for
9467 .b MaxRunnersPerQueue
9468 if set, otherwise 1.
9470 The field Jobs describes the maximum number of jobs
9471 (messages delivered) per queue run, which is the queue group specific
9473 .b MaxQueueRunSize .
9475 Notice: queue groups should be declared after all queue related options
9476 have been set because queue groups take their defaults from those options.
9477 If an option is set after a queue group declaration, the values of
9478 options in the queue group are set to the defaults of
9480 unless explicitly set in the declaration.
9482 Each envelope is assigned to a queue group based on the algorithm
9483 described in section
9484 ``Queue Groups and Queue Directories''.
9485 .sh 2 "X \*- Mail Filter (Milter) Definitions"
9489 Mail Filter API (Milter) is designed to allow third-party programs access
9490 to mail messages as they are being processed in order to filter
9491 meta-information and content.
9492 They are declared in the configuration file as:
9502 is the name of the filter
9503 (used internally only)
9506 pairs define attributes of the filter.
9507 Also see the documentation for the
9509 option for more information.
9514 Socket The socket specification
9515 Flags Special flags for this filter
9516 Timeouts Timeouts for this filter
9518 Only the first character of the field name is checked
9519 (it's case-sensitive).
9521 The socket specification is one of the following forms:
9544 The first two describe an IPv4 or IPv6 socket listening on a certain
9549 The final form describes a named socket on the filesystem at the given
9552 The following flags may be set in the filter description.
9555 Reject connection if filter unavailable.
9557 Temporary fail connection if filter unavailable.
9559 If neither F=R nor F=T is specified, the message is passed through
9561 in case of filter errors as if the failing filters were not present.
9563 The timeouts can be set using the four fields inside of the
9568 Timeout for connecting to a filter.
9569 If set to 0, the system's
9571 timeout will be used.
9573 Timeout for sending information from the MTA to a filter.
9575 Timeout for reading reply from the filter.
9577 Overall timeout between sending end-of-message to filter and waiting for
9578 the final acknowledgment.
9580 Note the separator between each timeout field is a
9582 The default values (if not set) are:
9583 .b T=C:5m;S:10s;R:10s;E:5m
9592 Xfilter1, S=local:/var/run/f1.sock, F=R
9593 Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m
9594 Xfilter3, S=inet:3333@localhost, T=C:2m
9596 .sh 2 "The User Database"
9598 The user database is deprecated in favor of ``virtusertable''
9599 and ``genericstable'' as explained in the file
9601 If you have a version of
9603 with the user database package
9605 the handling of sender and recipient addresses
9608 The location of this database is controlled with the
9611 .sh 3 "Structure of the user database"
9613 The database is a sorted (BTree-based) structure.
9614 User records are stored with the key:
9616 \fIuser-name\fP\fB:\fP\fIfield-name\fP
9618 The sorted database format ensures that user records are clustered together.
9619 Meta-information is always stored with a leading colon.
9621 Field names define both the syntax and semantics of the value.
9622 Defined fields include:
9625 The delivery address for this user.
9626 There may be multiple values of this record.
9628 mailing lists will have one
9630 record for each user on the list.
9632 The outgoing mailname for this user.
9633 For each outgoing name,
9634 there should be an appropriate
9636 record for that name to allow return mail.
9638 .i :default:mailname .
9640 Changes any mail sent to this address to have the indicated envelope sender.
9641 This is intended for mailing lists,
9642 and will normally be the name of an appropriate -request address.
9643 It is very similar to the owner-\c
9645 syntax in the alias file.
9647 The full name of the user.
9649 The office address for this user.
9651 The office phone number for this user.
9653 The office FAX number for this user.
9655 The home address for this user.
9657 The home phone number for this user.
9659 The home FAX number for this user.
9661 A (short) description of the project this person is affiliated with.
9662 In the University this is often just the name of their graduate advisor.
9664 A pointer to a file from which plan information can be gathered.
9667 only a few of these fields are actually being used by
9674 program that uses the other fields is planned.
9675 .sh 3 "User database semantics"
9677 When the rewriting rules submit an address to the local mailer,
9678 the user name is passed through the alias file.
9679 If no alias is found (or if the alias points back to the same address),
9683 is then used as a key in the user database.
9684 If no match occurs (or if the maildrop points at the same address),
9685 forwarding is tried.
9687 If the first token of the user name returned by ruleset 0
9690 sign, the user database lookup is skipped.
9691 The intent is that the user database will act as a set of defaults
9692 for a cluster (in our case, the Computer Science Division);
9693 mail sent to a specific machine should ignore these defaults.
9696 the name of the sending user is looked up in the database.
9700 the value of that record is used as their outgoing name.
9701 For example, I might have a record:
9703 eric:mailname Eric.Allman@CS.Berkeley.EDU
9705 This would cause my outgoing mail to be sent as Eric.Allman.
9709 is found for the user,
9710 but no corresponding
9714 .q :default:mailname
9716 If present, this is the name of a host to override the local host.
9717 For example, in our case we would set it to
9718 .q CS.Berkeley.EDU .
9719 The effect is that anyone known in the database
9720 gets their outgoing mail stamped as
9721 .q user@CS.Berkeley.EDU ,
9722 but people not listed in the database use the local hostname.
9723 .sh 3 "Creating the database\**"
9725 \**These instructions are known to be incomplete.
9726 Other features are available which provide similar functionality,
9727 e.g., virtual hosting and mapping local addresses into a
9728 generic form as explained in cf/README.
9731 The user database is built from a text file
9735 (in the distribution in the makemap subdirectory).
9736 The text file is a series of lines corresponding to userdb records;
9737 each line has a key and a value separated by white space.
9738 The key is always in the format described above \*-
9743 This file is normally installed in a system directory;
9744 for example, it might be called
9745 .i /etc/mail/userdb .
9746 To make the database version of the map, run the program:
9748 makemap btree /etc/mail/userdb < /etc/mail/userdb
9750 Then create a config file that uses this.
9751 For example, using the V8 M4 configuration, include the
9752 following line in your .mc file:
9754 define(\`confUSERDB_SPEC\', /etc/mail/userdb)
9756 .sh 1 "OTHER CONFIGURATION"
9758 There are some configuration changes that can be made by
9761 This section describes what changes can be made
9762 and what has to be modified to make them.
9763 In most cases this should be unnecessary
9764 unless you are porting
9766 to a new environment.
9767 .sh 2 "Parameters in devtools/OS/$oscf"
9769 These parameters are intended to describe the compilation environment,
9771 and should normally be defined in the operating system
9773 .b "This section needs a complete rewrite."
9776 the new version of the DBM library
9777 that allows multiple databases will be used.
9778 If neither NDBM nor NEWDB are set,
9779 a much less efficient method of alias lookup is used.
9781 If set, use the new database package from Berkeley (from 4.4BSD).
9782 This package is substantially faster than DBM or NDBM.
9783 If NEWDB and NDBM are both set,
9785 will read DBM files,
9786 but will create and use NEWDB files.
9788 Include support for NIS.
9789 If set together with
9793 will create both DBM and NEWDB files if and only if
9794 an alias file includes the substring
9797 This is intended for compatibility with Sun Microsystems'
9799 program used on YP masters.
9801 Compile in support for NIS+.
9803 Compile in support for NetInfo (NeXT stations).
9805 Compile in support for LDAP X500 queries.
9806 Requires libldap and liblber
9807 from the Umich LDAP 3.2 or 3.3 release
9808 or equivalent libraries for other LDAP libraries
9811 Compile in support for Hesiod.
9813 Compile in support for IRIX NSD lookups.
9815 Compile in support for regular expression matching.
9817 Compile in support for DNS map lookups in the
9821 Compile in support for ph lookups.
9823 Compile in support for SASL,
9824 a required component for SMTP Authentication support.
9826 Compile in support for STARTTLS.
9828 Compile in support for the "Entropy Gathering Daemon"
9829 to provide better random data for TLS.
9831 Compile in support for TCP Wrappers.
9832 .ip _PATH_SENDMAILCF
9833 The pathname of the sendmail.cf file.
9834 .ip _PATH_SENDMAILPID
9835 The pathname of the sendmail.pid file.
9837 Compile in support for shared memory, see section about
9838 "/var/spool/mqueue".
9840 Compile in support for contacting external mail filters built with the
9843 There are also several compilation flags to indicate the environment
9848 See the sendmail/README
9849 file for the latest scoop on these flags.
9850 .sh 2 "Parameters in sendmail/conf.h"
9852 Parameters and compilation options
9853 are defined in conf.h.
9854 Most of these need not normally be tweaked;
9855 common parameters are all in sendmail.cf.
9856 However, the sizes of certain primitive vectors, etc.,
9857 are included in this file.
9858 The numbers following the parameters
9859 are their default value.
9861 This document is not the best source of information
9862 for compilation flags in conf.h \(em
9863 see sendmail/README or sendmail/conf.h itself.
9865 .ip "MAXLINE [2048]"
9866 The maximum line length of any input line.
9867 If message lines exceed this length
9868 they will still be processed correctly;
9869 however, header lines,
9870 configuration file lines,
9873 must fit within this limit.
9875 The maximum length of any name,
9876 such as a host or a user name.
9878 The maximum number of parameters to any mailer.
9879 This limits the number of recipients that may be passed in one transaction.
9880 It can be set to any arbitrary number above about 10,
9883 will break up a delivery into smaller batches as needed.
9884 A higher number may reduce load on your system, however.
9885 .ip "MAXQUEUEGROUPS [50]"
9886 The maximum number of queue groups.
9887 .ip "MAXATOM [1000]"
9888 The maximum number of atoms
9890 in a single address.
9893 .q "eric@CS.Berkeley.EDU"
9895 .ip "MAXMAILERS [25]"
9896 The maximum number of mailers that may be defined
9897 in the configuration file.
9898 This value is defined in include/sendmail/sendmail.h.
9899 .ip "MAXRWSETS [200]"
9900 The maximum number of rewriting sets
9901 that may be defined.
9902 The first half of these are reserved for numeric specification
9904 while the upper half are reserved for auto-numbering
9906 Thus, with a value of 200 an attempt to use ``S99'' will succeed,
9907 but ``S100'' will fail.
9908 .ip "MAXPRIORITIES [25]"
9909 The maximum number of values for the
9911 field that may be defined
9914 line in sendmail.cf).
9915 .ip "MAXUSERENVIRON [100]"
9916 The maximum number of items in the user environment
9917 that will be passed to subordinate mailers.
9918 .ip "MAXMXHOSTS [100]"
9919 The maximum number of MX records we will accept for any single host.
9920 .ip "MAXMAPSTACK [12]"
9921 The maximum number of maps that may be "stacked" in a
9924 .ip "MAXMIMEARGS [20]"
9925 The maximum number of arguments in a MIME Content-Type: header;
9926 additional arguments will be ignored.
9927 .ip "MAXMIMENESTING [20]"
9928 The maximum depth to which MIME messages may be nested
9929 (that is, nested Message or Multipart documents;
9930 this does not limit the number of components in a single Multipart document).
9931 .ip "MAXDAEMONS [10]"
9932 The maximum number of sockets sendmail will open for accepting connections
9934 .ip "MAXMACNAMELEN [25]"
9935 The maximum length of a macro name.
9937 A number of other compilation options exist.
9938 These specify whether or not specific code should be compiled in.
9939 Ones marked with \(dg
9944 support for Internet protocol networking is compiled in.
9945 Previous versions of
9949 this old usage is now incorrect.
9951 turn it off in the Makefile
9952 if your system doesn't support the Internet protocols.
9955 support for IPv6 networking is compiled in.
9956 It must be separately enabled by adding
9957 .b DaemonPortOptions
9961 support for ISO protocol networking is compiled in
9962 (it may be appropriate to #define this in the Makefile instead of conf.h).
9965 support for UNIX domain sockets is compiled in.
9966 This is used for control socket support.
9971 routine in use at some sites is used.
9972 This makes an informational log record
9973 for each message processed,
9974 and makes a higher priority log record
9975 for internal system errors.
9976 .b "STRONGLY RECOMMENDED"
9977 \(em if you want no logging, turn it off in the configuration file.
9979 Compile in the code to do ``fuzzy matching'' on the GECOS field
9981 This also requires that the
9983 option be turned on.
9985 Compile in code to use the
9986 Berkeley Internet Name Domain (BIND) server
9987 to resolve TCP/IP host names.
9989 If you are using a non-UNIX mail format,
9990 you can set this flag to turn off special processing
9997 Berkeley user information database package.
9998 This adds a new level of local name expansion
9999 between aliasing and forwarding.
10000 It also uses the NEWDB package.
10001 This may change in future releases.
10003 The following options are normally turned on
10004 in per-operating-system clauses in conf.h.
10006 Compile in the IDENT protocol as defined in RFC 1413.
10007 This defaults on for all systems except Ultrix,
10008 which apparently has the interesting
10010 that when it receives a
10011 .q "host unreachable"
10012 message it closes all open connections to that host.
10013 Since some firewall gateways send this error code
10014 when you access an unauthorized port (such as 113, used by IDENT),
10015 Ultrix cannot receive email from such hosts.
10017 Set all of the compilation parameters appropriate for System V.
10021 instead of System V
10023 to do file locking.
10024 Due to the highly unusual semantics of locks
10027 this should always be used if at all possible.
10029 Set this if your system has the
10032 (if you have multiple group support).
10033 This is the default if SYSTEM5 is
10035 defined or if you are on HPUX.
10037 Set this if you have the
10039 system call (or corresponding library routine).
10043 .ip HASGETDTABLESIZE
10044 Set this if you have the
10045 .i getdtablesize (2)
10048 Set this if you have the
10051 .ip FAST_PID_RECYCLE
10052 Set this if your system can possibly
10053 reuse the same pid in the same second of time.
10055 The mechanism that can be used to get file system capacity information.
10056 The values can be one of
10057 SFS_USTAT (use the ustat(2) syscall),
10058 SFS_4ARGS (use the four argument statfs(2) syscall),
10059 SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>),
10060 SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>),
10061 SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>),
10062 SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>),
10064 SFS_NONE (no way to get this information).
10066 The load average type.
10067 Details are described below.
10069 The are several built-in ways of computing the load average.
10071 tries to auto-configure them based on imperfect guesses;
10072 you can select one using the
10081 The kernel stores the load average in the kernel as an array of long integers.
10082 The actual values are scaled by a factor FSCALE
10085 The kernel stores the load average in the kernel as an array of short integers.
10086 The actual values are scaled by a factor FSCALE
10089 The kernel stores the load average in the kernel as an array of
10090 double precision floats.
10092 Use MACH-style load averages.
10096 routine to get the load average as an array of doubles.
10098 Always return zero as the load average.
10099 This is the fallback case.
10107 you may also need to specify
10109 (the path to your system binary)
10112 (the name of the variable containing the load average in the kernel;
10117 .sh 2 "Configuration in sendmail/conf.c"
10119 The following changes can be made in conf.c.
10120 .sh 3 "Built-in Header Semantics"
10122 Not all header semantics are defined in the configuration file.
10123 Header lines that should only be included by certain mailers
10124 (as well as other more obscure semantics)
10125 must be specified in the
10129 This table contains the header name
10130 (which should be in all lower case)
10131 and a set of header control flags (described below),
10134 Normally when the check is made to see if a header line is compatible
10137 will not delete an existing line.
10138 If this flag is set,
10141 even existing header lines.
10143 if this bit is set and the mailer does not have flag bits set
10144 that intersect with the required mailer flags
10145 in the header definition in
10151 If this header field is set,
10152 treat it like a blank line,
10154 it will signal the end of the header
10155 and the beginning of the message text.
10157 Add this header entry
10158 even if one existed in the message before.
10159 If a header entry does not have this bit set,
10161 will not add another header line if a header line
10162 of this name already existed.
10163 This would normally be used to stamp the message
10164 by everyone who handled it.
10167 this is a timestamp
10170 If the number of trace fields in a message
10171 exceeds a preset amount
10172 the message is returned
10173 on the assumption that it has an aliasing loop.
10176 this field contains recipient addresses.
10177 This is used by the
10179 flag to determine who to send to
10180 when it is collecting recipients from the message.
10182 This flag indicates that this field
10183 specifies a sender.
10184 The order of these fields in the
10189 for which field to return error messages to.
10191 Addresses in this header should receive error messages.
10193 This header is a Content-Transfer-Encoding header.
10195 This header is a Content-Type header.
10197 Strip the value from the header (for Bcc:).
10200 Let's look at a sample
10204 .ta 4n +\w'"content-transfer-encoding", 'u
10205 struct hdrinfo HdrInfo[] =
10207 /* originator fields, most to least significant */
10208 "resent-sender", H_FROM,
10209 "resent-from", H_FROM,
10212 "full-name", H_ACHECK,
10213 "errors-to", H_FROM\^|\^H_ERRORSTO,
10214 /* destination fields */
10216 "resent-to", H_RCPT,
10218 "bcc", H_RCPT\^|\^H_STRIPVAL,
10219 /* message identification and control */
10223 "received", H_TRACE\^|\^H_FORCE,
10224 /* miscellaneous fields */
10225 "content-transfer-encoding", H_CTE,
10226 "content-type", H_CTYPE,
10231 This structure indicates that the
10237 all specify recipient addresses.
10240 field will be deleted unless the required mailer flag
10241 (indicated in the configuration file)
10247 fields will terminate the header;
10248 these are used by random dissenters around the network world.
10251 field will always be added,
10252 and can be used to trace messages.
10254 There are a number of important points here.
10256 header fields are not added automatically just because they are in the
10259 they must be specified in the configuration file
10260 in order to be added to the message.
10261 Any header fields mentioned in the configuration file but not
10264 structure have default processing performed;
10266 they are added unless they were in the message already.
10270 structure only specifies cliched processing;
10271 certain headers are processed specially by ad hoc code
10272 regardless of the status specified in
10279 fields are always scanned on ARPANET mail
10280 to determine the sender\**;
10282 \**Actually, this is no longer true in SMTP;
10283 this information is contained in the envelope.
10284 The older ARPANET protocols did not completely distinguish
10285 envelope from header.
10287 this is used to perform the
10288 .q "return to sender"
10294 fields are used to determine the full name of the sender
10296 this is stored in the macro
10298 and used in a number of ways.
10299 .sh 3 "Restricting Use of Email"
10301 If it is necessary to restrict mail through a relay,
10304 routine can be modified.
10305 This routine is called for every recipient address.
10306 It returns an exit status
10307 indicating the status of the message.
10310 accepts the address,
10312 queues the message for a later try,
10315 .sm EX_UNAVAILABLE )
10316 reject the message.
10319 to print an error message
10322 if the message is rejected.
10329 .ta 4n +4n +4n +4n +4n +4n +4n
10332 register ADDRESS *to;
10333 register ENVELOPE *e;
10337 s = stab("private", ST_MAILER, ST_FIND);
10338 if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
10339 to->q_mailer == s->s_mailer)
10341 usrerr("No private net mail allowed through this machine");
10342 return (EX_UNAVAILABLE);
10344 if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
10346 usrerr("Message too large for non-local delivery");
10347 e\->e_flags |= EF_NORETURN;
10348 return (EX_UNAVAILABLE);
10354 This would reject messages greater than 50000 bytes
10355 unless they were local.
10360 to suppress the return of the actual body
10361 of the message in the error return.
10362 The actual use of this routine is highly dependent on the
10364 and use should be limited.
10365 .sh 3 "New Database Map Classes"
10367 New key maps can be added by creating a class initialization function
10368 and a lookup function.
10369 These are then added to the routine
10372 The initialization function is called as
10374 \fIxxx\fP_map_init(MAP *map, char *args)
10378 is an internal data structure.
10381 is a pointer to the portion of the configuration file line
10382 following the map class name;
10383 flags and filenames can be extracted from this line.
10384 The initialization function must return
10386 if it successfully opened the map,
10390 The lookup function is called as
10392 \fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp)
10396 defines the map internally.
10400 This may be (and often is) used destructively.
10403 is a list of arguments passed in from the rewrite line.
10404 The lookup function should return a pointer to the new value.
10405 If the map lookup fails,
10407 should be set to an exit status code;
10408 in particular, it should be set to
10410 if recovery is to be attempted by the higher level code.
10411 .sh 3 "Queueing Function"
10415 is called to decide if a message should be queued
10416 or processed immediately.
10417 Typically this compares the message priority to the current load average.
10418 The default definition is:
10421 shouldqueue(pri, ctime)
10425 if (CurrentLA < QueueLA)
10427 return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
10430 If the current load average
10433 which is set before this function is called)
10434 is less than the low threshold load average
10443 (that is, it should
10446 If the current load average exceeds the high threshold load average
10455 Otherwise, it computes the function based on the message priority,
10461 and the current and threshold load averages.
10463 An implementation wishing to take the actual age of the message into account
10467 which is the time that the message was first submitted to
10471 parameter is already weighted
10472 by the number of times the message has been tried
10473 (although this tends to lower the priority of the message with time);
10474 the expectation is that the
10476 would be used as an
10478 to ensure that messages are eventually processed.
10479 .sh 3 "Refusing Incoming SMTP Connections"
10482 .i refuseconnections
10485 if incoming SMTP connections should be refused.
10486 The current implementation is based exclusively on the current load average
10487 and the refuse load average option
10494 refuseconnections()
10496 return (RefuseLA > 0 && CurrentLA >= RefuseLA);
10499 A more clever implementation
10500 could look at more system resources.
10501 .sh 3 "Load Average Computation"
10505 returns the current load average (as a rounded integer).
10506 The distribution includes several possible implementations.
10507 If you are porting to a new environment
10508 you may need to add some new tweaks.\**
10510 \**If you do, please send updates to
10511 sendmail@Sendmail.ORG.
10513 .sh 2 "Configuration in sendmail/daemon.c"
10516 .i sendmail/daemon.c
10517 contains a number of routines that are dependent
10518 on the local networking environment.
10519 The version supplied assumes you have BSD style sockets.
10521 In previous releases,
10522 we recommended that you modify the routine
10524 if you wanted to generalize
10529 We now recommend that you create a new keyed map instead.
10532 In this section we assume that
10534 has been compiled with support for LDAP.
10535 .sh 3 "LDAP Recursion"
10537 LDAP Recursion allows you to add types to the search attributes on an
10538 LDAP map specification.
10540 .ip "\-v \fIATTRIBUTE\fP[:\fITYPE\fP[:\fIOBJECTCLASS\fP[|\fIOBJECTCLASS\fP|...]]]
10542 The new \fITYPE\fPs are:
10545 This attribute type specifies the attribute to add to the results string.
10546 This is the default.
10548 Any matches for this attribute are expected to have a value of a
10549 fully qualified distinguished name.
10551 will lookup that DN and apply the attributes requested to the
10552 returned DN record.
10554 Any matches for this attribute are expected to have a value of an
10555 LDAP search filter.
10557 will perform a lookup with the same parameters as the original
10558 search but replaces the search filter with the one specified here.
10560 Any matches for this attribute are expected to have a value of an LDAP URL.
10562 will perform a lookup of that URL and use the results from the attributes
10564 Note however that the search is done using the current LDAP connection,
10565 regardless of what is specified as the scheme, LDAP host, and LDAP
10566 port in the LDAP URL.
10568 Any untyped attributes are considered
10570 attributes as described above.
10572 The optional \fIOBJECTCLASS\fP (| separated) list contains the
10573 objectClass values for which that attribute applies.
10574 If the list is given,
10575 the attribute named will only be used if the LDAP record being returned is a
10576 member of that object class.
10577 Note that if these new value attribute \fITYPE\fPs are used in an
10579 option setting, it will need to be double quoted to prevent
10581 from misparsing the colons.
10583 Note that LDAP recursion attributes which do not ultimately point to an
10584 LDAP record are not considered an error.
10587 Since examples usually help clarify, here is an example which uses all
10588 four of the new types:
10590 O LDAPDefaultSpec=-h ldap.example.com -b dc=example,dc=com
10594 -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=%0))
10595 -v sendmailMTAAliasValue,mail:NORMAL:inetOrgPerson,
10596 uniqueMember:DN:groupOfUniqueNames,
10597 sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,
10598 sendmailMTAAliasURL:URL:sendmailMTAAliasObject
10601 That definition specifies that:
10604 .sm sendmailMTAAliasValue
10605 attribute will be added to the result string regardless of object class.
10609 attribute will be added to the result string if
10610 the LDAP record is a member of the
10616 attribute is a recursive attribute, used only in
10617 .sm groupOfUniqueNames
10618 records, and should contain an LDAP DN pointing to another LDAP record.
10619 The desire here is to return the
10621 attribute from those DNs.
10624 .sm sendmailMTAAliasSearch
10626 .sm sendmailMTAAliasURL
10627 are both used only if referenced in a
10628 .sm sendmailMTAAliasObject .
10629 They are both recursive, the first for a new LDAP search string and the
10630 latter for an LDAP URL.
10633 In this section we assume that
10635 has been compiled with support for STARTTLS.
10636 To properly understand the use of STARTTLS in
10638 it is necessary to understand at least some basics about X.509 certificates
10639 and public key cryptography.
10640 This information can be found in books about SSL/TLS
10641 or on WWW sites, e.g.,
10642 .q http://www.OpenSSL.org/ .
10643 .sh 3 "Certificates for STARTTLS"
10645 When acting as a server,
10647 requires X.509 certificates to support STARTTLS:
10648 one as certificate for the server (ServerCertFile and corresponding
10649 private ServerKeyFile)
10650 at least one root CA (CACertFile),
10651 i.e., a certificate that is used to sign other certificates,
10652 and a path to a directory which contains other CAs (CACertPath).
10653 The file specified via
10655 can contain several certificates of CAs.
10656 The DNs of these certificates are sent
10657 to the client during the TLS handshake (as part of the
10658 CertificateRequest) as the list of acceptable CAs.
10659 However, do not list too many root CAs in that file, otherwise
10660 the TLS handshake may fail; e.g.,
10662 error:14094417:SSL routines:SSL3_READ_BYTES:
10663 sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47
10665 You should probably put only the CA cert into that file
10666 that signed your own cert(s), or at least only those you trust.
10667 The CACertPath directory must contain the hashes of each CA certificate
10668 as filenames (or as links to them).
10669 Symbolic links can be generated with the following
10670 two (Bourne) shell commands:
10672 C=FileName_of_CA_Certificate
10673 ln -s $C `openssl x509 -noout -hash < $C`.0
10675 An X.509 certificate is also required for authentication in client mode
10676 (ClientCertFile and corresponding private ClientKeyFile), however,
10678 will always use STARTTLS when offered by a server.
10679 The client and server certificates can be identical.
10680 Certificates can be obtained from a certificate authority
10681 or created with the help of OpenSSL.
10682 The required format for certificates and private keys is PEM.
10683 To allow for automatic startup of sendmail, private keys
10684 (ServerKeyFile, ClientKeyFile)
10685 must be stored unencrypted.
10686 The keys are only protected by the permissions of the file system.
10687 Never make a private key available to a third party.
10688 .sh 3 "PRNG for STARTTLS"
10690 STARTTLS requires a strong pseudo random number generator (PRNG)
10691 to operate properly.
10692 Depending on the TLS library you use, it may be required to explicitly
10693 initialize the PRNG with random data.
10694 OpenSSL makes use of
10696 if available (this corresponds to the compile flag HASURANDOMDEV).
10697 On systems which lack this support, a random file must be specified in the
10699 file using the option RandFile.
10702 advised to use the "Entropy Gathering Daemon" EGD
10703 from Brian Warner on those systems to provide useful random data.
10706 must be compiled with the flag EGD, and the
10707 RandFile option must point to the EGD socket.
10710 nor EGD are available, you have to make sure
10711 that useful random data is available all the time in RandFile.
10712 If the file hasn't been modified in the last 10 minutes before
10713 it is supposed to be used by
10715 the content is considered obsolete.
10716 One method for generating this file is:
10718 openssl rand -out /etc/mail/randfile -rand \c
10719 .i /path/to/file:... \c
10722 See the OpenSSL documentation for more information.
10723 In this case, the PRNG for TLS is only
10724 seeded with other random data if the
10725 .b DontBlameSendmail
10727 .b InsufficientEntropy
10729 This is most likely not sufficient for certain actions, e.g.,
10730 generation of (temporary) keys.
10732 Please see the OpenSSL documentation or other sources
10733 for further information about certificates, their creation and their usage,
10734 the importance of a good PRNG, and other aspects of TLS.
10735 .sh 2 "Encoding of STARTTLS and AUTH related Macros"
10737 Macros that contain STARTTLS and AUTH related data which comes from outside
10738 sources, e.g., all macros containing information from certificates,
10739 are encoded to avoid problems with non-printable or special characters.
10740 The latter are '\\', '<', '>', '(', ')', '"', '+', and ' '.
10741 All of these characters are replaced by their value in hexadecimal
10742 with a leading '+'.
10745 /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/
10746 Email=darth+cert@endmail.org
10750 /C=US/ST=California/O=endmail.org/OU=private/
10751 CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
10753 (line breaks have been inserted for readability).
10754 The macros which are subject to this encoding are
10755 {cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer},
10757 {auth_authen} and {auth_author}.
10758 .sh 1 "ACKNOWLEDGEMENTS"
10763 and many employers have been remarkably patient
10764 about letting me work on a large project
10765 that was not part of my official job.
10766 This includes time on the INGRES Project at
10767 the University of California at Berkeley,
10769 and again on the Mammoth and Titan Projects at Berkeley.
10771 Much of the second wave of improvements
10772 resulting in version 8.1
10773 should be credited to Bryan Costales of the
10774 International Computer Science Institute.
10775 As he passed me drafts of his book on
10777 I was inspired to start working on things again.
10778 Bryan was also available to bounce ideas off of.
10780 Gregory Neil Shapiro
10781 of Worcester Polytechnic Institute
10782 has become instrumental in all phases of
10784 support and development,
10785 and was largely responsible for getting versions 8.8 and 8.9
10788 Many, many people contributed chunks of code and ideas to
10790 It has proven to be a group network effort.
10791 Version 8 in particular was a group project.
10792 The following people and organizations made notable contributions:
10795 John Beck, Hewlett-Packard & Sun Microsystems
10796 Keith Bostic, CSRG, University of California, Berkeley
10797 Andrew Cheng, Sun Microsystems
10798 Michael J. Corrigan, University of California, San Diego
10799 Bryan Costales, International Computer Science Institute & InfoBeat
10800 Pa\*:r (Pell) Emanuelsson
10801 Craig Everhart, Transarc Corporation
10802 Per Hedeland, Ericsson
10803 Tom Ivar Helbekkmo, Norwegian School of Economics
10804 Kari Hurtta, Finnish Meteorological Institute
10805 Allan E. Johannesen, WPI
10806 Jonathan Kamens, OpenVision Technologies, Inc.
10807 Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd.
10808 Brian Kantor, University of California, San Diego
10809 John Kennedy, Cal State University, Chico
10810 Murray S. Kucherawy, HookUp Communication Corp.
10811 Bruce Lilly, Sony U.S.
10813 Motonori Nakamura, Ritsumeikan University & Kyoto University
10814 John Gardiner Myers, Carnegie Mellon University
10815 Neil Rickert, Northern Illinois University
10816 Gregory Neil Shapiro, WPI
10817 Eric Schnoebelen, Convex Computer Corp.
10818 Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
10819 Randall Winchester, University of Maryland
10820 Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris)
10823 I apologize for anyone I have omitted, misspelled, misattributed, or
10825 At this point, I suspect that at least a hundred people
10826 have contributed code,
10827 and many more have contributed ideas, comments, and encouragement.
10828 I've tried to list them in the RELEASE_NOTES in the distribution directory.
10829 I appreciate their contribution as well.
10831 Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel,
10832 who besides being wonderful guinea pigs and contributors
10833 have also consented to be added to the ``sendmail@Sendmail.ORG'' list
10834 and, by answering the bulk of the questions sent to that list,
10835 have freed me up to do other work.
10837 .+c "COMMAND LINE FLAGS"
10841 Arguments must be presented with flags before addresses.
10844 Select an alternative .cf file which is either
10852 By default the .cf file is chosen based on the operation mode.
10861 if it exists, for all others it is
10864 Set operation mode to
10866 Operation modes are:
10869 m Deliver mail (default)
10870 s Speak SMTP on input side
10871 a\(dg ``Arpanet'' mode (get envelope sender information from header)
10872 d Run as a daemon in background
10873 D Run as a daemon in foreground
10875 v Just verify addresses, don't collect or deliver
10876 i Initialize the alias database
10877 p Print the mail queue
10878 P Print overview over the mail queue (requires shared memory)
10879 h Print the persistent host status database
10880 H Purge expired entries from the persistent host status database
10886 Indicate body type.
10888 Use a different configuration file.
10890 runs as the invoking user (rather than root)
10891 when this flag is specified.
10892 .ip "\-D \fIlogfile\fP"
10893 Send debugging output to the indicated
10897 Set debugging level.
10898 .ip "\-f\ \fIaddr\fP"
10899 The envelope sender address is set to
10901 This address may also be used in the From: header
10902 if that header is missing during initial submission.
10903 The envelope sender address is used as the recipient
10904 for delivery status notifications
10905 and may also appear in a Return-Path: header.
10906 .ip \-F\ \fIname\fP
10907 Sets the full name of this user to
10910 When accepting messages via the command line,
10911 indicate that they are for relay (gateway) submission.
10912 sendmail may complain about syntactically invalid messages,
10913 e.g., unqualified host names,
10914 rather than fixing them when this flag is set.
10915 sendmail will not do any canonicalization in this mode.
10916 .ip "\-h\ \fIcnt\fP"
10921 This represents the number of times this message has been processed
10924 (to the extent that it is supported by the underlying networks).
10926 is incremented during processing,
10931 throws away the message with an error.
10932 .ip "\-L \fItag\fP"
10933 Sets the identifier used for syslog.
10934 Note that this identifier is set
10935 as early as possible.
10940 before the command line arguments
10943 Don't do aliasing or forwarding.
10944 .ip "\-N \fInotifications\fP"
10945 Tag all addresses being sent as wanting the indicated
10947 which consists of the word
10949 or a comma-separated list of
10954 for successful delivery,
10956 and a message that is stuck in a queue somewhere.
10959 .ip "\-r\ \fIaddr\fP"
10960 An obsolete form of
10962 .ip \-o\fIx\|value\fP
10967 These options are described in Section 5.6.
10968 .ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
10973 (for long form option names).
10974 These options are described in Section 5.6.
10975 .ip \-M\fIx\|value\fP
10980 .ip \-p\fIprotocol\fP
10981 Set the sending protocol.
10982 Programs are encouraged to set this.
10983 The protocol field can be in the form
10987 to set both the sending protocol and sending host.
10990 sets the sending protocol to UUCP
10991 and the sending host to uunet.
10992 (Some existing programs use \-oM to set the r and s macros;
10993 this is equivalent to using \-p.)
10995 Try to process the queued up mail.
10996 If the time is given,
10999 will start one or more processes to run through the queue(s) at the specified
11000 time interval to deliver queued mail; otherwise, it only runs once.
11001 Each of these processes acts on a workgroup.
11002 These processes are also known as workgroup processes or WGP's for short.
11003 Each workgroup is responsible for controlling the processing of one or
11004 more queues; workgroups help manage the use of system resources by sendmail.
11005 Each workgroup may have one or more children concurrently processing
11006 queues depending on the setting of \fIMaxQueueChildren\fP.
11008 Similar to \-q with a time argument,
11009 except that instead of periodically starting WGP's
11010 sendmail starts persistent WGP's
11011 that alternate between processing queues and sleeping.
11012 The sleep time is specified by the time argument; it defaults to 1 second,
11013 except that a WGP always sleeps at least 5 seconds if their queues were
11014 empty in the previous run.
11015 Persistent processes are managed by a queue control process (QCP).
11016 The QCP is the parent process of the WGP's.
11017 Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD)
11018 or a special process (named Queue control) (when started without \-bd or \-bD).
11019 If a persistent WGP ceases to be active for some reason
11020 another WGP will be started by the QCP for the same workgroup
11021 in most cases. When a persistent WGP has core dumped, the debug flag
11022 \fIno_persistent_restart\fP is set or the specific persistent WGP has been
11023 restarted too many times already then the WGP will not be started again
11024 and a message will be logged to this effect.
11025 To stop (SIGTERM) or restart (SIGHUP) persistent WGP's the appropriate
11026 signal should be sent to the QCP. The QCP will propagate the signal to all of
11027 the WGP's and if appropriate restart the persistent WGP's.
11029 Run the jobs in the queue group
11032 .ip \-q[!]\fIXstring\fP
11033 Run the queue once,
11034 limiting the jobs to those matching
11040 to limit based on queue identifier,
11042 to limit based on recipient,
11044 to limit based on sender,
11047 to limit based on quarantine reason for quarantined jobs.
11048 A particular queued job is accepted if one of the corresponding attributes
11049 contains the indicated
11051 The optional ! character negates the condition tested.
11054 flags are permitted,
11055 with items with the same key letter
11057 together, and items with different key letters
11061 Quarantine a normal queue items with the given reason or
11062 unquarantine quarantined queue items if no reason is given.
11063 This should only be used with some sort of item matching using
11064 .b \-q[!]\fIXstring\fP
11065 as described above.
11067 What information you want returned if the message bounces;
11071 for headers only or
11073 for headers plus body.
11074 This is a request only;
11075 the other end is not required to honor the parameter.
11078 is specified local bounces also return only the headers.
11080 Read the header for
11085 lines, and send to everyone listed in those lists.
11088 line will be deleted before sending.
11089 Any addresses in the argument vector will be deleted
11090 from the send list.
11094 is passed with the envelope of the message
11095 and returned if the message bounces.
11096 .ip "\-X \fIlogfile\fP"
11097 Log all traffic in and out of
11101 for debugging mailer problems.
11102 This produces a lot of data very quickly and should be used sparingly.
11104 There are a number of options that may be specified as
11106 These are the e, i, m, and v options.
11109 may be specified as the
11112 The DSN related options
11120 .+c "QUEUE FILE FORMATS"
11122 This appendix describes the format of the queue files.
11123 These files live in a queue directory.
11124 The individual qf, hf, Qf, df, and xf files
11125 may be stored in separate
11131 if they are present in the queue directory.
11133 All queue files have the name
11143 The individual letters in the
11160 Encoded envelope number
11162 At least five decimal digits of the process ID
11164 All files with the same id collectively define one message.
11165 Due to the use of memory-buffered files,
11166 some of these files may never appear on disk.
11171 The queue control file.
11172 This file contains the information necessary to process the job.
11174 The same as a queue control file, but for a quarantined queue job.
11177 The message body (excluding the header) is kept in this file.
11178 Sometimes the df file is not stored in the same directory as the qf file;
11180 the qf file contains a `d' record which names the queue directory
11181 that contains the df file.
11184 This is an image of the
11186 file when it is being rebuilt.
11187 It should be renamed to a
11192 existing during the life of a session
11193 showing everything that happens
11194 during that session.
11195 Sometimes the xf file must be generated before a queue group has been selected;
11197 the xf file will be stored in a directory of the default queue group.
11199 A ``lost'' queue control file.
11205 if there is a severe (configuration) problem that cannot be solved without
11206 human intervention.
11207 Search the logfile for the queue file id to figure out what happened.
11208 After you resolved the problem, you can rename the
11214 The queue control file is structured as a series of lines
11215 each beginning with a code letter.
11216 The lines are as follows:
11218 The version number of the queue file format,
11221 binaries to read queue files created by older versions.
11222 Defaults to version zero.
11223 Must be the first line of the file if present.
11224 For 8.12 the version number is 6.
11226 The information given by the AUTH= parameter of the
11229 if sendmail has been called directly.
11231 A header definition.
11232 There may be any number of these lines.
11233 The order is important:
11234 they represent the order in the final message.
11235 These use the same syntax
11236 as header definitions in the configuration file.
11238 The controlling address.
11240 .q localuser:aliasname .
11241 Recipient addresses following this line
11242 will be flagged so that deliveries will be run as the
11244 (a user name from the /etc/passwd file);
11246 is the name of the alias that expanded to this address
11247 (used for printing messages).
11249 The quarantine reason for quarantined queue items.
11251 The ``original recipient'',
11252 specified by the ORCPT= field in an ESMTP transaction.
11253 Used exclusively for Delivery Status Notifications.
11254 It applies only to the following `R' line.
11256 The ``final recipient''
11257 used for Delivery Status Notifications.
11258 It applies only to the following `R' line.
11260 A recipient address.
11261 This will normally be completely aliased,
11262 but is actually realiased when the job is processed.
11263 There will be one line for each recipient.
11265 also include a leading colon-terminated list of flags,
11267 `S' to return a message on successful final delivery,
11268 `F' to return a message on failure,
11269 `D' to return a message if the message is delayed,
11270 `B' to indicate that the body should be returned,
11271 `N' to suppress returning the body,
11273 `P' to declare this as a ``primary'' (command line or SMTP-session) address.
11275 The sender address.
11276 There may only be one of these lines.
11278 The job creation time.
11279 This is used to compute when to time out the job.
11281 The current message priority.
11282 This is used to order the queue.
11283 Higher numbers mean lower priorities.
11284 The priority changes
11285 as the message sits in the queue.
11286 The initial priority depends on the message class
11287 and the size of the message.
11290 This line is printed by the
11293 and is generally used to store status information.
11294 It can contain any text.
11296 Flag bits, represented as one letter per flag.
11297 Defined flag bits are
11299 indicating that this is a response message
11302 indicating that a warning message has been sent
11303 announcing that the mail has been delayed.
11304 Other flag bits are:
11306 the body contains 8bit data,
11308 a Bcc: header should be removed,
11310 the mail has RET parameters (see RFC 1894),
11312 the body of the message should not be returned
11313 in case of an error,
11315 the envelope has been split.
11317 The total number of delivery attempts.
11319 The time (as seconds since January 1, 1970)
11320 of the last delivery attempt.
11322 If the df file is in a different directory than the qf file,
11323 then a `d' record is present,
11324 specifying the directory in which the df file resides.
11326 The i-number of the data file;
11327 this can be used to recover your mail queue
11328 after a disastrous disk crash.
11330 A macro definition.
11331 The values of certain macros
11332 are passed through to the queue run phase.
11335 The remainder of the line is a text string defining the body type.
11336 If this field is missing,
11337 the body type is assumed to be
11339 and no special processing is attempted.
11345 The original envelope id (from the ESMTP transaction).
11346 For Deliver Status Notifications only.
11349 the following is a queue file sent to
11350 .q eric@mammoth.Berkeley.EDU
11352 .q bostic@okeeffe.CS.Berkeley.EDU \**:
11354 \**This example is contrived and probably inaccurate for your environment.
11355 Glance over it to get an idea;
11356 nothing can replace looking at what your own system generates.
11367 Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU
11368 RPFD:eric@mammoth.Berkeley.EDU
11369 RPFD:bostic@okeeffe.CS.Berkeley.EDU
11370 H?P?Return-path: <^g>
11371 H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
11372 Fri, 17 Jul 1992 00:28:55 -0700
11373 H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
11374 id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
11375 H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
11376 id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
11377 H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
11378 id AA22757; Fri, 17 Jul 1992 09:31:25 GMT
11379 H?F?From: eric@foo.bar.baz.de (Eric Allman)
11380 H?x?Full-name: Eric Allman
11381 H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
11382 H??To: sendmail@vangogh.CS.Berkeley.EDU
11383 H??Subject: this is an example message
11386 the person who sent the message,
11387 the submission time
11388 (in seconds since January 1, 1970),
11389 the message priority,
11392 and the headers for the message.
11393 .+c "SUMMARY OF SUPPORT FILES"
11395 This is a summary of the support files
11398 creates or generates.
11399 Many of these can be changed by editing the sendmail.cf file;
11400 check there to find the actual pathnames.
11402 .ip "/usr/\*(SD/sendmail"
11405 .ip /usr/\*(SB/newaliases
11406 A link to /usr/\*(SD/sendmail;
11407 causes the alias database to be rebuilt.
11408 Running this program is completely equivalent to giving
11413 .ip /usr/\*(SB/mailq
11414 Prints a listing of the mail queue.
11415 This program is equivalent to using the
11419 .ip /etc/mail/sendmail.cf
11420 The configuration file,
11422 .ip /etc/mail/helpfile
11423 The SMTP help file.
11424 .ip /etc/mail/statistics
11425 A statistics file; need not be present.
11426 .ip /etc/mail/sendmail.pid
11427 Created in daemon mode;
11428 it contains the process id of the current SMTP daemon.
11429 If you use this in scripts;
11430 use ``head \-1'' to get just the first line;
11431 the second line contains the command line used to invoke the daemon,
11432 and later versions of
11434 may add more information to subsequent lines.
11435 .ip /etc/mail/aliases
11436 The textual version of the alias file.
11437 .ip /etc/mail/aliases.db
11441 .ip /etc/mail/aliases.{pag,dir}
11445 .ip /var/spool/mqueue
11446 The directory in which the mail queue(s)
11447 and temporary files reside.
11448 .ip /var/spool/mqueue/qf*
11449 Control (queue) files for messages.
11450 .ip /var/spool/mqueue/df*
11452 .ip /var/spool/mqueue/tf*
11453 Temporary versions of the qf files,
11454 used during queue file rebuild.
11455 .ip /var/spool/mqueue/xf*
11456 A transcript of the current session.
11463 This page intentionally left blank;
11464 replace it with a blank sheet for double-sided output.
11476 .\"INSTALLATION AND OPERATION GUIDE
11481 .\"Version $Revision: 8.751 $
11489 .\" remove some things to avoid "out of temp file space" problem
11509 This page intentionally left blank;
11510 replace it with a blank sheet for double-sided output.