1 .\" Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
2 .\" All rights reserved.
3 .\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
4 .\" Copyright (c) 1983, 1993
5 .\" The Regents of the University of California. All rights reserved.
7 .\" By using this file, you agree to the terms and conditions set
8 .\" forth in the LICENSE file which can be found at the top level of
9 .\" the sendmail distribution.
12 .\" $Id: op.me,v 8.741 2007/06/22 23:08:59 ca Exp $
14 .\" eqn op.me | pic | troff -me
16 .\" Define \(sc if not defined (for text output)
18 .if !c \(sc .char \(sc S
20 .\" Define \(dg as "*" for text output and create a new .DG macro
21 .\" which describes the symbol.
37 .\" Define \(dd as "#" for text output and create a new .DD macro
38 .\" which describes the symbol.
51 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
52 .oh 'Sendmail Installation and Operation Guide''SMM:08-%'
53 .\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin
55 .\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb
74 .b SENDMAIL\u\s-6TM\s0\d
77 .b "INSTALLATION AND OPERATION GUIDE"
80 This documentation is under modification.
93 .Ve $Revision: 8.741 $
96 For Sendmail Version 8.14
99 Sendmail is a trademark of Sendmail, Inc.
103 .i Sendmail \u\s-2TM\s0\d
104 implements a general purpose internetwork mail routing facility
107 It is not tied to any one transport protocol \*-
108 its function may be likened to a crossbar switch,
109 relaying messages from one domain into another.
111 it can do a limited amount of message header editing
112 to put the message into a format that is appropriate
113 for the receiving domain.
114 All of this is done under the control of a configuration file.
116 Due to the requirements of flexibility
119 the configuration file can seem somewhat unapproachable.
120 However, there are only a few basic configurations
122 for which standard configuration files have been supplied.
123 Most other configurations
124 can be built by adjusting an existing configuration file
129 RFC 821 (Simple Mail Transport Protocol),
130 RFC 822 (Internet Mail Headers Format),
131 RFC 974 (MX routing),
132 RFC 1123 (Internet Host Requirements),
133 RFC 1413 (Identification server),
134 RFC 1652 (SMTP 8BITMIME Extension),
135 RFC 1869 (SMTP Service Extensions),
136 RFC 1870 (SMTP SIZE Extension),
137 RFC 1891 (SMTP Delivery Status Notifications),
138 RFC 1892 (Multipart/Report),
139 RFC 1893 (Enhanced Mail System Status Codes),
140 RFC 1894 (Delivery Status Notifications),
141 RFC 1985 (SMTP Service Extension for Remote Message Queue Starting),
142 RFC 2033 (Local Message Transmission Protocol),
143 RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes),
145 RFC 2476 (Message Submission),
146 RFC 2487 (SMTP Service Extension for Secure SMTP over TLS),
147 RFC 2554 (SMTP Service Extension for Authentication),
148 RFC 2821 (Simple Mail Transfer Protocol),
149 RFC 2822 (Internet Message Format),
150 RFC 2852 (Deliver By SMTP Service Extension),
152 RFC 2920 (SMTP Service Extension for Command Pipelining).
155 is designed to work in a wider world,
156 in many cases it can be configured to exceed these protocols.
157 These cases are described herein.
162 without the need for monitoring,
163 it has a number of features
164 that may be used to monitor or adjust the operation
165 under unusual circumstances.
166 These features are described.
168 Section one describes how to do a basic
172 explains the day-to-day information you should know
173 to maintain your mail system.
174 If you have a relatively normal site,
175 these two sections should contain sufficient information
180 has information regarding the command line arguments.
182 describes some parameters that may be safely tweaked.
184 contains the nitty-gritty information about the configuration
186 This section is for masochists
187 and people who must write their own configuration file.
189 describes configuration that can be done at compile time.
190 The appendixes give a brief
191 but detailed explanation of a number of features
192 not described in the rest of the paper.
194 .sh 1 "BASIC INSTALLATION"
196 There are two basic steps to installing
198 First, you have to compile and install the binary.
201 has already been ported to your operating system
202 that should be simple.
203 Second, you must build a run-time configuration file.
206 reads when it starts up
207 that describes the mailers it knows about,
208 how to parse addresses,
209 how to rewrite the message header,
210 and the settings of various options.
211 Although the configuration file can be quite complex,
212 a configuration can usually be built
213 using an M4-based configuration language.
214 Assuming you have the standard
218 for further information.
220 The remainder of this section will describe the installation of
222 assuming you can use one of the existing configurations
223 and that the standard installation parameters are acceptable.
224 All pathnames and examples
225 are given from the root of the
229 .i /usr/src/usr.\*(SD/sendmail
230 on 4.4BSD-based systems.
232 Continue with the next section if you need/want to compile
235 If you have a running binary already on your system,
236 you should probably skip to section 1.2.
237 .sh 2 "Compiling Sendmail"
252 This will leave the binary in an appropriately named subdirectory,
255 It works for multiple object versions
256 compiled out of the same directory.
257 .sh 3 "Tweaking the Build Invocation"
259 You can give parameters on the
262 In most cases these are only used when the
264 directory is first created.
265 To restart from scratch, use
267 These commands include:
269 .ip "\-L \fIlibdirs\fP"
270 A list of directories to search for libraries.
271 .ip "\-I \fIincdirs\fP"
272 A list of directories to search for include files.
273 .ip "\-E \fIenvar\fP=\fIvalue\fP"
274 Set an environment variable to an indicated
281 .ip "\-f \fIsiteconfig\fP"
282 Read the indicated site configuration file.
283 If this parameter is not specified,
288 .i $BUILDTOOLS/Site/site.$oscf.m4
290 .i $BUILDTOOLS/Site/site.config.m4 ,
291 where $BUILDTOOLS is normally
293 and $oscf is the same name as used on the
296 See below for a description of the site configuration file.
298 Skip auto-configuration.
300 will avoid auto-detecting libraries if this is set.
301 All libraries and map definitions must be specified
302 in the site configuration file.
304 Most other parameters are passed to the
306 program; for details see
307 .i $BUILDTOOLS/README .
308 .sh 3 "Creating a Site Configuration File"
311 (This section is not yet complete.
312 For now, see the file devtools/README for details.)
313 See sendmail/README for various compilation flags that can be set.
314 .sh 3 "Tweaking the Makefile"
316 .\" .b "XXX This should all be in the Site Configuration File section."
318 supports two different formats
319 for the local (on disk) version of databases,
323 At least one of these should be defined if at all possible.
326 The ``new DBM'' format,
327 available on nearly all systems around today.
328 This was the preferred format prior to 4.4BSD.
329 It allows such complex things as multiple databases
330 and closing a currently open database.
332 The Berkeley DB package.
333 If you have this, use it.
336 multiple open databases,
337 real in-memory caching,
339 You can define this in conjunction with
342 old alias databases are read,
343 but when a new database is created it will be in NEWDB format.
345 if you have NEWDB, NDBM, and NIS defined,
346 and if the alias file name includes the substring
349 will create both new and old versions of the alias file
353 This is required because the Sun NIS/YP system
354 reads the DBM version of the alias file.
358 If neither of these are defined,
360 reads the alias file into memory on every invocation.
361 This can be slow and should be avoided.
362 There are also several methods for remote database access:
364 Lightweight Directory Access Protocol.
366 Sun's Network Information Services (formerly YP).
370 NeXT's NetInfo service.
372 Hesiod service (from Athena).
374 Other compilation flags are set in
376 and should be predefined for you
377 unless you are porting to a new environment.
380 .sh 3 "Compilation and installation"
382 After making the local system configuration described above,
383 You should be able to compile and install the system.
386 is the best approach on most systems:
392 to create a custom Makefile for your environment.
394 If you are installing in the standard places,
395 you should be able to install using
399 This should install the binary in
401 and create links from
402 /usr/\*(SB/newaliases
407 On most systems it will also format and install man pages.
408 Notice: as of version 8.12
410 will no longer be installed set-user-ID root by default.
411 If you really want to use the old method, you can specify it as target:
413 \&./Build install-set-user-id
415 .sh 2 "Configuration Files"
418 cannot operate without a configuration file.
419 The configuration defines the mail delivery mechanisms understood at this site,
421 how to forward email to remote mail systems,
422 and a number of tuning parameters.
423 This configuration file is detailed
424 in the later portion of this document.
428 configuration can be daunting at first.
429 The world is complex,
430 and the mail configuration reflects that.
431 The distribution includes an m4-based configuration package
432 that hides a lot of the complexity.
437 Our configuration files are processed by
439 to facilitate local customization;
444 distribution directory
445 contains the source files.
446 This directory contains several subdirectories:
449 Both site-dependent and site-independent descriptions of hosts.
450 These can be literal host names
453 when the hosts are gateways
454 or more general descriptions
456 .q "generic-solaris2.mc"
457 as a general description of an SMTP-connected host
461 (``M4 Configuration'')
462 are the input descriptions;
463 the output is in the corresponding
466 The general structure of these files is described below.
468 Site-dependent subdomain descriptions.
469 These are tied to the way your organization wants to do addressing.
471 .b domain/CS.Berkeley.EDU.m4
472 is our description for hosts in the CS.Berkeley.EDU subdomain.
473 These are referenced using the
480 Definitions of specific features that some particular host in your site
482 These are referenced using the
486 An example feature is
490 to read an /etc/mail/local-host-names file on startup
491 to find the set of local names).
493 Local hacks, referenced using the
498 The point of having them here is to make it clear that they smell.
502 include files that have information common to all configuration files.
503 This can be thought of as a
507 Definitions of mailers,
512 The mailer types that are known in this distribution are
518 For example, to include support for the UUCP-based mailers,
522 Definitions describing various operating system environments
523 (such as the location of support files).
524 These are referenced using the
529 Shell files used by the
532 You shouldn't have to mess with these.
534 Local UUCP connectivity information.
535 This directory has been supplanted by the mailertable feature;
536 any new configurations should use that feature to do UUCP
538 The use of this directory is deprecated.
540 If you are in a new domain
542 you will probably want to create a
544 file for your domain.
545 This consists primarily of relay definitions
546 and features you want enabled site-wide:
547 for example, Berkeley's domain definition
551 These are specific to Berkeley,
552 and should be fully-qualified internet-style domain names.
553 Please check to make certain they are reasonable for your domain.
555 Subdomains at Berkeley are also represented in the
561 is the Computer Science subdomain,
563 is the Electrical Engineering and Computer Sciences subdomain,
566 is the Sequoia 2000 subdomain.
567 You will probably have to add an entry to this directory
568 to be appropriate for your domain.
570 You will have to use or create
574 subdirectory for your hosts.
575 This is detailed in the
578 .sh 2 "Details of Installation Files"
580 This subsection describes the files that
584 .sh 3 "/usr/\*(SD/sendmail"
588 is located in /usr/\*(SD\**.
592 on 4.4BSD and newer systems;
593 many systems install it in
595 I understand it is in /usr/ucblib
596 on System V Release 4.
598 It should be set-group-ID smmsp as described in
600 For security reasons,
601 /, /usr, and /usr/\*(SD
602 should be owned by root, mode 0755\**.
604 \**Some vendors ship them owned by bin;
605 this creates a security hole that is not actually related to
607 Other important directories that should have restrictive ownerships
609 /bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib.
611 .sh 3 "/etc/mail/sendmail.cf"
613 This is the main configuration file for
616 \**Actually, the pathname varies depending on the operating system;
617 /etc/mail is the preferred directory.
618 Some older systems install it in
619 .b /usr/lib/sendmail.cf ,
620 and I've also seen it in
622 If you want to move this file,
623 add -D_PATH_SENDMAILCF=\e"/file/name\e"
624 to the flags passed to the C compiler.
625 Moving this file is not recommended:
626 other programs and scripts know of this location.
628 This is one of the two non-library file names compiled into
630 the other is /etc/mail/submit.cf.
632 \**The system libraries can reference other files;
633 in particular, system library subroutines that
635 calls probably reference
638 .i /etc/resolv.conf .
641 The configuration file is normally created
642 using the distribution files described above.
643 If you have a particularly unusual system configuration
644 you may need to create a special version.
645 The format of this file is detailed in later sections
647 .sh 3 "/etc/mail/submit.cf"
649 This is the configuration file for
651 when it is used for initial mail submission, in which case
652 it is also called ``Mail Submission Program'' (MSP)
653 in contrast to ``Mail Transfer Agent'' (MTA).
654 Starting with version 8.12,
656 uses one of two different configuration files based on its operation mode
660 For initial mail submission, i.e., if one of the options
666 is specified, submit.cf is used (if available),
667 for other operations sendmail.cf is used.
668 Details can be found in
669 .i sendmail/SECURITY .
670 submit.cf is shipped with sendmail (in cf/cf/) and is installed by default.
671 If changes to the configuration need to be made, start with
672 cf/cf/submit.mc and follow the instruction in cf/README.
673 .sh 3 "/usr/\*(SB/newaliases"
677 command should just be a link to
680 rm \-f /usr/\*(SB/newaliases
681 ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
683 This can be installed in whatever search path you prefer
685 .sh 3 "/usr/\*(SB/hoststat"
689 command should just be a link to
691 in a fashion similar to
693 This command lists the status of the last mail transaction
694 with all remote hosts. The
696 flag will prevent the status display from being truncated.
697 It functions only when the
698 .b HostStatusDirectory
700 .sh 3 "/usr/\*(SB/purgestat"
702 This command is also a link to
704 It flushes expired (Timeout.hoststatus) information that is stored in the
705 .b HostStatusDirectory
707 .sh 3 "/var/spool/mqueue"
711 should be created to hold the mail queue.
712 This directory should be mode 0700
715 The actual path of this directory
721 To use multiple queues,
722 supply a value ending with an asterisk.
724 .i /var/spool/mqueue/qd*
725 will use all of the directories or symbolic links to directories
726 beginning with `qd' in
728 as queue directories.
729 Do not change the queue directory structure
730 while sendmail is running.
732 If these directories have subdirectories or symbolic links to directories
733 named `qf', `df', and `xf', then these will be used for the different
735 That is, the data files are stored in the `df' subdirectory,
736 the transcript files are stored in the `xf' subdirectory, and
737 all others are stored in the `qf' subdirectory.
739 If shared memory support is compiled in,
741 stores the available diskspace in a shared memory segment
742 to make the values readily available to all children without
743 incurring system overhead.
744 In this case, only the daemon updates the data;
745 i.e., the sendmail daemon creates the shared memory segment
746 and deletes it if it is terminated.
749 must have been compiled with support for shared memory
754 Notice: do not use the same key for
756 invocations with different queue directories
757 or different queue group declarations.
758 Access to shared memory is not controlled by locks,
759 i.e., there is a race condition when data in the shared memory is updated.
760 However, since operation of
762 does not rely on the data in the shared memory, this does not negatively
763 influence the behavior.
764 .sh 3 "/var/spool/clientmqueue"
767 .i /var/spool/clientmqueue
768 should be created to hold the mail queue.
769 This directory should be mode 0770
770 and owned by user smmsp, group smmsp.
772 The actual path of this directory
778 .sh 3 "/var/spool/mqueue/.hoststat"
780 This is a typical value for the
781 .b HostStatusDirectory
783 containing one file per host
784 that this sendmail has chatted with recently.
785 It is normally a subdirectory of
787 .sh 3 "/etc/mail/aliases*"
789 The system aliases are held in
790 .q /etc/mail/aliases .
793 which includes some aliases which
797 cp sendmail/aliases /etc/mail/aliases
798 .i "edit /etc/mail/aliases"
800 You should extend this file with any aliases that are apropos to your system.
804 looks at a database version of the files,
806 .q /etc/mail/aliases.dir
808 .q /etc/mail/aliases.pag
810 .q /etc/mail/aliases.db
811 depending on which database package you are using.
812 The actual path of this file
819 The permissions of the alias file and the database versions
820 should be 0640 to prevent local denial of service attacks
821 as explained in the top level
823 in the sendmail distribution.
824 If the permissions 0640 are used, be sure that only trusted users belong
825 to the group assigned to those files. Otherwise, files should not even
827 .sh 3 "/etc/rc or /etc/init.d/sendmail"
829 It will be necessary to start up the
831 daemon when your system reboots.
832 This daemon performs two functions:
833 it listens on the SMTP socket for connections
834 (to receive mail from a remote system)
835 and it processes the queue periodically
836 to insure that mail gets delivered when hosts come up.
838 If necessary, add the following lines to
843 in the area where it is starting up the daemons
844 on a BSD-base system,
845 or on a System-V-based system
846 in one of the startup files, typically
847 .q /etc/init.d/sendmail :
849 if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
850 (cd /var/spool/mqueue; rm \-f xf*)
851 /usr/\*(SD/sendmail \-bd \-q30m &
852 echo \-n ' sendmail' >/dev/console
859 commands insure that all transcript files have been removed;
860 extraneous transcript files may be left around
861 if the system goes down in the middle of processing a message.
862 The line that actually invokes
866 causes it to listen on the SMTP port,
869 causes it to run the queue every half hour.
871 Some people use a more complex startup script,
872 removing zero length qf/hf/Qf files and df files for which there is no
874 Note this is not advisable.
875 For example, see Figure 1
876 for an example of a complex script which does this clean up.
880 # remove zero length qf/hf/Qf files
881 for qffile in qf* hf* Qf*
887 echo \-n " <zero: $qffile>" > /dev/console
892 # rename tf files to be qf if the qf does not exist
895 qffile=`echo $tffile | sed 's/t/q/'`
896 if [ \-r $tffile \-a ! \-f $qffile ]
898 echo \-n " <recovering: $tffile>" > /dev/console
903 echo \-n " <extra: $tffile>" > /dev/console
908 # remove df files with no corresponding qf/hf/Qf files
911 qffile=`echo $dffile | sed 's/d/q/'`
912 hffile=`echo $dffile | sed 's/d/h/'`
913 Qffile=`echo $dffile | sed 's/d/Q/'`
914 if [ \-r $dffile \-a ! \-f $qffile \-a ! \-f $hffile \-a ! \-f $Qffile ]
916 echo \-n " <incomplete: $dffile>" > /dev/console
917 mv $dffile `echo $dffile | sed 's/d/D/'`
920 # announce files that have been saved during disaster recovery
921 for xffile in [A-Z]f*
925 echo \-n " <panic: $xffile>" > /dev/console
930 Figure 1 \(em A complex startup script
933 .sh 3 "/etc/mail/helpfile"
935 This is the help file used by the SMTP
938 It should be copied from
939 .q sendmail/helpfile :
941 cp sendmail/helpfile /etc/mail/helpfile
943 The actual path of this file
949 .sh 3 "/etc/mail/statistics"
951 If you wish to collect statistics
952 about your mail traffic,
953 you should create the file
954 .q /etc/mail/statistics :
956 cp /dev/null /etc/mail/statistics
957 chmod 0600 /etc/mail/statistics
959 This file does not grow.
960 It is printed with the program
961 .q mailstats/mailstats.c.
962 The actual path of this file
968 .sh 3 "/usr/\*(SB/mailq"
979 will print the contents of the mail queue;
981 This should be a link to /usr/\*(SD/sendmail.
985 stores its current pid in the file specified by the
987 option (default is _PATH_SENDMAILPID).
991 (which defaults to 0600) as
992 the permissions of that file
993 to prevent local denial of service attacks
994 as explained in the top level
996 in the sendmail distribution.
997 If the file already exists, then it might be necessary to
998 change the permissions accordingly, e.g.,
1000 chmod 0600 /var/run/sendmail.pid
1002 Note that as of version 8.13, this file is unlinked when
1005 As a result of this change, a script such as the following,
1006 which may have worked prior to 8.13, will no longer work:
1008 # stop & start sendmail
1009 PIDFILE=/var/run/sendmail.pid
1010 kill `head -1 $PIDFILE`
1013 because it assumes that the pidfile will still exist even
1014 after killing the process to which it refers.
1015 Below is a script which will work correctly
1016 on both newer and older versions:
1018 # stop & start sendmail
1019 PIDFILE=/var/run/sendmail.pid
1020 pid=`head -1 $PIDFILE`
1021 cmd=`tail -1 $PIDFILE`
1025 This is just an example script, it does not perform any error checks,
1026 e.g., whether the pidfile exists at all.
1029 To prevent local denial of service attacks
1030 as explained in the top level
1032 in the sendmail distribution,
1033 the permissions of map files created by
1036 The use of 0640 implies that only trusted users belong to the group
1037 assigned to those files.
1038 If those files already exist, then it might be necessary to
1039 change the permissions accordingly, e.g.,
1042 chmod 0640 *.db *.pag *.dir
1044 .sh 1 "NORMAL OPERATIONS"
1045 .sh 2 "The System Log"
1047 The system log is supported by the
1052 are logged under the
1056 \**Except on Ultrix,
1057 which does not support facilities in the syslog.
1061 Each line in the system log
1062 consists of a timestamp,
1063 the name of the machine that generated it
1064 (for logging from several machines
1065 over the local area network),
1070 \**This format may vary slightly if your vendor has changed
1073 Most messages are a sequence of
1079 The two most common lines are logged when a message is processed.
1080 The first logs the receipt of a message;
1081 there will be exactly one of these per message.
1082 Some fields may be omitted if they do not contain interesting information.
1085 The envelope sender address.
1087 The size of the message in bytes.
1089 The class (i.e., numeric precedence) of the message.
1091 The initial message priority (used for queue sorting).
1093 The number of envelope recipients for this message
1094 (after aliasing and forwarding).
1096 The message id of the message (from the header).
1098 The protocol used to receive this message (e.g., ESMTP or UUCP)
1100 The daemon name from the
1101 .b DaemonPortOptions
1104 The machine from which it was received.
1106 There is also one line logged per delivery attempt
1107 (so there can be several per message if delivery is deferred
1108 or there are multiple recipients).
1111 A comma-separated list of the recipients to this mailer.
1113 The ``controlling user'', that is, the name of the user
1114 whose credentials we use for delivery.
1116 The total delay between the time this message was received
1117 and the current delivery attempt.
1119 The amount of time needed in this delivery attempt
1120 (normally indicative of the speed of the connection).
1122 The name of the mailer used to deliver to this recipient.
1124 The name of the host that actually accepted (or rejected) this recipient.
1126 The enhanced error code (RFC 2034) if available.
1128 The delivery status.
1130 Not all fields are present in all messages;
1131 for example, the relay is usually not listed for local deliveries.
1136 or an equivalent installed,
1137 you will be able to do logging.
1138 There is a large amount of information that can be logged.
1139 The log is arranged as a succession of levels.
1141 only extremely strange situations are logged.
1142 At the highest level,
1143 even the most mundane and uninteresting events
1144 are recorded for posterity.
1146 log levels under ten
1147 are considered generally
1150 are reserved for debugging purposes.
1151 Levels from 11\-64 are reserved for verbose information
1152 that some sites might want.
1154 A complete description of the log levels
1155 is given in section ``Log Level''.
1156 .sh 2 "Dumping State"
1160 to log a dump of the open files
1161 and the connection cache
1165 The results are logged at
1168 .sh 2 "The Mail Queues"
1170 Mail messages may either be delivered immediately or be held for later
1172 Held messages are placed into a holding directory called a mail queue.
1174 A mail message may be queued for these reasons:
1176 If a mail message is temporarily undeliverable, it is queued
1177 and delivery is attempted later.
1178 If the message is addressed to multiple recipients, it is queued
1179 only for those recipients to whom delivery is not immediately possible.
1181 If the SuperSafe option is set to true,
1182 all mail messages are queued while delivery is attempted.
1184 If the DeliveryMode option is set to queue-only or defer,
1185 all mail is queued, and no immediate delivery is attempted.
1187 If the load average becomes higher than the value of the QueueLA option
1192 option divided by the difference in the current load average and the
1195 is less than the priority of the message,
1196 messages are queued rather than immediately delivered.
1198 One or more addresses are marked as expensive and delivery is postponed
1199 until the next queue run or one or more address are marked as held via
1200 mailer which uses the hold mailer flag.
1202 The mail message has been marked as quarantined via a mail filter or
1205 .sh 3 "Queue Groups and Queue Directories"
1207 There are one or more mail queues.
1208 Each mail queue belongs to a queue group.
1209 There is always a default queue group that is called ``mqueue''
1210 (which is where messages go by default unless otherwise specified).
1211 The directory or directories which comprise the default queue group
1212 are specified by the QueueDirectory option.
1213 There are zero or more
1214 additional named queue groups declared using the
1216 command in the configuration file.
1218 By default, a queued message is placed in the queue group
1219 associated with the first recipient in the recipient list.
1220 A recipient address is mapped to a queue group as follows.
1221 First, if there is a ruleset called ``queuegroup'',
1222 and if this ruleset maps the address to a queue group name,
1223 then that queue group is chosen.
1224 That is, the argument for the ruleset is the recipient address
1225 and the result should be
1227 followed by the name of a queue group.
1228 Otherwise, if the mailer associated with the address specifies
1229 a queue group, then that queue group is chosen.
1230 Otherwise, the default queue group is chosen.
1232 A message with multiple recipients will be split
1233 if different queue groups are chosen
1234 by the mapping of recipients to queue groups.
1236 When a message is placed in a queue group, and the queue group has
1237 more than one queue, a queue is selected randomly.
1239 If a message with multiple recipients is placed into a queue group
1240 with the 'r' option (maximum number of recipients per message)
1241 set to a positive value
1243 and if there are more than
1246 in the message, then the message will be split into multiple messages,
1247 each of which have at most
1251 Notice: if multiple queue groups are used, do
1253 move queue files around, e.g., into a different queue directory.
1254 This may have weird effects and can cause mail not to be delivered.
1255 Queue files and directories should be treated as opaque
1256 and should not be manipulated directly.
1260 has two different ways to process the queue(s).
1261 The first one is to start queue runners after certain intervals
1262 (``normal'' queue runners),
1263 the second one is to keep queue runner processes around
1264 (``persistent'' queue runners).
1265 How to select either of these types is discussed in the appendix
1266 ``COMMAND LINE FLAGS''.
1267 Persistent queue runners have the advantage that no new processes
1268 need to be spawned at certain intervals; they just sleep for
1269 a specified time after they finished a queue run.
1270 Another advantage of persistent queue runners is that only one process
1271 belonging to a workgroup (a workgroup is a set of queue groups)
1272 collects the data for a queue run
1273 and then multiple queue runner may go ahead using that data.
1274 This can significantly reduce the disk I/O necessary to read the
1275 queue files compared to starting multiple queue runners directly.
1276 Their disadvantage is that a new queue run is only started
1277 after all queue runners belonging to a group finished their tasks.
1278 In case one of the queue runners tries delivery to a slow recipient site
1279 at the end of a queue run, the next queue run may be substantially delayed.
1280 In general this should be smoothed out due to the distribution of
1281 those slow jobs, however, for sites with small number of
1282 queue entries this might introduce noticable delays.
1283 In general, persistent queue runners are only useful for
1284 sites with big queues.
1285 .sh 3 "Manual Intervention"
1287 Under normal conditions the mail queue will be processed transparently.
1288 However, you may find that manual intervention is sometimes necessary.
1290 if a major host is down for a period of time
1291 the queue may become clogged.
1294 ought to recover gracefully when the host comes up,
1295 you may find performance unacceptably bad in the meantime.
1296 In that case you want to check the content of the queue
1297 and manipulate it as explained in the next two sections.
1298 .sh 3 "Printing the queue"
1300 The contents of the queue(s) can be printed
1304 (or by specifying the
1311 This will produce a listing of the queue id's,
1312 the size of the message,
1313 the date the message entered the queue,
1314 and the sender and recipients.
1315 If shared memory support is compiled in,
1318 can be used to print the number of entries in the queue(s),
1319 provided a process updates the data.
1320 However, as explained earlier, the output might be slightly wrong,
1321 since access to the shared memory is not locked.
1323 ``unknown number of entries''
1325 The internal counters are updated after each queue run
1326 to the correct value again.
1327 .sh 3 "Forcing the queue"
1330 should run the queue automatically at intervals.
1331 When using multiple queues,
1332 a separate process will by default be created to
1333 run each of the queues
1334 unless the queue run is initiated by a user
1335 with the verbose flag.
1336 The algorithm is to read and sort the queue,
1337 and then to attempt to process all jobs in order.
1338 When it attempts to run the job,
1340 first checks to see if the job is locked.
1341 If so, it ignores the job.
1343 There is no attempt to insure that only one queue processor
1345 since there is no guarantee that a job cannot take forever
1349 does include heuristics to try to abort jobs
1350 that are taking absurd amounts of time;
1351 technically, this violates RFC 821, but is blessed by RFC 1123).
1352 Due to the locking algorithm,
1353 it is impossible for one job to freeze the entire queue.
1355 an uncooperative recipient host
1356 or a program recipient
1358 can accumulate many processes in your system.
1360 there is no completely general way to solve this.
1363 you may find that a major host going down
1364 for a couple of days
1365 may create a prohibitively large queue.
1368 spending an inordinate amount of time
1370 This situation can be fixed by moving the queue to a temporary place
1371 and creating a new queue.
1372 The old queue can be run later when the offending host returns to service.
1375 it is acceptable to move the entire queue directory:
1378 mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue
1380 You should then kill the existing daemon
1381 (since it will still be processing in the old queue directory)
1382 and create a new daemon.
1384 To run the old mail queue, issue the following command:
1386 /usr/\*(SD/sendmail \-C /etc/mail/queue.cf \-q
1390 flag specifies an alternate configuration file
1392 which should refer to the moved queue directory
1394 O QueueDirectory=/var/spool/omqueue
1398 flag says to just run every job in the queue.
1399 You can also specify the moved queue directory on the command line
1401 /usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
1403 but this requires that you do not have
1404 queue groups in the configuration file,
1405 because those are not subdirectories of the moved directory.
1406 See the section about ``Queue Group Declaration'' for details;
1407 you most likely need a different configuration file to correctly deal
1409 However, a proper configuration of queue groups should avoid
1410 filling up queue directories, so you shouldn't run into
1412 If you have a tendency toward voyeurism,
1415 flag to watch what is going on.
1417 When the queue is finally emptied,
1418 you can remove the directory:
1420 rmdir /var/spool/omqueue
1422 .sh 3 "Quarantined Queue Items"
1424 It is possible to "quarantine" mail messages,
1425 otherwise known as envelopes.
1426 Envelopes (queue files) are stored but not considered for delivery or
1427 display unless the "quarantine" state of the envelope is undone or
1428 delivery or display of quarantined items is requested.
1429 Quarantined messages are tagged by using a different name for the queue
1430 file, 'hf' instead of 'qf', and by adding the quarantine reason to the
1433 Delivery or display of quarantined items can be requested using the
1439 Additionally, messages already in the queue can be quarantined or
1440 unquarantined using the new
1445 sendmail -Qreason -q[!][I|R|S][matchstring]
1447 Quarantines the normal queue items matching the criteria specified by the
1448 .b "-q[!][I|R|S][matchstring]"
1449 using the reason given on the
1454 sendmail -qQ -Q[reason] -q[!][I|R|S|Q][matchstring]
1456 Change the quarantine reason for the quarantined items matching the
1457 criteria specified by the
1458 .b "-q[!][I|R|S|Q][matchstring]"
1459 using the reason given on the
1462 If there is no reason,
1463 unquarantine the matching items and make them normal queue items.
1466 flag tells sendmail to operate on quarantined items instead of normal items.
1467 .sh 2 "Disk Based Connection Information"
1470 stores a large amount of information about each remote system it
1471 has connected to in memory. It is possible to preserve some
1472 of this information on disk as well, by using the
1473 .b HostStatusDirectory
1474 option, so that it may be shared between several invocations of
1476 This allows mail to be queued immediately or skipped during a queue run if
1477 there has been a recent failure in connecting to a remote machine.
1478 Note: information about a remote system is stored in a file
1479 whose pathname consists of the components of the hostname in reverse order.
1480 For example, the information for
1483 .b com./example./host .
1484 For top-level domains like
1486 this can create a large number of subdirectories
1487 which on some filesystems can exhaust some limits.
1488 Moreover, the performance of lookups in directory with thousands of entries
1489 can be fairly slow depending on the filesystem implementation.
1491 Additionally enabling
1492 .b SingleThreadDelivery
1493 has the added effect of single-threading mail delivery to a destination.
1494 This can be quite helpful
1495 if the remote machine is running an SMTP server that is easily overloaded
1496 or cannot accept more than a single connection at a time,
1497 but can cause some messages to be punted to a future queue run.
1500 hosts, so setting this because you have one machine on site
1501 that runs some software that is easily overrun
1502 can cause mail to other hosts to be slowed down.
1503 If this option is set,
1504 you probably want to set the
1506 option as well and run the queue fairly frequently;
1507 this way jobs that are skipped because another
1509 is talking to the same host will be tried again quickly
1510 rather than being delayed for a long time.
1512 The disk based host information is stored in a subdirectory of the
1517 \**This is the usual value of the
1518 .b HostStatusDirectory
1520 it can, of course, go anywhere you like in your filesystem.
1522 Removing this directory and its subdirectories has an effect similar to
1525 command and is completely safe.
1528 only removes expired (Timeout.hoststatus) data.
1529 The information in these directories can
1532 command, which will indicate the host name, the last access, and the
1533 status of that access.
1534 An asterisk in the left most column indicates that a
1536 process currently has the host locked for mail delivery.
1538 The disk based connection information is treated the same way as memory based
1539 connection information for the purpose of timeouts.
1540 By default, information about host failures is valid for 30 minutes.
1541 This can be adjusted with
1543 .b Timeout.hoststatus
1546 The connection information stored on disk may be expired at any time
1549 command or by invoking sendmail with the
1552 The connection information may be viewed with the
1554 command or by invoking sendmail with the
1557 .sh 2 "The Service Switch"
1559 The implementation of certain system services
1560 such as host and user name lookup
1561 is controlled by the service switch.
1562 If the host operating system supports such a switch,
1563 and sendmail knows about it,
1565 will use the native version.
1566 Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**.
1568 \**HP-UX 10 has service switch support,
1569 but since the APIs are apparently not available in the libraries
1571 does not use the native service switch in this release.
1574 If the underlying operating system does not support a service switch
1575 (e.g., SunOS 4.X, HP-UX, BSD)
1578 will provide a stub implementation.
1580 .b ServiceSwitchFile
1581 option points to the name of a file that has the service definitions.
1582 Each line has the name of a service
1583 and the possible implementations of that service.
1584 For example, the file:
1591 to look for hosts in the Domain Name System first.
1592 If the requested host name is not found, it tries local files,
1593 and if that fails it tries NIS.
1594 Similarly, when looking for aliases
1595 it will try the local files first followed by NIS.
1599 must access MX records for correct operation, it will use
1600 DNS if it is configured in the
1601 .b ServiceSwitchFile
1607 will not avoid DNS lookups even if a host can be found
1610 Service switches are not completely integrated.
1611 For example, despite the fact that the host entry listed in the above example
1612 specifies to look in NIS,
1613 on SunOS this won't happen because the system implementation of
1614 .i gethostbyname \|(3)
1615 doesn't understand this.
1616 .sh 2 "The Alias Database"
1618 After recipient addresses are read from the SMTP connection
1620 they are parsed by ruleset 0,
1621 which must resolve to a
1627 If the flags selected by the
1634 part of the triple is looked up as the key
1635 (i.e., the left hand side)
1636 in the alias database.
1637 If there is a match, the address is deleted from the send queue
1638 and all addresses on the right hand side of the alias
1639 are added in place of the alias that was found.
1640 This is a recursive operation,
1641 so aliases found in the right hand side of the alias
1642 are similarly expanded.
1644 The alias database exists in two forms.
1646 maintained in the file
1647 .i /etc/mail/aliases.
1648 The aliases are of the form
1650 name: name1, name2, ...
1652 Only local names may be aliased;
1655 eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU
1657 will not have the desired effect
1658 (except on prep.ai.MIT.EDU,
1659 and they probably don't want me)\**.
1661 \**Actually, any mailer that has the `A' mailer flag set
1662 will permit aliasing;
1663 this is normally limited to the local mailer.
1665 Aliases may be continued by starting any continuation lines
1666 with a space or a tab or by putting a backslash directly before
1668 Blank lines and lines beginning with a sharp sign
1673 The second form is processed by the
1678 package does not work.
1680 or the Berkeley DB library.
1681 This form is in the file
1682 .i /etc/mail/aliases.db
1685 .i /etc/mail/aliases.dir
1687 .i /etc/mail/aliases.pag
1689 This is the form that
1691 actually uses to resolve aliases.
1692 This technique is used to improve performance.
1694 The control of search order is actually set by the service switch.
1695 Essentially, the entry
1697 O AliasFile=switch:aliases
1699 is always added as the first alias entry;
1700 also, the first alias file name without a class
1704 will be used as the name of the file for a ``files'' entry
1705 in the aliases switch.
1706 For example, if the configuration file contains
1708 O AliasFile=/etc/mail/aliases
1710 and the service switch contains
1712 aliases nis files nisplus
1714 then aliases will first be searched in the NIS database,
1715 then in /etc/mail/aliases,
1716 then in the NIS+ database.
1721 For example, the specification:
1723 O AliasFile=/etc/mail/aliases
1724 O AliasFile=nis:mail.aliases@my.nis.domain
1726 will first search the /etc/mail/aliases file
1727 and then the map named
1731 Warning: if you build your own
1734 be sure to provide the
1738 to map upper case letters in the keys to lower case;
1739 otherwise, aliases with upper case letters in their names
1740 won't match incoming addresses.
1742 Additional flags can be added after the colon
1745 line \(em for example:
1747 O AliasFile=nis:\-N mail.aliases@my.nis.domain
1749 will search the appropriate NIS map and always include null bytes in the key.
1752 O AliasFile=nis:\-f mail.aliases@my.nis.domain
1754 will prevent sendmail from downcasing the key before the alias lookup.
1755 .sh 3 "Rebuilding the alias database"
1761 version of the database
1762 may be rebuilt explicitly by executing the command
1766 This is equivalent to giving
1772 /usr/\*(SD/sendmail \-bi
1775 If you have multiple aliases databases specified,
1778 flag rebuilds all the database types it understands
1779 (for example, it can rebuild NDBM databases but not NIS databases).
1780 .sh 3 "Potential problems"
1782 There are a number of problems that can occur
1783 with the alias database.
1784 They all result from a
1786 process accessing the DBM version
1787 while it is only partially built.
1788 This can happen under two circumstances:
1789 One process accesses the database
1790 while another process is rebuilding it,
1791 or the process rebuilding the database dies
1792 (due to being killed or a system crash)
1793 before completing the rebuild.
1795 Sendmail has three techniques to try to relieve these problems.
1796 First, it ignores interrupts while rebuilding the database;
1797 this avoids the problem of someone aborting the process
1798 leaving a partially rebuilt database.
1800 it locks the database source file during the rebuild \(em
1801 but that may not work over NFS or if the file is unwritable.
1803 at the end of the rebuild
1804 it adds an alias of the form
1808 (which is not normally legal).
1811 will access the database,
1812 it checks to insure that this entry exists\**.
1816 option is required in the configuration
1817 for this action to occur.
1818 This should normally be specified.
1822 If an error occurs on sending to a certain address,
1826 will look for an alias
1829 to receive the errors.
1830 This is typically useful
1832 where the submitter of the list
1833 has no control over the maintenance of the list itself;
1834 in this case the list maintainer would be the owner of the list.
1837 unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
1839 owner-unix-wizards: unix-wizards-request
1840 unix-wizards-request: eric@ucbarpa
1844 to get the error that will occur
1845 when someone sends to
1847 due to the inclusion of
1851 List owners also cause the envelope sender address to be modified.
1852 The contents of the owner alias are used if they point to a single user,
1853 otherwise the name of the alias itself is used.
1854 For this reason, and to obey Internet conventions,
1857 address normally points at the
1859 address; this causes messages to go out with the typical Internet convention
1862 as the return address.
1863 .sh 2 "User Information Database"
1865 This option is deprecated, use virtusertable and genericstable instead
1868 If you have a version of
1870 with the user information database
1872 and you have specified one or more databases using the
1875 the databases will be searched for a
1878 If found, the mail will be sent to the specified address.
1879 .sh 2 "Per-User Forwarding (.forward Files)"
1881 As an alternative to the alias database,
1882 any user may put a file with the name
1884 in his or her home directory.
1885 If this file exists,
1887 redirects mail for that user
1888 to the list of addresses listed in the .forward file.
1889 Note that aliases are fully expanded before forward files are referenced.
1890 For example, if the home directory for user
1892 has a .forward file with contents:
1897 then any mail arriving for
1899 will be redirected to the specified accounts.
1901 Actually, the configuration file defines a sequence of filenames to check.
1902 By default, this is the user's .forward file,
1903 but can be defined to be more generally using the
1907 you will have to inform your user base of the change;
1908 \&.forward is pretty well incorporated into the collective subconscious.
1909 .sh 2 "Special Header Lines"
1911 Several header lines have special interpretations
1912 defined by the configuration file.
1913 Others have interpretations built into
1915 that cannot be changed without changing the code.
1916 These built-ins are described here.
1919 If errors occur anywhere during processing,
1920 this header will cause error messages to go to
1921 the listed addresses.
1922 This is intended for mailing lists.
1924 The Errors-To: header was created in the bad old days
1925 when UUCP didn't understand the distinction between an envelope and a header;
1926 this was a hack to provide what should now be passed
1927 as the envelope sender address.
1929 It is only used if the
1933 The Errors-To: header is officially deprecated
1934 and will go away in a future release.
1935 .sh 3 "Apparently-To:"
1937 RFC 822 requires at least one recipient field
1938 (To:, Cc:, or Bcc: line)
1940 If a message comes in with no recipients listed in the message
1943 will adjust the header based on the
1944 .q NoRecipientAction
1946 One of the possible actions is to add an
1948 header line for any recipients it is aware of.
1950 The Apparently-To: header is non-standard
1951 and is both deprecated and strongly discouraged.
1954 The Precedence: header can be used as a crude control of message priority.
1955 It tweaks the sort order in the queue
1956 and can be configured to change the message timeout values.
1957 The precedence of a message also controls how
1958 delivery status notifications (DSNs)
1959 are processed for that message.
1960 .sh 2 "IDENT Protocol Support"
1963 supports the IDENT protocol as defined in RFC 1413.
1964 Note that the RFC states
1965 a client should wait at least 30 seconds for a response.
1966 The default Timeout.ident is 5 seconds
1967 as many sites have adopted the practice of dropping IDENT queries.
1968 This has lead to delays processing mail.
1969 Although this enhances identification
1970 of the author of an email message
1971 by doing a ``call back'' to the originating system to include
1972 the owner of a particular TCP connection
1974 it is in no sense perfect;
1975 a determined forger can easily spoof the IDENT protocol.
1976 The following description is excerpted from RFC 1413:
1979 6. Security Considerations
1981 The information returned by this protocol is at most as trustworthy
1982 as the host providing it OR the organization operating the host. For
1983 example, a PC in an open lab has few if any controls on it to prevent
1984 a user from having this protocol return any identifier the user
1985 wants. Likewise, if the host has been compromised the information
1986 returned may be completely erroneous and misleading.
1988 The Identification Protocol is not intended as an authorization or
1989 access control protocol. At best, it provides some additional
1990 auditing information with respect to TCP connections. At worst, it
1991 can provide misleading, incorrect, or maliciously incorrect
1994 The use of the information returned by this protocol for other than
1995 auditing is strongly discouraged. Specifically, using Identification
1996 Protocol information to make access control decisions - either as the
1997 primary method (i.e., no other checks) or as an adjunct to other
1998 methods may result in a weakening of normal host security.
2000 An Identification server may reveal information about users,
2001 entities, objects or processes which might normally be considered
2002 private. An Identification server provides service which is a rough
2003 analog of the CallerID services provided by some phone companies and
2004 many of the same privacy considerations and arguments that apply to
2005 the CallerID service apply to Identification. If you wouldn't run a
2006 "finger" server due to privacy considerations you may not want to run
2010 In some cases your system may not work properly with IDENT support
2011 due to a bug in the TCP/IP implementation.
2012 The symptoms will be that for some hosts
2013 the SMTP connection will be closed
2015 If this is true or if you do not want to use IDENT,
2016 you should set the IDENT timeout to zero;
2017 this will disable the IDENT protocol.
2020 The complete list of arguments to
2022 is described in detail in Appendix A.
2023 Some important arguments are described here.
2024 .sh 2 "Queue Interval"
2026 The amount of time between forking a process
2027 to run through the queue is defined by the
2030 If you run with delivery mode set to
2034 this can be relatively large, since it will only be relevant
2035 when a host that was down comes back up.
2038 mode it should be relatively short,
2039 since it defines the maximum amount of time that a message
2040 may sit in the queue.
2041 (See also the MinQueueAge option.)
2043 RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
2044 (although that probably doesn't make sense if you use ``queue-only'' mode).
2046 Notice: the meaning of the interval time depends on whether normal
2047 queue runners or persistent queue runners are used.
2048 For the former, it is the time between subsequent starts of a queue run.
2049 For the latter, it is the time sendmail waits after a persistent queue
2050 runner has finished its work to start the next one.
2051 Hence for persistent queue runners this interval should be very low,
2052 typically no more than two minutes.
2055 If you allow incoming mail over an IPC connection,
2056 you should have a daemon running.
2057 This should be set by your
2066 flag may be combined in one call:
2068 /usr/\*(SD/sendmail \-bd \-q30m
2071 An alternative approach is to invoke sendmail from
2075 flags to ask sendmail to speak SMTP on its standard input and output
2077 This works and allows you to wrap
2079 in a TCP wrapper program,
2080 but may be a bit slower since the configuration file
2081 has to be re-read on every message that comes in.
2082 If you do this, you still need to have a
2084 running to flush the queue:
2086 /usr/\*(SD/sendmail \-q30m
2088 .sh 2 "Forcing the Queue"
2090 In some cases you may find that the queue has gotten clogged for some reason.
2091 You can force a queue run
2094 flag (with no value).
2095 It is entertaining to use the
2098 when this is done to watch what happens:
2100 /usr/\*(SD/sendmail \-q \-v
2103 You can also limit the jobs to those with a particular queue identifier,
2104 recipient, sender, quarantine reason, or queue group
2105 using one of the queue modifiers.
2108 restricts the queue run to jobs that have the string
2110 somewhere in one of the recipient addresses.
2113 limits the run to particular senders,
2115 limits it to particular queue identifiers, and
2117 limits it to particular quarantined reasons and only operated on
2118 quarantined queue items, and
2120 limits it to a particular queue group.
2121 The named queue group will be run even if it is set to have 0 runners.
2122 You may also place an
2132 to indicate that jobs are limited to not including a particular queue
2133 identifier, recipient or sender.
2136 limits the queue run to jobs that do not have the string
2138 somewhere in one of the recipient addresses.
2139 Should you need to terminate the queue jobs currently active then a SIGTERM
2140 to the parent of the process (or processes) will cleanly stop the jobs.
2143 There are a fairly large number of debug flags
2146 Each debug flag has a category and a level.
2147 Higher levels increase the level of debugging activity;
2148 in most cases, this means to print out more information.
2149 The convention is that levels greater than nine are
2152 they print out so much information that you wouldn't normally
2153 want to see them except for debugging that particular piece of code.
2157 run a production sendmail server in debug mode.
2158 Many of the debug flags will result in debug output being sent over the
2159 SMTP channel unless the option
2162 This will confuse many mail programs.
2163 However, for testing purposes, it can be useful
2164 when sending mail manually via
2165 telnet to the port you are using while debugging.
2167 A debug category is either an integer, like 42,
2168 or a name, like ANSI.
2169 You can specify a range of numeric debug categories
2170 using the syntax 17-42.
2171 You can specify a set of named debug categories using
2178 are supported in these glob patterns.
2180 Debug flags are set using the
2185 .ta \w'debug-categories:M 'u
2186 debug-flag: \fB\-d\fP debug-list
2187 debug-list: debug-option [ , debug-option ]*
2188 debug-option: debug-categories [ . debug-level ]
2189 debug-categories: integer | integer \- integer | category-pattern
2190 category-pattern: [a-zA-Z_*?][a-zA-Z0-9_*?]*
2191 debug-level: integer
2193 where spaces are for reading ease only.
2196 \-d12 Set category 12 to level 1
2197 \-d12.3 Set category 12 to level 3
2198 \-d3\-17 Set categories 3 through 17 to level 1
2199 \-d3\-17.4 Set categories 3 through 17 to level 4
2200 \-dANSI Set category ANSI to level 1
2201 \-dsm_trace_*.3 Set all named categories matching sm_trace_* to level 3
2203 For a complete list of the available debug flags
2204 you will have to look at the code
2207 file in the sendmail distribution
2208 (they are too dynamic to keep this document up to date).
2209 For a list of named debug categories in the sendmail binary, use
2211 ident /usr/sbin/sendmail | grep Debug
2213 .sh 2 "Changing the Values of Options"
2215 Options can be overridden using the
2222 /usr/\*(SD/sendmail \-oT2m
2226 (timeout) option to two minutes
2228 the equivalent line using the long option name is
2230 /usr/\*(SD/sendmail -OTimeout.queuereturn=2m
2233 Some options have security implications.
2234 Sendmail allows you to set these,
2235 but relinquishes its set-user-ID or set-group-ID permissions thereafter\**.
2237 \**That is, it sets its effective uid to the real uid;
2238 thus, if you are executing as root,
2239 as from root's crontab file or during system startup
2240 the root permissions will still be honored.
2242 .sh 2 "Trying a Different Configuration File"
2244 An alternative configuration file
2245 can be specified using the
2249 /usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
2251 uses the configuration file
2253 instead of the default
2254 .i /etc/mail/sendmail.cf.
2260 in the current directory.
2263 gives up set-user-ID root permissions
2264 (if it has been installed set-user-ID root)
2265 when you use this flag, so it is common to use a publicly writable directory
2267 as the queue directory (QueueDirectory or Q option) while testing.
2268 .sh 2 "Logging Traffic"
2270 Many SMTP implementations do not fully implement the protocol.
2271 For example, some personal computer based SMTPs
2272 do not understand continuation lines in reply codes.
2273 These can be very hard to trace.
2274 If you suspect such a problem, you can set traffic logging using the
2279 /usr/\*(SD/sendmail \-X /tmp/traffic \-bd
2281 will log all traffic in the file
2284 This logs a lot of data very quickly and should
2287 during normal operations.
2288 After starting up such a daemon,
2289 force the errant implementation to send a message to your host.
2290 All message traffic in and out of
2292 including the incoming SMTP traffic,
2293 will be logged in this file.
2294 .sh 2 "Testing Configuration Files"
2296 When you build a configuration table,
2297 you can do a certain amount of testing
2307 sendmail \-bt \-Ctest.cf
2309 which would read the configuration file
2311 and enter test mode.
2313 you enter lines of the form:
2319 is the rewriting set you want to use
2322 is an address to apply the set to.
2323 Test mode shows you the steps it takes
2325 finally showing you the address it ends up with.
2326 You may use a comma separated list of rwsets
2327 for sequential application of rules to an input.
2330 3,1,21,4 monet:bollard
2332 first applies ruleset three to the input
2334 Ruleset one is then applied to the output of ruleset three,
2335 followed similarly by rulesets twenty-one and four.
2337 If you need more detail,
2338 you can also use the
2340 flag to turn on more debugging.
2343 sendmail \-bt \-d21.99
2345 turns on an incredible amount of information;
2346 a single word address
2347 is probably going to print out several pages worth of information.
2349 You should be warned that internally,
2351 applies ruleset 3 to all addresses.
2353 you will have to do that manually.
2354 For example, older versions allowed you to use
2356 0 bruce@broadcast.sony.com
2358 This version requires that you use:
2360 3,0 bruce@broadcast.sony.com
2364 some other syntaxes are available in test mode:
2369 to have the indicated
2371 This is useful when debugging rules that use the
2381 dumps the contents of the indicated ruleset.
2383 is equivalent to the command-line flag.
2385 Version 8.9 introduced more features:
2388 shows a help message.
2390 display the known mailers.
2392 print the value of macro m.
2394 print the contents of class c.
2396 returns the MX records for `host'.
2398 parse address, returning the value of
2400 and the parsed address.
2401 .ip /try\ mailer\ addr
2402 rewrite address into the form it will have when
2403 presented to the indicated mailer.
2404 .ip /tryflags\ flags
2405 set flags used by parsing. The flags can be `H' for
2406 Header or `E' for Envelope, and `S' for Sender or `R'
2407 for Recipient. These can be combined, `HR' sets
2408 flags for header recipients.
2409 .ip /canon\ hostname
2410 try to canonify hostname.
2411 .ip /map\ mapname\ key
2412 look up `key' in the indicated `mapname'.
2414 quit address test mode.
2416 .sh 2 "Persistent Host Status Information"
2419 .b HostStatusDirectory
2421 information about the status of hosts is maintained on disk
2422 and can thus be shared between different instantiations of
2424 The status of the last connection with each remote host
2425 may be viewed with the command:
2429 This information may be flushed with the command:
2433 Flushing the information prevents new
2435 processes from loading it,
2436 but does not prevent existing processes from using the status information
2437 that they already have.
2440 There are a number of configuration parameters
2441 you may want to change,
2442 depending on the requirements of your site.
2443 Most of these are set
2444 using an option in the configuration file.
2447 .q "O Timeout.queuereturn=5d"
2449 .q Timeout.queuereturn
2454 Most of these options have appropriate defaults for most sites.
2456 sites having very high mail loads may find they need to tune them
2457 as appropriate for their mail load.
2459 sites experiencing a large number of small messages,
2460 many of which are delivered to many recipients,
2461 may find that they need to adjust the parameters
2462 dealing with queue priorities.
2467 had single character option names.
2469 options have long (multi-character names).
2470 Although old short names are still accepted,
2471 most new options do not have short equivalents.
2473 This section only describes the options you are most likely
2481 All time intervals are set
2482 using a scaled syntax.
2485 represents ten minutes, whereas
2487 represents two and a half hours.
2488 The full set of scales is:
2497 .sh 3 "Queue interval"
2501 flag specifies how often a sub-daemon will run the queue.
2502 This is typically set to between fifteen minutes and one hour.
2503 If not set, or set to zero,
2504 the queue will not be run automatically.
2505 RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
2506 Should you need to terminate the queue jobs currently active then a SIGTERM
2507 to the parent of the process (or processes) will cleanly stop the jobs.
2508 .sh 3 "Read timeouts"
2510 Timeouts all have option names
2511 .q Timeout.\fIsuboption\fP .
2512 Most of these control SMTP operations.
2515 their default values, and the minimum values
2516 allowed by RFC 2821 section 4.5.3.2 (or RFC 1123 section 5.3.2) are:
2519 The time to wait for an SMTP connection to open
2524 If zero, uses the kernel default.
2525 In no case can this option extend the timeout
2526 longer than the kernel provides, but it can shorten it.
2527 This is to get around kernels that provide an absurdly long connection timeout
2528 (90 minutes in one case).
2532 except it applies only to the initial attempt to connect to a host
2535 The concept is that this should be very short (a few seconds);
2536 hosts that are well connected and responsive will thus be serviced immediately.
2537 Hosts that are slow will not hold up other deliveries in the initial
2541 The overall timeout waiting for all connection for a single delivery
2543 If 0, no overall limit is applied.
2544 This can be used to restrict the total amount of time trying to connect to
2545 a long list of host that could accept an e-mail for the recipient.
2546 This timeout does not apply to
2548 i.e., if the time is exhausted, the
2552 The wait for the initial 220 greeting message
2555 The wait for a reply from a HELO or EHLO command
2557 This may require a host name lookup, so
2558 five minutes is probably a reasonable minimum.
2560 The wait for a reply from a MAIL command
2563 The wait for a reply from a RCPT command
2566 because it could be pointing at a list
2567 that takes a long time to expand
2570 The wait for a reply from a DATA command
2572 .ip datablock\(dg\(dd
2573 The wait for reading a data block
2574 (that is, the body of the message).
2576 This should be long because it also applies to programs
2579 which have no guarantee of promptness.
2581 The wait for a reply from the dot terminating a message.
2583 If this is shorter than the time actually needed
2584 for the receiver to deliver the message,
2585 duplicates will be generated.
2586 This is discussed in RFC 1047.
2588 The wait for a reply from a RSET command
2591 The wait for a reply from a QUIT command
2594 The wait for a reply from miscellaneous (but short) commands
2595 such as NOOP (no-operation) and VERB (go into verbose mode).
2599 the time to wait for another command.
2602 The timeout waiting for a reply to an IDENT query
2603 [5s\**, unspecified].
2605 \**On some systems the default is zero to turn the protocol off entirely.
2608 The wait for a reply to an LMTP LHLO command
2611 The timeout for a reply in an SMTP AUTH dialogue
2614 The timeout for a reply to an SMTP STARTTLS command and the TLS handshake
2617 The timeout for opening .forward and :include: files [60s, none].
2619 The timeout for a complete control socket transaction to complete [2m, none].
2621 How long status information about a host
2623 will be cached before it is considered stale
2625 .ip resolver.retrans\(dd
2627 retransmission time interval
2631 .i Timeout.resolver.retrans.first
2633 .i Timeout.resolver.retrans.normal .
2634 .ip resolver.retrans.first\(dd
2636 retransmission time interval
2638 for the first attempt to
2641 .ip resolver.retrans.normal\(dd
2643 retransmission time interval
2645 for all resolver lookups
2646 except the first delivery attempt
2648 .ip resolver.retry\(dd
2650 to retransmit a resolver query.
2652 .i Timeout.resolver.retry.first
2654 .i Timeout.resolver.retry.normal
2656 .ip resolver.retry.first\(dd
2658 to retransmit a resolver query
2659 for the first attempt
2660 to deliver a message
2662 .ip resolver.retry.normal\(dd
2664 to retransmit a resolver query
2665 for all resolver lookups
2666 except the first delivery attempt
2669 For compatibility with old configuration files,
2673 all the timeouts marked with
2675 (\(dg) are set to the indicated value.
2676 All but those marked with
2678 (\(dd) apply to client SMTP.
2680 For example, the lines:
2682 O Timeout.command=25m
2683 O Timeout.datablock=3h
2685 sets the server SMTP command timeout to 25 minutes
2686 and the input data block timeout to three hours.
2687 .sh 3 "Message timeouts"
2689 After sitting in the queue for a few days,
2690 an undeliverable message will time out.
2691 This is to insure that at least the sender is aware
2692 of the inability to send a message.
2693 The timeout is typically set to five days.
2694 It is sometimes considered convenient to also send a warning message
2695 if the message is in the queue longer than a few hours
2696 (assuming you normally have good connectivity;
2697 if your messages normally took several hours to send
2698 you wouldn't want to do this because it wouldn't be an unusual event).
2699 These timeouts are set using the
2700 .b Timeout.queuereturn
2702 .b Timeout.queuewarn
2703 options in the configuration file
2704 (previously both were set using the
2708 If the message is submitted using the
2712 warning messages will only be sent if
2715 The queuereturn and queuewarn timeouts
2716 can be further qualified with a tag based on the Precedence: field
2720 (indicating a positive non-zero precedence),
2722 (indicating a zero precedence), or
2724 (indicating negative precedences).
2725 For example, setting
2726 .q Timeout.queuewarn.urgent=1h
2727 sets the warning timeout for urgent messages only
2729 The default if no precedence is indicated
2730 is to set the timeout for all precedences.
2731 If the message has a normal (default) precedence
2732 and it is a delivery status notification (DSN),
2733 .b Timeout.queuereturn.dsn
2735 .b Timeout.queuewarn.dsn
2736 can be used to give an alternative warn and return time
2738 The value "now" can be used for
2739 -O Timeout.queuereturn
2740 to return entries immediately during a queue run,
2741 e.g., to bounce messages independent of their time in the queue.
2743 Since these options are global,
2744 and since you cannot know
2746 how long another host outside your domain will be down,
2747 a five day timeout is recommended.
2748 This allows a recipient to fix the problem even if it occurs
2749 at the beginning of a long weekend.
2750 RFC 1123 section 5.3.1.1 says that this parameter
2751 should be ``at least 4\-5 days''.
2754 .b Timeout.queuewarn
2755 value can be piggybacked on the
2757 option by indicating a time after which
2758 a warning message should be sent;
2759 the two timeouts are separated by a slash.
2760 For example, the line
2764 causes email to fail after five days,
2765 but a warning message will be sent after four hours.
2766 This should be large enough that the message will have been tried
2768 .sh 2 "Forking During Queue Runs"
2776 will fork before each individual message
2777 while running the queue.
2778 This option was used with earlier releases to prevent
2780 from consuming large amounts of memory.
2781 It should no longer be necessary with
2788 will keep track of hosts that are down during a queue run,
2789 which can improve performance dramatically.
2795 cannot use connection caching.
2796 .sh 2 "Queue Priorities"
2798 Every message is assigned a priority when it is first instantiated,
2799 consisting of the message size (in bytes)
2800 offset by the message class
2801 (which is determined from the Precedence: header)
2803 .q "work class factor"
2804 and the number of recipients times the
2805 .q "work recipient factor."
2806 The priority is used to order the queue.
2807 Higher numbers for the priority mean that the message will be processed later
2808 when running the queue.
2810 The message size is included so that large messages are penalized
2811 relative to small messages.
2812 The message class allows users to send
2814 messages by including a
2816 field in their message;
2817 the value of this field is looked up in the
2819 lines of the configuration file.
2820 Since the number of recipients affects the amount of load a message presents
2822 this is also included into the priority.
2824 The recipient and class factors
2825 can be set in the configuration file using the
2833 options respectively.
2834 They default to 30000 (for the recipient factor)
2836 (for the class factor).
2837 The initial priority is:
2839 pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
2841 (Remember, higher values for this parameter actually mean
2842 that the job will be treated with lower priority.)
2844 The priority of a job can also be adjusted each time it is processed
2845 (that is, each time an attempt is made to deliver it)
2847 .q "work time factor,"
2853 This is added to the priority,
2854 so it normally decreases the precedence of the job,
2855 on the grounds that jobs that have failed many times
2856 will tend to fail again in the future.
2859 option defaults to 90000.
2860 .sh 2 "Load Limiting"
2863 can be asked to queue (but not deliver) mail
2864 if the system load average gets too high using the
2869 When the load average exceeds the value of the
2871 option, the delivery mode is set to
2877 option divided by the difference in the current load average and the
2880 is less than the priority of the message \(em
2881 that is, the message is queued iff:
2883 pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
2887 option defaults to 600000,
2888 so each point of load average is worth 600000 priority points
2889 (as described above).
2891 For drastic cases, the
2895 option defines a load average at which
2897 will refuse to accept network connections.
2898 Locally generated mail, i.e., mail which is not submitted via SMTP
2899 (including incoming UUCP mail),
2901 Notice that the MSP submits mail to the MTA via SMTP, and hence
2902 mail will be queued in the client queue in such a case.
2903 Therefore it is necessary to run the client mail queue periodically.
2904 .sh 2 "Resource Limits"
2907 has several parameters to control resource usage.
2908 Besides those mentionted in the previous section, there are at least
2909 .b MaxDaemonChildren ,
2910 .b ConnectionRateThrottle ,
2911 .b MaxQueueChildren ,
2913 .b MaxRunnersPerQueue .
2914 The latter two limit the number of
2916 processes that operate on the queue.
2917 These are discussed in the section
2918 ``Queue Group Declaration''.
2919 The former two can be used to limit the number of incoming connections.
2920 Their appropriate values depend on the host operating system and
2921 the hardware, e.g., amount of memory.
2922 In many situations it might be useful to set limits to prevent
2925 processes, however, these limits can be abused to mount a
2926 denial of service attack.
2928 .b MaxDaemonChildren=10
2929 then an attacker needs to open only 10 SMTP sessions to the server,
2930 leave them idle for most of the time,
2931 and no more connections will be accepted.
2932 If this option is set then the timeouts used in a SMTP session
2933 should be lowered from their default values to
2934 their minimum values as specified in RFC 2821 and listed in
2938 .sh 2 "Measures against Denial of Service Attacks"
2941 has some built-in measures against simple denial of service (DoS) attacks.
2942 The SMTP server by default slows down if too many bad commands are
2943 issued or if some commands are repeated too often within a session.
2944 Details can be found in the source file
2945 .b sendmail/srvrsmtp.c
2946 by looking for the macro definitions of
2948 .b MAXNOOPCOMMANDS ,
2949 .b MAXHELOCOMMANDS ,
2950 .b MAXVRFYCOMMANDS ,
2952 .b MAXETRNCOMMANDS .
2953 If an SMTP command is issued more often than the corresponding
2955 value, then the response is delayed exponentially,
2956 starting with a sleep time of one second,
2957 up to a maximum of four minutes (as defined by
2960 .b MaxDaemonChildren
2961 is set to a value greater than zero,
2962 then this could make a DoS attack even worse since it
2963 keeps a connection open longer than necessary.
2964 Therefore a connection is terminated with a 421 SMTP reply code
2965 if the number of commands exceeds the limit by a factor of two and
2967 is set to a value greater than zero (the default is 25).
2968 .sh 2 "Delivery Mode"
2970 There are a number of delivery modes that
2977 configuration option.
2979 specify how quickly mail will be delivered.
2983 i deliver interactively (synchronously)
2984 b deliver in background (asynchronously)
2985 q queue only (don't deliver)
2986 d defer delivery attempts (don't deliver)
2988 There are tradeoffs.
2991 gives the sender the quickest feedback,
2992 but may slow down some mailers and
2993 is hardly ever necessary.
2996 delivers promptly but
2997 can cause large numbers of processes
2998 if you have a mailer that takes a long time to deliver a message.
3001 minimizes the load on your machine,
3002 but means that delivery may be delayed for up to the queue interval.
3005 is identical to mode
3007 except that it also prevents lookups in maps including the
3009 flag from working during the initial queue phase;
3010 it is intended for ``dial on demand'' sites where DNS lookups
3011 might cost real money.
3012 Some simple error messages
3013 (e.g., host unknown during the SMTP protocol)
3014 will be delayed using this mode.
3017 is the usual default.
3026 (deliver in background)
3028 will not expand aliases and follow .forward files
3029 upon initial receipt of the mail.
3030 This speeds up the response to RCPT commands.
3033 should not be used by the SMTP server.
3036 The level of logging can be set for
3038 The default using a standard configuration table is level 9.
3039 The levels are as follows:
3044 Serious system failures and potential security problems.
3046 Lost communications (network problems) and protocol failures.
3048 Other serious failures, malformed addresses, transient forward/include
3049 errors, connection timeouts.
3051 Minor failures, out of date alias databases, connection rejections
3052 via check_ rulesets.
3054 Message collection statistics.
3056 Creation of error messages,
3057 VRFY and EXPN commands.
3059 Delivery failures (host or user unknown, etc.).
3061 Successful deliveries and alias database rebuilds.
3063 Messages being deferred
3064 (due to a host being down, etc.).
3066 Database expansion (alias, forward, and userdb lookups)
3067 and authentication information.
3069 NIS errors and end of job processing.
3071 Logs all SMTP connections.
3073 Log bad user shells, files with improper permissions, and other
3074 questionable situations.
3076 Logs refused connections.
3078 Log all incoming and outgoing SMTP commands.
3080 Logs attempts to run locked queue files.
3081 These are not errors,
3082 but can be useful to note if your queue appears to be clogged.
3084 Lost locks (only if using lockf instead of flock).
3087 values above 64 are reserved for extremely verbose debugging output.
3088 No normal site would ever set these.
3091 The modes used for files depend on what functionality you want
3092 and the level of security you require.
3095 does careful checking of the modes
3096 of files and directories
3097 to avoid accidental compromise;
3098 if you want to make it possible to have group-writable support files
3099 you may need to use the
3100 .b DontBlameSendmail
3101 option to turn off some of these checks.
3102 .sh 3 "To suid or not to suid?"
3105 is no longer installed
3106 set-user-ID to root.
3108 explains how to configure and install
3110 without set-user-ID to root but set-group-ID
3111 which is the default configuration starting with 8.12.
3113 The daemon usually runs as root, unless other measures are taken.
3119 it checks to see if the userid is zero (root);
3121 it resets the userid and groupid to a default
3124 equate in the mailer line;
3125 if that is not set, the
3128 This can be overridden
3132 for mailers that are trusted
3133 and must be called as root.
3135 this will cause mail processing
3140 rather than to the user sending the mail.
3142 A middle ground is to set the
3147 to become the indicated user as soon as it has done the startup
3148 that requires root privileges
3149 (primarily, opening the
3156 .i /var/spool/mqueue )
3157 should be owned by that user,
3158 and all files and databases
3164 and external databases)
3165 must be readable by that user.
3166 Also, since sendmail will not be able to change its uid,
3167 delivery to programs or files will be marked as unsafe,
3168 e.g., undeliverable,
3172 and :include: files.
3173 Administrators can override this by setting the
3174 .b DontBlameSendmail
3175 option to the setting
3176 .b NonRootSafeAddr .
3178 is probably best suited for firewall configurations
3179 that don't have regular user logins.
3180 If the option is used on a system which performs local delivery,
3181 then the local delivery agent must have the proper permissions
3182 (i.e., usually set-user-ID root)
3183 since it will be invoked by the
3186 .sh 3 "Turning off security checks"
3189 is very particular about the modes of files that it reads or writes.
3190 For example, by default it will refuse to read most files
3191 that are group writable
3192 on the grounds that they might have been tampered with
3193 by someone other than the owner;
3194 it will even refuse to read files in group writable directories.
3195 Also, sendmail will refuse to create a new aliases database in an
3196 unsafe directory. You can get around this by manually creating the
3197 database file as a trusted user ahead of time and then rebuilding the
3198 aliases database with
3203 sure that your configuration is safe and you want
3205 to avoid these security checks,
3206 you can turn off certain checks using the
3207 .b DontBlameSendmail
3209 This option takes one or more names that disable checks.
3210 In the descriptions that follow,
3211 .q "unsafe directory"
3212 means a directory that is writable by anyone other than the owner.
3216 No special handling.
3220 system call is restricted to root.
3221 Since some versions of UNIX permit regular users
3222 to give away their files to other users on some filesystems,
3224 often cannot assume that a given file was created by the owner,
3225 particularly when it is in a writable directory.
3226 You can set this flag if you know that file giveaway is restricted
3228 .ip ClassFileInUnsafeDirPath
3229 When reading class files (using the
3231 line in the configuration file),
3232 allow files that are in unsafe directories.
3233 .ip DontWarnForwardFileInUnsafeDirPath
3235 unsafe directory path warnings
3236 for non-existent forward files.
3237 .ip ErrorHeaderInUnsafeDirPath
3238 Allow the file named in the
3240 option to be in an unsafe directory.
3241 .ip FileDeliveryToHardLink
3242 Allow delivery to files that are hard links.
3243 .ip FileDeliveryToSymLink
3244 Allow delivery to files that are symbolic links.
3245 .ip ForwardFileInGroupWritableDirPath
3248 files in group writable directories.
3249 .ip ForwardFileInUnsafeDirPath
3252 files in unsafe directories.
3253 .ip ForwardFileInUnsafeDirPathSafe
3256 file that is in an unsafe directory to include references
3257 to program and files.
3258 .ip GroupReadableKeyFile
3259 Accept a group-readable key file for STARTTLS.
3260 .ip GroupReadableSASLDBFile
3261 Accept a group-readable Cyrus SASL password file.
3262 .ip GroupWritableAliasFile
3263 Allow group-writable alias files.
3264 .ip GroupWritableDirPathSafe
3265 Change the definition of
3266 .q "unsafe directory"
3267 to consider group-writable directories to be safe.
3268 World-writable directories are always unsafe.
3269 .ip GroupWritableForwardFile
3270 Allow group writable
3273 .ip GroupWritableForwardFileSafe
3274 Accept group-writable
3276 files as safe for program and file delivery.
3277 .ip GroupWritableIncludeFile
3281 .ip GroupWritableIncludeFileSafe
3282 Accept group-writable
3284 files as safe for program and file delivery.
3285 .ip GroupWritableSASLDBFile
3286 Accept a group-writable Cyrus SASL password file.
3287 .ip HelpFileInUnsafeDirPath
3288 Allow the file named in the
3290 option to be in an unsafe directory.
3291 .ip IncludeFileInGroupWritableDirPath
3294 files in group writable directories.
3295 .ip IncludeFileInUnsafeDirPath
3298 files in unsafe directories.
3299 .ip IncludeFileInUnsafeDirPathSafe
3302 file that is in an unsafe directory to include references
3303 to program and files.
3304 .ip InsufficientEntropy
3305 Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded
3306 despite the security problems.
3307 .ip LinkedAliasFileInWritableDir
3308 Allow an alias file that is a link in a writable directory.
3309 .ip LinkedClassFileInWritableDir
3310 Allow class files that are links in writable directories.
3311 .ip LinkedForwardFileInWritableDir
3314 files that are links in writable directories.
3315 .ip LinkedIncludeFileInWritableDir
3318 files that are links in writable directories.
3319 .ip LinkedMapInWritableDir
3320 Allow map files that are links in writable directories.
3321 This includes alias database files.
3322 .ip LinkedServiceSwitchFileInWritableDir
3323 Allow the service switch file to be a link
3324 even if the directory is writable.
3325 .ip MapInUnsafeDirPath
3332 in unsafe directories.
3333 This includes alias database files.
3335 Do not mark file and program deliveries as unsafe
3336 if sendmail is not running with root privileges.
3337 .ip RunProgramInUnsafeDirPath
3338 Run programs that are in writable directories without logging a warning.
3339 .ip RunWritableProgram
3340 Run programs that are group- or world-writable without logging a warning.
3342 Allow group or world writable directories
3343 if the sticky bit is set on the directory.
3344 Do not set this on systems which do not honor
3345 the sticky bit on directories.
3346 .ip WorldWritableAliasFile
3347 Accept world-writable alias files.
3348 .ip WorldWritableForwardfile
3349 Allow world writable
3352 .ip WorldWritableIncludefile
3356 .ip WriteMapToHardLink
3357 Allow writes to maps that are hard links.
3358 .ip WriteMapToSymLink
3359 Allow writes to maps that are symbolic links.
3360 .ip WriteStatsToHardLink
3361 Allow the status file to be a hard link.
3362 .ip WriteStatsToSymLink
3363 Allow the status file to be a symbolic link.
3364 .sh 2 "Connection Caching"
3366 When processing the queue,
3368 will try to keep the last few open connections open
3369 to avoid startup and shutdown costs.
3370 This only applies to IPC and LPC connections.
3372 When trying to open a connection
3373 the cache is first searched.
3374 If an open connection is found, it is probed to see if it is still active
3378 It is not an error if this fails;
3379 instead, the connection is closed and reopened.
3381 Two parameters control the connection cache.
3383 .b ConnectionCacheSize
3386 option defines the number of simultaneous open connections
3387 that will be permitted.
3388 If it is set to zero,
3389 connections will be closed as quickly as possible.
3391 This should be set as appropriate for your system size;
3392 it will limit the amount of system resources that
3394 will use during queue runs.
3395 Never set this higher than 4.
3398 .b ConnectionCacheTimeout
3401 option specifies the maximum time that any cached connection
3402 will be permitted to idle.
3403 When the idle time exceeds this value
3404 the connection is closed.
3405 This number should be small
3407 to prevent you from grabbing too many resources
3409 The default is five minutes.
3410 .sh 2 "Name Server Access"
3412 Control of host address lookups is set by the
3414 service entry in your service switch file.
3415 If you are on a system that has built-in service switch support
3416 (e.g., Ultrix, Solaris, or DEC OSF/1)
3417 then your system is probably configured properly already.
3420 will consult the file
3421 .b /etc/mail/service.switch ,
3422 which should be created.
3424 only uses two entries:
3428 although system routines may use other services
3431 service for user name lookups by
3434 However, some systems (such as SunOS 4.X)
3436 regardless of the setting of the service switch entry.
3437 In particular, the system routine
3438 .i gethostbyname (3)
3439 is used to look up host names,
3440 and many vendor versions try some combination of DNS, NIS,
3441 and file lookup in /etc/hosts
3442 without consulting a service switch.
3444 makes no attempt to work around this problem,
3445 and the DNS lookup will be done anyway.
3446 If you do not have a nameserver configured at all,
3447 such as at a UUCP-only site,
3450 .q "connection refused"
3451 message when it tries to connect to the name server.
3454 switch entry has the service
3456 listed somewhere in the list,
3458 will interpret this to mean a temporary failure
3459 and will queue the mail for later processing;
3460 otherwise, it ignores the name server data.
3462 The same technique is used to decide whether to do MX lookups.
3463 If you want MX support, you
3467 listed as a service in the
3475 option allows you to tweak name server options.
3476 The command line takes a series of flags as documented in
3481 Each can be preceded by an optional `+' or `\(mi'.
3482 For example, the line
3484 O ResolverOptions=+AAONLY \(miDNSRCH
3486 turns on the AAONLY (accept authoritative answers only)
3487 and turns off the DNSRCH (search the domain path) options.
3488 Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
3489 flags on and all others off.
3490 If NETINET6 is enabled, most libraries default to USE_INET6 as well.
3491 You can also include
3493 to specify that there is a wildcard MX record matching your domain;
3494 this turns off MX matching when canonifying names,
3495 which can lead to inappropriate canonifications.
3497 .q WorkAroundBrokenAAAA
3498 when faced with a broken nameserver that returns SERVFAIL
3499 (a temporary failure)
3500 on T_AAAA (IPv6) lookups
3501 during hostname canonification.
3502 Notice: it might be necessary to apply the same (or similar) options to
3506 Version level 1 configurations (see the section about
3507 ``Configuration Version Level'')
3508 turn DNSRCH and DEFNAMES off when doing delivery lookups,
3509 but leave them on everywhere else.
3512 ignores them when doing canonification lookups
3513 (that is, when using $[ ... $]),
3514 and always does the search.
3515 If you don't want to do automatic name extension,
3516 don't call $[ ... $].
3518 The search rules for $[ ... $] are somewhat different than usual.
3519 If the name being looked up
3520 has at least one dot, it always tries the unmodified name first.
3521 If that fails, it tries the reduced search path,
3522 and lastly tries the unmodified name
3523 (but only for names without a dot,
3524 since names with a dot have already been tried).
3525 This allows names such as
3527 to match the site in Czechoslovakia
3528 rather than the site in your local Computer Science department.
3529 It also prefers A and CNAME records over MX records \*-
3530 that is, if it finds an MX record it makes note of it,
3532 This way, if you have a wildcard MX record matching your domain,
3533 it will not assume that all names match.
3535 To completely turn off all name server access
3536 on systems without service switch support
3538 you will have to recompile with
3540 and remove \-lresolv from the list of libraries to be searched
3542 .sh 2 "Moving the Per-User Forward Files"
3544 Some sites mount each user's home directory
3545 from a local disk on their workstation,
3546 so that local access is fast.
3547 However, the result is that .forward file lookups
3548 from a central mail server are slow.
3550 mail can even be delivered on machines inappropriately
3551 because of a file server being down.
3552 The performance can be especially bad if you run the automounter.
3558 option allows you to set a path of forward files.
3559 For example, the config file line
3561 O ForwardPath=/var/forward/$u:$z/.forward.$w
3563 would first look for a file with the same name as the user's login
3565 if that is not found (or is inaccessible)
3569 in the user's home directory is searched.
3570 A truly perverse site could also search by sender
3571 by using $r, $s, or $f.
3573 If you create a directory such as /var/forward,
3574 it should be mode 1777
3575 (that is, the sticky bit should be set).
3576 Users should create the files mode 0644.
3577 Note that you must use the
3578 ForwardFileInUnsafeDirPath and
3579 ForwardFileInUnsafeDirPathSafe
3581 .b DontBlameSendmail
3582 option to allow forward files in a world writable directory.
3583 This might also be used as a denial of service attack
3584 (users could create forward files for other users);
3585 a better approach might be to create
3588 and create empty files for each user,
3591 If you do this, you don't have to set the DontBlameSendmail options
3595 On systems that have one of the system calls in the
3602 you can specify a minimum number of free blocks on the queue filesystem
3608 If there are fewer than the indicated number of blocks free
3609 on the filesystem on which the queue is mounted
3610 the SMTP server will reject mail
3613 This invites the SMTP client to try again later.
3615 Beware of setting this option too high;
3616 it can cause rejection of email
3617 when that mail would be processed without difficulty.
3618 .sh 2 "Maximum Message Size"
3620 To avoid overflowing your system with a large message,
3623 option can be set to set an absolute limit
3624 on the size of any one message.
3625 This will be advertised in the ESMTP dialogue
3626 and checked during message collection.
3627 .sh 2 "Privacy Flags"
3633 option allows you to set certain
3636 Actually, many of them don't give you any extra privacy,
3637 rather just insisting that client SMTP servers
3638 use the HELO command
3639 before using certain commands
3640 or adding extra headers to indicate possible spoof attempts.
3642 The option takes a series of flag names;
3643 the final privacy is the inclusive or of those flags.
3646 O PrivacyOptions=needmailhelo, noexpn
3648 insists that the HELO or EHLO command be used before a MAIL command is accepted
3649 and disables the EXPN command.
3651 The flags are detailed in section
3654 .sh 2 "Send to Me Too"
3656 Beginning with version 8.10,
3658 includes by default the (envelope) sender in any list expansions.
3661 sends to a list that contains
3663 as one of the members he will get a copy of the message.
3668 (in the configuration file or via the command line),
3669 this behavior is changed, i.e.,
3670 the (envelope) sender is excluded in list expansions.
3671 .sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
3673 This section describes the configuration file
3676 There is one point that should be made clear immediately:
3677 the syntax of the configuration file
3678 is designed to be reasonably easy to parse,
3679 since this is done every time
3682 rather than easy for a human to read or write.
3683 The configuration file should be generated via the method described in
3685 it should not be edited directly unless someone is familiar
3686 with the internals of the syntax described here and it is
3687 not possible to achieve the desired result via the default method.
3689 The configuration file is organized as a series of lines,
3690 each of which begins with a single character
3691 defining the semantics for the rest of the line.
3692 Lines beginning with a space or a tab
3693 are continuation lines
3694 (although the semantics are not well defined in many places).
3695 Blank lines and lines beginning with a sharp symbol
3698 .sh 2 "R and S \*- Rewriting Rules"
3700 The core of address parsing
3701 are the rewriting rules.
3702 These are an ordered production system.
3704 scans through the set of rewriting rules
3705 looking for a match on the left hand side
3708 When a rule matches,
3709 the address is replaced by the right hand side
3713 There are several sets of rewriting rules.
3714 Some of the rewriting sets are used internally
3715 and must have specific semantics.
3716 Other rewriting sets
3717 do not have specifically assigned semantics,
3718 and may be referenced by the mailer definitions
3719 or by other rewriting sets.
3721 The syntax of these two commands are:
3726 Sets the current ruleset being collected to
3728 If you begin a ruleset more than once
3729 it appends to the old definition.
3737 fields must be separated
3738 by at least one tab character;
3739 there may be embedded spaces
3743 is a pattern that is applied to the input.
3745 the input is rewritten to the
3751 Macro expansions of the form
3754 are performed when the configuration file is read.
3757 can be included using
3759 Expansions of the form
3762 are performed at run time using a somewhat less general algorithm.
3763 This is intended only for referencing internally defined macros
3766 that are changed at runtime.
3767 .sh 3 "The left hand side"
3769 The left hand side of rewriting rules contains a pattern.
3770 Normal words are simply matched directly.
3771 Metasyntax is introduced using a dollar sign.
3772 The metasymbols are:
3774 .ta \w'\fB$=\fP\fIx\fP 'u
3775 \fB$*\fP Match zero or more tokens
3776 \fB$+\fP Match one or more tokens
3777 \fB$\-\fP Match exactly one token
3778 \fB$=\fP\fIx\fP Match any phrase in class \fIx\fP
3779 \fB$~\fP\fIx\fP Match any word not in class \fIx\fP
3781 If any of these match,
3782 they are assigned to the symbol
3785 for replacement on the right hand side,
3788 is the index in the LHS.
3794 is applied to the input:
3798 the rule will match, and the values passed to the RHS will be:
3805 Additionally, the LHS can include
3807 to match zero tokens.
3813 on the RHS, and is normally only used when it stands alone
3814 in order to match the null input.
3815 .sh 3 "The right hand side"
3817 When the left hand side of a rewriting rule matches,
3818 the input is deleted and replaced by the right hand side.
3819 Tokens are copied directly from the RHS
3820 unless they begin with a dollar sign.
3823 .ta \w'$#mailer\0\0\0'u
3824 \fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS
3825 \fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP
3826 \fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP
3827 Generalized keyed mapping function
3828 \fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP
3829 \fB$#\fP\fImailer\fP Resolve to \fImailer\fP
3830 \fB$@\fP\fIhost\fP Specify \fIhost\fP
3831 \fB$:\fP\fIuser\fP Specify \fIuser\fP
3837 syntax substitutes the corresponding value from a
3845 It may be used anywhere.
3847 A host name enclosed between
3851 is looked up in the host database(s)
3852 and replaced by the canonical name\**.
3855 completely equivalent
3856 to $(host \fIhostname\fP$).
3859 default can be used.
3864 .q ftp.CS.Berkeley.EDU
3866 .q $[[128.32.130.2]$]
3868 .q vangogh.CS.Berkeley.EDU.
3870 recognizes its numeric IP address
3871 without calling the name server
3872 and replaces it with its canonical name.
3878 syntax is a more general form of lookup;
3879 it uses a named map instead of an implicit map.
3880 If no lookup is found, the indicated
3883 if no default is specified and no lookup matches,
3884 the value is left unchanged.
3887 are passed to the map for possible use.
3893 causes the remainder of the line to be substituted as usual
3894 and then passed as the argument to ruleset
3896 The final value of ruleset
3899 the substitution for this rule.
3902 syntax expands everything after the ruleset name
3903 to the end of the replacement string
3904 and then passes that as the initial input to the ruleset.
3905 Recursive calls are allowed.
3910 expands $1, passes that to ruleset 3, and then passes the result
3911 of ruleset 3 to ruleset 0.
3917 be used in ruleset zero,
3918 a subroutine of ruleset zero,
3919 or rulesets that return decisions (e.g., check_rcpt).
3920 It causes evaluation of the ruleset to terminate immediately,
3923 that the address has completely resolved.
3924 The complete syntax for ruleset 0 is:
3926 \fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
3929 {mailer, host, user}
3930 3-tuple necessary to direct the mailer.
3931 Note: the third element (
3933 ) is often also called
3936 If the mailer is local
3937 the host part may be omitted\**.
3939 \**You may want to use it for special
3942 For example, in the address
3943 .q jgm+foo@CMU.EDU ;
3946 part is not part of the user name,
3947 and is passed to the local mailer for local use.
3951 must be a single word,
3959 is the built-in IPC mailer,
3962 may be a colon-separated list of hosts
3963 that are searched in order for the first working address
3964 (exactly like MX records).
3967 is later rewritten by the mailer-specific envelope rewriting set
3971 As a special case, if the mailer specified has the
3974 and the first character of the
3980 is stripped off, and a flag is set in the address descriptor
3981 that causes sendmail to not do ruleset 5 processing.
3983 Normally, a rule that matches is retried,
3985 the rule loops until it fails.
3986 A RHS may also be preceded by a
3990 to change this behavior.
3993 prefix causes the ruleset to return with the remainder of the RHS
3997 prefix causes the rule to terminate immediately,
3998 but the ruleset to continue;
3999 this can be used to avoid continued application of a rule.
4000 The prefix is stripped before continuing.
4006 prefixes may precede a
4015 passes that to ruleset seven,
4019 is necessary to avoid an infinite loop.
4021 Substitution occurs in the order described,
4023 parameters from the LHS are substituted,
4024 hostnames are canonicalized,
4033 .sh 3 "Semantics of rewriting rule sets"
4035 There are six rewriting sets
4036 that have specific semantics.
4037 Five of these are related as depicted by figure 1.
4043 -->| 0 |-->resolved address
4046 / ---->| 1 |-->| S |--
4047 +---+ / +---+ / +---+ +---+ \e +---+
4048 addr-->| 3 |-->| D |-- --->| 4 |-->msg
4049 +---+ +---+ \e +---+ +---+ / +---+
4065 box invis "addr"; arrow
4068 BoxD: box "D"; line; L1: Here
4070 C1: arrow; box "1"; arrow; box "S"; line; E1: Here
4071 move to C1 down 0.5; right
4072 C2: arrow; box "2"; arrow; box "R"; line; E2: Here
4073 ] with .w at L1 + (0.5, 0)
4074 move to C.e right 0.5
4075 L4: arrow; box "4"; arrow; box invis "msg"
4076 line from L1 to C.C1
4077 line from L1 to C.C2
4078 line from C.E1 to L4
4079 line from C.E2 to L4
4080 move to BoxD.n up 0.6; right
4081 Box0: arrow; box "0"
4082 arrow; box invis "resolved address" width 1.3
4083 line from 1/3 of the way between A1 and BoxD.w to Box0
4089 Figure 1 \*- Rewriting set semantics
4091 D \*- sender domain addition
4092 S \*- mailer-specific sender rewriting
4093 R \*- mailer-specific recipient rewriting
4099 should turn the address into
4100 .q "canonical form."
4101 This form should have the basic syntax:
4103 local-part@host-domain-spec
4108 before doing anything with any address.
4123 flag is set in the mailer definition
4124 corresponding to the
4129 is applied after ruleset three
4130 to addresses that are going to actually specify recipients.
4131 It must resolve to a
4132 .i "{mailer, host, address}"
4136 must be defined in the mailer definitions
4137 from the configuration file.
4143 for use in the argv expansion of the specified mailer.
4144 Notice: since the envelope sender address will be used if
4145 a delivery status notification must be send,
4146 i.e., is may specify a recipient,
4147 it is also run through ruleset zero.
4148 If ruleset zero returns a temporary error
4150 then delivery is deferred.
4151 This can be used to temporarily disable delivery,
4152 e.g., based on the time of the day or other varying parameters.
4153 It should not be used to quarantine e-mails.
4155 Rulesets one and two
4156 are applied to all sender and recipient addresses respectively.
4157 They are applied before any specification
4158 in the mailer definition.
4159 They must never resolve.
4161 Ruleset four is applied to all addresses
4163 It is typically used
4164 to translate internal to external form.
4167 ruleset 5 is applied to all local addresses
4168 (specifically, those that resolve to a mailer with the `F=5'
4170 that do not have aliases.
4171 This allows a last minute hook for local names.
4172 .sh 3 "Ruleset hooks"
4174 A few extra rulesets are defined as
4176 that can be defined to get special features.
4177 They are all named rulesets.
4180 forms all give accept/reject status;
4181 falling off the end or returning normally is an accept,
4184 is a reject or quarantine.
4185 Quarantining is chosen by specifying
4187 in the second part of the mailer triplet:
4189 $#error $@ quarantine $: Reason for quarantine
4191 Many of these can also resolve to the special mailer name
4193 this accepts the message as though it were successful
4194 but then discards it without delivery.
4196 this mailer cannot be chosen as a mailer in ruleset 0.
4199 rulesets have to deal with temporary failures, especially for map lookups,
4200 themselves, i.e., they should return a temporary error code
4201 or at least they should make a proper decision in those cases.
4206 ruleset is called after a connection is accepted by the daemon.
4207 It is not called when sendmail is started using the
4212 client.host.name $| client.host.address
4216 is a metacharacter separating the two parts.
4217 This ruleset can reject connections from various locations.
4218 Note that it only checks the connecting SMTP client IP address and hostname.
4219 It does not check for third party message relaying.
4222 ruleset discussed below usually does third party message relay checking.
4227 ruleset is passed the user name parameter of the
4230 It can accept or reject the address.
4235 ruleset is passed the user name parameter of the
4238 It can accept or reject the address.
4243 ruleset is called after the
4245 command, its parameter is the number of recipients.
4246 It can accept or reject the command.
4247 .sh 4 "check_compat"
4253 sender-address $| recipient-address
4257 is a metacharacter separating the addresses.
4258 It can accept or reject mail transfer between these two addresses
4265 rulesets are invoked during the SMTP mail receiption stage
4266 (i.e., in the SMTP server),
4268 is invoked during the mail delivery stage.
4275 number-of-headers $| size-of-headers
4279 is a metacharacter separating the numbers.
4280 These numbers can be used for size comparisons with the
4283 The ruleset is triggered after
4284 all of the headers have been read.
4285 It can be used to correlate information gathered
4286 from those headers using the
4289 One possible use is to check for a missing header.
4294 HMessage-Id: $>CheckMessageId
4297 # Record the presence of the header
4298 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
4300 R$* $#error $: 553 Header Error
4304 R$* $: < $&{MessageIdCheck} >
4305 # Clear the macro for the next message
4306 R$* $: $(storage {MessageIdCheck} $) $1
4307 # Has a Message-Id: header
4309 # Allow missing Message-Id: from local mail
4310 R$* $: < $&{client_name} >
4313 # Otherwise, reject the mail
4314 R$* $#error $: 553 Header Error
4316 Keep in mind the Message-Id: header is not a required header and
4317 is not a guaranteed spam indicator.
4318 This ruleset is an example and
4319 should probably not be used in production.
4324 ruleset is called after the end of a message,
4325 its parameter is the message size.
4326 It can accept or reject the message.
4331 ruleset is passed the parameter of the
4334 It can accept or reject the command.
4339 ruleset is passed the user name parameter of the
4342 It can accept or reject the address.
4347 ruleset is passed the user name parameter of the
4350 It can accept or reject the command.
4355 ruleset is passed the AUTH= parameter of the
4358 It is used to determine whether this value should be
4359 trusted. In order to make this decision, the ruleset
4360 may make use of the various
4363 If the ruleset does resolve to the
4365 mailer the AUTH= parameter is not trusted and hence
4366 not passed on to the next relay.
4371 ruleset is called when sendmail acts as server, after a STARTTLS command
4372 has been issued, and from
4374 The parameter is the value of
4376 and STARTTLS or MAIL, respectively.
4377 If the ruleset does resolve to the
4379 mailer, the appropriate error code is returned to the client.
4384 ruleset is called when sendmail acts as client after a STARTTLS command
4385 (should) have been issued.
4386 The parameter is the value of
4388 If the ruleset does resolve to the
4390 mailer, the connection is aborted
4391 (treated as non-deliverable with a permanent or temporary error).
4396 ruleset is called each time before a RCPT TO command is sent.
4397 The parameter is the current recipient.
4398 If the ruleset does resolve to the
4400 mailer, the RCPT TO command is suppressed
4401 (treated as non-deliverable with a permanent or temporary error).
4402 This ruleset allows to require encryption or verification of
4403 the recipient's MTA even if the mail is somehow redirected
4405 For example, sending mail to
4407 may get redirected to a host named
4409 and hence the tls_server ruleset won't apply.
4410 By introducing per recipient restrictions such attacks
4411 (e.g., via DNS spoofing) can be made impossible.
4414 how this ruleset can be used.
4415 .sh 4 "srv_features"
4419 ruleset is called with the connecting client's host name
4420 when a client connects to sendmail.
4421 This ruleset should return
4423 followed by a list of options (single characters
4424 delimited by white space).
4425 If the return value starts with anything else it is silently ignored.
4426 Generally upper case characters turn off a feature
4427 while lower case characters turn it on.
4428 Option `S' causes the server not to offer STARTTLS,
4429 which is useful to interact with MTAs/MUAs that have broken
4430 STARTTLS implementations by simply not offering it.
4431 `V' turns off the request for a client certificate during the TLS handshake.
4432 Options `A' and `P' suppress SMTP AUTH and PIPELINING, respectively.
4433 `c' is the equivalent to AuthOptions=p, i.e.,
4434 it doesn't permit mechanisms susceptible to simple
4435 passive attack (e.g., PLAIN, LOGIN), unless a security layer is active.
4436 Option `l' requires SMTP AUTH for a connection.
4437 Options 'B', 'D', 'E', and 'X' suppress SMTP VERB, DSN, ETRN, and EXPN,
4442 a Offer AUTH (default)
4444 b Offer VERB (default)
4445 C Do not require security layer for
4446 plaintext AUTH (default)
4447 c Require security layer for plaintext AUTH
4449 d Offer DSN (default)
4451 e Offer ETRN (default)
4452 L Do not require AUTH (default)
4454 P Do not offer PIPELINING
4455 p Offer PIPELINING (default)
4456 S Do not offer STARTTLS
4457 s Offer STARTTLS (default)
4458 V Do not request a client certificate
4459 v Request a client certificate (default)
4461 x Offer EXPN (default)
4463 Note: the entries marked as ``(default)'' may require that some
4464 configuration has been made, e.g., SMTP AUTH is only available if
4465 properly configured.
4466 Moreover, many options can be changed on a global basis via other
4467 settings as explained in this document, e.g., via DaemonPortOptions.
4469 The ruleset may return `$#temp' to indicate that there is a temporary
4470 problem determining the correct features, e.g., if a map is unavailable.
4471 In that case, the SMTP server issues a temporary failure and does not
4477 ruleset is called when sendmail connects to another MTA.
4478 If the ruleset does resolve to the
4480 mailer, sendmail does not try STARTTLS even if it is offered.
4481 This is useful to interact with MTAs that have broken
4482 STARTTLS implementations by simply not using it.
4487 ruleset is called when sendmail tries to authenticate to another MTA.
4490 followed by a list of tokens that are used for SMTP AUTH.
4491 If the return value starts with anything else it is silently ignored.
4492 Each token is a tagged string of the form:
4494 (including the quotes), where
4497 T Tag which describes the item
4498 D Delimiter: ':' simple text follows
4499 '=' string is base64 encoded
4500 string Value of the item
4502 Valid values for the tag are:
4505 U user (authorization) id
4509 M list of mechanisms delimited by spaces
4511 If this ruleset is defined, the option
4513 is ignored (even if the ruleset does not return a ``useful'' result).
4518 ruleset is used to map a recipient address to a queue group name.
4519 The input for the ruleset is a recipient address as specified by the
4522 The ruleset should return
4524 followed by the name of a queue group.
4525 If the return value starts with anything else it is silently ignored.
4526 See the section about ``Queue Groups and Queue Directories''
4527 for further information.
4532 ruleset is used to specify the amount of time to pause before sending the
4533 initial SMTP 220 greeting.
4534 If any traffic is received during that pause, an SMTP 554 rejection
4535 response is given instead of the 220 greeting and all SMTP commands are
4536 rejected during that connection.
4537 This helps protect sites from open proxies and SMTP slammers.
4538 The ruleset should return
4540 followed by the number of milliseconds (thousandths of a second) to
4542 If the return value starts with anything else or is not a number,
4543 it is silently ignored.
4544 Note: this ruleset is not invoked (and hence the feature is disabled)
4545 when the smtps (SMTP over SSL) is used, i.e.,
4548 modifier is set for the daemon via
4549 .b DaemonPortOptions ,
4550 because in this case the SSL handshake is performed before
4551 the greeting is sent.
4554 Some special processing occurs
4555 if the ruleset zero resolves to an IPC mailer
4556 (that is, a mailer that has
4558 listed as the Path in the
4561 The host name passed after
4563 has MX expansion performed if not delivering via a named socket;
4564 this looks the name up in DNS to find alternate delivery sites.
4566 The host name can also be provided as a dotted quad
4567 or an IPv6 address in square brackets;
4574 [IPv6:2002:c0a8:51d2::23f4]
4576 This causes direct conversion of the numeric value
4577 to an IP host address.
4579 The host name passed in after the
4581 may also be a colon-separated list of hosts.
4582 Each is separately MX expanded and the results are concatenated
4583 to make (essentially) one long MX list.
4584 The intent here is to create
4586 MX records that are not published in DNS
4587 for private internal networks.
4589 As a final special case, the host name can be passed in
4593 [ucbvax.berkeley.edu]
4595 This form avoids the MX mapping.
4598 This is intended only for situations where you have a network firewall
4599 or other host that will do special processing for all your mail,
4600 so that your MX record points to a gateway machine;
4601 this machine could then do direct delivery to machines
4602 within your local domain.
4603 Use of this feature directly violates RFC 1123 section 5.3.5:
4604 it should not be used lightly.
4606 .sh 2 "D \*- Define Macro"
4608 Macros are named with a single character
4609 or with a word in {braces}.
4610 The names ``x'' and ``{x}'' denote the same macro
4611 for every single character ``x''.
4612 Single character names may be selected from the entire ASCII set,
4613 but user-defined macros
4614 should be selected from the set of upper case letters only.
4617 are used internally.
4618 Long names beginning with a lower case letter or a punctuation character
4619 are reserved for use by sendmail,
4620 so user-defined long macro names should begin with an upper case letter.
4622 The syntax for macro definitions is:
4629 is the name of the macro
4630 (which may be a single character
4631 or a word in braces)
4634 is the value it should have.
4635 There should be no spaces given
4636 that do not actually belong in the macro value.
4638 Macros are interpolated
4644 is the name of the macro to be interpolated.
4645 This interpolation is done when the configuration file is read,
4649 The special construct
4654 lines to get deferred interpolation.
4656 Conditionals can be specified using the syntax:
4658 $?x text1 $| text2 $.
4664 is set and non-null,
4672 clause may be omitted.
4674 The following macros are defined and/or used internally by
4676 for interpolation into argv's for mailers
4677 or for other contexts.
4678 The ones marked \(dg are information passed into sendmail\**,
4680 \**As of version 8.6,
4681 all of these macros have reasonable defaults.
4682 Previous versions required that they be defined.
4684 the ones marked \(dd are information passed both in and out of sendmail,
4685 and the unmarked macros are passed out of sendmail
4686 but are not otherwise used internally.
4690 The origination date in RFC 822 format.
4691 This is extracted from the Date: line.
4693 The current date in RFC 822 format.
4696 This is a count of the number of Received: lines
4697 plus the value of the
4701 The current date in UNIX (ctime) format.
4703 (Obsolete; use SmtpGreetingMessage option instead.)
4704 The SMTP entry message.
4705 This is printed out when SMTP starts up.
4706 The first word must be the
4708 macro as specified by RFC 821.
4710 .q "$j Sendmail $v ready at $b" .
4711 Commonly redefined to include the configuration version number, e.g.,
4712 .q "$j Sendmail $v/$Z ready at $b"
4714 The envelope sender (from) address.
4716 The sender address relative to the recipient.
4724 .q foo@host.domain ,
4725 or whatever is appropriate for the receiving mailer.
4728 This is set in ruleset 0 from the $@ field of a parsed address.
4734 The \*(lqofficial\*(rq domain name for this site.
4735 This is fully qualified if the full qualification can be found.
4738 be redefined to be the fully qualified domain name
4739 if your system is not configured so that information can find
4742 The UUCP node name (from the uname system call).
4744 (Obsolete; use UnixFromLine option instead.)
4745 The format of the UNIX from line.
4746 Unless you have changed the UNIX mailbox format,
4747 you should not change the default,
4751 The domain part of the \fIgethostname\fP return value.
4752 Under normal circumstances,
4757 The name of the daemon (for error messages).
4761 (Obsolete: use OperatorChars option instead.)
4762 The set of \*(lqoperators\*(rq in addresses.
4763 A list of characters
4764 which will be considered tokens
4765 and which will separate tokens
4771 macro, then the input
4773 would be scanned as three tokens:
4780 which is the minimum set necessary to do RFC 822 parsing;
4781 a richer set of operators is
4783 which adds support for UUCP, the %-hack, and X.400 addresses.
4785 Sendmail's process id.
4787 Default format of sender address.
4790 macro specifies how an address should appear in a message
4791 when it is defaulted.
4794 It is commonly redefined to be
4795 .q "$?x$x <$g>$|$g$."
4798 corresponding to the following two formats:
4800 Eric Allman <eric@CS.Berkeley.EDU>
4801 eric@CS.Berkeley.EDU (Eric Allman)
4804 properly quotes names that have special characters
4805 if the first form is used.
4807 Protocol used to receive the message.
4810 command line flag or by the SMTP server code.
4815 command line flag or by the SMTP server code
4816 (in which case it is set to the EHLO/HELO parameter).
4818 A numeric representation of the current time in the format YYYYMMDDHHmm
4819 (4 digit year 1900-9999, 2 digit month 01-12, 2 digit day 01-31,
4820 2 digit hours 00-23, 2 digit minutes 00-59).
4824 The version number of the
4828 The hostname of this site.
4829 This is the root name of this host (but see below for caveats).
4831 The full name of the sender.
4833 The home directory of the recipient.
4835 The validated sender address.
4837 .b ${client_resolve} .
4839 The type of the address which is currently being rewritten.
4840 This macro contains up to three characters, the first
4841 is either `e' or `h' for envelope/header address,
4842 the second is a space,
4843 and the third is either `s' or `r' for sender/recipient address.
4845 The maximum keylength (in bits) of the symmetric encryption algorithm
4846 used for a TLS connection.
4847 This may be less than the effective keylength,
4850 for ``export controlled'' algorithms.
4852 The client's authentication credentials as determined by authentication
4853 (only set if successful).
4854 The format depends on the mechanism used, it might be just `user',
4855 or `user@realm', or something similar (SMTP AUTH only).
4857 The authorization identity, i.e. the AUTH= parameter of the
4859 command if supplied.
4861 The mechanism used for SMTP authentication
4862 (only set if successful).
4864 The keylength (in bits) of the symmetric encryption algorithm
4865 used for the security layer of a SASL mechanism.
4867 The message body type
4869 as determined from the envelope.
4871 The DN (distinguished name) of the CA (certificate authority)
4872 that signed the presented certificate (the cert issuer)
4875 The MD5 hash of the presented certificate (STARTTLS only).
4877 The DN of the presented certificate (called the cert subject)
4880 The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
4881 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA
4884 The effective keylength (in bits) of the symmetric encryption algorithm
4885 used for a TLS connection.
4887 The IP address of the SMTP client.
4888 IPv6 addresses are tagged with "IPv6:" before the address.
4889 Defined in the SMTP server only.
4890 .ip ${client_connections}
4891 The number of open connections in the SMTP server for the client IP address.
4893 The flags specified by the
4895 .b ClientPortOptions
4896 where flags are separated from each other by spaces
4897 and upper case flags are doubled.
4900 will be represented as
4902 .b ${client_flags} ,
4903 which is required for testing the flags in rulesets.
4905 The host name of the SMTP client.
4906 This may be the client's bracketed IP address
4907 in the form [ nnn.nnn.nnn.nnn ] for IPv4
4908 and [ IPv6:nnnn:...:nnnn ] for IPv6
4910 IP address is not resolvable, or if it is resolvable
4911 but the IP address of the resolved hostname
4912 doesn't match the original IP address.
4913 Defined in the SMTP server only.
4915 .b ${client_resolve} .
4917 The port number of the SMTP client.
4918 Defined in the SMTP server only.
4920 The result of the PTR lookup for the client IP address.
4921 Note: this is the same as
4924 .b ${client_resolve}
4926 Defined in the SMTP server only.
4928 The number of incoming connections for the client IP address
4929 over the time interval specified by ConnectionRateWindowSize.
4930 .ip ${client_resolve}
4931 Holds the result of the resolve call for
4933 Possible values are:
4936 OK resolved successfully
4937 FAIL permanent lookup failure
4938 FORGED forward lookup doesn't match reverse lookup
4939 TEMP temporary lookup failure
4941 Defined in the SMTP server only.
4943 performs a hostname lookup on the IP address of the connecting client.
4944 Next the IP addresses of that hostname are looked up.
4945 If the client IP address does not appear in that list,
4946 then the hostname is maybe forged.
4947 This is reflected as the value FORGED for
4948 .b ${client_resolve}
4949 and it also shows up in
4951 as "(may be forged)".
4953 The CN (common name) of the CA that signed the presented certificate
4956 The CN (common name) of the presented certificate
4959 Header value as quoted string
4960 (possibly truncated to
4962 This macro is only available in header check rulesets.
4964 The IP address the daemon is listening on for connections.
4965 .ip ${daemon_family}
4967 if the daemon is accepting network connections.
4968 Possible values include
4975 The flags for the daemon as specified by the
4977 .b DaemonPortOptions
4978 whereby the flags are separated from each other by spaces,
4979 and upper case flags are doubled.
4982 will be represented as
4984 .b ${daemon_flags} ,
4985 which is required for testing the flags in rulesets.
4987 Some information about a daemon as a text string.
4989 .q SMTP+queueing@00:30:00 .
4991 The name of the daemon from
4992 .b DaemonPortOptions
4994 If this suboption is not set,
4996 where # is the daemon number,
4999 The port the daemon is accepting connection on.
5001 .b DaemonPortOptions
5002 is set, this will most likely be
5005 The current delivery mode sendmail is using.
5006 It is initially set to the value of the
5010 The envelope id parameter (ENVID=) passed to sendmail as part of the envelope.
5012 The length of the header value which is stored in
5013 ${currHeader} (before possible truncation).
5014 If this value is greater than or equal to
5016 the header has been truncated.
5018 The name of the header field for which the current header
5019 check ruleset has been called.
5020 This is useful for a default header check ruleset to get
5021 the name of the header;
5022 the macro is only available in header check rulesets.
5024 The IP address of the interface of an incoming connection
5025 unless it is in the loopback net.
5026 IPv6 addresses are tagged with "IPv6:" before the address.
5028 The IP address of the interface of an outgoing connection
5029 unless it is in the loopback net.
5030 IPv6 addresses are tagged with "IPv6:" before the address.
5032 The IP family of the interface of an incoming connection
5033 unless it is in the loopback net.
5034 .ip ${if_family_out}
5035 The IP family of the interface of an outgoing connection
5036 unless it is in the loopback net.
5038 The hostname associated with the interface of an incoming connection.
5039 This macro can be used for
5040 SmtpGreetingMessage and HReceived for virtual hosting.
5043 O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA
5046 The name of the interface of an outgoing connection.
5048 The current load average.
5050 The address part of the resolved triple of the address given for the
5053 Defined in the SMTP server only.
5055 The host from the resolved triple of the address given for the
5058 Defined in the SMTP server only.
5060 The mailer from the resolved triple of the address given for the
5063 Defined in the SMTP server only.
5065 The value of the Message-Id: header.
5067 The value of the SIZE= parameter,
5068 i.e., usually the size of the message (in an ESMTP dialogue),
5069 before the message has been collected, thereafter
5070 the message size as computed by
5072 (and can be used in check_compat).
5074 The number of bad recipients for a single message.
5076 The number of validated recipients for a single message.
5077 Note: since recipient validation happens after
5079 has been called, the value in this ruleset
5080 is one less than what might be expected.
5082 The number of delivery attempts.
5084 The current operation mode (from the
5088 The quarantine reason for the envelope,
5089 if it is quarantined.
5090 .ip ${queue_interval}
5091 The queue run interval given by the
5097 .b ${queue_interval}
5101 The address part of the resolved triple of the address given for the
5104 Defined in the SMTP server only after a RCPT command.
5106 The host from the resolved triple of the address given for the
5109 Defined in the SMTP server only after a RCPT command.
5111 The mailer from the resolved triple of the address given for the
5114 Defined in the SMTP server only after a RCPT command.
5116 The address of the server of the current outgoing SMTP connection.
5117 For LMTP delivery the macro is set to the name of the mailer.
5119 The name of the server of the current outgoing SMTP or LMTP connection.
5123 function, i.e., the number of seconds since 0 hours, 0 minutes,
5124 0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
5126 The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2;
5127 defined after STARTTLS has been used.
5129 The total number of incoming connections over the time interval specified
5130 by ConnectionRateWindowSize.
5132 The result of the verification of the presented cert;
5133 only defined after STARTTLS has been used.
5134 Possible values are:
5137 OK verification succeeded.
5138 NO no cert presented.
5139 NOT no cert requested.
5140 FAIL cert presented but could not be verified,
5141 e.g., the signing CA is missing.
5142 NONE STARTTLS has not been performed.
5143 TEMP temporary error occurred.
5144 PROTOCOL some protocol error occurred.
5145 SOFTWARE STARTTLS handshake failed,
5146 which is a fatal error for this session,
5147 the e-mail will be queued.
5150 There are three types of dates that can be used.
5155 macros are in RFC 822 format;
5157 is the time as extracted from the
5163 is the current date and time
5164 (used for postmarks).
5167 line is found in the incoming message,
5169 is set to the current time also.
5172 macro is equivalent to the
5183 are set to the identity of this host.
5185 tries to find the fully qualified name of the host
5187 it does this by calling
5189 to get the current hostname
5190 and then passing that to
5191 .i gethostbyname (3)
5192 which is supposed to return the canonical version of that host name.\**
5194 \**For example, on some systems
5198 which would be mapped to
5203 Assuming this is successful,
5205 is set to the fully qualified name
5208 is set to the domain part of the name
5209 (everything after the first dot).
5212 macro is set to the first word
5213 (everything before the first dot)
5214 if you have a level 5 or higher configuration file;
5215 otherwise, it is set to the same value as
5217 If the canonification is not successful,
5218 it is imperative that the config file set
5220 to the fully qualified domain name\**.
5222 \**Older versions of sendmail didn't pre-define
5224 at all, so up until 8.6,
5233 macro is the id of the sender
5234 as originally determined;
5235 when mailing to a specific host
5238 macro is set to the address of the sender
5240 relative to the recipient.
5243 .q bollard@matisse.CS.Berkeley.EDU
5245 .q vangogh.CS.Berkeley.EDU
5253 .q eric@vangogh.CS.Berkeley.EDU.
5257 macro is set to the full name of the sender.
5258 This can be determined in several ways.
5259 It can be passed as flag to
5261 It can be defined in the
5263 environment variable.
5264 The third choice is the value of the
5266 line in the header if it exists,
5267 and the fourth choice is the comment field
5271 If all of these fail,
5272 and if the message is being originated locally,
5273 the full name is looked up in the
5283 macros get set to the host, user, and home directory
5286 The first two are set from the
5290 part of the rewriting rules, respectively.
5296 macros are used to create unique strings
5302 macro is set to the queue id on this host;
5303 if put into the timestamp line
5304 it can be extremely useful for tracking messages.
5307 macro is set to be the version number of
5309 this is normally put in timestamps
5310 and has been proven extremely useful for debugging.
5316 i.e., the number of times this message has been processed.
5317 This can be determined
5320 flag on the command line
5321 or by counting the timestamps in the message.
5327 fields are set to the protocol used to communicate with
5329 and the sending hostname.
5330 They can be set together using the
5332 command line flag or separately using the
5340 is set to a validated sender host name.
5341 If the sender is running an RFC 1413 compliant IDENT server
5342 and the receiver has the IDENT protocol turned on,
5343 it will include the user name on that host.
5351 are set to the name, address, and port number of the SMTP client
5355 These can be used in the
5359 deferred evaluation form, of course!).
5360 .sh 2 "C and F \*- Define Classes"
5362 Classes of phrases may be defined
5363 to match on the left hand side of rewriting rules,
5366 is a sequence of characters that does not contain space characters.
5368 a class of all local names for this site
5370 so that attempts to send to oneself
5372 These can either be defined directly in the configuration file
5373 or read in from another file.
5374 Classes are named as a single letter or a word in {braces}.
5375 Class names beginning with lower case letters
5376 and special characters are reserved for system use.
5377 Classes defined in config files may be given names
5378 from the set of upper case letters for short names
5379 or beginning with an upper case letter for long names.
5394 .i c\|[mapkey]@mapclass:mapspec
5396 The first form defines the class
5398 to match any of the named words.
5406 the contents of class
5410 It is permissible to split them among multiple lines;
5411 for example, the two forms:
5422 read the elements of the class
5428 .i "map specification" .
5429 Each element should be listed on a separate line.
5430 To specify an optional file, use ``\-o'' between the class
5431 name and the file name, e.g.,
5433 Fc \-o /path/to/file
5435 If the file can't be used,
5437 will not complain but silently ignore it.
5438 The map form should be an optional map key, an at sign,
5439 and a map class followed by the specification for that map.
5442 F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=*)) \-v host
5443 F{MyClass}foo@hash:/etc/mail/classes
5447 from an LDAP map lookup and
5449 from a hash database map lookup of the
5451 There is also a built-in schema that can be accessed by only specifying:
5456 This will tell sendmail to use the default schema:
5458 \-k (&(objectClass=sendmailMTAClass)
5459 (sendmailMTAClassName=\c
5461 (|(sendmailMTACluster=${sendmailMTACluster})
5462 (sendmailMTAHost=$j)))
5463 \-v sendmailMTAClassValue
5465 Note that the lookup is only done when sendmail is initially started.
5467 Elements of classes can be accessed in rules using
5473 (match entries not in class)
5474 only matches a single word;
5475 multi-word entries in the class are ignored in this context.
5477 Some classes have internal meaning to
5481 .\"A set of Content-Types that will not have the newline character
5482 .\"translated to CR-LF before encoding into base64 MIME.
5483 .\"The class can have major times
5488 .\".q application/octet-stream ).
5489 .\"The class is initialized with
5490 .\".q application/octet-stream ,
5496 contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
5497 It is predefined to contain
5503 set to be the same as
5505 that is, the UUCP node name.
5507 set to the set of domains by which this host is known,
5511 can be set to the set of MIME body types
5512 that can never be eight to seven bit encoded.
5514 .q multipart/signed .
5519 are never encoded directly.
5520 Multipart messages are always handled recursively.
5521 The handling of message/* messages
5522 are controlled by class
5525 A set of Content-Types that will never be encoded as base64
5526 (if they have to be encoded, they will be encoded as quoted-printable).
5527 It can have primary types
5533 The class is initialized to have
5537 contains the set of subtypes of message that can be treated recursively.
5538 By default it contains only
5542 types cannot be 8\(->7 bit encoded.
5543 If a message containing eight bit data is sent to a seven bit host,
5544 and that message cannot be encoded into seven bits,
5545 it will be stripped to 7 bits.
5547 set to the set of trusted users by the
5550 If you want to read trusted users from a file, use
5554 set to be the set of all names
5555 this host is known by.
5556 This can be used to match local hostnames.
5557 .ip $={persistentMacros}
5558 set to the macros that should be saved across queue runs.
5559 Care should be taken when adding macro names to this class.
5562 can be compiled to allow a
5567 This lets you do simplistic parsing of text files.
5568 For example, to read all the user names in your system
5570 file into a class, use
5574 which reads every line up to the first colon.
5575 .sh 2 "M \*- Define Mailer"
5577 Programs and interfaces to mailers
5578 are defined in this line.
5589 is the name of the mailer
5590 (used internally only)
5593 pairs define attributes of the mailer.
5597 Path The pathname of the mailer
5598 Flags Special flags for this mailer
5599 Sender Rewriting set(s) for sender addresses
5600 Recipient Rewriting set(s) for recipient addresses
5601 recipients Maximum number of recipients per connection
5602 Argv An argument vector to pass to this mailer
5603 Eol The end-of-line string for this mailer
5604 Maxsize The maximum message length to this mailer
5605 maxmessages The maximum message deliveries per connection
5606 Linelimit The maximum line length in the message body
5607 Directory The working directory for the mailer
5608 Userid The default user and group id to run as
5609 Nice The nice(2) increment for the mailer
5610 Charset The default character set for 8-bit characters
5611 Type Type information for DSN diagnostics
5612 Wait The maximum time to wait for the mailer
5613 Queuegroup The default queue group for the mailer
5614 / The root directory for the mailer
5616 Only the first character of the field name is checked
5617 (it's case-sensitive).
5619 The following flags may be set in the mailer description.
5620 Any other flags may be used freely
5621 to conditionally assign headers to messages
5622 destined for particular mailers.
5623 Flags marked with \(dg
5624 are not interpreted by the
5627 these are the conventionally used to correlate to the flags portion
5631 Flags marked with \(dd
5632 apply to the mailers for the sender address
5633 rather than the usual recipient mailers.
5636 Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870).
5637 This flag defaults on if the SMTP greeting message includes the word
5640 Look up the user (address) part of the resolved mailer triple,
5641 in the alias database.
5642 Normally this is only set for local mailers.
5644 Force a blank line on the end of a message.
5645 This is intended to work around some stupid versions of
5647 that require a blank line, but do not provide it themselves.
5648 It would not normally be used on network mail.
5650 Strip leading backslashes (\e) off of the address;
5651 this is a subset of the functionality of the
5655 Do not include comments in addresses.
5656 This should only be used if you have to work around
5657 a remote mailer that gets confused by comments.
5658 This strips addresses of the form
5659 .q "Phrase <address>"
5661 .q "address (Comment)"
5667 from a mailer with this flag set,
5668 any addresses in the header that do not have an at sign
5671 after being rewritten by ruleset three
5674 clause from the sender envelope address
5676 This allows mail with headers of the form:
5679 To: userb@hostb, userc
5684 To: userb@hostb, userc@hosta
5687 However, it doesn't really work reliably.
5689 Do not include angle brackets around route-address syntax addresses.
5690 This is useful on mailers that are going to pass addresses to a shell
5691 that might interpret angle brackets as I/O redirection.
5692 However, it does not protect against other shell metacharacters.
5693 Therefore, passing addresses to a shell should not be considered secure.
5699 This mailer is expensive to connect to,
5700 so try to avoid connecting normally;
5701 any necessary connection will occur during a queue run.
5705 Escape lines beginning with
5707 in the message with a `>' sign.
5713 but only if this is a network forward operation
5715 the mailer will give an error
5716 if the executing user
5717 does not have special permissions).
5725 sends internally generated email (e.g., error messages)
5726 using the null return address
5727 as required by RFC 1123.
5728 However, some mailers don't accept a null return address.
5734 from obeying the standards;
5735 error messages will be sent as from the MAILER-DAEMON
5736 (actually, the value of the
5740 Upper case should be preserved in host names
5741 (the $@ portion of the mailer triplet resolved from ruleset 0)
5744 Do User Database rewriting on envelope sender address.
5746 This mailer will be speaking SMTP
5750 as such it can use special protocol features.
5751 This flag should not be used except for debugging purposes
5756 Do User Database rewriting on recipients as well as senders.
5760 connects to a host via SMTP,
5761 it checks to make sure that this isn't accidently the same host name
5764 is misconfigured or if a long-haul network interface is set in loopback mode.
5765 This flag disables the loopback check.
5766 It should only be used under very unusual circumstances.
5768 Currently unimplemented.
5769 Reserved for chunking.
5771 This mailer is local
5773 final delivery will be performed).
5775 Limit the line lengths as specified in RFC 821.
5776 This deprecated option should be replaced by the
5779 For historic reasons, the
5785 This mailer can send to multiple users
5792 part of the mailer definition,
5793 that field will be repeated as necessary
5794 for all qualifying users.
5795 Removing this flag can defeat duplicate supression on a remote site
5796 as each recipient is sent in a separate transaction.
5802 Do not insert a UNIX-style
5804 line on the front of the message.
5806 Always run as the owner of the recipient mailbox.
5809 runs as the sender for locally generated mail
5812 (actually, the user specified in the
5815 when delivering network mail.
5816 The normal behavior is required by most local mailers,
5817 which will not allow the envelope sender address
5818 to be set unless the mailer is running as daemon.
5819 This flag is ignored if the
5823 Use the route-addr style reverse-path in the SMTP
5826 rather than just the return address;
5827 although this is required in RFC 821 section 3.1,
5828 many hosts do not process reverse-paths properly.
5829 Reverse-paths are officially discouraged by RFC 1123.
5835 When an address that resolves to this mailer is verified
5836 (SMTP VRFY command),
5837 generate 250 responses instead of 252 responses.
5838 This will imply that the address is local.
5846 Open SMTP connections from a
5851 except on UNIX machines,
5852 so it is unclear that this adds anything.
5854 must be running as root to be able to use this flag.
5856 Strip quote characters (" and \e) off of the address
5857 before calling the mailer.
5859 Don't reset the userid
5860 before calling the mailer.
5861 This would be used in a secure environment
5865 This could be used to avoid forged addresses.
5868 field is also specified,
5869 this flag causes the effective user id to be set to that user.
5871 Upper case should be preserved in user names for this mailer. Standards
5872 require preservation of case in the local part of addresses, except for
5873 those address for which your system accepts responsibility.
5874 RFC 2142 provides a long list of addresses which should be case
5876 If you use this flag, you may be violating RFC 2142.
5877 Note that postmaster is always treated as a case insensitive address
5878 regardless of this flag.
5880 This mailer wants UUCP-style
5883 .q "remote from <host>"
5886 The user must have a valid account on this machine,
5890 If not, the mail is bounced.
5894 This is required to get
5898 Ignore long term host status information (see Section
5899 "Persistent Host Status Information").
5905 This mailer wants to use the hidden dot algorithm as specified in RFC 821;
5906 basically, any line beginning with a dot will have an extra dot prepended
5907 (to be stripped at the other end).
5908 This insures that lines in the message containing a dot
5909 will not terminate the message prematurely.
5911 Run Local Mail Transfer Protocol (LMTP)
5914 and the local mailer.
5915 This is a variant on SMTP
5917 that is specifically designed for delivery to a local mailbox.
5919 Apply DialDelay (if set) to this mailer.
5921 Don't look up MX records for hosts sent via SMTP/LMTP.
5926 Don't send null characters ('\\0') to this mailer.
5928 Don't use ESMTP even if offered; this is useful for broken
5929 systems that offer ESMTP but fail on EHLO (without recovering
5930 when HELO is tried next).
5932 Extend the list of characters converted to =XX notation
5933 when converting to Quoted-Printable
5934 to include those that don't map cleanly between ASCII and EBCDIC.
5935 Useful if you have IBM mainframes on site.
5937 If no aliases are found for this address,
5938 pass the address through ruleset 5 for possible alternate resolution.
5939 This is intended to forward the mail to an alternate delivery spot.
5941 Strip headers to seven bits.
5943 Strip all output to seven bits.
5944 This is the default if the
5947 Note that clearing this option is not
5948 sufficient to get full eight bit data passed through
5952 option is set, this is essentially always set,
5953 since the eighth bit was stripped on input.
5954 Note that this option will only impact messages
5955 that didn't have 8\(->7 bit MIME conversions performed.
5958 it is acceptable to send eight bit data to this mailer;
5959 the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
5964 7\(->8 bit MIME conversions.
5965 These conversions are limited to text/plain data.
5967 Check addresses to see if they begin
5969 if they do, convert them to the
5973 Check addresses to see if they begin with a `|';
5974 if they do, convert them to the
5978 Check addresses to see if they begin with a `/';
5979 if they do, convert them to the
5983 Look up addresses in the user database.
5985 Do not attempt delivery on initial recipient of a message
5987 unless the queued message is selected
5988 using one of the -qI/-qR/-qS queue run modifiers
5991 Configuration files prior to level 6
5992 assume the `A', `w', `5', `:', `|', `/', and `@' options
5996 The mailer with the special name
5998 can be used to generate a user error.
5999 The (optional) host field is an exit status to be returned,
6000 and the user field is a message to be printed.
6001 The exit status may be numeric or one of the values
6002 USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG
6003 to return the corresponding EX_ exit code,
6004 or an enhanced error code as described in RFC 1893,
6006 Enhanced Mail System Status Codes.
6007 For example, the entry:
6009 $#error $@ NOHOST $: Host unknown in this domain
6011 on the RHS of a rule
6012 will cause the specified error to be generated
6015 exit status to be returned
6017 This mailer is only functional in rulesets 0, 5,
6018 or one of the check_* rulesets.
6019 The host field can also contain the special token
6021 which instructs sendmail to quarantine the current message.
6023 The mailer with the special name
6025 causes any mail sent to it to be discarded
6026 but otherwise treated as though it were successfully delivered.
6027 This mailer cannot be used in ruleset 0,
6028 only in the various address checking rulesets.
6033 be defined in every configuration file.
6034 This is used to deliver local mail,
6035 and is treated specially in several ways.
6036 Additionally, three other mailers named
6041 may be defined to tune the delivery of messages to programs,
6043 and :include: lists respectively.
6046 Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
6047 M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
6048 M*include*, P=/dev/null, F=su, A=INCLUDE $u
6051 Builtin pathnames are [FILE] and [IPC], the former is used for
6052 delivery to files, the latter for delivery via interprocess communication.
6053 For mailers that use [IPC] as pathname the argument vector (A=)
6054 must start with TCP or FILE for delivery via a TCP or a Unix domain socket.
6055 If TCP is used, the second argument must be the name of the host
6057 Optionally a third argument can be used to specify a port,
6058 the default is smtp (port 25).
6059 If FILE is used, the second argument must be the name of
6060 the Unix domain socket.
6062 If the argument vector does not contain $u then
6064 will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer.
6066 If no Eol field is defined, then the default is "\\r\\n" for
6067 SMTP mailers and "\\n" of others.
6069 The Sender and Recipient rewriting sets
6070 may either be a simple ruleset id
6071 or may be two ids separated by a slash;
6072 if so, the first rewriting set is applied to envelope
6074 and the second is applied to headers.
6075 Setting any value to zero disables corresponding mailer-specific rewriting.
6078 is actually a colon-separated path of directories to try.
6079 For example, the definition
6081 first tries to execute in the recipient's home directory;
6082 if that is not available,
6083 it tries to execute in the root of the filesystem.
6084 This is intended to be used only on the
6087 since some shells (such as
6089 refuse to execute if they cannot read the current directory.
6090 Since the queue directory is not normally readable by unprivileged users
6092 scripts as recipients can fail.
6095 specifies the default user and group id to run as,
6101 mailer flag is also specified,
6102 this user and group will be set as the
6103 effective uid and gid for the process.
6104 This may be given as
6106 to set both the user and group id;
6107 either may be an integer or a symbolic name to be looked up
6113 If only a symbolic user name is specified,
6116 file for that user is used as the group id.
6119 is used when converting a message to MIME;
6120 this is the character set used in the
6121 Content-Type: header.
6122 If this is not set, the
6125 and if that is not set, the value
6129 this field applies to the sender's mailer,
6130 not the recipient's mailer.
6131 For example, if the envelope sender address
6132 lists an address on the local network
6133 and the recipient is on an external network,
6134 the character set will be set from the Charset= field
6135 for the local network mailer,
6136 not that of the external network mailer.
6139 sets the type information
6140 used in MIME error messages
6143 It is actually three values separated by slashes:
6144 the MTA-type (that is, the description of how hosts are named),
6145 the address type (the description of e-mail addresses),
6146 and the diagnostic type (the description of error diagnostic codes).
6147 Each of these must be a registered value
6151 .q dns/rfc822/smtp .
6153 The m= field specifies the maximum number of messages
6154 to attempt to deliver on a single SMTP or LMTP connection.
6155 The default is infinite.
6157 The r= field specifies the maximum number of recipients
6158 to attempt to deliver in a single envelope.
6161 The /= field specifies a new root directory for the mailer. The path is
6162 macro expanded and then passed to the
6164 system call. The root directory is changed before the Directory field is
6165 consulted or the uid is changed.
6167 The Wait= field specifies the maximum time to wait for the
6168 mailer to return after sending all data to it.
6169 This applies to mailers that have been forked by
6172 The Queuegroup= field specifies the default queue group in which
6173 received mail should be queued.
6174 This can be overridden by other means as explained in section
6175 ``Queue Groups and Queue Directories''.
6176 .sh 2 "H \*- Define Header"
6178 The format of the header lines that
6180 inserts into the message
6184 The syntax of this line is one of the following:
6211 Continuation lines in this spec
6212 are reflected directly into the outgoing message.
6215 is macro-expanded before insertion into the message.
6218 (surrounded by question marks)
6220 at least one of the specified flags
6221 must be stated in the mailer definition
6222 for this header to be automatically output.
6225 (surrounded by question marks)
6227 the header will be automatically output
6228 if the macro is set.
6229 The macro may be set using any of the normal methods,
6232 storage map in a ruleset.
6233 If one of these headers is in the input
6234 it is reflected to the output
6235 regardless of these flags or macros.
6239 is used to set a header, then it is useful to add that macro to class
6240 .i $={persistentMacros}
6241 which consists of the macros that should be saved across queue runs.
6243 Some headers have special semantics
6244 that will be described later.
6246 A secondary syntax allows validation of headers as they are being read.
6247 To enable validation, use:
6260 is called for the specified
6264 to reject or quarantine the message or
6266 to discard the message
6270 The ruleset receives the header field-body as argument,
6271 i.e., not the header field-name; see also
6272 ${hdr_name} and ${currHeader}.
6273 The header is treated as a structured field,
6275 text in parentheses is deleted before processing,
6276 unless the second form
6279 Note: only one ruleset can be associated with a header;
6281 will silently ignore multiple entries.
6283 For example, the configuration lines:
6285 HMessage-Id: $>CheckMessageId
6289 R$* $#error $: Illegal Message-Id header
6291 would refuse any message that had a Message-Id: header of any of the
6295 Message-Id: some text
6296 Message-Id: <legal text@domain> extra crud
6298 A default ruleset that is called for headers which don't have a
6299 specific ruleset defined for them can be specified by:
6313 .sh 2 "O \*- Set Option"
6315 There are a number of global options that
6316 can be set from a configuration file.
6317 Options are represented by full words;
6318 some are also representable as single characters for back compatibility.
6319 The syntax of this line is:
6332 be a space between the letter `O' and the name of the option.
6333 An older version is:
6340 is a single character.
6341 Depending on the option,
6343 may be a string, an integer,
6351 the default is TRUE),
6355 All filenames used in options should be absolute paths,
6356 i.e., starting with '/'.
6357 Relative filenames most likely cause surprises during operation
6358 (unless otherwise noted).
6360 The options supported (with the old, one character names in brackets) are:
6362 .ip "AliasFile=\fIspec, spec, ...\fP"
6364 Specify possible alias file(s).
6367 should be in the format
6375 is optional and defaults to ``implicit''.
6390 value is used as follows:
6392 \-k (&(objectClass=sendmailMTAAliasObject)
6393 (sendmailMTAAliasName=aliases)
6394 (|(sendmailMTACluster=${sendmailMTACluster})
6395 (sendmailMTAHost=$j))
6396 (sendmailMTAKey=%0))
6397 \-v sendmailMTAAliasValue
6401 is compiled, valid classes are
6403 (search through a compiled-in list of alias file types,
6404 for back compatibility),
6418 (internal symbol table \*- not normally used
6419 unless you have no other database lookup),
6421 (use a sequence of maps
6422 previously declared),
6436 searches them in order.
6437 .ip AliasWait=\fItimeout\fP
6442 (units default to minutes)
6445 entry to exist in the alias database
6447 If it does not appear in the
6449 interval issue a warning.
6452 If set, allow HELO SMTP commands that don't include a host name.
6453 Setting this violates RFC 1123 section 5.2.5,
6454 but is necessary to interoperate with several SMTP clients.
6455 If there is a value, it is still checked for legitimacy.
6456 .ip AuthMaxBits=\fIN\fP
6458 Limit the maximum encryption strength for the security layer in
6459 SMTP AUTH (SASL). Default is essentially unlimited.
6460 This allows to turn off additional encryption in SASL if
6461 STARTTLS is already encrypting the communication, because the
6462 existing encryption strength is taken into account when choosing
6463 an algorithm for the security layer.
6464 For example, if STARTTLS is used and the symmetric cipher is 3DES,
6465 then the the keylength (in bits) is 168.
6468 to 168 will disable any encryption in SASL.
6471 List of authentication mechanisms for AUTH (separated by spaces).
6472 The advertised list of authentication mechanisms will be the
6473 intersection of this list and the list of available mechanisms as
6474 determined by the Cyrus SASL library.
6475 If STARTTLS is active, EXTERNAL will be added to this list.
6476 In that case, the value of {cert_subject} is used as authentication id.
6479 List of options for SMTP AUTH consisting of single characters
6480 with intervening white space or commas.
6483 A Use the AUTH= parameter for the MAIL FROM
6484 command only when authentication succeeded.
6485 This can be used as a workaround for broken
6486 MTAs that do not implement RFC 2554 correctly.
6487 a protection from active (non-dictionary) attacks
6488 during authentication exchange.
6489 c require mechanisms which pass client credentials,
6490 and allow mechanisms which can pass credentials
6492 d don't permit mechanisms susceptible to passive
6494 f require forward secrecy between sessions
6495 (breaking one won't help break next).
6496 m require mechanisms which provide mutual authentication
6497 (only available if using Cyrus SASL v2 or later).
6498 p don't permit mechanisms susceptible to simple
6499 passive attack (e.g., PLAIN, LOGIN), unless a
6500 security layer is active.
6501 y don't permit mechanisms that allow anonymous login.
6503 The first option applies to sendmail as a client, the others to a server.
6508 would disallow ANONYMOUS as AUTH mechanism and would
6509 allow PLAIN and LOGIN only if a security layer (e.g.,
6510 provided by STARTTLS) is already active.
6511 The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the
6512 selected SASL mechanisms.
6513 Explanations of these properties can be found in the Cyrus SASL documentation.
6516 The authentication realm that is passed to the Cyrus SASL library.
6517 If no realm is specified,
6520 .ip BadRcptThrottle=\fIN\fP
6522 If set and the specified number of recipients in a single SMTP
6523 transaction have been rejected, sleep for one second after each subsequent
6524 RCPT command in that transaction.
6525 .ip BlankSub=\fIc\fP
6527 Set the blank substitution character to
6529 Unquoted spaces in addresses are replaced by this character.
6530 Defaults to space (i.e., no change is made).
6533 Path to directory with certificates of CAs.
6534 This directory directory must contain the hashes of each CA certificate
6535 as filenames (or as links to them).
6538 File containing one or more CA certificates;
6539 see section about STARTTLS for more information.
6542 Validate the RHS of aliases when rebuilding the alias database.
6543 .ip CheckpointInterval=\fIN\fP
6545 Checkpoints the queue every
6549 If your system crashes during delivery to a large list,
6550 this prevents retransmission to any but the last
6553 .ip ClassFactor=\fIfact\fP
6557 is multiplied by the message class
6558 (determined by the Precedence: field in the user header
6561 lines in the configuration file)
6562 and subtracted from the priority.
6563 Thus, messages with a higher Priority: will be favored.
6567 File containing the certificate of the client, i.e., this certificate
6570 acts as client (for STARTTLS).
6573 File containing the private key belonging to the client certificate
6577 .ip ClientPortOptions=\fIoptions\fP
6579 Set client SMTP options.
6582 pairs separated by commas.
6586 Port Name/number of source port for connection (defaults to any free port)
6587 Addr Address mask (defaults INADDR_ANY)
6588 Family Address family (defaults to INET)
6589 SndBufSize Size of TCP send buffer
6590 RcvBufSize Size of TCP receive buffer
6591 Modifier Options (flags) for the client
6595 mask may be a numeric address in dot notation
6598 can be the following character:
6601 h use name of interface for HELO command
6602 A don't use AUTH when sending e-mail
6603 S don't use STARTTLS when sending e-mail
6605 If ``h'' is set, the name corresponding to the outgoing interface
6606 address (whether chosen via the Connection parameter or
6607 the default) is used for the HELO/EHLO command.
6608 However, the name must not start with a square bracket
6609 and it must contain at least one dot.
6610 This is a simple test whether the name is not
6611 an IP address (in square brackets) but a qualified hostname.
6612 Note that multiple ClientPortOptions settings are allowed
6613 in order to give settings for each protocol family
6614 (e.g., one for Family=inet and one for Family=inet6).
6615 A restriction placed on one family only affects
6616 outgoing connections on that particular family.
6619 If set, colons are acceptable in e-mail addresses
6622 If not set, colons indicate the beginning of a RFC 822 group construct
6624 .q "groupname: member1, member2, ... memberN;" ).
6625 Doubled colons are always acceptable
6628 and proper route-addr nesting is understood
6630 .q <@relay:user@host> ).
6631 Furthermore, this option defaults on if the configuration version level
6632 is less than 6 (for back compatibility).
6633 However, it must be off for full compatibility with RFC 822.
6634 .ip ConnectionCacheSize=\fIN\fP
6636 The maximum number of open connections that will be cached at a time.
6638 This delays closing the current connection until
6639 either this invocation of
6641 needs to connect to another host
6643 Setting it to zero defaults to the old behavior,
6644 that is, connections are closed immediately.
6645 Since this consumes file descriptors,
6646 the connection cache should be kept small:
6647 4 is probably a practical maximum.
6648 .ip ConnectionCacheTimeout=\fItimeout\fP
6650 The maximum amount of time a cached connection will be permitted to idle
6652 If this time is exceeded,
6653 the connection is immediately closed.
6654 This value should be small (on the order of ten minutes).
6657 uses a cached connection,
6658 it always sends a RSET command
6659 to check the connection;
6660 if this fails, it reopens the connection.
6661 This keeps your end from failing if the other end times out.
6662 The point of this option is to be a good network neighbor
6663 and avoid using up excessive resources
6665 The default is five minutes.
6666 .ip ConnectOnlyTo=\fIaddress\fP
6669 override the connection address (for testing purposes).
6670 .ip ConnectionRateThrottle=\fIN\fP
6672 If set to a positive value,
6675 incoming connections in a one second period per daemon.
6676 This is intended to flatten out peaks
6677 and allow the load average checking to cut in.
6678 Defaults to zero (no limits).
6679 .ip ConnectionRateWindowSize=\fIN\fP
6681 Define the length of the interval for which
6682 the number of incoming connections is maintained.
6683 The default is 60 seconds.
6684 .ip ControlSocketName=\fIname\fP
6686 Name of the control socket for daemon management.
6689 daemon can be controlled through this named socket.
6690 Available commands are:
6699 command returns the current number of daemon children,
6700 the maximum number of daemon children,
6701 the free disk space (in blocks) of the queue directory,
6702 and the load average of the machine expressed as an integer.
6703 If not set, no control socket will be available.
6704 Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
6705 .ip CRLFile=\fIname\fP
6707 Name of file that contains certificate
6708 revocation status, useful for X.509v3 authentication.
6709 CRL checking requires at least OpenSSL version 0.9.7.
6710 Note: if a CRLFile is specified but the file is unusable,
6711 STARTTLS is disabled.
6713 File with DH parameters for STARTTLS.
6714 This is only required if a ciphersuite containing DSA/DH is used.
6715 This is only for people with a good knowledge of TLS, all others
6716 can ignore this option.
6717 .ip DaemonPortOptions=\fIoptions\fP
6719 Set server SMTP options.
6721 .b DaemonPortOptions
6722 leads to an additional incoming socket.
6729 Name User-definable name for the daemon (defaults to "Daemon#")
6730 Port Name/number of listening port (defaults to "smtp")
6731 Addr Address mask (defaults INADDR_ANY)
6732 Family Address family (defaults to INET)
6733 InputMailFilters List of input mail filters for the daemon
6734 Listen Size of listen queue (defaults to 10)
6735 Modifier Options (flags) for the daemon
6736 SndBufSize Size of TCP send buffer
6737 RcvBufSize Size of TCP receive buffer
6738 children maximum number of children per daemon, see \fBMaxDaemonChildren\fP.
6739 DeliveryMode Delivery mode per daemon, see \fBDeliveryMode\fP.
6740 refuseLA RefuseLA per daemon
6741 delayLA DelayLA per daemon
6742 queueLA QueueLA per daemon
6746 key is used for error messages and logging.
6749 mask may be a numeric address in dot notation
6753 key defaults to INET (IPv4).
6754 IPv6 users who wish to also accept IPv6 connections
6755 should add additional Family=inet6
6756 .b DaemonPortOptions
6760 key overrides the default list of input mail filters listed in the
6763 If multiple input mail filters are required, they must be separated
6764 by semicolons (not commas).
6766 can be a sequence (without any delimiters)
6767 of the following characters:
6770 a always require authentication
6771 b bind to interface through which mail has been received
6772 c perform hostname canonification (.cf)
6773 f require fully qualified hostname (.cf)
6774 s Run smtps (SMTP over SSL) instead of smtp
6775 u allow unqualified addresses (.cf)
6776 A disable AUTH (overrides 'a' modifier)
6777 C don't perform hostname canonification
6778 E disallow ETRN (see RFC 2476)
6779 O optional; if opening the socket fails ignore it
6780 S don't offer STARTTLS
6782 That is, one way to specify a message submission agent (MSA) that
6783 always requires authentication is:
6785 O DaemonPortOptions=Name=MSA, Port=587, M=Ea
6787 The modifiers that are marked with "(.cf)" have only
6788 effect in the standard configuration file, in which
6789 they are available via
6790 .b ${daemon_flags} .
6793 use the ``a'' modifier on a public accessible MTA!
6794 It should only be used for a MSA that is accessed by authorized
6795 users for initial mail submission.
6796 Users must authenticate to use a MSA which has this option turned on.
6797 The flags ``c'' and ``C'' can change the default for
6798 hostname canonification in the
6801 See the relevant documentation for
6802 .sm FEATURE(nocanonify) .
6803 The modifier ``f'' disallows addresses of the form
6805 unless they are submitted directly.
6806 The flag ``u'' allows unqualified sender addresses,
6807 i.e., those without @host.
6808 ``b'' forces sendmail to bind to the interface
6809 through which the e-mail has been
6810 received for the outgoing connection.
6813 only if outgoing mail can be routed through the incoming connection's
6814 interface to its destination. No attempt is made to catch problems due to a
6815 misconfiguration of this parameter, use it only for virtual hosting
6816 where each virtual interface can connect to every possible location.
6817 This will also override possible settings via
6818 .b ClientPortOptions.
6821 will listen on a new socket
6822 for each occurence of the
6823 .b DaemonPortOptions
6824 option in a configuration file.
6825 The modifier ``O'' causes sendmail to ignore a socket
6826 if it can't be opened.
6827 This applies to failures from the socket(2) and bind(2) calls.
6830 Filename that contains default authentication information for outgoing
6831 connections. This file must contain the user id, the authorization id,
6832 the password (plain text), the realm and the list of mechanisms to use
6833 on separate lines and must be readable by
6834 root (or the trusted user) only.
6835 If no realm is specified,
6838 If no mechanisms are specified, the list given by
6841 Notice: this option is deprecated and will be removed in future versions.
6842 Moreover, it doesn't work for the MSP since it can't read the file
6843 (the file must not be group/world-readable otherwise
6846 Use the authinfo ruleset instead which provides more control over
6847 the usage of the data anyway.
6848 .ip DefaultCharSet=\fIcharset\fP
6850 When a message that has 8-bit characters but is not in MIME format
6851 is converted to MIME
6852 (see the EightBitMode option)
6853 a character set must be included in the Content-Type: header.
6854 This character set is normally set from the Charset= field
6855 of the mailer descriptor.
6856 If that is not set, the value of this option is used.
6857 If this option is not set, the value
6860 .ip DataFileBufferSize=\fIthreshold\fP
6865 before a memory-based
6868 The default is 4096 bytes.
6869 .ip DeadLetterDrop=\fIfile\fP
6871 Defines the location of the system-wide dead.letter file,
6872 formerly hardcoded to /usr/tmp/dead.letter.
6873 If this option is not set (the default),
6874 sendmail will not attempt to save to a system-wide dead.letter file
6876 it cannot bounce the mail to the user or postmaster.
6877 Instead, it will rename the qf file
6878 as it has in the past
6879 when the dead.letter file could not be opened.
6880 .ip DefaultUser=\fIuser:group\fP
6882 Set the default userid for mailers to
6889 (as opposed to a numeric user id)
6890 the default group listed in the /etc/passwd file for that user is used
6891 as the default group.
6899 flag in the mailer definition
6900 will run as this user.
6902 The value can also be given as a symbolic user name.\**
6906 option has been combined into the
6910 .ip DelayLA=\fILA\fP
6912 When the system load average exceeds
6915 will sleep for one second on most SMTP commands and
6916 before accepting connections.
6917 .ip DeliverByMin=\fItime\fP
6919 Set minimum time for Deliver By SMTP Service Extension (RFC 2852).
6920 If 0, no time is listed, if less than 0, the extension is not offered,
6921 if greater than 0, it is listed as minimum time
6922 for the EHLO keyword DELIVERBY.
6923 .ip DeliveryMode=\fIx\fP
6930 i Deliver interactively (synchronously)
6931 b Deliver in background (asynchronously)
6932 q Just queue the message (deliver during queue run)
6933 d Defer delivery and all map lookups (deliver during queue run)
6935 Defaults to ``b'' if no option is specified,
6936 ``i'' if it is specified but given no argument
6937 (i.e., ``Od'' is equivalent to ``Odi'').
6940 command line flag sets this to
6942 Note: for internal reasons,
6944 if a milter is enabled which can reject or delete recipients.
6945 In that case the mode will be changed to ``b''.
6946 .ip DialDelay=\fIsleeptime\fP
6948 Dial-on-demand network connections can see timeouts
6949 if a connection is opened before the call is set up.
6950 If this is set to an interval and a connection times out
6951 on the first connection being attempted
6953 will sleep for this amount of time and try again.
6954 This should give your system time to establish the connection
6955 to your service provider.
6956 Units default to seconds, so
6958 uses a five second delay.
6961 This delay only applies to mailers which have the
6963 .ip DirectSubmissionModifiers=\fImodifiers\fP
6966 for direct (command line) submissions.
6969 is either "CC f" if the option
6971 is used or "c u" otherwise.
6972 Note that only the the "CC", "c", "f", and "u" flags are checked.
6973 .ip DontBlameSendmail=\fIoption,option,...\fP
6975 In order to avoid possible cracking attempts
6976 caused by world- and group-writable files and directories,
6978 does paranoid checking when opening most of its support files.
6979 If for some reason you absolutely must run with,
6984 then you will have to turn off this checking
6985 (at the cost of making your system more vulnerable to attack).
6986 The possible arguments have been described earlier.
6987 The details of these flags are described above.
6988 .\"XXX should have more here!!! XXX
6989 .b "Use of this option is not recommended."
6990 .ip DontExpandCnames
6992 The standards say that all host addresses used in a mail message
6993 must be fully canonical.
6994 For example, if your host is named
6996 and also has an alias of
6998 the former name must be used at all times.
6999 This is enforced during host name canonification
7000 ($[ ... $] lookups).
7001 If this option is set, the protocols are ignored and the
7004 However, the IETF is moving toward changing this standard,
7005 so the behavior may become acceptable.
7006 Please note that hosts downstream may still rewrite the address
7007 to be the true canonical name however.
7012 will avoid using the initgroups(3) call.
7013 If you are running NIS,
7014 this causes a sequential scan of the groups.byname map,
7015 which can cause your NIS server to be badly overloaded in a large domain.
7016 The cost of this is that the only group found for users
7017 will be their primary group (the one in the password file),
7018 which will make file access permissions somewhat more restrictive.
7019 Has no effect on systems that don't have group lists.
7020 .ip DontProbeInterfaces
7023 normally finds the names of all interfaces active on your machine
7025 and adds their name to the
7027 class of known host aliases.
7028 If you have a large number of virtual interfaces
7029 or if your DNS inverse lookups are slow
7030 this can be time consuming.
7031 This option turns off that probing.
7032 However, you will need to be certain to include all variant names
7035 class by some other mechanism.
7038 loopback interfaces (e.g., lo0) will not be probed.
7043 tries to eliminate any unnecessary explicit routes
7044 when sending an error message
7045 (as discussed in RFC 1123 \(sc 5.2.6).
7047 when sending an error message to
7049 <@known1,@known2,@known3:user@unknown>
7054 in order to make the route as direct as possible.
7057 option is set, this will be disabled,
7058 and the mail will be sent to the first address in the route,
7059 even if later addresses are known.
7060 This may be useful if you are caught behind a firewall.
7061 .ip DoubleBounceAddress=\fIerror-address\fP
7063 If an error occurs when sending an error message,
7064 send the error report
7067 because it is an error
7069 that occurs when trying to send another error
7071 to the indicated address.
7072 The address is macro expanded
7073 at the time of delivery.
7074 If not set, defaults to
7076 If set to an empty string, double bounces are dropped.
7077 .ip EightBitMode=\fIaction\fP
7079 Set handling of eight-bit data.
7080 There are two kinds of eight-bit data:
7081 that declared as such using the
7083 ESMTP declaration or the
7086 and undeclared 8-bit data, that is,
7087 input that just happens to be eight bits.
7088 There are three basic operations that can happen:
7089 undeclared 8-bit data can be automatically converted to 8BITMIME,
7090 undeclared 8-bit data can be passed as-is without conversion to MIME
7092 and declared 8-bit data can be converted to 7-bits
7093 for transmission to a non-8BITMIME mailer.
7098 .\" r Reject undeclared 8-bit data;
7099 .\" don't convert 8BITMIME\(->7BIT (``reject'')
7100 s Reject undeclared 8-bit data (``strict'')
7101 .\" do convert 8BITMIME\(->7BIT (``strict'')
7102 .\" c Convert undeclared 8-bit data to MIME;
7103 .\" don't convert 8BITMIME\(->7BIT (``convert'')
7104 m Convert undeclared 8-bit data to MIME (``mime'')
7105 .\" do convert 8BITMIME\(->7BIT (``mime'')
7106 .\" j Pass undeclared 8-bit data;
7107 .\" don't convert 8BITMIME\(->7BIT (``just send 8'')
7108 p Pass undeclared 8-bit data (``pass'')
7109 .\" do convert 8BITMIME\(->7BIT (``pass'')
7110 .\" a Adaptive algorithm: see below
7112 .\"The adaptive algorithm is to accept 8-bit data,
7113 .\"converting it to 8BITMIME only if the receiver understands that,
7114 .\"otherwise just passing it as undeclared 8-bit data;
7115 .\"8BITMIME\(->7BIT conversions are done.
7116 In all cases properly declared 8BITMIME data will be converted to 7BIT
7118 .ip ErrorHeader=\fIfile-or-message\fP
7120 Prepend error messages with the indicated message.
7121 If it begins with a slash,
7122 it is assumed to be the pathname of a file
7123 containing a message (this is the recommended setting).
7124 Otherwise, it is a literal message.
7125 The error file might contain the name, email address, and/or phone number
7126 of a local postmaster who could provide assistance
7128 If the option is missing or null,
7129 or if it names a file which does not exist or which is not readable,
7130 no message is printed.
7131 .ip ErrorMode=\fIx\fP
7133 Dispose of errors using mode
7139 p Print error messages (default)
7140 q No messages, just give exit status
7142 w Write back errors (mail if user not logged in)
7143 e Mail back errors (when applicable) and give zero exit stat always
7145 Note that the last mode,
7147 is for Berknet error processing and
7148 should not be used in normal circumstances.
7149 Note, too, that mode
7151 only applies to errors recognized before sendmail forks for
7152 background delivery.
7153 .ip FallbackMXhost=\fIfallbackhost\fP
7157 acts like a very low priority MX
7159 MX records will be looked up for this host,
7160 unless the name is surrounded by square brackets.
7161 This is intended to be used by sites with poor network connectivity.
7162 Messages which are undeliverable due to temporary address failures
7164 also go to the FallbackMXhost.
7165 .ip FallBackSmartHost=\fIhostname\fP
7167 .i FallBackSmartHost
7168 will be used in a last-ditch effort for each host.
7169 This is intended to be used by sites with "fake internal DNS",
7170 e.g., a company whose DNS accurately reflects the world
7171 inside that company's domain but not outside.
7174 If set to a value greater than zero (the default is one),
7175 it suppresses the MX lookups on addresses
7176 when they are initially sorted, i.e., for the first delivery attempt.
7177 This usually results in faster envelope splitting unless the MX records
7178 are readily available in a local DNS cache.
7179 To enforce initial sorting based on MX records set
7182 If the mail is submitted directly from the command line, then
7183 the value also limits the number of processes to deliver the envelopes;
7184 if more envelopes are created they are only queued up
7185 and must be taken care of by a queue run.
7186 Since the default submission method is via SMTP (either from a MUA
7187 or via the MSP), the value of
7189 is seldom used to limit the number of processes to deliver the envelopes.
7193 deliver each job that is run from the queue in a separate process.
7194 .ip ForwardPath=\fIpath\fP
7196 Set the path for searching for users' .forward files.
7199 Some sites that use the automounter may prefer to change this to
7201 to search a file with the same name as the user in a system directory.
7202 It can also be set to a sequence of paths separated by colons;
7204 stops at the first file it can successfully and safely open.
7206 .q /var/forward/$u:$z/.forward
7207 will search first in /var/forward/\c
7210 .i ~username /.forward
7211 (but only if the first file does not exist).
7212 .ip HeloName=\fIname\fP
7214 Set the name to be used for HELO/EHLO (instead of $j).
7217 If an outgoing mailer is marked as being expensive,
7218 don't connect immediately.
7219 .ip HostsFile=\fIpath\fP
7221 The path to the hosts database,
7224 This option is only consulted when sendmail
7225 is canonifying addresses,
7230 service switch entry.
7231 In particular, this file is
7233 used when looking up host addresses;
7234 that is under the control of the system
7235 .i gethostbyname (3)
7237 .ip HostStatusDirectory=\fIpath\fP
7239 The location of the long term host status information.
7241 information about the status of hosts
7242 (e.g., host down or not accepting connections)
7243 will be shared between all
7246 normally, this information is only held within a single queue run.
7247 This option requires a connection cache of at least 1 to function.
7248 If the option begins with a leading `/',
7249 it is an absolute pathname;
7251 it is relative to the mail queue directory.
7252 A suggested value for sites desiring persistent host status is
7254 (i.e., a subdirectory of the queue directory).
7257 Ignore dots in incoming messages.
7258 This is always disabled (that is, dots are always accepted)
7259 when reading SMTP mail.
7260 .ip InputMailFilters=\fIname,name,...\fP
7261 A comma separated list of filters which determines which filters
7262 (see the "X \*- Mail Filter (Milter) Definitions" section)
7263 and the invocation sequence are contacted for incoming SMTP messages.
7264 If none are set, no filters will be contacted.
7265 .ip LDAPDefaultSpec=\fIspec\fP
7267 Sets a default map specification for LDAP maps.
7268 The value should only contain LDAP specific settings
7270 .q "-h host -p port -d bindDN" .
7271 The settings will be used for all LDAP maps
7272 unless the individual map specification overrides a setting.
7273 This option should be set before any LDAP maps are defined.
7274 .ip LogLevel=\fIn\fP
7276 Set the log level to
7285 This is intended only for use from the command line.
7291 Type of lookup to find information about local mailboxes,
7292 defaults to ``pw'' which uses
7294 Other types can be introduced by adding them to the source code,
7295 see libsm/mbdb.c for details.
7298 Use as mail submission program, i.e.,
7299 allow group writable queue files
7300 if the group is the same as that of a set-group-ID sendmail binary.
7302 .b sendmail/SECURITY
7303 in the distribution tarball.
7306 Allow fuzzy matching on the GECOS field.
7307 If this flag is set,
7308 and the usual user name lookups fail
7309 (that is, there is no alias with this name and a
7312 sequentially search the password file
7313 for a matching entry in the GECOS field.
7314 This also requires that MATCHGECOS
7315 be turned on during compilation.
7316 This option is not recommended.
7317 .ip MaxAliasRecursion=\fIN\fP
7319 The maximum depth of alias recursion (default: 10).
7320 .ip MaxDaemonChildren=\fIN\fP
7324 will refuse connections when it has more than
7326 children processing incoming mail or automatic queue runs.
7327 This does not limit the number of outgoing connections.
7330 (background) is used, then
7332 may create an almost unlimited number of children
7333 (depending on the number of transactions and the
7334 relative execution times of mail receiption and mail delivery).
7335 If the limit should be enforced, then a
7337 other than background must be used.
7338 If not set, there is no limit to the number of children --
7339 that is, the system load average controls this.
7340 .ip MaxHeadersLength=\fIN\fP
7342 The maximum length of the sum of all headers.
7343 This can be used to prevent a denial of service attack.
7344 The default is no limit.
7345 .ip MaxHopCount=\fIN\fP
7347 The maximum hop count.
7348 Messages that have been processed more than
7350 times are assumed to be in a loop and are rejected.
7352 .ip MaxMessageSize=\fIN\fP
7354 Specify the maximum message size
7355 to be advertised in the ESMTP EHLO response.
7356 Messages larger than this will be rejected.
7357 If set to a value greater than zero,
7358 that value will be listed in the SIZE response,
7359 otherwise SIZE is advertised in the ESMTP EHLO response
7360 without a parameter.
7361 .ip MaxMimeHeaderLength=\fIN[/M]\fP
7363 Sets the maximum length of certain MIME header field values to
7366 These MIME header fields are determined by being a member of
7367 class {checkMIMETextHeaders}, which currently contains only
7368 the header Content-Description.
7369 For some of these headers which take parameters,
7370 the maximum length of each parameter is set to
7374 is not specified, one half of
7378 these values are 2048 and 1024, respectively.
7379 To allow any length, a value of 0 can be specified.
7380 .ip MaxNOOPCommands=\fIN\fP
7381 Override the default of
7385 commands, see Section
7386 "Measures against Denial of Service Attacks".
7387 .ip MaxQueueChildren=\fIN\fP
7389 When set, this limits the number of concurrent queue runner processes to
7391 This helps to control the amount of system resources used when processing
7392 the queue. When there are multiple queue groups defined and the total number
7393 of queue runners for these queue groups would exceed
7395 then the queue groups will not all run concurrently. That is, some portion
7396 of the queue groups will run concurrently such that
7398 will not be exceeded, while the remaining queue groups will be run later (in
7399 round robin order). See also
7400 .i MaxRunnersPerQueue
7401 and the section \fBQueue Group Declaration\fP.
7404 does not count individual queue runners, but only sets of processes
7405 that act on a workgroup.
7406 Hence the actual number of queue runners may be lower than the limit
7408 .i MaxQueueChildren .
7409 This discrepancy can be large if some queue runners have to wait
7410 for a slow server and if short intervals are used.
7411 .ip MaxQueueRunSize=\fIN\fP
7413 The maximum number of jobs that will be processed
7414 in a single queue run.
7415 If not set, there is no limit on the size.
7416 If you have very large queues or a very short queue run interval
7417 this could be unstable.
7418 However, since the first
7420 jobs in queue directory order are run (rather than the
7422 highest priority jobs)
7423 this should be set as high as possible to avoid
7425 jobs that happen to fall late in the queue directory.
7426 Note: this option also restricts the number of entries printed by
7435 entries are printed per queue group.
7436 .ip MaxRecipientsPerMessage=\fIN\fP
7438 The maximum number of recipients that will be accepted per message
7439 in an SMTP transaction.
7440 Note: setting this too low can interfere with sending mail from
7441 MUAs that use SMTP for initial submission.
7442 If not set, there is no limit on the number of recipients per envelope.
7443 .ip MaxRunnersPerQueue=\fIN\fP
7445 This sets the default maximum number of queue runners for queue groups.
7448 queue runners will work in parallel on a queue group's messages.
7449 This is useful where the processing of a message in the queue might
7450 delay the processing of subsequent messages. Such a delay may be the result
7451 of non-erroneous situations such as a low bandwidth connection.
7452 May be overridden on a per queue group basis by setting the
7454 option; see the section \fBQueue Group Declaration\fP.
7455 The default is 1 when not set.
7459 even if I am in an alias expansion.
7460 This option is deprecated
7461 and will be removed from a future version.
7464 This option has several sub(sub)options.
7465 The names of the suboptions are separated by dots.
7466 At the first level the following options are available:
7468 .ta \w'LogLevel'u+3n
7469 LogLevel Log level for input mail filter actions, defaults to LogLevel.
7470 macros Specifies list of macro to transmit to filters.
7473 The ``macros'' option has the following suboptions
7474 which specify the list of macro to transmit to milters
7475 after a certain event occurred.
7478 connect After session connection start
7479 helo After EHLO/HELO command
7480 envfrom After MAIL From command
7481 envrcpt After RCPT To command
7482 data After DATA command.
7483 eoh After DATA command and header
7484 eom After DATA command and terminating ``.''
7486 By default the lists of macros are empty.
7489 O Milter.LogLevel=12
7490 O Milter.macros.connect=j, _, {daemon_name}
7492 .ip MinFreeBlocks=\fIN\fP
7496 blocks free on the filesystem that holds the queue files
7497 before accepting email via SMTP.
7498 If there is insufficient space
7500 gives a 452 response
7501 to the MAIL command.
7502 This invites the sender to try again later.
7503 .ip MinQueueAge=\fIage\fP
7505 Don't process any queued jobs
7506 that have been in the queue less than the indicated time interval.
7507 This is intended to allow you to get responsiveness
7508 by processing the queue fairly frequently
7509 without thrashing your system by trying jobs too often.
7510 The default units are minutes.
7511 .ip MustQuoteChars=\fIs\fP
7513 Sets the list of characters that must be quoted if used in a full name
7514 that is in the phrase part of a ``phrase <address>'' syntax.
7515 The default is ``\'.''.
7516 The characters ``@,;:\e()[]'' are always added to this list.
7519 The priority of queue runners (nice(3)).
7520 This value must be greater or equal zero.
7521 .ip NoRecipientAction
7523 The action to take when you receive a message that has no valid
7524 recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
7525 the last included for back compatibility with old
7529 to pass the message on unmodified,
7530 which violates the protocol,
7532 to add a To: header with any recipients it can find in the envelope
7533 (which might expose Bcc: recipients),
7534 .b Add-Apparently-To
7535 to add an Apparently-To: header
7536 (this is only for back-compatibility
7537 and is officially deprecated),
7538 .b Add-To-Undisclosed
7540 .q "To: undisclosed-recipients:;"
7541 to make the header legal without disclosing anything,
7544 to add an empty Bcc: header.
7547 Assume that the headers may be in old format,
7549 spaces delimit names.
7550 This actually turns on
7551 an adaptive algorithm:
7552 if any recipient address contains a comma, parenthesis,
7554 it will be assumed that commas already exist.
7555 If this flag is not on,
7556 only commas delimit names.
7557 Headers are always output with commas between the names.
7559 .ip OperatorChars=\fIcharlist\fP
7561 The list of characters that are considered to be
7563 that is, characters that delimit tokens.
7564 All operator characters are tokens by themselves;
7565 sequences of non-operator characters are also tokens.
7566 White space characters separate tokens
7567 but are not tokens themselves \(em for example,
7569 has three tokens, but
7572 If not set, OperatorChars defaults to
7573 .q \&.\|:\|@\|[\|] ;
7574 additionally, the characters
7576 are always operators.
7577 Note that OperatorChars must be set in the
7578 configuration file before any rulesets.
7579 .ip PidFile=\fIfilename\fP
7581 Filename of the pid file.
7582 (default is _PATH_SENDMAILPID).
7585 is macro-expanded before it is opened, and unlinked when
7588 .ip PostmasterCopy=\fIpostmaster\fP
7591 copies of error messages will be sent to the named
7593 Only the header of the failed message is sent.
7594 Errors resulting from messages with a negative precedence will not be sent.
7595 Since most errors are user problems,
7596 this is probably not a good idea on large sites,
7597 and arguably contains all sorts of privacy violations,
7598 but it seems to be popular with certain operating systems vendors.
7599 The address is macro expanded
7600 at the time of delivery.
7601 Defaults to no postmaster copies.
7602 .ip PrivacyOptions=\fI\|opt,opt,...\fP
7606 ``Privacy'' is really a misnomer;
7607 many of these are just a way of insisting on stricter adherence
7608 to the SMTP protocol.
7611 can be selected from:
7613 .ta \w'noactualrecipient'u+3n
7614 public Allow open access
7615 needmailhelo Insist on HELO or EHLO command before MAIL
7616 needexpnhelo Insist on HELO or EHLO command before EXPN
7617 noexpn Disallow EXPN entirely, implies noverb.
7618 needvrfyhelo Insist on HELO or EHLO command before VRFY
7619 novrfy Disallow VRFY entirely
7620 noetrn Disallow ETRN entirely
7621 noverb Disallow VERB entirely
7622 restrictmailq Restrict mailq command
7623 restrictqrun Restrict \-q command line flag
7624 restrictexpand Restrict \-bv and \-v command line flags
7625 noreceipts Don't return success DSNs\**
7626 nobodyreturn Don't return the body of a message with DSNs
7627 goaway Disallow essentially all SMTP status queries
7628 authwarnings Put X-Authentication-Warning: headers in messages
7630 noactualrecipient Don't put X-Actual-Recipient lines in DSNs
7631 which reveal the actual account that addresses map to.
7637 flag turns off support for RFC 1891
7638 (Delivery Status Notification).
7642 pseudo-flag sets all flags except
7650 If mailq is restricted,
7651 only people in the same group as the queue directory
7652 can print the queue.
7653 If queue runs are restricted,
7654 only root and the owner of the queue directory
7658 pseudo-flag instructs
7660 to drop privileges when the
7662 option is given by users who are neither root nor the TrustedUser
7663 so users cannot read private aliases, forwards, or :include: files.
7667 .q DontBlameSendmail
7668 option to prevent misleading unsafe address warnings.
7669 It also overrides the
7671 (verbose) command line option to prevent information leakage.
7672 Authentication Warnings add warnings about various conditions
7673 that may indicate attempts to spoof the mail system,
7674 such as using a non-standard queue directory.
7675 .ip ProcessTitlePrefix=\fIstring\fP
7677 Prefix the process title shown on 'ps' listings with
7681 will be macro processed.
7682 .ip QueueDirectory=\fIdir\fP
7684 The QueueDirectory option serves two purposes.
7685 First, it specifies the directory or set of directories that comprise
7686 the default queue group.
7687 Second, it specifies the directory D which is the ancestor of all queue
7688 directories, and which sendmail uses as its current working directory.
7689 When sendmail dumps core, it leaves its core files in D.
7690 There are two cases.
7691 If \fIdir\fR ends with an asterisk (eg, \fI/var/spool/mqueue/qd*\fR),
7692 then all of the directories or symbolic links to directories
7693 beginning with `qd' in
7694 .i /var/spool/mqueue
7695 will be used as queue directories of the default queue group,
7697 .i /var/spool/mqueue
7698 will be used as the working directory D.
7700 \fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR):
7701 the default queue group consists of the single queue directory \fIdir\fR,
7702 and the working directory D is set to \fIdir\fR.
7703 To define additional groups of queue directories,
7704 use the configuration file `Q' command.
7705 Do not change the queue directory structure
7706 while sendmail is running.
7707 .ip QueueFactor=\fIfactor\fP
7711 as the multiplier in the map function
7712 to decide when to just queue up jobs rather than run them.
7713 This value is divided by the difference between the current load average
7714 and the load average limit
7718 to determine the maximum message priority
7721 .ip QueueLA=\fILA\fP
7723 When the system load average exceeds
7729 option divided by the difference in the current load average and the
7732 is less than the priority of the message,
7734 (i.e., don't try to send them).
7735 Defaults to 8 multiplied by
7736 the number of processors online on the system
7737 (if that can be determined).
7738 .ip QueueFileMode=\fImode\fP
7740 Default permissions for queue files (octal).
7741 If not set, sendmail uses 0600 unless its real
7742 and effective uid are different in which case it uses 0644.
7743 .ip QueueSortOrder=\fIalgorithm\fP
7747 used for sorting the queue.
7748 Only the first character of the value is used.
7751 (to order by the name of the first host name of the first recipient),
7753 (to order by the name of the queue file name),
7755 (to order by the submission/creation time),
7757 (to order randomly),
7759 (to order by the modification time of the qf file (older entries first)),
7764 (to order by message priority).
7765 Host ordering makes better use of the connection cache,
7766 but may tend to process low priority messages
7767 that go to a single host
7768 over high priority messages that go to several hosts;
7769 it probably shouldn't be used on slow network links.
7770 Filename and modification time ordering saves the overhead of
7771 reading all of the queued items
7772 before starting the queue run.
7773 Creation (submission) time ordering is almost always a bad idea,
7774 since it allows large, bulk mail to go out
7775 before smaller, personal mail,
7776 but may have applicability on some hosts with very fast connections.
7777 Random is useful if several queue runners are started by hand
7778 which try to drain the same queue since odds are they will be working
7779 on different parts of the queue at the same time.
7780 Priority ordering is the default.
7781 .ip QueueTimeout=\fItimeout\fP
7784 .q Timeout.queuereturn .
7785 Use that form instead of the
7790 Name of file containing random data or the name of the UNIX socket
7792 A (required) prefix "egd:" or "file:" specifies the type.
7793 STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set
7794 (see sendmail/README).
7795 .ip ResolverOptions=\fIoptions\fP
7797 Set resolver options.
7798 Values can be set using
7824 can be specified to turn off matching against MX records
7825 when doing name canonifications.
7827 .q WorkAroundBrokenAAAA
7832 can be specified to work around some broken nameservers
7833 which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.
7834 Notice: it might be necessary to apply the same (or similar) options to
7837 .ip RequiresDirfsync
7839 This option can be used to override the compile time flag
7840 .b REQUIRES_DIR_FSYNC
7841 at runtime by setting it to
7843 If the compile time flag is not set, the option is ignored.
7844 The flag turns on support for file systems that require to call
7846 for a directory if the meta-data in it has been changed.
7847 This should be turned on at least for older versions of ReiserFS;
7848 it is enabled by default for Linux.
7849 According to some information this flag is not needed
7850 anymore for kernel 2.4.16 and newer.
7853 If this option is set, a
7854 .q Return-Receipt-To:
7855 header causes the request of a DSN, which is sent to
7856 the envelope sender as required by RFC 1891,
7857 not to the address given in the header.
7858 .ip RunAsUser=\fIuser\fP
7862 parameter may be a user name
7865 or a numeric user id;
7866 either form can have
7869 (where group can be numeric or symbolic).
7870 If set to a non-zero (non-root) value,
7872 will change to this user id shortly after startup\**.
7874 \**When running as a daemon,
7875 it changes to this user after accepting a connection
7876 but before reading any
7880 This avoids a certain class of security problems.
7881 However, this means that all
7885 files must be readable by the indicated
7887 and all files to be written must be writable by
7889 Also, all file and program deliveries will be marked unsafe
7891 .b DontBlameSendmail=NonRootSafeAddr
7893 in which case the delivery will be done as
7895 It is also incompatible with the
7896 .b SafeFileEnvironment
7898 In other words, it may not actually add much to security on an average system,
7899 and may in fact detract from security
7900 (because other file permissions must be loosened).
7901 However, it should be useful on firewalls and other
7902 places where users don't have accounts and the aliases file is
7904 .ip RecipientFactor=\fIfact\fP
7908 is added to the priority (thus
7910 the priority of the job)
7912 i.e., this value penalizes jobs with large numbers of recipients.
7914 .ip RefuseLA=\fILA\fP
7916 When the system load average exceeds
7918 refuse incoming SMTP connections.
7919 Defaults to 12 multiplied by
7920 the number of processors online on the system
7921 (if that can be determined).
7922 .ip RejectLogInterval=\fItimeout\fP
7924 Log interval when refusing connections for this long
7926 .ip RetryFactor=\fIfact\fP
7930 is added to the priority
7931 every time a job is processed.
7933 each time a job is processed,
7934 its priority will be decreased by the indicated value.
7935 In most environments this should be positive,
7936 since hosts that are down are all too often down for a long time.
7938 .ip SafeFileEnvironment=\fIdir\fP
7940 If this option is set,
7944 call into the indicated
7946 before doing any file writes.
7947 If the file name specified by the user begins with
7949 that partial path name will be stripped off before writing,
7951 if the SafeFileEnvironment variable is set to
7957 actually indicate the same file.
7958 Additionally, if this option is set,
7960 refuses to deliver to symbolic links.
7966 lines at the front of headers.
7967 Normally they are assumed redundant
7971 If set, send error messages in MIME format
7972 (see RFC 2045 and RFC 1344 for details).
7975 will not return the DSN keyword in response to an EHLO
7976 and will not do Delivery Status Notification processing as described in
7980 File containing the certificate of the server, i.e., this certificate
7981 is used when sendmail acts as server
7982 (used for STARTTLS).
7985 File containing the private key belonging to the server certificate
7986 (used for STARTTLS).
7987 .ip ServiceSwitchFile=\fIfilename\fP
7989 If your host operating system has a service switch abstraction
7990 (e.g., /etc/nsswitch.conf on Solaris
7991 or /etc/svc.conf on Ultrix and DEC OSF/1)
7992 that service will be consulted and this option is ignored.
7993 Otherwise, this is the name of a file
7994 that provides the list of methods used to implement particular services.
7995 The syntax is a series of lines,
7996 each of which is a sequence of words.
7997 The first word is the service name,
7998 and following words are service types.
8001 consults directly are
8005 Service types can be
8011 (with the caveat that the appropriate support
8013 before the service can be referenced).
8014 If ServiceSwitchFile is not specified, it defaults to
8015 /etc/mail/service.switch.
8016 If that file does not exist, the default switch is:
8022 .q /etc/mail/service.switch .
8025 Strip input to seven bits for compatibility with old systems.
8026 This shouldn't be necessary.
8029 Key to use for shared memory segment;
8030 if not set (or 0), shared memory will not be used.
8034 can select a key itself provided that also
8035 .b SharedMemoryKeyFile
8037 Requires support for shared memory to be compiled into
8039 If this option is set,
8041 can share some data between different instances.
8042 For example, the number of entries in a queue directory
8043 or the available space in a file system.
8044 This allows for more efficient program execution, since only
8045 one process needs to update the data instead of each individual
8046 process gathering the data each time it is required.
8047 .ip SharedMemoryKeyFile
8053 then the automatically selected shared memory key will be stored
8054 in the specified file.
8055 .ip SingleLineFromHeader
8057 If set, From: lines that have embedded newlines are unwrapped
8059 This is to get around a botch in Lotus Notes
8060 that apparently cannot understand legally wrapped RFC 822 headers.
8061 .ip SingleThreadDelivery
8063 If set, a client machine will never try to open two SMTP connections
8064 to a single server machine at the same time,
8065 even in different processes.
8068 is already talking to some host a new
8070 will not open another connection.
8071 This property is of mixed value;
8072 although this reduces the load on the other machine,
8073 it can cause mail to be delayed
8074 (for example, if one
8076 is delivering a huge message, other
8078 won't be able to send even small messages).
8079 Also, it requires another file descriptor
8081 per connection, so you may have to reduce the
8082 .b ConnectionCacheSize
8083 option to avoid running out of per-process file descriptors.
8085 .b HostStatusDirectory
8087 .ip SmtpGreetingMessage=\fImessage\fP
8089 The message printed when the SMTP server starts up.
8091 .q "$j Sendmail $v ready at $b".
8093 If set, issue temporary errors (4xy) instead of permanent errors (5xy).
8094 This can be useful during testing of a new configuration to avoid
8095 erroneous bouncing of mails.
8096 .ip StatusFile=\fIfile\fP
8098 Log summary statistics in the named
8100 If no file name is specified, "statistics" is used.
8102 no summary statistics are saved.
8103 This file does not grow in size.
8104 It can be printed using the
8109 This option can be set to True, False, Interactive, or PostMilter.
8112 will be super-safe when running things,
8113 i.e., always instantiate the queue file,
8114 even if you are going to attempt immediate delivery.
8116 always instantiates the queue file
8117 before returning control to the client
8118 under any circumstances.
8122 The Interactive value has been introduced in 8.12 and can
8123 be used together with
8125 It skips some synchronization calls which are effectively
8126 doubled in the code execution path for this mode.
8127 If set to PostMilter,
8129 defers synchronizing the queue file until any milters have
8130 signaled acceptance of the message.
8131 PostMilter is useful only when
8133 is running as an SMTP server; in all other situations it
8134 acts the same as True.
8137 List of options for SMTP STARTTLS for the server
8138 consisting of single characters
8139 with intervening white space or commas.
8140 The flag ``V'' disables client verification, and hence
8141 it is not possible to use a client certificate for relaying.
8142 Currently there are no other flags available.
8143 .ip TempFileMode=\fImode\fP
8145 The file mode for transcript files, files to which
8147 delivers directly, files in the
8148 .b HostStatusDirectory ,
8151 It is interpreted in octal by default.
8153 .ip Timeout.\fItype\fP=\|\fItimeout\fP
8154 [r; subsumes old T option as well]
8156 For more information,
8160 .ip TimeZoneSpec=\fItzinfo\fP
8162 Set the local time zone info to
8166 Actually, if this is not set,
8167 the TZ environment variable is cleared (so the system default is used);
8168 if set but null, the user's TZ variable is used,
8169 and if set and non-null the TZ variable is set to this value.
8170 .ip TrustedUser=\fIuser\fP
8174 parameter may be a user name
8177 or a numeric user id.
8178 Trusted user for file ownership and starting the daemon. If set, generated
8179 alias databases and the control socket (if configured) will automatically
8180 be owned by this user.
8183 If this system is the
8185 (that is, lowest preference)
8186 MX for a given host,
8187 its configuration rules should normally detect this situation
8188 and treat that condition specially
8189 by forwarding the mail to a UUCP feed,
8190 treating it as local,
8192 However, in some cases (such as Internet firewalls)
8193 you may want to try to connect directly to that host
8194 as though it had no MX records at all.
8195 Setting this option causes
8198 The downside is that errors in your configuration
8199 are likely to be diagnosed as
8202 .q "message timed out"
8203 instead of something more meaningful.
8204 This option is disrecommended.
8205 .ip UnixFromLine=\fIfromline\fP
8207 Defines the format used when
8209 must add a UNIX-style From_ line
8210 (that is, a line beginning
8211 .q From<space>user ).
8214 Don't change this unless your system uses a different UNIX mailbox format
8216 .ip UnsafeGroupWrites
8219 :include: and .forward files that are group writable are considered
8222 they cannot reference programs or write directly to files.
8223 World writable :include: and .forward files
8226 .b DontBlameSendmail
8227 instead; this option is deprecated.
8232 header, send error messages to the addresses listed there.
8233 They normally go to the envelope sender.
8234 Use of this option causes
8236 to violate RFC 1123.
8237 This option is disrecommended and deprecated.
8238 .ip UserDatabaseSpec=\fIudbspec\fP
8240 The user database specification.
8243 Run in verbose mode.
8254 so that all mail is delivered completely
8256 so that you can see the entire delivery process.
8261 be set in the configuration file;
8262 it is intended for command line use only.
8263 Note that the use of option
8265 can cause authentication information to leak, if you use a
8266 sendmail client to authenticate to a server.
8267 If the authentication mechanism uses plain text passwords
8268 (as with LOGIN or PLAIN),
8269 then the password could be compromised.
8270 To avoid this, do not install sendmail set-user-ID root,
8273 SMTP command with a suitable
8276 .ip XscriptFileBufferSize=\fIthreshold\fP
8281 before a memory-based
8282 queue transcript file
8284 The default is 4096 bytes.
8286 All options can be specified on the command line using the
8290 to relinquish its set-user-ID permissions.
8291 The options that will not cause this are
8295 CheckpointInterval [C],
8302 OldStyleHeaders [o],
8313 SingleLineFromHeader,
8316 Actually, PrivacyOptions [p] given on the command line
8317 are added to those already specified in the
8319 file, i.e., they can't be reset.
8320 Also, M (define macro) when defining the r or s macros
8323 .sh 2 "P \*- Precedence Definitions"
8327 field may be defined using the
8330 The syntax of this field is:
8332 \fBP\fP\fIname\fP\fB=\fP\fInum\fP
8339 the message class is set to
8341 Higher numbers mean higher precedence.
8342 Numbers less than zero
8343 have the special property
8344 that if an error occurs during processing
8345 the body of the message will not be returned;
8346 this is expected to be used for
8348 mail such as through mailing lists.
8349 The default precedence is zero.
8351 our list of precedences is:
8354 Pspecial-delivery=100
8359 People writing mailing list exploders
8360 are encouraged to use
8361 .q "Precedence: list" .
8364 (which discarded all error returns for negative precedences)
8365 didn't recognize this name, giving it a default precedence of zero.
8366 This allows list maintainers to see error returns
8367 on both old and new versions of
8369 .sh 2 "V \*- Configuration Version Level"
8371 To provide compatibility with old configuration files,
8374 line has been added to define some very basic semantics
8375 of the configuration file.
8376 These are not intended to be long term supports;
8377 rather, they describe compatibility features
8378 which will probably be removed in future releases.
8384 to do with the version
8389 version 10 config files
8390 (specifically, 8.10)
8391 used version level 9 configurations.
8394 configuration files are defined as version level one.
8395 Version level two files make the following changes:
8397 Host name canonification ($[ ... $])
8398 appends a dot if the name is recognized;
8399 this gives the config file a way of finding out if anything matched.
8400 (Actually, this just initializes the
8404 flag \*- you can reset it to anything you prefer
8405 by declaring the map explicitly.)
8407 Default host name extension is consistent throughout processing;
8408 version level one configurations turned off domain extension
8409 (that is, adding the local domain name)
8410 during certain points in processing.
8411 Version level two configurations are expected to include a trailing dot
8412 to indicate that the name is already canonical.
8414 Local names that are not aliases
8415 are passed through a new distinguished ruleset five;
8416 this can be used to append a local relay.
8417 This behavior can be prevented by resolving the local name
8418 with an initial `@'.
8419 That is, something that resolves to a local mailer and a user name of
8421 will be passed through ruleset five,
8424 will have the `@' stripped,
8425 will not be passed through ruleset five,
8426 but will otherwise be treated the same as the prior example.
8427 The expectation is that this might be used to implement a policy
8430 was handled by a central hub,
8433 was delivered directly.
8435 Version level three files
8436 allow # initiated comments on all lines.
8437 Exceptions are backslash escaped # marks
8440 Version level four configurations
8441 are completely equivalent to level three
8442 for historical reasons.
8444 Version level five configuration files
8445 change the default definition of
8447 to be just the first component of the hostname.
8449 Version level six configuration files
8450 change many of the local processing options
8451 (such as aliasing and matching the beginning of the address for
8454 this allows fine-grained control over the special local processing.
8455 Level six configuration files may also use long option names.
8458 option (to allow colons in the local-part of addresses)
8461 for lower numbered configuration files;
8462 the configuration file requires some additional intelligence
8463 to properly handle the RFC 822 group construct.
8465 Version level seven configuration files
8466 used new option names to replace old macros
8470 .b SmtpGreetingMessage ,
8478 Also, prior to version seven,
8481 flag (use 250 instead of 252 return value for
8486 Version level eight configuration files allow
8488 on the left hand side of ruleset lines.
8490 Version level nine configuration files allow
8491 parentheses in rulesets, i.e. they are not treated
8492 as comments and hence removed.
8494 Version level ten configuration files allow
8495 queue group definitions.
8499 line may have an optional
8502 to indicate that this configuration file uses modifications
8503 specific to a particular vendor\**.
8505 \**And of course, vendors are encouraged to add themselves
8506 to the list of recognized vendors by editing the routine
8510 Please send e-mail to sendmail@Sendmail.ORG
8511 to register your vendor dialect.
8515 to emphasize that this configuration file
8516 uses the Berkeley dialect of
8518 .sh 2 "K \*- Key File Declaration"
8520 Special maps can be defined using the line:
8522 Kmapname mapclass arguments
8526 is the handle by which this map is referenced in the rewriting rules.
8529 is the name of a type of map;
8530 these are compiled in to
8534 are interpreted depending on the class;
8536 there would be a single argument naming the file containing the map.
8538 Maps are referenced using the syntax:
8540 $( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $)
8542 where either or both of the
8546 portion may be omitted.
8549 may appear more than once.
8554 are passed to the appropriate mapping function.
8555 If it returns a value, it replaces the input.
8556 If it does not return a value and the
8561 Otherwise, the input is unchanged.
8565 are passed to the map for arbitrary use.
8566 Most map classes can interpolate these arguments
8567 into their values using the syntax
8572 to indicate the corresponding
8576 indicates the database key.
8577 For example, the rule
8580 R$\- ! $+ $: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $)
8582 Looks up the UUCP name in a (user defined) UUCP map;
8583 if not found it turns it into
8586 The database might contain records like:
8588 decvax %1@%0.DEC.COM
8589 research %1@%0.ATT.COM
8593 clauses never do this mapping.
8595 The built-in map with both name and class
8597 is the host name canonicalization lookup.
8601 $(host \fIhostname\fP$)
8608 There are many defined classes.
8610 Database lookups using the ndbm(3) library.
8612 must be compiled with
8616 Database lookups using the btree interface to the Berkeley DB
8619 must be compiled with
8623 Database lookups using the hash interface to the Berkeley DB
8626 must be compiled with
8632 must be compiled with
8638 must be compiled with
8641 The argument is the name of the table to use for lookups,
8646 flags may be used to set the key and value columns respectively.
8650 must be compiled with
8654 LDAP X500 directory lookups.
8656 must be compiled with
8659 The map supports most of the standard arguments
8660 and most of the command line arguments of the
8665 if a single query matches multiple values,
8666 only the first value will be returned
8673 map flag will treat a multiple value return
8674 as if there were no matches.
8676 NeXT NetInfo lookups.
8678 must be compiled with
8683 The format of the text file is defined by the
8687 (value field number),
8694 Contributed and supported by
8695 Mark Roth, roth@uiuc.edu.
8696 For more information,
8697 consult the web site
8698 .q http://www-dev.cites.uiuc.edu/sendmail/ .
8700 nsd map for IRIX 6.5 and later.
8701 Contributed and supported by Bob Mende of SGI,
8704 Internal symbol table lookups.
8705 Used internally for aliasing.
8707 Really should be called
8709 \(em this is used to get the default lookups
8711 and is the default if no class is specified for alias files.
8713 Looks up users using
8717 flag can be used to specify the name of the field to return
8718 (although this is normally used only to check the existence
8721 Canonifies host domain names.
8722 Given a host name it calls the name server
8723 to find the canonical name for that host.
8725 Returns the best MX record for a host name given as the key.
8726 The current machine is always preferred \*-
8727 that is, if the current machine is one of the hosts listed as a
8728 lowest-preference MX record, then it will be guaranteed to be returned.
8729 This can be used to find out if this machine is the target for an MX record,
8730 and mail can be accepted on that basis.
8733 flag is given, then all MX names are returned,
8734 separated by the given delimiter.
8736 This map requires the option -R to specify the DNS resource record
8737 type to lookup. The following types are supported:
8738 A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
8739 A map lookup will return only one record.
8740 Hence for some types, e.g., MX records, the return value might be a random
8741 element of the list due to randomizing in the DNS resolver.
8743 The arguments on the `K' line are a list of maps;
8744 the resulting map searches the argument maps in order
8745 until it finds a match for the indicated key.
8746 For example, if the key definition is:
8750 Kseqmap sequence map1 map2
8752 then a lookup against
8754 first does a lookup in map1.
8755 If that is found, it returns immediately.
8756 Otherwise, the same key is used for map2.
8758 the key is logged via
8760 The lookup returns the empty string.
8764 map except that the order of maps is determined by the service switch.
8765 The argument is the name of the service to be looked up;
8766 the values from the service switch are appended to the map name
8767 to create new map names.
8768 For example, consider the key definition:
8772 together with the service switch entry:
8776 This causes a query against the map
8778 to search maps named
8784 Strip double quotes (") from a name.
8785 It does not strip backslashes,
8786 and will not strip quotes if the resulting string
8787 would contain unscannable syntax
8788 (that is, basic errors like unbalanced angle brackets;
8789 more sophisticated errors such as unknown hosts are not checked).
8790 The intent is for use when trying to accept mail from systems such as
8792 that routinely quote odd syntax such as
8796 A typical usage is probably something like:
8802 R$\- $: $(dequote $1 $)
8803 R$\- $+ $: $>3 $1 $2
8805 Care must be taken to prevent unexpected results;
8808 "|someprogram < input > output"
8810 will have quotes stripped,
8811 but the result is probably not what you had in mind.
8812 Fortunately these cases are rare.
8814 The map definition on the
8816 line contains a regular expression.
8817 Any key input is compared to that expression using the
8818 POSIX regular expressions routines regcomp(), regerr(), and regexec().
8819 Refer to the documentation for those routines for more information
8820 about the regular expression matching.
8821 No rewriting of the key is done if the
8823 flag is used. Without it, the key is discarded or if
8825 if used, it is substituted by the substring matches, delimited by
8827 or the string specified with the the
8829 flag. The flags available for the map are
8834 -b basic regular expressions (default is extended)
8836 -d set the delimiter used for -s
8837 -a append string to key
8838 -m match only, do not replace/discard value
8839 -D perform no lookup in deferred delivery mode.
8843 flag can include an optional parameter which can be used
8844 to select the substrings in the result of the lookup. For example,
8853 If the pattern contains spaces, they must be replaced
8854 with the blank substitution character, unless it is
8857 The arguments on the
8859 line are the pathname to a program and any initial parameters to be passed.
8860 When the map is called,
8861 the key is added to the initial parameters
8862 and the program is invoked
8863 as the default user/group id.
8864 The first line of standard output is returned as the value of the lookup.
8865 This has many potential security problems,
8866 and has terrible performance;
8867 it should be used only when absolutely necessary.
8869 Set or clear a macro value.
8871 pass the value as the first argument in the map lookup.
8873 do not pass an argument in the map lookup.
8874 The map always returns the empty string.
8875 Example of typical usage include:
8881 # set macro ${MyMacro} to the ruleset match
8882 R$+ $: $(storage {MyMacro} $@ $1 $) $1
8883 # set macro ${MyMacro} to an empty string
8884 R$* $: $(storage {MyMacro} $@ $) $1
8885 # clear macro ${MyMacro}
8886 R$\- $: $(storage {MyMacro} $) $1
8889 Perform simple arithmetic operations.
8890 The operation is given as key, currently
8892 |, & (bitwise OR, AND),
8893 l (for less than), =,
8894 and r (for random) are supported.
8895 The two operands are given as arguments.
8896 The lookup returns the result of the computation,
8901 for comparisons, integer values otherwise.
8902 The r operator returns a pseudo-random number whose value
8903 lies between the first and second operand
8904 (which requires that the first operand is smaller than the second).
8905 All options which are possible for maps are ignored.
8906 A simple example is:
8913 R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1
8914 RFALSE $# error \&...
8917 The socket map uses a simple request/reply protocol over TCP or UNIX domain
8918 sockets to query an external server.
8919 Both requests and replies are text based and encoded as netstrings,
8920 i.e., a string "hello there" becomes:
8924 Note: neither requests nor replies end with CRLF.
8926 The request consists of the database map name and the lookup key separated
8927 by a space character:
8933 The server responds with a status indicator and the result (if any):
8936 <status> ' ' <result>
8939 The status indicator specifies the result of the lookup operation itself
8940 and is one of the following upper case words:
8943 OK the key was found, result contains the looked up value
8944 NOTFOUND the key was not found, the result is empty
8945 TEMP a temporary failure occured
8946 TIMEOUT a timeout occured on the server side
8947 PERM a permanent failure occured
8950 In case of errors (status TEMP, TIMEOUT or PERM) the result field may
8951 contain an explanatory message.
8952 However, the explanatory message is not used any further by
8957 31:OK resolved.address@example.com,
8961 56:OK error:550 5.7.1 User does not accept mail from sender,
8964 in case of successful lookups, or:
8969 in case the key was not found, or:
8971 55:TEMP this text explains that we had a temporary failure,
8974 in case of a temporary map lookup failure.
8976 The socket map uses the same syntax as milters
8977 (see Section "X \*- Mail Filter (Milter) Definitions")
8978 to specify the remote endpoint, e.g.,
8980 Ksocket mySocketMap inet:12345@127.0.0.1
8983 If multiple socket maps define the same remote endpoint, they will share
8984 a single connection to this endpoint.
8986 Most of these accept as arguments the same optional flags
8988 (or a mapname for NIS;
8989 the filename is the root of the database path,
8992 or some other extension appropriate for the database type
8993 will be added to get the actual database name).
8996 Indicates that this map is optional \*- that is,
8997 if it cannot be opened,
8998 no error is produced,
9001 will behave as if the map existed but was empty.
9009 uses an adaptive algorithm to decide whether or not to look for null bytes
9011 It starts by trying both;
9012 if it finds any key with a null byte it never tries again without a null byte
9016 is specified it never tries without a null byte and
9019 is specified it never tries with a null byte.
9021 these can speed matches but are never necessary.
9028 will never try any matches at all \(em
9029 that is, everything will appear to fail.
9033 on successful matches.
9034 For example, the default
9036 map appends a dot on successful matches.
9040 on temporary failures.
9043 would be appended if a DNS lookup returned
9045 or an NIS lookup could not locate a server.
9050 Do not fold upper to lower case before looking up the key.
9052 Match only (without replacing the value).
9053 If you only care about the existence of a key and not the value
9054 (as you might when searching the NIS map
9057 this flag prevents the map from substituting the value.
9059 The \-a argument is still appended on a match,
9060 and the default is still taken if the match fails.
9061 .ip "\-k\fIkeycol\fP"
9062 The key column name (for NIS+) or number
9064 For LDAP maps this is an LDAP filter string
9065 in which %s is replaced with the literal contents of the lookup key
9066 and %0 is replaced with the LDAP escaped contents of the lookup key
9067 according to RFC 2254.
9070 is used, then %1 through %9 are replaced with the LDAP escaped contents
9071 of the arguments specified in the map lookup.
9072 .ip "\-v\fIvalcol\fP"
9073 The value column name (for NIS+) or number
9075 For LDAP maps this is the name of one or more
9076 attributes to be returned;
9077 multiple attributes can be separated by commas.
9078 If not specified, all attributes found in the match
9080 The attributes listed can also include a type and one or more
9081 objectClass values for matching as described in the LDAP section.
9082 .ip "\-z\fIdelim\fP"
9083 The column delimiter (for text lookups).
9084 It can be a single character or one of the special strings
9088 to indicate newline or tab respectively.
9089 If omitted entirely,
9090 the column separator is any sequence of white space.
9091 For LDAP maps this is the separator character
9092 to combine multiple values
9093 into a single return string.
9095 the LDAP lookup will only return the first match found.
9096 For DNS maps this is the separator character at which
9097 the result of a query is cut off if is too long.
9099 Normally, when a map attempts to do a lookup
9100 and the server fails
9103 couldn't contact any name server;
9106 the same as an entry not being found in the map),
9107 the message being processed is queued for future processing.
9110 flag turns off this behavior,
9111 letting the temporary failure (server down)
9112 act as though it were a permanent failure (entry not found).
9113 It is particularly useful for DNS lookups,
9114 where someone else's misconfigured name server can cause problems
9116 However, care must be taken to ensure that you don't bounce mail
9117 that would be resolved correctly if you tried again.
9118 A common strategy is to forward such mail
9119 to another, possibly better connected, mail server.
9121 Perform no lookup in deferred delivery mode.
9122 This flag is set by default for the
9125 .ip "\-S\fIspacesub\fP
9126 The character to use to replace space characters
9127 after a successful map lookup (esp. useful for regex
9129 .ip "\-s\fIspacesub\fP
9130 For the dequote map only,
9131 the character to use to replace space characters
9132 after a successful dequote.
9134 Don't dequote the key before lookup.
9136 For the syslog map only, it specifies the level
9137 to use for the syslog call.
9139 When rebuilding an alias file,
9142 flag causes duplicate entries in the text version
9144 For example, two entries:
9149 would be treated as though it were the single entry
9151 list: user1, user2, user3
9153 in the presence of the
9157 Some additional flags are available for the host and dns maps:
9159 delay: specify the resolver's retransmission time interval (in seconds).
9161 retry: specify the number of times to retransmit a resolver query.
9163 The dns map has another flag:
9165 basedomain: specify a domain that is always appended to queries.
9167 The following additional flags are present in the ldap map only:
9169 Do not auto chase referrals. sendmail must be compiled with
9170 .b \-DLDAP_REFERRALS
9173 Retrieve attribute names only.
9175 Retrieve both attributes name and value(s),
9178 .ip "\-r\fIderef\fP"
9179 Set the alias dereference option to one of never, always, search, or find.
9180 .ip "\-s\fIscope\fP"
9181 Set search scope to one of base, one (one level), or sub (subtree).
9183 LDAP server hostname.
9184 Some LDAP libraries allow you to specify multiple, space-separated hosts for
9186 In addition, each of the hosts listed can be followed by a colon and a port
9187 number to override the default LDAP port.
9190 .ip "\-H \fILDAPURI\fP"
9191 Use the specified LDAP URI instead of specifying the hostname and port
9192 separately with the the
9196 options shown above.
9199 -h server.example.com -p 389 -b dc=example,dc=com
9203 -H ldap://server.example.com:389 -b dc=example,dc=com
9205 If the LDAP library supports it,
9206 the LDAP URI format however can also request LDAP over SSL by using
9212 O LDAPDefaultSpec=-H ldaps://ldap.example.com -b dc=example,dc=com
9214 Similarly, if the LDAP library supports it,
9215 It can also be used to specify a UNIX domain socket using
9218 O LDAPDefaultSpec=-H ldapi://socketfile -b dc=example,dc=com
9222 .ip "\-l\fItimelimit\fP"
9223 Time limit for LDAP queries.
9224 .ip "\-Z\fIsizelimit\fP"
9225 Size (number of matches) limit for LDAP or DNS queries.
9226 .ip "\-d\fIdistinguished_name\fP"
9227 The distinguished name to use to login to the LDAP server.
9228 .ip "\-M\fImethod\fP"
9229 The method to authenticate to the LDAP server.
9232 .b LDAP_AUTH_SIMPLE ,
9234 .b LDAP_AUTH_KRBV4 .
9235 .ip "\-P\fIpasswordfile\fP"
9236 The file containing the secret key for the
9238 authentication method
9239 or the name of the Kerberos ticket file for
9240 .b LDAP_AUTH_KRBV4 .
9242 Force LDAP searches to only succeed if a single match is found.
9243 If multiple values are found,
9244 the search is treated as if no match was found.
9245 .ip "\-w\fIversion\fP"
9246 Set the LDAP API/protocol version to use.
9247 The default depends on the LDAP client libraries in use.
9252 to use LDAPv3 when communicating with the LDAP server.
9254 Treat the LDAP search key as multi-argument and
9255 replace %1 through %9 in the key with
9256 the LDAP escaped contents of the lookup arguments specified in the map lookup.
9260 map appends the strings
9264 to the given filename;
9271 For example, the map specification
9273 Kuucp dbm \-o \-N /etc/mail/uucpmap
9275 specifies an optional map named
9279 it always has null bytes at the end of every string,
9280 and the data is located in
9281 /etc/mail/uucpmap.{dir,pag}.
9285 can be used to build any of the three database-oriented maps.
9286 It takes the following flags:
9288 Do not fold upper to lower case in the map.
9290 Include null bytes in keys.
9292 Append to an existing (old) file.
9294 Allow replacement of existing keys;
9295 normally, re-inserting an existing key is an error.
9297 Print what is happening.
9301 daemon does not have to be restarted to read the new maps
9302 as long as you change them in place;
9303 file locking is used so that the maps won't be read
9304 while they are being updated.
9306 New classes can be added in the routine
9310 .sh 2 "Q \*- Queue Group Declaration"
9312 In addition to the option
9314 queue groups can be declared that define a (group of) queue directories
9315 under a common name.
9316 The syntax is as follows:
9326 is the symbolic name of the queue group under which
9327 it can be referenced in various places
9330 pairs define attributes of the queue group.
9331 The name must only consist of alphanumeric characters.
9334 Flags for this queue group.
9336 The nice(2) increment for the queue group.
9337 This value must be greater or equal zero.
9339 The time between two queue runs.
9341 The queue directory of the group (required).
9343 The number of parallel runners processing the queue.
9346 must be set if this value is greater than one.
9348 The maximum number of jobs (messages delivered) per queue run.
9350 The maximum number of recipients per envelope.
9351 Envelopes with more than this number of recipients will be split
9352 into multiple envelopes in the same queue directory.
9353 The default value 0 means no limit.
9355 Only the first character of the field name is checked.
9357 By default, a queue group named
9359 is defined that uses the value of the
9362 Notice: all paths that are used for queue groups must
9363 be subdirectories of
9365 Since they can be symbolic links, this isn't a real restriction,
9368 uses a wildcard, then the directory one level up is considered
9369 the ``base'' directory which all other queue directories must share.
9370 Please make sure that the queue directories do not overlap,
9371 e.g., do not specify
9373 O QueueDirectory=/var/spool/mqueue/*
9374 Qone, P=/var/spool/mqueue/dir1
9375 Qtwo, P=/var/spool/mqueue/dir2
9377 because this also includes
9381 in the default queue group.
9384 O QueueDirectory=/var/spool/mqueue/main*
9385 Qone, P=/var/spool/mqueue/dir
9386 Qtwo, P=/var/spool/mqueue/other*
9388 is a valid queue group specification.
9390 Options listed in the ``Flags'' field can be used to modify
9391 the behavior of a queue group.
9392 The ``f'' flag must be set if multiple queue runners are
9393 supposed to work on the entries in a queue group.
9396 will work on the entries strictly sequentially.
9398 The ``Interval'' field sets the time between queue runs.
9399 If no queue group specific interval is set, then the parameter of the
9401 option from the command line is used.
9403 To control the overall number of concurrently active queue runners
9407 This limits the number of processes used for running the queues to
9408 .b MaxQueueChildren ,
9409 though at any one time fewer processes may be active
9410 as a result of queue options, completed queue runs, system load, etc.
9412 The maximum number of queue runners for an individual queue group can be
9416 If set to 0, entries in the queue will not be processed, which
9417 is useful to ``quarantine'' queue files.
9418 The number of runners per queue group may also be set with the option
9419 .b MaxRunnersPerQueue ,
9420 which applies to queue groups that have no individual limit.
9421 That is, the default value for
9424 .b MaxRunnersPerQueue
9425 if set, otherwise 1.
9427 The field Jobs describes the maximum number of jobs
9428 (messages delivered) per queue run, which is the queue group specific
9430 .b MaxQueueRunSize .
9432 Notice: queue groups should be declared after all queue related options
9433 have been set because queue groups take their defaults from those options.
9434 If an option is set after a queue group declaration, the values of
9435 options in the queue group are set to the defaults of
9437 unless explicitly set in the declaration.
9439 Each envelope is assigned to a queue group based on the algorithm
9440 described in section
9441 ``Queue Groups and Queue Directories''.
9442 .sh 2 "X \*- Mail Filter (Milter) Definitions"
9446 Mail Filter API (Milter) is designed to allow third-party programs access
9447 to mail messages as they are being processed in order to filter
9448 meta-information and content.
9449 They are declared in the configuration file as:
9459 is the name of the filter
9460 (used internally only)
9463 pairs define attributes of the filter.
9464 Also see the documentation for the
9466 option for more information.
9471 Socket The socket specification
9472 Flags Special flags for this filter
9473 Timeouts Timeouts for this filter
9475 Only the first character of the field name is checked
9476 (it's case-sensitive).
9478 The socket specification is one of the following forms:
9501 The first two describe an IPv4 or IPv6 socket listening on a certain
9506 The final form describes a named socket on the filesystem at the given
9509 The following flags may be set in the filter description.
9512 Reject connection if filter unavailable.
9514 Temporary fail connection if filter unavailable.
9516 If neither F=R nor F=T is specified, the message is passed through
9518 in case of filter errors as if the failing filters were not present.
9520 The timeouts can be set using the four fields inside of the
9525 Timeout for connecting to a filter.
9526 If set to 0, the system's
9528 timeout will be used.
9530 Timeout for sending information from the MTA to a filter.
9532 Timeout for reading reply from the filter.
9534 Overall timeout between sending end-of-message to filter and waiting for
9535 the final acknowledgment.
9537 Note the separator between each timeout field is a
9539 The default values (if not set) are:
9540 .b T=C:5m;S:10s;R:10s;E:5m
9549 Xfilter1, S=local:/var/run/f1.sock, F=R
9550 Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m
9551 Xfilter3, S=inet:3333@localhost, T=C:2m
9553 .sh 2 "The User Database"
9555 The user database is deprecated in favor of ``virtusertable''
9556 and ``genericstable'' as explained in the file
9558 If you have a version of
9560 with the user database package
9562 the handling of sender and recipient addresses
9565 The location of this database is controlled with the
9568 .sh 3 "Structure of the user database"
9570 The database is a sorted (BTree-based) structure.
9571 User records are stored with the key:
9573 \fIuser-name\fP\fB:\fP\fIfield-name\fP
9575 The sorted database format ensures that user records are clustered together.
9576 Meta-information is always stored with a leading colon.
9578 Field names define both the syntax and semantics of the value.
9579 Defined fields include:
9582 The delivery address for this user.
9583 There may be multiple values of this record.
9585 mailing lists will have one
9587 record for each user on the list.
9589 The outgoing mailname for this user.
9590 For each outgoing name,
9591 there should be an appropriate
9593 record for that name to allow return mail.
9595 .i :default:mailname .
9597 Changes any mail sent to this address to have the indicated envelope sender.
9598 This is intended for mailing lists,
9599 and will normally be the name of an appropriate -request address.
9600 It is very similar to the owner-\c
9602 syntax in the alias file.
9604 The full name of the user.
9606 The office address for this user.
9608 The office phone number for this user.
9610 The office FAX number for this user.
9612 The home address for this user.
9614 The home phone number for this user.
9616 The home FAX number for this user.
9618 A (short) description of the project this person is affiliated with.
9619 In the University this is often just the name of their graduate advisor.
9621 A pointer to a file from which plan information can be gathered.
9624 only a few of these fields are actually being used by
9631 program that uses the other fields is planned.
9632 .sh 3 "User database semantics"
9634 When the rewriting rules submit an address to the local mailer,
9635 the user name is passed through the alias file.
9636 If no alias is found (or if the alias points back to the same address),
9640 is then used as a key in the user database.
9641 If no match occurs (or if the maildrop points at the same address),
9642 forwarding is tried.
9644 If the first token of the user name returned by ruleset 0
9647 sign, the user database lookup is skipped.
9648 The intent is that the user database will act as a set of defaults
9649 for a cluster (in our case, the Computer Science Division);
9650 mail sent to a specific machine should ignore these defaults.
9653 the name of the sending user is looked up in the database.
9657 the value of that record is used as their outgoing name.
9658 For example, I might have a record:
9660 eric:mailname Eric.Allman@CS.Berkeley.EDU
9662 This would cause my outgoing mail to be sent as Eric.Allman.
9666 is found for the user,
9667 but no corresponding
9671 .q :default:mailname
9673 If present, this is the name of a host to override the local host.
9674 For example, in our case we would set it to
9675 .q CS.Berkeley.EDU .
9676 The effect is that anyone known in the database
9677 gets their outgoing mail stamped as
9678 .q user@CS.Berkeley.EDU ,
9679 but people not listed in the database use the local hostname.
9680 .sh 3 "Creating the database\**"
9682 \**These instructions are known to be incomplete.
9683 Other features are available which provide similar functionality,
9684 e.g., virtual hosting and mapping local addresses into a
9685 generic form as explained in cf/README.
9688 The user database is built from a text file
9692 (in the distribution in the makemap subdirectory).
9693 The text file is a series of lines corresponding to userdb records;
9694 each line has a key and a value separated by white space.
9695 The key is always in the format described above \*-
9700 This file is normally installed in a system directory;
9701 for example, it might be called
9702 .i /etc/mail/userdb .
9703 To make the database version of the map, run the program:
9705 makemap btree /etc/mail/userdb < /etc/mail/userdb
9707 Then create a config file that uses this.
9708 For example, using the V8 M4 configuration, include the
9709 following line in your .mc file:
9711 define(\`confUSERDB_SPEC\', /etc/mail/userdb)
9713 .sh 1 "OTHER CONFIGURATION"
9715 There are some configuration changes that can be made by
9718 This section describes what changes can be made
9719 and what has to be modified to make them.
9720 In most cases this should be unnecessary
9721 unless you are porting
9723 to a new environment.
9724 .sh 2 "Parameters in devtools/OS/$oscf"
9726 These parameters are intended to describe the compilation environment,
9728 and should normally be defined in the operating system
9730 .b "This section needs a complete rewrite."
9733 the new version of the DBM library
9734 that allows multiple databases will be used.
9735 If neither NDBM nor NEWDB are set,
9736 a much less efficient method of alias lookup is used.
9738 If set, use the new database package from Berkeley (from 4.4BSD).
9739 This package is substantially faster than DBM or NDBM.
9740 If NEWDB and NDBM are both set,
9742 will read DBM files,
9743 but will create and use NEWDB files.
9745 Include support for NIS.
9746 If set together with
9750 will create both DBM and NEWDB files if and only if
9751 an alias file includes the substring
9754 This is intended for compatibility with Sun Microsystems'
9756 program used on YP masters.
9758 Compile in support for NIS+.
9760 Compile in support for NetInfo (NeXT stations).
9762 Compile in support for LDAP X500 queries.
9763 Requires libldap and liblber
9764 from the Umich LDAP 3.2 or 3.3 release
9765 or equivalent libraries for other LDAP libraries
9768 Compile in support for Hesiod.
9770 Compile in support for IRIX NSD lookups.
9772 Compile in support for regular expression matching.
9774 Compile in support for DNS map lookups in the
9778 Compile in support for ph lookups.
9780 Compile in support for SASL,
9781 a required component for SMTP Authentication support.
9783 Compile in support for STARTTLS.
9785 Compile in support for the "Entropy Gathering Daemon"
9786 to provide better random data for TLS.
9788 Compile in support for TCP Wrappers.
9789 .ip _PATH_SENDMAILCF
9790 The pathname of the sendmail.cf file.
9791 .ip _PATH_SENDMAILPID
9792 The pathname of the sendmail.pid file.
9794 Compile in support for shared memory, see section about
9795 "/var/spool/mqueue".
9797 Compile in support for contacting external mail filters built with the
9800 There are also several compilation flags to indicate the environment
9805 See the sendmail/README
9806 file for the latest scoop on these flags.
9807 .sh 2 "Parameters in sendmail/conf.h"
9809 Parameters and compilation options
9810 are defined in conf.h.
9811 Most of these need not normally be tweaked;
9812 common parameters are all in sendmail.cf.
9813 However, the sizes of certain primitive vectors, etc.,
9814 are included in this file.
9815 The numbers following the parameters
9816 are their default value.
9818 This document is not the best source of information
9819 for compilation flags in conf.h \(em
9820 see sendmail/README or sendmail/conf.h itself.
9822 .ip "MAXLINE [2048]"
9823 The maximum line length of any input line.
9824 If message lines exceed this length
9825 they will still be processed correctly;
9826 however, header lines,
9827 configuration file lines,
9830 must fit within this limit.
9832 The maximum length of any name,
9833 such as a host or a user name.
9835 The maximum number of parameters to any mailer.
9836 This limits the number of recipients that may be passed in one transaction.
9837 It can be set to any arbitrary number above about 10,
9840 will break up a delivery into smaller batches as needed.
9841 A higher number may reduce load on your system, however.
9842 .ip "MAXQUEUEGROUPS [50]"
9843 The maximum number of queue groups.
9844 .ip "MAXATOM [1000]"
9845 The maximum number of atoms
9847 in a single address.
9850 .q "eric@CS.Berkeley.EDU"
9852 .ip "MAXMAILERS [25]"
9853 The maximum number of mailers that may be defined
9854 in the configuration file.
9855 This value is defined in include/sendmail/sendmail.h.
9856 .ip "MAXRWSETS [200]"
9857 The maximum number of rewriting sets
9858 that may be defined.
9859 The first half of these are reserved for numeric specification
9861 while the upper half are reserved for auto-numbering
9863 Thus, with a value of 200 an attempt to use ``S99'' will succeed,
9864 but ``S100'' will fail.
9865 .ip "MAXPRIORITIES [25]"
9866 The maximum number of values for the
9868 field that may be defined
9871 line in sendmail.cf).
9872 .ip "MAXUSERENVIRON [100]"
9873 The maximum number of items in the user environment
9874 that will be passed to subordinate mailers.
9875 .ip "MAXMXHOSTS [100]"
9876 The maximum number of MX records we will accept for any single host.
9877 .ip "MAXMAPSTACK [12]"
9878 The maximum number of maps that may be "stacked" in a
9881 .ip "MAXMIMEARGS [20]"
9882 The maximum number of arguments in a MIME Content-Type: header;
9883 additional arguments will be ignored.
9884 .ip "MAXMIMENESTING [20]"
9885 The maximum depth to which MIME messages may be nested
9886 (that is, nested Message or Multipart documents;
9887 this does not limit the number of components in a single Multipart document).
9888 .ip "MAXDAEMONS [10]"
9889 The maximum number of sockets sendmail will open for accepting connections
9891 .ip "MAXMACNAMELEN [25]"
9892 The maximum length of a macro name.
9894 A number of other compilation options exist.
9895 These specify whether or not specific code should be compiled in.
9896 Ones marked with \(dg
9901 support for Internet protocol networking is compiled in.
9902 Previous versions of
9906 this old usage is now incorrect.
9908 turn it off in the Makefile
9909 if your system doesn't support the Internet protocols.
9912 support for IPv6 networking is compiled in.
9913 It must be separately enabled by adding
9914 .b DaemonPortOptions
9918 support for ISO protocol networking is compiled in
9919 (it may be appropriate to #define this in the Makefile instead of conf.h).
9922 support for UNIX domain sockets is compiled in.
9923 This is used for control socket support.
9928 routine in use at some sites is used.
9929 This makes an informational log record
9930 for each message processed,
9931 and makes a higher priority log record
9932 for internal system errors.
9933 .b "STRONGLY RECOMMENDED"
9934 \(em if you want no logging, turn it off in the configuration file.
9936 Compile in the code to do ``fuzzy matching'' on the GECOS field
9938 This also requires that the
9940 option be turned on.
9942 Compile in code to use the
9943 Berkeley Internet Name Domain (BIND) server
9944 to resolve TCP/IP host names.
9946 If you are using a non-UNIX mail format,
9947 you can set this flag to turn off special processing
9954 Berkeley user information database package.
9955 This adds a new level of local name expansion
9956 between aliasing and forwarding.
9957 It also uses the NEWDB package.
9958 This may change in future releases.
9960 The following options are normally turned on
9961 in per-operating-system clauses in conf.h.
9963 Compile in the IDENT protocol as defined in RFC 1413.
9964 This defaults on for all systems except Ultrix,
9965 which apparently has the interesting
9967 that when it receives a
9968 .q "host unreachable"
9969 message it closes all open connections to that host.
9970 Since some firewall gateways send this error code
9971 when you access an unauthorized port (such as 113, used by IDENT),
9972 Ultrix cannot receive email from such hosts.
9974 Set all of the compilation parameters appropriate for System V.
9981 Due to the highly unusual semantics of locks
9984 this should always be used if at all possible.
9986 Set this if your system has the
9989 (if you have multiple group support).
9990 This is the default if SYSTEM5 is
9992 defined or if you are on HPUX.
9994 Set this if you have the
9996 system call (or corresponding library routine).
10000 .ip HASGETDTABLESIZE
10001 Set this if you have the
10002 .i getdtablesize (2)
10005 Set this if you have the
10008 .ip FAST_PID_RECYCLE
10009 Set this if your system can possibly
10010 reuse the same pid in the same second of time.
10012 The mechanism that can be used to get file system capacity information.
10013 The values can be one of
10014 SFS_USTAT (use the ustat(2) syscall),
10015 SFS_4ARGS (use the four argument statfs(2) syscall),
10016 SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>),
10017 SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>),
10018 SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>),
10019 SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>),
10021 SFS_NONE (no way to get this information).
10023 The load average type.
10024 Details are described below.
10026 The are several built-in ways of computing the load average.
10028 tries to auto-configure them based on imperfect guesses;
10029 you can select one using the
10038 The kernel stores the load average in the kernel as an array of long integers.
10039 The actual values are scaled by a factor FSCALE
10042 The kernel stores the load average in the kernel as an array of short integers.
10043 The actual values are scaled by a factor FSCALE
10046 The kernel stores the load average in the kernel as an array of
10047 double precision floats.
10049 Use MACH-style load averages.
10053 routine to get the load average as an array of doubles.
10055 Always return zero as the load average.
10056 This is the fallback case.
10064 you may also need to specify
10066 (the path to your system binary)
10069 (the name of the variable containing the load average in the kernel;
10074 .sh 2 "Configuration in sendmail/conf.c"
10076 The following changes can be made in conf.c.
10077 .sh 3 "Built-in Header Semantics"
10079 Not all header semantics are defined in the configuration file.
10080 Header lines that should only be included by certain mailers
10081 (as well as other more obscure semantics)
10082 must be specified in the
10086 This table contains the header name
10087 (which should be in all lower case)
10088 and a set of header control flags (described below),
10091 Normally when the check is made to see if a header line is compatible
10094 will not delete an existing line.
10095 If this flag is set,
10098 even existing header lines.
10100 if this bit is set and the mailer does not have flag bits set
10101 that intersect with the required mailer flags
10102 in the header definition in
10108 If this header field is set,
10109 treat it like a blank line,
10111 it will signal the end of the header
10112 and the beginning of the message text.
10114 Add this header entry
10115 even if one existed in the message before.
10116 If a header entry does not have this bit set,
10118 will not add another header line if a header line
10119 of this name already existed.
10120 This would normally be used to stamp the message
10121 by everyone who handled it.
10124 this is a timestamp
10127 If the number of trace fields in a message
10128 exceeds a preset amount
10129 the message is returned
10130 on the assumption that it has an aliasing loop.
10133 this field contains recipient addresses.
10134 This is used by the
10136 flag to determine who to send to
10137 when it is collecting recipients from the message.
10139 This flag indicates that this field
10140 specifies a sender.
10141 The order of these fields in the
10146 for which field to return error messages to.
10148 Addresses in this header should receive error messages.
10150 This header is a Content-Transfer-Encoding header.
10152 This header is a Content-Type header.
10154 Strip the value from the header (for Bcc:).
10157 Let's look at a sample
10161 .ta 4n +\w'"content-transfer-encoding", 'u
10162 struct hdrinfo HdrInfo[] =
10164 /* originator fields, most to least significant */
10165 "resent-sender", H_FROM,
10166 "resent-from", H_FROM,
10169 "full-name", H_ACHECK,
10170 "errors-to", H_FROM\^|\^H_ERRORSTO,
10171 /* destination fields */
10173 "resent-to", H_RCPT,
10175 "bcc", H_RCPT\^|\^H_STRIPVAL,
10176 /* message identification and control */
10180 "received", H_TRACE\^|\^H_FORCE,
10181 /* miscellaneous fields */
10182 "content-transfer-encoding", H_CTE,
10183 "content-type", H_CTYPE,
10188 This structure indicates that the
10194 all specify recipient addresses.
10197 field will be deleted unless the required mailer flag
10198 (indicated in the configuration file)
10204 fields will terminate the header;
10205 these are used by random dissenters around the network world.
10208 field will always be added,
10209 and can be used to trace messages.
10211 There are a number of important points here.
10213 header fields are not added automatically just because they are in the
10216 they must be specified in the configuration file
10217 in order to be added to the message.
10218 Any header fields mentioned in the configuration file but not
10221 structure have default processing performed;
10223 they are added unless they were in the message already.
10227 structure only specifies cliched processing;
10228 certain headers are processed specially by ad hoc code
10229 regardless of the status specified in
10236 fields are always scanned on ARPANET mail
10237 to determine the sender\**;
10239 \**Actually, this is no longer true in SMTP;
10240 this information is contained in the envelope.
10241 The older ARPANET protocols did not completely distinguish
10242 envelope from header.
10244 this is used to perform the
10245 .q "return to sender"
10251 fields are used to determine the full name of the sender
10253 this is stored in the macro
10255 and used in a number of ways.
10256 .sh 3 "Restricting Use of Email"
10258 If it is necessary to restrict mail through a relay,
10261 routine can be modified.
10262 This routine is called for every recipient address.
10263 It returns an exit status
10264 indicating the status of the message.
10267 accepts the address,
10269 queues the message for a later try,
10272 .sm EX_UNAVAILABLE )
10273 reject the message.
10276 to print an error message
10279 if the message is rejected.
10286 .ta 4n +4n +4n +4n +4n +4n +4n
10289 register ADDRESS *to;
10290 register ENVELOPE *e;
10294 s = stab("private", ST_MAILER, ST_FIND);
10295 if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
10296 to->q_mailer == s->s_mailer)
10298 usrerr("No private net mail allowed through this machine");
10299 return (EX_UNAVAILABLE);
10301 if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
10303 usrerr("Message too large for non-local delivery");
10304 e\->e_flags |= EF_NORETURN;
10305 return (EX_UNAVAILABLE);
10311 This would reject messages greater than 50000 bytes
10312 unless they were local.
10317 to suppress the return of the actual body
10318 of the message in the error return.
10319 The actual use of this routine is highly dependent on the
10321 and use should be limited.
10322 .sh 3 "New Database Map Classes"
10324 New key maps can be added by creating a class initialization function
10325 and a lookup function.
10326 These are then added to the routine
10329 The initialization function is called as
10331 \fIxxx\fP_map_init(MAP *map, char *args)
10335 is an internal data structure.
10338 is a pointer to the portion of the configuration file line
10339 following the map class name;
10340 flags and filenames can be extracted from this line.
10341 The initialization function must return
10343 if it successfully opened the map,
10347 The lookup function is called as
10349 \fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp)
10353 defines the map internally.
10357 This may be (and often is) used destructively.
10360 is a list of arguments passed in from the rewrite line.
10361 The lookup function should return a pointer to the new value.
10362 If the map lookup fails,
10364 should be set to an exit status code;
10365 in particular, it should be set to
10367 if recovery is to be attempted by the higher level code.
10368 .sh 3 "Queueing Function"
10372 is called to decide if a message should be queued
10373 or processed immediately.
10374 Typically this compares the message priority to the current load average.
10375 The default definition is:
10378 shouldqueue(pri, ctime)
10382 if (CurrentLA < QueueLA)
10384 return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
10387 If the current load average
10390 which is set before this function is called)
10391 is less than the low threshold load average
10400 (that is, it should
10403 If the current load average exceeds the high threshold load average
10412 Otherwise, it computes the function based on the message priority,
10418 and the current and threshold load averages.
10420 An implementation wishing to take the actual age of the message into account
10424 which is the time that the message was first submitted to
10428 parameter is already weighted
10429 by the number of times the message has been tried
10430 (although this tends to lower the priority of the message with time);
10431 the expectation is that the
10433 would be used as an
10435 to ensure that messages are eventually processed.
10436 .sh 3 "Refusing Incoming SMTP Connections"
10439 .i refuseconnections
10442 if incoming SMTP connections should be refused.
10443 The current implementation is based exclusively on the current load average
10444 and the refuse load average option
10451 refuseconnections()
10453 return (RefuseLA > 0 && CurrentLA >= RefuseLA);
10456 A more clever implementation
10457 could look at more system resources.
10458 .sh 3 "Load Average Computation"
10462 returns the current load average (as a rounded integer).
10463 The distribution includes several possible implementations.
10464 If you are porting to a new environment
10465 you may need to add some new tweaks.\**
10467 \**If you do, please send updates to
10468 sendmail@Sendmail.ORG.
10470 .sh 2 "Configuration in sendmail/daemon.c"
10473 .i sendmail/daemon.c
10474 contains a number of routines that are dependent
10475 on the local networking environment.
10476 The version supplied assumes you have BSD style sockets.
10478 In previous releases,
10479 we recommended that you modify the routine
10481 if you wanted to generalize
10486 We now recommend that you create a new keyed map instead.
10489 In this section we assume that
10491 has been compiled with support for LDAP.
10492 .sh 3 "LDAP Recursion"
10494 LDAP Recursion allows you to add types to the search attributes on an
10495 LDAP map specification.
10497 .ip "\-v \fIATTRIBUTE\fP[:\fITYPE\fP[:\fIOBJECTCLASS\fP[|\fIOBJECTCLASS\fP|...]]]
10499 The new \fITYPE\fPs are:
10502 This attribute type specifies the attribute to add to the results string.
10503 This is the default.
10505 Any matches for this attribute are expected to have a value of a
10506 fully qualified distinguished name.
10508 will lookup that DN and apply the attributes requested to the
10509 returned DN record.
10511 Any matches for this attribute are expected to have a value of an
10512 LDAP search filter.
10514 will perform a lookup with the same parameters as the original
10515 search but replaces the search filter with the one specified here.
10517 Any matches for this attribute are expected to have a value of an LDAP URL.
10519 will perform a lookup of that URL and use the results from the attributes
10521 Note however that the search is done using the current LDAP connection,
10522 regardless of what is specified as the scheme, LDAP host, and LDAP
10523 port in the LDAP URL.
10525 Any untyped attributes are considered
10527 attributes as described above.
10529 The optional \fIOBJECTCLASS\fP (| separated) list contains the
10530 objectClass values for which that attribute applies.
10531 If the list is given,
10532 the attribute named will only be used if the LDAP record being returned is a
10533 member of that object class.
10534 Note that if these new value attribute \fITYPE\fPs are used in an
10536 option setting, it will need to be double quoted to prevent
10538 from misparsing the colons.
10540 Note that LDAP recursion attributes which do not ultimately point to an
10541 LDAP record are not considered an error.
10544 Since examples usually help clarify, here is an example which uses all
10545 four of the new types:
10547 O LDAPDefaultSpec=-h ldap.example.com -b dc=example,dc=com
10551 -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=%0))
10552 -v sendmailMTAAliasValue,mail:NORMAL:inetOrgPerson,
10553 uniqueMember:DN:groupOfUniqueNames,
10554 sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,
10555 sendmailMTAAliasURL:URL:sendmailMTAAliasObject
10558 That definition specifies that:
10561 .sm sendmailMTAAliasValue
10562 attribute will be added to the result string regardless of object class.
10566 attribute will be added to the result string if
10567 the LDAP record is a member of the
10573 attribute is a recursive attribute, used only in
10574 .sm groupOfUniqueNames
10575 records, and should contain an LDAP DN pointing to another LDAP record.
10576 The desire here is to return the
10578 attribute from those DNs.
10581 .sm sendmailMTAAliasSearch
10583 .sm sendmailMTAAliasURL
10584 are both used only if referenced in a
10585 .sm sendmailMTAAliasObject .
10586 They are both recursive, the first for a new LDAP search string and the
10587 latter for an LDAP URL.
10590 In this section we assume that
10592 has been compiled with support for STARTTLS.
10593 To properly understand the use of STARTTLS in
10595 it is necessary to understand at least some basics about X.509 certificates
10596 and public key cryptography.
10597 This information can be found in books about SSL/TLS
10598 or on WWW sites, e.g.,
10599 .q http://www.OpenSSL.org/ .
10600 .sh 3 "Certificates for STARTTLS"
10602 When acting as a server,
10604 requires X.509 certificates to support STARTTLS:
10605 one as certificate for the server (ServerCertFile and corresponding
10606 private ServerKeyFile)
10607 at least one root CA (CACertFile),
10608 i.e., a certificate that is used to sign other certificates,
10609 and a path to a directory which contains other CAs (CACertPath).
10610 The file specified via
10612 can contain several certificates of CAs.
10613 The DNs of these certificates are sent
10614 to the client during the TLS handshake (as part of the
10615 CertificateRequest) as the list of acceptable CAs.
10616 However, do not list too many root CAs in that file, otherwise
10617 the TLS handshake may fail; e.g.,
10619 error:14094417:SSL routines:SSL3_READ_BYTES:
10620 sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47
10622 You should probably put only the CA cert into that file
10623 that signed your own cert(s), or at least only those you trust.
10624 The CACertPath directory must contain the hashes of each CA certificate
10625 as filenames (or as links to them).
10626 Symbolic links can be generated with the following
10627 two (Bourne) shell commands:
10629 C=FileName_of_CA_Certificate
10630 ln -s $C `openssl x509 -noout -hash < $C`.0
10632 An X.509 certificate is also required for authentication in client mode
10633 (ClientCertFile and corresponding private ClientKeyFile), however,
10635 will always use STARTTLS when offered by a server.
10636 The client and server certificates can be identical.
10637 Certificates can be obtained from a certificate authority
10638 or created with the help of OpenSSL.
10639 The required format for certificates and private keys is PEM.
10640 To allow for automatic startup of sendmail, private keys
10641 (ServerKeyFile, ClientKeyFile)
10642 must be stored unencrypted.
10643 The keys are only protected by the permissions of the file system.
10644 Never make a private key available to a third party.
10645 .sh 3 "PRNG for STARTTLS"
10647 STARTTLS requires a strong pseudo random number generator (PRNG)
10648 to operate properly.
10649 Depending on the TLS library you use, it may be required to explicitly
10650 initialize the PRNG with random data.
10651 OpenSSL makes use of
10653 if available (this corresponds to the compile flag HASURANDOMDEV).
10654 On systems which lack this support, a random file must be specified in the
10656 file using the option RandFile.
10659 advised to use the "Entropy Gathering Daemon" EGD
10660 from Brian Warner on those systems to provide useful random data.
10663 must be compiled with the flag EGD, and the
10664 RandFile option must point to the EGD socket.
10667 nor EGD are available, you have to make sure
10668 that useful random data is available all the time in RandFile.
10669 If the file hasn't been modified in the last 10 minutes before
10670 it is supposed to be used by
10672 the content is considered obsolete.
10673 One method for generating this file is:
10675 openssl rand -out /etc/mail/randfile -rand \c
10676 .i /path/to/file:... \c
10679 See the OpenSSL documentation for more information.
10680 In this case, the PRNG for TLS is only
10681 seeded with other random data if the
10682 .b DontBlameSendmail
10684 .b InsufficientEntropy
10686 This is most likely not sufficient for certain actions, e.g.,
10687 generation of (temporary) keys.
10689 Please see the OpenSSL documentation or other sources
10690 for further information about certificates, their creation and their usage,
10691 the importance of a good PRNG, and other aspects of TLS.
10692 .sh 2 "Encoding of STARTTLS and AUTH related Macros"
10694 Macros that contain STARTTLS and AUTH related data which comes from outside
10695 sources, e.g., all macros containing information from certificates,
10696 are encoded to avoid problems with non-printable or special characters.
10697 The latter are '\\', '<', '>', '(', ')', '"', '+', and ' '.
10698 All of these characters are replaced by their value in hexadecimal
10699 with a leading '+'.
10702 /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/
10703 Email=darth+cert@endmail.org
10707 /C=US/ST=California/O=endmail.org/OU=private/
10708 CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
10710 (line breaks have been inserted for readability).
10711 The macros which are subject to this encoding are
10712 {cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer},
10714 {auth_authen} and {auth_author}.
10715 .sh 1 "ACKNOWLEDGEMENTS"
10720 and many employers have been remarkably patient
10721 about letting me work on a large project
10722 that was not part of my official job.
10723 This includes time on the INGRES Project at
10724 the University of California at Berkeley,
10726 and again on the Mammoth and Titan Projects at Berkeley.
10728 Much of the second wave of improvements
10729 resulting in version 8.1
10730 should be credited to Bryan Costales of the
10731 International Computer Science Institute.
10732 As he passed me drafts of his book on
10734 I was inspired to start working on things again.
10735 Bryan was also available to bounce ideas off of.
10737 Gregory Neil Shapiro
10738 of Worcester Polytechnic Institute
10739 has become instrumental in all phases of
10741 support and development,
10742 and was largely responsible for getting versions 8.8 and 8.9
10745 Many, many people contributed chunks of code and ideas to
10747 It has proven to be a group network effort.
10748 Version 8 in particular was a group project.
10749 The following people and organizations made notable contributions:
10752 John Beck, Hewlett-Packard & Sun Microsystems
10753 Keith Bostic, CSRG, University of California, Berkeley
10754 Andrew Cheng, Sun Microsystems
10755 Michael J. Corrigan, University of California, San Diego
10756 Bryan Costales, International Computer Science Institute & InfoBeat
10757 Pa\*:r (Pell) Emanuelsson
10758 Craig Everhart, Transarc Corporation
10759 Per Hedeland, Ericsson
10760 Tom Ivar Helbekkmo, Norwegian School of Economics
10761 Kari Hurtta, Finnish Meteorological Institute
10762 Allan E. Johannesen, WPI
10763 Jonathan Kamens, OpenVision Technologies, Inc.
10764 Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd.
10765 Brian Kantor, University of California, San Diego
10766 John Kennedy, Cal State University, Chico
10767 Murray S. Kucherawy, HookUp Communication Corp.
10768 Bruce Lilly, Sony U.S.
10770 Motonori Nakamura, Ritsumeikan University & Kyoto University
10771 John Gardiner Myers, Carnegie Mellon University
10772 Neil Rickert, Northern Illinois University
10773 Gregory Neil Shapiro, WPI
10774 Eric Schnoebelen, Convex Computer Corp.
10775 Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
10776 Randall Winchester, University of Maryland
10777 Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris)
10780 I apologize for anyone I have omitted, misspelled, misattributed, or
10782 At this point, I suspect that at least a hundred people
10783 have contributed code,
10784 and many more have contributed ideas, comments, and encouragement.
10785 I've tried to list them in the RELEASE_NOTES in the distribution directory.
10786 I appreciate their contribution as well.
10788 Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel,
10789 who besides being wonderful guinea pigs and contributors
10790 have also consented to be added to the ``sendmail@Sendmail.ORG'' list
10791 and, by answering the bulk of the questions sent to that list,
10792 have freed me up to do other work.
10794 .+c "COMMAND LINE FLAGS"
10798 Arguments must be presented with flags before addresses.
10801 Select an alternative .cf file which is either
10809 By default the .cf file is chosen based on the operation mode.
10818 if it exists, for all others it is
10821 Set operation mode to
10823 Operation modes are:
10826 m Deliver mail (default)
10827 s Speak SMTP on input side
10828 a\(dg ``Arpanet'' mode (get envelope sender information from header)
10829 d Run as a daemon in background
10830 D Run as a daemon in foreground
10832 v Just verify addresses, don't collect or deliver
10833 i Initialize the alias database
10834 p Print the mail queue
10835 P Print overview over the mail queue (requires shared memory)
10836 h Print the persistent host status database
10837 H Purge expired entries from the persistent host status database
10843 Indicate body type.
10845 Use a different configuration file.
10847 runs as the invoking user (rather than root)
10848 when this flag is specified.
10849 .ip "\-D \fIlogfile\fP"
10850 Send debugging output to the indicated
10854 Set debugging level.
10855 .ip "\-f\ \fIaddr\fP"
10856 The envelope sender address is set to
10858 This address may also be used in the From: header
10859 if that header is missing during initial submission.
10860 The envelope sender address is used as the recipient
10861 for delivery status notifications
10862 and may also appear in a Return-Path: header.
10863 .ip \-F\ \fIname\fP
10864 Sets the full name of this user to
10867 When accepting messages via the command line,
10868 indicate that they are for relay (gateway) submission.
10869 sendmail may complain about syntactically invalid messages,
10870 e.g., unqualified host names,
10871 rather than fixing them when this flag is set.
10872 sendmail will not do any canonicalization in this mode.
10873 .ip "\-h\ \fIcnt\fP"
10878 This represents the number of times this message has been processed
10881 (to the extent that it is supported by the underlying networks).
10883 is incremented during processing,
10888 throws away the message with an error.
10889 .ip "\-L \fItag\fP"
10890 Sets the identifier used for syslog.
10891 Note that this identifier is set
10892 as early as possible.
10897 before the command line arguments
10900 Don't do aliasing or forwarding.
10901 .ip "\-N \fInotifications\fP"
10902 Tag all addresses being sent as wanting the indicated
10904 which consists of the word
10906 or a comma-separated list of
10911 for successful delivery,
10913 and a message that is stuck in a queue somewhere.
10916 .ip "\-r\ \fIaddr\fP"
10917 An obsolete form of
10919 .ip \-o\fIx\|value\fP
10924 These options are described in Section 5.6.
10925 .ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
10930 (for long form option names).
10931 These options are described in Section 5.6.
10932 .ip \-M\fIx\|value\fP
10937 .ip \-p\fIprotocol\fP
10938 Set the sending protocol.
10939 Programs are encouraged to set this.
10940 The protocol field can be in the form
10944 to set both the sending protocol and sending host.
10947 sets the sending protocol to UUCP
10948 and the sending host to uunet.
10949 (Some existing programs use \-oM to set the r and s macros;
10950 this is equivalent to using \-p.)
10952 Try to process the queued up mail.
10953 If the time is given,
10956 will start one or more processes to run through the queue(s) at the specified
10957 time interval to deliver queued mail; otherwise, it only runs once.
10958 Each of these processes acts on a workgroup.
10959 These processes are also known as workgroup processes or WGP's for short.
10960 Each workgroup is responsible for controlling the processing of one or
10961 more queues; workgroups help manage the use of system resources by sendmail.
10962 Each workgroup may have one or more children concurrently processing
10963 queues depending on the setting of \fIMaxQueueChildren\fP.
10965 Similar to \-q with a time argument,
10966 except that instead of periodically starting WGP's
10967 sendmail starts persistent WGP's
10968 that alternate between processing queues and sleeping.
10969 The sleep time is specified by the time argument; it defaults to 1 second,
10970 except that a WGP always sleeps at least 5 seconds if their queues were
10971 empty in the previous run.
10972 Persistent processes are managed by a queue control process (QCP).
10973 The QCP is the parent process of the WGP's.
10974 Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD)
10975 or a special process (named Queue control) (when started without \-bd or \-bD).
10976 If a persistent WGP ceases to be active for some reason
10977 another WGP will be started by the QCP for the same workgroup
10978 in most cases. When a persistent WGP has core dumped, the debug flag
10979 \fIno_persistent_restart\fP is set or the specific persistent WGP has been
10980 restarted too many times already then the WGP will not be started again
10981 and a message will be logged to this effect.
10982 To stop (SIGTERM) or restart (SIGHUP) persistent WGP's the appropriate
10983 signal should be sent to the QCP. The QCP will propagate the signal to all of
10984 the WGP's and if appropriate restart the persistent WGP's.
10986 Run the jobs in the queue group
10989 .ip \-q[!]\fIXstring\fP
10990 Run the queue once,
10991 limiting the jobs to those matching
10997 to limit based on queue identifier,
10999 to limit based on recipient,
11001 to limit based on sender,
11004 to limit based on quarantine reason for quarantined jobs.
11005 A particular queued job is accepted if one of the corresponding attributes
11006 contains the indicated
11008 The optional ! character negates the condition tested.
11011 flags are permitted,
11012 with items with the same key letter
11014 together, and items with different key letters
11018 Quarantine a normal queue items with the given reason or
11019 unquarantine quarantined queue items if no reason is given.
11020 This should only be used with some sort of item matching using
11021 .b \-q[!]\fIXstring\fP
11022 as described above.
11024 What information you want returned if the message bounces;
11028 for headers only or
11030 for headers plus body.
11031 This is a request only;
11032 the other end is not required to honor the parameter.
11035 is specified local bounces also return only the headers.
11037 Read the header for
11042 lines, and send to everyone listed in those lists.
11045 line will be deleted before sending.
11046 Any addresses in the argument vector will be deleted
11047 from the send list.
11051 is passed with the envelope of the message
11052 and returned if the message bounces.
11053 .ip "\-X \fIlogfile\fP"
11054 Log all traffic in and out of
11058 for debugging mailer problems.
11059 This produces a lot of data very quickly and should be used sparingly.
11061 There are a number of options that may be specified as
11063 These are the e, i, m, and v options.
11066 may be specified as the
11069 The DSN related options
11077 .+c "QUEUE FILE FORMATS"
11079 This appendix describes the format of the queue files.
11080 These files live in a queue directory.
11081 The individual qf, hf, Qf, df, and xf files
11082 may be stored in separate
11088 if they are present in the queue directory.
11090 All queue files have the name
11100 The individual letters in the
11117 Encoded envelope number
11119 At least five decimal digits of the process ID
11121 All files with the same id collectively define one message.
11122 Due to the use of memory-buffered files,
11123 some of these files may never appear on disk.
11128 The queue control file.
11129 This file contains the information necessary to process the job.
11131 The same as a queue control file, but for a quarantined queue job.
11134 The message body (excluding the header) is kept in this file.
11135 Sometimes the df file is not stored in the same directory as the qf file;
11137 the qf file contains a `d' record which names the queue directory
11138 that contains the df file.
11141 This is an image of the
11143 file when it is being rebuilt.
11144 It should be renamed to a
11149 existing during the life of a session
11150 showing everything that happens
11151 during that session.
11152 Sometimes the xf file must be generated before a queue group has been selected;
11154 the xf file will be stored in a directory of the default queue group.
11156 A ``lost'' queue control file.
11162 if there is a severe (configuration) problem that cannot be solved without
11163 human intervention.
11164 Search the logfile for the queue file id to figure out what happened.
11165 After you resolved the problem, you can rename the
11171 The queue control file is structured as a series of lines
11172 each beginning with a code letter.
11173 The lines are as follows:
11175 The version number of the queue file format,
11178 binaries to read queue files created by older versions.
11179 Defaults to version zero.
11180 Must be the first line of the file if present.
11181 For 8.12 the version number is 6.
11183 The information given by the AUTH= parameter of the
11186 if sendmail has been called directly.
11188 A header definition.
11189 There may be any number of these lines.
11190 The order is important:
11191 they represent the order in the final message.
11192 These use the same syntax
11193 as header definitions in the configuration file.
11195 The controlling address.
11197 .q localuser:aliasname .
11198 Recipient addresses following this line
11199 will be flagged so that deliveries will be run as the
11201 (a user name from the /etc/passwd file);
11203 is the name of the alias that expanded to this address
11204 (used for printing messages).
11206 The quarantine reason for quarantined queue items.
11208 The ``original recipient'',
11209 specified by the ORCPT= field in an ESMTP transaction.
11210 Used exclusively for Delivery Status Notifications.
11211 It applies only to the following `R' line.
11213 The ``final recipient''
11214 used for Delivery Status Notifications.
11215 It applies only to the following `R' line.
11217 A recipient address.
11218 This will normally be completely aliased,
11219 but is actually realiased when the job is processed.
11220 There will be one line for each recipient.
11222 also include a leading colon-terminated list of flags,
11224 `S' to return a message on successful final delivery,
11225 `F' to return a message on failure,
11226 `D' to return a message if the message is delayed,
11227 `B' to indicate that the body should be returned,
11228 `N' to suppress returning the body,
11230 `P' to declare this as a ``primary'' (command line or SMTP-session) address.
11232 The sender address.
11233 There may only be one of these lines.
11235 The job creation time.
11236 This is used to compute when to time out the job.
11238 The current message priority.
11239 This is used to order the queue.
11240 Higher numbers mean lower priorities.
11241 The priority changes
11242 as the message sits in the queue.
11243 The initial priority depends on the message class
11244 and the size of the message.
11247 This line is printed by the
11250 and is generally used to store status information.
11251 It can contain any text.
11253 Flag bits, represented as one letter per flag.
11254 Defined flag bits are
11256 indicating that this is a response message
11259 indicating that a warning message has been sent
11260 announcing that the mail has been delayed.
11261 Other flag bits are:
11263 the body contains 8bit data,
11265 a Bcc: header should be removed,
11267 the mail has RET parameters (see RFC 1894),
11269 the body of the message should not be returned
11270 in case of an error,
11272 the envelope has been split.
11274 The total number of delivery attempts.
11276 The time (as seconds since January 1, 1970)
11277 of the last delivery attempt.
11279 If the df file is in a different directory than the qf file,
11280 then a `d' record is present,
11281 specifying the directory in which the df file resides.
11283 The i-number of the data file;
11284 this can be used to recover your mail queue
11285 after a disastrous disk crash.
11287 A macro definition.
11288 The values of certain macros
11289 are passed through to the queue run phase.
11292 The remainder of the line is a text string defining the body type.
11293 If this field is missing,
11294 the body type is assumed to be
11296 and no special processing is attempted.
11302 The original envelope id (from the ESMTP transaction).
11303 For Deliver Status Notifications only.
11306 the following is a queue file sent to
11307 .q eric@mammoth.Berkeley.EDU
11309 .q bostic@okeeffe.CS.Berkeley.EDU \**:
11311 \**This example is contrived and probably inaccurate for your environment.
11312 Glance over it to get an idea;
11313 nothing can replace looking at what your own system generates.
11324 Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU
11325 RPFD:eric@mammoth.Berkeley.EDU
11326 RPFD:bostic@okeeffe.CS.Berkeley.EDU
11327 H?P?Return-path: <^g>
11328 H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
11329 Fri, 17 Jul 1992 00:28:55 -0700
11330 H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
11331 id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
11332 H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
11333 id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
11334 H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
11335 id AA22757; Fri, 17 Jul 1992 09:31:25 GMT
11336 H?F?From: eric@foo.bar.baz.de (Eric Allman)
11337 H?x?Full-name: Eric Allman
11338 H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
11339 H??To: sendmail@vangogh.CS.Berkeley.EDU
11340 H??Subject: this is an example message
11343 the person who sent the message,
11344 the submission time
11345 (in seconds since January 1, 1970),
11346 the message priority,
11349 and the headers for the message.
11350 .+c "SUMMARY OF SUPPORT FILES"
11352 This is a summary of the support files
11355 creates or generates.
11356 Many of these can be changed by editing the sendmail.cf file;
11357 check there to find the actual pathnames.
11359 .ip "/usr/\*(SD/sendmail"
11362 .ip /usr/\*(SB/newaliases
11363 A link to /usr/\*(SD/sendmail;
11364 causes the alias database to be rebuilt.
11365 Running this program is completely equivalent to giving
11370 .ip /usr/\*(SB/mailq
11371 Prints a listing of the mail queue.
11372 This program is equivalent to using the
11376 .ip /etc/mail/sendmail.cf
11377 The configuration file,
11379 .ip /etc/mail/helpfile
11380 The SMTP help file.
11381 .ip /etc/mail/statistics
11382 A statistics file; need not be present.
11383 .ip /etc/mail/sendmail.pid
11384 Created in daemon mode;
11385 it contains the process id of the current SMTP daemon.
11386 If you use this in scripts;
11387 use ``head \-1'' to get just the first line;
11388 the second line contains the command line used to invoke the daemon,
11389 and later versions of
11391 may add more information to subsequent lines.
11392 .ip /etc/mail/aliases
11393 The textual version of the alias file.
11394 .ip /etc/mail/aliases.db
11398 .ip /etc/mail/aliases.{pag,dir}
11402 .ip /var/spool/mqueue
11403 The directory in which the mail queue(s)
11404 and temporary files reside.
11405 .ip /var/spool/mqueue/qf*
11406 Control (queue) files for messages.
11407 .ip /var/spool/mqueue/df*
11409 .ip /var/spool/mqueue/tf*
11410 Temporary versions of the qf files,
11411 used during queue file rebuild.
11412 .ip /var/spool/mqueue/xf*
11413 A transcript of the current session.
11420 This page intentionally left blank;
11421 replace it with a blank sheet for double-sided output.
11433 .\"INSTALLATION AND OPERATION GUIDE
11438 .\"Version $Revision: 8.741 $
11446 .\" remove some things to avoid "out of temp file space" problem
11466 This page intentionally left blank;
11467 replace it with a blank sheet for double-sided output.