1 .\" Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
2 .\" All rights reserved.
3 .\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
4 .\" Copyright (c) 1983, 1993
5 .\" The Regents of the University of California. All rights reserved.
7 .\" By using this file, you agree to the terms and conditions set
8 .\" forth in the LICENSE file which can be found at the top level of
9 .\" the sendmail distribution.
12 .\" $Id: op.me,v 8.609.2.23 2003/03/28 05:51:16 ca Exp $
14 .\" eqn op.me | pic | troff -me
16 .\" Define \(sc if not defined (for text output)
18 .if !c \(sc .char \(sc S
20 .\" Define \(dg as "*" for text output and create a new .DG macro
21 .\" which describes the symbol.
37 .\" Define \(dd as "#" for text output and create a new .DD macro
38 .\" which describes the symbol.
51 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
52 .oh 'Sendmail Installation and Operation Guide''SMM:08-%'
53 .\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin
55 .\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb
74 .b SENDMAIL\u\s-6TM\s0\d
77 .b "INSTALLATION AND OPERATION GUIDE"
80 This documentation is under modification.
93 .Ve $Revision: 8.609.2.23 $
96 For Sendmail Version 8.12
99 Sendmail is a trademark of Sendmail, Inc.
103 .i Sendmail \u\s-2TM\s0\d
104 implements a general purpose internetwork mail routing facility
107 It is not tied to any one transport protocol \*-
108 its function may be likened to a crossbar switch,
109 relaying messages from one domain into another.
111 it can do a limited amount of message header editing
112 to put the message into a format that is appropriate
113 for the receiving domain.
114 All of this is done under the control of a configuration file.
116 Due to the requirements of flexibility
119 the configuration file can seem somewhat unapproachable.
120 However, there are only a few basic configurations
122 for which standard configuration files have been supplied.
123 Most other configurations
124 can be built by adjusting an existing configuration file
129 RFC 821 (Simple Mail Transport Protocol),
130 RFC 822 (Internet Mail Headers Format),
131 RFC 974 (MX routing),
132 RFC 1123 (Internet Host Requirements),
133 RFC 1413 (Identification server),
134 RFC 1652 (SMTP 8BITMIME Extension),
135 RFC 1869 (SMTP Service Extensions),
136 RFC 1870 (SMTP SIZE Extension),
137 RFC 1891 (SMTP Delivery Status Notifications),
138 RFC 1892 (Multipart/Report),
139 RFC 1893 (Enhanced Mail System Status Codes),
140 RFC 1894 (Delivery Status Notifications),
141 RFC 1985 (SMTP Service Extension for Remote Message Queue Starting),
142 RFC 2033 (Local Message Transmission Protocol),
143 RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes),
145 RFC 2476 (Message Submission),
146 RFC 2487 (SMTP Service Extension for Secure SMTP over TLS),
147 RFC 2554 (SMTP Service Extension for Authentication),
148 RFC 2821 (Simple Mail Transfer Protocol),
149 RFC 2822 (Internet Message Format),
150 RFC 2852 (Deliver By SMTP Service Extension),
152 RFC 2920 (SMTP Service Extension for Command Pipelining).
155 is designed to work in a wider world,
156 in many cases it can be configured to exceed these protocols.
157 These cases are described herein.
162 without the need for monitoring,
163 it has a number of features
164 that may be used to monitor or adjust the operation
165 under unusual circumstances.
166 These features are described.
168 Section one describes how to do a basic
172 explains the day-to-day information you should know
173 to maintain your mail system.
174 If you have a relatively normal site,
175 these two sections should contain sufficient information
180 has information regarding the command line arguments.
182 describes some parameters that may be safely tweaked.
184 contains the nitty-gritty information about the configuration
186 This section is for masochists
187 and people who must write their own configuration file.
189 describes configuration that can be done at compile time.
190 The appendixes give a brief
191 but detailed explanation of a number of features
192 not described in the rest of the paper.
194 .sh 1 "BASIC INSTALLATION"
196 There are two basic steps to installing
198 First, you have to compile and install the binary.
201 has already been ported to your operating system
202 that should be simple.
203 Second, you must build a run-time configuration file.
206 reads when it starts up
207 that describes the mailers it knows about,
208 how to parse addresses,
209 how to rewrite the message header,
210 and the settings of various options.
211 Although the configuration file can be quite complex,
212 a configuration can usually be built
213 using an M4-based configuration language.
214 Assuming you have the standard
218 for further information.
220 The remainder of this section will describe the installation of
222 assuming you can use one of the existing configurations
223 and that the standard installation parameters are acceptable.
224 All pathnames and examples
225 are given from the root of the
229 .i /usr/src/usr.\*(SD/sendmail
230 on 4.4BSD-based systems.
232 Continue with the next section if you need/want to compile
235 If you have a running binary already on your system,
236 you should probably skip to section 1.2.
237 .sh 2 "Compiling Sendmail"
252 This will leave the binary in an appropriately named subdirectory,
255 It works for multiple object versions
256 compiled out of the same directory.
257 .sh 3 "Tweaking the Build Invocation"
259 You can give parameters on the
262 In most cases these are only used when the
264 directory is first created.
265 To restart from scratch, use
267 These commands include:
269 .ip "\-L \fIlibdirs\fP"
270 A list of directories to search for libraries.
271 .ip "\-I \fIincdirs\fP"
272 A list of directories to search for include files.
273 .ip "\-E \fIenvar\fP=\fIvalue\fP"
274 Set an environment variable to an indicated
281 .ip "\-f \fIsiteconfig\fP"
282 Read the indicated site configuration file.
283 If this parameter is not specified,
288 .i $BUILDTOOLS/Site/site.$oscf.m4
290 .i $BUILDTOOLS/Site/site.config.m4 ,
291 where $BUILDTOOLS is normally
293 and $oscf is the same name as used on the
296 See below for a description of the site configuration file.
298 Skip auto-configuration.
300 will avoid auto-detecting libraries if this is set.
301 All libraries and map definitions must be specified
302 in the site configuration file.
304 Most other parameters are passed to the
306 program; for details see
307 .i $BUILDTOOLS/README .
308 .sh 3 "Creating a Site Configuration File"
311 (This section is not yet complete.
312 For now, see the file devtools/README for details.)
313 See sendmail/README for various compilation flags that can be set.
314 .sh 3 "Tweaking the Makefile"
316 .\" .b "XXX This should all be in the Site Configuration File section."
318 supports two different formats
319 for the local (on disk) version of databases,
323 At least one of these should be defined if at all possible.
326 The ``new DBM'' format,
327 available on nearly all systems around today.
328 This was the preferred format prior to 4.4BSD.
329 It allows such complex things as multiple databases
330 and closing a currently open database.
332 The Berkeley DB package.
333 If you have this, use it.
336 multiple open databases,
337 real in-memory caching,
339 You can define this in conjunction with
342 old alias databases are read,
343 but when a new database is created it will be in NEWDB format.
345 if you have NEWDB, NDBM, and NIS defined,
346 and if the alias file name includes the substring
349 will create both new and old versions of the alias file
353 This is required because the Sun NIS/YP system
354 reads the DBM version of the alias file.
358 If neither of these are defined,
360 reads the alias file into memory on every invocation.
361 This can be slow and should be avoided.
362 There are also several methods for remote database access:
364 Lightweight Directory Access Protocol.
366 Sun's Network Information Services (formerly YP).
370 NeXT's NetInfo service.
372 Hesiod service (from Athena).
374 Other compilation flags are set in
376 and should be predefined for you
377 unless you are porting to a new environment.
380 .sh 3 "Compilation and installation"
382 After making the local system configuration described above,
383 You should be able to compile and install the system.
386 is the best approach on most systems:
392 to create a custom Makefile for your environment.
394 If you are installing in the standard places,
395 you should be able to install using
399 This should install the binary in
401 and create links from
402 /usr/\*(SB/newaliases
407 On most systems it will also format and install man pages.
408 Notice: as of version 8.12
410 will no longer be installed set-user-ID root by default.
411 If you really want to use the old method, you can specify it as target:
413 \&./Build install-set-user-id
415 .sh 2 "Configuration Files"
418 cannot operate without a configuration file.
419 The configuration defines the mail delivery mechanisms understood at this site,
421 how to forward email to remote mail systems,
422 and a number of tuning parameters.
423 This configuration file is detailed
424 in the later portion of this document.
428 configuration can be daunting at first.
429 The world is complex,
430 and the mail configuration reflects that.
431 The distribution includes an m4-based configuration package
432 that hides a lot of the complexity.
437 Our configuration files are processed by
439 to facilitate local customization;
444 distribution directory
445 contains the source files.
446 This directory contains several subdirectories:
449 Both site-dependent and site-independent descriptions of hosts.
450 These can be literal host names
453 when the hosts are gateways
454 or more general descriptions
456 .q "generic-solaris2.mc"
457 as a general description of an SMTP-connected host
461 (``M4 Configuration'')
462 are the input descriptions;
463 the output is in the corresponding
466 The general structure of these files is described below.
468 Site-dependent subdomain descriptions.
469 These are tied to the way your organization wants to do addressing.
471 .b domain/CS.Berkeley.EDU.m4
472 is our description for hosts in the CS.Berkeley.EDU subdomain.
473 These are referenced using the
480 Definitions of specific features that some particular host in your site
482 These are referenced using the
486 An example feature is
490 to read an /etc/mail/local-host-names file on startup
491 to find the set of local names).
493 Local hacks, referenced using the
498 The point of having them here is to make it clear that they smell.
502 include files that have information common to all configuration files.
503 This can be thought of as a
507 Definitions of mailers,
512 The mailer types that are known in this distribution are
518 For example, to include support for the UUCP-based mailers,
522 Definitions describing various operating system environments
523 (such as the location of support files).
524 These are referenced using the
529 Shell files used by the
532 You shouldn't have to mess with these.
534 Local UUCP connectivity information.
535 This directory has been supplanted by the mailertable feature;
536 any new configurations should use that feature to do UUCP
538 The use of this directory is deprecated.
540 If you are in a new domain
542 you will probably want to create a
544 file for your domain.
545 This consists primarily of relay definitions
546 and features you want enabled site-wide:
547 for example, Berkeley's domain definition
551 These are specific to Berkeley,
552 and should be fully-qualified internet-style domain names.
553 Please check to make certain they are reasonable for your domain.
555 Subdomains at Berkeley are also represented in the
561 is the Computer Science subdomain,
563 is the Electrical Engineering and Computer Sciences subdomain,
566 is the Sequoia 2000 subdomain.
567 You will probably have to add an entry to this directory
568 to be appropriate for your domain.
570 You will have to use or create
574 subdirectory for your hosts.
575 This is detailed in the
578 .sh 2 "Details of Installation Files"
580 This subsection describes the files that
584 .sh 3 "/usr/\*(SD/sendmail"
588 is located in /usr/\*(SD\**.
592 on 4.4BSD and newer systems;
593 many systems install it in
595 I understand it is in /usr/ucblib
596 on System V Release 4.
598 It should be set-group-ID smmsp as described in
600 For security reasons,
601 /, /usr, and /usr/\*(SD
602 should be owned by root, mode 0755\**.
604 \**Some vendors ship them owned by bin;
605 this creates a security hole that is not actually related to
607 Other important directories that should have restrictive ownerships
609 /bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib.
611 .sh 3 "/etc/mail/sendmail.cf"
613 This is the main configuration file for
616 \**Actually, the pathname varies depending on the operating system;
617 /etc/mail is the preferred directory.
618 Some older systems install it in
619 .b /usr/lib/sendmail.cf ,
620 and I've also seen it in
622 If you want to move this file,
623 add -D_PATH_SENDMAILCF=\e"/file/name\e"
624 to the flags passed to the C compiler.
625 Moving this file is not recommended:
626 other programs and scripts know of this location.
628 This is one of the two non-library file names compiled into
630 the other is /etc/mail/submit.cf.
632 \**The system libraries can reference other files;
633 in particular, system library subroutines that
635 calls probably reference
638 .i /etc/resolv.conf .
641 The configuration file is normally created
642 using the distribution files described above.
643 If you have a particularly unusual system configuration
644 you may need to create a special version.
645 The format of this file is detailed in later sections
647 .sh 3 "/etc/mail/submit.cf"
649 This is the configuration file for
651 when it is used for initial mail submission, in which case
652 it is also called ``Mail Submission Program'' (MSP)
653 in contrast to ``Mail Transfer Agent'' (MTA).
654 Starting with version 8.12,
656 uses one of two different configuration files based on its operation mode
660 For initial mail submission, i.e., if one of the options
666 is specified, submit.cf is used (if available),
667 for other operations sendmail.cf is used.
668 Details can be found in
669 .i sendmail/SECURITY .
670 submit.cf is shipped with sendmail (in cf/cf/) and is installed by default.
671 If changes to the configuration need to be made, start with
672 cf/cf/submit.mc and follow the instruction in cf/README.
673 .sh 3 "/usr/\*(SB/newaliases"
677 command should just be a link to
680 rm \-f /usr/\*(SB/newaliases
681 ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
683 This can be installed in whatever search path you prefer
685 .sh 3 "/usr/\*(SB/hoststat"
689 command should just be a link to
691 in a fashion similar to
693 This command lists the status of the last mail transaction
694 with all remote hosts. The
696 flag will prevent the status display from being truncated.
697 It functions only when the
698 .b HostStatusDirectory
700 .sh 3 "/usr/\*(SB/purgestat"
702 This command is also a link to
704 It flushes expired (Timeout.hoststatus) information that is stored in the
705 .b HostStatusDirectory
707 .sh 3 "/var/spool/mqueue"
711 should be created to hold the mail queue.
712 This directory should be mode 0700
715 The actual path of this directory
721 To use multiple queues,
722 supply a value ending with an asterisk.
724 .i /var/spool/mqueue/qd*
725 will use all of the directories or symbolic links to directories
726 beginning with `qd' in
728 as queue directories.
729 Do not change the queue directory structure
730 while sendmail is running.
732 If these directories have subdirectories or symbolic links to directories
733 named `qf', `df', and `xf', then these will be used for the different
735 That is, the data files are stored in the `df' subdirectory,
736 the transcript files are stored in the `xf' subdirectory, and
737 all others are stored in the `qf' subdirectory.
739 If shared memory support is compiled in,
741 stores the available diskspace in a shared memory segment
742 to make the values readily available to all children without
743 incurring system overhead.
744 In this case, only the daemon updates the data;
745 i.e., the sendmail daemon creates the shared memory segment
746 and deletes it if it is terminated.
749 must have been compiled with support for shared memory
754 Notice: do not use the same key for
756 invocations with different queue directories
757 or different queue group declarations.
758 Access to shared memory is not controlled by locks,
759 i.e., there is a race condition when data in the shared memory is updated.
760 However, since operation of
762 does not rely on the data in the shared memory, this does not negatively
763 influence the behavior.
764 .sh 3 "/var/spool/clientmqueue"
767 .i /var/spool/clientmqueue
768 should be created to hold the mail queue.
769 This directory should be mode 0770
770 and owned by user smmsp, group smmsp.
772 The actual path of this directory
778 .sh 3 "/var/spool/mqueue/.hoststat"
780 This is a typical value for the
781 .b HostStatusDirectory
783 containing one file per host
784 that this sendmail has chatted with recently.
785 It is normally a subdirectory of
787 .sh 3 "/etc/mail/aliases*"
789 The system aliases are held in
790 .q /etc/mail/aliases .
793 which includes some aliases which
797 cp sendmail/aliases /etc/mail/aliases
798 .i "edit /etc/mail/aliases"
800 You should extend this file with any aliases that are apropos to your system.
804 looks at a database version of the files,
806 .q /etc/mail/aliases.dir
808 .q /etc/mail/aliases.pag
810 .q /etc/mail/aliases.db
811 depending on which database package you are using.
812 The actual path of this file
819 The permissions of the alias file and the database versions
820 should be 0640 to prevent local denial of service attacks
821 as explained in the top level
823 in the sendmail distribution.
824 If the permissions 0640 are used, be sure that only trusted users belong
825 to the group assigned to those files. Otherwise, files should not even
827 .sh 3 "/etc/rc or /etc/init.d/sendmail"
829 It will be necessary to start up the
831 daemon when your system reboots.
832 This daemon performs two functions:
833 it listens on the SMTP socket for connections
834 (to receive mail from a remote system)
835 and it processes the queue periodically
836 to insure that mail gets delivered when hosts come up.
838 If necessary, add the following lines to
843 in the area where it is starting up the daemons
844 on a BSD-base system,
845 or on a System-V-based system
846 in one of the startup files, typically
847 .q /etc/init.d/sendmail :
849 if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
850 (cd /var/spool/mqueue; rm \-f xf*)
851 /usr/\*(SD/sendmail \-bd \-q30m &
852 echo \-n ' sendmail' >/dev/console
859 commands insure that all transcript files have been removed;
860 extraneous transcript files may be left around
861 if the system goes down in the middle of processing a message.
862 The line that actually invokes
866 causes it to listen on the SMTP port,
869 causes it to run the queue every half hour.
871 Some people use a more complex startup script,
872 removing zero length qf files and df files for which there is no qf file.
873 For example, see Figure 1
874 for an example of a complex script which does this clean up.
878 # remove zero length qf files
885 echo \-n " <zero: $qffile>" > /dev/console
890 # rename tf files to be qf if the qf does not exist
893 qffile=`echo $tffile | sed 's/t/q/'`
894 if [ \-r $tffile \-a ! \-f $qffile ]
896 echo \-n " <recovering: $tffile>" > /dev/console
901 echo \-n " <extra: $tffile>" > /dev/console
906 # remove df files with no corresponding qf files
909 qffile=`echo $dffile | sed 's/d/q/'`
910 if [ \-r $dffile \-a ! \-f $qffile ]
912 echo \-n " <incomplete: $dffile>" > /dev/console
913 mv $dffile `echo $dffile | sed 's/d/D/'`
916 # announce files that have been saved during disaster recovery
917 for xffile in [A-Z]f*
921 echo \-n " <panic: $xffile>" > /dev/console
926 Figure 1 \(em A complex startup script
929 .sh 3 "/etc/mail/helpfile"
931 This is the help file used by the SMTP
934 It should be copied from
935 .q sendmail/helpfile :
937 cp sendmail/helpfile /etc/mail/helpfile
939 The actual path of this file
945 .sh 3 "/etc/mail/statistics"
947 If you wish to collect statistics
948 about your mail traffic,
949 you should create the file
950 .q /etc/mail/statistics :
952 cp /dev/null /etc/mail/statistics
953 chmod 0600 /etc/mail/statistics
955 This file does not grow.
956 It is printed with the program
957 .q mailstats/mailstats.c.
958 The actual path of this file
964 .sh 3 "/usr/\*(SB/mailq"
975 will print the contents of the mail queue;
977 This should be a link to /usr/\*(SD/sendmail.
981 stores its current pid in the file specifed by the
983 option (default is _PATH_SENDMAILPID).
987 (which defaults to 0600) as
988 the permissions of that file
989 to prevent local denial of service attacks
990 as explained in the top level
992 in the sendmail distribution.
993 If the file already exists, then it might be necessary to
994 change the permissions accordingly, e.g.,
996 chmod 0600 /var/run/sendmail.pid
1000 To prevent local denial of service attacks
1001 as explained in the top level
1003 in the sendmail distribution,
1004 the permissions of map files created by
1007 The use of 0640 implies that only trusted users belong to the group
1008 assigned to those files.
1009 If those files already exist, then it might be necessary to
1010 change the permissions accordingly, e.g.,
1013 chmod 0640 *.db *.pag *.dir
1015 .sh 1 "NORMAL OPERATIONS"
1016 .sh 2 "The System Log"
1018 The system log is supported by the
1023 are logged under the
1027 \**Except on Ultrix,
1028 which does not support facilities in the syslog.
1032 Each line in the system log
1033 consists of a timestamp,
1034 the name of the machine that generated it
1035 (for logging from several machines
1036 over the local area network),
1041 \**This format may vary slightly if your vendor has changed
1044 Most messages are a sequence of
1050 The two most common lines are logged when a message is processed.
1051 The first logs the receipt of a message;
1052 there will be exactly one of these per message.
1053 Some fields may be omitted if they do not contain interesting information.
1056 The envelope sender address.
1058 The size of the message in bytes.
1060 The class (i.e., numeric precedence) of the message.
1062 The initial message priority (used for queue sorting).
1064 The number of envelope recipients for this message
1065 (after aliasing and forwarding).
1067 The message id of the message (from the header).
1069 The protocol used to receive this message (e.g., ESMTP or UUCP)
1071 The daemon name from the
1072 .b DaemonPortOptions
1075 The machine from which it was received.
1077 There is also one line logged per delivery attempt
1078 (so there can be several per message if delivery is deferred
1079 or there are multiple recipients).
1082 A comma-separated list of the recipients to this mailer.
1084 The ``controlling user'', that is, the name of the user
1085 whose credentials we use for delivery.
1087 The total delay between the time this message was received
1088 and the current delivery attempt.
1090 The amount of time needed in this delivery attempt
1091 (normally indicative of the speed of the connection).
1093 The name of the mailer used to deliver to this recipient.
1095 The name of the host that actually accepted (or rejected) this recipient.
1097 The enhanced error code (RFC 2034) if available.
1099 The delivery status.
1101 Not all fields are present in all messages;
1102 for example, the relay is usually not listed for local deliveries.
1107 or an equivalent installed,
1108 you will be able to do logging.
1109 There is a large amount of information that can be logged.
1110 The log is arranged as a succession of levels.
1112 only extremely strange situations are logged.
1113 At the highest level,
1114 even the most mundane and uninteresting events
1115 are recorded for posterity.
1117 log levels under ten
1118 are considered generally
1121 are reserved for debugging purposes.
1122 Levels from 11\-64 are reserved for verbose information
1123 that some sites might want.
1125 A complete description of the log levels
1129 .sh 2 "Dumping State"
1133 to log a dump of the open files
1134 and the connection cache
1138 The results are logged at
1141 .sh 2 "The Mail Queues"
1143 Mail messages may either be delivered immediately or be held for later
1145 Held messages are placed into a holding directory called a mail queue.
1147 A mail message may be queued for these reasons:
1149 If a mail message is temporarily undeliverable, it is queued
1150 and delivery is attempted later.
1151 If the message is addressed to multiple recipients, it is queued
1152 only for those recipients to whom delivery is not immediately possible.
1154 If the SuperSafe option is set to true,
1155 all mail messages are queued while delivery is attempted.
1157 If the DeliveryMode option is set to queue-only or defer,
1158 all mail is queued, and no immediate delivery is attempted.
1160 If the load average becomes higher than the value of the QueueLA option
1165 option divided by the difference in the current load average and the
1168 is less than the priority of the message,
1169 messages are queued rather than immediately delivered.
1171 One or more addresses are marked as expensive and delivery is postponed
1172 until the next queue run or one or more address are marked as held via
1173 mailer which uses the hold mailer flag.
1174 .sh 3 "Queue Groups and Queue Directories"
1176 There are one or more mail queues.
1177 Each mail queue belongs to a queue group.
1178 There is always a default queue group that is called ``mqueue''
1179 (which is where messages go by default unless otherwise specified).
1180 The directory or directories which comprise the default queue group
1181 are specified by the QueueDirectory option.
1182 There are zero or more
1183 additional named queue groups declared using the
1185 command in the configuration file.
1187 By default, a queued message is placed in the queue group
1188 associated with the first recipient in the recipient list.
1189 A recipient address is mapped to a queue group as follows.
1190 First, if there is a ruleset called ``queuegroup'',
1191 and if this ruleset maps the address to a queue group name,
1192 then that queue group is chosen.
1193 That is, the argument for the ruleset is the recipient address
1194 and the result should be
1196 followed by the name of a queue group.
1197 Otherwise, if the mailer associated with the address specifies
1198 a queue group, then that queue group is chosen.
1199 Otherwise, the default queue group is chosen.
1201 A message with multiple recipients will be split
1202 if different queue groups are chosen
1203 by the mapping of recipients to queue groups.
1205 When a message is placed in a queue group, and the queue group has
1206 more than one queue, a queue is selected randomly.
1208 If a message with multiple recipients is placed into a queue group
1209 with the 'r' option (maximum number of recipients per message)
1210 set to a positive value
1212 and if there are more than
1215 in the message, then the message will be split into multiple messages,
1216 each of which have at most
1220 Notice: if multiple queue groups are used, do
1222 move queue files around, e.g., into a different queue directory.
1223 This may have weird effects and can cause mail not to be delivered.
1224 Queue files and directories should be treated as opaque
1225 and should not be manipulated directly.
1229 has two different ways to process the queue(s).
1230 The first one is to start queue runners after certain intervals
1231 (``normal'' queue runners),
1232 the second one is to keep queue runner processes around
1233 (``persistent'' queue runners).
1234 How to select either of these types is discussed in the appendix
1235 ``COMMAND LINE FLAGS''.
1236 Persistent queue runners have the advantage that no new processes
1237 need to be spawned at certain intervals; they just sleep for
1238 a specified time after they finished a queue run.
1239 Another advantage of persistent queue runners is that only one process
1240 belonging to a workgroup (a workgroup is a set of queue groups)
1241 collects the data for a queue run
1242 and then multiple queue runner may go ahead using that data.
1243 This can significantly reduce the disk I/O necessary to read the
1244 queue files compared to starting multiple queue runners directly.
1245 Their disadvantage is that a new queue run is only started
1246 after all queue runners belonging to a group finished their tasks.
1247 In case one of the queue runners tries delivery to a slow recipient site
1248 at the end of a queue run, the next queue run may be substantially delayed.
1249 In general this should be smoothed out due to the distribution of
1250 those slow jobs, however, for sites with small number of
1251 queue entries this might introduce noticable delays.
1252 In general, persistent queue runners are only useful for
1253 sites with big queues.
1254 .sh 3 "Manual Intervention"
1256 Under normal conditions the mail queue will be processed transparently.
1257 However, you may find that manual intervention is sometimes necessary.
1259 if a major host is down for a period of time
1260 the queue may become clogged.
1263 ought to recover gracefully when the host comes up,
1264 you may find performance unacceptably bad in the meantime.
1265 In that case you want to check the content of the queue
1266 and manipulate it as explained in the next two sections.
1267 .sh 3 "Printing the queue"
1269 The contents of the queue(s) can be printed
1273 (or by specifying the
1280 This will produce a listing of the queue id's,
1281 the size of the message,
1282 the date the message entered the queue,
1283 and the sender and recipients.
1284 If shared memory support is compiled in,
1287 can be used to print the number of entries in the queue(s),
1288 provided a process updates the data.
1289 However, as explained earlier, the output might be slightly wrong,
1290 since access to the shared memory is not locked.
1292 ``unknown number of entries''
1294 The internal counters are updated after each queue run
1295 to the correct value again.
1296 .sh 3 "Forcing the queue"
1299 should run the queue automatically at intervals.
1300 When using multiple queues,
1301 a separate process will by default be created to
1302 run each of the queues
1303 unless the queue run is initiated by a user
1304 with the verbose flag.
1305 The algorithm is to read and sort the queue,
1306 and then to attempt to process all jobs in order.
1307 When it attempts to run the job,
1309 first checks to see if the job is locked.
1310 If so, it ignores the job.
1312 There is no attempt to insure that only one queue processor
1314 since there is no guarantee that a job cannot take forever
1318 does include heuristics to try to abort jobs
1319 that are taking absurd amounts of time;
1320 technically, this violates RFC 821, but is blessed by RFC 1123).
1321 Due to the locking algorithm,
1322 it is impossible for one job to freeze the entire queue.
1324 an uncooperative recipient host
1325 or a program recipient
1327 can accumulate many processes in your system.
1329 there is no completely general way to solve this.
1332 you may find that a major host going down
1333 for a couple of days
1334 may create a prohibitively large queue.
1337 spending an inordinate amount of time
1339 This situation can be fixed by moving the queue to a temporary place
1340 and creating a new queue.
1341 The old queue can be run later when the offending host returns to service.
1344 it is acceptable to move the entire queue directory:
1347 mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue
1349 You should then kill the existing daemon
1350 (since it will still be processing in the old queue directory)
1351 and create a new daemon.
1353 To run the old mail queue, issue the following command:
1355 /usr/\*(SD/sendmail \-C /etc/mail/queue.cf \-q
1359 flag specifies an alternate configuration file
1361 which should refer to the moved queue directory
1363 O QueueDirectory=/var/spool/omqueue
1367 flag says to just run every job in the queue.
1368 You can also specify the moved queue directory on the command line
1370 /usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
1372 but this requires that you do not have
1373 queue groups in the configuration file,
1374 because those are not subdirectories of the moved directory.
1375 See the section about "Queue Group Declaration" for details;
1376 you most likely need a different configuration file to correctly deal
1378 However, a proper configuration of queue groups should avoid
1379 filling up queue directories, so you shouldn't run into
1381 If you have a tendency toward voyeurism,
1384 flag to watch what is going on.
1386 When the queue is finally emptied,
1387 you can remove the directory:
1389 rmdir /var/spool/omqueue
1391 .sh 2 "Disk Based Connection Information"
1394 stores a large amount of information about each remote system it
1395 has connected to in memory. It is possible to preserve some
1396 of this information on disk as well, by using the
1397 .b HostStatusDirectory
1398 option, so that it may be shared between several invocations of
1400 This allows mail to be queued immediately or skipped during a queue run if
1401 there has been a recent failure in connecting to a remote machine.
1403 Additionally enabling
1404 .b SingleThreadDelivery
1405 has the added effect of single-threading mail delivery to a destination.
1406 This can be quite helpful
1407 if the remote machine is running an SMTP server that is easily overloaded
1408 or cannot accept more than a single connection at a time,
1409 but can cause some messages to be punted to a future queue run.
1412 hosts, so setting this because you have one machine on site
1413 that runs some software that is easily overrun
1414 can cause mail to other hosts to be slowed down.
1415 If this option is set,
1416 you probably want to set the
1418 option as well and run the queue fairly frequently;
1419 this way jobs that are skipped because another
1421 is talking to the same host will be tried again quickly
1422 rather than being delayed for a long time.
1424 The disk based host information is stored in a subdirectory of the
1429 \**This is the usual value of the
1430 .b HostStatusDirectory
1432 it can, of course, go anywhere you like in your filesystem.
1434 Removing this directory and its subdirectories has an effect similar to
1437 command and is completely safe.
1440 only removes expired (Timeout.hoststatus) data.
1441 The information in these directories can
1444 command, which will indicate the host name, the last access, and the
1445 status of that access.
1446 An asterisk in the left most column indicates that a
1448 process currently has the host locked for mail delivery.
1450 The disk based connection information is treated the same way as memory based
1451 connection information for the purpose of timeouts.
1452 By default, information about host failures is valid for 30 minutes.
1453 This can be adjusted with
1455 .b Timeout.hoststatus
1458 The connection information stored on disk may be expired at any time
1461 command or by invoking sendmail with the
1464 The connection information may be viewed with the
1466 command or by invoking sendmail with the
1469 .sh 2 "The Service Switch"
1471 The implementation of certain system services
1472 such as host and user name lookup
1473 is controlled by the service switch.
1474 If the host operating system supports such a switch,
1475 and sendmail knows about it,
1477 will use the native version.
1478 Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**.
1480 \**HP-UX 10 has service switch support,
1481 but since the APIs are apparently not available in the libraries
1483 does not use the native service switch in this release.
1486 If the underlying operating system does not support a service switch
1487 (e.g., SunOS 4.X, HP-UX, BSD)
1490 will provide a stub implementation.
1492 .b ServiceSwitchFile
1493 option points to the name of a file that has the service definitions.
1494 Each line has the name of a service
1495 and the possible implementations of that service.
1496 For example, the file:
1503 to look for hosts in the Domain Name System first.
1504 If the requested host name is not found, it tries local files,
1505 and if that fails it tries NIS.
1506 Similarly, when looking for aliases
1507 it will try the local files first followed by NIS.
1511 must access MX records for correct operation, it will use
1512 DNS if it is configured in the
1513 .b ServiceSwitchFile
1519 will not avoid DNS lookups even if a host can be found
1522 Service switches are not completely integrated.
1523 For example, despite the fact that the host entry listed in the above example
1524 specifies to look in NIS,
1525 on SunOS this won't happen because the system implementation of
1526 .i gethostbyname \|(3)
1527 doesn't understand this.
1528 .sh 2 "The Alias Database"
1530 After recipient addresses are read from the SMTP connection
1532 they are parsed by ruleset 0,
1533 which must resolve to a
1539 If the flags selected by the
1546 part of the triple is looked up as the key
1547 (i.e., the left hand side)
1548 into the alias database.
1549 If there is a match, the address is deleted from the send queue
1550 and all addresses on the right hand side of the alias
1551 are added in place of the alias that was found.
1552 This is a recursive operation,
1553 so aliases found in the right hand side of the alias
1554 are similarly expanded.
1556 The alias database exists in two forms.
1558 maintained in the file
1559 .i /etc/mail/aliases.
1560 The aliases are of the form
1562 name: name1, name2, ...
1564 Only local names may be aliased;
1567 eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU
1569 will not have the desired effect
1570 (except on prep.ai.MIT.EDU,
1571 and they probably don't want me)\**.
1573 \**Actually, any mailer that has the `A' mailer flag set
1574 will permit aliasing;
1575 this is normally limited to the local mailer.
1577 Aliases may be continued by starting any continuation lines
1578 with a space or a tab or by putting a backslash directly before
1580 Blank lines and lines beginning with a sharp sign
1585 The second form is processed by the
1590 package does not work.
1592 or the Berkeley DB library.
1593 This form is in the file
1594 .i /etc/mail/aliases.db
1597 .i /etc/mail/aliases.dir
1599 .i /etc/mail/aliases.pag
1601 This is the form that
1603 actually uses to resolve aliases.
1604 This technique is used to improve performance.
1606 The control of search order is actually set by the service switch.
1607 Essentially, the entry
1609 O AliasFile=switch:aliases
1611 is always added as the first alias entry;
1612 also, the first alias file name without a class
1616 will be used as the name of the file for a ``files'' entry
1617 in the aliases switch.
1618 For example, if the configuration file contains
1620 O AliasFile=/etc/mail/aliases
1622 and the service switch contains
1624 aliases nis files nisplus
1626 then aliases will first be searched in the NIS database,
1627 then in /etc/mail/aliases,
1628 then in the NIS+ database.
1633 For example, the specification:
1635 O AliasFile=/etc/mail/aliases
1636 O AliasFile=nis:mail.aliases@my.nis.domain
1638 will first search the /etc/mail/aliases file
1639 and then the map named
1643 Warning: if you build your own
1646 be sure to provide the
1650 to map upper case letters in the keys to lower case;
1651 otherwise, aliases with upper case letters in their names
1652 won't match incoming addresses.
1654 Additional flags can be added after the colon
1657 line \(em for example:
1659 O AliasFile=nis:\-N mail.aliases@my.nis.domain
1661 will search the appropriate NIS map and always include null bytes in the key.
1664 O AliasFile=nis:\-f mail.aliases@my.nis.domain
1666 will prevent sendmail from downcasing the key before the alias lookup.
1667 .sh 3 "Rebuilding the alias database"
1673 version of the database
1674 may be rebuilt explicitly by executing the command
1678 This is equivalent to giving
1684 /usr/\*(SD/sendmail \-bi
1687 If you have multiple aliases databases specified,
1690 flag rebuilds all the database types it understands
1691 (for example, it can rebuild NDBM databases but not NIS databases).
1692 .sh 3 "Potential problems"
1694 There are a number of problems that can occur
1695 with the alias database.
1696 They all result from a
1698 process accessing the DBM version
1699 while it is only partially built.
1700 This can happen under two circumstances:
1701 One process accesses the database
1702 while another process is rebuilding it,
1703 or the process rebuilding the database dies
1704 (due to being killed or a system crash)
1705 before completing the rebuild.
1707 Sendmail has three techniques to try to relieve these problems.
1708 First, it ignores interrupts while rebuilding the database;
1709 this avoids the problem of someone aborting the process
1710 leaving a partially rebuilt database.
1712 it locks the database source file during the rebuild \(em
1713 but that may not work over NFS or if the file is unwritable.
1715 at the end of the rebuild
1716 it adds an alias of the form
1720 (which is not normally legal).
1723 will access the database,
1724 it checks to insure that this entry exists\**.
1728 option is required in the configuration
1729 for this action to occur.
1730 This should normally be specified.
1734 If an error occurs on sending to a certain address,
1738 will look for an alias
1741 to receive the errors.
1742 This is typically useful
1744 where the submitter of the list
1745 has no control over the maintenance of the list itself;
1746 in this case the list maintainer would be the owner of the list.
1749 unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
1751 owner-unix-wizards: unix-wizards-request
1752 unix-wizards-request: eric@ucbarpa
1756 to get the error that will occur
1757 when someone sends to
1759 due to the inclusion of
1763 List owners also cause the envelope sender address to be modified.
1764 The contents of the owner alias are used if they point to a single user,
1765 otherwise the name of the alias itself is used.
1766 For this reason, and to obey Internet conventions,
1769 address normally points at the
1771 address; this causes messages to go out with the typical Internet convention
1774 as the return address.
1775 .sh 2 "User Information Database"
1777 This option is deprecated, use virtusertable and genericstable instead
1780 If you have a version of
1782 with the user information database
1784 and you have specified one or more databases using the
1787 the databases will be searched for a
1790 If found, the mail will be sent to the specified address.
1791 .sh 2 "Per-User Forwarding (.forward Files)"
1793 As an alternative to the alias database,
1794 any user may put a file with the name
1796 in his or her home directory.
1797 If this file exists,
1799 redirects mail for that user
1800 to the list of addresses listed in the .forward file.
1801 Note that aliases are fully expanded before forward files are referenced.
1802 For example, if the home directory for user
1804 has a .forward file with contents:
1809 then any mail arriving for
1811 will be redirected to the specified accounts.
1813 Actually, the configuration file defines a sequence of filenames to check.
1814 By default, this is the user's .forward file,
1815 but can be defined to be more generally using the
1819 you will have to inform your user base of the change;
1820 \&.forward is pretty well incorporated into the collective subconscious.
1821 .sh 2 "Special Header Lines"
1823 Several header lines have special interpretations
1824 defined by the configuration file.
1825 Others have interpretations built into
1827 that cannot be changed without changing the code.
1828 These built-ins are described here.
1831 If errors occur anywhere during processing,
1832 this header will cause error messages to go to
1833 the listed addresses.
1834 This is intended for mailing lists.
1836 The Errors-To: header was created in the bad old days
1837 when UUCP didn't understand the distinction between an envelope and a header;
1838 this was a hack to provide what should now be passed
1839 as the envelope sender address.
1841 It is only used if the
1845 The Errors-To: header is officially deprecated
1846 and will go away in a future release.
1847 .sh 3 "Apparently-To:"
1849 RFC 822 requires at least one recipient field
1850 (To:, Cc:, or Bcc: line)
1852 If a message comes in with no recipients listed in the message
1855 will adjust the header based on the
1856 .q NoRecipientAction
1858 One of the possible actions is to add an
1860 header line for any recipients it is aware of.
1862 The Apparently-To: header is non-standard
1863 and is both deprecated and strongly discouraged.
1866 The Precedence: header can be used as a crude control of message priority.
1867 It tweaks the sort order in the queue
1868 and can be configured to change the message timeout values.
1869 The precedence of a message also controls how
1870 delivery status notifications (DSNs)
1871 are processed for that message.
1872 .sh 2 "IDENT Protocol Support"
1875 supports the IDENT protocol as defined in RFC 1413.
1876 Note that the RFC states
1877 a client should wait at least 30 seconds for a response.
1878 The default Timeout.ident is 5 seconds
1879 as many sites have adopted the practice of dropping IDENT queries.
1880 This has lead to delays processing mail.
1881 Although this enhances identification
1882 of the author of an email message
1883 by doing a ``call back'' to the originating system to include
1884 the owner of a particular TCP connection
1886 it is in no sense perfect;
1887 a determined forger can easily spoof the IDENT protocol.
1888 The following description is excerpted from RFC 1413:
1891 6. Security Considerations
1893 The information returned by this protocol is at most as trustworthy
1894 as the host providing it OR the organization operating the host. For
1895 example, a PC in an open lab has few if any controls on it to prevent
1896 a user from having this protocol return any identifier the user
1897 wants. Likewise, if the host has been compromised the information
1898 returned may be completely erroneous and misleading.
1900 The Identification Protocol is not intended as an authorization or
1901 access control protocol. At best, it provides some additional
1902 auditing information with respect to TCP connections. At worst, it
1903 can provide misleading, incorrect, or maliciously incorrect
1906 The use of the information returned by this protocol for other than
1907 auditing is strongly discouraged. Specifically, using Identification
1908 Protocol information to make access control decisions - either as the
1909 primary method (i.e., no other checks) or as an adjunct to other
1910 methods may result in a weakening of normal host security.
1912 An Identification server may reveal information about users,
1913 entities, objects or processes which might normally be considered
1914 private. An Identification server provides service which is a rough
1915 analog of the CallerID services provided by some phone companies and
1916 many of the same privacy considerations and arguments that apply to
1917 the CallerID service apply to Identification. If you wouldn't run a
1918 "finger" server due to privacy considerations you may not want to run
1922 In some cases your system may not work properly with IDENT support
1923 due to a bug in the TCP/IP implementation.
1924 The symptoms will be that for some hosts
1925 the SMTP connection will be closed
1927 If this is true or if you do not want to use IDENT,
1928 you should set the IDENT timeout to zero;
1929 this will disable the IDENT protocol.
1932 The complete list of arguments to
1934 is described in detail in Appendix A.
1935 Some important arguments are described here.
1936 .sh 2 "Queue Interval"
1938 The amount of time between forking a process
1939 to run through the queue is defined by the
1942 If you run with delivery mode set to
1946 this can be relatively large, since it will only be relevant
1947 when a host that was down comes back up.
1950 mode it should be relatively short,
1951 since it defines the maximum amount of time that a message
1952 may sit in the queue.
1953 (See also the MinQueueAge option.)
1955 RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
1956 (although that probably doesn't make sense if you use ``queue-only'' mode).
1958 Notice: the meaning of the interval time depends on whether normal
1959 queue runners or persistent queue runners are used.
1960 For the former, it is the time between subsequent starts of a queue run.
1961 For the latter, it is the time sendmail waits after a persistent queue
1962 runner has finished its work to start the next one.
1963 Hence for persistent queue runners this interval should be very low,
1964 typically no more than two minutes.
1967 If you allow incoming mail over an IPC connection,
1968 you should have a daemon running.
1969 This should be set by your
1978 flag may be combined in one call:
1980 /usr/\*(SD/sendmail \-bd \-q30m
1983 An alternative approach is to invoke sendmail from
1987 flags to ask sendmail to speak SMTP on its standard input and output
1989 This works and allows you to wrap
1991 in a TCP wrapper program,
1992 but may be a bit slower since the configuration file
1993 has to be re-read on every message that comes in.
1994 If you do this, you still need to have a
1996 running to flush the queue:
1998 /usr/\*(SD/sendmail \-q30m
2000 .sh 2 "Forcing the Queue"
2002 In some cases you may find that the queue has gotten clogged for some reason.
2003 You can force a queue run
2006 flag (with no value).
2007 It is entertaining to use the
2010 when this is done to watch what happens:
2012 /usr/\*(SD/sendmail \-q \-v
2015 You can also limit the jobs to those with a particular queue identifier,
2016 recipient, sender, or queue group
2017 using one of the queue modifiers.
2020 restricts the queue run to jobs that have the string
2022 somewhere in one of the recipient addresses.
2025 limits the run to particular senders,
2027 limits it to particular queue identifiers, and
2029 limits it to a particular queue group.
2030 The named queue group will be run even if it is set to have 0 runners.
2031 You may also place an
2039 to indicate that jobs are limited to not including a particular queue
2040 identifier, recipient or sender.
2043 limits the queue run to jobs that do not have the string
2045 somewhere in one of the recipient addresses.
2046 Should you need to terminate the queue jobs currently active then a SIGTERM
2047 to the parent of the process (or processes) will cleanly stop the jobs.
2050 There are a fairly large number of debug flags
2053 Each debug flag has a category and a level.
2054 Higher levels increase the level of debugging activity;
2055 in most cases, this means to print out more information.
2056 The convention is that levels greater than nine are
2059 they print out so much information that you wouldn't normally
2060 want to see them except for debugging that particular piece of code.
2064 run a production sendmail server in debug mode.
2065 Many of the debug flags will result in debug output being sent over the
2067 This will confuse many mail programs.
2068 However, for testing purposes, it can be useful
2069 when sending mail manually via
2070 telnet to the port you are using while debugging.
2072 A debug category is either an integer, like 42,
2073 or a name, like ANSI.
2074 You can specify a range of numeric debug categories
2075 using the syntax 17-42.
2076 You can specify a set of named debug categories using
2083 are supported in these glob patterns.
2085 Debug flags are set using the
2090 .ta \w'debug-categories:M 'u
2091 debug-flag: \fB\-d\fP debug-list
2092 debug-list: debug-option [ , debug-option ]*
2093 debug-option: debug-categories [ . debug-level ]
2094 debug-categories: integer | integer \- integer | category-pattern
2095 category-pattern: [a-zA-Z_*?][a-zA-Z0-9_*?]*
2096 debug-level: integer
2098 where spaces are for reading ease only.
2101 \-d12 Set category 12 to level 1
2102 \-d12.3 Set category 12 to level 3
2103 \-d3\-17 Set categories 3 through 17 to level 1
2104 \-d3\-17.4 Set categories 3 through 17 to level 4
2105 \-dANSI Set category ANSI to level 1
2106 \-dsm_trace_*.3 Set all named categories matching sm_trace_* to level 3
2108 For a complete list of the available debug flags
2109 you will have to look at the code
2112 file in the sendmail distribution
2113 (they are too dynamic to keep this document up to date).
2114 For a list of named debug categories in the sendmail binary, use
2116 ident /usr/sbin/sendmail | grep Debug
2118 .sh 2 "Changing the Values of Options"
2120 Options can be overridden using the
2127 /usr/\*(SD/sendmail \-oT2m
2131 (timeout) option to two minutes
2133 the equivalent line using the long option name is
2135 /usr/\*(SD/sendmail -OTimeout.queuereturn=2m
2138 Some options have security implications.
2139 Sendmail allows you to set these,
2140 but relinquishes its set-user-ID or set-group-ID permissions thereafter\**.
2142 \**That is, it sets its effective uid to the real uid;
2143 thus, if you are executing as root,
2144 as from root's crontab file or during system startup
2145 the root permissions will still be honored.
2147 .sh 2 "Trying a Different Configuration File"
2149 An alternative configuration file
2150 can be specified using the
2154 /usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
2156 uses the configuration file
2158 instead of the default
2159 .i /etc/mail/sendmail.cf.
2165 in the current directory.
2168 gives up set-user-ID root permissions
2169 (if it has been installed set-user-ID root)
2170 when you use this flag, so it is common to use a publicly writable directory
2172 as the queue directory (QueueDirectory or Q option) while testing.
2173 .sh 2 "Logging Traffic"
2175 Many SMTP implementations do not fully implement the protocol.
2176 For example, some personal computer based SMTPs
2177 do not understand continuation lines in reply codes.
2178 These can be very hard to trace.
2179 If you suspect such a problem, you can set traffic logging using the
2184 /usr/\*(SD/sendmail \-X /tmp/traffic \-bd
2186 will log all traffic in the file
2189 This logs a lot of data very quickly and should
2192 during normal operations.
2193 After starting up such a daemon,
2194 force the errant implementation to send a message to your host.
2195 All message traffic in and out of
2197 including the incoming SMTP traffic,
2198 will be logged in this file.
2199 .sh 2 "Testing Configuration Files"
2201 When you build a configuration table,
2202 you can do a certain amount of testing
2212 sendmail \-bt \-Ctest.cf
2214 which would read the configuration file
2216 and enter test mode.
2218 you enter lines of the form:
2224 is the rewriting set you want to use
2227 is an address to apply the set to.
2228 Test mode shows you the steps it takes
2230 finally showing you the address it ends up with.
2231 You may use a comma separated list of rwsets
2232 for sequential application of rules to an input.
2235 3,1,21,4 monet:bollard
2237 first applies ruleset three to the input
2239 Ruleset one is then applied to the output of ruleset three,
2240 followed similarly by rulesets twenty-one and four.
2242 If you need more detail,
2243 you can also use the
2245 flag to turn on more debugging.
2248 sendmail \-bt \-d21.99
2250 turns on an incredible amount of information;
2251 a single word address
2252 is probably going to print out several pages worth of information.
2254 You should be warned that internally,
2256 applies ruleset 3 to all addresses.
2258 you will have to do that manually.
2259 For example, older versions allowed you to use
2261 0 bruce@broadcast.sony.com
2263 This version requires that you use:
2265 3,0 bruce@broadcast.sony.com
2269 some other syntaxes are available in test mode:
2274 to have the indicated
2276 This is useful when debugging rules that use the
2286 dumps the contents of the indicated ruleset.
2288 is equivalent to the command-line flag.
2290 Version 8.9 introduced more features:
2293 shows a help message.
2295 display the known mailers.
2297 print the value of macro m.
2299 print the contents of class c.
2301 returns the MX records for `host'.
2303 parse address, returning the value of
2305 and the parsed address.
2306 .ip /try\ mailer\ addr
2307 rewrite address into the form it will have when
2308 presented to the indicated mailer.
2309 .ip /tryflags\ flags
2310 set flags used by parsing. The flags can be `H' for
2311 Header or `E' for Envelope, and `S' for Sender or `R'
2312 for Recipient. These can be combined, `HR' sets
2313 flags for header recipients.
2314 .ip /canon\ hostname
2315 try to canonify hostname.
2316 .ip /map\ mapname\ key
2317 look up `key' in the indicated `mapname'.
2319 quit address test mode.
2321 .sh 2 "Persistent Host Status Information"
2324 .b HostStatusDirectory
2326 information about the status of hosts is maintained on disk
2327 and can thus be shared between different instantiations of
2329 The status of the last connection with each remote host
2330 may be viewed with the command:
2334 This information may be flushed with the command:
2338 Flushing the information prevents new
2340 processes from loading it,
2341 but does not prevent existing processes from using the status information
2342 that they already have.
2345 There are a number of configuration parameters
2346 you may want to change,
2347 depending on the requirements of your site.
2348 Most of these are set
2349 using an option in the configuration file.
2352 .q "O Timeout.queuereturn=5d"
2354 .q Timeout.queuereturn
2359 Most of these options have appropriate defaults for most sites.
2361 sites having very high mail loads may find they need to tune them
2362 as appropriate for their mail load.
2364 sites experiencing a large number of small messages,
2365 many of which are delivered to many recipients,
2366 may find that they need to adjust the parameters
2367 dealing with queue priorities.
2372 had single character option names.
2374 options have long (multi-character names).
2375 Although old short names are still accepted,
2376 most new options do not have short equivalents.
2378 This section only describes the options you are most likely
2386 All time intervals are set
2387 using a scaled syntax.
2390 represents ten minutes, whereas
2392 represents two and a half hours.
2393 The full set of scales is:
2402 .sh 3 "Queue interval"
2406 flag specifies how often a sub-daemon will run the queue.
2407 This is typically set to between fifteen minutes and one hour.
2408 If not set, or set to zero,
2409 the queue will not be run automatically.
2410 RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
2411 Should you need to terminate the queue jobs currently active then a SIGTERM
2412 to the parent of the process (or processes) will cleanly stop the jobs.
2413 .sh 3 "Read timeouts"
2415 Timeouts all have option names
2416 .q Timeout.\fIsuboption\fP .
2417 Most of these control SMTP operations.
2420 their default values, and the minimum values
2421 allowed by RFC 2821 section 4.5.3.2 (or RFC 1123 section 5.3.2) are:
2424 The time to wait for an SMTP connection to open
2429 If zero, uses the kernel default.
2430 In no case can this option extend the timeout
2431 longer than the kernel provides, but it can shorten it.
2432 This is to get around kernels that provide an absurdly long connection timeout
2433 (90 minutes in one case).
2437 except it applies only to the initial attempt to connect to a host
2440 The concept is that this should be very short (a few seconds);
2441 hosts that are well connected and responsive will thus be serviced immediately.
2442 Hosts that are slow will not hold up other deliveries in the initial
2446 The overall timeout waiting for all connection for a single delivery
2448 If 0, no overall limit is applied.
2449 This can be used to restrict the total amount of time trying to connect to
2450 a long list of host that could accept an e-mail for the recipient.
2451 This timeout does not apply to
2453 i.e., if the time is exhausted, the
2457 The wait for the initial 220 greeting message
2460 The wait for a reply from a HELO or EHLO command
2462 This may require a host name lookup, so
2463 five minutes is probably a reasonable minimum.
2465 The wait for a reply from a MAIL command
2468 The wait for a reply from a RCPT command
2471 because it could be pointing at a list
2472 that takes a long time to expand
2475 The wait for a reply from a DATA command
2477 .ip datablock\(dg\(dd
2478 The wait for reading a data block
2479 (that is, the body of the message).
2481 This should be long because it also applies to programs
2484 which have no guarantee of promptness.
2486 The wait for a reply from the dot terminating a message.
2488 If this is shorter than the time actually needed
2489 for the receiver to deliver the message,
2490 duplicates will be generated.
2491 This is discussed in RFC 1047.
2493 The wait for a reply from a RSET command
2496 The wait for a reply from a QUIT command
2499 The wait for a reply from miscellaneous (but short) commands
2500 such as NOOP (no-operation) and VERB (go into verbose mode).
2504 the time to wait for another command.
2507 The timeout waiting for a reply to an IDENT query
2508 [5s\**, unspecified].
2510 \**On some systems the default is zero to turn the protocol off entirely.
2513 The wait for a reply to an LMTP LHLO command
2516 The timeout for a reply in an SMTP AUTH dialogue
2519 The timeout for a reply to an SMTP STARTTLS command and the TLS handshake
2522 The timeout for opening .forward and :include: files [60s, none].
2524 The timeout for a complete control socket transaction to complete [2m, none].
2526 How long status information about a host
2528 will be cached before it is considered stale
2530 .ip resolver.retrans\(dd
2532 retransmission time interval
2536 .i Timeout.resolver.retrans.first
2538 .i Timeout.resolver.retrans.normal .
2539 .ip resolver.retrans.first\(dd
2541 retransmission time interval
2543 for the first attempt to
2546 .ip resolver.retrans.normal\(dd
2548 retransmission time interval
2550 for all resolver lookups
2551 except the first delivery attempt
2553 .ip resolver.retry\(dd
2555 to retransmit a resolver query.
2557 .i Timeout.resolver.retry.first
2559 .i Timeout.resolver.retry.normal
2561 .ip resolver.retry.first\(dd
2563 to retransmit a resolver query
2564 for the first attempt
2565 to deliver a message
2567 .ip resolver.retry.normal\(dd
2569 to retransmit a resolver query
2570 for all resolver lookups
2571 except the first delivery attempt
2574 For compatibility with old configuration files,
2578 all the timeouts marked with
2580 (\(dg) are set to the indicated value.
2581 All but those marked with
2583 (\(dd) apply to client SMTP.
2585 For example, the lines:
2587 O Timeout.command=25m
2588 O Timeout.datablock=3h
2590 sets the server SMTP command timeout to 25 minutes
2591 and the input data block timeout to three hours.
2592 .sh 3 "Message timeouts"
2594 After sitting in the queue for a few days,
2595 an undeliverable message will time out.
2596 This is to insure that at least the sender is aware
2597 of the inability to send a message.
2598 The timeout is typically set to five days.
2599 It is sometimes considered convenient to also send a warning message
2600 if the message is in the queue longer than a few hours
2601 (assuming you normally have good connectivity;
2602 if your messages normally took several hours to send
2603 you wouldn't want to do this because it wouldn't be an unusual event).
2604 These timeouts are set using the
2605 .b Timeout.queuereturn
2607 .b Timeout.queuewarn
2608 options in the configuration file
2609 (previously both were set using the
2613 If the message is submitted using the
2617 warning messages will only be sent if
2620 The queuereturn and queuewarn timeouts
2621 can be further qualified with a tag based on the Precedence: field
2625 (indicating a positive non-zero precedence)
2627 (indicating a zero precedence), or
2629 (indicating negative precedences).
2630 For example, setting
2631 .q Timeout.queuewarn.urgent=1h
2632 sets the warning timeout for urgent messages only
2634 The default if no precedence is indicated
2635 is to set the timeout for all precedences.
2636 The value "now" can be used for
2637 -O Timeout.queuereturn
2638 to return entries immediately during a queue run,
2639 e.g., to bounce messages independent of their time in the queue.
2641 Since these options are global,
2642 and since you cannot know
2644 how long another host outside your domain will be down,
2645 a five day timeout is recommended.
2646 This allows a recipient to fix the problem even if it occurs
2647 at the beginning of a long weekend.
2648 RFC 1123 section 5.3.1.1 says that this parameter
2649 should be ``at least 4\-5 days''.
2652 .b Timeout.queuewarn
2653 value can be piggybacked on the
2655 option by indicating a time after which
2656 a warning message should be sent;
2657 the two timeouts are separated by a slash.
2658 For example, the line
2662 causes email to fail after five days,
2663 but a warning message will be sent after four hours.
2664 This should be large enough that the message will have been tried
2666 .sh 2 "Forking During Queue Runs"
2674 will fork before each individual message
2675 while running the queue.
2676 This option was used with earlier releases to prevent
2678 from consuming large amounts of memory.
2679 It should no longer be necessary with
2686 will keep track of hosts that are down during a queue run,
2687 which can improve performance dramatically.
2693 cannot use connection caching.
2694 .sh 2 "Queue Priorities"
2696 Every message is assigned a priority when it is first instantiated,
2697 consisting of the message size (in bytes)
2698 offset by the message class
2699 (which is determined from the Precedence: header)
2701 .q "work class factor"
2702 and the number of recipients times the
2703 .q "work recipient factor."
2704 The priority is used to order the queue.
2705 Higher numbers for the priority mean that the message will be processed later
2706 when running the queue.
2708 The message size is included so that large messages are penalized
2709 relative to small messages.
2710 The message class allows users to send
2712 messages by including a
2714 field in their message;
2715 the value of this field is looked up in the
2717 lines of the configuration file.
2718 Since the number of recipients affects the amount of load a message presents
2720 this is also included into the priority.
2722 The recipient and class factors
2723 can be set in the configuration file using the
2731 options respectively.
2732 They default to 30000 (for the recipient factor)
2734 (for the class factor).
2735 The initial priority is:
2737 pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
2739 (Remember, higher values for this parameter actually mean
2740 that the job will be treated with lower priority.)
2742 The priority of a job can also be adjusted each time it is processed
2743 (that is, each time an attempt is made to deliver it)
2745 .q "work time factor,"
2751 This is added to the priority,
2752 so it normally decreases the precedence of the job,
2753 on the grounds that jobs that have failed many times
2754 will tend to fail again in the future.
2757 option defaults to 90000.
2758 .sh 2 "Load Limiting"
2761 can be asked to queue (but not deliver) mail
2762 if the system load average gets too high using the
2767 When the load average exceeds the value of the
2769 option, the delivery mode is set to
2775 option divided by the difference in the current load average and the
2778 is less than the priority of the message \(em
2779 that is, the message is queued iff:
2781 pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
2785 option defaults to 600000,
2786 so each point of load average is worth 600000 priority points
2787 (as described above).
2789 For drastic cases, the
2793 option defines a load average at which
2795 will refuse to accept network connections.
2796 Locally generated mail, i.e., mail which is not submitted via SMTP
2797 (including incoming UUCP mail),
2799 Notice that the MSP submits mail to the MTA via SMTP, and hence
2800 mail will be queued in the client queue in such a case.
2801 Therefore it is necessary to run the client mail queue periodically.
2802 .sh 2 "Resource Limits"
2805 has several parameters to control resource usage.
2806 Besides those mentionted in the previous section, there are at least
2807 .b MaxDaemonChildren ,
2808 .b ConnectionRateThrottle ,
2809 .b MaxQueueChildren ,
2811 .b MaxRunnersPerQueue .
2812 The latter two limit the number of
2814 processes that operate on the queue.
2815 These are discussed in the section
2816 ``Queue Group Declaration''.
2817 The former two can be used to limit the number of incoming connections.
2818 Their appropriate values depend on the host operating system and
2819 the hardware, e.g., amount of memory.
2820 In many situations it might be useful to set limits to prevent
2823 processes, however, these limits can be abused to mount a
2824 denial of service attack.
2826 .b MaxDaemonChildren=10
2827 then an attacker needs to open only 10 SMTP sessions to the server,
2828 leave them idle for most of the time,
2829 and no more connections will be accepted.
2830 .sh 2 "Delivery Mode"
2832 There are a number of delivery modes that
2839 configuration option.
2841 specify how quickly mail will be delivered.
2845 i deliver interactively (synchronously)
2846 b deliver in background (asynchronously)
2847 q queue only (don't deliver)
2848 d defer delivery attempts (don't deliver)
2850 There are tradeoffs.
2853 gives the sender the quickest feedback,
2854 but may slow down some mailers and
2855 is hardly ever necessary.
2858 delivers promptly but
2859 can cause large numbers of processes
2860 if you have a mailer that takes a long time to deliver a message.
2863 minimizes the load on your machine,
2864 but means that delivery may be delayed for up to the queue interval.
2867 is identical to mode
2869 except that it also prevents lookups in maps including the
2871 flag from working during the initial queue phase;
2872 it is intended for ``dial on demand'' sites where DNS lookups
2873 might cost real money.
2874 Some simple error messages
2875 (e.g., host unknown during the SMTP protocol)
2876 will be delayed using this mode.
2879 is the usual default.
2888 (deliver in background)
2890 will not expand aliases and follow .forward files
2891 upon initial receipt of the mail.
2892 This speeds up the response to RCPT commands.
2895 should not be used by the SMTP server.
2898 The level of logging can be set for
2900 The default using a standard configuration table is level 9.
2901 The levels are as follows:
2906 Serious system failures and potential security problems.
2908 Lost communications (network problems) and protocol failures.
2910 Other serious failures, malformed addresses, transient forward/include
2911 errors, connection timeouts.
2913 Minor failures, out of date alias databases, connection rejections
2914 via check_ rulesets.
2916 Message collection statistics.
2918 Creation of error messages,
2919 VRFY and EXPN commands.
2921 Delivery failures (host or user unknown, etc.).
2923 Successful deliveries and alias database rebuilds.
2925 Messages being deferred
2926 (due to a host being down, etc.).
2928 Database expansion (alias, forward, and userdb lookups)
2929 and authentication information.
2931 NIS errors and end of job processing.
2933 Logs all SMTP connections.
2935 Log bad user shells, files with improper permissions, and other
2936 questionable situations.
2938 Logs refused connections.
2940 Log all incoming and outgoing SMTP commands.
2942 Logs attempts to run locked queue files.
2943 These are not errors,
2944 but can be useful to note if your queue appears to be clogged.
2946 Lost locks (only if using lockf instead of flock).
2949 values above 64 are reserved for extremely verbose debugging output.
2950 No normal site would ever set these.
2953 The modes used for files depend on what functionality you want
2954 and the level of security you require.
2957 does careful checking of the modes
2958 of files and directories
2959 to avoid accidental compromise;
2960 if you want to make it possible to have group-writable support files
2961 you may need to use the
2962 .b DontBlameSendmail
2963 option to turn off some of these checks.
2964 .sh 3 "To suid or not to suid?"
2967 is no longer installed
2968 set-user-ID to root.
2970 explains how to configure and install
2972 without set-user-ID to root but set-group-ID
2973 which is the default configuration starting with 8.12.
2975 The daemon usually runs as root, unless other measures are taken.
2981 it checks to see if the userid is zero (root);
2983 it resets the userid and groupid to a default
2986 equate in the mailer line;
2987 if that is not set, the
2990 This can be overridden
2994 for mailers that are trusted
2995 and must be called as root.
2997 this will cause mail processing
3002 rather than to the user sending the mail.
3004 A middle ground is to set the
3009 to become the indicated user as soon as it has done the startup
3010 that requires root privileges
3011 (primarily, opening the
3018 .i /var/spool/mqueue )
3019 should be owned by that user,
3020 and all files and databases
3026 and external databases)
3027 must be readable by that user.
3028 Also, since sendmail will not be able to change it's uid,
3029 delivery to programs or files will be marked as unsafe,
3030 e.g., undeliverable,
3034 and :include: files.
3035 Administrators can override this by setting the
3036 .b DontBlameSendmail
3037 option to the setting
3038 .b NonRootSafeAddr .
3040 is probably best suited for firewall configurations
3041 that don't have regular user logins.
3042 If the option is used on a system which performs local delivery,
3043 then the local delivery agent must have the proper permissions
3044 (i.e., usually set-user-ID root)
3045 since it will be invoked by the
3048 .sh 3 "Turning off security checks"
3051 is very particular about the modes of files that it reads or writes.
3052 For example, by default it will refuse to read most files
3053 that are group writable
3054 on the grounds that they might have been tampered with
3055 by someone other than the owner;
3056 it will even refuse to read files in group writable directories.
3057 Also, sendmail will refuse to create a new aliases database in an
3058 unsafe directory. You can get around this by manually creating the
3059 database file as a trusted user ahead of time and then rebuilding the
3060 aliases database with
3065 sure that your configuration is safe and you want
3067 to avoid these security checks,
3068 you can turn off certain checks using the
3069 .b DontBlameSendmail
3071 This option takes one or more names that disable checks.
3072 In the descriptions that follow,
3073 .q "unsafe directory"
3074 means a directory that is writable by anyone other than the owner.
3078 No special handling.
3082 system call is restricted to root.
3083 Since some versions of UNIX permit regular users
3084 to give away their files to other users on some filesystems,
3086 often cannot assume that a given file was created by the owner,
3087 particularly when it is in a writable directory.
3088 You can set this flag if you know that file giveaway is restricted
3090 .ip ClassFileInUnsafeDirPath
3091 When reading class files (using the
3093 line in the configuration file),
3094 allow files that are in unsafe directories.
3095 .ip DontWarnForwardFileInUnsafeDirPath
3097 unsafe directory path warnings
3098 for non-existent forward files.
3099 .ip ErrorHeaderInUnsafeDirPath
3100 Allow the file named in the
3102 option to be in an unsafe directory.
3103 .ip FileDeliveryToHardLink
3104 Allow delivery to files that are hard links.
3105 .ip FileDeliveryToSymLink
3106 Allow delivery to files that are symbolic links.
3107 .ip ForwardFileInGroupWritableDirPath
3110 files in group writable directories.
3111 .ip ForwardFileInUnsafeDirPath
3114 files in unsafe directories.
3115 .ip ForwardFileInUnsafeDirPathSafe
3118 file that is in an unsafe directory to include references
3119 to program and files.
3120 .ip GroupReadableKeyFile
3121 Accept a group-readable key file for STARTTLS.
3122 .ip GroupReadableSASLDBFile
3123 Accept a group-readable Cyrus SASL password file.
3124 .ip GroupWritableAliasFile
3125 Allow group-writable alias files.
3126 .ip GroupWritableDirPathSafe
3127 Change the definition of
3128 .q "unsafe directory"
3129 to consider group-writable directories to be safe.
3130 World-writable directories are always unsafe.
3131 .ip GroupWritableForwardFile
3132 Allow group writable
3135 .ip GroupWritableForwardFileSafe
3136 Accept group-writable
3138 files as safe for program and file delivery.
3139 .ip GroupWritableIncludeFile
3143 .ip GroupWritableIncludeFileSafe
3144 Accept group-writable
3146 files as safe for program and file delivery.
3147 .ip GroupWritableSASLDBFile
3148 Accept a group-writable Cyrus SASL password file.
3149 .ip HelpFileInUnsafeDirPath
3150 Allow the file named in the
3152 option to be in an unsafe directory.
3153 .ip IncludeFileInGroupWritableDirPath
3156 files in group writable directories.
3157 .ip IncludeFileInUnsafeDirPath
3160 files in unsafe directories.
3161 .ip IncludeFileInUnsafeDirPathSafe
3164 file that is in an unsafe directory to include references
3165 to program and files.
3166 .ip InsufficientEntropy
3167 Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded
3168 despite the security problems.
3169 .ip LinkedAliasFileInWritableDir
3170 Allow an alias file that is a link in a writable directory.
3171 .ip LinkedClassFileInWritableDir
3172 Allow class files that are links in writable directories.
3173 .ip LinkedForwardFileInWritableDir
3176 files that are links in writable directories.
3177 .ip LinkedIncludeFileInWritableDir
3180 files that are links in writable directories.
3181 .ip LinkedMapInWritableDir
3182 Allow map files that are links in writable directories.
3183 This includes alias database files.
3184 .ip LinkedServiceSwitchFileInWritableDir
3185 Allow the service switch file to be a link
3186 even if the directory is writable.
3187 .ip MapInUnsafeDirPath
3194 in unsafe directories.
3195 This includes alias database files.
3197 Do not mark file and program deliveries as unsafe
3198 if sendmail is not running with root privileges.
3199 .ip RunProgramInUnsafeDirPath
3200 Run programs that are in writable directories without logging a warning.
3201 .ip RunWritableProgram
3202 Run programs that are group- or world-writable without logging a warning.
3204 Allow group or world writable directories
3205 if the sticky bit is set on the directory.
3206 Do not set this on systems which do not honor
3207 the sticky bit on directories.
3208 .ip WorldWritableAliasFile
3209 Accept world-writable alias files.
3210 .ip WorldWritableForwardfile
3211 Allow world writable
3214 .ip WorldWritableIncludefile
3218 .ip WriteMapToHardLink
3219 Allow writes to maps that are hard links.
3220 .ip WriteMapToSymLink
3221 Allow writes to maps that are symbolic links.
3222 .ip WriteStatsToHardLink
3223 Allow the status file to be a hard link.
3224 .ip WriteStatsToSymLink
3225 Allow the status file to be a symbolic link.
3226 .sh 2 "Connection Caching"
3228 When processing the queue,
3230 will try to keep the last few open connections open
3231 to avoid startup and shutdown costs.
3232 This only applies to IPC connections.
3234 When trying to open a connection
3235 the cache is first searched.
3236 If an open connection is found, it is probed to see if it is still active
3240 It is not an error if this fails;
3241 instead, the connection is closed and reopened.
3243 Two parameters control the connection cache.
3245 .b ConnectionCacheSize
3248 option defines the number of simultaneous open connections
3249 that will be permitted.
3250 If it is set to zero,
3251 connections will be closed as quickly as possible.
3253 This should be set as appropriate for your system size;
3254 it will limit the amount of system resources that
3256 will use during queue runs.
3257 Never set this higher than 4.
3260 .b ConnectionCacheTimeout
3263 option specifies the maximum time that any cached connection
3264 will be permitted to idle.
3265 When the idle time exceeds this value
3266 the connection is closed.
3267 This number should be small
3269 to prevent you from grabbing too many resources
3271 The default is five minutes.
3272 .sh 2 "Name Server Access"
3274 Control of host address lookups is set by the
3276 service entry in your service switch file.
3277 If you are on a system that has built-in service switch support
3278 (e.g., Ultrix, Solaris, or DEC OSF/1)
3279 then your system is probably configured properly already.
3282 will consult the file
3283 .b /etc/mail/service.switch ,
3284 which should be created.
3286 only uses two entries:
3290 although system routines may use other services
3293 service for user name lookups by
3296 However, some systems (such as SunOS 4.X)
3298 regardless of the setting of the service switch entry.
3299 In particular, the system routine
3300 .i gethostbyname (3)
3301 is used to look up host names,
3302 and many vendor versions try some combination of DNS, NIS,
3303 and file lookup in /etc/hosts
3304 without consulting a service switch.
3306 makes no attempt to work around this problem,
3307 and the DNS lookup will be done anyway.
3308 If you do not have a nameserver configured at all,
3309 such as at a UUCP-only site,
3312 .q "connection refused"
3313 message when it tries to connect to the name server.
3316 switch entry has the service
3318 listed somewhere in the list,
3320 will interpret this to mean a temporary failure
3321 and will queue the mail for later processing;
3322 otherwise, it ignores the name server data.
3324 The same technique is used to decide whether to do MX lookups.
3325 If you want MX support, you
3329 listed as a service in the
3337 option allows you to tweak name server options.
3338 The command line takes a series of flags as documented in
3343 Each can be preceded by an optional `+' or `\(mi'.
3344 For example, the line
3346 O ResolverOptions=+AAONLY \(miDNSRCH
3348 turns on the AAONLY (accept authoritative answers only)
3349 and turns off the DNSRCH (search the domain path) options.
3350 Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
3351 flags on and all others off.
3352 If NETINET6 is enabled, most libraries default to USE_INET6 as well.
3353 You can also include
3355 to specify that there is a wildcard MX record matching your domain;
3356 this turns off MX matching when canonifying names,
3357 which can lead to inappropriate canonifications.
3359 .q WorkAroundBrokenAAAA
3360 when faced with a broken nameserver that returns SERVFAIL
3361 (a temporary failure)
3362 on T_AAAA (IPv6) lookups
3363 during hostname canonification.
3364 Notice: it might be necessary to apply the same (or similar) options to
3368 Version level 1 configurations (see the section about
3369 Configuration Version Level)
3370 turn DNSRCH and DEFNAMES off when doing delivery lookups,
3371 but leave them on everywhere else.
3374 ignores them when doing canonification lookups
3375 (that is, when using $[ ... $]),
3376 and always does the search.
3377 If you don't want to do automatic name extension,
3378 don't call $[ ... $].
3380 The search rules for $[ ... $] are somewhat different than usual.
3381 If the name being looked up
3382 has at least one dot, it always tries the unmodified name first.
3383 If that fails, it tries the reduced search path,
3384 and lastly tries the unmodified name
3385 (but only for names without a dot,
3386 since names with a dot have already been tried).
3387 This allows names such as
3389 to match the site in Czechoslovakia
3390 rather than the site in your local Computer Science department.
3391 It also prefers A and CNAME records over MX records \*-
3392 that is, if it finds an MX record it makes note of it,
3394 This way, if you have a wildcard MX record matching your domain,
3395 it will not assume that all names match.
3397 To completely turn off all name server access
3398 on systems without service switch support
3400 you will have to recompile with
3402 and remove \-lresolv from the list of libraries to be searched
3404 .sh 2 "Moving the Per-User Forward Files"
3406 Some sites mount each user's home directory
3407 from a local disk on their workstation,
3408 so that local access is fast.
3409 However, the result is that .forward file lookups
3410 from a central mail server are slow.
3412 mail can even be delivered on machines inappropriately
3413 because of a file server being down.
3414 The performance can be especially bad if you run the automounter.
3420 option allows you to set a path of forward files.
3421 For example, the config file line
3423 O ForwardPath=/var/forward/$u:$z/.forward.$w
3425 would first look for a file with the same name as the user's login
3427 if that is not found (or is inaccessible)
3431 in the user's home directory is searched.
3432 A truly perverse site could also search by sender
3433 by using $r, $s, or $f.
3435 If you create a directory such as /var/forward,
3436 it should be mode 1777
3437 (that is, the sticky bit should be set).
3438 Users should create the files mode 0644.
3439 Note that you must use the
3440 ForwardFileInUnsafeDirPath and
3441 ForwardFileInUnsafeDirPathSafe
3443 .b DontBlameSendmail
3444 option to allow forward files in a world writable directory.
3445 This might also be used as a denial of service attack
3446 (users could create forward files for other users);
3447 a better approach might be to create
3450 and create empty files for each user,
3453 If you do this, you don't have to set the DontBlameSendmail options
3457 On systems that have one of the system calls in the
3464 you can specify a minimum number of free blocks on the queue filesystem
3470 If there are fewer than the indicated number of blocks free
3471 on the filesystem on which the queue is mounted
3472 the SMTP server will reject mail
3475 This invites the SMTP client to try again later.
3477 Beware of setting this option too high;
3478 it can cause rejection of email
3479 when that mail would be processed without difficulty.
3480 .sh 2 "Maximum Message Size"
3482 To avoid overflowing your system with a large message,
3485 option can be set to set an absolute limit
3486 on the size of any one message.
3487 This will be advertised in the ESMTP dialogue
3488 and checked during message collection.
3489 .sh 2 "Privacy Flags"
3495 option allows you to set certain
3498 Actually, many of them don't give you any extra privacy,
3499 rather just insisting that client SMTP servers
3500 use the HELO command
3501 before using certain commands
3502 or adding extra headers to indicate possible spoof attempts.
3504 The option takes a series of flag names;
3505 the final privacy is the inclusive or of those flags.
3508 O PrivacyOptions=needmailhelo, noexpn
3510 insists that the HELO or EHLO command be used before a MAIL command is accepted
3511 and disables the EXPN command.
3513 The flags are detailed in section
3516 .sh 2 "Send to Me Too"
3518 Beginning with version 8.10,
3520 includes by default the (envelope) sender in any list expansions.
3523 sends to a list that contains
3525 as one of the members he will get a copy of the message.
3530 (in the configuration file or via the command line),
3531 this behavior is changed, i.e.,
3532 the (envelope) sender is excluded in list expansions.
3533 .sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
3535 This section describes the configuration file
3538 There is one point that should be made clear immediately:
3539 the syntax of the configuration file
3540 is designed to be reasonably easy to parse,
3541 since this is done every time
3544 rather than easy for a human to read or write.
3545 The configuration file should be generated via the method described in
3547 it should not be edited directly unless someone is familiar
3548 with the internals of the syntax described here and it is
3549 not possible to achieve the desired result via the default method.
3551 The configuration file is organized as a series of lines,
3552 each of which begins with a single character
3553 defining the semantics for the rest of the line.
3554 Lines beginning with a space or a tab
3555 are continuation lines
3556 (although the semantics are not well defined in many places).
3557 Blank lines and lines beginning with a sharp symbol
3560 .sh 2 "R and S \*- Rewriting Rules"
3562 The core of address parsing
3563 are the rewriting rules.
3564 These are an ordered production system.
3566 scans through the set of rewriting rules
3567 looking for a match on the left hand side
3570 When a rule matches,
3571 the address is replaced by the right hand side
3575 There are several sets of rewriting rules.
3576 Some of the rewriting sets are used internally
3577 and must have specific semantics.
3578 Other rewriting sets
3579 do not have specifically assigned semantics,
3580 and may be referenced by the mailer definitions
3581 or by other rewriting sets.
3583 The syntax of these two commands are:
3588 Sets the current ruleset being collected to
3590 If you begin a ruleset more than once
3591 it appends to the old definition.
3599 fields must be separated
3600 by at least one tab character;
3601 there may be embedded spaces
3605 is a pattern that is applied to the input.
3607 the input is rewritten to the
3613 Macro expansions of the form
3616 are performed when the configuration file is read.
3619 can be included using
3621 Expansions of the form
3624 are performed at run time using a somewhat less general algorithm.
3625 This is intended only for referencing internally defined macros
3628 that are changed at runtime.
3629 .sh 3 "The left hand side"
3631 The left hand side of rewriting rules contains a pattern.
3632 Normal words are simply matched directly.
3633 Metasyntax is introduced using a dollar sign.
3634 The metasymbols are:
3636 .ta \w'\fB$=\fP\fIx\fP 'u
3637 \fB$*\fP Match zero or more tokens
3638 \fB$+\fP Match one or more tokens
3639 \fB$\-\fP Match exactly one token
3640 \fB$=\fP\fIx\fP Match any phrase in class \fIx\fP
3641 \fB$~\fP\fIx\fP Match any word not in class \fIx\fP
3643 If any of these match,
3644 they are assigned to the symbol
3647 for replacement on the right hand side,
3650 is the index in the LHS.
3656 is applied to the input:
3660 the rule will match, and the values passed to the RHS will be:
3667 Additionally, the LHS can include
3669 to match zero tokens.
3675 on the RHS, and is normally only used when it stands alone
3676 in order to match the null input.
3677 .sh 3 "The right hand side"
3679 When the left hand side of a rewriting rule matches,
3680 the input is deleted and replaced by the right hand side.
3681 Tokens are copied directly from the RHS
3682 unless they begin with a dollar sign.
3685 .ta \w'$#mailer\0\0\0'u
3686 \fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS
3687 \fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP
3688 \fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP
3689 Generalized keyed mapping function
3690 \fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP
3691 \fB$#\fP\fImailer\fP Resolve to \fImailer\fP
3692 \fB$@\fP\fIhost\fP Specify \fIhost\fP
3693 \fB$:\fP\fIuser\fP Specify \fIuser\fP
3699 syntax substitutes the corresponding value from a
3707 It may be used anywhere.
3709 A host name enclosed between
3713 is looked up in the host database(s)
3714 and replaced by the canonical name\**.
3717 completely equivalent
3718 to $(host \fIhostname\fP$).
3721 default can be used.
3726 .q ftp.CS.Berkeley.EDU
3728 .q $[[128.32.130.2]$]
3730 .q vangogh.CS.Berkeley.EDU.
3732 recognizes its numeric IP address
3733 without calling the name server
3734 and replaces it with its canonical name.
3740 syntax is a more general form of lookup;
3741 it uses a named map instead of an implicit map.
3742 If no lookup is found, the indicated
3745 if no default is specified and no lookup matches,
3746 the value is left unchanged.
3749 are passed to the map for possible use.
3755 causes the remainder of the line to be substituted as usual
3756 and then passed as the argument to ruleset
3758 The final value of ruleset
3761 the substitution for this rule.
3764 syntax expands everything after the ruleset name
3765 to the end of the replacement string
3766 and then passes that as the initial input to the ruleset.
3767 Recursive calls are allowed.
3772 expands $1, passes that to ruleset 3, and then passes the result
3773 of ruleset 3 to ruleset 0.
3779 be used in ruleset zero,
3780 a subroutine of ruleset zero,
3781 or rulesets that return decisions (e.g., check_rcpt).
3782 It causes evaluation of the ruleset to terminate immediately,
3785 that the address has completely resolved.
3786 The complete syntax for ruleset 0 is:
3788 \fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
3791 {mailer, host, user}
3792 3-tuple necessary to direct the mailer.
3793 If the mailer is local
3794 the host part may be omitted\**.
3796 \**You may want to use it for special
3799 For example, in the address
3800 .q jgm+foo@CMU.EDU ;
3803 part is not part of the user name,
3804 and is passed to the local mailer for local use.
3808 must be a single word,
3816 is the built-in IPC mailer,
3819 may be a colon-separated list of hosts
3820 that are searched in order for the first working address
3821 (exactly like MX records).
3824 is later rewritten by the mailer-specific envelope rewriting set
3828 As a special case, if the mailer specified has the
3831 and the first character of the
3837 is stripped off, and a flag is set in the address descriptor
3838 that causes sendmail to not do ruleset 5 processing.
3840 Normally, a rule that matches is retried,
3842 the rule loops until it fails.
3843 A RHS may also be preceded by a
3847 to change this behavior.
3850 prefix causes the ruleset to return with the remainder of the RHS
3854 prefix causes the rule to terminate immediately,
3855 but the ruleset to continue;
3856 this can be used to avoid continued application of a rule.
3857 The prefix is stripped before continuing.
3863 prefixes may precede a
3872 passes that to ruleset seven,
3876 is necessary to avoid an infinite loop.
3878 Substitution occurs in the order described,
3880 parameters from the LHS are substituted,
3881 hostnames are canonicalized,
3890 .sh 3 "Semantics of rewriting rule sets"
3892 There are six rewriting sets
3893 that have specific semantics.
3894 Five of these are related as depicted by figure 1.
3900 -->| 0 |-->resolved address
3903 / ---->| 1 |-->| S |--
3904 +---+ / +---+ / +---+ +---+ \e +---+
3905 addr-->| 3 |-->| D |-- --->| 4 |-->msg
3906 +---+ +---+ \e +---+ +---+ / +---+
3922 box invis "addr"; arrow
3925 BoxD: box "D"; line; L1: Here
3927 C1: arrow; box "1"; arrow; box "S"; line; E1: Here
3928 move to C1 down 0.5; right
3929 C2: arrow; box "2"; arrow; box "R"; line; E2: Here
3930 ] with .w at L1 + (0.5, 0)
3931 move to C.e right 0.5
3932 L4: arrow; box "4"; arrow; box invis "msg"
3933 line from L1 to C.C1
3934 line from L1 to C.C2
3935 line from C.E1 to L4
3936 line from C.E2 to L4
3937 move to BoxD.n up 0.6; right
3938 Box0: arrow; box "0"
3939 arrow; box invis "resolved address" width 1.3
3940 line from 1/3 of the way between A1 and BoxD.w to Box0
3946 Figure 1 \*- Rewriting set semantics
3948 D \*- sender domain addition
3949 S \*- mailer-specific sender rewriting
3950 R \*- mailer-specific recipient rewriting
3956 should turn the address into
3957 .q "canonical form."
3958 This form should have the basic syntax:
3960 local-part@host-domain-spec
3965 before doing anything with any address.
3980 flag is set in the mailer definition
3981 corresponding to the
3986 is applied after ruleset three
3987 to addresses that are going to actually specify recipients.
3988 It must resolve to a
3989 .i "{mailer, host, address}"
3993 must be defined in the mailer definitions
3994 from the configuration file.
4000 for use in the argv expansion of the specified mailer.
4002 Rulesets one and two
4003 are applied to all sender and recipient addresses respectively.
4004 They are applied before any specification
4005 in the mailer definition.
4006 They must never resolve.
4008 Ruleset four is applied to all addresses
4010 It is typically used
4011 to translate internal to external form.
4014 ruleset 5 is applied to all local addresses
4015 (specifically, those that resolve to a mailer with the `F=5'
4017 that do not have aliases.
4018 This allows a last minute hook for local names.
4019 .sh 3 "Ruleset hooks"
4021 A few extra rulesets are defined as
4023 that can be defined to get special features.
4024 They are all named rulesets.
4027 forms all give accept/reject status;
4028 falling off the end or returning normally is an accept,
4032 Many of these can also resolve to the special mailer name
4034 this accepts the message as though it were successful
4035 but then discards it without delivery.
4037 this mailer cannot be chosen as a mailer in ruleset 0.
4040 rulesets have to deal with temporary failures, especially for map lookups,
4041 themselves, i.e., they should return a temporary error code
4042 or at least they should make a proper decision in those cases.
4047 ruleset is called after a connection is accepted by the daemon.
4048 It is not called when sendmail is started using the
4053 client.host.name $| client.host.address
4057 is a metacharacter separating the two parts.
4058 This ruleset can reject connections from various locations.
4059 Note that it only checks the connecting SMTP client IP address and hostname.
4060 It does not check for third party message relaying.
4063 ruleset discussed below usually does third party message relay checking.
4068 ruleset is passed the user name parameter of the
4071 It can accept or reject the address.
4076 ruleset is passed the user name parameter of the
4079 It can accept or reject the address.
4084 ruleset is called after the
4086 command, its parameter is the number of recipients.
4087 It can accept or reject the command.
4088 .sh 4 "check_compat"
4094 sender-address $| recipient-address
4098 is a metacharacter separating the addresses.
4099 It can accept or reject mail transfer between these two addresses
4109 number-of-headers $| size-of-headers
4113 is a metacharacter separating the numbers.
4114 These numbers can be used for size comparisons with the
4117 The ruleset is triggered after
4118 all of the headers have been read.
4119 It can be used to correlate information gathered
4120 from those headers using the
4123 One possible use is to check for a missing header.
4128 HMessage-Id: $>CheckMessageId
4131 # Record the presence of the header
4132 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
4134 R$* $#error $: 553 Header Error
4138 R$* $: < $&{MessageIdCheck} >
4139 # Clear the macro for the next message
4140 R$* $: $(storage {MessageIdCheck} $) $1
4141 # Has a Message-Id: header
4143 # Allow missing Message-Id: from local mail
4144 R$* $: < $&{client_name} >
4147 # Otherwise, reject the mail
4148 R$* $#error $: 553 Header Error
4150 Keep in mind the Message-Id: header is not a required header and
4151 is not a guaranteed spam indicator.
4152 This ruleset is an example and
4153 should probably not be used in production.
4158 ruleset is passed the parameter of the
4161 It can accept or reject the command.
4166 ruleset is passed the user name parameter of the
4169 It can accept or reject the address.
4174 ruleset is passed the user name parameter of the
4177 It can accept or reject the command.
4182 ruleset is passed the AUTH= parameter of the
4185 It is used to determine whether this value should be
4186 trusted. In order to make this decision, the ruleset
4187 may make use of the various
4190 If the ruleset does resolve to the
4192 mailer the AUTH= parameter is not trusted and hence
4193 not passed on to the next relay.
4198 ruleset is called when sendmail acts as server, after a STARTTLS command
4199 has been issued, and from
4201 The parameter is the value of
4203 and STARTTLS or MAIL, respectively.
4204 If the ruleset does resolve to the
4206 mailer, the appropriate error code is returned to the client.
4211 ruleset is called when sendmail acts as client after a STARTTLS command
4212 (should) have been issued.
4213 The parameter is the value of
4215 If the ruleset does resolve to the
4217 mailer, the connection is aborted
4218 (treated as non-deliverable with a permanent or temporary error).
4223 ruleset is called each time before a RCPT TO command is sent.
4224 The parameter is the current recipient.
4225 If the ruleset does resolve to the
4227 mailer, the RCPT TO command is suppressed
4228 (treated as non-deliverable with a permanent or temporary error).
4229 This ruleset allows to require encryption or verification of
4230 the recipient's MTA even if the mail is somehow redirected
4232 For example, sending mail to
4234 may get redirected to a host named
4236 and hence the tls_server ruleset won't apply.
4237 By introducing per recipient restrictions such attacks
4238 (e.g., via DNS spoofing) can be made impossible.
4241 how this ruleset can be used.
4242 .sh 4 "srv_features"
4246 ruleset is called with the connecting client's host name
4247 when a client connects to sendmail.
4248 This ruleset should return
4250 followed by a list of options (single characters
4251 delimited by white space).
4252 If the return value starts with anything else it is silently ignored.
4253 Generally upper case characters turn off a feature
4254 while lower case characters turn it on.
4255 The option `S' causes the server not to offer STARTTLS.
4256 This is useful to interact with MTAs/MUAs that have broken
4257 STARTTLS implementations by simply not offering it.
4258 `V' turns off the request for a client certificate
4259 during the TLS handshake.
4260 Option `A' and `P' suppress SMTP AUTH and PIPELINING, respectively.
4261 The ruleset may return `$#temp' to indicate that there is a temporary
4262 problem determining the correct features, e.g., if a map is unavailable.
4263 In that case, the SMTP server issues a temporary failure and does not
4269 ruleset is called when sendmail connects to another MTA.
4270 If the ruleset does resolve to the
4272 mailer, sendmail does not try STARTTLS even if it is offered.
4273 This is useful to interact with MTAs that have broken
4274 STARTTLS implementations by simply not using it.
4279 ruleset is called when sendmail tries to authenticate to another MTA.
4282 followed by a list of tokens that are used for SMTP AUTH.
4283 If the return value starts with anything else it is silently ignored.
4284 Each token is a tagged string of the form:
4286 (including the quotes), where
4289 T Tag which describes the item
4290 D Delimiter: ':' simple text follows
4291 '=' string is base64 encoded
4292 string Value of the item
4294 Valid values for the tag are:
4297 U user (authorization) id
4301 M list of mechanisms delimited by spaces
4303 If this ruleset is defined, the option
4305 is ignored (even if the ruleset does not return a ``useful'' result).
4310 ruleset is used to map an address to a queue group name.
4313 followed by the name of a queue group.
4314 If the return value starts with anything else it is silently ignored.
4315 See the section about Queue Groups and Queue Directories
4316 for further information.
4319 Some special processing occurs
4320 if the ruleset zero resolves to an IPC mailer
4321 (that is, a mailer that has
4323 listed as the Path in the
4326 The host name passed after
4328 has MX expansion performed if not delivering via a named socket;
4329 this looks the name up in DNS to find alternate delivery sites.
4331 The host name can also be provided as a dotted quad
4332 or an IPv6 address in square brackets;
4339 [IPv6:2002:c0a8:51d2::23f4]
4341 This causes direct conversion of the numeric value
4342 to an IP host address.
4344 The host name passed in after the
4346 may also be a colon-separated list of hosts.
4347 Each is separately MX expanded and the results are concatenated
4348 to make (essentially) one long MX list.
4349 The intent here is to create
4351 MX records that are not published in DNS
4352 for private internal networks.
4354 As a final special case, the host name can be passed in
4358 [ucbvax.berkeley.edu]
4360 This form avoids the MX mapping.
4363 This is intended only for situations where you have a network firewall
4364 or other host that will do special processing for all your mail,
4365 so that your MX record points to a gateway machine;
4366 this machine could then do direct delivery to machines
4367 within your local domain.
4368 Use of this feature directly violates RFC 1123 section 5.3.5:
4369 it should not be used lightly.
4371 .sh 2 "D \*- Define Macro"
4373 Macros are named with a single character
4374 or with a word in {braces}.
4375 The names ``x'' and ``{x}'' denote the same macro
4376 for every single character ``x''.
4377 Single character names may be selected from the entire ASCII set,
4378 but user-defined macros
4379 should be selected from the set of upper case letters only.
4382 are used internally.
4383 Long names beginning with a lower case letter or a punctuation character
4384 are reserved for use by sendmail,
4385 so user-defined long macro names should begin with an upper case letter.
4387 The syntax for macro definitions is:
4394 is the name of the macro
4395 (which may be a single character
4396 or a word in braces)
4399 is the value it should have.
4400 There should be no spaces given
4401 that do not actually belong in the macro value.
4403 Macros are interpolated
4409 is the name of the macro to be interpolated.
4410 This interpolation is done when the configuration file is read,
4414 The special construct
4419 lines to get deferred interpolation.
4421 Conditionals can be specified using the syntax:
4423 $?x text1 $| text2 $.
4429 is set and non-null,
4437 clause may be omitted.
4439 The following macros are defined and/or used internally by
4441 for interpolation into argv's for mailers
4442 or for other contexts.
4443 The ones marked \(dg are information passed into sendmail\**,
4445 \**As of version 8.6,
4446 all of these macros have reasonable defaults.
4447 Previous versions required that they be defined.
4449 the ones marked \(dd are information passed both in and out of sendmail,
4450 and the unmarked macros are passed out of sendmail
4451 but are not otherwise used internally.
4455 The origination date in RFC 822 format.
4456 This is extracted from the Date: line.
4458 The current date in RFC 822 format.
4461 This is a count of the number of Received: lines
4462 plus the value of the
4466 The current date in UNIX (ctime) format.
4468 (Obsolete; use SmtpGreetingMessage option instead.)
4469 The SMTP entry message.
4470 This is printed out when SMTP starts up.
4471 The first word must be the
4473 macro as specified by RFC 821.
4475 .q "$j Sendmail $v ready at $b" .
4476 Commonly redefined to include the configuration version number, e.g.,
4477 .q "$j Sendmail $v/$Z ready at $b"
4479 The envelope sender (from) address.
4481 The sender address relative to the recipient.
4489 .q foo@host.domain ,
4490 or whatever is appropriate for the receiving mailer.
4493 This is set in ruleset 0 from the $@ field of a parsed address.
4499 The \*(lqofficial\*(rq domain name for this site.
4500 This is fully qualified if the full qualification can be found.
4503 be redefined to be the fully qualified domain name
4504 if your system is not configured so that information can find
4507 The UUCP node name (from the uname system call).
4509 (Obsolete; use UnixFromLine option instead.)
4510 The format of the UNIX from line.
4511 Unless you have changed the UNIX mailbox format,
4512 you should not change the default,
4516 The domain part of the \fIgethostname\fP return value.
4517 Under normal circumstances,
4522 The name of the daemon (for error messages).
4526 (Obsolete: use OperatorChars option instead.)
4527 The set of \*(lqoperators\*(rq in addresses.
4528 A list of characters
4529 which will be considered tokens
4530 and which will separate tokens
4536 macro, then the input
4538 would be scanned as three tokens:
4545 which is the minimum set necessary to do RFC 822 parsing;
4546 a richer set of operators is
4548 which adds support for UUCP, the %-hack, and X.400 addresses.
4550 Sendmail's process id.
4552 Default format of sender address.
4555 macro specifies how an address should appear in a message
4556 when it is defaulted.
4559 It is commonly redefined to be
4560 .q "$?x$x <$g>$|$g$."
4563 corresponding to the following two formats:
4565 Eric Allman <eric@CS.Berkeley.EDU>
4566 eric@CS.Berkeley.EDU (Eric Allman)
4569 properly quotes names that have special characters
4570 if the first form is used.
4572 Protocol used to receive the message.
4575 command line flag or by the SMTP server code.
4580 command line flag or by the SMTP server code.
4582 A numeric representation of the current time.
4586 The version number of the
4590 The hostname of this site.
4591 This is the root name of this host (but see below for caveats).
4593 The full name of the sender.
4595 The home directory of the recipient.
4597 The validated sender address.
4599 .b ${client_resolve} .
4601 The type of the address which is currently being rewritten.
4602 This macro contains up to three characters, the first
4603 is either `e' or `h' for envelope/header address,
4604 the second is a space,
4605 and the third is either `s' or `r' for sender/recipient address.
4606 Notice: for header addresses no distinction is currently made
4607 between sender and recipient addresses, i.e., the macro contains
4610 The maximum keylength (in bits) of the symmetric encryption algorithm
4611 used for a TLS connection.
4612 This may be less than the effective keylength,
4615 for ``export controlled'' algorithms.
4617 The client's authentication credentials as determined by authentication
4618 (only set if successful).
4619 The format depends on the mechanism used, it might be just `user',
4620 or `user@realm', or something similar (SMTP AUTH only).
4622 The authorization identity, i.e. the AUTH= parameter of the
4624 command if supplied.
4626 The mechanism used for SMTP authentication
4627 (only set if successful).
4629 The keylength (in bits) of the symmetric encryption algorithm
4630 used for the security layer of a SASL mechanism.
4632 The message body type
4634 as determined from the envelope.
4636 The DN (distinguished name) of the CA (certificate authority)
4637 that signed the presented certificate (the cert issuer)
4640 The MD5 hash of the presented certificate (STARTTLS only).
4642 The DN of the presented certificate (called the cert subject)
4645 The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
4646 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA
4649 The effective keylength (in bits) of the symmetric encryption algorithm
4650 used for a TLS connection.
4652 The IP address of the SMTP client.
4653 IPv6 addresses are tagged with "IPv6:" before the address.
4654 Defined in the SMTP server only.
4656 The host name of the SMTP client.
4657 This may be the client's bracketed IP address
4658 in the form [ nnn.nnn.nnn.nnn ] for IPv4
4659 and [ IPv6:nnnn:...:nnnn ] for IPv6
4661 IP address is not resolvable, or if it is resolvable
4662 but the IP address of the resolved hostname
4663 doesn't match the original IP address.
4664 Defined in the SMTP server only.
4666 .b ${client_resolve} .
4668 The port number of the SMTP client.
4669 Defined in the SMTP server only.
4670 .ip ${client_resolve}
4671 Holds the result of the resolve call for
4673 Possible values are:
4676 OK resolved successfully
4677 FAIL permanent lookup failure
4678 FORGED forward lookup doesn't match reverse lookup
4679 TEMP temporary lookup failure
4681 Defined in the SMTP server only.
4683 performs a hostname lookup on the IP address of the connecting client.
4684 Next the IP addresses of that hostname are looked up.
4685 If the client IP address does not appear in that list,
4686 then the hostname is maybe forged.
4687 This is reflected as the value FORGED for
4688 .b ${client_resolve}
4689 and it also shows up in
4691 as "(may be forged)".
4693 The CN (common name) of the CA that signed the presented certificate
4696 The CN (common name) of the presented certificate
4699 Header value as quoted string
4700 (possibly truncated to
4702 This macro is only available in header check rulesets.
4704 The IP address the daemon is listening on for connections.
4705 .ip ${daemon_family}
4707 if the daemon is accepting network connections.
4708 Possible values include
4715 The flags for the daemon as specified by the
4717 .b DaemonPortOptions
4718 whereby the flags are separated from each other by spaces,
4719 and upper case flags are doubled.
4722 will be represented as
4724 .b ${daemon_flags} ,
4725 which is required for testing the flags in rulesets.
4727 Some information about a daemon as a text string.
4729 .q SMTP+queueing@00:30:00 .
4731 The name of the daemon from
4732 .b DaemonPortOptions
4734 If this suboption is not set,
4736 where # is the daemon number,
4739 The port the daemon is accepting connection on.
4741 .b DaemonPortOptions
4742 is set, this will most likely be
4745 The current delivery mode sendmail is using.
4746 It is initially set to the value of the
4750 The envelope id parameter (ENVID=) passed to sendmail as part of the envelope.
4752 The length of the header value which is stored in
4753 ${currHeader} (before possible truncation).
4754 If this value is greater than or equal to
4756 the header has been truncated.
4758 The name of the header field for which the current header
4759 check ruleset has been called.
4760 This is useful for a default header check ruleset to get
4761 the name of the header;
4762 the macro is only available in header check rulesets.
4764 The IP address of the interface of an incoming connection
4765 unless it is in the loopback net.
4766 IPv6 addresses are tagged with "IPv6:" before the address.
4768 The IP address of the interface of an outgoing connection
4769 unless it is in the loopback net.
4770 IPv6 addresses are tagged with "IPv6:" before the address.
4772 The IP family of the interface of an incoming connection
4773 unless it is in the loopback net.
4774 .ip ${if_family_out}
4775 The IP family of the interface of an outgoing connection
4776 unless it is in the loopback net.
4778 The hostname associated with the interface of an incoming connection.
4779 This macro can be used for
4780 SmtpGreetingMessage and HReceived for virtual hosting.
4783 O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA
4786 The name of the interface of an outgoing connection.
4788 The current load average.
4790 The address part of the resolved triple of the address given for the
4793 Defined in the SMTP server only.
4795 The host from the resolved triple of the address given for the
4798 Defined in the SMTP server only.
4800 The mailer from the resolved triple of the address given for the
4803 Defined in the SMTP server only.
4805 The value of the SIZE= parameter,
4806 i.e., usually the size of the message (in an ESMTP dialogue),
4807 before the message has been collected, thereafter
4808 the message size as computed by
4810 (and can be used in check_compat).
4812 The number of validated recipients for a single message.
4813 Note: since recipient validation happens after
4815 has been called, the value in this ruleset
4816 is one less than what might be expected.
4818 The number of delivery attempts.
4820 The current operation mode (from the
4823 .ip ${queue_interval}
4824 The queue run interval given by the
4830 .b ${queue_interval}
4834 The address part of the resolved triple of the address given for the
4837 Defined in the SMTP server only after a RCPT command.
4839 The host from the resolved triple of the address given for the
4842 Defined in the SMTP server only after a RCPT command.
4844 The mailer from the resolved triple of the address given for the
4847 Defined in the SMTP server only after a RCPT command.
4849 The address of the server of the current outgoing SMTP connection.
4850 For LMTP delivery the macro is set to the name of the mailer.
4852 The name of the server of the current outgoing SMTP or LMTP connection.
4854 The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2;
4855 defined after STARTTLS has been used.
4857 The result of the verification of the presented cert;
4858 only defined after STARTTLS has been used.
4859 Possible values are:
4862 OK verification succeeded.
4863 NO no cert presented.
4864 NOT no cert requested.
4865 FAIL cert presented but could not be verified,
4866 e.g., the signing CA is missing.
4867 NONE STARTTLS has not been performed.
4868 TEMP temporary error occurred.
4869 PROTOCOL some protocol error occurred.
4870 SOFTWARE STARTTLS handshake failed,
4871 which is a fatal error for this session,
4872 the e-mail will be queued.
4875 There are three types of dates that can be used.
4880 macros are in RFC 822 format;
4882 is the time as extracted from the
4888 is the current date and time
4889 (used for postmarks).
4892 line is found in the incoming message,
4894 is set to the current time also.
4897 macro is equivalent to the
4908 are set to the identity of this host.
4910 tries to find the fully qualified name of the host
4912 it does this by calling
4914 to get the current hostname
4915 and then passing that to
4916 .i gethostbyname (3)
4917 which is supposed to return the canonical version of that host name.\**
4919 \**For example, on some systems
4923 which would be mapped to
4928 Assuming this is successful,
4930 is set to the fully qualified name
4933 is set to the domain part of the name
4934 (everything after the first dot).
4937 macro is set to the first word
4938 (everything before the first dot)
4939 if you have a level 5 or higher configuration file;
4940 otherwise, it is set to the same value as
4942 If the canonification is not successful,
4943 it is imperative that the config file set
4945 to the fully qualified domain name\**.
4947 \**Older versions of sendmail didn't pre-define
4949 at all, so up until 8.6,
4958 macro is the id of the sender
4959 as originally determined;
4960 when mailing to a specific host
4963 macro is set to the address of the sender
4965 relative to the recipient.
4968 .q bollard@matisse.CS.Berkeley.EDU
4970 .q vangogh.CS.Berkeley.EDU
4978 .q eric@vangogh.CS.Berkeley.EDU.
4982 macro is set to the full name of the sender.
4983 This can be determined in several ways.
4984 It can be passed as flag to
4986 It can be defined in the
4988 environment variable.
4989 The third choice is the value of the
4991 line in the header if it exists,
4992 and the fourth choice is the comment field
4996 If all of these fail,
4997 and if the message is being originated locally,
4998 the full name is looked up in the
5008 macros get set to the host, user, and home directory
5011 The first two are set from the
5015 part of the rewriting rules, respectively.
5021 macros are used to create unique strings
5027 macro is set to the queue id on this host;
5028 if put into the timestamp line
5029 it can be extremely useful for tracking messages.
5032 macro is set to be the version number of
5034 this is normally put in timestamps
5035 and has been proven extremely useful for debugging.
5041 i.e., the number of times this message has been processed.
5042 This can be determined
5045 flag on the command line
5046 or by counting the timestamps in the message.
5052 fields are set to the protocol used to communicate with
5054 and the sending hostname.
5055 They can be set together using the
5057 command line flag or separately using the
5065 is set to a validated sender host name.
5066 If the sender is running an RFC 1413 compliant IDENT server
5067 and the receiver has the IDENT protocol turned on,
5068 it will include the user name on that host.
5076 are set to the name, address, and port number of the SMTP client
5080 These can be used in the
5084 deferred evaluation form, of course!).
5085 .sh 2 "C and F \*- Define Classes"
5087 Classes of phrases may be defined
5088 to match on the left hand side of rewriting rules,
5091 is a sequence of characters that does not contain space characters.
5093 a class of all local names for this site
5095 so that attempts to send to oneself
5097 These can either be defined directly in the configuration file
5098 or read in from another file.
5099 Classes are named as a single letter or a word in {braces}.
5100 Class names beginning with lower case letters
5101 and special characters are reserved for system use.
5102 Classes defined in config files may be given names
5103 from the set of upper case letters for short names
5104 or beginning with an upper case letter for long names.
5119 .i c\|[mapkey]@mapclass:mapspec
5121 The first form defines the class
5123 to match any of the named words.
5131 the contents of class
5135 It is permissible to split them among multiple lines;
5136 for example, the two forms:
5147 read the elements of the class
5153 .i "map specification" .
5154 Each element should be listed on a separate line.
5155 To specify an optional file, use ``\-o'' between the class
5156 name and the file name, e.g.,
5158 Fc \-o /path/to/file
5160 If the file can't be used,
5162 will not complain but silently ignore it.
5163 The map form should be an optional map key, an at sign,
5164 and a map class followed by the specification for that map.
5167 F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=*)) \-v host
5168 F{MyClass}foo@hash:/etc/mail/classes
5172 from an LDAP map lookup and
5174 from a hash database map lookup of the
5176 There is also a built-in schema that can be accessed by only specifying:
5181 This will tell sendmail to use the default schema:
5183 \-k (&(objectClass=sendmailMTAClass)
5184 (sendmailMTAClassName=\c
5186 (|(sendmailMTACluster=${sendmailMTACluster})
5187 (sendmailMTAHost=$j)))
5188 \-v sendmailMTAClassValue
5190 Note that the lookup is only done when sendmail is initially started.
5192 Elements of classes can be accessed in rules using
5198 (match entries not in class)
5199 only matches a single word;
5200 multi-word entries in the class are ignored in this context.
5202 Some classes have internal meaning to
5206 .\"A set of Content-Types that will not have the newline character
5207 .\"translated to CR-LF before encoding into base64 MIME.
5208 .\"The class can have major times
5213 .\".q application/octet-stream ).
5214 .\"The class is initialized with
5215 .\".q application/octet-stream ,
5221 contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
5222 It is predefined to contain
5228 set to be the same as
5230 that is, the UUCP node name.
5232 set to the set of domains by which this host is known,
5236 can be set to the set of MIME body types
5237 that can never be eight to seven bit encoded.
5239 .q multipart/signed .
5244 are never encoded directly.
5245 Multipart messages are always handled recursively.
5246 The handling of message/* messages
5247 are controlled by class
5250 A set of Content-Types that will never be encoded as base64
5251 (if they have to be encoded, they will be encoded as quoted-printable).
5252 It can have primary types
5258 The class is initialized to have
5262 contains the set of subtypes of message that can be treated recursively.
5263 By default it contains only
5267 types cannot be 8\(->7 bit encoded.
5268 If a message containing eight bit data is sent to a seven bit host,
5269 and that message cannot be encoded into seven bits,
5270 it will be stripped to 7 bits.
5272 set to the set of trusted users by the
5275 If you want to read trusted users from a file, use
5279 set to be the set of all names
5280 this host is known by.
5281 This can be used to match local hostnames.
5282 .ip $={persistentMacros}
5283 set to the macros would should be saved across queue runs.
5284 Care should be taken when adding macro names to this class.
5287 can be compiled to allow a
5292 This lets you do simplistic parsing of text files.
5293 For example, to read all the user names in your system
5295 file into a class, use
5299 which reads every line up to the first colon.
5300 .sh 2 "M \*- Define Mailer"
5302 Programs and interfaces to mailers
5303 are defined in this line.
5314 is the name of the mailer
5315 (used internally only)
5318 pairs define attributes of the mailer.
5322 Path The pathname of the mailer
5323 Flags Special flags for this mailer
5324 Sender Rewriting set(s) for sender addresses
5325 Recipient Rewriting set(s) for recipient addresses
5326 recipients Maximum number of recipients per connection
5327 Argv An argument vector to pass to this mailer
5328 Eol The end-of-line string for this mailer
5329 Maxsize The maximum message length to this mailer
5330 maxmessages The maximum message deliveries per connection
5331 Linelimit The maximum line length in the message body
5332 Directory The working directory for the mailer
5333 Userid The default user and group id to run as
5334 Nice The nice(2) increment for the mailer
5335 Charset The default character set for 8-bit characters
5336 Type Type information for DSN diagnostics
5337 Wait The maximum time to wait for the mailer
5338 Queuegroup The default queue group for the mailer
5339 / The root directory for the mailer
5341 Only the first character of the field name is checked
5342 (it's case-sensitive).
5344 The following flags may be set in the mailer description.
5345 Any other flags may be used freely
5346 to conditionally assign headers to messages
5347 destined for particular mailers.
5348 Flags marked with \(dg
5349 are not interpreted by the
5352 these are the conventionally used to correlate to the flags portion
5356 Flags marked with \(dd
5357 apply to the mailers for the sender address
5358 rather than the usual recipient mailers.
5361 Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870).
5362 This flag defaults on if the SMTP greeting message includes the word
5365 Look up the user part of the address in the alias database.
5366 Normally this is only set for local mailers.
5368 Force a blank line on the end of a message.
5369 This is intended to work around some stupid versions of
5371 that require a blank line, but do not provide it themselves.
5372 It would not normally be used on network mail.
5374 Do not include comments in addresses.
5375 This should only be used if you have to work around
5376 a remote mailer that gets confused by comments.
5377 This strips addresses of the form
5378 .q "Phrase <address>"
5380 .q "address (Comment)"
5386 from a mailer with this flag set,
5387 any addresses in the header that do not have an at sign
5390 after being rewritten by ruleset three
5393 clause from the sender envelope address
5395 This allows mail with headers of the form:
5398 To: userb@hostb, userc
5403 To: userb@hostb, userc@hosta
5406 However, it doesn't really work reliably.
5408 Do not include angle brackets around route-address syntax addresses.
5409 This is useful on mailers that are going to pass addresses to a shell
5410 that might interpret angle brackets as I/O redirection.
5411 However, it does not protect against other shell metacharacters.
5412 Therefore, passing addresses to a shell should not be considered secure.
5418 This mailer is expensive to connect to,
5419 so try to avoid connecting normally;
5420 any necessary connection will occur during a queue run.
5424 Escape lines beginning with
5426 in the message with a `>' sign.
5432 but only if this is a network forward operation
5434 the mailer will give an error
5435 if the executing user
5436 does not have special permissions).
5444 sends internally generated email (e.g., error messages)
5445 using the null return address
5446 as required by RFC 1123.
5447 However, some mailers don't accept a null return address.
5453 from obeying the standards;
5454 error messages will be sent as from the MAILER-DAEMON
5455 (actually, the value of the
5459 Upper case should be preserved in host names
5460 (the $@ portion of the mailer triplet resolved from ruleset 0)
5463 Do User Database rewriting on envelope sender address.
5465 This mailer will be speaking SMTP
5469 as such it can use special protocol features.
5470 This flag should not be used except for debugging purposes
5475 Do User Database rewriting on recipients as well as senders.
5479 connects to a host via SMTP,
5480 it checks to make sure that this isn't accidently the same host name
5483 is misconfigured or if a long-haul network interface is set in loopback mode.
5484 This flag disables the loopback check.
5485 It should only be used under very unusual circumstances.
5487 Currently unimplemented.
5488 Reserved for chunking.
5490 This mailer is local
5492 final delivery will be performed).
5494 Limit the line lengths as specified in RFC 821.
5495 This deprecated option should be replaced by the
5498 For historic reasons, the
5504 This mailer can send to multiple users
5511 part of the mailer definition,
5512 that field will be repeated as necessary
5513 for all qualifying users.
5514 Removing this flag can defeat duplicate supression on a remote site
5515 as each recipient is sent in a separate transaction.
5521 Do not insert a UNIX-style
5523 line on the front of the message.
5525 Always run as the owner of the recipient mailbox.
5528 runs as the sender for locally generated mail
5531 (actually, the user specified in the
5534 when delivering network mail.
5535 The normal behavior is required by most local mailers,
5536 which will not allow the envelope sender address
5537 to be set unless the mailer is running as daemon.
5538 This flag is ignored if the
5542 Use the route-addr style reverse-path in the SMTP
5545 rather than just the return address;
5546 although this is required in RFC 821 section 3.1,
5547 many hosts do not process reverse-paths properly.
5548 Reverse-paths are officially discouraged by RFC 1123.
5554 When an address that resolves to this mailer is verified
5555 (SMTP VRFY command),
5556 generate 250 responses instead of 252 responses.
5557 This will imply that the address is local.
5565 Open SMTP connections from a
5570 except on UNIX machines,
5571 so it is unclear that this adds anything.
5573 must be running as root to be able to use this flag.
5575 Strip quote characters (" and \e) off of the address
5576 before calling the mailer.
5578 Don't reset the userid
5579 before calling the mailer.
5580 This would be used in a secure environment
5584 This could be used to avoid forged addresses.
5587 field is also specified,
5588 this flag causes the effective user id to be set to that user.
5590 Upper case should be preserved in user names for this mailer. Standards
5591 require preservation of case in the local part of addresses, except for
5592 those address for which your system accepts responsibility.
5593 RFC 2142 provides a long list of addresses which should be case
5595 If you use this flag, you may be violating RFC 2142.
5596 Note that postmaster is always treated as a case insensitive address
5597 regardless of this flag.
5599 This mailer wants UUCP-style
5602 .q "remote from <host>"
5605 The user must have a valid account on this machine,
5609 If not, the mail is bounced.
5613 This is required to get
5621 This mailer wants to use the hidden dot algorithm as specified in RFC 821;
5622 basically, any line beginning with a dot will have an extra dot prepended
5623 (to be stripped at the other end).
5624 This insures that lines in the message containing a dot
5625 will not terminate the message prematurely.
5627 Run Local Mail Transfer Protocol (LMTP)
5630 and the local mailer.
5631 This is a variant on SMTP
5633 that is specifically designed for delivery to a local mailbox.
5635 Apply DialDelay (if set) to this mailer.
5637 Don't look up MX records for hosts sent via SMTP/LMTP.
5642 Don't send null characters ('\\0') to this mailer.
5644 Don't use ESMTP even if offered; this is useful for broken
5645 systems that offer ESMTP but fail on EHLO (without recovering
5646 when HELO is tried next).
5648 Extend the list of characters converted to =XX notation
5649 when converting to Quoted-Printable
5650 to include those that don't map cleanly between ASCII and EBCDIC.
5651 Useful if you have IBM mainframes on site.
5653 If no aliases are found for this address,
5654 pass the address through ruleset 5 for possible alternate resolution.
5655 This is intended to forward the mail to an alternate delivery spot.
5657 Strip headers to seven bits.
5659 Strip all output to seven bits.
5660 This is the default if the
5663 Note that clearing this option is not
5664 sufficient to get full eight bit data passed through
5668 option is set, this is essentially always set,
5669 since the eighth bit was stripped on input.
5670 Note that this option will only impact messages
5671 that didn't have 8\(->7 bit MIME conversions performed.
5674 it is acceptable to send eight bit data to this mailer;
5675 the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
5680 7\(->8 bit MIME conversions.
5681 These conversions are limited to text/plain data.
5683 Check addresses to see if they begin
5685 if they do, convert them to the
5689 Check addresses to see if they begin with a `|';
5690 if they do, convert them to the
5694 Check addresses to see if they begin with a `/';
5695 if they do, convert them to the
5699 Look up addresses in the user database.
5701 Do not attempt delivery on initial recipient of a message
5703 unless the queued message is selected
5704 using one of the -qI/-qR/-qS queue run modifiers
5707 Configuration files prior to level 6
5708 assume the `A', `w', `5', `:', `|', `/', and `@' options
5712 The mailer with the special name
5714 can be used to generate a user error.
5715 The (optional) host field is an exit status to be returned,
5716 and the user field is a message to be printed.
5717 The exit status may be numeric or one of the values
5718 USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG
5719 to return the corresponding EX_ exit code,
5720 or an enhanced error code as described in RFC 1893,
5722 Enhanced Mail System Status Codes.
5723 For example, the entry:
5725 $#error $@ NOHOST $: Host unknown in this domain
5727 on the RHS of a rule
5728 will cause the specified error to be generated
5731 exit status to be returned
5733 This mailer is only functional in rulesets 0, 5,
5734 or one of the check_* rulesets.
5736 The mailer with the special name
5738 causes any mail sent to it to be discarded
5739 but otherwise treated as though it were successfully delivered.
5740 This mailer cannot be used in ruleset 0,
5741 only in the various address checking rulesets.
5746 be defined in every configuration file.
5747 This is used to deliver local mail,
5748 and is treated specially in several ways.
5749 Additionally, three other mailers named
5754 may be defined to tune the delivery of messages to programs,
5756 and :include: lists respectively.
5759 Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
5760 M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
5761 M*include*, P=/dev/null, F=su, A=INCLUDE $u
5764 Builtin pathnames are [FILE] and [IPC], the former is used for
5765 delivery to files, the latter for delivery via interprocess communication.
5766 For mailers that use [IPC] as pathname the argument vector (A=)
5767 must start with TCP or FILE for delivery via a TCP or a Unix domain socket.
5768 If TCP is used, the second argument must be the name of the host
5770 Optionally a third argument can be used to specify a port,
5771 the default is smtp (port 25).
5772 If FILE is used, the second argument must be the name of
5773 the Unix domain socket.
5775 If the argument vector does not contain $u then
5777 will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer.
5779 If no Eol field is defined, then the default is "\\r\\n" for
5780 SMTP mailers and "\\n" of others.
5782 The Sender and Recipient rewriting sets
5783 may either be a simple ruleset id
5784 or may be two ids separated by a slash;
5785 if so, the first rewriting set is applied to envelope
5787 and the second is applied to headers.
5788 Setting any value to zero disables corresponding mailer-specific rewriting.
5791 is actually a colon-separated path of directories to try.
5792 For example, the definition
5794 first tries to execute in the recipient's home directory;
5795 if that is not available,
5796 it tries to execute in the root of the filesystem.
5797 This is intended to be used only on the
5800 since some shells (such as
5802 refuse to execute if they cannot read the current directory.
5803 Since the queue directory is not normally readable by unprivileged users
5805 scripts as recipients can fail.
5808 specifies the default user and group id to run as,
5814 mailer flag is also specified,
5815 this user and group will be set as the
5816 effective uid and gid for the process.
5817 This may be given as
5819 to set both the user and group id;
5820 either may be an integer or a symbolic name to be looked up
5826 If only a symbolic user name is specified,
5829 file for that user is used as the group id.
5832 is used when converting a message to MIME;
5833 this is the character set used in the
5834 Content-Type: header.
5835 If this is not set, the
5838 and if that is not set, the value
5842 this field applies to the sender's mailer,
5843 not the recipient's mailer.
5844 For example, if the envelope sender address
5845 lists an address on the local network
5846 and the recipient is on an external network,
5847 the character set will be set from the Charset= field
5848 for the local network mailer,
5849 not that of the external network mailer.
5852 sets the type information
5853 used in MIME error messages
5856 It is actually three values separated by slashes:
5857 the MTA-type (that is, the description of how hosts are named),
5858 the address type (the description of e-mail addresses),
5859 and the diagnostic type (the description of error diagnostic codes).
5860 Each of these must be a registered value
5864 .q dns/rfc822/smtp .
5866 The m= field specifies the maximum number of messages
5867 to attempt to deliver on a single SMTP or LMTP connection.
5868 The default is infinite.
5870 The r= field specifies the maximum number of recipients
5871 to attempt to deliver in a single envelope.
5874 The /= field specifies a new root directory for the mailer. The path is
5875 macro expanded and then passed to the
5877 system call. The root directory is changed before the Directory field is
5878 consulted or the uid is changed.
5880 The Wait= field specifies the maximum time to wait for the
5881 mailer to return after sending all data to it.
5882 This applies to mailers that have been forked by
5885 The Queuegroup= field specifies the default queue group in which
5886 received mail should be queued.
5887 This can be overridden by other means as explained in section
5888 ``Queue Groups and Queue Directories''.
5889 .sh 2 "H \*- Define Header"
5891 The format of the header lines that
5893 inserts into the message
5897 The syntax of this line is one of the following:
5924 Continuation lines in this spec
5925 are reflected directly into the outgoing message.
5928 is macro-expanded before insertion into the message.
5931 (surrounded by question marks)
5933 at least one of the specified flags
5934 must be stated in the mailer definition
5935 for this header to be automatically output.
5938 (surrounded by question marks)
5940 the header will be automatically output
5941 if the macro is set.
5942 The macro may be set using any of the normal methods,
5945 storage map in a ruleset.
5946 If one of these headers is in the input
5947 it is reflected to the output
5948 regardless of these flags or macros.
5952 is used to set a header, then it is useful to add that macro to class
5953 .i $={persistentMacros}
5954 which consists of the macros that should be saved across queue runs.
5956 Some headers have special semantics
5957 that will be described later.
5959 A secondary syntax allows validation of headers as they are being read.
5960 To enable validation, use:
5973 is called for the specified
5977 to reject the message or
5979 to discard the message
5983 The ruleset receives the header field-body as argument,
5984 i.e., not the header field-name; see also
5985 ${hdr_name} and ${currHeader}.
5986 The header is treated as a structured field,
5988 text in parentheses is deleted before processing,
5989 unless the second form
5992 Note: only one ruleset can be associated with a header;
5994 will silently ignore multiple entries.
5996 For example, the configuration lines:
5998 HMessage-Id: $>CheckMessageId
6002 R$* $#error $: Illegal Message-Id header
6004 would refuse any message that had a Message-Id: header of any of the
6008 Message-Id: some text
6009 Message-Id: <legal text@domain> extra crud
6011 A default ruleset that is called for headers which don't have a
6012 specific ruleset defined for them can be specified by:
6026 .sh 2 "O \*- Set Option"
6028 There are a number of global options that
6029 can be set from a configuration file.
6030 Options are represented by full words;
6031 some are also representable as single characters for back compatibility.
6032 The syntax of this line is:
6045 be a space between the letter `O' and the name of the option.
6046 An older version is:
6053 is a single character.
6054 Depending on the option,
6056 may be a string, an integer,
6064 the default is TRUE),
6068 All filenames used in options should be absolute paths,
6069 i.e., starting with '/'.
6070 Relative filenames most likely cause surprises during operation
6071 (unless otherwise noted).
6073 The options supported (with the old, one character names in brackets) are:
6075 .ip "AliasFile=\fIspec, spec, ...\fP"
6077 Specify possible alias file(s).
6080 should be in the format
6088 is optional and defaults to ``implicit''.
6103 value is used as follows:
6105 \-k (&(objectClass=sendmailMTAAliasObject)
6106 (sendmailMTAAliasName=aliases)
6107 (|(sendmailMTACluster=${sendmailMTACluster})
6108 (sendmailMTAHost=$j))
6109 (sendmailMTAKey=%0))
6110 \-v sendmailMTAAliasValue
6114 is compiled, valid classes are
6116 (search through a compiled-in list of alias file types,
6117 for back compatibility),
6131 (internal symbol table \*- not normally used
6132 unless you have no other database lookup),
6134 (use a sequence of maps
6135 previously declared),
6149 searches them in order.
6150 .ip AliasWait=\fItimeout\fP
6155 (units default to minutes)
6158 entry to exist in the alias database
6160 If it does not appear in the
6162 interval issue a warning.
6165 If set, allow HELO SMTP commands that don't include a host name.
6166 Setting this violates RFC 1123 section 5.2.5,
6167 but is necessary to interoperate with several SMTP clients.
6168 If there is a value, it is still checked for legitimacy.
6169 .ip AuthMaxBits=\fIN\fP
6171 Limit the maximum encryption strength for the security layer in
6172 SMTP AUTH (SASL). Default is essentially unlimited.
6173 This allows to turn off additional encryption in SASL if
6174 STARTTLS is already encrypting the communication, because the
6175 existing encryption strength is taken into account when choosing
6176 an algorithm for the security layer.
6177 For example, if STARTTLS is used and the symmetric cipher is 3DES,
6178 then the the keylength (in bits) is 168.
6181 to 168 will disable any encryption in SASL.
6184 List of authentication mechanisms for AUTH (separated by spaces).
6185 The advertised list of authentication mechanisms will be the
6186 intersection of this list and the list of available mechanisms as
6187 determined by the Cyrus SASL library.
6188 If STARTTLS is active, EXTERNAL will be added to this list.
6189 In that case, the value of {cert_subject} is used as authentication id.
6192 List of options for SMTP AUTH consisting of single characters
6193 with intervening white space or commas.
6196 A Use the AUTH= parameter for the MAIL FROM
6197 command only when authentication succeeded.
6198 This can be used as a workaround for broken
6199 MTAs that do not implement RFC 2554 correctly.
6200 a protection from active (non-dictionary) attacks
6201 during authentication exchange.
6202 c require mechanisms which pass client credentials,
6203 and allow mechanisms which can pass credentials
6205 d don't permit mechanisms susceptible to passive
6207 f require forward secrecy between sessions
6208 (breaking one won't help break next).
6209 p don't permit mechanisms susceptible to simple
6210 passive attack (e.g., PLAIN, LOGIN), unless a
6211 security layer is active.
6212 y don't permit mechanisms that allow anonymous login.
6214 The first option applies to sendmail as a client, the others to a server.
6219 would disallow ANONYMOUS as AUTH mechanism and would
6220 allow PLAIN and LOGIN only if a security layer (e.g.,
6221 provided by STARTTLS) is already active.
6222 The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the
6223 selected SASL mechanisms.
6224 Explanations of these properties can be found in the Cyrus SASL documentation.
6225 .ip BadRcptThrottle=\fIN\fP
6227 If set and more than the specified number of recipients in a single SMTP
6228 envelope are rejected, sleep for one second after each rejected RCPT command.
6229 .ip BlankSub=\fIc\fP
6231 Set the blank substitution character to
6233 Unquoted spaces in addresses are replaced by this character.
6234 Defaults to space (i.e., no change is made).
6237 Path to directory with certificates of CAs.
6238 This directory directory must contain the hashes of each CA certificate
6239 as filenames (or as links to them).
6242 File containing one or more CA certificates;
6243 see section about STARTTLS for more information.
6246 Validate the RHS of aliases when rebuilding the alias database.
6247 .ip CheckpointInterval=\fIN\fP
6249 Checkpoints the queue every
6253 If your system crashes during delivery to a large list,
6254 this prevents retransmission to any but the last
6257 .ip ClassFactor=\fIfact\fP
6261 is multiplied by the message class
6262 (determined by the Precedence: field in the user header
6265 lines in the configuration file)
6266 and subtracted from the priority.
6267 Thus, messages with a higher Priority: will be favored.
6271 File containing the certificate of the client, i.e., this certificate
6274 acts as client (for STARTTLS).
6277 File containing the private key belonging to the client certificate
6281 .ip ClientPortOptions=\fIoptions\fP
6283 Set client SMTP options.
6286 pairs separated by commas.
6290 Port Name/number of source port for connection (defaults to any free port)
6291 Addr Address mask (defaults INADDR_ANY)
6292 Family Address family (defaults to INET)
6293 SndBufSize Size of TCP send buffer
6294 RcvBufSize Size of TCP receive buffer
6295 Modifier Options (flags) for the client
6299 mask may be a numeric address in dot notation
6302 can be the following character:
6305 h use name of interface for HELO command
6306 A don't use AUTH when sending e-mail
6307 S don't use STARTTLS when sending e-mail
6309 If ``h'' is set, the name corresponding to the outgoing interface
6310 address (whether chosen via the Connection parameter or
6311 the default) is used for the HELO/EHLO command.
6312 However, the name must not start with a square bracket
6313 and it must contain at least one dot.
6314 This is a simple test whether the name is not
6315 an IP address (in square brackets) but a qualified hostname.
6316 Note that multiple ClientPortOptions settings are allowed
6317 in order to give settings for each protocol family
6318 (e.g., one for Family=inet and one for Family=inet6).
6319 A restriction placed on one family only affects
6320 outgoing connections on that particular family.
6323 If set, colons are acceptable in e-mail addresses
6326 If not set, colons indicate the beginning of a RFC 822 group construct
6328 .q "groupname: member1, member2, ... memberN;" ).
6329 Doubled colons are always acceptable
6332 and proper route-addr nesting is understood
6334 .q <@relay:user@host> ).
6335 Furthermore, this option defaults on if the configuration version level
6336 is less than 6 (for back compatibility).
6337 However, it must be off for full compatibility with RFC 822.
6338 .ip ConnectionCacheSize=\fIN\fP
6340 The maximum number of open connections that will be cached at a time.
6342 This delays closing the current connection until
6343 either this invocation of
6345 needs to connect to another host
6347 Setting it to zero defaults to the old behavior,
6348 that is, connections are closed immediately.
6349 Since this consumes file descriptors,
6350 the connection cache should be kept small:
6351 4 is probably a practical maximum.
6352 .ip ConnectionCacheTimeout=\fItimeout\fP
6354 The maximum amount of time a cached connection will be permitted to idle
6356 If this time is exceeded,
6357 the connection is immediately closed.
6358 This value should be small (on the order of ten minutes).
6361 uses a cached connection,
6362 it always sends a RSET command
6363 to check the connection;
6364 if this fails, it reopens the connection.
6365 This keeps your end from failing if the other end times out.
6366 The point of this option is to be a good network neighbor
6367 and avoid using up excessive resources
6369 The default is five minutes.
6370 .ip ConnectOnlyTo=\fIaddress\fP
6373 override the connection address (for testing purposes).
6374 .ip ConnectionRateThrottle=\fIN\fP
6376 If set to a positive value,
6379 incoming connections in a one second period per daemon.
6380 This is intended to flatten out peaks
6381 and allow the load average checking to cut in.
6382 Defaults to zero (no limits).
6383 .ip ControlSocketName=\fIname\fP
6385 Name of the control socket for daemon management.
6388 daemon can be controlled through this named socket.
6389 Available commands are:
6397 command returns the current number of daemon children,
6398 the maximum number of daemon children,
6399 the free disk space (in blocks) of the queue directory,
6400 and the load average of the machine expressed as an integer.
6401 If not set, no control socket will be available.
6402 Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
6404 File with DH parameters for STARTTLS.
6405 This is only required if a ciphersuite containing DSA/DH is used.
6406 This is only for people with a good knowledge of TLS, all others
6407 can ignore this option.
6408 .ip DaemonPortOptions=\fIoptions\fP
6410 Set server SMTP options.
6412 .b DaemonPortOptions
6413 leads to an additional incoming socket.
6420 Name User-definable name for the daemon (defaults to "Daemon#")
6421 Port Name/number of listening port (defaults to "smtp")
6422 Addr Address mask (defaults INADDR_ANY)
6423 Family Address family (defaults to INET)
6424 Listen Size of listen queue (defaults to 10)
6425 Modifier Options (flags) for the daemon
6426 SndBufSize Size of TCP send buffer
6427 RcvBufSize Size of TCP receive buffer
6431 key is used for error messages and logging.
6434 mask may be a numeric address in dot notation
6438 key defaults to INET (IPv4).
6439 IPv6 users who wish to also accept IPv6 connections
6440 should add additional Family=inet6
6441 .b DaemonPortOptions
6444 can be a sequence (without any delimiters)
6445 of the following characters:
6448 a always require authentication
6449 b bind to interface through which mail has been received
6450 c perform hostname canonification (.cf)
6451 f require fully qualified hostname (.cf)
6452 u allow unqualified addresses (.cf)
6453 A disable AUTH (overrides 'a' modifier)
6454 C don't perform hostname canonification
6455 E disallow ETRN (see RFC 2476)
6456 O optional; if opening the socket fails ignore it
6457 S don't offer STARTTLS
6459 That is, one way to specify a message submission agent (MSA) that
6460 always requires authentication is:
6462 O DaemonPortOptions=Name=MSA, Port=587, M=Ea
6464 The modifiers that are marked with "(.cf)" have only
6465 effect in the standard configuration file, in which
6466 they are available via
6467 .b ${daemon_flags} .
6470 use the ``a'' modifier on a public accessible MTA!
6471 It should only be used for a MSA that is accessed by authorized
6472 users for initial mail submission.
6473 Users must authenticate to use a MSA which has this option turned on.
6474 The flags ``c'' and ``C'' can change the default for
6475 hostname canonification in the
6478 See the relevant documentation for
6479 .sm FEATURE(nocanonify) .
6480 The modifier ``f'' disallows addresses of the form
6482 unless they are submitted directly.
6483 The flag ``u'' allows unqualified sender addresses,
6484 i.e., those without @host.
6485 ``b'' forces sendmail to bind to the interface
6486 through which the e-mail has been
6487 received for the outgoing connection.
6490 only if outgoing mail can be routed through the incoming connection's
6491 interface to its destination. No attempt is made to catch problems due to a
6492 misconfiguration of this parameter, use it only for virtual hosting
6493 where each virtual interface can connect to every possible location.
6494 This will also override possible settings via
6495 .b ClientPortOptions.
6498 will listen on a new socket
6499 for each occurence of the
6500 .b DaemonPortOptions
6501 option in a configuration file.
6502 The modifier ``O'' causes sendmail to ignore a socket
6503 if it can't be opened.
6504 This applies to failures from the socket(2) and bind(2) calls.
6507 Filename that contains default authentication information for outgoing
6508 connections. This file must contain the user id, the authorization id,
6509 the password (plain text), the realm and the list of mechanisms to use
6510 on separate lines and must be readable by
6511 root (or the trusted user) only.
6512 If no realm is specified,
6515 If no mechanisms are specified, the list given by
6518 Notice: this option is deprecated and will be removed in future versions.
6519 Moreover, it doesn't work for the MSP since it can't read the file
6520 (the file must not be group/world-readable otherwise
6523 Use the authinfo ruleset instead which provides more control over
6524 the usage of the data anyway.
6525 .ip DefaultCharSet=\fIcharset\fP
6527 When a message that has 8-bit characters but is not in MIME format
6528 is converted to MIME
6529 (see the EightBitMode option)
6530 a character set must be included in the Content-Type: header.
6531 This character set is normally set from the Charset= field
6532 of the mailer descriptor.
6533 If that is not set, the value of this option is used.
6534 If this option is not set, the value
6537 .ip DataFileBufferSize=\fIthreshold\fP
6542 before a memory-based
6545 The default is 4096 bytes.
6546 .ip DeadLetterDrop=\fIfile\fP
6548 Defines the location of the system-wide dead.letter file,
6549 formerly hardcoded to /usr/tmp/dead.letter.
6550 If this option is not set (the default),
6551 sendmail will not attempt to save to a system-wide dead.letter file
6553 it cannot bounce the mail to the user or postmaster.
6554 Instead, it will rename the qf file
6555 as it has in the past
6556 when the dead.letter file could not be opened.
6557 .ip DefaultUser=\fIuser:group\fP
6559 Set the default userid for mailers to
6566 (as opposed to a numeric user id)
6567 the default group listed in the /etc/passwd file for that user is used
6568 as the default group.
6576 flag in the mailer definition
6577 will run as this user.
6579 The value can also be given as a symbolic user name.\**
6583 option has been combined into the
6587 .ip DelayLA=\fILA\fP
6589 When the system load average exceeds
6592 will sleep for one second on most SMTP commands and
6593 before accepting connections.
6594 .ip DeliverByMin=\fItime\fP
6596 Set minimum time for Deliver By SMTP Service Extension (RFC 2852).
6597 If 0, no time is listed, if less than 0, the extension is not offered,
6598 if greater than 0, it is listed as minimum time
6599 for the EHLO keyword DELIVERBY.
6600 .ip DeliveryMode=\fIx\fP
6607 i Deliver interactively (synchronously)
6608 b Deliver in background (asynchronously)
6609 q Just queue the message (deliver during queue run)
6610 d Defer delivery and all map lookups (deliver during queue run)
6612 Defaults to ``b'' if no option is specified,
6613 ``i'' if it is specified but given no argument
6614 (i.e., ``Od'' is equivalent to ``Odi'').
6617 command line flag sets this to
6619 .ip DialDelay=\fIsleeptime\fP
6621 Dial-on-demand network connections can see timeouts
6622 if a connection is opened before the call is set up.
6623 If this is set to an interval and a connection times out
6624 on the first connection being attempted
6626 will sleep for this amount of time and try again.
6627 This should give your system time to establish the connection
6628 to your service provider.
6629 Units default to seconds, so
6631 uses a five second delay.
6634 This delay only applies to mailers which have the
6636 .ip DirectSubmissionModifiers=\fImodifiers\fP
6639 for direct (command line) submissions.
6642 is either "CC f" if the option
6644 is used or "c u" otherwise.
6645 Note that only the the "CC", "c", "f", and "u" flags are checked.
6646 .ip DontBlameSendmail=\fIoption,option,...\fP
6648 In order to avoid possible cracking attempts
6649 caused by world- and group-writable files and directories,
6651 does paranoid checking when opening most of its support files.
6652 If for some reason you absolutely must run with,
6657 then you will have to turn off this checking
6658 (at the cost of making your system more vulnerable to attack).
6659 The possible arguments have been described earlier.
6660 The details of these flags are described above.
6661 .\"XXX should have more here!!! XXX
6662 .b "Use of this option is not recommended."
6663 .ip DontExpandCnames
6665 The standards say that all host addresses used in a mail message
6666 must be fully canonical.
6667 For example, if your host is named
6669 and also has an alias of
6671 the former name must be used at all times.
6672 This is enforced during host name canonification
6673 ($[ ... $] lookups).
6674 If this option is set, the protocols are ignored and the
6677 However, the IETF is moving toward changing this standard,
6678 so the behavior may become acceptable.
6679 Please note that hosts downstream may still rewrite the address
6680 to be the true canonical name however.
6685 will avoid using the initgroups(3) call.
6686 If you are running NIS,
6687 this causes a sequential scan of the groups.byname map,
6688 which can cause your NIS server to be badly overloaded in a large domain.
6689 The cost of this is that the only group found for users
6690 will be their primary group (the one in the password file),
6691 which will make file access permissions somewhat more restrictive.
6692 Has no effect on systems that don't have group lists.
6693 .ip DontProbeInterfaces
6696 normally finds the names of all interfaces active on your machine
6698 and adds their name to the
6700 class of known host aliases.
6701 If you have a large number of virtual interfaces
6702 or if your DNS inverse lookups are slow
6703 this can be time consuming.
6704 This option turns off that probing.
6705 However, you will need to be certain to include all variant names
6708 class by some other mechanism.
6711 loopback interfaces (e.g., lo0) will not be probed.
6716 tries to eliminate any unnecessary explicit routes
6717 when sending an error message
6718 (as discussed in RFC 1123 \(sc 5.2.6).
6720 when sending an error message to
6722 <@known1,@known2,@known3:user@unknown>
6727 in order to make the route as direct as possible.
6730 option is set, this will be disabled,
6731 and the mail will be sent to the first address in the route,
6732 even if later addresses are known.
6733 This may be useful if you are caught behind a firewall.
6734 .ip DoubleBounceAddress=\fIerror-address\fP
6736 If an error occurs when sending an error message,
6737 send the error report
6740 because it is an error
6742 that occurs when trying to send another error
6744 to the indicated address.
6745 The address is macro expanded
6746 at the time of delivery.
6747 If not set, defaults to
6749 If set to an empty string, double bounces are dropped.
6750 .ip EightBitMode=\fIaction\fP
6752 Set handling of eight-bit data.
6753 There are two kinds of eight-bit data:
6754 that declared as such using the
6756 ESMTP declaration or the
6759 and undeclared 8-bit data, that is,
6760 input that just happens to be eight bits.
6761 There are three basic operations that can happen:
6762 undeclared 8-bit data can be automatically converted to 8BITMIME,
6763 undeclared 8-bit data can be passed as-is without conversion to MIME
6765 and declared 8-bit data can be converted to 7-bits
6766 for transmission to a non-8BITMIME mailer.
6771 .\" r Reject undeclared 8-bit data;
6772 .\" don't convert 8BITMIME\(->7BIT (``reject'')
6773 s Reject undeclared 8-bit data (``strict'')
6774 .\" do convert 8BITMIME\(->7BIT (``strict'')
6775 .\" c Convert undeclared 8-bit data to MIME;
6776 .\" don't convert 8BITMIME\(->7BIT (``convert'')
6777 m Convert undeclared 8-bit data to MIME (``mime'')
6778 .\" do convert 8BITMIME\(->7BIT (``mime'')
6779 .\" j Pass undeclared 8-bit data;
6780 .\" don't convert 8BITMIME\(->7BIT (``just send 8'')
6781 p Pass undeclared 8-bit data (``pass'')
6782 .\" do convert 8BITMIME\(->7BIT (``pass'')
6783 .\" a Adaptive algorithm: see below
6785 .\"The adaptive algorithm is to accept 8-bit data,
6786 .\"converting it to 8BITMIME only if the receiver understands that,
6787 .\"otherwise just passing it as undeclared 8-bit data;
6788 .\"8BITMIME\(->7BIT conversions are done.
6789 In all cases properly declared 8BITMIME data will be converted to 7BIT
6791 .ip ErrorHeader=\fIfile-or-message\fP
6793 Prepend error messages with the indicated message.
6794 If it begins with a slash,
6795 it is assumed to be the pathname of a file
6796 containing a message (this is the recommended setting).
6797 Otherwise, it is a literal message.
6798 The error file might contain the name, email address, and/or phone number
6799 of a local postmaster who could provide assistance
6801 If the option is missing or null,
6802 or if it names a file which does not exist or which is not readable,
6803 no message is printed.
6804 .ip ErrorMode=\fIx\fP
6806 Dispose of errors using mode
6812 p Print error messages (default)
6813 q No messages, just give exit status
6815 w Write back errors (mail if user not logged in)
6816 e Mail back errors (when applicable) and give zero exit stat always
6818 Note that the last mode,
6820 is for Berknet error processing and
6821 should not be used in normal circumstances.
6822 Note, too, that mode
6824 only applies to errors recognized before sendmail forks for
6825 background delivery.
6826 .ip FallbackMXhost=\fIfallbackhost\fP
6830 acts like a very low priority MX
6832 MX records will be looked up for this host,
6833 unless the name is surrounded by square brackets.
6834 This is intended to be used by sites with poor network connectivity.
6835 Messages which are undeliverable due to temporary address failures
6837 also go to the FallbackMXhost.
6840 If set to a value greater than zero (the default is one),
6841 it suppresses the MX lookups on addresses
6842 when they are initially sorted, i.e., for the first delivery attempt.
6843 This usually results in faster envelope splitting unless the MX records
6844 are readily available in a local DNS cache.
6845 To enforce initial sorting based on MX records set
6848 If the mail is submitted directly from the command line, then
6849 the value also limits the number of processes to deliver the envelopes;
6850 if more envelopes are created they are only queued up
6851 and must be taken care of by a queue run.
6852 Since the default submission method is via SMTP (either from a MUA
6853 or via the MSP), the value of
6855 is seldom used to limit the number of processes to deliver the envelopes.
6859 deliver each job that is run from the queue in a separate process.
6860 .ip ForwardPath=\fIpath\fP
6862 Set the path for searching for users' .forward files.
6865 Some sites that use the automounter may prefer to change this to
6867 to search a file with the same name as the user in a system directory.
6868 It can also be set to a sequence of paths separated by colons;
6870 stops at the first file it can successfully and safely open.
6872 .q /var/forward/$u:$z/.forward
6873 will search first in /var/forward/\c
6876 .i ~username /.forward
6877 (but only if the first file does not exist).
6878 .ip HelpFile=\fIfile\fP
6880 Specify the help file
6882 If no file name is specified, "helpfile" is used.
6885 If an outgoing mailer is marked as being expensive,
6886 don't connect immediately.
6887 .ip HostsFile=\fIpath\fP
6889 The path to the hosts database,
6892 This option is only consulted when sendmail
6893 is canonifying addresses,
6898 service switch entry.
6899 In particular, this file is
6901 used when looking up host addresses;
6902 that is under the control of the system
6903 .i gethostbyname (3)
6905 .ip HostStatusDirectory=\fIpath\fP
6907 The location of the long term host status information.
6909 information about the status of hosts
6910 (e.g., host down or not accepting connections)
6911 will be shared between all
6914 normally, this information is only held within a single queue run.
6915 This option requires a connection cache of at least 1 to function.
6916 If the option begins with a leading `/',
6917 it is an absolute pathname;
6919 it is relative to the mail queue directory.
6920 A suggested value for sites desiring persistent host status is
6922 (i.e., a subdirectory of the queue directory).
6925 Ignore dots in incoming messages.
6926 This is always disabled (that is, dots are always accepted)
6927 when reading SMTP mail.
6928 .ip InputMailFilters=\fIname,name,...\fP
6929 A comma separated list of filters which determines which filters
6930 (see the "X \*- Mail Filter (Milter) Definitions" section)
6931 and the invocation sequence are contacted for incoming SMTP messages.
6932 If none are set, no filters will be contacted.
6933 .ip LDAPDefaultSpec=\fIspec\fP
6935 Sets a default map specification for LDAP maps.
6936 The value should only contain LDAP specific settings
6938 .q "-h host -p port -d bindDN" .
6939 The settings will be used for all LDAP maps
6940 unless the individual map specification overrides a setting.
6941 This option should be set before any LDAP maps are defined.
6942 .ip LogLevel=\fIn\fP
6944 Set the log level to
6953 This is intended only for use from the command line.
6959 Type of lookup to find information about local mailboxes,
6960 defaults to ``pw'' which uses
6962 Other types can be introduced by adding them to the source code,
6963 see libsm/mbdb.c for details.
6966 Use as mail submission program, i.e.,
6967 allow group writable queue files
6968 if the group is the same as that of a set-group-ID sendmail binary.
6970 .b sendmail/SECURITY
6971 in the distribution tarball.
6974 Allow fuzzy matching on the GECOS field.
6975 If this flag is set,
6976 and the usual user name lookups fail
6977 (that is, there is no alias with this name and a
6980 sequentially search the password file
6981 for a matching entry in the GECOS field.
6982 This also requires that MATCHGECOS
6983 be turned on during compilation.
6984 This option is not recommended.
6985 .ip MaxAliasRecursion=\fIN\fP
6987 The maximum depth of alias recursion (default: 10).
6988 .ip MaxDaemonChildren=\fIN\fP
6992 will refuse connections when it has more than
6994 children processing incoming mail or automatic queue runs.
6995 This does not limit the number of outgoing connections.
6996 If not set, there is no limit to the number of children --
6997 that is, the system load averaging controls this.
6998 .ip MaxHeadersLength=\fIN\fP
7000 The maximum length of the sum of all headers.
7001 This can be used to prevent a denial of service attack.
7002 The default is no limit.
7003 .ip MaxHopCount=\fIN\fP
7005 The maximum hop count.
7006 Messages that have been processed more than
7008 times are assumed to be in a loop and are rejected.
7010 .ip MaxMessageSize=\fIN\fP
7012 Specify the maximum message size
7013 to be advertised in the ESMTP EHLO response.
7014 Messages larger than this will be rejected.
7015 If set to a value greater than zero,
7016 that value will be listed in the SIZE response,
7017 otherwise SIZE is advertised in the ESMTP EHLO response
7018 without a parameter.
7019 .ip MaxMimeHeaderLength=\fIN[/M]\fP
7021 Sets the maximum length of certain MIME header field values to
7024 These MIME header fields are determined by being a member of
7025 class {checkMIMETextHeaders}, which currently contains only
7026 the header Content-Description.
7027 For some of these headers which take parameters,
7028 the maximum length of each parameter is set to
7032 is not specified, one half of
7036 these values are 2048 and 1024, respectively.
7037 To allow any length, a value of 0 can be specified.
7038 .ip MaxQueueChildren=\fIN\fP
7040 When set, this limits the number of concurrent queue runner processes to
7042 This helps to control the amount of system resources used when processing
7043 the queue. When there are multiple queue groups defined and the total number
7044 of queue runners for these queue groups would exceed
7046 then the queue groups will not all run concurrently. That is, some portion
7047 of the queue groups will run concurrently such that
7049 will not be exceeded, while the remaining queue groups will be run later (in
7050 round robin order). See also
7051 .i MaxRunnersPerQueue
7052 and the section \fBQueue Group Declaration\fP.
7055 does not count individual queue runners, but only sets of processes
7056 that act on a workgroup.
7057 Hence the actual number of queue runners may be lower than the limit
7059 .i MaxQueueChildren .
7060 This discrepancy can be large if some queue runners have to wait
7061 for a slow server and if short intervals are used.
7062 .ip MaxQueueRunSize=\fIN\fP
7064 The maximum number of jobs that will be processed
7065 in a single queue run.
7066 If not set, there is no limit on the size.
7067 If you have very large queues or a very short queue run interval
7068 this could be unstable.
7069 However, since the first
7071 jobs in queue directory order are run (rather than the
7073 highest priority jobs)
7074 this should be set as high as possible to avoid
7076 jobs that happen to fall late in the queue directory.
7077 .ip MaxRecipientsPerMessage=\fIN\fP
7079 The maximum number of recipients that will be accepted per message
7080 in an SMTP transaction.
7081 Note: setting this too low can interfere with sending mail from
7082 MUAs that use SMTP for initial submission.
7083 If not set, there is no limit on the number of recipients per envelope.
7084 .ip MaxRunnersPerQueue=\fIN\fP
7086 This sets the default maximum number of queue runners for queue groups.
7089 queue runners will work in parallel on a queue group's messages.
7090 This is useful where the processing of a message in the queue might
7091 delay the processing of subsequent messages. Such a delay may be the result
7092 of non-erroneous situations such as a low bandwidth connection.
7093 May be overridden on a per queue group basis by setting the
7095 option; see the section \fBQueue Group Declaration\fP.
7096 The default is 1 when not set.
7100 even if I am in an alias expansion.
7101 This option is deprecated
7102 and will be removed from a future version.
7105 This option has several sub(sub)options.
7106 The names of the suboptions are separated by dots.
7107 At the first level the following options are available:
7109 .ta \w'LogLevel'u+3n
7110 LogLevel Log level for input mail filter actions, defaults to LogLevel.
7111 macros Specifies list of macro to transmit to filters.
7114 The ``macros'' option has the following suboptions
7115 which specify the list of macro to transmit to milters
7116 after a certain event occurred.
7119 connect After session connection start
7120 helo After HELO command
7121 envfrom After MAIL FROM command
7122 envrcpt After RCPT TO command
7124 By default the lists of macros are empty.
7127 O Milter.LogLevel=12
7128 O Milter.macros.connect=j, _, {daemon_name}
7130 .ip MinFreeBlocks=\fIN\fP
7134 blocks free on the filesystem that holds the queue files
7135 before accepting email via SMTP.
7136 If there is insufficient space
7138 gives a 452 response
7139 to the MAIL command.
7140 This invites the sender to try again later.
7141 .ip MinQueueAge=\fIage\fP
7143 Don't process any queued jobs
7144 that have been in the queue less than the indicated time interval.
7145 This is intended to allow you to get responsiveness
7146 by processing the queue fairly frequently
7147 without thrashing your system by trying jobs too often.
7148 The default units are minutes.
7149 .ip MustQuoteChars=\fIs\fP
7151 Sets the list of characters that must be quoted if used in a full name
7152 that is in the phrase part of a ``phrase <address>'' syntax.
7153 The default is ``\'.''.
7154 The characters ``@,;:\e()[]'' are always added to this list.
7157 The priority of queue runners (nice(3)).
7158 This value must be greater or equal zero.
7159 .ip NoRecipientAction
7161 The action to take when you receive a message that has no valid
7162 recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
7163 the last included for back compatibility with old
7167 to pass the message on unmodified,
7168 which violates the protocol,
7170 to add a To: header with any recipients it can find in the envelope
7171 (which might expose Bcc: recipients),
7172 .b Add-Apparently-To
7173 to add an Apparently-To: header
7174 (this is only for back-compatibility
7175 and is officially deprecated),
7176 .b Add-To-Undisclosed
7178 .q "To: undisclosed-recipients:;"
7179 to make the header legal without disclosing anything,
7182 to add an empty Bcc: header.
7185 Assume that the headers may be in old format,
7187 spaces delimit names.
7188 This actually turns on
7189 an adaptive algorithm:
7190 if any recipient address contains a comma, parenthesis,
7192 it will be assumed that commas already exist.
7193 If this flag is not on,
7194 only commas delimit names.
7195 Headers are always output with commas between the names.
7197 .ip OperatorChars=\fIcharlist\fP
7199 The list of characters that are considered to be
7201 that is, characters that delimit tokens.
7202 All operator characters are tokens by themselves;
7203 sequences of non-operator characters are also tokens.
7204 White space characters separate tokens
7205 but are not tokens themselves \(em for example,
7207 has three tokens, but
7210 If not set, OperatorChars defaults to
7211 .q \&.\|:\|@\|[\|] ;
7212 additionally, the characters
7214 are always operators.
7215 Note that OperatorChars must be set in the
7216 configuration file before any rulesets.
7217 .ip PidFile=\fIfilename\fP
7219 Filename of the pid file.
7220 (default is _PATH_SENDMAILPID).
7223 is macro-expanded before it is opened.
7224 .ip PostmasterCopy=\fIpostmaster\fP
7227 copies of error messages will be sent to the named
7229 Only the header of the failed message is sent.
7230 Errors resulting from messages with a negative precedence will not be sent.
7231 Since most errors are user problems,
7232 this is probably not a good idea on large sites,
7233 and arguably contains all sorts of privacy violations,
7234 but it seems to be popular with certain operating systems vendors.
7235 The address is macro expanded
7236 at the time of delivery.
7237 Defaults to no postmaster copies.
7238 .ip PrivacyOptions=\fI\|opt,opt,...\fP
7242 ``Privacy'' is really a misnomer;
7243 many of these are just a way of insisting on stricter adherence
7244 to the SMTP protocol.
7247 can be selected from:
7249 .ta \w'needvrfyhelo'u+3n
7250 public Allow open access
7251 needmailhelo Insist on HELO or EHLO command before MAIL
7252 needexpnhelo Insist on HELO or EHLO command before EXPN
7253 noexpn Disallow EXPN entirely, implies noverb.
7254 needvrfyhelo Insist on HELO or EHLO command before VRFY
7255 novrfy Disallow VRFY entirely
7256 noetrn Disallow ETRN entirely
7257 noverb Disallow VERB entirely
7258 restrictmailq Restrict mailq command
7259 restrictqrun Restrict \-q command line flag
7260 restrictexpand Restrict \-bv and \-v command line flags
7261 noreceipts Don't return success DSNs\**
7262 nobodyreturn Don't return the body of a message with DSNs
7263 goaway Disallow essentially all SMTP status queries
7264 authwarnings Put X-Authentication-Warning: headers in messages
7271 flag turns off support for RFC 1891
7272 (Delivery Status Notification).
7276 pseudo-flag sets all flags except
7284 If mailq is restricted,
7285 only people in the same group as the queue directory
7286 can print the queue.
7287 If queue runs are restricted,
7288 only root and the owner of the queue directory
7292 pseudo-flag instructs
7294 to drop privileges when the
7296 option is given by users who are neither root nor the TrustedUser
7297 so users cannot read private aliases, forwards, or :include: files.
7301 .q DontBlameSendmail
7302 option to prevent misleading unsafe address warnings.
7303 It also overrides the
7305 (verbose) command line option to prevent information leakage.
7306 Authentication Warnings add warnings about various conditions
7307 that may indicate attempts to spoof the mail system,
7308 such as using a non-standard queue directory.
7309 .ip ProcessTitlePrefix=\fIstring\fP
7311 Prefix the process title shown on 'ps' listings with
7315 will be macro processed.
7316 .ip QueueDirectory=\fIdir\fP
7318 The QueueDirectory option serves two purposes.
7319 First, it specifies the directory or set of directories that comprise
7320 the default queue group.
7321 Second, it specifies the directory D which is the ancestor of all queue
7322 directories, and which sendmail uses as its current working directory.
7323 When sendmail dumps core, it leaves its core files in D.
7324 There are two cases.
7325 If \fIdir\fR ends with an asterisk (eg, \fI/var/spool/mqueue/qd*\fR),
7326 then all of the directories or symbolic links to directories
7327 beginning with `qd' in
7328 .i /var/spool/mqueue
7329 will be used as queue directories of the default queue group,
7331 .i /var/spool/mqueue
7332 will be used as the working directory D.
7334 \fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR):
7335 the default queue group consists of the single queue directory \fIdir\fR,
7336 and the working directory D is set to \fIdir\fR.
7337 To define additional groups of queue directories,
7338 use the configuration file `Q' command.
7339 Do not change the queue directory structure
7340 while sendmail is running.
7341 .ip QueueFactor=\fIfactor\fP
7345 as the multiplier in the map function
7346 to decide when to just queue up jobs rather than run them.
7347 This value is divided by the difference between the current load average
7348 and the load average limit
7352 to determine the maximum message priority
7355 .ip QueueLA=\fILA\fP
7357 When the system load average exceeds
7363 option divided by the difference in the current load average and the
7366 is less than the priority of the message,
7368 (i.e., don't try to send them).
7369 Defaults to 8 multiplied by
7370 the number of processors online on the system
7371 (if that can be determined).
7372 .ip QueueFileMode=\fImode\fP
7374 Default permissions for queue files (octal).
7375 If not set, sendmail uses 0600 unless its real
7376 and effective uid are different in which case it uses 0644.
7377 .ip QueueSortOrder=\fIalgorithm\fP
7381 used for sorting the queue.
7382 Only the first character of the value is used.
7385 (to order by the name of the first host name of the first recipient),
7387 (to order by the name of the queue file name),
7389 (to order by the submission/creation time),
7391 (to order randomly),
7393 (to order by the modification time of the qf file (older entries first)),
7396 (to order by message priority).
7397 Host ordering makes better use of the connection cache,
7398 but may tend to process low priority messages
7399 that go to a single host
7400 over high priority messages that go to several hosts;
7401 it probably shouldn't be used on slow network links.
7402 Filename and modification time ordering saves the overhead of
7403 reading all of the queued items
7404 before starting the queue run.
7405 Creation (submission) time ordering is almost always a bad idea,
7406 since it allows large, bulk mail to go out
7407 before smaller, personal mail,
7408 but may have applicability on some hosts with very fast connections.
7409 Random is useful if several queue runners are started by hand
7410 which try to drain the same queue since odds are they will be working
7411 on different parts of the queue at the same time.
7412 Priority ordering is the default.
7413 .ip QueueTimeout=\fItimeout\fP
7416 .q Timeout.queuereturn .
7417 Use that form instead of the
7422 Name of file containing random data or the name of the UNIX socket
7424 A (required) prefix "egd:" or "file:" specifies the type.
7425 STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set
7426 (see sendmail/README).
7427 .ip ResolverOptions=\fIoptions\fP
7429 Set resolver options.
7430 Values can be set using
7456 can be specified to turn off matching against MX records
7457 when doing name canonifications.
7459 .q WorkAroundBrokenAAAA
7464 can be specified to work around some broken nameservers
7465 which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.
7466 Notice: it might be necessary to apply the same (or similar) options to
7471 If this option is set, a
7472 .q Return-Receipt-To:
7473 header causes the request of a DSN, which is sent to
7474 the envelope sender as required by RFC 1891,
7475 not to the address given in the header.
7476 .ip RunAsUser=\fIuser\fP
7480 parameter may be a user name
7483 or a numeric user id;
7484 either form can have
7487 (where group can be numeric or symbolic).
7488 If set to a non-zero (non-root) value,
7490 will change to this user id shortly after startup\**.
7492 \**When running as a daemon,
7493 it changes to this user after accepting a connection
7494 but before reading any
7498 This avoids a certain class of security problems.
7499 However, this means that all
7503 files must be readable by the indicated
7505 and all files to be written must be writable by
7507 Also, all file and program deliveries will be marked unsafe
7509 .b DontBlameSendmail=NonRootSafeAddr
7511 in which case the delivery will be done as
7513 It is also incompatible with the
7514 .b SafeFileEnvironment
7516 In other words, it may not actually add much to security on an average system,
7517 and may in fact detract from security
7518 (because other file permissions must be loosened).
7519 However, it should be useful on firewalls and other
7520 places where users don't have accounts and the aliases file is
7522 .ip RecipientFactor=\fIfact\fP
7526 is added to the priority (thus
7528 the priority of the job)
7530 i.e., this value penalizes jobs with large numbers of recipients.
7532 .ip RefuseLA=\fILA\fP
7534 When the system load average exceeds
7536 refuse incoming SMTP connections.
7537 Defaults to 12 multiplied by
7538 the number of processors online on the system
7539 (if that can be determined).
7540 .ip RetryFactor=\fIfact\fP
7544 is added to the priority
7545 every time a job is processed.
7547 each time a job is processed,
7548 its priority will be decreased by the indicated value.
7549 In most environments this should be positive,
7550 since hosts that are down are all too often down for a long time.
7552 .ip SafeFileEnvironment=\fIdir\fP
7554 If this option is set,
7558 call into the indicated
7560 before doing any file writes.
7561 If the file name specified by the user begins with
7563 that partial path name will be stripped off before writing,
7565 if the SafeFileEnvironment variable is set to
7571 actually indicate the same file.
7572 Additionally, if this option is set,
7574 refuses to deliver to symbolic links.
7580 lines at the front of headers.
7581 Normally they are assumed redundant
7585 Key to use for shared memory segment;
7586 if not set (or 0), shared memory will not be used.
7587 Requires support for shared memory to be compiled into
7589 If this option is set,
7591 can share some data between different instances.
7592 For example, the number of entries in a queue directory
7593 or the available space in a file system.
7594 This allows for more efficient program execution, since only
7595 one process needs to update the data instead of each individual
7596 process gathering the data each time it is required.
7599 If set, send error messages in MIME format
7600 (see RFC 2045 and RFC 1344 for details).
7603 will not return the DSN keyword in response to an EHLO
7604 and will not do Delivery Status Notification processing as described in
7608 File containing the certificate of the server, i.e., this certificate
7609 is used when sendmail acts as server
7610 (used for STARTTLS).
7613 File containing the private key belonging to the server certificate
7614 (used for STARTTLS).
7615 .ip ServiceSwitchFile=\fIfilename\fP
7617 If your host operating system has a service switch abstraction
7618 (e.g., /etc/nsswitch.conf on Solaris
7619 or /etc/svc.conf on Ultrix and DEC OSF/1)
7620 that service will be consulted and this option is ignored.
7621 Otherwise, this is the name of a file
7622 that provides the list of methods used to implement particular services.
7623 The syntax is a series of lines,
7624 each of which is a sequence of words.
7625 The first word is the service name,
7626 and following words are service types.
7629 consults directly are
7633 Service types can be
7639 (with the caveat that the appropriate support
7641 before the service can be referenced).
7642 If ServiceSwitchFile is not specified, it defaults to
7643 /etc/mail/service.switch.
7644 If that file does not exist, the default switch is:
7650 .q /etc/mail/service.switch .
7653 Strip input to seven bits for compatibility with old systems.
7654 This shouldn't be necessary.
7655 .ip SingleLineFromHeader
7657 If set, From: lines that have embedded newlines are unwrapped
7659 This is to get around a botch in Lotus Notes
7660 that apparently cannot understand legally wrapped RFC 822 headers.
7661 .ip SingleThreadDelivery
7663 If set, a client machine will never try to open two SMTP connections
7664 to a single server machine at the same time,
7665 even in different processes.
7668 is already talking to some host a new
7670 will not open another connection.
7671 This property is of mixed value;
7672 although this reduces the load on the other machine,
7673 it can cause mail to be delayed
7674 (for example, if one
7676 is delivering a huge message, other
7678 won't be able to send even small messages).
7679 Also, it requires another file descriptor
7681 per connection, so you may have to reduce the
7682 .b ConnectionCacheSize
7683 option to avoid running out of per-process file descriptors.
7685 .b HostStatusDirectory
7687 .ip SmtpGreetingMessage=\fImessage\fP
7689 The message printed when the SMTP server starts up.
7691 .q "$j Sendmail $v ready at $b".
7692 .ip StatusFile=\fIfile\fP
7694 Log summary statistics in the named
7696 If no file name is specified, "statistics" is used.
7698 no summary statistics are saved.
7699 This file does not grow in size.
7700 It can be printed using the
7705 This option can be set to True, False, or Interactive.
7708 will be super-safe when running things,
7709 i.e., always instantiate the queue file,
7710 even if you are going to attempt immediate delivery.
7712 always instantiates the queue file
7713 before returning control to the client
7714 under any circumstances.
7718 The Interactive value has been introduced in 8.12 and can
7719 be used together with
7721 It skips some synchronization calls which are effectively
7722 doubled in the code execution path for this mode.
7725 List of options for SMTP STARTTLS for the server
7726 consisting of single characters
7727 with intervening white space or commas.
7728 The flag ``V'' disables client verification, and hence
7729 it is not possible to use a client certificate for relaying.
7730 Currently there are no other flags available.
7731 .ip TempFileMode=\fImode\fP
7733 The file mode for transcript files, files to which
7735 delivers directly, files in the
7736 .b HostStatusDirectory ,
7739 It is interpreted in octal by default.
7741 .ip Timeout.\fItype\fP=\|\fItimeout\fP
7742 [r; subsumes old T option as well]
7744 For more information,
7748 .ip TimeZoneSpec=\fItzinfo\fP
7750 Set the local time zone info to
7754 Actually, if this is not set,
7755 the TZ environment variable is cleared (so the system default is used);
7756 if set but null, the user's TZ variable is used,
7757 and if set and non-null the TZ variable is set to this value.
7758 .ip TrustedUser=\fIuser\fP
7762 parameter may be a user name
7765 or a numeric user id.
7766 Trusted user for file ownership and starting the daemon. If set, generated
7767 alias databases and the control socket (if configured) will automatically
7768 be owned by this user.
7771 If this system is the
7773 (that is, lowest preference)
7774 MX for a given host,
7775 its configuration rules should normally detect this situation
7776 and treat that condition specially
7777 by forwarding the mail to a UUCP feed,
7778 treating it as local,
7780 However, in some cases (such as Internet firewalls)
7781 you may want to try to connect directly to that host
7782 as though it had no MX records at all.
7783 Setting this option causes
7786 The downside is that errors in your configuration
7787 are likely to be diagnosed as
7790 .q "message timed out"
7791 instead of something more meaningful.
7792 This option is disrecommended.
7793 .ip UnixFromLine=\fIfromline\fP
7795 Defines the format used when
7797 must add a UNIX-style From_ line
7798 (that is, a line beginning
7799 .q From<space>user ).
7802 Don't change this unless your system uses a different UNIX mailbox format
7804 .ip UnsafeGroupWrites
7807 :include: and .forward files that are group writable are considered
7810 they cannot reference programs or write directly to files.
7811 World writable :include: and .forward files
7814 .b DontBlameSendmail
7815 instead; this option is deprecated.
7820 header, send error messages to the addresses listed there.
7821 They normally go to the envelope sender.
7822 Use of this option causes
7824 to violate RFC 1123.
7825 This option is disrecommended and deprecated.
7826 .ip UserDatabaseSpec=\fIudbspec\fP
7828 The user database specification.
7831 Run in verbose mode.
7842 so that all mail is delivered completely
7844 so that you can see the entire delivery process.
7849 be set in the configuration file;
7850 it is intended for command line use only.
7851 .ip XscriptFileBufferSize=\fIthreshold\fP
7856 before a memory-based
7857 queue transcript file
7859 The default is 4096 bytes.
7861 All options can be specified on the command line using the
7865 to relinquish its set-user-ID permissions.
7866 The options that will not cause this are
7870 CheckpointInterval [C],
7877 OldStyleHeaders [o],
7888 SingleLineFromHeader,
7891 Actually, PrivacyOptions [p] given on the command line
7892 are added to those already specified in the
7894 file, i.e., they can't be reset.
7895 Also, M (define macro) when defining the r or s macros
7898 .sh 2 "P \*- Precedence Definitions"
7902 field may be defined using the
7905 The syntax of this field is:
7907 \fBP\fP\fIname\fP\fB=\fP\fInum\fP
7914 the message class is set to
7916 Higher numbers mean higher precedence.
7917 Numbers less than zero
7918 have the special property
7919 that if an error occurs during processing
7920 the body of the message will not be returned;
7921 this is expected to be used for
7923 mail such as through mailing lists.
7924 The default precedence is zero.
7926 our list of precedences is:
7929 Pspecial-delivery=100
7934 People writing mailing list exploders
7935 are encouraged to use
7936 .q "Precedence: list" .
7939 (which discarded all error returns for negative precedences)
7940 didn't recognize this name, giving it a default precedence of zero.
7941 This allows list maintainers to see error returns
7942 on both old and new versions of
7944 .sh 2 "V \*- Configuration Version Level"
7946 To provide compatibility with old configuration files,
7949 line has been added to define some very basic semantics
7950 of the configuration file.
7951 These are not intended to be long term supports;
7952 rather, they describe compatibility features
7953 which will probably be removed in future releases.
7959 to do with the version
7964 version 10 config files
7965 (specifically, 8.10)
7966 used version level 9 configurations.
7969 configuration files are defined as version level one.
7970 Version level two files make the following changes:
7972 Host name canonification ($[ ... $])
7973 appends a dot if the name is recognized;
7974 this gives the config file a way of finding out if anything matched.
7975 (Actually, this just initializes the
7979 flag \*- you can reset it to anything you prefer
7980 by declaring the map explicitly.)
7982 Default host name extension is consistent throughout processing;
7983 version level one configurations turned off domain extension
7984 (that is, adding the local domain name)
7985 during certain points in processing.
7986 Version level two configurations are expected to include a trailing dot
7987 to indicate that the name is already canonical.
7989 Local names that are not aliases
7990 are passed through a new distinguished ruleset five;
7991 this can be used to append a local relay.
7992 This behavior can be prevented by resolving the local name
7993 with an initial `@'.
7994 That is, something that resolves to a local mailer and a user name of
7996 will be passed through ruleset five,
7999 will have the `@' stripped,
8000 will not be passed through ruleset five,
8001 but will otherwise be treated the same as the prior example.
8002 The expectation is that this might be used to implement a policy
8005 was handled by a central hub,
8008 was delivered directly.
8010 Version level three files
8011 allow # initiated comments on all lines.
8012 Exceptions are backslash escaped # marks
8015 Version level four configurations
8016 are completely equivalent to level three
8017 for historical reasons.
8019 Version level five configuration files
8020 change the default definition of
8022 to be just the first component of the hostname.
8024 Version level six configuration files
8025 change many of the local processing options
8026 (such as aliasing and matching the beginning of the address for
8029 this allows fine-grained control over the special local processing.
8030 Level six configuration files may also use long option names.
8033 option (to allow colons in the local-part of addresses)
8036 for lower numbered configuration files;
8037 the configuration file requires some additional intelligence
8038 to properly handle the RFC 822 group construct.
8040 Version level seven configuration files
8041 used new option names to replace old macros
8045 .b SmtpGreetingMessage ,
8053 Also, prior to version seven,
8056 flag (use 250 instead of 252 return value for
8061 Version level eight configuration files allow
8063 on the left hand side of ruleset lines.
8065 Version level nine configuration files allow
8066 parentheses in rulesets, i.e. they are not treated
8067 as comments and hence removed.
8069 Version level ten configuration files allow
8070 queue group definitions.
8074 line may have an optional
8077 to indicate that this configuration file uses modifications
8078 specific to a particular vendor\**.
8080 \**And of course, vendors are encouraged to add themselves
8081 to the list of recognized vendors by editing the routine
8085 Please send e-mail to sendmail@Sendmail.ORG
8086 to register your vendor dialect.
8090 to emphasize that this configuration file
8091 uses the Berkeley dialect of
8093 .sh 2 "K \*- Key File Declaration"
8095 Special maps can be defined using the line:
8097 Kmapname mapclass arguments
8101 is the handle by which this map is referenced in the rewriting rules.
8104 is the name of a type of map;
8105 these are compiled in to
8109 are interpreted depending on the class;
8111 there would be a single argument naming the file containing the map.
8113 Maps are referenced using the syntax:
8115 $( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $)
8117 where either or both of the
8121 portion may be omitted.
8124 may appear more than once.
8129 are passed to the appropriate mapping function.
8130 If it returns a value, it replaces the input.
8131 If it does not return a value and the
8136 Otherwise, the input is unchanged.
8140 are passed to the map for arbitrary use.
8141 Most map classes can interpolate these arguments
8142 into their values using the syntax
8147 to indicate the corresponding
8151 indicates the database key.
8152 For example, the rule
8155 R$\- ! $+ $: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $)
8157 Looks up the UUCP name in a (user defined) UUCP map;
8158 if not found it turns it into
8161 The database might contain records like:
8163 decvax %1@%0.DEC.COM
8164 research %1@%0.ATT.COM
8168 clauses never do this mapping.
8170 The built-in map with both name and class
8172 is the host name canonicalization lookup.
8176 $(host \fIhostname\fP$)
8183 There are many defined classes.
8185 Database lookups using the ndbm(3) library.
8187 must be compiled with
8191 Database lookups using the btree interface to the Berkeley DB
8194 must be compiled with
8198 Database lookups using the hash interface to the Berkeley DB
8201 must be compiled with
8207 must be compiled with
8213 must be compiled with
8216 The argument is the name of the table to use for lookups,
8221 flags may be used to set the key and value columns respectively.
8225 must be compiled with
8229 LDAP X500 directory lookups.
8231 must be compiled with
8234 The map supports most of the standard arguments
8235 and most of the command line arguments of the
8240 if a single query matches multiple values,
8241 only the first value will be returned
8248 map flag will treat a multiple value return
8249 as if there were no matches.
8251 NeXT NetInfo lookups.
8253 must be compiled with
8258 The format of the text file is defined by the
8262 (value field number),
8269 Contributed and supported by
8270 Mark Roth, roth@uiuc.edu.
8271 For more information,
8272 consult the web site
8273 .q http://www-dev.cso.uiuc.edu/sendmail/ .
8275 nsd map for IRIX 6.5 and later.
8276 Contributed and supported by Bob Mende of SGI,
8279 Internal symbol table lookups.
8280 Used internally for aliasing.
8282 Really should be called
8284 \(em this is used to get the default lookups
8286 and is the default if no class is specified for alias files.
8288 Looks up users using
8292 flag can be used to specify the name of the field to return
8293 (although this is normally used only to check the existence
8296 Canonifies host domain names.
8297 Given a host name it calls the name server
8298 to find the canonical name for that host.
8300 Returns the best MX record for a host name given as the key.
8301 The current machine is always preferred \*-
8302 that is, if the current machine is one of the hosts listed as a
8303 lowest-preference MX record, then it will be guaranteed to be returned.
8304 This can be used to find out if this machine is the target for an MX record,
8305 and mail can be accepted on that basis.
8308 flag is given, then all MX names are returned,
8309 separated by the given delimiter.
8311 This map requires the option -R to specify the DNS resource record
8312 type to lookup. The following types are supported:
8313 A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
8314 A map lookup will return only one record.
8315 Hence for some types, e.g., MX records, the return value might be a random
8316 element of the list due to randomizing in the DNS resolver.
8318 The arguments on the `K' line are a list of maps;
8319 the resulting map searches the argument maps in order
8320 until it finds a match for the indicated key.
8321 For example, if the key definition is:
8325 Kseqmap sequence map1 map2
8327 then a lookup against
8329 first does a lookup in map1.
8330 If that is found, it returns immediately.
8331 Otherwise, the same key is used for map2.
8333 the key is logged via
8335 The lookup returns the empty string.
8339 map except that the order of maps is determined by the service switch.
8340 The argument is the name of the service to be looked up;
8341 the values from the service switch are appended to the map name
8342 to create new map names.
8343 For example, consider the key definition:
8347 together with the service switch entry:
8351 This causes a query against the map
8353 to search maps named
8359 Strip double quotes (") from a name.
8360 It does not strip backslashes,
8361 and will not strip quotes if the resulting string
8362 would contain unscannable syntax
8363 (that is, basic errors like unbalanced angle brackets;
8364 more sophisticated errors such as unknown hosts are not checked).
8365 The intent is for use when trying to accept mail from systems such as
8367 that routinely quote odd syntax such as
8371 A typical usage is probably something like:
8377 R$\- $: $(dequote $1 $)
8378 R$\- $+ $: $>3 $1 $2
8380 Care must be taken to prevent unexpected results;
8383 "|someprogram < input > output"
8385 will have quotes stripped,
8386 but the result is probably not what you had in mind.
8387 Fortunately these cases are rare.
8389 The map definition on the
8391 line contains a regular expression.
8392 Any key input is compared to that expression using the
8393 POSIX regular expressions routines regcomp(), regerr(), and regexec().
8394 Refer to the documentation for those routines for more information
8395 about the regular expression matching.
8396 No rewriting of the key is done if the
8398 flag is used. Without it, the key is discarded or if
8400 if used, it is substituted by the substring matches, delimited by
8402 or the string specified with the the
8404 flag. The flags available for the map are
8409 -b basic regular expressions (default is extended)
8411 -d set the delimiter used for -s
8412 -a append string to key
8413 -m match only, do not replace/discard value
8414 -D perform no lookup in deferred delivery mode.
8418 flag can include an optional parameter which can be used
8419 to select the substrings in the result of the lookup. For example,
8428 If the pattern contains spaces, they must be replaced
8429 with the blank substitution character, unless it is
8432 The arguments on the
8434 line are the pathname to a program and any initial parameters to be passed.
8435 When the map is called,
8436 the key is added to the initial parameters
8437 and the program is invoked
8438 as the default user/group id.
8439 The first line of standard output is returned as the value of the lookup.
8440 This has many potential security problems,
8441 and has terrible performance;
8442 it should be used only when absolutely necessary.
8444 Set or clear a macro value.
8446 pass the value as the first argument in the map lookup.
8448 do not pass an argument in the map lookup.
8449 The map always returns the empty string.
8450 Example of typical usage include:
8456 # set macro ${MyMacro} to the ruleset match
8457 R$+ $: $(storage {MyMacro} $@ $1 $) $1
8458 # set macro ${MyMacro} to an empty string
8459 R$* $: $(storage {MyMacro} $@ $) $1
8460 # clear macro ${MyMacro}
8461 R$\- $: $(storage {MyMacro} $) $1
8464 Perform simple arithmetic operations.
8465 The operation is given as key, currently +, -, *, /, %,
8466 |, & (bitwise OR, AND),
8467 l (for less than), and = are supported.
8468 The two operands are given as arguments.
8469 The lookup returns the result of the computation,
8474 for comparisons, integer values otherwise.
8475 All options which are possible for maps are ignored.
8476 A simple example is:
8483 R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1
8484 RFALSE $# error \&...
8487 Most of these accept as arguments the same optional flags
8489 (or a mapname for NIS;
8490 the filename is the root of the database path,
8493 or some other extension appropriate for the database type
8494 will be added to get the actual database name).
8497 Indicates that this map is optional \*- that is,
8498 if it cannot be opened,
8499 no error is produced,
8502 will behave as if the map existed but was empty.
8510 uses an adaptive algorithm to decide whether or not to look for null bytes
8512 It starts by trying both;
8513 if it finds any key with a null byte it never tries again without a null byte
8517 is specified it never tries without a null byte and
8520 is specified it never tries with a null byte.
8522 these can speed matches but are never necessary.
8529 will never try any matches at all \(em
8530 that is, everything will appear to fail.
8534 on successful matches.
8535 For example, the default
8537 map appends a dot on successful matches.
8541 on temporary failures.
8544 would be appended if a DNS lookup returned
8546 or an NIS lookup could not locate a server.
8551 Do not fold upper to lower case before looking up the key.
8553 Match only (without replacing the value).
8554 If you only care about the existence of a key and not the value
8555 (as you might when searching the NIS map
8558 this flag prevents the map from substituting the value.
8560 The \-a argument is still appended on a match,
8561 and the default is still taken if the match fails.
8562 .ip "\-k\fIkeycol\fP"
8563 The key column name (for NIS+) or number
8565 For LDAP maps this is an LDAP filter string
8566 in which %s is replaced with the literal contents of the lookup key
8567 and %0 is replaced with the LDAP escaped contents of the lookup key
8568 according to RFC 2254.
8569 .ip "\-v\fIvalcol\fP"
8570 The value column name (for NIS+) or number
8572 For LDAP maps this is the name of one or more
8573 attributes to be returned;
8574 multiple attributes can be separated by commas.
8575 If not specified, all attributes found in the match
8577 .ip "\-z\fIdelim\fP"
8578 The column delimiter (for text lookups).
8579 It can be a single character or one of the special strings
8583 to indicate newline or tab respectively.
8584 If omitted entirely,
8585 the column separator is any sequence of white space.
8586 For LDAP maps this is the separator character
8587 to combine multiple values
8588 into a single return string.
8590 the LDAP lookup will only return the first match found.
8592 Normally, when a map attempts to do a lookup
8593 and the server fails
8596 couldn't contact any name server;
8599 the same as an entry not being found in the map),
8600 the message being processed is queued for future processing.
8603 flag turns off this behavior,
8604 letting the temporary failure (server down)
8605 act as though it were a permanent failure (entry not found).
8606 It is particularly useful for DNS lookups,
8607 where someone else's misconfigured name server can cause problems
8609 However, care must be taken to ensure that you don't bounce mail
8610 that would be resolved correctly if you tried again.
8611 A common strategy is to forward such mail
8612 to another, possibly better connected, mail server.
8614 Perform no lookup in deferred delivery mode.
8615 This flag is set by default for the
8618 .ip "\-S\fIspacesub\fP
8619 The character to use to replace space characters
8620 after a successful map lookup (esp. useful for regex
8622 .ip "\-s\fIspacesub\fP
8623 For the dequote map only,
8624 the character to use to replace space characters
8625 after a successful dequote.
8627 Don't dequote the key before lookup.
8629 For the syslog map only, it specifies the level
8630 to use for the syslog call.
8632 When rebuilding an alias file,
8635 flag causes duplicate entries in the text version
8637 For example, two entries:
8642 would be treated as though it were the single entry
8644 list: user1, user2, user3
8646 in the presence of the
8650 Some additional flags are available for the host and dns maps:
8652 delay: specify the resolver's retransmission time interval (in seconds).
8654 retry: specify the number of times to retransmit a resolver query.
8656 The following additional flags are present in the ldap map only:
8658 Do not auto chase referrals. sendmail must be compiled with
8659 .b \-DLDAP_REFERRALS
8662 Retrieve attribute names only.
8664 Retrieve both attributes name and value(s),
8667 .ip "\-r\fIderef\fP"
8668 Set the alias dereference option to one of never, always, search, or find.
8669 .ip "\-s\fIscope\fP"
8670 Set search scope to one of base, one (one level), or sub (subtree).
8672 LDAP server hostname.
8673 Some LDAP libraries allow you to specify multiple, space-separated hosts for
8675 In addition, each of the hosts listed can be followed by a colon and a port
8676 number to override the default LDAP port.
8681 .ip "\-l\fItimelimit\fP"
8682 Time limit for LDAP queries.
8683 .ip "\-Z\fIsizelimit\fP"
8684 Size (number of matches) limit for LDAP queries.
8685 .ip "\-d\fIdistinguished_name\fP"
8686 The distinguished name to use to login to the LDAP server.
8687 .ip "\-M\fImethod\fP"
8688 The method to authenticate to the LDAP server.
8691 .b LDAP_AUTH_SIMPLE ,
8693 .b LDAP_AUTH_KRBV4 .
8694 .ip "\-P\fIpasswordfile\fP"
8695 The file containing the secret key for the
8697 authentication method
8698 or the name of the Kerberos ticket file for
8699 .b LDAP_AUTH_KRBV4 .
8701 Force LDAP searches to only succeed if a single match is found.
8702 If multiple values are found,
8703 the search is treated as if no match was found.
8707 map appends the strings
8711 to the given filename;
8718 For example, the map specification
8720 Kuucp dbm \-o \-N /etc/mail/uucpmap
8722 specifies an optional map named
8726 it always has null bytes at the end of every string,
8727 and the data is located in
8728 /etc/mail/uucpmap.{dir,pag}.
8732 can be used to build any of the three database-oriented maps.
8733 It takes the following flags:
8735 Do not fold upper to lower case in the map.
8737 Include null bytes in keys.
8739 Append to an existing (old) file.
8741 Allow replacement of existing keys;
8742 normally, re-inserting an existing key is an error.
8744 Print what is happening.
8748 daemon does not have to be restarted to read the new maps
8749 as long as you change them in place;
8750 file locking is used so that the maps won't be read
8751 while they are being updated.
8753 New classes can be added in the routine
8757 .sh 2 "Q \*- Queue Group Declaration"
8759 In addition to the option
8761 queue groups can be declared that define a (group of) queue directories
8762 under a common name.
8763 The syntax is as follows:
8773 is the symbolic name of the queue group under which
8774 it can be referenced in various places
8777 pairs define attributes of the queue group.
8780 Flags for this queue group.
8782 The nice(2) increment for the queue group.
8783 This value must be greater or equal zero.
8785 The time between two queue runs.
8787 The queue directory of the group (required).
8789 The number of parallel runners processing the queue.
8792 must be set if this value is greater than one.
8794 The maximum number of jobs (messages delivered) per queue run.
8796 The maximum number of recipients per envelope.
8797 Envelopes with more than this number of recipients will be split
8798 into multiple envelopes in the same queue directory.
8799 The default value 0 means no limit.
8801 Only the first character of the field name is checked.
8803 By default, a queue group named
8805 is defined that uses the value of the
8808 Notice: all paths that are used for queue groups must
8809 be subdirectories of
8811 Since they can be symbolic links, this isn't a real restriction,
8814 uses a wildcard, then the directory one level up is considered
8815 the ``base'' directory which all other queue directories must share.
8816 Please make sure that the queue directories do not overlap,
8817 e.g., do not specify
8819 O QueueDirectory=/var/spool/mqueue/*
8820 Qone, P=/var/spool/mqueue/dir1
8821 Qtwo, P=/var/spool/mqueue/dir2
8823 because this also includes
8827 in the default queue group.
8830 O QueueDirectory=/var/spool/mqueue/main*
8831 Qone, P=/var/spool/mqueue/dir
8832 Qtwo, P=/var/spool/mqueue/other*
8834 is a valid queue group specification.
8836 Options listed in the ``Flags'' field can be used to modify
8837 the behavior of a queue group.
8838 The ``f'' flag must be set if multiple queue runners are
8839 supposed to work on the entries in a queue group.
8842 will work on the entries strictly sequentially.
8844 The ``Interval'' field sets the time between queue runs.
8845 If no queue group specific interval is set, then the parameter of the
8847 option from the command line is used.
8849 To control the overall number of concurrently active queue runners
8853 This limits the number of processes used for running the queues to
8854 .b MaxQueueChildren ,
8855 though at any one time fewer processes may be active
8856 as a result of queue options, completed queue runs, system load, etc.
8858 The maximum number of queue runners for an individual queue group can be
8862 If set to 0, entries in the queue will not be processed, which
8863 is useful to ``quarantine'' queue files.
8864 The number of runners per queue group may also be set with the option
8865 .b MaxRunnersPerQueue ,
8866 which applies to queue groups that have no individual limit.
8867 That is, the default value for
8870 .b MaxRunnersPerQueue
8871 if set, otherwise 1.
8873 The field Jobs describes the maximum number of jobs
8874 (messages delivered) per queue run, which is the queue group specific
8876 .b MaxQueueRunSize .
8878 Notice: queue groups should be declared after all queue related options
8879 have been set because queue groups take their defaults from those options.
8880 If an option is set after a queue group declaration, the values of
8881 options in the queue group are set to the defaults of
8883 unless explicitly set in the declaration.
8885 Each envelope is assigned to a queue group based on the algorithm
8886 described in section
8887 ``Queue Groups and Queue Directories''.
8888 .sh 2 "X \*- Mail Filter (Milter) Definitions"
8892 Mail Filter API (Milter) is designed to allow third-party programs access
8893 to mail messages as they are being processed in order to filter
8894 meta-information and content.
8895 They are declared in the configuration file as:
8905 is the name of the filter
8906 (used internally only)
8909 pairs define attributes of the filter.
8910 Also see the documentation for the
8912 option for more information.
8917 Socket The socket specification
8918 Flags Special flags for this filter
8919 Timeouts Timeouts for this filter
8921 Only the first character of the field name is checked
8922 (it's case-sensitive).
8924 The socket specification is one of the following forms:
8947 The first two describe an IPv4 or IPv6 socket listening on a certain
8952 The final form describes a named socket on the filesystem at the given
8955 The following flags may be set in the filter description.
8958 Reject connection if filter unavailable.
8960 Temporary fail connection if filter unavailable.
8962 If neither F=R nor F=T is specified, the message is passed through
8964 in case of filter errors as if the failing filters were not present.
8966 The timeouts can be set using the four fields inside of the
8971 Timeout for connecting to a filter.
8972 If set to 0, the system's
8974 timeout will be used.
8976 Timeout for sending information from the MTA to a filter.
8978 Timeout for reading reply from the filter.
8980 Overall timeout between sending end-of-message to filter and waiting for
8981 the final acknowledgment.
8983 Note the separator between each timeout field is a
8985 The default values (if not set) are:
8986 .b T=C:5m;S:10s;R:10s;E:5m
8995 Xfilter1, S=local:/var/run/f1.sock, F=R
8996 Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m
8997 Xfilter3, S=inet:3333@localhost, T=C:2m
8999 .sh 2 "The User Database"
9001 The user database is deprecated in favor of ``virtusertable''
9002 and ``genericstable'' as explained in the file
9004 If you have a version of
9006 with the user database package
9008 the handling of sender and recipient addresses
9011 The location of this database is controlled with the
9014 .sh 3 "Structure of the user database"
9016 The database is a sorted (BTree-based) structure.
9017 User records are stored with the key:
9019 \fIuser-name\fP\fB:\fP\fIfield-name\fP
9021 The sorted database format ensures that user records are clustered together.
9022 Meta-information is always stored with a leading colon.
9024 Field names define both the syntax and semantics of the value.
9025 Defined fields include:
9028 The delivery address for this user.
9029 There may be multiple values of this record.
9031 mailing lists will have one
9033 record for each user on the list.
9035 The outgoing mailname for this user.
9036 For each outgoing name,
9037 there should be an appropriate
9039 record for that name to allow return mail.
9041 .i :default:mailname .
9043 Changes any mail sent to this address to have the indicated envelope sender.
9044 This is intended for mailing lists,
9045 and will normally be the name of an appropriate -request address.
9046 It is very similar to the owner-\c
9048 syntax in the alias file.
9050 The full name of the user.
9052 The office address for this user.
9054 The office phone number for this user.
9056 The office FAX number for this user.
9058 The home address for this user.
9060 The home phone number for this user.
9062 The home FAX number for this user.
9064 A (short) description of the project this person is affiliated with.
9065 In the University this is often just the name of their graduate advisor.
9067 A pointer to a file from which plan information can be gathered.
9070 only a few of these fields are actually being used by
9077 program that uses the other fields is planned.
9078 .sh 3 "User database semantics"
9080 When the rewriting rules submit an address to the local mailer,
9081 the user name is passed through the alias file.
9082 If no alias is found (or if the alias points back to the same address),
9086 is then used as a key in the user database.
9087 If no match occurs (or if the maildrop points at the same address),
9088 forwarding is tried.
9090 If the first token of the user name returned by ruleset 0
9093 sign, the user database lookup is skipped.
9094 The intent is that the user database will act as a set of defaults
9095 for a cluster (in our case, the Computer Science Division);
9096 mail sent to a specific machine should ignore these defaults.
9099 the name of the sending user is looked up in the database.
9103 the value of that record is used as their outgoing name.
9104 For example, I might have a record:
9106 eric:mailname Eric.Allman@CS.Berkeley.EDU
9108 This would cause my outgoing mail to be sent as Eric.Allman.
9112 is found for the user,
9113 but no corresponding
9117 .q :default:mailname
9119 If present, this is the name of a host to override the local host.
9120 For example, in our case we would set it to
9121 .q CS.Berkeley.EDU .
9122 The effect is that anyone known in the database
9123 gets their outgoing mail stamped as
9124 .q user@CS.Berkeley.EDU ,
9125 but people not listed in the database use the local hostname.
9126 .sh 3 "Creating the database\**"
9128 \**These instructions are known to be incomplete.
9129 Other features are available which provide similar functionality,
9130 e.g., virtual hosting and mapping local addresses into a
9131 generic form as explained in cf/README.
9134 The user database is built from a text file
9138 (in the distribution in the makemap subdirectory).
9139 The text file is a series of lines corresponding to userdb records;
9140 each line has a key and a value separated by white space.
9141 The key is always in the format described above \*-
9146 This file is normally installed in a system directory;
9147 for example, it might be called
9148 .i /etc/mail/userdb .
9149 To make the database version of the map, run the program:
9151 makemap btree /etc/mail/userdb < /etc/mail/userdb
9153 Then create a config file that uses this.
9154 For example, using the V8 M4 configuration, include the
9155 following line in your .mc file:
9157 define(\`confUSERDB_SPEC\', /etc/mail/userdb.db)
9159 .sh 1 "OTHER CONFIGURATION"
9161 There are some configuration changes that can be made by
9164 This section describes what changes can be made
9165 and what has to be modified to make them.
9166 In most cases this should be unnecessary
9167 unless you are porting
9169 to a new environment.
9170 .sh 2 "Parameters in devtools/OS/$oscf"
9172 These parameters are intended to describe the compilation environment,
9174 and should normally be defined in the operating system
9176 .b "This section needs a complete rewrite."
9179 the new version of the DBM library
9180 that allows multiple databases will be used.
9181 If neither NDBM nor NEWDB are set,
9182 a much less efficient method of alias lookup is used.
9184 If set, use the new database package from Berkeley (from 4.4BSD).
9185 This package is substantially faster than DBM or NDBM.
9186 If NEWDB and NDBM are both set,
9188 will read DBM files,
9189 but will create and use NEWDB files.
9191 Include support for NIS.
9192 If set together with
9196 will create both DBM and NEWDB files if and only if
9197 an alias file includes the substring
9200 This is intended for compatibility with Sun Microsystems'
9202 program used on YP masters.
9204 Compile in support for NIS+.
9206 Compile in support for NetInfo (NeXT stations).
9208 Compile in support for LDAP X500 queries.
9209 Requires libldap and liblber
9210 from the Umich LDAP 3.2 or 3.3 release
9211 or equivalent libraries for other LDAP libraries
9214 Compile in support for Hesiod.
9216 Compile in support for IRIX NSD lookups.
9218 Compile in support for regular expression matching.
9220 Compile in support for DNS map lookups in the
9224 Compile in support for ph lookups.
9226 Compile in support for SASL,
9227 a required component for SMTP Authentication support.
9229 Compile in support for STARTTLS.
9231 Compile in support for the "Entropy Gathering Daemon"
9232 to provide better random data for TLS.
9234 Compile in support for TCP Wrappers.
9235 .ip _PATH_SENDMAILCF
9236 The pathname of the sendmail.cf file.
9237 .ip _PATH_SENDMAILPID
9238 The pathname of the sendmail.pid file.
9240 Compile in support for shared memory, see section about
9241 "/var/spool/mqueue".
9243 Compile in support for contacting external mail filters built with the
9246 There are also several compilation flags to indicate the environment
9251 See the sendmail/README
9252 file for the latest scoop on these flags.
9253 .sh 2 "Parameters in sendmail/conf.h"
9255 Parameters and compilation options
9256 are defined in conf.h.
9257 Most of these need not normally be tweaked;
9258 common parameters are all in sendmail.cf.
9259 However, the sizes of certain primitive vectors, etc.,
9260 are included in this file.
9261 The numbers following the parameters
9262 are their default value.
9264 This document is not the best source of information
9265 for compilation flags in conf.h \(em
9266 see sendmail/README or sendmail/conf.h itself.
9268 .ip "MAXLINE [2048]"
9269 The maximum line length of any input line.
9270 If message lines exceed this length
9271 they will still be processed correctly;
9272 however, header lines,
9273 configuration file lines,
9276 must fit within this limit.
9278 The maximum length of any name,
9279 such as a host or a user name.
9281 The maximum number of parameters to any mailer.
9282 This limits the number of recipients that may be passed in one transaction.
9283 It can be set to any arbitrary number above about 10,
9286 will break up a delivery into smaller batches as needed.
9287 A higher number may reduce load on your system, however.
9288 .ip "MAXQUEUEGROUPS [50]"
9289 The maximum number of queue groups.
9290 .ip "MAXATOM [1000]"
9291 The maximum number of atoms
9293 in a single address.
9296 .q "eric@CS.Berkeley.EDU"
9298 .ip "MAXMAILERS [25]"
9299 The maximum number of mailers that may be defined
9300 in the configuration file.
9301 This value is defined in include/sendmail/sendmail.h.
9302 .ip "MAXRWSETS [200]"
9303 The maximum number of rewriting sets
9304 that may be defined.
9305 The first half of these are reserved for numeric specification
9307 while the upper half are reserved for auto-numbering
9309 Thus, with a value of 200 an attempt to use ``S99'' will succeed,
9310 but ``S100'' will fail.
9311 .ip "MAXPRIORITIES [25]"
9312 The maximum number of values for the
9314 field that may be defined
9317 line in sendmail.cf).
9318 .ip "MAXUSERENVIRON [100]"
9319 The maximum number of items in the user environment
9320 that will be passed to subordinate mailers.
9321 .ip "MAXMXHOSTS [100]"
9322 The maximum number of MX records we will accept for any single host.
9323 .ip "MAXMAPSTACK [12]"
9324 The maximum number of maps that may be "stacked" in a
9327 .ip "MAXMIMEARGS [20]"
9328 The maximum number of arguments in a MIME Content-Type: header;
9329 additional arguments will be ignored.
9330 .ip "MAXMIMENESTING [20]"
9331 The maximum depth to which MIME messages may be nested
9332 (that is, nested Message or Multipart documents;
9333 this does not limit the number of components in a single Multipart document).
9334 .ip "MAXDAEMONS [10]"
9335 The maximum number of sockets sendmail will open for accepting connections
9337 .ip "MAXMACNAMELEN [25]"
9338 The maximum length of a macro name.
9340 A number of other compilation options exist.
9341 These specify whether or not specific code should be compiled in.
9342 Ones marked with \(dg
9347 support for Internet protocol networking is compiled in.
9348 Previous versions of
9352 this old usage is now incorrect.
9354 turn it off in the Makefile
9355 if your system doesn't support the Internet protocols.
9358 support for IPv6 networking is compiled in.
9359 It must be separately enabled by adding
9360 .b DaemonPortOptions
9364 support for ISO protocol networking is compiled in
9365 (it may be appropriate to #define this in the Makefile instead of conf.h).
9368 support for UNIX domain sockets is compiled in.
9369 This is used for control socket support.
9374 routine in use at some sites is used.
9375 This makes an informational log record
9376 for each message processed,
9377 and makes a higher priority log record
9378 for internal system errors.
9379 .b "STRONGLY RECOMMENDED"
9380 \(em if you want no logging, turn it off in the configuration file.
9382 Compile in the code to do ``fuzzy matching'' on the GECOS field
9384 This also requires that the
9386 option be turned on.
9388 Compile in code to use the
9389 Berkeley Internet Name Domain (BIND) server
9390 to resolve TCP/IP host names.
9392 If you are using a non-UNIX mail format,
9393 you can set this flag to turn off special processing
9400 Berkeley user information database package.
9401 This adds a new level of local name expansion
9402 between aliasing and forwarding.
9403 It also uses the NEWDB package.
9404 This may change in future releases.
9406 The following options are normally turned on
9407 in per-operating-system clauses in conf.h.
9409 Compile in the IDENT protocol as defined in RFC 1413.
9410 This defaults on for all systems except Ultrix,
9411 which apparently has the interesting
9413 that when it receives a
9414 .q "host unreachable"
9415 message it closes all open connections to that host.
9416 Since some firewall gateways send this error code
9417 when you access an unauthorized port (such as 113, used by IDENT),
9418 Ultrix cannot receive email from such hosts.
9420 Set all of the compilation parameters appropriate for System V.
9427 Due to the highly unusual semantics of locks
9430 this should always be used if at all possible.
9432 Set this if your system has the
9435 (if you have multiple group support).
9436 This is the default if SYSTEM5 is
9438 defined or if you are on HPUX.
9440 Set this if you have the
9442 system call (or corresponding library routine).
9446 .ip HASGETDTABLESIZE
9447 Set this if you have the
9448 .i getdtablesize (2)
9451 Set this if you have the
9454 .ip FAST_PID_RECYCLE
9455 Set this if your system can possibly
9456 reuse the same pid in the same second of time.
9458 The mechanism that can be used to get file system capacity information.
9459 The values can be one of
9460 SFS_USTAT (use the ustat(2) syscall),
9461 SFS_4ARGS (use the four argument statfs(2) syscall),
9462 SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>),
9463 SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>),
9464 SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>),
9465 SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>),
9467 SFS_NONE (no way to get this information).
9469 The load average type.
9470 Details are described below.
9472 The are several built-in ways of computing the load average.
9474 tries to auto-configure them based on imperfect guesses;
9475 you can select one using the
9484 The kernel stores the load average in the kernel as an array of long integers.
9485 The actual values are scaled by a factor FSCALE
9488 The kernel stores the load average in the kernel as an array of short integers.
9489 The actual values are scaled by a factor FSCALE
9492 The kernel stores the load average in the kernel as an array of
9493 double precision floats.
9495 Use MACH-style load averages.
9499 routine to get the load average as an array of doubles.
9501 Always return zero as the load average.
9502 This is the fallback case.
9510 you may also need to specify
9512 (the path to your system binary)
9515 (the name of the variable containing the load average in the kernel;
9520 .sh 2 "Configuration in sendmail/conf.c"
9522 The following changes can be made in conf.c.
9523 .sh 3 "Built-in Header Semantics"
9525 Not all header semantics are defined in the configuration file.
9526 Header lines that should only be included by certain mailers
9527 (as well as other more obscure semantics)
9528 must be specified in the
9532 This table contains the header name
9533 (which should be in all lower case)
9534 and a set of header control flags (described below),
9537 Normally when the check is made to see if a header line is compatible
9540 will not delete an existing line.
9541 If this flag is set,
9544 even existing header lines.
9546 if this bit is set and the mailer does not have flag bits set
9547 that intersect with the required mailer flags
9548 in the header definition in
9554 If this header field is set,
9555 treat it like a blank line,
9557 it will signal the end of the header
9558 and the beginning of the message text.
9560 Add this header entry
9561 even if one existed in the message before.
9562 If a header entry does not have this bit set,
9564 will not add another header line if a header line
9565 of this name already existed.
9566 This would normally be used to stamp the message
9567 by everyone who handled it.
9573 If the number of trace fields in a message
9574 exceeds a preset amount
9575 the message is returned
9576 on the assumption that it has an aliasing loop.
9579 this field contains recipient addresses.
9582 flag to determine who to send to
9583 when it is collecting recipients from the message.
9585 This flag indicates that this field
9587 The order of these fields in the
9592 for which field to return error messages to.
9594 Addresses in this header should receive error messages.
9596 This header is a Content-Transfer-Encoding header.
9598 This header is a Content-Type header.
9600 Strip the value from the header (for Bcc:).
9603 Let's look at a sample
9607 .ta 4n +\w'"content-transfer-encoding", 'u
9608 struct hdrinfo HdrInfo[] =
9610 /* originator fields, most to least significant */
9611 "resent-sender", H_FROM,
9612 "resent-from", H_FROM,
9615 "full-name", H_ACHECK,
9616 "errors-to", H_FROM\^|\^H_ERRORSTO,
9617 /* destination fields */
9619 "resent-to", H_RCPT,
9621 "bcc", H_RCPT\^|\^H_STRIPVAL,
9622 /* message identification and control */
9626 "received", H_TRACE\^|\^H_FORCE,
9627 /* miscellaneous fields */
9628 "content-transfer-encoding", H_CTE,
9629 "content-type", H_CTYPE,
9634 This structure indicates that the
9640 all specify recipient addresses.
9643 field will be deleted unless the required mailer flag
9644 (indicated in the configuration file)
9650 fields will terminate the header;
9651 these are used by random dissenters around the network world.
9654 field will always be added,
9655 and can be used to trace messages.
9657 There are a number of important points here.
9659 header fields are not added automatically just because they are in the
9662 they must be specified in the configuration file
9663 in order to be added to the message.
9664 Any header fields mentioned in the configuration file but not
9667 structure have default processing performed;
9669 they are added unless they were in the message already.
9673 structure only specifies cliched processing;
9674 certain headers are processed specially by ad hoc code
9675 regardless of the status specified in
9682 fields are always scanned on ARPANET mail
9683 to determine the sender\**;
9685 \**Actually, this is no longer true in SMTP;
9686 this information is contained in the envelope.
9687 The older ARPANET protocols did not completely distinguish
9688 envelope from header.
9690 this is used to perform the
9691 .q "return to sender"
9697 fields are used to determine the full name of the sender
9699 this is stored in the macro
9701 and used in a number of ways.
9702 .sh 3 "Restricting Use of Email"
9704 If it is necessary to restrict mail through a relay,
9707 routine can be modified.
9708 This routine is called for every recipient address.
9709 It returns an exit status
9710 indicating the status of the message.
9713 accepts the address,
9715 queues the message for a later try,
9718 .sm EX_UNAVAILABLE )
9722 to print an error message
9725 if the message is rejected.
9732 .ta 4n +4n +4n +4n +4n +4n +4n
9735 register ADDRESS *to;
9736 register ENVELOPE *e;
9740 s = stab("private", ST_MAILER, ST_FIND);
9741 if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
9742 to->q_mailer == s->s_mailer)
9744 usrerr("No private net mail allowed through this machine");
9745 return (EX_UNAVAILABLE);
9747 if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
9749 usrerr("Message too large for non-local delivery");
9750 e\->e_flags |= EF_NORETURN;
9751 return (EX_UNAVAILABLE);
9757 This would reject messages greater than 50000 bytes
9758 unless they were local.
9763 to suppress the return of the actual body
9764 of the message in the error return.
9765 The actual use of this routine is highly dependent on the
9767 and use should be limited.
9768 .sh 3 "New Database Map Classes"
9770 New key maps can be added by creating a class initialization function
9771 and a lookup function.
9772 These are then added to the routine
9775 The initialization function is called as
9777 \fIxxx\fP_map_init(MAP *map, char *args)
9781 is an internal data structure.
9784 is a pointer to the portion of the configuration file line
9785 following the map class name;
9786 flags and filenames can be extracted from this line.
9787 The initialization function must return
9789 if it successfully opened the map,
9793 The lookup function is called as
9795 \fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp)
9799 defines the map internally.
9803 This may be (and often is) used destructively.
9806 is a list of arguments passed in from the rewrite line.
9807 The lookup function should return a pointer to the new value.
9808 If the map lookup fails,
9810 should be set to an exit status code;
9811 in particular, it should be set to
9813 if recovery is to be attempted by the higher level code.
9814 .sh 3 "Queueing Function"
9818 is called to decide if a message should be queued
9819 or processed immediately.
9820 Typically this compares the message priority to the current load average.
9821 The default definition is:
9824 shouldqueue(pri, ctime)
9828 if (CurrentLA < QueueLA)
9830 return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
9833 If the current load average
9836 which is set before this function is called)
9837 is less than the low threshold load average
9849 If the current load average exceeds the high threshold load average
9858 Otherwise, it computes the function based on the message priority,
9864 and the current and threshold load averages.
9866 An implementation wishing to take the actual age of the message into account
9870 which is the time that the message was first submitted to
9874 parameter is already weighted
9875 by the number of times the message has been tried
9876 (although this tends to lower the priority of the message with time);
9877 the expectation is that the
9881 to ensure that messages are eventually processed.
9882 .sh 3 "Refusing Incoming SMTP Connections"
9885 .i refuseconnections
9888 if incoming SMTP connections should be refused.
9889 The current implementation is based exclusively on the current load average
9890 and the refuse load average option
9899 return (RefuseLA > 0 && CurrentLA >= RefuseLA);
9902 A more clever implementation
9903 could look at more system resources.
9904 .sh 3 "Load Average Computation"
9908 returns the current load average (as a rounded integer).
9909 The distribution includes several possible implementations.
9910 If you are porting to a new environment
9911 you may need to add some new tweaks.\**
9913 \**If you do, please send updates to
9914 sendmail@Sendmail.ORG.
9916 .sh 2 "Configuration in sendmail/daemon.c"
9919 .i sendmail/daemon.c
9920 contains a number of routines that are dependent
9921 on the local networking environment.
9922 The version supplied assumes you have BSD style sockets.
9924 In previous releases,
9925 we recommended that you modify the routine
9927 if you wanted to generalize
9932 We now recommend that you create a new keyed map instead.
9935 In this section we assume that
9937 has been compiled with support for STARTTLS.
9938 To properly understand the use of STARTTLS in
9940 it is necessary to understand at least some basics about X.509 certificates
9941 and public key cryptography.
9942 This information can be found in books about SSL/TLS
9943 or on WWW sites, e.g.,
9944 .q http://www.OpenSSL.org/ .
9945 .sh 3 "Certificates for STARTTLS"
9947 When acting as a server,
9949 requires X.509 certificates to support STARTTLS:
9950 one as certificate for the server (ServerCertFile and corresponding
9951 private ServerKeyFile)
9952 at least one root CA (CACertFile),
9953 i.e., a certificate that is used to sign other certificates,
9954 and a path to a directory which contains other CAs (CACertPath).
9955 The file specified via
9957 can contain several certificates of CAs.
9958 The DNs of these certificates are sent
9959 to the client during the TLS handshake (as part of the
9960 CertificateRequest) as the list of acceptable CAs.
9961 However, do not list too many root CAs in that file, otherwise
9962 the TLS handshake may fail; e.g.,
9964 error:14094417:SSL routines:SSL3_READ_BYTES:
9965 sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47
9967 You should probably put only the CA cert into that file
9968 that signed your own cert(s), or at least only those you trust.
9969 The CACertPath directory must contain the hashes of each CA certificate
9970 as filenames (or as links to them).
9971 Symbolic links can be generated with the following
9972 two (Bourne) shell commands:
9974 C=FileName_of_CA_Certificate
9975 ln -s $C `openssl x509 -noout -hash < $C`.0
9977 An X.509 certificate is also required for authentication in client mode
9978 (ClientCertFile and corresponding private ClientKeyFile), however,
9980 will always use STARTTLS when offered by a server.
9981 The client and server certificates can be identical.
9982 Certificates can be obtained from a certificate authority
9983 or created with the help of OpenSSL.
9984 The required format for certificates and private keys is PEM.
9985 To allow for automatic startup of sendmail, private keys
9986 (ServerKeyFile, ClientKeyFile)
9987 must be stored unencrypted.
9988 The keys are only protected by the permissions of the file system.
9989 Never make a private key available to a third party.
9990 .sh 3 "Encoding of STARTTLS related Macros"
9992 Macros that contain STARTTLS related data which comes from outside
9993 sources, e.g., all macros containing information from certificates,
9994 are encoded to avoid problems with non-printable or special characters.
9995 The latter are '<', '>', '(', ')', '"', '+', and ' '.
9996 All of these characters are replaced by their value in hexadecimal
10000 /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/
10001 Email=darth+cert@endmail.org
10005 /C=US/ST=California/O=endmail.org/OU=private/
10006 CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
10008 (line breaks have been inserted for readability).
10009 The macros which are subject to this encoding are
10010 {cert_subject}, {cert_issuer}, {cn_subject}, and {cn_issuer}.
10011 .sh 3 "PRNG for STARTTLS"
10013 STARTTLS requires a strong pseudo random number generator (PRNG)
10014 to operate properly.
10015 Depending on the TLS library you use, it may be required to explicitly
10016 initialize the PRNG with random data.
10017 OpenSSL makes use of
10019 if available (this corresponds to the compile flag HASURANDOMDEV).
10020 On systems which lack this support, a random file must be specified in the
10022 file using the option RandFile.
10025 advised to use the "Entropy Gathering Daemon" EGD
10026 from Brian Warner on those systems to provide useful random data.
10029 must be compiled with the flag EGD, and the
10030 RandFile option must point to the EGD socket.
10033 nor EGD are available, you have to make sure
10034 that useful random data is available all the time in RandFile.
10035 If the file hasn't been modified in the last 10 minutes before
10036 it is supposed to be used by
10038 the content is considered obsolete.
10039 One method for generating this file is:
10041 openssl rand -out /etc/mail/randfile -rand \c
10042 .i /path/to/file:... \c
10045 See the OpenSSL documentation for more information.
10046 In this case, the PRNG for TLS is only
10047 seeded with other random data if the
10048 .b DontBlameSendmail
10050 .b InsufficientEntropy
10052 This is most likely not sufficient for certain actions, e.g.,
10053 generation of (temporary) keys.
10055 Please see the OpenSSL documentation or other sources
10056 for further information about certificates, their creation and their usage,
10057 the importance of a good PRNG, and other aspects of TLS.
10058 .sh 1 "ACKNOWLEDGEMENTS"
10063 and many employers have been remarkably patient
10064 about letting me work on a large project
10065 that was not part of my official job.
10066 This includes time on the INGRES Project at
10067 the University of California at Berkeley,
10069 and again on the Mammoth and Titan Projects at Berkeley.
10071 Much of the second wave of improvements
10072 resulting in version 8.1
10073 should be credited to Bryan Costales of the
10074 International Computer Science Institute.
10075 As he passed me drafts of his book on
10077 I was inspired to start working on things again.
10078 Bryan was also available to bounce ideas off of.
10080 Gregory Neil Shapiro
10081 of Worcester Polytechnic Institute
10082 has become instrumental in all phases of
10084 support and development,
10085 and was largely responsible for getting versions 8.8 and 8.9
10088 Many, many people contributed chunks of code and ideas to
10090 It has proven to be a group network effort.
10091 Version 8 in particular was a group project.
10092 The following people and organizations made notable contributions:
10095 John Beck, Hewlett-Packard & Sun Microsystems
10096 Keith Bostic, CSRG, University of California, Berkeley
10097 Andrew Cheng, Sun Microsystems
10098 Michael J. Corrigan, University of California, San Diego
10099 Bryan Costales, International Computer Science Institute & InfoBeat
10100 Pa\*:r (Pell) Emanuelsson
10101 Craig Everhart, Transarc Corporation
10102 Per Hedeland, Ericsson
10103 Tom Ivar Helbekkmo, Norwegian School of Economics
10104 Kari Hurtta, Finnish Meteorological Institute
10105 Allan E. Johannesen, WPI
10106 Jonathan Kamens, OpenVision Technologies, Inc.
10107 Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd.
10108 Brian Kantor, University of California, San Diego
10109 John Kennedy, Cal State University, Chico
10110 Murray S. Kucherawy, HookUp Communication Corp.
10111 Bruce Lilly, Sony U.S.
10113 Motonori Nakamura, Ritsumeikan University & Kyoto University
10114 John Gardiner Myers, Carnegie Mellon University
10115 Neil Rickert, Northern Illinois University
10116 Gregory Neil Shapiro, WPI
10117 Eric Schnoebelen, Convex Computer Corp.
10118 Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
10119 Randall Winchester, University of Maryland
10120 Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris)
10123 I apologize for anyone I have omitted, misspelled, misattributed, or
10125 At this point, I suspect that at least a hundred people
10126 have contributed code,
10127 and many more have contributed ideas, comments, and encouragement.
10128 I've tried to list them in the RELEASE_NOTES in the distribution directory.
10129 I appreciate their contribution as well.
10131 Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel,
10132 who besides being wonderful guinea pigs and contributors
10133 have also consented to be added to the ``sendmail@Sendmail.ORG'' list
10134 and, by answering the bulk of the questions sent to that list,
10135 have freed me up to do other work.
10137 .+c "COMMAND LINE FLAGS"
10141 Arguments must be presented with flags before addresses.
10144 Select an alternative .cf file which is either
10152 By default the .cf file is chosen based on the operation mode.
10161 if it exists, for all others it is
10164 Set operation mode to
10166 Operation modes are:
10169 m Deliver mail (default)
10170 s Speak SMTP on input side
10171 a\(dg ``Arpanet'' mode (get envelope sender information from header)
10172 d Run as a daemon in background
10173 D Run as a daemon in foreground
10175 v Just verify addresses, don't collect or deliver
10176 i Initialize the alias database
10177 p Print the mail queue
10178 P Print overview over the mail queue (requires shared memory)
10179 h Print the persistent host status database
10180 H Purge expired entries from the persistent host status database
10186 Indicate body type.
10188 Use a different configuration file.
10190 runs as the invoking user (rather than root)
10191 when this flag is specified.
10193 Set debugging level.
10194 .ip "\-f\ \fIaddr\fP"
10195 The envelope sender address is set to
10197 This address may also be used in the From: header
10198 if that header is missing during initial submission.
10199 The envelope sender address is used as the recipient
10200 for delivery status notifications
10201 and may also appear in a Return-Path: header.
10202 .ip \-F\ \fIname\fP
10203 Sets the full name of this user to
10206 When accepting messages via the command line,
10207 indicate that they are for relay (gateway) submission.
10208 sendmail may complain about syntactically invalid messages,
10209 e.g., unqualified host names,
10210 rather than fixing them when this flag is set.
10211 sendmail will not do any canonicalization in this mode.
10212 .ip "\-h\ \fIcnt\fP"
10217 This represents the number of times this message has been processed
10220 (to the extent that it is supported by the underlying networks).
10222 is incremented during processing,
10227 throws away the message with an error.
10228 .ip "\-L \fItag\fP"
10229 Sets the identifier used for syslog.
10230 Note that this identifier is set
10231 as early as possible.
10236 before the command line arguments
10239 Don't do aliasing or forwarding.
10240 .ip "\-N \fInotifications\fP"
10241 Tag all addresses being sent as wanting the indicated
10243 which consists of the word
10245 or a comma-separated list of
10250 for successful delivery,
10252 and a message that is stuck in a queue somewhere.
10255 .ip "\-r\ \fIaddr\fP"
10256 An obsolete form of
10258 .ip \-o\fIx\|value\fP
10263 These options are described in Section 5.6.
10264 .ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
10269 (for long form option names).
10270 These options are described in Section 5.6.
10271 .ip \-M\fIx\|value\fP
10276 .ip \-p\fIprotocol\fP
10277 Set the sending protocol.
10278 Programs are encouraged to set this.
10279 The protocol field can be in the form
10283 to set both the sending protocol and sending host.
10286 sets the sending protocol to UUCP
10287 and the sending host to uunet.
10288 (Some existing programs use \-oM to set the r and s macros;
10289 this is equivalent to using \-p.)
10291 Try to process the queued up mail.
10292 If the time is given,
10295 will start one or more processes to run through the queue(s) at the specified
10296 time interval to deliver queued mail; otherwise, it only runs once.
10297 Each of these processes acts on a workgroup.
10298 These processes are also known as workgroup processes or WGP's for short.
10299 Each workgroup is responsible for controlling the processing of one or
10300 more queues; workgroups help manage the use of system resources by sendmail.
10301 Each workgroup may have one or more children concurrently processing
10302 queues depending on the setting of \fIMaxQueueChildren\fP.
10304 Similar to \-q with a time argument,
10305 except that instead of periodically starting WGP's
10306 sendmail starts persistent WGP's
10307 that alternate between processing queues and sleeping.
10308 The sleep time is specified by the time argument; it defaults to 1 second,
10309 except that a WGP always sleeps at least 5 seconds if their queues were
10310 empty in the previous run.
10311 Persistent processes are managed by a queue control process (QCP).
10312 The QCP is the parent process of the WGP's.
10313 Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD)
10314 or a special process (named Queue control) (when started without \-bd or \-bD).
10315 If a persistent WGP ceases to be active for some reason
10316 another WGP will be started by the QCP for the same workgroup
10317 in most cases. When a persistent WGP has core dumped, the debug flag
10318 \fIno_persistent_restart\fP is set or the specific persistent WGP has been
10319 restarted too many times already then the WGP will not be started again
10320 and a message will be logged to this effect.
10321 To stop (SIGTERM) or restart (SIGHUP) persistent WGP's the appropriate
10322 signal should be sent to the QCP. The QCP will propagate the signal to all of
10323 the WGP's and if appropriate restart the persistent WGP's.
10325 Run the jobs in the queue group
10328 .ip \-q[!]\fIXstring\fP
10329 Run the queue once,
10330 limiting the jobs to those matching
10336 to limit based on queue identifier,
10338 to limit based on recipient,
10341 to limit based on sender.
10342 A particular queued job is accepted if one of the corresponding addresses
10343 contains the indicated
10345 The optional ! character negates the condition tested.
10348 flags are permitted,
10349 with items with the same key letter
10351 together, and items with different key letters
10355 What information you want returned if the message bounces;
10359 for headers only or
10361 for headers plus body.
10362 This is a request only;
10363 the other end is not required to honor the parameter.
10366 is specified local bounces also return only the headers.
10368 Read the header for
10373 lines, and send to everyone listed in those lists.
10376 line will be deleted before sending.
10377 Any addresses in the argument vector will be deleted
10378 from the send list.
10382 is passed with the envelope of the message
10383 and returned if the message bounces.
10384 .ip "\-X \fIlogfile\fP"
10385 Log all traffic in and out of
10389 for debugging mailer problems.
10390 This produces a lot of data very quickly and should be used sparingly.
10392 There are a number of options that may be specified as
10394 These are the e, i, m, and v options.
10397 may be specified as the
10400 The DSN related options
10408 .+c "QUEUE FILE FORMATS"
10410 This appendix describes the format of the queue files.
10411 These files live in a queue directory.
10412 The individual qf, df, and xf files
10413 may be stored in separate
10419 if they are present in the queue directory.
10421 All queue files have the name
10431 The individual letters in the
10448 Encoded envelope number
10450 At least five decimal digits of the process ID
10452 All files with the same id collectively define one message.
10453 Due to the use of memory-buffered files,
10454 some of these files may never appear on disk.
10459 The queue control file.
10460 This file contains the information necessary to process the job.
10463 The message body (excluding the header) is kept in this file.
10464 Sometimes the df file is not stored in the same directory as the qf file;
10466 the qf file contains a `d' record which names the queue directory
10467 that contains the df file.
10470 This is an image of the
10472 file when it is being rebuilt.
10473 It should be renamed to a
10478 existing during the life of a session
10479 showing everything that happens
10480 during that session.
10481 Sometimes the xf file must be generated before a queue group has been selected;
10483 the xf file will be stored in a directory of the default queue group.
10485 A ``lost'' queue control file.
10491 if there is a severe (configuration) problem that cannot be solved without
10492 human intervention.
10493 Search the logfile for the queue file id to figure out what happened.
10494 After you resolved the problem, you can rename the
10502 file is structured as a series of lines
10503 each beginning with a code letter.
10504 The lines are as follows:
10506 The version number of the queue file format,
10509 binaries to read queue files created by older versions.
10510 Defaults to version zero.
10511 Must be the first line of the file if present.
10512 For 8.12 the version number is 6.
10514 The information given by the AUTH= parameter of the
10517 if sendmail has been called directly.
10519 A header definition.
10520 There may be any number of these lines.
10521 The order is important:
10522 they represent the order in the final message.
10523 These use the same syntax
10524 as header definitions in the configuration file.
10526 The controlling address.
10528 .q localuser:aliasname .
10529 Recipient addresses following this line
10530 will be flagged so that deliveries will be run as the
10532 (a user name from the /etc/passwd file);
10534 is the name of the alias that expanded to this address
10535 (used for printing messages).
10537 The ``original recipient'',
10538 specified by the ORCPT= field in an ESMTP transaction.
10539 Used exclusively for Delivery Status Notifications.
10540 It applies only to the following `R' line.
10542 The ``final recipient''
10543 used for Delivery Status Notifications.
10544 It applies only to the following `R' line.
10546 A recipient address.
10547 This will normally be completely aliased,
10548 but is actually realiased when the job is processed.
10549 There will be one line for each recipient.
10551 also include a leading colon-terminated list of flags,
10553 `S' to return a message on successful final delivery,
10554 `F' to return a message on failure,
10555 `D' to return a message if the message is delayed,
10556 `B' to indicate that the body should be returned,
10557 `N' to suppress returning the body,
10559 `P' to declare this as a ``primary'' (command line or SMTP-session) address.
10561 The sender address.
10562 There may only be one of these lines.
10564 The job creation time.
10565 This is used to compute when to time out the job.
10567 The current message priority.
10568 This is used to order the queue.
10569 Higher numbers mean lower priorities.
10570 The priority changes
10571 as the message sits in the queue.
10572 The initial priority depends on the message class
10573 and the size of the message.
10576 This line is printed by the
10579 and is generally used to store status information.
10580 It can contain any text.
10582 Flag bits, represented as one letter per flag.
10583 Defined flag bits are
10585 indicating that this is a response message
10588 indicating that a warning message has been sent
10589 announcing that the mail has been delayed.
10590 Other flag bits are:
10592 the body contains 8bit data,
10594 a Bcc: header should be removed,
10596 the mail has RET parameters (see RFC 1894),
10598 the body of the message should not be returned
10599 in case of an error,
10601 the envelope has been split.
10603 The total number of delivery attempts.
10605 The time (as seconds since January 1, 1970)
10606 of the last delivery attempt.
10608 If the df file is in a different directory than the qf file,
10609 then a `d' record is present,
10610 specifying the directory in which the df file resides.
10612 The i-number of the data file;
10613 this can be used to recover your mail queue
10614 after a disastrous disk crash.
10616 A macro definition.
10617 The values of certain macros
10618 are passed through to the queue run phase.
10621 The remainder of the line is a text string defining the body type.
10622 If this field is missing,
10623 the body type is assumed to be
10625 and no special processing is attempted.
10631 The original envelope id (from the ESMTP transaction).
10632 For Deliver Status Notifications only.
10635 the following is a queue file sent to
10636 .q eric@mammoth.Berkeley.EDU
10638 .q bostic@okeeffe.CS.Berkeley.EDU \**:
10640 \**This example is contrived and probably inaccurate for your environment.
10641 Glance over it to get an idea;
10642 nothing can replace looking at what your own system generates.
10653 Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU
10654 RPFD:eric@mammoth.Berkeley.EDU
10655 RPFD:bostic@okeeffe.CS.Berkeley.EDU
10656 H?P?Return-path: <^g>
10657 H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
10658 Fri, 17 Jul 1992 00:28:55 -0700
10659 H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
10660 id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
10661 H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
10662 id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
10663 H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
10664 id AA22757; Fri, 17 Jul 1992 09:31:25 GMT
10665 H?F?From: eric@foo.bar.baz.de (Eric Allman)
10666 H?x?Full-name: Eric Allman
10667 H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
10668 H??To: sendmail@vangogh.CS.Berkeley.EDU
10669 H??Subject: this is an example message
10672 the person who sent the message,
10673 the submission time
10674 (in seconds since January 1, 1970),
10675 the message priority,
10678 and the headers for the message.
10679 .+c "SUMMARY OF SUPPORT FILES"
10681 This is a summary of the support files
10684 creates or generates.
10685 Many of these can be changed by editing the sendmail.cf file;
10686 check there to find the actual pathnames.
10688 .ip "/usr/\*(SD/sendmail"
10691 .ip /usr/\*(SB/newaliases
10692 A link to /usr/\*(SD/sendmail;
10693 causes the alias database to be rebuilt.
10694 Running this program is completely equivalent to giving
10699 .ip /usr/\*(SB/mailq
10700 Prints a listing of the mail queue.
10701 This program is equivalent to using the
10705 .ip /etc/mail/sendmail.cf
10706 The configuration file,
10708 .ip /etc/mail/helpfile
10709 The SMTP help file.
10710 .ip /etc/mail/statistics
10711 A statistics file; need not be present.
10712 .ip /etc/mail/sendmail.pid
10713 Created in daemon mode;
10714 it contains the process id of the current SMTP daemon.
10715 If you use this in scripts;
10716 use ``head \-1'' to get just the first line;
10717 the second line contains the command line used to invoke the daemon,
10718 and later versions of
10720 may add more information to subsequent lines.
10721 .ip /etc/mail/aliases
10722 The textual version of the alias file.
10723 .ip /etc/mail/aliases.db
10727 .ip /etc/mail/aliases.{pag,dir}
10731 .ip /var/spool/mqueue
10732 The directory in which the mail queue(s)
10733 and temporary files reside.
10734 .ip /var/spool/mqueue/qf*
10735 Control (queue) files for messages.
10736 .ip /var/spool/mqueue/df*
10738 .ip /var/spool/mqueue/tf*
10739 Temporary versions of the qf files,
10740 used during queue file rebuild.
10741 .ip /var/spool/mqueue/xf*
10742 A transcript of the current session.
10749 This page intentionally left blank;
10750 replace it with a blank sheet for double-sided output.
10762 .\"INSTALLATION AND OPERATION GUIDE
10767 .\"Version $Revision: 8.609.2.23 $
10775 .\" remove some things to avoid "out of temp file space" problem
10795 This page intentionally left blank;
10796 replace it with a blank sheet for double-sided output.